Spam from Dreamhost (spoof)

First off, I’m quite sure Dreamhost doesn’t spam anybody, so this is not an accusation. I’m just wondering very much how come then that I get spam that appears to spoof Dreamhost?

I submitted this to SpamCop (because I want to bust those spammers) but I’d also like to raise the issue here to hear DH’s comments on it.

Here’s the header – I’ve replaced my domain with “”. Clearly it’s spam, and clearly it’s spoofed, but since DH is so incredibly keen on the non-spam frontier, how come then that they know the mail subdomain “plunder”? Am I being a noob? Admittedly, the “from” line is really weird!

Return-Path: <> Delivered-To: Received: from ( []) by (Postfix) with SMTP id 538D886387 for <>; Sun, 27 Jun 2004 06:09:57 -0700 (PDT) Received: from [] by (MSD) Wed, 23 Jun 2004 22:35:25 -0700 (MSD) Date: Thu, 24 Jun 2004 13:07:27 -0700 From:,,,,, you can use VISA now!!! <> X-Mailer: Yamail [ ] Reply-To: Lidia Hensley <> X-Priority: 3 Message-ID: <> To: Subject: Review your account 5126826 MIME-Version: 1.0 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 7bit


This is answered in this FAQ:

Did you not notice what the usernames spell out?
This is most likely how the From header appearred when it was sent:

Recipients are separated by commas, so each comma-delimited part counts as a recipient, unless the comma is in a string enclosed by quotes, paranthesis, or angle brackets, IIRC.

So the spammer was trying to make the From header in your mail client appear as a phrase instead of a list of recipients.

:cool: Perl / MySQL / HTML CSS

No, I didn’t notice that the “senders” spelled yet another ad text if I skipped the “” bits. Thanks for the explanation!


Received: from ( [])
by (Postfix) with SMTP id 538D886387
for; Sun, 27 Jun 2004 06:09:57 -0700 (PDT)

This part of the header actually spells it out clearly as SPAM, as the received from address is clearly outside of DH Network…

X-Mailer: Yamail [ ]

also gives it away as well :slight_smile: