2

We run a classified ad website.

The contact form (php) sends the message directly to the author of the ad by email. We were thinking to follow this Best practice for web-generated emailers.

To: recipient@domain1.com
From: writer-of-the-message@domain2.com
Sender: noreply@classified-website.com
Reply-To: writer-of-the-message@domain2.com

Deliverability is not perfect (Some, like yahoo, are very aggressive with their DMARC policy). Exemple if message author (FROM:) is @yahoo and recipient (TO:) is @gmail:

<xxxxxx@gmail.com>: host gmail-smtp-in.l.google.com[xx.xxx.xxx.xx] said:
550-5.7.1 Unauthenticated email from yahoo.com is not accepted due to domain's
550-5.7.1 DMARC policy. Please contact administrator of yahoo.com domain if
550-5.7.1 this was a legitimate mail. Please visit
550-5.7.1 https://support.google.com/mail/answer/2451690 to learn about DMARC
550-5.7.1 initiative. jq5si20832837wjc.74 - gsmtp (in reply to end of DATA command)

Exemple if message author (FROM:) is @yahoo and recipient (TO:) is @hotmail:

Diagnostic-Code: smtp; 550 5.7.0 (COL004-MC4F54) Unfortunately, messages
from (xx.xx.xx.xx) on behalf of (yahoo.com) could not be delivered due to
domain owner policy restrictions.

What is the solution?

Requirement: in their email client, the recipient should be able to flag writer-of-the-message@domain2.com as spam if needed and not noreply@classified-website.com.

We have seen some websites using this debatable solution:

To: recipient@domain1.com
From: "writer-of-the-message@domain2.com" <noreply@classified-website.com>
Reply-To: writer-of-the-message@domain2.com

Update: simplified php code as requested:

mail(
    $to,
    'Email title',
    'Email body',
    "From: \"" . $from . "\" <" . $from . ">\n" .
    "Sender: noreply@classified-website.com\n" .
    "Reply-To: \"" . $from  . "\" <" . $from . ">\n" .
    "Return-Path: " . $from,
    '-f noreply@classified-website.com'
);
Toto
  • 2,329
  • 22
  • 40
  • Can you show your PHP codes? Please note that not all mail servers treat "on behalf to" correctly; some simply dropped it, while some reversed "From" and "Sender" – Raptor Jan 11 '16 at 02:10
  • 2
    What are you using for the [*envelope* sender](http://stackoverflow.com/a/4367471/721269)? I presume you are showing us the message headers, right? – David Schwartz Jan 11 '16 at 02:11
  • 1
    @DavidSchwartz Yes. :) The envelope (if I get it right) is "our" service email address: noreply@classified-website.com – Toto Jan 11 '16 at 02:21
  • @Raptor Are you diplomatically telling me that the solution at the bottom is the way to go? ;) – Toto Jan 11 '16 at 02:30
  • I won't use the mail function for such purpose. Some PHP libraries like Swiftmailer natively supports "On behalf to" function, and guarantee you not to miss any required header. Last, my previous comment means, do not rely on this feature; not all people can read this (good to have, though). – Raptor Jan 11 '16 at 02:51
  • @Raptor It seems more like a [DMARC policy](https://dmarc.org) issue actually. – Toto Jan 11 '16 at 02:54
  • Are you using localhost or a live server? – Ryan Tobin Jan 11 '16 at 04:51
  • @RyanTobin Live server correctly spf-ed, not blacklisted, etc. – Toto Jan 11 '16 at 04:59
  • 2
    The link is badly out of date. You need to read up on DMARC, and understand what its goals are. But in short, unless a sending domain has explicitly authorized email to be sent by you on its behalf, you cannot use their domain in your From address. Yahoo already prevents this with a p=reject DMARC policy, and Google and Microsoft are making that change in 2016. – Peter Goldstein Jan 11 '16 at 21:20

0 Answers0