
Show HN: Add forms to your static site – no iFrames required - colevscode
http://www.formspree.com/
======
Joeboy
Is this what I think it is? A resurrection of those free hosted formmail
scripts we used when I started writing web pages in the late 20th century?

Edit: [http://www.formmail.com/](http://www.formmail.com/) still seems to be
going, in fact.

~~~
colevscode
I could be wrong, but it looks like it requires CGI

~~~
Joeboy
You either download the CGI script and host it yourself or you pay the
formmail.com people to host it. In the olde days there were free ones where
you specified the destination in the form, but spam put paid to that.

~~~
jader201
It's free, unless you exceed 1000 submissions/month:

 _> How much does it cost?

> Formspree is free for 1000 submissions per email each month. If you need
> more, please reach out._

------
MarvinYork
This is even more 90es:

<form action="mailto:my@email.com" method=post enctype="text/plain"> ...
</form>

~~~
dreamfactory2
I'm probably missing something obvious but I don't understand how this is
different apart from costing money

~~~
kej
When you submit a form with a "mailto:" action, the browser opens the mailto
protocol handler, which is the user's email client. So you hit submit on the
form and then see a draft email filled out with your form responses.

~~~
nl
To expand on that:

If the user doesn't have an client-side email client setup (eg, they use
Gmail/Hotmail via the browser) a box will pop up prompting them to setup an
email account.

Even if they do have one setup up, most users will immediately dismiss the
email, so you'll never get it.

This is different to serverside email, where the client submits a form to the
server, and the server sends you an email.

Unlike the "mailto:" method, the second method will actually get you some
responses.

------
bobfunk
Another option is to host your static site on BitBalloon
([https://www.bitballoon.com](https://www.bitballoon.com)) - we make the forms
on the site work without any backend programming.

This doesn't leave your email in the HTML and we also do spam filtering on the
form submissions (get a bit of traffic and your contact form will get lot of
spam).

~~~
fiatjaf
Seems like an enourmously awesome solution, but, again, I ask: who are the
users of these kind of services (BitBaloon, Formspree etc.)?

(or, better asked: what is the problem these solutions solve?)

~~~
bobfunk
People are looking to static sites more and more for a couple of reasons:

1\. speed - you can't beat an optimized static sites hosted on a CDN. In part
I suppose the increased focus on speed i driven by mobile traffic. 2\. Github
- front-end developers have now gotten really used to having everything under
version control. Dumping the most important content into an unversioned
database just doesn't feel as good as having everything as Markdown in Github
3\. Jekyll - or rather build tools and static site generators in general. The
combination of GitHub and Jekyll and flag ship projects such as the Obama
Campaign platform [1] definitively played an essential role in the growth of
static site generators we're seeing now.

Our clients range from beginners launching their very first HTML site, over
agencies with really cool flows built around Middlemand/GitHub/Draft/Similar
services, to companies that are integrating site publishing into their
products in various forms.

One of the cool examples is a startup doing a site builder for progressive
candidates running for national campaigns. They use our API to handle the
publishing, and use our form feature for gathering volunteer submissions and
contact mails.

In general I think publishing a website with a form on it, is one of the most
basic features of the web. Making it faster, easier and better is a pretty
obvious plus for a lot of people.

[1] [http://kylerush.net/blog/meet-the-obama-
campaigns-250-millio...](http://kylerush.net/blog/meet-the-obama-
campaigns-250-million-fundraising-platform/)

~~~
fiatjaf
Thanks. I'm answered.

------
aytekin
We did something similar a year ago but it didn't get any traction.
[http://instant.jotform.com](http://instant.jotform.com)

------
benp84
Great idea. I'm not sure about the pricing though. I'd expect anyone who
reaches 1000 submissions per month to probably make the effort to get their
own form handler. I'd make it 100/month or maybe 1000 submissions total until
you have to pay. Then make it an annual fee so that customers think "OK, I'll
pay $X not to have to deal with this for another year."

~~~
eli
I'd advise against making it a _total_ submissions limit. I would not bother
attempting to use a service that is guaranteed to blow up on me one day even
if the site remains low traffic.

------
frncscgmz
I've been using
SimpleForm([http://getsimpleform.com/](http://getsimpleform.com/)) for my
static site forms, It's quite easy to set up and you can add some spam
prevention with Akismet.

