Secure and Encrypting Contact Form for Embedding on Website
Each website must provide ways to contact the company/owner. Publishing email addresses is usually just a way to receive spam – therefore adding simple contact forms is still one of the best ways to provide a communication channel.
Contact forms are usually a security hell, because the data a user enters in this form is first passed to the web server, then sent trough unknown SMTP forwarding services of the hosting provider until it is received by the actual mail account.
Therefore I suggest Proton to provide a solution to embed a secure and encrypting contact form on any website:
- The contact form consists of the fields: Name, Sender Email Address, Message.
- The contact form signs and encrypts the entered user data in the browser, before it is securely sent to a Proton server and delivered to a Proton mailbox.
- An invisible captcha is preventing form spam.
- The user limits the embedded form to a list of selected domains where the form is working to prevent cross site attacks.
- The destination email address can not be extracted from the form.
- A message is displayed, when the message was successfully sent.
Providing a secure contact form would close this last gap from the initial contact from a person to a secure communication.