Php contact form headers

My question has to do with headers generated by PHP contact forms on web sites. I have read many, many articles and tutorials on writing PHP contact forms. Those tutorials sometimes describe how to write custom headers, and some of them even outline which headers can be written, but none of them really conclusively lay out what headers should be included and, more importantly, what they should consist of. Even the resource seems to demonstrate what can be done but not what should be done.

In particular, I’m interested in the nuanced difference between From, Reply-To and Return-Path.

If an email originates from a contact form on my web site, should all three headers contain the same value (that of the email address the user of the form fills out)? Since the email the contact form generates actually originates from my domain, is it incorrect to have all three headers reflect the sender’s email address? I find the whole email subject both very deep and very confusing.

Thanks. DreamHost support (understandably) dodged this question so I’m looking to the wider community for their collective wisdom.


  1. “From” is list of mailboxes that are the authors of the message and is required.

  2. “Sender” is used to indicate the mailbox of the message sender. It should be used only if there is more than one author listed or if the sender is not an author.

  3. “Reply-To” is a list of mailboxes from the author(s) as a suggestion on to where to send replies - otherwise replies are expected to be addressed to the “From” mailboxes. It is not required.

  4. Just like a real letter, while a message is transported it has an envelope. If something goes wrong along the way a notice is sent to the return address on this envelope. When a message is delivered this return address/envelope sender appears in the “Return-Path” header. Since DreamHost doesn’t allow relaying messages you can’t use an address of a third party here. If not specified then it might be obtained from the headers are your user account information.

Given the above information the answer is no.

I think its apparent that the “Sender” mailbox should be yours and the “From” should be that of the visitor. Don’t try to change the envelope sender unless you need to (ie, to have failures sent to a different mailbox of yours, or for piping to scripts to handle bounces) and using “Reply-To” isn’t necessary.

Keep in mind the mail system software will try to make sense out of what is provided in “From” and “To” and as a result addresses should be valid format. For example if given “This is spam” instead of an address you get ",," instead.

:cool: -//-

Thank you very much for that clarification Atropos7!

I’m not sure I understand the difference between “message sender” and “message author.”

It sounds to me like I ought to just insert “From” (the email address of the person completing the form) and let the machines figure out the rest.

But let me reiterate what I want to do to make sure I understand correctly. In the examples below I will omit any input validation and return characters for the purpose of clarity but you may be sure I will user proper paranoid practices in real life.

Let’s say the contact form is at
Let’s say the visitor enters in the form’s “email” input field.
Let’s say the contact form hard codes my “To:” address as

Upon submitting, the processing script can assign a value to a variable, something like
$email = $_POST[‘email’];

The form processing script must send the “From:” header at minimum:
$headers = "From: ".$email;

I understand that the script can optionally have
$headers .= "Reply-To: ".$email;

and also optionally
$headers .= "Return-Path: ".$email;

The second and third are somehow helpful but not explicitly required.
So is it good form to include those additional headers? Does it in any way make or break the success of email transmission? Or is just leaving it at the minimal requirement of the “From” header sufficient?

Thanks so much for your help.


(from Wikipedia)
An author is defined both as “the person who originates or gives existence to anything” and that authorship determines responsibility for what is created.

A source or sender is one of the basic concepts of communication and information processing. Sources are objects which encode message data and transmit the information, via a channel, to one or more observers (or receivers).

An author can be a sender but a sender may not have been an author.

[quote]The second and third are somehow helpful but not explicitly required.

It is good form to understand the purposes they serve and use them appropiately. As I said before “Return-Path” is only added when the message is being delivered. In other words don’t add it when creating the message.

Read the specifications: - Internet Message Format - Simple Mail Transfer Protocol

Well since “Reply-To” is a suggestion to the recipient it would have no affect on transmission. As for the return address you might want to use an address on your domain at DreamHost that you want failures to be sent to, eg. ""

:cool: -//-


Thanks a million. That helps a lot. I think “simple” is going to be the best policy for me. I’’ keep it to “To” and “From” and let the machines figure it out from there as you suggest. I really appreciate the thoroughness of your answers.