This article relates to sending email via the PHP mail() function - on our Shared Hosting servers.
It is important to follow the information in this article to avoid recipient email servers blocking delivery of the outbound email.
Note:
The principle of this article applies to sending email from any website, where the email's "From" address needs to be set correctly to avoid the email being blocked for delivery.
Note:
It is not necessary to use SMTP Authentication - which is typically offered by these plugins, rather you simply need to set the "From" address correctly (in the plugin settings). That being said, using an actual email mailbox for sending - where possible, can rule out a great deal of in-transit issues.
See "Localhost Sending" below for more information on this.
Important Note:
It may be the case that this method is not sufficient for your website and as such you will need to implement a bespoke solution in order to set the "From" address correctly for sending.
In General:
Two key items need to be addressed when sending email via a website.
- The email's "From" address must be set to an email address that the website could actually send from:
- It should not be set as: Gmail; Yahoo; Hotmail; Outlook, Eircom.net and so on.
- It ideally should be an address at the same domain the contact from is on: website@; contact@; sales@; info@ and so on.
- Note: You can however set the "reply-to" header to any email address.
- The mailing system being used should be instructed to send as that address:
- For the likes of PHP's mail() function, this means using the "-f" switch in the function.
- ASP.NET and other technologies have their own methods on how to specifically set the email's "From" address.
- Note: This is especially important when sending from a Windows server.
Where:
- In reference to item 1:
- The reason for this is that most recipient servers will check for a valid sending address i.e. the email's "From" address, to ensure that the email can be sent as that address (see below also, explanation on item 2).
- For most services like Google, Yahoo etc. and other email servers, should they see an email with [their] sending address originate from a server outside of their network - or the allowed sending list (SPF), the email will be either blocked outright or quarantined into spam.
- In reference to item 2:
- By default, when sending email via the programming languages' built-in email function, the email's "From" address will comprised of a reference to the user/webspace and the server e.g: 010101@websiteserver.com.
- As this is the case, you need to ensure that your website instructs the mailer function to send with a correct email address - one you can send from, as otherwise any emails sent using the email address that would be set by default will more than likely be bocked for delivery.
Below are some examples of how to correctly configure the systems to send email with a valid "From" address.
PHP Mail()
This is a simplified sample of how to send email via PHP's mail() function; it is not secured in any way, and is up to you to implement your email code in a manner which reflects best practice in relation to security and operability.
// Email Information
$email_to = "someone@sample.com";
$email_from = "website@yourwebsite.com";
$email_headers = "MIME-Version: 1.0\r\n";
$email_headers.= "From: FROM NAME <website@yourwebsite.com>" . "\r\n";
$email_headers.= "Content-Type: text/html; charset=UTF-8" . "\r\n";
$email_headers.= "Reply-To: website@yourwebsite.com" . "\r\n";
$email_subject = "Checking Delivery";
$email_body = "Checking Delivery Of Message From Website";// Send Email
$mailerResult = @mail($email_to, "$email_subject", $email_body, $email_headers, '-f ' . $email_from);// Check For Errors
if($mailerResult) {echo "Mail Sent!";
} else {echo "Error Sending Email!" . "<br><br>";
print_r(error_get_last());
}
Important Note:
You need to also set the "From" address in the "additional_headers" also - in the sample above "$email_headers", as this is required for the "-f" switch to function correctly; the "From:" header and "-f" address must be the same.
You may also need to use base64_encode() on your input values:
For more information on the "-f" switch, please see the following:
- Article: http://php.net/manual/en/function.mail.php
- Refer To: "additional_parameters".
You can also carry out a Google/Search for: "PHP mail -f switch"; ensure you place the quotes around the whole term - in the search box, as otherwise the search will not function correctly.
See also the section "Localhost Sending" below for more information.
Wordpress
By default, all emails sent by the Wordpress website will be sent via PHP's built-in mail() function, however Wordpress does not specifically set the "From" address and is subject to the same issue as mentioned above.
The simplest method to set the "From" address correctly in a Wordpress website is to install an SMTP Plugin and use that to set the "From" address for all emails that are sent by the Wordpress website; you will need to determine (and test) which SMTP plugin suits your website requirements.
Note:
It is not necessary to use SMTP Authentication - which is typically offered by these plugins, rather you simply need to set the "From" address correctly (in the plugin settings). That being said, using an actual email mailbox for sending - where possible, can rule out a great deal of in-transit issues.
