About a year ago, I had a similar issue except then system would crash after pressing Submit. The issue was caused because of PHP 8 incompatibility problems. However, got the coding to fix all of that and things worked good again and with PHP 8. But now something new is happening. Now, when Submit is pressed, system doesn't crash and goes to the after submission screen like its supposed to. Everything appears to be working fine except for one thing. No emails are being received. Last on line submission form I received was on 2/6/2024. No coding was changed at all, just nothing sends at all. I tested multiple on line submission forms on several websites. Same thing, nothing is sending. The coding I used to fix everything before is the same on all the on-line submission pages. It appears to be an issue with PHP. The coding for 1 of these pages is below.
`

<?php
// grab recaptcha library
// require_once "recaptchalib.php";
// foreach ($_POST as $key => $value) {
    //echo '<p><strong>' . $key.':</strong> '.$value.'</p>';
  //}
// your secret key
$recaptcha_secret_key = "6LeW4RQUAAAAAJ4NvgWIKJc4b-AeKp6LcLFCFQoS";

// empty response
$recaptcha_response = $_POST['g-recaptcha-response'];

$recaptcha_url = 'https://www.google.com/recaptcha/api/siteverify';
$recaptcha_data = array(
    'secret' => $recaptcha_secret_key,
    'response' => $recaptcha_response
);

$recaptcha_options = array(
    'http' => array(
        'header' => "Content-type: application/x-www-form-urlencoded\r\n",
        'method' => 'POST',
        'content' => http_build_query($recaptcha_data)
    )
);

$recaptcha_context = stream_context_create($recaptcha_options);
$recaptcha_result = file_get_contents($recaptcha_url, false, $recaptcha_context);
$recaptcha_json = json_decode($recaptcha_result);

if ($recaptcha_json->success) {
    // ReCaptcha validation successful, process the form submission
    // Your form processing code goes here

$subject = "Showing Scheduling";
$message = "RadiantNewHorizonHomes.com Showing Scheduling" . "\r\n" . "\r\n" .
"Name: " . $_POST['ShowingName'] . "\r\n" .

"Phone Number : " . $_POST['ShowingPhone1'] . "\r\n" .

"E-mail Address: " . $_POST['ShowingEmail'] . "\r\n" .
"Properties wants to see: " . $_POST['ShowingHomes'] . "\r\n" .
"Date(s)/Time(s) wants to see them: " . $_POST['ShowingTimes'] . "\r\n" .






"Questions or Comments: " . $_POST['ShowingQuestions'] . "\r\n" .

"How Heard About Us: " . $_POST['ShowingHearing'] . "\r\n" .

$from = $_POST['ShowingEmail'];
$headers = "From: $from" . "\r\n";

$to = "david.tigner@radiantnewhorizonhomes.com";
mail($to,$subject,$message,$headers);
$to = "Agents1@radiantnewhorizonhomes.com";
mail($to,$subject,$message,$headers);

} else {
    // ReCaptcha validation failed, display an error message or take appropriate action
    // Example: redirect back to the form page with an error message
    header('Location: form.php?error=recaptcha');
    exit();
}   

?>

`

`

The first thing I will say is never output $_POST[] content directly into the HTML without escaping it first. You are leaving yourself wide open to an HTML injection attack. Not only that, but you're also leaving yourself open to invalid HTML. All it takes is to wrap your user-sent variables with htmlspecialchars to make sure they're HTML-escaped. Instead of "Name: " . $_POST['ShowingName'] . "\r\n" . you should be doing "Name: " . htmlspecialchars($_POST['ShowingName']) . "\r\n" ..

That being said, if the code stayed the same and suddenly stopped working, have you looked into your mail server? Do you have access to the PHP error log somewhere that might say if mail() returned any errors? For testing, you might want to see if mail() is returning false for some reason as well.

In your code where you write mail($to,$subject,$message,$headers); if you want to get error messages or "do something if it fails" you need to alter it a bit to something like:

if(mail($to,$subject,$message,$headers)){
    //if successful do something
}else{
    //if error do something else
}

//or

var_dump(mail($to,$subject,$message,$headers));

//or

$tmp = mail($to,$subject,$message,$headers);
var_dump($tmp);

I had a problem around a year or 2 ago with the basic mail function not working correctly and I only had user rights to the hosting server so editing server config was not possible.

