Many many people use these kinds of autoresponders without realizing the risks involved.
Keep in mind that email forging is so easy that I could teach a 5 years old to do it. The only way you can safely automate the transaction process is using the payment system's confirmation tools.
For example, Paypal uses IPN (instant payment notification) that send an alert to a web site. Placing rules on that site to only accept communications from the paypal site directly and validating the transaction details brings your safety up by a few hundred percents.
If you find it too complicated to implement on your own, you can either purchase a script and pay a security specialist to install and make the access rules, or you can use a simple service that deals with everything so you can just put a link on your web site for the whole transaction to be automated.
An example of such a system is
Juzaz EasyPay. They offer free accounts, so there is no risk involved.
You just go to their web site, register an account, define the product, and the site generates html code to put on your site. Because of its simplicity, this works mostly everywhere online (blogs, forums, emails, myspace, web sites).