Login/Register
phpMailer not arriving in Hotmail?
Asked Answered
Solved phpphpmailer
D

7

7

After setting up SPF Record i still am here to verify why i cannot recieve this email to hotmail account. I am able to send it to gmail with no issues. Please confirm if the code is correct, and SPF record is correct:

<?php 

require_once 'PHPmailer/class.phpmailer.php';
$mail = new PHPMailer();


$body = "Thankyou for your Purchase. <br/><br/> Here is your Policy! You are now Protected during your Travels.";

$mail->AddAddress('$payer_email');
$mail->From = "[email protected]";
$mail->FromName = "Name";
$mail->Subject = "Thankyou for Your Purchase";
$mail->MsgHTML($body);
$mail->AddAttachment("tosend/xxx.pdf");
if(!$mail->Send()) {
echo "There was an error sending the message";
    $sql = "UPDATE purchases SET policy_sent = 'Not Sent' WHERE id = '$lastid' ";
    $stmt = $mysqli->query($sql);
    $mysqli->close();
exit;
}
echo "Message was sent successfully";
$sql = "UPDATE purchases SET policy_sent = 'Sent', email_to = '$payer_email' WHERE id = '$lastid'";
$stmt = $mysqli->query($sql);
$mysqli->close(); 
?>

Here is the SPF:

v=spf1 a mx include:secureserver.net ~all

Are all these correctly configured?

Doro answered 14/5, 2015 at 12:39 Comment(5)
We'll need to know a fair bit more to be sure. For starters immortalinsurance.com should probably have SPF records that tell people that your web server is an okay place for its mail to be coming from.Duvall
Why is it Gmail will pick the email up? Would an SPF Record solve most of the problem you reckon? I havent set one up unless its autosetup.Doro
Different services do different things. I'd assume that you don't have an SPF record if GMail is allowing mail through—if you've got an SPF record but your server isn't listed in it, then GMail will drop the mail. Bear in mind that Hotmail, Google, etc., will basically gather a bunch of evidence of how spammy something looks and then score it in different ways, so there's no guarantee that any one change will let an email through for any one provider, and often no way of working out exactly why something seems "spammy" to them.Duvall
Incidentally, you may find this existing ServerFault question interesting reading; this is quite a common issue, and seems to be quite well addressed over there.Duvall
Your code is sending via your local mail server - if you send directly using SMTP and enable debug output ($mail->SMTPDebug = 2;), it will give you more information. Alternatively just look in your local mail server's log file and it will show you why hotmail is rejecting (or whatever it's doing) your message.Malayopolynesian
A
0

Had the same issue. I have checked the whole script 30 times. Each setting each . and , Checked and rechecked dns records dkim and spf 100 times.

Nothing worked.

I e-mailed hotmail/outlook/live about the issue. I didn't expect any help but within a few hours the problem was solved.

It wasn't in the script. Hotmail just blocks any e-mail that is sent trough most webpages. Even if your spam reputation is fine. They have placed the server's ip on a whitelist and the problem was solved.

They can change it back if they detect bad behavior. There's a limit for sending e-mail. If your server has a bad reputation they aren't likely to add the server to their whitelist. This can be an issue on shared hosting packages. Someone else on the same server where you host your website can f up the servers reputation.

Avenge answered 6/1, 2017 at 22:36 Comment(2)
How can we contact there service ?Agneta
I'm very interested in this contact email address too. I'm having the same problem.Colorimeter
O
7

Use SMTP Auth, then Hotmail wouldn't complain anymore. Anonymous mails are considered as spam by almost all receiving servers.

$mail->SMTPAuth   = true;                  // enable SMTP authentication
$mail->Host       = "mail.yourdomain.com"; // sets the SMTP server
$mail->Port       = 26;                    // set the SMTP port
$mail->Username   = "yourname@yourdomain"; // SMTP account username
$mail->Password   = "yourpassword";        // SMTP account password

But ofc. depending on whether you have control over your SMTP or not, you should make sure, that basic stuff like reverse-dns-lookup is setup properly

Due to the discussion in the comments, I want to add a little bit more information about my thinking about why SMTP Auth will fix this:

IF you are using PHPMailer without the definition of an SMTP-Server, PHPMailer will operate in mail mode, which will just call the mail() function of php.