I solved it with the PHP Mailer, it gives you much better control over it and more advanced email options - I copied the code I used at that time and hopefully removed all the passwords:

<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'includes/PHPMailer/src/Exception.php';
require 'includes/PHPMailer/src/PHPMailer.php';
require 'includes/PHPMailer/src/SMTP.php';

$survey = 'Form Data:'."\r\n";
$survey .= 'Some form data:'."\r\n";//make your email body to send here

$mail = new PHPMailer(TRUE);
/* Open the try/catch block. */
try {
    /* Set the mail sender. */

    $mail->CharSet = "UTF-8";
    $mail->Encoding = 'base64';
    $mail->isSMTP();
    $mail->Host       = 'mail.example.com';                     //Set the SMTP server to send through
    $mail->SMTPAuth   = true;
    $mail->SMTPSecure = 'tls';
    $mail->Username   = 'enquiry@example.com';                     //SMTP username
    $mail->Password   = '1234567890abcdefg!';                               //SMTP password
    $mail->Port       = 587;                                    //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`

    // $mail->DKIM_domain = 'example.com';
    // $mail->DKIM_private = 'test.key';
    // $mail->DKIM_selector = '_default';
    // $mail->DKIM_passphrase = '';
    // $mail->DKIM_identity = $mail->From;
    // //Suppress listing signed header fields in signature, defaults to true for debugging purpose
    // $mail->DKIM_copyHeaderFields = false;
    //Optionally you can add extra headers for signing to meet special requirements
    //$mail->DKIM_extraHeaders = ['List-Unsubscribe', 'List-Help'];


    $mail->setFrom('enquiry@example.com', 'Enquiry Example');
    /* Add a recipient. */
    $mail->addAddress('hello@example.com');
    /* Set the subject. */
    $mail->Subject = 'Survey Form filled out';
    /* Set the mail message body. */
    $mail->Body = $survey;
    /* Finally send the mail. */
    $mail->send();
}
catch (Exception $e)
{
   /* PHPMailer exception. */
   echo $e->errorMessage();
}
?>

I do not have access to the PHP error log nor do I know how to check to see if mail() is returning false. The coding I'm using has worked (e.g. sent email with submitted info) for 13 years and now stopped working. My URL/PHP provider, Ionos, claims it won't send because all recipient email addresses need to be authenticated and a new STMP PHPmailer program needs to be used. In generic coding I got for that, I saw $mail -> send();. I'm going to try $mail -> send($to,$subject,$message,$headers); to see if that works.

Re: Biiim's post, the coding you suggest to get error messages looks like something good to try and the PHP Mailer stuff looks the same as the generic code I got from Ionos. It sounds like all these methods are appearing favorable for solving the problem. This kind of troubleshooting can be very frustrating so thanks for your help.

I wonder if the problem is that your php mail() function is configured to use SMTP in your php.ini file. A lot of SMTP servers switched over the past year or so to using XOAuth2 for authentication. A username + password in your config settings will no longer suffice to establish a connection. You can see me complaining about it here. It's my understanding that PHPMailer has built-in XOauth2 support so that was a good recommendation. Here's a link to a Q&A on Stack Overflow that has an example implementation of using XOauth2 with PHPMailer.

Ran into some new issues. Here goes. In order to download PHPMailer, must download Composer. In order to install Composer, need a Command Line PHP.exe file. I do not have one of these. I have been using PHP services from URL provider, 1 & 1/Ionos since 2011. They said in order to get a Command Line PHP.exe file, requires SSH to 'Connect to Webspace'. They use Linux web hosting packages and said to use PuTTY. I installed that and successfully signed in. From here it is unclear of what to do and Ionos doesn't know either. All they said was that something changed in Feb 2024 (last on line submission form I received was in early Feb 2024 so the timeline is matching). Question: how does one get the Command Line PHP.exe file needed to install Composer ? In Composer Setup, this Command Line PHP.exe file would be added to the 'PATH'.

You don't need composer or access to the php.exe.

just locate the PHPmailer Directory into your web root, to keep it simple and the require links should point to where it is located.

mine is require 'includes/PHPMailer/src/PHPMailer.php';

cause I put it in a folder called includes, this should be relative to the file that is using it.

if you have a file inside a directory using it you will need to go up directories until you reach root - or wherever you put the PHPMailer folder. like require '../../includes/PHPMailer/src/PHPMailer.php';

I don't have access to the hosting server either and I didn't use composer

EDIT:
to download it just go to Github https://github.com/PHPMailer/PHPMailer

click on the green button that says code and click download zip, extract it and put that directory onto your ftp and require it in the file

EDIT2:

All they said was that something changed in Feb 2024 (last on line submission form I received was in early Feb 2024 so the timeline is matching).

