By far the most common name for a form handler is formmail, spammers send out bots to crawl servers looking for this name, and once found they will attempt to hijack it.
How do they hijack it? if it is unprotected it is very very easy, they take one of theIR email engines and simply set their target to your form handler (exactly like you would with your contact form say).
Falling foul to this will usually get your hosting account suspended as the security of your account and the files on it are your responsibility.
How to protect your form handler
change the filename to something unsuspecting, ie. page3.php - not fool proof but helps escape the name crawling bots (you would need to change the target anme in your forms too Do not use forms that require you to put your email address on the page in a hidden text field use a form that you can set what email it can send to, this renders it useless to spammers as it can only send that one address. (this IS THE ONLY REAL WAY to secure it).Some form handlers allow you to set them to check the referring domain, this can be spoofed and is therefore useless.
What handler can you use that sets the address that it is to send to? lots, but here's one i've used for years:
http://www.lampscripts.net/
Open up formmail.php and you will see a set of message variables , the first one is the recipient, put your email address in there, and all set
CODE
var $config_vars_array = array("recipient" => "EMAIL ADDRESS HERE",
"from" => "",
"subject" => "Form Submission",