We get 50 of them a day here.

Some previous threads in this forum:
searching for formmail [webmasterworld.com]
A lot of requests for /cgi-bin/formmail.pl [webmasterworld.com]

Even more threads using the site search:
site search for /forum11/ formmail [searchengineworld.com]

Good time to make sure you are using the latest version of form mail (1.91?)

Not sure how many a day I get.
Too many to waste time counting. Especially since they all result in 404's.
My host has their forms configured to only allow delivery from within the domain :-)

wilderness, that method of protection is not secure.. it's easy to program faked referrer info into the HTTP header.

The only secure method is to hard code the email addresses the script is allowed to mail to.

volatilegx

Thanks for the heads up :-)

<snip>that method of protection is not secure>

I'm not disputing what you say.
I've read the documentation for the vulnerabilities.
Perhaps my host takes some other precations which I'm not aware of?

In either event I have visitors daily attempting all combinations of the script to use my mail servers to send mail and the end result is a 404 for their cgi request.
Which pleases me, to say the least.

If anybody wants a decently secure script, stickymail me... It's based on the excellent Web Email Lite script by Wallace Keith Gardner, with a couple of security fixes by yours truly.

<added>Oops just read the copyright info on the script and it doesn't allow redistribution. Oh well, I can still send you the URL Gardner's site where you can download the original, and I can give you my mods...</added>