See "Localhost Sending" below for more information on this.
Important Note:
It may be the case that this method is not sufficient for your website and as such you will need to implement a bespoke solution in order to set the "From" address correctly for sending.
Joomla
Joomla allows you to specifically set the "From" address via the installation's Dashboard - you can typically find these settings at the following location:
- Log into your Joomla Dashboard.
- In the top menu, hover over Site and then click Global Configuration.
- Click the Server tab.
- Under Mail Settings, configure the following settings and then click Save:
- Set this to Yes, if you are going to also set the Username/Password items below.
- Set this to No, if you simply want to indicate the "From" address.
- Mailer: Set this to SMTP.
- SMTP Authentication:
- (Optional) SMTP Security: If your SMTP server uses SSL, select this option from SMTP Security
- (Optional) SMTP Port: Enter the port for your SMTP server - typically 25.
- (Optional) SMTP Username: Enter the username of the email address, which generally is your full email address
- (Optional) SMTP Password: This will usually be your email address' password.
- (Optional) SMTP Host: Enter your Outgoing Mail Server (SMTP) hostname here.
Note:
It is not necessary to use SMTP Authentication, rather you simply need to set the "From" address correctly. That being said, using an actual email mailbox for sending - where possible, can rule out a great deal of in-transit issues.
See "Localhost Sending" below for more information on this.
Localhost Sending
If you are hosting on our Shared Hosting servers, you will not be able to make an SMTP connection to an external mail server - other than that of mail.blacknight.com (our Shared Hosting servers).
Considering this, and if you are hosting your email elsewhere - or do not need to authenticate against a Mailbox, you can use local host sending as per the following:
- SMTP Server/Host: localhost
- SMTP Encryption: None
- SMTP Port: 25
- SMTP Authentication: No | None
- SMTP Username: <leave blank>
- SMTP Password: <leave blank>
When sending from our newer Shared Hosting servers or Wordpress Hosting servers you may need to set the hostname to the server the website is hosted on.
You can get the hostname (Server Name) via the following screen:
Services > My Services > (The Hosting Subscription) > Hosting Information
You also need to ensure the SPF record for your domain lists the webserver and associated delivery systems as a valid sender; in the case of our web servers on Shared Hosting the following needs to be included in your SPF:
include:spf.blacknight.ie
Taking Microsoft 365 as an example of where your email is hosted, the record might resemble:
v=spf1 include:spf.protection.outlook.com include:spf.blacknight.ie -all
Please find below an example as to why localhost sending is a more ideal configuration for sending email via a website, for instance when your email domain is using Microsoft 365:
- Security Defaults have to be disabled on the Microsoft 365 Tenant:
- It is not advised to disable Security Defaults [where possible].
- Alternatively you would have to create a policy via PowerShell to allow Basic Authentication.
- If you do create a policy to allow this, then the you can skip the "Security Defaults" items below.
- After disabling Security Defaults, Basic Authentication then has to be allowed on the Tenant:
- This is done via Settings in the Tenant, under "Org Settings" and then "Modern authentication".
- This though can only be enabled once Security Defaults is disabled.
- Then, again assuming Security Defaults was disabled and Modern authentication enabled, SMTP submission then has to be allowed for the user/email account in question:
- This is set on the user via the Tenant.
Once all that is done or a policy defined - which is not something we would implement for you, and Two Factor Authentication is not enabled on the user (see below), you should then be able to send via SMTP via that user.
Other factors for considering localhost sending would be:
- Password changes on the user:
- If you do not use Two Factor Authentication on the user, you would use the main password for the user. If this password is changed you then need to remember to change it in the website.
- If Two Factor Authentication is enabled for the user:
- In this scenario, and for Microsoft 365 and G Suite, you would have to generate an App Password to use for SMTP submission on the user.
- This is then subject to the same situation if the password is changed on that App Password entry.
- If your website becomes compromised and is sending spam:
- If the website should become compromised and ends up sending spam - which can happen, then it could end up blocking outgoing email for that user on the Tenant/email system.
- Also, depending on the severity of the spamming, it can also end up blocking outgoing email for all users on the Tenant/email system, not just email from that user or domain.
- This risk alone can be the determining factor in using localhost sending instead.
Further Queries
If you have any queries on this, please contact our Support team - see the following for our contact details:
- https://www.blacknight.com/contact-us.html
Comments
0 comments
Article is closed for comments.