Here's how to securize a Contact Form so that no spammer can use it to send spams!

*Update: RealmacSoftware have now posted an update for the Contact Form plugin. Visit this page for details.
Why keep this page up then if RMS released a fixed version of their plugin ? Because less than a week after posting the updated version, another way to spam using the 'fixed' version of the Contact Form has already been found!
The fix offered here is sure to close any vulnerability, for the simple reason that absolutely no user-provided data is placed in the email header, thus removing any way the user could manipulate the form data to insert his own headers into sent emails.

Start with a Contact Form page...

Picture 1

Picture 2

Export your site...

Picture 3

... to get a PHP file generated by the Contact Form plugin

Picture 4

Open this PHP file and find the following code:

$mailed=mail($email_address, $form_elementX, $sent_message, $headers);

Picture 2

and change it to this:

$mailed=mail($email_address, "Message from website", $sent_message, $headers);

Next, find the two occurences of this PHP code:

$headers="From:$form_elementX\r\n"

Picture 2

Picture 3

and replace it by this code:

$headers="From:web@yourwebsite.com\r\n"

After those 3 modifications, here's what your code should look like:

Picture 4

Next, create a new page in RW, selecting the HTML Code type.

Picture 7

Change the page filename so that it ends with .php (and not .html) and change the Output to Default.

Picture 8

Finally, copy, from the modified PHP file, all the code contained in <div id="content>...</div>
This code should start with

Picture 9

and end with

Picture 10

Paste this code in your new HTML Code page, and you're done.

Publish and try your new Contact Form page, now much more secure!