Emails sent out by contact forms should be sent from the website with a 'from' email address such as <firstname.lastname@example.org> (assuming your website is 'example.com').
WordPress should never use the customer's email address entered into the form as the 'from' address.
Since your website is sending the emails, the 'from' address should only be one you control and matches the domain of the website. The email address the site visitor enters in the contact form can be put in the Reply-To header, so when you click reply on the email it goes to them. This is related to a mail policy change DreamHost announced in April 2012. More details are also listed here:
This is an example of a smart way to send out emails from a contact form:
From: Site Visitor <email@example.com> Reply-To: Site Visitor <firstname.lastname@example.org> To: Admin <email@example.com> Subject: Contact Form Submission
The email addresses above assume your website is 'example.com' and that these are addresses you've set up on the domain.
Contact Form 7
Contact Form 7 is a contact form plugin that lets you completely control the emails it sends, directly from within the WordPress admin panel. You can use it to send emails with the name of the site visitor and a site admin's email address.
To set up Contact Form 7:
- Log into your WordPress site at example.com/wp-admin.
- In the left column, click the ‘Plugins’ category and at the top click 'Add New'.
- In the search field, enter Contact Form 7. Locate the plugin and install it.
- After it's installed, locate it it on the 'Plugins' page.
- Click the ‘Settings’ link.
- Find the specific contact form you wish to edit, and then click its ‘Edit’ link.
- Click the ‘Mail’ tab at the top.
- Adjust your ‘From’ and ‘Additional Headers’ fields as shown above.
View the following articles for further information:
Jetpack contact form
Jetpack's contact form does not have an option to easily adjust the from address for sending mail. You can manually hack the PHP code of Jetpack to adjust that, but any modifications to the code of Jetpack run the risk of being overwritten whenever Jetpack updates. Also, Jetpack's contact form shortcodes can interfere with other contact forms.
By default, Jetpack’s contact form is not enabled. However, if you’ve enabled it in the past, you can disable the Jetpack contact form in order to use all the other cool Jetpack features while using a different plugin's contact form.
- After logging into your WordPress panel, visit the Jetpack modules page at the following URL:
- Hover over the ‘Contact Form’ option, and then click the ‘Deactivate’ link on the right.
WPForms-lite allows you to change the 'From' and 'Reply-To' in its settings.
- After you've installed the plugin, click the 'WPForms' menu item in the left panel.
- Hover over your form name. A few options appear below it. Click 'Edit'. This loads your form.
- In the left menu choose 'Settings'.
- In the pop-out window choose 'Notifications'.
- Scroll down to the 'From Email' and 'Reply-To' email fields and update as necessary.
What if I want to use a 'from' email that is NOT on my domain?
If you do not want to use a 'from' email that's on your domain (such as firstname.lastname@example.org), you can force SMTP authentication by using a plugin. View the following article for further details: