Hi persistent spamfighters,
Recent weeks have seen a "mini tsunami" of spam against my spamfiltering e-mail aliasses. They are all extortion spams of the familiar type. The addresses they are against seem to have been collected together for some sort of big effort on the part of spammers.
Typical tracking URLs:
https://www.spamcop.net/sc?id=z6872438022z3beec9a957231590a431826637bc21f0z
typical backscatter
https://www.spamcop.net/mcgi?action=gettrack&reportid=7298440529
report in Spanish of original extortion spam
https://www.spamcop.net/mcgi?action=gettrack&reportid=7297979107
report in Dutch of original extortion spam
There has been much backscatter, whereby spammers have inserted my e-mail aliasses as senders, and clueless e-mail systems have bounced the spam back to my alias. Interesting is however that these bounces have been forwarded to Spamcop. Spamcop normally greets inline forwards with a "SpamCop encountered errors" messages, but does accept forwards as an attachment. The clueless bouncers send the message back to "me" as an attachment.
But how on earth does it get from there to SpamCop? Of course I am fine with spam or backscatter being forwarded to SpamCop. There was once a lot of discussion about whether backscatter could be reported as spam, but if I remember correctly this was resolved with the decision that any unsollicited mail, including backscatter, could be reported, and on that basis I have been diligently reporting the backscatter too.
But what is the step that leads backscatter to be reported to SpamCop after "bouncing" as attachments by the clueless mail servers, without my intervention to report it?
Anybody any idea?
Meanwhile "my" spam tsunami seems to be slowly abating, with only backscatter reverberating around like residual waves on the sea. And I'm not too bothered as I have well-proven spam defences, even in these times of war. Alexai please note.
But just curious how this particular step would have worked.
Cheers.
PS if this is some new line of defence by SpamCop which shouldn't be made public, I am fine with that. A PM would suffice.