Set FROM different from the email you are actually sending. Is it safe?

Asked

Viewed 47 times

2

When sending email via php (phpmailer), I can configure all the parameters of the email, however I see that I can do something like this:

<?php

  // Excerto do código
  $mail = new PHPMailer;
  $mail->IsMail();
  $mail->IsHTML(true);
  $mail->isSMTP();
  $mail->SMTPAuth = true;

  $mail->Host = 'mail.meudominio.pt';
  $mail->Username = '[email protected]';
  $mail->Password = 'abc123';

  $mail->setFrom('[email protected]', 'pomba gira');
  $mail->addReplyTo('[email protected]', 'yahoo guy');

?>

With this, I can send an authenticated email to anyone, posing as a third person.

Question: - There’s a chance my server will force FROM to match the email that authenticates?

php server emailing

  • Return-path of the received email has the real sender

  • Is the real email or can be manipulated, too?

  • Nop, this is the real one and I don’t think I can change it (I’m not sure)

1 answer

1

As you may have noticed, yes, it is possible to send normally.

However, it is currently bad practice because email servers are blocking as a basic security issue.

Try, for example, sending an email from Hotmail/live because their servers are pretty strict about it. The trend is for other email services to follow this as a basic standard.

Therefore, set the "FROM" header exactly the same as the email you used to send the message.

Note that this is also valid for unauthenticated emails. In this case, there are other basic standards such as a valid domain, for example.

Browser other questions tagged php server emailing

You are not signed in. Login or sign up in order to post.