I've developed this game and at the end you can 'Tell a friend' by entering his or her email and pressing a button. From here I simply opened the user's email program but now my client wants it to rather go through a PHP script which is less interfering. I am a bit worried that someone might abuse this by sending Spam through their server. Is this possible and if so is there a way to prevent it? What's the best alternative if you don't want to open the client's email program?

Cheers

P.

How about adding a time check???

For example, a person sends out an email, you save the IP address of that user to the database...
Let's say that he was trying to send out an email again within 10 seconds...
As soon as he clicks on the SEND button, you need to check the database to see if that specific IP address sent out an email within the given time limit, for example, 50 seconds...
If it exists, do not send out an email and display the warning message...
If it does not, do your normal process to send out an email...

This won't be that secure, but that's the simplest thing I can think of... :)