Results 1 to 34 of 34
  1. #1

    Malicious Spam Reports?

    What defense does an innocent website have against false or malicious spam reports?

    Yesterday our website was "temporarily deactivated" by our webhost. We called the hosting company. They'd only say they'd received a spam report. They reinstated our site but wouldn't provide details about the accusation(s).

    This experience left us feeling vulnerable to further such problems, particularly from competitors or disgruntled persons who want to cause trouble.

    We hate spam and are very careful about not sending anything that could be miscontrued to be spam. We keep detailed records of customers and those people who have emailed us requesting specific information about our services. We could provide this info to the hoster if only they would ask.

    But we've found it difficult to get an actual person (from their "Abuse dept.") on the phone. "All you can do is send an email," we're told.

    Is it unreasonable to expect an opportunity to defend ourselves BEFORE our site is shut down? Shouldn't hosting companies offer protection against unethical or clueless people who unfairly make spam reports?

    We appreciate feedback, suggestions or recommendations for a good hosting company that truly sees the virtue of fairness and transparency in these issues.

    Thanks,

    Steve

  2. #2
    Join Date
    Feb 2004
    Location
    Scotland
    Posts
    2,830
    Quote Originally Posted by Songwriters100
    Yesterday our website was "temporarily deactivated" by our webhost. We called the hosting company. They'd only say they'd received a spam report. They reinstated our site but wouldn't provide details about the accusation(s).
    The shouldn't normally have any problem giving you details of the report.

    Quote Originally Posted by Songwriters100
    But we've found it difficult to get an actual person (from their "Abuse dept.") on the phone. "All you can do is send an email," we're told.
    Personally I'd actually agree with not getting someone on the phone for abuse issues. In an issue such as this, any communication needs to be documented so that it doesn't come back to a "He said", "No, she said" situation and the best way to do that should be to keep it written, then there is no confusion. That doesn't mean the host should take forever to deal with the issue though.

  3. #3
    That's a good point about documenting the phone call. I hadn't thought of that. I just hoped we could speak with someone who could help us better understand the process (of reporting spam, providing documentation, etc.)

  4. #4
    Join Date
    Nov 2003
    Location
    Newport Beach, CA
    Posts
    2,920
    If you can't get justification, or proof of the accusation? the first thing you should do is find another host.
    Show your reciprocal links on your website. eReferrer

  5. #5
    That's what I thought. But the tech said he "couldn't give out specific details" about the person who filed the complaint, which of course makes it impossible for us to react to the situation.

    I'm trying to understand how the process works. I checked their "Terms of Agreement" and we did everything right and nothing wrong.

    Apparently, they just believed the spam report and shut our site down. They did send us a notice by email, which was nice, but since it was the middle of the night we didn't have a chance to respond to it for six or seven hours.

  6. #6
    What is the host you're buying your services from?

  7. #7
    Join Date
    Nov 2003
    Location
    Newport Beach, CA
    Posts
    2,920
    Quote Originally Posted by Songwriters100
    That's what I thought. But the tech said he "couldn't give out specific details" about the person who filed the complaint, which of course makes it impossible for us to react to the situation.

    I'm trying to understand how the process works. I checked their "Terms of Agreement" and we did everything right and nothing wrong.

    Apparently, they just believed the spam report and shut our site down. They did send us a notice by email, which was nice, but since it was the middle of the night we didn't have a chance to respond to it for six or seven hours.
    To accuse you of spamming and refusing to give justification is unacceptable.
    Show your reciprocal links on your website. eReferrer

  8. #8
    Songwriters,

    As everyone here has said a host who refuses to give you a spam report or even talk to you on the phone is not a host you should be with, move ASAP.

  9. #9
    They may not be able or willing to give you the name/email address of the person making the complaint, but they certainly can - and should - give you the email itself, with headers, even if they blank the recipient's name/email address to prevent listwashing if it is spam. If they won't, then you should definitely find another host, because that is irresponsible of them.

