TYPO3 Core

The typo3 3.8.0 secureFormmail feature makes it impossible to set recipients fields through typoscript without disabling the feature (ie: setting $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail'] = false;), on class.tslib_content.php (lines 1911).

Also, it makes impossible to send mails through sendFormmail, at class.tslib_fe.php

The feature is introduced to avoid spamings.

How can someone spam through a _POST variable? The only way I can think is using the page from an external form.

Could this feature be modified, as to check REFERER as an alternative for $GLOBALS['TYPO3_CONF_VARS']['FE']['secureFormmail'], and enable forms made through typoscript to work as well?
(issue imported from #M1458)