Form Security – What is it made up of?

We need your feedback!
November 21, 2011
Upcoming: Improved Form Charts & Reports
December 5, 2011

Form Security – What is it made up of?


123ContactForm takes great interest in providing online forms that are protected at all levels. From the hosting packages we use to the antispam solutions that we offer, everything is aimed at creating a secure experience for our users. Your account, your forms and the collected data are subject to various mechanism that ensure their security, integrity and confidentiality.

Secure Contact Form

Professional hosting

Our platform runs on cloud servers provided by Amazon Web Services, known as one of the cloud computing environments that offers the highest level of security and flexibility in today’s world. All information is encrypted and stored on our servers located in AWS’s secure data centers, provided with electronic surveillance and multi-factor access control systems, proofed against disruptions and hazards. Amazon’s servers are clustered in a global network of edge locations around the world (CloudFront), ensuring that no matter what the threat is, information remains securely hosted and available. We also perform daily backups of form data and graphics on Amazon S3.

Antispam protection

Forms can be protected from spam in various ways. You can adjust antispam features in the SettingsSecurity section. For a start, there’s CAPTCHA protection, which makes it very difficult for robots to abuse your form. Based on your choice, the verification image will appear each time the form is accessed, will change daily or will only show up when the form seems to be abused (smart CAPTCHA), i.e. when multiple form submissions are made from the same IP address. You can also use IP limitation and restrict the submissions coming from the same IP to a certain number, e.g. 1 per day, week or month, or even lifetime.

You can also use country filters. To do this, you simply need to check the option Reject submissions from the following countries and type in the country codes that you want to reject (you’ll find these codes in an attached list). Or you can go the other way around, so that you accept submissions only from certain countries. If your form is intended only for specific users, you can even set up password protection and share the keyword with the specific users only.

Phishing shutdown

We are much aware of the fact that forms are used on the web to collect private information (email addresses, passwords, credit card information) from people. We use human review and automated abuse detection to make sure that the web forms created by users of our service are not used in this purpose. For example, forms created on the Free plan and containing certain field labels are banned automatically. Further, our security scripts notify us each time a suspicious form or account is detected; we check user activity and shut down the account, if it is, indeed, malicious. Forms can be reported as abuses using the Report abuse link at form bottom.

If a phishing attempt escapes our security measures, it does so for a short while. After the form is shut down, harmed parties are provided with a document containing the data collected through the form, so that affected persons can be alerted. Qualified authorities that take legal action against online criminal activity are provided with user registration details, logs and IP addresses pertaining to abusive accounts.

Other provisions

Backup copy. A backup copy of your form submissions is stored on our servers. If you delete submissions accidentally, we’ll retrieve them from there. That’s the only reason why the backup copy exists. It is generated by default for every new form. If you don’t want the copy to be created, let us know.

SSL encryption. Platinum accounts benefit from SSL form encryption. SSL encryption is a protocol that secures communication over the Internet. With SSL, all data sent through the form is unreadable for any robot or person that tries to intercept communication. Accepting payments through forms is hence possible only with the Platinum plan.

Confidentiality. According to our Terms of Service, your account data and the information collected through forms are confidential. No information will be used, shared or sold and all collected data is rightfully yours.


Featured image courtesy:

Alexandra Draghici
Alexandra Draghici
is the Project Manager of 123ContactForm. She tracks our project development and acts as a link between departments. Alexandra likes web technologies and teaching online and offline.