Spam

To: All@ludo.dreamhost.com

From and To headers are easily forged; in most cases, the message is sent to a user at your domain, with a fake header like:

To: All

Our system doesn't like this (because All is obviously not a valid email address), and appends its own hostname. There isn't currently a good way to prevent our system from doing this, or to make it rewrite addresses with a more obviously fake domain. Future versions of Postfix (the MTA we use) will most likely have a feature to make it more obvious.

You will also see stuff like:

To: Internet@jareth.dreamhost.com Users@jareth.dreamhost.com

This comes from an address like:

To: Internet Users.

A practical example, along with some more gory details; this shows an actual SMTP session (and resulting message) demonstrating this concept.

 ladd% telnet jareth 25 Trying 66.33.198.201... Connected to jareth.dreamhost.com. Escape character is '^]'. 220 jareth.dreamhost.com ESMTP EHLO ladd 250-jareth.dreamhost.com 250-PIPELINING 250-SIZE 40960000 250-VRFY 250-ETRN 250-AUTH LOGIN PLAIN 250-AUTH=LOGIN PLAIN 250-XVERP 250 8BITMIME MAIL From:<fakeaddress@somewhere.invalid> 250 Ok RCPT To:<william@soulrebels.com> 250 Ok DATA 354 End data with <CR><LF>.<CR><LF> From: fake@msn To: Local users Subject: This is a test test . 250 Ok: queued as B288E6B5F8 QUIT 221 Bye Connection closed by foreign host. 

Now the actual email; my comments are interspersed.

The Return-Path shows the envelope-sender, specified in MAIL From:

 Return-Path: <fakeaddress@somewhere.invalid> 

Delivered-To: wby@jareth.dreamhost.com 

Received: from ladd (mailman.hq.newdream.net [66.33.200.78]) by jareth.dreamhost.com (Postfix) with ESMTP id B288E6B5F8 

 for <william@soulrebels.com>; Sun, 15 Sep 2002 15:30:50 -0700 (PDT) 

 From: fake@msn.dreamhost.com 

To: Local@jareth.dreamhost.com, users@jareth.dreamhost.com Subject: This is a test Message-Id: <20020915223050.B288E6B5F8@jareth.dreamhost.com> Date: Sun, 15 Sep 2002 15:30:50 -0700 (PDT) 

What is spam?

Spam is unsolicited email or newsgroup postings usually advertising some product or service. DreamHost has a strict anti-spam policy and anyone reported to have spammed will be immediately removed from our server without a refund. Please don't spam! It's not an effective way to advertise...people will hate you!

Can I spam?

Not if you want DreamHost or any other reputable web hosting company to do business with you!

How do I stop getting all this spam?

I'm always getting these messages in my mailbox for commercial services which I didn't request information for. I understand that this is known as 'spam', and is the scourge of the Internet. What is your position on spam, and how do I stop getting it?

Our Position

Dreamhost has a very strict policy against spamming from our servers, and take a very dim view of those who use such practices to further their business goals. In short, as much as we'd love to Get Rich Quick (!!), we don't feel that blanketing Internet users with unsolicited commercial email is a valid business practice. If we catch someone using our servers for dispersing such material, our usual policy is to disable that user.

Unfortunately, stopping spam from outside of Dreamhost isn't always quite as simple. There are currently actions being taken across the Internet and beyond to stop spam (for example, various pieces of legislation aim to make it illegal in some localities), but until then, we've been forced to rely on technology most of the time.

#top

Why Spam Is Bad

Spam is bad for a variety of reasons. Obviously, it wastes time for each and every person who receives junk email (since many distributions run in the thousands, this adds up!). Those who pay a connection charge for the amount of time they spend online will never find a spammer who will help split the bill.

For network providers or those who run email services (such as us), spam constitutes a very real performance hit on our servers. If you ever notice that your email is downloading slower than usual, spam may play a part in that. We also pay for our own bandwidth, which means that we usually end up paying for any unsolicited commercial email that comes through. Multiply that times a few thousand users, and once again the problem is very much real.

For the spammer, there are problems as well. This form of 'advertising' often alienates recipients rather than convincing them of the value for a product. Many readers will delete anything that looks like spam without even reading it. The theory seems to be that bulk email is so cheap that even if a quarter of one percent of its readers buy, they make a profit. This may be true, but in the long run your company's reputation is at stake. If you are perceived to be a bottom-feeder on the Internet, your business will suffer.

Of course, this isn't even mentioning the sometimes drastic backlash those who dislike spam will take against perpetrators. Some spammers wake up to find their servers go down due to voluminous amounts of hate mail from frustrated people.

#top

What Not To Do

Under no circumstances should you reply to any addresses that appear to allow you to be removed from a spammer's list. Doing so usually means you incur more spam, as the spammer will sell your address to other spammers. The fact that you reply means that your address is valid, and worth more in the underground market for email addresses. This is one deceitful approach spammers will use to filter out 'good' addresses from the bad.

