[wp-trac] [WordPress Trac] #62077: New user registration emails send the default (wrong) "From:" headers
WordPress Trac
noreply at wordpress.org
Wed Sep 18 19:31:26 UTC 2024
#62077: New user registration emails send the default (wrong) "From:" headers
------------------------------+-----------------------------
Reporter: michael.orlitzky | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords: mail
Focuses: |
------------------------------+-----------------------------
In `wp-includes/pluggable.php`, the `wp_new_user_notification()` function
builds an email without headers:
{{{#!php
$wp_new_user_notification_email = array(
'to' => $user->user_email,
/* translators: Login details notification email subject. %s: Site
title. */
'subject' => __( '[%s] Login Details' ),
'message' => $message,
'headers' => '',
);
}}}
This causes `wp_mail()` to use a default "From" header of...
{{{#!php
/*
* If we don't have an email from the input headers, default to
wordpress@$sitename
* ...
*/
}}}
This won't work if `$sitename` has DKIM/DMARC configured to require
alignment between the signature and the "From" address. I don't think this
is a rare scenario in 2024, and it causes the messages to be junked or
deleted depending on the DMARC policy and the mail provider.
Using the site's administration email address would be much more reliable.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/62077>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list