What else can you do with it?

-- From a customer service standpoint, it prompts the user to answer the right questions (make them required) so you can answer their inquiry intelligently, whereas a generic email may just be confusing.

--- Add a "how you found out about us" field, and make it required.

some have a page with an email that you click and opens your email client....

--- I'm amazed at the number of people who just don't realize that a mailto: link, in any form, will only work if your visitor has an off-line mail client. A mailto link prompts the local system to open the "default" mail program and populates a new email with the send to, subject, and sometimes even the body. But if your visitor uses a web-based mail client, such as Yahoo, MSN, gmail, etc. - this won't work. I've seen this in action, and when Outlook Express "pops up" on an unaware user's screen, the reactions range from mild confusion to "OMG it's a pop up, this site has a virus."

More and more people are using free web-based mail clients and you can be guaranteed that if you use mailto: links, you are losing business. A secure, working contact form reduces the proliferation of spam by removing the email address from your site, completely, and circumnavigates all this.

Add a filter to block all the incoming emails filled with urls and links for meds....Beware of attacks.

--- Having a simple contact form processor can be more trouble than it's worth if you don't do this, and make it secure. You will have to do some filtering, but more importantly it's critical your processor cleanse the data and throw away anything that is not acceptable. After that you filter for link droppers, and this will knock out 99% of your spam attack attempts. If you don't know what you're doing, pay someone to do it for you - "Free" almost always carries consequences.

An additional caveat here: If you auto-respond to the visitor, have it auto-respond from a no-reply address. This is as important as anything else. Spammers will submit your form just to get at your from address.

"But I'll lose customers!" No you won't. If you manually REPLY to the inquiry, your legitimate customer now has your valid email address.

-- Make sure it's accessible and usable. How often have you submitted a form and a plain white page with the words "Some of your form fields are missing, use the back button and try again." What the heck? Think through your process, guide your user. What should have happened here is the form displays again, with all the data they entered populated, with this message in big red text: "The email address is in an invalid format. Please re-enter a valid email address." (Some may even focus the first errant field, but I don't do this because there are mixed emotions on controlling the user's actions . . .)

"I do all this with Javascript." Well you also need to do it on the server side. I love JS, but if it's disabled, your form still needs to work, or you're losing business leads or sales. Make it accessible, so it works with or without JS.

Store the messages on the server on a log file or database for future reference.

I can't stress the importance of this. Many just consider the server's access logs "enough" but when your form is under attack from spammers, server logs don't tell "the whole story." You need to know precisely what is being input in your forms; before processing anything, log the raw data to see what they are up to.

Very important - make sure your contact form actually works, no matter how simple the code looks. Just send yourself a message and test it. I have a competitor whose contact form has never worked, and it irritates me to the core because they probably just need to change one little line of code. Since they are only technically a competitor (not worried about losing any sales to them), I'd like to be nice and let them know, BUT, I can't contact them to say, "omg fix0r plz" because THE FORM DOESN'T WORK.

--- Add a "how you found out about us" field, and make it required.

Anyone got any stats on the reliability of this. If you make it compulsory when it is unnecessary for what I want to ask and I, for one, will give a duff response every time - if it's a dropdown then probably the one that looks most expensive. Don't make it required and I may leave it unanswered or I may answer it correctly but I won't look to corrupt your stats.

<added>Probably depends on your audience.

[edited by: Status_203 at 11:00 am (utc) on April 6, 2009]

Great post explorador.

For some websites, particularly b2b, the contact form is the checkout: the most important part of the website.

One thing that I would add is that when a reply is required: read the message and answer the question asked. Stock responses based in individual keywords in the message just give the impression that you (or your staff) don't understand your own business.

--- Add a "how you found out about us" field, and make it required.

Ditto what Status_203 said. Requiring me to answer a purely self-serving question like this, especially if I'm filling out your contact form as a courtesy to report errors on your site, or to complain about something that I'm not happy with will end with a bogus answer and skewed data.

