I'm starting to have a problem... This is the 2nd time now that someone has reported to spamcop claiming that my server is sending spam. Here is the situation, and see if there is anything I can do...
I have a customer who has online newsletters. These are set up in such a way, that if someone wants to view a past issue, they email something like [email protected] where the 'yn48' is the issue number. Then an autoresponder emails back a response containing that issue. It is a very neat system/concept, as you only get the newsletter, if you email the autoresponder.
This customer has about 120+ of these autoresponders set up. Now with the latest spammer viruses going around that spoof addresses, I am seeing that one of these viruses will spam one of these autoresponders, and the autoresponder will do what it is supposed to do, and email back the newsletter to the address that the spam came from (often spoofed). Twice now, the unintentional recipient of this newsletter has reported it to spamcop, which in turn gets reported to my provider, who in turn notifies me.
Now, with enough reports liket his, my IP's will get blacklisted, and I don't want that. I'm pretty sure that once I get spam/virus filtering set up serverside that these things will die down, since the spam/virus email will be filtered before it hits the autoresponder. But I am waiting for H-Sphere 2.4 before I get that set up on the server.
Sounds like blind auto-responders, I would recommend he restricts the archive access to actual members of the lists in question. As it stands it sounds like anyone could email one of them with any old fake FROM address and it will send a response to the fake address. Excellent way for a competitor to keep you on a spam list.
Installing a virus scanner will help you as well, and these days with ClamAV being free for us to use and quite reliable I see no reason for a host not to be scanning for their clients. I've had one client opt-out of my scanning and within 2 weeks he had opted back into it due to the viruses he was getting.
If the client can't/won't fix the blind auto-responder then recommend he make the archives web accessable instead. You really have to be careful with any automated emailing routines.