PHP Mailer possibly unreliable

[ajetrumpet]

does anyone have any update on this? I am using it pretty heavily, and someone who has a gmail account just told me that their message was sent to spam. I have a gmail account myself and last night I ran a test and it was not sent there for me. I guess google could be doing some algorithmic nonsense to analyze behavior patterns, but I would guess not in this case.

Does anyone know the status of some of the major email clients and their acceptance of PHP mailer receipts? I know the DNS is also associated, but the test that I ran myself came to the inbox without the need for a DNS change. gmail simply popped up a warning of information.

thank you guys.  I'm just fishing for info here as to see what I can do to stop this.

[requinix]

Using PHPMailer doesn't mean your emails will get through. It means you won't have many of the problems that manually-crafted emails do and that spam filters know to recognize.

Set up SPF and DKIM if you haven't already. Have your emails follow standard industry practices regarding things like unsubscribe links. Use proper spelling and grammar.

2 hours ago, ajetrumpet said:

gmail simply popped up a warning of information.

What warning?

[ajetrumpet]

sender policy framework and Domain Keys Identified Mail?  so DKIM is a digital signature?  I will read about these 2 things.  apparently SPF is just a record in the DNS for the server being used?  GoDaddy tells me that an MX record in the DNS will fix this issue.  but they don't know anything about anything.  they are horrible.  I've never trusted them.  attached is the warning I saw during the test run:

 

[requinix]

The email claims to be from a @gmail.com account. Are you actually doing that? Because I don't think you're actually doing that.

And lol to the recruiter spam label.

[Strider64]

I find sending NON-HTML emails have a better chance of getting through spam filters than HTML emails. Sure they don't look as flashy, but it's the content that matters. 😉

[ajetrumpet]

1 hour ago, requinix said:

The email claims to be from a @gmail.com account. Are you actually doing that? Because I don't think you're actually doing that.

And lol to the recruiter spam label.

LOL.  thank you Mr. Administrator!  I send automated emails back to them with one-liners.  they play the numbers game so much, I get many a day.  I'm sure it ticks them off greatly.  and yes, I am actually changing the email headers in the PHP script.  Here is the code that is being used with the class libraries taken from github:

//Set who the message is to be sent from
$mail->setFrom("the.trumpet.player.ajetrumpet@gmail.com", "Adam LastName");
//Set an alternative reply-to address
$mail->addReplyTo("the.trumpet.player.ajetrumpet@gmail.com", "Adam LastName");
//Set who the message is to be sent to
$mail->addAddress("the.trumpet.player.ajetrumpet@gmail.com", "Adam LastName");

 

Edited August 15, 2020 by ajetrumpet

[ajetrumpet]

47 minutes ago, Strider64 said:

I find sending NON-HTML emails have a better chance of getting through spam filters than HTML emails. Sure they don't look as flashy, but it's the content that matters. 😉

can you clarify this?  I worked with someone else for 3 days to get these class libraries to work.  GoDaddy's servers kept throwing security errors.  something to do with their protocol.  eventually he instructed me to write the email message inside the script using vars as well as place it inside another var with actual HTML markup in it.  here are the 2 pieces of relevant code that I'm talking about:

$email_body = "This is test message from the GoDaddy email server to ensure that GMail is not throwing it to SPAM.";

$temp_HTML = 
"<!DOCTYPE html>
<html>
    <head>
        <title>TITLE OF THE EMAIL MESSAGE</title>
    </head>
<body>
  <p>This is test message from the GoDaddy email server to ensure that GMail is not throwing it to SPAM.</p>
</body>
</html>";

$mail->msgHTML($temp_HTML); 
//Replace the plain text body with one created manually
$mail->AltBody = "This is test message from the GoDaddy email server to ensure that GMail is not throwing it to SPAM.";

//send the message, check for errors
if (!$mail->send()) {
    echo "Mailer Error: ". $mail->ErrorInfo;
} else {
    echo "<script>alert('Email Has Been Sent');
    	 window.location.href='';</script>";

actually, now that I've inserted that code, I realize that the actual PHP var at the top is not being used.  it was at one point, but it was throwing the error.  Does any of this stuff really even matter?

Edited August 15, 2020 by ajetrumpet

[requinix]

35 minutes ago, ajetrumpet said:

 

//Set who the message is to be sent from
$mail->setFrom("the.trumpet.player.ajetrumpet@gmail.com", "Adam LastName");

 

Don't do that. I mean, WTF? No. Just, no.

[requinix]

29 minutes ago, ajetrumpet said:

actually, now that I've inserted that code, I realize that the actual PHP var at the top is not being used.  it was at one point, but it was throwing the error.  Does any of this stuff really even matter?

You haven't posted what your original code was... or maybe, what the new code is? Not sure. Either way, I don't know what you changed.

But using variables or moving them around is not going to change anything. Gmail doesn't care about your PHP code. It only cares about the email it received.

