The only way to find out where it is coming from would be to have the form on your site and track IPs as well, but if the form is submitting to another site your out of luck.

The best way to protect your forms is to obfuscate the form using Javascript, the point being is to hide your field names and the way the form is processed.

Beyond that you could use cookies to pass random text strings so that the form field with the random string must match the server side cookie string before the form data is processed. That prevents the form from being abused by another site.

As far as your email being abused, is it the same email address that is listed as the contact for your domain registration? I have one email address that has been abused so heavily by spammers that it is blacklisted on every spam email list, which is why all of my domain registrations are now private.

I will bring this situation, again, to list-sever's attention, although Im surprised he hasn't detected anything spammy. I logged into my acct and found each new reader has its own ip address as well as email address. What do you make of this? My list server tend to be very vigilante about strange goings on in at their back office.

I will look at the suggestions you gave and take heed.

thanks a heap.

ps.

it wasnt too much information..very helpful.

this recent thread from the Webmaster General Library has a few ideas about combating web form spam bots [webmasterworld.com].