Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Yahoo new anti-spoofing policy breaks email delivery


dr_lucas

Recommended Posts

My site is suffering from this same issue, emails from the shop contact-us form are bounced by gmail due to Yahoo's new anti-spoofing policy, as described here:

http://www.pcworld.com/article/2141120/yahoo-email-antispoofing-policy-breaks-mailing-lists.html

 

What would be the recommended way to fix this?

Link to comment
Share on other sites

This is a related thread at drupal: https://drupal.org/node/2236237

Maybe good to include it here, to migrate the same solution or suggest similar one for osC.

Link to comment
Share on other sites

Hi

 

try this (works for me sending from contact_us.php on a bluehost server using a yahoo.com email as the customer's address and the store admin emails are handled by a Gmail account

 

in includes/functions/general.php find the tep_mail() function [at around line 1039 in osC 2.3.3.4 but ymmv] and replace it with this

 

function tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address) {
if (SEND_EMAILS != 'true') return false;

//new code starts here++++
//OK so let us do something with yahoo in the from email address - knock it down to lowercase and then do needle in haystack thing

if (strpos(strtolower($from_email_address), 'yahoo')){
//yahoo email so add in the reply to header and then take the yahoo reference out of the $from_email_address
//leaving it in there will stop the eamil reaching a Gmail account

$message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
$from_email_address ='Yahoo customer';

}else{
//no harm in giving the extra header in any case??
 $message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
}
//end new code +++++
// Build the text version
$text = strip_tags($email_text);
if (EMAIL_USE_HTML == 'true') {
 $message->add_html($email_text, $text);
} else {
 $message->add_text($text);
}
// Send message
$message->build_message();
$message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
}

Link to comment
Share on other sites

Thanks, Bob, just a quick note that yahoo mail also uses ymail.com and rocketmail.com domains, ie. better make the condition:

if ( (strpos(strtolower($from_email_address), 'yahoo')) || (strpos(strtolower($from_email_address), 'ymail')) || (strpos(strtolower($from_email_address), 'rocketmail')) ){

 

cheers :)

Link to comment
Share on other sites

nope, but wouldn't hurt

Link to comment
Share on other sites

  • 2 weeks later...

The thought process is close.. issue with this approach is it is too specific..

 

It should be more to the lines of checking if the FROM is different from the hosted domain, if so make some changes. Go read the dupral post.. its much more generic.. yahoo/ gmail connection is not the only combo.. paypal also consequently ebay are also involved.. I also need to make changes elsewhere because i have a highly modified oscmax installation, so this is affecting the merchant order copies.. for all installations it will affect the contact form, tell a friend form too.. maybe more.. oh the built in newsletter in the oscmax versions.

 

I'm happy to help test.

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

Has any of you set a dmarc record in your dns record along eith DKIM & SPF ? I have and today got 2 notices., I'm on my tablet and can't open them right now.. The emails look legit. The report is a zip attachment. Dumb thing is Gmail marked it as spam!

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

ok sorry for all the posts.. I checked those 2 emails.. dont much understand them, but one was from hotmail the other from yahoo.. I checked the default email box of the domain .. all my tests thus far have been bouncing there.. I see nothing in either time frame at all - not there, not in my gmail account.. no where

 

<?xml version="1.0"?>
-<feedback>
-<report_metadata>
<org_name>Yahoo! Inc.</org_name>
<email>[email protected]</email>
<report_id>1397813111.169969</report_id>
-<date_range>
<begin>1397692800</begin>
<end>1397779199 </end>
</date_range>
</report_metadata>
-<policy_published>
<domain>oneofmydomains.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<pct>100</pct>
</policy_published>
-<record>
-<row>
<source_ip>209.85.216.182</source_ip>  <<--that is a GOOGLE ip
<count>1</count>
-<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
-<identifiers>
<header_from>oneofmydomains.com</header_from>
</identifiers>
-<auth_results>
-<dkim>
<domain>gmail.com</domain>
<result>pass</result>
</dkim>
-<spf>
<domain>gmail.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>

 

