If at first you do not succeed, blame your computer.

Reply-To Header Can Create Bounces

Filed under: Scripting

If your form email script creates a Reply-To header that doesn’t conform to the examples given in RFC 822, you may find that some of your mails are rejected by SMTP servers – even if your mail headers conform to RFC 2822.

A site had a number of email scripts that had been built up over a period of time. As is common – especially with form mail scripts – various patches had been added and changes made over a few months to try and reduce spam or MIME injection attacks. Then one of the scripts apparently stopped working. Not all of them. Just one.

Every test on the script suggested that mails were being sent out correctly yet only 2 out of the 4 email recipients were actually getting mail. Further tests suggested that the ‘failure’ was happening at the recipient SMTP server. Spam filters were checked – nothing there. Blacklists were checked in case the sender’s domain had been blacklisted. Still nothing.

After much head-scratching and testing, the headers on the bounced mails were requested and re-examined. Most of the bounces simply reported:

SMTP error from remote mail server after end of data:
host foobar.com [xx.xx.xx.xx]: 550 Administrative prohibition

which wasn’t exactly helful. But one of the bounces included the following:

Rejected after DATA:
syntax error in ‘Reply-To:’ header when scanning for sender:
malformed address:…

A scan of the relevant script revealed that the Reply-To address on the outgoing mails used the format:

Reply-To: [email protected] <[email protected]>

whilst the examples given in section A.3.3 of RFC 822 used the format:

Reply-To: [email protected].

Correcting the script to format the Reply-To headers in line with RFC 822 solved the delivery problem!

This suggests that some SMTP servers reject mails with Reply-To headers that don’t conform to the examples supplied in RFC 822. This is despite the fact that nothing within RFC 822 or RFC 2822 mandates a specfic format for Reply-To headers. In fact the examples quoted in RFC 2822 would also be rejected by such servers!

Obviously, the ‘rogue’ servers are at fault in that they don’t comply with RFC 2822 but, if some of your users start complaining that they’re not receiving mail from your form mail script, check the Reply-To format.

You might save yourself some hair.

Published: October 2nd 2006