No matter what precautions you take or how many hours, days, or even weeks you have spent hardening your server’s security, the possibility of being accused of sending spam still exists. This can cause you all kinds of problems, from the inability to send mail to certain Internet Service Providers (ISP), to having your server disconnected by your provider or data center.

The reasons vary. You could, for example, simply be the victim of IP identity theft, where a spammer uses your IP address to send spam from another location. You could also have a more serious problem, where a spammer is actually sending spam directly from your server.

To understand how you might get to this point, you should first understand the nature of the complaint. Many complaints are registered with spam policing agencies that then distribute blacklists to various ISPs. If your IP and hostname shows up on a blacklist, it is most likely because someone is using an open relay on your server or is spoofing your IP.

If it is the latter, the spoofing will stop once the IP is blocked, and the spammer will probably not use it again. In that case, the blacklists will normally drop you within 48 hours from the time when spamming ceased.

There are two ways someone could send spam from your server. One is through an open relay in your mail server. This can be fixed with simple configuration settings, requiring authentication to send mail. The second method is through hosting. Some people may sign up for hosting with your service, under the guise of a business or club, but really have the intention of sending spam. Check your mail logs to see where the spam originates and stop it.

As with IP spoofing, once the spamming has stopped, the DNS blacklists will eventually remove your server, and you can go back to business as usual.