Building Email Systems 📧

Send transactional emails with PHPMailer, configure SMTP authentication, and set up SPF, DKIM, and DMARC for reliable email delivery.

What You'll Learn in This Lesson

• How SMTP works and why mail() is not enough
• Send HTML emails with attachments using PHPMailer
• Configure SPF, DKIM, and DMARC for deliverability
• Build reusable email templates with PHP
• Compare transactional email services (SendGrid, Mailgun, SES)

Note: PHP runs on a server. Our examples simulate PHP logic using JavaScript. To run real PHP, install PHP.

🎯 Real-World Analogy: Sending email without SMTP authentication is like mailing a letter without a return address — recipients (and spam filters) don't trust it. SPF is like registering your address with the post office, DKIM is a wax seal proving the letter wasn't tampered with, and DMARC is your policy telling the post office what to do with suspicious mail.

SMTP & PHPMailer

PHP's built-in mail() function sends emails through the server's local mail system — no authentication, no encryption, and terrible deliverability. PHPMailer connects directly to an SMTP server with TLS encryption and proper authentication, so your emails actually reach inboxes instead of spam folders.

Try It: Sending Emails

Build emails with SMTP, recipients, HTML body, and attachments

Try it Yourself »

JavaScript

// Email Sending Fundamentals in PHP
console.log("=== How Email Works: SMTP Protocol ===");
console.log();
console.log("Your PHP App → SMTP Server → Recipient's Mail Server → Inbox");
console.log();
console.log("Key components:");
console.log("  MUA (Mail User Agent)   — Your PHP app (the sender)");
console.log("  MTA (Mail Transfer Agent) — SMTP server (Gmail, SendGrid, etc.)");
console.log("  MDA (Mail Delivery Agent) — Delivers to recipient's mailbox");
console.log();

// Simulate PHP's mail(
...

Deliverability & Templates

Even with PHPMailer, emails can still hit spam if your domain's DNS records aren't configured. SPF tells receiving servers which IPs can send for your domain, DKIM adds a cryptographic signature, and DMARC defines the policy. Together, they boost deliverability to 95%+.

Try It: Email Deliverability

Configure SPF, DKIM, DMARC, and explore transactional email services

Try it Yourself »

JavaScript

// Email Deliverability: SPF, DKIM, DMARC
console.log("=== Why Emails Go to Spam ===");
console.log();
console.log("Without proper DNS records, email servers can't verify");
console.log("that YOUR server is authorized to send from YOUR domain.");
console.log();

let dnsRecords = [
  {
    type: "SPF",
    purpose: "Lists servers allowed to send email for your domain",
    record: "v=spf1 include:_spf.google.com include:sendgrid.net ~all",
    dnsType: "TXT",
    location: "@ (root)",
  },
  {
  
...

⚠️ Common Mistakes

⚠️

Hardcoding SMTP credentials — Store passwords in environment variables, never in source code.

⚠️

Sending emails synchronously — Queue emails as background jobs so users don't wait 2-3 seconds for SMTP round-trips.

💡

Pro Tip: Use Gmail App Passwords for development but switch to SendGrid or SES for production — Gmail limits you to 500 emails/day.

📋 Quick Reference — Email Systems

Concept	Description
PHPMailer	Industry-standard library for sending SMTP email
SPF	DNS record listing authorized sending servers
DKIM	Cryptographic signature proving email integrity
DMARC	Policy for handling failed SPF/DKIM checks
STARTTLS	Upgrades SMTP connection to encrypted (port 587)

🎉 Lesson Complete!

You can now send professional transactional emails! Next, learn to handle image uploads, resizing, and optimization.