SPAM Avoidance with Secure Contact Form Design
Show me the Code | Let's see it work! | Return to Article

Every day, the customers of Online Solutions and Innovation receive around 1000 or so valid emails, however, the servers at osai.com process over 1 million messages a day, most of which we filter out based on DNS Base Blacklists, our own spam detection, and some facilities provided my Microsoft Exchange. With that said ...

Everyone likes for the people that view their website to be able to contact them, however, far too often you see the same links pasted all over the place in a website...

Aside from the fact that it's just plain ugly on your website... It's also giving personal information to anyone that visit's your website! Today, in this article, I'm going to demonstrate to you how to avoid giving the world your email addresses, and at the same time, allow you to validate what is being sent to you.

Is this an easy way to implement a means of contact you? Sure it is, but it allows SpamCrawlers (agents that automatically follow links all over the web) to grab your email address and pretty soon your inbox is deluged with SPAM with offereings on everything from Junk Investments that are aimed at stealing your money, to the ultimate replica Rolex watches, to cheap and oftentimes illegal pharmaceuticals that can be dangerous...

In addition to the anoyance of all of this spam in your inbox, it also contributes to increasing the costs to your hosting provider, as he need to implement more filters, more DNS Blacklists, more hardware... to combat the amount of spam that is coming into his network. Take this example for instance, regarding a customer some time back ... let's call him Barney for the purposes of this discussion.

Barney runs a company that was known nationally, it was a successful company, with around 50 employees or so as I recall. Barney had everyone's email addresses listed on their company contacts page, every single one. We had warned against this, but that was part of their web deployment, and that's what they were going to do regardless of any warnings.

After about 6 months, the amount of spam that Barney's company was bringing into our servers was absolutley astronomical. Literally, during the heavier spam attacks, we were processing 8 pieces of spam for Barney per second... Yes, you read that correctly ... EIGHT PIECES OF SPAM PER SECOND that was all destined for Moose's company... Think about that... 50 Employees and as I recall, perhaps 7 or 8 distribution groups...

  • 8/second
  • 480/Minute
  • 28800/Hour
  • 691200/Day

Yes, almost SEVEN HUNDREND THOUSAND PIECES OF SPAM PER DAY. So, if the distribution was even, you could assume that each of Barney's employees was destined to receive 12,000 pieces of unsolicited email per day. We did some research, and Barney's employees were also putting advertising in Internet Newsgroups, leaving links and email addresses on Internet Guestbooks, and generally treating their email addresses like they were supposed to be public knowledge.

A little tip here... your email address is PERSONAL INFORMATION! You don't give it to someone unless you are offering your trust to them!

Even using Microsoft Office FrontPage to create email forms embeds your email address into the form that the web client sees, and those SpamCrawling engines WILL PICK IT UP! So, how do we protect your email address? Simple, don't ever let your email address leave the server!

Below I am providing you with some sample code to implement a simple and secure contact form that is sent to two recipients, and the sender never sees your email address. However, you have to implement this in an ASP (Active Server Page) file instead of an HTM (html) file. This has to be done for the following reasons...

  1. HTML Files only support the GET HTTP Operation, not POST operations
  2. ASP file support processing at the server side using VBScript, Javascript, JScript, and more...
  3. Everything in an HTML file is sent to the client, in an ASP file, we can keep things at the server.
  4. ASP files have access to all kinds of runtime informaitoon that the server provide for us, so an ASP file can detect if a page was requested via a GET operation or a POST operation.

Well be using all of these capabilities in our demonstration! In addition, the method we demonstrate will also provide you with a form that canont be exploited by spammers to send spam from your website. We won't divulge all of the precautionary measures that are in place inside of our little call to our CDOSendContactForm() function, but let's just say that it will not result in your website being the source of spam.

Show me the Code | Let's see it work! | Return to Article 
<%@ language="JScript" %>
<!-- #include VIRTUAL="/OSAICode/cdo.asp" -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head>
	<title>
	My Custom Contact Form
	</title>
</head>
<body>
<div class="PageTitle">Contact me!</div>
<div style="text-align:center;">
	<%
	var fCCSender = false;
	// This variable, fCCSender, if set to true instead of false, 
	// will cause the sender to be added to the CC line of the message
	// use this setting with caution, as it will expose your email 
	// address to anyone that fills out and submits the form.
	if( "POST" == Request.ServerVariables( "REQUEST_METHOD" ))
		CDOSendContactForm(	"The Recipient Name", "to-email@mydomain.com", 
			"CC'd Recipient Name", "cc-email@mydomain.com", 
			"The response to display when successfully sent!", fCCSender );
	%>
		<form method="POST" id="Form1" name="MyFormName" 
				style="text-align:left;background-color:#cccccc;color:#000000;">
			<div style="vertical-align:middle;">
			<label class="Demo" for="EMAIL_NAME">Your Name :</label>
			<input type="text" id="Text1" name="EMAIL_NAME">
			</div>
			<div style="vertical-align:middle;">
			<label class="Demo"  for="EMAIL_FROM">Your Email Address :</label>
			<input type="text" id="Text2" name="EMAIL_FROM"/>
			</div>
			<div style="vertical-align:middle;">
			<label class="Demo"  for="ADDRESS" >Your Street Address :</label>
			<input type="text" id="Text3" name="ADDRESS"/>
			</div>
			<div style="vertical-align:middle;">
			<label class="Demo"  for="CITY">Your City :</label>
			<input type="text" id="Text4" name="CITY">
			</div>
			<div style="vertical-align:middle;">
			<label class="Demo"  for="STATE">State :</label>
			<input type="text" id="Text5" name="STATE">
			</div>
			<div style="vertical-align:middle;">
			<label class="Demo"  for="STATE">Country :</label>
			<input type="text" id="Text6" name="COUNTRY">
			</div>
			<div style="vertical-align:middle;">
			<label class="Demo"  for="ZIPCODE">Zip Code :</label>
			<input type="text" id="Text7" name="ZIPCODE"/>
			</div>
			<div style="vertical-align:middle;">
			<label class="Demo"  for="PHONE">Phone Number :</label>
			<input type="text" id="Text8" name="PHONE"/>
			</div>
			<div style="vertical-align:middle;">
			<label class="Demo"  for="EMAIL_SUBJECT">Subject :</label>
			<input type="text" id="Text9" name="EMAIL_SUBJECT"/>
			</div>
			<div style="vertical-align:middle;">
			<label class="Demo"  for="EMAIL_BODY">Enter your Message Here :</label>
			<textarea style="width:49%" rows="6" id="Textarea1" name="EMAIL_BODY">
			</textarea>
			</div>
			<div style="vertical-align:middle;">
			<div style="text-align:center;">
			<input type="submit" value="Send Message"></div>
			</div>
		</form>
</div>

</body>
</html>
Show me the Code | Let's see it work! | Return to Article
Contact me!
Expedia VistaPrint.com. Save up to 90% Easy, low cost incorporations. Click Here. Staples
10% off all Ideapad notebooks
Staples
10% off all Ideapad notebooks
10% off all Ideapad notebooks
OSAI provides Email Hosting, Email services, Website Hosting, Website development, website design consultation, Sharepoint Services, Online ECommerce Solutions, Credit Card Processing Solutions, Domain Registration Services, DNS Hosting, customer software development and much more.