Do you have any idea what happens if you try to send out 375,000 email from a single source?
You get classified as a "Spammer", start showing up on Spam websites, and many ISPs start blocking emails from your IP.
We already have some situations where some ISPs block our emails, as I see it often when people send us emails when they sign up and never receive the confirmation email that we send that contains the link they must click to activate their account.
Actually yes, I have a pretty good idea considering I regularly setup and configure web servers and there are certainly proper ways of going about sending out these emails. If Sony, LinkedIn, Yahoo, Apple etc, can do it, so can you. Ensuring SPF and DKIM is properly configured and knowing your server's SMTP limits for starters. Abiding by legislation also helps to prevent being marked as a spammer (by including un-subscribe links). It would also be ill-advised to send emails to all 374,509 members of this forum. I'm willing to bet at least half of that total member count are dead accounts to begin with. You could have started with the users who've actually logged in within 3 months prior to the security breach.
Upon doing a bit of research, MrExcel.com appears to be hosted by a company called Pair Networks. As per their terms of usage, MrExcel.com cannot:
Send out mail to more than 25 addresses in one batch, whether sequentially or in parallel. Such batches must "sleep" for at least three seconds between each delivery attempt. Please consider using our pairList service for such mailings.
It identifies that should you wish to send out mass emails, do so in batches of 25 with at least three seconds between each delivery attempt. Furthermore, it seems Pair Networks even provides you a tool they call "pairList" for this very purpose.
Look, I'm not trying to incite any arguments, I'm just calling out the facts. There appears to be a lack of concern for security around here (I mean heck, you just got hacked and yet your STILL using the same very out-dated forum software--where's the logic in that?). At the absolute very least, I suggested removing the version number so as not to publicize to the entire world that your using out-dated and bug-riddled software, yet that suggestion was entirely ignored.
Have you guys even actually identified the source of the hack yet? Has anyone even sat down and gone through the Apache logs?
MrExcel.com has grown into a powerful community of 374,510 people. This puts a target on your back for hackers and data thieves. Whether you like it or not, you have an obligation to perform your due diligence to ensure the privacy and security of the members of this community.
I know how to protect myself in an online world, its the other 374,509 people that I worry about. I just don't understand how you can be so non-chalant about the fact that you have a huge number of people who could unknowningly have someone digging about their email inbox as we speak; who knows what else. Hell, the very fact that someone is out there making money of a list of your users. This is okay with you?
You'll have to excuse me because I've grown rather attached to MrExcel.com and it's a little upsetting to hear this happening and to be met with defensive sarcasm and vague information from the leaders of this community.
