Two things really annoy me about formmail.php

[mikie]

We are trying to implament formmail.php on our new website but i have two requests that i hope will be updated in the next version.

We currently receive about 1 spam message a week from our website. This is due to the fact that we NEVER display our email addresses on any of our pages and everything is strictly form driven.

Our current form DOES NOT display the recipient in the source code as a hidden field so there is no possible was for a spambot, trolling script or human being to harvest our email addresses from the source code of the form.

While the AT_MANGLE function may fool spambots, any fool with half a brain can load the form and view the recipients address and work out what the actual email address of the recipient is by looking at the AT_MANGLE entry. If our email address is already conveniently presented in formmail.php, why cant the form pick up the valid email address from this file or any other? Please, is there a solution to this? We dont want human beings(SPAMMERS) coming to our site and viewing the source code to harvest our email addresses.

And two, please would you consider removing all those comments from formmail.php and placing them in another file? Even using VI i spent minutes on ending searching for what i needed to change. 2,000+ lines of code including the comments could surely make formmail.php a faster exectable php script if the docs and changelog information was conveniently placed in another file.

Thank you.

[russellr]

Hi,

If our email address is already conveniently presented in formmail.php, why cant the form pick up the valid email address from this file or any other? Please, is there a solution to this? We dont want human beings(SPAMMERS) coming to our site and viewing the source code to harvest our email addresses.

The $TARGET_EMAIL feature is more generic than having a fixed email address in the configuration.

If you're creative, then AT_MANGLE can be sufficient to fool a person. For example, what is this email address?

Code:

jacksmithjonestectite.com

If AT_MANGLE is "ithjones", then it's jacksm@tectite.com, but no-one would never guess that!

However, many people have asked for this feature, so, yes, we'll be providing a way of leaving the email out of the HTML completely.

please would you consider removing all those comments from formmail.php and placing them in another file?

Yes, it's a pain isn't it?

could surely make formmail.php a faster exectable php script

It may be only a few milliseconds or even microseconds, but, yes, smaller is better.

What if each configuration setting had a URL above it, which took you to a webpage describing that setting?

Thanks for your feedback.

[mikie]

That would be fine, links possibly.

How would you hide thsi email address using AT_MANGLE

services@mydomain.com or consulting@mydomain.com?

[russellr]

Hi,

Point taken. AT_MANGLE of "staff@" might be good:

servicesstaff@mydomain.com
consultingstaff@mydomain.com

Using "@" in the value of AT_MANGLE, can really confuse people!

Just make sure your server rejects invalid addresses.

[Chris Shepherd]

I agree about removing the long winded explanations and version history from formmail.php...Better in seperate files? Also wondering why not put "sample forms" "formbadhandler", and "How to's" in the zip file? It would be nice if everything were in one downloadable zip file rather than having to go find info and extra files on a website.

It would also be great to be able to put recipients email addresses in a config file and forget about AT_MANGLE...most other form processors do this and it seems to work very well. Any chance this will happen soon?

Hate to complain, because this is really the best form processor I've ever used... Thank You.

[russellr]

Hi,

Thanks for your feedback.

Putting email address in a config file is there now. You just need to upgrade to version 7.08. But, we haven't got around to writing up the doco for the new features yet.

So, you'll need to subscribe to get help on setting up the config file or wait until we get the doco out (or, you can guess how to do it ).

[Iggy]

I too would like to set up the e-mail address in my Form HTML so no one can read it (in a config file instead of using the AT_MANGLE). Is the doco now available?

What would the "recipients" info then look like using a config file?

Thanks,

[russellr]

Hi,

Yes, check out the HOW TO guides:
http://www.tectite.com/fmhowto/guides.php

In particular:
http://www.tectite.com/fmhowto/inifile.php

[Chris Shepherd]

How wonderful! Glad to see the AT_MANGLE thing is gone in the latest version. Thank you so much! I just love this form handler...best one out there!

[russellr]

Hi,

It's still there as it's the easiest thing people can use. The new Configuration Wizard sets it up automatically.

But, the INI file feature is now there too, so those who want the ultimate protection against email harvesters (spam bots) can get it. (More effort required though.)