[1] When I began slowly moving all my static content, or old HTML pages, to new sites, managed on a variety of content management platforms, one of the biggest challenges I had was finding a variety of tools and plugins to help handle some of the things — automatically — that formerly had to be coded or were handled by various things from the Web host’s server package.

As I discussed in at least [2] one earlier post, there were many things that went into the planning, testing, and consideration. One such consideration was for a contact tool, but another, and somewhat related tool — at least in my eyes — is a tell-a-friend tool.

I’ve been blogging for almost four years now. Although this incarnation of Scoop’s Views goes back only one year (for now), to [3] September 28, 2006, I am working on going through old database backups of an earlier version of the blog and repost some of the older posts. I am also considering pulling some posts, even older than that, from old blogs I used to have, and finding the classic stuff from there, some of the best posts, and reposting it here, under the original posting date. We’ll see. It all comes down to time, don’ you know?

In looking for tools, plugins, and utilities to help make my life easier in managing a variety of sites, I tried a variety of contact forms and a few tell-a-friend scripts. As far as tell-a-friend scripts, most handled things in a way I didn’t like, mostly because they were open to blatant abuse by those scum-sucking slimeballs wanting to send SPAM using legitimate sites, wasting the money and resources of others, without care of concern.

Many tell-a-friend forms allow users to enter their name (the FROM name), their email address (the FROM email), the recipient’s name (the TO name), and the recipient’s email address (the TO email address). Some of the forms, instead of using the sender’s email address, or even listing it, simply use the site’s email address to send the form.

Tell-a-friend forms are those forms that you use to "tell others" or "tell your friends" about a site. They send an email to someone else, and almost every tell-a-friend script I considered had a message field, allowing the sender to add a comment about the page or site.

Let’s look at how tell-a-friend forms are often abused. Once we do that, well look at some options to help reduce that, then a great solution.

Joe Spamsender wants to SPAM as many people as he can today, but his current domain has been shut down due to terms of service violations with his Web host. While waiting for the next site or sites to become active, he finds sites with tell-a-friend forms, and sends message after message after message to all sorts of people using a legitimate site.

When Jill and Bob get home from work that evening, they open their email and see they have 10 emails from Bob’s Do-It-Yourself Patio site. There’s a message, saying the email was sent from Bob’s Do-It-Yourself Patio site, giving the URL of a page to visit, as it’s something you were "talking about" with Joe Spamsender recently. Just below the default text, often entered by the site’s owner or Webmaster, is a custom message from Joe Spamsender. In the memo he is allowed to send, he enters gibberish text, or, if you’re lucky, perhaps it is random lines from various poems. Then there’s the mystery URL to follow.

While it’s nice Bob’s Do-It-Yourself Patio site had a tell-a-friend form available for site visitors, Jill and Bob are now cursing Bob and his site because of the SPAM, and may just add his email address to their SPAM filters because of the SPAM they just received.

In reality, it wasn’t Bob that sent the information. Looking at it from the perspective of the SPAM recipient, Bob may have sent the SPAM himself. Jill and Bob don’t care who sent it. They are angry.

After considering the problem with most tell-a-friend forms for about three or four years now, there’s a few things I figured out were needed. First, most of the forms available, including many of the scripts, and most of the JavaScript tell-a-friend forms, especially, can allow content to be "injected" or added fairly easily. Okay, let’s explain this one a little.

Let’s say you visit Bob’s Do-It-Yourself Patio site tonight. You find a page you want to send to a friend, but you want to add a note, telling your friend that the idea on the page is what you want to do for your in-laws, and asking if your friend could help. Because Bob’s form has been abused in the past by Joe Spamsender, Bob deleted the field in the form that allowed a custom message to be added.

That’s great, but someone who knows what they are doing, takes a few seconds to check the source code, can find out what script is being used, and sometimes find a quick way to add custom content in spite of Bob’s efforts to not allow anything to be added. This is especially true of JavaScript forms.

The first thing needed is something fairly secure. The second thing you need is a form that has a reply-to field, or, you could use the email address for the site. I don’t like that idea, so the reply-to field is the email address used by the person using the form. Next is the sender’s name, the recipient’s name, and the recipient’s email address. All of this is standard, right? So far it is.

When someone contacts you, telling you a form has been used to send SPAM or for harassment, and your procedures are followed, you need to take action to ensure the person who sent the SPAM or harassing message is stopped, at least to the best of your ability. You have control over your domain, so get out your .htaccess file and block the person using the last know IP address. Check your server logs, too, to spot specific information, if possible, about the person. Maybe they have an identifier in their browser, such as a custom comment. If so, try to find the best way to block their access to your site, and when you block them, add a custom message to display, such as: Gotcha, fool! or Stopped ya, fool!

Remember, it’s your site, your domain, and your money going down the drain. More importantly, if your domain’s email accounts get blacklisted because of those imbecilic senders of SPAM, it will happen because you didn’t take action. Just because you have a site on the Web does not mean you need to allow access to all. Just like you use locks on your home and vehicle to keep people out who don’t belong, the same principle holds true for your home on the ‘Net.

Here’s the next part. The is no comment or memo field, and the form is not a JavaScript form.

