CounterMail Secure Forms

If you have a CounterMail premium account, you can create secure Contact forms/Order forms using a customized web address. When the user submits the form it will end up as an PGP-encrypted email inside the form owner's Inbox. It requires basic knowledge of HTML to get our Secure Forms working on your own website. You can also make it send an email copy to the form-submitter.

Technical description

Client side
Server side
Client fills out the form and clicks Submit-button
Web browser initiates SSL encryption against https://countermail.com -->
<-- Server confirms SSL encryption against client browser
Web browser sends the form fields -->
1. Server checks:
-owner ('user'-field) is a premium account
-owner has activated Secure Forms
-owner has not reached the limit (60 req/hour)
-If field 'Email' is sent, estimate if it's a valid email address
-If field 'Email' is sent, check is the recipient have a Public key, if so encrypt the the users key. This can be disabled under Settings / Personal info / Secure Forms

2. Merge all fields and encrypt with PGP, with owner's public key

3. Add a random delay, between 20 - 2000 milliseconds

4. Send email to owner from our webserver, by default the client
IP-address will not be stored in the email. The form owner can activate IP-tracking if the email is PGP enrypted. This can be disabled under Settings / Personal info / Secure Forms

<-- Send response (OK/Error) or redirect to redir-page/success page
Web browser receives the result, this is normally
some form of "Thank you"-page



Required form fields:
form post action  = https://countermail.com/forms/cm_form.php
'user'   = the form owner, which is your countermail address OR your member alias address
'subject' = "your own email subject text"
'success  = your own success text, for example: "Thanks for your request!"
'redirect' = Full URL to your own page (if you don't want to use the 'success'-field), all FORM-fields will be forwarded to your own redirect page, so you can process them as you want.

Optional fields and other info:
'email'    = if this field is used the form, both the form owner and the submitter will get the email containg the forms fields if this field is NOT inside the form, only the form owner will get the email, no email will be sent to to submitter.

-If the form owner wants to check the form-submitters IP-address, the owner can activate this under Settings / Personal information / Secure Forms. This feature will only work if PGP-encryption is enabled.

-By using "-" as the first or last character in the INPUT NAME field you can skip extra new lines and Field subjects.
			  
IMPORTANT!
-To activate our Secure Forms you must go to your Account / Settings / Personal information / Secure Forms and click on Activate incoming form-post mails
-There is a limit of 60 requests per hour

Example 1 - standard form, sends mail to both owner and submitter

user = enter your countermail address or alias to test this form
*
*this should be type='hidden' in Live mode

Your own form fields:
E-mail:*

If you use a form-field called "Email" it will be checked if it's a valid address and then used as the senders address
If the email-recipient have a public key, the email will be encrypted to his/her key.
Name:

Address:


Zipcode:

State:

City:

Country:



Source from Example 1:

Example 1 will produce this email-body:


Example 2 - standard form, sends mail to both owner and submitter

user = enter your countermail address or alias to test this form
*
*this should be type='hidden' in Live mode

Your own form fields:
E-mail:*

If you use a form-field called "Email" it will be checked if it's a valid address and then used as the senders address
If the email-recipient have a public key, the email will be encrypted to his/her key.
Name:

Address:


Zipcode:

State:

City:

Country:


Source from Example 2:

Example 2 will produce this email-body:


Example 3, will only send email to the form owner, you can use this to test deeper how it works

user = enter your countermail address or alias to test this form
*
*this should be type='hidden' in Live mode

Your own form fields:

Name:

Address:


Zipcode:

State:

City:

Country:


Source from Example 3:

You can see the full output after submit since we created our own testpage, and added it as 'redirect' field.