My client has had problems with getting thousands of bounces from spoofers’ spam. I just noticed that his cgi-bin directory is full of hundreds of small files, each one of which is named an email address that he doesn’t own (like firstname.lastname@example.org).
I assume these two things are related? Is it safe to delete these files from the cgi-bin? Could someone explain why this happens?