WordPress, contact forms, & the smoking gun

WordPress, contact forms, & the smoking gun

Website contact forms lead owners into dangerous territory for a variety of reasons, not least of which is that it is the first port of call for “bots” or even a plain old mischievous pair of hands to infiltrate.

The problem with contact forms is that there is no measure to report the kind of problem which is so troublesome. Contact forms can seemingly be operating fine for months, and users assume that the reason why the contact form is quiet is because the website is quiet. There is, however, a darker reason.

More often than not, the contact form is being used, but the website owner receives nothing.

There is a pattern in this. Firstly, if contact forms were really that unreliable, people would not use them. The truth is that well designed and widely subscribed plugins do their job very well. Secondly, email usually leaves the website in tact. We know this, because emails that fall over at the website are invariably well documented and reported to both sender and receiver. Thirdly, the problem more often than not coincides with GMail, Live (Hotmail), Yahoo, and other bulk email services that small business users operate to keep costs down and it is here, at the perimeter of the website owner’s provider, where the smoking gun smoulders.

By way of illustration, this portrays how Microsoft’s Exchange Online service manages incoming email. GMail and other providers will use similar processes.

antiV_800

 

Users might be surprised at the scale of the processes illustrated. Notably the flowchart focuses on the recipient’s services. For example, a successfully delivered email must tranist 17 different tests to reach a recipient once it reaches the end user’s supplier. This is partly because there is scope of end users in this kind of system to manually update their own needs in the filtering system. Gmail etc. will use similar approaches, but critically their tools for customising end user needs ranges from minimal to none. When an email is sent from a WordPress contact form plugin, the email is already authenticated, so it does not go through a testing process. It just “goes”, and the conduct for the handling of the email really falls to other parties from this point. At the other end, it only takes a few emails – as few as 3 or 4 within the space of a day at Hotmail – to trigger a block at the first evaluation. When this happens, end users do not even get notice by way of delivery to their own spam box.

Contact form email outages pose serious commercial risks to owners: site visitors assume the email got through and nobody cares, or in cases where contact forms support event calendaring or tangible purchases, the consequences can be terminal for organisers or sellers. Whatever the purpose of the form, the reputational damage for an otherwise efficient back office is difficult to lift once the damage is done, and as long as users rely on free email services, there is not much that website designers and network engineers can do to circumvent issues which unfortunately tends to lead to misplaced attitudes towards the IT provisioners. The answer lies in email, upgrading services, and just as importantly managing associated email services to keep email addresses “clean”.

Contact forms are so widely used because publishing an email address in recognisable characters on a web page or blog is the easiest way to get the email address into the open for abuse. Contact forms mask the website owner’s email address so that it is invisible to public scrutiny. Some will argue that their inboxes are well managed by, for instance, GMail, so that spam is not an issue for them. However this is dangerous territory. Once an email address is in the open, it becomes one of the very metrics that security services establish to measure the veracity of email, and apart from customers spamming your own “contaminated” email, it is not unknown for site owner’s contact forms to lose functionality because the owner’s own antivirus tools have blacklisted the very email address the owner relies on.

Once, users could rely on freely available services like GMail, Yahoo, Hotmail, etc. There is a widening gap, however, between the reliability of email traffic delivered to “subscription” users who are given dedicated email services and tools (e.g. configurable antivirus/spam and even “connectors” which effectively tunnel emails between trading partners or configured resources like contact forms) and “free” services, whose solutions are provided “as is” and which do not provide adequate tools for customisation of email services.

Others point to social media, which is fine if everybody subscribes to Facebook, for example.. Really, businesses need a minimum variety of contact points, and contact forms are not easily left out of the solution.

Hard pressed web site owners might also remember the days when people just picked up the phone and called someone. True. One reason we use the web, though, is to reach a geographically broader audience, and some network engineers would argue that people actually do call – at 4:00am!

It is frustrating for users on the one hand that advances in web authoring tools like WordPress empower small business users, while the increasing complexities of email and other technologies still make it difficult for those same users to compete on an even playing field with larger organisations. Small business solutions are still judged to the same standard that large organisations enjoy, albeit with hefty investments. Although some users rely on freely available niche providers, some of whom are pretty good, the question looms – how long can a loss sustaining business model last in the first place, and what happens if it goes down, taking an end user’s services with it?

In terms of email, the idea of a two-tier “Internet” is already here. The good news for small businesses who are committed to online services is that solutions like Exchange Online are available at a fraction of the price that corporates and government departments have paid over the last two decades to produce these services. Exchange Online starts at £2.50 per month, for instance although it still needs some professional support to pull all the leavers.

In a world of choice, website owners can continue to persevere with freely available email and many will, partly because they do not know their email provider is trashing their contact form email. In this case, though, their Gmail account is not serving much purpose, either.

For advice with issues about contact forms, please contact either Fred Dreiling or Steve Galloway using our contact page.

Shared Contacts

When you use Microsoft Office Outlook 2007 or higher with a Microsoft Exchange account, contacts can be shared. You can create additional contacts folders and choose which of those folders to share. For example, you can create a contacts folder for a specific project and share it with your coworkers. Optionally, you can grant them permission to modify the contacts.

Note: Any message, contact, or task in Outlook can be marked private so that others don’t see the item in shared folder.

Contact sharing works through sharing invitation and sharing request e-mail messages. Sharing invitations offer the recipient access to your contacts folder. When you send a sharing invitation for your default Contacts folder, you can request access to the recipient’s default Contacts folder.