form spam

One site I run, The Virtual Bookcase has webforms that look like they might send e-mail in the background (which is correct, but they just treat user input like probable evil stuff which is to be distrusted until fully verified). Some spammers try to find a way to send e-mail to other addresses using php mail() header and mime injection tricks (page has a good explanation of the problem, and how to fix it). One trick worked in the past, but I closed that, and now I just get all those injection attempts as filled-in forms (with some weird stuff, a multipart mime mail in one of the fields, with a bcc: to a valid address for the spammer) at webmaster@ including the IP it was tried from and the e-mail address that was supposed to be the drop box (which makes scanning the mail logs for succesful attempts easy, one run usually uses the same drop box). The mail body is usually 'random text' which is supposed to pass spam filters. Other input fields are filled with what looks like e-mail addresses (no idea why).

Anyway, an overview of IPs and dropboxes seen:
Searching for yields loads of pages with likewise attempts. But the dropbox still works I guess.

The domain names are all registered to the same organisation:

 PO BOX 508
 Newton, MA 02460

 Domain name: SEXMAGNET.COM

 Administrative Contact:
    Master, Host
    PO BOX 508
    Newton, MA 02460
By the looks of the main website, hotpop llc seems to offer free pop accounts. So they are not the spammer or the spammer organisation (although they do appear a bit 'shady' to me) but the spammer uses a free mailbox with them.

And a day later, I get another famous one:
Links: Form Post Hijacking with a clear explanation and solutions.
Koos van den Hout (