We provide the FormMail script for our customers, allowing you to easily collect information from your Web site visitors. Your visitor fills out the form on your Web site, and the text the visitor entered is e-mailed to you behind the scenes.
You can use this system to get feedback from users, perform surveys, and similar tasks. It allows you to reliably request and receive information from your visitors without requiring them to open a separate program and send you an e-mail message.
(Don't use FormMail for credit card numbers or other sensitive information, because you shouldn't ever send that kind of data through plain e-mail messages. To add secure ordering to your Web site, use a system such as PayPal that securely handles the credit card details for you.)
The FormMail script is preinstalled for all our Web hosting customers. You don't need to download, install or configure anything extra to use it.
On this page:
- A sample form
- HTML code for a form
- Specifying the recipient address
- Preventing automated scripts from using your form
- What if I don't see a "cgi-bin" directory or "FormMail.pl" file on my site?
- More information about the FormMail program
- What should I do if I'm having trouble?
A sample form
Here's an example of what a form might look like:
HTML code for a form
The information below is a generic example. Please enter your domain name in the box at the top of this page to see the correct code for your account.
The HTML code to create the form above and send it to "firstname.lastname@example.org" looks like this (with some visual formatting removed to show the essentials):
<form action="http://www.example.com/cgi-bin/FormMail.pl" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="recipient" value="webmaster"> <input type="hidden" name="subject" value="example.com Feedback Form"> <input type="hidden" name="required" value="realname,email"> <!-- The hidden "redirect" and "missing_fields_redirect" items are optional. --> <input type="hidden" name="redirect" value="http://www.example.com/form-submitted.html"> <input type="hidden" name="missing_fields_redirect" value="http://www.example.com/form-missing-fields.html"> Your Name: <input type="text" name="realname"> Your E-Mail Address: <input type="text" name="email"> Number of Tigers You Own: <select name="tigers"> <option selected value"0">None <option value="1">One <option value="2">Two <option value="More than Two">More than Two </select> Comments: <textarea name="comments" rows="3" cols="40"></textarea> <input type="submit" value="Submit"> </form>
(Of course, you will use your own domain name instead of example.com.)
When someone fills out this form and presses "Submit", an e-mail message with the contents of the form will be sent to "email@example.com".
You can customize the form, of course:
- The fields recipient and subject (all letters lowercase) are hidden fields. They control the address the form is sent to and the subject of the e-mail you receive. Your domain name will be automatically added to the end of the "recipient" address if you don't include it.
- The hidden field required (all lowercase) makes sure that people who fill out the form provide a valid name and e-mail address. You can add other required fields.
- realname and email (all lowercase) are normally text fields that you allow your visitor to fill in. They are used as the "from" name and address of the e-mail. In order for these fields to work properly, they must be named realname and email.
- You can add any other fields you wish (such as tigers and comments in the example above) — they'll all be included in the e-mail you receive.
- The redirect hidden field is optional. If you include it, the visitor will see that page after successfully submitting the form. You can use this option to make the final page match the design of the rest of your site.
- The missing_fields_redirect hidden field is also optional. If you include it, the visitor will see that page if any "required" fields are missing. You can use this option to make the error page match the design of the rest of your site.
- Similarly, if you're using the "prove you're a human" trick mentioned below, you can add an optional hidden field named human_test_redirect to customize the page people see when they don't enter the correct code.
Specifying the recipient address
With our customized version of FormMail, you can specify the "recipient" address without adding your domain name.
In other words, instead of typing "firstname.lastname@example.org" or "email@example.com" as the recipient, you can just use "webmaster" or "charlotte". This feature protects you by making sure that spammers can't use automated "harvesting" software to learn your real full address by looking at the HTML page source code.
Note that if you do specify the full address including the "@" sign and domain name as the recipient, the address must end with your domain name. The FormMail script will only send mail to addresses ending with your domain name. This makes sure spammers can't ever use your FormMail script to send spam to thousands of other people.
If you need to use an address that doesn't end with your domain name, create a forwarding address in your E-Mail Options screen and use that. For example, if you need to send a form from www.example.com to "firstname.lastname@example.org", you could create a forwarding address that forwards "email@example.com" to "firstname.lastname@example.org" and set the FormMail recipient to "feedback" (or "email@example.com", which is the same thing).
