Welcome to the Small Business Ideas Forum! We are a community of over 100,000 small business folks with over 163,000 posts for you to browse. We pride ourselves on being the friendliest forum you will find and we'd love to have you as a member of our community. Please take a moment and register for a free account. If you need any help, please contact Chris Logan.

Small Business Ideas Forum

Small Business Ideas Forum

A friendly place to share small business ideas and knowledge, ask questions, find help and encourage others that are involved in the small business industry. Topics include small business marketing, generating revenue and small business computing.

Go Back   Small Business Ideas Forum > Small Business Computing > Website Development
Register Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
Old 23rd March 2007, 11:20 PM   #1
aurinka_jon
Member
 
aurinka_jon's Avatar
 

Join Date: Mar 2007
Location: Minnetonka, MN
Posts: 7
Default Use Of Forms Vs E-mail Link In Contact Page

I'd like to hear opinions as to the use of forms (where a page is presented for you to fill in blanks) versus providing a simple mailto: link in order to provide a website visitor with means to contact us.

Our website provides a contact page with a clickable link that launches the visitors e-mail with our address filled in. Is this sufficient, or considered bad practice compared to providing a form to fill in??

aurinka_jon is offline   Reply With Quote
Register or log in to remove this ad.
Old 24th March 2007, 04:57 AM   #2
Old Welsh Guy
Moderator
 
Old Welsh Guy's Avatar
 

Join Date: Jun 2004
Location: Wales
Posts: 700
Default

You can prepopulate the content of the email with simple instructions as to pertinent information you need. I like this method a lot. I use it for a catalogue type site I built a while back by modifying OSCommerce. When you hit the 'enquire about this artist' button, the email pops up, with a subject prepopulated, and also instructions along the line of.

please tell us as much about your requirements as possible, including date, times (start & Finish), location of venue, occasion being celebrated. This will allow us to ensure the act is best suited, and that we can quote accurately, without having to ask for further details. Please also supply a telephone number if you would like us to call you back.

This works VERY well as it leads the potential customer by the hand, and it is ALSO different to the normal email pop up, and shows you care about what you do and go the extra mile.

This is just my feeling though.

__________________
Old Bald & Stupid, but more than compensated for by being born Welsh.
Google Expert blog - Internet Marketing Consultancy
Old Welsh Guy is offline   Reply With Quote
Old 24th March 2007, 06:35 PM   #3
Corey Bryant
VIP Contributor
 

Join Date: May 2006
Location: Castle Rock, CO
Posts: 271

Default

I tend to think you should have both. I usually prefer to email so I can have a copy of it. However, if someone is at at work and maybe comes across your site, he / she might wish to contact you but unable to send email out due to company policies. If you provide an email contact form, the user will still be able to contact you.

__________________
Corey
Residential Office Solutions | My Merchant Blog
Corey Bryant is offline   Reply With Quote
Old 24th March 2007, 11:59 PM   #4
RayGoneFishing
Senior Member
 
RayGoneFishing's Avatar
 

Join Date: Nov 2005
Location: Guatemala
Posts: 137
Default

I agree with Corey that having both a form and a mailto link is best. Some people prefer email, others prefer the convenience of simply filling out a form instead of starting their email client first. For what it's worth, on most of my websites I have a mailto link right on the contact form, and more than 80 percent fill out the form, less than 20 percent use email for first contact.

Another advantage of forms is that you can specifically ask for all the information you need (particularly important with order or reservation forms) and with proper error checking you can make sure the information you get is plausible and complete. If they send an email, it's quite possible that they make a mistake somewhere or forget some important detail.

As for the sender getting a copy of what they send, that's possible with forms too, as long as you have control of the script that processes the form. Assuming the form input is emailed to you, you can add a CC with the sender's email address in it. Or, better yet, put a checkbox like "Send me a copy" somewhere near the submit button and send them a copy only if they tick the checkbox. That adds just a few lines of code to your script.

