Lol its my version of PHP...bodged but works! I'm still learning although I've managed to put together a CMS and blog and a booking and stock system...so I'm learning well!

Yea it is true, there are a lot of ways you can add security with PHP, very few on a mailto form, none without using javascript, so if the user has JS disabled there is no validation or security.

On my forms I have a security question at the end, similar to the captcha ones (the random array of letters and numbers you have to retype when filling in forms). My system generates 2 random numbers like one and seven and asks a question like what is randomnum1 plus randomnum2? and the user has to type the answer. The validation then checks whether the answer was correct or not.

Spambots are clever, but they're not as clever as humans and therefore can't read the worded numbers and answer in numeric digits...as far as I know!