The "recipient" field can only contain one e-mail address. If you need to send the form results to more than one e-mail address, then you should create a forwarding address in your E-Mail Options screen, and then use that forwarding address in the "recipient" field.
Preventing automated scripts from using your form
Some customers may want to entirely prevent spammers from using automated scripts to send FormMail messages. (Our version of FormMail already makes sure that spammers can't use your form to send mail to other people, but spammers could still use it to send mail to you.)
To help with that, our customized version of FormMail offers another feature: you can optionally specify a special word that people have to type in the form to prove they're human.
If you want to do this, place a text file named "
formmail.code" at the top level of your Web site directory. The file should just be a single line that contains the name of a hidden form field and a colon, followed by a "secret" word, like this:
If such a file exists, FormMail will make sure that the submitted form data contains that word as the value of that field.
An example will explain how this can help. Let's say that you want to make sure that the visitor is a person by having them type the number "1234" into a box on your form. You'd modify your HTML form page to include something like this:
Type "1234" in this box to prove you're a human being: <input type="text" name="secretfield">
And you'd publish a file named "
formmail.code" to the top level of your Web site, containing this single line:
That's all it takes. Humans will see the text telling them to type "1234", so they won't have a problem with it. Spammer software doesn't actually read and understand the text on Web pages, so it won't have any idea that the "secretfield" needs to contain "1234", and it won't be able to use the form.
FormMail does not care whether you include the name of the hidden field in the FormMail "required" list of fields, although it will work if you do so.
If you are using a Windows text editor such as Notepad, be sure to save the file as "formmail.code", not "formmail.code.txt". In Notepad, choose Save As, and then change the "Save as Type" to "All Files" to prevent the ".txt" extension from being added.
If you are using an Mac OS computer and TextEdit, you will need to make sure that your file is saved as plain text instead of "RTF". In TextEdit, choose "Make Plain Text" from the "Format" menu, then save the file as "formmail.code" (not "formmail.code.txt").
By the way, you've probably noticed more complex versions of this scheme in use at large Web sites. Many of them use a varying picture (which can be difficult to read) instead of just having fixed text telling visitors to type a word in a box. Very large sites use a more complicated version because they're big enough that spammers might try to write special software to interpret plain text instructions; they need to make it as difficult as possible for spammers who are willing to spend hours or days attacking their site. However, that won't happen with a smaller Web site and a script that can only be used to spam one person. It's not worth it from the spammer's perspective. The method described here is much easier to set up and use than a varying image, and it also makes sure that visually impaired visitors can still use your form.
What if I don't see a "cgi-bin" directory or "FormMail.pl" file on my site?
If you use an FTP program to browse your files, you may not see a directory named "cgi-bin" or a file named "FormMail.pl". That's perfectly normal, and the instructions on this page will work anyway.
More information about the FormMail program
You can get more information about FormMail from the author's Web site, Matt's Script Archive. The complete description there describes other input values you can supply (usually in hidden fields) to alter the way FormMail behaves.
The only part of Matt's instructions that doesn't apply is the "Setting up the FormMail Script" section (we've already done that for you). Just be sure to use the following exact HTML code at the start of your form to access the script on your site:
<form action="http://www.example.com/cgi-bin/FormMail.pl" method="POST" enctype="application/x-www-form-urlencoded">
What should I do if I'm having trouble?
If you're having trouble getting the script to work, check the following:
- The name of the script must be capitalized exactly as we've shown: FormMail.pl
- The form's "method" must be POST
- The form's "enctype" must be application/x-www-form-urlencoded
- The form fields should be text only (FormMail doesn't support uploading files)
Technically speaking, you really don't need an "enctype" at all, because "application/x-www-form-urlencoded" is the default type if it isn't specified. However, many Web design programs require you to specify a type; be sure to use "application/x-www-form-urlencoded" if so.
If the messages you receive don't have a valid "From" address:
- Make sure the name of the HTML field that asks the visitor for his or her address is "email"