[wp-trac] [WordPress Trac] #18792: Wrong FROM email when using wp_mail and built in mail() function

WordPress Trac noreply at wordpress.org
Tue Oct 22 00:16:23 UTC 2013 

#18792: Wrong FROM email when using wp_mail and built in mail() function
-------------------------------------------------+-------------------------
 Reporter:  pigster                              |       Owner:  westi
     Type:  defect (bug)                         |      Status:  accepted
 Priority:  normal                               |   Milestone:  Awaiting
Component:  External Libraries                   |  Review
 Severity:  major                                |     Version:  3.2.1
 Keywords:  has-patch needs-testing needs-unit-  |  Resolution:
  tests 2nd-opinion                              |
-------------------------------------------------+-------------------------

Comment (by bpetty):

 Replying to [comment:16 MaximumResults]:
 > So, you're saying, if I have "anyone can register" turned on, and my
 site is hosted on a cPanel hosting service, WordPress should send the
 cPanel hosting login details (less password) to anyone who registers on
 the site?   That doesn't sound like a good idea at all. The "WordPress@"
 emails are the ones that most need to have the Sender set, and that needs
 to apply to the "Envelope-to:" header, the "Sender:"/"X-Sender:" header
 and especially for the "-f{user}@{domain}" string passed to the mail() PHP
 function.

 The fact that you might see email from `username at box###` has absolutely
 nothing to do with any headers WordPress does or does not configure when
 sending email from shared hosting providers.

 Speaking for Bluehost (other shared hosts do this as well though), shared
 accounts don't have any valid default email addresses configured until you
 specifically configure one, and absolutely require email to be sent from a
 valid address in order to prevent abuse and spam. Even with WordPress
 configured to use a default `wordpress@$sitename` address, the "From"
 header is rewritten by default (to the username at box### address) by shared
 hosting providers since that still isn't a valid email address. The
 remaining headers won't make any difference here regardless. See
 [https://my.bluehost.com/cgi/help/206 this help article] for more
 information. In the case of WordPress, you could alternatively just create
 a "wordpress" email account, and it would just work too, making this
 rather simple to fix if you're concerned about security.

 By the way, WordPress has turned off user registration by default as well,
 so it's not the best argument for modifying the default behavior of email
 since it's not a default option itself.

--
Ticket URL: <http://core.trac.wordpress.org/ticket/18792#comment:17>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list