[requinix]

1 minute ago, requinix said:

Don't do that. I mean, WTF? No. Just, no.

Emails should always be From: your server. Always. If you want people to Reply-To something else then that's what you do.

[ajetrumpet]

19 minutes ago, requinix said:

Emails should always be From: your server. Always. If you want people to Reply-To something else then that's what you do.

OK, so all email messages that are sent from GoDaddy shared servers are sent from a servercname called "secureserver.net".  Is that what you're telling me that I should put in that statement argument?  I would assume if I did that, it would act just like an email coming from a client owned by GoDaddy, as if I actually pushed a "send" button.  like with their "webmail" accounts.  correct?  I'm not sure if the secure server name has any other junk attached it when sending email.  would that be the case do you think?  I don't think there's anyway to find that one out.  I may have actually put a server name in there at one point.  it was so long ago that I worked this out with the other professional, I don't even remember.  do you want to see the entire script?

18 minutes ago, requinix said:

Gmail doesn't care about your PHP code. It only cares about the email it received.

I am WELL aware of this.  server side code is irrelevant most of the time when it sends information to an external source.  it depends on the situation of course.

[requinix]

2 minutes ago, ajetrumpet said:

OK, so all email messages that are sent from GoDaddy shared servers are sent from a servercname called "secureserver.net".  Is that what you're telling me that I should put in that statement argument?  I would assume if I did that, it would act just like an email coming from a client owned by GoDaddy, as if I actually pushed a "send" button.  like with their "webmail" accounts.  correct?  I'm not sure if the secure server name has any other junk attached it when sending email.  would that be the case do you think?  I don't think there's anyway to find that one out.  I may have actually put a server name in there at one point.  it was so long ago that I worked this out with the other professional, I don't even remember.  do you want to see the entire script?

Okay, I'll back up a bit.

Emails should always be From: someone that you can (properly) claim is you. Obviously you're not @gmail.com so don't have your emails claim to be. That's almost definitely going to be the reason Gmail thinks your emails are spam: because you're not just lying about who you are, you're pretending to be them.

Their secureserver.net thing, admittedly not the greatest. If the emails have to be From: someone you can claim to be, that would be whatever your domain is. So the sender email should be something (such as no-reply) @your domain.
But Gmail is going to look at the email and say "hey wait a minute, the email says it's from @your domain but it's actually from secureserver.net" and consider marking it as spam. The solution to that is SPF and DKIM: you don't try to trick Gmail, you tell it that secureserver.net is okay to be sending emails for your domain.

[ajetrumpet]

point taken, mr. administrator.  I value your advice, always.  I will take it and make good use of everything you said.  but according to GoDaddy, the DKIM concept is only sold by specific email providers.  they do not offer that concept as an integratable feature with their products.  so I will run some tests using SPF first and see how that goes.  I will let you know here if that seems to fix the issue or not.  thanks again.

Edited August 15, 2020 by ajetrumpet

[requinix]

"Sold"? I don't know what snake oil GoDaddy is trying to sell you, but DKIM is completely free, and as long as you control DNS for your domain (which you have to for SPF) and the emailing code (which you do) then you can set it all up yourself. It's also industry-standard.

So if you want to do SPF only, have a single email go through, and then think you've solved the problem, then be my guest. It's not my emails going through the spam filters.

[ajetrumpet]

understood.  trust me, requinix, most godaddy agents don't know $hit.  a lot of them are very young kids, just given the buttons to click and given a title that makes them sound intelleagible.  but then again, all hosting companies do that.  they hire the same way, and give those people only certain sets of knowledge.  but isn't that most corporate structures?  😃

I will do the work myself, and if I have to, I will call godaddy ''x'' times to get the right guy on the phone who has been there for years.  there are many and they've been around the block.  thanks again.  enjoy your weekend.  like I said, I will report here my results.

[gizmola]

Spam identification and refusal is based on scoring of criteria.   The higher your spam score, the more likely a particular hosting company receiving your email might decide to classify it as spam, or even refuse it outright.  Since you have no access to godaddy's mail servers, you will not even know if your mail is refused because you are not sending it directly.  GoDaddy is sending the mail for you. 

Here's things that will cause your spammy score to increase, depending on the policies and software of the destination mail service you are using:

• mail came from a server without a valid reverse DNS listing
• No SPF entry for sending mail server
• Spoofing of from address
• Lack of DKIM configuration
• Lack of DMARC entries
• Content of subject line
• Content of message contains spammy things

 

So the basic things you want take care of are the "non-content" settings.   If you want to send email from a gmail account, then there is a way to do that, which is to use IMAP to transfer the mail to your gmail account, and let gmail send it on your behalf.  You can not send email by using phpmailer to make an smtp connection to godaddy's servers and have them send an email that says it has come from user@gmail.com.  That is the definition of spoofing and will be seen as spammy. 

Let's assume that you aren't going to do that, and instead you will have your own domain for the purposes of sending these emails.

You want to hit all the things above:

• valid SPF entry created as a DNS txt entry
• valid DKIM (requires both support from godaddy AND a DKIM DNS txt entry for your domain
• valid DMARC (requires working SPF & DKIM), also a DNS txt entry

GoDaddy should also have a valid reverse DNS entry in place for all their mail servers.

So in conclusion, you need support from GoDaddy for DKIM (and DMARC is built upon that) but you could reverse engineer what you need for SPF without goDaddy doing anything special.  DKIM is complicated, but supported by many large ISP's.  Google for example makes it easy for you to setup DKIM using their online tools to generate the keys and corresponding DNS entries you need, which can be done by anyone with GSuite service.  If you can't get GoDaddy to work, a Google GSuite account might be an alternative worth looking at, and then you'd configure your mta to utilize the gmail infrastructure rather than godaddy's mail servers.   

[ajetrumpet]

1 hour ago, gizmola said:

Spam identification and refusal is based on scoring of criteria.   The higher your spam score, the more likely a particular hosting company receiving your email might decide to classify it as spam, or even refuse it outright.  Since you have no access to godaddy's mail servers, you will not even know if your mail is refused because you are not sending it directly.  GoDaddy is sending the mail for you. 

Here's things that will cause your spammy score to increase, depending on the policies and software of the destination mail service you are using:

• mail came from a server without a valid reverse DNS listing
• No SPF entry for sending mail server
• Spoofing of from address
• Lack of DKIM configuration
• Lack of DMARC entries
• Content of subject line
• Content of message contains spammy things

thank you very much for all of this information, giz.  I will take it and learn greatly from it.

[ajetrumpet]

On 8/14/2020 at 11:24 PM, requinix said:

So if you want to do SPF only, have a single email go through, and then think you've solved the problem, then be my guest. It's not my emails going through the spam filters.

req,

I have inserted all of the records into the DNS that I need to, aside from the DKIM.  that fixed most of the issues when the PHP code sends the mail to gmail email servers.  however, there is still a little ""question mark"" on the upper left corner when the message is opened in gmail.  but the user doesn't get a message about suspicion unless he/she hovers the mouse over the question mark.  so that is OK with me.

what bugs the heck out of me though, is that for instance, I have 5 different gmail accounts and I ran a test.....sent mail using PHP with a valid ""from"" address and domain in the ""from"" line of the email headers, and some of my gmail accounts popped up the same warning message when opening the email in gmail.  some did not.  do you have an answer to that phenomenon?  would that possibly be because gmail's servers are checking to see whether or not the receiving email account has ever gotten a message from the address in the ""from"" line of the email header, sent by PHP??  when I saw those warnings in a few of my gmail accounts, that was the warning message.  something like:  ""be careful.  you have never received a message from adam@domain.com"" before.

thanks guys.

[requinix]

27 minutes ago, ajetrumpet said:

what bugs the heck out of me though, is that for instance, I have 5 different gmail accounts and I ran a test.....sent mail using PHP with a valid ""from"" address and domain in the ""from"" line of the email headers, and some of my gmail accounts popped up the same warning message when opening the email in gmail.  some did not.  do you have an answer to that phenomenon?

Yeah. It's called "some people think these emails are spam and some people don't". There is no absolute truth about what constitutes spam. It can vary by account.

[ajetrumpet]

56 minutes ago, requinix said:

Yeah. It's called "some people think these emails are spam and some people don't". There is no absolute truth about what constitutes spam. It can vary by account.

I understand req, but all 5 accounts were mine.  and all of them had user information (account name) as "Adam" + [Last Name].  the ones I'm talking about that showed the message, more than likely, had never gotten a message from the email address I put in the PHP header.  is that why, I suppose?  that's gmail's default suggestion to typical users?

[requinix]

51 minutes ago, ajetrumpet said:

I understand req, but all 5 accounts were mine.  and all of them had user information (account name) as "Adam" + [Last Name].  the ones I'm talking about that showed the message, more than likely, had never gotten a message from the email address I put in the PHP header.  is that why, I suppose?  that's gmail's default suggestion to typical users?

Unless you think you can get an official answer from the Gmail team about why some emails were spam and some weren't, you're going to have to settle for my answer of "it varies by account".

[ajetrumpet]

2 hours ago, requinix said:

Unless you think you can get an official answer from the Gmail team about why some emails were spam and some weren't, you're going to have to settle for my answer of "it varies by account".

well I guess I could ask them, but obviously google has no phone numbers, so I would have to post a question on the gmail forum.  and unfortunately, those folks don't know much.  and I think the reason is because they don't work for google technically.  I think one of the responders there once told me that they are volunteers.  just a little less important than microsoft's independent advisors?  (sorry, everyone has value).  but I've had unknowledgeable experiences with the MS ""advisors"" too.  =(