OtterAI Team
••10 min readHow to Build a Contact Form That Actually Works (With Email Notifications)
Complete tutorial on creating a functional contact form with email notifications. Includes validation, spam prevention, and best practices for 2025.
#Tutorial#Forms#Business
Every business website needs a contact form. It's how customers reach you, how leads come in, and how opportunities start. But a poorly implemented contact form can cost you business.
This guide will show you how to build a contact form that works reliably, delivers emails properly, prevents spam, and provides a great user experience.
Why Contact Forms Matter
For businesses:
- Capture leads 24/7
- Professional appearance
- Organize inquiries
- Reduce spam (vs public email)
- Track conversion rates
For visitors:
- Easy to use
- No email client needed
- Works on mobile
- Get confirmation
Statistics:
- 76% of users prefer contact forms over phone calls
- Well-designed forms increase submissions by 30-40%
- Poorly implemented forms lose 50%+ of potential leads
Essential Contact Form Elements
Must-Have Fields
Name
- First name only or full name
- Single field reduces friction
- Make it obvious (placeholder: "Your name")
- Critical for response
- Validate format
- Most important field
Message
- Multi-line textarea
- Min 20 characters
- Placeholder with guidance
Optional But Useful Fields
Phone number
- Some people prefer calls
- Make it optional
- Validate format
Subject/Category
- Dropdown selection
- Routes to right person
- "General", "Sales", "Support"
Company name
- For B2B businesses
- Optional field
- Helps qualify leads
Budget/Timeline
- For service businesses
- Helps prioritize
- Optional
Fields to Avoid
❌ Too many required fields - Each field reduces submissions ❌ Captcha (unless spam is severe) - Annoying for users ❌ Social security/sensitive info - Privacy concerns ❌ Redundant information - Don't ask twice
Basic Contact Form HTML
<form id="contact-form" class="contact-form">
<div class="form-group">
<label for="name">Name *</label>
<input
type="text"
id="name"
name="name"
required
placeholder="Your name"
>
</div>
<div class="form-group">
<label for="email">Email *</label>
<input
type="email"
id="email"
name="email"
required
placeholder="[email protected]"
>
</div>
<div class="form-group">
<label for="subject">Subject</label>
<select id="subject" name="subject">
<option value="general">General Inquiry</option>
<option value="sales">Sales</option>
<option value="support">Support</option>
</select>
</div>
<div class="form-group">
<label for="message">Message *</label>
<textarea
id="message"
name="message"
rows="5"
required
placeholder="How can we help you?"
></textarea>
</div>
<button type="submit">Send Message</button>
</form>
<div id="success-message" style="display:none;">
Thanks! We'll get back to you soon.
</div>
Frontend Validation
Validate before sending to server:
const form = document.getElementById('contact-form');
form.addEventListener('submit', async (e) => {
e.preventDefault();
// Get form data
const name = form.name.value.trim();
const email = form.email.value.trim();
const message = form.message.value.trim();
// Validate
if (!name || name.length < 2) {
showError('Please enter your name');
return;
}
if (!isValidEmail(email)) {
showError('Please enter a valid email');
return;
}
if (!message || message.length < 20) {
showError('Message must be at least 20 characters');
return;
}
// Submit
submitForm({ name, email, message });
});
function isValidEmail(email) {
return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
}
function showError(message) {
alert(message); // Use better UI in production
}
Backend Processing
Node.js/Express Example
const express = require('express');
const nodemailer = require('nodemailer');
const rateLimit = require('express-rate-limit');
const app = express();
app.use(express.json());
// Rate limiting (prevent spam)
const limiter = rateLimit({
windowMs: 15 * 60 * 1000, // 15 minutes
max: 3 // limit each IP to 3 requests per windowMs
});
app.post('/api/contact', limiter, async (req, res) => {
const { name, email, message, subject } = req.body;
// Server-side validation
if (!name || !email || !message) {
return res.status(400).json({ error: 'Missing required fields' });
}
if (!isValidEmail(email)) {
return res.status(400).json({ error: 'Invalid email' });
}
try {
// Send email
await sendEmail({
to: '[email protected]',
from: email,
replyTo: email,
subject: `Contact Form: ${subject || 'General'}`,
html: `
<h2>New Contact Form Submission</h2>
<p><strong>From:</strong> ${name}</p>
<p><strong>Email:</strong> ${email}</p>
<p><strong>Subject:</strong> ${subject || 'General'}</p>
<p><strong>Message:</strong></p>
<p>${message}</p>
`
});
// Send confirmation to user
await sendEmail({
to: email,
from: '[email protected]',
subject: 'We received your message',
html: `
<p>Hi ${name},</p>
<p>Thanks for reaching out! We've received your message and will get back to you within 24 hours.</p>
<p>Best regards,<br>Your Team</p>
`
});
res.json({ success: true });
} catch (error) {
console.error('Contact form error:', error);
res.status(500).json({ error: 'Failed to send message' });
}
});
async function sendEmail(options) {
// Configure your email service here
const transporter = nodemailer.createTransport({
host: process.env.SMTP_HOST,
port: 587,
