This question already has answers here:
Why is my e-mail still being picked up as spam? Using mail() function
(5 answers)
Closed 9 years ago.
I am sending an email using PHP but all the emails are going to the spam folder. Please tell me where I am making a mistake.
<?
$name=$_POST['name'];
$email=$_POST['email'];
$phone=$_POST['phone'];
$message=$_POST['message'];
$ToEmail = "me#example.com";
$ToSubject = "Message from your site";
$EmailBody = "Name: $name\n
Email: $email\n
Phone: $phone\n
Message: $message\n";
$Message = $EmailBody;
$headers .= "Content-type: text; charset=iso-8859-1\r\n";
$headers .= "From:".$name." / ".$email."\r\n";
mail($ToEmail,$ToSubject,$Message, $headers);
header("location: thankyou.php");
?>
Long story short, if the recipient's server put your mail into the spam box, your program is working all right and there is nothing you can do.
Longer Story: Nowadays most mailing servers will check that the email is from a server that actually holds the domain corresponding to the email. Suppose you are sending with account abc#gmail.com, the server of the recipient's email checks if the server from which this mail comes is gmail.com. This is done by checking the SPF record .
Related
Recently we found that someone has sent out unsolicited emails from our server. This has resulted in the server being blacklisted. I assume this is hackers using forms that have not escaped data correctly, or could it be something else as well?
We have a number of sites with their own 'contact us' type forms. I am going through all the forms and making sure the post data is being escaped. I found one form adding POST data to message without validating it first. I have just added a check before sending the email. Do you think the following will suffice, or is it better practice to escape the email post value before running it through the filter_var?
if(filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
{
$message = $email." says hello";
$headers = "From: me#example.com";
mail('to#example.com', 'Subject', $message, $headers);
}
Should I be checking the transfer logs for header injection attacks/other attacks, if so what would I be looking for?
The best thing you can do is to check your logs to see who's sending those emails, as you probably aren't gonna check all your users' scripts.
Also, it doesn't make any sense to filter/escape/encode your own forms input (although you should definitely do it) as any of your users can user your smtp server.
Here's how you can trail your mail logs:
tail -f /var/mail/exim_mainlog
tail -f /var/log/exim_mainlog
tail -f /var/log/exim_paniclog
tail -f /var/log/exim_rejectlog
I just installed ssmtp to send email with LAMP on Ubuntu.
And a simple script like this:
<?php
$additional_headers = 'From: someone#testing.com' . "\r\n";
$res = mail('myemail#gmail.com','test','test body', $additional_headers);
var_dump($res);
?>
I received the email but the sender name will put as "nobody" , so it is using the user name "nobody"? How can I change it? I'm new in Ubuntu...
Thanks.
Try changing your "Extra Headers" to also include a 'Reply-to' header EG:
$additional_headers = 'From: someone#testing.com' . "\r\n" .
'Reply-To: someone#testing.com' . "\r\n";
The way you have it SHOULD work, according to the documentation, but distance can vary depending on which MTA (Mail Transport Agent) your using.
The doc page is here : http://php.net/manual/en/function.mail.php
Additional:
Be aware, that in a lot of mail systems, you need to provide a valid DNS address too. On my mail server running ubuntu, if I give the from header as a domain that cannot be looked up using a valid DNS, the recipient address will appear blank.
I pray someone can help me. I've been around and around...
The situation is this. I have visible encrypted email addresses that an individual takes and puts into a form (enctype="multipart/form-data)and completes the email form prior to mailing. My php on a different page attempts to decrypt the TO: field of the html email form.
This is my php code, testing to see if I indeed am decrypting:
if (isset($_POST['submit'])) {
//just to echo the encrypted input for the email to field ECHOES PERFECTLY
$to = $_POST['to'];
echo $to;
//above echo displays correctly below is a jumbled mess
echo "<br>";
$ivs = mcrypt_get_iv_size(MCRYPT_3DES, MCRYPT_MODE_OFB);
$iv = mcrypt_create_iv($ivs, MCRYPT_RAND);
$key = "12yeshua34";
$message = $to;
$enc = mcrypt_decrypt(MCRYPT_3DES, $key, $message, MCRYPT_MODE_OFB, $iv);
echo $enc;
}
This is what gets echoed:
feeb936a8e9896a849c67f011524f6f2e4d8
$p�������t���b�� �'����T���A�f~
As you can already tell I am also a newbie. And I believe I've read everything I could find... and I still can't solve this. If I could get this to decrypt, then I could remove the test portion of this code and get an email 'successfully sent off.
