Setting Up PHPMailer with Office 365 SMTP

PHPMailer is a practical choice when a PHP application needs to send email through an authenticated SMTP server instead of relying on the local mail() function. For Microsoft 365, formerly Office 365, the usual SMTP host is smtp.office365.com on port 587 with STARTTLS enabled.

First, install PHPMailer with Composer if your project does not already include it. Composer keeps the library updated and gives you a clean autoloader.

composer require phpmailer/phpmailer

Then configure PHPMailer to use SMTP authentication. The account you use must be allowed to send mail through SMTP AUTH, and the mailbox should match the From address unless your Microsoft 365 tenant explicitly permits sending as another address.

use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;

require __DIR__ . '/vendor/autoload.php';

$mail = new PHPMailer(true);

try {
    $mail->isSMTP();
    $mail->Host = 'smtp.office365.com';
    $mail->SMTPAuth = true;
    $mail->Username = '[email protected]';
    $mail->Password = getenv('OFFICE365_SMTP_PASSWORD');
    $mail->SMTPSecure = PHPMailer::ENCRYPTION_STARTTLS;
    $mail->Port = 587;

    $mail->setFrom('[email protected]', 'Example App');
    $mail->addAddress('[email protected]');

    $mail->Subject = 'PHPMailer Office 365 test';
    $mail->Body = 'This message was sent through Office 365 SMTP.';

    $mail->send();
    echo 'Message sent';
} catch (Exception $e) {
    echo 'Mailer error: ' . $mail->ErrorInfo;
}

Do not hard-code the mailbox password in your PHP file. Use an environment variable, secret manager, or server-side configuration file outside the web root. This keeps credentials out of version control and makes rotation less painful.

If your app sends HTML mail, set both the HTML body and a plain-text alternative. The alternative body improves readability for clients that block or strip HTML.

$mail->isHTML(true);
$mail->Body = '

Your report is ready.

'; $mail->AltBody = 'Your report is ready.';

If authentication fails, check three common causes. First, SMTP AUTH may be disabled for the mailbox or tenant. Second, the account may require modern authentication or an app password depending on tenant policy. Third, conditional access rules may block sign-in from the server location.

For debugging, enable PHPMailer SMTP output temporarily. Avoid leaving this on in production because SMTP logs can reveal addresses and server details.

$mail->SMTPDebug = 2;
$mail->Debugoutput = 'html';

Office 365 also enforces sending limits and anti-abuse controls, so it is not a replacement for a bulk email platform. It works well for transactional messages such as password resets, contact form notifications, internal alerts, and low-volume application emails. For newsletters or marketing campaigns, use a dedicated email service with proper unsubscribe and bounce handling.

0 0 votes
Article Rating
Subscribe
Notify of
guest

0 Comments
Oldest
Newest Most Voted
0
Would love your thoughts, please comment.x
()
x