Connect with us

OT: FormMail for Dummies

Discussion in 'Electronic Design' started by Jim Thompson, Mar 6, 2005.

Scroll to continue with content
  1. Jim Thompson

    Jim Thompson Guest

    I'm not very literate with any kind of programming, so I'm looking for
    some kind of FormMail I can install on my website, without having to
    know how to write scripts, etc.

    Something SECURE of course.


    ...Jim Thompson
  2. I don't know the answer to your FormMail question but you may want to
    try something simpler.

    I use some extremely simple Javascript to disguise my "contact me"
    address. So far, fingers crossed, I haven't received any spam on it. You
    can check out the method by going to my site and viewing the source. I
    stumbled across the method while surfing so I can't take credit for it.

    If this looks like it will work for you and you can't figure it out from
    the code, you can contact me directly, through my website.
  3. Jim Thompson

    Jim Thompson Guest

    Thanks! I'll see if I can understand it ;-)

    ...Jim Thompson
  4. Jim Thompson

    Jim Thompson Guest

    That's what I have right now, but one of my UseNet "buddies" seems to
    have submitted it into the scammer's chain.

    So I'm investigating a secure-form approach where I can obscure the
    destination address.

    ...Jim Thompson
  5. R Adsett

    R Adsett Guest

    Or take a look at to avoid
    having to re-invent the wheel. I use that and it hasn't been harvested.

    For those people who don't have javascript on I also have a form
    (provided by the ISP, apparently a fixed version of Formmail). Most of
    what a get through that are attempts to break it.

  6. Thanks for the link! This looks significantly better than the method I
    use so I think I'll switch over. The only problem is that if Automatic
    Labs stops offering the tool, I'll never be able to figure out or modify
    the code.
  7. Luhan Monat

    Luhan Monat Guest

    I put my contact address in a small GIF file. I doubt that anybody is
    going to scan it in there.
  8. Jim Thompson

    Jim Thompson Guest

    Told you I was a dummy. I used Enkoder to create the script and
    inserted as instructed. Got a blank page :-(

    ...Jim Thompson
  9. Rich Grise

    Rich Grise Guest

    Not much to understand - each %xx is the hex value of an ascii character;
    unescape is a javascript command that turns each of them into the
    character for the display, and apparently for the browser's mailto
    facility, but apparently the spambots don't harvest it because it's
    not in clear text. 'document.write' is kind of self-explanatory. :)

  10. Rich Grise

    Rich Grise Guest

    Post your HTML[0] - I'll fix it for you. Please see: - mind you, this site isn't up all of the time,
    because it's on my dual-boot system, so if you get a "host not found",
    try later. As long as I'm on the NG, though, it's up.

    If you have Linux/Apache/Perl, you could use any of Matt Wright's scripts.

    BTW, I looked up 'define:blog' and EWWwwwww! It's a guest book for
    oneself! "Hey, World! Looka My Diary! Guh-Hyuk!" Bleah! I was thinking of
    modifying either Matt's wwwboard or his guestbook script, but heck - I'm
    just going to use them the way they are.

    [0] Or email it to me! ;-)
  11. Active8

    Active8 Guest

    That's what I thought, thus my other reply. Speaking of yer buddies,
    one of 'em's been gone more than Boki. I remember some bs he posted
    last year about wanting to take up smoking again for health reasons
    (and I geshh you figgered out hiza dr-dr-drunk ) Last I heard he was
    messin' with some huge spud cannon with a pretty impressive range. I
    wouldn't start dancin' yet but...

    Talk about standards, sheesh!
    See my other post. < $10/month with real Linux host = in like Flynn.
    And you'll have more email addys than you need that aren't dependant
    on Cosuckerserver.
  12. Active8

    Active8 Guest

    Right. And he uses the little program I linked to get the ascii to
    hex or decimal conversion of the addy you want to encode.

    here it is again:

    You should be able to paste any html in there and it'll display
    right, but encoded.

    That isn't going to prevent that little prob last year, though. I
    think Jim wants an address that can only be mailed through a web
    form. And maybe you'd have to enter a code from a gif. I think by
    doing that, it prevents him from revealing his email to anyone
    wanting to spoof a header. Plus no spam :)

    You could hack that out easy, if you know how to validate the input
    so no system commands get by. PHP or perl to sendmail.

