Building a Secure Contact Form
By Peter McNulty : 26-01-2005
Email Contact Forms
A contact form or an email form is often a critical part of a website, in allowing users to contact you regarding one or more issues. It is common in this day and age, not to provide a direct email address on your website in order to try and prevent yourself from receiving spam emails in the future. However, what many webmasters would do is to use a form mail script, which usually still contains the email address hidden in the form. Nowadays, email harvesters (programs that search the internet for email addresses) can search both visible and non visible text for email addresses.
In order to battle this, we must now use scripts that do not show the email address at all, so the server side scripting must deal with all the data. This is surprisingly not difficult to accomplish, but becomes a little more difficult when you start to require email to be sent to different departments.
Another problem is when you reply to the emails that users have sent you, your email address could possibly be entered into mailing lists that you do not want to be entered into. I will show you one possible method of combating this problem that I use quite effectively.
The Contact Form
First and foremost, we must create our contact form and decide what fields will be required. At the same time, it would be wise to do a Google Search for your email address, to find out if you have accidentally left it on your site, or another (hope not). You can use this to reduce the amount of spam you receive.
For the course of this article, I am going to assume that you have three different departments or email addresses that you want to use. One will be a general contact address for comments and feedback. Another will be for potential advertisers to contact you and the last will be for privacy issues relating to your site. This means that we have three email addresses to allow the user to select from, without showing them email addresses. Let's see the form:
If you are expecting a response, please enter a valid email address.
<form name="contact" method="post" action="contact.php">
Your Name: <input type="text" name="Name"><br>
Your Email: <input type="text" name="Email"><br>
Subject: <input type="text" name="Subject"><br><br>
<option value="1">General Feedback</option>
<option value="3">Privacy Issues</option>
<textarea name="Message" cols="30" rows="8"></textarea><br>
<input type="submit" name="submit" value="Contact Us">
Which, after some small additions of CSS (not included), would produce a form, looking something similar to this:
This form includes most of the necessary information websites require, however, if your website requires less or additional information, only some slight modifications are required.
There is only one thing special about this form, in that, our select box to choose where the email will be sent to, has a numeric value instead of an email address. This is our first method to reduce spam. You will see later how to use this information.
Page 1 of 3 >>