Hi - I’m testing my Blocs built website email Form, and when I send a message to myself from my ‘private’ blocs built website, the email arrives and is formatted as shown in this below screen capture:
How can I get my Blocs built website email Form to deliver me emails that look like my Muse built emails? One of the nice things about the Muse email Form is that it provides the IP address of the sender…which comes in handy when I need to block spammers…
FYI, both of these emails arrived from the same host server, too…
Easy solution to that one. Click on the form, then locate the input field, so that would be the white areas you see below the labels for name etc. Look in the side panel on the right hand side at the very top where it says Field and change the ID to whatever you like.
After a fresh upload your emails should come through with the right labels. The only caveat here is that Blocs won’t allow multiple items to share the same ID, so if you had a website with half a dozen forms you might need to rename those to something like name: or name- etc. I wish there was a way around that for forms.
There was a previous request to add an IP number with forms and I thought @Norm was going to add it, but I can’t see anything right now. I know it sounds unlikely, but I never receive spam through contact forms, despite taking no measures to stop it with captcha etc and I’m wondering why some are inundated with this.
I have a strict setup for DKIM, SPF and Dmarc in addition to using CloudFlare on my main sites. That all helps reduce general spam, but shouldn’t be a factor here, unless CloudFlare is doing all the work.
The IP request is still desired…as I do receive spam from marketers within my profession, and from tons of SEO or website marketers, and when I block their IP address it has a positive impact on reducing them.
I don’t use Captcha, as I’ve found it fussy to set up…the rest of your wise ideas are way beyond my knowledge (I don’t know what they are) or my ability to set up or make good use of, but thanks for mentioning them. I only have my one website, and I am not a developer…just a single site blocs user with one contact form!
good tips @Flashman as usual @DanielF for the IP address I use a very simple solution, but it only works if your site is PHP.
Standart in Blocs your site is HTML, but in the page setting you can change it to PHP.
Test your webform if it still work with some test mails, ( running on the remote server offcours )
Then go to your email form, we are going to create a hidden input field: place a html widget somewhere in between your input fields
Simply change the page type from HTML to PHP in the page settings. PHP is required for server side operations like in this instance where the visitor’s IP number is captured. Obviously it can become a lot more complicated but that’s the reason in a nutshell.
The page will look and behave exactly the same way otherwise. The only caveat is that you might be advised to set up a 301 redirect to the new page example.php if the current one has been there for a while. This would be done to avoid 404 errors.
I tend to think Captcha just annoys the visitor when done badly and I hate those sites with the stupid pictures, where you have to click on the cars or traffic lights repeatedly. There is a good chance you have DKIM and SPF already added by your web host or it may just require a one click selection to enable in cPanel, which goes some way towards ensuring your own emails don’t end up in the recipient’s junk folder.
DMARC is a little more complex in that it relies on the others as a point of reference and basically stops spammers from spoofing your email address. This is enabled by a simple one line header in the zone editor for the DNS settings and stops all those annoying emails that appear to come from yourself at a stroke. Never allow catchall email addresses either, because that is just asking for trouble.
I’ve been a beta tester of SpamSieve since 2002 and nowadays I see no more than one or two spam messages hit my inbox per month with six active addresses. My main business email address set up three years ago has only received one spam message in all that time and that was caught on the server, so it is possible to drastically reduce the annoyance of spam, especially if you create a new address, where everything is done properly from the start.
How totally true! Repeatedly is an understatement, especially with the google captions. So often my selection is not recognised over and over again. Then those pictures that show the tiniest fraction of the requested image category – and one never knows shall I include this or not? Annoying and only necessary for those who need the perception of feeling secure if the image capture is there. Google’s image capture is that Google knows that you are still “above ground”.
I’m recalling that my webhost adjusted the DKIM and SPF when I was receiving spoofing emails…they did this without my instructing them, as their remedy to the issue, as I wouldn’t have known to do it on my own, nor know to ask for it.
DMARC was not mentioned at that time by them, so perhaps I will follow up with them to inquire further. Thanks!
There are two options for SPF. One restricts usage to your server only and that is the one you want.
DMARC is a slightly more recent development, however it’s been around for a few years now. I have mine set to the strictest level, so the SPF and DKIM must match the IP of my server or take a flying leap with a categoric rejection.
There are alternatives to this header that will send you annoying reports of failed spammer messages or with a more lax criteria, but this does the job effectively in the background. I first did this for myself and found it so useful that I started enabling it for clients using my server hosting after building them a site.
Another bonus of taking these steps is that it greatly enhances the deliverability of your legitimate emails, so they are not incorrectly sent to spam folders. Meanwhile the likes of Gmail etc will simply reject anything that doesn’t pass DMARC.
These are all mini steps that take just a few minutes and make your life less stressful, while enhancing the reputation of your domain. After a while the spammers will find it doesn’t work with your email and move on to other targets.
Hi again Flashman…and once again thanks for your efforts to explain in detail. I’ve contacted my webhost, and they clarified that they also set the DMARC to the “strictest” level, too. So, all the setting appear to be as you suggested…
That’s an odd way of doing it, because it doesn’t reference either SPF or DKIM. In other words it could fail both, but still pass DMARC in theory, making it meaningless from what I can tell.
Do you ever receive spam emails that appear to come from your own address? If so, that is failing.
Your DKIM and SPF records appear to be valid from some checks I just ran, so I think you could go back to them and point out that the current DMARC rule is not blocking spammers from spoofing your email address, then ask them to try my solution.
Afterwards you should verify it and obviously send test emails to make sure it was working as expected. If you have access to the zone editor in cPanel you could do it yourself by simply editing the value in the _dmarc txt entry.
Thanks Flashman – They had no objection to making the changes you suggested, and did so, and I then did a test email from my website contact page and received it successfully, which is the most important test. I appreciate all your guidance on this issue…
follow up…I did locate the Zone Editor in my cPanel, and do see the ‘txt’ column, and see that it is filled with a very long string of text. What should it read as?
It shows: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNAD…(plus a many more charactors)
DKIM has a very long code, which is specific to the domain and that is set up correctly from what I can tell. There should also be entries for SPF and for _dmarc with that single line of text. I can’t tell how your web host has things set up though in terms of access to the zone editor.
It can take a while for changes to propagate, but it checks out properly now on that test site, so it should be fine. If you have a Gmail address, try sending an email there from your domain email. If there is a problem it will bounce back, as would be the case with a spammer, otherwise it will come through and the header information should indicate passes for DKIM, SPF and DMARC. At that point you are all set.
