I am sending email using php mailer and email is going fine to the inbox
but next time when i reply back instead of email coming to under same conversation it create a new email even it should show all the email subject
any one has an idea ?
The email you send via php must have a header
Reply-To: <from-email-address>
From: <from-email-address>
as well as a
To: <destination-email-address>
header line for it to appear as a conversation thread.
Also the subject line should be the same or be the same with a prepended 'Re: '
I'm looking for a way to capture and manage email data using PHP. Basically, what I want to do is capture all the data in an email and then manipulate this data to my specification.
For example, say, I send an email containing a .zip file attachment to myemail#myproject.com, I want to be able to:
Get the attachment and place it in a specific folder on my site
Get the text content of the email
Get the subject of the email
Get the sender's info i.e. email address
Anyone know how I can get this done efficiently with PHP. I'm using LAMP by the way.
Thanks.
Start with PEAR Mail_mimeDecode. What you are looking to do is ambitious but can be done.
Basically what you will be doing is:
Instructing your MTA to deliver mail from an address to a pipe into your PHP script. Postfix and Sendmail can handle this with an alias like:
myemail: "|/path/to/your/parsingscript.php"
Parsing out the parts of the MIME email message
Locating and storing attachments after decoding them from base64 (or other encoding)
Parsing the headers.
Your PHP script will likely read the email message from STDIN and then pass the string to mimeDecode, which creates an object containing all the MIME parts.
Assuming your message was received into $str from STDIN, something like this gets you started:
$mime = Mail_mimeDecode::decode(array('include_bodies'=>TRUE, 'decode_headers'=>TRUE, 'decode_bodies'=>TRUE, 'input'=>$str));
// get the recipient To address:
$to = $mime->headers['to'];
TL;DR: Mails sent from shared hosting (such as a cheap domain from Unoeuro or One.com) end up in spam. How to fix?
I made a mail-system, that first generated a PDF-file (using FPDF), whereafter it sent the PDF-file as an attachment with PHP's Swiftmailer. This email was sent out to 130 people (as a 'one-of' invoice). But it landed in the spam-filter for almost everybody. I tried adjusting SwiftMailers header-settings, but without any luck. Even mails that I haven't sent to before (thoroughly tested). This was my initial setup:
function sendMailEt($toEmail, $toName, $invoiceNumber){
require_once('includes/lib/swift_required.php');
$transport = Swift_SmtpTransport::newInstance('mailout.one.com', 25)
->setUsername('EMAIL-ACCOUNT1#THE-DOMAIN.DK')
->setPassword('THE-PASSWORD')
;
$mailer = Swift_Mailer::newInstance($transport);
$message = Swift_Message::newInstance('FROM COMPANY')
->setSubject('Thanks for signing up - COMPANY')
->setFrom(array('EMAIL-ACCOUNT1#THE-DOMAIN.DK' => 'Company name'))
->setTo(array($toEmail => $toName))
->setBody('A brief body, that explains that this is an invoice and that it has to be paid within 5 days. (written in danish)')
->addPart('A brief body, that explains that this is an invoice and that it has to be paid within 5 days. (written in danish)', 'text/html')
->attach(Swift_Attachment::fromPath('/URL-TO-THE-PDF-FILE.pdf'))
;
$result = $mailer->send($message);
}
I also tried sending out the emails with PHP's native mail()-function, and then simply link to the invoice ( http://www.company-domain-name.dk/invoice/base64_encoded-name.pdf )... Same result (spam).
I tried writing the entire header myself. I've read a numerous amount of forums about what headers should include, but they all wrote different things. So I tried a few different things (both emails I had sent to previously and emails I hadn't)... Same result (spam).
