Hello, I've been recently notified by my host that several phising emails were dispathed from the server I host the sites I design in. We tried to investigate this matter and the admin came up with the result that one of the sites' contact form is being abused. He said that propably false html tags were inserted into one of the fields in order to dispatch the emails.

I am now redesigning the forms of all the sites to be spam free but need to double check on this. Found few resources on the net.

So far I have coded a script in javascript which pops up an alert when a required field is not filled in. It also checks for a valid email address.

Plus I have an html encrypting application, should I use that too?

Finally I am thinking of adding image verification if it's not much of a hassle.
Your opinions.