A plea from your friendly neighborhood op: please don’t put a contact form on your website…not even with a CAPTCHA. Just put your addresses on it, including your email address.

“But I’ll get spammed!”—You’ll get spammed anyway, if you have your own domain, and addresses like contact@ and sales@ work. Worse, you might enable spamming others.

“I’ll put a CAPTCHA on it!”—Don’t offload administrative hassle onto your users!

Experience suggests odds are pretty good your form broke sometime in the last couple of years anyway—bad address, broken form, misconfigured mailserver. Did you notice? Do you test it?

Show thread

Oh yeah, and SPF! Another good one. Is your webserver’s mailserver in your SPF record? Does it sign with DKIM? Have you checked your DMARC reports lately?

Sign in to participate in the conversation
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko