Peter Kiem wrote: > I believe you can set the form so it will only email recipients in the > allowed referrer domains so people cannot use if for spamming outside that > and eases your administration so you dont have to individually specify each > recipient (although you can do that too).
Using the referrers is not at all secure -- this reliance on the referrer is what allows use of formmail.pl for spamming. Remember that the referrer information comes from the browser (or whatever software someone is using to connect to your server) and it is quite simple for someone to write software that will just send whatever referrer will allow them to use your formmail for spam. The allowed recipients must be individually specified in the script itself in order for the script to be secure.