  10. #10
    Join Date
    Jun 2002
    Location
    Waco, TX
    Posts
    5,292
    They should at least provide you a "munged" report that has the name, and email address of the person who reported blanked out.

  11. #11
    If I can't get the email address, how can I send them (the hoster) a copy of the request to prove we received a request from the person who reported us?

    When people write us for requests, usually all the send us is their email address and their name.

    I'm not sure what good it would do me to see a copy of the email if they blank the recipient's name/email address. That's what I'll need to show them it was not spam, but requested from the person.

    Or am I missing something?

  12. #12
    Join Date
    Jun 2006
    Location
    it seems on line ;)
    Posts
    927
    Quote Originally Posted by Songwriters100
    What defense does an innocent website have against false or malicious spam reports?

    Yesterday our website was "temporarily deactivated" by our webhost.
    It is your host's fault. One defense could be sharing your host's name here. If your complaint is sound (support ticket number or similar) I am sure many people here will include your host within their blacklisted hosts and hosts are aware of it.

    Another defense is filing your complaint to the bbb.org.
    Gonzalo
    "To venture is to risk one's life; not to venture is to lose one's reason to live"

  13. #13
    Join Date
    Apr 2006
    Location
    Morgantown, PA
    Posts
    26
    Do you have frontpage extensions installed? They are VERY easy to hack. I have been hacked in the past. Next thing you know, some clown in China is uploading a fake PayPal website on YOUR server, then send TENS OF THOUSANDS of emails via a unsecured PHP form to email script by injecting the headers...and it LOOKS LIKE YOU DID IT!!!

    Knock, knock, knock...the FBI is at your frontdoor.

    MAKE SURE you don't have any unsecured PHP form-to-email scripts AND you don't have any account with unused Frontpage Extensions.

    Check this out:
    http://www.securephpwiki.com/index.php/Email_Injection

    And this...
    http://archives.neohapsis.com/archiv.../msg00156.html
    4cheapwebhosting.com - web hosting directory

  14. #14
    Join Date
    Jan 2005
    Location
    TX
    Posts
    77
    The host should have provided you the complaint (even with the email addressed munged), especially if it is a spam complaint. That is very odd, I would hunt around for another host because in my opinion that type of action is not considered professional by anyone in the webhosting industry.

  15. #15
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    895
    Your host is being a jackass.

    Look for another they should atleast check into it before deactivating you
    Everyminute your offline is damaging it is unproffesional action on your hosts part.
    I could tell you a joke about UDP. But I'm not sure you would get it!

  16. #16
    Yes, I can sure testify to that. It was a hard jolt to see a big sign saying "This site has been deactivated."

    Can anyone suggest a host service that takes the time to let their customers know when a complaint is made against them -- before removing a person's website?

    Is there an honest "ratings list" of web host ratings available?

  17. #17
    Join Date
    Jun 2006
    Location
    it seems on line ;)
    Posts
    927
    I had a few similar problems when my host was site5 and they did act professionally and asked me before considering any action. However, their reputation is compromised now due to support issues.

    Most professional hosts would ask you before doing anything.
    Gonzalo
    "To venture is to risk one's life; not to venture is to lose one's reason to live"

  18. #18
    Join Date
    Jun 2002
    Location
    Waco, TX
    Posts
    5,292
    Would like to point out there are SOME time when an upstream is making problems for you about a spam complaint they tell you you must suspend first ask later. But for the typical spam complaint this does not happen.

  19. #19
    Join Date
    Nov 2003
    Location
    Newport Beach, CA
    Posts
    2,920
    I would never even consider shutting ANY client down for spam without seeing the proof of it, and in 6 years I've never been shut down for asking for the proof before acting.

    It's ludicrous that anyone would.
    Show your reciprocal links on your website. eReferrer

  20. #20
    Join Date
    Jun 2002
    Location
    Waco, TX
    Posts
    5,292
    e-places, I did not mean without proof. I meant you can not always consult the client and warn about a complaint, sorry if I was taken wrong there. I agree there would need to be an official complaint in before acting. There I just not always the time required to ask the client "why did we get this report" before acting when you have an upstream demanding a shutdown. Therefore the want you to shutdown then discuss with the client.

