nms-formmail (perl) is said to be unhacked (so far! :) ) and it's installed/preferred by several leading hosting companies that I'm familiar with.

afaik, NMS formmail is one of the better ones: [nms-cgi.sourceforge.net...]

quote from the site:

nms was started when a group of Perl programmers got tired of telling people not to use Matt's programs and getting the reply "But what shall I use instead?"

...seems Dave beat me to it ;)

Thanks to both of you! I will surf there posthaste and check this out. I usually hit sourceforge, wonder what happened this time? Blond AND senior, apparently!

Oh, and whatever you do, don't ever use a script with the name "formmail.pl" - rename it to feedback.cgi or somethingelse.cgi - a tiny bit of security by obscurity which can help you avoid problems. There are bots which actively seek out /cgi-bin/formmail.* and try spamming through them, and if you call it something else no-one knows that it's a generic script rather than a custom job.

If you're feeling more advanced, get a spider-trap script and name that formmail.pl and place it in the cgi-bin - then any automated queries for that script will ban the IP address automatically rather than giving out a 404.

Oh, and I'd add my vote for NMS Formmail too - it's an excellent drop-in script.

Thanks, encyclo. I will definitely try that. Sounds like fun, the spider-trap thing, though I'm not the owner of this site (it's a non-prof) and she might not want to do that sort of stuff. I'll check with her, and we'll see....