diff --git a/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php b/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php
--- a/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php
+++ b/src/applications/metamta/storage/PhabricatorMetaMTAReceivedMail.php
@@ -105,6 +105,7 @@
 
   public function processReceivedMail() {
 
+    $sender = null;
     try {
       $this->dropMailFromPhabricator();
       $this->dropMailAlreadyReceived();
@@ -140,7 +141,7 @@
           // This error is explicitly ignored.
           break;
         default:
-          $this->sendExceptionMail($ex);
+          $this->sendExceptionMail($ex, $sender);
           break;
       }
 
@@ -150,7 +151,7 @@
         ->save();
       return $this;
     } catch (Exception $ex) {
-      $this->sendExceptionMail($ex);
+      $this->sendExceptionMail($ex, $sender);
 
       $this
         ->setStatus(MetaMTAReceivedMailStatus::STATUS_UNHANDLED_EXCEPTION)
@@ -305,9 +306,14 @@
     return head($accept);
   }
 
-  private function sendExceptionMail(Exception $ex) {
-    $from = $this->getHeader('from');
-    if (!strlen($from)) {
+  private function sendExceptionMail(
+    Exception $ex,
+    PhabricatorUser $viewer = null) {
+
+    // If we've failed to identify a legitimate sender, we don't send them
+    // an error message back. We want to avoid sending mail to unverified
+    // addresses. See T12491.
+    if (!$viewer) {
       return;
     }
 
@@ -364,9 +370,8 @@
 
     $mail = id(new PhabricatorMetaMTAMail())
       ->setIsErrorEmail(true)
-      ->setForceDelivery(true)
       ->setSubject($title)
-      ->addRawTos(array($from))
+      ->addTos(array($viewer->getPHID()))
       ->setBody($body)
       ->saveAndSend();
   }