Then I tried writing the header exactly as MailChimps does, in their header. That led me to this:
$headers = "Reply-To: Company name <UNUSED-EMAIL-ACCOUNT-FROM-DOMAIN#DOMAIN-NAME.DK>\r\n";
$headers .= "Return-Path: Company name <UNUSED-EMAIL-ACCOUNT-FROM-DOMAIN#DOMAIN-NAME.DK>\r\n";
$headers .= "From: Message from Company name <UNUSED-EMAIL-ACCOUNT-FROM-DOMAIN#DOMAIN-NAME.DK>\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Sender: Message from Company name <UNUSED-EMAIL-ACCOUNT-FROM-DOMAIN#DOMAIN-NAME.DK>\r\n";
$headers .= "Content-type: text/plain; charset=\"utf-8\"; \r\n";
$headers .= "X-Mailer: PHP". phpversion() ."\r\n";
And then I send the mail like this:
mail($toName . '<'.$toEmail.'>', utf8_decode('Faktura på depositumet'), utf8_decode($someMessage), $headers);
... Same result (spam).
The webspace is with One.com, so I can't use PHPmailer (since that has to be installed, and that can't be done on one.com's servers). And I can't define a SPF with One.com.
All I want, is to be able to send emails that doesn't go to spam.
Here are my questions:
Is it because my header is off, or is it something 'deeper down'?
Does the Gmail-spam filter ban single email accounts (such as
this#example.com) or does it ban entire domains (such as
#example.com)?
Can one get a blacklisted email whitelisted
somehow?
* Addition 1 *
Ok... I have now tried a number of things:
I tried adding LoneWolfPR's returnpath, like recommended, and it didn't help.
I contacted One.com (the hosting company), and confirmed with them, that it isn't possible to set a SPF-record or a DKIM-record. It still isn't.
I considered setting up an 'unsubscribe'-link, with a link to a website with a form, but I didn't believe that approach. I mean - invoices are sent all the time, with e-mails. And why should you be able to unsubscribe an invoice?! Since that made so far from sense in my head, then I only tried it for about 20 minutes (obviously, without results).
Here is my current email header (gotten from Gmail, by clicking the 'View original'):
Delivered-To: NEWLY-CREATED-GMAIL-ACCOUNT#gmail.com
Received: by 10.76.75.104 with SMTP id b8csp48728oaw;
Sat, 16 Mar 2013 17:32:56 -0700 (PDT)
X-Received: by 10.152.116.45 with SMTP id jt13mr7897860lab.0.1363480376067;
Sat, 16 Mar 2013 17:32:56 -0700 (PDT)
Return-Path: <XXX111#DOMAIN-NAME.dk>
Received: from mail-out2.b-one.net (mail-out2.one.com. [91.198.169.19])
by mx.google.com with ESMTP id p10si4637427lbb.120.2013.03.16.17.32.55;
Sat, 16 Mar 2013 17:32:55 -0700 (PDT)
Received-SPF: neutral (google.com: 91.198.169.19 is neither permitted nor denied by best guess record for domain of XXX111#DOMAIN-NAME.dk) client-ip=91.198.169.19;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 91.198.169.19 is neither permitted nor denied by best guess record for domain of XXX111#DOMAIN-NAME.dk) smtp.mail=XXX111#DOMAIN-NAME.dk
Date: Sat, 16 Mar 2013 17:32:55 -0700 (PDT)
Message-Id: <51450f37.6a0b700a.6239.5dbcSMTPIN_ADDED_MISSING#mx.google.com>
Received: from localhost.localdomain (srv18.one.com [193.202.110.18])
by mail-out2.b-one.net (Postfix) with ESMTP id F3D0B10365
for <NEWLY-CREATED-GMAIL-ACCOUNT#gmail.com>; Sun, 17 Mar 2013 01:32:53 +0100 (CET)
Received: from 85.218.159.219 by www.DOMAIN-NAME.dk via URL_TO_THE_SCRIPT.php with HTTP; Sun, 17 Mar 2013 00:32:53 +0000
To: RECIEVERS_NAME <NEWLY-CREATED-GMAIL-ACCOUNT#gmail.com>
Subject: EMAIL-SUBJECT
X-PHP-Originating-Script: 87486:NAME-OF-THE-SCRIPT-THE-E-MAIL-WAS-SENT-FROM.php
Reply-To: COMPANY NAME <XXX111#DOMAIN-NAME.dk>
From: Besked fra COMPANY NAME <XXX111#DOMAIN-NAME.dk>
MIME-Version: 1.0
Sender: Besked fra COMPANY NAME <XXX111#DOMAIN-NAME.dk>
Content-type: text/plain; charset="utf-8";
X-Mailer: PHP5.3.21
1) Normally an email address won't go easily into a blacklist, it takes time and/or a lot of people to tag you as spammer to actually get that address into a blacklist.
