I am trying to send an email with PHP mail() function when the form is submitted. Excluding GMAIL, emails are going to spam/junk, I have tried yahoo and outlook as other email service providers.
I know there are other solutions as well, like PHP mailer or sending an email using third-party services like SendGrid or Mailgun, but I want to know if there is any other way to bypass spam filter in other email providers like I am currently bypassing Gmail.
Mail.php
<?php
function autoResponderEmail($name, $email) {
$subject = "Thank you for submitting the form";
$from = "[email protected]";
$organization = "Organization Name Here";
$message = "Thank you " . $name ." for contacting us. We will be in touch with you shortly." . "\n\n" . "Regards,\n" . $organization . " Team";
$headers .= "Reply-To: ".$organization." <".$from.">\r\n";
$headers .= "Return-Path: ".$organization." <".$from.">\r\n";
$headers .= "From: ".$organization." <".$from.">\r\n";
$headers .= "Organization: ".$organization."\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "X-Priority: 3\r\n";
$headers .= "X-Mailer: PHP". phpversion() ."\r\n" ;
$sendMail = mail($email, $subject, $message, $headers);
if ($sendMail) {
header('Location: ./index.html');
} else {
alert('Failed to send email');
}
}
if(isset($_POST['submit'])){
$to = "[email protected]";
$organization = "Organization Name Here";
$full_name = $_POST['full_name'];
$from = $_POST['email_address'];
$phone = $_POST['phone'];
$message = $_POST['message'];
$detail .= "Name: " . $full_name . "\r\n";
$detail .= "Email: " . $from . "\r\n";
$detail .= "Phone: " . $phone . "\r\n";
$detail .= "Subject: New Contact Inquiry" . "\r\n";
$detail .= "Organization: " . $organization . "\r\n";
$detail .= "Message: " . $message . "\r\n";
$headers .= "Reply-To: ".$organization." <".$to.">\r\n";
$headers .= "Return-Path: ".$organization." <".$to.">\r\n";
$headers .= 'Cc: [email protected]' . "\r\n";;
$headers .= "From: ".$organization." <".$to.">\r\n";
$headers .= "Organization: ".$organization."\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "X-Priority: 3\r\n";
$headers .= "X-Mailer: PHP". phpversion() ."\r\n" ;
$sendMail = mail($to, $subject, $detail, $headers);
if ($sendMail) {
autoResponderEmail($full_name, $from);
} else {
alert('Failed to send email');
}
};
?>
CodePudding user response:
No. If there was a way to bypass spam filters, they wouldn't be spam filters.
Take a look at the raw source of a received message that's been put in spam. Most email providers will add headers explaining how and why it ended up in spam.
You're doing a number of things wrong in this code that are likely to get it marked as spam:
You're setting a return-path header. That's an RFC contravention, because that's the receiver's job. If you want to set the envelope sender, use the -f option in the additional_params parameter to mail().
You're not doing any DKIM signing here. It could be that your local mail server is doing it for you, but if you're not, that's a likely cause.
In your second example, you're forging the from address, which will almost always get your message marked as spam. If you want to be able to reply to a submitter's address, use your own (non-forged) address as the from address and add the submitter's as a reply-to.
Your scripts are vulnerable to header injection attacks.
You are doing no processing on your message body and it contains user-supplied content, so it's very likely to result in an incorrectly-encoded messages that may amount to vulnerabilities, especially when coupled with header injection that may result in injectable attachments.
This is why people use libraries like PHPMailer, to help you avoid all these problems.