DreamHost Web Hosting: Abuse Center
Section: Spam & UBE
Section: Copyright Infringement
Section: Trademark Infringement
Section: Cracking, Intrusion & DOS
Section: Fraud, Phishing & 419 Scams
Section: Libel & Defamation
Section: Child Pornography
Spam & UBE

Spam (usually defined as 'unsolicited bulk email', but also encompassing Usenet spam and weblog comment/trackback spam) is a huge problem, and as one of the largest web hosting service providers on the Internet it falls upon us at DreamHost to ensure that our services are not used in conjunction with such practices.

Note: This page is mostly of help to current DreamHost customers. If you believe you've been spammed by a DreamHost customer, feel free to skip here.
Why spam is bad
There are a few reasons, but here is the most important: Spam is essentially theft of resources. Whoever is on the receiving end of spam has to pay for it in the form of increased disk storage, CPU and memory costs. The sender rarely has to pay much (if any) of these costs - instead, they are borne by whoever owns the receiving mail server - usually passed along in the form of higher prices to end-users. As this email isn't requested by the recipient, spammers make people pay for advertising they don't want.

You can think of spam as being like regular bulk mail, except where the recipient pays for postage even if they didn't ask for it.
DreamHost's anti-spam policies
You may review our anti-spam policies here:

     
http://www.dreamhost.com/spam.html

All customers are required to review and agree to abide by these policies upon signing up with DreamHost as a condition of their hosting with our company.

These policies cover any form of bulk email either sent from our servers, or that sent using a 3rd party server/service in promotion of a site or domain that we host. Our policies also cover any Usenet postings, weblog comments/trackbacks, message forum postings, etc. that promote or link to a site or domain that we host.
Most important requirements
There are three things you need to remember if you are sending bulk email to people. They are so incredibly important, we're going to make them bold and in large type:
  1. Recipients must specifically ask to be placed on your distribution list ("opt-in").
  2. Recipients must confirm their intent to be placed on your distribution list ("opt-in confirmation").
  3. You must be able to prove that the opt-in confirmation occurred (provide date/time/IP logging of confirmations).
In other words, if nothing else you absolutely must comply with items #1 and #2 under 'Subscriptions' in our anti-spam policy. Failure to do so is the cause of 95% of the spam policy-related disablements we perform. We are not terribly lenient on these items (and for very good reasons!), so please be sure that you understand them!

Term: Opt-In
An "opt-in" occurs when people ask to be placed on your list. Typically this is through a form on your web site, but an opt-in could also be someone signing up for periodic mailings at a trade show, concert or other real-world event.
Term: Opt-In Confirmation
"Opt-in confirmation" is a process wherein a person who has opted-in confirms that they want to be on that list before receiving bulk email associated with that list. This ensures that, for example, someone can't sign someone else up for a list without their knowledge or consent. Only the person who has access to the email address being subscribed to the list can confirm the opt-in. This is sometimes called "closed-loop confirmation" or (
erroneously) "double opt-in".

Opt-in confirmation as required by DreamHost works like this: Upon an email address being subscribed to a list, a single email is sent to the subscriber's email address with a unique tagged link that they must follow prior to being added to the list or receiving any bulk email from it. Those who do not follow that link receive no further email. Those who do follow the link are added to the list and their IP address (along with the date and time) is logged. Access to that logging information must be provided in full to DreamHost for independent review upon request.
Just to recap: Everyone on your list must A) specifically ask to be placed on that list, B) go through an electronic opt-in confirmation process with date/time and IP address logging.
Complaints
Even perfectly legitimate, well-run distribution lists sometimes incur complaints. Mistaken spam complaints happen, and as long as you are fully compliant with our policies you shouldn't have anything to worry about. It is, however, important that you get back to us in a timely manner with answers to the questions we ask of you. These questions typically include the following:
  • Did all subscribers to your list specifically request to be placed on your list ("opt-in")?
  • Were all subscribers to your list sent upon subscribing an email with a tagged link that they had to follow prior to being added to your list ("opt-in confirmation")?
  • Were all opt-in confirmations logged with the date/time and IP address recorded when they followed your confirmation link?
  • Where may we independently review your opt-in confirmation logging data?
Please, when you receive notice of a spam complaint answer all questions honestly and as soon as possible!