Feb 2024 is date co-incident with Google and Yahoo requiring DMARC authentication for sending emails to them, the mail() function was probably failing these tests on DMARC & DKIM, that would explain why it died at that time

More problems. I incorporated the coding Biiim provided. Before any changes, after submission, would display the correct (yellow) screen. After code changed, not only will still not send email but screen turns blank white. URL provider, IONOS, told me that the Host is smtp.ionos.com and the Username and password are for an email address associated with the domain that the online submission page is on, and since these online submission pages are on a total of 4 domains, each using a different email address, if doing one on a different domain, would have a different username and password (doesn't explain how to send more than 1 email address though, including forward only email addresses that don't have password). They also said that Port = 465. In the code block below, I included the new code added (plus the original all //'d). The submission pages use ReCaptcha 3 which works so I omitted the code for it from the code block below. One weird thing, in my editor, the 'use' commands were coming back as syntax errors but would display blank white screen regardless if the use commands are there or //'d. The 'includes' directory name from Biiim's code was changed to PHPMailer and is in the web root directory (each of the 4 domains has its own web root directory, the PHPMailer one is in the root as are the other 4, such as RNHindex, directory for RadiantNewHorizonHomes.com where the code block shown below is stored: e.g. in the root directory are directories: PHPMailer, RNHindex, etc.).

IONOS tech line said that the reason for the blank white screen is something in the coding not being understood by PHP 8.2. Any insights on what could be causing the blank white screen ?

<?php


use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'PHPMailer/PHPMailer/src/Exception.php';
require 'PHPMailer/PHPMailer/src/PHPMailer.php';
require 'PHPMailer/PHPMailer/src/SMTP.php';

$survey = "RadiantNewHorizonHomes.com General Inquiries" . "\r\n" . "\r\n" .
"Name: " . $_POST['Name'] . "\r\n" .

"E-mail Address: " . $_POST['Email'] . "\r\n" .
"Phone Number: " . $_POST['Phone'] . "\r\n" .


"Comments or Questions: " . $_POST['Message'] . "\r\n" . //make your email body to send here

$mail = new PHPMailer(TRUE);
/* Open the try/catch block. */
try {
    /* Set the mail sender. */

  $mail->CharSet = "UTF-8";
  $mail->Encoding = 'base64';
  $mail->isSMTP();
  $mail->Host       = 'smtp.ionos.com';                     //Set the SMTP server to send through
  $mail->SMTPAuth   = true;
  $mail->SMTPSecure = 'tls';
  $mail->Username   = 'david.tigner@RadiantNewHorizonHomes.com';                     //SMTP username
  $mail->Password   = '(password)';                               //SMTP password
  $mail->Port       = 465;                                    //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`

    // $mail->DKIM_domain = 'example.com';
    // $mail->DKIM_private = 'test.key';
    // $mail->DKIM_selector = '_default';
    // $mail->DKIM_passphrase = '';
    // $mail->DKIM_identity = $mail->From;
    // //Suppress listing signed header fields in signature, defaults to true for debugging purpose
    // $mail->DKIM_copyHeaderFields = false;
    //Optionally you can add extra headers for signing to meet special requirements
    //$mail->DKIM_extraHeaders = ['List-Unsubscribe', 'List-Help'];


  $mail->setFrom('david.tigner@RadiantNewHorizonHomes.com', 'David Tigner');
    /* Add a recipient. */
  $mail->addAddress('david.tigner@RadiantNewHorizonHomes.com');
   /* Set the subject. */
  $mail->Subject = 'Comments and/or Questions';
    /* Set the mail message body. */
  $mail->Body = $survey;
    /* Finally send the mail. */
  $mail->send();
}
catch (Exception $e)
{
   /* PHPMailer exception. */
 echo "Message could not be sent. Mailer Error: ".$e->getMessage();
}



// $subject = "Comments and/or Questions";
// $message = "RadiantNewHorizonHomes.com General Inquiries" . "\r\n" . "\r\n" .
// "Name: " . $_POST['Name'] . "\r\n" .

