How to spoof email from address with PHPMailer?

Question

I'm not interested in doing anything malicious, this is purely for pedagogical reasons.

I read this thread: http://lifehacker.com/how-spammers-spoof-your-email-address-and-how-to-prote-1579478914

In the comments you can see a guy spoofing as mz@fb.com. I'd like to know how he did it.

I've gotten PHPMailer working with my Gmail account but it ignores the from address I give it and uses my gmail account.

Is there a trick to that? Do I need an smtp server? I have hostgator...

Here's my code:

function SendMail( $ToEmail, $FromEmail, $FromName, $Subject, $MessageTEXT, $isHTML, $MessageHTML ) {
        require_once("libphp-phpmailer/class.phpmailer.php");// Add the path as appropriate
        $Mail = new PHPMailer();
        $Mail->IsSMTP(); // Use SMTP
        $Mail->Host        = "smtp.gmail.com"; // Sets SMTP server
        $Mail->SMTPDebug   = 2; // 2 to enable SMTP debug information
        $Mail->SMTPAuth    = TRUE; // enable SMTP authentication
        $Mail->SMTPSecure  = "tls"; //Secure conection
        $Mail->Port        = 587; // set the SMTP port
        $Mail->Username    = 'EMAIL@gmail.com'; // SMTP account username
        $Mail->Password    = 'PASSWORD'; // SMTP account password
        $Mail->Priority    = 1; // Highest priority - Email priority (1 = High, 3 = Normal, 5 = low)
        $Mail->CharSet     = 'UTF-8';
        $Mail->Encoding    = '8bit';
        $Mail->Subject     = $Subject;
        $Mail->ContentType = 'text/html; charset=utf-8\r\n';
        $Mail->From        = $FromEmail; 
        $Mail->FromName    = $FromName;
        $Mail->WordWrap    = 900; // RFC 2822 Compliant for Max 998 characters per line

        $Mail->AddAddress( $ToEmail ); // To:
        $Mail->isHTML( $isHTML );
        if ( $isHTML ){
            $Mail->Body    = $MessageHTML;
            $Mail->AltBody = $MessageTEXT; 
        }
        else{
            $Mail->Body    = $MessageTEXT;
            $Mail->AltBody = $MessageHTML;  
        }
        $Mail->Send();
        $Mail->SmtpClose();

        if ( $Mail->IsError() ) { // ADDED - This error checking was missing
            return FALSE;
        }
        else {
            return TRUE;
        }
    }

this will never work with gmail, you need a mail server that is configured not to care — , Aug 02 '15 at 03:07
we send large volumes of email on behalf of clients so they (the email) are marked as from them - its nothing particularly hard. but no surprise the likes of gmail wont yet you — , Aug 02 '15 at 03:10
Yup, I got hostgator working just this second. Works like a charm :) — veta, Aug 02 '15 at 03:10
some remote servers will reject your mail from another account unless you add a spf record to the domain. — , Aug 02 '15 at 03:12
that makes sense, I read a bit about it in some search results. it looked like it would take too long to set up for the purely pedagogical benefit though. thanks for the direction Dagon. — veta, Aug 02 '15 at 03:15

How to spoof email from address with PHPMailer?

0 Answers0