[wp-trac] [WordPress Trac] #60420: Default wordpress at site.com sender address can be problematic
WordPress Trac
noreply at wordpress.org
Tue Dec 16 23:05:17 UTC 2025
#60420: Default wordpress at site.com sender address can be problematic
-----------------------------+------------------------------
Reporter: thinlinecz | Owner: (none)
Type: feature request | Status: reopened
Priority: normal | Milestone: Awaiting Review
Component: Mail | Version: 1.5.1.2
Severity: normal | Resolution:
Keywords: close | Focuses:
-----------------------------+------------------------------
Comment (by SirLouen):
Replying to [comment:52 knutsp]:
> What needs to be fixed is that it can be overriden by the -f parameter
in the path.
Conversations have become so massively big, that it's hard to follow them.
Long story short this has been already scheduled for 6.9.1
> It is critical that a valid email address exists in the email’s envelope
(the Return-Path / MAIL FROM address). This address is entirely
independent of the visible From address. Humans do not read bounces or
failure notices sent to the envelope address; they are handled by
automated mail systems and bounce-processing software.
Nothing hinders sysadmins from having a valid email (and it doesn't even
need to be valid, as long as is not refused).
Also, and in the ultimate worst case, MTAs that sysadmins control have the
final word. Any web hosting maintainer, can easily override the PHP's `-f`
in Exim, Postfix, Qmail, Sendmail, or whatever it's being used.
But as we suggested here #62129 I agree that more health checks could be
useful to inform users that their From addresses should exist (and
transitively now, their Sender).
> Because the envelope is created and finalized by the underlying mail
transfer agent (MTA) or transactional email service, WordPress itself is
not in a position to reliably define or manage the envelope sender
This is not necessary true. Moreover, is not WP itself, but the underlying
mailing library (PHPMailer), which defaults this. In fact WP remove the
defaults back in the day not because of this, but another completely
unrelated issue. This should have never been removed, but I was not around
back in the day to further discuss that decission. Any client is in the
position to define whatever Sender is more convenient, any user can
override this easily and MTA should abide and better improve to whatever
Sender is being received.
Also, I still can't understand why you are completely ignoring the DMARC's
SPF alignment. As @knutsp has said, now all tests pass straight out of the
box even on relatively hostile hostings.
> (I agree that the Reply-To: header is not relevant here.)
We were talking at some point about Reply-To, because it was also formed
following the same principles (related to the `From` which was the
starting point of this ticket).
I need to reopen #64420 because this is so messed up now that all concepts
are starting to get scrambled.
From my position I only get these actionable items:
1. Consider in the future how to add a nice `From address` input somewhere
in the Admin section
2. Wait for 6.9.1 and see how it goes for all people that were having
troubles.
For the rest I know it's frustrating for some, but there is no solution
without returning to the wrong past scenario.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60420#comment:54>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list