Vendors of communication systems on the hill must follow certain security procedures. One of them being if a message is sent to a Member of Congress's contact form has certain sql injection like content then redirect to a 404 page. I'm not sure if the vendors don't implement this correctly or it is Congress's fault but here are the types of words/characters my company has found to be a problem:
; -- select alter drop update declare view rule string create base
Not every form errors when these are entered. Some will not let a message through from a guy named "Walter" for example. Others seem to only check the message field so as long as you don't ask them to declare/select/drop/update/etc something or use proper punctuation (semi-colon, double dashes) you are fine.
For example plug the word "base", the latest locked down word we have found, into this form and click submit...
http://markey.house.gov/index.php?option=com_email_form
