8
votes

I am using PHPMailer to send automated e-mails from my website and while testing, I noticed that all e-mails sent by php mailer are generating the following warning on the recipients end:

This message may not have been sent by: [email protected] Learn more Report phishing

I was wondering if there is a way to avoid this?

PHP Mailer code:

//mail functions
require("mailer/class.phpmailer.php");
require("mailer/class.smtp.php");
require("mailer/class.pop3.php");

$mail = new PHPMailer();
$mail->IsSMTP();  
$mail->Host = "relay-hosting.secureserver.net";
$mail->Port = 25;  
$mail->IsHTML(true);
$mail->Username = "[email protected]";  // SMTP username
$mail->Password = "pass"; // SMTP password

$mail->From = "[email protected]";
$mail->FromName = "FOO";
$mail->AddAddress("[email protected]", "WIDB");
$mail->AddReplyTo("[email protected]");
//$mail->AddAddress("[email protected]");                  // name is optional

$mail->WordWrap = 50;                                 // set word wrap to 50 characters
//$mail->AddAttachment("/var/tmp/file.tar.gz");         // add attachments
//$mail->AddAttachment("/tmp/image.jpg", "new.jpg");    // optional name
$mail->IsHTML(true);                                  // set email format to HTML

$mail->Subject = 'Foo - Transaction Receipt';
$mail->Body    = $message;
$mail->AltBody = "nothing";

//send mail
$mail->Send();

I am using GMail and I have SMTP enabled...

2
That's not coming from your PHP server, it's coming from the email recipient's email host because the IP address of your server doesn't match any of google's (a.k.a. your SMTP server).Matt
Thanks for the reply! I am not sure I understand the problem:/ Is there a way to avoid this?AnchovyLegend
Make sure the server you're sending the mail from is the same as the supposed "from" address. Don't use a "from" address from google.com. If you have a server with a URL set up, use that URL. Your email host is trying to prevent phishing attacks which sometimes use address spoofing.Matt
So basically, If I changed the FROM address to a hotmail address, the phishing warning would go away? and I can still provide a reply-to e-mail address that is a g-mail address, correct?AnchovyLegend
Well, no. That will give you the same problem - the address that the email is ACTUALLY coming from is not hosted on any of gmail or hotmail's servers. You'll still get the anti-spoofing message. It's safe to ignore it until you get a proper email host set up, though.Matt

2 Answers

10
votes

You can either set up google apps for your site and get a [email protected] gmail account (more info here it's free), or You will need to set up an e-mail address on your current server that is [email protected] and use that as the $mail->from address.

Your E-Mail recipients are receiving the message because you are telling google to send an e-mail from your server, and then you are telling them that the mail is coming from gmail, which it isn't, it's coming from your personal server. Since the from address and your server address don't match, they flag it as spam. This is googles way of preventing spam, to them it would be the same if you put $mail->from([email protected]). The e-mail would still send, but your domain name does not match the @ address.

-1
votes

Apart from following the above guidelines, here something I noticed that might help someone.

When I sent an email with body "Please check the attached work order" and a pdf attachment, gmail showed it with a spam warning(inside inbox)

When I sent an email with body "Your work order has been attached" and the same pdf attachment, gmail didn't show any warning.

I'm using java api for sending emails