Reply-To
Permalink Browser Info Environment
Nice utility addon which successfully changed the form result From (sender) email address to the specific value entered without having to edit config files - good.
It would be helpful to have another Handyman entry to change the form result Reply-To email address as well. You have many, somewhat less common or even obscure entries enabling the change of config settings but I don't see a Handyman control to change the Reply-To value for form result emails.
Of course, one could say that why would anyone want to change the Reply-To value when most site admins, moderators, etc. would likely want to have the convenience of simply clicking reply to a form result email in order to contact what appears to be the individual who used the form to make such contact.
However, there exists the possibility of someone entering an email address that is not their own when they use the contact form in a nefarious effort to generate essentially a spam type message to a third party when a site admin/moderator clicks reply without carefully reviewing the provided email address.
We often make an attempt to validate the email address provided in a contact form submission before replying to it so as to minimize if not eliminate a scenario like the one described above. To assume that every form submission contains the legitimate email address of the individual completing the form is a bit too trusting at least for our client in this particular case.
If you don't feel that including an additional Handyman control/entry, to enable changing the Reply-To email address on form result emails, is needed by enough users to warrant your effort, that's fine as we can always just edit the config script. It would be helpful to have this additional control for our clients to use so we don't have to edit, and then track in changelogs, those changes to config scripts but it's not fatal for us.
Thanks.
It would be helpful to have another Handyman entry to change the form result Reply-To email address as well. You have many, somewhat less common or even obscure entries enabling the change of config settings but I don't see a Handyman control to change the Reply-To value for form result emails.
Of course, one could say that why would anyone want to change the Reply-To value when most site admins, moderators, etc. would likely want to have the convenience of simply clicking reply to a form result email in order to contact what appears to be the individual who used the form to make such contact.
However, there exists the possibility of someone entering an email address that is not their own when they use the contact form in a nefarious effort to generate essentially a spam type message to a third party when a site admin/moderator clicks reply without carefully reviewing the provided email address.
We often make an attempt to validate the email address provided in a contact form submission before replying to it so as to minimize if not eliminate a scenario like the one described above. To assume that every form submission contains the legitimate email address of the individual completing the form is a bit too trusting at least for our client in this particular case.
If you don't feel that including an additional Handyman control/entry, to enable changing the Reply-To email address on form result emails, is needed by enough users to warrant your effort, that's fine as we can always just edit the config script. It would be helpful to have this additional control for our clients to use so we don't have to edit, and then track in changelogs, those changes to config scripts but it's not fatal for us.
Thanks.
| Type: | Pre-Sale |
|---|---|
| Status: | Resolved |
So, we have configured the sender address for form results to use the "noreply" convention at our domain which is fine but, yes, since there is a defined email address field in the form, this results in that address being populated in the message header as a reply-to address.
In the case of human-generated spam messages from the form (yes, we have reCaptcha enabled to minimize bot-generated spam), the concern was that if one of our staff hits reply their response may be going to a third party's email which is typical when a form that generates an email message with responses is used to promulgate spam.
We'll see if enabling Google reCapture is sufficient to minimize or eliminate such form response emails. If not, we'll simply write our own PHP script to create the form instead of using Concrete5's internal Form object and thereby further control the reply-to header value. We already do this for another form on this client's site which is generated by PHP code.
I asked because your handy(man) utility is nice when a client wants, and is capable, of setting additional configuration parameters on their own and I thought perhaps having it as an addition might be something you would consider in a future update.
Again, no worries as we can simply use PHP code if that becomes necessary and bypass the c5 internal form object, etc.
Thanks.
In the case of human-generated spam messages from the form (yes, we have reCaptcha enabled to minimize bot-generated spam), the concern was that if one of our staff hits reply their response may be going to a third party's email which is typical when a form that generates an email message with responses is used to promulgate spam.
We'll see if enabling Google reCapture is sufficient to minimize or eliminate such form response emails. If not, we'll simply write our own PHP script to create the form instead of using Concrete5's internal Form object and thereby further control the reply-to header value. We already do this for another form on this client's site which is generated by PHP code.
I asked because your handy(man) utility is nice when a client wants, and is capable, of setting additional configuration parameters on their own and I thought perhaps having it as an addition might be something you would consider in a future update.
Again, no worries as we can simply use PHP code if that becomes necessary and bypass the c5 internal form object, etc.
Thanks.
Interesting ... setting form option to **None now results in the reply-to value in the message header to be the same as what we set for sender email. A previous test produced a different result or at least that is what is noted in our changelog.
SO, it appears this minor "issue" is actually resolved and you may disregard.
Thanks.
SO, it appears this minor "issue" is actually resolved and you may disregard.
Thanks.
Thanks for the feedback.
Closing this issue since handyman can't do anything about it
Closing this issue since handyman can't do anything about it
If so, the "reply-to" email address is the same as the sender one (except the case when you add an "Email Address" question and you enable its "Reply to this email address" option).
There's no other configurable way to control the Reply-To email address...