mail from my homepage goes to the spam folder

paldo

On my homepage I have a contact form with captcha.
The visitor gives his mail address and the form is sent to me,
but it arrives in my gmail spam folder. Is there a way to avoid that mails from my homepage are not considered as spam? I think maybe there might be a piece of a coding that I can introduce to my php mail script. I have tried with the header but the mail still goes into the spam folder.
Here my script:

<?php

$name = $_REQUEST["name"];
$subject = $_REQUEST["subject"];
$message = $_REQUEST["message"];
$from = $_REQUEST["from"];
$verif_box = $_POST["verif_box"];

// remove the backslashes that normally appears when entering " or '
$name = stripslashes($name); 
$message = stripslashes($message); 
$subject = stripslashes($subject); 
$from = stripslashes($from); 

// check to see if verificaton code was correct
if(md5($verif_box).'a4xn' == $_COOKIE['tntcon']){
	// if verification code was correct start printing on the mail email the bottom to the top	



$message = "Subject: ".$subject."\n\n".$message;
$message = "Name: ".$name."\n".$message;
$message = "From: ".$from."\n".$message;


  $headers .= "Reply-To: <me@gmail.com>\r\n"; 
  $headers .= "Return-Path: <me@gmail.com>\r\n"; 
  $headers .= "From: $from\r\n";


mail("me@gmail.com", 'my form: '.$subject, $_SERVER['REMOTE_ADDR']."\n\n".$message, $headers);
// delete the cookie so it cannot sent again by refreshing this page
setcookie('tntcon','');
} else if(isset($message) and $message!=""){
	// if verification code was incorrect then return to contact page and show error
	header("Location: mail.php?name=$name&subject=$subject&from=$from&message=".urlencode($message)."&wrong_code=true");
	exit;
} else {
	echo "fill out the form completely";
	exit;
	}
?>

Is it because of

"$_SERVER['REMOTE_ADDR']."\n\n".$message "?

Thank you for your help

bradgrafelman

One problem I see is this:

$headers .= "From: $from\r\n";

If you set the 'From' address to a user-supplied e-mail address, you're forging the origin of the e-mail message. This is probably why GMail is considering your messages to be spam (since they technically are).

Try adding a 'Sender' header that points to an e-mail address on the domain from which you are sending these e-mails. Also consider adding additional e-mail headers to make your message look more complete/legitimate, such as MIME-Version, Content-Type, etc.

paldo

You mean something like this:

$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
$headers .= "X-Priority: 3\r\n";
$headers .= "X-Mailer: PHP". phpversion() ."\r\n"

I don't understand how I can change the
$headers .= "From: $from\r\n";
because $from is a variable, the visitor mail address. Can you give me more hints?

Thank you

Derokorian

He's not saying to change the From: header but rather to add a Sender: header that specifies an address on your domain. Optionally you could change from to be from your domain and use the Reply-To: header for the user-supplied email address.

sneakyimp

I would imagine another important reason is that you set Reply-To and Return-Path to be me@gmail.com. It's a common spam tactic to have the reply-to email on a spam message be the person to whom the spam is delivered. Additionally, setting the return-path as being from gmail is not going to fool gmail. Gmail knows it didn't send the message.

paldo

As you suggest I have added the following to my script:

  $headers .= "Reply-To: <me@gmail.com>\r\n"; 
  $headers .= "Return-Path: <me@gmail.com>\r\n"; 
  $headers .= "From: $from\r\n";
  $headers .= "MIME-Version: 1.0\r\n";
  $headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
  $headers .= "X-Priority: 3\r\n";
  $headers .= "X-Mailer: PHP". phpversion() ."\r\n";

but the mails still land in the spam folder. Is it because of the new security measure that gmail introduced recently?

bradgrafelman

The Return-Path should point to an e-mail on your domain. Also, you still haven't added a 'Sender' header as previously suggested.

Finally, does your domain have a valid SPF record?

paldo

I have checked a few tutorials about sender headers but I did not understand how to deal with it.

I then add my domain mail address as suggested but all mails still landed in my spam folder at gmail.

I changed gmail to a yahoo address and all mails landed in my inbox.

I will inform gmail that all mails coming from my webpage go to my spam folder. This has to do with the new google security policy that was introduced a few weeks ago.

bradgrafelman

paldo;10997206 wrote:
I have checked a few tutorials about sender headers but I did not understand how to deal with it.

All you do is add a 'Sender:' header that contains an e-mail address on the domain from which you're sending the messages. It doesn't get any simpler than that, really.

paldo;10997206 wrote:
I then add my domain mail address as suggested but all mails still landed in my spam folder at gmail.

How did you add it? Can you show us your new code?

paldo;10997206 wrote:
I will inform gmail that all mails coming from my webpage go to my spam folder. This has to do with the new google security policy that was introduced a few weeks ago.

GMail will probably then inform you the same thing I've been trying to inform you: the fact that GMail labels your message as spam is good, because that's exactly what it is - spam or an otherwise illegitimate message. Until you add a valid Sender header (or stop using user-supplied e-mail addresses in the 'From' header), you are forging the identity of the actual sender of the message.

paldo

This is what I did:


............	
  $headers .= "Reply-To: <myemail@mydomain.com>\r\n"; 
  $headers .= "Return-Path: <myemail@mydomain.com>\r\n"; 
  $headers .= "From: $from\r\n";
  $headers .= "MIME-Version: 1.0\r\n";
  $headers .= "Content-type: text/plain; charset=iso-8859-1\r\n";
  $headers .= "X-Priority: 3\r\n";
  $headers .= "X-Mailer: PHP". phpversion() ."\r\n";

mail("myemail@mydomain.com", 'CSPM online Form: '.$subject, $_SERVER['REMOTE_ADDR']."\n\n".$message, $headers);
........
?>

Thanks for your help.