UPDATE: One day after updating my code, I got some crappo spam email via the contact form for stupid hand bags. I am done with email forms. If you cannot figure out how to reach me, I am not sure I want to hear from you.

nuked comment form

Don’t even bother with what follows!


Email contact forms, so 1990s. So prone to spam, but I guess still needed. Maybe. I have on my landing site and was asked about it

The Treble template I used for this site had a form, but nothing to process it. Using mailto: in the form action is pretty useless (won’t work in many client apps, especially mobile) and what you get is even more useless.

The template I used for another client project did have a PHP script to handle mailing of the message (using the PHP mail command). When I first set it up, all I got was spam. I did some research (and lost the link) but found some suggestions for tightening up the form to block spam.

I modified my form and saw the spam drop to zero. Then tonight while revisiting it to write this up, I noticed that I had left off the critical command to even send mail, so nothing at all has come my way.

Sorry if I ignored your message.

The main steps I had (thought I) put in place are:

  • Name your php file something obscure
  • Use non standard form field names for “name” and “email” since bots look for those to automatically insert into
  • Create a dummy form field with a name of “email” and use CSS to hide it (it is not used, scripts will think they did their work, but the info put in the field is never used).
  • Trap for missing referrer in the HTTP header (meaning the form content did not come from your original page, some bot/script tried to go directly to the form response)

So here is some of the elements in case you want to try, or better yet, tell me my method is crap.

This is the base of the form where people first encounter it- fields for “name”, “email”, “subject”, and “message”.

Create your own name for the form tag value of action=”” — this is the name of a php file you will create to process the form.

Also, edit the names of the fields for name and email to something non standard, cryptic. Something better than someobscurefieldname.

Now, make a new PHP file with the name you made up from above. Copy the header from your main file so it has all the stuff to format your page, and copy as well the form content. You will makes a few changes.

At the very top of your php response file, insert this code to manage the response

Yo will want to change the names of the variables $_POST[‘someobscurefieldname]] and $_POST[‘anotherobscurefieldname’] to match the ones used in your form name= and of course make the feedback strings relevant.

Somewhere above the form, find a place to insert the feedback

and copy the form, but add the value statements for the name and email fields so it remembers what your intrepid commenter has written

There you go. Not quite plug and play, and frankly I am leery it works. Frankly, I don’t want email from web contact forms.

But hey, someone might send you money.

If this kind of stuff has value, please support me by tossing a one time PayPal kibble or monthly on Patreon
Profile Picture for Alan Levine aka CogDog
An early 90s builder of the web and blogging Alan Levine barks at CogDogBlog.com on web storytelling (#ds106 #4life), photography, bending WordPress, and serendipity in the infinite internet river. He thinks it's weird to write about himself in the third person.


Leave a Reply

Your email address will not be published. Required fields are marked *