This is a common mistake I see particularly with small businesses.
If you send an email and you put all the recipients in the TO: field you expose all the emails addresses to everyone on the list. Although you hopefully do not have any clients that would use this information maliciously it is also considered bad etiquette, and Netiquette (Internet etiquette)
The easy solution is to put an address in the TO: field that you own, and then BCC (Blind CC) the rest of the recipients therefore keeping the email addresses hidden from each other.
Several years ago I used Amazon software for a lot of sites. But after they changed their authentication there was a lack of documentation and I lost interest in trying to fix the old code. I kept going back to their site and forums to see if anyone had ever fixed their Simple Store example which was an excellent spring board into understanding the code. Unfortunately there was never a resolution, and the last comment on the product page was from July 2010 stating that it still does not work.
For some unknown reason this product came back into my vision over the past weekend and the pieces fell into place to resolve the problems.
So I have modified the original and fixed the problem with the mandatory signed request.
A working copy can be seen at CyberCoder Amazon Store
It can be downloaded from Amazon Simple Store in PHP with Mandatory Signed Requests , I do charge a $9.95 fee to download from my site. And yes, I know, everything should be free, but some of us have to make an income from our work.