Failure to provide complete answers to the information requested of you (especially the four questions above) can result in account disablement.
Time provided for a response
In cases where it's reasonably certain that spam has been sent in conjunction with a DreamHost account, we reserve the right to disable that account immediately and without prior warning.

If it's not entirely clear, though, we provide a minimum of 72 hours before such disabling accounts. This is to give the account owner enough time to see our message and get back to us.
Identities of those who complain
For good reason, those who submit spam complaints usually wish to keep their identities private, and we honor that wish.

Why would someone want to remain anonymous? They often worry about retaliation from spammers (we've received death threats before, so it's not just paranoia on their part!) and - rightfully - do not wish to enable the practice of "list-washing". For these reasons, we do not divulge their identities or email addresses without permission.

Note that their identity is not necessary to show your compliance with our policies - this is one of the reasons why we ask to review the entirety of your opt-in confirmation logging data upon receiving a complaint. Even if a given complaint is misguided - or worse yet, malicious - you are fine as long as you can show that you're operating your list correctly.
Malicious complaints
Do some people report email as spam for malicious reasons? It's rare, but it does happen.

However, please understand that we do not disable accounts for spam complaints, we disable account for spam policy violations. This means that as long as you are following the rules, you have nothing to worry about from a malicious spam complaint. Just make sure to answer all of our questions honestly and in a timely manner.
Other types of spam
While unsolicited bulk email (UBE) is the most common type of spam we encounter, there are other types as well. These, too, are strictly prohibited and can result in account disablement.
Usenet spam
Posting advertisements or promotional messages to Usenet newsgroups where such messages are not specifically allowed - or posting off-topic messages to unrelated newsgroups.
Weblog comment/trackback spam
Posting comments or trackback pings to weblogs - usually off-topic and using automated processes - typically for promotional purposes.
Message forum & guestbook spam
The practice of posting unrelated, offtopic and typically promotional messages to message forums or guestbooks.
Common questions & misunderstandings
There are a number of frequently asked questions we receive about our anti-spam policies, some of which reflect common misunderstandings both about the spam problem and our policies in particular. They are as follows:
"What if I send the email from a non-DreamHost server?"
You are still required to comply with our policies if this mailing is being done in conjunction with our services in any way. That includes emails sent in promotion of a site or domain that we host (ie. you are pointing people toward your site via a link, hosting embedded email graphics on our servers, referring to a DreamHost-hosted email address, etc).
"I'm not selling penis enhancement pills, risky mortgages or engaging in fraud!"
While such things are commonly associated with spam, spam itself is inherently not about any specific type of content - it's a matter of consent. Bulk email of any type can be spam, regardless of its content - even if it's not commercial in nature.
"What about paper sign-ups at trade shows or events?"
These may suffice as an opt-in, but do not constitute a valid opt-in confirmation as someone could still sign someone else up just by writing their email address down. Such sign-ups must still go through an electronic opt-in confirmation process, as described above.

Also, note that someone simply handing you a business card with their email address on it is not sufficient cause to believe they wanted to be on your list! They must intentionally sign up for the list, knowing that they would receive periodic bulk email from you.
"Must I provide access to all of my opt-in confirmation logging data?"
Yes. If we contact you regarding a spam complaint, we are unable to provide you with the identity of the complaining party, so in order to ensure that they went through a confirmation process we need to see the entirety of your logging data and find them ourselves. We can't just provide you with the email address associated with the complaint and have you look it up for us. This also allows us to make sure that everyone else on your distribution list went through a properly logged confirmation process as well.
"Isn't an unsubscribe option enough?"
We're afraid not. While we do require an unsubscribe option, our main concern is ensuring that only people who want to be on your list actually end up on it in the first place. This requires opt-in with fully logged confirmation step, as described above.
"Isn't CAN-SPAM compliance enough?"
Nope! CAN-SPAM is a
lousy, terrible, largely toothless law that does little to prevent spam, only certain practices associate with it. Worse still, it has superseded much stronger state laws and added a veneer of legitimacy to the practice of spamming. For these reasons, many in the anti-spam community consider CAN-SPAM to have been 'bought' by powerful anti-consumer interests, causing more harm than good.

