WordPress.org

Forums

Fast Secure Contact Form
[resolved] Yahoo DMARC Policy Impacts FS Contact Form, Blocks Emails (20 posts)

  1. DeltaHF
    Member
    Posted 1 year ago #

    I have discovered an issue where Gmail is rejecting messages sent by FS Contact Form if the "from" field contains a Yahoo email address. Upon closer inspection of the bounce error message received, I discovered the problem was caused by Yahoo's new implementation of DMARC, or "Domain-based Message Authentication, Reporting & Conformance" (see dmarc.org for more info).

    To make a long story short, Gmail rejects the message because the FROM field in the email generated by FS Contact Form contains yahoo.com, and this is prohibited by Yahoo's DMARC rules.

    To stop this from happening, it is very important that we can define an email address which we control, to be used in the FROM field. Actually, to be safe, the from_email field provided by the end user should never be included in the FROM field at all, because DMARC rules can prevent their message from being delivered.

    Yahoo's DMARC changes have been recently implemented and have caused a stir in the email deliverability community. More can be seen at the following addresses:

    http://www.virusbtn.com/blog/2014/04_15.xml

    https://sendgrid.zendesk.com/hc/en-us/articles/201876356-Yahoo-DMARC-Changes-Message-not-accepted-for-policy-reasons-

    https://wordpress.org/plugins/si-contact-form/

  2. godwingcbc
    Member
    Posted 1 year ago #

    I find if you fill in

    Return-path address (recommended):,

    Enable ONLY when web host requires "Mail From" strictly tied to site.(optional, rarely needed)

    and fill in Custom Reply To (optional, rarely needed):

    The problem will be solved at least for yahoo.com I don't think other yahoo.* domains are affected (yet)

  3. Mike Challis
    Member
    Plugin Author

    Posted 1 year ago #

  4. Mike Challis
    Member
    Plugin Author

    Posted 1 year ago #

    I just updated this help page again,
    http://www.fastsecurecontactform.com/yahoo-com-dmarc-policy
    Solution 2 will probably be required for DMARC compliance.

    Not sure what will happen in the future, but I estimate, DMARC might become pretty much a requirement if more email providers start requiring it..

    It was suggested above to fill in Custom Reply To, but I don't think that setting is needed, follow my Solution 2 on the help page I posted.

  5. DeltaHF
    Member
    Posted 1 year ago #

    Thanks for addressing this, Mike - your "Solution 2" solved the issue on my end.

    Keep up the great work on FSContactForm!

  6. billseymour
    Member
    Posted 1 year ago #

    This is very troubling to me, because I only happened to run across this today, not realizing that this DMARC thing was going on.

    Is there any way that Mike can 'push' some sort of notification to Plugin users, in the event a problem like this crops up? This would be most welcome.

    (update edit) I tried Solution 2, and it works just fine. Since I had already been using a valid return-path email (tied to the domain), simply checking the ENABLE-only box was all that was required.

    Thanks very much for both explaining, Mike, and for having laid out a good plugin even before this DMARC stuff came up.

  7. DivaVocals
    Member
    Posted 1 year ago #

    So I wish I had found this sooner.. Been having issues with this which were compounded by my webhost's own issues with delivering my domain based e-mails..

    I made the changes as per Solution 2, but I am finding that UNLESS I have an email address in the "Custom Reply To" field, that I get bounce back messages upon form submission like this one:

    This message was created automatically by mail delivery software.

    A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:

    youremailname@aol.com
    (ultimately generated from customerservice@mydomain.com)
    SMTP error from remote mail server after end of data:
    host mailin-04.mx.aol.com [152.163.0.67]: 521 5.2.1 :
    AOL will not accept delivery of this message.

    ------ This is a copy of the message, including all the headers. ------

    Return-path: <customerservice@mydomain.com>
    Received: from myhostingaccount by biz150.yourhosting.com with local (Exim 4.82)
    (envelope-from <customerservice@mydomain.com>)
    id 1Wu0si-0003fr-GJ
    for customerservice@mydomain.com; Mon, 09 Jun 2014 07:49:04 -0700
    To: customerservice@mydomain.com
    Subject: Over the Hill Web Consulting Contact: Third one more test
    Date: Mon, 9 Jun 2014 14:49:04 +0000
    From: Sonny Crockett <customerservice@mydomain.com>
    Message-ID: <8e9a91bedb4a06f027c134ef45bbf2b8@mydomain.com>
    X-Priority: 3
    X-Mailer: PHPMailer 5.2.7 (https://github.com/PHPMailer/PHPMailer/)
    Reply-To: youremailname@aol.com
    X-Sender: customerservice@mydomain.com
    MIME-Version: 1.0
    Content-Type: text/html; charset=UTF-8
    Content-Transfer-Encoding: 8bit

    <html><body>
    <b>To:</b>
    Webmaster

    <b>Name:</b>
    Sonny
    Crockett

    <b>Email:</b>
    youremailname@aol.com

    <b>Subject:</b>
    Third
    one more test

    <b>Message:</b>
    Third one more test

    Akismet Spam Check: passed
    <div style="background:#eee;border:1px solid gray;color:gray;padding:1em;margin:1em 0;">Sent from (ip address):
    72.129.74.169 (cpe-72-129-74-169.socal.res.rr.com)
    Date/Time: June 9, 2014 2:49 pm
    Coming from (referer):
    http://mydomain.com/contact-us/
    Using (user agent):
    Mozilla/5.0 (Windows NT 6.1; WOW64; rv:29.0) Gecko/20100101 Firefox/29.0

    </div></body></html>

    I would obviously prefer to NOT have to manually copy and paste the sender's email address.. Is there a solution to this??

