The general opinion when it comes to sending email messages in PHP is to stay clear of PHP’s built-in
mail() function and to use a library instead.
What I want to know are the actual reasons and flaws in using
mail() over a library or extension. For example, the commonly specified headers that aren’t included in a standard
Disadvantages of the PHP
In some cases, mails send via
mail()did not receive the
recipients although it was send by WB
without any error message. The most
common reasons for that issue are
- wrong format of mail header or content
(e.g. differences in line break
- sendmail not
installed or configured on your server
- the mail provider of the
recipeint does not allow mails send by
mail(); common spam protection
Errors in the format of header or
content can cause that mails are
treated as SPAM. In the best case,
such mails are transfered to the spam
folder of your recipient inbox or send
back to the sender. In the worst case,
such mails are deleted without any
comment. If sendmail is not installed
or not configured, no mails can be
send at all.
It is common practice by free mail
provider such as GMX, to reject mails
send via the PHP function
often such mails are deleted without
any information of the recipient.
mail() is said to garble headers and runs slowly. I can’t say this from personal experience because I’ve never used it, because, like you, I’ve always been advised against it. If you look at the comments on the entry for
mail() in the PHP manual, you can see some of the problems people have with it (esp. with headers).
It’s definitely not suited for sending any substantial amount of email, because, according to the manual itself,
It is worth noting that the mail()
function is not suitable for larger
volumes of email in a loop. This
function opens and closes an SMTP
socket for each email, which is not
For the sending of large amounts of
email, see the » PEAR::Mail, and »
AFAIK, it’s never preferable (performance-wise) to open and close a socket for each message you send regardless of the amount of mail you’re sending.
Basically, it’s a function that works, but not very well, and is eclipsed by a number of better libraries.
What matters is not only the mail() function but also the smtp server you use in conjunction. I’ve used three different smtp servers with php: postfix, qmail,sendmail.
In my experience postfix was the easiest one to work with php mail() but even postfix had some problems. You will encounter small bugs. It could be things like the “to” recipients receiving correctly structured emails and “bcc” recipients receiving corrupt emails. You’ll lose a lot of time trying to figure out these bugs. And your fixes will make your code not work properly with the other smtp servers.
The problem lays with the handling of the email header and PHP unfortunately does a poor job about that. Recently I switched to “PHP Mailer” library. In our website we have two smtp servers, one with postfix, and one with qmail. “PHP Mailer” worked with both of them with no additional configuration.
The biggest reason is that mail() can talk directly to a mail server, and if you don’t know what you are doing when sanitizing your input, a hacker may be able to spoof your mail server into sending mail other than what you intend. Most third party libraries have better sanitation (or better API’s) to help prevent this.