We provide the FormMail script for our customers, allowing you to easily collect information from your website visitors. Your visitor fills out the form on your website, and the text the visitor entered is emailed to you behind the scenes.
You can use this system to get feedback from users, perform surveys, and similar tasks. It allows you to reliably request and receive information from your visitors without requiring them to open a separate program and send you an email message.
(Don't use FormMail for credit card numbers or other sensitive information, because you shouldn't ever send that kind of data through plain email messages. To add secure ordering to your website, use a system such as PayPal that securely handles the credit card details for you.)
The FormMail script is preinstalled for all our Web hosting customers. You don't need to download, install or configure anything extra to use it.
On this page:
- A sample form
- HTML code for a form
- Specifying the recipient address
- Preventing automated “bots” from using your form to send you spam
- What if I don't see a "cgi-bin" directory or "FormMail.pl" file on my site?
- More information about the FormMail program
- Why can’t I reply to a FormMail-generated message using the Windows 10 Mail program?
- What should I do if I'm having trouble?
A sample form
Here's an example of what a form might look like:
HTML code for a form
The information below is a generic example. Please enter your domain name in the box at the top of this page to see the correct code for your account.
The HTML code to create the form above and send it to "email@example.com" looks like this (with some visual formatting removed to show the essentials):
<form action="//www.example.com/cgi-bin/FormMail.pl" method="POST" enctype="application/x-www-form-urlencoded"> <input type="hidden" name="recipient" value="webmaster"> <input type="hidden" name="subject" value="example.com Feedback Form"> <input type="hidden" name="required" value="realname,email"> <!-- The hidden "redirect" and "missing_fields_redirect" items are optional. --> <input type="hidden" name="redirect" value="http://www.example.com/form-submitted.html"> <input type="hidden" name="missing_fields_redirect" value="http://www.example.com/form-missing-fields.html"> Your Name: <input type="text" name="realname"> Your E-Mail Address: <input type="text" name="email"> Number of Tigers You Own: <select name="tigers"> <option selected value"0">None <option value="1">One <option value="2">Two <option value="More than Two">More than Two </select> Comments: <textarea name="comments" rows="3" cols="40"></textarea> <input type="submit" value="Submit"> </form>
(Of course, you will use your own domain name instead of example.com.)
When someone fills out this form and presses "Submit", an email message with the contents of the form will be sent to "firstname.lastname@example.org".
You can customize the form, of course:
- The fields recipient and subject (all letters lowercase) are hidden fields. They control the address the form is sent to and the subject of the email you receive. Your domain name will be automatically added to the end of the "recipient" address if you don't include it.
- The hidden field required (all lowercase) makes sure that people who fill out the form provide a valid name and email address. You can add other required fields.
- realname and email (all lowercase) are normally text fields that you allow your visitor to fill in. They are used as the "from" name and address of the email. In order for these fields to work properly, they must be named realname and email.
- You can add any other fields you wish (such as tigers and comments in the example above) — they'll all be included in the email you receive.
- The redirect hidden field is optional. If you include it, the visitor will see that page after successfully submitting the form. You can use this option to make the final page match the design of the rest of your site. If you use it, this value must be a full URL starting with http:// or https://.
- The missing_fields_redirect hidden field is also optional. If you include it, the visitor will see that page if any "required" fields are missing. You can use this option to make the error page match the design of the rest of your site. If you use it, this value must be a full URL starting with http:// or https://.
- Similarly, if you're using the "prove you're a human" trick mentioned below, you can add an optional hidden field named human_test_redirect to customize the page people see when they don't enter the correct code.
Specifying the recipient address
With our customized version of FormMail, you can specify the "recipient" address without adding your domain name.
In other words, instead of typing "email@example.com" or "firstname.lastname@example.org" as the recipient, you can just use "webmaster" or "charlotte". This feature protects you by making sure that spammers can't use automated "harvesting" software to learn your real full address by looking at the HTML page source code.
Note that if you do specify the full address including the "@" sign and domain name as the recipient, the address must end with your domain name. The FormMail script will only send mail to addresses ending with your domain name. This makes sure spammers can't ever use your FormMail script to send spam to thousands of other people.
If you need to use an address that doesn't end with your domain name, create a forwarding address in your E-Mail Options screen and use that. For example, if you need to send a form from www.example.com to "email@example.com", you could create a forwarding address that forwards "firstname.lastname@example.org" to "email@example.com" and set the FormMail recipient to "feedback" (or "firstname.lastname@example.org", which is the same thing).
