We have recently been under attack by an email hijackers who are apparently trying to use our contact forms to test for “open doorways ” to route their own spam emails.
Their attacks result in us receiving numerous emails with all form fields filled out with email addresses from the domain in which it was sent and a little further checking revealed that the messages also come with a BCC address of email@example.com.
A little research has revealed this to be a wide spread problem with a list of about 10 BBC addresses in use .. intrestingly the hijackers all have AOL email addresses so this is clearly something AOL could sort out.
We are currently installing a fix into the scripts which powers our form to stop this abuse. There should be severe penalties for these people! Spam is one thing, but hijacking form mail scripts and spoofing other people’s domains and email is downright wrong.