Respect your users and let them choose whether they answer questions like these. Better yet, ask them how they found you when you respond to their inquiry. A human touch goes a long way.

Great post.

I cant believe the amount of websites that I have spent a few minutes on writing some feedback, only to find it directs to page that doesn’t exist. Or the form sent an email to an address that didnt exist.

My websites cover all the bases and a little more. Capturing all possible data has help me to determine who was the 'anonymous' idiot sending me an offensive message, but I do worry that most people using these form don’t realise how much data we are capturing about them.

I had one user who got quite narky that I had their IP address, I wasn’t about to tell him how much more info I had.

Which begs the question, how much information is too much information? As I capture a little bit more than most.

I found that allowing them to upload a file can often increase the interaction significantly.

Also I react to spammers in exactly the same way as if it succeeded even though I'm tossing the message. Don't let them know when you detect them, and you'll have far less work with tuning your filters, as they'll not tune their messages.

I often make _none_ of the fields required. Iow. all attempts succeed even a blank submit. The anti-spam filter then stops me from wasting time on the blank ones and I can focus on the interesting ones. Since they all work it means that often I don't have an email address to work with them, but most fill it out and those not doing that mostly have a good reason and it prevents me from getting bogus info like "abuse@example.com".

IMHO: the less fields are required the better it works.

I never send out automatic emails back to the submitter, it's way too easy to fake an address and if you use any user supplied content you might open up a number of holes for spammers to abuse or security incidents to occurs.

I have a captcha on all my contact forms. What's your opinion on this?

Never send a auto-response. It simply gives spammers your email address.

-- I cant believe the amount of websites that I have spent a few minutes on writing some feedback, only to find it directs to page that doesn’t exist --

Seb7, There might be a reazon for that. There is a trick that takes a presence of a cookie into consideration. If there is no cookie or a cookie is to young(less than 2-3 seconds) a lot of sites will point Action page to "NO-WHERE-LAND". This is done to minimize the amount of spam that comes thru contact form.

For site feedback, I would never ask for a source. For a catalog request or purchase, I always do.

I don't like captchas; the older I get the harder a time I myself have making them out. I've found that adding a hidden field to the form and then tossing out the entry if it's filled in has been pretty darn effective in weeding out 99% of the crap.

I really hate contact us forms and never use them. They are for nobody faceless clients somewhere in cyberspace.

On contact us pages I put photos and email addresses and titles of the people they will be speaking to and phone numbers.

Less programming thinking, more customer's perspective thinking.

For all the negs on "how you found out about us" being required -

The topic of this thread is importance and uses of your contact form. This is an important aspect of using a contact form. Instead of aggressive upsells and serrupticious data collection tactics, this is a simple and polite way to collect information about what marketing is working for you.

Sooner or later, you have to come to the conclusion that some customers are more trouble than they are worth. If it's "too much" for you to enter the word "Google" or "friend" when inquiring about a service or product, you probably fall into that category.

In all the customers I've had over the years they have all found this single field an invaluable contributing factor to understanding what marketing works for them, and have never heard rumor of a single complaint. Not one. If you see this as "self-serving" or obtrusive, you probably fall into this category. No big loss.

Never send a auto-response. It simply gives spammers your email address.

see post # 2:

If you auto-respond to the visitor, have it auto-respond from a no-reply address.

An auto response is a verification to the end user that the form is actually WORKING. "Of course it works, why wouldn't it?" This problem is rampant (see ambellina's post, page 1.) Even when they work, they provide poor or inadequate responses to the end user.

Just the other day I submitted a form that gave no response other than a redirect to the main page. Did it work? Who knows.

A second use of the auto-response in the contact form is that it provides a link for them to return to your site and displays a degree of responsibility to the legitimate client. Part of the "cold form" problem is that users don't know if they are really getting through, a response is like saying "we got it, and we'll get back to you ASAP."

I have a captcha on all my contact forms. What's your opinion on this?

Contrary to my comments about "how you found out about us," I have heard nothing but complaints from every.single.user. who has to deal with one of these. I have never heard positive feedback on them from anyone except the programmers implementing them. They are unnecessary barriers to making a contact.

