It could've been email spoofing[1], where the attacker sends an email with a worm and makes it look like it was sent from a friend. Once the email is opened by the recipient, the worm sends a similar email to the recipient's contacts, which continues to spread the spam.
It's also possible that the spam email came from a computer infected with malware, making the target of this "attack" an innocent bystander.
Whether this was the case, in this instance, is insignificant, it's just one of those things that the author didn't think of, it shows the author did not think very deeply about the situation, and simply wanted to flex his technical jock.
This reminds me of way back in 2004 when someone at AOL sold off a bunch of emails/users. I had an impossible to guess username/email (looked something like cdyskdjfslkjdf112) and I suddenly started getting spam/phishing emails one day and had no idea how that could happen.
I don't know what happened in this case, but it's entirely possible that someone who wanted to bring them down organized some bot traffic to them.
It happens for much smaller mailing lists with far fewer enemies where attackers just sign up with trash email addresses in order to increase the chance of your mailing list to be flagged as a spammer account.
I remember seeing the news, years ago, that a guy was trying to discover were spammers were getting his email. So he created a bunch of emails for different things.
Guess which email started receiving spam very quickly? Yeah, the one he used for taxes
People had claimed their own email address had been used to post a message. The messages themselves were repetitive and clearly had generated names. Someone ran the entire thing through and reduced the bulk messages down to a handful. I believe there were some attempts to add filler words, but for the most part someone just put together spam bots.
Sounds like the fake emails were from "subscription bombs". Bad actors will bulk sign up targets to flood their inboxes and hide worrying notifications like security alerts.
The whole thing smells like fiction, and this is the very first post from a days-old Stack Exchange account.
> It could’ve been a colleague because I know there is a backdoor way to send emails using someone else’s account via some sort of a SQL database thing. We used to do it as jokes but it was never used for something like this
[1] http://en.wikipedia.org/wiki/E-mail_spoofing
reply