For our website we send a monthly update to our members. There is a (php) cronjob running every month to make this happen. Yesterday something strange happened; We received a lot of failure notices of the mail we did send. The failure notices say that our email could not be send to strange emailadresses which are not on our mailing list. So apparently our mail is sent to random (spam?) email addresses which should not receive the email.

EXAMPLE:

(I edited the email adresses and domain names):

The mail we did send:

To: sarah@domain.com
From: update@ourwebsite.com
Subject: Your monthly statistics


Hello Sarah,

Here are your monthly statistics.

(…)

Kind regards,
Our Website

The failure notice we got back:

Hi. This is the qmail-send program at vz79.shared.ourhost.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent error; I've given up. Sorry it didn't work out.

<jconvis76@gmail.com>:
173.194.65.27 does not like recipient.
Remote host said: 552-5.2.2 The email account that you tried to reach is over quota. Please direct
552-5.2.2 the recipient to
552 5.2.2 http://support.google.com/mail/bin/answer.py?answer=6558 fk8si4106867wib.66 - gsmtp
Giving up on 173.194.65.27.

<jconvery47@hotmail.com>:
65.55.92.136 does not like recipient.
Remote host said: 550 Requested action not taken: mailbox unavailable
Giving up on 65.55.92.136.

<jconverse444@yahoo.com>:
98.138.112.34 failed after I sent the message.
Remote host said: 554 delivery error: dd Sorry your message to jconverse555@yahoo.com cannot be delivered. This account has been disabled or discontinued [#102]. - mta1216.mail.ne1.yahoo.com

--- Below this line is a copy of the message.

Return-Path: <update@ourwebsite.com>
Received: (qmail 16588 invoked by uid 10063); 1 Jan 2015 20:05:02 +0100
To: sarah@domain.com
Subject: Your monthly statistics
X-PHP-Originating-Script: 10063:class.phpmailer.php
Date: Thu, 1 Jan 2015 20:05:02 +0100
From: "OurWebsite.com" <update@ourwebsite.com>
Reply-to: “OurWebsite.com” <update@ourwebsite.com>
Message-ID: <610140b6148cb9e33f12725c62f468a0@localhost.localdomain>
X-Priority: 3
X-Mailer: PHPMailer (phpmailer.codeworxtech.com) [version 2.2]
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/html; charset="iso-8859-1"


<html>
<body>

Hello Sarah,

Here are your monthly statistics.

(…)

Kind regards,
Our Website

</body>
</html>

Where are jconvis76@gmail.com, jconvery47@hotmail.com and jconverse444@yahoo.com coming from? We did not add them in a BCC. This are email addresses we don't know. They are not in our system or database, but apparently there's something what is sending the email to this weird email addresses. Every failure notice we got back has different random email recipients in it.

We send email using PHPMailer [version 2.2]

// PHPMAILER
$mail = new PHPMailer();

$mail->From = "update@ourwebsite.com";

$mail->FromName = "OurWebsite.com";
$mail->AddAddress($to);
$mail->AddBCC("backup@ourwebsite.com);
$mail->AddReplyTo("update@ourwebsite.com", "OurWebsite.com");

$mail->IsHTML(true);

$mail->Subject = "Your monthly statistics";
$mail->Body    = $message;

$mail->Send()

Has anyone experienced anything like this before? How can I find out what is causing this?

**Edit: ** The email addresses are loaded from a mysql database and sent with a 'foreach loop'. We didn't find anything suspicious there. Every email we have sent, has also been sent to a backup emailaddress (backup@ourwebsite.com) using BCC. In this email account we only find the right emails but we can't see if there were BCC's added. We couldn't acces our server logs because they exceeded their file size limit.