Hi @sandy
I’m interested in knowing PHP vs HTML.
Simply change the page type from HTML to PHP in the page settings. PHP is required for server side operations like in this instance where the visitor’s IP number is captured. Obviously it can become a lot more complicated but that’s the reason in a nutshell.
The page will look and behave exactly the same way otherwise. The only caveat is that you might be advised to set up a 301 redirect to the new page example.php if the current one has been there for a while. This would be done to avoid 404 errors.
1 Like
I tend to think Captcha just annoys the visitor when done badly and I hate those sites with the stupid pictures, where you have to click on the cars or traffic lights repeatedly. There is a good chance you have DKIM and SPF already added by your web host or it may just require a one click selection to enable in cPanel, which goes some way towards ensuring your own emails don’t end up in the recipient’s junk folder.
DMARC is a little more complex in that it relies on the others as a point of reference and basically stops spammers from spoofing your email address. This is enabled by a simple one line header in the zone editor for the DNS settings and stops all those annoying emails that appear to come from yourself at a stroke. Never allow catchall email addresses either, because that is just asking for trouble.
I’ve been a beta tester of SpamSieve since 2002 and nowadays I see no more than one or two spam messages hit my inbox per month with six active addresses. My main business email address set up three years ago has only received one spam message in all that time and that was caught on the server, so it is possible to drastically reduce the annoyance of spam, especially if you create a new address, where everything is done properly from the start.
2 Likes
How totally true! Repeatedly is an understatement, especially with the google captions. So often my selection is not recognised over and over again. Then those pictures that show the tiniest fraction of the requested image category – and one never knows shall I include this or not? Annoying and only necessary for those who need the perception of feeling secure if the image capture is there. Google’s image capture is that Google knows that you are still “above ground”. 
Thanks Flashman for elaborating.
I’m recalling that my webhost adjusted the DKIM and SPF when I was receiving spoofing emails…they did this without my instructing them, as their remedy to the issue, as I wouldn’t have known to do it on my own, nor know to ask for it.
DMARC was not mentioned at that time by them, so perhaps I will follow up with them to inquire further. Thanks!
There are two options for SPF. One restricts usage to your server only and that is the one you want.
DMARC is a slightly more recent development, however it’s been around for a few years now. I have mine set to the strictest level, so the SPF and DKIM must match the IP of my server or take a flying leap with a categoric rejection.
v=DMARC1; p=reject; fo=0; adkim=r; aspf=r; pct=100; sp=reject
There are alternatives to this header that will send you annoying reports of failed spammer messages or with a more lax criteria, but this does the job effectively in the background. I first did this for myself and found it so useful that I started enabling it for clients using my server hosting after building them a site.
Another bonus of taking these steps is that it greatly enhances the deliverability of your legitimate emails, so they are not incorrectly sent to spam folders. Meanwhile the likes of Gmail etc will simply reject anything that doesn’t pass DMARC.
These are all mini steps that take just a few minutes and make your life less stressful, while enhancing the reputation of your domain. After a while the spammers will find it doesn’t work with your email and move on to other targets.
1 Like
Hi again Flashman…and once again thanks for your efforts to explain in detail. I’ve contacted my webhost, and they clarified that they also set the DMARC to the “strictest” level, too. So, all the setting appear to be as you suggested…
You can verify that if you like at DMARC Check Tool - Domain Message Authentication Reporting & Conformance Lookup - MxToolBox
Also try sending an email from your address to a gmail address, then check the mail headers on the received email. It should say that it passes DMARC.
1 Like
That’s an odd way of doing it, because it doesn’t reference either SPF or DKIM. In other words it could fail both, but still pass DMARC in theory, making it meaningless from what I can tell.
Do you ever receive spam emails that appear to come from your own address? If so, that is failing.
I do on occasion. Do you suggest I send the setting you recommend to my webhost and ask them to set it up that way?
Your DKIM and SPF records appear to be valid from some checks I just ran, so I think you could go back to them and point out that the current DMARC rule is not blocking spammers from spoofing your email address, then ask them to try my solution.
Afterwards you should verify it and obviously send test emails to make sure it was working as expected. If you have access to the zone editor in cPanel you could do it yourself by simply editing the value in the _dmarc txt entry.
Thanks Flashman – They had no objection to making the changes you suggested, and did so, and I then did a test email from my website contact page and received it successfully, which is the most important test. I appreciate all your guidance on this issue… 
follow up…I did locate the Zone Editor in my cPanel, and do see the ‘txt’ column, and see that it is filled with a very long string of text. What should it read as?
It shows: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD…(plus a many more charactors)
thanks again…
DKIM has a very long code, which is specific to the domain and that is set up correctly from what I can tell. There should also be entries for SPF and for _dmarc with that single line of text. I can’t tell how your web host has things set up though in terms of access to the zone editor.
It can take a while for changes to propagate, but it checks out properly now on that test site, so it should be fine. If you have a Gmail address, try sending an email there from your domain email. If there is a problem it will bounce back, as would be the case with a spammer, otherwise it will come through and the header information should indicate passes for DKIM, SPF and DMARC. At that point you are all set.
There is an explanation of DMARC here DMARC - Wikipedia
1 Like
You’re awesome…thanks for taking the time to educate me on this matter! 
Hello @Flashman - I am so glad to have come across this thread and your post. I am faced with the same dilemma as the OP. I’m glad to learn that I can change the IDs of the fields so that they are more meaningful when the email is received.
I’ve posted about the problem I am having in this thread:-
I will really appreciate your help.
If a user fills-in a form and one of the fields requests for his or her email, is it possible to send a copy of that email to the user too using a specific from email address?
As far as I know this is not possible with a simple Blocs contact form, however it may be possible with a custom script. One point I would make is that a solution of this type sounds ripe for exploitation by spammers.
1 Like
Hi @Flashman - thank you for letting me know about the potential spam problem, I think I’ll avoid that for now.
In terms of presenting the sent email in a slightly better way, I was able to make some simple changes to the PHP code to enable that. Feel free to provide further input 