
Show HN: Jumprock.co – HTML Forms for Static Sites - therov
https://jumprock.co/
======
wanda
Seems similar to Formspree[0], which one can self-host[1], but lacks the
aliasing feature of your solution. Looks very cool!

[0]: [https://formspree.io](https://formspree.io)

[1]:
[https://github.com/formspree/formspree](https://github.com/formspree/formspree)

~~~
dan9408
For others looking for a self-hosted alternative like Formspree I wrote
something similar that deploys to AWS Lambda [0]. Nothing fancy, just a AWS
Lambda endpoint that uses SES to send emails. Instead of aliasing email
addresses for privacy like OP I just use the native Node.js crypto module to
create a hex string of the address upfront.

[0] [https://github.com/danielireson/formplug-
serverless](https://github.com/danielireson/formplug-serverless)

~~~
rbalicki
I do this for a site I manage and it was remarkably easy to set up. I would
recommend this for people who have familiarity with AWS, but not as a first
introduction to AWS.

------
therov
Hey all,

I am the creator of [https://Jumprock.co](https://Jumprock.co). This is a
rebrand from an earlier project I did called Formpost.

It includes aliased names to not expose email addresses and custom fields now.

~~~
sharemywin
I was thinking there might be a piece of javascript to read and write a cookie
to a hidden field so you could keep a session variable for multiple page
forms.

~~~
therov
I like that idea. Something to add to the list of new features.

------
edent
Cool. You should consider using input type="tel" for capturing phone numbers -
[https://developer.mozilla.org/en-
US/docs/Web/HTML/Element/in...](https://developer.mozilla.org/en-
US/docs/Web/HTML/Element/input/tel)

On a mobile device, it will automatically pop up the number-pad. Makes life a
little easier for people filling in the form.

Similarly, input type="email" will pop up a keyboard with an @ symbol.
[https://developer.mozilla.org/en-
US/docs/Web/HTML/Element/in...](https://developer.mozilla.org/en-
US/docs/Web/HTML/Element/input/email)

~~~
GroSacASacs
very good, and also may provide smarter autofill

------
throwaway2016a
Very cool. Good job.

I use a relatively simple AWS API Gateway -> AWS Lambda -> AWS SES for this.
But as trivial as it was to set up it is still way more work than this looks
like. Having something more turn-key is nice.

------
clon
Each generation invents their own tools. The cycle has reached FrontPage
Server Side Includes. Soon the new PHP will emerge.

~~~
jordanlev
I mentor and teach a lot of designers and beginning front-end developers.
Services like this and FormSpree are a godsend for allowing them to create
functioning contact forms on websites without having to go down the server-
side rabbit hole.

Also, even though I'm fully capable of building my own form handling back-end,
if I'm just building a static site it's nice not to have to deal with all that
just for a simple contact form.

------
m3tr0s
Also you can use Google Apps Mail to send emails from a static site and save
the field values to a spreadsheet at once for free:
[https://github.com/dwyl/html-form-send-email-via-google-
scri...](https://github.com/dwyl/html-form-send-email-via-google-script-
without-server)

------
boffinism
Have you thought about GDPR compliance? I don't understand GDPR very well, but
it looks to me like your system would be, as it doesn't store emails sent. If
so, GDPR-readiness might be a good feature to advertise on your homepage.

~~~
johnchristopher
There's not really such a thing as being GDPR compliant. It's more about being
ready when someone will be coming for a privacy related trial or information
removal or when the infrastructure will leak data and the national privacy
agents knocks on your door and asks "what did you do to prevent it ?".

Best efforts. Except for the GAFA. And public agencies (best best efforts).

Source: working in a public agency and attending a lot of GDPR intro sessions
and watching the consultants walking down the corridor.

~~~
colinramsay
That's interesting, and echoes my understanding, but what would you do when a
client says "we want to be GDPR compliant"? I'm not sure saying "there's no
such thing" would really wash. Do you have any resources that might help?

~~~
johnchristopher
It really depends on the kind of business relationship you have with your
client and the field you are in. Questions such as "Are you managing data for
them ?", "Who does the actual data encoding ?", "What kind of data are we
managing", etc., are on the table.

I'd just say what I wrote in the previous post and talk about the DPO, the
infosec manager, etc.

What I am hearing and seeing a lot right now is: hire a consulting gig for a
few days that will set you up (good practices, business analysis, risks
assessment, iso 27000 and 27001 compliance) and then hire a different
consulting gig for two days that will be your DPO and make him come back every
6 months or year to show you are doing your best to prevent leaks.

It really does depend on the nature of your field.

The other thing I hear a lot: those UK law firms that sell GDPR consulting
certificates ? Don't waste money on that.

I couldn't really recommend any consulting firm, I only know two of them and I
am not involved (yet) enough in the process. But basically we (a public
agency) went the consulting gig road and share the fee with other agencies.

Oh, and I am not a lawyer of course.

------
yesimahuman
Nice! I built something like this a while back, never brought it to market.
Might think about processing inputs and generating CSVs, having a simple
tablular view in a dashboard, etc. It's a "backend for forms."