2) Yes. A whole domain name can be blacklisted, because spammers normally generate random email addresses like f4j3ifl#something.com.
3) It doesn't matter how many times it went to the spambox, basically, the spam filters nowadays are strong, because spammers try to improve their ways to get around day by day, so the filters gets more strict every day. If it goes into spam folder first time, and the user didn't actually put it into the spam box, it will continue going unless users unmark it, or you fix the troubles.
How to avoid spambox?
Basically you need some signatures, and a lot of access to your DNS records, because there is where we are going to do most of the setups.
Reverse DNS Lookup: On dedicated servers or even on some VPS you are able to set up a reverse dns record, sometimes you just open a ticket and the IT's set it up for you. If you can't have it, change your hosting or keep being tagged as spammer xD. This is to preven header forgeries, as you could set on your headers that your email comes from gmail.com but it doesn't this is the way the email servers check it.
SPF is a must have as well, if you can't set a SPF then don't even try any further, consider changing your hosting, and you can almost stop reading by here xD.
DKIM/Domain Key: preferably DKIM, is a encrypted signature, you set the public key on the DNS, and store a private key in your email server, when a server receives an email, it has the private key attached in the headers (you need a mailserver software which manages DKIM, for windows for example it worked for me hmailserver) and the mail service (gmail for example) will check your dns record to see if the public key matches. This is almost a must have as well
Those three were the basics, if you Set up DMARC and ADSP it will get you better score for the SpamAssassins. To get a even better score search for some spam keywords lists on google and try to avoid them, some stuff like starting an email with "Dear xxx" are harmful for your score, Set up the unsuscribe system(even if it's crappy, as long as you provide a clear link) will help you a bit as well.
Also:
Avoid sloppy html and white text over (any) backgrounds, some spammers use it to fit in hidden text, those filters are smarter than you think.
Read the specific recommendations. Most email services have a FAQ or something in their website with some tips to help you sending emails and not going into the junk. on Some of them you can even apply for getting into a white list ( at least some years ago, on some services like gmail they don't do it anymore)
If you are sending in bulk, watch the time! If you have X emails per second sent into somewhere, you are likely to get into blacklist, set up a script or something to get a 1sec delay or so, the delay might depend on the destinatary to get into the blacklist or not.
Hope those tips help you, I had to deal with some spam filters recently and it's a pain in the ass, that's why I know all that info, that's all my research xD Even after all the signatures and things I have set up, some of the emails are still going into spambox(a smaller percentage but it still hurts me) The only reliable way is to get the users adding you to the contacts list (while having the signatures and headers correctly), so remind them to do so if possible.
One thing to bear in mind, I had trouble with emails being blocked by Gmail and Yahoo! mail from php because the Return-Path header didn't match the from. On a lot of servers if you explicitly set the Return-Path in the headers PHP Mail will ignore that and set the return path to the machine name. You have to force it in the 'additional parameters' section of the mail function using the '-f' flag. Now I've never used Swift Mailer so I don't know the equivalent to PHP's native mail() function, but here's what it would look like using mail();
mail($to,$subject,$message,$headers,'-f returnpath#example.com')
If you can find out the equivalent to this in swift mailer it might solve your problem.
Edit:
It looks like you're not actually setting the Return-Path at all. I know GMail really doesn't like that to be left out. Try setting it explicitly to your Swift_Mailer message (and make sure it matches your From):
$message->setReturnPath('from#example.com');
Solution: Use Mailgun (not tested) or Sendgrid (tested and works wonders!). There is a price-difference between the two, - but in short: Mailgun is good if you're small; Sendgrid is good if you're big.
Either that, - or send mails using MailChimps API or something. It's can't be fixed on shared hosts (most likely). The reason is below.
