I have a server that uses PHPMailer, is it safe to use it or I will finish in a RBL?

As title.

I would like to let my customers send email using my server through PHP Mailer but I want that customers uses their private account to send email, for this reason I'm using PHP Mailer.

Customers can configure their SMTP parameter and use my server to send email using their account.

The question is.

Will my server finish in an RBL if someone will use it to send spam with their SMTP server?

8 Replies

Every time an email is transmitted with SMTP, the IP address of the sending server is added to the email headers. Since your customers aren't connecting to PHPMailer with SMTP, the first SMTP connection will be between your server and Gmail. Therefore when someone examines your email for spamminess, your server's IP address, not Gmail, will appear to be the origin of the spam.

@IfThenElse:

It is risky, to be honest and overall a bad idea.

What if you run in another exploit in PHPMailer? there have been many in the past and one quite recently.

Plus, you may get into a ton of hurt if you encounter problems with SPF (and or DMARC/DKIM).

What are the risks?

Could I finish in a RBL for that?

@sblantipodi:

What are the risks?

Could I finish in a RBL for that?

If "their SMTP server" participates in a mail feedback loop and your client sends spam (either intentionally or via an exploit) then you could easily end up on one or more RBLs.

@sleddog:

@sblantipodi:

What are the risks?

Could I finish in a RBL for that?

If "their SMTP server" participates in a mail feedback loop and your client sends spam (either intentionally or via an exploit) then you could easily end up on one or more RBLs.

thanks for the answer but I don't get it.

my server is running phpmailer, phpmailer need an external smtp server to send email, suppose that one on my ill-intenioned client will use gmail SMTP to send spam.

he will send spam through my PHPmailer but the server that sends the spam is gmail.

so why should I go into an RBL?

@sblantipodi:

@sleddog:

@sblantipodi:

What are the risks?

Could I finish in a RBL for that?

If "their SMTP server" participates in a mail feedback loop and your client sends spam (either intentionally or via an exploit) then you could easily end up on one or more RBLs.

thanks for the answer but I don't get it.

my server is running phpmailer, phpmailer need an external smtp server to send email, suppose that one on my ill-intenioned client will use gmail SMTP to send spam.

he will send spam through my PHPmailer but the server that sends the spam is gmail.

so why should I go into an RBL?

Your server connects to the gmail server and transmits a message. Gmail examines the message, identifies it as spam and refuses to relay it. Or, gmail relays the message to its destination where it's identified as spam and rejected (with a response back to gmail). If it happens enough then the gmail account may be suspended and the sending server may be blacklisted by gmail.

It is risky, to be honest and overall a bad idea.

What if you run in another exploit in PHPMailer? there have been many in the past and one quite recently.

Plus, you may get into a ton of hurt if you encounter problems with SPF (and or DMARC/DKIM).

@hybinet:

Every time an email is transmitted with SMTP, the IP address of the sending server is added to the email headers. Since your customers aren't connecting to PHPMailer with SMTP, the first SMTP connection will be between your server and Gmail. Therefore when someone examines your email for spamminess, your server's IP address, not Gmail, will appear to be the origin of the spam.

nice explanations so, what is the meaning of PHP Mailer? :D

@sblantipodi:

nice explanations so, what is the meaning of PHP Mailer? :D

Do you mean what is the purpose of PHPMailer?

It's useful when you need to send automated emails that are obviously not spam. Signup confirmations, Password resets, various notifications… They all have a fixed format, serve a specific purpose, and are only triggered by specific actions that the user clearly expects to get an email from. So there's a low chance of your emails being seen as spam.

It's also useful when you have a contact form. Since you're the only person who will be receiving emails from a contact form, the emails won't be seen as spam as long as you don't mistakenly click the Spam button.

Letting anyone send an email to anyone through your server, on the other hand, leaves the door open to too much abuse.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct