A good way to install this to use SSI to invoke your script. This will make the page appear to be normal HTML. Use the 'xbithack' directive for Apache and set the execute bit to cause your booby-trapped HTML page to be parsed. This will prevent spambots from identifying your program as a CGI script and avoiding it.

This way the spambot will see something like "myfriends.html" rather than "script.pl" or "script.shtml".

The complete solution will need these steps:
Make your my_friends_emails.html something like this:

<html>
<!--#exec cgi="/cgi-bin/script.pl" -->
</html>
[download]

In your Apache config file, set Includes to on
* Options +Includes
Set xbithack to on
* XBitHack on

Now on the command line
Set your page to execute status (the xbithack)
* chmod ug+x my_friends_emails.html

Reload Apache and wait. For more amusement, examine the server logs to see how many spambots you trapped.

Update: I forgot to add you have to load mod_include. For Debian users, it's in you /etc/apache/httpd.conf file. Uncomment the appropriate LoadModule line. Set up the Handlers in srm.conf. Also the Options +Includes line can be found in access.conf

____________________
Jeremy