Indiana University Bloomington

School of Informatics and Computing

CSG FAQ

Q: Is there a WWW form-to-email gateway available so I can send email from a web page?

Yes, we have a package called FormMail available on the CS Web server. For security reasons, the only allowable recipient addresses are email addresses in the @indiana.edu, @informatics.indiana.edu, @cs.indiana.edu, @extreme.indiana.edu, or @osl.iu.edu domains. In addition, the only allowable referers are www.cs.indiana.edu and www.informatics.indiana.edu so let us know if you need to use this from any other site.

The path to the cgi script is:

http://www.cs.indiana.edu/cgi-bin/CSFormMail.cgi

Here is a very simple html snippet that shows how you can use FormMail:


<FORM ACTION="http://www.cs.indiana.edu/cgi-bin/CSFormMail.cgi" METHOD=POST>

  <INPUT TYPE=hidden NAME="subject" VALUE="Mail from FormMail">
  <INPUT TYPE=hidden NAME="recipient" VALUE="YOUR_USERNAME_HERE@indiana.edu">
  <INPUT TYPE=hidden NAME="required" VALUE="email">

  Email Address: <BR>
  <INPUT TYPE=text NAME="email" SIZE=60>
  <BR>

  Comments: <BR>
  <TEXTAREA  NAME="Comments"  ROWS=6 COLS=60></TEXTAREA>.
  <BR>

  <INPUT TYPE=submit VALUE="Send Request">
  <INPUT TYPE=reset VALUE="Clear Entries">

</FORM>

You are urged to see the FormMail FAQ for all the details of using FormMail.

Also note that, by default, your form will be accessible by anyone so you can get anonymous email via this mechanism. There are a couple things you can do to prevent abuse. First, you can protect the page using the standard web-based access control mechanisms (by hostname/domain, with a password, and via network ID). You can also have the email include additional information about the sender of the email. For example, if you add the following to your FORM definition:


<INPUT TYPE=hidden NAME="env_report"
  VALUE="REMOTE_HOST,REMOTE_ADDR,REMOTE_USER,HTTP_USER_AGENT">

the email will include the values of these environment variables. This will tell you where the connection was made from (REMOTE_HOST,REMOTE_ADDR), the web browser used (HTTP_USER_AGENT), and if you are requiring authentication via network ID you will get the username of the sender (REMOTE_USER).



See an error in this FAQ entry? Please report it.

[Return to the FAQ index]