Reputation: 6144
how to prevent phpmailer sending email with different "from" address?
I am asking this question just because I am curious and probably it is a really dumb and very well known thing but I couldn't find an answer online:
Today I was helping a friend with his website. He asked me to prepare an html e-mail template that he can send via his website (e.g. www.myfriendswebsite.com) with phpmailer. I prepared it and tested in my domain/server by putting his e-mail address (e.g. [email protected]) in "from" part. I sent an e-mail to my personal e-mail address (e.g. [email protected]) via my website (e.g. www.mywebsite.com) and when I received the e-mail I realized I don't even see my domain's name or e-mail address (e.g. [email protected]); instead I see my friend's e-mail address ([email protected]). When I hit "reply" it replies to my friend's address; it looks like it has been sent from my friend's website directly. Of course; if I pull up the raw source I see the details of where I received the e-mail but what prevents someone else using my e-mail address and spam people? I am pretty sure this is another way of spamming and hacking people's accounts but is there a way to prevent that? It scared me a little and I didn't know where else to turn but Stackoverflow :)
Upvotes: 1
Views: 1988
Answers (3)
Reputation: 173542
For one, you should not send emails whereby the From: is populated by user supplied data; use the Reply-To: header for such purposes.
The reason you shouldn't do that is because inbox services, such as Google Mail, Yahoo, etc. use the Sender Policy Framework (SPF) to determine whether the mail server that sent the message is authorized to send on a domain's behalf; you would risk messages sent from your server to get recognized as spam and not delivered.
So, to answer your question, even though it's possible to masquerade anyone's email address, it's getting increasingly more difficult to get those messages delivered due to improving spam filters and black lists, and doing so can even get your mail server blacklisted.
Upvotes: 6
Reputation: 197659
what prevents someone else using my e-mail address and spam people?
Nothing. Imagine a postcard, what prevents someone else using your address and send postcards out into the world? Nothing.
The same is for email, the postcard of the internet.
Upvotes: 2
Reputation: 125
Editing your headers like this will/should fix the problem.
$headers = 'From: [email protected]' . "\r\n";
$headers .= 'Reply-To: [email protected]' . "\r\n";
$headers .= 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
Upvotes: 1
Related Questions
- Removing 'gmail.com' from the 'from' when using gmail smtp and phpmailer
- Phpmailer, can't set needed 'from' email
- How to not make PHPmailer send an email with multiple 'to' addresses?
- PHPMailer wrong from address when receiving email
- Email 'from' field been set incorrectly with phpmailer 5.2
- PHPMailer - How to get "sent from" correctly
- PHPMailer not sending with correct 'from' address
- php's mail() is overriding the 'from' email address
- PHPmailer gmail 'from' is gmail account
- php email changing the "from" address