[Resolved] Google flags email notification as spoofed message

[Author]

Posts

[himanshuS]

I am using the gmail service for my company and every time I get an email notification from CRED form, there is a warning at the top for a spoofed message. The email also shows " via b.atomicsites.net" in the email name section.

I have two questions
1) What can done to remove the spoofing message from gmail or other clients? This will be very annoying to users and might risk the credibility of the product
2) How can I remove " via b.atomicsites.net" from the email as it look unprofessional. The email should only be from the email I provide in the sender information section on each notification.

Thanks for your help!

[Jamal]

Hello and thank you for contacting the Toolset support.

I am not sure how I can help with your first request as it depends heavily on the Gmail service and your email provider, which I believe is Gmail too, right? If you can reach their support and ask for more details, we can see how to help.

Regarding your second question, you can customize the sender email and name/label from the notification settings, check this screenshot hidden link
You may also want to customize the headers of the email using this Toolset hook cred_mail_header
https://toolset.com/documentation/programmer-reference/cred-api/#cred_mail_header

In the end, Toolset uses the built-in WordPress wp_mail function, so you can also customize the email using WordPress hooks such as:
- https://developer.wordpress.org/reference/hooks/wp_mail/
- https://developer.wordpress.org/reference/hooks/wp_mail_from/
- https://developer.wordpress.org/reference/hooks/wp_mail_from_name/

I hope this answers your question. Let me know if there is anything else I can help with.

[himanshuS]

Jamal,

I get your point regarding the first one. I will take that up on my end.

However, the second issue is where I would need more help. The settings in the sender email and label are accurate (see screenshot) but the "via b.atomicsites.net" shows up on all notifications sent from toolset only on web and not on mobile. So my question is, where is this thing coming from? Toolset or wordpress? Does changing the header really solve this when I already have the right header information. Seems like via shows the routing of the email, essentially where it is coming from.
I found a notes that has some information related to this but I want to run it by you to understand the root cause before I make any changes:
https://stackoverflow.com/questions/8236312/how-to-remove-via-and-server-name-when-sending-mails-with-php
hidden link

[Jamal]

By reading the StackOverflow thread and the other article, it is clear that this is mainly based on the mail server settings and the email client. In mobile, the email client is the email app(Maybe Gmail app). And on the web, the email client is the Gmail web app(gmail.com).

Let's take this answer https://stackoverflow.com/a/14964547
Point (1) is a configuration of the email server.
Point (2) is set by Toolset correctly.
Point (3) is handled by WordPress, but can be customized either by cred_mail_header or by the WordPress wp_mail hook.
https://developer.wordpress.org/reference/hooks/wp_mail/
Because at the end, Toolset does not send any emails on its own, it uses the underlying wp_mail() function.
https://developer.wordpress.org/reference/functions/wp_mail/

I'll suggest that you test with a simple PHP script that uses directly the PHP mail() function to ensure that the server configuration is correct. And that you get finally what you want with Just PHP and the server configuration.
Then, you can get back to WordPress and Toolset to check if modifying the email's header with hooks will get you what you want.