So, while - like any Federal law - we do require all customers to be fully compliant with it, simply being CAN-SPAM compliant alone does not mean you are not spamming.
"If I send an email once someone is added, is that confirmation?"
No. When we refer to "opt-in confirmation", that doesn't mean confirming to someone that they've been added to a list. Sending them an email once they are added is not enough. Confirmation in this context means confirming that they want to be on the list before they are even added. The ultimate goal of the opt-in confirmation process is to ensure that only those who want to be on a list are ever able to get on it, and that evidence (in the form of date/time and IP logging) is recorded to prove it.
"But the information I'm sending is valuable!"
We're sure it is! For that reason, it shouldn't be a problem getting people to sign up for it on their own volition. Either way, it's each individual's right to decide what is and isn't valuable to them. Similarly, even bulk email sent for "good causes" must adhere to our policies.
"Is there an exemption for sending bulk email to my own customers?"
Simply having a business relationship with a customer is not sufficient grounds to add them to a bulk email distribution list without their permission. This means requiring that they opt-into your list, and that each opt-in is confirmed (with logging!), as described above.
"Is there an exemption for sending bulk email to the media?"
No. While we understand that a valid point could be made that the media benefit from press releases and such, as a matter of practicality we are unable to treat their email addresses any differently than anyone else. This is particularly true now that the line between traditional media and (for example) webloggers has been blurred. Any recipient of a bulk email distribution you take part in must opt-into that distribution and confirm their intent to be on your list via a logged opt-in confirmation process.
"Is there an exemption for affiliates?"
If you use a 3rd party for your advertising needs, you are ultimately responsible for whatever they do. This means that if we receive spam complaints associated with their mailings, you'll still be required to demonstrate that those mailings were handled properly. If you cannot completely trust an advertiser working on your behalf, you should not risk losing your account if they don't follow the rules.
"What software can I use?"
The only bulk email software we officially support is our own Announcement List tool, available from the web panel. It enforces the opt-in confirmation and logging requirements, and its use is the recommended way to help ensure that your bulk email usage is spam policy compliant.

Our Discussion List feature (powered by GNU Mailman) does not support the necessary logging we need nor does it enforce opt-in confirmation, so it cannot be used for traditional bulk email use. There may be other 3rd party tools/scripts that are compliant, though we are unable to recommend any at this time.
"What if I don't want to divulge my identity?"
The main purpose of spam complaints is to figure out if a customer is in violation of our policies or not, and to stop them if they are. We do not engage in "list-washing", and will not divulge your identity unless you give us permission to do so first. We generally will provide customers with a copy of the email in border-line cases, but will obfuscate anything that appears to be personally identifiable information.
"What do I need to include in my spam complaint?"
If the spam you receive is unsolicited bulk email, we need you to send us the full content and headers of the email. Headers are used to identify the true source of the email and content is used to determine what type of email it is (while spam is about consent and not content, content can help us determine if the email is bulk or not, whether it was sent from an exploited script, etc).

Headers and content are also necessary for Usenet spam, though often we will be able to find similar messages by the same poster ourselves.

For web-based spam (weblog comment/trackback spam, message forum spam, etc) please provide any logging information you can provide. The content of the spam, IP addresses and date/time-stamps are very helpful. If you can leave the spam up and visible, that too can be helpful.
"Okay, so where do I send my spam complaint?"
If you've read the above and believe that a DreamHost customer is spamming you, you may send your complaint (with full headers and content) to the following address:

     abuse(at)dreamhost(dot)com