My own code also sucks. This particular story started when I subscribed to the Technical Committee on Parallel Processing announcement list. A couple of my colleagues, including my boss, asked me to forward the announcements, calls for papers, and other stuff from that list to them. Why couldn't they just subscribe to the list themselves? Ask them.

Anyway, of course I was not going to forward anything by hand. So I created a procmail stanza in my ~/.procmairc that looked like this (email addresses are fictitious, of course):

# Forward all messages from tcpp-announce list to colleagues,
# Bcc to myself at work, and keep a copy
:0 c
* ^From:.*tcpp-announce@
| formail -I "Reply-To: me@work.com" \
	-I "To: colleagues@work.com" \
	-I "Bcc: me@work.com" | $SENDMAIL -oi -t

What's wrong with this picture? Imagine someone posting to tcpp-announcesomeone@somewhere.com and Cc-ing , or, better yet, another huge mailing list. The procmail rule above will invoke formail, which will happily overwrite The "To:", "Bcc:", and "Reply-To:" fields, and leave the "Cc:" field intact, so you will spam whoever was originally Cc-ed and his sister. 

The lesson here is, of course, that the usual rule of software engineering apply even when you use a weird language. The core of the problem here is unvalidated input and the associated insufficient testing.

Fortunately, I was Bcc-ing myself, and I actually happened to look at a forwarded message that arrived in my mailbox at work. The message was sent by a guy from Italy who was organizing a conference, and he Cc-ed himself (thankfully, just himself and not the whole of IEEE or something of the kind). I fixed the rule and sent him an apology. He was very gracious about it.