Why is DreamHost spamming me?
Despite the subject line, it's quite unlikely that we're spamming you. We don't sell our customers' addresses to outside parties, nor are we in the business of spamming our own customers. It would make little sense to spam ourselves when our own anti-spam policy is one of the most progressive in the industry.
However, we do get a lot of support questions about spam messages which make it appear as if spam is being sent to a list of users on your server, eg:
From and To headers are easily forged; in most cases, the message is sent to a user at your domain, with a fake header like:
Our system doesn't like this (because All is obviously not a valid email address), and appends its own hostname. There isn't currently a good way to prevent our system from doing this, or to make it rewrite addresses with a more obviously fake domain. Future versions of Postfix (the MTA we use) will most likely have a feature to make it more obvious.
You will also see stuff like:
To: Internet@jareth.dreamhost.com Users@jareth.dreamhost.com
This comes from an address like:
To: Internet Users.
A practical example, along with some more gory details; this shows an actual SMTP session (and resulting message) demonstrating this concept.
ladd% telnet jareth 25
Connected to jareth.dreamhost.com.
Escape character is '^]'.
220 jareth.dreamhost.com ESMTP
250-AUTH LOGIN PLAIN
354 End data with <CR><LF>.<CR><LF>
To: Local users
Subject: This is a test
250 Ok: queued as B288E6B5F8
Connection closed by foreign host.
Now the actual email; my comments are interspersed.
The Return-Path shows the envelope-sender, specified in MAIL From:
The final recipient:
The IP in brackets is the IP from which the message originated. You can't necessarily trust headers from before our system; since this one was sent directly to jareth, we can trust it. We can't necessarily trust the hostnames in question either (the first is specifed with 'HELO' or 'EHLO', and the second (in parentheses) is the reverse DNS of the originating IP.
Received: from ladd (mailman.hq.newdream.net [188.8.131.52])
by jareth.dreamhost.com (Postfix) with ESMTP id B288E6B5F8
This is the actual address the message was sent to, specified in RCPT To:
You can usually find the actual address the spam was sent to in this line (unless there were multiple RCPT To addresses).
for <firstname.lastname@example.org>; Sun, 15 Sep 2002 15:30:50 -0700 (PDT)
Note how fake@msn is expanded to 'email@example.com' (which doesn't exist, by the way).
Here's our fake 'To: header.
To: Local@jareth.dreamhost.com, firstname.lastname@example.org
Subject: This is a test
Date: Sun, 15 Sep 2002 15:30:50 -0700 (PDT)
Last updated: Jul 01, 2004.