Our FormMail uses CAPTCHA (also called image verification) for two purposes:

1. to prevent your server from becoming a Spam Gateway to send Spam to other people when you want to use the Auto Responding feature.
2. to protect your forms from sending you spam (and automated bot submissions in general).

The use of CAPTCHA for Auto Responding is described completely in the HOW TO Guide for Auto Responding. So, read that Guide if you are attempting to use the Auto Responding feature.

This guide describes how to protect your forms from automated submissions. This means that, subject to advances in computer technology and other CAPTCHA-defeating techniques, you can ensure that only real human beings are submitting your forms.

For information about performing both functions at the same time, please read both HOW TO guides - you'll find the technique to performing both functions with the one CAPTCHA image at the bottom of each guide.

The following lists the steps required to get FormMail to protect your form submissions with CAPTCHA:

1. Install verifyimg.php on your server.
2. Configure your form to show the image and allow the user to enter the text from the image.

You can download verifyimg.php from our forums here.

Simply upload it to your server. Read the instructions at the top of verifyimg.php for full details. Use the verifytest.php script to confirm correct operation.

You need to insert two items into your form: an image URL and a text field.

Here's how to insert the image:

<img src="http://www.yoursite.com/verifyimg.php" alt="Image verification" name="vimg" />

Here's how to get the user's input:

<p>To submit this form, please enter the characters you see in the image:</p>
<input type="text" size="12" name="imgverify" />

The text field must be named imgverify. That's the special field name that FormMail will look for.

To enforce the input of the imgverify field, you should configure the REQUIRE_CAPTCHA feature of FormMail. This feature is available from version 8.10 of FormMail.

If you're using a version prior to 8.10, then you need to to enforce the input of the imgverify field, using required or conditions and implement an INI file on your server to make your required or conditions secure. Spam Bots cannot bypass the directions you place in an INI file.

Also, we've provided a sample below that handles PHP sessions when cookies are disabled.

verifyimg.php is a good way to start, because it's free!

For the most security available in a free product, we recommend reCaptcha (click to read the important HOW TO guide).

FormMail also supports the commercial product Captcha Creator from www.captchacreator.com. In this case, it's important to use our special HOW TO guide for Captcha Creator.

We recommend you read the information about Cookies and Sessions.

Also, we've provided a sample below that handles PHP sessions when cookies are disabled.

You can download a sample HTML form that enforces image verification.

We've included a PHP version of the same form, which allows you to overcome problems with cookies being disabled in visitors' browsers.

If you want to perform autoresponding, there's a HOW TO guide about this.

You can stop bots and perform autoresponding using the one image field to control both.

To do this, you simply derive an "arverify" field from "imgverify":

<input type="text" name="derive_fields" value="arverify=imgverify" />

Read the HOW TO guide on deriving fields for more details about this technique.