Welcome, Guest. [ Log In ]
Question   Why is DreamHost spamming me?
Search KBase


Top 5 in this Area:
1. How do I stop getting all this spam?
2. Why is DreamHost spamming me?
3. Advanced Options
4. Is my bulk email Spam?
5. How To Keep Legit Mail Out of the Junk Mail Folder

 
Why is DreamHost spamming me?
Why is DreamHost spamming me?

Despite the subject line, it's quite unlikely that we're spamming you. We don't sell our customers' addresses to outside parties, nor are we in the business of spamming our own customers. It would make little sense to spam ourselves when our own anti-spam policy is one of the most progressive in the industry.

However, we do get a lot of support questions about spam messages which make it appear as if spam is being sent to a list of users on your server, eg:

To: All@ludo.dreamhost.com

From and To headers are easily forged; in most cases, the message is sent to a user at your domain, with a fake header like:

To: All

Our system doesn't like this (because All is obviously not a valid email address), and appends its own hostname. There isn't currently a good way to prevent our system from doing this, or to make it rewrite addresses with a more obviously fake domain. Future versions of Postfix (the MTA we use) will most likely have a feature to make it more obvious.

You will also see stuff like:

To: Internet@jareth.dreamhost.com Users@jareth.dreamhost.com

This comes from an address like:

To: Internet Users.

A practical example, along with some more gory details; this shows an actual SMTP session (and resulting message) demonstrating this concept.

ladd% telnet jareth 25
Trying 66.33.198.201...
Connected to jareth.dreamhost.com.
Escape character is '^]'.
220 jareth.dreamhost.com ESMTP
EHLO ladd
250-jareth.dreamhost.com
250-PIPELINING
250-SIZE 40960000
250-VRFY
250-ETRN
250-AUTH LOGIN PLAIN
250-AUTH=LOGIN PLAIN
250-XVERP
250 8BITMIME
MAIL From:<fakeaddress@somewhere.invalid>
250 Ok
RCPT To:<william@soulrebels.com>
250 Ok
DATA
354 End data with <CR><LF>.<CR><LF>
From: fake@msn
To: Local users
Subject: This is a test

test
.
250 Ok: queued as B288E6B5F8
QUIT
221 Bye
Connection closed by foreign host.

Now the actual email; my comments are interspersed.

The Return-Path shows the envelope-sender, specified in MAIL From:

 Return-Path: <fakeaddress@somewhere.invalid>
The final recipient:
Delivered-To: wby@jareth.dreamhost.com
The IP in brackets is the IP from which the message originated. You can't necessarily trust headers from before our system; since this one was sent directly to jareth, we can trust it. We can't necessarily trust the hostnames in question either (the first is specifed with 'HELO' or 'EHLO', and the second (in parentheses) is the reverse DNS of the originating IP.

Received: from ladd (mailman.hq.newdream.net [66.33.200.78])
       by jareth.dreamhost.com (Postfix) with ESMTP id B288E6B5F8
This is the actual address the message was sent to, specified in RCPT To: You can usually find the actual address the spam was sent to in this line (unless there were multiple RCPT To addresses).
        for <william@soulrebels.com>; Sun, 15 Sep 2002 15:30:50 -0700 (PDT)
Note how fake@msn is expanded to 'fake@msn.dreamhost.com' (which doesn't exist, by the way).
 From: fake@msn.dreamhost.com
Here's our fake 'To: header.
To: Local@jareth.dreamhost.com, users@jareth.dreamhost.com

Subject: This is a test
Message-Id: <20020915223050.B288E6B5F8@jareth.dreamhost.com>
Date: Sun, 15 Sep 2002 15:30:50 -0700 (PDT)

Last updated: Jul 01, 2004.

User Post (2004-10-28 16:01:12 by yost)
I use ASK, and dreamhost.com is on my whitelist. As a result, spam that claims to be from dreamhost.com gets through. Why not just this:

If any Received: line is from a host not in the dreamhost.com domain, delete the message.
User Post (2003-12-27 10:58:38 by crysc)
Unfortunately some legitimate mailing lists use a simple string as the to, with the addresses it's actually sent to in the bcc, so DH can't just block all such mail, without blocking legitimate mail to the some users.
User Post (2003-08-19 14:07:25 by drclue)
One could cure this problem with some sort of forking middle-ware that
ran on the involved ports and relayed the transaction to the real mail server while scanning for the bogus "to" parametersand canceling the whole mess when a garbage address was presented.

While much more involved than waiting for an update, for *THIS*
problem , it does afford a basic framework for addressing the next
problem born of the frustated people denied the fruit of their previous
spamming efforts by some future update to postfix.