Home rolled email forms a fine for experienced programmers. I use one I wrote and I have not been hacked yet. But it's a tricky and error-prone task for beginner to intermediate programmers.
There are well-written classes out there you can just use. I assume so anyway. I use my own.
There are a lot of things to look out for. Among other things your codes would have to look for combinations of newlines and carriage returns in the To: address. Newlines can be used to push a looooooooooooooooooong list of email addresses down into the CC: or BCC: part of an email header. In other words poorly written email forms can be exploited by spammers.
And they will try. My weblogs show constant non-stop attempts to use my form. Log file analysis shows they usually give up after a few dozen failed attempts. And then, perhaps a few days later someone else, from another spoofed IP address tries again.
I used to redirect hacker so nsa.gov but I eventually decided that was useless, and an invitation for revenge. Failed attempts just return null now.