UPDATE: One day after updating my code, I got some crappo spam email via the contact form for stupid hand bags. I am done with email forms. If you cannot figure out how to reach me, I am not sure I want to hear from you.
Don’t even bother with what follows!
Email contact forms, so 1990s. So prone to spam, but I guess still needed. Maybe. I have on my landing site and was asked about it
@cogdog smartly i searched and found u made a contact-send.php for one of your projects any chance I could get a copy of that?
— Paully D (@paullydca) June 14, 2014
The Treble template I used for this site had a form, but nothing to process it. Using mailto: in the form action is pretty useless (won’t work in many client apps, especially mobile) and what you get is even more useless.
The template I used for another client project did have a PHP script to handle mailing of the message (using the PHP mail command). When I first set it up, all I got was spam. I did some research (and lost the link) but found some suggestions for tightening up the form to block spam.
I modified my form and saw the spam drop to zero. Then tonight while revisiting it to write this up, I noticed that I had left off the critical command to even send mail, so nothing at all has come my way.
Sorry if I ignored your message.
The main steps I had (thought I) put in place are:
- Name your php file something obscure
- Use non standard form field names for “name” and “email” since bots look for those to automatically insert into
- Create a dummy form field with a name of “email” and use CSS to hide it (it is not used, scripts will think they did their work, but the info put in the field is never used).
- Trap for missing referrer in the HTTP header (meaning the form content did not come from your original page, some bot/script tried to go directly to the form response)
So here is some of the elements in case you want to try, or better yet, tell me my method is crap.
This is the base of the form where people first encounter it- fields for “name”, “email”, “subject”, and “message”.
Create your own name for the form tag value of action=”” — this is the name of a php file you will create to process the form.
Also, edit the names of the fields for name and email to something non standard, cryptic. Something better than someobscurefieldname.
Now, make a new PHP file with the name you made up from above. Copy the header from your main file so it has all the stuff to format your page, and copy as well the form content. You will makes a few changes.
At the very top of your php response file, insert this code to manage the response
'. "\r\n" .'Reply-To: ' . $name . '<' . $fromemail . '>'. "\r\n" .'X-Mailer: PHP/' . phpversion();
// send it baby!
if ( mail( $emailto, $subject, $message, $headers ) ) {
// success message
$feedback_msg = "Some uplifting message of affirmation
";
} else {
// error error
$feedback_msg = "Some sympathizing but useless error message
";
}
}
?>
Yo will want to change the names of the variables $_POST[‘someobscurefieldname]] and $_POST[‘anotherobscurefieldname’] to match the ones used in your form name= and of course make the feedback strings relevant.
Somewhere above the form, find a place to insert the feedback
and copy the form, but add the value statements for the name and email fields so it remembers what your intrepid commenter has written
There you go. Not quite plug and play, and frankly I am leery it works. Frankly, I don’t want email from web contact forms.
But hey, someone might send you money.
I have to do also this, to name my file something obscure.