Opened 4 months ago
Last modified 3 months ago
#62077 new defect (bug)
New user registration emails send the default (wrong) "From:" headers
Reported by: | michael.orlitzky | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Keywords: | ||
Focuses: | Cc: |
Description
In wp-includes/pluggable.php
, the wp_new_user_notification()
function builds an email without headers:
$wp_new_user_notification_email = array(
'to' => $user->user_email,
/* translators: Login details notification email subject. %s: Site title. */
'subject' => __( '[%s] Login Details' ),
'message' => $message,
'headers' => '',
);
This causes wp_mail()
to use a default "From" header of...
/*
* If we don't have an email from the input headers, default to wordpress@$sitename
* ...
*/
This won't work if $sitename
has DKIM/DMARC configured to require alignment between the signature and the "From" address. I don't think this is a rare scenario in 2024, and it causes the messages to be junked or deleted depending on the DMARC policy and the mail provider.
Using the site's administration email address would be much more reliable.
Change History (2)
Note: See
TracTickets for help on using
tickets.
Replying to devseenc:
What sort of testing did you have in mind?
The site admin address already needs to be set to an address that WP can use to send emails. And morally, new user alerts fall under the "administrative" category. The wordpress@sitename address, on the other hand, will fail in a scenario that is quite common.
One is plainly wrong, and the other is as good as you're going to get without making this address separately configurable.