security hole...

helo,
suppose I want to give someone service of "send this page to a friend" I give him a form that has two fields in it:

friend's email:
your name:

anybody who visit the page and want to send it (send the page URL I mean) just enter his friend's email and his name and click "send" and the URL (HTTP_REFFERER) is being sent to his friend.

what should I do in order to prevent from a different site to use my service? because now everybody can put a similar form with action to my web page and use my website as their own mail server...

I know I can check the HTTP_REFERRER and send the mail only if the URL is my friend's URL
but is there anything else I should do?

thanks in advanced

Yair