Important: Correct Sender Addresses for Email Forms
Summary
When a website form sends submitted content by email, the sender address must be set correctly.
In most cases, the email should be sent from an address under the same domain as the website, for example forms@yourdomain.com. The sender address should usually exist as a real mailbox, alias, forwarding address or valid sender address at the hosting or mail provider.
For reliable delivery, especially to Gmail, Outlook and business mailboxes, SPF, DKIM and sometimes DMARC must also be configured correctly.
This rule applies regardless of whether u5CMS sends the email through SMTP or without SMTP through the server or hosting environment.
The Basic Rule
If your website is:
www.yourdomain.com
then your form should normally send emails from an address such as:
- forms@yourdomain.com
- noreply@yourdomain.com
- website@yourdomain.com
- info@yourdomain.com
The form should not normally send emails as if they came directly from the visitor’s private email address, for example:
visitor@gmail.com
This is important because modern mail systems check whether the sending server is allowed to send emails for the domain shown in the sender address.
The Wrong Setup
A common but problematic setup looks like this:
From: visitor@gmail.com
To: info@yourdomain.com
This may look convenient, because you immediately see the visitor’s address as the sender. But technically it is wrong in many cases.
Your website server is not Gmail. It is not authorised to send mail on behalf of gmail.com. As a result, the email may fail SPF, DKIM or DMARC checks. The message may then be rejected, delayed, or placed in the spam folder.
This is especially problematic when the visible sender address belongs to a large provider such as Gmail, Outlook, Yahoo or another domain that uses strict sender authentication.
The Correct Setup
A better setup is:
From: forms@yourdomain.com
To: info@yourdomain.com
Reply-To: visitor@gmail.com
This means that the email is technically sent by your own website domain, while replies still go to the visitor.
So when you click “Reply” in your email program, your reply goes to the visitor’s email address because the visitor’s address is stored in the Reply-To field.
This is the clean and reliable setup for most contact forms, order forms, booking forms and registration forms.
u5CMS Mail Sending: With or Without SMTP
u5CMS can send emails in different technical ways.
Depending on the installation and configuration, u5CMS may send emails:
- with SMTP, using a configured SMTP server or SMTP account
- without SMTP, using the server-side mail function or the hosting environment’s mail system
Both variants can work.
But the sender address rule remains the same:
The form should send as the website domain, not as the visitor.
The u5CMS configuration reference for config.php contains SMTP-related settings such as `$mysmtpoptions`, SMTP host, SMTP port, connection class, TLS, username and password. It also contains related mail parameters such as `$doublepasswordmailing` and `$serialmailmethod`.
See:
This means that email delivery is not only a question of the form itself. It also depends on the mail configuration in the u5CMS installation, the hosting environment and the DNS records of the domain.
If u5CMS Sends With SMTP
If u5CMS sends with SMTP, the email is sent through a configured mail server.
A typical clean setup is:
SMTP account: forms@yourdomain.com
From: forms@yourdomain.com
To: info@yourdomain.com
Reply-To: visitor@gmail.com
This is usually the preferred setup if the provider offers SMTP access.
The SMTP account, the sender address and the provider’s sender rules should match.
Do not assume that SMTP automatically fixes a wrong sender address. Even when SMTP is used, the form should not normally send emails with the visitor’s private email address as the From address.
Wrong:
SMTP account: forms@yourdomain.com
From: visitor@gmail.com
Better:
SMTP account: forms@yourdomain.com
From: forms@yourdomain.com
Reply-To: visitor@gmail.com
If SMTP authentication is used, the username and password must be configured correctly in u5CMS. The SMTP server, port and encryption setting must also match the provider’s documentation.
Common SMTP settings include:
- SMTP server name
- SMTP port, often 587 for authenticated sending with TLS
- TLS or SSL setting
- SMTP username
- SMTP password
- allowed sender address
The exact values must come from the hosting or mail provider.