    Any hosting service worth a damn should have free cgi scripts for
    customer service kinda mail and connected to an https port, you get
    your security... erm, if it's on a linux or bsd with ssl and all.
    Don't expect any help from Coxsucker's though. For less than $10 a
    month you've got a few great choices for Linux hosts, too.
  13. Jim Thompson

    Jim Thompson Guest

    My website is not on CoxSuckerServer, just my local connection ;-)

    It's either use Cox HSI or use DSL from Qwest... BARF!

    My website provider has a script, but it divulges the destination
    address. I already have in-place a more-than-100-address whitelist.

    I don't have time to learn how to write scripts or make forms, so I
    was hoping to find, for purchase, a canned approach, just fill-in the

    ...Jim Thompson
  14. Active8

    Active8 Guest

    You mentioned their mail server giving you probs. You should have
    emails with the hosting package.
    Lemmee see the webpage. Oh hell. My encoder ring doesn't decode, but
    I see that cheesy JavaScript crap that brings up a mail client.

    Are you hosted on a Linux box? They can set up php if it's not
    already configured ( uncommented :) ) in httpd.conf -- I found a
    couple scripts if you are. They'll send the message to the script as
    a query string and the script just mails you the stuff and returns a
    thank you page or whatever.

    Fill in the blanks. See if you can get the format you want out of
    that and let me know. I can modify the format if you don't like it.
    The script just spits html at the browser - but from the script
    where you can't see the infernals.
  15. Joerg

    Joerg Guest

    Hello Tim,

    You might just be lucky so far. When you look at the link properties the
    presented email address shows up nice and clear. Spammers that go just a
    wee bit beyond a source parser should be able to snatch it.

    As Luhan does I also use a small image file. I figure that serious
    requests will be made despite the inconvenience to having to type the
    address. Same with the phone number, and it works. If someone doesn't
    want to read and type it probably wasn't urgent, like the umpteenth
    offer of Tadalafil, whatever that is.

    Regards, Joerg
  16. True, but I've been using the same script segment for several years now
    and it hasn't been a problem yet. I'm much more worried about being
    harvested by a 'bot than I am about having an individual spammer go to
    the trouble of going to my site and looking to see what shows up when
    you hover over the link. That's also why I'd prefer not to use something
    "canned" since having my implementation be slightly different from
    others may be enough to keep the 'bots from zapping me.
    I also use an image file with my address in it so that people who don't
    surf with Javascript turned on can still get the address.

    In any case, the address I'm protecting is an alias so if it starts
    collecting spam, I'll just change it to something else and beef up the
    protection at the same time.

    I think it's always a good idea to go with the simplest security until
    it's breached. This way it will take longer for "superbots" to develop.
    Sort of like not over-prescribing antibiotics to avoid breeding super-bugs.
  17. R Adsett

    R Adsett Guest

    You do have to have javascript turned on in your browser. If that isn't
    it I have no idea :(. I have a form on my page for those who don't want
    to brwse with javascript on but it attracts different attacks (and I
    don't know that it's generally available). The javascript doesn't help
    much if the address ends of in someones e-mail address list and that gets
    harvested by a piece of mal-ware but I've resigned myself to changing
    public contact address's in that case.

    Good Luck

  18. R Adsett

    R Adsett Guest

    Or maybe not. My ISP has banned his scripts outright. I understand (not
    just from my ISP) that his formmail in particular is a security risk.

  19. Also, depending on what you're using to create the page, it may not show
    up in your page creator either. I'm using the Composer app from the
    Mozilla suite and apparently it doesn't understand Javascript because
    nothing shows up in it. I have to look at the page with the browser
    (with Javascript enabled) to be able to check it.
    That's why I have 2 addresses: one for the website that's an easily
    changeable alias, and my *real* one that I give out to a select few. And
    then, of course, there's the dozen or so free webmail addresses that I
    use when I *know* I'm going to get spammed by someone. ;-)
  20. qrk

    qrk Guest

    Check out the following:
    Matt's Script Archive:

    CGI Resource Center:

    If you find these too unwieldy, I can give you a small script from our
    web site.

    Many of these require Perl. If your on a Unix machine, chances are
    it's already installed. Perl for Windoze can be installed with ease. (highly rated)

    Aloha, Mark
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.
Electronics Point Logo
Continue to site
Quote of the day