Current time: 04-19-2014, 07:37 AM Hello There, Guest! (LoginRegister)

Post Reply 
php contact form headers
07-09-2009, 04:17 PM
Post: #1
php contact form headers
My question has to do with headers generated by PHP contact forms on web sites. I have read many, many articles and tutorials on writing PHP contact forms. Those tutorials sometimes describe how to write custom headers, and some of them even outline which headers *can* be written, but none of them really conclusively lay out what headers *should* be included and, more importantly, what they should consist of. Even the php.net resource seems to demonstrate what *can* be done but not what *should* be done.

In particular, I'm interested in the nuanced difference between From, Reply-To and Return-Path.

If an email originates from a contact form on my web site, should all three headers contain the same value (that of the email address the user of the form fills out)? Since the email the contact form generates actually originates from *my* domain, is it incorrect to have all three headers reflect the sender's email address? I find the whole email subject both very deep and very confusing.

Thanks. DreamHost support (understandably) dodged this question so I'm looking to the wider community for their collective wisdom.

Steve
Visit this user's website Find all posts by this user
Quote this message in a reply
07-09-2009, 11:15 PM
Post: #2
php contact form headers
Quote:In particular, I'm interested in the nuanced difference between From, Reply-To and Return-Path.
1. "From" is list of mailboxes that are the authors of the message and is required.

2. "Sender" is used to indicate the mailbox of the message sender. It should be used only if there is more than one author listed or if the sender is not an author.

3. "Reply-To" is a list of mailboxes from the author(s) as a suggestion on to where to send replies - otherwise replies are expected to be addressed to the "From" mailboxes. It is not required.

4. Just like a real letter, while a message is transported it has an envelope. If something goes wrong along the way a notice is sent to the return address on this envelope. When a message is delivered this return address/envelope sender appears in the "Return-Path" header. Since DreamHost doesn't allow relaying messages you can't use an address of a third party here. If not specified then it might be obtained from the headers are your user account information.

Quote:If an email originates from a contact form on my web site, should all three headers contain the same value (that of the email address the user of the form fills out)?
Given the above information the answer is no.

Quote:Since the email the contact form generates actually originates from *my* domain, is it incorrect to have all three headers reflect the sender's email address?

I think its apparent that the "Sender" mailbox should be yours and the "From" should be that of the visitor. Don't try to change the envelope sender unless you need to (ie, to have failures sent to a different mailbox of yours, or for piping to scripts to handle bounces) and using "Reply-To" isn't necessary.

Keep in mind the mail system software will try to make sense out of what is provided in "From" and "To" and as a result addresses should be valid format. For example if given "This is spam" instead of an address you get "This@machine.dreamhost.com,is@machine.dreamhost.com, spam@machine.dreamhost.com" instead.

Cool openvein.org -//-
Visit this user's website Find all posts by this user
Quote this message in a reply
07-10-2009, 09:28 AM
Post: #3
php contact form headers
Thank you very much for that clarification Atropos7!

I'm not sure I understand the difference between "message sender" and "message author."

It sounds to me like I ought to just insert "From" (the email address of the person completing the form) and let the machines figure out the rest.

But let me reiterate what I want to do to make sure I understand correctly. In the examples below I will omit any input validation and return characters for the purpose of clarity but you may be sure I will user proper paranoid practices in real life.

Let's say the contact form is at
example.com/contact.php
Let's say the visitor enters joe@interested.net in the form's "email" input field.
Let's say the contact form hard codes my "To:" address as
admin@example.com

Upon submitting, the processing script can assign a value to a variable, something like
$email = $_POST['email'];

The form processing script *must* send the "From:" header at minimum:
$headers = "From: ".$email;

I understand that the script can *optionally* have
$headers .= "Reply-To: ".$email;

and also optionally
$headers .= "Return-Path: ".$email;

The second and third are somehow helpful but not explicitly required.
Right?
So is it good form to include those additional headers? Does it in any way make or break the success of email transmission? Or is just leaving it at the minimal requirement of the "From" header sufficient?

Thanks so much for your help.

Steve
Visit this user's website Find all posts by this user
Quote this message in a reply
07-10-2009, 11:35 AM
Post: #4
php contact form headers
Quote:I'm not sure I understand the difference between "message sender" and "message author."
(from Wikipedia)
An author is defined both as "the person who originates or gives existence to anything" and that authorship determines responsibility for what is created.

A source or sender is one of the basic concepts of communication and information processing. Sources are objects which encode message data and transmit the information, via a channel, to one or more observers (or receivers).

An author can be a sender but a sender may not have been an author.

Quote:The second and third are somehow helpful but not explicitly required.
Right?
Right.

Quote:So is it good form to include those additional headers?
It is good form to understand the purposes they serve and use them appropiately. As I said before "Return-Path" is only added when the message is being delivered. In other words don't add it when creating the message.

Read the specifications:

http://tools.ietf.org/html/rfc5322 - Internet Message Format
http://tools.ietf.org/html/rfc5321 - Simple Mail Transfer Protocol

Quote:Does it in any way make or break the success of email transmission? Or is just leaving it at the minimal requirement of the "From" header sufficient?
Well since "Reply-To" is a suggestion to the recipient it would have no affect on transmission. As for the return address you might want to use an address on your domain at DreamHost that you want failures to be sent to, eg. "-fpostmaster@mydomain.com"

Cool openvein.org -//-
Visit this user's website Find all posts by this user
Quote this message in a reply
07-10-2009, 12:37 PM
Post: #5
php contact form headers
Atropos7;

Thanks a million. That helps a lot. I think "simple" is going to be the best policy for me. I'' keep it to "To" and "From" and let the machines figure it out from there as you suggest. I really appreciate the thoroughness of your answers.
Steve
Visit this user's website Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: