E-Mail Address Changed without Notice

Hi,

Our web site administrator stopped receiving emails from the club, and it took us some time to realize what happened. As the backup administrator, I was able to login to the admin console, and noticed the administrator's eMail address had been changed. It was changed to something that looked like it was system generated. Something along the lines of "donotsend" or "noresponse" or some other address @adomain.com. I did not write it down, but simply changed it back to what it was supposed to be. We do not know how it was changed, but being an IT professional myself, I know these things do not change by themselves. The administrator did realize that back in December she received a message from the server that an unknown device tried to log in as the administrator. She did not do anything with the email, that is, she did not indicate the access was OK, or it was not to be trusted. She did not share that information with me until earlier today.

Two questions:
1. When this type of event occurs, does FTH change the admin's address to protect the account from being compromised, until one of the two options in the warning email are clicked?
2. Is there an audit log available that could show us when the email was changed, by whom, and the value it was changed to?

Thank you for any support you can provide. I am with club 3498, District 123, Div M Area 31.

The system keeps track of when emails sent to email addresses bounce.   When the bounce count is >= 4 bounces, the email address is removed in the system by the server code and replaced w/ a generated noemail- address to prevent additional bounces and prevent the server's email reputation from being adversely impacted.  A login message is generated to the website admin in this case.  (e.g. you should review the past admin messages to your admin)

Even if you put the email address back, if it is listed as "bounced out" in our bounce tracking db table, it may still not work.  We would need to check it and possibly reset the bounce count.

Thank you for the response. We have reset the email and they are flowing again, so we do not need to look at resetting the counter. The question then is why we’re the emails bouncing? Either the recipients server was sending the bounce messages in error, or the email address was changed to an undeliverable one. 

Can you answer the other part of my question? Is there an audit log available to see who changed what, and when?

thanks again

There is not a log in the sense of what you are thinking.  However, as I mentioned, there is a bounce log...  I will need the email address in question...

Thank you Steve. I sent you the email address in a PM.

If you find it in the bounce log, then we know the problem was in the email server sending the undeliverable notices. I was asking about an audit log, in the event it was a different address, we could try and figure out when it was changed. I suppose that the first entry in the bounce log would give us an idea of when it may have been changed, or at least the first time an email was sent after the change was made.

The email addresses were not found in the bounce log.  A bouncing email address is the only situation where I can think of the code changing an email address.  (I am the sole code maintainer.)  I specifically try to avoid having the code changing user data / settings any more than is absolutely necessary.