[RESOLVED] Problems sending email using mail() function

randomizer82

Hello,

I am very much a PHP beginner, so please bear with me. I have several forms on my website that use the PHP mail() function to send the data to various destination email addresses. When the user provides their email address on the form, the PHP script validates whatever they enter (to ensure it contains an "@", and a "." followed by a domain extension) and then assigns the data as the "From" value used in the mail function. I set these forms up and tested them a couple months ago. Everything was working just fine. Then a couple days ago, I set up a new form, and discovered that although the script was echoing that the message sent successfully, the message was never received by any of the recipients. After a little bit of testing, I discovered that the message would send successfully if the user provided as their email address something other than a hotmail, yahoo, or gmail address, but if they provided an email address using any of those three domains, the message would not send. I compared the script against the others I had written previously, and didn't find any major differences. Then I tested the other forms on the website and discovered that they were all having the same problem. These problems were not happening a couple months ago. Everything was working fine before, and I haven't changed anything that I can remember on those other form scripts since the time I first set them up.

This issue has really baffled me. Why would my PHP script care what domain the user is entering as their email address? It's just a simple data string that validates according to the specs I mentioned above. I called my hosting service provider to see if there were any settings on my account that would be responsible for this issue, and the guy I spoke with said everything in my settings looked fine. He was 100% sure that the problem was not on their end, as they have no way of monitoring or interfering with any my scripts. He said the problem was probably with the script.

Has anyone else experience this issue before , and know what may be causing this issue to happen? These forms need to be able to accept any kind of email address that the user enters. The business I am working for needs these forms to be completely functional ASAP, as they are planning to use them to accept online registrations for a conference seminar coming up in a couple weeks.

Here is the the processing script I'm using (The location variables referenced are actually the names of cities. I've changed them as well as the email addresses referenced for privacy reasons.):

<?php
// To
define("WEBMASTER_EMAIL",'support@xyz.com,abc@xyz.com');


error_reporting (E_ALL ^ E_NOTICE);

$post = (!empty($_POST)) ? true : false;

if($post)
{

function ValidateEmail($email)
{

$regex = '/([a-z0-9_.-]+)'. # name

'@'. # at

'([a-z0-9.-]+){2,255}'. # domain & possibly subdomains

'.'. # period

'([a-z]+){2,10}/i'; # domain extension 

if($email == '') { 
	return false;
}
else {
$eregi = preg_replace($regex, '', $email);
}

return empty($eregi) ? true : false;
}

$ip = trim($_POST['ip']);
$httpref = trim($_POST['httpref']);
$httpagent = trim($_POST['httpagent']);
$subject = stripslashes($_POST['subject']);
$location1 = stripslashes($_POST['location1']);
$location2 = stripslashes($_POST['location2']);
$location3 = stripslashes($_POST['location3']);
$location4 = stripslashes($_POST['location4']);
$location5 = stripslashes($_POST['location5']);
$location6 = stripslashes($_POST['location6']);
$name = stripslashes($_POST['name']);
$company = stripslashes($_POST['company']);
$website = trim($_POST['website']);
$email = trim($_POST['email']);
$subscribe = stripslashes($_POST['subscribe']);
$attendees = stripslashes($_POST['attendees']);
$phone = trim($_POST['phone']);


$error = '';
$location = '';

// Check event location

if(!$location1 && !$location2 && !$location3 && !$location4 && !$location5 && !$location6)
{
$error .= 'Please select at least one seminar location for which you want to attend.<br />';
}

if($location1)
{
$location .= 'Location 1  ';
}

if($location2)
{
$location .= 'Location 2  ';
}

if($location3)
{
$location .= 'Location 3  ';
}

if($location4)
{
$location .= 'Location 4  ';
}

if($location5)
{
$location .= 'Location 5  ';
}

if($location6)
{
$location .= 'Location 6';
}

// Check name

if(!$name)
{
$error .= 'Please enter the name of the contact person managing this request.<br />';
}

// Check company name

if(!$company)
{
$error .= 'Please enter the name of your company.<br />';
}

// Check website url

if(!$website || $website == 'http://www.')
{
$error .= 'Please enter the web address for your company website.<br />';
}

// Check email

if(!$email)
{
$error .= 'Please enter your email address for confirmation purposes.<br />';
}

if($email && !ValidateEmail($email))
{
$error .= 'Please enter a valid e-mail address for confirmation purposes.<br />';
}

if($subscribe)
{
$subscribe = 'Yes';
}
else
{
$subscribe = 'No';
}

// Check attendees

if(!$attendees)
{
$error .= 'Please enter the number of attendees in your group.<br />';
}

// Check phone

if(!$phone)
{
$error .= 'Please enter a contact phone number that we can use to reach you.<br />';
}

if(!$error)
{
$todayis = date("l, F j, Y, g:i a");
$message = " $todayis [EST] \n
The following was sent from a visitor using the Seminar Registration form on xyz.com. \n
Location: ".$location." \n
Name: ".$name." \n
Company Name: ".$company." \n
Company Website: ".$website." \n
E-mail: ".$email." \n
Subscribe: ".$subscribe." \n
Number of Attendees: ".$attendees." \n
Phone: ".$phone." \n
IP Address: ".$ip." \n
Browser Info: ".$httpagent." \n
Referral: ".$httpref." \n
";
$mail = mail(WEBMASTER_EMAIL, $subject, $message,
     "From: ".$name." <".$email.">\r\n"
    ."Reply-To: ".$email."\r\n"
    ."X-Mailer: PHP/" . phpversion());


if($mail)
{
echo 'OK';
}

}
else
{
echo '<div class="notification_error">'.$error.'</div>';
}

}
?>

bradgrafelman

randomizer82 wrote:
When the user provides their email address on the form, the PHP script validates whatever they enter (to ensure it contains an "@", and a "." followed by a domain extension)

Unnecessary - just use [man]filter_var/man with the FILTER_VALIDATE_EMAIL option.

randomizer82 wrote:
then assigns the data as the "From" value used in the mail function.

That's a very good way to get yourself flagged as an open mail relay and/or spam server and have all of your e-mails automatically blocked as spam. In other words, it's a really bad idea.

The 'From' address should always be an e-mail address on your domain (e.g. a domain that the sending SMTP server has authority to send on behalf of).

randomizer82 wrote:
Why would my PHP script care what domain the user is entering as their email address?

It doesn't. It's not PHP's fault that your e-mails aren't being received. Most SMTP servers nowadays check SPF records, which are basically a way of verifying which servers are allowed to send e-mails on behalf of a given domain.

When they see e-mails your script generates that claim to be "from" yahoo.com, gmail.com, or any other domain with a good SPF record, they most likely discard the message as obvious spam (which it is - you aren't gmail.com, yahoo.com, etc., so saying your generated e-mails are "from" those domains is a lie/deception).

If you really want to incorporate the user's e-mail address, do so in a header such as "Reply-To" instead.

Also note that even after you correct this issue, your e-mail server may be (and this is a very likely possibility) blacklisted on an RBL (real-time block list) or two (or several) due to the suspicion of your server being compromised and/or a spam server (for the reasons described above).

randomizer82

I think you were right. I changed my script according to your suggestions, and it seems to be working now.

Thanks for your help.