ID of SPAM target

[HMartins]

I noticed that some spam include many nonsense words whose color is the sabe as background.

May be these sets of aparently ramdom words are used to identify who is forwarding smap to Spamcop.

If reports include the mail body and id they fall into the hands of spammers, the guys who report to Spamcop will be identified as "spacial" victims.

Regards

H. Martins

[Farelf]

Wouldn't worry about it, HM. Maybe they they take SpamCop reporters *off* their lists (the more efficient tactic). In any event, there are surely a great number of ways they can trace reporters if they have a mind to do so. Keeping a register keyed to the sender alias would be the obvious thing. More likely purpose of nonsense/random words & paragraphs is to make content analysis more difficult. Could be catharsis too. If some of that stuff is *not* random, we have got us some sick puppies out there!

[Miss Betsy]

The gobbledegook that you see is more probably "hashbusters" to evade content filters.

If there are codes to identify reporters, they are probably used to "listwash" - remove address from list. There are two schools of thought on whether this is a good thing or not.

Those who are against it maintain that it is the duty of the reporter to avoid listwashing because it is not a solution, it allows the spammer to continue spamming people who don't know how to report, and if the ISP were to be trusted with your email address, he wouldn't allow spammers to operate.

Those who think it doesn't matter, applaud anything that gets them off the spammer's list, haven't noticed that it diminishes the spam that they can report, and do not like to alter anything so that a whitehat ISP has all the evidence they need to cancel a spammer.

Nobody knows for sure whether spammers will target reporters on purpose. In the beginning of reporting, there were instances of retaliation against reporters, but now the retaliation seems to be against blocklists. There are too many reporters to make it worthwhile. However, there are reports that a spammer will send a spam in response to a report (more like a finger gesture). Usually spammers will sell an address as live to an unsuspecting rival.

There is no way of removing all identifying marks from a spam without materially altering the spam (and that is against spamcop rules). So, in general, it is not something to be concerned about. If you are, then you had better not report or report as a "mole." (which I personally do not approve of).

The anti-spam battle is changing ground. Since many spam now come through open proxies or compromised machines, no spammer will see those reports. Those spammers on networks that don't do anything about them probably have ceased to get spamcop reports (because of the volume) so that reports simply feed the blocklist. Therefore, it is not a major issue any more.

Miss Betsy