Spam & UBE

Spam & Unsolicited Bulk Email is a huge problem that has the potential to affect any email address. As one of the largest web hosting service providers on the Internet, DreamHost strives to ensure that its services are not used in conjunction with such practices.

Why spam is bad

Spam is essentially theft of resources. Whoever is on the receiving end of spam has to pay for it in the form of increased disk storage, CPU and memory costs. The sender rarely has to pay much (if any) of these costs. As this email isn't requested by the recipient, spammers make people pay for advertising they don't want.

You can think of spam as being like regular bulk mail, except where the recipient pays for postage even though they didn't ask for it.

DreamHost's anti-spam policies

DreamHost's anti-spam policies can be found here:

All customers are required to review and agree to abide by these policies upon signing up with DreamHost as a condition of their hosting.

These policies cover any form of bulk email either sent from DreamHost servers, or sent using a 3rd party server/service in promotion of a site or domain that DreamHost hosts. These policies cover any Usenet postings, weblog comments/trackbacks, message forum postings, etc., that promote or link to a DreamHost hosted site.

Three important requirements

There are three mandatory requirements you must follow if you are sending bulk email.

  1. Opt-in - Recipients must specifically ask to be placed on your distribution list.
  2. Opt-in confirmation - Recipients must confirm their intent to be placed on your distribution list.
  3. Prove Opt-In requirements - You must be able to prove that the opt-in confirmation occurred (provide date/time/IP logging of confirmations).

Failure to follow the requirements above is the cause of 95% of the spam policy-related disablements DreamHost performs. Make sure that you understand the requirements above before sending any type of bulk email.

Opt-in

An "opt-in" occurs when someone asks to be placed on your list. Typically this is through a form on your web site. However, an opt-in could also be someone signing up for periodic mailings at a trade show, concert or other real-world event.

Opt-in confirmation

The "opt-in confirmation" is a mandatory step wherein a person who has opted-in to your list then confirms they want to be on that list before receiving bulk email associated with that specific list.

This ensures that, someone can't sign someone else up for a list without their knowledge or consent. Only the person who has access to the email address being subscribed to the list can confirm the opt-in. This is sometimes called "closed-loop confirmation" or (erroneously) "double opt-in".

The following details how the opt-in confirmation works at DreamHost:

  1. An email address subscribes to a list
  2. A single email is sent to the subscriber's email address with a unique link they must follow prior to being added to the list or receiving any bulk email from it. Those who do not follow that link receive no further email. Those who do follow the link are added to the list and their IP address (along with the date and time) is logged.
  3. If DreamHost ever requires proof, access to that logging information must be provided in full for independent review.

Complaints

Even perfectly legitimate, well-run distribution lists sometimes incur complaints. Mistaken spam complaints happen, but as long as you are fully compliant with DreamHost policies, you shouldn't have anything to worry about. However, it's important that you get back to DreamHost in a timely manner with answers to any questions. These questions typically include the following:

  • Did all subscribers to your list specifically request to be placed on your list ("opt-in")?
  • Were all subscribers to your list sent an email with a link they had to follow prior to being added to your list ("opt-in confirmation")?
  • Were all opt-in confirmations logged with the date/time and IP address recorded when they followed your confirmation link?
  • Where can DreamHost independently review your opt-in confirmation logging data?

When you receive notice of a spam complaint, answer all questions honestly and as soon as possible. Failure to provide complete answers to the information requested of you (especially the four questions above) can result in account disablement.

Time provided for a response

In cases where it's reasonably certain that spam has been sent in conjunction with a DreamHost account, DreamHost's administrators reserve the right to disable that account immediately and without prior warning.

If it's not entirely clear, a minimum of 72 hours is provided before disabling the account. This is to give the account owner enough time to see the message and get back to DreamHost.

Identities of those who complain

For good reason, those who submit spam complaints usually wish to keep their identities private, and DreamHost honors that wish.

Why would someone want to remain anonymous? They often worry about retaliation from spammers and do not wish to enable the practice of "list-washing". For these reasons, DreamHost does not divulge their identities or email addresses without permission.

Their identity is not necessary to show your compliance with DreamHost policies — this is one of the reasons why you're asked to provide the entirety of your opt-in confirmation logging data upon receiving a complaint. Even if a given complaint is misguided — or worse yet, malicious — you are fine as long as you can show that you're operating your list correctly.

Malicious complaints

Some people report email as spam for malicious reasons. It's rare, but it does happen.

However, please understand that DreamHost does not disable accounts for spam complaints. Accounts are disabled due to spam policy violations. This means that as long as you are following the rules, you have nothing to worry about from a malicious spam complaint. Just make sure to answer all of the questions honestly and in a timely manner.

Other types of spam

While unsolicited bulk email (UBE) is the most common type of spam encountered, there are other types as well. These, too, are strictly prohibited and can result in account disablement.

Usenet spam

Posting advertisements or promotional messages to Usenet newsgroups where such messages are not specifically allowed — or posting off-topic messages to unrelated newsgroups.

Weblog comment/trackback spam

Posting comments or trackback pings to weblogs — usually off-topic and using automated processes — typically for promotional purposes.

Message forum & guestbook spam

The practice of posting unrelated, off topic and typically promotional messages to message forums or guestbooks.

Reporting spam/UBE to DreamHost

DreamHost does not tolerate the sending of unsolicited bulk email and will take action against verified spammers. In order to find spammers using DreamHost services, it helps to receive reports from spam victims. If you wish to make a report, make sure that the spam is truly associated with DreamHost servers first. If you are not experienced reading email headers, try using and online tool such as Google's Header Analyzer.

What if I don't want to divulge my identity?

