GoDaddy Mail Forms using
gdform.asp and gdform.php

gdform.asp (Windows) and gdform.php (Linux) are GoDaddy's suggested server-side programs for implementing form mail. In general, these work by Another program checks for the XML files (about once every 5 minutes) and sends the email.

gdform.asp | Configuring GoDaddy Email | textarea | BadGDFormMail | Spam Protection


All form based mail works by having an html form send data via named fields. When the submit button is pressed, the server-side script is called.

This is the most complete configuration help I could find. It contains an example form definition that you can modify. The only thing really missing from this help file is a simple statement that you can add as many fields as you want to your form - both hidden and user modifiable - and that all the data in these fields will be included in the email. You can even use a ComboBox (select field), Radio Buttons, and the like.

Though the help says that only post is supported, gdform.asp contains code to process both post and get.

The following special fields are not included in the body of the email message.

gdform.asp reads the form variables and places them in an XML-type file in a specific directory. Eventually (about every 10 or 15 minutes, depending on the system), another program reads these text files and creates the emails. This is the reason that gdform.asp only works in the root directory ... it always creates the special directory off the directory it is currently sitting in. But the robot only searches one specific directory per account.

Of course, experienced programmers can download and view the php (Linux) or asp (Windows) scripts and see that this is how they work ... but that is beyond most users.

Configuring GoDaddy Email

I host several sites with GoDaddy - the only complaint I have is that their help files are either worthless or extremely hard to find. There are also a few missing features I would like - such as form mail CAPTCHA's to help block spam. To install form mail, This only takes a few seconds, but it usually requires me 15 or 20 minutes to find where this is located ... that's one thing that better help would solve.

Once this is done, the basic procedure is very simple

To change the email To address, use the Hosting Control Center .. as explained above. Unfortunately, it only allows a single address for all the sites hosted on your account.

textarea Problem

Well, I did have a second complaint about GoDaddy (but that has been fixed by using CDONTS) - when gdform.asp is the backend and text is entered in the Comments textarea, all line feeds are removed. This makes messages very hard to read until you manually put them back. (After opening the email, I copy the message to notepad and manually add linefeeds - this is very irritating.) I tried several methods to fix this, but without success. It appears that the program that reads the XML file is causing the problem.

This is an example

This is the reason that I prefer using CDONTS. (Hey, it only took 2 years to solve this problem ... like I said, their help is a problem ... and what they had contained errors.)

Note: Linux systems do not have this problem even though gdform.php produces a similar xml-type file. Perhaps the parser works better.


Exploring with FTP, I discovered an undocumented directory - BadGDFormMail. In it I found several spam emails that had been sent via my form ... and one valid email.

I am not sure what the errors were ... these are all text files that have already been processed to remove the XML tags.

I can tell by the formatting that the spam files were NOT sent via the form. It appears that the script file was called directly.

Spam Protection

Your forms should always include at least one hidden field that is used to reject spam.

I have noticed that a lot of spam that comes via gdform.asp is lacking my custom fields. Since many GoDaddy sites use the same server-side script, with the same name, it appears that some spammers are just trying all the accounts and using the "standard" well known field names ... but not the custom names that I added to my pages.

So ... one way to reduce this type of spam is to intentionally add a hidden form field, with a name that you make up, and to test that it has the correct value. If it does not match, then the "email" is a fake and should not be sent.

The other thing you should do is to rename gdform.asp so that spammers can not find it without actually reading your pages.

Author: Robert Clemenzi
URL: http:// / ISPs / FormMail_gdform.html