This can be done by exposing the email message that will be generated in an event (e.g. several fields in the event arguments - from, to, subject, body). There can be both client-side and server-side events to allow using different APIs. A client-side event should be cancellable to prevent the callback we generate by default. The issue with a client-side event is that the Captcha cannot be validated on the client, only on the server, so a client-side event can create an opportunity for spam and abuse.