Contrib.social

Don't forge "from" mail in contact form but use "reply-to" functionality

Open on Drupal.org →
Created on 6 October 2022, about 2 years ago
Updated 18 April 2024, 8 months ago

Problem/Motivation

Currently contact forms on drupal.org are basically forging the sender (from) email to be from the user that is submitting the form. This causes email filters to think it's from an unsafe source and triggers all kind of alerts. Some email/spam filters won't even let it through, so potentially people using company emails are not receiving emails from the contact forms, since large companies tend to have extensive and strict email filters.

Here is an example of what Gmail adds as warnings.

Steps to reproduce

  • Submit a contact form (not yourself) and check the option to send a copy to your self
  • See if the email comes through. Gmail adds a lot of nice markers

Proposed resolution

Instead of forging the sender email address the following should be implemented.

  • The sender email address should be changed to something like no-reply@drupal.org
  • A reply-to email needs to be set to the value the user is entering in the "Your e-mail address" field

Modules that do this for Drupal 7:
https://www.drupal.org/project/contact_reply_to
https://www.drupal.org/project/reply_to
https://www.drupal.org/project/webform_reply_to

Remaining tasks

  • Update sender mail to a generic mail address
  • Implement a "reply-to" functionality

User interface changes

N/A

API changes

N/A

Data model changes

N/A

📌 Task
Status

Fixed

Version

3.0

Component

Code

Created by

🇧🇪Belgium BramDriesen Belgium 🇧🇪

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024