Last night my entire address book received email from my jason@jasonn.com account touting a Chinese website where the email claims I bought a new Macbook Pro dirt cheap. It looked like someone accessed my mail server and spammed my contacts through it. But, the address book was my Gmail address book and my email server stores no such list.

It was not the server that was exploited, but my Gmail account.

1. Accessed my Gmail account.
2. Used the SMTP set up I had at Gmail to send mail through ns.silohost.com for jasonn.com based "From" email.
3. Spammed my entire address book using that account.

If this was human delivery, it was relatively sophisticated and time consuming. If it was automated, it was more sophisticated and should be cause for more concern. They submitted the email through the http on Gmail through my outbound jasonn.com email SMTP config in that account. The $64K dollar question is where did they access my password?

It could have been through brute force of the POP or IMAP account, since I allow POP and IMAP access to my Gmail account. It was more likely a desktop I used with key capture software installed, likely a trojan. It could have been a machine I don't own, since I have used Gmail to complete email based tasks on others' computers. That was a mistake, and one I know was a bad idea when I did it.

My mail logs for jasonn.com indicate they used the Gmail account (web mail) to send email through an authorized SMTP set up where I had Gmail set up to send mail through my other email accounts. I set this up so I could send mail from my other domains through the one web based email system if I were traveling or without my laptop.

They hit my entire address book, deleted the outbound copy from the sent folder and seemingly left everything else alone. I must assume they accessed and downloaded my entire email repository on Gmail, so I'm taking precautions to eliminate any potential risks. I must also assume this exploit could have come from one of my desktop computers, so I'm taking precautions to purge them of both known and unknown exploits. Unfortunately this means I'm reloading operating systems and programs from scratch and using scrubbed data only backups to restore files I know I created.