i tried googling but sadly i get only documentations (or am i using bad keywords)
anyway
i can see that alot of programmers (even those im working with right now) does not seem to approve to using the php native mail function and resorts to using some other framework like sendmail? swift mailer etc...
i'd like to know why? are there really disadvantages to using the native mail function?
if so how does the mailing frameworkds solve that or how are they better??
There's nothing wrong with it for sending simple plain text emails.
However, once you get into multipart mime emails (say, you want an HTML version or to add an attachment) then you have to build the email yourself, and it can be quite tricky to get all the headers and encoding correct. In this case you're better off using a library.
The PHP manual for function mail mentions that there are some restrictions with the mail function and one of these are that the function opens and closes an SMTP socket for each email. The mail function works good when you just want to send a mail or two.
As far as I'm concerned, all of these problems pale in comparison to the major security problem:
Mail header injection: ( http://en.wikipedia.org/wiki/E-mail_injection , and php specific info: http://www.damonkohler.com/2008/12/email-injection.html )
Whereby a spammer bot spiders your site and, finding a vulnerability in your script that is easy to still have when using the very insecure mail() function, IS ABLE TO SEND EMAIL FROM YOUR SERVER TO AN ARBITRARY LIST OF CONTACTS, essentially turning your script & server into a cog in their spam email machine.
I recommend never using mail() with user input, and in general, just making use of PEAR::mail instead. http://pear.php.net/package/Mail/
Using PHP's mail() function requires a properly configured sendmail or equivalent on the host the program is running. However, the Windows implementation is a bit different. If you don't have your MTA configured properly, you won't be able to successfully send emails from your PHP scripts. Like another commenter said on this thread, PHP manual explicitly states that each call to the mail() function opens and closes a socket. This can cause unnecessary delay in script execution.
Additionally, your development and testing environment may not have a public static IP address. Your IP address might be blacklisted by DNSBL, Gmail, Yahoo! and other popular email service providers.
Your best bet in this situation is to use a properly configured external SMTP server. Chances are your employer has already provided an email account with SMTP access. If you don't have one you can use a Gmail account. Gmail provides SMTP access to all email accounts.
You can write scripts to open a socket connection to the external SMTP server. When there are tried and tested open source libraries for this purpose, why write your own?
Incidentally, I wrote a blog post on the very same subject yesterday: Using SMTP With Zend Framework - Solve Email Delivery Problem
Best regards,
Related
I've been using PHPMailer to send SMTP emails, and also have heard some recommend various other 3rd party classes.
I've always been a surprised and a little disappointed that this functionality is not native in PHP.
Do I still need to use a 3rd party class to do so? If not, how? If so, any idea why it isn't native?
PHP does have a native function mail() to send emails, but it is not very efficient.
From the official PHP documentation -
It is worth noting that the mail() function is not suitable for larger
volumes of email in a loop. This function opens and closes an SMTP
socket for each email, which is not very efficient.
Official PHP docs suggest using PEAR::Mail library for efficient email support. I would rather use PHPmailer or Swift mailer(http://swiftmailer.org/) though as they both have excellent support and also well documented.
If you are using windows the php mail() function will not work unless you have an smtp server installed on your PC. Windows passes the email to the email server which then sends the email if it has access through your firewall. Also note that mail() as documented is not the correct way to send an email. In order to send an email the email message must be composed in a manner resembling the RFC documentation.
I have heard that all of these methods are valid ways to send email in PHP.
What are their advantages and disadvantages?
The three options aren't quite in the same league, presuming the first means the mail() function.
Using the mail() function usually calls the local mail injector, commonly a binary program supplied by the MTA actually called "sendmail". The problem with mail() is that it is a non-straightforward interface with a number of gotchas and traps which are not well documented. This is because it mimics (IMO badly) the call to the Unix CLI mail command.
It is possible to call the local injector yourself, but this documented even less well. You may as well call mail(), anyway, since this is what the latter does.
Using SMTP comes with its own set of problems, however. If there is a local MTA that accepts and forwards mail, then it is not a bad solution. If there isn't, you will have to figure out which host you should be sending to. This will either be figuring out which external host should be doing your forwarding, or doing the actual MX lookup yourself. You will also need to know the SMTP protocol and be able to handle refusals for any reason. And you have to decide how you handle the need to re-try the send.
Doing the SMTP yourself also has the problem of not de-coupling the email sending from the reason the email is being sent. If there is a delay, or a problem, you have a page that will appear to be stuck. Using the local injector hands the former problem to the MTA; all you've done is queue the email for delivery. But then you don't have to worry about things like re-sending.
These three solutions also do not help you assemble your message, such as rich content, alternate content and attachments. You have to do all that (and add the correct headers!) yourself.