// "E-mail Address: " . $_POST['Email'] . "\r\n" .
// "Phone Number: " . $_POST['Phone'] . "\r\n" .


// "Comments or Questions: " . $_POST['Message'] . "\r\n" .



// $from = $_POST['Email'];
// $headers = "From: $from" . "\r\n";


// $to = "david.tigner@RadiantNewHorizonHomes.com";
// mail($to,$subject,$message,$headers);

?>

After code changed, not only will still not send email but screen turns blank white.

That's a PHP fatal error. It could be a syntax error, or it could also be that PHPMailer is not in the location you're telling PHP to look. Do you have any way of accessing the error log? Without access to the server, perhaps through a web-based control panel like cPanel, etc.?

At first glance, I see that on lines 11-18 in the code you posted above, you don't have a semi-colon at the end.

To clarify, I am suggesting:

[...]

//make your email body to send here
$survey =
    "RadiantNewHorizonHomes.com General Inquiries" . "\r\n" . "\r\n" .
    "Name: " . $_POST['Name'] . "\r\n" .
    "E-mail Address: " . $_POST['Email'] . "\r\n" .
    "Phone Number: " . $_POST['Phone'] . "\r\n" .
    "Comments or Questions: " . $_POST['Message'] . "\r\n"
;

[...]

Hi David,

More problems. I incorporated the coding Biiim provided. Before any changes, after submission, would display the correct (yellow) screen. After code changed, not only will still not send email but screen turns blank white. URL provider, IONOS, told me that the Host is smtp.ionos.com and the Username and password are for an email address associated with the domain that the online submission page is on, and since these online submission pages are on a total of 4 domains, each using a different email address, if doing one on a different domain, would have a different username and password (doesn't explain how to send more than 1 email address though, including forward only email addresses that don't have password). They also said that Port = 465. In the code block below, I included the new code added (plus the original all //'d). The submission pages use ReCaptcha 3 which works so I omitted the code for it from the code block below. One weird thing, in my editor, the 'use' commands were coming back as syntax errors but would display blank white screen regardless if the use commands are there or //'d. The 'includes' directory name from Biiim's code was changed to PHPMailer and is in the web root directory (each of the 4 domains has its own web root directory, the PHPMailer one is in the root as are the other 4, such as RNHindex, directory for RadiantNewHorizonHomes.com where the code block shown below is stored: e.g. in the root directory are directories: PHPMailer, RNHindex, etc.).
IONOS tech line said that the reason for the blank white screen is something in the coding not being understood by PHP 8.2. Any insights on what could be causing the blank white screen ?

I think if I explained SMTP a bit it would help you solve your problem.

an SMTP server is an email server, it sends & receives emails and usually hosts email inboxes for particular domain names - for example smtp.ionos.com is an SMTP server.

To send out an email from an SMTP server you need to connect to it and logon with a password to an SMTP account, for instance your radiantnewhorizonhomes.com is a domain and it should exist as a mailbox on the SMTP server located at smtp.ionos.com

so with PHPMailer, you need to connect to an SMTP server with the correct connection details and then you can send emails to that SMTP server to send out the emails for you. TLS & SSL is either port 465 or 587. plain SMTP is on port 25.
If you log-in as someone@radiantnewhorizonhomes.com the server will likely reject trying to send out an email that is not from someone@radiantnewhorizonhomes.com or the receiving SMTP server will likely reject it as a simple lookup will show the wrong originating IP address for an email from that domain.

So to get to the point, you only need one SMTP account to connect with PHPmailer and send emails, you don't need 4. You can pick any email address at all - just pick a generic type of email address for that purpose to send all the forms out through it.

These credentials are the same credentials you use to setup a mailbox in outlook, thunderbird or any email client, you could stick in any email account you have credentials for to test it - you could even create a new email account with gmail or something.

worst you can just write the form data to a text file so you can download it from the FTP.

