Changeset 61010

Timestamp:

10/21/2025 08:04:22 AM (3 weeks ago)

Author:

dmsnell

Message:

wp_mail(): Set sender address by default.

WordPress has been calling $phpmailer->setFrom() with a false value for an attribute telling it to set the sender address for each message. This sender address is also known by other names: Envelope-From, MAIL FROM, Return-Path, etc... Unfortunately, this configuration can easily lead to mail being rejected by numerous mail hosts due to an invalid domain being generated by the local mail server/MTA.

The flag was originally added with the note that its absence “causes outgoing email to fail on some server environments.” However, it is likely that this led to the opposite effect, as evidenced by numerous reports, plugins, and workarounds over the years.

In this patch the flag is being removed, which has the effect of letting $phpmailer set the Sender value, which it does by default using the domain “where the front end is accessible” and which is is likely correct.

After this change there is a chance of mail failure for sites with SPF configured but which does not allow mail to be sent on behalf of this domain and if those sites also do not have a properly configured DKIM and DMARC setup. Those sites should review their SPF policies or the wp_mail_from filter.

Developed in ​https://github.com/WordPress/wordpress-develop/pull/9412
Discussed in https://core.trac.wordpress.org/ticket/49687

Follow-up to [38286].

Props cbutlerjr, dmsnell, jamieburchell, knutsp, kub1x, lordandy1984, piskvorky, SergeyBiryukov, siliconforks, SirLouen, stankea, vbbp, websupporter.

Fixes #49687.

Location:

trunk

Files:

• src/wp-includes/pluggable.php (modified) (1 diff)
• tests/phpunit/tests/pluggable/wpMail.php (modified) (1 diff)

trunk/src/wp-includes/pluggable.php

@@ -433 +433 @@
 
         try {
-            $phpmailer->setFrom( $from_email, $from_name, false );
+            $phpmailer->setFrom( $from_email, $from_name );
         } catch ( PHPMailer\PHPMailer\Exception $e ) {
             $mail_error_data                             = compact( 'to', 'subject', 'message', 'headers', 'attachments' );

trunk/tests/phpunit/tests/pluggable/wpMail.php

@@ -409 +409 @@
 
     /**
-     * Test that the Sender field in the SMTP envelope is not set by Core.
-     *
-     * Correctly setting the Sender requires knowledge that is not available
-     * to Core. An incorrect value will often lead to messages being rejected
-     * by the receiving MTA, so it's the admin's responsibility to
-     * set it correctly.
-     *
-     * @ticket 37736
-     */
-    public function test_wp_mail_sender_not_set() {
-        wp_mail( 'user@example.org', 'Testing the Sender field', 'The Sender field should not have been set.' );
-
-        $mailer = tests_retrieve_phpmailer_instance();
-
-        $this->assertSame( '', $mailer->Sender );
+     * Test that the Sender field in the SMTP envelope is set by Core.
+     *
+     * A missing Sender field can lead to messages failing DMARC SPF checks.
+     *
+     * @ticket 49687
+     */
+    public function test_wp_mail_sender_set() {
+        wp_mail( 'user@example.org', 'Testing the Sender field', 'The Sender field should have been set.' );
+
+        $mailer = tests_retrieve_phpmailer_instance();
+
+        $this->assertSame( 'wordpress@example.org', $mailer->Sender );
     }