$receiver = $_POST['receiver']; $solve = $_POST['solve']; $captcha = $_POST['captcha']; if ( (is_numeric($solve)) && (is_numeric($captcha)) && ($receiver != "") ) { if (mail($receiver, 'Visit this site', 'Visit this cool site now')) echo "Sent!"; else die("Error sending"); } else { $im = imagecreate(60,40); $rn = rand(1,1000); $bg = imagecolorallocate($im, 255,255,255); $txt = imagecolorallocate($im, 0,0,0); imagestring($im, 5, 10,10,$rn,$txt); imagejpeg($im, "img/captcha.jpg"); imagedestroy($im); <form method=post action=echo $_SERVER[PHP_SELF]; <table> <tr><td>Send to:</td><td><input type="text" name="receiver"></td></tr> <tr><td><b>Security:</b><br /><img src="img/captcha.jpg" style="border:1px solid red;" /></td><td><input type="text" name="captcha" maxlength="20" /><br /><input type="hidden" name="solve" value="echo $rn;"></table></form>} PHP: this is a simple example, the captcha gets transmitted with the post so it's not *that safe*. you could temporarily store it in a db, or use sessions or something