When a person used the contact form their email address is used as the "from" address for the resulting email. Unless the visitor's email address is handled by the drupal server's email server, then many spam filters will see this as an email spoof.

I propose modifying contact_mail_page_submit(509):
$from = variable_get('site_mail', '');
$headers = array('Reply-To' => $form_values['mail']);

And contact_mail_user_submit(375):
$from = variable_get('site_mail', '');
$headers = array('Reply-To' => $user->mail);

After those changes are made, just adding the $headers variable to the end of the 4 drupal_mail calls in the before mentioned functions will solve the problem.

This implementation allows the person who receives the contact email will be able to reply to it normally and the email's likelihood of reaching the site contact person is increased.

Comments

vangorra’s picture

vangorra commented

Does anybody have anything to say about this bug?

nasi’s picture

nasi commented
Version: 5.3 » 5.7

This is definitely a problem. We have a lot of emails that get flagged up/lost as spam because they are perceived as being spoof messages.

It makes logical sense for the emails to come From: drupal as drupal is creating them, with a Reply-To: as the email address entered on the contact form.

maartenvg’s picture

maartenvg commented
Version: 5.7 » 7.x-dev
Category: bug » feature

This is a feature request (as the current behavior is by design), and new features go into D7.

My opinion? Drupal isn't sending them, user X is sending them. So user X should be credited. Compare it with e-mailing that person with an e-mail application, then the From-header isn't your ISP's e-mail address or other analogies to Drupal site_mail.

damien tournoud’s picture

damien tournoud commented
Status: Active » Closed (duplicate)

Duplicate of #111702: Set fixed "from:" and add "Reply-to:" to comply with DMARC.