Sudden increase in SPAM

Two days ago my primary email address suddenly had a huge increase in incoming spam – it went from maybe one or two spam messages per day (for the last six years this email has existed) to dozens and dozens.

I am wondering whether there is any possible explanation for this other than my address somehow getting in the hands of more spammers? I.e. was there some silent upstream spam filtering going on that has now stopped? Has anybody else seen a sudden surge in spam volume starting on Monday?

I have turned on the spam filtering on my account, which is working ok. But it just seems strange that I suddenly need it with so many years of so little spam.

Yup, looks like you made the list :slight_smile:

There are sites where one can buy thousands of active email addresses. Using spam filters do nothing to remove an address once it gets added, only retiring that address from your server so it bounces will help so it won’t be added to new lists. It will likely stay on those lists already in use.

One thing I’ve found that helps is not use a catch-all bucket (domain wild card.) Also never use webmaster, sales, help, info, service, or other generic prefixes.

Yes, I wonder when someone will try to find a solution to spam…

[quote=“makeonlineshop, post:3, topic:61090”]
Yes, I wonder when someone will try to find a solution to spam…[/quote]
Right after the common cold.

Well you never know!

Well first they’ll need to learn proper grammar.

I’ve seen a huge increase in SPAM since I moved over to DreamHost 2 weeks ago, not that I’m blaming DH on that. I think at my previous hosting/email provider, they did a real good job of filtering out spam. I am now finding that I get about 30-60 emails a day that are getting quarantined and I am then blacklisting. The interesting thing though is that every single domain that I am getting the SPAM from is registered at That’s just shady.

The majority of the SPAM usually has to do with AIG Insurance, Sam’s Gift Cards, Bloomberg, and ProtectMyID.

  • Merg

Most of my domains use dreamhost as the registrar and for the domains that have email (a few don’t other than the dreamhost created proxy for the whois) I don’t particularity get spam that I relate to being “because it’s hosted (or registered) at dreamhost”. In fact, even where mx records are pointed elsewhere I don’t see spam increases.

Sorry, I don’t think I was clear in what I was trying to say. All of my domains are hosted at DreamHost and I am currently switching to DH as my registrar. What I am referring to is that when I receive SPAM and check to see which registrar the spammer is using, it has almost always been

As for my comment about the majority of SPAM, I was referring to the type of subjects and topics to which the spam is referring. I was not referring to the domain of the spam in that comment.

While I am not a fan of GD anymore, I will say that the their spam filtering must have been terrific. If I received a spam email/day, that was a lot. Here at DH, I am easily receiving 30 every day, if not more. Plus along with what is getting captured in the quarantine, about 5-10 get through to my actual Inbox.

  • Merg

I am also seeing a sudden increase, starting about two days ago as well, in SPAM on my DH-hosted mail addresses.

This does not appear to be a “fluke”, and retiring the e-mail address is a band-aid, not a solution. DH does a very poor job of filtering e-mail, as compared to even the weakest of hosts (Bluehost/Host Gator/et al). It would be great if they offered some real filtering, rather than what they have now.

I’m considering the procmail/GMail filtering possibilities, but I’d need to figure out how to do that with a single GMail address for all of my domain accounts (I do NOT want to have a single GMail address for each domain address). Has anyone done this on DH? Do we know if it works/works well?

This isn’t the type of thing I like having to spend my day on. :frowning:

– Brian

Okay, I can confirm that the spam flood is strictly on my Dreamhost domain names, particularly those actually registered with Dreamhost. I have to have accounts on different hosting services to test them for students and clients. None of the other hosting services (Bluehost, Westhost, Fat Cow) are having this issue. Only Dreamhost. It started increasing after the first of the year and must be associated with a change in Dreamhost’s service. The two clients who went with Dreamhost on my recommendation are being slammed so badly it’s affecting their organization, and begged me for help in finding a solution. Unless Dreamhost does something within the next couple of weeks, I’ll have to suggest they switch hosting services and have to help them move everything (which I REALLY DON’T want to do).

Hello, Dreamhost Staff. Anyone listening? There’s a major problem here and it’s something you can fix since it isn’t happening elsewhere.

I’ve seen a big increase in SPAM on a couple of email addresses. The SPAM scores are often negative like -.009. The lowest quarantine level I can enter is .01. The junk mail filter won’t accept negative numbers. I thought it used to (I had a negative quarantine number on an address until recently) but it won’t accept them now.

Funnily enough the name server is BLOCKEDDUETOSPAM.

Is there any way to report the SPAM to Dreamhost and/or Spamhaus so it is filtered automatically in the future?

Here is an example header:
Received: from ( [])
by (Postfix) with ESMTP id B4FBACA61B7
for <>; Thu, 27 Mar 2014 02:26:13 -0700 (PDT)
Received: from localhost (localhost [])
by (Postfix) with ESMTP id A293A17BC255
for <>; Thu, 27 Mar 2014 02:26:13 -0700 (PDT)
X-DH-Virus-Scanned: Debian amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.009
X-Spam-Status: No, score=-0.009 tagged_above=-999 required=0
tests=[HTML_MESSAGE=0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=disabled
Received: from ([])
by localhost ( []) (amavisd-new, port 10024)
with ESMTP id G-Ws7NZc70XB for <>;
Thu, 27 Mar 2014 02:26:13 -0700 (PDT)
Received: from ( [])
by (Postfix) with ESMTP id CECE41B0058
for <>; Thu, 27 Mar 2014 02:26:12 -0700 (PDT)
Content-Type: multipart/alternative;
MIME-Version: 1.0
From: Corporate Loans
Subject: Corporate loans to ensure the strength of your business
Date: Thu, 27 Mar 2014 04:21:18 -0500