I found a similar situation you might try mail-not-sending-with-phpmailer-over-ssl-using-smtp

From looking around a bit you can try these variations until you find one that works:

$mail->SMTPSecure = "ssl";
$mail->SMTPSecure = "tls";
$mail->Port = 587;
$mail->Port = "465";

on your blank screen, like Dani pointed out, there is the error on line 18 that needs a semicolon on the end:

"Comments or Questions: " . $_POST['Message'] . "\r\n" . //make your email body to send here

Should be

"Comments or Questions: " . $_POST['Message'] . "\r\n"; //make your email body to send here

This one is becoming more perplexing. After adding in the PHPMailer coding, page would crash (e.g. blank white screen, HTML file that would display the screen doesn't even start at all, e.g. error in the 1st running PHP file). Adding the semi-colon at end of line 18 (in previously discussed code) did not work and funny thing is, the original coding did not have the ; there and while no emails of submitted info were being sent at least the screen display HTML file (2nd running file after the PHP) was. So I started adding the new code bit by bit to the original PHP file to see where it would crash. First I added:
require 'PHPMailer/PHPMailer/src/Exception.php'; require 'PHPMailer/PHPMailer/src/PHPMailer.php'; require 'PHPMailer/PHPMailer/src/SMTP.php';
The program did not crash.
Then I added:

$mail = new PHPMailer(TRUE);
/* Open the try/catch block. */
try {
    /* Set the mail sender. */

  $mail->CharSet = "UTF-8";
  $mail->Encoding = 'base64';
  $mail->isSMTP();
  $mail->Host       = 'smtp.ionos.com';                     //Set the SMTP server to send through
  $mail->SMTPAuth   = true;
  $mail->SMTPSecure = 'tls';
  $mail->Username   = 'kaosfrenzy@aol.com';                     //SMTP username
  $mail->Password   = '(password)';                               //SMTP password
  $mail->Port       = 465;                                    //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`

    // $mail->DKIM_domain = 'example.com';
    // $mail->DKIM_private = 'test.key';
    // $mail->DKIM_selector = '_default';
    // $mail->DKIM_passphrase = '';
    // $mail->DKIM_identity = $mail->From;
    // //Suppress listing signed header fields in signature, defaults to true for debugging purpose
    // $mail->DKIM_copyHeaderFields = false;
    //Optionally you can add extra headers for signing to meet special requirements
    //$mail->DKIM_extraHeaders = ['List-Unsubscribe', 'List-Help'];


  $mail->setFrom('david.tigner@RadiantNewHorizonHomes.com', 'David Tigner');
    /* Add a recipient. */
  $mail->addAddress('david.tigner@RadiantNewHorizonHomes.com');
   /* Set the subject. */
  $mail->Subject = 'Comments and/or Questions';
    /* Set the mail message body. */
  $mail->Body = $survey;
    /* Finally send the mail. */
  $mail->send();

}

//if (!$mail->Send()) {
    //echo "Mailer Error: " . $mail->ErrorInfo;
//}else{
    //  echo "Message sent!";
    // }
catch (Exception $e)
{
   /* PHPMailer exception. */
 echo "Message could not be sent. Mailer Error: ".$e->getMessage();
}

The program crashed !
Note: I used a new SMTPaccount username and password

I then removed the coding that caused the crash and added in the use PHPMailer\PHPMailer\PHPMailer; use PHPMailer\PHPMailer\Exception; lines (come before the require lines). This also caused the program to crash. I had put the PHPMailer directory in both the root and the root for the domain (/RNHIndex). Something is not right in the new coding. Any ideas on what is causing the crash ? About accessing the error log, that may be difficult as using 1 & 1/Ionos PHP files. What is coding to access error logs or how can a web based control panel like cPanel be obtained ?

It seems like you're experiencing issues with PHP-based email functionality, where submissions are not triggering emails to be sent. Let's dive into the code snippet you provided and see if we can identify any potential issues or improvements.

commented: And ... ? -8

I checked my code and I only found 2 differences, the first is the 2 use commands before the require:

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require 'includes/PHPMailer/src/Exception.php';
require 'includes/PHPMailer/src/PHPMailer.php';
require 'includes/PHPMailer/src/SMTP.php';

and the second is mine uses port 587 instead of 465:

$mail->Port       = 587;      //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`

Otherwise the code you pasted is the same as mine, I also have date_default_timezone_set('Etc/UTC'); but I can't think of why that would prevent an error

EDIT:
Also I noticed your email account you are logging into is @aol.com you probably can't log in as an AOL account, as that domain is owned by Yahoo.

You need an email address that has a mailbox setup on your email server at smtp.ionos.com (74.208.5.2):

Type    Domain Name     IP Address      TTL
A       smtp.ionos.com  74.208.5.2  24 hrs

You could possibly spoof setting up an aol.com account on your email server but it won't work practically as aol.com is owned by Yahoo so you cannot tell the DNS servers to redirect that domain to resolve to your email server's IP address and you will probably get into a lot of other problems with other authentication checks that require DNS access.

