For that you need to be positive the mails aren't going to /dev/null on the remote server and they just count the mails received.
For all we know it could have been a research to figure out on how easy is it to introduce a change like that and how much time such a redirection can be gone unnoticed.
It is just a piece of code in a random library available to download and used by persons actually willing and deciding to use it. The code was free to read before and after downloading it. No intrusion has been done on a remote machine, not even a phishing email have been sent.
Most likely several? Opening someone else’s correspondence is a criminal offense alone, regardless of what’s done with it
For that you need to be positive the mails aren't going to /dev/null on the remote server and they just count the mails received.
For all we know it could have been a research to figure out on how easy is it to introduce a change like that and how much time such a redirection can be gone unnoticed.
It is just a piece of code in a random library available to download and used by persons actually willing and deciding to use it. The code was free to read before and after downloading it. No intrusion has been done on a remote machine, not even a phishing email have been sent.