Contact Form DMARC Problem

Deedee · January 2, 2018, 10:07pm

Hi

I am new to the forum, so apologises if I have posed in the wrong place.

I have a property rental website which has a contact form where visitors use to contact owners.

The form has a Your Email field and whenever an AOL or Yahoo email is entered the submitted form is not received. I asked my host to check the logs and they confirmed that the reason is due to the DMARC policy. I have tested it with my domain emails and they come through fine.

I hired a programmer to help with the issue and they added SMTP authentication to the forms PHP but this has not fixed the issue.

Please can anyone advise?

Many Thanks In Advance
Dee

astonecipher · January 3, 2018, 2:49am

My advice is to use a mail service. One of the reasons I switched to a service, was that I could guarantee email delivery. Another reason, I could track the emails, opening, and clicks.

I personally use MailGun.

Deedee · January 3, 2018, 3:45am

Hi

Thanks for your reply, but none of the emails come to me, each member has their own listing page on this page there is a link to a contact form, it is the same form for all members, form results are emailed to each individual member using the email stored in the account.

Would I still be able to use such a service?

astonecipher · January 3, 2018, 4:05am

Yes. You can set it up a number of different ways, from using it as a SMTP server to making cURL requests. You pass in the data and they take care of delivery.

The analytics portion, allows you to check emails that were sent, whom to, when, and if they clicked any links.

If mkre information is needed or help setting something up, send me an email.

Deedee · January 3, 2018, 6:34am

Thanks for the offer to help :), is using a mail server the only option? I mean is there no other way?

My host said I need to set up smtp authentication, I did this but aol and yahoo emails are still not getting through. I was then told by someone that smtp authentication only connects to the sending mailbox.

I am totally confused

Deedee · January 3, 2018, 8:22am

I have been chatting to someone and they said I need to do the following steps:
SPF record.
DKIM signing.
Signing with external keys.
Publishing your DMARC records.
Verify messages with DMARC.

Has anyone else done that?

Take Care
Dee

astonecipher · January 3, 2018, 3:19pm

Henry would kill me if I didn’t do this,

https://www.unlocktheinbox.com/dmarcwizard/

Deedee · January 3, 2018, 6:26pm

Henry?

Can I ask what that does? Does it replace all of the above steps?

Thanks again for your help
Dee

astonecipher · January 3, 2018, 6:36pm

Have you gone to the link? It is in your steps, since that is the path you want to take.

Deedee · January 3, 2018, 7:44pm

I did but was unsure about what it actually does. To be honest I am very confused by the whole thing. :
I thought there would be an easier solution. I mean almost every website has a contact form so they must have experienced the same thing, yet all I can find are topics reporting the problem, but no fixes.

astonecipher · January 3, 2018, 7:53pm

Is your site JUST in PHP or does it use a framework like WordPress?

More than likely, the site is using the mail() function and it is completely unreliable.

Deedee · January 3, 2018, 8:07pm

It’s just php

I thought is would be quite easy to fix, I was told I needed to set up smtp authentication on my form, so with help I modified my mail.php file and entered my smtp account details but as I say aol and yahoo emails are still being rejected. I know it’s due to dmarc because my host checked the error logs:

2017-12-07 03:06:24 1eMmVz-0027vt-Nt ** [email protected] R=lookuphost T=remote_smtp H=gmail-smtp-in.l.google.com [74.125.133.27] X=TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128 CV=yes: SMTP error from remote mail server after end of data: 550-5.7.1 Unauthenticated email from aol.com is not accepted due to domain’s\n550-5.7.1 DMARC policy. Please contact the administrator of aol.com domain if\n550-5.7.1 this was a legitimate mail. Please visit\n550-5.7.1 https://support.google.com/mail/answer/2451690 to learn about the\n550 5.7.1 DMARC initiative. c138si2896131wmh.28 - gsmtp

I am pulling my hair out with this!

astonecipher · January 3, 2018, 8:19pm

[php]

<?php class Communication { const MAILGUN_API = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; const DOMAIN = 'XXXXXXXX.org'; public static function send( Array $msg, $recipient = false) { $config = array(); $config['api_key'] = self::MAILGUN_API; $config['api_url'] = "https://api.mailgun.net/v3/mg." . self::DOMAIN . "/messages"; $message = array(); $message['from'] = $recipient ? "no-reply@" . self::DOMAIN : $msg['cEmail']; $message['to'] = !$recipient ? "@" . self::DOMAIN : $msg['cEmail']; $message['h:Reply-To'] = !$recipient ? $msg['cEmail'] : ''; $message['subject'] = $msg['cSubject']; if(!$recipient) { $template = 'to_domain'; } else { $template = 'to_recipient'; } $placeholders = ['{name}', '{message}', '{email}']; $values = [htmlentities($msg['cName']), nl2br(htmlentities($msg['cMessage'])), htmlentities($msg['cEmail'])]; $content = str_replace($placeholders, $values, file_get_contents("/home/afbc/app/templates/{$template}.html")); $message['html'] = $content; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $config['api_url']); curl_setopt($ch, CURLOPT_HTTPAUTH, CURLAUTH_BASIC); curl_setopt($ch, CURLOPT_USERPWD, "api:{$config['api_key']}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $message); $result = curl_exec($ch); curl_close($ch); return $result; } } [/php] And it's usage: [php]<?php require '../../app/classes/Communication.php'; require '../../app/classes/Logger.php'; try { $google_secret = 'XXXXXXXXXXXXXXXXXX'; if ($_SERVER['REQUEST_METHOD'] == 'POST') { // return print_r($_POST); $receivedRecaptcha = $_POST['g-recaptcha-response']; $verifiedRecaptcha = json_decode(file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . $google_secret . '&response=' . $receivedRecaptcha)); if ($verifiedRecaptcha) { // print_r($_POST); $body = "{$_POST['cName']}, {$_POST['cEmail']}, {$_POST['cSubject']}\n{$_POST['cMessage']}\n\n"; $file = fopen("contact.log", "a+"); fwrite($file, $body); fclose($file); if (filter_var($_POST['cEmail'], FILTER_VALIDATE_EMAIL)) { if (Communication::send($_POST) && Communication::send($_POST, true)) { $data['code'] = 200; $data['msg'] = "Message Sent"; echo json_encode($data); } else { $data['code'] = 200; $data['msg'] = "Message could not be Sent"; echo json_encode($data); } } else { $data['code'] = 412; $data['msg'] = "Email was not valid"; echo json_encode($data); } } else { $data['code'] = 412; $data['msg'] = "ReCaptcha Was not valid"; echo json_encode($data); } } else { $data['code'] = 500; $data['msg'] = "Message could not be Sent"; echo json_encode($data); } } catch ( Exception $e) { Logger::log(print_r($e)); }[/php]

Deedee · January 3, 2018, 8:22pm

I must be being dumb, but what is that code?

Would it help if I posted my mail.php file?

astonecipher · January 3, 2018, 8:26pm

The code sends an email to a recipient, and a receipt to the sender, but, it uses the service I mentioned.

Three things to change and it is a drop-in