I have any idea that won't make it any more secure but may help. Most spammers are sending the same message over and over in rapid succession. One way would be to modify the script to log the ip and keep track of how many submissions you have received in a given period and if it's more than $x amount in a given time frame, add the IP to a dbm file or such and refuse or forward to an admin account emails from that IP. (I know IP ne 'user')

Another thing, is that spammers usually send the same message body over and over. Perhaps have a dbm file that uses a MD5 hash of each message for a key and check to see if it has been sent before. If over an allowable amount, forward to an admin account.

Far from perfect solutions but it may help or at least make it more difficult to use this hole efficiently.

-Lee

"To be civilized is to deny one's nature."