Jump to content

help with contact-form spam test


BrownJacket

Recommended Posts

Hello there! I made a contact-form with PHP but the e-mails go directly into the spam folder. Then I ran a test on http://www.mail-tester.com and I got some errors. As you can tell, I am new to PHP and I don't know what to do. I appreciate any help!

Errors:

1. HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

2. MIME_HTML_ONLY Message only has text/html MIME parts

3. MISSING_DATE Missing Date: header

4. "Your message is not signed by DKIM"

5. "There is no SPF record. Please add (number).easyname.com to your DNS zone file."

 

Here is my PHP:

<?php 
$name = $_POST['name'];
$email = $_POST['email'];
$message = $_POST['message'];
$from = 'From: mywebsite.com'; 
$to = 'someone@something.net'; 
$subject = 'Subject-line';
$body = "From: $name\n E-Mail: $email\n Message:\n $message";

$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html\r\n";
$headers .= 'From: '. $email. "\r\n" .
$headers .= "Reply-To: ". $email. "\r\n";
$headers .= "X-Mailer: PHP/" . phpversion();

$message = nl2br($message);

$status = mail($to, $subject, $message, $headers);

if($status)
    { 
        echo '<p>Your Message has been send!</p>';
    } else { 
        echo '<p>Something went wrong. Please try again.</p>'; 
    }
?>

Here is my HTML:

<div class="contact-form">

        <form id="contact-form" method="post" action="contact-form-handler.php">
            <input name="name" type="text" class="form-control" placeholder="Your Name" required>
            <br>
            <input name="email" type="email" class="form-control" placeholder="Your Email">
            <br>

            <textarea name="message" class="form-control" placeholder="Message" rows="40" required></textarea><br>

            <input type="submit" class="form-control" value="SEND MESSAGE">

        </form>
    </div>

 

I tried many things but nothing really worked. Also, I am a noob at PHP so I am kind of lost. Thanks for your help!

Link to comment
Share on other sites

Classification as spam is under the control of the receiving mail server.  There is nothing you can do to prevent that in your code, although of course the actual content of the mail might be spammy.

Spam classification is not binary.  Most spam classification systems utilize a scoring system.

There are a lot of things that will be seen as "spammy" including

  • No reverse DNS entry for the mailserver
  • Spoofing the from address
  • Not having an SPF entry for the domain
  • Not implementing DKIM

These are things that a Devops/Sysadmin would need to work on.  If you are spoofing the from address, that is something you should not be doing.

The other thing you have hit upon is the proper way to construct an email.  By default, the body of an email is assumed to be text.  To send an html version of the email, you should actually have a structure where there are multiple versions of the email using multipart/mime format.  This is non-trivial, and a reason why people use libraries like phpmailer rather than trying to code it yourself.  

Having a non-standard body with html tags detected is not the proper RFC compliant way to handle this, and will often add to the spam score.

Link to comment
Share on other sites

Spoofing means that you are setting the From address to look like it is coming from a user@domain that is not valid for your mail server.  

So if my domain is gizmola.test  and I set up my from to be someuser@yahoo.com, this is "spoofing".  I would need the mail to come from someuser@gizmola.test.

You should open up your received email that is in the spam folder for your tests, and look at the actual email headers to see what is in there.  If you want to provide the headers, we might be able to offer more advice.

Link to comment
Share on other sites

Thanks for your explanation. I want to set up a form that is able to send e-mails from the  user to an address that I don't own. What I provide is the opportunity for the user to send an e-mail to some address. So I want to post the message, the users name, his e-mail address and the subject line. I didn't know how to code the file so that the e-mail always gets send by the user. So I just inserted the

$email

in the header:

$headers .= 'From: '. $email. "\r\n" .

 

Link to comment
Share on other sites

You can send emails to whomever you want through your system.  That is not the problem I discussed, however, in doing so you are creating a system that can be used by a spammer to send spam from your system.  This is a great way to get your system on a blacklist.  

In summary, this is not something you should proceed with.

With that said many people have systems that send email of various types (this forum is an example of that) for valid reasons.  For example, some users may like to be sent an email notification when they have made a topic as you did, and others reply.

The issue with spoofing, is that you can send an email on a user's behalf, but it needs to come from your system.  You should not attempt to send emails from your system and try and make it look like they came from someone else.  That is spoofing.

 

Link to comment
Share on other sites

You can start by removing these lines from your code:

$headers .= 'From: '. $email. "\r\n" .
$headers .= "Reply-To: ". $email. "\r\n";

This is not code related, but an easy improvement that simply requires that you control the DNS for your domain, is to add an SPF record.  With that said, you also need to have a valid DNS MX record, and email needs to come from a server that is designated to be a mail exchanger (MX).

The SPF record essentially ties the server IP address (ipv4 & ipv6 if possible) for your mail server.

Also, I hope you looked at the information I provided about having your email in multipart/mime format.  

If that is too much for you to accomplish, then remove all the html tags from your email, and send the in pure text only format.

 

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.