EDIT2:

You could also try taking the PHP out of the try - catch block to see if that helps, I have had odd hidden behaviour in try catch blocks in different languages before, something like:

$mail = new PHPMailer(TRUE);
$mail->CharSet = "UTF-8";
$mail->Encoding = 'base64';
$mail->isSMTP();
$mail->Host       = 'smtp.ionos.com';                     //Set the SMTP server to send through
$mail->SMTPAuth   = true;
$mail->SMTPSecure = 'tls';
$mail->Username   = 'kaosfrenzy@aol.com';                     //SMTP username
$mail->Password   = '(password)';                               //SMTP password
$mail->Port       = 465;                                    //TCP port to connect to; use 587 if you have set `SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS`
$mail->setFrom('david.tigner@RadiantNewHorizonHomes.com', 'David Tigner');
$mail->addAddress('david.tigner@RadiantNewHorizonHomes.com');
$mail->Subject = 'Comments and/or Questions';
$mail->Body = $survey;
$mail->send();

I just discovered some new information on why the online submission pages weren't sending as during some testing I discovered there was a way for the submitted info to be sent. Here it is. I have online submission pages on 4 websites: RadiantNewHorizonHomes.com, RTO-USA.net, SubterraneanSoundStudio.com and RebHellionRecords.com. Each of these 4 domains can have email addresses associated with them (e.g. name@RadiantNewHorizonHomes.com, name@RTO-USA.net, etc.). If, on the front end of the submission form, in the input box for sender's email address, ANY email address (real or fake) can be entered and the submitted information will send successfully. But here's the catch. While on the left side of the email address, anything can be sent (real or fake), the right side of the email address (e.g. the @url.com part) MUST be @RadiantNewHorizonHomes.com, @RTO-USA.net, @SubterraneanSoundStudio.com or @RebHellionRecords.com otherwise the submitted info will not send. These 4 right side endings can be used interchangeably on any of the 4 sites (for example could put name@RTO-USA.net on RadiantNewHorizonHomes.com and submitted info would send). Any other email address right side (for example @gmail.com, @aol.com, etc. or even a fake, perhaps @domain.fake) would fail to send. In the past, any email address (real or fake) could be submitted and would send successfully.
Any insights on how to cure this issue ?

commented: That sounds like your host has implemented anti-spam methods. The domain you mention appears to be yours so why should it be other than radiant? +17

My 4 domains are all through URL provider IONOS. The question is why does the sender's email address as entered on the front end of the on-line submission form have to have the same ending as the domain name of the site or one of the other 3 or else submitted info fails to send ?

commented: Exactly what a good email server should do. Sender should match with domain being sent from. +0

That's a problem. The email addresses issued for @RadiantNewHorizonHomes.com or 1 of the other 4 are created by me. Unknown parties that submit online forms on one of my domains would not have one of these email addresses. I would want to receive the submitted info from senders of any email address like has been since 2011 until Feb 2024. This is crucial so I could reply back to them. There are many online submission pages running on many sites which do not require the sender to have the same email address ending as the domain. From what you're saying if someone has an email address ending in @gmail.com then the only website that an online submission page would send submitted info from would be gmail.com. Continuing from that example, lets say someone is visiting my site RTO-USA.com and wants to submit an online submission form. In order for me to receive that submission, the user would have to contact me first to get an email address ending in @RTO-USA.net (or 1 of the other 4). Then they would have to put the email address that I created for them on the online submission form in order for me to receive it. To me, this scenario seems ridiculous and obviously there is a way for online submission pages to send submitted info without the user having to have an email address ending in the domain that the online submission page is on. For 13 years mine did after all...

commented: Time to talk to your email provider. This is anti-spoofing not anti-spam. i.e. making emails "appear" to be from other than the true sender. +0

There is no making emails "appear" to be from other than the true sender. I'll explain further. Suppose John Smith has an email address of johnsmith@gmail.com. John then goes on to one of my sites, lets say RTO-USA.net, and fills out an online submission form and enters his email address truthfully (johnsmith@gmail.com). This email address is his real email address and he is telling the truth. He presses the submit button. The submitted info would fail to send because his email address wasn't entered as johnsmith@RTO-USA.net (or johnsmith@SubterraneanSoundStudio.com, etc.). Who would be the true sender, John Smith of email address johnsmith@gmail.com or someone else ?

commented: Since John isn't the sender but your code then all is as it should be today. Anti-spoof measures are working. +0

If John isn't the sender then who is ? Also, continuing from the John Smith example, if John Smith enters his email address as johnsmith@SubterraneanSoundStudio.com or johnsmith@RTO-USA.net (ficticious email addresses) then the submitted info would be emailed to me but if he uses his true email address then it would not.

