Allow users to contact each other without revealing private email addresses

Jonathan Hedstrom
March 16, 2009

Drupal's core contact module allows users of a site to contact one another via email. Unfortunately, it also reveals the sender's email address. Normally, this is seen as fine behavior because the only person's email address that is at stake is the one taking the action. However, for a recent site, this violated the site's stated COPPA compliance, so we needed to alter the From and Reply-To headers sent with the email. As it turns out, this is quite an easy thing to do thanks to hook_mail_alter().

/**
 * Implementation of hook_mail_alter().
 */
function somemodulename_mail_alter(&$message) {
  if ($message['id'] == 'contact_user_mail') {
    // Set 'From' address to a no-reply rather than leaking student's email address.
    $mail = 'NO-REPLY@example.com';
    $message['from'] = $mail;
    foreach (array('Reply-To', 'From') as $header) {
      $message['headers'][$header] = $mail;
    }
  }
}

Tagged as: Drupal, Drupal 6, email

8 comments

toemaz (not verified) wrote 1 year 19 weeks ago

variable_get

Instead of hard coding $mail, use
$mail = variable_get("site_mail", ini_get("sendmail_from"));

Jonathan Hedstrom wrote 1 year 19 weeks ago

Thanks toemaz, Yes, that

Thanks toemaz,

Yes, that would be better. I kept the code above simple to convey the point. Ideally, this would be configurable, either on a per-site basis, or even better, on a per-user basis (a user could choose to reveal their own email. or use a no-reply placeholder).

dalin (not verified) wrote 1 year 19 weeks ago

You might also want to add a

You might also want to add a link to the sender's contact page in the body of the email so that the recipient can somehow reply.

Visitor (not verified) wrote 1 year 15 weeks ago

Changing the contact page itself

This works absolutely perfectly! Thank you for the post. I'm trying to find where I would edit the actual contact page in Drupal to reflect the changes made through the hook now. On the contact page it still shows "From: username ". Do you know where I could change this so that it shows "From: username " so that I don't have to explain that while it shows their personal email here it won't show to the receiving user?

Jonathan Hedstrom wrote 1 year 14 weeks ago

You should be able to change

You should be able to change this section of the contact form via an implementation of hook_form_alter.

Visitor (not verified) wrote 50 weeks 3 days ago

CC

Does this affect the "Send yourself a copy" checkbox? I'm getting the following error when that box is checked and a user tries to send an email: The following From address failed: (the user's email address) The following From address failed: (the user's email address again)
Any way that this could be causing that?

gnat (not verified) wrote 33 weeks 1 day ago

How to use the user's email field instead?

this is a good way to modify the contact form, but how do we use the user's email address from the contact form itself? not all users submitting the contact form are registered users of the site, so it is difficult to get email addresses of anonymous users who use the contact form. (too many "use"'s, sorry)

-gnat

Chalo (not verified) wrote 13 weeks 2 days ago

BCC Email

Hi,

I think this is great, thanks for such great information. Is there a way of sending a bcc from the user contact form? thanks I would really appreciate your help.

Add your comment

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. Beside the tag style "<foo>" it is also possible to use "[foo]".

More information about formatting options