Web Hosting

How to Send Mail from PHP

Our shared web hosting servers no longer have a sendmail binary or run a mail transfer agent (MTA) and consequently cannot accept mail locally for delivery. Instead, you will need to configure your application to connect to a mail submission server to send mail.

Affected functions

The PHP functions mail() and imap_mail() have been disabled so that you get a clear error message if you attempt to use them.

Regardless of the fact that they are disabled, the servers cannot accept mail locally for delivery anyway, as they do not contain a sendmail binary nor run a MTA.

Recommendations

Instead of sending mail directly using the mail() or imap_mail() functions, you should connect to the submission server of your mail provider (whether Sargasso or another provider).

Typically submission servers run on port 587 (unencrypted by default) or 465 (TLS encrypted) and run a subset of SMTP, so you may find this functionality referred to as "SMTP mail".

At this time we permitting outbound connections to port 25 as well, however this port is also used for SMTP, and we reserve the right to block outbound port 25 without notice if abuse is detected in the future, so we recommend you use one of the assigned ports for submission, 587 or 465.

You will typically need the following information to set up your SMTP submission connection:

• SMTP server hostname
• SMTP server port
• Encryption (on/off/STARTTLS)
• SMTP-AUTH username
• SMTP-AUTH password

Acceptable Use

You can use this service only for transactional e-mail (i.e. message specifically triggered from an action initiated by the user, such as placing an order). It remains against our acceptable use policy to originate marketing, mass, or other non-transactional e-mail from our servers. Please use a third party service purposely designed to meet these needs.

Applications

Many prebuilt web applications already contain functionality to send mail using SMTP, or can be easily extended with plugins to do this. A short list of examples appears below; please note that we have not tested any of these solutions and cannot endorse or support any of them:

Drupal

Plugin: SMTP Authentication Support.

Wordpress

Plugin: WP Mail SMTP.

Joomla

Built-in: Docmentation.

Magento

Plugin: SMTP by Mageplaza.

Rationale

Frequently we find that websites send mail indiscriminately without any checks and without any rate limiting. With the rise of 'bots' hammering web forms, this can produce a huge volume of mail once the bot finds a functional web form.

This can cause large volumes of unwanted mail not only to the site owner, but also potentially to uninvolved individuals. For example, many contact forms will send a copy of the message to the e-mail address of the person who submitted the form - but without any validation, this can be any e-mail address on the internet. Effectively the bots leverage your site to send their spam to third parties.

The resulting spam also causes our servers to be put on blacklists, meaning other customers cannot get legimate mail delivered reliably.

There are limited options for us to resolve this on the web server. Rate limiting is problematic and would still allow spam submissions through. Content scanning is beyond our remit and liable to incorrect classification. Adding CAPTCHAs is recommended, but needs to be done by the customer as it is outside our scope as hosting provider.

We have taken the view that the web server is not the correct place to resolve this problem. Instead, the mail should be submitted to a mail submission server which will already have systems in place to limit or block abuse. This mail submission server can be the mail service you receive from Sargasso, or a third party.