The mail-function itself will use the smtp-settings configured in the PHP-INI file, or the default values, which are listed here: http://php.net/manual/en/mail.configuration.php

defaults:

SMTP = "localhost" 
smtp_port = "25"

Since the OP has configured a local mail server (or why would he setup MX-records?), php will now connect to this SMTP-Server without Authentication. The Server will accept the message and send it to the next server.

(Same applies if unix' sendmail is used)

Each Server in the chain and especially the receiving server can now see, that a private SMTP has been used and no Authentication has been provided. That is already Spam-Score over 9000 because with a setting like that (theoretically) everyone could use that server to send mails! Restrictions like only from localhost are ofc. not known by other servers, therefore that SMTP is considered to be an Open Mail Relay http://en.wikipedia.org/wiki/Open_mail_relay

Switching PHPMailer to SMTP-Auth (EVEN if still the local SMTP Server is used) will add This information to the Entry created by the server when forwarding the mail. The Entry will look like this: 

Received: from SERVER1 ([xxx.xxx.xxx.xx]) by mydomain.de with ESMTPA

The trailing A after ESMTPA now tells the receiving Server, that Server1 has used a valid user account on mydomain.de to start the sending-attempt, which means that the SMTP-Server knows the origin of the mail and could provide information about the sender.

Still, the local SMTP-Server is not a known one, so in this case it might end up beeing greylisted and checked on various RBLs, which shouldn't be any problem in this case.

If the (local) SMTP-Server now passes ALL checks (Reverse-DNS Lookup, Greylisting, RBLs and what not) - the mail has a good chance to be successfully delivered, even if no remote smtp is used, because the server could be successfully authenticated as well as the sender using that server. (Otherwise no company could setup own servers)

So, using SMTP-Auth (Or any other authentication method) will also have an impact, even if no remote-SMTP Server is used.

Authenticated Mails are not a guarantee for not beeing considered as spam - but unauthenticated Mails are definitly ranked higher in the Spam-Score of common systems.

