I've got a custom PHP website that has a form which triggers an email to be sent and in this email it contains an authentication link to confirm/verify that they are the person submitting to the form.
The current PHPMailer code looks like:
//Server settings
$mail->SMTPDebug = SMTP::DEBUG_SERVER;
//$mail->isSMTP();
$mail->Host = 'localhost';
//$mail->SMTPAuth = false;
//$mail->Username = '';
//$mail->Password = '';
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
$mail->Port = 465;
$mail->XMailer = 'WebsiteName Mailer';
$mail->addCustomHeader('X-Mailer-Type', 'WebsiteName/Auto/Verify');
$mail->setFrom('auth@websitename.com', 'WebsiteName');
$mail->addAddress('test-xxxxxxx@srv1.mail-tester.com');
//Content
$mail->isHTML(true);
$mail->Subject = 'Form Authentication from WebsiteName';
$mail->AltBody = 'Example email body here in plain text';
$mail->Body = "<!DOCTYPE html><html lang='en'><body>Example html email here <br></body></html>";
$mail->send();
I've also tried changing the port to 587 and changing the SMTPSecure to ENCRYPTION_STARTTLS
Every email that is sent to a server with SpamAssassin gets -2.499 score because of the PHP_SCRIPT flag which has the description of Sent by PHP script
I'm trying to find a fix my PHP (PhpMailer) to get around this as my emails are legitimate and wondering what I can do to better make them be detected fairly.
The interesting thing is emails sent with WP SMTP Mail plugin via WordPress do not get flagged for this SpamAssassin rule even though WP SMTP Mail also uses PhpMailer
