Why Is DreamHost Not More Agressive In Stopping SPAM Senders On Its Servers?



Current best practises among hosting providers are to impose safe sending on all customer accounts. DreamHost’s best does not conform to best practise and is sufficiently permissive that bad actors continue using DreamHost resources to send indiscriminate UCE/SPAM.

For example:
X-Spam-Status: Yes, score=6.4 required=5.0 tests=HTML_MESSAGE,
URI_WP_DIRINDEX autolearn=disabled version=3.3.1
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* [ listed in bb.barracudacentral.org]
* 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
* 0.0 URI_GOOGLE_PROXY Accessing a blacklisted URI or obscuring source of
* phish via Google proxy?
* 3.0 URI_WP_DIRINDEX URI for compromised WordPress site, possible malware
X-Spam-Level: ******
Received: from ps103280.dreamhostps.com (ps103280.dreamhost.com [])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx-1.loosefoot.com (Postfix) with ESMTPS id CE35C13611D
for omitted@mydomainname.com; Sat, 12 Nov 2016 13:33:47 -0600 (CST)

Who is responsible and why aren’t they sufficiently aggressive, diligent, and effective? Does DreamHost aspire to something better than caveat emptor and typical commercial behavior?


Hi @ratzinger, thanks for looking into these things. DreamHost’s Abuse team has a number of layered technological and policy mitigations in place to stop spam and react to further mitigate upon any reports of those that do slip past the technical mitigations and monitoring.

We have a staunch anti-spam policy https://www.dreamhost.com/legal/anti-spam-policy/: any time you notice something like what you reported here, please send all the spam with headers to abuse@dreamhost.com for our dedicated abuse team to take action 24/7 .

This specific instance you reported was an exploited WordPress install: we’ve already mitigated backdoors and a spam sending script and have contacted the affected customer with directions on further securing their site from exploit.