I used to use in the bad old days of doing websites and the best thing around for processing form emails was Matt Wrights FormMail and the infamous FormMail clones almost every server had installed by default if they were doing virtual hosting. Face it Matts cgi script was a beautiful piece of cgi and perl but no matter how hard they tried to plug up the huge security holes in it it just became more sensible to not use it.
So what to use when processing a form? We need it secure, hardened from header injections (You deal with 4000+ emails all bounces from a BCC header injection of a 5000+ email list... not fun...)
We need it easy to implement. Since I love php I started searching for a php based mail processor and if it was free even better.
I came across dodosmail almost by accident a friend of a friend recommended it and knew I was looking for a solid php form mail processor, something light and secure.
dodosmail met all my needs and it is now the only form processor I use for our CMS and other instances where a client needs a good email processing app.
Why putting your email address on your site is a bad idea
You have seen it, lists of peoples names followed by their email address with a mailto: link on it and everyone of those people if you asked would all state they get alot of spam.Why?
Because spam spiders live for mailto: links and the almighty @ they scour the internet spidering like the benign and helpful spiders googlebot and msn bot but in the case of spam spiders or email harvesters (sounds more like a plague of locusts if you ask me) they scour all the servers out for every followable link and not paying any attention to your robots.txt file they look for mailto: links and the @ symbol looking for emails addresses to spam.So what is a guy supposed to do?
Get smart thats what. People try to hide their email addresses by typing it al AT out DOT COM.Spiders will recognize a pattern of words and know to look for simple tricks like that. Using a script like dodosmail allows you to have the processing script or file hold the domain or query for the domain from a Database to make up the @mydomain.com of any email address you pass to it. and allows you to pass the user portion of the email address via HTTP GET or POST
http://www.mydomain.com/contact-form.html?send_to=dave
to pass the send_to variable to the form page and set the value of the hidden field that posts the user portion to the dodosmail form processor to complete the full email address.
SO if your company has a large member list or employee list with everyones email address after it get your web developer to get with the 21st century create "Contact Dave" type links that pass the user portion to the contact form and if no user id or name is passed then the php else condition could be to show a drop down menu where the visitor can select from a list of Departments or Employees or members names what ever the situation with your organization and use a single form and a single form processing file to do the job.
Narrowing the avenues for spambots to inject spam data into your form fields and if you like the captcha visual image code system dodosmail comes with that as well giving another layer of control over your contact forms and making sure you dont have to list your email address on the web but still allowing you have interactive ways of contacting yo about your business goodss, products and or services.
No comments:
Post a Comment