auth: {
user: process.env.SMTP_USER,
pass: process.env.SMTP_PASS
}
});
await transporter.sendMail(options);
}
function isValidEmail(email) {
return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
}
Email Service Options
SendGrid
Pricing: Free tier (100 emails/day)
Setup:
const sgMail = require('@sendgrid/mail');
sgMail.setApiKey(process.env.SENDGRID_API_KEY);
await sgMail.send({
to: '[email protected]',
from: '[email protected]',
subject: 'Contact Form Submission',
html: emailHTML
});
Pros: Reliable, generous free tier, great docs Cons: Requires verification for production
Resend
Pricing: Free tier (3,000 emails/month)
Setup:
const { Resend } = require('resend');
const resend = new Resend(process.env.RESEND_API_KEY);
await resend.emails.send({
from: '[email protected]',
to: '[email protected]',
subject: 'Contact Form',
html: emailHTML
});
Pros: Simple API, good free tier Cons: Newer service
Mailgun
Pricing: Pay as you go
Pros: Powerful, reliable Cons: More complex, paid only
AWS SES
Pricing: $0.10 per 1,000 emails
Pros: Extremely cheap at scale Cons: Complex setup, requires AWS account
Spam Prevention
Honeypot Field
Hidden field that bots fill but humans don't:
<!-- Hidden from humans but visible to bots -->
<input
type="text"
name="website"
style="position:absolute;left:-9999px"
tabindex="-1"
autocomplete="off"
>
// Backend check
if (req.body.website) {
// It's a bot! Silently reject
return res.json({ success: true }); // Fake success
}
Rate Limiting
Limit submissions per IP:
const rateLimit = require('express-rate-limit');
const contactLimiter = rateLimit({
windowMs: 60 * 60 * 1000, // 1 hour
max: 5, // 5 submissions per hour per IP
message: 'Too many submissions, please try again later'
});
app.post('/api/contact', contactLimiter, handler);
Time-Based Check
Track how long form was on page:
<input type="hidden" name="timestamp" id="timestamp">
<script>
// Set when form loads
document.getElementById('timestamp').value = Date.now();
</script>
// Backend check
const formLoadTime = parseInt(req.body.timestamp);
const submitTime = Date.now();
const timeSpent = submitTime - formLoadTime;
if (timeSpent < 3000) { // Less than 3 seconds
// Likely a bot
return res.status(400).json({ error: 'Submission too fast' });
}
Google reCAPTCHA
Last resort (hurts conversion):
<script src="https://www.google.com/recaptcha/api.js" async defer></script>
<div class="g-recaptcha" data-sitekey="your-site-key"></div>
// Verify on backend
const response = await fetch('https://www.google.com/recaptcha/api/siteverify', {
method: 'POST',
body: `secret=${SECRET_KEY}&response=${captchaResponse}`
});
Only use if spam is severe - reduces submissions by 20-40%
Styling Best Practices
Mobile-First Design
.contact-form {
max-width: 600px;
margin: 0 auto;
padding: 20px;
}
.form-group {
margin-bottom: 20px;
}
label {
display: block;
margin-bottom: 5px;
font-weight: 600;
color: #333;
}
input, textarea, select {
width: 100%;
padding: 12px;
border: 1px solid #ddd;
border-radius: 4px;
font-size: 16px; /* Prevents zoom on iOS */
}
input:focus, textarea:focus {
outline: none;
border-color: #e86b47;
box-shadow: 0 0 0 3px rgba(232, 107, 71, 0.1);
}
button[type="submit"] {
width: 100%;
padding: 14px;
background: #e86b47;
color: white;
border: none;
border-radius: 4px;
font-size: 16px;
font-weight: 600;
cursor: pointer;
}
button[type="submit"]:hover {
background: #d45a36;
}
button[type="submit"]:disabled {
opacity: 0.6;
cursor: not-allowed;
}
Accessible Forms
<form role="form" aria-label="Contact form">
<div class="form-group">
<label for="name">
Name <span aria-label="required">*</span>
</label>
<input
type="text"
id="name"
name="name"
aria-required="true"
aria-describedby="name-hint"
>
<span id="name-hint" class="hint">
Enter your full name
</span>
</div>
</form>
Loading States
async function submitForm(data) {
const button = form.querySelector('button[type="submit"]');
// Show loading
button.disabled = true;
button.textContent = 'Sending...';
try {
const response = await fetch('/api/contact', {
method: 'POST',
headers: { 'Content-Type': 'application/json' },
body: JSON.stringify(data)
});
if (response.ok) {
// Success
form.style.display = 'none';
document.getElementById('success-message').style.display = 'block';
} else {
throw new Error('Failed to send');
}
} catch (error) {
alert('Failed to send message. Please try again.');
} finally {
button.disabled = false;
button.textContent = 'Send Message';
}
}
Error Handling
User-Friendly Errors
function showError(field, message) {
const formGroup = field.closest('.form-group');
// Remove old error
const oldError = formGroup.querySelector('.error-message');
if (oldError) oldError.remove();
// Add new error
const error = document.createElement('span');
error.className = 'error-message';
error.textContent = message;
error.style.color = 'red';
error.style.fontSize = '14px';
formGroup.appendChild(error);
field.focus();
}
Backend Error Logging
app.post('/api/contact', async (req, res) => {
try {
await sendEmail(emailData);
res.json({ success: true });
} catch (error) {
// Log error for debugging
console.error('Contact form error:', {
error: error.message,
stack: error.stack,
data: req.body,
timestamp: new Date()
});
// Send generic error to user
res.status(500).json({
error: 'Failed to send message. Please try again or email us directly.'