If u5CMS Sends Without SMTP
If u5CMS sends without SMTP, the email is sent by the website server or by the hosting environment.
This can also work, but the domain must allow this sending path.
In practice, this usually means:
- the website server or hosting platform must be allowed in SPF
- the sender address should still belong to the website domain
- the sender address should exist or be accepted by the provider
- DKIM signing may depend on the hosting setup
- DMARC must not contradict the actual sending path
A typical setup without SMTP is:
Website server: sends the email
From: forms@yourdomain.com
To: info@yourdomain.com
Reply-To: visitor@gmail.com
SPF: allows the website server or hosting environment to send for yourdomain.com
This can be acceptable if the hosting provider supports this configuration properly.
But if the server is not authorised in SPF, or if DKIM/DMARC do not align, delivery may become unreliable.
SMTP or No SMTP: What Is Better?
As a general rule, SMTP is often the cleaner and more transparent setup.
With SMTP, the form sends through a defined mail account or mail server. Authentication, sender address and provider rules are easier to understand and easier to test.
Without SMTP, the form depends more strongly on the web server and hosting environment. This can still be correct, but it is easier to overlook SPF, DKIM or DMARC details.
Recommended approach:
- Use SMTP if the provider offers a suitable SMTP account and the setup can be configured correctly.
- Use server mail without SMTP only if the hosting provider supports it properly and the DNS records allow it.
- In both cases, use a sender address under the website domain.
- In both cases, use the visitor’s email address as Reply-To, not as From.
The Sender Address Should Usually Exist
The sender address used by the form should usually be created at your hosting or mail provider.
For example, if your form sends from:
forms@yourdomain.com
then forms@yourdomain.com should normally exist as one of the following:
- a real mailbox
- an alias
- a forwarding address
- another valid sender address accepted by your provider
Do not simply invent a sender address that does not exist.
Some providers are stricter than others. If the sender address does not exist, the form may still appear to work in some cases, but delivery can become unreliable. Messages may be rejected by the sending server or treated as suspicious by the receiving server.
This is particularly important when SMTP is used. Many SMTP providers only allow sender addresses that belong to the authenticated account or that have been explicitly authorised.
SPF, DKIM and DMARC
There are three important terms you may see in your hosting or DNS settings:
SPF defines which servers are allowed to send emails for your domain.
DKIM adds a digital signature to outgoing emails. The receiving mail server can then check whether the email was really sent by an authorised system and whether it was changed on the way.
DMARC tells receiving mail servers what to do when an email does not pass SPF or DKIM checks. DMARC also checks whether the authenticated domain matches the domain in the visible sender address.
You do not need to understand every technical detail. But you do need to know this:
The domain in the sender address must match the domain that is technically allowed to send the email.
For website forms this usually means:
- If the form sends through SMTP, SPF/DKIM/DMARC must support the SMTP provider.
- If the form sends without SMTP, SPF/DKIM/DMARC must support the website server or hosting environment.
- If both sending methods are used, both must be considered.
Special Note for Gmail
Gmail is strict about sender authentication.
If your form emails are sent to Gmail or Google Workspace addresses, incorrect sender settings can easily cause delivery problems.
Google requires senders to authenticate email with SPF or DKIM. For larger sending volumes, SPF, DKIM and DMARC are required. Gmail also warns against impersonating Gmail addresses in the From header.
This is exactly why a website form should not send as:
From: visitor@gmail.com
Instead, it should send as:
From: forms@yourdomain.com
Reply-To: visitor@gmail.com
Even if you are not a bulk sender, it is good practice to configure SPF, DKIM and DMARC properly.
METANET FAQ
If your domain or website is hosted at METANET, check the METANET help pages before configuring your form.
