banner image
GetSimple... All you need in a CMS and nothing you don't !
Home  ›  Extending GetSimple  ›  Additions  ›  Secure Contact Form

Secure Contact Form

A secure PHP mailform based on...

PHP contact form  by Mike Challis -
Version: 1.4 - 28 Jan 2010
Copyright 2008-2010 Mike Challis
Original Script available at

Modified by Jadefusion -
Version: 1.4m - 14th November 2016

This program is free software that can be redistributed and/or modified under the terms of the GNU General Public License as published by the Free Software Foundation.

The PHP contact form script by Mike Challis seemed an good choice for a script on which to base a mailform as it has...

  • Very tight security, detecting all common spammer attack methods, uses server side form validation with an optional image captcha function to help prevent your contact form from being hijacked.
  • Easy to embed into almost any web page design with well commented code so the script is easier to understand and modify.
  • DMARC compatible. See...

In this modified version of the mailform an additional method for detecting spam bots has been implemented. It is based on a magic word / word challenge test. This means you can have a mailform without image captcha yet it is not left totally unprotected against spam bots.

DMARC Policy Impacts

DMARC - Domain-based Message Authentication, Reporting & Conformance.

When Yahoo implemented DMARC policy changes in April 2014 it caused quite a stir in the email deliverability community. Yahoo changed its DMARC policy to proactively protect its users from increasing email forgery spam. This step helped to secure a user’s email identity from being used by unauthorised senders. Yahoo's changes tell other DMARC compliant systems to reject mail from Yahoo users that isn’t genuinely originating from a Yahoo server. Other email providers followed the example.

Q: What does this mean for the humble site contact form?

A: Many mailforms do not pass current DMARC practises so they will not deliver email reliably. Why? The email address provided by the person sending a form is often included in the FROM field of the sent email. This is never meant to happen as DMARC rules can prevent the message from being delivered. To deliver email reliably, it is important that we can define an email address which we control and on the domain where the form is hosted, as the email address used in the FROM field.

Version Notes

From version 1.4g fancy URL's and domain name extensions of up to 12 digits, such as .photography, are supported.

Setup Information and Downloads

View contact form setup FAQ...   secure-contact-form-setup.html

Contact form without image captcha.
Demonstration   Secure Form Example #1
Download - 16.5 Kb.

Contact form with image captcha.
Demonstration   Secure Form Example #2
Download - 436 Kb.