I’ve been reading through posts about using contact forms. Am testing the “parsa-hugo” theme and using the contact page, but what does the ‘submit’ button do ? Looked through the code and it is just a FORM with a POST.
The main reason I wanted a static site generator is because of security. Over the years, seen many attempts to inject SQL into php scripts in a Wordpress site. A few considerations:
If static forms have email addresses, it opens up SPAM
If server side tools like PHP, Ruby, Python, etc, are used, the email address is hidden, yet is the script itself ‘safe’ ? Can it be broken ?
How does one protect the site from email bots if a static form (no server side) is used ?
I have seen some Java code where a person has to hover the mouse over the email address to view it ? Are these completely safe from email bots and spammers ?
I have used ASSP in the past and found it very useful, however the web hosting company disabled it as it was causing high load on email servers. These days the web hosts use SPAM tools to give a point rating, yet I found the bar had to be raised as it also stopped valid emails. It seems some of the work email servers also do are to now check RBL lists and reject emails appropriately.
It comes down to personal choice no doubt, do I want security (no scripts) at the risk of spam, or no spam at the risk of security ? Possibly it is not so black and white though.
I went open source and created a contact form using MailyGo and some custom JavaScript I wrote.
My theme is open source so you can have a look at it. I’ll be adding the documentation for it soon, but the code is pretty modular so just refer to files named contact.*.
I would definitely go for using netlify and netlify forms. I use them a lot and they work great and also have great spam protection even on the free tier
I can suggest using form-data.com - a backend service for forms management that can handle your submissions, send emails and integrate with other services.
It has over 99.9% success rate of spam filtering.
You can start for free, up to 100 submissions a month.
Thanks, I’m not on Netify, just a local web hosting company. I’ll checkout the ‘codementor’ link though.
Thanks, I (GIT) installed your theme, and tested it. Have sent you a message.
Thanks, we have the hosting all sorted. I can use php, ruby, python, etc, just not totally convinced regards security. Although most scripts can hide the includes elsewhere. I only just remembered a CAPCHA. Are they an overkill to stop bots ??
Thanks, however we need to keep all the data away from third parties. Only last week, there were two fraudulent attempts on a credit card, so I’m (more) cautious now to not allow data on third party sites.
You can decide for how long the data will be stored on our systems.
So you can use zapier or webhooks to store the data anywhere you want, or even just have it emailed to you, and then delete it automatically from our systems.
This way we’ll be processing the data but not storing it for long term.
I use an tally form that is linked on the bottom of a page.
It sends an hidden field as query string to get the context of the page and anyone (so far no one) can submit. The spam control is their responsibility. It’s cheaper on load times and price than feedback fish and work nice.
It’s totally free. By default it uses reCAPTCHA to filter out spam, but you can disable that if you wish.
To start, the URL includes your email address, but after you verify your email (the first time you use the form on your site) they give you a random string that you can use instead of your email address in the URL.
I compared a bunch of (free) options and I’m very happy with this one so far.
My observation so far. Devro LABS made couple good services but what is strange, that they making service and than putting this on Marketplace to sell?
I am little worry to trust formsubmit.co by implementing this on websites to find out that this will be for sale as well?
As a defense against bot I use ReCaptcha v2 but we’ll be migrating to v3 soon.
As for the form post, I use google cloud function and I use Mailgun for the mailing part.
(And google storage to store the files from the form inputs.)
I use the jQuery framework to do all the heavy lifting on the client side.
The again Javascript in google function, with IP check, Captcha check.
I used to use Mailchimp forms but I don’t like it…
