I would strongly recommend that a note about these spams is featured on Spamcop's front page, because not every user is going to penetrate to the forums and read through this thread. The spams look very genuine, no complex data trail, email addresses which appear to belong to this domain, X-mailer Spamcop etc. It's only by examining the headers carefully that you notice that you are invited to reply, if you wish, but that the reply email addresses start with "harvest" and "bounce". However, there is a legitimate program called Harvest. I'm not sure that my husband and I would have worked it out even then, except that not only were both of us "one of the very few addresses compromised" (which might even have made sense, since we registered at the same time) but one of the dead addresses at his work, our ISP, also received one.
I don't think most users are going to have that much supplementary information, so I would recommend that there be a note about this on the front page: it's certainly what users expect, if there is a spam out purporting to come from any site, the site says so publicly on the front page, so you can't miss it.
I've pasted the message in below, in case there is anything useful in it, or it varies from the 'normal' strain in any way. I hope that's OK. <nervously> I've only just registered for the forum, so I could post this. My husband and I are still trying to work out if this is a spam or not. He says no, I'm more suspicious...
Thankyou for reading my post, and for the information you have provided here. At least, reading this thread helped me work out whether I was dealing with a spam or not. Spamcop might like to include in its front-page note something like this:
"Spamcop will not send out any emails requiring an email response from you. Any email you do receive from us will ask you to come to our homepage, www.spamcop.net, by typing that address into your browser, or by using a bookmark you made of that site earlier. So any email purporting to come from Spamcop which invites you to reply, or to click on any link in the email, is spam."
_________________________entire spam received, including headers____________________
From: harvestbug[at]admin.spamcop.net
Subject: SpamCop security breach
Date: 14 August 2004 9:55:12 AM
To: clytie[at]riverland.net.au
Return-Path: <harvestbounces[at]admin.spamcop.net>
Delivered-To: clytie[at]riverland.net.au
Received: (qmail 24879 invoked from network); 14 Aug 2004 00:25:12 -0000
Received: from unknown (HELO vmx1.spamcop.net) (64.74.133.248) by 203.18.28.195 with SMTP; 14 Aug 2004 00:25:12 -0000
Received: from unknown (HELO spamcop.net) (192.168.19.201) by vmx1.spamcop.net with SMTP; 13 Aug 2004 17:25:13 -0700
Precedence: list
Message-Id: <wh411d5be8ge847[at]msgid.spamcop.net>
X-Mailer: http://www.spamcop.net/ v1.370
Hello SpamCop user (or recipient of SpamCop reports),
We appologize for this email, but we felt it was important to let you know
of a recent security bug in the SpamCop codebase.
This problem was fixed within hours of its discovery, but unfortunately
your address was among the very small number that was revealed before
we were able to resolve the problem.
We want you to know that security remains our highest priority. We are
always working to ensure that your account information remains secure.
Please accept our sincere appologies for this serious oversight. If you
have any questions, comments or concerns you may reply to this email to
reach a SpamCop representative.
Thank you for your understanding,
- SpamCop management
______________________________end of pasted message___________________________