Safely send many emails in PHP

Question

I'm building a website in PHP that allows users to send invitation emails. They are allowed to send more than one at once.

I'm told that using PHP's mail() function is a bad choice because it can easily be marked as spam. Is there some way that I can set up this script so that the emails are not marked as spam?

I've done quite a lot of reading and from what I've read today it seems like a few factors can influence whether mail is marked as spam including: the words used in the emails; the domain that the emails say they are sent from compared to where they actually originate; formatting of headers; and the frequency of emails sent.

The email addresses that we use are with Gmail Apps. So, if the emails I send don't "look" spammy, I send them from Gmail, and I can limit the frequency of the emails sent (maybe 10 every 10 minutes) then I should be able to do this without a problem right?

EDIT

This is not for a newsletter. Do I even have to worry about being marked as spam for invitation emails?

Answer 1

while your conclusion is correct, your reasoning is not quite right. php's mail function will not cause your emails to be marked as spam, because it sends the same emails as anything else would.

the problem with php's mail function is that it is very low level, and so if you do not know how to use it properly, and leave email injection vulnerabilities, people could use your site to send spam messages through it, and in turn this could get your server blacklisted as a source of spam by isps. as long as you strip \n and \r from your extra header fields (From:, etc), you should be safe.

Another issue is that you have to add your own valid headers to your emails.

Yet another issue is that it would connect and disconnect from your smtp server for each time you call mail(), although I think there is a way you can send multiple emails using one call to mail. this would be complicated though since it would probably involve looking through rfc282 and figuring out how to do it.

Answer 2

at first you need an valid mx.record for your domain... if you use the mail function you should send valid headers like these:

function send_mail($from = FALSE,$to = FALSE, $msg = FALSE, $subject = FALSE, $html= TRUE){
    if($from && $to && $msg && $subject){
        if ($html){
            $header  = 'MIME-Version: 1.0' . "\r\n";
            $header .= 'Content-type: text/html; charset=UTF-8' . "\r\n"; 
        }
            $header .= 'From: '.$from. "\r\n";          
            $header .= 'Reply-To: '.$from. "\r\n";
            $header .= 'X-Mailer: PHP/' . phpversion();
            return mail ($to,$subject,$msg,$header);
    }
    return "fail";
}