This is strange for some reason we keep getting bogus submission on the contact us form on the website. Using a email address of our website and it keeps happening about two or three a day.

Does anyone know why?

....are there any strange/unusual characters being used? Sounds like someone is "testing" your forms, possibly looking for weaknesses to exploit.

One of my clients noticed something similar happening with his contact form - I would recommend temporarily saving a copy of all contact form submissions in a .txt file on your server, along with a copy of the IP address of the user submitting the form so you can check to see whether this is a hacker attempting to execute code or a spammer attempting to manipulate the headers on the outgoing mail (a common vulnerability if your contact page uses the mail() function) - sounds like there's definite cause to ban 'em.

do you mean someone is emailing other people from your website using your sites email addresses (so it seems as though you are writing it) or do you mean you're getting emails sent through to yourself?

If the latter, simply stop people from sending in emails from the Contact form, using your email address - that should stop them using your email addresses. There isn't much you can do about it, other than blocking their IP and Host Mask.

A client of mine was also getting this behavior just this past weekend. I augmented the code to reject any attempt to use the client's domain in the form verification code.