One word of caution if you do decide to take the php route.
An increasing source of spam nowadays is comming from mail forms that are being exploited.
Similar to the crawlers I mentioned above that scan for email addresses in html code, there are now also crawlers actively searching for websites that contain forms. When a form is found the crawler will fill in all fields with an email address and submit the form.
A spammer will monitor the mailbox of that email address. If an email arrives then the spammer will come to your form and will manually try to find out if it can be exploited.
Especially mail forms that include an option like "Email a copy of this message to myself" as a confirmation email are at risk.
I have setup a honeypot on my server specifically for attrackting attacks like this so I can find out what methods the spammers use to exploit the mail form. And I must say there are some pretty smart spammers out there!
The way to counter the attack is to check the input of the user for anything that shouldn't be there, filter out any special characters that may be entered in fields and especially watch out for the "@" character in fields where you would normally not expect them (and 'escape' any special characters in the output). Do not allow multiple email addresses to be entered in a field.
It is also a good idea to make this a 2-stage process where the first part accepts input from the user (the form) and sends this input to the second stage which does the actual checking of the input and sends the email if everything is ok. Do not use the command-line to send user input to the second script, instead use internal variables to make it harder for the spammer to pass illegal input. Also have the second script check the source of the request and only let it accept the request if it is comming from your own website (and not from some other source that duplicated the code of your first script on their own site).
Good luck with your form!
