Could you provide an example of one of the referrers? I'm not sure I understand what you're describing. When someone is reading their e-mail through a web-based interface (like AOL anywhere) and they follow a link in the e-mail to your site, you'll see a strange string of gobbledygook, but usually you can see that it's from mail.yahoo.com or something like that. Like the one below from hotmail {broken into lines to fit}:

[lw4fd.law4.hotmail.msn.com...]
curmbox=F000000001
&a=9ed2fb331e95868f33b4ab2bef391d36
&msg=MSG1006529105.59&start=689024&len=1456
&msgread=1&mfs=1145

Is that the sort of thing you mean?

No, the refferer is our site but with our e-mail address in the middle.
I'll sticky the exact url. It actually brings up the page too....

This could be caused by a missing "mailto:" in the href tag for an e-mail link.
If your DNS zone file refers your e-mail to your domain (i.e your e-mail address is "something@[yourdomain]) then the link may still work, but as a hyperlink to another page instead of an "invoke e-mail-client" link as intended.

HTH jim

jdMorgan>missing "mailto:" in the href tag
Since that one day the 'wierd refferer' hasn't re-occured.
It looked like this:
www.info@myclient.com/english/home.html
I sure didn't change anything before or after the 25/3 and as far as I can tell all the links are correct,
Guess it was just a hiccough by the counter people or perhaps the server?

I saw a similar thing in my log yesterday. My hosting deletes my 'latest visitors' after 1 day, (so, I no longer have it -> should have copied it!) but it looked something like this:

www.mycompanyname.com/cgi-bin/mail.pl

but it was several lines long. It looked different than when someone shows up on my website because they clicked on the link in my signature.

This sites (paid) stats often show refferals from deep pages. It was just this particular day they were all similar to the above (but from different pages).
I'm beginning to think it may be related to either a glitch at the server or my messing with a formmail thingy.

Your cgi-bin/formail is being used to send out spam mail under your address.
Rename your cgi-bin folder and redirect your forms to it.
This should halt the intruder (for now).
This has been rampant for the last 9 months or so.

>>You cgi-bin/formail is being used to send out spam mail.<<

I see these things in our error_log files all the time. I guess it's a random type of program that looks for software in /cgi-bin/ diretories. Since we don't have any software in that diretory, it generates an error. In a strange sort of way it's kind of like the old email harvesters, except now they are looking for ways to send SPAM.

Woooop... stereo neat :)
>Rename your cgi-bin folder
Thanx guys, I just changed the names of the formmail cgi and pl files. Will that do? I'm not actually using them as yet so I could delete them altogether¿
>looks for software in /cgi-bin/ diretories
Does this mean there is an element of danger in using a formmail script?

Anytime you use anything that could be considered standard or widely used you should beware. Someone has found a way to exploit it to their benefit, and many follow. Renaming the files should stop them for now.