Shouldn’t the other parties email address be showing in here??
$EmailFrom is meant to be an email address from your domain (even a fake, “no-reply” address). It is being used in the email
From header, which has two major implications if using the user’s email address:
- You would need to validate the user’s input (i.e., make sure it is a single, valid email address), otherwise you would run the risk of header injection. This is a very, very common way for a simple contact form to be hijacked and used as a spam server, which will cause you all kinds of trouble. Note that Chris’ example does not include validation of any kind, which he points out in his comments. Look at using the
You would need to add a
Senderheader with an email address that belongs to your domain. Otherwise, it is likely that the email will be discarded as spam during delivery, because the
Fromaddress and the domain don’t match.
All in all, I would suggest not making these changes: just use the form as intended. If you’re set on it, however, you’d need to keep the above points in mind.