FormMail is a very popular method of emailing the contents of a form to a user. It is relatively easy to set up and does its job well. However, one thing about FormMail is the numerous exploits that have come about since its use. Spammers have found security holes in previous versions and this allows them to send mail through whatever server the account is set up on. Since we have a very strict anti spam policy, we cannot allow our users to use their own FormMail scripts. We ask that you use the server-wide FormMail script. This way, if there are any exploits found on this version of FormMail, you will not be held accountable. We periodically check the servers for insecure FormMail scripts.

One drawback of using the server-wide FormMail script, is that you must send the contents of the form to an address that is on your domain name. If for, for some reason, you need the mail sent to an off site email address, you can set up an E-Mail Forwarder to forward any mail to a particular address to your off-site email address. You would then use the forwarder address as your recipient in your form.

If you already have scripts that utilize formmail, you will need to change them so that the ACTION parameter in the FORM tag to read as


If you are familiar with Matt’s FormMail script, most of the options that are available in that FormMail are available in the server-wide formmail. However, our frommail script is highly secure.

All you need to setup formmail, is to create your form. A very simple form might look like:

<FORM NAME="test" ACTION="/cgi-sys/" METHOD="POST">
<INPUT TYPE="hidden" NAME="recipient" VALUE="">
Enter your Name: <INPUT TYPE="text" NAME="name"><br>

The only real required tag needed in order to get FormMail to work properly is the ACTION=/cgi-sys/ and <INPUT TYPE=”hidden” NAME=”recipient” VALUE=””>. Where is an email address you have set up on your domain.

Another example of FormMail, which utilizes more of the special features is listed below:

<FORM NAME="test" ACTION="/cgi-sys/" METHOD="POST">
<INPUT TYPE="hidden" NAME="recipient" VALUE="">
<INPUT TYPE="hidden" NAME="subject" VALUE="This is a test form">
<INPUT TYPE="hidden" NAME="redirect" VALUE="">
<INPUT TYPE="hidden" NAME="required" VALUE="email,realname">
E-Mail Address: <INPUT TYPE="text" NAME="email"><br>
Name: <INPUT TYPE="text" NAME="realname"><br>
Favorite Color: <INPUT TYPE="text" NAME="color"><br>

In this example, you will notice the same ACTION=”/cgi-sys/” and <INPUT TYPE=”hidden” NAME=”recipient” VALUE=””>. There are other INPUT TYPE=”hidden” types are are listed below:

  • subject — This defines what you want the subject of the email to be. Be sure to use the quotation marks if it is more than one word.
  • redirect — This defines what page you want the visitor to be taken to, after successfully completing the form. You will need to specify the full URL.
  • required — The parameter takes on a list of the required fields that must be filled out in order for the form to be processed.
  • email — This is considered a special parameter, because this is who the form will appear that it was sent from. This is useful, because in most email clients, you will be able to hit a Reply button and send a message back to this email address without having to type it in.
  • realname — This will appear along with the email parameter. Instead of the mail appearing to come from just the said email address, this name will appear to the email address. This allows for a more personalized touch when replying back to the address.

Again, these are not required to have a functioning form. The only requirements are that ACTION=”/cgi-sys/” is in your FORM tag and <INPUT TYPE=”hidden” NAME=”recipient” VALUE=””> is listed below the opening FORM tag.