Solved

EMail Headers

Posted on 2013-02-03
26
1,552 Views
Last Modified: 2013-02-25
I am having a huge issue with a cron job I wrote which sends EMail to SPAM. The cron actually runs - but for some reason it spits the emails into Users SPAM.

Here are the headers:

$strHeader .= 'From: '.$row['mediaemail'] . "\r\n";
$strHeader .= 'Reply-To: ' .$row['mediaemail']. "\r\n" ;
if($row['cc']!='') $strHeader .= 'Cc: '. $row['cc'] . "\r\n";
$strHeader .= 'X-Mailer: PHP/' . phpversion();
$strHeader .= "MIME-Version: 1.0\n";  
$strHeader .= "Content-Type: multipart/mixed; boundary=\"".$strSid."\"\n\n";  
$strHeader .= "This is a multi-part message in MIME format.\n";  
 
$strHeader .= "--".$strSid."\n";  
$strHeader .= "Content-type: text/html; charset=utf-8\n";  
$strHeader .= "Content-Transfer-Encoding: 7bit\n\n";  
$strHeader .= $mailBodyText."\n\n";
0
Comment
Question by:Starquest321
  • 12
  • 8
  • 4
26 Comments
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 167 total points
ID: 38848725
Before you do anything else, learn about SPF and set it up correctly on your servers, then come back to this question.

If your SPF records are correct, the problem is almost certainly triggered by the recipient's spam filters.  Tell the user to "whitelist" your sending email address.

If that doesn't work, use my email address which you can find in my public profile and send the same message to me.  I will copy the original email, complete with all headers and I will post the information here so we can discuss what might be triggering the spam filters.  The status of the SPF records will be part of the headers so we can verify SPF at the time we see the email.

EE does not like us to put our email addresses into comments, so to find my email address, follow this link, click the "about me" tab and search the page for the word. "Gmail"
http://www.experts-exchange.com/M_3774417.html
0
 

Author Comment

by:Starquest321
ID: 38848819
Thanks - please check your email.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38848844
Couple of things here:
Received: from outbound-ss-183.bluehost.com (outbound-ss-183.bluehost.com. [69.89.29.197])

        by mx.google.com with SMTP id d3si13306108paw.273.2013.02.03.04.03.51;

        Sun, 03 Feb 2013 04:03:52 -0800 (PST)

Received-SPF: neutral (google.com: 69.89.29.197 is neither permitted nor denied by domain of ron@nadlan-investments.com) client-ip=69.89.29.197;

Authentication-Results: mx.google.com;

       spf=neutral (google.com: 69.89.29.197 is neither permitted nor denied by domain of ron@nadlan-investments.com) smtp.mail=ron@nadlan-investments.com

Message-Id: <510e5228.a34b420a.547b.41ceSMTPIN_ADDED_MISSING@mx.google.com>

Open in new window

As you can see, the SPF is neutral.  It would be better if the SPF said "pass!"  Here are the corresponding lines from a MailChimp broadcast email.
Received-SPF: pass (google.com: domain of bounce-mc.us4_7752489.333993-ray.paseur=gmail.com@mail77.us4.mcsv.net designates 205.201.128.77 as permitted sender) client-ip=205.201.128.77;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of bounce-mc.us4_7752489.333993-ray.paseur=gmail.com@mail77.us4.mcsv.net designates 205.201.128.77 as permitted sender) smtp.mail=bounce-mc.us4_7752489.333993-ray.paseur=gmail.com@mail77.us4.mcsv.net;
       dkim=pass header.i=brandon=3Dbrandonsavage.net@mail77.us4.mcsv.net
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=k1; d=mail77.us4.mcsv.net;

Open in new window

If you look at the first snippet, note the SMTPIN_ADDED_MISSING.  You probably want to do something about that.

These lines of code will create a single output line, all run together.  You might want a line-feed between the outputs.  As written it may cause the Mime-Version to be overlooked.

$strHeader .= 'X-Mailer: PHP/' . phpversion();
$strHeader .= "MIME-Version: 1.0\n";  

I am also a bit suspicious of this (though I am not sure about it):

Content-type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

I am fairly sure that utf-8 characters require more than 7 bits - some are multi-byte representations.  You might want to look into that part and see if these two lines collide in some way.

And finally if you want to send the email directly to me, straight out of the automated process, not via a forwarded message, there might be something else I could pick up.

HTH, ~Ray
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 333 total points
ID: 38849035
You should know that SPAM is defined by the person or server that receives the email.  While there are things you can do to make your email not Look like spam, they get to decide.

