Be very careful, whatever you do. If you're not extremely careful, the forces of darkness will corrupt your script and use it to send spam. I don't know off the top of my head any really good articles that talk about how to make a script like this secure... Does anyone else know of such a thing?

In my own experience, keeping the To: field secure is really important and also really hard. If you can hard code that value, that helps a lot. Also, make sure you quote any arguments to the mail command you use. If you don't and someone says the subject of their email is "foo; rm -r $HOME", you're going to have a bad day.

Really, I'd stay as far away from executing a command from a web script as you possibly can. I've used Net::SMTP, which is great but unwieldy... Previous poster's have recommended things that might help.

I'm paranoid, though, and I fear they're just wrappers around the command line... If they are, you need to stay cautious of what you send them. Do they quote the arguments to the commands they call? Are you sure?

--Pileofrogs