PHP mail hide sender IP for privacy

Question

I am trying to secure my website for any potential DDoS attacks by using cloudflare services. I am hosting all the emails with Google and I am using PHP Mailer to connect to Gmail SMTP and send emails via that.

After all this it seems that any attacker can easily find the original IP of my server by using any feature from my website that sends him an email, because even though I am using Gmail SMTP, the server's IP still appears in the headers:

Received: from www.domain.com (mail.domain.com [1.2.133.233])

Currently I do not know how to keep sending emails from my website while also protecting my server's privacy and hiding the IP (or showing the IP of the SMTP instead). There are some features on my website that require automatic email sending so I cannot disable that unfortunately.

Should I use GMAIL API? Would that be any better?

Or should I use other service for sending emails, like a remote service?

Any suggestions please?

Answer 1

You could use a service like MailGun

It's easy to set up, free unless you are high volume, and it's considered good practice if these are transactional emails.

I use the service with most of our sites and I just double checked that the site IP is not disclosed.

Good luck!

Answer 2

Either:

a) Use a remote mail exchanger. Some will add a FORWARDED_FOR header, but most strip that out upon receiving it.

b) Use a different IP for e-mailing so that in the event of an attack against you, you can null that IP, rendering only email down.

c) Look at options that provide you with DDoS mitigation for the backend server.