Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.Experimental project
This is a sandbox project, which contains experimental code for developer use only.
Restrict the contact form so that logged-in users cannot change their sender e-mail address or name on the site and personal contact forms. This stops logged-in users from spoofing e-mail and/or using the "Send yourself a copy" feature to send spam.
Also, add the text "(Unverified)" to the sender name of messages sent from the contact forms by anonymous users.
This module is essentially a backport of the patch at #601776-98: Remove the ability of registered users to change the sender name or email address in contact forms., except that this module removes the name and e-mail fields entirely. That patch is currently (29 Jul 2012) committed and pushed to Drupal 8, and awaiting backport to Drupal 7. This module is for people who don't wish to wait.
This method does not entirely stop spoofing on its own. The user can still change his account e-mail address and then send a message. A supporting technique like http://drupal.org/project/email_required must be used to stop this.
