$receiver = $_POST['receiver'];
$solve = $_POST['solve'];
$captcha = $_POST['captcha'];
if ( (is_numeric($solve)) && (is_numeric($captcha)) && ($receiver != "") ) {
if (mail($receiver, 'Visit this site', 'Visit this cool site now')) echo "Sent!";
else die("Error sending");
}
else {
$im = imagecreate(60,40);
$rn = rand(1,1000);
$bg = imagecolorallocate($im, 255,255,255);
$txt = imagecolorallocate($im, 0,0,0);
imagestring($im, 5, 10,10,$rn,$txt);
imagejpeg($im, "img/captcha.jpg");
imagedestroy($im);
<form method=post action=echo $_SERVER[PHP_SELF];
<table>
<tr><td>Send to:</td><td><input type="text" name="receiver"></td></tr>
<tr><td><b>Security:</b><br /><img src="img/captcha.jpg" style="border:1px solid red;" /></td><td><input type="text" name="captcha" maxlength="20" /><br /><input type="hidden" name="solve" value="echo $rn;"></table></form>}
this is a simple example, the captcha gets transmitted with the post so it's not *that safe*. you could temporarily store it in a db, or use sessions or something