Hi,
im using the following to send a contact us type form, iv looked into security and only found that you need to protect the From: bit of the mail function, as ive hardcoded this does that mean the script is spamproof / un-hijackable
$tenantname = $_POST['tenan'];
$tenancyaddress = $_POST['tenancy'];
$alternativename = $_POST['alternativ'];
//and a few more
//then striptags on each variable
$to = "[email protected]";
$subject = "hardcoded subject here";
$message = "$tenantname etc rest of posted data";
$from = "[email protected]";
$headers = "From: $from";
mail($to,$subject,$message,$headers);