We usually have a zero tolerance policy against spam and in the past have deleted those accounts which had spammed from our systems.
Now in this case there is a site that is hosted on our servers. It uses free service of bigmailbox.com. And spam has been send by a user using that service. site is assam.org which is a portal site so anyone can come and visit and create mail accounts there.
Now i have recd compaint about the spam through http://combat.uxn.com/
asking to delete the domain name and 500 $ penalty invoice being raised and what not, They have also cc the email to firstname.lastname@example.org where i host my servers.
Though mail states that it might have been send through bmb but As spammers often forge headers, a traceroute performed goes to my system. so i recd the complaint.
I think that the max i can do here is ask my client to delete that email address which send the spam, This can however not stop him from creating additional email id and doing what he wants to, SInce the Mx record for the domain assam.org goes to bmb there is no way that spam has originated from my box.
Am i or my client who hosts the site at fault here and can any action be taken against us. My name is there in whois records of the domain name in technical contact.
I live outside the United States , in India.
What should i do?