POST /contact.ashx #
Submit a contact form. The handler validates the inputs, verifies the captcha first, applies an IP-based rate limit, and drops an RFC 822 .eml file into the IIS SMTP pickup directory for delivery via the configured smart host.
Request
Form fields (application/x-www-form-urlencoded or multipart/form-data):
name— 1–120 charsemail— valid RFC 5321-shapesubject— 0–200 charsmessage— 1–6000 charscaptcha_token— signed token from/captcha.ashxcaptcha_answer— the integer the user typed in
Response
application/json: { "ok": true } on success.
Errors (verified 2026-06-05)
400 invalid_request— missing field, too long, invalid email shape.{"error":"invalid_request","error_description":"name + email + message required"}400 captcha_failed— token or answer don’t match.{"error":"captcha_failed","error_description":"…"}405— non-POST request.429— 5 messages per IP per hour.500— pickup directory misconfigured or unwritable.
Example (complete flow)
# 1) Fetch a fresh captcha
$ CAP=$(curl -s https://phone.codeb.io/captcha.ashx)
$ echo "$CAP"
{"question":"5 + 8","token":"MTMuMTc4MDMwMTY1Nw.ocgav3cb_..."}
# 2) Show the question to your user, capture the answer (here: 13)
$ TOK=$(echo "$CAP" | python3 -c "import sys,json; print(json.load(sys.stdin)['token'])")
# 3) Submit the contact message
$ curl -X POST https://phone.codeb.io/contact.ashx \
--data-urlencode "name=Alex Example" \
--data-urlencode "email=alex@example.com" \
--data-urlencode "subject=API test" \
--data-urlencode "message=Hello, this is a test." \
--data-urlencode "captcha_token=$TOK" \
--data-urlencode "captcha_answer=13"
{"ok":true}
Captcha is verified before the rate-limit counter increments, so a bot that doesn't solve the math can’t fill your rate window. The submitting IP comes from
X-Forwarded-For when present, else UserHostAddress.