It's the fact that hosting companies have to deal with the cleanup afterwards both in terms of bounced messages, spam complaints and other repercussions that have the potential to cost them time, money, clients or even their service.

Lots of people worry about being the target of spam complaints and often the easiest answer is to write a clause into the TOS so you can terminate them fast and avoid further problems.

If you're just a small customer of a much bigger hosting company generally any type of spam violation results in terminate of service.

Why so harsh?

Because if they think they have reasonable proof they can terminate the problem account and get on with their lives while the rest of their customers bring in the money.

The problem with spammers is that they generate virtual "paper-trails" which lead back to their host (via links) and/or source of email, this has the potential to get those mail-servers blacklisted or at least flagged as spammers if the problem isn't dealt with promptly or keeps happening.

The basic problem hosts have if they get blacklisted for a 3rd party sending spam is that a certain percentage of all mail from that blacklisted system gets instantly (often silently) rejected.

They now have to explain to their clients why no users of certain ISPs are able to recieve the server generated emails, which typically relate to transactions and which people get nervous if they don't recieve. This could cost them clients.

Additionally if a host shares that mailserver with others, these people will be asking the owner of the mailserver (typically the parent host) why they are losing outgoing messages. If a host signed a contract that said no spam this is where they may start to feel the hurt.

If the host is terminated they have to explain to their clients what has happened and hope that the clients don't just leave immediately when they hear the news. Would you stay with a host that said this to you?

Naturally blacklisting doesn't appeal to parent hosts that much either. Since they normally get to see copies of spam complaint relating to their systems they can try to manage the situation by suggesting nicely to their client (the reseller) that they fix the problem while referring them to the contract they agreed to that said no spam. The quickest and easiest fix is just to terminate the problem customer as per TOS.

Lastly you'll find that it's a lot easier to get blacklisted than unblacklisted and that a lot of professionals buying webhosting check blacklists before they buy.

Basically the further down the food chain of resold hosting you go the more paranoid they get about being shutdown for spamming - I've seen posts here about reseller accounts being cancelled because they unknowingly let a spammer in, I've seen posts about a TOS termination for spammy link requests.

- Tony

[]

Regarding this: "Lastly you'll find that it's a lot easier to get blacklisted than unblacklisted and that a lot of professionals buying webhosting check blacklists before they buy." Where would I check this?

That's a good question... most of the older blacklists have been sued or DDOSd out of business - spamcop.net and/or mail-abuse.org are as good a place to start as any for checking out blacklisted mailservers.

Spamcop is useful because you can key in the ip/name and then it'll tell ou a little about it, which used to include blacklist status and samples of recent spam if any were logged.

Alternately you could just google for resources, which might work just as well...

- Tony

Regarding Spamcop: I put in the complete headers of an email and it turned out that I was to notify an address in Turkey to report the spam. The return address ended in .tr. This made me wonder if this can be faked? I do know parts of the return address can be faked, but can the originating country be faked? Or is everything to the right of the @ genuine?

The "from" header can be faked, but it's pretty easy to work out when that happens because the sender isn't related to the domain of the sender, or close to it in terms of IP address.

You can just put a single hostname in their for a limited analysis too.

- Tony

Lizzie, every piece of UCE/SPAM sent leaves a trail. That trail may be thru open relays, or proxy servers set up specifically for funneling UCE/SPAM to it's intended victims.

Nearly everything is faked, or masked in one way or another. That includes 'everything to the right'. If Spamcop sent abuse messages that were also in the "Reply-To" field of the message processed, that was sheer happenstance and is not always the case. ;)

These bounced e-mails [google.com] threads discuss the problem.

There are tons of resources out there and one is in your sticky. :)