• Make templating possible via the wp_mail phpmail_init hook
  • Markdown
  • Shortcodes
  • Replacement Codes
  • PHP Execution
• SMTP Integration
• Build Admin Pages
  • Decide on a layout
  • Config
  • Template Editor
  • Logging
• Logo

In this method I'd suggest trying to detect the presence of an existing <!DOCTYPE or </html> tag in the body of an email before applying filters. This way you won't parse an email which has already been fully formatted and perhaps includes its own header/footer, etc.

https://github.com/websharks/mail-remix/blob/000000-dev/mail-remix/classes/templater.php#L51

Bring your WordPress emails to the next level...

I suggest changing that to "Take your WordPress emails to the next level..."

Most SMTP servers require email to be sent by a specific address, or from a specific domain. It would be great if I could configure this address whenever I setup my SMTP server.

I ended up with a /wp-content/mail-logs directory with an .htaccess file.

I'd suggest changing deny from all, to the following:

<IfModule authz_core_module>
    Require all denied
</IfModule>
<IfModule !authz_core_module>
    deny from all
</IfModule>

This is forward-compatible with newer versions of Apache w/ authz_core_module, while still being backward-compatible with the older versions that use the allow/deny syntax. See also: http://httpd.apache.org/docs/2.4/howto/access.html

I'd suggest clarifying "ALL" to mean "ALL use of wp_mail()" in case other plugins have implemented their own mail class or SMTP integration. For instance, in the case of Comment Mail (and a few other SMTP plugins) there is a separate instance of \PHPMailer that resides outside of wp_mail(). You might not pick those up if the plugin doesn't call phpmailer_init.

Also, the wp_mail() function itself is a "pluggable" function. Therefore, it is possible for custom implementations of wp_mail() to exist which are either customized by a hosting company or altered by another plugin. So you might even want to mention that your logging is attached to phpmailer_init in the wp_mail() function so that all use of wp_mail() is logged for analysis.

That's enough information for others to see the potential for certain things not to be logged under abnormal conditions; or with plugins that implement their own SMTP integration that resides outside of wp_mail().

I'm curious to know if enabling these features will allow for things like PHP evaluation, shortcode parsing, and Markdown parsing for just any email? Is there any additional syntax needed to enable this parsing, or is it just "on" if I enable it?

I'd suggest that there be some sort of additional syntax to enable these functionalities in a particular email. For instance, if I want PHP code evaluated, I can enable this in the options. However, in order to get PHP evaluated there should be some sort of wrapper needed in my email body.

<!--php-enable-->

Something along the lines of this. Otherwise, if a plugin that I'm running happens to send an email through with a PHP tag by mistake, or because some sort of user input contained a PHP tag... my site would open to a security issue. Or no?

Even with a special token/wrapper being required, that may not always guard against every scenario. For instance, in Comment Mail we're going to have WordPress send emails w/ clips of a comment that somebody left on the site; i.e. user-supplied input is going to make it into emails. Of course, we are going to sanitize this data so PHP tags won't be in there. However, that may not be the case w/ every plugin, or in every possible scenario.

• Default Email Overrides
• Send Emails from Dashboard