Hi,
In our case, it was not that my mailbox was the target (although "mailing me" was part of the spam-proces) but that someone used OUR website to DO the spamming - making AudioGames.net the spammers . What happened was this:
Someone used a bot to fill in the contact-form in our website. This is basically a spam-protected .php contact form (using many tricks like renaming the input, checking words and wordlength, etc) - or so we thought.
As you know, every email consists of a "to"-address, a "cc"-address and a "bcc"-address. We didn't the protect the "bcc"-address well enough since our form didn't use one (we didn't have a field in the form for that). So someone managed to fill in the form with a bot that ALSO filled in the "bcc"-address (by just targeting the code of the form). In the "bcc"-address the person managed to put hundreds of email addresses. So when the contact-form was submitted by the bot, I recieved an email with lots of characters and nonsense (or so I thought) while hundreds of people received a spam-email... from the audiogames.net server!
I first received 3 of these emails at the same time, then I received 10, then I received about 80. So if you do your math: for every email I received hundreds of spam-emails were sent. I received about 100 in a few hours time, which means thousands of people have received these spam-emails. At this point I was already emailing Sander to help me, because it was clear these emails were coming from the contact-form which Sander built. Although at this point we were still a bit unaware of the hundreds of emails that were sent using our server - we though it was only me who was being spammed. Sander quickly changed the form to stop the spamming, which worked immediately. And so we thought it was just a lame spammer and we were enjoying the statistics and positive feedback of Sudo-San, when on monday the website was disconnected by MijnDomein.nl, who had received notifications that spam had been sent from their (=our) server. The rest you know...
So whenever you use a contact-form or any email-form whatsoever, please make sure you also protect the cc & bcc fields, since these can be used by others to sent spam via you.
Greets,
Richard