Explanation: I've later learned more about how shared hosts work. Imagine that several different sites are located on the same server (such as domain-1.org, domain-2.org and domain-3.org). That means that if domain-3.org sends a bunch of crap-emails, then Gmail (and other spam-filters) mark that IP-address as spam. So if domain-2.org then send out stuff, then that'll (probably) come from the some IP-address and therefore end up in spam. Shared hosts can't really do anything about it (and don't care, since so few people have this problem). And that is why it's so cheap.
Sendgrid and Mailguns IP-addresses are marked as 'fine' by all the spam-filters, and that's the service that you're paying for with them. They keep it that way, by monitoring how many emails you send out are being marked as 'spam'. If it's something like 5%-10% or something crazy low, then Sendgrid/Mailgun will block your account until you fix it (going through a long process, where you have to contact their customer service and do 1.000 hail-Mary's and all kinds of wierd stuff).
I heard that if you get your own server (which is way more expensive), and set up your own mail-server, then you have to be really careful, not to be marked as spam. Cause spam-filter are really tough nowadays...
Make sure the email address you are using as the FROM is actually an email address. I have had the same issue been resolved by going into my account management from the host (one.com for you) and adding the account that I want the email to be from. I added an account called "mailer" and through the panel I was able to setup an auto-responder that said, "Sorry. This email address is reserved for server functions".
in the from header you would then use (mailer#yourdomain.com)
having that actual email address and auto-reponder did the trick. I think gmail is just smart enough to know that an email adress that has never been used before is spam. Also, the email address must come from the domain that the script lives on so that when it says it is FROM there it is not lying.
here is the code that I use when I want to send email from my shared host (justhost.com) , It does not go to spam (this is using post data from a web form):
<?php
// Contact subject
$subject = $_POST["subject"];
// Details
$message=$_POST["detail"];
// Email of sender
$mail_from=$_POST["customer_mail"];
//Name of sender
$name=$_POST["name"];
putenv("TZ=America/Phoenix");
$now = date("F j, Y, g:i a T");
$header="Reply-To: $name <$mail_from>";
$header .= "From: MyDomainName.com <mailer#mydomainname.com>";
$header .= "\r\n";
$header .= "Reply-To: $name <$mail_from>";
$introMSG= "Message From:".$name." <".$mail_from.">"."\r\n"
."Sent On:".$now."\r\n"."From a web form on MyDomaiNname.com"."\r\n"."-----------
-----------------------"."\r\n"."\r\n";
$to ='me#mydomainname.com'; // Domain Owners Email Address
$send_contact=mail($to,$subject,$introMSG.$message,$header);
$send_copy=mail($mail_from,"Copy Of:".$subject,$introMSG.$message,$header);
// Check if message sent
if($send_contact){
echo "<strong>Thanks! Your message has been sent to me.</strong>";
}
else {
echo "<strong>There was an error sending your message </strong>";
}
if($send_copy){
echo "<strong><br>A copy of this message was sent to your email.<br>If you do not
receive a copy please check your spam folder</strong>";
}
else{
echo "<strong> There was an error sending a copy of this message to your email
</strong>";
}
$send_reminder=mail("5555555555#txt.att.net","","You Have a new contact message from
".$name.", remember to check your spam folder.",$header);
if($send_reminder){
echo ".";
}
else {
echo "<br><strong>TXT Error</strong>";
}
?>
There are at least two "spammy" looking things that jump out of your email headers:
Message-Id: <51450f37.6a0b700a.6239.5dbcSMTPIN_ADDED_MISSING#mx.google.com>
Notice the SMTPIN_ADDED_MISSING section? You aren't behaving like a proper mailer and generating a unique Message-ID. You might find reading RFC 5322 to be instructional.
Received: from localhost.localdomain (srv18.one.com [193.202.110.18])
by mail-out2.b-one.net (Postfix) with ESMTP id F3D0B10365
for <NEWLY-CREATED-GMAIL-ACCOUNT#gmail.com>; Sun, 17 Mar 2013 01:32:53 +0100 (CET)
That initial received header has an illegal HELO hostname (localhost.localdomain). Your mailer app should provide a way for you to set that to a valid value. It might even be as easy as configuring the hostname of the machine running PHP. See RFC 1035 (hostname validity), RFC 2821 (SMTP) and RFC 5321 (SMTP).
first of all this question is for personal knowledge, and not for any kind of attack :) hope you'll believe me and give me some hints.
