Spam designed to inconvenience Spamcop reporter

[NeilMaybin]

I have reported spam for some time now, though anonymously. This evening I received a second message, apparently spam, which appears to be a malicious attempt to get me to incriminate my own ISP.

http://www.spamcop.net/sc?id=z758760541z98...d3fc7114b5267cz

In it, the spam arrives from 201.22.104.233 (the Spammer's real or forged SMTP server or relay), which is untrusted by Spamcop. Spamcop then picks up my receiving ISP's address 195.74.108.227 as the spammer. If I were to report several of these, the result would be that 195.74.108.227 would be blacklisted and so Spamcop would classify all legitimate e-mails for me as spam. (Not to mention the inconvenience for my receiving ISP).

Have the Spammers really developed an "own-goal" spam bomb? Or is there another explanation?

[Wazoo]

Not overly enthused at the naming of 'your' server,;

05/01/05 17:15:05 dns 195.74.108.227

nslookup 195.74.108.227

Canonical name: 195-74-108-227.no-dns-yet.enta.net

Addresses:

195.74.108.227

http://www.senderbase.org/?searchBy=ipaddr...=195.74.108.227 shows that IP as sending e-mail back on 2003-07-03 ...????

Anyway, your Tracking URL shows no sign of you using the MailHost configuration, which may have helped. Not knowing the real story behind that particular e-mail server, it is possible that it fell into the 'newly seen' status for the SpamCop parser ...??? Suggest running your account through the MailHost thing and try it again?

Yes, this trusted/untrusted skip-a-line thing has come up before, but if kicked upstream, the first question there is also going to include "has the user gone through the MailHost ....?"