Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

How reliable is the PHP mail() function?

Posted on 2011-10-08
17
Medium Priority
?
481 Views
Last Modified: 2013-12-12
I would like to allow a user to send a single email to a third-party. The FROM and REPLY TO headers would contain the user's own email address with a different domain. Is the PHP mail function (on Linux/Apache) adequate?
0
Comment
Question by:giandem
  • 4
  • 3
  • 3
  • +3
17 Comments
 
LVL 31

Assisted Solution

by:Marco Gasi
Marco Gasi earned 200 total points
ID: 36936030
For this kind of tasks, mail() function is perfect, easy and quick. I use it often and I never had problems. If you need some complex mail mangement (mailing lists, attachement and so on), then it should be better to use something like PhpMailer, but for a so simple task I suggest to use mail function without doubts.

Cheers
0
 
LVL 20

Expert Comment

by:Mark Brady
ID: 36936815
Yes, I use php mail() all the time. Very easy to use and quick to setup. Here's a quick example that works (I've changed the email addresses).

$to     =  $put_the _senders_email_here;
$subject = "Your Subject";
$message = $message_goes_here;
## Headers:
$headers  = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= "From: someone@someone.com\r\n";
$headers .= "Reply-To: someone@someone.com\r\n";

if(mail( $to, $subject, $message, $headers )){
echo "Mail sent!"
} else {
echo "There was an error sending the mail!";
}



The above code will send an HTML email so you can dress the message up a bit if you like. It will also send basic text email as well. (if you don't put tags in it will still send ok)
0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36937435
I use built in php mailer to when people registered.  It sends the mail and the user can click on the provided link and register.  (Alternatively can paste in the activation code to the activation form.)

I apparently doesn't work perfectly as there have been a couple complaints.  However, both complaints came from the same ISP so I suspect any traffic coming from our server will be blocked by that ISP.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 36937603
Note that if you allow the user to specify both the 'From:' and 'To:' addresses, it will be a spam magnet without a login to restrict access.  Even with a login, you may find that some will 'join' or whatever to use that kind of email interface for spam.

Sometimes hosting companies and ISPs require that one of the email addresses be a local registered user.  Check your hosting to make sure they will allow what you want.
0
 
LVL 20

Expert Comment

by:Mark Brady
ID: 36937643
Keep in mind that what I said above is only used on the server side and not for use with any public. You set up the variables the way you want and it is a responder that sends one email to the person trying to register. You can and probably should specify a no-return address for the reply-to field so you don't get people responding to it. The purpose is to say "Welcome" and give them a link to click on that will validate that email address in your database.

Like Dave said above, I would never (NEEEEEEVER) allow any user/public access to send php mail() through any website that I build as it is a recipe for disaster and you may find your web host either cuts you off or their mailserver's IP address will be blocked big time by ISP's.

I actually had to fight for 3 months with Yahoo.com to take my "Genuine" companies name and my host's IP off their blacklist. I sent out more than 5 emails in one hour from a website that had the name "Junktraders" in the title and they flagged it as spam.

What a nightmare to deal with the robots that they employ. No one will help you and they don't care at all. Plenty more customers out there!

Go carefully when dealing with php mail() but it is very good and easy to use for small mail jobs (not mailing lists).

If you wanted to sendout mail to a list of subscribed users it is no good (to slow) as it sends them out one at a time (I think).
0
 
LVL 1

Author Comment

by:giandem
ID: 36939058
First of all, thanks for the answers.

After I submitted this question, I realized that I omitted a critical part: What's the best way to avoid spam filters and blacklists?

I was in a rush and apparently EE doesn't allow editing.

Here's my hypothetical scenario:

I want to host resumes/CVs where:

-a user can create (or upload) a resume(s)
-select a resume
-send via email to a prospective employer
---only a single email to one recipient could be sent per session (no bulk emails)

The email will be sent using PHPs mail() function and should appear to originate from the users own email account to avoid misdirected replies.

I know there are better ways, but this is hypothetical and should work as described. Assume that the users are verified and are not spammers.

Can this be accomplished with mail() and without fear of spam filters and blacklists?
0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 1800 total points
ID: 36939090
There is nothing about email that can guarantee getting past spam filters.  Hotmail, Yahoo, and Gmail are often more interested in blocking possible spam than delivering email.  Other spam filtering services can be setup the way the users want and there is no telling how severe their blocking will be.

To avoid generating spam, it is very important that you have a login procedure and filtering on your email page to prevent access from people who aren't registered users of your system.

