This code is still insecure. It allows the abuse of your server to send arbitrary mail to arbitrary addresses (minus a little boilerplate). The original suspect will not be traceable, but your server will get the brunt (rightfully so) of being an accessory to the crime.

Please do not deploy this code. Please.

-- Randal L. Schwartz, Perl hacker