We recently added fairly strict anti-SPAM measures to all our shared servers. This was necessary in order that we could properly manage out going e-mail, to be certain who's code was sending e-mail, and to avoid excessive bounces and/or loops. The changes also close up an exploit in use widely with formmail.cgi
The rules that any script or code sending out e-mail from a shared server are as follows:-
1) e-mail addresses in BOTH the To: and the From: headers must contain valid e-mail domains, ie. with valid DNS MX Records.
2) One of EITHER the To: OR the From: e-mail addresses must be using a domain name known to the shared server. This in most cases will be the domain name you use with your web site.
In some cases point 2) may be a problem if your domain e-mail is not handled by us but by a third party and we have no known domain on our server. In this case we can add a particular domain to be allowed, please ask.
Point 2) may also require that some scripts which need to send e-mail from an unknown user to an unknown user (something which effectively provides an Open mail relay and is fairly bad practise anyway, but is often used with e-postcard type scripts) to be altered so that the From: header contains your own domain related e-mail address but the Reply-To: header contains the address you wish replies to go to.
Please note that prior to us making these changes an unqualified address (ie, one with no @ sign or domain name) would have been automatically qualified with the full server name (@proton.positive-internet.com for example). These addresses will no longer work, all e-mail addresses in the From: and the To: header must be fully qualified (ie. have an @ sign and a domain)
We appreciate that this is by no means a perfect solution and could still potentially allow 3rd party abuse to continue, however it does reduce the likelyhood of abuse and also ensures that we can identify and correct any source of outgoing e-mail from PHP or CGI scripts. An alternative to this would have meant a complete audit of all PHP and CGI code on our servers and then enforced control and vetting of all scripts prior to their use in the future. We felt the methods we have chose provide the maximum flexibility and at the same time protect all shared users from the serious issue of total e-mail blacklisting affecting all outgoing and incoming e-mail.
If you would like us to examine any particular form or script to advise on where changes could be made or why you are now getting a particular error we will be happy to do so. Please provide us with the full URL and path to both the form and the code in question.