Encryption and FormSpree Issues

apps

#1

I just moved a long-time client’s website over to DreamHost. The move went smoothly until we realized that Dreamhost does not support FormMail. The client has a FormMail script that collects data along with credit card information. On the old site, I had a PHP programmer develop a script that would encrypt the data before sending it, and it would be decrypted once received by the client using Gpg4win. Worked great.

Now we come to find that DreamHost uses FormSpree in place of FormMail, and we can’t get the encryption/decryption to work. I’'m desperate, as the programmer and I have been struggling for weeks now and I risk losing my best client.

Has anyone experienced something like this? Any suggestions on where to go from here?


#2

You need to state more information about your problem. Generally, php scripts should work fine on your account. What are the errors you get when running the script? I don’t know what you mean by DH not supporting FormMail as I have had a Form Mail php script on some of my sites (and various wordpress plugins for the similar function) for a long time. So long as you are not running some type of daemon under shared hosting, you should not really run into any issues, in most cases.

Depending on how complicated your situation actually is, you might consider a vps. That gives you more power over what you can run on your account than a shared hosting plan would provide.


#3

Thanks for the reply, Ryo-ohki.

What are the errors you get when running the script?<

The client reports that she receives the encrypted email, complete with gibberish-looking text between the PGP tags, but when she tries to decrypt the content, it says “decryption failed, no data.”

I don’t know what you mean by DH not supporting FormMail as I have had a Form Mail php script on some of my sites <

Please see this webpage: https://help.dreamhost.com/hc/en-us/articles/216687208-What-happened-to-Formmail-

We tried switching over to FormSpree but ran into these decryption issues. One thought is that FormSpree adds its own branding to the emails, so perhaps the added graphics muck up the works?

I contacted DH tech support who told me that we can use an alternate to FormMail, just not FormMail itself. The only alternative they could recommend was FormSpree. Are there other FormMail-like scripts that are recommended?


#4

can you share one of these pgp messages? I suspect it’s just a client-side failure. Your php code should encrypt the body of the message before sending it to formspree, then formspree just builds an email to send to the default recipient. Then, on the client, you may have to do something different than usual because of the way formspree formats the email.

Another thing you could do is forget formspree and develop php code that emails directly from your system. Use phpmailer library https://help.dreamhost.com/hc/en-us/articles/215842658-PHPmailer-overview and do the right thing locally.

I’m sure you’ve also evaluated other options for your customer, ones that don’t require managing credit card information this way but you’re stuck with this system.


#5

I’ve got to add here, that an even better solution is don’t use any type of email at all for this purpose.

The best solution is PHP code (or whatever type of code) that stores the encrypted card number and customer information in a database.

Email is by nature not at all secure. To send valid customer private information via email, even if that data is first encrypted seems more like a band-aid than solid permanent solution.

(This is all before we even get to the issue that sometimes such mailed forms don’t arrive consistently.)


#6

Absolutely! And if re-engineering this solution is an option, I’d suggest even not to store credit card data at all! There are great online services (paypal, stripe, vantiv) that authenticate the card for you and give you back only a token to store easily in your database.