Hacker News new | ask | show | jobs
by ztetranz 778 days ago
If you build a contact form, please at least make it respond automatically with a "we've received your message" email. That at least gives me some confidence that the back end received it and it hopefully went somewhere useful. Without the auto-response I always have doubts if it worked or not.
3 comments
wuj 777 days ago
All contact forms should have a feature similar to Google Form's "Send me a copy of my response" for recordkeeping.
link
spartanatreyu 775 days ago
> If you build a contact form, please at least make it respond automatically with a "we've received your message" email.

I don't think that's such a good idea.

What would stop a bad actor from putting in someone else's email on a whole bunch of sites with this kind of form to spam them?

And what would stop a bad actor from putting in a bunch of randomly generated emails into such a form to DDOS the site?

And what would prevent the form spam being seen as spam by email clients causing real (and arguably more important) messages from also being thrown out and automatically deleted with the rest of the spam?

link
byyll 774 days ago
> What would stop a bad actor from putting in someone else's email on a whole bunch of sites with this kind of form to spam them?

What would stop a bad actor from doing the same on the register, forgot password or newsletter forms?

link
knallfrosch 777 days ago
Plus give back all submitted information.
link
ozim 777 days ago
That's not gonna happen.

I can put your e-mail in and type out all kind of swear words or put in phishing link in contact for of a company and you would never know it came from me and you would blame that company.

I had spammers trying that all the time, multiple times they had some confirmation for buyer of their services - well only me got that info because from any public form we always sent out confirmation and "was it you? if not disregard, please" where content went to our special place so it would be safe, like our sales person not clicking some bs link from such contact form.

link
ycombinator_acc 776 days ago
It does happen and is very handy.

Your far-fetched example is easily circumvented with a disclaimer saying this is a form copy (duh). I've never received one that didn't say that.

link
ozim 775 days ago
For authenticated form no problem. For unauthenticated form it is not far-fetched.
link