A client calls me one day with an interesting problem. She is receiving email at an incredible pace. She cannot send anything, and her computer is bogged down with the receive process showing thousands of messages in the queue.
After a few troubleshooting questions and quick look at her computer; I discovered that her email password was “password1”. Yep, she chose one of the absolute worst and most common passwords ever!
So, here’s what happened. Someone (a spammer) guessed her password and was sending out thousands of messages using her account. When a spammer does this, they use email lists gleaned, harvested, developed and guessed from a variety of sources. Much of the data is incorrect. When an email is sent to a non-existent address, the sending server, depending on its configuration, usually replies with a “person not here” or “no such recipient” message. The same thing happens when you make a typo in an email address; the receiving server usually sends you a OOPS message with a bunch of server gibberish. We’ve all seen it.
In this client’s case, she was receiving thousands of “no recipient” or bounced messages. A quick password change to something much more complicated stopped the sending immediately. However, there was a matter of over 10,000 messages that bounced and were still flooding her in box. We did some email voodoo and cleared out those messages and the client is back to normal now.