Should one use "From", "Reply-To" or both headers to reflect their client's email address when sending an email to yourself from a "Contact Us" page?
I have written a website that uses the PHP Pear Mail function to send a few email messages. Mainly to people who have lost their password and to me when somebody submits the "contact us" form.
My question is this: since I am sending the email from my own server's IP address to myself, do I use the client's email address in the From or Reply-To headers?
It would make sense to place it in the Reply-To header, because that is most definitely what I want to do.
However, many email clients seem to work best with the client's name and email info located in the "From:" headers.
Is it safe to "falsify" the From: headers in an email? Or am I even falsifying the sender?
I mean... technically... the client is sending the message, it's just originating from my server.
Sincerely, -somebody_who_knows_nothing_about_email_deployment_and_is_worried_about_having_his_IP_blacklisted
In this case, you should be able to use either From
or Reply-to
. It may be best put the client's address in Reply-to
and use a no-reply address for your domain in the From
header. If your web-server is not trusted by your email server, this may be required.
If you were allowing the client to send a message, as some sites do, put the client's address in Reply-to
and use a no-reply address for your domain in the From
header.
It is possible to use an address different from that in the From
header as the envelope sender. This should be listed in a Sender
header. However, I don't recommend it for this case. It is more applicable to personal business mail where someone is sending on behalf of someone else (and where the sender and from addresses are in the same domain).
There are cases which can cause problems if you put the client's email address in the From
address.
- The client's domain may have an SPF record which does not allow you to send email for their domain;
- The clients' domain may specify all email from that domain is DKIM signed (currently not very likely to cause problems); and
- If the email is sent to the client, the client;s domain may not accept mail sent with address in its domain(s) from untrusted (Internet) servers.
On my server the first and last cases apply. I am working on DKIM, but many DKIM signers don't publish their policy. All three rules are very effective against SPAM. Unfortunatly, automated systems (including web servers) are often configured poorly and their email gets blocked or assigned to the spam folder.
It's perfectly safe to just use the From
header. It wouldn't be considered falsification.