Send email with PHPMailer without authentication?

Question

Send email with PHPMailer without authentication?

Navigation

#1 by (4 votes)

2

I am using the following code to send email:

<?php
require 'libs/PHPMailerAutoload.php';

$mailer = new PHPMailer();

$mailer ->isSMTP();
$mailer ->isHTML(true);
$mailer->CharSet = "UTF-8";

$mailer->SMTPAuth = true;
$mailer->SMTPSecure = "tls";
$mailer->Host = "smtp.live.com";
$mailer->Port = 587;
$mailer->Username = "[email protected]";
$mailer->Password = "*********";

$mailer->From = "[email protected]";
$mailer->FromName = "leonardo vialrinho";

$mailer->Subject = "TESTE DE EMAIL";
$mailer->Body = "body HTML";
$mailer->AltBody = "body texto";

$mailer->addAddress("[email protected]");

if($mailer -> send()) {
    echo "Enviado";
} else {
    echo "Erro: ".$mailer->ErrorInfo;
}
?>

So far no problem, but what would it be like in a contact form? Where the user will not enter the password of email of it. And I also do not think it's legal or even to put the password of my email in the code (in case it would send a confirmation of registration, etc.)

php

asked by anonymous 27.12.2015 / 15:38

1 answer

POO using Django PHP Mailer sends email 2 times

score 4 · Accepted Answer

Contact form is you sending a message to yourself. It is not the person sending the message to you. You do not need to contact her server to do this. You need your password.

That's the way it works. Or puts it in the code or puts it in config file, which ends up giving it the same. What you can do is encrypt the information. Almost nobody does this in PHP.

It has solutions to avoid putting the password in the application, but it is complex and does not usually compensate the work, so everyone does so. Anyway, I would have some protection somewhere.

Confirmation form is something else, but the process is the same. It's you sending the message to someone else. You need your password.

Every time you open a web form you are opening the possibility of attacks and there are sophisticated techniques to prevent this. As these attacks do not usually bring advantages, it is rare for someone to make the attack. And so it is even rarer for someone to prevent it.

Just be careful not to give a chance to a form power at the same time allow the person to choose the message that will be sent and to whom the message will be sent. This allows you to send spam to your account. This is an attack that brings advantages.

What you can not do under any circumstances is to use an email server that does not need authentication for sending messages.