This project looks interesting because there no need to register unlike
SimpleForm.

------
trevordixon
You can make a custom form submit to a Google Forms endpoint, and it will go
straight into a Google spreadsheet.

~~~
teleclimber
It seems to me that would be so much more useful than a bunch of emails.

Or expose an API for a CSV download, or a data feed, or something.

------
jodrellblank
Anything to stop someone sending 1000 submissions to someone else's form as a
trolling Denial of Service (DoS) attack?

~~~
korzun
Rate limiting per IP would be pretty easy to implement.

~~~
Moru
Doesn't help much when there is a botnet spamming you with one mail per minute
from 10000 ip-numbers.

------
aquark
Cool idea -- what kind of spam protection can it offer though?

I'm not worried about the email address being in the open, but my original
contact page form was getting hundreds (thousands?) of spam submissions a day
until I implemented some simple javascript 'traps' to filter out the bots.

I've still not worked out why a bot wants to fill in a contact form with spam
anyway, seems like a real waste of time.

~~~
Zikes
Best and simplest trick I've found for this is having a CSS hidden honeytrap
field, something like <input name="message_body" type="text" class="hideme" />

Bots will put something in the field but humans should never see it, so if the
server sees anything in there it can safely toss the whole thing.

~~~
eli
Two pitfalls: 1) You should add some text to indicate to people using screen
readers that this field should remain blank. 2) You should make sure to name
the field something unlikely to be autofilled. There are browser toolbars out
there that will happily autofill even hidden fields and trigger your spam
filter.

But other than that, I agree that this is extremely effective against the
common sort of drive-by spam bot. (And, obviously, completely useless against
any sort of advanced or targeted attack.)

~~~
aquark
Good point. My javascript solution uses two hidden fields with very similar
names. One that the script fills in and one that it doesn't.

Bots will either hit both or neither and get rejected. Screen readers/toolbars
may be an issue, though the names would be hard to think what to autofill
with. It has never come up in practice -- the reject message tells people to
email us directly

If you have javascript turned off, you'll need to email directly too -- and
the site won't work so there probably isn't much lost!

------
namenotrequired
The example says _...action= "//..._ shouldn't this be _...action=
"[http://](http://) ..._ ?

This is so seemingly simple but so useful, thanks a lot!

EDIT thanks for explaining, all! :)

~~~
MrQuincle
Ah, I had the opposite remark:

On [http://www.formspree.com/](http://www.formspree.com/) at section 1, they
say to use
"[http://api.formspree.com/your@email.com"](http://api.formspree.com/your@email.com")
while it should be "//api.formspree.com/your@email.com".

I just set up a Jekyll site with links to youtube and disqus. Quite important
or it won't work.

~~~
namenotrequired
That's what confused me, too, the inconsistency between the two.

------
deanclatworthy
Regarding the issue of having your email address in the open. This could
easily be solved by requiring registration and generating an encrypted URL for
each email address that a user associated with their account. I know this
highers the barrier for entry, but putting an email address in the open is
foolish and making it _too_ easy for the dumbest of email harvesters.

~~~
teach
These are for static websites. The idea of an "account" doesn't make sense.

Edit: Ah, you mean that formspree should allow site owners to create accounts.
Carry on.

~~~
exch
I'm thinking he means registering an account on the formspree site. So your
form's `action` attribute doesn't require the inclusion of a plain e-mail
address. Instead it gets some encrypted string, which is uniquely tied to your
formspree account.

~~~
deanclatworthy
Exactly. And you could generate as many tokens as needed

------
ajanuary
In the privacy FAQ you might want to link to Mailgun's privacy policy, or at
least their website.

------
asattarmd
There's another one (getsimpleform.com) that handles uploads and spam
prevention via Akismet. It does not expose your email.

------
crapiola
There's a problem here. browsers do not send Referrer when on an https site.
And they refuse to work without the header

 __For geeks: could not find "Referrer" header.

~~~
laurihy
Oops, good catch, thanks! Hadn't thought of this.

Apparently the problem is just sending a request https->http. https->https
should work fine. Adding SSL asap.

