FormMail - Using CDONTS on GoDaddy

Form mail provides a way for people to contact you without making your email address visible to spammers.

The html form allows people to enter a message
When submit is pressed, a program on the server sends the message as an email

There are several types of server programs

Those that call sendmail directly - common on Linux systems, not allowed on GoDaddy
Those that format a text file that a robot reads to generate the email - GoDaddy's gdform.asp
Those that use Microsoft's IIS via CDONTS

Note: In Internet Information Services (IIS), Simple Mail Transfer Protocol (SMTP) service must be enabled and configured in order to use CDONTS.

This page is related to sending form mail using a GoDaddy account, but most of this data can be used at other ISP's.

GoDaddy's example script | CDONTS.NewMail Object
CDONTS_MailForm.asp - objMail.To objMail.From Spam Protection
Sending Attachments | Advantages | IIS 7

GoDaddy's example script

GoDaddy provides the following example CDONTS script - but it does not work. (I wrote this section 02-13-08, it was apparently fixed 05-21-08.)

<
from = request.form("from")
email = request.form("to")
body = request.form("body")
subject = request.form("subject")
>

<
Dim objMail
Set objMail = Server.CreateObject("CDONTS.NewMail")
objMail.From = from
objMail.Subject = subject
objMail.To = email
objMail.Body = body
objMail.Send

Response.redirect "thankyou.asp" <- auto-redirection
'You must always do this with CDONTS.
Set objMail = Nothing
>

These are the main problems

Code blocks must be contained in <% .. %> not < .. >
The comment after thankyou.asp MUST start with a single quote
There is no address validation

This is a much better example

<%
from    = request.form("from")
body    = request.form("body")
subject = request.form("subject")

body = "From: " & from & vbCRLF & vbCRLF & body

Dim objMail
Set objMail = Server.CreateObject("CDONTS.NewMail")
objMail.To      = "YourEmail@somewhere.com" ' hardcode this
objMail.From    = "dummyAddress@abc.com"    ' hardcode this
objMail.Subject = subject
objMail.Body    = body
objMail.Send

Response.redirect "thankyou.asp" ' <- auto-redirection
'You must always do this with CDONTS.
Set objMail = Nothing
%>

CDONTS.NewMail Object

CDONTS.NewMail is a Microsoft product, for basic help see - NewMail Object (CDONTS Library)

The properties to, cc, and bcc each allow you to include one or more email addresses - multiple addresses are separated by semicolons.

objMail.To = "useraddress@example.com"
objMail.To = "user1@example.com;user2@example.com;user3@example.com"

If the From address is badly formed, then the mail does not go ... and there is no error. Your code MUST validate the address or use a dummy address.

objMail.From = "useraddress@example.com"             ' good
objMail.From = "Just any text"                       ' fails - not a valid address
objMail.From = "user1@example.com;user2@example.com" ' fails - semicolon not allowed

CDONTS_MailForm.asp

This is the file I wrote ... with the to address obscured (to reduce spam) - the from address is just a dummy address that is correctly formatted.

<%
'   CDONTS_MailForm.asp
'
'  02-13-08 started - by R Clemenzi
'

' This only works with "post" html forms

' read form variables

from     = request.form("FromAddress")' optional field
body     = request.form("body")       ' what the person types
subject  = request.form("subject")    ' from a hidden field
redirect = request.form("redirect")   ' from a hidden field
from_url = request.form("a_url")      ' from a hidden field
ref_url  = request.form("ref_url")    ' from a hidden field
value    = request.form("val")        ' from a hidden field - spam protection

if value <> "pen" then Response.redirect "404_NotFound.html" ' quit if invalid submission

if subject = "" then subject = "[mc-computing] null subject"

if from <> "" then  body = "From: " & from & vbCRLF & vbCRLF & body

body = body & vbCRLF & vbCRLF & "url: " & from_url

body = body & vbCRLF & vbCRLF & "url: " & ref_url

' send the email

Dim objMail
Set objMail = Server.CreateObject("CDONTS.NewMail")

objMail.To      = "someone@anywhere.com" ' always hard code this to hide from spammers
objMail.From    = "dummy_address@xx.com" ' too hard to validate
objMail.Subject = subject
objMail.Body    = body
objMail.Send

Set objMail = Nothing  'You must always do this with CDONTS

if redirect = "" then redirect = "Feedback_Done.html"
Response.redirect redirect          ' next page the user sees

%>

objMail.To

The address the email is sent to should always be read from the server ... never from the html form. In this example, it is hard coded - be sure to change this if you use this code.

objMail.To = "someone@anywhere.com" ' always hard code this to hide from spammers

objMail.From

CDONTS is very picky, if objMail.From is not a validly formatted email address (the address does not have to actually exist, it just needs a valid format), then CDONTS will not send the email. There are no warnings, no failure codes, there is simply no email.

In addition, the "rules" are not published on the Microsoft web site ... except to say that semicolons are not allowed.

As a result, I decided to simply hardcode a "valid" (but fake) address and to include what the user typed in the body of the message.

objMail.From = "dummy_address@xx.com" ' too hard to validate

The following code reads what the user typed and, if it is not blank, simply adds it to the beginning of the message.

from = request.form("FromAddress") ' optional field

if from <> "" then  body = "From: " & from & vbCRLF & vbCRLF & body

Spam Protection

These lines are used to reduce the probability of getting spam via this script. You should change the field name and the test string.

value = request.form("val") ' from a hidden field - spam protection

if value <> "pen" then Response.redirect "404_NotFound.html" ' quit if invalid submission

The following all produce - HTTP 500 - Internal server error

if value <> "pen" then return
if value <> "pen" then request.end
if value <> "pen" then exit
if value <> "pen" then exit sub
if value <> "pen" then Server.Transfer "404_NotFound.html"

Therefore I decided to use the following which produces - Page Not Found

if value <> "pen" then Response.redirect "404_NotFound.html"

In addition, you should use a unique filename for this script - perhaps, just add your initials - so that it is harder for spammers to hit lots of accounts.

Sending Attachments

FYI - I have not tried this - How To Send an Attachment in ASP Using CDONTS and the Posting Acceptor

Advantages

There are several reasons that I prefer CDONTS_MailForm.asp over gdform.asp

In a form, people type comments in a textarea field - gdform.asp removes all the returns, but CDONTS_MailForm.asp leaves them in.
Mail sent using CDONTS_MailForm.asp appears to go immediately, with gdform.asp, it is sent once every five minutes or so. This is not really a big deal, but it does make testing faster.

The availability of CDONTS is the first good reason I've seen for picking Windows over Linux for a web server. Unfortunately, Microsoft has announced that future products will NOT support this ... the new version is CDOSYS. The examples above should work if you change

Set objMail  = Server.CreateObject("CDONTS.NewMail")
objMail.Body = body

Set objMail      = Server.CreateObject("CDO.Message")
objMail.TextBody = body

But I have not tested that ... yet.

IIS 7

As of 03-01-12, the GoDaddy CDONTS help page says

NOTE: This script will not work on Windows® hosting plans running IIS 7.

According to GoDaddy, my site is still using IIS 6.0 .. but CDONTS no longer works. I can't help but wonder. At Using Windows Hosting Form Mailers, the expanded gdform.asp help says

WARNING: As of October 29th, 2008, gdform.asp is no longer offered on Windows shared hosting accounts. If your account does not have gdform.asp, these instructions will not work.

Author: Robert Clemenzi