email header screenshot

Add the X-Originating-IP header to all outgoing emails to assist with investigation of the sources for spam and unsolicited bulk email.

A standard Drupal install sends email as if it was originating from the web server when in fact, the email originated with a person's web browser. Use this module to include information in the outgoing email header about the IP address of the person who submitted a request to a Drupal website.

Without this module, Drupal effectively becomes an anonymizing service because the standard email headers will have the email origin listed as the web server IP address instead of the user elsewhere on the Internet. By using the information from X-Originating-IP, you can track down individuals who send undesirable communications through contact or webforms.

X-Originating-IP: []

The originating IP is based on the ip_address() Drupal API function.

If Drupal is behind a reverse proxy, we use the X-Forwarded-For header instead of $_SERVER['REMOTE_ADDR'], which would be the IP address of the proxy server, and not the client's. The actual header name can be configured by the reverse_proxy_header variable.

There is no configuration for 6.x-1.0. For 7.x-1.1, there are alternate headers available for administrators to choose from including:

  • X-Sender
  • X-SenderIP
  • X-Sender-IP
  • X-Apparently-From

For either version, just enable the module and it will start working by default using X-Originating-IP.

Project Information