[wp-trac] [WordPress Trac] #14888: PHPMailer class uses wrong/no sender for mail envelope

WordPress Trac wp-trac at lists.automattic.com
Sat Aug 25 10:32:11 UTC 2012 

#14888: PHPMailer class uses wrong/no sender for mail envelope
-----------------------------------------+-----------------------------
 Reporter:  gkusardi                     |       Owner:
     Type:  defect (bug)                 |      Status:  new
 Priority:  normal                       |   Milestone:  Future Release
Component:  Mail                         |     Version:  3.0
 Severity:  normal                       |  Resolution:
 Keywords:  reporter-feedback has-patch  |
-----------------------------------------+-----------------------------

Comment (by basos):

 Replying to [comment:13 tigertech]:
 > Replying to [comment:11 basos]:
 >
 >
 > Ummm... It feels like you're using the term "correct envelope sender" to
 simply mean "an address that didn't trigger spam filters in my particular
 situation".

 Ok, you are right for this in the sense that I do not bother to comment on
 this only because of the  hypothetical SPAM remedy. The only observable
 difference that relates with SPAM, is the "best guess" string at the SPF
 authentication when the default envelope is used.

 My proposal for the new "system email address" option, is mainly for
 '''bounces''' (i.e. wordpress  generated emais that didn't make it to the
 receiver). When you leave your SMTP server to decide for the default
 envelope your bounces will go to an address that you didn't consider.

 >
 >
 > I'm sure that a made-up address is the wrong approach, so that leaves
 the question as "should WordPress ask users to manually enter an envelope
 sender address"? My suspicion is that that would not help, and would
 probably hurt. People have no idea what envelope sender addresses their
 hosting company allows. In particular, many users would probably enter a
 freemail address that's unrelated to their WordPress site domain name,
 which many hosting companies would block (my company certainly doesn't
 allow scripts to start sending mail from random domain names, since that
 usually indicates a spam exploit).

 I totally agree that custom envelop is not to be used with arbitrary
 emails. '''Rather it is to be used with legitimate, existing email
 addresses on the sending SMTP machine.''' This should be optional and
 targeted to '''advanced''' users that need precise control of the email
 sending procedure.

 For example a hypothetical setup would be: on the wordpress machine (also
 acting as an SMTP server) create a webmaster[@]mydomain.com email. Then,
 define this email as the system email to be used as an envelope. This is a
 legit usage of explicit envelope setting and would not be blocked by your
 hosting company. Then, all the bounces will return to the webmaster's
 address.


 For the reference this functionality exists at the phpbb forum webapp as a
 "Return e-mail address" configuration option.

 PS: I have already patched 3.4.1 and could post patches if it is needed.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/14888#comment:14>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list