Form submissions not reaching Gmail addresses

I have a website with a number of forms for contacting club committee members (to avoid their email addresses appearing on the internet). I am finding that form submissions do not reach those who have Gmail addresses, not even into their junk/spam folders.

In PHP, after cleaning and some validation, I am constructing and sending the message as follows:

$emailContent = "From 'Contact Us' web page\n\n"
."Message:\n"
."   {$Message}\n\n"
."Name:\n"
."   {$Name}\n\n"
."Email:\n"
."   {$Email}\n\n"
."Phone:\n"
."   {$Phone}\n\n"
."";

$emailHead = "From:webmaster@xxxxxxxxx.co.uk\n"
."MIME-Version: 1.0\n"
."Content-type: text/plain; charset=utf-8\n"
."Content-transfer-encoding: 8bit\n";

mail("xxxxxxxxx@gmail.com","Website Form Submission",$emailContent,$emailHead);

Header("Location:contact-thanks.html");

This works fine for various email addresses that are not Gmail. However for a Hotmail address I receive a warning “We can’t verify that this email came from the sender so it might not be safe to respond to it”, with a link to this Microsoft page:
https://support.microsoft.com/en-gb/office/phishing-and-suspicious-behavior-in-outlook-0d882ea5-eedc-4bed-aebc-079ffa1105a3

In the email head, messages are constructed to appear to be from the webmaster’s email address. I have read that this reduces the chance of messages being regarded as spam because it’s on the same domain as the website.

Is there something I can do so messages from website forms will be received by Gmail addresses?

1. Does the webmaster’s email actually exist?
2. Is the server’s mail daemon configured to actually send it as the webmaster, or to make it ‘appear’ like it’s from the webmaster (and thus triggers every “This is spam/fake/malware” alarm in mail servers)

Many thanks. Yes, the webmaster’s email address does exist.

I will try to find out about the server’s mail daemon. When an email is received, it appears to come from webmaster@xxxxxxxxx.co.uk so that $emailHead seems to be working.

Yeah, but if the mail daemon’s configured to identify itself as example.com and its sending emails as notexample.co.uk without a relay between them, it’s going to look to gmail like someone’s faking a notexample.co.uk email.

Thanks again.

The issue seems to be with the SPF (Sender Policy Framework) text file, perhaps because emails from the website forms are sent from a different IP address to ordinary emails. I have raised a support ticket with the hosting company.

Email services today are quite strict on things like SPF and DKIM, with so many mail scams going on. So you will need to configure your DNS records to tell which domains and IPs are allowed to send mail from your domain.

Our hosting support has made this recommendation:

The issue here is that the emails are being sent directly from the server via PHP mail, which is not advised as it’s an old, outdated method, and due to increasingly high restrictions, it might not pass the SPF validation.

The solution would be to set the form to send from an actual email address via our SMTP.

They have provided me with PHP code that I need to configure, but I have not tried that yet to see if it works.

I hope this is helpful information for anyone else using the PHP mail function, especially if they are setting the sending email address to be the email address entered by a site visitor on a website form.

To clarify, were you attempting to send emails from your code without providing the necessary authentication details to the email server, valid credentials (username, password), hostname, port, and SSL configuration?

I am using the PHP mail function as shown in post #1. It usually works well but Gmail has become too fussy: not even sending emails into junk folder.

That’s what I thought, and I couldn’t believe it!
In my opinion, you have a very permissive email service provider!
For years, I’ve used several providers, from small ones to global services like Gmail or Zoho Mail, and none of them allow emails to be sent from a website without proper identification to their server.

If that’s what you are trying to do, forget it. Use an address from the actual domain as the sender, you can set the “Reply to” address to that of the visitor.
By using their address as the “from” you are effectivly spoofing their address, which any reputable email service will rightly reject.

Something like PHPMailer is a better solution.

I am not doing that. I was just recommending that it is not done!

I have now looked at the code provided by our hosting support. It does use PHPMailer.