Results 1 to 4 of 4

Thread: smtp email authentication

  1. #1
    Join Date
    Oct 2007

    smtp email authentication

    Hi I'm currently going through all of my sites and changing any contact form that uses php mail() over to smtp. I've had some server troubles recently and need to make it more secure. I've been looking at quite a few scripts to use, all of them seem very similar however there is a difference between them and as a result I can't tell which would be the most secure method.

    Basically it concerns who should be sending the email or rather the $from variable.

    Should I script it so that the email is sent from the person who is completing the form or should it be the server registered email address that I authenticate and just have their email address in the message body?

    Or am I over thinking it?

    I just want the most secure method.

    Any thoughts?


  2. #2
    Join Date
    Aug 2004
    Usually the mail server requires that the "From:" header be a valid email account on that server. However, you can set a "Reply-To:" header with whatever email address you want, so that is where I usually set the (sanitized) user-supplied value, if that is the functionality I want for that use case.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

  3. #3
    Join Date
    Jan 2007
    Also note, while many SMTP servers will send mail from any address, some spam engines may put some weight on it, performing one of two checks:

    Reverse DNS lookup on sending IP: must yield the domain on the email address.
    SPF records check: sending IP must be permitted to send from the domain on the email address according to domain's SPF/TXT record.

    Not all engines perform these checks, of course. But, your deliverability may suffer, and your IP could be blacklisted if you routinely send on behalf of other domains.
    Jon Wire

    thepointless.com | rounded corner generator

    I agree with Apple. Flash is just terrible.

    Use CODE tags!

  4. #4
    Join Date
    Oct 2007
    oh great answers thanks. I think I'll definitely steer clear of sending on behalf of other domains.
    Thanks very much

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center