PHP Mail

+2 Jonah Morrison · July 17, 2016
Hey everyone,

I need your opinion. What is a good/secure/reliable mail service to use with PHP? Specifically for sending emails to verify accounts or recover passwords.


Post a Reply


Oldest  Newest  Rating
+2 Sampan Verma · July 17, 2016
I think the best service is to none at all. Use the default php mail function. It is the best choice.
0 Jonah Morrison · July 18, 2016
PHP Mails function is insecure. Easy yes, good no.
0 Erp Eight · July 22, 2016
use PHPMailer, its easy to set up and secure.
0 Sampan Verma · July 22, 2016
Why is PHP Mail insecure? If you have a good software on your server, then you keep each and every log for it. Moreover, even the services like PHPMailer, I think use the PHP Mail if they are sending mails through your server.
0 pwntastic _ · July 23, 2016
I too am curious as to how php's mail function is insecure. 

If your code is written well security shouldn't be an issue.  

Based on this, I would imagine it's not really as easy as you mentioned.
0 Erp Eight · July 23, 2016
First of all, PHPMailer provides an object oriented interface, whereas mail() is not object oriented. PHP developers generally hate to create $headers strings while sending emails using the mail() function because they require a lot of escaping – PHPMailer makes this a breeze. Developers also need to write dirty code (escaping characters, encoding and formatting) to send attachments and HTML based emails when using the mail() function whereas PHPMailer makes this painless.

Also, the mail() function requires a local mail server to send out emails. PHPMailer can use a non-local mail server (SMTP) if you have authentication.

Further advantages include:

It can print various kinds of errors messages in more than 40 languages when it fails to send an email
Integrated SMTP protocol support and authentication over SSL and TLS
Can send alternative plaintext version of email for non-HTML email clients
Very active developer community which keeps it secure and up to date
Attachment is super easy
Sending out HTML e-mail is a simple enough task with PHPMailer

yeah @pwntastic_ it requires basic object oriented knowledge
0 pwntastic _ · July 23, 2016
@Arpit Yadav I think you misunderstood my comment.  

I'm not advocating for the OP to use mail over PHPMailer...

It was mentioned by the OP that mail() is easy which I actually believe PHPMailer is easier to work with since they already take care of a lot of things for you...

Also it was mentioned by the OP that mail is insecure.  The way I see it is you wouldn't run a query with mysqli_query without escaping characters. (Before it's mentioned I do use ORMs this is just an example).  I guess the short version of this is that the function should not be the item to blame for the carelessness of the developer.
0 Suman Banerjee · October 22, 2016
I use PhpMailer. It is an open source script and quite good. I have created bulk mailing system with the help of this. It does quite a good job.

For mail server, you may user your host's server (make sure IP is not blocked and SPF, RDns etc are okay). Or, you may simply use some 3rd party SMTP server like 

Also for good inbox rate, make your content clean with proper headers. And use less links and images. Best, if you use text mail instead of HTML mail body.
0 Rahul Shahare · November 29, 2016
as per as my experiance :)
  • 1



Server-side, HTML embedded scripting language used to create dynamic Web pages.