Orling answered 14/5, 2015 at 12:58 Comment(18)
That was an option i was thinking, if i setup an SMTP then do i really need an SPF Record?Doro
None of those settings are used if you're not sending via SMTP, as the code presented in the question is not. Auth has no relevance to spam scoring either - an upstream receiver can't tell if you originally submitted using auth or not.Malayopolynesian
@Malayopolynesian the code has significance if he enables smtp-auth. and smtp auth has a HUGE impact on spamscore, because the (trusted) SMTP will tell the receiving server that your identity is confirmed. (or at least the receiving server can derive this fact from the headers)Orling
No it doesn't in this case because the first receiving server is his own mail server on localhost, he's not using SMTP at all so these settings will simply never be used, and there is no mechanism in SMTP to convey any kind of trust record as you suggest anyway. All that is recorded is times and IP addresses in Received headers.Malayopolynesian
@Malayopolynesian You don't get the point. IF his local server is allowing access WITHOUT smtp-Auth - the receiver will consider his mails as spam for sure, cause everyone could abuse the server as smtp-relay. If he configures his local server to REQUIRE SMTP-Auth, then the receiving server knows, that every mail send through this server has been submitted with credentials, so that it's a valid "user" of that smtp.Orling
No it won't, because he's not using SMTP at all.Malayopolynesian
Even if he was, you have no way of telling whether a server is an open relay by looking at a message you receive from it, i.e. there is no way for a downstream server to know whether a message was originally submitted using auth or not. This is why open relays are such a bad thing, but it has absolutely no bearing on this question.Malayopolynesian
What makes you think he's not using SMTP? How else is PHPMailer::Send() going to get the message to Hotmail?Ronrona
@Ronrona - The standard practice does use the same SMTP protocol for the outgoing mail, but it's handled entirely by the web server and uses no authentication. Instead it goes through what is essentially an open relay (albeit one that should be limited to users on the server). By using a proper SMTP server (even if it is physically on the same machine) to handle the email, it goes through the proper authentication routine and the SMTP server should already be listed in the domain's SPF record.Zenobiazeolite
Ohh... @Malayopolynesian is confusing "SMTP" with "MTA". I was confused by how the heck one would send email without using the SMTP protocol.Ronrona
No, I'm not confusing it at all; the sendmail protocol (which is what PHP and PHPMailer both use by default) submits a message to a local MTA without using SMTP, and usually without any explicit auth either. What the MTA does with it after that is entirely outside PHPMailer's control.Malayopolynesian
@Malayopolynesian If he uses any SMTP-Server with SMTP-Auth (whether its remote or local), the Server will add this information to the header, so that the receiving server knows, that the mail has been delivered to the SMTP-Server using an authentication method - Which does nothing but indicate that the usage of the STMP-Server was authenticated and the origin of the message is known to the smtp-server. See also here: (2.4.5 SMTP Auth Results) dkim.org/specs/draft-kucherawy-sender-auth-header-14.html Not having this header means "anonymous sender", which indicates spam/phising etc.Orling
@Malayopolynesian Of Course everyone can add those headers - but depending on the status of "trust" in the chain of transport-servers they might drop the headers and only keep headers received from trusted servers. So a "own" Auth-Header will most likely not be visible to the final server, while any Auth-Header from a valid (and trusted) smtp will be.Orling
That's interesting - That became RFC7001. In practice the Authentication-Results header appears to only be used to convey SPF/DKIM/DMARC results; Nobody (really, not one example out of the ~500k messages I looked in) appears to be using it as you suggest, partly because it seems to be considered a security hazard. Gmail doesn't set it on outbound at all. It also doesn't change what I said earlier, because it could convey implicit auth too, so using SMTP locally makes no difference, and implicit auth != open relay as you made out.Malayopolynesian
@Malayopolynesian the information is added in the "with" part of the "Received" field. If it is transferred using SMTP-Auth, it will be something like with ESMTPA (Note the trailing A) I just setup a mailbox to use SMTP-Auth and could find the headers in the email I received on a different Mailbox: Received: from MYCOMPUTERNAME ([xxx.xxx.xxx.xx]) by mrelayeu.kundenserver.de (mreue104) with ESMTPA (Nemesis) id xxx - that's all I'm talking about: the relay just confirms, that MYCOMPUTERNAME is a authenticated user of kundenserver.de which makes the email somewhat trustworthy.Orling
That's RFC3848, which is quite different and says quite clearly "They should not be used for mail filtering or relaying decisions". ESMTPA suggests you're using auth without SSL, which is possibly worse than not using auth or using implicit auth. This is all academic anyway - it makes zero difference to the deliverability whether you submit locally via authenticated SMTP and tell the whole world, or do the same thing using implicit auth - you are authenticated either way, and it has nothing to do with open relays.Malayopolynesian
Just to clarify the end of your last comment: the question relates to submitting a message locally - there is obviously no value in recording that, for example, mrelayeu.kundenserver.de is an authenticated user of mrelayeu.kundenserver.de. Remote servers are an entirely different proposition, and not what the question is about.Malayopolynesian
This whole answer and this comment thread are just a massive distraction to the OP. You've posted lots that may be applicable in other circumstances, but it's almost all irrelevant to this question. Your answer fails to mention the one vital thing that he needs to do that will tell him exactly what's happening to his messages - look in the mail server logs. It doesn't help that the OP is remaining silent...Malayopolynesian
T
0

Have you tested on a live server? If yes, what error did you get? Have you enabled your phpmailer's debug to know what errors it has? If you are not using SMTP you can test with this

$mail->do_debug = true;

If you are using SMTP then use

$mail->SMTPDebug = true;

What output did you get from your debugger? You get a clue to where your problem is coming from from there.

I also suppose @dognose's answer by asking you to better use SMTP. That way your email passes through an authentication which would help indicate your identity was confirmed.

$mail->SMTPAuth   = true;                  // enable SMTP authentication
$mail->Host       = "mail.yourdomain.com"; // sets the SMTP server
$mail->Port       = 26;                    // set the SMTP port
$mail->Username   = "yourname@yourdomain"; // SMTP account username
$mail->Password   = "yourpassword";        // SMTP account password

If $mail->Port = 26; doesn't work you can try $mail->Port = 25;.

