@MrCruz @hansen
Quick note about G Suite and using SMTP Relay – via
https://support.google.com/a/answer/2956491#sendinglimitsforrelay
“A registered G Suite user can’t relay more than 10,000 messages in a 24-hour period, and can’t relay messages to more than 10,000 unique recipients per 24-hour period. Users exceeding either of these limits see the error 550 5.4.5 Daily SMTP relay limit exceeded for user.”
…
If you’re using PHP’s mail()
function alone, that’s going to be your issue. Your best option would be to use something like SwiftMail or PHPMailer, which will allow you to connect over SMTP with ease.
…
Why? PHP’s mail function can be setup to use defined configuration in your php.ini
file, though it’s a hassle and what you set there applies globally. If you need to change, you have to modify that file to instead of simply defining in-app. There’s really no reason to use php.ini
as it’s counterproductive (in this specific case).
Unless you have a valid, working local mail server setup with at least SPF + DKIM (confirmed valid), the majority of mail sent will land in SPAM/Junk, if it’s not rejected altogether.
The reason for the above is pretty simple; it’s super-easy to abuse PHP’s mail()
function and it takes very little code to do it. A simple foreach()
or while()
loop with a timer could send tens of thousands of e-mails in no time.
For example, let’s look at something very basic. This won’t actually work as there’s no data – even with data, it’s still relying on PHP’s mail()
function, so it’ll all go to SPAM/Junk, but it serves a purpose for this example.
Note: This is a quick 5 minute script, it’s not meant to be clean, pretty, etc. It’s just an example :-).
<?php
/**
* Returns a random key from the provided array.
*/
function pickRand( array $from )
{
return array_rand( $from );
}
/**
* Sends way too many e-mails. If this actually caused mail to
* land in a users inbox, it'd be relatively easy to flood an
* inbox in seconds or minutes.
*/
function mailBomb( array $to, array $subjects, array $messages, $delay = 5 )
{
foreach ( $to as $recipient )
{
$subjectKey = pickRand( $subjects );
$message = ( array_key_exists( $randomSubjectKey, $messages ) )
? $messages[ $randomSubjectKey ]
: $messages[ pickRand( $messages ) ];
foreach ( $to as $recipient )
{
mail(
$recipient,
$subjects[ $subjectKey ],
$message,
'From: well.known@company.com' . "\r\n" .
'Reply-To: fake.email@spammer.com'
);
sleep( $delay );
}
}
}
/**
* Fictional array containing 10,000+ e-mail addresses.
* i.e. user.name@domain.ext ...
*/
$to = [];
/**
* Fictional array containing 10,000+ e-mail subjects.
* i.e. You've Won XYZ from PBC....
*/
$subjects = [];
/**
* Fictional array containing 10,000+ e-mail messages.
* For the purpose of this example, the key would match
* a key in our $subject array.
*/
$messages = [];
/**
* Run mailBomb Function
*/
mailBomb( $to, $subjects, $messages );
Now, the above would easily send any number of e-mails with a randomly selected subject and message using a fake e-mail as the sender (which may appear as if it’s coming from a reputable company) and a reply-to set as the spammers e-mail. If you didn’t look at the headers (and most people don’t), you might just reply.
Now you might say well when they reply back, they’ll reveal their real e-mail; not so. They could be filtering e-mail through a PHP script and then sending mail back out through another designed to keep the forged e-mail in-tact.
That’s why you don’t use mail()
alone and why you either:
1). Setup a real mail server (on a separate server) and make sure it’s in working order, or;
2). Use MailGun, SendGrid, Amazon, etc.
When combined with the mail libraries I noted above, those in #2 will help you to land your e-mail where it belongs instead of troubleshooting #1.
@MrCruz
Leaving this one as a comment rather than an answer since it’s just a link, but here’s a rather good comparison between the two posted by one of DigitalOcean’s own.
https://www.digitalocean.com/community/tutorials/apache-vs-nginx-practical-considerations