In-house Email Form
Do you know where the data from your email form app is saved? Many apps store content and attachments on the app provider's servers. MailForm.JP saves everything directly to your company's server, with no data remaining outside.
The SaaS system does not allow external file uploads.
Shopify is a SaaS e-commerce platform. For security reasons, external users are not allowed to upload files to the server.
Therefore, image attachments cannot be included in Shopify's standard forms. This means no photos for returns/exchanges, images for repair requests, or reference materials for custom orders.
To create an inquiry form that requires such image attachments, you must integrate a third-party email form app.
Where does that app store customer data?
If you implement an email form application, where will inquiries and attachments be stored? The answer is "on the application provider's server."
If it's an overseas application, customer data will be stored on overseas servers. Inquiries, attached personal information—everything—will be placed under the management of an overseas company with which you haven't even signed an NDA.
This poses a significant problem in terms of information security policy. Especially for listed companies and industries that handle personal information, providing customer data to third parties itself could constitute a compliance violation. An application implemented "because it's convenient" could unknowingly become a cause of information leakage.
Custom forms can be security vulnerabilities.
You might think, "If external apps are risky, I'll just create my own PHP form and put it on the server." However, a form without security measures can become an entry point for spam and viruses.
Email forms are prime targets for attackers. Impersonation via CSRF attacks, embedding malicious scripts via XSS attacks, uploading malicious files—all of these require specialized knowledge to defend against.
While it's easy to create a "working form," creating a "secure form" is a whole different level of difficulty.
Professional-grade protection, no setup required.
MailForm.JP offers security features that would typically require specialized knowledge to implement, all as standard. No additional fees or complex configurations are needed.
CSRF Protection
A unique secret key is generated for each form, and HMAC-based token verification is performed. Tokens are valid for 1 hour, blocking malicious submission requests.
reCAPTCHA
Supports both Google reCAPTCHA v2 (checkbox-based) and v3 (score-based). Prevents automated submissions by bots.
Honeypot
Invisible fields are deployed to detect bots that auto-fill forms. Bots detected are returned a fake success response to prevent learning.
XSS Protection
All input values are sanitized to prevent the embedding of malicious scripts.
Rate Limiting
Limits continuous submissions from the same IP address (default: up to 5 times in 60 seconds). This suppresses DoS attacks and spam submissions.
Encrypted Communication
Connections to FTPS servers only support encrypted communication. Unencrypted FTP is not supported for security reasons.
Customer data is stored directly on our company's servers.
At Mailform.JP, all form files and attached files are saved directly to the FTPS server you specify. No data remains on the application side.
You can continue to use your current rental server (Xserver, Sakura, Lolipop, ConoHa, etc.). When you save a form, it is automatically uploaded to the server and managed with the following directory structure:
/public_html/mailform-jp/{form ID}/
├── index.html <- For displaying the form
├── process.php <- For sending process
└── uploads/ <- For storing uploaded files
└── .htaccess <- Security settings
An .htaccess file is automatically placed in the "uploads" folder, prohibiting the execution of PHP files, restricting allowed file formats, and disabling directory listings.
Because there are no functional restrictions, it can accommodate any form.
Many form builders allow for easy drag-and-drop creation but come with limitations in design and functionality. EmailForm.JP is different.
You can freely write HTML, CSS, and JavaScript, making it possible to achieve any form design. Forms fully integrated with your store's design, complex conditional logic, dynamic validation—you don't have to worry about limitations.
The app automatically generates form tags, implements CSRF measures, and embeds reCAPTCHA, allowing you to focus on the form's content (input fields and design).
There are two types of variables: "System Variables" which are automatically acquired when the form is submitted, and "Form Variables" which acquire the values entered by the customer. By using these in email templates, you can automatically insert the submission date and time, IP address, and content entered by the customer.
Number of forms: 1
Ideal for stores that only want to create a contact form.
One month free with annual payment
Number of forms: Unlimited
Suitable for medium to large stores that want to categorize inquiries
One month free with annual payment