<?xml version="1.0" encoding="UTF-8"?>
-<feedback>
-<report_metadata>
<org_name>Microsoft Corp.</org_name>
<email>[email protected]</email>
<report_id>[email protected]</report_id>
-<date_range>
<begin>1397775600</begin>
<end>1397862000</end>
</date_range>
</report_metadata>
-<policy_published>
<domain>oneofmydomains.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
-<record>
-<row>
<source_ip>208.67.xx.xxx</source_ip>  <<-- IP of oneofmydomains.com
<count>1</count>
-<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
-<identifiers>
<header_from>oneofmydomains.com</header_from>
</identifiers>
-<auth_results>
-<spf>
<domain>myserver.com</domain>
<result>fail</result>
</spf>
-<dkim>
<domain>oneofmydomains.com</domain>
<result>none</result>
</dkim>
</auth_results>
</record>
</feedback>

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

  • 2 weeks later...

and indeed AOL has now also started to reject failed DMARC mails..

see:

http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject/

 

.. please consider using an email address from your own domain as the From address and populate the Reply-To: line with the address of the person sharing.

we need to switch that method on the order emails, comment and share forms.. can someone help here?

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

@@wkdwich

 

You can simply change your tep_mail function to this, so that it will use the same method for all emails, not just Yahoo:

 

function tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address) {
if (SEND_EMAILS != 'true') return false;

$message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
$from_email_address ='Web Shop customer';

// Build the text version
$text = strip_tags($email_text);
if (EMAIL_USE_HTML == 'true') {
$message->add_html($email_text, $text);
} else {
$message->add_text($text);
}
// Send message
$message->build_message();
$message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
}

Link to comment
Share on other sites

It's not a osc pb I think, but on your server and domaine :

look this article :

DMARC (Domain-based Message Authentication, Reporting & Conformance), DKIM (DomainKeys Identified Mail)SPF (Sender Policy Framework) must be inserted on your server.


Regards
-----------------------------------------
Loïc

Contact me by skype for business
Contact me @gyakutsuki for an answer on the forum

 

Link to comment
Share on other sites

@@wkdwich

 

You can simply change your tep_mail function to this, so that it will use the same method for all emails, not just Yahoo:

 

function tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address) {
if (SEND_EMAILS != 'true') return false;

$message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
$from_email_address ='Web Shop customer';

// Build the text version
$text = strip_tags($email_text);
if (EMAIL_USE_HTML == 'true') {
$message->add_html($email_text, $text);
} else {
$message->add_text($text);
}
// Send message
$message->build_message();
$message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
}

 

I tried something very close to this as recommended by a contributor to the oscMAX forums:

 

$message = new email(array('X-Mailer: osCmax Mailer', 'Reply-To:'.$from_email_address, '[email protected]'));

 

and it actually made things worse.. now I had (2) FROM's and AOL flat out just rejected:

SMTP error from remote mail server after end of data:

host mailin-04.mx.aol.com [64.12.88.131]: 521 5.2.1 :

AOL will not accept delivery of this message.

 

 

 

while before at least I had:

SMTP error from remote mail server after end of data:

host mailin-01.mx.aol.com [64.12.88.132]: 521 5.2.1 :

(DMARC) This message failed DMARC Evaluation and is being refused due to

provided DMARC Policy

Debbie D
Franklin County, VA "Moonshine Capitol of the World"
osCmax Mobile Template oscmaxtemplates.com

Link to comment
Share on other sites

  • 6 months later...

This totally worked for me.  Thanks Bob Terveruren!!!

 

Hi

try this (works for me sending from contact_us.php on a bluehost server using a yahoo.com email as the customer's address and the store admin emails are handled by a Gmail account

in includes/functions/general.php find the tep_mail() function [at around line 1039 in osC 2.3.3.4 but ymmv] and replace it with this
 

function tep_mail($to_name, $to_email_address, $email_subject, $email_text, $from_email_name, $from_email_address) {
if (SEND_EMAILS != 'true') return false;

//new code starts here++++
//OK so let us do something with yahoo in the from email address - knock it down to lowercase and then do needle in haystack thing

if (strpos(strtolower($from_email_address), 'yahoo')){
//yahoo email so add in the reply to header and then take the yahoo reference out of the $from_email_address
//leaving it in there will stop the eamil reaching a Gmail account

$message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
$from_email_address ='Yahoo customer';

}else{
//no harm in giving the extra header in any case??
	 $message = new email(array('X-Mailer: osCommerce','Reply-To:'.$from_email_address));
}
//end new code +++++
// Build the text version
$text = strip_tags($email_text);
if (EMAIL_USE_HTML == 'true') {
	 $message->add_html($email_text, $text);
} else {
	 $message->add_text($text);
}
// Send message
$message->build_message();
$message->send($to_name, $to_email_address, $from_email_name, $from_email_address, $email_subject);
}
Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...