I am trying to build a email messaging system for a classified site ( a la craigslist), so that users can email each other. emails of registered users are stored in a database.
What I want is for the recipients email address to be hidden from the sender's . If I just use the mail() function and dynamically get the recipients email from the database, will this email be visible to the person sending the mail ??
if the recipients email is indeed hidden from the sender's when using mail() this way, then why does craigslist anonymize's email ? isn't it already anonymous ?
Edit: so the email won't be visible to the person filling the form. SO the question remains is why does craigslist anonymizes email addresses? and whether I should implement the same ?
Craigslist doesn't use a form to submit. They provide an email address. When the users send the email using their own email system to #craigslist.org, then their servers get that email, look up the appropriate record, and forward the email to the real email address, so the sender never sees the real email address of the person.
If you're providing a form for the users to fill out, then you're doing something completely different from craigslist. You don't have to show the person's real email address on the form, and they're using your form, not their own email program, to do the reply, so there's no need to show any email address at all, anonymous or real.
If you're going to let people use their own email programs and provide them with an email address, then use the anonymizing service, which will add some load to your servers since they'll have to parse and process incoming emails at a variety of addresses. If you're using a form, you don't have to show any email addresses at all.
You are the one sending it, and it really comes from your server, not the person who filled out the form on your website. So no, there is absolutely no way they can see the real address it went to.
Why does craigslist take it a step further? Not sure, but its not for that reason.
Related
I'm using the $email->setFrom('no-reply#example.com'); method and it's working fine for email delivered to the registered sender.
However, the email is delivered as no-reply#example.com.
How can I include the email of the customer that has filled the form? Eh: mario#gmail.com?
If I replace $email->setFrom('mario#gmail.com'); I will get 403.
This happen because I have to register the sender. But I just need to create a simple contact form.
Is there a way to use setFrom using a custom email?
Thanks in advance
Twilio SendGrid developer evangelist here.
When sending emails with SendGrid you do need to verify the email or domain you are sending from. So, you can't use any email address as the from email.
You're creating a contact form, which is why you want the email to appear to come from the person sending it. However, what you really want from that is to be able to reply straight to the person that sent the email.
What you can do is send the email from a domain or email address you have verified and then set the reply-to header to the user's email address. You will receive the email from your chosen email address but when you go to reply the to address will be filled in with the custom email address.
$email->setReplyTo("mario#gmail.com");
I have a website with a webform which users can use to contact a company. The webform internally creates an email in PHP using PHPMailer and is sending this email via SMTP to the company.
The company has a customer-management-system which identifies the user by looking at the sender of the email. Which means I couldn't send the email from the form from "form#example.com" to "customer-relations#example.com", but need to send it from "customeremail#customerdomain.com" to "customer-relations#example.com".
This worked for some years now, but since some time, we get the error-message:
"envelope sender not allowed customeremail#customerdomain.com"
for example from emails from #gmail.com. Other domains still work.
I understand that it is not good practice to "fake" the sender of the email to make the identification of the customer-management-system work. The developer of the customer-management-systems are not able to offer a solution yet (no comment on that...), so perhaps there are any ideas here which we could try to make this work?
I've trying to check if the email address exists and is alive though the smtp server, but I'm getting answers as exact as possible.
Only way to prove that an email is alive is email confirmation after registering process.
You should send to newly subscribed/registered user a link containing parmeters about his email confirmation.
for instance:
new user with email aaa#bbb.ccc is registered and his email is saved into database with id
"as23kja45".
You should send him an email message with link yoursite.com/confirmation.php?id=as23kja45. After clicking on this link you'll read id in param value, check in database does it exists, if true => you have alive email address
Before sending such link you should check email by some email validator to prove that email satisfying form of email address.
There is no 100% reliable way of checking the validity of an email address. There are a few things you can do to at least weed out obviously invalid addresses, though.
The problems that arise with email addresses is actually very similar to those of snail mail. All three points below can also be used for sending snail mail (just change the DNS record with a physical address).
1. Check that the address is formatted correctly
It is very difficult to check the format of email addresses, but PHP has a validation filter that attempts to do it. The filter does not handle comments and folding whitespace, but I doubt anyone will notice.
2. Check that the DNS record exists for the domain name
If a DNS (Domain Name System) record exists then at least someone has set it up. It does not mean that there is an email server at the address, but if the address exists then it is more likely.
3. Send a verification email to the address
This is the most effective way of seeing if someone is at the other end of the email address. If a confirmation email is not responded to in an orderly fashion -- 3 hours for example -- then there is probably some problem with the address.
how do i validate Existing E-Mail Address.
in a Registration system, when a user enter a Email address it checks if the Email address is existing or not in Ymail/Gmail.
i already have a running domain(for Practice).
You have my regards.
Most registration systems validate an email address by sending an email to it with a uniquely encoded URL in it and requiring the user to go get that email and click on the link. When your server sees that the link has been clicked on the email address is know to be accessed by you.
Here's a basic flowchart for how it works:
User goes to your website
User commences registration and fills in their email address
Server checks to see if email address is in a legal and proper form and is not already registered
If the rest of the user's registration looks good and then email address looks legal, the server creates an account in your system and puts in the "unverified" state.
Then, a code is generated that corresponds to that specific user. That code is put onto an URL and that URL is put into an email which is sent to the email address the user entered.
The user receives the email with instructions to click on the enclosed link.
User retrieves email and clicks on the link.
Your server receives web request from that link. It parses out the code from the URL and checks to see if that code matches an account that is in the "unverified" state. If so, and the account has not expired from too much time elapsing since the email was sent, then the account is put into the "verified" state and is ready for use.
The basic idea of this system is that if you can retrieve an email sent to that email address then the email address must be a valid and working email address and you, the user, must be able to access that email address (it's not just some random email address you made up).
Back in the day, you could easily validate email addresses. Then the spammers came along. Now the only way you can confirm the existence of an email address is by trying to send something to it and checking for bounces. And even then, the lack of a bounce doesn't mean it exists - it could simply have been silently deleted, ignored, spam filtered into oblivion, etc...
Basically, what you want is not possible - any such system would simply help spammers hammer your box with more russian brides popping penis pills while wearing fake rolexes.
SMTP provides VRFY and EXPN verbs to check if an account or mailing list exists. However, most server admins disable these verbs from their mail configuration to prevent hackers from exploiting user lists. Gmail and Yahoo are said to have VRFY disabled.
Another option you can try for these servers is emailing the user with a link to confirm their email address. Granted, it is not as sexy as realtime email verification, but it is more secure for all parties.
It is practically not possible to validate email address with growing number of spams.
These days people send a mail to the email address entered by user to complete the registration or activate the account. You can probably do that and is a much safer way to do. You can find a number of resources online to implement this functionality.
I'm using AuthSMTP which is a paid SMTP Relay service. They only support a finite amount of "from" email addresses, which must be proper accounts.
This is my first site build and I'm trying to get my head around how to implement email.
When a user registers with the site or forgets their password, I have an 'info' email account which these messages come from. This works.
However, how do I go about the contact form? I want the email to come from the user who filled in the contact box TO the info inbox. I need to be able to reply directly to them.
How can I do this is my server won't allow the email to come "from" the user? if I use the "reply-to" in the headers, what do I put for the "from" field?
put the email address you are logging in with