Contact form won't send messages if user specified a gmail or yahoo return address

Question

I have a contact form set up on a website. I bought a template and the contact form came with it. The strange thing is that if the visitor writes down a gmail address or a yahoo address as his reply to address, the email won't go through. User will see a 'success' message, but the email won't go through.

Here's the form:

    <?php

// Clean up the input values
foreach($_POST as $key => $value) {
    if(ini_get('magic_quotes_gpc'))
        $_POST[$key] = stripslashes($_POST[$key]);

    $_POST[$key] = htmlspecialchars(strip_tags($_POST[$key]));
}

// Assign the input values to variables for easy reference
$name = $_POST["name"];
$email = $_POST["email"];
$message = $_POST["message"];

// Test input values for errors
$errors = array();
if(strlen($name) < 2) {
    if(!$name) {
        $errors[] = "You must enter a name.";
    } else {
        $errors[] = "Name must be at least 2 characters.";
    }
}
if(!$email) {
    $errors[] = "You must enter an email.";
} else if(!validEmail($email)) {
    $errors[] = "You must enter a valid email.";
}
if(strlen($message) < 3) {
    if(!$message) {
        $errors[] = "You must enter a message.";
    } else {
        $errors[] = "Message must be at least 3 characters.";
    }
}

if($errors) {
    // Output errors and die with a failure message
    $errortext = "";
    foreach($errors as $error) {
        $errortext .= "<li>".$error."</li>";
    }
    die("<span class='failure'><h3>Sorry, The following errors occured:</h3><ol>". $errortext ."</ol><a href='contact.html' class='more'>Refresh Form</a></span>");
}


// --------------------------------------//
// Send the email // INSERT YOUR EMAIL HERE
$to = "my_email@gmail.com";
// --------------------------------------//


$subject = "Selfy Contact Form: $name";
$message = "$message";
$headers = "From: $email";

mail($to, $subject, $message, $headers);

// Die with a success message
die("<span class='success'><h3>success</h3>  :) </span>");

// A function that checks to see if
// an email is valid
function validEmail($email)
{
   $isValid = true;
   $atIndex = strrpos($email, "@");
   if (is_bool($atIndex) && !$atIndex)
   {
      $isValid = false;
   }
   else
   {
      $domain = substr($email, $atIndex+1);
      $local = substr($email, 0, $atIndex);
      $localLen = strlen($local);
      $domainLen = strlen($domain);
      if ($localLen < 1 || $localLen > 64)
      {
         // local part length exceeded
         $isValid = false;
      }
      else if ($domainLen < 1 || $domainLen > 255)
      {
         // domain part length exceeded
         $isValid = false;
      }
      else if ($local[0] == '.' || $local[$localLen-1] == '.')
      {
         // local part starts or ends with '.'
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $local))
      {
         // local part has two consecutive dots
         $isValid = false;
      }
      else if (!preg_match('/^[A-Za-z0-9\\-\\.]+$/', $domain))
      {
         // character not valid in domain part
         $isValid = false;
      }
      else if (preg_match('/\\.\\./', $domain))
      {
         // domain part has two consecutive dots
         $isValid = false;
      }
      else if(!preg_match('/^(\\\\.|[A-Za-z0-9!#%&`_=\\/$\'*+?^{}|~.-])+$/',
                 str_replace("\\\\","",$local)))
      {
         // character not valid in local part unless 
         // local part is quoted
         if (!preg_match('/^"(\\\\"|[^"])+"$/',
             str_replace("\\\\","",$local)))
         {
            $isValid = false;
         }
      }
      if ($isValid && !(checkdnsrr($domain,"MX") || checkdnsrr($domain,"A")))
      {
         // domain not found in DNS
         $isValid = false;
      }
   }
   return $isValid;
}

?>

I tried commenting out those validation fields altogether but no go. Can't understand it.

Can anyone help please?

