Job completion report emails are defaulting to admin_email option in email From: address #233
Description
Describe the bug
This is the email issue I already mentioned in the WordPress support forum thread. I was expecting to see it fixed in the last code dump on release 5.5.2 since it's a simple fix.
The issue is caused by this piece of "interesting" code:
Lines 1323 to 1337 in 5b08f6e
If the email address set in advanced settings UI and saved as mailaddresssenderlog opton doesn't contain < the email From: header gets constructed using admin_email overriding the email address set by user but that's outright silly.
I can understand the need for formatting the address in a particular way but this is not at all the way to do it. I'd go with actual email address validation using filter_var('user@example.com', FILTER_VALIDATE_EMAIL); when the option is updated instead of during job execution.
As a result, the email From: header is set to an address which in many cases will not be that of the website's domain or the sending domain. This would result in emails being dropped by the sending SMTP server or rejected by many receiving servers, depending on SPF and DMARC policies of the website's domain or domain in the From: header. In extreme cases, it could lead to sending domain being blacklisted by major email providers.
To Reproduce
Steps to reproduce the behavior:
- Go to Advanced settings > Logs
- Under "Log notifications", fill the "Email from field" input with plain email address and uncheck the "Send email with log only when errors occur during job execution" checkbox
- Save settings
- Wait for a job to trigger of start it manually
- Receive and email with from address
address.in.options@somedomain.com <admin_email-option@different-domain.com>.
Expected behavior
The emails should be sent from the address specified without manglind the from address or overriding user settings.