Follow

How Do I Send Email From My Web Site

Updated:  Jun 16, 2016

Goodbye mail()

A decade or more ago, connecting directly to the sendmail binary on the web server seemed like an easy way to send mail from a web application.  This is how the internal PHP mail() function works.

Because it was essentially a "zero configuration" service, it was used by many older PHP-driven sites, including major content management systems such as WordPress.

We are building out a new secure web hosting environment Summer 2016 and have decided to retire mail() for the following reasons:

  • Mail() gives unauthenticated access to the web server MTA
  • One compromised site impacts the email reputation of all customers on the server
  • Unexpected delays and sometimes non-delivery of email based on server reputation
  • Difficult to throttle spambot activity in real time
  • Requires that Razyr's web server be added to your domain's SPF record, assigning unwarranted trust to other web sites
  • No facility for reliably signing outbound email via DKIM
  • If primary domain using DKIM, mail from web server must originate from a subdomain
  • Lack of reporting and tracking
  • No inherent accountability

Hello SMTP

A more modern approach to outbound email is to use an SMTP client.  Virtually all programming languages support direct, secure SMTP connections to remote mail servers.  Think of this like a "send-only" version of Outlook or Mac Mail.

This approach requires that you have an email account with a service provider such as Razyr, Google or Outlook.com.

We are deploying an SMTP-only environment on the new server for the following reasons:

  • All mail routed through the web site owner's domain or designated provider
  • Authenticated, TLS encrypted connection to the remote mail server
  • Mail is more likely to be delivered as it's following established route and policies of your main email systems
  • Site owners are responsible for their own email reputation
  • Meets DKIM/SPF policies for existing domain
  • Uses tracking/reporting systems of your existing email service
  • Accountability for all outbound mail is enforced by your email provider or domain administrator

 

What you may need to change or update

WordPress Sites

Wordpress users must install a plugin.  We recommend EASY-WP-SMTP.  It has an install base of 100,000+ sites, it is frequently updated, works with all reasonably current versions of WP and it is very easy to install and configure.

For customers who use Razyr Email hosting please ensure you include the following settings:

SMTP Host:  mail1.razyr.net
Type of Encryption:  TLS
SMTP Port:  587
SMTP Authentication:  Yes

We do recommend that you use a valid "From Email Address" as there is no "Reply-To:" option with this plugin.

If you want to send mail from a "noreply" account, please contact Razyr Support and we'll be glad to set one up for you.  We can set up a special account which automatically discards any inbound messages.

The following screen shot shows a generic example using Google as the SMTP service provider. If Razyr hosts your email, be sure to use your own domain, designated account and the settings shown above.

 

 

Older Sites Using CGI Scripts

There is a high probability that if you have an older site which sends mail, it's using an out of date script to do so.  This applies to older PERL scripts as well which made direct calls to the sendmail binary.

We are currently looking for a suitable free replacement for scripts such as formmail.pl which was originally written in 1995, but still in use by some of our customers.  Most of the similar scripts we're finding are 10-15 years old and don't support TLS, if they support SMTP at all.

 

Roll Your Own Solution

For programmers who are building new applications or maintaining older code, please refer to the following sample PHP Code.

"Mail" is a PEAR module installed for use by all Razyr customers.  You don't need to upload it as part of your code base.

<?php
require_once "Mail.php";

$from = "Customer Service <noreply@mycompany.com>";
$to = "mycustomer@otherdomain.com";
$subject = "Your Topic";
$body = "What you want to say.";

$host = "mail.provider.com";
$port = "587";
$username = "realaccount@mycompany.com";
$password = "ACCT_EMAIL_PASSWD";

$headers = array ('From' => $from,
  'To' => $to,
  'Subject' => $subject);
$smtp = Mail::factory('smtp',
  array ('host' => $host,
    'port' => $port,
    'auth' => true,
    'username' => $username,
    'password' => $password));

$mail = $smtp->send($to, $headers, $body);

if (PEAR::isError($mail)) {
  echo("<p>" . $mail->getMessage() . "</p>");
} else {
  echo("<p>Message successfully sent!</p>");
}
?>

 

 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk