Email sending via SMTP only
Monday, March 5, 2012
Dear all
It is with much regret that we have to announce that we are considering putting into place a change that will mean that any scripts you have on your website will ONLY be able to send out email using SMTP / authenticated mail accounts.
We would like to change the PHPmail settings so if you have ANY scripts on your websites at all, that send emails to anywhere at all, then you will need to update those scripts immediately to send email using PHPMail via SMTP only, and provide your scripts (Such as wordpress, vbulletin, shopping carts etc) with the login details of one of your email account it can use to send emails.
This is NOT disabling the PHPmail function, but is simply requiring an existing email account you have setup within cPanel to be used by your scripts to send out your emails.
Apologies for wording it VERY badly.
We want to make this change on 1 server at a time, and it will be put in place on all shared/reseller servers.
We would like to hear your feedback on this ASAP as doing this will prevent any maliciously uploaded scripts from sending out spam, and YOU getting the blame for it if your website is exploited, and prevents our servers being blacklisted again.
A few questions we have already had in, regarding this:
Q. Will this affect php scripts that use the "mail" command?
A. Yes, it will, it will affect everything you use that sends email from your website, be it html/PERL/PHP, anything at all.
Un-authenticated mail sending will be prevented, so all mail sending must be sent via an authenticated account. PHPMail will still be fine, but you will need to set your script to use an existing email account, instead of "nobody" Thats all thats changing.
Q. Can you look as this contact page and tell me if it will be ok?
A. No, sorry, you will need to contact the person who built it or the website where you got it from. Sadly there are not enough hours in the day to check every customers scripts, and your website is of course, your responsibility.
Q. Why are you making this change?
A. Well, by making this change, it will prevent users exploited scripts from sending out email as "nobody" or making spam untracable. This is something we have wanted to implement for a long time, but have held off doing it because we wanted to trust our customers to keep their scripts up-to-date and secure, but time and time again we have been let down, and it is costing us money, and costing our customers a LOT of frustration when a server gets blacklisted. So we absolutely need to put a stop to un-authewnticated emails being sent out.
If there was another way, then sure, we would do that....
Q. When will it affect my server?
A. Well, as stated above, we would like to implement it this week, 1 server at a time, but fully intend to communicate with each servers users on a ser-by-server basis first, after getting everybodies reactions to the change. If every customer hates the idea and doesnt want it, then we shall have to do something else, but if everybody is happy with it, then we shall go ahead with it. We might even end up with some servers using it and some not, we shall have to see what our customers want, and balance it out against the risks of leaving things as they are.
Q. Can you give me an example of coding a PHP SMTP script?
A. Sure, we have just added on to our knowledgebase here: Sending Mail from PHP Using SMTP Authentication