NOVA HostingResell HostingCompare HostsE-mail NOVA HOSTING
Hosting OptionsHosting RatesHosting SupportOrder Hosting



Stop spammers from harvesting your email address by not giving it to them!

This is easier than you might think.

It's well known that SPAM victims often give up their primary email address voluntarily by joining sites with poor or no privacy policy. Web site owners also give it up by publicly posting email addresses, which spammers then "scrape" from web pages for their SPAM-generating software. The old "mailto" is one of the worst examples of good code gone wrong.

TIPS on Dealing with and Preventing SPAM:

  • Be careful when posting your primary email address.
  • Use "throw-away addresses" when dealing with unknown entities.
  • Do not post your email address on your web site.
  • Use "forwarders" sparingly from your domain email addresses, and don't report mail that you have had forwarded as "spam." The wrong mail server most likely will be blamed and may be blocked.
  • Receive mail directly from your website by using NOVAhosting.com's Special Form Mail program that can keep your email private.
  • Our Special Form Mail program allows web site owners and developers to create sophisticated forms without tedious PERL or PHP scripting. What's more, the script will hide your email address from prying eyes. (For a classic tutorial on the basics of form design only, please visit this university).

    Q. Where do I get this special form-to-mail program?
    A. This script is provided free of charge and exclusively to NOVAhosting.com clients.

    How our Special FormMail Script Works

    You'll find our special spam-proof formmail PERL script under the FormMail Icon in the Mail section of your own Control Panel. You'll also find a special "hidden file" (meaning a file with a dot before the name) with special features you can easily configure to suit your needs. This file--.FormMail.conf--is in your /home/username directory and can be edited inside your File Manager. (Just enter the file name .FormMail.conf (don't forget the leading dot) next to the button called:

    To make editing (and uploading) files easy, you'll find this button on each page of your File Manager.

    .FormMail.conf helps prevent SPAM, thus preserving your bandwidth for legitimate users of your site. In addition, it enables you to enhance your forms and provide shortcuts that not only simplify your forms, but also enable you to hide your email address from spiders and email harvesters.

    How to Use FormMail

    To use Formmail, create a form on one of your web pages.

    The form action line should be

    <FORM ACTION = "/cgi-sys/ala-formmail.pl" METHOD = "POST">

    formmail.pl will do all the programming work for you. You alter the behavior of Formmail by using hidden fields in your form.

    There is only one hidden form field that you must have in your form for FormMail to work correctly. This is the recipient field.

    Field: recipient

    Description: This form field allows you to specify the recipient of your form's data. The quickest way to do this without completing the .FormMail.conf file is to have your own domain's email address as the recipient. (An outside domain will not work as a recipient when using this method.)


    <input type=hidden name="recipient" value="name@yourdomain.com,othername@yourdomain.com">


    NOTE: As mentioned above, this is an example of where the .FormMail.conf file comes into play. Any recipient outside your domain that you have specified in your form must also be listed in your configuration file. Please refer to the example configuration file at the end of this page for detailed instructions.


    If you like to tweak "thank you" or confirmation pages, please note that NovaHosting.com now uses a modified script so you can modify the Character Set ($charset) by including your preferred $charset value in the .FormMail.conf file. Setting of the $charset value in the .FormMail.conf file is optional, and if no value is set, the browser will use a default character set.

    You may also customize your form's Page Style by adding a custom .css file definition to the .FormMail.conf file. The .css file gives you the ability to configure the page style and appearance. This will make it easier to align the confirmation page with any existing style for the rest of the website. If no custom .css file is configured, the browser will use the default style. This functionality is also available with older versions of supported browsers (IE 5.x and lower, Netscape 5.x and lower).

    Before you are able to use the extra features of our version of formmail, you will need to create your configuration file, .FormMail.conf. This can be done in one of two ways. The first method is using the File Manager in your Control Panel, and the second is if you have ssh access to your domain. Either way will work equally well.

    Method One: File Manager

     - You will find the configuration file text at the bottom of this page. Simply select the text with your mouse, right click your mouse and choose 'copy'.
     - Once the text is copied, go to your Control Panel main menu, and click on the File Manager icon.
     - When the File Manager screen loads, type '.FormMail.conf' (without the quotes) in the text area to the left of 'Create/Edit file', and click 'Create/Edit file' with your mouse.
     - When the page loads, right click your mouse and select paste. (If the file is not empty, you already have a configuration file, and can skip this step.)
     - After you paste the text, change the 'Size' to 90 so that it will be easier for you to read and edit.
     - Scroll through the text of the configuration file, being sure to update the values to meet your needs.

    At the very least, you will need to enter your domain name (without the 'www.') in between the 'allow_mail_to' lines, and put your e-mail address in between the 'postmaster' lines.

    Once your changes have been made, click the 'Save' button.

    At this point, you can send e-mail via your HTML forms to any e-mail address set up on your domain. If you would like to send e-mail to other addresses other than ones set up on your domain, simply add the e-mail addresses in between the 'allow_mail_to' lines of your configuration file. You will find more detailed information explaining this in the actual configuration file.

