We are using a *nix/Perl program called Post Office Pro 4.0 for administrating subscriptions and mailings for our newsletters. It has its quirks, but mostly does what it is supposed to do. The program has never been misused by hackers trying to use our mail gateway to send out spam.
In order to stop people form signing up other subscribers than themselves, we have implemented an autoresponder that sends subscribers an confirmation request mail. Subscribers have to click on a special link in this mail to be added to the database.
During the last couple of weeks someone has started using this feature to send a large number of confirmation mails to various existing and non-existing AOL addresses, i.e. they fill in the form repeatedly with the same AOL address, and our program faithfully sends a confirmation request mail to these addresses. Needless to say, our mailbox is filled with AOL error messages, and we have got complaints from AOL members getting dozens of such confirmation request mails from us.
We are having difficulties seeing why someone would abuse our system in this way. It could be that we have enemies we do not know of, people who are trying to get our IP addess banned from AOL, but that's a wild guess.
We have checked our logs and do find the relevant mailings. Here's one example (we have altered the name of the newsletter):
22.214.171.124 - - [23/Oct/2002:12:39:53 -0600] "GET /firstname.lastname@example.org&group1=Name_of_newsletter HTTP/1.0" 200 11714 "-" "-"
The IP address changes every now and then: 126.96.36.199, 188.8.131.52 etc.
First of all: Are there anyone of you who have experienced anything similar?
Also: Is there a way to stop such abuse?
We are grateful for any comments.