First, you are allowing people to randomly send me anonymous messages without getting my prior permission. That IS SPAM, in spite of your insistence to the contrary. (Most spam claims not to be. {sigh})

Second, you aren't checking the contents of $form{email}, so I could inject something with newlines and control the entire header. Sure, your header and message would appear far later down in the tail of the body, but by then, the person is already reading my Penis Extension or Nigerian Request, and clicking here and there to buy my crap.

Third, sending email from CGI is the wrong way to go. If you have a mailing problem, the solution is almost certainly not CGI. CGI is meant for a reply through HTTP, not for a mailing action as a side-effect.

As I said, this post scares me. Please, you need design help and security help. Maybe even ethical help. Not just Perl help.

-- Randal L. Schwartz, Perl hacker

I respect your opinion on downvoting me. But I'd like to say, I am really new to perl so by saying everything I've been doing was wrong really isn't helping any. I realise there must be millions of things wrong with my scripts, but until I learn more about perl it's just going to have to be like that... :(

If you are actually Randal L. Shwartz, I am currently reading one of your books!

Your logic bomb is here:

my $redirect;
use CGI;
my $query=CGI->new;
print $query->redirect($redirect);
[download]

However, for your real problem, see Merlyn's comment.

Oh, and when it's working, let me have the real URL, so I can sign up many fake email addresses...

--
Tommy
Too stupid to live.
Too stubborn to die.