So a misconfigured Microsoft Exchange Internet Mail Service Version 5.5.2657.72 configured to use the German Language, three levels deep in a German network, and calling itself postmaster[at]ulm.de bounced the spam without revealing any of the Received Header Lines, so we can't track the source of that particular message without asking postmaster[at]ulm.de, who probably does not prefer English. However, we do have the payload URLs, all of which point to IP Address 220.127.116.11, listed twice by the SBL as SBL34434 (18.104.22.168/32) and SBL34688 22.214.171.124/24; see also the ROKSO records for Ukranians Alex Blood / Alexander Mosh / AlekseyB / Alex Polyakov (compsoagg.com ; syzygialjc.info ; sa.akekicb.com). SpamCop's parser recommends reporting abuse by that IP Address to hostmaster[at]gx163.net, anti-spam[at]chinanet.cn.net, ct-abuse[at]abuse.sprint.net, and postmaster[at]gx163.net. I'd suggest adding abuse[at]gx163.net (because it should work) and abuse[at]savvis.net (which provides connectivity from chinanet directly to the US (LA, Dallas, Atlanta, Washington, and New York) per my traceroute). Would you care to post another bounce message, this time with the Received Header Lines in the bounced message it contains? Thanks!