There is a mailback perl cgi script that has been in use for years, originally written by Erik C. Thauvin, which has some serious sercurity holes in it. One that is currently being exploited is that the contents of the subject pass to the script from the form are not sanitized before being passed to the SMTP server. Spammers are setting the subject to be their message, complete with bcc list of addresses and it is passed to the server and accepted. Phillip Moore My advice is to not use any type of generic mailback script -- all headers should come from hard-coded values in the script, not fields passed from the form. .cp
