Online Forms Offer Better Data, More Security, and Less Spam

by Dr. Ralph F. Wilson

Unless you are a hermit or have terribly poor Internet manners, you'll want to give your online visitors a way to contact you by e-mail.

The Mailto: Link
The easiest method, of course, is to include a mailto: link on your webpage, such as: "Please contact me if you desire". When your visitor clicks on the hyperlinked words, it pulls up the visitor's e-mail program to send an e-mail. The HTML syntax is relatively simple:

<P>Please <A HREF="mailto:info@domain.com">contact me</A> if you desire.</P>

By adding the subject after a question mark you can segregate these e-mails by subject line as they are delivered to you.

<P>Please <A HREF="mailto:info@domain.com?subject=General Information">contact me</A> if you desire.</P>

Nearly anyone can add a mailto: link to a webpage. But there are two drawbacks:

Spam. The underlying e-mail address is inevitably sucked up by spambots, resulting in an increasing deluge of spam.

Incomplete Data. Though you can control the subject line and will retrieve your sender's e-mail address (and perhaps name), you often don't get essential information such as phone number, address, etc. that enables you to provide immediate help.

Online Forms
A step forward is the use of an online form that provides fields for each piece of data you ask for. You can make some fields required, thus providing data consistency and completeness.

Spam. Though hidden from view, your recipient e-mail address may still accessible by spambots unless the program is custom written.

Security. Many generic form programs can expose to view the file structure of your server, making it much easier for malicious or thieving hackers to attack your server, find your server password file, download your data, or perhaps even corrupt or destroy your site. Hackers also attempt to insert characters into data fields that will trigger errors that, in turn, expose your web server's file structure.

More Secure Forms
Modern forms are designed for greater security against both spam and hackers.

Hidden configuration files. These days most forms hide sensitive data such as recipient e-mail address and file structure in a configuration file that cannot be viewed from a browser interface. Field verification can prevent hackers from entering characters into your fields to provoke errors.

Verification is best accomplished "server-side" by your forms program, rather than "client-side" using JavaScript on your visitor's web browser -- which can be bypassed by hackers. JavaScript field verification, however, helps you get more consistent, error-free data from your visitors, avoiding skipped fields, incorrect characters in a field, etc.

CAPTCHA applications are a type of graphic challenge-response system. They display a word that (hopefully) can't be read by a hacker's computer, forcing hackers to personally look at each form they fill out. Hackers still pester some, but a CAPTCHA application does cut down on wholesale form spamming.

ScanAlert from McAfee is a paid service that regularly attempts to hack into your website, looking for poorly written programs and older versions of server software, PHP, MySQL, as well as other security problems. Sites that withstand this kind of scrutiny can display the HackerSafe logo, which has been often demonstrated to increase sales 10% to 15%. Without this kind of service, your site is likely to become vulnerable to attack without you even being aware of problems.

Getting Too Much Spam? Contact Us to See How We Can Help With A Custom Form.