0

I want to use PHPMailer configure the contact page for my website. The prroblem I am facing is that for the script to work, the from address has to be set in the local server e.g. if my domain is example.com, the from address has to be name@example.com. When I set it this way, the script works perfectly. the issue I'm having is that being a contact page, the from address has to be the senders email address this there for means that if a customer contacts me with the email address like name@email.com, the script will throw an error similar to the one below:

SMTP ERROR: DATA END command failed:
550-Your FROM address ( name@email.com , Dev Customer 550-)
must match your authenticated email user ( name@example.com ).

Does anyone have any idea on a way to work around this? Or are there any alternatives? I will appreciate any form of assistance offered. Thank you in advance.

Biko
  • 332
  • 3
  • 15
  • 1
    That's dependent on the email server configuration. Talk to the people administering that or find another one. – Sami Kuhmonen Feb 12 '17 at 07:56
  • 1
    You can use the `reply-to` header and set the `from` to a local email like (in your example) `noreply@example.com`. – Tigger Feb 12 '17 at 08:03
  • @Tigger when I use the `reply-to` in the headers, it still replies to the `from` address – Biko Feb 12 '17 at 08:38
  • 1
    The correct syntax should be `Reply-To: your@email.com` or `Reply-to: you@email.com`. I may have thrown you with the lower case `r`. See: [What is the behavior difference between return-path, reply-to and from?](http://stackoverflow.com/questions/1235534/what-is-the-behavior-difference-between-return-path-reply-to-and-from) for more info. – Tigger Feb 12 '17 at 08:44
  • I think the easiest way would be just to use an outside SMTP server. I use https://www.smtp2go.com/ - it's free up to 1000 mails per month. Works perfectly. – pronngo Feb 12 '17 at 08:46

1 Answers1

0

As per Tigger's suggestion, you should never send using the submitter's address as a From address. It's forgery, and will make your messages fail SPF checks, causing you no end of delivery problems either with messages bouncing or consigned to spam folders. It's been actively advocated against for at least a decade anyway, and it's also one of the practices that would cause you to be vulnerable to the security hole in PHPMailer fixed back in December.

Since you've tagged this with PHPMailer, I'll show how to use that to do what you ask:

$mail->setFrom('me@example.com', 'Contact form');
$mail->addReplyTo($_POST['email'], $_POST['name']);

This is exactly what the example contact form script provided with PHPMailer does. It's also worth checking submitted values - addReplyTo will validate the address automatically, so you should check the return value to be sure.

There may be some email clients that do not handle reply-to addresses correctly, but you should not expose yourself to being blacklisted because of the ineptitude of a small number of clients.

Synchro
  • 35,538
  • 15
  • 81
  • 104