  21. #21
    Join Date
    Nov 2003
    Location
    Newport Beach, CA
    Posts
    2,920
    Ohh, yes I understand. Sorry about that. My bad.

    You're correct.
    Show your reciprocal links on your website. eReferrer

  22. #22
    Join Date
    Jun 2006
    Location
    it seems on line ;)
    Posts
    927
    There is no need to shut down. In case of emergency a temporary limit for outgoing email would be enough
    Gonzalo
    "To venture is to risk one's life; not to venture is to lose one's reason to live"

  23. #23
    I'd strongly suggest you find another host provider immediately; Your current host should have provided you with a formal explaination as to why they have suspended you.

  24. #24
    What was the provider now again?!

  25. #25
    Join Date
    Aug 2004
    Location
    Australia
    Posts
    895
    Quote Originally Posted by freeflyer
    There is no need to shut down. In case of emergency a temporary limit for outgoing email would be enough
    Prehaps even shutting it of and queing the same to be sent once the problem is sorted also if a client can be allowed to inspect their outgoing queue to determint is a script has been exploited
    I could tell you a joke about UDP. But I'm not sure you would get it!

  26. #26
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,675
    Quote Originally Posted by Songwriters100
    If I can't get the email address, how can I send them (the hoster) a copy of the request to prove we received a request from the person who reported us?

    When people write us for requests, usually all the send us is their email address and their name.

    I'm not sure what good it would do me to see a copy of the email if they blank the recipient's name/email address. That's what I'll need to show them it was not spam, but requested from the person.

    Or am I missing something?
    The email, with headers, should give you enough information to know whether or not the spam complaint is untrue. It will allow you to know if it came from one of your known mailing lists. You can then say that your mailing list requires verification (sometimes called "double opt-in") before you send out further mailings.

    If your list does NOT require verification, then you're just asking for trouble. Someone could submit MY email address to your list and then I'd receive unwanted spam from you as well.

    Getting a copy of the email and headers will also show you if the email didn't even come from your account at all. I'm suspicious why the host would shut you down, then unsuspend you without even telling you what the problem is. I mean, if you never knew why they shut you down...how could you "fix" it enough for them to unsuspend you? Doesn't make sense at all.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  27. #27
    Tina,

    Yes, that's what I thought. But all the tech would say was there had been a spam complaint and I should contact their "Abuse department" for the details. I did that. It's been over 24 hours and I've received no response.

    As to your opt-in suggestion, I'd appreciate further clarification. Are you saying if someone emails me to ask for information I can't simply write back with the requesting info?

    Usually people just write us to request event reminders, then we remind them when the event deadline nears. This is the first time in over eight years we've ever had a problem.

    This is a great list, BTW. Appreciate all the smart & helpful feedback!

  28. #28
    Join Date
    Feb 2001
    Location
    West Michigan, USA
    Posts
    9,675
    If you have a form that people can fill out, to request information, it is wise to have an 'opt-in' method. That is, people fill out the form and submit their email address - the form then sends back a fairly blank email with the words "You have requested to join our mailing list. If this was a valid request, please click here. If this was not a valid request, ignore this email and we will not contact you again." - when they click on the link, it verifies that they did indeed request to be on your mailing list. This prevents people from maliciously signing up other people to your list. Then, when your host says there was an abuse report, you can say to them "All of our email addresses are opt-in and require confirmation before they are added." That goes a LONG way in telling your host that your list is clean.

    --Tina
    ||| 99.999% Uptime SLA!!!
    Plenty of space and bandwidth to fit your needs!
    www.AEIandYou.com - - (WP Friendly - Premium Reseller Hosting and Cheap Dedicated Servers)

  29. #29
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    What defense does an innocent website have against false or malicious spam reports?
    None, really. Unless you maintain your own server, you have no defense against this.