    NOTE: although you will not be able to see your configuration file in the File Manager, it is there. Because it begins with a 'dot' (.), it is considered hidden. You can always access it simply by typing the name in the text area manually.

    Method Two: Command Line via SSH

    This method may be considered a more advanced method because of the 'vi' editor. Its commands may be confusing to some individuals. If you have any problems with this method, please try the above method, or contact support for assistance.

    First you will need to SSH to your domain. Then, from the command prompt, type the following:
    cd /home/user   (hit enter key) (Replace "user" with your domain's username)
    vi .FormMail.conf   (the first dot "." indicates that this will be a hidden file and not visible from the File Manager).
    Now, within the vi editor,
    IF the file comes up with a blank screen,
     - use the i key "i" to activate insert mode
     - switch to the browser window (this screen)
     - select-n-copy the Example .FormMail.conf at the end of this page.
     - when copied, switch back to the shell screen and paste the copied text
     - when the lines are pasted in, type Escape "Esc" and then colon 1 ":1" to goto the top of file (hit enter key)
    Once at the top of the file, proceed to read the descriptions and get yourself familiar with what their purpose is. When you come to 'postmaster' and 'allow_mail_to', you will have to enter the values in between the two lines marking the boudaries of those values. The rest is optional, but very handy.

    When you need to change the file, please refer to these 'vi' commands:

      Type "i" (to get into insert mode)
      Type "o" (to get into insert mode on the next line below your cursor)
      Type "u" (to undo your last change. note: cannot be in insert mode)
      Type "Esc" (to exit out of insert mode)
      Type ":w" (to save the file)
      Type ":wq" (to save and exit vi)
    To save your entries and exit the vi editor, type the following:
    (hit the <ESC> key)
    :wq   (hit enter key)
    The email addresses in the ".FormMail.conf" allow_mail_to section should match the email addresses in the "value" field (e.g):
    <input type=hidden name="recipient" value="username@hotmail.com,anothername@yahoo.com">
    The form action line should be:
    <FORM ACTION = "http://domainname.ext/cgi-sys/ala-formmail.pl" METHOD = "POST">

    NOTE: The above is also true if you would like to use your own secure apache certificate for your forms. The only change is the FORM ACTION line. The http:// gets replaced with https://. For example.
    The form action line for a domain specific cert should be:
    <FORM ACTION = "https://domainname.ext/cgi-sys/ala-formmail.pl" METHOD = "POST">

    NOTE: The above is also true if you would like to use a server wide secure apache certificate for your forms. The only change is the FORM ACTION line. The root domain name is required between the servername and the cgi-sys directory. For example.
    The form action line for server wide cert should be:
    <FORM ACTION = "https://host.servername.ext/domainname/cgi-sys/ala-formmail.pl" METHOD = "POST">

    Optional Form Fields:

    Field: subject

    Description: The subject field will allow you to specify the subject that you wish to appear in the e-mail that is sent to you after this form has been filled out. If you do not have this option turned on, then the script will default to a message subject: WWW Form Submission


    If you wish to choose what the subject is:
    <input type=hidden name="subject" value="Your Subject">

    To allow the user to choose a subject:
    <input type=text name="subject">

    Field: email

    Description: This form field will allow the user to specify their return e-mail address. If you want to be able to return e-mail to your user, I strongly suggest that you include this form field and allow them to fill it in. This will be put into the From: field of the message you receive.

    Syntax: <input type=text name="email">

    Field: realname

    Description: The realname form field will allow the user to input their real name. This field is useful for identification purposes and will also be put into the From: line of your message header

    Syntax: <input type=text name="realname">

    Field: sort

    Description: This field allows you to choose the order in which you wish for your variables to appear in the e-mail that FormMail generates. You can choose to have the field sorted alphabetically or specify a set order in which you want the fields to appear in your mail message. By leaving this field out, the order will simply default to the order in which the browsers sends the information to the script (which isn't always the exact same order they appeared in the form.) When sorting by a set order of fields, you should include the phrase 'order:' as the first part of your value for the sort field, and then follow that with the field names you want to be listed in the e-mail message, separated by commas.


    To sort alphabetically: <input type=hidden name="sort" value="alphabetic">

    To sort by a set field order: <input type=hidden name="sort" value="order:name1,name2,etc...">

    Field: redirect

    Description: If you wish to redirect the user to a different URL, rather than having them see the default response to the fill-out form, you can use this hidden variable to send them to a pre-made HTML page.


    To choose the URL the user will end up at:
    <input type=hidden name="redirect" value="http://your.address/file.html">

    To allow the user to specify a URL he wishes to travel to once the form is filled out:
    <input type=text name="redirect">

    Field: required

    Description: You can now require for certain fields in your form to be filled in before the user can successfully submit the form. Simply place all field names that you want to be mandatory into this field. If the required fields are not filled in, the user will be notified of what they need to fill in, and a link back to the form they just submitted will be provided.


    If you want to require that the user fill in the email and phone fields in your form, so that you can reach them once you have received the mail, use a syntax like: <input type=hidden name="required" value="email,phone">

    Field: env_report

    Description: Allows you to have Environment variables included in the e-mail message you receive after a user has filled out your form. Useful if you wish to know what browser they were using, what domain they were coming from or any other attributes associated with environment variables. The following is a short list of valid environment variables that might be useful:

    REMOTE_HOST - Sends the hostname making a request.
    REMOTE_ADDR - Sends the IP address of the remote host making the request.
    HTTP_USER_AGENT - The browser the client is using to send the request. General format: software/version library/version


    If you wanted to find the remote host and browser sending the request, you would put the following into your form:
    <input type=hidden name="env_report" value="REMOTE_HOST,HTTP_USER_AGENT">

    Field: title

    Description: This form field allows you to specify the title and header that will appear on the resulting page if you do not specify a redirect URL.


    If you wanted a title of 'Feedback Form Results':
    <input type=hidden name="title" value="Feedback Form Results">

    Field: return_link_url

    Description: This field allows you to specify a URL that will appear as return_link_title, on the following report page. This field will not be used if you have the redirect field set, but it is useful if you allow the user to receive the report on the following page, but want to offer them a way to get back to your main page.


    <input type=hidden name="return_link_url" value="http://your.host.xxx/main.html">

    Field: return_link_title

    Description: This is the title that will be used to link the user back to the page you specify with return_link_url. The two fields will be shown on the resulting form page as: <ul> <li><a href="return_link_url">return_link_title</a> </ul>

    Syntax: <input type=hidden name="return_link_title" value="Back to Main Page">

    Field: background

    Description: This form field allow you to specify a background image that will appear if you do not have the redirect field set. This image will appear as the background to the form results page.

    <input type=hidden name="background" value="http://your.host.xxx/image.gif">

    Field: bgcolor

    Description: This form field allow you to specify a bgcolor for the form results page in much the way you specify a background image. This field should not be set if the redirect field is.


    For a background color of White:
    <input type=hidden name="bgcolor" value="#FFFFFF">

    Field: text_color

    Description: This field works in the same way as bgcolor, except that it will change the color of your text.


    For a text color of Black: <input type=hidden name="text_color" value="#000000">

    Field: link_color

    Description: Changes the color of links on the resulting page. Works in the same way as text_color. Should not be defined if redirect is.


    For a link color of Red:
    <input type=hidden name="link_color" value="#FF0000">

    Field: vlink_color

    Description: Changes the color of visited links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is. Syntax:

    For a visited link color of Blue:
    <input type=hidden name="vlink_color" value="#0000FF">

    Field: alink_color

    Description: Changes the color of active links on the resulting page. Works exactly the same as link_color. Should not be set if redirect is.


    For a visited link color of Blue:
    <input type=hidden name="alink_color" value="#0000FF">

    Any other form fields that appear in your script will be mailed back to you and displayed on the resulting page if you do not have the redirect field set.


    BEGIN Example .FormMail.conf File:

    #### NMS Secure FormMail v2.20 2002/11/21 (Release 1.0)
    #### *Configuration File*
    #### If any values are not set properly, FormMail WILL NOT work.
    #### Save this file in your home directory (/home/username/) named '.FormMail.conf'
    # Set this to '1' if you recieve any errors.  They will
    # Be displayed to the browser in a more verbose manner.
    # This address will recieve bounced messages if any of the emails 
    # cannot be delivered, and should be set to your e-mail address.
    # A list of the email addresses that formmail can send
    # email to. The elements of this list can be either
    # simple email addresses (like 'you@your.domain') or
    # domain names (like 'your.domain'). If it's a domain
    # name then *any* address at the domain will be allowed.
    # Also see NOTE below for aliases. 
    # NOTE: One address/domain per line
    # A hash for predefining a list of recipients in the
    # script, and then choosing between them using the
    # recipient form field, while keeping all the email
    # addresses out of the HTML so that they don't get
    # collected by address harvesters and sent junk email.
    # For example, suppose you have three forms on your
    # site, and you want each to submit to a different email
    # address and you want to keep the addresses hidden.
    # In the HTML form that should submit to the recipient
    # 'me@mydomain.com', you would then set the recipient
    # with:
    # <input type="hidden" name="recipient" value="me" />
    # NOTE: If an alias is set for any e-mail address, then it is
    # not required to be in the [allow_mail_to] block, it
    # is automatically allowed.
    # NOTE: One alias per line.
    # If this flag is set to 1 then an additional email
    # will be sent to the person who submitted the
    # form. 
    # CAUTION: with this feature turned on it's
    # possible for someone to put someone else's email
    # address in the form and submit it 5000 times,
    # causing this script to send a flood of email to a
    # third party.  This third party is likely to blame
    # you for the email flood attack.
    # The header and body of the confirmation email
    # sent to the person who submits the form, if the
    # [send_confirmation_mail] flag is set.  In the
    # example below, everything between the lines:
    #    [confirmation_text]
    #  and
    #    [/confirmation_text]
    # is treated as part of the email. 
    # !!IMPORTANT!!
    # Everything before the first blank line is taken as part of
    # the email header, and everything after the first
    # blank line is the body of the email.
    From: you@yourdomain.com
    Subject: Your Form Submission
    Thank you for your submission.

    END Example .FormMail.conf File