Author Topic: Contact form  (Read 7651 times)

Offline Wanderer

  • Newbie
  • *
  • Posts: 35
    • Wanderer's RomCenter tools
Contact form
« on: June 21, 2015, 06:16:37 PM »
Hi.

Tried to communicate through the contact form but it seems the whole system has several issues.

First of all, even though the prompt of the description field says "please include as much detail as possible", i wonder how much detail can be squeezed in a total of 30 chars?!?!?! :D Yup, that's all you're allowed to type in this field!

Overcoming that, i managed to type a somewhat cryptic message but when i pressed send, even though the message seemed to be sent, in less than 2 minutes i received a notification in my mailbox that the message i sent from my mail account(!) was undelivered.  :o

I guess this functionality needs some checking.

P.S. The email message sending failed probably because of the fact that the destination address in invalid.
« Last Edit: June 21, 2015, 06:31:52 PM by Wanderer »



Offline Cassiel

  • Administrator
  • Hero Member
  • *****
  • Posts: 1574
    • Email
Re: Contact form
« Reply #1 on: June 22, 2015, 10:31:34 AM »
even though the prompt of the description field says "please include as much detail as possible", i wonder how much detail can be squeezed in a total of 30 chars?!?!?!

Ooops! Think this must be from when me had some server move issues a few weeks ago. @PandMonium, can you take a look at this please.


even though the message seemed to be sent, in less than 2 minutes i received a notification in my mailbox that the message i sent from my mail account(!) was undelivered.  :o

P.S. The email message sending failed probably because of the fact that the destination address in invalid.

Hmmm, I did receive your message though. You still have the 'undelivered' msg you could forward?

(BTW, I'm guessing you were notifiying that RomCenter (finaly!) has a beta out? Thanks for that. I did see actualy, but didnt want to post news until real version comes out.  :)  )

Offline Wanderer

  • Newbie
  • *
  • Posts: 35
    • Wanderer's RomCenter tools
Re: Contact form
« Reply #2 on: June 22, 2015, 05:16:37 PM »
Hmmm, I did receive your message though. You still have the 'undelivered' msg you could forward?

Yes i have it. I'll PM it to you.

(BTW, I'm guessing you were notifiying that RomCenter (finaly!) has a beta out? Thanks for that. I did see actualy, but didnt want to post news until real version comes out.  :)  )

Yes, that was my intention, however at the moment there is no point to do anything about it, since as Eric posted last night, he was in communication with his host to perform some updates on the server. The result is that as of this morning the site and the forum are down. Hopefully it will be back up very soon.

UPDATE: The site seems to be up, with SQL errors though, so...
« Last Edit: June 22, 2015, 05:23:57 PM by Wanderer »

Offline Cassiel

  • Administrator
  • Hero Member
  • *****
  • Posts: 1574
    • Email
Re: Contact form
« Reply #3 on: June 23, 2015, 01:23:00 PM »
Ah, looks like it's PandMonium's email account that's tripping the error.

@Pand
Have sent you the delivery report.

Thanks for reporting Wanderer!

Offline Wanderer

  • Newbie
  • *
  • Posts: 35
    • Wanderer's RomCenter tools
Re: Contact form
« Reply #4 on: June 23, 2015, 02:23:07 PM »
Ah, looks like it's PandMonium's email account that's tripping the error.

Thanks for reporting Wanderer!

Yup, it seems so. Glad i could help.

Offline PandMonium

  • Administrator
  • Hero Member
  • *****
  • Posts: 1332
Re: Contact form
« Reply #5 on: June 30, 2015, 01:44:10 AM »
Hey Wanderer!

Thanks for the tip, I've increased the max length to a more appropriate number - although I think that 30 chars are more than enough ;D

As for the other issue. I just tested it and it works ok. I think it is related with gmail not accepting some mails from yahoo or something generated by mailer lib, no idea why. We had a server migration recently and I've also updated the forum/site but most things seem back to normal. Any more issues just let me know ;)

Offline Wanderer

  • Newbie
  • *
  • Posts: 35
    • Wanderer's RomCenter tools
Re: Contact form
« Reply #6 on: June 30, 2015, 08:12:07 AM »
although I think that 30 chars are more than enough ;D

Well, it's true that there are some powerful words / ideas that CAN be expressed in less than 30 chars but i doubt that this limit would have been enough for the scope of this forum. :)

As for the other issue. I just tested it and it works ok. I think it is related with gmail not accepting some mails from yahoo or something generated by mailer lib, no idea why. We had a server migration recently and I've also updated the forum/site but most things seem back to normal. Any more issues just let me know ;)

I'll try to send a test message and i'll let you know of the result.

Offline Wanderer

  • Newbie
  • *
  • Posts: 35
    • Wanderer's RomCenter tools
Re: Contact form
« Reply #7 on: June 30, 2015, 08:25:44 AM »
Ok, i sent a test message from the contact form about 10 minutes ago and so far nothing has returned back. Maybe it was an isolated incident. In any case, when i sent the message , the reply i got on the form was as shown in the attached image. I use the latest firefox version under Win7.

Offline PandMonium

  • Administrator
  • Hero Member
  • *****
  • Posts: 1332
Re: Contact form
« Reply #8 on: July 01, 2015, 08:39:36 PM »
Hey!