The main purpose of spam complaints is to figure out if a customer is in violation of DreamHost policies or not. DreamHost does not engage in "list-washing", and will not divulge your identity unless you give permission to do so first. DreamHost may provide customers with a copy of the email in border-line cases, but will obfuscate anything that appears to be personally identifiable information.

I'm a DreamHost customer being spammed by a DreamHost customer

Odds are extremely good that the spam you are receiving is not from another DreamHost customer. It's most likely being sent with forged or obfuscated headers in order to make it look like you are receiving spam from a DreamHost server. "From" headers are easily forged and should not be trusted. In such cases, you must check the full headers to confirm where it originated from.

What do I need to include in my spam complaint?

If the spam you receive is unsolicited bulk email, send DreamHost the full content and headers of the email. Headers are used to identify the true source of the email and content is used to determine what type of email it is. Spam is about consent and not content, and content can help determine if the email is bulk or not.

Headers and content are also necessary for Usenet spam. Often, DreamHost is able to find similar messages by the same poster.

For web-based spam (weblog comment/trackback spam, message forum spam, etc.), please provide any logging information you have. The content of the spam, IP addresses and date/time-stamps are very helpful. If you can leave the spam up and visible, that too can be helpful.

Where do I send my spam complaint?

If you've read the above and believe that a DreamHost customer is spamming you, you may send your complaint (with full headers and content) to the following address:

  • abuse@dreamhost.com

FAQs

What if I send the email from a non-DreamHost server?

You are still required to comply with DreamHost policies if this mailing is being done in conjunction with DreamHost services in any way. That includes emails sent in promotion of a site or domain that DreamHost hosts (e.g., you are pointing people toward your site via a link, hosting embedded email graphics on DreamHost servers, referring to a DreamHost-hosted email address, etc.).

I'm not selling risky mortgages or engaging in fraud, why is this spam?

While such things are commonly associated with spam, spam itself is inherently not about any specific type of content — it's a matter of consent. Bulk email of any type can be spam, regardless of its content — even if it's not commercial in nature.

What about paper sign-ups at trade shows or events?

These may suffice as an opt-in, but do not constitute a valid opt-in confirmation as someone could still sign someone else up just by writing their email address down. Such sign-ups must still go through an electronic opt-in confirmation process, as described above.

Also, note that someone simply handing you a business card with their email address on it is not sufficient cause to believe they wanted to be on your list. They must intentionally sign up for the list, knowing that they would receive periodic bulk email from you.

Must I provide access to all of my opt-in confirmation logging data?

Yes. If DreamHost contacts you regarding a spam complaint, DreamHost is unable to provide you with the identity of the complaining party. So, in order to ensure that they went through a confirmation process, the entirety of your logging data must be provided.

DreamHost cannot provide you with the email address associated with the complaint and have you look it up.

Isn't an unsubscribe option enough?

No. While an unsubscribe option is required, the primary concern is ensuring that only people who want to be on your list actually end up on it in the first place. This requires an opt-in with a fully logged confirmation step, as described above.

Isn't CAN-SPAM compliance enough?

No. CAN-SPAM is a lousy, largely toothless law that does little to prevent spam, only certain practices associated with it. Worse still, it has superseded much stronger state laws and added a veneer of legitimacy to the practice of spamming. For these reasons, many in the anti-spam community consider CAN-SPAM to have been 'bought' by powerful anti-consumer interests, causing more harm than good.

Like any Federal law, DreamHost requires all customers to be fully compliant with it. Simply being CAN-SPAM compliant alone does not mean you are not spamming.

If I send an email once someone is added, is that confirmation?

No. Opt-in confirmation doesn't mean confirming to someone that they've been added to a list.

Sending them an email once they are added is not enough. Confirmation in this context means confirming that they want to be on the list before they are even added. The ultimate goal of the opt-in confirmation process is to ensure that only those who want to be on a list are ever able to get on it. Evidence (in the form of date/time and IP logging) is recorded to prove it.

The information I'm sending is valuable, why is this spam?

It may very well be. For that reason, it shouldn't be a problem getting people to sign up for it on their own volition. Either way, it's each individual's right to decide what is and isn't valuable to them. Similarly, even bulk email sent for "good causes" must adhere to DreamHost policies.

Is there an exemption for sending bulk email to my own customers?

Simply having a business relationship with a customer is not sufficient grounds to add them to a bulk email distribution list without their permission. You must require that they opt-in to your list, and that each opt-in is confirmed (with logging), as described above.

Is there an exemption for sending bulk email to the media?

No. A valid point could be made that the media may benefit from press releases and such. However, as a matter of practicality DreamHost is unable to treat their email addresses any differently than anyone else. This is particularly true now that the line between traditional media and (for example) webloggers has been blurred. Any recipient of a bulk email distribution you take part in must opt-in to that distribution and confirm their intent to be on your list via a logged opt-in confirmation process.

Is there an exemption for affiliates?

If you use a 3rd party for your advertising needs, you are ultimately responsible for whatever they do. This means that if DreamHost receives spam complaints associated with their mailings, you are still required to demonstrate those mailings were handled properly. If you cannot completely trust an advertiser working on your behalf, you should not risk losing your account if they don't follow the rules.

What software can I use?

The only bulk email software DreamHost officially supports is an Announcement List. This is available in the panel on the (Panel > 'Email' > 'Announcement Lists') page.

It enforces the opt-in confirmation and logging requirements, and its use is the recommended way to help ensure that your bulk email usage is spam policy compliant.

DreamHost's Discussion List feature (powered by GNU Mailman) does not support the necessary logging needed nor does it enforce opt-in confirmation. Because of this, it cannot be used for traditional bulk email use. There may be other 3rd party tools/scripts that are compliant, though DreamHost is unable to recommend any.

See also

Did this article answer your questions?

Article last updated .