How do you send the content of a website form to an email address without disclosing the email address to the user.
Thanks!
PS: If at all possible, I would like this to be in HTML JavaScript Ok, anything I guess.
Not possible. You can however put a "fake" from header in the mail. You'll only risk it to end up in the junk folder.
HTML doesn't provide any functionality to send mails. You'll really need to do this in the server side. How exactly to do this depends on the server side programming language in question. In PHP for example, you have the mail() function. In Java you have the JavaMail API. And so on.
Regardless of the language used, you'll need a SMTP server as well. It's the one responsible for actually sending the mail. You can use the one from your ISP or a public email provider (Gmail, Yahoo, etc), but you'll be forced to use your account name in the from header. You can also register a domain with a mailbox and just register something like noreply#example.com and use this to send mails from.
Update: JavaScript can't send mails as well. Like HTML it's a client side language. You'll need to do it with a server side language. All JavaScript can do is to dump the entire page content back to the server side. jQuery may be useful in this:
$.post('/your-server-side-script-url', { body: $('body').html(); });
with (PHP targeted example)
$to = 'to#example.com';
$subject = 'Page contents';
$body = $_POST['body']
$headers = prepare_mail_headers();
mail($to, $subject, $body, $headers);
Update 2: if you actually want to hide the to header in the mail, then you'll need to use the bcc (Blind Carbon Copy) instead. This way the recipient addres(ses) will be undisclosed. Only the from, to, cc stays visible.
If you mean doing so on a client side, using mailto: link - you can not.
If you mean any way, yes - you submit the form contents back to your server, and have your back end script send the email.
You can do the form in HTML, but the posting will need to be done in a script. Even if you don't expose the email address, the script can be used to spam that email address. This is why you see captcha being used in such cases.
There are scripts available for most languages. Check to make sure their are no known security problems for the scripts. The original Matt's script in perl had problems, and the Perl community created a more secure version.
Related
I am using the latest Joomla build for my website.
Allso we use a DNS record for having the mail delivered to our own server instead of the server on which the website is hosted.
I have used several contact form components, but every sent mail goes to my SPAM folder.
After searching hours on the web (and getting linked to this site frequently) i decided to make a new post.
It does not matter if i use the standard joomla forms, or any component.
Whenever a user fills in a form on my website, the email gets sent. The user receives a copy of its message, and i receive the message of the user. However, this message gets thrown in the spam folder, as phishing.
The sender of the mail always is: username#nameserver.i3d.net; namens; websitename
What do i have to change/enable/disable for this to work?
Thanks in advance.
Patrick.
(Sorry, I'm new to Joomla, but it uses PHP, so this may apply. Also this answer got a little long...)
It might be an issue with the email headers. A lot of email clients will automatically spam-box all mail where the address in the From: header doesn't match the envelope sender. As an analogy, you might not trust a snail-mail letter signed "Your Rich Uncle", mailed in an envelope with a Nigerian return address. Also if your envelope sender has a different domain than the one the email is actually sent from, that's another quick ticket to the junk bin. For more info about Gmail's message blocking policies (and general good practices), you can try this help page.
Here's some basic PHP email-sending code:
$to = $userEmailAddress;
$subj = $emailSubject;
$mesg = $emailMessage;
$headers = implode("\r\n",array(
"MIME-Version: 1.0"
,"Content-type: text/html;charset=iso-8859-1"
,"From: WEB_ADMIN_NICE_NAME <WEB_ADMIN#YOURSERVER.COM>" // *** 'From:' header
));
$from = "-fWEB_ADMIN#YOURSERVER.COM"; // *** envelope sender
if(!mail($to, $subj, $text, $headers, $from)){
//Some error handling...
}
On the first line I commented, you'll want to replace WEB_ADMIN_NICE_NAME with the name you want the email recipient to see (e.g. "Bill Gates"), and on both lines, replace WEB_ADMIN#YOURSERVER.COM with the actual return address (e.g. "da_boss#microsoft.com"). Note: whatever address you choose for the return address is where users' replies will be sent.
To reiterate, make sure both lines have the same return address (though the nice name can be anything you like), and make sure that the actual server sending the mail is in fact located at YOURSERVER.COM.
Lastly, I'm not sure where Joomla does its mailing, but if you're totally lost, you can try grepping with -lr for 'mail[[:space:]]*('.
there are several reasons that could make your email look suspicious to spam filters; to find out which head on to:
http://www.mail-tester.com
grab the email address and send an email from your website to it.
Then go back to the page and it will tell you what's wrong.
btw I'm struggling with the same issue,my problem being that on Joomla 2.5.9 apparently when you send html emails, a text-only copy is not added to the message, which is considered "spammish behaviour"
The problem is the i3d.net email address. My personal experience is that their network (31.204.154.0 - 31.204.155.255) is a significant source of spam and they do not action abuse reports. I suggest changing your hosting company.
UPDATE: (2/29/12) Okay, so I've run into this same issue again for a different client on a completely different server and hosting company.
Again, having a script with just mail() sends out the email correctly with no issues. I then added code that is similar to what I have below and hooked it up with paypal IPN. Every time a new payment comes in, the IPN fires, the data gets saved to the db but the mail() function just doesn't work.
However, I ran into an interesting issue. I did a test IPN fire from paypal's sandbox with the same script and the email was sent out.
Is this an issue with paypals production IPN, perhaps the way that it posts data to the script?
Any information here would be extremely helpful since my current solution using cronjobs is sloppy.
END UPDATE
I have my paypal IPN listener configured properly since it writes all the information to the DB when a new payment comes in. Now I'm trying to setup a mail() function that sends me an email alert of a new payment.
I have done this before for another project but I can't for the life of my figure out why it's not working this time. I'm not getting any error's in the error_log and the rest of the script runs fine.
I've tested to make sure that the server actually does send mail with a standalone mail() script. I'm really lost and confused here.
Here's the code that I have:
mail('test#email.com', 'New Order', 'New Order', 'From: support#website.com');
define("_VALID_PHP", true);
require_once('../php/init.php');
$item_number = $_POST['item_number'];
$payment_gross = $_POST['payment_gross'];
$payment_status = $_POST['payment_status'];
$payer_email = $_POST['payer_email'];
$txn_id = $_POST['txn_id'];
if ($payment_status == 'Completed') {
$query = $db->query("SELECT price, id, uid FROM invoice WHERE md5='$item_number'");
$row = $db->fetch($query);
$iid = $row['id'];
$uid = $row['uid'];
if ($row['price'] == $payment_gross){
$invoiceUpdate['paid'] = 1;
$update = $db->update('invoice', $invoiceUpdate, "md5='$item_number'");
}
}
$data['iid'] = $iid;
$data['uid'] = $uid;
$data['payment_status'] = $payment_status;
$data['payer_email'] = $payer_email;
$data['payment_gross'] = $payment_gross;
$data['txn_id'] = $txn_id;
$db->insert('payment', $data);
Since your mail function returns true and your code looks correct, i think you should check the mail log because the problem might not be related to code. Try to send a mail and then check the mail log on the server...once i lost two days trying to figure out a similar problem and in the end the problem was that my mail was not accepted by other servers.
to finde your mail log you can do (from the shell):
updatedb;
locate mail.log
or
locate maillog
this assumes you are using linux, but the problem might as well exists also on windows
The code seems correct to me.
My advice:
Create a new PHP script and test the function there. Does it work?
Attempt PHP SMTP authentication with your mail server and send the email that way. Does it work? (You can use the PEAR Mail Package or any other valid SMTP class.)
If the above also fails then attempt to use the SMTP script with a custom service (e.g GMail) and check if emails are being sent. Here are the GMail SMTP parameters.
If all of the above fail, the problem is definitely with your hosting provider.
how about start off with a call to mail(), then gradually add the code that process $_POST to see when it breaks down? You should have sandbox testing with paypal to make this easier.
On a side note, you should send a verify message to Paypal server to check if the request is actually originated from Paypal, just for security.
Problem isn't in your PHP code, but on server-side. You might have full mail or your provider/your server has problems with SMTP server. Check configuration/Contact provider.
use phpmailer for mail tasks,
http://sourceforge.net/projects/phpmailer/
it will allow you to debug email problems easily.
If you've already tested the mail() function and it sends then I don't think it's anything to do with your mail settings. One word of advice, however, is that you need to be careful with the e-mail addresses you put into the mail() function. A lot of hosting providers nowadays prohibit you from sending e-mails from domains that aren't officially registered (so test#email.com would not work - it needs to be from your domain and it needs to be a valid e-mail address you've set up - it can't be a fake address at your real domain).
If it's still not working, try manually updating the php.ini settings:
<?php ini_set ( sendmail_from, "my_email#my_server.com" ); ?>
Once this is done try putting your mail() at the bottom of the script and feeding one variable to it. So an example might be:
mail('test#email.com', 'New Order', $iid, 'From: support#website.com');
If nothing's being sent, I suggest you re-evaluate your code to see if variables are filtering through your if statements. If all else fails, contact your hosting provider and describe to them your mail problems - it might be a server issue after all. If you're running it on localhost, then that's a different matter entirely (it's quite tricky setting up mail() on a localhost server).
Are you using this code on Windows or on Linux ?
The mail function should execute you must be linking the ipn to a duplicate ipn-handler php file or you did not properly save the changes to the server.
Otherwise it just does not make sense your code is crisp clear and if you send out the mail right on the top it should work.
Now if you are on Windows mail() usually isnt the best choice as Windows lacks default 'sendmail'.
I'm trying to piece out how difficult it would be to set up an email server that will accept a URL as the subject of an email and respond with an attached copy of said webpage, or element(s) of that webpage (ie, an image from the page, or all of the videos on the page).
I don't necessarily need the code written for me, but would appreciate if someone could suggest a starting point.
I have very little web-programming knowledge (some C++, some Actionscript), which is partly why I don't even know where to begin.
There is several ways to achieve this.
In most unix MTAs you can set up an alias to pipe all messages for some address through a program.
This program need to parse the message header for the "from" and "subject", fetch the url and sent it back.
You can also do this with a program like fetchmail, so you dont even need to make something in the server side.
Finally, several languages have wonderful libraries fetch the mail using POP3, parse it, fetch the URL from the subject and compose a new mail message. Should be no more than 100 code lines with perl or python.
I use Net::SMTP to automate emails. I want to get notification if someone use email into Outlook I used this:
$smtp->datasend("Disposition-Notification-To: to.me\#domain.com");
The email sent succesfully but the Outlook client is not getting the notification.
Here is a snippet of the code:
$smtp = Net::SMTP->new("my mail host");
$smtp->mail("my\#adress.com);
$smtp->to("someuser#domain.com");
$smtp->data();
$smtp->datasend("Disposition-Notification-To:my\#adress.com");
$smtp->datasend("blah balh");
$smtp->datasend();
$smtp->quit;
The Net::SMTP module is pretty low level for this sort of stuff. You'd have an easier time with a higher level module such as Email::Sender.
It's possible the Outlook client agent is not set up properly to listen for these events. Can you send mail to it via another method? You need to isolate whether it is the listener or the sender that is having problems.
If you can receive mail in Outlook, but just not from your code, then it's your code at fault. Please include more contextual code in your question -- e.g. how is the $smtp object being constructed? Are you making a $smtp->dataend(); call as per the documentation?
Edit (after you included some code): there is a typo in that code; are you using use strict; use warnings; at the top of your script or module? Can you receive mail to your client from other means?
Edit2: if notification is all you're lacking, you should probably dive into the Outlook documentation to see what the criteria are for receiving such notification. e.g. you might need to provide a valid "Date:" header.
You need to include a blank line between the last header and the actual body of the message.
You also seem to be missing a space after the header prefix.
I'd guess that one of these is stopping Outlook from interpreting the header correctly.
Try this:
$smtp->data();
$smtp->datasend("From: my\#address.com");
$smtp->datasend("To: my\#address.com");
$smtp->datasend("Subject: test mail");
$smtp->datasend("Disposition-Notification-To: my\#adress.com");
$stmp->datasend("\n");
$smtp->datasend("blah blah");
$smtp->dataend();
$smtp->quit;
Perhaps Outlook is requiring the Return-Receipt-To header (non-standard, but you are sending to Outlook, afterall).
What techniques are available for sending an email via a webpage or a form on a webpage?
I've got some background idea that you POST the form data to a script but I've don't really know what a cgi script is (I'd love to learn if this is the suggested method!) or what the current practice is.
This is just to provide some way for users to contact the operators. The in-page form seems like it would be easier on the user than ask them to open their mail client. I was also concerned about bots harvesting the contact email address (in the case of mailto: links).
When you submit a form, the data in that form gets sent to the server-side script. For example, in PHP you access that data with the $_POST array, the <input name=""> becomes the arrays index.. For example..
// <form action="mailer.php">[..]<input name="subject" [..]><input name="content" [..]></form>
echo("The subject is: ". $_POST['subject']);
echo("The content is:" . $_POST['content']);
At the most basic level, all you have to do is use your programming languages built in mail function. Again, in PHP this is simple mail():
mail($to, $subject, $message);
You would just set $to to your email address (Do not allow the user to set this, or they are able to send mail as "you", to anyone - "spam"..), $subject and $message would be set form $_POST[]
Before you go any have a HTML file that goes to a script with mail("me#example.com", $_POST['subject'], $_POST['content']);, think what would happen if someone reloaded that page 200 times.. You must have some kind of security in it, probably a captcha, and/or rate-limiting.
One thing, that has bugged me before - remember a "contact us form" is not a replacement for giving an actual email address! For example, my mail client keeps a copy of all mail I send, and I can attach files, and it's much nicer writing in a familiar mail client than a form <textarea> (especially when the I accidently hit "back" and the form decides to clear itself)!
For most unix/bsd/linux systems, most languages provide a programmatic wrapper around the Mail command.
If you are using the ASP.NET 2.0, you can use the System.Net.Mail namespace.
More information here
todays languages for web development usually have libraries for sending e-mail. it depends which language you use, but you'd find it in your language's docs. it's pretty simple, the library inside your language usually encapsulates and provides 'smtp client' behavior which you use. you provide mail message with sender and recipient, and the data for connecting to your SMTP server.
or, you sometimes may use the SMTP capabilities on the machine where your web server is, if those are available. i'm not sure whether it gets worse for the e-mail at the recipient server because your server might not be recognized as mail server for the domain... someone with more experience might comment on that.
Well, here's what not to do:
Please spam me, kthx
It is a better code pattern to have users submit a form, sanitize the input and format it however you see fit, and then pass the data to a mail function in your language of choice.
Sending mail should be done server-side - the specifics change according to your server-side language, your operating system, and what access your server has to an SMTP server.
If you're looking for a lightweight way to add a contact form to a blog or public website, try Wufoo - you can add a contact form that will send you email very easily (up to 3 forms for free). I am not affiliated with them, I just think they're cool.