Malicious software (bots) on the web will find and attack your form processor (FormMail) installation. This is unavoidable. Bots find your form processor by scanning your HTML forms (they simply look for the <form> tag).

Therefore, it's important that you only install a secure form processor on your server.

Bots attack your form processor for several reasons:

1. To break into and compromise your server and/or website.
2. To send spam via your server to anyone in the world (we call this becoming a "spam gateway").
3. To send spam to you (also known as "form spam").

Please read our sections below for a discussion of these issues.

This is scary - some other form processors have been responsible for server breakins and damage to websites.

Tectite FormMail was written from the beginning with security as the foremost consideration. In its long history, it has never been the cause of a server break-in or similar action.

Provided you don't modify, add to or disable the logic in Tectite FormMail, your server will not be compromised via your installation of Tectite FormMail.

This means if you use our Configuration Wizard or only modify the Configuration Section of FormMail (using our documentation as a guide), your server will not be in danger from Tectite FormMail.

You can read more about FormMail's security history.

This is almost as scary! If your server becomes a spam gateway (allowing a spammer to send email to anyone in the world from your server) then your server could be black listed or your website might even be shutdown by your hosting provider.

Some other form processors have been responsible for servers being used to send vast amounts of spam.

Tectite FormMail protects your server from this attack. It does this through its TARGET_EMAIL configuration.

Provided you don't explicitly configure FormMail to allow it to send to anyone in the world, your server will also be protected from this second attack.

By using our Configuration Wizard or carefully following our documentation , you can be sure that FormMail's TARGET_EMAIL configuration is safe from this danger.

With Tectite FormMail the only viable attack is to send you spam. This is annoying, but otherwise harmless.

A spam bot can try to send you spam by filling in your forms (that's not actually what happens, but you can think of it that way).

A real live human being can also send you spam by filling in your forms.

Tectite FormMail protects you from a large amount of this spam, and, if you configure it appropriately, FormMail can block spam completely (even almost all human-generated spam can be blocked).

FormMail has several spam attack detections built in. Some of these features are completely automated and require no configuration.

However, some of these detection features are specific to each website's requirements and do require you to configure them to be effective, or even active.

We provide documentation for all these features, and the Anti-Spam Configuration page of the Configuration Wizard also allows you to adjust these features to suit your requirements.