Emails being sent with bogus "From:" header
|Reported by:||sjmurdoch||Owned by:||rob1n|
The function wp_mail() in wp-includes/pluggable-functions.php sets the "From:" address of emails sent to be wordpress@SERVER_NAME with 'www' stripped, unless the caller overrides this. This address is not valid on my system so email is being dropped by the local server. It will also be dropped by the receiving system if that mailserver blocks email with invalid from headers, which is a common spam prevention technique.
This behaviour is due to ; previously it used get_settings('admin_email'). In #1532 markjaquith says that get_settings('admin_email') is not used "because admin email might be from off-domain and might be more likely to get flagged as spam at its destination".
A consistent "From:" header is not used. Some places use the wp_mail() default, one overrides it with the same string, another does so without stripping the 'www', and one still uses get_settings('admin_email'). None of these will be correct on all systems.
wp_mail() uses the default, invalid From header in the following cases:
- wp-includes/pluggable-functions.php, line 332
- wp-includes/pluggable-functions.php, line 349
- wp-includes/pluggable-functions.php, line 358
- wp-login.php, line 113
- wp-login.php, line 145
- wp-login.php, line 156
wp_mail() is overridden with an invalid From header in the following cases:
- wp-includes/pluggable-functions.php, line 290 (wordpress@SERVER_NAME, with 'www' stripped)
- wp-admin/install.php, line 201 (wordpress@SERVER_NAME, no 'www' stripping)
wp_mail() is overridden with potentially off-domain get_settings('admin_email') in the following case:
- wp-content/plugins/wp-db-backup.php, line 663
The "From:" header should be set in one place, to prevent the inconsistencies above. This would allow it to be manually set in the cases where "wordpress@SERVER_NAME" is invalid, like mine. Preferably this should be displayed as an option in the web based configuration tool.
Change History (15)
- Keywords dev-feedback added
- Owner changed from anonymous to rob1n
- Status changed from new to assigned
- Milestone changed from 2.2 to 2.3 (trunk)
- Resolution fixed deleted
- Status changed from closed to reopened
- Version changed from 2.0 to 2.2.1