I've been investigating this and here is the reason for the curious ones:

There are tons of spam sent daily and it is easy to spoof it, in other words it is very easy to send an email impersonating anyone. Basically, it is just a field where you can input any string of text without any possible restriction. It is kinda of similar to writing a letter, where you can write anything in the sender address.

Still, the email header has lots of details such as spam ratings and the ip addresses of the mail servers which were used to send it (just like a real postcard will get a stamp from the mail office even if I say it comes from the moon). That is basically the main reason we sometimes receive emails from "known addresses" that were not sent by them.

On the other hand, this also gives the non malicious user the possibility to have features such as a contact form or a "share this news item with a friend" button in their site. When using it (such as our contact form), the user inputs their email and the other end receives and email with that in the "From:" field. In the end, although it seems that the mail was sent from the user's mailbox, it was sent by the site mail server (or the one that was setup in the config), since obviously it doesn't have the access credentials of the mail in the "from" field (in this case, to the yahoo mail servers).

Now, what happened is that "Yahoo became the first major mailbox provider to publish a DMARC policy of reject. For those of you who are not familiar with DMARC and don’t know what a reject policy is, this means that Yahoo has a line of text in their DNS record telling other DMARC compliant mail providers (MBPs) to reject any mail from a Yahoo domain if it doesn’t come from Yahoo’s own servers." (it matches the addresses from yahoo servers and the ones in email headers).

Since Gmail is one of these "DMARC complaint mail providers", it just rejected your email to me but delivered it to Cassiel (since he uses a non DMARC complaint mail provider). Bottom line: we don't have much to do here, most of the "share this" or "contact forms" will probably be unusable if this practice spreads (which is good since it removes tons of spam). One possible fix is to have something like "contactform <at> tosecdev.org" in the From field and add the user email to the "Reply-to" field, guaranteeing that they will still get the reply. As I'm lazy, I will probably not look much further at this (read hack the module by myself). If really needed, I will ask/check if the used "contact form" component is updated by their creators to have this possibility be default. :P

Sources:
http://blog.returnpath.com/blog/christine-borgia/all-about-yahoos-dmarc-reject-policy
http://yahoomail.tumblr.com/post/82426900353/yahoo-dmarc-policy-change-what-should-senders

Offline Wanderer

  • Newbie
  • *
  • Posts: 35
    • Wanderer's RomCenter tools
Re: Contact form
« Reply #9 on: July 01, 2015, 08:56:33 PM »
Hey, thanks for all the info. Very interesting stuff. This means though that if someone tries to contact you using the contact form, the mail may never reach you. I guess it was pure luck that my message reached Cassiel. If/when his provider decides to become a "DMARC complaint mail provider"...

I'd suggest a warning on the "Contact us" form, informing the users that it's better to use the forum if they want to be more certain that their message will reach you, at least until this issue is resolved in a future upgrade as you propose. Perhaps a link to your last post would be useful.

Quote
If really needed, I will ask/check if the used "contact form" component is updated by their creators to have this possibility be default.

I assume this would be the best way to go. I guess it would be in their best interest since other users will also have similar problems.

Offline PandMonium

  • Administrator
  • Hero Member
  • *****
  • Posts: 1332
Re: Contact form
« Reply #10 on: July 01, 2015, 09:26:14 PM »
No problem! Thank you a lot for letting us know about the issue and being interested in the cause.

Indeed that may happen, although you might end up receiving a fail notification, just like you did. Yahoo was the first mail provider to implement the reject. Although not widespread, I believe it might become standard in the future. I suppose it didn't yet precisely due to the inconvenience / incompatibility to all the current services that us it - mailing lists, contact forms and others.

The users can still contact us by mail in any case, even you. You just have to open your mailbox directly and send it from there to contact@tosecdev.org. I've just added a note about that in the contact us page :)

Offline Wanderer

  • Newbie
  • *
  • Posts: 35
    • Wanderer's RomCenter tools
Re: Contact form
« Reply #11 on: July 01, 2015, 09:33:05 PM »
Just read the contact form. Nicely written. Descriptive and helpful for the users. I'm a little worried though if spam bots can pick up the mail address from the page and drive you crazy with their spams... Yup, i know, you can't have it all...  :-\

Offline PandMonium

  • Administrator
  • Hero Member
  • *****
  • Posts: 1332
Re: Contact form
« Reply #12 on: July 01, 2015, 10:01:35 PM »
The email was already there before and I didn't got much spam (maybe it is filtered). Maybe Cassiel is getting a lot :D
Still, I've updated it again so that it is now (supposedly) cloaked from spambots. If you go to that page without javascript it doesn't show the email, just a warning. It probably doesn't do much but don't worry.

Offline Wanderer

  • Newbie
  • *
  • Posts: 35
    • Wanderer's RomCenter tools
Re: Contact form
« Reply #13 on: July 01, 2015, 10:05:52 PM »
Still, I've updated it again so that it is now (supposedly) cloaked from spambots. If you go to that page without javascript it doesn't show the email, just a warning. It probably doesn't do much but don't worry.

Nice. :) Well, if you have little spam, i guess it's fine.  O0