I use a simple PHPMailer form to allow the users of my website to contact me through a contact form. I use my google apps account to send the mail. In the script i set the emailaccount the user provides me as the “from address”.
Until a few weeks ago, this went well. From Google Apps i could click on reply to send a reply to the user contacting me.
However, recently, without changing anything in my code, when i click on reply, i send an email to myself. Is this something Google changed in its policy? Or did i maybe do something wrong incidentally?
This is the output i get. I use info@kynero.nl to send and use jaapklok@gmail.com as customer account. However, when i open the mail i receive in info@kynero.nl and click on reply, i send an email to info@kynero.nl instead of jaapklok@gmail.com
2019-02-06 20:34:31 SERVER -> CLIENT: 220 smtp.gmail.com ESMTP x38sm6269222edx.24 - gsmtp 2019-02-06 20:34:31 CLIENT -> SERVER: EHLO www.kynero.nl 2019-02-06 20:34:31 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [2a0b:7280:200:0:4d0:baff:fe00:d8e]250-SIZE 35882577250-8BITMIME250-STARTTLS250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8 2019-02-06 20:34:31 CLIENT -> SERVER: STARTTLS 2019-02-06 20:34:31 SERVER -> CLIENT: 220 2.0.0 Ready to start TLS 2019-02-06 20:34:31 CLIENT -> SERVER: EHLO www.kynero.nl 2019-02-06 20:34:31 SERVER -> CLIENT: 250-smtp.gmail.com at your service, [2a0b:7280:200:0:4d0:baff:fe00:d8e]250-SIZE 35882577250-8BITMIME250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH250-ENHANCEDSTATUSCODES250-PIPELINING250-CHUNKING250 SMTPUTF8 2019-02-06 20:34:31 CLIENT -> SERVER: AUTH LOGIN 2019-02-06 20:34:31 SERVER -> CLIENT: 334 VXNlcm5hbWU6 2019-02-06 20:34:31 CLIENT -> SERVER: <credentials hidden> 2019-02-06 20:34:31 SERVER -> CLIENT: 334 UGFzc3dvcmQ6 2019-02-06 20:34:31 CLIENT -> SERVER: <credentials hidden> 2019-02-06 20:34:31 SERVER -> CLIENT: 235 2.7.0 Accepted 2019-02-06 20:34:31 CLIENT -> SERVER: MAIL FROM:<jaapklok@gmail.com> 2019-02-06 20:34:31 SERVER -> CLIENT: 250 2.1.0 OK x38sm6269222edx.24 - gsmtp 2019-02-06 20:34:31 CLIENT -> SERVER: RCPT TO:<info@kynero.nl> 2019-02-06 20:34:31 SERVER -> CLIENT: 250 2.1.5 OK x38sm6269222edx.24 - gsmtp 2019-02-06 20:34:31 CLIENT -> SERVER: DATA 2019-02-06 20:34:31 SERVER -> CLIENT: 354 Go ahead x38sm6269222edx.24 - gsmtp 2019-02-06 20:34:31 CLIENT -> SERVER: Date: Wed, 6 Feb 2019 21:34:31 +0100 2019-02-06 20:34:31 CLIENT -> SERVER: To: info@kynero.nl 2019-02-06 20:34:31 CLIENT -> SERVER: From: Jaap Klok <jaapklok@gmail.com> 2019-02-06 20:34:31 CLIENT -> SERVER: Reply-To: Jaap Klok <jaapklok@gmail.com> 2019-02-06 20:34:31 CLIENT -> SERVER: Subject: Aanvraag via Inschrijfformulier op kynero.nl 2019-02-06 20:34:31 CLIENT -> SERVER: Message-ID: <0bYvsZOe3xY7iWVxMyFA2uxOvWVDPpl5CAX58DcXA@www.kynero.nl> 2019-02-06 20:34:31 CLIENT -> SERVER: X-Mailer: PHPMailer 6.0.5 (https://github.com/PHPMailer/PHPMailer) 2019-02-06 20:34:31 CLIENT -> SERVER: MIME-Version: 1.0 2019-02-06 20:34:31 CLIENT -> SERVER: Content-Type: text/html; charset=iso-8859-1 2019-02-06 20:34:31 CLIENT -> SERVER: 2019-02-06 20:34:31 CLIENT -> SERVER: Naam: Jaap Klok <br /> 2019-02-06 20:34:31 CLIENT -> SERVER: Inschrijving: Detectie vrijdag 10.00 <br /> 2019-02-06 20:34:31 CLIENT -> SERVER: Algemene voorwaarden: Akkoord <br /> 2019-02-06 20:34:31 CLIENT -> SERVER: Bericht: Test 3 - 21:36 2019-02-06 20:34:31 CLIENT -> SERVER: 2019-02-06 20:34:31 CLIENT -> SERVER: . 2019-02-06 20:34:32 SERVER -> CLIENT: 250 2.0.0 OK 1549485383 x38sm6269222edx.24 - gsmtp 2019-02-06 20:34:32 CLIENT -> SERVER: QUIT 2019-02-06 20:34:32 SERVER -> CLIENT: 221 2.0.0 closing connection x38sm6269222edx.24 - gsmtp
Advertisement
Answer
Google does not allow you to send from arbitrary addresses. You can only use your account address, or predefined aliases from your gmail settings. If you try to do this, it will simply substitute your account address for the from address, as you’re seeing.
Generally trying to do this is the wrong approach anyway â it’s forgery and will result in your messages being spam filtered or bounced due to SPF failures. The right way to do it is to use your own address as the from address, and the submitter’s address as a reply-to address. The contact form example provided with PHPMailer does exactly this. The important bit of that:
//Use a fixed address in your own domain as the from address //**DO NOT** use the submitter's address here as it will be forgery //and will cause your messages to fail SPF checks $mail->setFrom('from@example.com', 'First Last'); //Send the message to yourself, or whoever should receive contact for submissions $mail->addAddress('whoto@example.com', 'John Doe'); //Put the submitter's address in a reply-to header //This will fail if the address provided is invalid, //in which case we should ignore the whole request if ($mail->addReplyTo($_POST['email'], $_POST['name'])) { $mail->Subject = 'PHPMailer contact form'; //Keep it simple - don't use HTML $mail->isHTML(false); //Build a simple message body $mail->Body = <<<EOT Email: {$_POST['email']} Name: {$_POST['name']} Message: {$_POST['message']} EOT;