> - The most foolproof solution I can think of would be to continue > logging the successful entries to a database and _not_ send the email. > That way even if they get through, no emails get sent. The form would > log the feedback and send an email to the admin that a comment is > available for viewing. Is it time to abandon using mail() for all user > contributed data? I think you have hit it on the head. Don't use the mail() function at all in your web form. You already have in place almost everything you need to thwart these buggers. Just have cron kick off a script every so often (5,10,30 minutes?) that reads through the database for new comments, and mails them to the appropriate recipient(s). JM -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php