Here are the troubleshooting pages:

Hotmail - http://mail.live.com/mail/troubleshooting.aspx

Yahoo - http://help.yahoo.com/l/us/yahoo/mail/postmaster/basics/

Google / Postini -http://www.google.com/support/appsecurity/bin/answer.py?hl=en&answer=92707#10
0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36939410
Following up on Dave, just a tidbit.  When testing software using my own Linux box as the server (thus a dynamic IP and other spam issues), Yahoo won't even put my mail in the spam bulk mail box.  My mail gets through to gmail.  The point being, if using your own box to test, don't be surprised if you can't test using Yahoo.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36942200
Email by its very nature is unaccountable.  As I read this, "The FROM and REPLY TO headers would contain the user's own email address with a different domain." I believe that I am seeing a request for something like this:

My email address is Ray.Paseur@Gmail.com

The message you are sending on my behalf would appear to come from something like Ray.Paseur@Yahoo.com

Does that capture the flavor of what you want to do?  
0
 
LVL 1

Author Comment

by:giandem
ID: 36948983
Thanks, DaveBaldwin, You've given me a lot to read and research. I've also discovered http://whatismyipaddress.com/blacklist-check (for anyone else that's interested).

Ray Paseur, not quite. "A different domain" meaning different than the originating domain.

A user, joe@yahoo, would log on to my (fictitious) web site, my-superior-resume-service.com, and send a resume via email to an employer. The email should appear to have originated from joe@yahoo, not from the my-superior-resume-service.com web server.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36949608
OK, I think I understand.  You can do that - use a phony point of origin in the email headers.  In fact, you can create entirely phony email headers for every single element of the header (there is no accountability in email headers).  But your messages will not originate from the Yahoo servers' IP addresses, so it will be obvious to everyone who has the technical ability to check the SPF records that the message is not really from Yahoo.

When an SPF record check fails, there is a very high probability that the message will be marked as spam and possibly discarded.

A better approach might be to send the message from your own server, using your own server domain and setting a "reply to" address for joe@yahoo in the headers.
0
 
LVL 13

Expert Comment

by:Hugh McCurdy
ID: 36949867
Or even no-reply@mydomain.com

I think it would help if the no-reply box had an auto responder so that if anyone checked it, there'd be a response that says something like "You've sent a message to an unmonitored mail box.  For assistance go to www.mydomain.com/contact.php"
0
 
LVL 20

Expert Comment

by:Mark Brady
ID: 36952770
I have an auto-responder on one of my domains that monitors the "no-reply@mydomain.com" and sends out a message that pretty much says what you just said - "This is an unmonitored email address. Blah blah blah..."

What I wanted to put on that responder is something like this

"Dear user. Thank you for REPLYING to "no-reply@mydomain.com". As you can see, this email address is ....well, "UNMONITORED YOU MORON!"  

But we can't do silly things like that :)
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36952796
@elvin66:  We can't??

Here is a screen shot from GMail.  It shows a message from my country club to me, sent via an external service.  Note the "via" part.  Google understands this issue.
wgcc.png
0
 
LVL 1

Author Closing Comment

by:giandem
ID: 36953787
Thanks, guys, for the responses.

MarcusG gets 50 points because of my lack of "asking skills."

DaveBaldwin, you pointed me in the right direction and I truly appreciate it.

Everybody else, your input was valuable, thanks again.
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 36953810
You're welcome, glad to help.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 36953969
What's the best way to avoid spam filters and blacklists?

Going forward, you might want to consider posting a separate question if you find that the original question did not fully capture the essence of your inquiry.  But this is an easy question, even if it has nothing to do with PHP, email reliability, or allowing clients to create phony headers on their email messages.

The best way to avoid spam filters and blacklists is to use Constant Contact instead of sending your own email messages.  They are paid email professionals and they do things that you and I cannot do because they have full-time staff devoted to the task of getting email to work correctly.  They will ensure that the email gets to the right people, in the right format, and they will ensure that you are legally protected (there are criminal penalties for sending unwanted email) as you go about your work.  And they are embarrassingly inexpensive.  So get your free trial account, learn how their service works, and put an end to your email worries forever.

http://www.constantcontact.com/index.jsp
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this. Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it i…
This holiday season, we’re giving away the gift of knowledge—tech knowledge, that is. Keep reading to see what hacks, tips, and trends we have wrapped and waiting for you under the tree.
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question