EDIT: now you can also use
[https://api.formspree.com/your@email.com](https://api.formspree.com/your@email.com)

~~~
crapiola
The rules are more complex. I'd say just do away with the refer(r)er.
[http://webmasters.stackexchange.com/questions/47405/how-
can-...](http://webmasters.stackexchange.com/questions/47405/how-can-i-pass-
referrer-header-from-my-https-domain-to-http-domains)

Maybe later when you have a real problem, fix it then. Let's cross bridges
when we come to the river, that way we'll all have much simpler code!

------
chris_mahan
I simply prefer to show my email address. People know what to do with an email
address.

~~~
chops
Originally, I did just that with my service. The problem is when you need
simple information like "What browser and version are you using" when someone
says something "isn't working". Capturing User Agent during form submission
takes an otherwise painful step out: asking a non-technical person to find out
what version of Internet Explorer they are running. There are still people who
think "The Internet" is "the Blue E on my computer". Similarly adding required
fields like "What's your site's address" when you run a multi-site service.
All valuable things to have specified so that you can answer any questions
with the first response rather than having to ask a pile of followup questions
when customers don't provide enough info.

With a general purpose email, you don't get that.

~~~
chris_mahan
If you give instructions along with the email, serious people are apt to play
along.

------
jcutrell
Nicely done. This kind of stupid simple service makes the web an easier place
to work.

------
pacifika
Does this not invite spam by leaving email addresses in HTML source code?

~~~
Zikes
No more so than a company's email being in a Contact Us page.

~~~
krapp
So... yes.

~~~
Zikes
In other words, this method is on parity with conventional contact methods and
the spam harvesting point is moot.

~~~
mildtrepidation
I think that contention is flawed in that it assumes the two methods are, must
be, and should be equal in terms of email address exposure.

------
ghenne
Undocumented feature: If you put _subject into the name property of an input,
it will be used as the subject of the email.

------
toddles2000
I was recently looking for a nice simple implementation of this for a client.
Didn't really find any that I liked so we decided to build this ourselves. Now
we have the flexibility of either emailing them the results or storing in our
local database for later processing. This looks really nice though.

------
joshmlewis
YES YES YES.

That is all. Thank you.

------
korzun
Kind of easy to crawl and harvest verified emails on web sites that implement
that API.

~~~
ozh
This kind of service will stay low on the radar compared to how many people
write their email in plain text on web pages. It's quite unlikely that someone
is going to crawl the web and harvest formspree "ACTION" fields when they can
simply harvest regular email and get a million more.

------
tehwebguy
This is cool, no JavaScript either.

Also, the contact form at the bottom of the page uses the API :)

------
hoggle
Would be especially cool if it supported input type=file as well :)

------
fiatjaf
I don't know who would want this. Is it really a demand from people? It is
programmers who love static sites who use this? Or the non-coders everywhere?

------
jordanlev
Is there a way to denote certain fields as required (on the back-end -- not
talking about "required" attribute or js on the front-end)?

------
icedchai
Is it 1995 again? Where's my formmail.pl ?

~~~
krapp
[http://www.scriptarchive.com/download.cgi?s=formmail&c=txt&f...](http://www.scriptarchive.com/download.cgi?s=formmail&c=txt&f=FormMail.pl)

------
nej
Is there a way to send the form submission to multiple emails using this
service?

~~~
namenotrequired
I guess you could use a new email address that automatically forwards what it
receives to multiple emails.

------
glifchits
I was looking for exactly this about two weeks ago. Awesome!

------
motyar
Anyone can send mail using "Referer" header?

------
hayksaakian
I would love a self hosted version of this

~~~
cine
Oh man, there are HUNDREDS of "scripts" that do this! Here's the PHP one I
used to use back in 2004.

[http://regretless.com/scripts/scripts.php#dodosmail](http://regretless.com/scripts/scripts.php#dodosmail)

I'm surprised this is being touted as such a new idea, but I guess with static
sites making a comeback, it was inevitable.

~~~
hayksaakian
cool, thanks for the pointer.

this seems like a good introductory project to any web framework

when I really sit down to learn node, I think I'll try to make something like
this starting out.

------
justinelof
OMG blast form the past. Well done guys.

------
minhajuddin
getsimpleform.com as others have mentioned can do all of this plus file
uploads and spam prevention.

------
martyn80
except it doesnt add a form to your site.

------
vrkr
I love it!

