diff --git a/frappe/www/contact.py b/frappe/www/contact.py
index 15d639be97..b27685dfcb 100644
--- a/frappe/www/contact.py
+++ b/frappe/www/contact.py
@@ -4,6 +4,7 @@
 import frappe
 from frappe import _
 from frappe.rate_limiter import rate_limit
+from frappe.utils import validate_email_address
 
 sitemap = 1
 
@@ -23,14 +24,15 @@ def get_context(context):
 
 
 @frappe.whitelist(allow_guest=True)
-@rate_limit(limit=1000, seconds=60 * 60, methods=["POST"])
+@rate_limit(limit=1000, seconds=60 * 60)
 def send_message(sender, message, subject="Website Query"):
+	sender = validate_email_address(sender, throw=True)
 	if forward_to_email := frappe.db.get_single_value("Contact Us Settings", "forward_to_email"):
 		frappe.sendmail(recipients=forward_to_email, reply_to=sender, content=message, subject=subject)
 
 	frappe.sendmail(
 		recipients=sender,
-		content="Thank you for reaching out to us. We will get back to you at the earliest.",
+		content=f"<div style='white-space: pre-wrap'>Thank you for reaching out to us. We will get back to you at the earliest.\n\n\nYour query:\n\n{message}</div>",
 		subject="We've received your query!",
 	)