I'm sortof wondering what archive sites like the Wayback Machine are doing to prevent address harvesting, if anything. Seems like exactly the sort of thing that would be worth some effort prying open... Can't stress this point enough. Limiting length is good too, look to RFCs for figures. I'd also submit any message via a TCP connection rather than invoking anything from the script, e.g. `sendmail -bs`. I can give you a simple example using Perl if you need it. Hmm, do I have any links/guides for safe web form handling... ? --S.