~~~
artpar
You might find useful a self-hosted headless cms

[https://github.com/daptin/daptin](https://github.com/daptin/daptin)

------
lozzo
It looks real good. but I don't get the catch: is it free service ? is there a
guarantee on the time between the user posting the form and me receiving the
email ? what if your site is down ?

~~~
therov
Excellent questions. It is free unless you want to use custom fields. The
emails go into a queue which is listened for and processed when items are
added. I have 3 that listeners that run simultaneously to handle email
sending.

If the site goes down then the emails are lost. I'm still working on a
solution of multi region load balancing with high availability to ensure this
doesn't happen.

------
rcraft
Love these type of tools especially when using with github pages.

Anyone have any other tool recommendations that work well with github pages
and other static sites?

~~~
antibland
I use Formspree [0] for GitHub Pages hosted stuff, and it is dead simple. I've
never been spammed, as it requires a human click ("I'm not a robot") for the
email to send.

[0] [https://formspree.io](https://formspree.io)

------
Jaruzel
What goes around, comes around I guess.

Back in the maelstrom that was Web 1.0, where every person and their dog were
uploading static html pages to their 'webspace' via FTP, these sort of
services were two-a-penny, many ISPs even offered them as part of their
'webservices' packages.

I'm not knocking it, it's just it's not a new idea.

------
rathboma
Likewise I also have a similar service offering form endpoints. Plus I built a
bootstrap-native form builder (generates a bootstrap form and inserts it with
JS, not an iframe).

I also have Slack, and webhook notifications.

[https://www.99inbound.com](https://www.99inbound.com)

------
sntran
Nice! The alias (or the lack thereof) is one thing that keeps me from using
Formspree, as I don't want the email addresses to be exposed.

One suggestion I have is to support aliases in CC and BCC fields as well. You
already have the implementation.

Of course, the alias should support multiple email addresses in one.

------
zackify
You could use this docker image instead as well
[https://github.com/encryption/contact](https://github.com/encryption/contact)

------
Jack5500
I'm looking for something similar: A visual form builder that I can self host
for a form just a little more complex than a contact form. Does anybody know a
solution that offers that?

~~~
jpic
formsite.com

~~~
Jack5500
Thanks, but that's not self-hosted

------
simonhamp
For completeness, there’s also Formkeep
([https://formkeep.com/](https://formkeep.com/)) which is similar.

------
appleflaxen
Is it possible to deliver the messages to the email server in an encrypted
way? I would not want my business communication being sent via
cleartext/email.

------
rebolyte
Things like this and Formspree are great for setting up a one-off site. If you
get to choose the hosting though, Netlify offers form submission handling as
part of their free tier, with email/Slack notifications, API access, and data
export.

[https://www.netlify.com/docs/form-
handling/](https://www.netlify.com/docs/form-handling/)

------
tvaughan
See also: [https://www.sumar.io](https://www.sumar.io)

------
dmitrygr
So, I take it they have never heard of simply doing

    
    
       <form action="mailto:destination@example.com" method="post" enctype="text/plain">
    

Simpler and does not disclose your data to third parties.

~~~
Piskvorrr
Simpler _for you_. Far more confusing for users ("I clicked this and now my
e-mail client is open, is that some sort of hack?!?"). This used to be
promising, way back when HTML started; as good as dead nowadays.

------
fiatjaf
I must say "Honeypot" solutions don't work at all.

~~~
therov
Any suggestion?

------
sidyapa
Is there a daily/monthly limit?

~~~
therov
There is a soft limit of 200 emails per hour to prevent spam.

~~~
sidyapa
That's really cool! Thank you for building it.

------
shapiro92
literally 1 zappier integration.

------
cenourinhapt
How does it deal with Spambots?

~~~
dlbucci
One of the example forms has a honeypot input. Any submission where that field
is non-empty is discarded.

~~~
foo101
This will not take a lot of time for spambots to figure out. Would it?

Are there any web-application-firewall level spambot filtering that would
ensure that the bot traffic can be continually monitored and the rules to
block spambots can be continually updated?

~~~
napolux
In my previous job an honeypot field with a random name in the form of
email__($randomString of 3 to 6 chars) was enough to block 100% of the spam.

Simplicity is the ultimate sophistication.

~~~
shanecleveland
Agreed. A honeypot worked 100% for me for a long time. I had a bot start to
slip through, somehow, so I added an additional layer of protection. I began
checking server side for the time between initial request for the page to
submit. If less than five seconds, the submission fails. Still a simple idea,
but the execution is a little more complex.

~~~
memco
I'm sure you probably tested this with your particular needs, but just in case
you haven't: five seconds is a long time and there are many forms that can be
filled out by humans in less than that. I stepped on my own toes once setting
what I considered to be reasonable minimums until I tried to use my own site
and found myself getting blocked because I was submitting requests too fast.

~~~
shanecleveland
Thank you. Yes. Excellent point. The particular form I needed this for is
moderately involved, so I erred on the longer side. I suspect a spambot
wouldn't want to intentionally throttle itself, but they may introduce a one-
or two-second delay if this becomes common enough. Definitely have to tailor
it to the form.

------
nblavoie
How do you filter spam ?

~~~
exodust
it says: honeypot input

