Set FROM different from the email you are actually sending. It's safe?

2

When I send email through php (phpmailer), I can configure all email parameters, however, I can check that I can do something like this:

<?php

  // Excerto do código
  $mail = new PHPMailer;
  $mail->IsMail();
  $mail->IsHTML(true);
  $mail->isSMTP();
  $mail->SMTPAuth = true;

  $mail->Host = 'mail.meudominio.pt';
  $mail->Username = '[email protected]';
  $mail->Password = 'abc123';

  $mail->setFrom('[email protected]', 'pomba gira');
  $mail->addReplyTo('[email protected]', 'yahoo guy');

?>

With this, I can send an authenticated email, to anyone, making me go through a 3rd person.

Issue: - Is it possible for my server to force the FROM to be the same as the email that authenticates?

    
asked by anonymous 28.07.2016 / 12:40

1 answer

1

As you may have noticed, yes, you can send it normally.

However, it is a bad practice these days because email servers are blocking as a basic security issue.

Try, for example, to send to a hotmail / live email because their servers are pretty strict with it. The tendency is for other e-mail services to follow this as a basic rule.

Therefore, set the "FROM" header exactly the same as the email you used to send the message.

Note that this is also true for unauthenticated mail. In this case, there are other basic rules as a valid domain, for example.

    
28.07.2016 / 15:28