Can anyone explain the following from my hosting company in simple terms for me,

(Over the last couple of weeks we have noticed an increase in the amount of spam email being sent from insecure scripts on the shared server. Therefore with immediate effect all scripts that send email from the server will need to authenticate with a valid email address that must exist on the same domain as your script.

This change will then mean your email will be virtually “guaranteed” to be delivered and we can avoid having the server IP address blacklisted which causes major issues for all concerned.

Note that is often known as smtp authentication and most third party scripts will support this functionality. If your script does not support this function then the message will not be sent and will be bounced back to the sender.)


I use a php guest book application which sends me an email everytime someone signs the book, not often enough but it happens, what do I need to do if anything?

Hiya Greg,

I am assuming that means that you need to use an email address that is local to your server for the results of forms, emails alerts from your guest book and so on. In other words, don't have it trying to send emails you to to a off site email address like Yahoo or Hotmail or Gmail. If you haven't already created one on your server, create an email address (or more) on your server to use that has your domain name in it. Then make sure any scripts you have running such as Web Forms, Guest Books etc. that are sending you any types of emails, are sending them to the server side email addresses that you setup there. I'm pretty sure that's what it means.

On the good side of this, most server side emails are able to be checked via POP3 using email clients if you usually do your email that way, or webmail is usually built into the servers also. You can even have it forwarded to your other email address if you don't want to deal with it inside webmail etc. Lots of ways to handle this, and it's always better for your visitors to get the emails from you with your server address rather than some free Yahoo or Gmail address when possible. Makes them feel more like they are dealing with a real server person from that website.

Hi Jo Ann,
That is what I thought it probably meant, my script does point to an email address on the same domain so it should be OK, I then forward it to one of my personal emails for convenience.

Thanks for the clarification.

In plain english this means that if you're website's URL is www.reallygreatwebsite.com the emails generated by scripts that are generated using your hosting providers internal smtp mail server to send email must have the from address be from the same domain ie Admin@reallygreatwebsite.com not spoof@nobody.net

I'd first test the guestbook script using bogus info and see if it sends an email. If it doesn't then you'll need to poke around the code or settings and change the from address to something with domain that is the same as your websites domain. (An actual email account may need to be setup most hosting providers supply at least one free email account when they register/host your domain. You're most likely good already.

Keep checking periodically since effective immediately could mean next week or next month. This is actually a good thing since you really don't want your hosting IP to be blacklisted, many security appliances use the blacklist to block not only email but websites as well.

I tested it and sure enough the email has stopped working.
Spoke to my hosting provider and they said no matter that it is on the same domain it must have SMTP authentication.
Now speaking to the suppliers of the guest book software.

From what my host said this is likely to happen on nearly all hosting companies as spammers are using the email address in the script to send out spam by the bucket load.