All day long, Chinese spammers have taken advantage of an apparent flaw in Automattic’s (the makers of WordPress) Jetpack plugin. This morning, I noticed a slew of email bounces in my inbox, all with Chinese letters in them and a link to one of my blog posts. It turns out that the spammer has been clicking on the post’s “Share This” link and somehow entering their spam as the resulting email’s “From” address. Each email goes to a “qq.com” address, which is a Chinese mail provider.
The only way I could stop these emails was to turn off Sharing under Jetpack’s settings. Upgrading to the latest Jetpack (4.6) didn’t seem to help.