DreamHost Spam Policy


#1

Hola, all -

As the poor luckless individual who has to sort through and deal with DreamHost network abuse related problems, I’ve dealt with a ton of spam in the last couple years. The problem has gotten worse as more people have gone online, with a lot of spammers apparently not knowing any better.

While some spammers are simply lacking in ethics and don’t really care whose resources, time, and money they waste, others are otherwise legitimate businesses that made a bad mistake.

So, recently, I wrote a somewhat more in-depth spam policy for customers to read for a clearer picture of our policies on the matter (as the definition of spam is a bit ambiguous at times).

http://www.dreamhost.com/spam.html

Just submitting this for peer review, as I’m sure some of you have opinions on how we can best combat spam on the 'net. Any thoughts?

  • Jeff @ DreamHost
  • DH Discussion Forum Admin

#2

That policy has very good depth and the wording is splendid. The one option that would be nice to see on all email lists signups is “Activation Reply”…I have found that some of my friends would easily signup to download email trial software where you can only download one copy per email address. They would sometimes include my email address and NOT unclick the “make address available to similar companies for …”

First… They shouldn’t have used my address anyway.
Second… Would have been nice to decline the list addition, or recieve a warning saying I have been added with option to cancel.

Maybe it could be made a policy? Just my 2 cents.


#3

What you refer to is commonly called ‘confirmed opt-in’ or ‘double opt-in’, and it definitely is a good thing. I mention that it’s a optimal thing if you suspect you’ll get a bunch of false sign-ups, but for the time being I’m not going to require it.

A lot of current scripts that people use aren’t confirmed opt-in, and it requires a bit more on the server side to get that working. Also, our own DreamHost distribution list feature doesn’t use confirmed opt-in, although I really think it should at some point. That may have to wait for development.

But it’s definitely something I recommend if you’re going to be doing large distributions, in order to take away any ambiguity as to where the subscriptions came up.

  • Jeff @ DreamHost
  • DH Discussion Forum Admin

#4

Jeff…

Well-written page! There are so many providers who don’t bother to try to educate their users as to the pitfalls of unethical list merchants… and then their users just end up getting canned for something they were clueless about.

Personally, I’m a militant confirmed opt-in advocate… While you may want to refrain from requiring opt-in conformation, I think you should mention it on that page as being the optimal way to administer a mailing list, and why. Get users moving in that direction. Explain that if people start reporting them for Spamming, the only way to prove that the address was subscribed voluntarily is to record an audit trail. And explain that a true closed-loop system, using a unique token generated by the subscription server, is the surest way to prove voluntary subscription. In other words, you have a much better chance of keeping your account if you use fully-documented double-opt-in. Anything less, and there are more risks. Of course, even a user who uses double-opt-in can get sacked if they refuse to remove people…

Hey! Here’s an idea-- [color=#CC0000]Why don’t you guys provide a double-opt-in mechanism in a pre-packaged CGI?[/color] That would be extremely cool of you… As a matter of fact, I don’t think I’ve ever heard of another host that offers one; you could be the first!

The CGI would be in two parts; first, the subscription form, which mails out a confirmation message to the subscribed address. This part of the script could also generate a unique token and store it in a MySQL database; the unique token would be included in a URL sent in the confirmation email.

The second part would process clicks to that URL and add the token and an IP address to the database, confirming the closed loop subscription.

Another option would allow subscribers to reply to the confirmation email to complete the subscription, but that would require the use of something like ProcMail, so the first option would be a lot easier for setup and maintenance.

Naturally, all of this requires an account that offers MySQL…

What do you think, sirs?

…Bob


#5

Hi Bob,

I’m a big advocate of confirmed opt-in myself, but our old mailing list was written in the days before “MAKE MONEY FAST” and “HOT XXX ACTION” were such a big problem. Otherwise, I think we would have made it a confirmed opt-in list.

Surprisingly though, the problems we’ve had with spammers rarely involve our own mailing list software. They tend to use their own bulk mailers. But it would still be a good idea. I’ll talk to DevTeam and see what kind of timeline such an undertaking would have … I think a tagged link would be just fine, and not very tough to write.

  • Jeff @ DreamHost
  • DH Discussion Forum Admin

#6

Hey, Jeff…

You wrote:

[quote]I’m a big advocate of confirmed opt-in myself, but our old mailing list
was written in the days before “MAKE MONEY FAST” and “HOT XXX ACTION” were
such a big problem. Otherwise, I think we would have made it a confirmed
opt-in list.

[/quote]

Oh, I see what you mean. But that assumes that everyone here uses your mailing list software. I still think you should encourage people to use double opt-in if they use their own listserv/service/whatever.

But I guess you guys might look a little disingenuous if you didn’t offer confirmation in your own software, huh?

[quote]Surprisingly though, the problems we’ve had with spammers rarely involve
our own mailing list software. They tend to use their own bulk mailers.

[/quote]

Yup… That seems to be the trend. But I think your new Spam Policy page goes a long way toward keeping well-intentioned folks out of trouble.

[quote]But it would still be a good idea. I’ll talk to DevTeam and see what kind
of timeline such an undertaking would have … I think a tagged link would
be just fine, and not very tough to write.

[/quote]

From what you were saying above, I take it you might be thinking about integration with your mailing list service; I was thinking of something that’s not necessarily tied to that, but which could be used to build a subscriber database that can be used independently.

If your DevTeam is going to spend any substantial time on the mailing list, I’d like to see them replace it with a full-fledged discussion-list system; I have much more need for a two-way list than an announcement list.

Thanks!

…Bob


#7

Discussion list software is on the way, although I don’t have a specific time frame as to when it will be implemented. We will once again be offering Mailman, which is a great mailing list software program that supports Majordomo style commands and syntax, but also has a great and easy to use web interface. We use it a lot for internal stuff and used to offer it as a service; once we get this fully integrated with our system we’ll be offering it as an add on service (which will be totally separate from the outgoing mailing list system).


#8

will wrote:

[quote]Discussion list software is on the way, although I don’t have a specific
time frame as to when it will be implemented. We will once again be
offering Mailman

[/quote]

Great! I’ve heard of it and its reputation.

[quote]we’ll be offering it as an add on service (which will be totally separate
from the outgoing mailing list system).

[/quote]

Do you mean as a paid option? I almost went with another host that was offering Mailman as a standard feature of some of their accounts… and it was very nearly the deciding factor for me.

I would think it would be appropriate to include Mailman with Strictly Business and Code Warrior accounts, and charge for it as an add-on to the less-expensive accounts-- or just include it in all accounts.

(No bias here…)

…Bob


#9

I second that. Please, oh pretty please, include it with the higher level accounts! Even if you only include one list, the way you do one MySQL database, with additional ones costing extra, it would be so nice to have…

Lynna

Business: http://www.spidersilk.net
Personal: http://www.wildideas.net