WordPress.org

Make WordPress Core

Opened 2 years ago

Last modified 9 months ago

#22837 new defect (bug)

WP Needs to Set "Sender" and "Reply-To" or DKIM/DMARC will not work using wp-mail (via PHPMailer)

Reported by: kellogg9 Owned by:
Milestone: Future Release Priority: normal
Severity: major Version: 3.4.2
Component: Mail Keywords: needs-patch
Focuses: Cc:

Description (last modified by scribu)

I notice that for DKIM to function (while using DMARC) correctly for outgoing mail the PHPMailer object needs to make sure the Sender and Reply-To fields match the "From" field otherwise the "Return-Path" header uses the server it is sending from causing a mismatch. When this happens DKIM fails authentication on the receiver side because it is not added to outgoing mail.

I tried adding the reply-to and sender header manually to wp_mail() but it did not work. One had to do the following:

Right now i have to manually modify the /wp-includes/pluggable.php file in the wp_mail() function to include:

	if (strlen($phpmailer->Sender)==0)
	{
		$phpmailer->Sender = $phpmailer->From;
		$phpmailer->AddReplyTo($phpmailer->From);
	}

This resolves the problem and DKIM works again.

Change History (9)

comment:1 @scribu2 years ago

  • Description modified (diff)
  • Severity changed from critical to normal

Note that functions in pluggable.php are called pluggable because you can re-define them in a plugin, so that you don't have to hack Core.

comment:2 @kellogg92 years ago

Yes, understandable and i was already aware of pluggable being able to be re-defined in a plugin but i figured having those few extra lines in the pluggable.php in future releases could improve security out of the box instead of having users scrambling around in hopes of a patch plugin existing (or needing to be made) to do such a simple thing so DKIM support can function normally.

Notice the new lines dont affect WP at all it just now makes all outgoing mail "properly formatted" so that the server can include a valid DKIM signature (if they so choose).

comment:3 @scribu2 years ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release

Sure, makes sense.

comment:4 @dd322 years ago

See also, #5007 #5279 #5294 #5869 + others for the last time we added the Sender header
Also: #14888

comment:5 @DeanMarkTaylor2 years ago

  • Cc DeanMarkTaylor added

comment:6 @Kirin_Lin2 years ago

The bug, '#21659 - wp_mail() problem with Reply-To header', is also related with this one.

Version 0, edited 2 years ago by Kirin_Lin (next)

comment:7 @preda.vlad18 months ago

This is no longer a minor or cosmetic bug since Gmail changed their spam filters (~1 month ago).

If using EXIM mail server (the default mail server for cPanel), all emails sent to Gmail will either be silently discarded, or sent as spam. Postfix works fine as it automatically sets the Sender header, and the issue may also occur with other mail servers as well.

comment:8 @preda.vlad18 months ago

  • Cc preda.vlad added
  • Severity changed from normal to major

comment:9 @simonyump9 months ago

Is this a Google-specific thing regarding the Sender header? Or for any receiving MTAs that are using DKIM + DMARC?

And is it relevant only when the sending MTA applies DKIM to the message? What if DKIM is not used by the sender?

If anyone could supply links to official methods of handling this issue, that would be useful.

Note: See TracTickets for help on using tickets.