Opened 3 weeks ago
Last modified 6 hours ago
#62077 new defect (bug)
New user registration emails send the default (wrong) "From:" headers
Reported by: | michael.orlitzky | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Keywords: | ||
Focuses: | Cc: |
Description
In wp-includes/pluggable.php
, the wp_new_user_notification()
function builds an email without headers:
$wp_new_user_notification_email = array(
'to' => $user->user_email,
/* translators: Login details notification email subject. %s: Site title. */
'subject' => __( '[%s] Login Details' ),
'message' => $message,
'headers' => '',
);
This causes wp_mail()
to use a default "From" header of...
/*
* If we don't have an email from the input headers, default to wordpress@$sitename
* ...
*/
This won't work if $sitename
has DKIM/DMARC configured to require alignment between the signature and the "From" address. I don't think this is a rare scenario in 2024, and it causes the messages to be junked or deleted depending on the DMARC policy and the mail provider.
Using the site's administration email address would be much more reliable.
Note: See
TracTickets for help on using
tickets.