How would SSL help you? That would only secure what people want to send your script.

If you don't allow the "To:" to be set by the visitor that's making it a bit easier :) Just don't send a copy to the address the visitor states to use in the "From:", as this could be misused too.

A few other ideas:

• You might want to use a "(un)check this option to prove you're not a script"-checkbox. This at least knocks out the poorly written scripts.
• Check all fields strictly. Think about the possibilities for an attacker if he finds out he can add newlines to the header section of the generated mails ;)
• If you use other people's scripts, check the code.

This is by all means definitely absolutely not complete.