Toratorah answered 26/5, 2015 at 9:5 Comment(2)
As was evident in the question, the sender is not submitting using SMTP, so PHPMailer SMTP debug options will have no effect, but the same information will be available in the local mail server's log. Authenticating locally has absolutely no bearing on SPF.Malayopolynesian
@Malayopolynesian In my response, I gave alternative to his getting the PHPMailer's error if he wasn't going to use SMTP. With that he would know the exact error.Toratorah
M
0

The SPF currently being published by your DNS is invalid because you have three records!:

# dig +short txt immortalinsurance.com
"v=spf1 a mx include:smtp.secureserver.net ~all"
"v=spf1 mx mx:v=spf1 a mx include:secureserver.net ~all include:secureserver.net -all"
"\"v=spf1 a\""

The first one is valid; You should delete the second two.

The content of this record is correct for your domain if you are sending mail from 182.50.130.73. The 'mx' stanza is not strictly necessary since it points at secureserver.net anyway, but it may save DNS lookups on receiving servers.

Malayopolynesian answered 26/5, 2015 at 17:42 Comment(0)
S
0

Before you start sending email using mail() or SMTP, make sure you create valid sender email account in your cpanel. 

From = "[email protected]";

This is very important if not all emails you send will be tagged as SPAM and goes to junk.

Once this is done, you must setup domainkeys and SPF records. Having a dedicated IP instead of using shared given by your hosts will also help with the delivery.

Finally check your mail with all three major email providers such as Hotmail, Yahoo and Gmail.

Sample answered 26/5, 2015 at 19:53 Comment(0)
B
0

You will probably have to break down the exact reason why step by step. I know for a fact Hotmail is using a rules based spam filter (which is quite strict) and Gmail uses more like a self-learning system, which could explain why Gmail accepts your message and Hotmail doesn't.

The following you can check though:

  1. A spf-record only works on the domain the spf record is added and only works for mail sent from ips/domains defined in that spf. Therefore make sure your code is executed from a server that exists in your spf.
  2. Using SMTP as proposed above can increase derliverability (but it really depends on the receivers' spam filter). If you're testing on a local server though, you can use SMTP to send the mails trough a mail server defined in the spf. Otherwise
  3. If the mailserver you are using is an open relay, than that could (and probably would) be a reason to add extra spam points. Thus make sure you're using a closed relay (e.g. the mailserver you're using doesn't allow mails to be sent unauthenticated users)
  4. Check if the mailserver you're sending from isn't on any blacklist (http://mxtoolbox.com/blacklists.aspx offers a great tool);
  5. Use the message headers in Gmail to find out if Gmail sees any reason to add spam points to your message (Howto: https://support.google.com/mail/answer/22454?hl=en). There you can find if your spf works (by searching for 'spf=pass'). This might also work for Hotmail if your mail would be delevered into the spam folder.
  6. One of the many rules spamfilter apply are keyword checking (which I think your mail contains a few off), the amount of text and such. Make sure the overall quality of your message is good;
  7. PHPMailer uses php's mail function by default. You can change this to sendmail ($mail->isSendmail();, probaly doesn't work on Windows if sendmail is not set up properly) or perhaps check the settings of your php.ini what mailserver is used (use ini_set('SMTP', 'yourhost.com'); to override, but this only works on Windows as far is I know).
Bellyband answered 27/5, 2015 at 8:56 Comment(0)
A
0

Had the same issue. I have checked the whole script 30 times. Each setting each . and , Checked and rechecked dns records dkim and spf 100 times.

Nothing worked.

I e-mailed hotmail/outlook/live about the issue. I didn't expect any help but within a few hours the problem was solved.

It wasn't in the script. Hotmail just blocks any e-mail that is sent trough most webpages. Even if your spam reputation is fine. They have placed the server's ip on a whitelist and the problem was solved.

They can change it back if they detect bad behavior. There's a limit for sending e-mail. If your server has a bad reputation they aren't likely to add the server to their whitelist. This can be an issue on shared hosting packages. Someone else on the same server where you host your website can f up the servers reputation.

Avenge answered 6/1, 2017 at 22:36 Comment(2)
How can we contact there service ?Agneta
I'm very interested in this contact email address too. I'm having the same problem.Colorimeter
T
0

The user of the connection data $mail->Username must be the same as the $ mail->From, otherwise hotmail rejects the email or marks it as spam.

Also, if the email has images, it can also be marked as spam.

In summary, for everything to be perfect, send email without images and that the From is the same as the Username.

Tiberias answered 19/11, 2021 at 11:42 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.