I'm adding a contact form to a site, and considering whether to include a "Send me a copy" checkbox. I think this would be a nice, user-friendly touch.

However, I'm concerned about the potential for abuse. A malicious person could use the form to send spam to someone@example.com. If I simply cc'd the address entered on the form, such spam would be From: someone@example.com, To: (my client's contact address), CC: someone@example.com, which could reflect badly on my client. Alternatively, I could send one email to my client and a separate email to someone@example.com. However, someone spammed in this way could still discover that the email was sent from my client's server.

Has anyone included a "Send me a copy" checkbox on a form and been bitten by this? Or am I maybe worrying unnecessarily? Are there any workarounds?