Continuing from this example, lets say, I, David Tigner, submit one of my online submission forms using my real email address of truth625@yahoo.com. The submitted info would not be sent. Would that mean that I am not the sender ? However, if I used the fake email address of truth625@RTO-USA.net, it would get sent. I enter true information and it doesn't get sent but enter false information and it does. That's anti-spoof measures ?

commented: I think you're almost there. What sends the email is your code and as such is the sender so any other domain would be a spoof. +0

Then it seems to me that if I change $from = $_POST['ShowingEmail']; to $from = "Unknown@RTO-USA.com"; (or @SubterraneanSoundStudio.com, etc.) then the submitted info should send. This Unknown@RTO-USA.com email address is fake but apparently that doesn't matter. The only thing that matters is that the @domain.com part of the email address matches 1 of the domains provided by IONOS (my URL supplier). If this does in fact solve the problem, it would make replying back to the submitter a little bit more complicated as instead of replying to the email, would have to forward it to the submitter's email address, e.g. $_POST['ShowingEmail']. I'll be trying that to see if the online submission pages send without the submitter having to enter an email address ending in @RTO-USA.net, etc. In these examples, the submitter would be John Smith, me or whoever and the sender would be the website itself. Without getting the submitter's email address, the forms would be kind of useless as I wouldn't be able to email the submitter (only call them if phone number is one of the questions on the on-line submission form (most of them ask this question)).

$from = $_POST['ShowingEmail'];
$headers = "From: $from" . "\r\n";
commented: Weird formatting choice. +0

I'll do whatever works to get the submission pages to send again with any submitter's email address. The End Justifies The Means. If it works then I can refine it as needed.

commented: This isn't a code issue. It's the email server rules. Talk to your provider. +0

If this does in fact solve the problem, it would make replying back to the submitter a little bit more complicated

In your mail headers, you can specify both a From: email address, that is an email address from your domain name, as well as a separate Reply-To: email address, that can be any email. This way, when someone clicks on the Reply button from their email client, it will reply to the email address specified in Reply-To.

The way I see it is that the email address in question is one inputted by the submitter. What if this question is not asked ? So I'm seeing if in the back end PHP file, the email address in question is not anything entered by submitter but simply one with the correct @site.com ending. That way should slip "under the radar" and submitted info would send. It also seems to me the submitter's email address question doesn't have to be removed. That submitted info would still display in the submitted info email's body but would be from "<anything>@site.com". And since its the @site.com part of the email address that allows the submitted info to send (whatever is to the left of the @ is irrelevant), the sender would be the site itself and not the submitter. But the submitter's email address would still display in the body. That way should be able to "have cake and eat it". I'll be running new testing to see what happens...

Hey David,

You should not pretend to send an email from x@gmail.com as this is spoofing.

I forward all forms from a website from a generic email such as forms@ or enquiry@ (@yourlocaldomain.com)

Emails have basic checks done on them, which is why your spoofing fails, you are trying to say X@gmail.com sent an email but gmail didn't, only gmail.com has the authority to say who can send emails for gmail.com, which is why you need to send the email from a domain that you own.

If you say what problem you are trying to solve there is probably a solution for it, like you can add a "replyto:" header to be able to reply back to the custom email address?

It is all done in DNS, to send an email the domain is looked up to find the mail exchange record(mx):

Mail Server
mx:rto-usa.net - 1 Tests Failed
Pref    Hostname    IP Address  TTL
10  mx00.ionos.com  74.208.5.3  60 min
10  mx01.ionos.com  74.208.5.21 60 min

and to receive an email the spf(sender policy framework) record:

spf:rto-usa.net
Type    Domain Name TTL Record  Prefix  Value   PrefixDesc  Description
record                  txt     v=spf1 include:_spf-us.ionos.com ~all
v                   spf1        The SPF record version
include             +   _spf-us.ionos.com   Pass    The specified domain is searched for an &#39;allow&#39;.
all             ~       SoftFail    Always matches. It goes at the end of your record.

https://mxtoolbox.com/emailhealth/rto-usa.net/

Then it checks that your IP address is in the list of allowed IP Addresses to send for that domain, if not you are spoofing and any email server should reject the email if you do not match. The email could literally have been sent by anyone.

