Best Practices
Do Update Notification Settings
This is Very Important
For each form published, ensure the form’s notification settings (under Settings > Notifications) are correct. Specifically, the “Send to Email,” “From Email” and “Reply To” email address fields must only contain active @boisestate.edu email addresses.
Do not use the default {admin_email} value in any of these fields.
If these fields do not contain @boisestate.edu addresses, your notification may bounce.
Do Not Enable ‘Require User to be Logged In’
Within your form’s settings will be an option to require users to be logged in to access the form. This feature conflicts with our layered authentication and VPN. If you have a need to restrict access to a form, please use Google Forms.
Do Not Enable ‘Enable Ajax’
When you add a form to a page, there will be a checkbox to ‘Enable Ajax.’ Do not use this feature, as it directly conflicts with the web standards styling that forms utilize in the Boise State environment and causes varying visual problems.
Do Not Enable 'Anti-Spam Honeypot'
Within your form’s settings will be an option to use an anti-spam honeypot. This feature should not be activated, as it occasionally conflicts with your form’s confirmation messages. Instead, please use the “CAPTCHA” field on each form, located under “Advanced Fields.”
NOTE: In general, these fields can be difficult for screen reader users. To assist, we recommend adding the following description: “Please check ‘I’m not a robot’ to verify CAPTCHA.”
Do Not Collect Sensitive Data
Do not collect SSN, passwords, transcripts, or financial data. For more information, visit the Information Security page.
Do Use Field Labels
Each field should include a field label, typically the first item on the general tab of each field. Without a field label on each field, a form is not considered web accessible.