I have an online directory of alumni from a high school that runs PHP
with a MySql backend containing contact info, email addresses, etc.
Some of the alumni have begun to complain about receiving spam to their
accounts, some of the spam saying that they "know" them from this site.
I've also had alumni that have created email accounts to specifically
use just for this site, and they've started getting spam as well.
I "thought" I thought of everything, and after reviewing some of the
messages on this forum, my "email abstraction" seems fairly solid:
1. The MySQL database has a lengthy username and password, and will
only accept connections from this web server.
2. The site requires signup, and only alumni from the school may sign
up (list provided by school).
3. The user has to click an activation email to be able to login for
the first time.
3a. No two user's can have the same email address (enforced by PHP and
MySQL).
4. No user can view another user's email address, they can only view
their own.
5. I have a web based email client that only pulls the email address
(based on the sendee's memberid) right before hitting the mail()
function.
6. Users cannot type an email address into the web client, they click a
'send me an email' link on the sendee's profile page to open the
client, and the name of the sendee is in a non-editable field.
7. I do have an admin email function for sending mass mailing to
members. All email addresses are bcc'd (of course) and none of the
offending emails have originated from the site.
So...I've been harvested. Any suggestions / research sites where I can
figure out where I went wrong, and how my database was potentially
cracked.
Any help would be appreciated.