API_KEY]); $api = curl_init('https://mandrillapp.com/api/1.0/senders/domains.json'); curl_setopt_array($api, [ CURLOPT_POST => TRUE, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_POSTFIELDS => $jsonKey, CURLOPT_HTTPHEADER => [ 'Content-type: application/json', 'Content-length: '.strlen($jsonKey) ] ]); if(($jsonDomains = curl_exec($api)) === FALSE){ die("cURL error\n".curl_error($api)."\n"); } echo "done.\n"; $domains = json_decode($jsonDomains, TRUE); curl_close($api); echo count($domains)." domains found\n"; // Step 2: Filter out *valid* domains! echo "\n"; $badDomains = []; foreach($domains as $domain){ if($domain['spf']['valid'] || $domain['dkim']['valid'] || $domain['valid_signing']){ echo "Keeping {$domain['domain']}\n"; } else{ $badDomains[] = $domain['domain']; } } echo "\nRemoving ".count($badDomains)." domains\n"; // Step 3: Login to MailChimp's website $siteCookies = tempnam(sys_get_temp_dir(), 'mandrill'); // To do this, we need to scrape the '__csrf_token' from the form $login = curl_init('https://login.mailchimp.com/'); curl_setopt_array($login, [ CURLOPT_HTTPGET => TRUE, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_FOLLOWLOCATION => TRUE, CURLOPT_AUTOREFERER => TRUE, CURLOPT_COOKIEFILE => $siteCookies, CURLOPT_COOKIEJAR => $siteCookies, CURLOPT_HTTPHEADER => [ 'Accept-Encoding: gzip, deflate', ] ]); if(($html = curl_exec($login)) === FALSE){ die("cURL error\n".curl_error($login)."\n"); } curl_close($login); $web = new DOMDocument; libxml_use_internal_errors(TRUE); $web->loadHTML(gzdecode($html)); $xpath = new DOMXpath($web); $csrf_el = $xpath->query("//input[@name='__csrf_token']/@value"); $csrf = count($csrf_el) > 0 ? $csrf_el->item(0)->nodeValue : ''; echo "Captured __csrf_token={$csrf}\n"; $website = curl_init('https://login.mailchimp.com/login/post'); curl_setopt_array($website, [ #CURLOPT_VERBOSE => TRUE, CURLOPT_POST => TRUE, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_POSTFIELDS => http_build_query([ 'referrer' => '/transactional/launch', 'username' => USERNAME, 'password' => PASSWORD, '__csrf_token' => $csrf, 'from' => '', 'auth_token' => '', 'auth_system' => '', ]), CURLOPT_FOLLOWLOCATION => TRUE, CURLOPT_AUTOREFERER => TRUE, CURLOPT_COOKIEFILE => $siteCookies, CURLOPT_COOKIEJAR => $siteCookies, CURLOPT_REFERER => 'https://login.mailchimp.com/', CURLOPT_HTTPHEADER => [ 'Origin: https://login.mailchimp.com', 'Accept-Encoding: gzip, deflate', ] ]); if(($x = curl_exec($website)) === FALSE){ echo "Cannot login to Mandrill\n"; die("cURL error\n".curl_error($website)."\n"); } curl_close($website); // MailChimp is doing something "fun", // it's returning a form you need to submit... after posting the login form $loginForm = new DOMDocument; $loginForm->loadHTML(gzdecode($x)); $formData = $loginForm->getElementsByTagName('form'); if (count($formData)) { $loginUrl = $formData->item(0)->getAttribute('action'); $loginFormData = []; foreach ($formData->item(0)->getElementsByTagName('input') as $field) { $loginFormData[$field->getAttribute('name')] = $field->getAttribute('value'); } $website = curl_init($loginUrl); curl_setopt_array($website, [ #CURLOPT_VERBOSE => TRUE, CURLOPT_POST => TRUE, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_POSTFIELDS => http_build_query($loginFormData), CURLOPT_FOLLOWLOCATION => TRUE, CURLOPT_AUTOREFERER => TRUE, CURLOPT_COOKIEFILE => $siteCookies, CURLOPT_COOKIEJAR => $siteCookies, CURLOPT_REFERER => 'https://login.mailchimp.com/login/post/', CURLOPT_HTTPHEADER => [ 'Origin: https://login.mailchimp.com', 'Accept-Encoding: gzip, deflate', ] ]); if(($x = curl_exec($website)) === FALSE){ echo "Cannot login to Mandrill\n"; die("cURL error\n".curl_error($website)."\n"); } curl_close($website); // After posting this login form, we redirect to Mandrill // And guess what, another form to post... $mandrillForm = new DOMDocument; $mandrillForm->loadHTML(gzdecode($x)); $formData = $mandrillForm->getElementsByTagName('form'); if (count($formData)) { $adminDomain = parse_url($loginUrl, PHP_URL_HOST); $loginFormData = []; foreach ($formData->item(0)->getElementsByTagName('input') as $field) { $loginFormData[$field->getAttribute('name')] = $field->getAttribute('value'); } $website = curl_init($formData->item(0)->getAttribute('action')); curl_setopt_array($website, [ #CURLOPT_VERBOSE => TRUE, CURLOPT_POST => TRUE, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_POSTFIELDS => http_build_query($loginFormData), CURLOPT_FOLLOWLOCATION => TRUE, CURLOPT_AUTOREFERER => TRUE, CURLOPT_COOKIEFILE => $siteCookies, CURLOPT_COOKIEJAR => $siteCookies, CURLOPT_REFERER => "https://{$adminDomain}/transactional/launch", CURLOPT_HTTPHEADER => [ "Origin: https://{$adminDomain}", 'Accept-Encoding: gzip, deflate', ] ]); if(($x = curl_exec($website)) === FALSE){ echo "Cannot login to Mandrill\n"; die("cURL error\n".curl_error($website)."\n"); } curl_close($website); } } echo "Logged into Mandrill website\n"; echo "Removing domains via website...\n"; foreach($badDomains as $domain){ echo "\t{$domain}..."; $query = http_build_query([ 'domain' => $domain ]); $website = curl_init("https://mandrillapp.com/settings/delete-domain?{$query}"); curl_setopt_array($website, [ CURLOPT_HTTPGET => TRUE, CURLOPT_RETURNTRANSFER => TRUE, CURLOPT_FOLLOWLOCATION => TRUE, CURLOPT_AUTOREFERER => TRUE, CURLOPT_COOKIEFILE => $siteCookies, CURLOPT_COOKIEJAR => $siteCookies, CURLOPT_REFERER => 'https://mandrillapp.com/settings/sending-domains', ]); if(($x = curl_exec($website)) === FALSE){ echo "Cannot remove {$domain}\n"; die("cURL error\n".curl_error($website)."\n"); } curl_close($website); echo "done\n"; } echo "\ndone\n";