Jump to content

Recent slight tsunami


Recommended Posts

Hi persistent spamfighters,
Recent weeks have seen a "mini tsunami" of spam against my spamfiltering e-mail aliasses. They are all extortion spams of the familiar type. The addresses they are against seem to have been collected together for some sort of big effort on the part of spammers.

Typical tracking URLs:

typical backscatter

report in Spanish of original extortion spam

report in Dutch of original extortion spam

There has been much backscatter, whereby spammers have inserted my e-mail aliasses as senders, and clueless e-mail systems have bounced the spam back to my alias. Interesting is however that these bounces have been forwarded to Spamcop. Spamcop normally greets inline forwards with a "SpamCop encountered errors" messages, but does accept forwards as an attachment. The clueless bouncers send the message back to "me" as an attachment.

But how on earth does it get from there to SpamCop? Of course I am fine with spam or backscatter being forwarded to SpamCop. There was once a lot of discussion about whether backscatter could be reported as spam, but if I remember correctly this was resolved with the decision that any unsollicited mail, including backscatter, could be reported, and on that basis I have been diligently reporting the backscatter too.

But what is the step that leads backscatter to be reported to SpamCop after "bouncing" as attachments by the clueless mail servers, without my intervention to report it?

Anybody any idea?

Meanwhile "my" spam tsunami seems to be slowly abating, with only backscatter reverberating around like residual waves on the sea. And I'm not too bothered as I have well-proven spam defences, even in these times of war. Alexai please note.

But just curious how this particular step would have worked.


PS if this is some new line of defence by SpamCop which shouldn't be made public, I am fine with that. A PM would suffice.

Link to comment
Share on other sites

no, those are only visible for the reporter (OP.)

On 11/17/2023 at 12:48 PM, Spamnophobic said:

the top one is the link we can use, the other two, the OP would need to access those reports and post the tracking URLs.
I sometimes go into [Past Reports] tab and select from the reporting time I choose the spam I'm interested in. There, it depends on which link was chosen:
1. I always choose my own reported link (to myself) where at the bottom,
   below the drop-down box   (Please select one..) and the [Proceed] button (I don't use those)
   there is a link
   Show how SpamCop traced this message

   which is actually the tracking URL, but only for my own report.

2. If the link clicked is a different one (for one of the ISPs,) then at the top there is a
    Parse link which again is the tracking URL (not the address shown in the URL bar for that page itself)

3. or by clicking on either link to get to the parse screen and post the tracking URL given there as
     Here is your TRACKING URL - it may be saved for future reference:

all three aforementioned and given links point to the same spam on my reports, but each taken from a different source.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...