CounterMail Secure Forms

If you have a CounterMail premium account, you can create secure Contact forms/Order forms using a customized web address. When the user submits the form it will end up as an PGP-encrypted email inside the form owner's Inbox. It requires basic knowledge of HTML to get our Secure Forms working on your own website. You can also make it send an email copy to the form-submitter. We are going to upgrade it with Javascript encryption, so you get real PGP end-to-end security. It already have end-to-end security now but the first steps is only TLS, then PGP. We will like to change it to PGP -> TLS -> then send it to the recepient(s).

Technical description

Client side
Server side
Client fills out the form and clicks Submit-button
Web browser initiates SSL encryption against https://webmail.countermail.com -->
<-- Server confirms SSL encryption against client browser
Web browser sends the form fields -->
1. Server checks:
-owner ('user'-field) is a premium account
-owner has activated Secure Forms
-owner has not reached the limit (60 form-requests/hour OR 25 req from the same IP-address in the last 30 min.)
-If field 'Email' is sent, estimate if it's a valid email address
-If field 'Email' is sent, check is the recipient have a Public key, if so encrypt the the users key. This can be disabled under Settings / Preferences / Secure Forms

2. Merge all fields and encrypt with PGP, with owner's public key

3. Add a random delay, between 20 - 2000 milliseconds

4. Send email to owner from our webserver, by default the client
IP-address will not be stored in the email. The form owner can activate IP-tracking if the email is PGP enrypted. This can be disabled under Settings / Preferences / Secure Forms

<-- Send response (OK/Error) or redirect to redir-page/success page
Web browser receives the result, this is normally
some form of "Thank you"-page


IMPORTANT!
- To activate your Secure Forms options, you must login to your webmail interface and go to
- Settings / Preferences / Secure Forms and click on Activate incoming form-post mails and click on Save
- We recommend to whitelist your own server IP-address


Required form fields:
form post action  = https://webmail.countermail.com/forms/cm_form.php
'user'   = the form owner, which is your countermail address OR your member alias address
'subject' = "your own email subject text"
'success  = your own success text, for example: "Thanks for your request!"
'redirect' = Full URL to your own page (if you don't want to use the 'success'-field), all FORM-fields will be forwarded to your own redirect page, so you can process them as you want.

Optional fields and other info:
'email'    = if this field is used the form, both the form owner and the submitter will get the email containg the forms fields if this field is NOT inside the form, only the form owner will get the email, no email will be sent to to submitter.

-If the form owner wants to check the form-submitters IP-address, the owner can activate this under Settings / Preferences / Secure Forms. This feature will only work if PGP-encryption is enabled.

-By using "-" as the first or last character in the INPUT NAME field you can skip extra new lines and Field subjects.
			  

-There is a limit of 60 requests per hour (or 25 request from the same IP-address in last 30 min)

Example 1 - standard form, sends mail to both owner and submitter

user = enter your countermail address or alias to test this form
*
*this should be type='hidden' in Live mode

Your own form fields:
Email:*

If you use a form-field called "Email" it will be checked if it's a valid address and then used as the senders address
If the email-recipient have a public key, the email will be encrypted to his/her key.
Name:

Address:


Zipcode:

State:

City:

Country:



Source from Example 1:

Example 1 will produce this email-body:


Example 2 - standard form, sends form mail to form owner only

user = enter your countermail address or alias to test this form
*
*this should be type='hidden' in Live mode

Your own form fields:
E-mail: (by using a formfield called "e-mail" it will only send form to the form owner)

Name:

Address:


Zipcode:

State:

City:

Country:


Source from Example 2:

Example 2 will produce this email-body: