Hi, is there something in the email header that verifies that the email was sent SMTP and authenticated rather than plain text.
What do i look for?
I found some places where it showed SMTP but that was outlook incomming i believe. From the server i found this
Content-Type: text/html; charset=us-ascii
So that means it was sent HTML but that does not mean it was sent SMTP.
I also found a spot where it did say that the domain was authenticated so i guess that part is done.. But i still dont know if it was sent from the server secured SMTP.
Thanks 
The S in SMTP doesnt mean secure.
SMTP stands for SIMPLE Mail Transfer Protocol.
Not all SMTP servers require a SMTP-AUTH.
Hi, yes i never thought it meant secure, i know what it means, sorry i gave that impression.
So even if i have these set to true in PHPMailer
$mail->isSMTP(true);
$mail->SMTPAuth = true;
the server can decide what to do on its own, Is that correct?
Thanks
What’s the top-level problem you are trying to solve?
You are mixing terminology that has nothing to do with each other.
Php and the phpmailer class is not a mail server. It allows php to act as a mail client, and interface with an actual mail server.
When you use $mail->isSMTP(true);, phpmailer will directly use smtp commands to interface with a mail server. When you isMail(), isQmail(), or isSendmail(), phpmailer will use either the php mail() function, qmail, or the local sendmail binary to interface with a mail server.
When you use $mail->SMTPAuth = true;, phpmailer will use smtp authentication (username and password) when it sends the smtp commands to interface with a mail server.
Some mail servers are configured to trust the ip addresses of specific mail clients or php running on a web server and will accept smtp commands without requiring smtp authentication. This is typically the case of a locally hosted mail server on a network or at web hosting. For some locally hosted and most remotely hosted mail servers, they require smtp authentication to be used before accepting an email.
3 Likes
And to be utterly clear, the only part of the chain you control is your local client (PHP) talking to the local mail server.
Whether you use SMTP to talk to your local mail server has no bearing on how it transmits the email to the next server, or how the end user retrieves the email from their local server. Each step in the chain is independant.
The authentication portion is purely for the local server to determine if you are authorized to send mail from their local server. Once the mail is “in flight”, as it were, the server-to-server comms and end-user retrieval have nothing to do with the auth.
1 Like
Thank you both for your informative replies, it makes better sense now. I do apologize for my mixing up of terms. Things have changed since my prime days at the keyboard.
In my day we referred to the authentication as just “the handshake” and we had ways of confirming that the email was in fact sent in an encrypted form which is what i refer to as being “sent securely”. Now days i have no idea how to do that.
Its not that i have a coding issue, its that i was thinking (which gets me into trouble) that how can i say that i send secured (encrypted) emails when i dont know how to verify that fact. This was the purpose of my original question which a used the wrong terms to ask, sorry about that.
I mean… pretty much every server, unless you or your recipient are using really crappy ones, is going to use TLS to encrypt the communication channel.
If you mean End to End Encryption, im not aware of a PHP based solution for that