When the form is sent, there’s a pre-formatted message that is sent. It says something like:

Dear {recipient_name}:

This email is being sent by {sender_name}, who gave an email address of {sender_email}, and {sender_name} wanted to share information at {site_name} with you.

{sender_name} read {title} and wanted to share it with you. A summary of it is:

{excerpt}

You may find {title} at {URI}.

NOTE: This message has been sent from {site_name} as a service to site visitors. If you believe this is SPAM or that you are being harassed, please copy the full contents of this email and send it to us by pasting the contents into our contact form at: {contact_form_uri}.

{sender_IP}: 000.000.000.000

{sent_date}: 2007-05-19

{sent_time}: 16:23:22T-0600

{other_captured_data}:

Earlier this year, in the [2] testing I was doing, we considered a few tell-a-friend forms, eventually eliminating them. One, though, [4] WP-Email, by Lester Chan, was still being considered, even though it wasn’t exactly what we wanted. What we figured we would do was find someone who could tweak the coding, or use the WP-Email plugin to help create a new tell-a-friend form from scratch.

We had already tested and adopted [5] cForms, a terrific and powerful contact form. In fact, it’s so powerful and capable, in the early stages of testing it, cForms seemed a little overpowering, even to the point of being industrial-strength. That isn’t a bad thing, though.

After we created a few test forms, cForms didn’t seem overpowering or too strong, at all. There are still some features, I’m sure, that we’re not (yet, anyway) using to the fullest possible potential, but once the site’s live, yes, things will be working to that level.

At one point in our testing though, after doing an upgrade of cForms, the captcha field was no longer displaying its text. If you’re not familiar with the term captcha, you’re most likely familiar with captcha, in use. Captcha is an acronym meaning, Completely Automated Public Turing Test to Tell Computers and Humans Apart.

Wow! That’s a mouthful, but it really isn’t clear what it is, right? No problem. The simple definition is that it is that funny box, often rectangular or square, but it can be any shape, any size, and has a variety of patterns and often displays in a variety of colors. In the box are letters or numbers or a combination of letters and numbers, often with scratch marks and lines near and over the text. It’s designed to make it near-impossible for image scanners to accurately "read" and then enter the displayed combination in the text field. That text field is the "verification" sites use for things such as allowing you to login, create an account, post a message, make a payment, and other things.

When the captcha text disappeared, I posted a note on the [6] cForms support forum, asking for guidance in fixing the problem. The developer, Oliver Seidel, replied on the forum, then, after a few exchanges, contacted me via email. He worked in the backend of the site, trying to figure out what happened and why.

About 30 minutes after he had been granted administrator privileges for the site, he told me he solved the issue. It seems the [4] WP-Email plugin we were using, WP-Email 2.20, a beta product, was causing a conflict.

Oliver said he would try to resolve the issue, which he identified in full, and then notified WP-Email’s developer, Lester Chan, about it. I’m not sure what Lester will be doing with WP-Email and the conflict, but Oliver suggested I roll back to using WP-Email 2.11, the stable release of the product.

For a variety of reasons, including the fact that WP-Email had one extra feature that really sold us on using it, we didn’t want to use WP-Email 2.11, and I explained that to Oliver. That prompted another discussion.

After three days of email exchanges, Oliver sent me an alpha version of cForms 5.4. Alpha versions of development — pre-beta releases. Betas are basically "stable" products that are being considered for release. I’ve been alpha- and beta-testing for almost 20 years, so I backed up my database, installed and activated cForms 5.4 alpha, and went to work.

Oliver had added a tell-a-friend form added to his successful cForms plugin! This was terrific, unexpected, and amazing.

I sat back, installing and activating it on several test sites, and went to work. While I did have a few challenges at first –  all of which have been resolved, and Oliver has also added a significant amount of documentation to the HELP section of cForms, it was ready for release.

cForms 5.4 came out about a week or two ago, and I’ve been tweaking a tell-a-friend form — using it, sending several messages, checking to see it is exactly what I want, and tweaking it a little more another day. When I’m satisfied with the form I create, since I am no rush, I will add it to this site, as well as others I maintain.

One of the great things about cForms is that once you create a form, figure out exactly what you want, you can back up that individual form to a text file and save it on your computer. That form can then be used on any site you want. The only changes you may need to make are those where you use a site’s name in the form, such as in an error message that you can add, or the email address you want the form to use. Past that, all you do is add an already created form by browsing to the directory where you have stored the backup form, click the Update Settings button, and you’re done.

Creating a new form, either a contact form or a tell-a-friend form, in cForms is relatively simple to do. Adding in additional features, including the use of RegEx (regular expressions) to toss in some additional functionality, isn’t overwhelming, either. If you’re new to using RegEx, Oliver’s provided information in the HELP section of cForms to get you started, and provides links to a few sites to get you working like a pro in no time.

My best bet for a contact form and tell-a-friend form for WordPress? Hands down, it’s [5] cForms from [7] DeliciousDays.com.

If you're new here, you may want to subscribe to my [8] RSS feed. Thanks for visiting!

If you enjoyed this post, make sure you [8] subscribe to my RSS feed!