Best method for Contact Us form.

Question

Contact Us form can be implemented in two ways:- Save the form detail in database and admin can check it when he logs in. Get the Message directly into admin's Mail. I want to ask, which one should be efficient for small business and what are the security measures should be taken to prevent the website(built in MVC) from malicious users.

Varun Setia · Answer

Google captcha service is really good you can use that. You can also use Cloudflare ddos protection to make this website more secure. You can save ip address from where you received the message. You can create blacklist ip addresses table in database. You can then compare and prevent user from filling form.

Sachin Singh · Answer

Really thanks Varun, My website is already secured by Cloudflare , but i need to implement Google Captcha.Thanks.

Varun Setia · Answer

Hi, You must be using both in one form. In case your email server fails. You must have data stored in database for backup purpose. You can fetch data in admin panel for the purpose of checking what information was received from whom through contact form. Also, for security you must use anti forgery token to prevent cross site scripting. You can check it here https://docs.microsoft.com/en-us/aspnet/web-api/overview/security/preventing-cross-site-request-forgery-csrf-attacks#:~:text=To%20help%20prevent%20CSRF%20attacks,is%20sent%20as%20a%20cookie. Along with it you must use basic validations for required fields, email validations, message min and Max length,etc.

Sachin Singh · Answer

@Varun Setia thanks ,just one more question How to prevent from Anti-Spam mails? there are hundreds of thousands of spambots browsing the Internet every second,they can bring down the website by submitting the contact form hundreds of times a second. Do i need to implement captcha for this?or is it userfiendly to ask a security question before submitting the form?