These things sound great but no one really uses them in practice.
People seem to implement this sort of capability themselves a lot. So there is going to be a small marginal value to a 'canned' version, web sites are also particularly careful with emails and other PII people send them so a service approach runs the risk of the service harvesting that data and reselling it without the web site owners knowledge or approval. And finally, I expect a quick crawl of the web would turn up a zillion different 'tweaks' that individual sites make for their particular application, so it would be hard for them to use a pre-baked one.
I am the creator of https://Jumprock.co. This is a rebrand from an earlier project I did called Formpost.
It includes aliased names to not expose email addresses and custom fields now.
On a mobile device, it will automatically pop up the number-pad. Makes life a little easier for people filling in the form.
Similarly, input type="email" will pop up a keyboard with an @ symbol. https://developer.mozilla.org/en-US/docs/Web/HTML/Element/in...
I use a relatively simple AWS API Gateway -> AWS Lambda -> AWS SES for this. But as trivial as it was to set up it is still way more work than this looks like. Having something more turn-key is nice.
Also, even though I'm fully capable of building my own form handling back-end, if I'm just building a static site it's nice not to have to deal with all that just for a simple contact form.
This is for when you don’t have a server.
Best efforts. Except for the GAFA. And public agencies (best best efforts).
Source: working in a public agency and attending a lot of GDPR intro sessions and watching the consultants walking down the corridor.
I'd just say what I wrote in the previous post and talk about the DPO, the infosec manager, etc.
What I am hearing and seeing a lot right now is: hire a consulting gig for a few days that will set you up (good practices, business analysis, risks assessment, iso 27000 and 27001 compliance) and then hire a different consulting gig for two days that will be your DPO and make him come back every 6 months or year to show you are doing your best to prevent leaks.
It really does depend on the nature of your field.
The other thing I hear a lot: those UK law firms that sell GDPR consulting certificates ? Don't waste money on that.
I couldn't really recommend any consulting firm, I only know two of them and I am not involved (yet) enough in the process. But basically we (a public agency) went the consulting gig road and share the fee with other agencies.
Oh, and I am not a lawyer of course.
If the site goes down then the emails are lost. I'm still working on a solution of multi region load balancing with high availability to ensure this doesn't happen.
(I do wonder what's in it for Jumprock, too)
Anyone have any other tool recommendations that work well with github pages and other static sites?
Edit: Disclaimer: the company I work for Sponsor their hosting.
Back in the maelstrom that was Web 1.0, where every person and their dog were uploading static html pages to their 'webspace' via FTP, these sort of services were two-a-penny, many ISPs even offered them as part of their 'webservices' packages.
I'm not knocking it, it's just it's not a new idea.
I also have Slack, and webhook notifications.
One suggestion I have is to support aliases in CC and BCC fields as well. You already have the implementation.
Of course, the alias should support multiple email addresses in one.
<form action="mailto:firstname.lastname@example.org" method="post" enctype="text/plain">
Are there any web-application-firewall level spambot filtering that would ensure that the bot traffic can be continually monitored and the rules to block spambots can be continually updated?
Simplicity is the ultimate sophistication.
Therefore, just to offer a counterpoint, I would like to register my experience here. A random name surely did not do the trick for us. Simple tricks like creating a random hidden field would be broken by spambots in less than 48 hours. It took a great deal of expensive WAFs like Barracuda and a lot of Lua scripting combined with cookie analysis (and overall request header analysis) to detect spambots with only a 90%-95% accuracy and keep them out.
Most of the spambots jsut search for forms to fill on the internet.