The above said issue is solved However there is one issue I ma facing.

When I receive the contact form inquiries on my mail id, It shows as name@indiavip2.noc401.com and I can't directly reply to the sender. See the attached screenshot.

Can anyone help me out through which I can avoid the above situated and get the sender email id in place of name@indiavip2.noc401.com so that I can directly reply.

** I had changed $mailheader = "From: $name \r\n"; to "From: $email \r\n"; but this condition is not working for yahoo id.

Please help me.[ATTACH]5491[/ATTACH]

These emails are not being sent from the user that has filled in the form. They are being sent from the mail server at your web hosting. The From: email header must either be an email address that directly corresponds to the domain at the sending mail server or there must be a DNS SPF (Sender Policy Framework) record at the domain being used in the From: email address that indicates the sending mail server is authorized to send email for that domain.

You can put the entered email address in a Reply-to: email header, but you must validate that it is only and exactly one email address in order to prevent mail header injection, which will allow a spammer to send emails containing any subject and content to any email addresses he wants.

pbismad;11065497 wrote:

These emails are not being sent from the user that has filled in the form. They are being sent from the mail server at your web hosting. The From: email header must either be an email address that directly corresponds to the domain at the sending mail server or there must be a DNS SPF (Sender Policy Framework) record at the domain being used in the From: email address that indicates the sending mail server is authorized to send email for that domain.

You can put the entered email address in a Reply-to: email header, but you must validate that it is only and exactly one email address in order to prevent mail header injection, which will allow a spammer to send emails containing any subject and content to any email addresses he wants.

I will try to work on this

I had used "-f" .$email in the code as given below and I started receiving inquiries on Hotmail id. However, If I send inquiry from Mobile, I am unable to receive it. Please help.
mail($to, $subject, $formcontent, $mailheader, "-f" .$email)

this the mail you receive is being forwarded by the server you are hosted on. If you are using gmail for example link it with your web mail account and you can directly reply as the info@ect ect . So in essence you gmail will have you gmail , a acounts@ and a info@ depending on hw many email clients you have or which you need. No php or vulnerabilities.

You should be careful using the php [man]mail[/man] function to send mail. This function will queue up a message to be sent by your server's mail transfer agent. It will only return FALSE if there is some problem with your server's mail configuration. And even if your system responds well and mail() returns TRUE there are no guarantees that the mail will ever get delivered. I have found that it is very common for any cloud-hosted servers to be on an email ban list by default. There is a very good reason for this. If they weren't, then anyone could just fire up a cloud server and start sending spam mail.

Now, assuming that your mail function is correctly sending email and this email is arriving in your inbox, you can send additional custom headers using the mail function. YOU SHOULD BE VERY CAREFUL ADDING WHEN PUTTING USER INPUT DIRECTLY INTO MAIL HEADERS OR YOUR SCRIPT WILL BECOME AN OPEN RELAY AND BAD GUYS CAN USE IT TO SEND SPAM.. Always always always validate user input before you start cramming it into functions like mail.

If you want a reply-to header put into these emails (which should help accomplish what you want, then you might do something like this:

<?php
// YOU SHOULD VALIDATE THIS...maybe check to make sure it's just letters and spaces
$name = $_POST['name'];

$email = $_POST['email'];
// validate the email! This function is not perfect but it's pretty darn good.
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
  die("$email is not a valid email address");
}

// VALIDATE this! numbers, spaces and dashes only?
$phone = $_POST['phone'];

// can't really validate this
$message = $_POST['message'];

// I added additional line breaks in the beginning hoping to prevent a bad guy from injecting mail headers into your message
$formcontent="\r\n\r\nName: $name \n Email: $email \n Phone: $phone \n Message: $message";
$to = "XXXXXX@hotmail.com";
$subject = "Siddharud Electrical Contact Form";
$mailheader = "From: $name \r\n";

// add FROM and reply-to headers
$mailheader .= "reply-to: $email\r\nfrom: $email\r\n";

mail($to, $subject, $formcontent, $mailheader) or die("Error!");
echo "<br><br><p style='color:#000'><b>Thank You $name</b></p><p style='color:#000'>We will be in touch as soon as possible.</p>";
echo "<p style='color:#000'>Go to <a href='index.html'><b>Home Page</b></a></p>";
?>

You might consider reading about email header injection to get a better idea of what I'm talking about.

Or use PHPMailer, which is easier, safer, and more robust than the native mail() function. Having said that, you'll still want to follow sneakyimp's advice about email header injection.

PHPMailer is a good suggestion. PEAR::Mail also works. These libraries allow you to make a connection to a remote mail server (they work with gmail or other SMTP servers) so that you can send outgoing email through some existing email address.