perlsec describes how taint mode works, and how to untaint a variable (BTW I don't see "-T" in the #! line, but the error sounds like a taint error). AFAICT, your insecure dependency comes from the $host variable in the system command, which originally was derived from the $email variable, which came from user input and was never untainted. You can't just match the variable against a regular expression...you have to capture something from the regular expression, and then set a variable to that captured value...again, read the docs.