I just wanted to add to what great advice you've already received with a few tips and pointers that jumped to mind:

First, as others have mentioned, use the CGI.pm module.

To do that, you'll start your program off like this:

#!/usr/bin/perl

use strict;        # This is almost always a good idea.
use warnings;      # ...as is this, particular when developing code.
use CGI;           # This causes the CGI.pm module to be used.
[download]

But just including CGI.pm is only part of the story. You should definately have a look at the POD (that's monkspeak for 'Plain Old Documentation') for CGI.pm. Follow the highlighted link, or, find it on your own system as well. If you have Perl, you have CGI.pm. And if you have CGI.pm, you have the POD for it too.

CGI.pm does a lot of the dirty work for you; the stuff nobody in his right mind would bother re-inventing himself when there is already a good implementation out there. (That's my opinion, by the way.) What CGI.pm is really good at is figuring out how to decipher the CGI parameters passed to your script via either GET or POST method. If you try to do it yourself, you (the collective "you"'s in the world, which includes me) usually get it wrong, or fall short of a robust implementation. CGI.pm is your friend for this sort of thing.

As for the mail script itself.... You might be tempted to allow the HTML document to tell the CGI script what email address the mail should be sent to. Even if the end user isn't supposed to be able to name the email address to which the message is being sent, you might be tempted to pass it as a hidden field from the form on the HTML page to the CGI script. That is usually not a good idea. The reason is one of security. Just because your HTML page doesn't give the user the ability to manipulate the destination email address doesn't mean that a malicious user (or a spammer) couldn't just write his own HTML page that does send whatever destination email address he wants to your CGI script.

For that reason, it's a very good idea to control the destination email address yourself, never accepting it as a CGI parameter. Hardwire it into the CGI script, or store it in a configuration file that your script reads. That will prevent spammers from trying to use your mail-to form as a spam relay.

The next issue is that of keeping tainted data away from the shell, away from the OS, and away from anywhere that it might do harm. Start by using the "-T" switch on the shebang line of your CGI script. That will help you to identify where some of your problems with tainted data may be found. Properly untainting data and handling it safely is another lecture. ;)

Others' have referred you to Ovid's online CGI tutorial. I want to also recommend a book published by O'Reilly and Associates called CGI Programming with Perl, 2nd Ed. If you're going to be doing more than just a little CGI tinkering, the book will come in handy. Either buy a copy or check it out at the library. It's commonly known as The Mouse Book.

That book has a chapter that deals with mail form scripts. It also has a lot of good discussion on security concerns. It is a common error to think, "This is just for my personal use. Security isn't that important." But unless you operate in a vacuum, security should always be a concern. That small personal-use script could easily bring a server to its knees if a security hole is exploited. Unless you're the only one using that server, a mistake can cause trouble for lots of people. (Not to scare you or anything...)

Good luck on your dive into the Perl world. Welcome to the monastery. We're always happy to have a new face around here.