I'm trying to reproduce an example of mail header injection I found (link-> http://www.phpsecure.info/v2/article/MailHeadersInject.en.php). Basically it uses a form to get 3 parameters (subject, message and sender mail), then these parameters are sent with POST method and used in the php mail() function to an admin's mail.
Everything works fine, each mail is sent without problem but when I try to inject some other parameters as Cc, Bcc etc the trick doesn't work: neither \r & \n nor %0A & %0D are interpreted as CL and RF. For example, if I put my#mail.com%0ACc:foo#bar.com in the "From" field, in "my#mail.com" inbox I'll find the mail, with the same "From" field as it was sent (my#mail.com%0ACc:foo#bar.com). Does php or does input tag encode (or unencode) properly the input? How can I make it work?
Hope you can understand my bad english, thanks in advance, best regards.
ps: the article I linked is dated 2005, recently I've found that a similar bug with http headers splitting using php function "header()" was fixed, so I thought that they fixed email headers injection problem too.. But I can't find anything on the web that confirms this.
______________________EDIT________________________________________
Example working, modifying header within php code:
$to = "admin#mail.com";
$sub = "this is the subject";
$msg = "this is the message";
$header = "From: foo#foo.com"."\r\n"."Cc: bar#bar.com";
$if(mail($to, $sub, $msg, $header."\n")){
echo "sent";
}else{
echo "error";
}
The email is correctly received both from foo#foo.com and bar#bar.com
Examples NOT working (this is the problem I'd like to solve with your help):
Once I send the mail with "send" button, only foo#foo.com will get the e-mail, and in the "from" detail (inside the mail) I'll find (1st case) foo#foo.comrnCc: bar#bar.com or (2nd case)foo#foo.com%0D%0ACc: bar#bar.com.
I always find i need to use both \r\n in order for the headers to be sent properly.
I have a website, and in the "Contact" section I have a form which users may fill in to contact me.
The form is a simple form which action is a php page.
The php code:
$to = "email#domain.com";
$name=$_POST['name']; // sender name
$email=$_POST['email']; // sender email
$tel= $_POST['tel']; // sender tel
$subject=$_POST['subject']; // subject CHOSEN FROM DROPLIST, ALL TESTED
$text=$_POST['text']; // Message from sender
$text.="\n\nTel:".$tel; // Added to message to show me the telephone nr to the sender at bottom of message
$headers="MIME-Version: 1.0"."\n";
$headers.="Content-type: text/plain; charset=UTF-8"."\n";
$headers.="From: $name <$email>"."\n";
mail($to, '=?UTF-8?B?'.base64_encode($subject).'?=', $text, $headers, '-fno-reply#domain.com');
Could somebody please tell me why this works most of the time, but sometimes I receive email whith no text and the subject line showing
=?UTF-8?B??=
I use outlook express, and I have read this System.Net.Mail and =?utf-8?B?XXXXX.... Headers
but it didn't help.
The problem is not in Outlook, because when I log in to the actual mailprogram where I fetch the POP3 emails from, the email looks the same.
When I right click in Outlook and chose "message source" then there is no "From" information.
Ex, a good message should look like this:
Subject: =?UTF-8?B?w5Z2cmlndA==?=
MIME-Version: 1.0
Content-type: text/plain; charset=UTF-8
From: John Doe
However, the ones with problem looks like this:
Subject: =?UTF-8?B??=
MIME-Version: 1.0
Content-type: text/plain; charset=UTF-8
From:
As if the information has been lost somewhere.
You should know also that I have a VPS, which I manage myself.
I use postfix as an emailserver, if thats got anything to do with it.
But then again, why does it work sometimes?
Also another thing that I have noticed is that sometimes special characters are not shown correctly (by both Outlook and the webmail).
For instance, the name "Björkman" in swedish is shown like Björkman, but again, only sometimes.
I hope anybody knows something about this problem, because it is very hard to track down for me atleast.
If you need more input let me know.
Thanks
When looking at PHP mail(), I see another line breaking: shouldn't you use \r\n as line endings?
And that Björkman example looks very much like your mail is not recognized as UTF-8 encoded.