Wut’s happening forum
So everytime I send an email using mail ( ) like this:
$to = "$email";
$subject = "Mailing List Confirmation";
$headers = "From: blah blah blah";
$body = "Hello, $fname
Thank you for your subscription to this update mailing list.
Once an entry related to $query is updated, an email notification would be sent to you promptly.
Blah blah blah.";
mail($to, $subject, $body, $headers);
I mean it works perfectly, but there’s always a messsage saying “this email is suspicious” or some sort when I use hotmail
but when i use gmail, no such warning appears. Still i would like to send a “non-suspicious” email in case some users r using hotmail.
Is there anyway i can fix up this code to enhance its security level?
You do not need to and should not ever make a variable assignment that way.
$to = $email;
That works just fine. Wrapping double quotes around it wastes processor time, not to mention it looks downright amateurish. The only possible upside to that approach is it will cast the result to a string, but it’s more efficient to do this.
$to = (string) $email;
Not to mention that explicitly casting makes your intent clear to the next programmer down the line.
Assuming you are using a valid sender email address and not ‘blah blah blah’ in the example then its hard to say. I wouldn’t fret too much about it though - email from fortune 500 companies ends up being mistakenly labeled as suspicious. There’s little you can do about it from the sender side.
You can try using a qualified SMTP gateway instead of PHP’s internal Mail function. To do that use the PHP Mailer class. It’s been around a long while and is incorporated in several frameworks including Joomla.