Secure Contact Form
A secure PHP mailform based on...
PHP contact form by Mike Challis - www.642weather.com
Version: 1.4 - 28 Jan 2010
Copyright 2008-2010 Mike Challis
Original Script available at
Modified by Jadefusion - www.jadefusion.net
Version: 1.4m - 14th November 2016
This program is free software that can be redistributed and/or modified under the terms of the GNU General Public License as published by the Free Software Foundation.
The PHP contact form script by Mike Challis seemed an good choice for a script on which to base a mailform as it has...
- Very tight security, detecting all common spammer attack methods, uses server side form validation with an optional image captcha function to help prevent your contact form from being hijacked.
- Easy to embed into almost any web page design with well commented code so the script is easier to understand and modify.
- DMARC compatible. See... www.dmarc.org
In this modified version of the mailform an additional method for detecting spam bots has been implemented. It is based on a magic word / word challenge test. This means you can have a mailform without image captcha yet it is not left totally unprotected against spam bots.
DMARC Policy Impacts
DMARC - Domain-based Message Authentication, Reporting & Conformance.
When Yahoo implemented DMARC policy changes in April 2014 it caused quite a stir in the email deliverability community. Yahoo changed its DMARC policy to proactively protect its users from increasing email forgery spam. This step helped to secure a user’s email identity from being used by unauthorised senders. Yahoo's changes tell other DMARC compliant systems to reject mail from Yahoo users that isn’t genuinely originating from a Yahoo server. Other email providers followed the example.
Q: What does this mean for the humble site contact form?
A: Many mailforms do not pass current DMARC practises so they will not deliver email reliably. Why? The email address provided by the person sending a form is often included in the FROM field of the sent email. This is never meant to happen as DMARC rules can prevent the message from being delivered. To deliver email reliably, it is important that we can define an email address which we control and on the domain where the form is hosted, as the email address used in the FROM field.
From version 1.4g fancy URL's and domain name extensions of up to 12 digits, such as .photography, are supported.
Setup Information and Downloads
View contact form setup FAQ... secure-contact-form-setup.html