[wp-trac] [WordPress Trac] #60420: Default sender address
WordPress Trac
noreply at wordpress.org
Tue Jul 15 12:43:03 UTC 2025
#60420: Default sender address
-----------------------------+------------------------------
Reporter: thinlinecz | Owner: (none)
Type: feature request | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: Mail | Version: 1.5.1.2
Severity: normal | Resolution: wontfix
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by michael.orlitzky):
Replying to [comment:12 knutsp]:
>
> 2. All other cases: Advice th use of an SMTP plugin. Then SPF/DKIM/DMARC
is not an issue.
>
While SPF verifies the SMTP envelope sender (i.e. what usually winds up in
the Return-Path header), DKIM verifies the "From:" header which is
independent of the transport mechanism. If the "From:" header is hard-
coded to use the $SERVER_NAME, somehow you need to have access to the
signing infrastructure for $SERVER_NAME, otherwise you're going to fail
DKIM.
The website is not necessarily even hosted on $SERVER_NAME, it could be
hosted on www.$SERVER_NAME, because WP is stripping the "www" as if it's
irrelevant. But www and @ are different DNS zones! You will occasionally
find www delegated to another department to manage beta sites and i18n
subdomains, etc. So not only could the email be controlled by another
entity (who doesn't want some random web server sending spam through their
infrastructure), but you may not even be talking about the same DNS.
> @michael.orlitzky:
> > a huge number of very popular plugins are already using the admin
address as the "From" address (because there's no better option!)
>
> What plugin(s)? They are using SMTP?
They are just sending email, the protocol is not really relevant.
Wordpress itself uses the admin address as the "From:" value. In wp-
includes/ms-functions.php:
{{{
$admin_email = get_site_option( 'admin_email' );
if ( '' === $admin_email ) {
admin_email = 'support@' . wp_parse_url( network_home_url(),
PHP_URL_HOST );
}
$from_name = ( '' !== get_site_option( 'site_name' ) ) ? esc_html(
get_site_option( 'site_name' ) ) : 'WordPress';
$message_headers = "From: \"{$from_name}\" <{$admin_email}>\n" . 'Content-
Type: text/plain; charset="' . get_option( 'blog_charset' ) . "\"\n";
}}}
GravityForms encourages you to use the site admin as the "From" address --
it displays a warning if you're not using either the site domain or the
admin email as the "From". You'll find code like,
{{{
if ( ! GFCommon::is_valid_email( $from ) ) {
$from = get_bloginfo( 'admin_email' );
}
}}}
Elementor Pro defaults some of its messages to the admin email. WP Updates
Notifier defaults to the admin email, etc. Lots of plugins need to send
email, and as we are all now discussing, making up a random address
@SERVER_NAME doesn't work. So they choose the best address available,
which is the admin email. (You can grep for admin_email in any wp-
content/plugins directory to find lots more of these.)
I may be pointing in the wrong direction if the admin email was never
meant to be used as a sender, but in any case, the web server admin needs
to be able to choose an address (really, a DNS domain) that he controls
and is responsible for. It's not always possible to gain access to the
existing mail infrastructure for $SERVER_NAME, and we don't want all mail
from WP to disappear into a void in that case.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/60420#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list