#62077 closed defect (bug) (duplicate)
New user registration emails send the default (wrong) "From:" headers
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Keywords: | ||
| Focuses: | Cc: |
Description
In wp-includes/pluggable.php, the wp_new_user_notification() function builds an email without headers:
$wp_new_user_notification_email = array(
'to' => $user->user_email,
/* translators: Login details notification email subject. %s: Site title. */
'subject' => __( '[%s] Login Details' ),
'message' => $message,
'headers' => '',
);
This causes wp_mail() to use a default "From" header of...
/*
* If we don't have an email from the input headers, default to wordpress@$sitename
* ...
*/
This won't work if $sitename has DKIM/DMARC configured to require alignment between the signature and the "From" address. I don't think this is a rare scenario in 2024, and it causes the messages to be junked or deleted depending on the DMARC policy and the mail provider.
Using the site's administration email address would be much more reliable.
Change History (4)
#5
@
5 months ago
- Resolution set to duplicate
- Status changed from new to closed
@michaelorlitzky please read my long explanation here on why this is like it is and what you should be doing to avoid this kind of problem (TL;YR: Use wp_mail_from filter hook).
Closing this as essentially a duplicate of #60420
Note: See
TracTickets for help on using
tickets.
Replying to devseenc:
What sort of testing did you have in mind?
The site admin address already needs to be set to an address that WP can use to send emails. And morally, new user alerts fall under the "administrative" category. The wordpress@sitename address, on the other hand, will fail in a scenario that is quite common.
One is plainly wrong, and the other is as good as you're going to get without making this address separately configurable.