Forum

I received this email from Dynadot:

------------------------------
We have received several spam complaints for the domain, *******.com. Please stop sending spam immediately. If we receive any more complaints, we will have to disable your account.

Feel free to contact us if you require further assistance.

Best Regards,
Dynadot Staff
------------------------------


I replied this morning with this email:


------------------------------
There is ONE email account for *******.com, and it is soley used by my Invision Power Board forum for an automated email validation check. HOW on earth could these "complaints" be legitimate?

What can I do to stop this?
------------------------------


Was "[email protected]" the proper address to reply to?
Will Dynadot provide copies of any complaints?
What can I do to satisfy Dynadot that the complaints are false?

Thanks,
Rick

We are going to modify our spam complaint email. Thank you everyone for the feedback.

This looks like an E-mail injection exloit.
Check this link to understand what it's all about:
http://www.securephpwiki.com/index.php/Email_Injection

You most likely have a vulnerable PHP form on your site.
Probably the member was not even aware.

4) A respectful letter informing me that a spam complaint has been reported, accompanied with a copy of the complaint and a copy of the spam. Also, a realistic time frame in which to respond before action will take place.

Further, it would be nice if there was an auto-response as soon as one replies to Dynadot's initial accusation. As it is, one doesn't know if they've received your reply.

All this is reasonable, IMHO.

Rick

I would say, though. Which would you prefer:

1) A light hearted email saying that a complaint has been made on a account / domain you own.

2) A 'A heavy handed letter'.

3) Nothing.

With option 1, the chance are you would over-look it, do nothing. The consequences could be; a closed hosting account, your domain being identified as a spam domain, unhappy people all round.

Option 2. You take it seriously, investigate the matter, identify the problem and rectify it.

Option 3. You wake up one day and find your account closed, website gone, and no communication.

At least with option 2, you realise what can happen if you do nothing, but, at least with approach from dynadot, the option to rectify the situation is available.

Thank you, mate. I've taken your advice to ban the member and keep him from rejoining. I sent the following note to Dynadot after decoding the tokenized email they sent me as "proof" of spam being sent, lol:

---------------------------------------
The email below, which you referred to as "spam," is a notification email that the forum member had to manually set up. The subject line "Topic Subscription Reply Notification" indicates that the complaintant toggled on a notification himself. In other words, in our forums, he found a topic of interest and checked a box to receive notices when that topic is replied to.

This is NOT spam.

Please reply to this email and confirm that you understand this is not spam.

[copy of compaintant's "spam" attached]
---------------------------------------

I don't blame Dynadot for taking action, but I don't appreciate the heavy-handed email they initially sent, which said that and further reports of spam would result in my domain being shut down.

Thanks,
Rick

I suggest you simply login to your control panel, ban the user. You can then add their email address / IP to the banned user list. This should stop them rejoining and it will prevent them being sent emails for notifications.

Or

Edit the MYSQL Database, replace their email address with one you own, you could then monitor what mail is being sent to that member.

There is absolutely no spam--we don't send newsletters or even "update" emails. What email is sent is totally generated by Invision Power Board, as follows:

* A verification to make sure that they've supplied a valid email address (they agree to receive this).

* A notification email once the admin has approved their registration.

* If the user has so selected in their control panel, they will receive a notification email when another user sends them a private message on the board.

* If the user has so selected in their control panel, they will receive a notification email when a subscribed forum or topic has new posts.

Finally, the complaintant is a troublemaker known to me and two other bulletin board operator friends of mine. I temporarily suspended him from my board a while back, so he's toned down his behavior in the forums. I suspect, of course, that he's simply trying to make trouble for me as a sort of payback.

What concerns me is Dynadot seems to take a "guilty until proven innocent" posture. I have 33 domains registered with Dynadot, and I have a single dedicated server. The only compaint comes from the domain where I have a known trouble maker, and this is exactly who registered the complaint against me.

Thanks for all responses,

Rick

You are correct - except where the original sign up says X (we send you a fortnightly newsletter) and they get Y (blasted with daily advertising junk).

In a case like that it is still spam

When he signed up, he agreed to receive emails, correct? In that case it's not spam.

Suggestion

Are you 100% sure your email server is not open to relay abuse? especially given the domain usage.

Are you 100% sure that you have configured the email validation program to ensure that it does not resend spam inbounds?

In both cases once a vulnrability is found your in for it.

Ask the complainant for a copy of the email header he received and analyse that plus if your DB stores the number of emails sent to the user by YOUR system compare it wjth what he has claimed to received.

Last one is for DynaDot and yourself. We recently had a person complain about the same type of thing. Turns out HIS email account at the ISP was retaining the email after download and of course redownloading it each time he checked his email account.