Sending an email using someones email address (NOT SPAM)

Posted on 2010-01-12
Medium Priority
Last Modified: 2013-12-12
Hi, just like to say this is not a spam question before we start.

I'm working on a newsletter project for a company. Their email is run through an internal server containing Microsoft Exchange, say the domain is www.internal.com. The newsletter system I'm building is hosted on a third party remote server (Digiweb), under domain www.external.com. When the newsletters are sent from the external server, they need to appear as though they're being sent from the internal email addresses of www.internal.com.

Using PHPMailer, I can change the sender's email address and name. This works fine......but the emails are only received by non-Microsoft Exchange servers.....for example my personal Yahoo and Hotmail accounts.

I've done some digging into the header and I found this line:

Received-SPF: none (mail1.hosting.digiweb.ie: domain at win4.hosting.digiweb.ie does not designate permitted sender hosts)

How do I overcome this? Can I add the IP Address of the Microsoft Exchange server to the code in PHPMailer, thereby authenticating the header? Thanks in advance, sorry if the question is in breach of the EE guidelines but it's a genuine non-spam question.
Question by:kbit
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
LVL 11

Expert Comment

ID: 26294965
"When the newsletters are sent from the external server, they need to appear as though they're being sent from the internal email addresses of www.internal.com. "

Woowowow!... You are in a little trouble, if you really need that your clients get successful your Newsletter you must consider (and do it) to host the Newsletter application in the same server of  www.internal.com domain,  if both domains were hosted in the same server would not have any problem, but in your case, seems almost impossible delivery your Newsletters successful  without get flagged as SPAM

Author Comment

ID: 26295076
Even if I send the email from "noreplies@external.com" I get the same SPF error, even though that email account does exist on that server.
LVL 111

Expert Comment

by:Ray Paseur
ID: 26296950
SPF is specifically for preventing what you are trying to do here.
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

LVL 111

Expert Comment

by:Ray Paseur
ID: 26297027
This is a nettlesome issue, so I will give you my take on it.  First the easy answer (and the one I have come to use with great success for thousands of emails every week).  Drop everything and use Constant Contact.  They run a business with full-time employees devoted to making sure your email gets to the intended recipients.  You cannot do what they do, and it is embarrassingly inexpensive - literally less than the cost of a cup of coffee per day.  There are other vendors besides CC, but we chose them because my staff liked their web interface.  It has been an excellent experience.

Now to the second (and in my mind less satisfactory) solution... learn about SPF.  Read this:

You will want the owners of the domain to take action on your behalf.  SPF allows a domain to specify which machines are authorized to send email for that domain.  They will need to specify that your server is allowed to send the email.

SPF is a big step in the right direction, but you will still have anti-spam issues, and dealing with those is a time-consuming and thankless task.  That is why the Constant Contact solution is so inviting.  After you lose a few days of your life explaining to your clients why their emails were mishandled, you will probably agree about Constant Contact.

Best regards, and best of luck with it, ~Ray

Author Comment

ID: 26306152
OK thanks for that, so SPF is to prevent faking someone else's email address.

But if I send the newsletter from tom@external.com on the EXTERNAL machine, why does it still give the same SPF warning? The tom@external.com email account is on that server

Author Comment

ID: 26306324
Maybe it doesn't matter, the email gets through to the invox and is not detected as spam in Yahoo,Google,Outlook (with high sensitivity junk settings) or Gmail.
LVL 111

Expert Comment

by:Ray Paseur
ID: 26306421
The SPF warning shows up when the domain host does not have SPF records that identify the sending host as a permitted sender.  It is not dependent on the domain names at all (these can be faked as everyone who has ever received any spam knows), only on the presence of the record.

Author Comment

ID: 26341921
So which server needs the SPF details added to it, the one I've described as internal (MS Exchange) or my external one (3rd party)?
LVL 111

Accepted Solution

Ray Paseur earned 2000 total points
ID: 26366462
You will want the owners of the domain to take action on your behalf.  SPF allows a domain to specify which machines are authorized to send email for that domain.  They will need to specify that your server is allowed to send the email.

So if your domain is "myDomain.com" you need to get the owners of that domain name involved.

Author Comment

ID: 26368538
Ok thanks for that, will my server's IP Address be enough for the other domain administrator to add the TXT record?

Author Comment

ID: 26382419
The Exchange guy sent me his SMTP details which I entered into my PHPMailer script and it looks encouraging but not sure if the header information indicates that things are good or not (I've masked the names, email addresses and domains):
Return-Path: <system.notification@internal.com>
Delivered-To: me@myemailaddress.ie
X-Envelope-To: me@myemailaddress.ie
Received: (qmail 26177 invoked by uid 399); 22 Jan 2010 17:11:07 -0000
Received: from unknown (HELO server107.appriver.com) (
  by mail1.hosting.digiweb.ie with ESMTP; 22 Jan 2010 17:11:07 -0000
Received-SPF: none (mail1.hosting.digiweb.ie: domain at internal.com does not designate permitted sender hosts)
	identity=mailfrom; client-ip=;
X-Policy: GLOBAL - internal.com
X-Primary: system.notification@internal.com
X-Note: This Email was scanned by AppRiver SecureTide
X-ALLOW: system.notification@internal.com ALLOWED
X-Virus-Scan: V-
X-Note: Spam Tests Failed: 
X-Note-Reverse-DNS: fe02.exg3.exghost.com
X-Note-WHTLIST: system.notification@internal.com
X-Note: User Rule Hits: 
X-Note: Global Rule Hits: G115 G116 G117 G118 G122 G123 G134 G221 
X-Note: Encrypt Rule Hits: 
X-Note: Headers Injected
Received: from [] (HELO FE02.exg3.exghost.com)
  by server107.appriver.com (CommuniGate Pro SMTP 5.3.0)
  with ESMTP id 203217760 for me@myemailaddress.ie; Fri, 22 Jan 2010 12:11:06 -0500
Received: from FE02.exg3.exghost.com ([]) by FE02.exg3.exghost.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Fri, 22 Jan 2010 12:10:59 -0500
Received: from www.external.com ([]) by FE02.exg3.exghost.com with Microsoft SMTPSVC(6.0.3790.3959);
	 Fri, 22 Jan 2010 12:10:58 -0500
Date: Fri, 22 Jan 2010 17:10:55 +0000
Return-Path: System.notification@internal.com
To: me@myemailaddress.ie
From: =?iso-8859-1?Q?Joe_Bloggs=2C_MyCompany?= <System.notification@internal.com>
Reply-to: =?iso-8859-1?Q?Joe_Bloggs=2C_MyCompany?= <joe.bloggs@internal.com>
Subject: Newsletter 22/01/2010
Message-ID: <b192467d9428225fd008a8827abe2428@www.external.com>
X-Priority: 3
X-Mailer: PHPMailer 5.1 (phpmailer.sourceforge.net)
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="iso-8859-1"
X-OriginalArrivalTime: 22 Jan 2010 17:10:58.0945 (UTC) FILETIME=[DDE8AF10:01CA9B85]
X-Antivirus: AVG for E-mail 8.5.432 [271.1.1/2638]

Open in new window


Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
This article will help to fix the below error for MS Exchange server 2010 I. Out Of office not working II. Certificate error "name on the security certificate is invalid or does not match the name of the site" III. Make Internal URLs and External…
how to add IIS SMTP to handle application/Scanner relays into office 365.
A short tutorial showing how to set up an email signature in Outlook on the Web (previously known as OWA). For free email signatures designs, visit https://www.mail-signatures.com/articles/signature-templates/?sts=6651 If you want to manage em…
Suggested Courses

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question