Before you can launch your new website, it’s important to run some tests to ensure that you’re site will work as good as it looks. Visual testing across different browsers and devices is the first thing that comes to mind, and the most obvious to most clients, but there’s a few often overlooked areas that are crucial to the long term success of your site. This post will be the first in a series of articles exploring oft-overlooked areas to pay attention prior to launch.
1) Form Notification Email Settings
When a form is submitted on your website, whether that’s a contact form, an online order, or even newsletter signups, you want to make sure you get notified right away. WordPress form plug-ins like GravityForms (which I use extensively) allow you to set up notifications for every time a form is submitted. Part of the settings include the ability to specify an email address from which you want the email to be sent from. This is the “email from” field, as seen in the screenshot below. Oftentimes people forget to change this from the default setting, which is the email address associated with the site admin.
When this “from” email address happens to be the same one that you are sending a message to, often your email program (like Gmail, Outlook, etc) may send the message directly to spam, because in essence it looks like the email address has been spoofed. Which in a sense it has.
To prevent this, make sure that you’re using a different email address than the one you’re sending it to. This doesn’t actually have to be a real email address. You can use something like [email protected] or [email protected], or whatever. You’ll want to make sure that the email address comes from one with your domain at the end. This is because some email providers like Google are strict and if it sees email coming from your domain that are not really your domain, it will often flag it. I have not noticed if it matters whether it is a real email or not. It didn’t used to matter, but heck, things change – so you may want to pick a legitimate email from your domain.
Once in a while, depending on your email provider, these emails will still be considered “spoofed”. There are two options at this point.
Preferred Method: Adjust Your MX Records
if you’re feeling up to it, you can use email authentication methods, such as SPF, and Domain Keys to prove that your emails and your domain name belong together. Essentially this means adding your IP address to the domain’s DNS entries in order to give extra validity to your Web server that it’s allowed to send emails as originating from your domain. Have you (or your IT folk) add this to the MX records for your domain name as a TXT. Replace the parts in bold with your own IP address and domain name.
- v=spf1 mx a ptr ip4:000.0.00.0/32 mx:cmail1.com include:_spf.google.com include:DOMAINNAME.COM ~all
Both MediaTemple and Digital Ocean have thorough tutorials on this matter that I recommend reading.
A carefully tailored SPF record will also reduce the likelihood of your domain name getting fraudulently spoofed and keep your messages from getting flagged as spam before they reach your other recipients, such as your customer’s online receipts, confirmations that an application was received, etc.,
Less preferred method: Set up mail filters
You can set up a filter inside of Google, and other mail apps. For Gmail Log into the email account that is throwing your form mail into spam (Settings –> Filter). You can set up the parameters based on subject, from, etc.
2) Form Usability and Validation
This entails going over the form and trying to fill it out on different web browsers, and different devices. Fields that should be required but left blank should result in error messages upon submission directing the user to fill in those required fields. Specially formatted fields, such as email addresses, dates, and phone numbers should only accept field submissions in the required format. Try putting in goobly gook and making sure that the correct validation error message shows up. Also check entering punctuation characters into comments or large text fields, as some forms will block certain characters from being entered due to potential security risks. Forcing your forms to only accept plain text is a good habit. I was brought into diagnose a client’s website that crashed suddenly and wouldn’t start up again. By checking the server logs of what happened immediately before the crash, I discovered that the last action on the website was a user registration, and someone had inserted an emoji as a username, which totally broke the MySQL database.
3) Form Tab Order
Many users fill in a form by using the tab key on a keyboard to tab to the next field. This is also important for accessibility. Check that you can tab through a form in sequence and that the cursor is placed into the next field correctly. With the GravityForms plugin, this is easy to change it via a forms embed settings.
You can also check to make sure you can complete the whole form and submit it just by using your keyboard.
4) Thanks or Confirmation Page/Message
Once the form has submitted, check that a thanks page or message is displayed to the user with a relevant thank you message.
5) Form Submit Actions
There could be further actions when a form is completed, such as saving the form data into a database, sending it to a Google spreadsheet, or integration with an email marketing or CRM system. These aspects should be tested to make sure that the form data is saved correctly and the data shows up properly where it should.
