php mail function: legitimate mails marked as spam by gmail and hotmail

Question

My website sends emails to users using the PHP mail function. Hotmail and Gmail users don't receive them, or they end up in SPAM-folder. Here is the header of a message marked as SPAM by Gmail.

What to do?

Delivered-To: [email protected]
Received: by 10.216.213.222 with SMTP id a72cs207473wep;
        Sat, 2 Oct 2010 04:26:47 -0700 (PDT)
Received: by 10.216.3.19 with SMTP id 19mr3099233weg.108.1286018806068;
        Sat, 02 Oct 2010 04:26:46 -0700 (PDT)
Return-Path: <[email protected]>
Received: from drt01.dco.fusa.be (drt01.dco.fusa.be [193.110.251.55])
        by mx.google.com with ESMTP id m29si2837219weq.203.2010.10.02.04.26.45;
        Sat, 02 Oct 2010 04:26:46 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of [email protected] designates 193.110.251.55 as permitted sender) client-ip=193.110.251.55;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of [email protected] designates 193.110.251.55 as permitted sender) [email protected]
Received: from admin by drt01.dco.fusa.be with local (Exim 4.69)
    (envelope-from <[email protected]>)
    id 1P20En-000303-Lo
    for [email protected]; Sat, 02 Oct 2010 13:26:45 +0200
To: [email protected]
Subject: Koopte: zoekertje activeren
X-PHP-Script: www.koopte.be/confirmation.php for 213.118.179.121
From: Koopte <[email protected]> 
Reply-To:<[email protected]> 
Content-Type: text/html; charset=iso-8859-1
Message-Id: <[email protected]>
Sender:  <[email protected]>
Date: Sat, 02 Oct 2010 13:26:45 +0200

Answer 1

Your envelope adress doesnt match the from adress. This is the main reason why mails are regarded as spam.

The background is: The envelope adress (in your case [email protected]) isn't really visible to the user. Its just used by mailservers to return error mails. Historically because they are more relevant to the admin than to the user. However today its de-facto standard to set the envelope address to the same as the user address. Spammers don't really do that because they either don't have the possibility to or they don't want to recieve all the backbouncing error mails when sending spam. Or they don't want the exploited users with the trojan worm be aware of their evil-doing.

In php/sendmail this function is called the f parameter. You can read all about that in the function documentation: http://php.net/manual/en/function.mail.php

Classes like phpmailer or libmail do this their selves and its probably the best idea to use one of theese because they have been tested, are well designed and react to changes in their developement!

The next thing you could do is to set the reverse-dns to the same domain that the sender adress is. If you do this you are really, really trustworthy because the mail can be matched to a server and thus to a provbider/admin and could be easily blacklisted by spam networks. So if you would spam with a correctly set up reverse dns you wouldnt do it long. There is a built-in directive in arpa rulse that the set up of such an entry takes a while so it cant be made somehow danymically and exploited.

This is however rather advanced and there can only be one reverse dns entry per ip adress. So you can't do it on a shared hosting environment. You also have to contact your provider to set them up but you can google for all that stuff.

Sum up:

• correct your envelope adress, that should be fine
• if you can, set a reverse dns entry

PS: there are not really rules how and when to regard a mail as spam and the teqniques above have only proven to work in praxis but there is absolutely no guarantee. Every mail provider can do what he wants... (yahoo was one of theese candidates to do their very own thing and to annoy everybody with it in the past)

good luck