Thank you very much for that clarification Atropos7!
I’m not sure I understand the difference between “message sender” and “message author.”
It sounds to me like I ought to just insert “From” (the email address of the person completing the form) and let the machines figure out the rest.
But let me reiterate what I want to do to make sure I understand correctly. In the examples below I will omit any input validation and return characters for the purpose of clarity but you may be sure I will user proper paranoid practices in real life.
Let’s say the contact form is at
Let’s say the visitor enters firstname.lastname@example.org in the form’s “email” input field.
Let’s say the contact form hard codes my “To:” address as
Upon submitting, the processing script can assign a value to a variable, something like
$email = $_POST[‘email’];
The form processing script must send the “From:” header at minimum:
$headers = "From: ".$email;
I understand that the script can optionally have
$headers .= "Reply-To: ".$email;
and also optionally
$headers .= "Return-Path: ".$email;
The second and third are somehow helpful but not explicitly required.
So is it good form to include those additional headers? Does it in any way make or break the success of email transmission? Or is just leaving it at the minimal requirement of the “From” header sufficient?
Thanks so much for your help.