Well, here are some of the challenges you'll face if you wish to limit how many times a particular individual is able to send you messages (in no particular order):

• You cannot rely on environment variables to check IP's or domains. In some cases many users will appear to be from the same IP or domain. In other cases, some users' info simply won't be available. In still other cases, the info that is available can be spoofed or otherwise wrong. So rule CGI environment variables out as a means of 'authentication'.
• You can't rely on cookies, unless you require that a cookie be present before a mail message can be sent. The cookie could contain a MD5 hash as identification that you keep track of for some period of time. This method would work, but would prevent access for folks who have cookies turned off.
• You could require a login, but that means maintaining user lists which adds complexity and might be inconvenient enough for people that they won't send a message in the first place.
• Even if you do prevent an individual from posting multiple times, you may still be leaving the door opened to a many-source DOS attack, where a large number of "bad" machines gang up on you at once.

Every practical and reliable means of preventing abuse has trade-offs manifesting as reduced convenience and/or reduced compatibility for the end users, while at the same time increasing complexity for your script.

At least, you probably ought to look into the CGI::Session module, which could facilitate adding session management to your script. You might also find it helpful to buy, borrow, or check out at the library a copy of "CGI Programing with Perl" (O'Reilly & Associates) 2nd edition. It dedicates a lot of discussion to subjects such as email, and session management. It's a good read, IMHO. Also, don't do mail by hand. Use a module such as Mime::Lite, for its simplicity, reliability, and robustness.