PHPMailer not sending emails with GoDaddy

Question

I am setting up a mailer on GoDaddy, my code looks as follows:

$mail = new PHPMailer(true);
$mail->IsSMTP();
$mail->SMTPDebug = 3;
$mail->SMTPAuth = false;
$mail->Port = 25;
$mail->Host = "localhost";
$mail->Username = 'username';
$mail->Password =  'password';

$mail->isSendmail();

$mail->From = $email;
$mail->FromName = "Website";

$mail->AddAddress("jn@website.com");

$mail->Subject = "Inquiry - " . $name;
$mail->WordWrap = 80;

$mail->MsgHTML($message);
$mail->IsHTML(true);return $mail->send();

and the output I get is the following:

Sending with sendmail:

Sendmail path: /usr/sbin/sendmail -t -i
Sendmail command: /usr/sbin/sendmail -t -i -oi -ft@t.com -t
Envelope sender: t@t.com
Headers: Date: Wed, 21 Apr 2021 22:43:52 +0000To: jn@website.comFrom: Website <t@t.com>Subject: Inquiry - testMessage-ID: <Km4AQw3yoiFLxzzxLhULZdgQjrgPSBSTT66rxurg4@website.com>X-Mailer: PHPMailer 6.3.0 (https://github.com/PHPMailer/PHPMailer)MIME-Version: 1.0Content-Type: multipart/alternative; boundary="b1_Km4AQw3yoiFLxzzxLhULZdgQjrgPSBSTT66rxurg4"Content-Transfer-Encoding: 8bit
Result: true

The issue is that I am not receiving these emails.

Thank you in advance for any responses.

Answer 1

PHP emails can easily spoof the From header and are often rejected. The likelihood here is that your receivers mail server is rejecting it as potentially unsafe.

Note that just because the email left your server, does not mean that the recipients mail server is happy to receive it. Often a mail server will respond with Status: OK even though it has no intentions of passing it along to the recipients mailbox.

There are a couple things you could try:

1. Ensure your From is a valid email address.
2. DKIM can significantly help with validating that the email has come from a valid location
3. SPF can help validate that the email has come from the location it says it did.
4. Modify the X-Mailer header, some MX servers treat PHPMailer as untrustworthy. See here: https://phpmailer.github.io/PHPMailer/classes/PHPMailer.PHPMailer.PHPMailer.html#property_XMailer

DKIM

DKIM requires you to have a TXT DNS record on the domain you are sending from using a public/private key you generate yourself:

Note that the DNS record should be using the public key

v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4lox7LckG2/QtT/IY677O2JTgzh3z/FKKqGSVjAk6Gh+7Tyu8jjFUmPdLj/G5u9cFGkQvqa[..]QJZOGgxBeFv2V/Evk9GZtF+3yiHm5tZvi0Z4xhT17dt8ZxcFZ3QIDAQAB

The TXT DNS record should have a name of: whoeveryouare._domainkey.mydomain.com You can then sign your emails using PHPMailer like so:

// must match the domain in the "From"
$this->DKIM_domain = "mydomain.com"

// private key path
$this->DKIM_private = "/path/to/dkim/private.key";

// dns selector (this matches with TXT record with hostname: whoeveryouare._domainkey.mydomain.com)
$this->DKIM_selector = 'whoeveryouare';

// private key passphrase (has none)
$this->DKIM_passphrase = '';

//Suppress listing signed header fields in signature, defaults to true for debugging purpose
$this->DKIM_copyHeaderFields = true; // SHOULD BE FALSE IN PRODUCTION

// who is signing this email
$this->DKIM_identity = $this->From;

Using DKIM can suppress emails saying that they were "sent on behalf of" and improve your chances of the recipients mail server accepting your email.

SPF

SPF stands for Sender Policy Framework.

Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email

SPF helps ensure that the Sender (the From address), actually came from where it says it did. An SPF record looks like the below

v=spf1 +ip4:192.168.3.4 -all

Where 192.168.3.4 is the IP address of the server sending the email.

---

I personally extend PHPMailer and do all of this on the fly:

/**
 * Class Mailer
 *
 * A wrapper class for the PHPMailer package
 */
class Mailer extends \PHPMailer\PHPMailer\PHPMailer
{
    /**
     * PHPMailer constructor.
     *
     * Automatically configure SMTP credentials and adjust X-Mailer header
     *
     * @param null $exceptions
     */
    public function __construct($exceptions = null)
    {
        parent::__construct($exceptions);

        $this->XMailer = "My Super Cool Platform";
    }

    /**
     * Automatically signs emails with a DKIM signature if enabled
     *
     * @return bool
     * @throws \PHPMailer\PHPMailer\Exception
     */
    public function send()
    {
        // must match the domain in the "From"
        $this->DKIM_domain = "mydomain.com"

        // private key path
        $this->DKIM_private = "/path/to/dkim/private.key";

        // dns selector (this matches with TXT record with hostname: whoeveryouare._domainkey.mydomain.com)
        $this->DKIM_selector = 'whoeveryouare';

        // private key passphrase (has none)
        $this->DKIM_passphrase = '';

        //Suppress listing signed header fields in signature, defaults to true for debugging purpose
        $this->DKIM_copyHeaderFields = true; // SHOULD BE FALSE IN PRODUCTION

        // who is signing this email
        $this->DKIM_identity = $this->From;
        

        return parent::send();
    }
}

Email is and always will be a tedious thing to deal with, you can counter a lot of the issues you would face by using an SMTP server to send your emails with DKIM/SPF as a significant bonus.

Answer 2

@zanderwar's answer is mostly true, but unfortunately not that relevant. You can spoof email sources equally well using any language, but that's why we have SPF and DKIM.

The primary problem here is using GoDaddy. They block outbound SMTP and require that you send only via their own secureserver.net server, with no encryption or authentication. This is enough to prevent useful sending in almost all circumstances other than from GoDaddy-owned domains. You can add them to your SPF record via an include mechanism, but it's unlikely to make much difference to receivers.

You have some other issues.

You're calling isSMTP(), but then isSendmail() – the latter is called last, so will be what's actually used, and means that all your SMTP settings will be ignored. Pick one sending mechanism.

Next it's very unlikely you actually want to use isSendmail() anyway; that is intended for those that have custom installations of their own mail server software requiring special handling that's not supported by mail() (e.g. qmail) or SMTP to localhost (a rare set of circumstances). You're on GoDaddy, which means you can't do that anyway. Either use the default isMail(), or preferably SMTP to localhost (the fastest and safest approach, and also provides the best feedback).

You have a hard time telling what's going on because you have no error handling. You're not checking any return values, have no exception handling (which you need to enable in PHPMailer too), are not showing error messages, and have no debug output enabled (though that's only really useful for SMTP sending). I recommend you base your code on the examples provided with PHPMailer which show how to do these things.

Yes, you should also sign with DKIM, but again, GoDaddy is going to be unhelpful here.

Finally, search before you post; there are many questions and answers on here relating to using PHPMailer with GoDaddy, most of which are about exactly the same problems which are inherent to using GoDaddy. If at all possible, I suggest moving to a host that doesn't make such a mess of email.