Freecall 1800 990 832

Online Forms Offer Better Data, More Security, and Less Spam

Unless you are a hermit or have terribly poor Internet manners, you’ll want to give your online visitors a way to contact you by e-mail.

The Mailto: Link

The easiest method, of course, is to include a mailto: link on your webpage, such as: "Please contact me if you desire." When your visitor clicks on the hyperlinked words, it pulls up the visitor’s e-mail program to send an e-mail. The HTML syntax is relatively simple:

Please contact me if you desire

By adding the subject after a question mark you can segregate these e-mails by subject line as they are delivered to you.

Please contact me if you desire

Nearly anyone can add a mailto: link to a webpage. But there are two drawbacks:

  • Spam. The underlying e-mail address is inevitably sucked up by spambots, resulting in an increasing deluge of spam.
  • Incomplete Data. Though you can control the subject line and will retrieve your sender’s e-mail address (and perhaps name), you often don’t get essential information such as phone number, address, etc. that enables you to provide immediate help.

Online Forms

A step forward is the use of an online form that provides fields for each piece of data you ask for. You can make some fields required, thus providing data consistency and completeness. An old standby is Matt Wright’s legendary FormMail program written in Perl (http://www.scriptarchive.com/formmail.html). Matt plugged some serious security holes in 2002, but such programs continue to have two weaknesses:

  • Spam. Though hidden from view, your recipient e-mail address may still accessible by spambots unless the program is custom written.
  • Security. Many generic form programs like FormMail can expose to view the file structure of your server, making it much easier for malicious or thieving hackers to attack your server, find your server password file, download your data, or perhaps even corrupt or destroy your site. Hackers also attempt to insert characters into data fields that will trigger errors that, in turn, expose your web server’s file structure.

More Secure Forms

Modern forms are designed for greater security against both spam and hackers.

  • Hidden configuration files. These days most forms hide sensitive data such as recipient e-mail address and file structure in a configuration file that cannot be viewed from a browser interface.
  • Field verification can prevent hackers from entering characters into your fields to provoke errors. Verification is best accomplished "server-side" by your forms program, rather than "client-side" using JavaScript on your visitor’s web browser — which can be bypassed by hackers.
  • JavaScript field verification, however, helps you get more consistent, error-free data from your visitors, avoiding skipped fields, incorrect characters in a field, etc.
  • CAPTCHA applications are a type of graphic challenge-response system. They display a word that (hopefully) can’t be read by a hacker’s computer, forcing hackers to personally look at each form they fill out. Hackers still pester some, but a CAPTCHA application does cut down on wholesale form spamming.
  • ScanAlert (www.scanalert.com) from McAfee is a paid service that regularly attempts to hack into your website, looking for poorly written programs and older versions of server software, PHP, MySQL, as well as other security problems. Sites that withstand this kind of scrutiny can display the HackerSafe logo, which has been often demonstrated to increase sales 10% to 15%. Without this kind of service, your site is likely to become vulnerable to attack without you even being aware of problems.

Some Helpful Tools

Here are form tools that may prove helpful. As you look for a program for your site: (1) observe how highly it is rated and by how many users, (2) read user reviews, (3) see if an online forum is available for support and user questions, and (4) look for a recent update date, a sign that a program is still under active development.

Need to find out more about your Getting your online forms happeningContact John here or call/sms 0414 955 743

Leave a Reply

Your email address will not be published. Required fields are marked *

Find Out More About Our Hugely Successful Social Media Chain