diff --git a/assets/php/contact_form.php b/assets/php/contact_form.php
index 483eea85..d0c8e33c 100644
--- a/assets/php/contact_form.php
+++ b/assets/php/contact_form.php
@@ -1,17 +1,35 @@
 <?php
 session_start();
 
-function sanitize_text(string $name) {
-    $text = filter_var($_POST[$name], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
+function sanitize_text(string $name, string $type) {
+    $filters = array(
+        'text' => FILTER_SANITIZE_SPECIAL_CHARS,
+        'email' => FILTER_SANITIZE_EMAIL,
+    );
     $text = trim($text);
+    $text = filter_var($_POST[$name], $filters[$type]);
     $text = stripslashes($text);
-    $text = htmlspecialchars($text);
 
     return $text;
 }
 
+function prepare_message_body($message) {
+    // Replace HTML-Entities with actual carriage returns and line feeds
+    $message = str_replace("&#13;", "\r", $message);
+    $message = str_replace("&#10;", "\r", $message);
+
+    // Ensure line breaks via carriage return + line feed
+    $message = str_replace("\r\n", "\n", $message);
+    $message = str_replace("\n", "\r\n", $message);
+
+    $message = "Nachricht von: $name\r\n\r\n" . $message;
+    $message = base64_encode($message);
+
+    return $message;
+}
+
 /**
- *  Sending email (Platzhalter)
+ *  Sending email
  *
  *  mail(): Braucht auf dem Server einen korrekt konfigurierten Mailserver
  *  phpmailer: Bibliothek, der per Composer installiert wird. Tut ganz gut mit SMTP.
@@ -19,12 +37,14 @@ function sanitize_text(string $name) {
 function send_message_to_office($subject, $message, $name, $email) {
     return mail(
         getenv('WTF_CONTACT_TO'),
-        $subject,
-        $name . "\r\n" . $message,
+        "=?UTF-8?B?" . base64_encode($subject) . "?=",
+        prepare_message_body($message),
         $additional_headers = array(
             "From" => getenv('WTF_CONTACT_FROM'),
             "Reply-To" => $email,
             "Return-Path" => getenv('WTF_RETURN_PATH'),
+            "Content-Type" => "text/plain; charset=utf-8",
+            "Content-Transfer-Encoding" => "base64",
         ),
     );
 }
@@ -75,10 +95,10 @@ function prepare_response() {
         $response['errors'][] = 'Wir glauben Sie sind ein Bot.';
     }
     if (!array_key_exists('errors', $response)) {
-        $subject = sanitize_text('subject');
-        $message = sanitize_text('message');
-        $name = sanitize_text('name');
-        $email = sanitize_text('email');
+        $subject = sanitize_text('subject', 'text');
+        $message = sanitize_text('message', 'text');
+        $name = sanitize_text('name', 'text');
+        $email = sanitize_text('email', 'email');
 
         if (!send_message_to_office($subject, $message, $name, $email)) {
             $response['errors'][] = 'Ihre Nachricht konnte nicht übermittelt werden.';