They are unnecessary because the processors behind them should do all the work, and they usually don't. So while putting a capchka on a form may temporarily (or even permanently) solve your problem, it does so at the expense of the end user. Stopping spam and filtering data should be the job of the programmer, not John Public who is frustrated enough just getting his computer to boot up.

On contact us pages I put photos and email addresses

See post #2, page 1:

.... a mailto: link, in any form, will only work if your visitor has an off-line mail client. .... More and more people are using free web-based mail clients and you can be guaranteed that if you use mailto: links, you are losing business.

Once you put up a form you will start getting spammed. You will notice a pattern to the spam and you can add code to try to filter that out. You will see unique codes in some fields. Apparently there are some people out there that think that if you submit url's to every form on the planet some of them might put links on a website. Be sure to set some of the fields so that they only take numbers for phone numbers or some kind of validation. If you don't expect url's in your main text box validate it for that. Don't allow url's. That should stop quite a bit of it.

I have tried blocking certain blocks of URL's when I see them come in but they constantly get new ip's.

I agree with the importance of contact forms. In fact the whole purpose of many of my websites is to encourage visitors to enquire through the contact form or call our technical helpline. These are the leads that fuel our business.

However, being more of a marketeer than a techie, I've always found implementing contact forms one of the most troublesome areas of the websites that I have developed. Every so often one of the forms on my website will stop working, usually due to the web host changing some security settings or my spam filter blocking the form email. Then there's the endless spam sent through the forms that has already been described. I have also heard that it is possible to "inject" code into a website through a web form if it is not set up correctly - probably an unnecessary fear as my websites are not database driven, but it leaves me with a lingering concern that my websites might not be secure.

Anyway, the type of features that exporador mentions sound excellent. I'm just interested to know if there is some easy off-the-shelf code available to produce such a form.

Great post explorador and great input from rockinbil.

Like the last poster, is there a secure off the shelf solution or doe it need to implemented on a site by site basis?

I knew that some people use gmail etc. and have no Outlook. I also knew that mailto calls up the email client. Just never put the two together and the effect my mailto (yes, I am guilty) can have on lots of my users. Thanks rocknbil.

Nothing is more irritating than the "how did you hear about us?" question.

It is asked in the most ridiculous circumstances. Most recently, an AT&T customer service rep chirped "And how did you learn about AT&T today?"

As for Captcha, I think it's a good idea but expect users to complain about it and to claim it doesn't work for some unique reason that applies only to them.

Use server side rules instead of captcha, or some simple tricks like an exact phone number format with an example of course.

Test your form constantly. Have your <insert_random_clicker_here> find the form and fill it out. Ask them if the process made sense, how did they feel about the amount if info asked etc.

Always test your form... It will stop working right somehow once a year for very common reasons. It can be a failure from a spam filter (see the on server suggestion) or updated perl or some or all the browsers security therefore rendering changed. I have seen tons of issues that creep in without anyone being aware.

Offline backups - end to end backups for all code used on your site is crucial as are the notes about EVERY edit no matter how minute. If you start from scratch you can mess up your email spamfilter ratings for a bit if your email header content changes too much. And when the script is hacked and the server compromised you will need to redo everything and fix the issue. Have fun and good luck getting back online if those offline non automated backups dont exist.

Get the crucial info, but keep it simple. And for petes sakes answer the email immediately as soon as anyone see's it! Tell them your working on their answer and you'll have more info <?>...

Sure you sent an automated response saying it will 24-48 hours but honestly what were you doing exactly 48 hours ago (ohh please don't tell me) but most users might remember they were researching something or other.

But if you wait that long they are either done or gonna make you play the back and forth game till they get back up to speed emotionally. They sent you an email wanting some personal service how ever ridiculous, a good quick personal reply goes a very long way...

Do not use unknowledgeable screeners here, your gonna tee off someone and if your like some of my clients that sale is worth 5 or 6 figures and a referral to a lower end or competitors product can generate more money for adwords campaigns.