The normal recommendation is to locate a library that does all that for you, is robust and has a decent API. The usual one is PHP Mailer. The advantages of this library is that it also does all the message assembly, as well as figuring out how to do the delivery. But it's main win is that it Just Send The Message, trying mail() and local SMTP and even remote SMTP if it must. All transparantly.
I am developing a simple webmail client for IMAP-based email services using PHP's IMAP library, and I was wondering if there was any way to specify the SMTP server to use when sending an outgoing message, so that the message will be placed in the user's Sent mailbox when they are logged into their IMAP account. I saw that their is an imap_mail() function however it looks from the docs like it is just basically an alias for the normal mail() function, or am I wrong in assumming that?
Why don't you use a full featured class for this function, like PHPMailer?
Saving a copy to the Sent Mail folder is a function of IMAP, and is completely unrelated to queuing the message for delivery via SMTP. I.e., your code will have to do both operations separately -- one does not imply the other.
I have noticed that Gmail adds a copy to the sent folder on its own. Is this common behavior for the big web-mail providers?
I'm coding in PHP w/ CodeIgniter and I'd like to test some of the features in my app that send emails.
For some reason, I couldn't send emails through my email account in my local server (XAMPP), and I also don't want some SPAM filter to think I'm spamming while I'm testing.
So is there any email service that I can use for testing purposes? preferably one that doesn't enforce SSL, since I have problems getting that to work on my local server.
Appreciate your help.
As long as you're not sending out dozens or hundreds of test E-Mails, use whatever your everyday E-Mail provider is (e.g. GMail). Set the SMTP server of your mailing function to point to Google's. (I think SSL is optional with GMail, but I may be wrong.)
If your mailing library doesn't support using an external SMTP server, switch to a different one. But I think CodeIgniter has you covered there.
If you just want to test the application functionality, check out Papercut. This utility simulates the sending of email without having to set up a mail server, works great!
edit: had wrong link.
I like to set up a test SMTP service on my development machine and just send to that. There are several good options listed under this question.
I have some problems with the email system for CodeIgniter:
First, the emails I send out (registration, confirmations) are getting caught in standard spam filters in gmail and other mail clients. How do I get around this? How do companies like Facebook get their emails through consistently?
Second, the mailer is working locally but once we deploy it it no longer runs (doesn't send emails) but all the other forms run just fine. Anyone ever run into a problem like this?
Thanks for all the help!
I can't really answer your first question - it's not specific to CodeIgniter. You just need to make sure your email doesn't look like spam. In short - there's no way of guaranteeing your e-mail will not end up in a spam filter.
As for the second question, I expect your production server needs to be configured properly for email. You probably need to configure CodeIgniter to send email properly. I would suggest setting up an SMTP server (or using an existing one) rather than using the standard PHP mail which I think CodeIgniter uses by default.
Regarding spam, most organisations are very secretive about how they prevent spam (not wanting to publish information which helps the spammers) and in some cases they don't actually know - an obvious examlpe of this is bayesian filtering - but, for example, hotmail use a completely unaccountable army of volunteers to manually classify emails.
Do and get a copy of spamassassin and try to reverse engineer how the standard rules work. Obvious things to check are:
1) AVOIDING LOTS OF CAPITALS
2) don't mention the 'V' word
3) make sure you've got a current and restrictive SPF 1.0 policy published
4) make sure your sending from an address which has A and PTR DNS records
5) Do provide a reply-to and from email address which use your domain in the address
the mailer is working locally but once we deploy it it no longer runs
doesn't send emails
Which? These are 2 totally seperate things. If the code is falling over (if so why have you not provided the error details) then its likely a PHP version issue or a problem with the connection to the MTA (or the PHP mail config).
The latter is a problem with the MTA itself.
99.9% of problems reported as PHP mail failures have nothing to do with PHP and are problems with the MTA.
Enabled detailled error reporting for your MTA and see where it is failing.
C.
You may have to configure the email on your server differently than your local development environment. I've had to in the past.
There are two basic ways that PHP can send mail:
Via a UNIX program called "sendmail" (only on non-Windows servers and only if it is installed - check with your hosting provider)
Via a SMTP server.
If you've configured CodeIgniter to use SENDMAIL, check to ensure that the Sendmail path is correct. Your hosting provider usually provides this somewhere in their online documentation.
If you're using SMTP, you need to make sure that your server can contact the SMTP server. You can do this by logging into the server via SSH and typing "telnet your.smtpserver.com 25". If you get an error message about not being able to connect, you know you have a problem with your hosting provider connecting to your mail server.
I've been able to diagnose this problem by enabling logging on my production server (http://bit.ly/4pprd6) and adding log_message('error', $this->email->print_debugger()) right after I attempt to send a message.