Spam Disguised as a Bounce

[memphomom]

I received a mail last night that is clearly spam but it's subject lead me to believe it was a bounce. I tried to report it anyway but SpamCop refuses it because it also thinks it is a bounce. How can I get this spam to someone who can see that it is spam so that it can be stopped?

Thanks.

Memphomom

[AlphaCentauri]

Go down to the original headers.

Paste them only into the reporting window.

When it returns its parsing, copy the addresses. Cancel the report, and forward the entire bounced email to the addresses spamcop would have reported to.

[turetzsr]

Hi, Memphomom!

...In addition to AlphaCentauri's excellent advice, please either:

• post this in news.spamcop.net/spamcop.spam newsgroup, if you are facile with NNTP
  
• forward the e-mail, with complete headers, to deputies <at> admin.spamcom.net (replace the " <at> " by an at sign, [at])
  

so that the SpamCop deputies can have a look at it.

...Good luck!

[alan_f]

FYI: I ran into the same problem -- I just posted the message to this forum as well (I noticed your posting after I had posted mine) and am forwarding it to the deputies for them to have a look.

-Alan

[Jeff G.]

I don't think the Deputies can do anything about this, as it's a problem with the coding in the reporting system. Please forward any spam that SpamCop says is a bounce to "service at admin.spamcop.net". Thanks!

[Spambo]

Go down to the original headers.

Paste them only into the reporting window.

When it returns its parsing, copy the addresses.  Cancel the report, and forward the entire bounced email to the addresses spamcop would have reported to.

You shouldn't assume that the headers contained in the bounce are the "original headers" or are in any way valid. Spammers can (and do) create totally bogus bounces and the "bounce's" headers contain the proper place(s) to LART.

The difficulty in determining which set of headers need to be analyzed is one of the reasons that SpamCop doesn't accept bounces for processing.

[Spambo]

FYI:  I ran into the same problem -- I just posted the message to this forum as well (I noticed your posting after I had posted mine) and am forwarding it to the deputies for them to have a look.

-Alan

Bounces often contain two sets of headers - the typical email headers and another set in the message body and either set could be the one that the parser needs to analyze. This is especially true if only one or two bounces are arriving at your inbox.

"Teaching" the parser to decide if the headers contained in the message body are real or a forgery could be quite problematic considering that a clever enough spammer [1] could make it difficult for even a knowledgable human to determine which set is "real".

.o0O [1] I know, a "clever enough spammer" is an oxymoron and spammers can usually be described by droping the "oxy", but there are a few who can pull it off given the right circumstances and a little bit of planning.

[memphomom]

Thank you all for your advice. I forwarded the mail to both the deputies and service for review. I just wanted someone "in charge" to see it.

Memphomom

[turetzsr]

I don't think the Deputies can do anything about this, as it's a problem with the coding in the reporting system.  Please forward any spam that SpamCop says is a bounce to "service at admin.spamcop.net".  Thanks!

...Thanks, JeffG. Perhaps I misunderstood Ellen's posts here and in the help ng to send such things to the deputies. I presumed that, although they themselves can't do anything about it, they provide "triage" for those who can.