Fog Creek Software
Discussion Board

OT: are some web hosts worse for spam than others?

Here is my experience:

I had a virtual server at Rose Hosting. They weren't any help at all in getting things configured beyond the basic setup, but I eventually had a working instance of qmail for several virtual domains. I had *NO* issue with SPAM at Rose, however.

A couple of months ago I decided to reduce my expenses by going with a cheaper web hosting and email solution. So I moved everything to Jaguarpc (very good deal, 1 gig storage and a lot of transfer allowance per month for $10/mo.) Jaguar is not a virtual server, instead they are the usual managed Unix web host thing.

Almost immediately I started to get barrages of spam directed to one domain. I am talking 6-800 spams a calender day to one domain. I had to start using their Spamassasin, which does not catch everything and which catches some important email that I really wanted. I also get crapfloods of "bounced" messages, apparently someone is using my domain to spoof the sender address and I get the bounces.

Also, JaguarPC has a formmail.cgi script that is in the open and which appears to be shared by all Jaguar users (it's a standard preinstalled script). I wonder how much of my problem is due to this.

Lastly, a few members of a mailing list that I had set up on Jaguar on this account were not getting list messages. Their ISPs were rejecting the Jaguar originated messages because the Jaguar IP address was in the SORBS and other spam origin databases.

So, are some web hosts "worse" for allowing or somehow creating benevolent conditions for inbound SPAM than others?

Bored Bystander
Tuesday, June 15, 2004

I would venture to guess that the hosting service does matter but I dont have a specific recomendation for you...sorry...

But I wanted to ask a related question (and may also relate to your problem), I started getting "bounced" messages awhile back and this concerned me because someone is clearly spoofing the sender with my domain (as is the case for you).  Where the concern comes in- Does this then make your domain look/get red flagged (higher probability) as a spammer (thus more of your emails are blocked- I know of one instance where my email is blocked by a friends company).  If some are getting routed back to you others must be going thru with your domain as the sender.  Is there a way to determine where the email originates (I tried sending the header info to my hosting service but no luck)? 


Tuesday, June 15, 2004

I get a LOT of these. If you inspect the sender's IP address, it is never your hosts' (is it?) At least it's not for me. I've done some tracerts on them and they always resolve to something other than me or my ISP.

I think this just means that the To: address field is being forged with your email address & domain.

I am pretty sure that the anti spam databases like SORBS use the origination IP address.

Bored Bystander
Tuesday, June 15, 2004

A lot of the recent viruses collect email addresses on the user's system and pick one as the from: and one as the to:, then when it bounces back it's sent to the from:. We get tons of them.

Tuesday, June 15, 2004

I even got a virus from myself yesterday.

My Sri Lankan mail account has three email addresses, only one of which I ever use. The one I use got a virus from one of the ones I never use yesterday!

Stephen Jones
Tuesday, June 15, 2004

You can bet that the formmail.cgi is the main source of your problems, it is notorious for being exploited.

Wednesday, June 16, 2004

*  Recent Topics

*  Fog Creek Home