0

I'm confused about how mail works in PHP and CakePHP.

1.) What is the difference between sending an email either using the PHP mail function / CakePHP email helper or SMPTP as shown here: http://book.cakephp.org/1.3/en/view/1290/Sending-A-Message-Using-SMTP as the outcome looks the same?

2.) To specify who the email is coming from, you pass in the email in the header, but you can put whatever you want, so what is stopping you from just putting in anything? like yourbank.com? mail('you@gmail.com', "Subject", "Message", "From: <dave@yourbank.com>"); I just tried it and it worked fine and I couldn't find out anyway in Gmail to see if it didn't come from dave at yourbank.com...

Hopefully I can get some light on these two questions. Thanks.

Cameron
  • 27,963
  • 100
  • 281
  • 483

2 Answers2

0

1). CakePHP has a bunch of helpers & functionality implemented to make life easier when developing applications. As you've discovered, Cake has mail functionality. I suggest reading this whole page http://book.cakephp.org/2.0/en/core-utility-libraries/email.html (It's 2.0 not 1.3, so please not there have been some big alterations between the two versions). The article covers in depth on why you may configure something in a particular manner.

CakePHP is using the default mail function with PHP. It's just allow you to incorporate views into the content and configure the outgoing mail in a much easier manner.

2) As for putting in potentially any email address within the From Header.... this can potentially fall under the category of Email Spoofing, essentially sending an email when it's not authorized from the source (From Header). Again this links back to configuring specific mail servers.

By default mail clients and generally setup to prevent spam and junk, this is done by taking a large amount of steps. Some may be..

  1. Keyword checking, (Checking the contents of an email for any keywords classified as spam).

  2. Header checking, <--- This is the one that answers your question.

    Essentially... headers are examined and checked to see if the server that the mail was sent from has the authority to use the given from address.

As I don't have enough technical knowledge, i'll throw a few pages your way which discuss setting up records against your DNS/Domain so emails are validated correctly and not put within spam folders.

http://www.ipswitch.com/support/imail/guide/imailgsv8.1/Appendix%20A%20dns4.html

http://help.postageapp.com/kb/application-features/dkim-and-spf-setup-and-validation

How to properly set up DNS SPF records?

I hope my jumbled ramblings make some sort of sense.

Community
  • 1
  • 1
Tom
  • 591
  • 4
  • 20
0

Question 1: PHP mail function uses your own server's built in email functionality to send email. If you use SMTP, you're connecting to another server (eg. Google's mail servers) and using that server to send the email.

CakePHP's email component can use either PHP mail, or SMTP, depending on how you configure it.

The outcome is basically the same in many respects. Which way is best for you will depend on your set up, the volume of email you're sending, whether your own server has any restrictions with regards to sending mail, etc. If you Google "PHP mail versus SMTP" or similar, then you'll get some info to help you decide which is best for you.

If you're not sending much email, eg. if you're just wanting to send the results of an enquiry form that gets submitted a few times each day, then just use PHP mail and don't worry about it.

Question 2: Although email programs put various measures in place to make sure mail is legitimate, basically nothing stops fake emails completely. You can send Fake email. Check out this site: http://deadfake.com/Send.aspx and in particular, their FAQ section: http://deadfake.com/FAQ.aspx

Spam filters do their best to catch fake emails, but ultimately it's up to the end user to keep their wits about them, especially with banking emails!

joshua.paling
  • 13,762
  • 4
  • 45
  • 60