Your overall question is a bit vague. I'm not sure whether you added the script you mentioned after the bandwidth problems or before. In either case it is unlikely that the snippet you've shown had anything to do with a bandwidth problem.

As for my thoughts:

$_SERVER['HTTP_REFERER'] is a completely unreliable variable. IT is set by the user agent and can be modified. The specs suggest (and I strongly concur) that the variable cannot be trusted. There are better solutions to prevent your forms from being used for email spam.

If you are properly validating your variables you can eliminate the fear of having your forms hijacked to send email.

Use regular expressions to check for acceptable input including the type and number of characters you will allow.

Watch for the insertion of newlines into your email variables. These can be used to add additional headers, cc: and bcc:. Use the nl2br() to eliminate newlines from being inserted into your email variables.

If your regular expressions are sound you can pretty much eliminate additional issues. And, of course, add a script that cuts down on the possiblity of a remote automated process. Some use CAPTCHA, I prefer using randomly generated questions with sessions variables.

If you've got additional details I would be happy to help.

__________________
I use Country IP Blocks as added security for my networks and servers.