For you hosting companies out there we are starting to do more web
hosting. Our problem of late is one of the contact email forms was
compromised because they had no safeguards built in to prevent it from
being hijacked by spammers.
This was solved at first by shutting down relay from the
we're using the smtp service in IIS to send mail from
webservers. It only accepts connections from localhost. You have to
make sure people don't write forms that allow the enduser to enter a To
address and you should be good. The ever popular email this link to a
friend are the bad ones.