Please help, someone is sending out spam emails


#1

And is using one of our dreamhost subdomains within the text of the email so it looks like we would promote our site through eMail spam. He is not able to beat our search engine rankings and tries to defeat our business.

Our account name is: ca18go

We would never send out spam email to promote our service, never.

This is a very shady tactics. Dreamhost staff, please help do you have any suggestions how we could stop him doing this kind of things? We are a loyal customer for a long time.

Our account has been disabled one hour ago.

This is a part of the source code of the email the spammer is sending:

[ Offending message ]

[quote]Return-Path: scientist_mohsin@hotmail.com
Delivered-To: @konami.com
Received: (qmail 66077 invoked by uid 90); 28 Dec 2004 10:41:17 0900
Delivered-To: @konami.com
Received: (qmail 66069 invoked from network); 28 Dec 2004 10:41:17 0900
Received: from (HELO smtp1.konami.co.jp) (127.0.0.1)
by localhost with SMTP; 28 Dec 2004 10:41:17 0900
Received: (qmail 5353 invoked from network); 28 Dec 2004 10:41:16 0900
Received: from (HELO websld1.konami) (127.0.0.1)
by localhost with SMTP; 28 Dec 2004 10:41:16 0900
Received: (qmail 3600 invoked from network); 28 Dec 2004 10:41:15 0900
Received: from unknown (HELO hotmail.com) (210.96.119.1)
by localhost with SMTP; 28 Dec 2004 10:41:15 0900
Message-ID: <abba01c4ec7d$8f372700$7e972239@scientist_mohsin>
From: scientist_mohsin@hotmail.com
To: “Postmaster” <@konami.com>
Subject:
Date: Tue, 28 Dec 2004 01:35:49 0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

[/quote]


#2

Wow! The very same happened to me these days, a fabricated “spam” email from a competitor, trying to ruin my business. The email headers are, as communicated to me by Dreamhost:

Return-path: ro9007@yahoo.com
Delivery-date: Mon, 20 Dec 2004 09:38:53 -0500
Received: from [61.78.180.170] (helo=yahoo.com)
by x.emeraldserver.com with smtp (Exim 4.43)
id 1CgOgW-0003T1-CV
for x; Mon, 20 Dec 2004 09:38:53 -0500
Message-ID: 039b01c4e677$3cfff2c0$bb7b2121@ro9007
Reply-To: ro9007@yahoo.com
From: ro9007@yahoo.com
To: x
Subject: How are you doing? I got someting for you !
Date: Mon, 20 Dec 2004 09:35:27 +0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1123
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1123

which is from a no-proxy Korean IP! (I’m not from that country). See it at:
http://www.geobytes.com/SpamLocator.htm


And your headers lead to the same Korean IP, which means a Korean guy is doing this to hurt us.

I’m a customer of DH for 4 years now, since April, 2000, with SE traffic, no email traffic, never! After this first email spam sent by a competitor, DH disabled my account. Still waiting for the last reply from Support, for more than 6 days and 16 hours now (although it should have been replied to within 24 hours) :frowning:
I’m depressed of how Dreamhost gives more credibility to a competitor trying to ruin our business than to loyal paying customers for years. I still hope this error, of quickly disabling accounts with no clear proof, will be corrected asap.

Seopti, what was written in the Subject and content of the email (without your URL, of course)? Just curious if they are the same. Mine are:

"Subject: How are you doing? I got someting for you !
Content:
A friend told me that you like (SE keyword), so here is the best (SE keyword) that i found for you - …URL…

I hope you’ll like it."

Seopti, is it the same at you? Any other people with subdomains at DH had the same unpleasant experience lately?


#3

Florin, Yes, that’s exactly the same header/subject!
It’s very sad that this happens to you too!

This is the header he is using, too:

Delivery-date: Mon, 27 Dec 2004 19:43:26 -0500
Received: from [213.37.147.5] (helo=yahoo.com)
by x with smtp (Exim 4.43)
id 1Cj5SJ-0008W5-Jq
for x; Mon, 27 Dec 2004 19:43:26 -0500
Message-ID: <ca6b01c4ec28$4f907250$97771f39@cfin_host>
From: cfin_host@yahoo.com
To: Postmaster admin@pernmu.com
Subject: How are you doing? I got someting for you !
Date: Mon, 27 Dec 2004 15:25:35 0900
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1123
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1123

Please Dreamhost maybe you can do something to stop this kind of things? Dreamhost already shut down my account 1-2 hours ago because of this spammer and I really don’t know what to do :(((

Who else got hit by this guy? Please help. I am with you Florin, this things has to stop!

Please dreamhost is it possible to resolve this matter ASAP?


#4

That header/IP is from Spain, but the Subject is exactly the same!
Seopti, what does the email say in its body?


#5

Florin,

the content of the email is exactly the same:

A friend told me that you like [keyword] so here is the best [keyword] that i found for you.


#6

Thanks, Seopti, it’s obvious for me now that someone tries to ruin people with DH subdomains on search engines, competing with him. Other people with DH subdomains will soon face a similar situation, unfortunately.

Btw, my ICQ number is 30160426


#7

We also host with 2 other hosts and he tried the same thing there, but I talked to the admins before they were able to shut down our accounts and everything went out positively.

So that’s not only dreamhost, they attack different hosts.


#8

Is it possible to get a reply from Dreamhost on this matter today? Thank you!

I’m even sure this guy wrote the complain eMails himself just to get us shut down with different hosts.


#9

The DH guys are pretty busy sorting out last night’s hardware failure. If they have a problem with your situation, I’m sure they will understand once you present the proper evidence.


MacManX.com


#10

macmanx, please enlighten me, assume someone sends to DH a fake email spam as you see here above, complaining about an alleged spam you’ve made. You know you haven’t spammed, but your account gets disabled right away based on 1 fake email spam from a completely different IP than from your country, what proper evidence would you present to DH?


#11

If they do disable your account, you will receive an email explaining it. Quickly reply to that email as best you can. Basically, you will want to include everything you’ve put in this thread (a copy of the email, and an explanation about why it’s not you, highlighting the different IP).


MacManX.com


#12

Which is what I did, I quickly replied to DH’s email (definitely within 24 hours, as DH required), explaining the header they mentioned comes from an IP from a totally different country than mine, that my traffic stats with DH shows no email traffic, but search engine traffic and from sites where I was listed, and even more explanations. Still my account got disabled. Let me know what other proper evidence to present to get my sites back online. The last email I sent is 7 days old, no reply since then.


#13

Send them another [polite] email asking for status on your situation. They’ve been busy due to the holiday and the hardware failure.


MacManX.com