RayGoneFishing is offline   Reply With Quote
Old 26th March 2007, 02:35 PM   #5
StupidScript
Administrator
 
StupidScript's Avatar
 

Join Date: Jul 2004
Location: Los Angeles
Posts: 604
Default

I prefer forms, myself, but if an emai link is all that's provided I have no qualms about using it.

Technically there are issues with some types of visitor that might make it difficult to justify using only an email link ... for example, many America Online users have difficulty sending mail via a mailto: link due to the nature of the AOL software.

__________________
James Butler - "Do no weevils"
JamesButler.net
MusicForHumans.com
StupidScript is offline   Reply With Quote
Old 27th March 2007, 01:47 PM   #6
aurinka_jon
Member
 
aurinka_jon's Avatar
 

Join Date: Mar 2007
Location: Minnetonka, MN
Posts: 7
Default

Sounds like the ol' "belt and suspenders" approach is the consensus here. I'll start working up a form to add to the contact page. Are form spam / security issues really as bad as I've heard? What have the others here done to implement and secure e-mail forms on their websites? (Kapchkas, CGI/PHP/Javascript/etc.)

aurinka_jon is offline   Reply With Quote
Old 27th March 2007, 06:49 PM   #7
StupidScript
Administrator
 
StupidScript's Avatar
 

Join Date: Jul 2004
Location: Los Angeles
Posts: 604
Default

The most important rule with web forms is:
- NEVER trust user input. NEVER.


There are many ways for a malicious user to subvert your form intentions, and almost all of them involve including stuff in the form submission that can mess with your system. I won't go nuts with it, here, but suffice to say that before you do anything with the data being received by your form, make sure it's "clean" (no HTML tags, no extra stuff, all fields limited in how much they can accept, etc.)

A good approach to validating form input is to know exactly what you need to receive from the form, and testing user input for those exact things before moving it into your system. For example, if the form field is designed to accept a name, then test the user input for that field for upper and lower case alpha characters ... anything else is to be considered an attack. Similarly, if you are providing a textarea form element for the user to write a paragraph or two, know what you expect them to write and test for that content exclusively. In both cases, limit how much info the form can hold or will pass along by using the "maxlength" field attribute set to something reasonable (like ~30 characters for names and ~250 characters for textareas). Note that a textarea limited in this way will allow the user to enter more than 250 characters, however the form will only pass the first 250 characters through to your server. As these are included in the page's HTML code, they are merely "first line" defenses and should not be relied upon.

Do not rely on Javascript or the code found in your form page to protect you ... these are easily thwarted by anyone who wants to make a copy of the page for their own use. Rather, perform your form validation back at the server using PERL or PHP or some other server-side language, when the data has been received from the form and before you do anything with it, like add it into a database, send email acknowledgements or any other activity.

The second most important rule is:
- ALWAYS use controlled authorization to send mail.


If your form-handling process includes sending an email or two, to you and the user, for instance, you MUST control who is allowed to use that process by setting up a user/password for use EXCLUSIVELY by the form-handling process. Do not send "internal" mail as a normal user.

In addition, use your email program's configuration options to deny "relaying" to everyone except authenticated users. Normal users who send mail through your system should be using the SMTP-AUTH procedure so they can get around this, your internal form-handling process must be set up to authorize in the same manner, and NOBODY, including your form-handling process, should be allowed to "relay" mail through your system unchallenged.

It is not a problem for a malicious user to view the source code on your form page and discover the location of your form-handling process (i.e. /cgi-bin/formprocess.cgi), and then for them to make their own copy of the form and try to use it from their computer to send out little nasties. This is the main reason to protect the integrity of the "relaying" system.

Attacks on your server via a web-based form are to be expected. It is one of the weakest points in your whole security structure. Using a web-based form to acquire information and then send it over email is one of the biggest problems we have today. It is by far the single largest contributor to spam and other malicious email issues.

A properly secured email system can handle the spam part, and properly, diligently and aggressively policing the information received from your form can effectively erase the attack vector.

A form can provide structured information far more easily than an email link, but as you can see, there are steps which must be taken to ensure the safety of your server and to keep it from being compromised by spammers and the like. Once a mail server is secured, the form-handling process includes validation routines and your normal users are set up to deal with the changes, you won't need to return to those elements. They are set up. The time and effort you put into that phase of development will go a long, long way toward keeping your system up and running and your visitors happy.