Also, be very careful that you don't target the wrong person if you choose to strike back against a spammer. Some have been known to put the email addresses of innocent parties in the 'Reply To' portion of email versus their own. Others use other peoples' servers to run their operations - often, an administrator doesn't know what is happening until he/she is contacted by an unhappy user. Be polite but firm in your request that the spammer be booted. You will quite often get good results.

#top

Spamcop!

One very useful tool is Spamcop, a web site run by an anti-spam activist which makes the process of finding and reporting unsolicited commercial email much easier than before. Many times, the headers in such messages are forged by using fake or 'throwaway' email accounts. However, Spamcop usually finds a way past these tricks and helps you report the sender to the proper individuals at his/her service provider. Although you may find some administrators to be unresponsive, most respectable providers will take your complaint seriously and close down the spammer's account.

Although it won't help with all cases, Spamcop has proven to be effective more often than not.

http://spamcop.net/

#top

Mail Filters

see KB / Email / Spam / NEW! Junk Mail Filter

#top

More Information On Spam

There are numerous sites which go into great detail about the spam problem, and may provide information that you can use to make yourself better prepared to fight your spam problem. Here are a few to get you started:

Committee Against Unsolicited Commercial Email http://www.cauce.org/

Stop Spam FAQ http://www.mall-net.com/spamfaq.html

Boycott Internet Spam http://spam.abuse.net/

Is my bulk email Spam?

I use bulk email in providing updates to my site's visitors. I'm a bit worried about your anti-spam policy. Would it affect me?

Our Spam Definition

Spam is any form of unsolicited bulk communication used to promote a web site, a product, or an idea. Generally, the recipient does not welcome the spam, nor did they intentionally sign up to receive it. The most common method of distribution for spam is electronic mail, although newsgroup postings, web-based bulletin boards, and various forms of online messaging may also be conduits through which spam is sent and received.

Unlike opt-in mailing/distribution lists, spam does not give an opportunity for the recipient to express his or her disinterest before having already been spammed. Given the size of the Internet, it should be assumed that the vast majority of its users have no interest in the contents of your mailing, and should not be included without prior permission. So-called 'targetted' lists are still considered unsolicited (as each individual is still without choice in the matter prior to receipt of a message), and are covered within our anti-spam policy as well.

The Consequences

Spam is grounds for account cancellation at Dreamhost, without prior warning or refund (even on the first offense). This applies to cases where the account in question is obviously being used for the distribution of unsolicited bulk messaging. Even spamming from another service in order to promote a site hosted with Dreamhost is against our anti-spam policy, and will be dealt with accordingly.

In cases where the sender's intent is unclear, or we are initially unable to determine if a spam complaint is with merit, we will not deactivate the site in question until such time as we are able to verify the complaint.

Determining If A Complaint Is Valid

We reserve the right to determine whether or not a spam complaint is valid. The following guidelines assist us in this goal, and may prove useful in ensuring that your own actions are protected under our terms of service.

If a message is using forged headers, it is automatically considered spam and the originating account will be permanently deactivated. There is no reason to forge headers in sending legitimate correspondence.

If a very large number of complaints are logged from numerous individuals, this is strong evidence that the message fits the spam profile. Legitimate mailings usually do not provoke that sort of reaction from their recipients.

If your bulk mailing advertises tools for sending spam or email addresses used in the practice of spamming, it would seem that you may be using your own products to perform such actions.

If your mailing uses a deceptive subject or tone (ie. 'Hello friend!' in the title) with an apparent intent to deceive people into reading it, it is quite possibly spam.

If you have a history of spamming or other account violations, that would obviously count against you.

How To Prevent Cancellation

The short answer to this is simple: don't spam. No policy can completely prevent spam, but ours at least prevents it from occuring more than once. If you spam, you will lose your account.

The long answer is also pretty clear: make an effort to distinguish yourself from the spamming population. First, if you offer a mailing list to your customers, the only people who should be on that list are those who explicitly request (via a web based form, email, etc) to be added to the list. You should also provide instructions for unsubscribing with every mailing, and honor all requests to be taken off of your list.

If you wish to post a message to a newsgroup of a promotional nature, you should ensure that the group's charter allows for such postings (some do, most don't). It is your responsibility to check with the charter of any newsgroup you post to in order to determine what is acceptable.

If you are careful to ensure that everyone on your distribution list chose to be there, and provide means for those who do not wish to be there to unsubscribe, you should have little to worry about. Bulk email is fine as long as it is an opt-in service.

Why?

Please understand that while our anti-spam stance may seem harsh, it is for the protection of our customers and the Internet community in general. There are many opportunities to market your site effectively without resorting to such activities.

If you have any questions or concerns regarding our anti-spam policy and how it may affect you, feel free to ask via our support form. Our goal is to educate our customers on the effects of spam, and attempt to insulate them from those effects as much as possible.

See also