There is also additional checks such as DKIM (Domain Keys Identified Mail), DMARC (Domain Message Authentication, Reporting and Conformance). DMARC is now required for sending emails to Gmail & Yahoo. You can see these in your gmail account by looking in the menu and clicking "Show original".

Basically what I'm saying is that you sending emails as x@gmail.com will never work unless you do it offline or locally.

I am not pretending to send emails from x@gmail.com or any other email address. Here's what is happening: If a submitter (the one that fills out the form and presses the Submit button) doesn't enter an email address ending in a domain that I own, the submitted info will not send. If they do, it will. The email address they enter in this case does not have to be real, only end in a domain that I own. Furthermore, in order for a submitter to get a real email address ending in a domain that I own, they would have to contact me to do so. For 11 years, up until Feb 2024, the submitter could enter any email address (or anything really, I've received submissions where for email address, the submitter put their actual address (for example, 123 Main Street)). Considering this, what needs to be done is have the email address the submission form was sent from be something like submissions@RTO-USA.net (or other domain that I own) but then have the submitter's email address appear in the body of the email so I would know who to reply to. I believe this is what Dani is referring to: 'In your mail headers, you can specify both a From: email address, that is an email address from your domain name, as well as a separate Reply-To: email address, that can be any email.'. This is what my next round of edits/testing was going to be.

commented: And what does your email provider say about this? I re-read the discussion and sounds like antispoof measures were enabled. +17
commented: I like your plan of attack - It sounds like you know what to do now. My guess is the security update in Feb 2024 had something to do with it. +9

They said they can't help me and to contact a web developer because it deals with coding.

commented: I'm following this discussion but as presented it is anti-spoof security measures that were enabled at the server level. +0

Today is a good day. The problem has been solved. Problem was anti-spoofing stuff being added to my email server sometime in February. The clue that was found during testing was I had by chance entered an email address ending in @(one of domains that I own), (not even a real email address) and form emailed successfully. And by changing only 1 line of code, everything worked again normally. Now if John Smith puts johnsmith@gmail.com on the submission, I receive things again ! Here's what was done:
$from = $_POST['TestimonialEmail']; changed to $from = "Submissions@RTO-USA.net";. Problem solved. It was that easy. 2 months of frustration to get there though... But I didn't stop there. I made things better than they were before. I took Dani's advice, 'The first thing I will say is never output $_POST[] content directly into the HTML without escaping it first. You are leaving yourself wide open to an HTML injection attack. Not only that, but you're also leaving yourself open to invalid HTML. All it takes is to wrap your user-sent variables with htmlspecialchars to make sure they're HTML-escaped. Instead of "Name: " . $_POST['ShowingName'] . "\r\n" . you should be doing "Name: " . htmlspecialchars($_POST['ShowingName']) . "\r\n" ..' and added the htmlspecialchars() stuff in. Now with that, all I have to do is make the changes on all the other online submission pages on my 4 domains. Easy job now that I know what to do...

$subject = "Testimonial Submission";
$message = "\r\n" . "Rent-To-Own America Testimonial Submission" . "\r\n" . "\r\n" .
"Name: " . htmlspecialchars($_POST['TestimonialName']) . "\r\n" .
"Phone Number : " . htmlspecialchars($_POST['TestimonialPhone']) . "\r\n" .
"E-mail Address: " . htmlspecialchars($_POST['TestimonialEmail']) . "\r\n" .
"Message: " . htmlspecialchars($_POST['TestimonialMessage']) . "\r\n" .
"How Heard About Us: " . htmlspecialchars($_POST['TestimonialHearing']) . "\r\n" .
$from = "Submissions@RTO-USA.net";
$headers = "From: $from" . "\r\n";
$to = "DaveT@RTO-USA.net";
mail($to,$subject,$message,$headers);

You only need to use htmlspecialchars() if the text appears on a website or an HTML email. I’m not sure if you need it if you’re sending plaintext emails.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.