The "recipient" field can only contain one email address. If you need to send the form results to more than one email address, then you should create a forwarding address in your E-Mail Options screen, and then use that forwarding address in the "recipient" field.
Preventing automated “bots” from using your form to send you spam
If you place a form on your site, automated scripts, or “bots”, may use it to send FormMail messages to you. (FormMail already makes sure that spammers can't use your form to send mail to other people, but they can still fill it out it to send mail to you.)
To help with that, our customized version of FormMail offers another feature: you can optionally specify a special word that people have to type in the form to prove they're human.
If you want to do this, place a text file named "
formmail.code" at the top level of your website directory. The file should just be a single line that contains the name of a hidden form field and a colon, followed by a "secret" word, like this:
If such a file exists, FormMail will make sure that the submitted form data contains that word as the value of that field.
An example will explain how this can help. Let's say that you want to make sure that the visitor is a person by having them type the number "1234" into a box on your form. You'd modify your HTML form page to include something like this:
Type "1234" in this box to prove you're a human being: <input type="text" name="secretfield">
And you'd publish a file named "
formmail.code" to the top level of your website, containing this single line:
That's all it takes. Humans will see the text telling them to type "1234", so they won't have a problem with it. Spammer software doesn't actually read and understand the text on Web pages, so it won't have any idea that the "secretfield" needs to contain "1234", and it won't be able to use the form.
FormMail does not care whether you include the name of the hidden field in the FormMail "required" list of fields, although it will work if you do so.
If you are using a Windows text editor such as Notepad, be sure to save the file as "formmail.code", not "formmail.code.txt". In Notepad, choose Save As, and then change the "Save as Type" to "All Files" to prevent the ".txt" extension from being added.
If you are using an Mac OS computer and TextEdit, you will need to make sure that your file is saved as plain text instead of "RTF". In TextEdit, choose "Make Plain Text" from the "Format" menu, then save the file as "formmail.code" (not "formmail.code.txt").
By the way, you've probably noticed more complex versions of this scheme in use at large websites. Many of them use a varying picture (which can be difficult to read) instead of just having fixed text telling visitors to type a word in a box. Very large sites use a more complicated version because they're big enough that spammers might try to write special software to interpret plain text instructions; they need to make it as difficult as possible for spammers who are willing to spend hours or days attacking their site. However, that won't happen with a smaller website and a script that can only be used to spam one person. It's not worth it from the spammer's perspective. The method described here is much easier to set up and use than a varying image, and it also makes sure that visually impaired visitors can still use your form.
What if I don't see a "cgi-bin" directory or "FormMail.pl" file on my site?
If you use an FTP program to browse your files, you may not see a directory named "cgi-bin" or a file named "FormMail.pl". That's perfectly normal, and the instructions on this page will work anyway.
More information about the FormMail program
You can get more information about FormMail from the author's website, Matt's Script Archive. The complete description there describes other input values you can supply (usually in hidden fields) to alter the way FormMail behaves.
The only part of Matt's instructions that doesn't apply is the "Setting up the FormMail Script" section (we've already done that for you). Just be sure to use the following exact HTML code at the start of your form to access the script on your site:
<form action="//www.example.com/cgi-bin/FormMail.pl" method="POST" enctype="application/x-www-form-urlencoded">
Why can’t I reply to a FormMail-generated message using the Windows 10 Mail program?
When FormMail sends you a message, it includes a Reply-To: email@example.com header, using the address that your visitor provided. This allows you to simply press Reply in your mail program and send a response to the person who filled out the form.
Because of this, if you use the Windows 10 mail program, you’ll have to manually change the “To:” address if you reply to the message.
What should I do if I'm having trouble?
If you're having trouble getting the script to work, check the following:
- The name of the script must be capitalized exactly as we've shown: FormMail.pl
- The form's "method" must be POST
- The form's "enctype" must be application/x-www-form-urlencoded
- The form fields should be text only (FormMail doesn't support uploading files)
Technically speaking, you really don't need an "enctype" at all, because "application/x-www-form-urlencoded" is the default type if it isn't specified. However, many Web design programs require you to specify a type; be sure to use "application/x-www-form-urlencoded" if so.
If the messages you receive don't have a valid "From" address:
- Make sure the name of the HTML field that asks the visitor for his or her address is "email"