CGI script for sending E-mail from within a webpage

This Perl script allows you to make a web form (like the one from this site) which enables people to send e-mail directly from within a webpage. The advantage is that by encoding your e-mail address in the script, outsiders (including spammers and bots harvesting addresses for spam lists) can't see your address. If you just put a mailto link on your webpage, you are likely to start receiving spam on that address automatically.

Some people argue that webpage visitors are more likely to send mail if there's a mailto link than when there's a web form. This may be true because people will generally prefer using their own e-mail program over a web form. This means that when it is absolutely crucial for you not to miss any potentially interesting e-mail, you should use a mailto link and learn to live with the spam. But if you're like me and only want people to contact you when they really want to (and are prepared to overcome their ‘fear’ - or whatever it is - for web forms), a web form is the best solution.

To make this work, you need the following:

Step-by-step instructions

This may look complicated but actually it just seems so because I explain everything here to the finest detail. The reason is that I do not want to receive ten mails a week from people who are having problems with installing this stuff. So please read thoroughly through this if it doesn't work. If you ask me something which is in this page, I simply won't answer.

  1. Find out how to run a CGI script on your server. If your ISP has an FAQ page, you'll likely find the necessary information there. Otherwise, mail your ISP's support crew. What you need to know is the path to the Perl interpreter. This is often "/usr/bin/perl" or something similar. You also need to check if you need to put scripts in a special directory (often 'cgi-bin') or not.
  2. Also check the location of the server's ‘sendmail’ program. This will be something like "/usr/sbin/sendmail" or "/usr/lib/sendmail". You will likely find this together with the path of the Perl interpreter.
  3. Once you have this information, open the lexmail script in a text editor. Replace the first line by “#!” followed by the Perl interpreter path, if it is different from “#!/usr/bin/perl”. Next, put the sendmail path into the line starting with “my $MAIL_PROGRAM=...”
  4. Next, fill in your e-mail address in the line starting with “my $RECIPIENT=”.
  5. You can avoid that people from another site can run your script from their website. That would be useless for this script, but some idiots are bound to try it anyway. You can save yourself the trouble by filling in your domain name in the @VALID_DOMAINS array. The script will only run when the domain of the calling server contains a part which is in this array. So if your website is “”, put '' (including the quotes) between the brackets. You can add additional domains by separating them with commas. If you don't want to use this safety feature, remember to remove the '' which is currently in the script!
  6. You can also prevent people with a certain IP address from sending mail to you by putting these addresses in the @BLOCKED_IPS array. This is useful in case someone is repeatedly sending garbage to you via the web form.
  7. Normally this is all you need to change about the script. You can modify the actual lay-out of the e-mail message by editing the appropriate section. However, only do this if it is really necessary and you have at least a basic knowledge of Perl.
  8. Next, change the extension of the script from “.txt” into “.pl” or “.cgi”. It is also a good idea to change the name of the script itself into something non-obvious of your own choice. Otherwise somebody could simply configure a bot to look for this script on the web, and send spam through the web forms.
  9. Upload the script to your server, into the special cgi-directory if necessary. After uploading, you need to set the script's UNIX permissions to “-rwxr-xr-x” or 755 (executable for everybody), or otherwise if stated in your ISP's manual.
  10. Now the script is ready, you should make the actual web form. This should be very simple even if you never did it before. How you will do this, will depend on what kind of editor you are using. I will only explain what is common to all editors, be it a simple text editor or a fancy WYSIWYG editor. If you want to ask me how to do this in your own editor, the answer is right here: “I don't know”. You can also simply copy the sample code below, and modify the URLs.
  11. Create a FORM object. In some editors this may be called “Web form” or something. Anything containing the word “form” is likely to be OK. A FORM object has two important parameters (= attributes): the METHOD and the ACTION. The METHOD must be “POST” and the action must be the URL of the Perl script you uploaded above.
  12. Next, add three “text” INPUT fields to the FORM. The NAME attributes for these fields must be “from”, “sendername” and “subject”. Type these names exactly like this, do not use uppercase letters. The field names are case sensitive.
  13. Add one TEXTAREA object to the form. This object's NAME attribute must be “message”. As you can guess, this will be the place where the user will type the actual e-mail. Make this field preferably 74 columns wide and at least 8 rows deep. Also, it will be much more comfortable to type in this field if its WRAP attribute it set to “virtual”.
  14. Optional: add a ‘hidden’ INPUT field with NAME="nextpage" and as default value the URL of a page which should be displayed after the user has sent the e-mail. (You may need to use an absolute URL for this, to avoid problems.) If you omit this, the user will see an overview of the e-mail message instead.
  15. Optional: add a ‘checkbox’ INPUT object with NAME="carboncopy". If this box is checked, the user will receive a copy of his/her e-mail. Many people tend to like this, so you may want to add it. But beware! Your address will also be visible on the carbon copy, so people who really want to get your address can use this as a backdoor.
  16. Finally, add either a ‘submit’ INPUT object, or a BUTTON object with TYPE="submit" to the FORM. You may also add a ‘reset’ button in the same way, which will erase the form's contents. However, this may confuse some people, causing them to erase their message instead of sending it. Ouch!
  17. Add the necessary text to the form so that people can see which field is the address field and so on. Now you should have a form whose HTML source might look like this:
    <FORM action="cgi-bin/" method="post">
    <INPUT type="hidden" name="nextpage" value="../mailsent.html">
    Your name: <INPUT type="text" size=40 name="sendername"><br>
    Your e-mail address: <INPUT type="text" size=40 name="from"><br>
    <INPUT type="checkbox" name="carboncopy"> Send a carbon copy to your address<br>
    Subject: <INPUT type="text" name="subject" size=64 maxlength=128><br>
    <TEXTAREA name="message" rows=8 cols=74 wrap="virtual"></TEXTAREA><br>
    <INPUT type="reset" value="Erase">&nbsp;&nbsp;&nbsp;<INPUT type="submit" value="Send it!">
  18. That's it. Upload the webpage with the form to your site and you should be ready to go. It needs not be said that you should test the form yourself first - but I say it anyway.



I give no guarantee whatsoever that this script will work, is free of security holes, or prevent that your address is added to a spam list. Use of this script is at your own risk. If you are able to mess it up to such a degree that it causes damage or data loss, it's your fault. But hey, it is completely free! Of course this also means that you may not sell it for your own profit.