BrownJacket Posted April 6, 2019 Share Posted April 6, 2019 Hello there! I made a contact-form with PHP but the e-mails go directly into the spam folder. Then I ran a test on http://www.mail-tester.com and I got some errors. As you can tell, I am new to PHP and I don't know what to do. I appreciate any help! Errors: 1. HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 2. MIME_HTML_ONLY Message only has text/html MIME parts 3. MISSING_DATE Missing Date: header 4. "Your message is not signed by DKIM" 5. "There is no SPF record. Please add (number).easyname.com to your DNS zone file." Here is my PHP: <?php $name = $_POST['name']; $email = $_POST['email']; $message = $_POST['message']; $from = 'From: mywebsite.com'; $to = 'someone@something.net'; $subject = 'Subject-line'; $body = "From: $name\n E-Mail: $email\n Message:\n $message"; $headers .= "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html\r\n"; $headers .= 'From: '. $email. "\r\n" . $headers .= "Reply-To: ". $email. "\r\n"; $headers .= "X-Mailer: PHP/" . phpversion(); $message = nl2br($message); $status = mail($to, $subject, $message, $headers); if($status) { echo '<p>Your Message has been send!</p>'; } else { echo '<p>Something went wrong. Please try again.</p>'; } ?> Here is my HTML: <div class="contact-form"> <form id="contact-form" method="post" action="contact-form-handler.php"> <input name="name" type="text" class="form-control" placeholder="Your Name" required> <br> <input name="email" type="email" class="form-control" placeholder="Your Email"> <br> <textarea name="message" class="form-control" placeholder="Message" rows="40" required></textarea><br> <input type="submit" class="form-control" value="SEND MESSAGE"> </form> </div> I tried many things but nothing really worked. Also, I am a noob at PHP so I am kind of lost. Thanks for your help! Quote Link to comment Share on other sites More sharing options...
gizmola Posted April 6, 2019 Share Posted April 6, 2019 Classification as spam is under the control of the receiving mail server. There is nothing you can do to prevent that in your code, although of course the actual content of the mail might be spammy. Spam classification is not binary. Most spam classification systems utilize a scoring system. There are a lot of things that will be seen as "spammy" including No reverse DNS entry for the mailserver Spoofing the from address Not having an SPF entry for the domain Not implementing DKIM These are things that a Devops/Sysadmin would need to work on. If you are spoofing the from address, that is something you should not be doing. The other thing you have hit upon is the proper way to construct an email. By default, the body of an email is assumed to be text. To send an html version of the email, you should actually have a structure where there are multiple versions of the email using multipart/mime format. This is non-trivial, and a reason why people use libraries like phpmailer rather than trying to code it yourself. Having a non-standard body with html tags detected is not the proper RFC compliant way to handle this, and will often add to the spam score. Quote Link to comment Share on other sites More sharing options...
BrownJacket Posted April 6, 2019 Author Share Posted April 6, 2019 Thanks for your answer! Can you tell me what "spoofing" means and how I could change the $from address? Quote Link to comment Share on other sites More sharing options...
gizmola Posted April 6, 2019 Share Posted April 6, 2019 Spoofing means that you are setting the From address to look like it is coming from a user@domain that is not valid for your mail server. So if my domain is gizmola.test and I set up my from to be someuser@yahoo.com, this is "spoofing". I would need the mail to come from someuser@gizmola.test. You should open up your received email that is in the spam folder for your tests, and look at the actual email headers to see what is in there. If you want to provide the headers, we might be able to offer more advice. Quote Link to comment Share on other sites More sharing options...
BrownJacket Posted April 6, 2019 Author Share Posted April 6, 2019 Thanks for your explanation. I want to set up a form that is able to send e-mails from the user to an address that I don't own. What I provide is the opportunity for the user to send an e-mail to some address. So I want to post the message, the users name, his e-mail address and the subject line. I didn't know how to code the file so that the e-mail always gets send by the user. So I just inserted the $email in the header: $headers .= 'From: '. $email. "\r\n" . Quote Link to comment Share on other sites More sharing options...
gizmola Posted April 6, 2019 Share Posted April 6, 2019 You can send emails to whomever you want through your system. That is not the problem I discussed, however, in doing so you are creating a system that can be used by a spammer to send spam from your system. This is a great way to get your system on a blacklist. In summary, this is not something you should proceed with. With that said many people have systems that send email of various types (this forum is an example of that) for valid reasons. For example, some users may like to be sent an email notification when they have made a topic as you did, and others reply. The issue with spoofing, is that you can send an email on a user's behalf, but it needs to come from your system. You should not attempt to send emails from your system and try and make it look like they came from someone else. That is spoofing. Quote Link to comment Share on other sites More sharing options...
BrownJacket Posted April 6, 2019 Author Share Posted April 6, 2019 Now I understand that I need to send an e-mail on a user's behalf. How can I change my code to prevent spoofing? Quote Link to comment Share on other sites More sharing options...
gizmola Posted April 6, 2019 Share Posted April 6, 2019 You can start by removing these lines from your code: $headers .= 'From: '. $email. "\r\n" . $headers .= "Reply-To: ". $email. "\r\n"; This is not code related, but an easy improvement that simply requires that you control the DNS for your domain, is to add an SPF record. With that said, you also need to have a valid DNS MX record, and email needs to come from a server that is designated to be a mail exchanger (MX). The SPF record essentially ties the server IP address (ipv4 & ipv6 if possible) for your mail server. Also, I hope you looked at the information I provided about having your email in multipart/mime format. If that is too much for you to accomplish, then remove all the html tags from your email, and send the in pure text only format. Quote Link to comment Share on other sites More sharing options...
BrownJacket Posted April 6, 2019 Author Share Posted April 6, 2019 Thanks. I will try it out! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.