Heal Your Church WebSite

Teaching, rebuking, correcting & training in righteous web design.

Fighting Spam with Contact Forms

I hate spam. Not the greasy pork-shoulder product offered by Hormell, but the virtual version that clogs the arteries and mailboxes of our church staff with ads like “See Jennifer Lopez Naked!” and “Make Millions From Home” Not that my pastors can’t handle temptation, but why even let the bird fly over your head, let alone nest in it?

In the past I’ve offered the Mean Dean Anti-Spam Email Obfuscator, but even that has its limitations, as Mark Pilgrim taunted to my attention back in late October. So what alternative does one have? Well, something I’m going to work into the redesign of Redland Baptist, and this site, and blogs4God, is to provide email contact using an online form.

Now there are several “FormMail” mutations out there. But many of them use the destination email address as a hidden variable. Which means a spambot can see it, snarf it and spam it. So the trick is to use a form that won’t give away your email address. Even better, a form who’s underlying code restricts the email recipient to a known list AND restricts the submission of the form to YOUR server. This later feature is important so a spammer doesn’t try to submit the form program from his/her server. It’d also probabaly nice to have a form that also enforces required fields and records the IP of the sender. Banning an IP might also be a good feature.

Well, I found two that I think I might employ. One in Perl for this site, the other in PHP for blogs4God. I’m still deciding about Redland. Both forms allow me to enter one or more recipients. In the case of multiple recipients, the user gets a drop down list to pick from. They allow/enforce required fields and they record the IP. Best of all, they’re free and don’t require a ton of modules behind the scenes.

  • Stephen Ostermiller Contact Form – Contact Form is a Perl script that you can run on your website that will allow others to send you email through a web interface.
  • Jim Seymour’s Simple Contact Form – Designed to be simple (in PHP), yet flexible and secure, SCForm features easy installation and configuration; single and multiple recipients that are completely hidden from web scrapers; remote host and IP tracking, even through proxies, and optional, powerful ban list support.
“Though the bird may fly over your head, let it not make its nest in your hair.” – Danish Proverb


  1. Bob taught me to use a javascript command to obscure my email address.

    In the HEAD tags:

    function shoot(address) {
    window.location.replace(‘mailto:’ +address+ ‘@lycos.com’);

    And every time I want a “mailto” link:

    A HREF=”javascript:shoot(‘mizwacky’)”

    Will this work, or will spambots still figure it out?

  2. Pingback: Workbench