Why shouldn't I use PHP's mail() function?

倖福魔咒の 提交于 2019-11-26 04:49:13

问题


The general opinion when it comes to sending email messages in PHP is to stay clear of PHP\'s built-in mail() function and to use a library instead.

What I want to know are the actual reasons and flaws in using mail() over a library or extension. For example, the commonly specified headers that aren\'t included in a standard mail() call.


回答1:


Quoting:

Disadvantages of the PHP mail() function

In some cases, mails send via PHP mail() did not receive the recipients although it was send by WB without any error message. The most common reasons for that issue are listed below.

  • wrong format of mail header or content (e.g. differences in line break between Windows/Unix)
  • sendmail not installed or configured on your server (php.ini)
  • the mail provider of the recipeint does not allow mails send by PHP mail(); common spam protection

Errors in the format of header or content can cause that mails are treated as SPAM. In the best case, such mails are transfered to the spam folder of your recipient inbox or send back to the sender. In the worst case, such mails are deleted without any comment. If sendmail is not installed or not configured, no mails can be send at all.

It is common practice by free mail provider such as GMX, to reject mails send via the PHP function mail(). Very often such mails are deleted without any information of the recipient.




回答2:


PHP's mail() is said to garble headers and runs slowly. I can't say this from personal experience because I've never used it, because, like you, I've always been advised against it. If you look at the comments on the entry for mail() in the PHP manual, you can see some of the problems people have with it (esp. with headers).

It's definitely not suited for sending any substantial amount of email, because, according to the manual itself,

It is worth noting that the mail() function is not suitable for larger volumes of email in a loop. This function opens and closes an SMTP socket for each email, which is not very efficient.

For the sending of large amounts of email, see the » PEAR::Mail, and » PEAR::Mail_Queue packages.

AFAIK, it's never preferable (performance-wise) to open and close a socket for each message you send regardless of the amount of mail you're sending.

Basically, it's a function that works, but not very well, and is eclipsed by a number of better libraries.




回答3:


What matters is not only the mail() function but also the smtp server you use in conjunction. I've used three different smtp servers with php: postfix, qmail,sendmail.

In my experience postfix was the easiest one to work with php mail() but even postfix had some problems. You will encounter small bugs. It could be things like the "to" recipients receiving correctly structured emails and "bcc" recipients receiving corrupt emails. You'll lose a lot of time trying to figure out these bugs. And your fixes will make your code not work properly with the other smtp servers.

The problem lays with the handling of the email header and PHP unfortunately does a poor job about that. Recently I switched to "PHP Mailer" library. In our website we have two smtp servers, one with postfix, and one with qmail. "PHP Mailer" worked with both of them with no additional configuration.




回答4:


The biggest reason is that mail() can talk directly to a mail server, and if you don't know what you are doing when sanitizing your input, a hacker may be able to spoof your mail server into sending mail other than what you intend. Most third party libraries have better sanitation (or better API's) to help prevent this.



来源:https://stackoverflow.com/questions/4565066/why-shouldnt-i-use-phps-mail-function

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!