I'm not sure what my forum emails have to do with anything. The spam email message I received did not come from my forum. It came directly from email@example.com to my outlook email.Brf wrote:I don't know what you mean by "directly from the software".
If you board is sending any type of Email, your board's address would be in the Reply-to.
The board I have set up is just an experimental board. A total of 3 people are registered and I have everything closed to the public, including registrations. Even bots are blocked. My board only sends emails if someone registers, or subscribes to a topic. So there is very little activity and no chance someone outside of those 3 people would have my email address.
So my question is, how did this spammer get my email address? He couldn't have signed up, nor could he have viewed any information as a guest. My email address in question is not registered on any other forum, including here.
Is it just a coincidence? Maybe, but it seems strange that I get this email only a couple of weeks after installing the forum.
Could my address have been harvested from whois information? No, because I use a different email address for my domain and VPN provider.
My conclusion is that there is some sort of exploit in the software that allowed this scammer to pull my email address from either some sort of phpbb config file or from the SQL database itself. There is just no other explanation I can come up with.
I hope that someone can come up with an explanation, other than my conclusion.