I’m sorry if this has been asked but I’m not quite sure how to search for it. I’m having a bit of trouble understanding how mail() works in PHP. The way I see it, using that function, I can send e-mails from any user on my mail server – existent or not, without needing any credentials or anything. I doubt the guys from PHP would let this be the way I think it is and I also suspect that this has something to do with the fact that e-mails I send from my mail server go straight into the spam folders on other mailing services (gmail, yahoo etc.)
Can somebody shed some light on me and fill the missing link. Thanks!
1
Unfortunately, this is just how email works. There is no way for PHP to validate whether you are allowed to send mail from a particular address, so it will let you specify any address you want. Your mail server may be configured to reject email from invalid mailboxes, or if you do not have the correct authentication details for a valid mailbox, but most servers are not set up to do this.
As to why your email is being rejected by the large service providers, the most likely cause is that either you are on a blacklist somewhere, you’re sending email directly from an end-user ip address without using a relay server, or have not correctly implemented sender address verification for your domain.
4
PHP, like most software, is supposed to help you do things, not put restrictions in your way. It isn’t the job of the PHP team to restrict what you can do. The PHP team couldn’t take on that job if they wanted to, since if someone wanted to get around the restrictions they could just choose some competing less restrictive software to build their application on instead of PHP.
Restricting what you can do with email is up to the administrators of the systems that you send email from, via and too, not the software you use yourself. PHP allows you to attempt to send mail with any From: address you choose, but the system you are trying to deliver it to can still block it.