A lot of examples I found online about sending emails with php set the header
"X-Mailer: PHP/" . phpversion()
But I find disclosing I'm using php and its version a very bad security practice.
Is this a required header?
PHP makes use of mail() function to send an email. This function requires three mandatory arguments that specify the recipient's email address, the subject of the the message and the actual message additionally there are other two optional parameters. mail( to, subject, message, headers, parameters );
The first method to send emails directly from a PHP script is by using the built-in mail() function. To use the PHP send mail feature, users hosting their PHP application or site on a local server will need to configure a Sendmail program by changing the php. ini file in their PHP installation folder.
X-headers are email headers that are added into the email in addition to the standard headers, such as the To, From, and Subject, according to the specific needs of the sender. Mailbox providers also add X-headers to email for things such as SPF, DKIM and DMARC authentication results, spam filter information, and more.
PHP provides email support via a built-in mail() function. Using this function, you can easily send emails directly through your PHP script.
Let's look at what kind of header is generated.
According to RFC 2076, section 3.4, the header "X-Mailer" is, together with several others, non-standard. Which basically means that any mail software can treat it like it wants to, especially adding them or ignoring them. Absence of such headers cannot be used against the sender.
I'm pretty sure the "X-" prefix indicates "non-standard header" in SMTP message format as well, just as it does in HTTP headers or mime types.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With