DMARC and Contact Form 7
If you use the Contact Form 7 WordPress plugin, and you see undeliverable email messages that mention a “DMARC policy” problem, you need to change how you’ve configured your form.
This problem happens because you’re doing two things:
- You’re sending your form results to an external email service such as gmail.com; and
- You’ve set up your form to send messages that claim to be “From” the address of the person filling out the form, using a “tag” like “[your-email]” in the “From” section, like this:
If the person filling out the form uses an address like “email@example.com”, your site will send a message that looks like this:
To: <firstname.lastname@example.org> From: "Real Name" <email@example.com> Subject: Contact form submission from example.com
But that’s a bad idea: example.com doesn’t have anything to do with yahoo.com, so you shouldn’t be sending messages claiming to be from yahoo.com. Gmail will think example.com is “forging” a Yahoo address. Many email providers now reject this kind of “forged” mail as “spam” even though they used to accept it.
(While it may be the case that your visitor really owns the address “firstname.lastname@example.org”, you don’t know if that’s actually true, and you can’t just take someone’s word for it on today’s Internet. And Gmail has no idea at all where you got the address from, or why example.com is trying to send mail that claims it’s from yahoo.com.)
One way to fix it: Avoid sending mail from addresses you don’t own
The best way to fix this is to send the messages “From” an address at your own domain name. If you have multiple addresses, it doesn’t matter which address you use as long as it ends with at your own domain name.
With Contact Form 7, it should look like this:
|Subject:||Contact form submission from example.com|
|Additional headers:||Reply-To: [email*]|
Here’s a screenshot:
We’ve simply put an address at your domain name in the “From” section, then moved the previous “From” tag to an additional “Reply-To” header. If you do this, the message recipient will still be able to press Reply in their email program to reply to the person who filled out the form.
By the way, using email* in Reply-To: [email*] simply marks the field as “required”. The Contact Form 7 documentation explains more about the field formats.
Another way to fix it: Deliver to a mailbox on our servers
An alternate way to fix this is to stop sending your form email to other mail servers. If you’re sending it to “email@example.com”, for example, Gmail is the company that’s detecting the “forgery” and rejecting the message.
This problem will never happen if you send the form results to a POP/IMAP/Webmail mailbox on our servers instead of sending them to another company.
So you can simply create a mailbox at your domain name, then change the “To” address in your Contact Form 7 settings to deliver the form results to that mailbox.
Copyright © 2000-2021 Tiger Technologies LLC