OK, Using a php script I made a Form Mailer that if you link properly it will mail the form to you, here is an example:

<Form action='http://www.stophon4.com/mail/mail.php' method='post'>
<INPUT type='hidden' Name='Email' Value='youremail@yourdomain.com'>
<INPUT type='hidden' Name='Subject' Value='Form Response'>
<INPUT type='hidden' Name='Redirect' Value='http://stophon4.com'>
<INPUT type='Submit' Name='Submit' Value='Submit'>
</form>

Now my simple code will email all of that form to youremail@yourdomain.com.
Here is what it would return:

Email = youremail@yourdomain.com
Subject = Form Response
Redirect = http://stophon4.com
Submit = Submit

Now you could easily add another form INPUT and it would be added to the email, the ones above are just the required ones, and if you test that out it will work perfectly including the redirect and email and everything.

Now I dont know if you understand this now, but if you write a form anywhere it will be mailed to you as long as you have internet, so anybody can use the form mailer.

But, do you think this is a good idea? I couldn't decide whether to leave the script up or take it down...

Do you think it would be abused?
Would it take up excessive bandwidth (more then 10 gigs a month)?
Any Comments?
http://www.stophon4.com/mail/index.htm

Should be able to handle around 250000 emails a month with that bandwidth...

Kool, So you think it's a good idea?

Kool, So you think it's a good idea?

Yes, I do.

OK, then I'll keep it up, and feel free to use it!

I wouldn't leave it 'open for all' if I was you. The nasties of the web, spammers, will hijack this and give your site a bad reputation. Don't have an input field with the email in, this can be changed easily by anyone

Well I will make it search for any words that could mean anything bad, so that people can't do anything nasty. Spamming? Yes people might use it for that, I'm sure their is a way I can limit how many forms come from one site...
And what do you mean by hijack?
And the form is for the email, so that is not a problem...

Please be much more detailed...
This concerns me...

From your form, I can send out mass emails to thousands of people, over and over and over again, I can create a constant loop. May cause the mail server to crash, may cause your site to be suspended for abuse, etc. All that is possible from the form you've shown.

Make users sign-up and give them a unique id, this will prevent anyone and everyone abusing a form.
Make it so the email address is never shown. Put it in a variable. If it's shown, it can be abused.

Also, make sure you can ban users.

You can send thousands of emails?!

OMG! This is pretty bad...

Aright now when a user signs up they are given a random ID that is switched in a database to the email, now I just have to create the sign up form...

I just though of something, what if I set Timout, so that a person could only send a form every 2 minutes from a domain, in that way people couldn't do never ending abuse of it :)


Think that would work?

Set a cookie on the users pc and also set a session as soon as the form is submitted. The session will disbale the use of another email temporarily and the cookie is just there to do the same thing. Using both might be best as if someone had cookies disabled, the sessions will still work. If the session or cookie exist, don't send the email, if they don't exist, send the email. I doubt a user would email someone every 2 mins, it's usually just a one-off thing, so even if ytou set the timeout to 30 mins, no one should notice it

Well the 2 mins will work so a person cant loop it continually...

And teh cookies sound like a good idea too...

OK, now it works like it did in the first place except only certain emails work (Only the ones that have been aproved by me, And it is almost fully automated for me aproving!), so people cant spam, the form will only mail to the emails on a list :)

Do you think that will work?

Yeah, that would work better, but I don't need to use it myself ;), got FormMail on my server...

Set a cookie on the users pc and also set a session as soon as the form is submitted. The session will disbale the use of another email temporarily and the cookie is just there to do the same thing. Using both might be best as if someone had cookies disabled, the sessions will still work. If the session or cookie exist, don't send the email, if they don't exist, send the email. I doubt a user would email someone every 2 mins, it's usually just a one-off thing, so even if ytou set the timeout to 30 mins, no one should notice it

not really sure if both a the cookie and the session are necessary, since a session variable will be passed as a cookie if they are enabled, and via the GET method if they aren't, adding a cookie into this mix as well is pretty redundant i reckon.