__________________
James Butler - "Do no weevils"
JamesButler.net
MusicForHumans.com
StupidScript is offline   Reply With Quote
Old 28th March 2007, 03:19 AM   #8
Logan
Administrator
 

Join Date: Jun 2004
Location: Colorado
Posts: 7,951

Default

A little scary, but great response James!! I do agree it is the biggest spam issue today. Hopefully we can overcome the issues, and use it as the big plus it can be. Emphasizing one of the points made, seriously consider capturing in a database and using your contacts as a marketing tool to send further newsletter/marketing to... based on opt-in of course.

Putting the difficulties aside ... many many moons ago and out of curiousity ... i had a chance to a/b test a contact form vs email on a site with a good amount of traffic. I found that contacts increased by about 25% .... although that was years ago and only one test. That said, I agree the best solution is to provide both as suggested... although both carry along spam baggage to manage appropriately - if you don't you might (likely) find yourself in the situation of sifting thru 500 bogus emails to find the one that matters - the problem being the time that takes and the legit ones you miss (upset/lost contacts) if intermixed with a birage of spam.

__________________
Free Links - Promote Your Website For Free
Online Guide - Directory Of Free Stuff Online
Logan is offline   Reply With Quote
Old 28th March 2007, 12:43 PM   #9
aurinka_jon
Member
 
aurinka_jon's Avatar
 

Join Date: Mar 2007
Location: Minnetonka, MN
Posts: 7
Default

Stupidscript - thanks for the extremely helpful, detailed response. You highlighted several of the less well-defined fears that kept me from implementing e-mail forms so far. I think I'll look around for available open source code that will address these issues. While I know HTML/CSS/Javascript reasonably well, heading off into CGI/PHP waters is definitely new territory. If nothing good comes up, I guess it's time to learn a new language! Again, thanks for pointing out what I need to look out for. That helps immensely!

Logan - I appreciate your real world comments. Sounds like more good reasons to implement an e-mail form. Hope this pays off as your experience suggests!

aurinka_jon is offline   Reply With Quote
Reply   

Bookmarks




Thread Tools

Get Updates
RSS Feeds:
RSS Feed for Website Development RSS for this Category Only: Website Development

RSS Feed for Small Business Ideas Forum RSS for Entire Forum
Forum Rules


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


Our volunteer moderators and their websites:
David Wallace
SearchRank - Organic Search Engine Optimization
Old Welsh Guy
Internet Marketing from Wales in the UK
torka
NineYards.com: Helping Businesses Do Business Online
Small Business Answers
Free help to grow your business.

New at Search Engine Guide
The 4 Types Of Website Traffic

New at Small Business Answers
Contractor Estimate - Cancel Contract - Bill of Sale - Evaluation Questions

Employee Evaluation Templates
30 Day Review - 90 Day Review - Annual Review - Employee Self Evaluation - Strength & Weaknesses

New at Small Business Forum
Unusual Ways To Promote Your Business

Crimson Fox
Graphic Design and Brand Promotion and the Brand Design Blog
St0n3y
Search Marketing Results - Pole Position Marketing!
Search Marketing Info - (EMP) E-Marketing Performance
Matt McGee
Small Business SEM - Web marketing discussion for small businesses.
Logan
Tiny Doors Frisco
Things To Do

At Your Business - Small Business Directory
Free Business Forms - Prewritten Documents

Free Links - Free Advertising
Free Guide - Online Directory
Debra Mastaler
Alliance-Link
The Link Spiel Blog
ChristineG
Free Online Marketing and Social Media Tips: Social Media Simplified for Small Business Owners
mktgbiz
Promotional Items Marketing
What I REALLY think!


Visit our small business websites
Small Business Forum | Small Business Answers | Search Engine Guide

All times are GMT -5. The time now is 12:54 AM.


Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Copyright 2004 - 2015 K. Clough, Inc. - Privacy