If you are using the PHP mail() function and $strHeader is used for the header parameter, then $strHeader .= $mailBodyText."\n\n";  is wrong because the mail body is the 'message' parameter and does not belong in the header.  It's supposed be this way:

mail($to, $subject, $message, $headers);

http://www.php.net/manual/en/function.mail.php
0
 

Author Comment

by:Starquest321
ID: 38849080
I am attaching the full file for your review. Much much appreciated comments! Do you see any other errors in the code?
cron-lead-automessage.php
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38849159
What DaveBaldwin said.  This line #156 needs to be revisited, and the construction of the message just above it should put the message body into a separate variable, so the message body can be put into the place where there is "null" right now.

if(mail( $row['leadEmail'] , $row['Subject'] , null, $strHeader )) {
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38849209
In addition, the standard says that all lines in the header should be terminated by '\r\n' although many mail servers accept just '\n'.  In addition the 'boundaries', at least after the first, should be in the message body also.  Simple example here: http://www.enewsletterpro.com/articles/multi_part_mime_messages.asp

You might find that one of the reasons you're going in the spam folder is just because your messages aren't formatted properly.  That has been a frequent sign of spam.
0
 

Author Comment

by:Starquest321
ID: 38858484
We have updated the code - but still the issue is the same. Since the email is being sent from the host server I thought to check the php.ini file. This is the result:

[mail function]
; For Win32 only.
SMTP = localhost
smtp_port = 25

; For Win32 only.
;sendmail_from = me@example.com

; For Unix only.  You may supply arguments as well (default: "sendmail -t -i").
sendmail_path = /usr/sbin/sendmail -t -i -f

; Force the addition of the specified parameters to be passed as extra parameters
; to the sendmail binary. These parameters will always replace the value of
; the 5th parameter to mail(), even in safe mode.
;mail.force_extra_parameters =

Do I need to force extra parameters?
0
 

Author Comment

by:Starquest321
ID: 38858641
I am attaching the updated changed to the script - anything I missed? Still the spam issue.
cron-lead-automessage-updated.php
0
 

Author Comment

by:Starquest321
ID: 38858934
Here is another version - still not sending email!
cron-lead-automessage--2-.php
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38860656
See if this runs for you on your web server.  This is my PHP Email demo that has run on Linux and Windows hosting.  Save it as 'Email.php' so it will post to itself and send email.  Put your own email address in for $toText.
<?php
error_reporting(E_ALL);
ini_set('display_errors','1');

# some settings of POST vars
if (!isset($_POST['send']))  $send = ''; else $send = $_POST['send'];
if (!isset($_POST['toText'])) $toText = ''; else $toText = $_POST['toText'];
if (!isset($_POST['subjectText'])) $subjectText = ''; else $subjectText = $_POST['subjectText'];
if (!isset($_POST['msgText'])) $msgText = ''; else $msgText = $_POST['msgText'];
if (!isset($_POST['ccText'])) $ccText = ''; else $ccText = $_POST['ccText'];
if (!isset($_POST['bccText'])) $bccText = ''; else $bccText = $_POST['bccText'];
if (!isset($_POST['nameText'])) $nameText = ''; else $nameText = $_POST['nameText'];
if (!isset($_POST['fromText'])) $fromText = ''; else $fromText = $_POST['fromText'];

if ($send == "") {
    $title="Test Email Page";
    $announce="---";
}
else {
	if($fromText === "") die("No name!");
  $toText="youremail@yourdomain.com";
	$title="Test Email Page";
  $announce="Your Message has been Sent!";
	$header = "From: ".$fromText."\r\n";
//	$header .= "Cc: ".$ccText."\n";
	$header .= "Reply-To : ".$fromText."\r\n";
	$header .= "Return-Path : ".$fromText."\r\n";
	$header .= "X-Mailer: PHP\r\n";
	$header .= "MIME-Version: 1.0\r\n";
	$header .= "Content-Type: text/plain; charset=iso-8859-1\r\n";
//	ini_set(sendmail_from,$fromText);  
	mail($toText, $subjectText, $msgText, $header, '-f'.$fromText);
//	ini_restore(sendmail_from);
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
 "http://www.w3.org/TR/html4/loose.dtd">

