Make WordPress Core

Opened 3 years ago

Last modified 2 months ago

#22837 new defect (bug)

WP Needs to Set "Sender" and "Reply-To" or DKIM/DMARC will not work using wp-mail (via PHPMailer)

Reported by: kellogg9 Owned by:
Milestone: Future Release Priority: high
Severity: major Version: 3.4.2
Component: Mail Keywords: needs-patch
Focuses: Cc:

Description (last modified by scribu)

I notice that for DKIM to function (while using DMARC) correctly for outgoing mail the PHPMailer object needs to make sure the Sender and Reply-To fields match the "From" field otherwise the "Return-Path" header uses the server it is sending from causing a mismatch. When this happens DKIM fails authentication on the receiver side because it is not added to outgoing mail.

I tried adding the reply-to and sender header manually to wp_mail() but it did not work. One had to do the following:

Right now i have to manually modify the /wp-includes/pluggable.php file in the wp_mail() function to include:

	if (strlen($phpmailer->Sender)==0)
		$phpmailer->Sender = $phpmailer->From;

This resolves the problem and DKIM works again.

Change History (10)

#1 @scribu
3 years ago

  • Description modified (diff)
  • Severity changed from critical to normal

Note that functions in pluggable.php are called pluggable because you can re-define them in a plugin, so that you don't have to hack Core.

#2 @kellogg9
3 years ago

Yes, understandable and i was already aware of pluggable being able to be re-defined in a plugin but i figured having those few extra lines in the pluggable.php in future releases could improve security out of the box instead of having users scrambling around in hopes of a patch plugin existing (or needing to be made) to do such a simple thing so DKIM support can function normally.

Notice the new lines dont affect WP at all it just now makes all outgoing mail "properly formatted" so that the server can include a valid DKIM signature (if they so choose).

#3 @scribu
3 years ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release

Sure, makes sense.

#4 @dd32
3 years ago

See also, #5007 #5279 #5294 #5869 + others for the last time we added the Sender header
Also: #14888

#5 @DeanMarkTaylor
3 years ago

  • Cc DeanMarkTaylor added

#6 @Kirin_Lin
3 years ago

The bug, '#21659 - wp_mail() problem with Reply-To header', is also related with this one.

I found something wrong when I click the 'Reply' button on the email sent from Grunion Contact Form module of Jetpack plugin in GMail. The reason is wp_mail() doesn't deal with 'Reply-To' header.

Last edited 3 years ago by Kirin_Lin (previous) (diff)

#7 @preda.vlad
2 years ago

This is no longer a minor or cosmetic bug since Gmail changed their spam filters (~1 month ago).

If using EXIM mail server (the default mail server for cPanel), all emails sent to Gmail will either be silently discarded, or sent as spam. Postfix works fine as it automatically sets the Sender header, and the issue may also occur with other mail servers as well.

#8 @preda.vlad
2 years ago

  • Cc preda.vlad added
  • Severity changed from normal to major

#9 @simonyump
18 months ago

Is this a Google-specific thing regarding the Sender header? Or for any receiving MTAs that are using DKIM + DMARC?

And is it relevant only when the sending MTA applies DKIM to the message? What if DKIM is not used by the sender?

If anyone could supply links to official methods of handling this issue, that would be useful.

#10 @chriscct7
2 months ago

  • Priority changed from normal to high
Note: See TracTickets for help on using tickets.