Any form that embeds email addresses as hidden values should be shut down and deleted. You have a huge spammer hole there. With any form, you need back end logic to make it work safely. I'd dump this script and find or write a more secure alternative in the programming language the site supports.