<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title><?php echo($title)?></title>
<style type="text/css">
<!-- 
A:link { color: #999999; }
A:visited { color: #999999; }
A:hover {color: #0099ff;}
-->
</style>
<script type="text/javascript">
<!--
function check()
{
var at=document.getElementById("fromText").value.indexOf("@");
var eml=document.getElementById("fromText").value;
var nam=document.getElementById("nameText").value;
var alerttxt="";
var submitOK="true";

if (eml.length < 5 || at == -1)
    {
    alerttxt=alerttxt+"Please enter a valid e-mail address!\r\n";
    submitOK="false"
    //return false;
    }
if (nam.length < 3)
    {
    alerttxt=alerttxt+"Please enter your name.\r\n";
    submitOK="false"
    //return false;
    }
if (submitOK=="false")
    {
    alert(alerttxt);
    return false;
    }

}
// -->
</script>
</head>

<body bgcolor="#ddeedd">
<div align="center">
<table border="0" cellpadding="0" cellspacing="0" summary="" width="580">
<tr><td align="center">

<?php
if ($send != "") {
   	echo ("To: ".$toText."<br>\r\nSubject: ".$subjectText."<br>\r\n".$msgText."<br>\r\n".$header);
		}
?>

<p><b><font color="#000000" size="5">Test Email</font></b></p>
<font size="4" color="#000000">

<form method="POST" action="Email.php" onsubmit="return check();">
    <p><font size="3"><b>Name: <input type="text" name="nameText" id="nameText" size="46"></b></font></p>
    <p><font size="3"><b>Email: <input type="text" name="fromText" id="fromText" size="46"></b></font></p>
    <input type="hidden" name="subjectText" value="Web Mail">
    <p><font face="Arial" size="3"><b>Message Text:</b></font></p>
    <p><font face="Arial" size="3"><b><textarea rows="6" name="msgText" cols="60"></textarea></b></font></p>
    <p><font size="3"><b><input type="submit" value="Send" name="send" style="font-family: Arial; font-size: 12pt; font-weight: bold"></b></font></p>
    <input type="hidden" name="state" value="1">
  </form>
  <b><font face="Arial" size="4" color="#e00000"><?php echo($announce)?></font></b><br><br>

</font>
</td></tr>
</table> 
</div>

</body>
</html>

Open in new window

0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38860749
I just tested another version of my code thru the command line and it failed the first time.  I looked at my 'php.ini' and it looked like yours so I looked at phpinfo() thru the web server and it showed my machine's IP as the SMTP server.  That reminded me that I have IIS set up to work on that IP address and Not on localhost.  I changed 'php.ini' to look like this and now it works on the command line.  You only need to do this if you have setup IIS to work only on a specific IP address and not 'All Unassigned'.

[mail function]
; For Win32 only.
SMTP = 10.10.10.11
smtp_port = 25
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 

Author Comment

by:Starquest321
ID: 38860943
David - I am using a host with linux . . . :( What should I do now?
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38861008
If you have a SMTP server like 'sendmail' or 'Postfix' installed, you can just leave those settings alone.  I would leave 'sendmail_path' to the default value without the '-f' because you can add the '-f' in your code if it is needed.  Look at Example #3 on http://www.php.net/manual/en/function.mail.php except that sending no headers (null) will probably cause your email to bounce on most SMTP servers.

Did you try my demo on your server?
0
 

Author Comment

by:Starquest321
ID: 38861054
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38861146
'PEAR' email is an entirely different method unrelated to using the PHP mail() function.
0
 

Author Comment

by:Starquest321
ID: 38861153
Is it better? Should I use that? Will that eliminate my issue?
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 333 total points
ID: 38861212
Since we don't know what your issue is yet, I doubt it.  Did you try my demo code yet?
0
 

Author Comment

by:Starquest321
ID: 38861228
Fair enough - I will test tomorrow and report back!
0
 

Author Comment

by:Starquest321
ID: 38871257
Looks like the issue is fixed! Thanks all for helping!
0
 

Author Comment

by:Starquest321
ID: 38871759
I just realized that I need to delete this question. My scripts post here include my actual user name/pass and domain information. I am a little stressed. How can I remove this?
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 38871779
Use the "Request Attention" button and a moderator will take care of it.  Probably want to change those anyway!
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 38871782
You need to contact the admins thru a Community support question.  I don't see a "Request Attention" button anymore.

Or you could just change the user name and password...
0
 

Author Comment

by:Starquest321
ID: 38924539
Going to the link above does not provide me with the ability to change the file.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

What is Usenet? There are many different opinions on exactly what Usenet is an isn't. Many opinions are incorrect simply out of ignorance. The Wikipedia listing about Usenet does a good job of explaining it, so instead of repeating it all here I wi…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now