On my website I've got a basica "contact me" form - nothing unusual. It saves me having to display my email address on the page therefore preventing the bots from using and abusing it. Well, recently I've started to receive a large amount fo spam using my form!!! I've managed to read the originating IP and not the spoofed/proxy IP and have looked them up. Most are originating from the Czech Republic. How "wrong" or illegal would it be if I was to modify my script so that when it detected a specific IP it would send the email to their ISP's abuse email not once but 90 times each time I get spammed?