I have such a form and lately have been receiving a bunch of "junk" transmittals consisting entirely of urls composed of random letters and numbers. Is this just someone hoping to receive an automatic response in order to get my email address? (I don't use an auto-responder).

To kind of stay on topic the reason I starting using the contact form was because someone used my email address as a return address for spam and I wound up with 1000's of "mailer-daemon failures" in my inbox. I shudder to think how many thousands made it through with my email address on them.

With a contact form you don't have to show your email address at all.

I purchased a .tel and plan to fw all the contact links of my websites to example.tel

Im tired of making updates to all contact,disclaimer,about us pages!

AND, keep that info safe and private.

I never know how to use a database to keep e-mail address of users safely.

I have a captcha on all my contact forms. What's your opinion on this?

Great move! Make it harder for customers to contact your site owners! Why don't you add some insulting text like calling it a "test to make sure you're a human" too?

In the meantime, my websites will have your customers. Thanks!

Well, using "captcha" is not wrong sometimes.

I had a contact form in one Web site and it got spammed heavily, I use to get almost 50 or 100 junk per day.

Later I "captcha"-ed it, to get rid of robotic actions.

Captcha is necessary, if our forms get infected with robots, but captcha verification can be made a much simpler or a much harder, based on spam experience with our form.

Captcha is necessary, if our forms get infected with robots

I've written it before and others have hinted at it above: if you are worried about spam in your contact form, put in anti-spam rules like URL restrictions, filters and hidden fields. Captchas are not anti-spam: they are anti impaired-reader (whether robot or human).

The captcha Ihave on pretty much all my contact forms (and my forum posts) are super easy to read. I just made several jpgs and rotate them. I tried hidden fields, but somehow that did not work out so well. And it's true, I will never hear from the people that had trouble filling it in. But I got a lot of positive response on the forums, since it cut down 99% on URL drops adn some thought it also made the contact form more 'professional' - they are all travel realted sites and it has to be a little harder because a lot of people who wnat to fo there actually contact me for accommodations etc (instead of the easily reachable) advertisers on the site.

mistah has an important point:
"However, being more of a marketeer than a techie, I've always found implementing contact forms one of the most troublesome areas of the websites that I have developed."

This is an age-old problem for non-programmer Webmasters-- creating and installing a spam-proof contact form. People avoid forms and resort to captchas and desperate solutions such as exampleATexample.com. (And don't forget to change AT to @).

Sorry, folks, but not all of us are programmers or code writers. And there's even a range of opinion in this string, among professional Webmasters, on what's effective.

I'll venture that somebody could make some money if they'd write a cookbook manual, or an application, for creating and installing spam-proof forms. Write it for both PHP and ASP. I know I'd buy it.

I think it should be mentioned that there are various forms (no pun intended) of CAPTCHA out there....

Not ALL CAPTCHA methods are good for everyone, but SOME do more good than harm. The image based ones with obscured text are the worst (in my opinion). But other methods like simple plain text questions (which *most* people can answer) do prove positive most of the time.

Nothing you do can ever be 100% perfect for everything and everyone, but you can try to get a good 'in-between'.

I would strongly recommend using a form which is accessible to visually impaired users, and common browsers (including text only, screen-readers and/or non-JavaScript).

I'd also recommend hosting the full form solution on your OWN hosting. (You would be amazed at how many people use remotely hosted form solutions - imagine the data these guys have on you, your business and your clients... man that is scary.)

Always make sure you have 100% access to the full source code and host locally. You have a responsibility to your clients and their data.

I think that the CAPTCHA issue depends on your audience. If your audience is most likely to be net-savvy, go for it. Mine, however, is definitely NOT. If I were to give them any sort of CAPTCHA, no matter how easy it might be to understand, a large portion of them would flip out and run away. Sure, I get some spam mail, but I'd rather delete a handful of spam everyday than lose customers who might give me lots and lots of money in return for answering their question :)