https://adamjones.me/blog/dont-use-contact-forms/
Contact forms are almost always worse for users than just putting an email on your website. I explore why they're terrible, why you've done it anyway, and what to do about it.
Why your contact form sucks
Your contact form is completely broken
It's remarkable how many contact forms are just straight-up broken. A WordPress upgrade here, a change to your CRM there, and your contact form silently breaks.
At time of writing, B&Q's contact form just plainly doesn't work1. I am fairly amazed that a retailer with revenues in the billions doesn't notice written queries have stopped coming in.
[...] Contact forms are hard to get right, and often just a worse experience for everyone involved. Go forth and remove your contact form and list your email on your website now!
[Ed. comment: click through and read the lengthy, but hard to argue against, complaints about web-based contact forms]
(Score: 4, Insightful) by daver!west!fmc on Thursday May 09 2024, @06:38PM (3 children)
Your contact form requires the person requesting contact to enter an e-mail address. It will send a confirmation e-mail, including the text collected by the form, to this e-mail address. Thus it can, and will, be used to send spam not just to you, but also from your host to someone else who the spammer really wants to get to somehow.
Just use a throwaway e-mail address already, one that forwards to your actual contact e-mail address. Go ahead and put it on your web site in the clear. When it starts getting spam, make a new throwaway and put that on the web site, and get rid of the spammy one. It will take months, or years, it will be so much work that the hard part of the problem will be remembering how to do it when the time comes.
(Score: 2) by Opportunist on Thursday May 09 2024, @07:22PM (1 child)
It's even easier than that. Make the mail address a guid-style address, usable exactly once. Set up your mail server to forward anything going to a guid-style mail address to your actual contact mail address, and immediately blacklist any guid-address already used.
Unless you get like a few billion mails a day, this should be good for a year or two. Then you can purge the blacklist and start over.
(Score: 2) by daver!west!fmc on Friday May 10 2024, @06:16PM
Like the hosting provider you (or your organization) have engaged for a Wordpress site (whose developer insisted you had to have use contact forms so you couldn't get spam) offer that kind of feature in their mail server.
The thing I really find offensive is how the things are used to spam other addresses.
(Score: 2) by vux984 on Friday May 10 2024, @06:45PM
I've seen lots of contact forms that don't include the text of the message you sent, just a vanilla acknowledgement of receipt precisely to avoid this means to spam.