How reliable is the PHP mail() function?

Yes, I use php mail() all the time. Very easy to use and quick to setup. Here's a quick example that works (I've changed the email addresses).

$to     =  $put_the _senders_email_here;
$subject = "Your Subject";
$message = $message_goes_here;
## Headers:
$headers  = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=iso-8859-1" . "\r\n";
$headers .= "From: someone@someone.com\r\n";
$headers .= "Reply-To: someone@someone.com\r\n";

if(mail( $to, $subject, $message, $headers )){
echo "Mail sent!"
} else {
echo "There was an error sending the mail!";
}



The above code will send an HTML email so you can dress the message up a bit if you like. It will also send basic text email as well. (if you don't put tags in it will still send ok)

I use built in php mailer to when people registered.  It sends the mail and the user can click on the provided link and register.  (Alternatively can paste in the activation code to the activation form.)

I apparently doesn't work perfectly as there have been a couple complaints.  However, both complaints came from the same ISP so I suspect any traffic coming from our server will be blocked by that ISP.

Note that if you allow the user to specify both the 'From:' and 'To:' addresses, it will be a spam magnet without a login to restrict access.  Even with a login, you may find that some will 'join' or whatever to use that kind of email interface for spam.

Sometimes hosting companies and ISPs require that one of the email addresses be a local registered user.  Check your hosting to make sure they will allow what you want.

Keep in mind that what I said above is only used on the server side and not for use with any public. You set up the variables the way you want and it is a responder that sends one email to the person trying to register. You can and probably should specify a no-return address for the reply-to field so you don't get people responding to it. The purpose is to say "Welcome" and give them a link to click on that will validate that email address in your database.

Like Dave said above, I would never (NEEEEEEVER) allow any user/public access to send php mail() through any website that I build as it is a recipe for disaster and you may find your web host either cuts you off or their mailserver's IP address will be blocked big time by ISP's.

I actually had to fight for 3 months with Yahoo.com to take my "Genuine" companies name and my host's IP off their blacklist. I sent out more than 5 emails in one hour from a website that had the name "Junktraders" in the title and they flagged it as spam.

What a nightmare to deal with the robots that they employ. No one will help you and they don't care at all. Plenty more customers out there!

Go carefully when dealing with php mail() but it is very good and easy to use for small mail jobs (not mailing lists).

If you wanted to sendout mail to a list of subscribed users it is no good (to slow) as it sends them out one at a time (I think).

First of all, thanks for the answers.

After I submitted this question, I realized that I omitted a critical part: What's the best way to avoid spam filters and blacklists?

I was in a rush and apparently EE doesn't allow editing.

Here's my hypothetical scenario:

I want to host resumes/CVs where:

-a user can create (or upload) a resume(s)
-select a resume
-send via email to a prospective employer
---only a single email to one recipient could be sent per session (no bulk emails)

The email will be sent using PHPs mail() function and should appear to originate from the users own email account to avoid misdirected replies.

I know there are better ways, but this is hypothetical and should work as described. Assume that the users are verified and are not spammers.

Can this be accomplished with mail() and without fear of spam filters and blacklists?

Following up on Dave, just a tidbit.  When testing software using my own Linux box as the server (thus a dynamic IP and other spam issues), Yahoo won't even put my mail in the spam bulk mail box.  My mail gets through to gmail.  The point being, if using your own box to test, don't be surprised if you can't test using Yahoo.

Email by its very nature is unaccountable.  As I read this, "The FROM and REPLY TO headers would contain the user's own email address with a different domain." I believe that I am seeing a request for something like this:

My email address is Ray.Paseur@Gmail.com

The message you are sending on my behalf would appear to come from something like Ray.Paseur@Yahoo.com

Does that capture the flavor of what you want to do?  

Thanks, DaveBaldwin, You've given me a lot to read and research. I've also discovered http://whatismyipaddress.com/blacklist-check (for anyone else that's interested).

Ray Paseur, not quite. "A different domain" meaning different than the originating domain.

A user, joe@yahoo, would log on to my (fictitious) web site, my-superior-resume-service.com, and send a resume via email to an employer. The email should appear to have originated from joe@yahoo, not from the my-superior-resume-service.com web server.

OK, I think I understand.  You can do that - use a phony point of origin in the email headers.  In fact, you can create entirely phony email headers for every single element of the header (there is no accountability in email headers).  But your messages will not originate from the Yahoo servers' IP addresses, so it will be obvious to everyone who has the technical ability to check the SPF records that the message is not really from Yahoo.

When an SPF record check fails, there is a very high probability that the message will be marked as spam and possibly discarded.

A better approach might be to send the message from your own server, using your own server domain and setting a "reply to" address for joe@yahoo in the headers.

Or even no-reply@mydomain.com

I think it would help if the no-reply box had an auto responder so that if anyone checked it, there'd be a response that says something like "You've sent a message to an unmonitored mail box.  For assistance go to www.mydomain.com/contact.php"

I have an auto-responder on one of my domains that monitors the "no-reply@mydomain.com" and sends out a message that pretty much says what you just said - "This is an unmonitored email address. Blah blah blah..."

What I wanted to put on that responder is something like this

"Dear user. Thank you for REPLYING to "no-reply@mydomain.com". As you can see, this email address is ....well, "UNMONITORED YOU MORON!"  

But we can't do silly things like that :)

@elvin66:  We can't??

Here is a screen shot from GMail.  It shows a message from my country club to me, sent via an external service.  Note the "via" part.  Google understands this issue.
wgcc.png

Thanks, guys, for the responses.

MarcusG gets 50 points because of my lack of "asking skills."

DaveBaldwin, you pointed me in the right direction and I truly appreciate it.

Everybody else, your input was valuable, thanks again.

You're welcome, glad to help.

What's the best way to avoid spam filters and blacklists?

Going forward, you might want to consider posting a separate question if you find that the original question did not fully capture the essence of your inquiry.  But this is an easy question, even if it has nothing to do with PHP, email reliability, or allowing clients to create phony headers on their email messages.

The best way to avoid spam filters and blacklists is to use Constant Contact instead of sending your own email messages.  They are paid email professionals and they do things that you and I cannot do because they have full-time staff devoted to the task of getting email to work correctly.  They will ensure that the email gets to the right people, in the right format, and they will ensure that you are legally protected (there are criminal penalties for sending unwanted email) as you go about your work.  And they are embarrassingly inexpensive.  So get your free trial account, learn how their service works, and put an end to your email worries forever.

http://www.constantcontact.com/index.jsp