Web Hosting Talk : Web Hosting Main Forums : Running a Web Hosting Business : Spam

[mpkapadia]

Hello All,

We usually have a zero tolerance policy against spam and in the past have deleted those accounts which had spammed from our systems.

Now in this case there is a site that is hosted on our servers. It uses free service of bigmailbox.com. And spam has been send by a user using that service. site is assam.org which is a portal site so anyone can come and visit and create mail accounts there.

Now i have recd compaint about the spam through http://combat.uxn.com/
asking to delete the domain name and 500 $ penalty invoice being raised and what not, They have also cc the email to abuse@rackspace.com where i host my servers.

Though mail states that it might have been send through bmb but As spammers often forge headers, a traceroute performed goes to my system. so i recd the complaint.

I think that the max i can do here is ask my client to delete that email address which send the spam, This can however not stop him from creating additional email id and doing what he wants to, SInce the Mx record for the domain assam.org goes to bmb there is no way that spam has originated from my box.

Am i or my client who hosts the site at fault here and can any action be taken against us. My name is there in whois records of the domain name in technical contact.

I live outside the United States , in India.

What should i do?

Regards
Manish Kapadia
Bombay-India

[kunal]

hmmmmm......i think bmb can be held responsible for it, since the spam did not originate on your system. the part about forging headers, you would never know what the original header was, so its something hypothetical.

[Jaiem]

When it comes to spam all reason and rational logical thought goes out the door. Ask ten webmasters "What is spam?" and you'll probably get 10 different descriptions.

In a perfect world I'd say the service from where the email originated is responsible. But given how much of a lightening rod issue spam is many hosts have been forced to use a TOS that says basically it's spam even if it doesn't originate from your servers.

[mpkapadia]

what i only want to know is that can some action be taken against me / my client for the same.

Or can i just ignore it for now. I know bmb is at fault,
If anyone sends junk mail from hotmail address can we accuse microsoft for spam , we cannot , so why it is done in this case i fail to understand.

If it originates from my box it is fine and i can do something , not in this case.

Regards

[Chicken]

This is the second message of this type I've seen recently. Not sure but, do you have a clause in your TOS that prohibits spam being sent from a domain hosted on your servers? To me this makes sense.

Widening the provision to include this would take bigmailbox out of the picture, so to speak. This means that even if they have bmb, since the domain itself is hosted on your server, you must terminate the account.

Whatcha think?

[kunal]

hmm... yea.. i think what chicken said, sounds good... you could shut the account down... but then again, you need to have the spam thing in your TOS.

[mpkapadia]

Well i have included spamming as not allowed but the scope of My Aups do not include bmb and everyone.net services in particular.

But in this case i think it would not be proper to disable the entire domain , the particular mail account should be terminated.

If i have policy to shut down the domain then vulnerability is very high , i could just create a mail id on my competitors site and do mischief over there. Not that i would do that. But is a possibility.

Web Hosts give your opinion would you shut down the mail account or the entire domain. I feel my immediate client whose site is hosted is not at fault and some xyz person has opened a mail id on his site and used it for this purposes.

Regards

[Jaiem]

I wouldn't want to shut down any account. NTL there are a lot of anti-spam groups/advocates out there that can make a lot of trouble for the host of a site accused of spamming. And also for the host's up-stream provider. As such, unfortunately, can you risk loosing your provider and the impact on hundreds of other accounts to defend one account?

It really sucks to be in such a position! But at the moment there are no hard and fast laws, regulations or court cases (in the USA that I'm aware of at least) that spell out the bounds of what a host is responsible for and what they are not responsible for.