Thank you and FATHER BLESS jim
assuming your encryption process works fine and uses 3DES in OFB mode to encrypt the address with the provided key "12yeshua34", you will also need the IV used for encryption for that specific address in order to be able to decrypt ... mcrypt_create_iv($ivs, MCRYPT_RAND) will create a random IV each time ... you need the very same IV for both operations: encryption and decryption
I have a PHP Mail script that sends out emails and I need to send some out in Chinese. I have the following code:
$email_header = "From: $from\n";
$email_header .= "X-Priority: 1\n"; //1 UrgentMessage, 3 Normal
$email_header .= "Return-Path: <$return>\n";
$email_header .= "Content-type: text/html; charset=utf-8\n";
mail($row["email"], '=?UTF-8?B?'.base64_encode($subject).'?=', $email_body, $email_header);
The issue I have is with both the Subject of the Email and the body - it is sending as follows:
Subject: ???????????
Body: ???????????????
?????
??????????????????????????????????????????????????
?????
Clearly not Chinese!!! If anyone can point me in the right direction, that would be great.
Thanks in advance,
Homer.
Looks like a database connection issue rather than a mailer issue. Perhaps forgot to do a set names utf-8...?
I have a client with 5000 emails from an old list he has that he wants to promote his services to. He wants to know which emails on the list are still valid. I want to check them for him - without sending out 5K emails randomly and then being listed as a spammer or something. Ideas?
You can validate the email via SMTP without sending an actual email.
http://code.google.com/p/php-smtp-email-validation/
You could also send emails out, and check for bounces.
bucabay's answer is the way forward. What a library like that essentially does is checking for existing DNS record for (mail) servers at specified domains (A, MX, or AAAA). After that, it do what's termed callback verification. That's where you connect to the mail server, tell it you want to send to a particular email address and see if they say OK.
For callback verification, you should note greylisting servers say OK to everything so there is no 100% guarantee possible without actually sending the emails out. Here's some code I used when I did this manually. It's a patch onto the email address parser from here.
#
# Email callback verification
# Based on http://uk2.php.net/manual/en/function.getmxrr.php
#
if (strlen($bits['domain-literal'])){
$records = array($bits['domain-literal']);
}elseif (!getmxrr($bits['domain'], $mx_records, $mx_weight)){
$records = array($bits['domain']);
}else{
$mxs = array();
for ($i = 0; $i < count($mx_records); $i++){
$mxs[$mx_records[$i]] = $mx_weight[$i];
}
asort($mxs);
$records = array_keys($mxs);
}
$user_okay = false;
for ($j = 0; $j < count($records) && !$user_okay; $j++){
$fp = #fsockopen($records[$j], 25, $errno, $errstr, 2);
if($fp){
$ms_resp = "";
$ms_resp .= send_command($fp, "HELO ******.com");
$ms_resp .= send_command($fp, "MAIL FROM:<>");
$rcpt_text = send_command($fp, "RCPT TO:<" . $email . ">");
$ms_resp .= $rcpt_text;
$ms_code = intval(substr($rcpt_text, 0, 3));
if ($ms_code == 250 || $ms_code == 451){ // Accept all user account on greylisting server
$user_okay = true;
}
$ms_resp .= send_command($fp, "QUIT");
fclose($fp);
}
}
return $user_okay ? 1 : 0;
I think you need to send the emails to find out. Also, this is pretty much exactly what a spammer is, thus the reason for getting put on spammer lists. Sending in bursts will help you hide this fact though.
You'll have to email them at least once.
Create a new email list. Send the old list an email with a link they need to click on to continue receiving messages (re-subscribe).
Send them all an email and collect all reply-to bounces on a real email account, then purge those bounced emails from your main list.
Send them all an HTML email, and one of the images is remotely hosted and requires a unique ID to request it that you set in each email. When your web server returns that image to their client, you can then consider that email as active. This is called a web bug, and will only work if the person automatically loads remote images in their client.
https://github.com/kamilc/email_verifier is a rubygem that will check that the MX record exists and that the SMTP server says the address has a valid mailbox.
You can use a paid service like Kickbox to do this as well.
You can consider the MailboxValidator service http://www.mailboxvalidator.com/ which should be adequate for your requirement. You can get either a bulk plan where you can upload a CSV file containing your email list or get the API plan if you require programmatic integrations.