Current best practises among hosting providers are to impose safe sending on all customer accounts. DreamHost's best does not conform to best practise and is sufficiently permissive that bad actors continue using DreamHost resources to send indiscriminate UCE/SPAM.
X-Spam-Status: Yes, score=6.4 required=5.0 tests=HTML_MESSAGE,
URI_WP_DIRINDEX autolearn=disabled version=3.3.1
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
* 1.6 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
* [184.108.40.206 listed in bb.barracudacentral.org]
* 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
* 0.0 URI_GOOGLE_PROXY Accessing a blacklisted URI or obscuring source of
* phish via Google proxy?
* 3.0 URI_WP_DIRINDEX URI for compromised WordPress site, possible malware
Received: from ps103280.dreamhostps.com (ps103280.dreamhost.com [220.127.116.11])
(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by mx-1.loosefoot.com (Postfix) with ESMTPS id CE35C13611D
for firstname.lastname@example.org; Sat, 12 Nov 2016 13:33:47 -0600 (CST)
Who is responsible and why aren't they sufficiently aggressive, diligent, and effective? Does DreamHost aspire to something better than caveat emptor and typical commercial behavior?