> -----Original Message----- > From: LAMP [mailto:lamp@xxxxxxxx] > Sent: Monday, January 11, 2010 2:17 PM > To: PHP-General List > Subject: corect way to use mail() function > > Hi, > The company I work for, hosts online events registration > applications. > After a registered registered himself for an event he will get a > confirmation email saying he registered successfully. > Currently, in the header part of the mail(), in "From" it says e.g. > orders@xxxxxxxxxxxxxxx - because the email comes from us not from our > client (e.g. ABC Assoc.). Reply-to goes to us too. > > Now one of our clients (e.g. ABC Assoc.) asks us to put in the "from" > field their email, to looks like the email comes from them. something > like: From: ABC Assoc. <events@xxxxxxxxxxxx>; > > I refused to do that concerned we are going to be blacklisted for > sending "spam". Because header shows one place and From field > says other > email address - spam way of sending emails. > > Am I right or it really doesn't matter "who" sent the email? > > LL I do that sort of thing all the time and don't get RBL'd. I think the key things are if your domain can be reverse verified, the frequency you send (if you're just sending hundreds of emails out that's a red flag), BCC: but no TO:, and if the content/body seems to be non-spammy. Make sure any hyperlinks in the body are correct and non-spammy looking too. A common phishing routine is to display one hyperlink to the user, but the actual 'click' takes you somewhere else. I think doing one of those, "to register, click _here_" deals is WORSE (from an automated spam filter POV) than showing the actual hyperlink and making it a hyperlink too. Ala, "to register, click http://www.abcaccos.org/register/fa4jar4875";. Avoid sending HTML emails for registrations too. It has a better chance of getting through and should have a disclaimer in it to 'whitelist this sender' sort of dealio. Once they're setup, then you can work with HTML emails, but you don't want to loose/frustrate customers right off the bat by not letting them register properly despite how pretty you think the HTML version looks. I think you should [a] do what your client asks -- it's their money [b] put in a From: that is representative of the site the user expected the email to actually come from [c] put a disclaimer on your web form for the person to add "orders@xxxxxxxxxxxxxxx" and "events@xxxxxxxxxxxx" to their whitelist (no-spam filter) [d] make the SUBJ: line of the email VERY explicit about WHO and WHAT this is concerning: ie SUBJ: "Registration Confirmation from ABC Assoc. for username JDOE requested" If I was a customer and got an email from @computility.com and I didn't know who the heck they were, since I was expecting from @abcaccos.org, then I would most likely delete it. I have an itchy trigger finger and tend to delete first, ask questions later. ;-) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