Please have a look at mail header injection. In this case, you should at least check if `$_POST["email"]` contains a valid email address, otherwise the spammers will be happy with your form. And why do you use `strip_tags` and `htmlspecialchars` on all input variables? — Marcel Korpel, Dec 07 '13 at 19:56
@MarcelKorpel this is just the php form I got with the template... I wanted to do as little edits as possible. — Optimesh, Dec 07 '13 at 20:11
Then that template is insecure. Don't use it out of the box! — Marcel Korpel, Dec 07 '13 at 20:47

Maciej Sz · Answer 1 · 2013-12-07T20:25:18.443

1

The PHP mail function is suitable only for simple case messaging. Without going into much detail, the messages generated by this function are (more often then not) filterd out by anti-spam software. They can be deleted without even landing in spam box, because the messages send this way can be generated without outgoing server authentication wnatsoever.

You should instead send your emails using an existing SMTP account. You need a PHP clinet for this, you can find one here: PHPMailer.

edited Dec 07 '13 at 20:25

answered Dec 07 '13 at 20:03

Maciej Sz

9,025
6
37
51

Doesn't PHPMailer use the `mail` function internally, too? – Marcel Korpel Dec 07 '13 at 20:06
It can be configured to use SMPT. [See example](http://stackoverflow.com/a/14456761/1697320). – Maciej Sz Dec 07 '13 at 20:07
I think it had to do with email spoofing. I tried what's suggested here: http://stackoverflow.com/questions/19007032/reply-to-address-in-php-contact-form and magically it appears to work now! thanks to all those who answered/commented :) – Optimesh Dec 07 '13 at 20:28

score 0 · Answer 2 · answered Dec 07 '13 at 19:59

Your email are probably going to the spam folder. I would advice you to add more information to your headers.

Check example #4 here: http://php.net/manual/en/function.mail.php

Maybe you should also add an additional_header with what email you are sending from. That's on the same page under "Parameters".

Hope that will get you on the right way.

score 0 · Answer 3 · answered Feb 18 '17 at 01:51

use PHPMailer and set up SMTP relay instead of mail(); function PHPMailer Connects to google smtp relay server. I Do believe gmail is still smtp.gmail.com.

require_once('../class.phpmailer.php');
//include("class.smtp.php"); // optional, gets called from within class.phpmailer.php if not already loaded
$mail             = new PHPMailer();
$body             = file_get_contents('contents.html');
$body             = eregi_replace("[\]",'',$body);
$mail->IsSMTP(); // telling the class to use SMTP
$mail->Host       = "mail.yourdomain.com"; // SMTP server
$mail->SMTPDebug  = 2;                     // enables SMTP debug information (for testing)
// 1 = errors and messages
// 2 = messages only
$mail->SMTPAuth   = true;                  // enable SMTP authentication
$mail->SMTPSecure = "tls";                 // sets the prefix to the servier
$mail->Host       = "smtp.gmail.com";      // sets GMAIL as the SMTP server
$mail->Port       = 587;                   // set the SMTP port for the GMAIL server
$mail->Username   = "yourusername@gmail.com";  // GMAIL username
$mail->Password   = "yourpassword";            // GMAIL password
$mail->SetFrom('name@yourdomain.com', 'First Last');
$mail->AddReplyTo("name@yourdomain.com","First Last");
$mail->Subject    = "PHPMailer Test Subject via smtp (Gmail), basic";
$mail->AltBody    = "To view the message, please use an HTML compatible email viewer!"; // optional, comment out and test
$mail->MsgHTML($body);
$address = "whoto@otherdomain.com";
$mail->AddAddress($address, "John Doe");
$mail->AddAttachment("images/phpmailer.gif");      // attachment
$mail->AddAttachment("images/phpmailer_mini.gif"); // attachment

if(!$mail->Send()) {
echo "Mailer Error: " . $mail->ErrorInfo;
} else {
echo "Message sent!";
}

Contact form won't send messages if user specified a gmail or yahoo return address

3 Answers3