What do I need for a compliant email header

Question

I am trying to send an email from a site I am building, but it ends up in the yahoo spam folder. It is the email that sends credentials. What can I do to legitimize it?

$header = "From: site <[email protected]>\r\n";
$header .= "To: $name <$email>\r\n";
$header .= "Subject: $subject\r\n";
$header .= "Reply-To: site <[email protected]>" . "\r\n";
$header .= "MIME-VERSION: 1.0\r\n";
$header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$phpversion = phpversion();
$header .= "X-Mailer: PHP v$phpversion\r\n";
mail($email,$subject,$body,$header);

Answer 1

• Don't use HTML in your email.
• Send it via a legitimate mail server with a static IP and reverse-DNS (PTR) that points to the machine's real host name (and matches a forward lookup).
• Include a Message-ID (or ensure that the local mailer adds one for you).
• Run your email through SpamAssassin and see which bad-scoring rules it matches. Avoid matching them.
• Use DomainKeys Identified Mail to digitally sign your messages.

Answer 2

In addition to Ted Percival's suggestions, make sure that the IP address the email is coming from is a legitimate source for email according to the SPF record of site.com. If site.com doesn't have an SPF record, adding one (which allows the IP address in question, of course) may help get the emails past spam filters.

And if absolutely do need to use HTML in your email, make sure that you also include a plain text version as well; you'd use the content type of "multipart/alternative" instead of "text/html".

Answer 3

I just successfully tried the following from my Yahoo! Web Hosting account:

$email = "[email protected]";
$subject = "Simple test";
$body = "Simple test";
$header = "From: site \r\n";
$header .= "To: $name \r\n";
$header .= "Subject: $subject\r\n";
$header .= "Reply-To: site " . "\r\n";
$header .= "MIME-VERSION: 1.0\r\n";
$header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$phpversion = phpversion();
$header .= "X-Mailer: PHP v$phpversion\r\n";
mail($email,$subject,$body,$header);

However, you have some duplication in your header you should only need to do the following:

$email = "[email protected]";
$subject = "Simple test";
$body = "Simple test";
$header = "From: site \r\n";
$header .= "MIME-VERSION: 1.0\r\n";
$header .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$phpversion = phpversion();
$header .= "X-Mailer: PHP v$phpversion\r\n";
mail($email,$subject,$body,$header);

Answer 4

Ted's suggestions are good, as are Tim's, but the only way I've ever been able to reliably get email through to Yahoo/Hotmail/etc is to use the PEAR email classes. Try those & (assuming your server is OK) I can pretty much guarantee it'll work.

Answer 5

Check rfc 822 and rfc 2045 for email format. I find python's Email class really easy to work with. I assume php's PEAR does the same (according to earlier mails). Also the header and the body are separated by a "\r\n\r\n", not sure if your code automatically inserts that, but you can try appending that to the header.

I dont think that DK/SPF might be necessary (since there are lots of webservers out there without DK/SPF support). There can be alot of factors that might be causing it to get blocked(atleast 10K different criterions and methods.. p0f,greylisting,greylisting, blacklisting etc etc). Make sure that your email is properly formatted(this makes a BIG difference). Look into libraries that generate the complete header for you.. that way you have least chances of making any mistake.

Answer 6

In addition to Ted Percival's suggestions, you could try using PHPMailer to create the emails for you rather than manually building the headers. I've used this class extensively and not had any trouble with email being rejected as spam by Yahoo, or anyone else.

Answer 7

Ted and Tim have excellent suggestions. As does Shabbyrobe. We use PHPMailer and don't have any problems with spam filters.

One thing to note is that many spam filters will count NOT having a text version against you if you are using a MIME format. You could add all of the headers and the text version yourself, or just let PHPMailer or the PEAR mail library take care of that for you. Having a text version may or may not help, but it is good practice and user friendly.

I realize that your code sample is just that - a sample, but it is worth saying: Do not ever just drop user provided data into your mail headers. Make sure you validate that it is data you expect. It is trivial to turn a php mail script into an open relay, and nobody wants that.

Answer 8

Adding a SPF record is very easy. You should try.

This one is for dreamhost plus googlemail You should also ad you webserver ip address (in my case, the line before googlemail) The last line tells the server to do a soft reject (mark as spam but don't delete) I'm using it instead of "-" (delete) because google documentation says so :-)

It's a TXT record v=spf1 ip4:64.111.100.0/24 ip4:66.33.201.0/24 ip4:66.33.216.0/24 ip4:208.97.132.0/24 ip4:208.97.187.0/24 ip4:208.113.200.0/24 ip4:208.113.244.0/24 ip4:208.97.132.74 ip4:67.205.36.71 include:aspmx.googlemail.com mx ~all

Hope it helps

Answer 9

There is also the possibility that 'sendmail' (which is underneath the PHP mail() function) needs extra parameters. If you have a problem with return headers (such as Return-Path) not being set with what you set them to be, you may need to use the fifth mail() parameter. Example:

mail('[email protected]', 'Subject', $mail_body, $headers, " -f [email protected]");

There is some further evidence that true vanilla sendmail may have problem with this! Hopefully you have 'postfix' as PHP's underlying mail() support on your target server.