Opened 12 years ago
Last modified 12 months ago
#22837 new defect (bug)
WP Needs to Set "Sender" and "Reply-To" or DKIM/DMARC will not work using wp-mail (via PHPMailer)
Reported by: | kellogg9 | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | high |
Severity: | major | Version: | 3.4.2 |
Component: | Keywords: | needs-patch close 2nd-opinion | |
Focuses: | Cc: |
Description (last modified by )
I notice that for DKIM to function (while using DMARC) correctly for outgoing mail the PHPMailer object needs to make sure the Sender and Reply-To fields match the "From" field otherwise the "Return-Path" header uses the server it is sending from causing a mismatch. When this happens DKIM fails authentication on the receiver side because it is not added to outgoing mail.
I tried adding the reply-to and sender header manually to wp_mail() but it did not work. One had to do the following:
Right now i have to manually modify the /wp-includes/pluggable.php file in the wp_mail() function to include:
if (strlen($phpmailer->Sender)==0) { $phpmailer->Sender = $phpmailer->From; $phpmailer->AddReplyTo($phpmailer->From); }
This resolves the problem and DKIM works again.
Change History (15)
#2
@
12 years ago
Yes, understandable and i was already aware of pluggable being able to be re-defined in a plugin but i figured having those few extra lines in the pluggable.php in future releases could improve security out of the box instead of having users scrambling around in hopes of a patch plugin existing (or needing to be made) to do such a simple thing so DKIM support can function normally.
Notice the new lines dont affect WP at all it just now makes all outgoing mail "properly formatted" so that the server can include a valid DKIM signature (if they so choose).
#3
@
12 years ago
- Keywords needs-patch added
- Milestone changed from Awaiting Review to Future Release
Sure, makes sense.
#6
@
12 years ago
The bug, '#21659 - wp_mail() problem with Reply-To header', is also related with this one.
I found something wrong when I click the 'Reply' button on the email sent from Grunion Contact Form module of Jetpack plugin in GMail. The reason is wp_mail() doesn't deal with 'Reply-To' header.
#7
@
11 years ago
This is no longer a minor or cosmetic bug since Gmail changed their spam filters (~1 month ago).
If using EXIM mail server (the default mail server for cPanel), all emails sent to Gmail will either be silently discarded, or sent as spam. Postfix works fine as it automatically sets the Sender header, and the issue may also occur with other mail servers as well.
#9
@
10 years ago
Is this a Google-specific thing regarding the Sender
header? Or for any receiving MTAs that are using DKIM + DMARC?
And is it relevant only when the sending MTA applies DKIM to the message? What if DKIM is not used by the sender?
If anyone could supply links to official methods of handling this issue, that would be useful.
#11
follow-ups:
↓ 12
↓ 13
@
9 years ago
I can see the possibility of changing this so that in the default everything matches. However, there's not a need to modify the function (pluggable or otherwise) as @kellogg9 mentioned. The phpmailer settings can be handled with the phpmailer_init action.
phpmailer_init fires after PHPMailer is initialized. So the action can be used to cleanup any settings as needed. I believe that until a full fix is in place, the following would patch it:
add_action( 'phpmailer_init', 'my_phpmailer_dkim_cleanup' ); function my_phpmailer_dkim_cleanup( $phpmailer ) { if ( '' == $phpmailer->Sender ) { $phpmailer->Sender = $phpmailer->From; $phpmailer->AddReplyTo( $phpmailer->From ); } }
#12
in reply to:
↑ 11
@
9 years ago
I've been using a similar snippet for a while but without the Reply-To header; adding it makes DKIM to fail for me.
Replying to cbutlerjr:
I can see the possibility of changing this so that in the default everything matches. However, there's not a need to modify the function (pluggable or otherwise) as @kellogg9 mentioned. The phpmailer settings can be handled with the phpmailer_init action.
phpmailer_init fires after PHPMailer is initialized. So the action can be used to cleanup any settings as needed. I believe that until a full fix is in place, the following would patch it:
add_action( 'phpmailer_init', 'my_phpmailer_dkim_cleanup' ); function my_phpmailer_dkim_cleanup( $phpmailer ) { if ( '' == $phpmailer->Sender ) { $phpmailer->Sender = $phpmailer->From; $phpmailer->AddReplyTo( $phpmailer->From ); } }
#13
in reply to:
↑ 11
@
9 years ago
Hi @cbutlerjr ... thanks for the reply. A few years back, about a year after i opened this bug ticket, i stumbled upon the phpmailer_init() action and implemented a virtual identical version that you wrote (shown below). It has been working ever since. Thanks for adding this to my ticket. I guess i should have added an update here a few years back. Here is hoping though that the core team finally adds the fix into their official build.
~Kimberly
add_action( 'phpmailer_init', 'my_phpmailer_dkim_cleanup' ); function my_phpmailer_dkim_cleanup( $phpmailer ) { if ( '' == $phpmailer->Sender ) { $phpmailer->Sender = $phpmailer->From; $phpmailer->AddReplyTo( $phpmailer->From ); } }
#14
@
2 years ago
- Keywords close 2nd-opinion added
- Milestone set to Awaiting Review
I came across this one going through a list of tickets that have lost their milestone at some point. Re-adding one to help surface this one in reports.
I'm not sure how I'd go about testing this issue locally, but here are a few thoughts.
PHPMailer has undergone some big changes since this ticket was created, and WordPress is now on the latest version of the library (6.x) after the work in #41750. It would be great if someone could test for this issue using the latest version of WordPress (6.0 at the time of this comment) to see if this problem still exists.
DKIM is not something configured or used by default for WordPress sites. The wp_mail()
function tries to be as generic as possible to work on as many sites as possible, and as far as I can tell, wp_mail()
does not have any considerations for any specific authentication type.
All this said, I'm leaning towards closing this out as something that should be handled by a plugin, or the custom code configuring DKIM in PHPMailer.
Note that functions in pluggable.php are called pluggable because you can re-define them in a plugin, so that you don't have to hack Core.