I am very angry at one of my customers for my webhosting service.
He signed up for a sub-domain at 9kd.net because he didn't have his own domain or so I thought.

About a week later, he started to send spam mails from a fake domain name and he advertised his site which uses illegal content.

Some people are very angry because of this and has sent us an E-mail since his mail is fake to reply to.
Another E-mail has been sent to the FBI by someone else.

I've deleted his account. Anything more I should do?

Tell all the people that still complain to you, that you removed him. Send any helpful information to anti spam groups. :)

Maybe there is a way of monitoring or making it that a cusomer can only send 60 e-mails an hour when they first join, maybe a way of stopping it happening.
or, is there not a way of making it impossible to fake the return to address?

I remember sending an e-mail from AOL and faked the reply to and it still came back to me as a reply when i relied to it, im sure it could be done in something like QMAIL.

Anything else, maybe monitor the RBL (Realtime Black Hole List) - i forget the URL, but doing a search should find it, just to ensure you dont get added to it or you wont get much traffic when your server is blocked.

If the fake reply to was on your network or an a mail you can register then maybe you should register it and have an auto reply apologising for the inconvenience.

Good Luck.

Originally posted by 9kdnet
I've deleted his account. Anything more I should do?
Yes. Learn from the experience. Don't create any more sub-domain accounts. They just implicate you as a spammer.

Sub-domain accounts made sense when domains costs $100 for the first 2 years, then $70. However, now that they can be had for under $10, anyone who says they need a sub-domain should be highly suspect. As in your case, they just implicate you as a spammer and may get you banned from several systems.

Is any customer worth that?

Thank you for your helps.
We've learned from our mistakes.
We have all the information on that customer.

Mind sharing the chaps info? So other hosts don't fall for the same fella...

I suppose it was one of those emails saying you must not accept credit card payment from him. When the account is setup, you must email him all his account info including the location to his cgi-bin and sendmail? He'll then post the check... something like that... right?

I will send the info. to the FBI if I need to.

Originally posted by 9kdnet
I will send the info. to the FBI if I need to.

You will probbaly need to. And you should ...because if you don't, then it looks like you are the spammer.

I've already deleted his account. I will reply with his info. if they decide to E-mail me.

I wouldn't count on the FBI to do anything, respond or care at all about something like SPAMMERs. They have more important things to worry about. However, as for anything else you can do at this point, just make sure you have backups of any logs (FTP, telnet/SSH) with this user's IP, etc. and when they connected. I'm sure you have information about this person's server they connected to yours with -- even though it was probably via another server they accessed via another. However, they usually aren't that smart. And, in reality, Spammer's have little to worry about other than getting their ISP account canceled and nothing more.


Therefore, they likely didn't hide their tracks well, since they don't need to -- which also tells you that there's not much you can do other than cancel their account.. which further tells you that you really have nothing to worry about anyway. Forget about the FBI, unless this was highly illegal content -- such as child porn, or whatever, in which case you should certainly pursue this as much as possible. Also, on the SPAMMER's sub domain they got, put up a notice saying it's been canceled and mentioned it's due to SPAM and illegal content -- and further, clearly state that you've provided all logs to the FBI and law enforcement to track and prosecute this person.


If they visit their page to see if you put up any notice, perhaps they will think twice next time, even if they don't get caught this time. However, if it's something like the above mentioned crime, maybe it's better to not give them any idea or warning about reporting them, assuming the FBI or law enforcement does get involved. Few people will believe you as the provider are the spammer, unless you don't take any action -- and you clearly did do that. Other than that (the act of removing said user and content) and the act of reporting this and keeping all the logs to track them -- as well as possibly putting up a notice, very few, if any, people would give you grief about it.


In fact, you can put in an auto responder for that address the SPAMMER used and state that the account has already been closed (on whatever date) and they have been reported, so they can be informed, yet still save you time and hassle. Finally, as someone else suggested, limit the amount of emails someone can send -- and even the number of BCC addresses per email. Moreover, to enforce a policy where it shows the sender's address where it can't be faked, make sure people can't relay through your server and require usernames and passwords for being able to send it (perhaps even locally). I would think that (and perhaps some other implementations) should deter most spammers, in addition to watching out for accounts that seem suspicious or use the mail server more than average or reasonable amounts. Lastly, perhaps some delay, like a 1 (or more) second delay between emails being sent woudl help as well.

Originally posted by Tim_Greer
Forget about the FBI, unless this was highly illegal content -- such as child porn, or whatever, in which case you should certainly pursue this as much as possible.

I have reported such a website to the FBI a couple of weeks ago ...and they told me that i would have to send this to the local police office for investigation. I went to the local police office (just over the road) and they told me that they couldn't do anything since in 90% of the cases the owner(s) of such websites live outside the U.S or Canada.

:rolleyes: :(