Updates for form submission emails

Important update for your website.

Many AuctionServices.com websites include a contact form where visitors can get in touch with the auctioneer.  The information is submitted from the website and the auctioneer receives an email a short time later containing the information.

In the past most design companies including AuctionServices.com configured these forms on websites to use an “unauthenticated email.” Recently anti-spam methods began to add more weight to the sender and host of emails making unauthenticated email less likely to reach the intended destination.

Due to the increase in these anti-spam measures it is necessary to update the form to send “authenticated” email from your website to prevent your message from being delayed or discarded without warning.  This issue is intermittent, it does not affect all websites and it may not affect websites all the time.  You may be affected even if you continue to receive emails from the form(s) on your website.  

The process to update the website form plugin to send “authenticated” emails will depend on your website and email host.  We recommend a separate email account for the contact form requests.  This will reduce the likelihood of this feature becoming disabled due to a password change or other update common with very active email accounts.



Issue Summary

Rackspace unauthenticated mail is broken and they do not intend to fix it. This means emailed form results are likely to go missing without notification. The only solution available is to use an authenticated mail service.

If you have email managed by AuctionServices that is not billed on a per user basis, then this is a relatively straightforward fix. We create the account that we need to send mail from wordpress and forward incoming mail for that address to an address of your choice that is regularly monitored.

What we need from you in this case is to understand numbers 4 & 6 below, and for you to provide an email address that is regularly monitored.

If you host email yourself, with a third party, or through AuctionServices where the service is billed on a per/user basis, then we need to have a discussion to choose a solution that meets your price and risk requirements.


Issues with sending email from a form

  1. Unauthenticated email delivery through rackspace
    Rackspace does not commit enough resources to handle the volume of mail that is generated within their cloud sites service. Between overloading of the mail hosts and stringent anti-spam filters your message may be dropped or discarded without warning. They have no intention of increasing capacity or tuning the filters to allow this service to work reliably.

    From https://support.rackspace.com/how-to/test-php-mail-functionality/
    "Important: We recommend using an SMTP relay that requires authentication. Sending mail through unauthenticated SMTP servers (including the localhost relay on Cloud Sites) can result in delays or undelivered email because of stringent anti-spam filters."

    Here is a 3rd party that posted further detail about these issues http://www.joshuawinn.com/huge-email-delays-on-rackspace-cloud-sites-dont-use-php-mail/

    So far the situation appears to be unchanged.

  2. What is unauthenticated email?

    This is email that is sent from your wordpress site using the default PHP Mail() method. Wordpress sends the email to the local server and the local server sends it to the mail gateway. At no time is a user or password used to verify the sender of the email.

  3. What is authenticated email?
    Authenticated email requires a username and password to verify who is sending the mail. Nearly all consumer email is handled by authenticated access. Yahoo, Gmail, hotmail, etc. all require you to provide user and password information before sending mail.

  4. Why use a separate account?

    In general it is best not to use one of your daily use accounts for this purpose. People usually change passwords when an emergency situation occurs. If you change your password, then wordpress will no longer be able to send form mail until you have updated that password in wordpress. In the heat of such an emergency it is likely that this fact will go unnoticed and wordpress email may be broken for some time. It is best to have a separate account where the passwords can be changed in tandem and not affect an individuals email.

  5. Why is the from address important?

    The From: address needs to match the authenticated email account for the greatest chance of delivery. The From: address in your email was not as important in the past as it is today. Modern anti-spam methods care greatly who the email is from and what host it is being sent from. Most of this machinery is outside of our control, so we need to be careful not to run afoul of things that will get our mail discarded as invalid. SPF is a common anti-spam measure that defines what servers are valid for sending email with a given From: address. If your authenticated email account is wordpress@testemail.net, and you send the email out as jane@myemail.org it may get discarded or trapped as spam because email for myemail.org should not originate from the servers that serve testemail.net.

  6. Why is it important that this account be forwarded to an account that is monitored?

    We can't put your customer's email as the sending address (see #5) and expect it to be delivered successfully. That means the form mail will come from the authenticated sender. You won't be able to simply hit Reply on the email that you receive and have it go back to your customer. You will need to change the email address in the To: line to match the email address submitted in your form. If you forget to do that, the email would be sent to the authenticated email account and not your customer. Unless someone is monitoring the output of that account there would be no way to discover the error.

  7. Does google change my From: address?

    If your authenticated email account is with google, they will actually rewrite the From: address to match the account unless you have previously verified access to the other email account.

  8. Why does authenticated mail work while unauthenticated does not?

    Rackspace isn't interested in fixing the deficiencies in their systems to make it viable. Support simply tells you to use authenticated email.


Have more questions? Submit a request


Please sign in to leave a comment.