Again that makes no sense to me? What spammers? And what spoofing? So your saying if I want to use php mail to send emails on wordpress, a “spammer” is going to go in and change my contact for the TO email address to there own? Or is going to continue to send me spam, even after entering captcha so most likely not a spam bot… How is it spoofing anything when there is a from address that is being used on the contact form. Every other hosting provider I have used has never had a problem with this. It is unheard of IMHO.
Maybe the problem is more with the crap mail server they are using… Why isn’t every hosting company doing this if this is a serious issue? Why wouldn’t just those emails that are being used for spamming be blacklisted instead of the whole mail server again what are you talking about.
Seriously what do you mean by this “why should you be able to send mail coming from gmail, yahoo… etc when you aren’t gmail, yahoo… etc.”
Why would spammers use wordpress and a contact form to spam emails? Why would spammers try to send email on a hosting providers mail server, when they setup there own mail server on a localhost to spam email…
Here is a post from someone at Dreamhost that mentions exactly what I am saying… how is any of this considered or used for spoofing spam?
“It doesn’t pose a problem because all it does is let a blog on your domain use SMTP. Basically you can’t use it to spam, you can only use it to -be- spammed. Which we’d assume you wouldn’t want to do. I can’t put it on my site and then pass emails through yours, so the worst that would happen is your email is flooded by a spammer, which … well you’d have that possibility anyway, simply by having the contact form in the first place.”
But if you have good captcha etc then most likely your not going to get hit by spam bots… I have been using this form for over a year on many different websites self hosted on my own server at home, as well as with other hosting providers and have never received any spam… so again why are we not allowed to do this, why must we configure all this other crap just to receive email to a domain that is other than your own domain email. What if I have a mailto:myactualdomainemail, but want a form to go to a different email like gmail, hotmail, etc. I just don’t understand why and or how they consider this to be some crazy threat. If it was a huge issue you would think all major hosting companys would be requiring this.