I have a CentOS virtual dedicated server.
I also have a home rolled email form that nulls out the RepyTo CC and BCC headers and aborts during POST processing if the "from" field has more than one address. POST processing aborts on a half a dozen other suspicious conditions too. Any subsequent email that is actually sent is hard-coded to go to me only.
Still, about a half a dozen times a month I get email similar to the following. Somehow I doubt this exploits my email form because, if and when my codes ever do get to the actual "mail" stage my codes pre-pend certain hidden text to the posted message, only one line of code before the send function call.
When I see email like this my pre-pended text is never part of the message. So if my form isn't to blame how are they doing this? Why are some parts gibberish and some parts well-formed? I have a hunch I'd still get this mail, every now and then, even if I erased my email form. But of course I could be wrong. Perhaps I will take the form away for a month or so, and simply print an image of my email address. If I still got mail like this then, I'd know for sure.
mailTo:
http://oltvtrfpzsok.com/
zjB9p0 <a href="http://xzrooovikdie.com/">xzrooovikdie</a>,
baovhcibaupu,
[link=http://rafqccefiizp.com/]rafqccefiizp[/link],
http://rwfjnuffwyuq.com/