Form Mailer
Reliable contact and lead-form email delivery for EmDash with spam protection and provider-based sending.
Description
Form Mailer is a small, opinionated EmDash plugin for contact and lead-form notifications. It keeps scope intentionally narrow: accept validated public form submissions, apply anti-spam protections, and deliver notification email through either Cloudflare Email Service or ZeptoMail.
It includes a public submit endpoint, Block Kit admin settings, configurable allowed origins for headless setups, Turnstile support, honeypot protection, per-IP rate limiting, idempotency via X-Submission-Id, structured logging, and clear configuration health messages for admins.
This plugin is designed for teams who want reliable form submission handling without adopting a full form builder.
Audit summary
Security risk answers “can this plugin harm my site?” — it drives the publish decision. Privacy disclosure answers “what visitor or admin data does this plugin handle?” — it’s informational so you can make your own GDPR call before installing.
- mediumnetworkHosts referenced in code but not declared in manifest.allowedHosts
Embed in README
Paste any of these snippets into your plugin’s README so readers see live installs, trust tier, audit verdict, version, and EmDash compatibility.
Per-badge markdown snippets
installs version trust-tier audit-verdict compat Version history
Rejected and revoked versions remain visible so the history is honest. Expand any row with findings to see why. See our review policy.
0.1.0 Published Passed 10.1 KB17 Apr 20262 downloads
Scanner findings (1)
Hosts referenced in code but not declared in manifest.allowedHosts
Found 3 host(s) referenced in code that aren't in manifest.allowedHosts: coleprice.com, github.com, your-site.example. EmDash sandboxes outbound network calls — undeclared hosts will fail at runtime, or worse, signal data exfiltration if this is intentional.