I am new to PHP and I am making a page where I have form on it. When the client fills all of the information from the input fields and clicks submit I am receiving a mail. The problem that I am facing is that even though I am entering different senders email address on the form , when I click the submit btn , the mail in my inbox that I am receving it turns out to be from me ( i.e. like I am sending it to myself -even though there is a different senders email address on the form). I have tried everything I really do not know where my problem is. In here I am using $$$ because I am hiding my real info.
Here is my code
<form action="send-mail.php" method="post">
<div class="b-form__inputWrap">
<label for="name">Name</label>
<input name="name" id="name">
</div>
<div class="b-form__inputWrap">
<label for="email">email</label>
<input name="email" id="email">
</div>
<div class="b-form__inputWrap">
<label for="name">Subject</label>
<input name="subject" id="subject">
</div>
<div class="b-form__inputWrap">
<label for="name">Message</label>
<textarea name="message" id="message" name="message" placeholder="enter message"></textarea>
</div>
<button class="b-form__btn" type="submit" name="submit">Send</button>
</form>
PHP
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
use PHPMailerPHPMailerPHPMailer;
use PHPMailerPHPMailerException;
require 'vendor/phpmailer/phpmailer/src/Exception.php';
require 'vendor/phpmailer/phpmailer/src/PHPMailer.php';
require 'vendor/phpmailer/phpmailer/src/SMTP.php';
if (isset($_POST["submit"])) {
try {
$mail = new PHPMailer(true);
$mail->isSMTP();
$mail->Host = 'smtp.gmail.com';
$mail->SMTPAuth = true;
$mail->Username = '$$$$$$$$$$';
$mail->Password = '$$$$$$$$$$$$$$$$$';
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
$mail->Port = 465;
$mail->setFrom($_POST['email']);
$mail->addAddress('$$$$$$$$$$$$$');
$mail->addReplyTo($_POST['email']);
$mail->isHTML(isHtml:true);
$mail->Subject = $_POST["subject"];
$mail->Body = $_POST["message"];
$mail->send();
echo 'Email sent successfully!';
} catch (Exception $e) {
echo "Message could not be sent. Mailer Error: {$mail->ErrorInfo}";
}
}
?>
2
Answers
You are logging in to Gmail as $$$$$$$$$$ (your own address). Why would they allow you to seem like you are sending from some other address?
It is a security measure. Gmail will not let you do this.
Workaround: Append their email address at the end of their text.
As already said, many e-mail servers, including Gmail, will not let you send e-mails as someone else. This is to protect Google (or any other host) from being banned by other servers for sending spam and malware.
And that’s for a reason. If you can say you are someone, who filled form, then just as good you can say you are president of USA. 99% of internet users don’t know how to check it, and even, if they do, usually they don’t check every mail they see.
But even, if you have your own server, where you can set sender without any problem, it is not a good idea. Most servers verifies, who is sending e-mail. For example, of you are trying to send mail as [email protected] from IP 123.456.12.34 they will ask domain example.com if it can send mails from that IP (if you want to know more, google for SPF). If it does not, they will just delete such mail as it’s almost always malware, and probably will ban this IP address for at least few days and even add it to some blacklist, so other will ban this IP too.
What you can do is to set repply-to address ((but even this can be blocked) or just you can add this mail somewhere in message body, like "user with mail [email protected] send following message:[br][message goes here]".
But try to say you are not you, this is just asking for trouble.