Start here:
The most relevant topics to search for in the METANET support area are:
- SPF DNS record
- DKIM
- DMARC
- Plesk DNS settings
- Business Mail
- SMTP settings
METANET explains DKIM and DMARC here:
METANET explains the basic email terms, including SPF, DKIM and DMARC, in its email glossary here:
If you use another provider, look for the same topics in that provider’s help pages:
- SPF
- DKIM
- DMARC
- SMTP
- Plesk DNS settings
- mail form sender address
- authenticated SMTP sending
u5CMS Configuration Reference
For u5CMS installations, also check the u5CMS config.php reference:
This file is relevant because u5CMS mail delivery can depend on configuration values in config.php, especially when SMTP is used.
When checking a u5CMS installation, look in particular for:
- whether SMTP is configured
- the SMTP server name
- the SMTP port
- the encryption setting, for example TLS
- the SMTP username
- the sender address used by the form
- whether the SMTP provider allows that sender address
- whether server mail or PHP mail is used for any additional mail path
- whether serial mail settings are relevant for larger mailings
Do not publish SMTP passwords in documentation, screenshots or support tickets unless this is explicitly required and the channel is secure.
Practical Checklist
Before activating or troubleshooting an email form, check the following:
- The website domain is clear, for example yourdomain.com.
- The form sender address is under the same domain, for example forms@yourdomain.com.
- The sender address exists as a mailbox, alias, forwarding address or valid sender address at the provider.
- The visitor’s email address is used as Reply-To, not as the technical sender address.
- It is clear whether u5CMS sends the form email with SMTP or without SMTP.
- If u5CMS sends with SMTP, the SMTP server, port, encryption setting, username and password are correct.
- If u5CMS sends with SMTP, the SMTP account and sender address match or are explicitly allowed by the provider.
- If u5CMS sends without SMTP, the website server or hosting environment is allowed to send email for the domain.
- SPF is configured for the correct sending path.
- DKIM is enabled if the provider supports it.
- DMARC is checked and, where necessary, configured.
- The u5CMS config.php mail settings have been checked.
- A test email is sent to Gmail.
- A test email is sent to a business mailbox, if possible.
- The email is checked to make sure replies go to the visitor.
- The email headers are checked if delivery problems remain.
Recommended Standard Setup
For a normal website form, use this setup:
Website: www.yourdomain.com
Sender address: forms@yourdomain.com
Recipient: info@yourdomain.com
Reply-To: the visitor’s email address
u5CMS mail mode: SMTP if available and properly configured; otherwise server mail is possible if the hosting and DNS setup support it
SPF: configured according to the actual sending path
DKIM: enabled if available
DMARC: configured or at least checked
This setup is simple, clean and understandable for most users.
The most robust variant is usually:
SMTP account: forms@yourdomain.com
From: forms@yourdomain.com
Reply-To: visitor’s email address
This makes it clear who technically sends the email and who should receive the reply.
Important Warning
Do not copy an old form script and only change the recipient address.
Many older form scripts send emails in a way that worked years ago but is no longer reliable today. Email providers are now much stricter because of spam, phishing and sender spoofing.
A form can appear to work for some recipients and still fail for Gmail, Outlook or business mailboxes.
Also do not assume that changing from server mail to SMTP, or from SMTP to server mail, automatically solves the problem. The sender address, authentication method and DNS records must match the chosen sending method.
Typical Mistakes
Avoid these common mistakes:
- using the visitor’s private email address as From
- using a sender address that does not exist
- using SMTP credentials for one mailbox but a different unauthorised sender address
- forgetting to update SPF when the website server sends mail
- forgetting to update SPF when an external SMTP provider or SMTP relay sends mail
- enabling DMARC before all legitimate sending paths are understood
- testing only with one mailbox and assuming delivery works everywhere
- ignoring Gmail because the message arrived correctly in another mailbox
Simple Rule to Remember
The website should send email as itself, not as the visitor.
Use:
From: forms@yourdomain.com
and:
Reply-To: visitor’s email address
This small difference is often the key to reliable email delivery from website forms.
Whether u5CMS sends with SMTP or without SMTP, the principle is the same:
The visible sender address, the technical sending path and the domain’s SPF/DKIM/DMARC configuration must fit together.