We use the Apache 'common' logging format on our server, and while it logs the size of the response from server to client, there doesn't appear to be a way to log the size of the request.
The history is that we are drowning in data on our web servers, both incoming and outgoing, but it is the incoming that concerns me most at this stage. It is almost half the size of the outgoing, but keep in ming that the traffic includes all traffic, not just HTTP traffic
to the servers eg we make a fair number of web service calls to remote machines that tend to 'reverse' the expected traffic.
There are a number of forms which traditionally (shall we say) were not the most secure and may have resulted in people being sent emails when they shouldn't have, and may have been used by third parties to send this data.
Spam relay may be a better description.
Now that CAPTCHAs are implemented we are reasonably sure that this has either been removed or vastly reduced, but we still get hammered but attempted spammers, and it would be nice to know how much of our incoming data is due to them.
As a side point, the CAPTCHA implementation logs the time and IP for null, empty and incorrect CAPTCHA attempts, but we don't yet have a log of
successful attempts, so we are unable to easily check for suspicious users that successfully send emails.
And yes, the initial form design allows the 'to' and 'from' address to be specified, but I am fixing this issue too.