Someone is not member of Drupal site and makes use of the site wide contact form to contact us. He fills out the form but fakes his from address. The form gets sent and I receive it. The from address and reply-to address both have this fake address. Why do both have that address? Isn't it sufficient to have it only in the reply-to? In some smtp servers a fake from address will be denied and in fact the sender is the website, not the user who filled out a form. Please let the sender address of the sitewide contact form be an address that is configurable so that the administrator can take care that it is a valid existing address. The user's address in reply-to is sufficient.

Comments

damien tournoud’s picture

damien tournoud commented
Status: Active » Closed (duplicate)

This is a duplicate of #111702: Set fixed "from:" and add "Reply-to:" to comply with DMARC. Also see this recent change to the D7.x branch: #330084: Setting Reply-To in mails to the same as From is redundant.