How to Pass Spam Filters with PHP mail()

20Mar2008

Ok, so you've set up a nice mail form on your remotely hosted PHP site, but every time you send an email to someone through it, it seems to get derailed by spam filters??? There's a simple reason for this. If your website is hosted on a shared server, you're likely using a mail server with a different domain than your own, and when you try to alias that as a message from your domain, many new email clients will register you as a spammer!

This tutorial shows you how to fix the problem and send a mail that is branded with your domain, but gets by spam filters.

Why Your Message Is Seen as Spam

Spam filters check the actual routing of the message to see what domain it originated from, and match that up against the email address in the "From" header to see if they match. If you're on a shared-server hosting environment, the originating domain will not be yours, and the message will therefore fail.

Here's a typical use of the PHP mail() function to send an email:

<? 
    mail
("recipient@recipient-domain.com""Test Message""This is my message to you."
        
"From: Some One <someone@mydomain.com>");
?>

Here's what the headers look like :

Return-path: <mydomain@host104php5sql5.myhost.com>
Envelope-to: recipient@recipient-domain.com
Delivery-date: Mon, 24 Jul 2006 12:06:10 -0500
Received: from mydomain by host104php5sql5.myhost.com with local (Exim 4.52)
id 1G53sf-0008HX-TP
for recipient@recipient-domain.com; Mon, 24 Jul 2006 12:06:09 -0500
To: recipient@recipient-domain.com
Subject: Test Message
From: Some One <someone@mydomain.com>
Message-Id: <E1G53sf-0008HX-TP@host104php5sql5.myhost.com>
Date: Mon, 24 Jul 2006 12:06:09 -0500

Notice that the originating domain (in the "Received" header) is myhost.com. That is my web host. Using the PHP mail() function will use my default mail account with the host (in this case, "mydomain" at "myhost.com" to send the message. Because the originating domain ("myhost.com") and the "From" header domain ("mydomain.com") do not match, spam filters will raise a flag and derail the message.

Well, don't bang your head against the wall just yet. There's a work-around for it.

How to Correct the Problem

There are a few possible solutions to the problem. Most of them involve changing server settings or PHP's mail() settings so that your domain can be reflected in the "Received" header. These are not a possibility in a shared hosting environment, so I'm not going to bother with those.

The simple solution to get past spam filters, though it's not the prettiest alternative. Basically, you want to change the "From:" header to "mydomain@myhost.com" (the actual account sending the email), but add a "Reply-To:" header for "someone@mydomain.com". The PHP code will look like this:

<? 
    $header 
.= "Reply-To: Some One <someone@mydomain.com>\r\n";
    
$header .= "Return-Path: Some One <someone@mydomain.com>\r\n";
    
$header .= "From: Some One <mydomain@myhost.com>\r\n";
    
$header .= "Organization: My Organization\r\n";
    
$header .= "Content-Type: text/plain\r\n";

    
mail("recipient@recipient-domain.com""Test Message""This is my message."$header);
?>

And the full headers will look like this:

Return-path: <mydomain@host104php5sql5.myhost.com>
Envelope-to: recipient@recipient-domain.com
Delivery-date: Mon, 24 Jul 2006 12:25:23 -0500
Received: from mydomain by host104php5sql5.myhost.com with local (Exim 4.52)
id 1G54BH-0000uE-1h
for recipient@recipient-domain.com; Mon, 24 Jul 2006 12:25:23 -0500
To: recipient@recipient-domain.com
Subject: Test Message
Reply-To: Some One <someone@mydomain.com>
From: Some One <mydomain@myhost.com>
Organization: My Organization
Content-Type: text/plain
Message-Id: <E1G54BH-0000uE-1h@host104php5sql5.myhost.com>
Date: Mon, 24 Jul 2006 12:25:23 -0500

Now, the only problem is that when I receive the message, I see the "From" field:

From: Some One <mydomain@myhost.com>

However, when I reply to the email, it replies to "Some One <someone@mydomain.com>" - which is good.

There is another option, which is a little prettier, which is to set your "From:" field to "someone@mydomain.myhost.com". This will make your message a little less confusing to the people you're sending it to. The from field will then look like this:

From: Some One <someone@mydomain.myhost.com>

This is what I'm doing to bypass spam filters.

Good luck, and don't spam people!