Make WordPress Core

Opened 19 months ago

Last modified 7 months ago

#22837 new defect (bug)

WP Needs to Set "Sender" and "Reply-To" or DKIM/DMARC will not work using wp-mail (via PHPMailer)

Reported by: kellogg9 Owned by:
Milestone: Future Release Priority: normal
Severity: major Version: 3.4.2
Component: Mail Keywords: needs-patch
Focuses: Cc:

Description (last modified by scribu)

I notice that for DKIM to function (while using DMARC) correctly for outgoing mail the PHPMailer object needs to make sure the Sender and Reply-To fields match the "From" field otherwise the "Return-Path" header uses the server it is sending from causing a mismatch. When this happens DKIM fails authentication on the receiver side because it is not added to outgoing mail.

I tried adding the reply-to and sender header manually to wp_mail() but it did not work. One had to do the following:

Right now i have to manually modify the /wp-includes/pluggable.php file in the wp_mail() function to include:

	if (strlen($phpmailer->Sender)==0)
		$phpmailer->Sender = $phpmailer->From;

This resolves the problem and DKIM works again.

Change History (8)

comment:1 scribu19 months ago

  • Description modified (diff)
  • Severity changed from critical to normal

Note that functions in pluggable.php are called pluggable because you can re-define them in a plugin, so that you don't have to hack Core.

comment:2 kellogg919 months ago

Yes, understandable and i was already aware of pluggable being able to be re-defined in a plugin but i figured having those few extra lines in the pluggable.php in future releases could improve security out of the box instead of having users scrambling around in hopes of a patch plugin existing (or needing to be made) to do such a simple thing so DKIM support can function normally.

Notice the new lines dont affect WP at all it just now makes all outgoing mail "properly formatted" so that the server can include a valid DKIM signature (if they so choose).

comment:3 scribu19 months ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release

Sure, makes sense.

comment:4 dd3219 months ago

See also, #5007 #5279 #5294 #5869 + others for the last time we added the Sender header
Also: #14888

comment:5 DeanMarkTaylor18 months ago

  • Cc DeanMarkTaylor added

comment:6 Kirin_Lin18 months ago

The bug, '#21659 - wp_mail() problem with Reply-To header', is also related with this one.

Version 0, edited 18 months ago by Kirin_Lin (next)

comment:7 preda.vlad7 months ago

This is no longer a minor or cosmetic bug since Gmail changed their spam filters (~1 month ago).

If using EXIM mail server (the default mail server for cPanel), all emails sent to Gmail will either be silently discarded, or sent as spam. Postfix works fine as it automatically sets the Sender header, and the issue may also occur with other mail servers as well.

comment:8 preda.vlad7 months ago

  • Cc preda.vlad added
  • Severity changed from normal to major
Note: See TracTickets for help on using tickets.