  8. mbrsolution
    Member
    Posted 1 year ago #

    Hi @DivaVocals, this thread is marked as resolved. It is best that you start a new support thread, that way you will get better support.

    Thank you

  9. DivaVocals
    Member
    Posted 1 year ago #

    Sure I will do that.. though TECHNICALLY the issue persists.. so it's not truly "resolved" IMHO until the issue is gone under all circumstances.. Resolved around here seems to REALLY mean "nobody's gonna respond anymore"..

    IJS..

  10. DeltaHF
    Member
    Posted 1 year ago #

    Agreed - I have found that I, too, now have to copy/paste the sender's email address back into the "to" field of my email client.

    It's very inconvenient, but I don't see a way around this. How are other contact forms (in general) handling this issue?

  11. DivaVocals
    Member
    Posted 1 year ago #

    Agreed - I have found that I, too, now have to copy/paste the sender's email address back into the "to" field of my email client.

    Yep.. and this is a PITA when replying on my smartphone..

    How are other contact forms (in general) handling this issue?

    Was wondering the same thing myself.. Might have to take a look around to find out..

    Oh but perhaps we should be having this discussion in the new post I started here: http://wordpress.org/support/topic/dmarc-policy-impacts-fs-contact-form-blocks-emails since this post is marked "resolved"..

  12. DeltaHF
    Member
    Posted 1 year ago #

    I've just posted this in Diva's thread linked above, but for those of you who may find this thread in the future looking for a solution to your own email address being used by default when you attempt to reply to messages from FS Contact Form, here's the solution:

    The address used in the "Return-path address" field MUST BE DIFFERENT from your email address which the emails will be sent to. Otherwise, if the "From" header of a received message is set to your own address, Gmail and other large webmail providers will ignore the "Reply-To" header and direct the message back to you. (This behavior is documented here.)

    Hopefully this can be mentioned in the FS Contact Form settings or on the plugin's DMARC policy page.

  13. Mike Challis
    Member
    Plugin Author

    Posted 1 year ago #

    Thanks DeltaHF I will note those changes in both places.

  14. mrppp
    Member
    Posted 8 months ago #

    When you say "he “Email To” and the “Return-path address” should ALWAYS be separate REAL email addresses on the SAME DOMAIN as your web site (don’t skip this important step!)."

    Do you mean if i use mrppp@mysite.com the return path can't be same use say info@mysite.com instead?

  15. elizabeth
    Member
    Posted 6 months ago #

    What does all this mean for the average user? I'm thinking of not using this plugin because it appears from this thread that there's a problem.

  16. mbrsolution
    Member
    Posted 6 months ago #

    Hi @greybird there is no problem with this plugin. 100s of Thousands use it all the time without any issues. You will notice that this is issue has also been resolved.

  17. billseymour
    Member
    Posted 6 months ago #

    @greybird-

    The problem is/was Yahoo's policy change - this plugin actually was better prepared for that change than almost all of the other plugins.

    Every contact form must deal with the Yahoo (and possibly other email providers) DMARC policy - for my part, you won't find a more responsive plugin than this one.

  18. fullmoonloon
    Member
    Posted 5 months ago #

    I am just getting my site up and running and when I test the contact form (I have both a gmail and live email account) the form is submitted and I get an email. However my son uses Yahoo and he has tried twice to send the form and I have not gotten it. I am a bit confused on what else I need to do - I have even purchased the email service through GoDaddy so I can have an email address tied to my domain and used it in the return address field, and also checked the box under it (enable when web host requires mail from strictly tied to site.)

    What else needs to be done? I need a functioning contact form, if not this one something else.... thanks!

  19. DeltaHF
    Member
    Posted 5 months ago #

    fullmoonloon,

    Just enter a different return-path address in your FS Contact Form settings. Read this page and pay specific attention to the screenshot near the bottom: http://www.fastsecurecontactform.com/yahoo-com-dmarc-policy

  20. Jason Hendriks
    Member
    Posted 5 months ago #

    I'm confused.. especially after reading the link above. Why would anyone attempt to send a message for their Yahoo account through smtp.gmail.com and not smtp.mail.yahoo.com? Fast Secure Contact Form is a contact form.. not a mailing list server.

    Google has long rejected emails destined for Gmail recipients that did not arrive via smtp.gmail.com. And the rules are only getting tighter.

    @fullmoonloon have you setup your WordPress to use an SMTP server?

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Fast Secure Contact Form
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic