tags:

views:

250

answers:

6

i tried googling but sadly i get only documentations (or am i using bad keywords) anyway
i can see that alot of programmers (even those im working with right now) does not seem to approve to using the php native mail function and resorts to using some other framework like sendmail? swift mailer etc...

i'd like to know why? are there really disadvantages to using the native mail function? if so how does the mailing frameworkds solve that or how are they better??

A: 

I'm not a PHP wiz, but I thought php's native mail function just used an external sendmail/smtp/whatever system anyway?

phoebus
i just read about that too, that in case your server does not have sendmail installed then your native mail function fails along with it
lock
+5  A: 

There's nothing wrong with it for sending simple plain text emails.

However, once you get into multipart mime emails (say, you want an HTML version or to add an attachment) then you have to build the email yourself, and it can be quite tricky to get all the headers and encoding correct. In this case you're better off using a library.

Greg
I think that complexity is insignificant in comparison to the larger problem of Email header injection that mail() makes easy.
Tchalvak
+1  A: 

The PHP manual for function mail mentions that there are some restrictions with the mail function and one of these are that the function opens and closes an SMTP socket for each email. The mail function works good when you just want to send a mail or two.

Per Östlund
A: 

This can also be for performance.

(can't find any references about the subject though...)

Natrium
+1  A: 

Using PHP's mail() function requires a properly configured sendmail or equivalent on the host the program is running. However, the Windows implementation is a bit different. If you don't have your MTA configured properly, you won't be able to successfully send emails from your PHP scripts. Like another commenter said on this thread, PHP manual explicitly states that each call to the mail() function opens and closes a socket. This can cause unnecessary delay in script execution.

Additionally, your development and testing environment may not have a public static IP address. Your IP address might be blacklisted by DNSBL, Gmail, Yahoo! and other popular email service providers.

Your best bet in this situation is to use a properly configured external SMTP server. Chances are your employer has already provided an email account with SMTP access. If you don't have one you can use a Gmail account. Gmail provides SMTP access to all email accounts.

You can write scripts to open a socket connection to the external SMTP server. When there are tried and tested open source libraries for this purpose, why write your own?

Incidentally, I wrote a blog post on the very same subject yesterday. http://tinyurl.com/y9p9d7w

Best regards,

Sudheer
A: 

As far as I'm concerned, all of these problems pale in comparison to the major security problem: Mail header injection: ( http://en.wikipedia.org/wiki/E-mail_injection , and php specific info: http://www.damonkohler.com/2008/12/email-injection.html )

Whereby a spammer bot spiders your site and, finding a vulnerability in your script that is easy to still have when using the very insecure mail() function, IS ABLE TO SEND EMAIL FROM YOUR SERVER TO AN ARBITRARY LIST OF CONTACTS, essentially turning your script & server into a cog in their spam email machine.

I recommend never using mail() with user input, and in general, just making use of PEAR::mail instead. http://pear.php.net/package/Mail/

Tchalvak