Ow! If you don't know what you're doing, please don't put random CGI scripts up on a net-available server!

In particular, this combination of lines:

$firstname=param('firstname'); 
...
print MAIL "From: $from ($firstname)\n";
[download]

means that I can pass a newline-embedded string in the firstname parameter, and get a remote spam-sender or denial-of-service annoyer, courtesy of your script.

Please. CGI is not for casual users.

-- Randal L. Schwartz, Perl hacker