Client Login Web-Op: Websites that get visits
(866) 937-7082
Arizona: (480) 664-9547

Effective and Safe Contact Forms

Nowadays, many websites no longer choose to post their direct email addresses, preferring instead to put up a contact or feedback form. There are two main reasons to do this. First, a contact form is a blatant "call to action" on a web page. A visitor who comes across a contact form will be much more likely to submit their information, then a visitor who has to seek out the "contact us" page, write an email to the site, and send it through their own mail server. Second, by removing the company's email address from the site, the business will often be saved the heartache of opening an inbox with 150 new junk email messages.

There are an incredible amount of companies boasting free contact forms, and they are fairly easy to implement in PHP. But, be advised, all contact forms are not created equal. There are specific formats that are proven to get better results then others. Following a few basic guidelines will help you design a contact form that will actually benefit your website.

First, make the form simple. Visitors that are filling out a contact form either have a specific question, or just want to submit their contact information to receive more information at a later date. The only fields you actually need are Email Address, and Message. A Name field is also helpful if you would like to address your customer by name. Beyond these three fields, visitors will become restless while filling out a form, which can often lead to form abandonment. The goal of a form is to collect contact information and a possible short message explaining the reason for submittal. Do not confuse or overcomplicate the process by demanding information that can be collected later, or is not actually needed at all (ie. Address). If you do wish to collect this information, make the fields optional so they are not required to submit the form, or lead the visitor to a second form after initial submittal for collecting the additional information.

Second, make sure the message box is of the appropriate size. This is usually 8-10 lines, which will enable the visitor to see their entire message without having to scroll. This will help avoid spelling errors and promote a readable message.

Third, make sure the form is submitted to the correct department. If you'd like to send questions to their related department address, you can make a drop down field with these choices (labeled "Subject" or comparable) and then make a script which sends the message to the chosen department (information, sales, marketing, etc). This way the question or comment will be directed to the person who can deal with it best, without having to forward the message and risk having it lost along the way.

Fourth, and the focus of the remainder of this article, spam protection and security. Like all good ideas, contact forms are not without their loop holes for spammers. Without the availability of email addresses to harvest from websites, spammers have turned the setback of feedback and contact forms into a springboard to send even more spam. By entering malicious data into the contact form, hackers or spammers can fool the PHP script into sending mass amounts of spam from your site. Thankfully, there is a solution that is fairly easy: Cleaning the data.

In general terms, cleaning, or sanitizing the data means it has been structured to remove potentially damaging hacker code. A simple way to avoid sending unwanted messages from your contact form is to build an array of headers you would like filtered out, that would then be replaced with an empty string. This can be accomplished by using the PHP function preg_replace(). Your code would look something like this: 
// Mail header removal
function remove_headers($string) { 
  $headers = array(
    "/to\:/i",
    "/from\:/i",
    "/bcc\:/i",
    "/cc\:/i",
    "/Content\-Transfer\-Encoding\:/i",
    "/Content\-Type\:/i",
    "/Mime\-Version\:/i" 
  ); 
  return preg_replace($headers, '', $string); 
}
Another common method used to deter spammers is the use of CAPTCHAs. A CAPTCHA is a puzzle designed to be simple for a real human user, but difficult or impossible for a computer. Most commonly, it takes the form of a computer generated .jpg or .png image with a background and distorted letters or numbers of a different color. The acronym stands for Completely Automated Public Turing Test to tell Computes and Humans Apart. Below are some examples of the evolution of CAPTCHAs:

Early CAPTCHAs such as these were used on Yahoo. However, technology was developed to read this type of CAPTCHA

A modern CAPTCHA, rather than attempting to create a distorted background and high levels of warping on the text, might focus on making segmentation difficult by adding an angled line

Another way to make segmentation difficult is to crowd symbols together. This can be read by most humans but cannot be segmented by bots.

Some sites rely on the inability of a computer to comprehend questions in human language. Childish questions like "Does a cat bark or meow?" or "What's six plus five?" challenge computers without confusing real users.

By having these puzzles appear on a contact form, and requiring the visitor to solve them before they submit, CAPTCHAs effectively eliminate the messages generated by spam bots that cannot see the image, or understand the question. To ensure a bot cannot get at your email address lists contained in the page source, simply create a CAPTCHA verification system before the user, or bot, gets to the actual web form.

In addition, your site can use CAPTCHA protected forms where the CAPTCHA resides on the same page as the form that is built in PHP, which is code that is not as easily accessed neither by the bot nor by human eyes.

Building CAPTCHA forms can be difficult, and would require an entirely separate article to explain, but there are some companies on the Internet that offer to do most of the hard work for you. Dagon Design offers instructions on how to structure and post a secure PHP form mailer script at http://www.dagondesign.com/articles/secure-php-form-mailer-script/ as well as a WordPress secure form mailer plugin located at http://www.dagondesign.com/articles/secure-form-mailer-plugin-for-wordpress/.

If your website is handled by a web development company, they will be able to implement a customized contact form onto any or all of your site's web pages. Just make sure they utilize the aforementioned four guidelines:
  1. Keep it simple. Require only the most important pieces of information to submit the form to avoid form abandonment.
  2. Make the entry boxes of appropriate size so the message can be relayed accurately.
  3. Direct the submission to the correct department's email address, so the appropriate person can respond to the request.
  4. Clean your data or utilize a CAPTCHA security feature to eliminate spamming.
By displaying your properly structured contact page, you can eliminate your email address from your site, and display a very clear "call to action" to your visitors, which will increase your desired conversion rate.

Free Site Analysis

full name

email address

phone number

website

Link Building

 
Website SEO
SEO Services
Link Building Service
PPC Management
SEO Articles
Website Design
Web Design Experts
Design Usability
Site Maintenance
SEO Web Design
Website Development
SEO Development
Web Based Applications
Custom Checkouts
Templates & Customizations
Web-Op Community
Web-Op Company
About Us
Contact Us
Nonprofit Work
Blog
Web-Op Support
Client Login
Contact Us
P 1.866.937.7082
F 480.393.4650
© 2011 Web-Op | All Rights Reserved