• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 174
  • Last Modified:

Form Mail – Complete Solution

Hi Guys,

I’m looking for several form mail solutions here so I am prepared to provide the points accordingly. I require a simple ‘Feedback’ form mail to allow visitors to enter a name, email address and of course the feedback itself.

Secondly, I would like to have a ‘Tell A Friend’ page on my site as well. I would like to to BCC an address that I specify as well. This field must be one I can remove if I don’t want to receive the Emails however!

I am happy to provide the HTML layout of the forms, and the Emails if someone feels they are able to help me. We can also discuss further points... :-)

Hope someone can help!!!!
0
SR301
Asked:
SR301
  • 7
  • 6
2 Solutions
 
ahoffmannCommented:
First FormMail: http://nms-cgi.sourceforge.net/

Second: Are you aware that such a page could be used to send spams or other unsolicited mails?
 If you don't check each To: Bcc: Cc: and mail body yourself that may become a high risk.


0
 
SR301Author Commented:
If I'm only dealing with the persons name, email address and that of a friend with a message I set, how could that be an issue ?
0
 
ahoffmannCommented:
> ..  I would like to have a ‘Tell A Friend’ page
I guess you mean that this is a input field where a user keys in an email address of her choice.
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
SR301Author Commented:
Exactly ! Beyond that, you can't really send SPAM to someone...

So, If you feel you are able to help me come up with a custom solution, I'm happy to pass on the points... :)
0
 
ahoffmannCommented:
> .. you can't really send SPAM to someone..
what you want to implement makes it a 30 second task for me to make your site a spam-relay sending tons of mails with you as sender :-))

Please rethink about that functionality, or describe what you want to do.
0
 
SR301Author Commented:
Well, if I can't allow users to inform friends of my website and then pass on an Email to myself to let me know such an operation has been completed, what can I do ??? What options do I have ???

Hell, whats the point of me having the feedback form ??
0
 
ahoffmannCommented:
> Hell, whats the point of me having the feedback form
not having you in the feedback is the problem, but allowing *any* email address as recipient.
0
 
kanduraCommented:
I agree with ahoffman, that it is a potential spam gateway to allow sending uncontrolled mail from any address to any address through your site. I see spam attempts on my web servers every day on urls such as /cgi-bin/formmail.pl.

On the other hand, the feature you want is very nice to have, and can be a great community builder.
If you take care to strip the messages from all forms of html, and use a non-standard url (that is, don't install an off-the-shelf script in its default location), you're pretty safe, in practical terms anyway.
Just keep an eye on the traffic!
0
 
ahoffmannCommented:
> use a non-standard url ... you're pretty safe, in practical terms anyway.
practical that costs me 31 instead of 30 seconds ;-)

if the result of the form to be send as mail is not controlled by humans, the risk of unwanted use is very high.
The only (currently known) way to prevent from use by automatic scripts are captchas (or client certs or something similar).

0
 
SR301Author Commented:
Is limited only to CGI scripts ? Or for all languages? (PHP, ASP and so on?)

kandura: In regards to not using a off the shelf script, thats exactly what I DIDN'T want to do because I not only wanted to have full control, but avoid any of these problems... Is it possible somehere can help me with this and as I said before, come up with a custom solution ?
0
 
ahoffmannCommented:
>  Or for all languages?
all.
this is a logical problem, not a language-specific

> come up with a custom solution ?
as I said: use captchas or something similar
0
 
SR301Author Commented:
What the hell are "captchas" lol ?
0
 
SR301Author Commented:
Never mind, the penny has just dropped...
OK, With that now said, are you able to help me in this regard ?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now