    Yesterday our website was "temporarily deactivated" by our webhost. We called the hosting company. They'd only say they'd received a spam report. They reinstated our site but wouldn't provide details about the accusation(s).
    Read through their TOS/AUP. You DID read those before signing up, right?
    Chances are that this is covered in there, and that you have to jump through hundreds of hoops in order to deal with their reports.

    But the tech said he "couldn't give out specific details" about the person who filed the complaint
    Of course they can't. But they CAN (and SHOULD) give out headers to prove that it was your mail that actually spammed something, and how to resolve this issue.

    It's been over 24 hours and I've received no response.
    Keep in mind that we're just getting off of a weekend, so no responses from "abuse" or "sales" should be expected during this time. When they get in the office, they may (may) help you out, if they even have an office!

    In case of emergency a temporary limit for outgoing email would be enough
    Nope, that will not work for most providers.
    Remember, the host is a customer of someone too. That someone has policies to protect them from getting shut off, as does the host.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  30. #30
    Join Date
    Jun 2006
    Location
    it seems on line ;)
    Posts
    927
    Quote Originally Posted by linux-tech
    Nope, that will not work for most providers.
    Remember, the host is a customer of someone too. That someone has policies to protect them from getting shut off, as does the host.
    If so, it would not be recomended contracting resellers to avoid down times ...
    Gonzalo
    "To venture is to risk one's life; not to venture is to lose one's reason to live"

  31. #31
    Yes, we did read the terms of service and we were happy to follow them. That's the point, and that's we feel like we've been dealt with unfairly.

    It sounds as if we have little or "no hand" in situations where someone intentially wants to discredit us, especially if our hosting company just deactivates our site and asks questions later.

    Would a dedicated server be right for us, or would we be vulnerable to the same kind of problems?

    Could we maybe hire a web professional to occasionally help us with these kinds of hosting issues? Certainly there must be a way to upgrade and get better, more empathetic service.

  32. #32
    Join Date
    Sep 2002
    Location
    Top Secret
    Posts
    11,686
    Would a dedicated server be right for us, or would we be vulnerable to the same kind of problems?
    With a dedicated server, you would have more control over what happens, and in most cases, while you would be more vulnerable to these kind of problems, you wouldn't have the frustration in dealing with this kind of stuff, and the provider (generally) won't unplug you immediately.
    WHMCS Guru - WHMCS addons, management, support and more.
    WHMCS Notifications Extended - Add slack, hipchat, SMS, pushover to WHMCS !!
    Always looking for Linux, WHMCS, Support Desk work. PM for details

  33. #33
    Join Date
    Feb 2006
    Location
    Swellyville
    Posts
    2,340
    Quote Originally Posted by linux-tech
    Remember, the host is a customer of someone too. That someone has policies to protect them from getting shut off, as does the host.
    Exactly, the provider in which you go through is a customer of an upstream somewhere in the mix...they have polices they must inforce aswell. I don't really think getting a dedicated server would solve any of your current issues with your current host. If anything, I think it would bring up more issues for you to worry about such as management, etc. Has your domain ever had any spam complaint issues in the past? Perhaps a switch is in your near future. If you know for a fact that you are right, than you are right and your host is not being professional obviously.
    <<< Please see Forum Guidelines for signature setup. >>>

  34. #34
    Quote Originally Posted by freeflyer
    If so, it would not be recomended contracting resellers to avoid down times ...
    Welcome to the wonderful world of reselling. It's a popular business model for the
    times we currently live in.

    What kind of service is the OP providing? Mailing list solutions, ecommerce, etc.?

    If it involves creating mailing list/s, then I second AH-Tina's post about confirming
    each and every opt-in. I strictly do this in my blog's opt-in form and keep records of
    every one who confirms.

    If that host isn't willing to provide specifics to prevent this sort of problem, then it
    be time to move to another host who does. Adding some "email authentication"
    like Sender Policy Framework (SPF) records might help as well, though it requires
    some degree of technical know-how.

    Unfortunately without further details from the host in question about this, we will
    never really know what exactly caused this. We'll especially never know if they're
    indeed justified in taking such actions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •