Check out Matts Script Archives [scriptarchive.com...]
he was the author of the program
HTH
DiAMOndDavE

Thanks Dave, but that's not what I'm looking for. I want to know what the format of the input is called - when normal characters are represented by a % sign w/ numbers after it. Once I know what the language is called, then I can look for a reference to translate those attempts to input something into a non-existent formmail.pl script on my web server.

the %xx isn't a language - it's just the hexadecimal encoding of a character

thus %5F = _ ; %40 = @ ; %2E = .

these encodings are often necessary in order for the server!not! to act upon these characters but just decode them instaed and pass them further on to the script itself.

You can look up those hex values in an ASCII table like this one [rt.com].

You need to be aware that the sender address (which you may be considering reporting) is invariably either a complete fake or a maliciously planted misdirect, and is almost certainly not the actual perpetrator of the attempted exploit anyway.

Hexadecimal encoding - that's the term I couldn't recall!

Correct, the sender address is fake, but the recipient address is usually active, since it is trying to harvest successful probes. I usually send an email out to the address from a free email acct to see if it is still active.

Thanks for the table reference - that's exactly what I was looking for.

Thanks to all for the great responses.