Make WordPress Core

Opened 3 weeks ago

Last modified 6 hours ago

#62077 new defect (bug)

New user registration emails send the default (wrong) "From:" headers

Reported by: michaelorlitzky's profile michael.orlitzky Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Mail Keywords:
Focuses: Cc:

Description

In wp-includes/pluggable.php, the wp_new_user_notification() function builds an email without headers:

$wp_new_user_notification_email = array(
  'to'      => $user->user_email,
  /* translators: Login details notification email subject. %s: Site title. */
  'subject' => __( '[%s] Login Details' ),
  'message' => $message,
  'headers' => '',
  );

This causes wp_mail() to use a default "From" header of...

/*                                                                                                                             
 * If we don't have an email from the input headers, default to wordpress@$sitename
 * ...
 */

This won't work if $sitename has DKIM/DMARC configured to require alignment between the signature and the "From" address. I don't think this is a rare scenario in 2024, and it causes the messages to be junked or deleted depending on the DMARC policy and the mail provider.

Using the site's administration email address would be much more reliable.

Change History (1)

#1 @sabernhardt
3 weeks ago

  • Component changed from General to Mail
  • Keywords mail removed
Note: See TracTickets for help on using tickets.