});
}
});
Testing Your Contact Form
Manual Testing
- Fill out form correctly → Success
- Leave required fields empty → Error shown
- Enter invalid email → Error shown
- Submit twice quickly → Rate limited
- Test on mobile device
- Test in different browsers
- Check email deliverability
- Verify confirmation email sent
Automated Testing
describe('Contact Form', () => {
it('should reject empty submissions', async () => {
const res = await request(app)
.post('/api/contact')
.send({});
expect(res.status).toBe(400);
});
it('should accept valid submissions', async () => {
const res = await request(app)
.post('/api/contact')
.send({
name: 'John Doe',
email: '[email protected]',
message: 'This is a test message with enough characters'
});
expect(res.status).toBe(200);
expect(res.body.success).toBe(true);
});
});
Advanced Features
File Uploads
Allow attachments:
<input
type="file"
name="attachment"
accept=".pdf,.doc,.docx,.jpg,.png"
multiple
>
Backend:
const multer = require('multer');
const upload = multer({
dest: 'uploads/',
limits: { fileSize: 5 * 1024 * 1024 } // 5MB
});
app.post('/api/contact', upload.array('attachment'), handler);
CRM Integration
Send to CRM automatically:
// After sending email
await createCRMLead({
name: data.name,
email: data.email,
source: 'Contact Form',
message: data.message
});
Auto-Response Templates
Personalized confirmations:
const templates = {
sales: 'Our sales team will contact you within 24 hours...',
support: 'Our support team typically responds within 4 hours...',
general: 'We\'ll get back to you within 24 hours...'
};
const message = templates[subject] || templates.general;
Common Mistakes
1. No Confirmation
Mistake: Form submits, nothing happens
Fix: Show clear success message, hide form
2. Emails Go to Spam
Mistake: Using wrong "from" address
Fix: Use your domain, set up SPF/DKIM records
3. No Mobile Optimization
Mistake: Tiny inputs on mobile
Fix: Font-size 16px minimum, large tap targets
4. Too Many Fields
Mistake: Asking for everything upfront
Fix: Name, email, message only - get details later
5. No Error Handling
Mistake: Form breaks silently
Fix: Log errors, show fallback (phone/email)
Production Checklist
Before launching:
- Test all fields and validation
- Verify emails send correctly
- Check emails don't go to spam
- Test spam prevention
- Add rate limiting
- Set up error logging
- Mobile responsive
- Accessible (keyboard navigation, screen readers)
- Fast loading (<2 seconds)
- HTTPS enabled
- Privacy policy linked
- Confirmation message works
- Auto-response emails sent
Cost Comparison
DIY with free tier:
- Email service: $0 (SendGrid/Resend free tier)
- Development: Your time
- Hosting: Included with website
- Total: $0/month for low volume
Form service:
- Typeform: $25-$70/month
- JotForm: $34-$99/month
- Pros: No coding, analytics included
- Cons: Monthly cost, less control
Custom built:
- One-time development: 4-8 hours
- Monthly: ~$0-5 (email service)
- Best: Full control, no monthly fees
Conclusion
A contact form is one of the most important elements on your website. Done right, it captures leads effortlessly. Done wrong, it frustrates users and costs you business.
Key takeaways:
- Keep it simple (3-4 fields max)
- Validate input properly
- Prevent spam intelligently
- Test email delivery
- Mobile-first design
- Clear success/error states
Don't let a broken contact form be why customers can't reach you.
Need a contact form on your website? OtterAI can generate a complete, working contact form with email notifications - just describe what information you need to collect.
