One of our mail servers, smtp.forest.net, was tagged as a spam source yesterday when a spammer abused a latent mail form on a website inside our network. Here are the steps we've taken and will continue to take to resolve the issue as soon as possible:

* We've removed the web-to-mail form that was targeted.
* We've dumped the offending messages from the outgoing SMTP queues.
* We've re-routed outbound mail via another SMTP relay host for the time being.
* We're doing our best to get our server removed from the various blacklists.

This serves as a timely reminder to everyone that manages a website to have a look through all your code and make sure that all your forms are validated and protected. You can read more about that here. Even pages that have no active links to them are vulnerable! So clear out the deadwood folks, because with Google and other search robots, no HTML stone is left unturned these days. The form that was abused recently was a "dead link" that had not been active since 2002 or so, but was still there. Perhaps it is time for a little "spring cleaning" for webmasters.

Regards,
Chuck Goolsbee
VP, Tech Ops,
digital.forest