Davido offers sage advise above. The first thing that screamed at me was that you are handling cgi parameters without the safety net of use taint. Taint would tell you to turn off a bunch of environmental variables before you start opening file handles on pipes.

If you assume that "a user" = "a machine with a cookie", CGI::Session could be your ticket. Expire your sessions after $TIME, set the cookie as you send the email and don't permit another to be sent until cookie expires.

Of course this can be easily defeated by deleting the cookies on a machine and proceeding to abuse this mechanism.

-- Hugh