-
Posted in : Read WP
-
EXECUTIVE SUMMARY:
The Read theme Contact template sends emails FROM the contact’s email address.
This should be FROM an email address at the website’s domain.Recreating the issue:
I used the Local app from WP Engine.
This has MailHog built in, which is an email testing tool.MailHog:
– Logs every email request from WordPress
– Does not send an email
– Never generates errorsI do the following:
Create a new WordPress install
Add the Read theme and activate it
Add a new Contact page based on Contact template
View the Contact pageI set the fields:
– Your Name = contact
– Your Email = contact@contact.com
– Subject = subject
– Your Message = messageI click “Send it”
I open MailHog and I find 1 email.
Here is the email source (lightly edited):
“””
From: contact <contact@contact.com>
Message-ID: …
Received: from localhost by mailhog.example (MailHog) …
Reply-To: contact@contact.com
Return-Path: …
Subject: [Test] subject
To:
X-PHP-Originating-Script: 502:send-mail.phpName: contact
Email: contact@contact.com
Message: message
“””What is the problem?
The message is being sent from the contact’s email address.Why is this wrong?
A domain’s “SPF Record” defines which servers can send emails from that domain.
Imagine the WordPress site with the Contact form is my-site.com.
This means my-site.com just sent an email FROM contact@contact.com.
The receiving SMTP server will ask the domain contact.com if my-site.com is allowed to send emails from contact.com.
contact.com will check if it’s “SPF Record” includes my-site.com
If my-site.com is on the list, contact.com says yes, then the contact email is delivered.
Otherwise, then the contact email is deleted.In reality, my-site.com will not be explicitly on the “SPF Record” of contact.com.
Instead, the check will be done against the “all” clause at the end of the “SPF Record”:
~all and the contact message is delivered but flagged as insecure or spam
-all and the contact message will be rejected
+all and the contact message will be delivered (and the site admin is a lunatic)Therefore, if you use the contact’s email address, the email is either delivered flagged as possible spam, or deleted.
Worse still, I don’t think PHP mail() knows about this delivery result.
Therefore the Contact form always says “SUCCESS”.How to fix this?
Change line 52 of send-mail.php which sets the FROM email to the contact’s email address.
Send it from an address at my-site.com, for example wordpress@my-site.com, admin@my-site.com …etc
Perhaps make this a configuration option.Hi,
Could you please try to use ninja form plugin instead of our default contact form?
Also, please install and activate the following plugin. Then configure it from its settings page for your site. ThanksWP Mail SMTP:
https://wordpress.org/plugins/wp-mail-smtp/
I was asked to investigate a problem with lost contact messages on a website, which uses version 1.0 of the Read theme from 10 years ago.
I found the problem which I describe above.
I thought updating the Theme would fix the problem. A new Theme licence had to be purchased as the old licence information had disappeared into the mists of time.
But no, the Contact template code in Read theme v4.6.1 is exactly the same as v1.0. It has not changed in 10 years.
Therefore, for the last 10 years, all users of the Read theme’s built in Contact page have been randomly losing contact messages.
The site I am working on has definitely lost contact messages. You have been paid twice for the theme. I estimate that I could fix the code in 2 hours or less.
Therefore, I want you to fix the error in the Contact template and release a new version of the Read theme, as a matter of priority!
Thanks.
Hi,
I will forward this topic to our developer and I will keep you updated.
Thanks
You must be logged in and have valid license to reply to this topic.