It's the first of these that is causing us some problems recently. The nms project seems to be becomimg pretty well-known around the web. A lot of ISPs have seen Matt's formmail being used as a spam relay and have changed to our version.
But in many cases the version of Matt's script that they were using was 1.6. This version is infamous for having absolutely no protection against being used as a spam relay. You just set the script up on your server and anyone could use it. So that's what a lot of ISPs seem to have done. They've set up the script on one central server and tell all of their clients to configure their HTML form to use that script.
Now they've installed the nms version of formmail. They haven't read much of the documentation (because, hey, it's a drop-in replacement!) so they don't know that you now have to give it a list of domains that are allowed to use the script. This means that none of their clients' domains are permitted to access the script and anyone who tries to use a form on a client's site gets an error message. And the default error message has a link to nms in it - so the client's client thinks it's all our fault so we get another email to the support mailing list.
There should be some sort of intelligence test for running an ISP.