I am using PHPMailer to send automated e-mails from my website and while testing, I noticed that all e-mails sent by php mailer are generating the following warning on the recipients end:
This message may not have been sent by: [email protected] Learn more Report phishing
I was wondering if there is a way to avoid this?
PHP Mailer code:
//mail functions
require("mailer/class.phpmailer.php");
require("mailer/class.smtp.php");
require("mailer/class.pop3.php");
$mail = new PHPMailer();
$mail->IsSMTP();
$mail->Host = "relay-hosting.secureserver.net";
$mail->Port = 25;
$mail->IsHTML(true);
$mail->Username = "[email protected]"; // SMTP username
$mail->Password = "pass"; // SMTP password
$mail->From = "[email protected]";
$mail->FromName = "FOO";
$mail->AddAddress("[email protected]", "WIDB");
$mail->AddReplyTo("[email protected]");
//$mail->AddAddress("[email protected]"); // name is optional
$mail->WordWrap = 50; // set word wrap to 50 characters
//$mail->AddAttachment("/var/tmp/file.tar.gz"); // add attachments
//$mail->AddAttachment("/tmp/image.jpg", "new.jpg"); // optional name
$mail->IsHTML(true); // set email format to HTML
$mail->Subject = 'Foo - Transaction Receipt';
$mail->Body = $message;
$mail->AltBody = "nothing";
//send mail
$mail->Send();
I am using GMail and I have SMTP enabled...
usually this happens because the sending server is already marked as spam by somebody. The way i found is go to the gmail account mark the item as 'important' in gmail and 'Add to Safe senders' in Outlook.
But SPEWS can be worse than annoying: thanks to a security vulnerability in a popular web software component called PHPMailer, crooks could use your “contact us” form to take over your whole website. 24/7 threat hunting, detection, and response delivered by an expert team as a fully-managed service.
PHPMailer can use a non-local mail server (SMTP) if you have authentication. Further advantages include: It can print various kinds of error messages in more than 40 languages when it fails to send an email. It has integrated SMTP protocol support and authentication over SSL and TLS.
You can either set up google apps for your site and get a [email protected] gmail account (more info here it's free), or You will need to set up an e-mail address on your current server that is [email protected] and use that as the $mail->from address.
Your E-Mail recipients are receiving the message because you are telling google to send an e-mail from your server, and then you are telling them that the mail is coming from gmail, which it isn't, it's coming from your personal server. Since the from address and your server address don't match, they flag it as spam. This is googles way of preventing spam, to them it would be the same if you put $mail->from([email protected]). The e-mail would still send, but your domain name does not match the @ address.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With