A lot of the domains are also registered under enom. Here is an example whois lookup:
Domain Name: VAVEVA.COM
Registry Domain ID: 1765952929_DOMAIN_COM-VRSN
Registrar WHOIS Server:
Registrar URL:

Updated Date: 2012-12-12 16:25:37Z
Creation Date: 2012-12-13 00:25:00Z
Registrar Registration Expiration Date: 2014-12-12 16:25:00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.4252744500
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: RICKY ALEXIS
Registrant Organization:
Registrant Street: 1612 N ACADEMY BLVD
Registrant City: DENVER
Registrant State/Province: CO
Registrant Postal Code: 80909
Registrant Country: US
Registrant Phone: +1.7166948781
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: RICKY.ALEXIS@AOL.COM
Registry Admin ID:
Admin Organization:
Admin Street: 1612 N ACADEMY BLVD
Admin City: DENVER
Admin State/Province: CO
Admin Postal Code: 80909
Admin Country: US
Admin Phone: +1.7166948781
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Registry Tech ID:
Tech Organization:
Tech Street: 1612 N ACADEMY BLVD
Tech City: DENVER
Tech State/Province: CO
Tech Postal Code: 80909
Tech Country: US
Tech Phone: +1.7166948781
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
DNSSEC: unSigned
URL of the ICANN WHOIS Data Problem Reporting System:
Last update of WHOIS database: 2012-12-12 16:25:37Z

A quarantine level of .0 works to filter SPAM with a score higher than zero. I caught a few SPAM with a score of .002 with that.

Has anyone found a third-party anti-spam filter that can be used with DH? In their Wiki, they mention that you can use Postini, but that is now part of Google Apps. I’m not sure how things would be set up to work with Google Apps. Has anyone done this? I really need a good filter. Just this morning, I received 15 spam emails that made it through SpamAssassin and 5 were quarantined by SpamAssassin. I have my score set for 3.

As I mentioned, every spam email that I look into has been registered at I don’t think that is a coincidence. Also, I have seen quite a few where the registrant is Ricky Alexis, as well.

  • Merg

And to make it even better now, the last 5 spam emails to get to my Inbox have all had a negative SPAM score. Really?

  • Merg

I’m quite surprised that no one from DH has commented in this thread to give any suggestions or ideas on how to help with this spam issue. They seem to be quite active in other threads. Also, I even asked in here about using a third-party filter and remarked how the Wiki is not up to date and still no response.

  • Merg

I wrote DH support regarding entering negative quarantine numbers and spam reporting. The response was to blacklist more. Unfortunately that doesn’t work. Blacklisting is a bad way to deal with spam. I’ve blacklisted over 40 domains since the spam increase and that hasn’t stopped the spam as the spammer can just keep using new domain names. If I could use a negative quarantine number to block all email and only whitelist the stuff I want that might help.

I checked into reporting spam to Spamhaus (the filterers used by DH). They don’t accept outside spam reports. They say they have a team of people around the world checking for spam but, unfortunately, they aren’t getting the spam I’m getting. :frowning: I wish DH and/or Spamhaus had a way to report spam.

Using Spamhaus is a step in the right direction but it doesn’t always work. There must be something else DH could do to help. I’d rather not install SpamAssassin etc. myself as then that is just something else I have to maintain. I’d rather my email just work.

I’ve also set up some filters to filter out commonly used terms in the spam headers. Unfortunately that’s just a time consuming stop gap measure to help cut down some of the most frequent spam. See for info on filtering.
To be fair, DH has caught 107 spam messages in the quarantine since 2014-04-08 10:54. The scores range from 0.002 to 13.503 (I have the quarantine level set to .0). 16 messages have scores less than 2. 15 of those values are less than 1. 32 messages have a score higher than 2 and less than 3.

If I had the quarantine set to 3 I would have let an additional 48 spam emails through.

As mentioned earlier, other spam messages getting through have had a score of -0.009.

What are others seeing for spam scores?

I just deleted the emails in my quarantine, but in the last 24 hours I had 74 emails quarantined, plus 5 that made it through to my inbox. I also had 1 email quarantined that was not spam. I did not really pay attention to the spam scores. I have my quarantine level set at 2.2.

As you mentioned, blacklisting is not really an answer. Using the Blacklist button in the DH Junkmail settings actually blacklists by email address and not domain, which is not helpful at all as I don’t think I’ve had the same email address twice. Even if I blacklist by domain, I rarely see the same domain used more than once, although it does happen every now and then. I truely believe the issue is with They need to do something about spammers using them as a registry service.

I am looking into a spam filter for on my PC called Spamihilator. Since I leave my PC on 24/7, it would essentially be as if I was filtering on the server itself. I am having one issue with integrating it into my mail client, eM Client. If I can get that resolved, this anti-spam app will be very nice. It has a lot of filters built in, plus you can train it as well. It’s also very easy to use and it’s free.

  • Merg

Well, I have a feeling that this was the reason for my SPAM increase since switching over to DH…

It’s now been corrected, but who knows if that will help at this point as my info has been out there for over a month now.

  • Merg

Just as an update… In the last 3 days since I had my private registration corrected, my spam has been dropping each day. On 4/10, I had about 90 spam messages. That dropped to 73 on 4/11 and on 4/12 I had 46 spam messages. I’ll see if that number continues to drop.

  • Merg