Recent slight tsunami

[Spamnophobic]

Hi persistent spamfighters,
Recent weeks have seen a "mini tsunami" of spam against my spamfiltering e-mail aliasses. They are all extortion spams of the familiar type. The addresses they are against seem to have been collected together for some sort of big effort on the part of spammers.

Typical tracking URLs:

https://www.spamcop.net/sc?id=z6872438022z3beec9a957231590a431826637bc21f0z
typical backscatter

https://www.spamcop.net/mcgi?action=gettrack&reportid=7298440529
report in Spanish of original extortion spam

https://www.spamcop.net/mcgi?action=gettrack&reportid=7297979107
report in Dutch of original extortion spam

There has been much backscatter, whereby spammers have inserted my e-mail aliasses as senders, and clueless e-mail systems have bounced the spam back to my alias. Interesting is however that these bounces have been forwarded to Spamcop. Spamcop normally greets inline forwards with a "SpamCop encountered errors" messages, but does accept forwards as an attachment. The clueless bouncers send the message back to "me" as an attachment.

But how on earth does it get from there to SpamCop? Of course I am fine with spam or backscatter being forwarded to SpamCop. There was once a lot of discussion about whether backscatter could be reported as spam, but if I remember correctly this was resolved with the decision that any unsollicited mail, including backscatter, could be reported, and on that basis I have been diligently reporting the backscatter too.

But what is the step that leads backscatter to be reported to SpamCop after "bouncing" as attachments by the clueless mail servers, without my intervention to report it?

Anybody any idea?

Meanwhile "my" spam tsunami seems to be slowly abating, with only backscatter reverberating around like residual waves on the sea. And I'm not too bothered as I have well-proven spam defences, even in these times of war. Alexai please note.

But just curious how this particular step would have worked.

Cheers.

PS if this is some new line of defence by SpamCop which shouldn't be made public, I am fine with that. A PM would suffice.

[ninth]

On 11/18/2023 at 5:48 AM, Spamnophobic said:

https://www.spamcop.net/mcgi?action=gettrack&reportid=7298440529
report in Spanish of original extortion spam

https://www.spamcop.net/mcgi?action=gettrack&reportid=7297979107
report in Dutch of original extortion spam

Not authorized to look at these?

[RobiBue]

no, those are only visible for the reporter (OP.)

On 11/17/2023 at 12:48 PM, Spamnophobic said:

Typical tracking URLs:

https://www.spamcop.net/sc?id=z6872438022z3beec9a957231590a431826637bc21f0z
typical backscatter

https://www.spamcop.net/mcgi?action=gettrack&reportid=7298440529
report in Spanish of original extortion spam

https://www.spamcop.net/mcgi?action=gettrack&reportid=7297979107
report in Dutch of original extortion spam

the top one is the link we can use, the other two, the OP would need to access those reports and post the tracking URLs.
I sometimes go into [Past Reports] tab and select from the reporting time I choose the spam I'm interested in. There, it depends on which link was chosen:
1. I always choose my own reported link (to myself) where at the bottom,
   below the drop-down box   (Please select one..) and the [Proceed] button (I don't use those)
   there is a link
   Show how SpamCop traced this message

   which is actually the tracking URL, but only for my own report.

2. If the link clicked is a different one (for one of the ISPs,) then at the top there is a
    Parse link which again is the tracking URL (not the address shown in the URL bar for that page itself)

3. or by clicking on either link to get to the parse screen and post the tracking URL given there as
     Here is your TRACKING URL - it may be saved for future reference:
     https://www.spamcop.net/sc?id=z6872954240z195cc201101d96d3efa15fe9001511f2z

all three aforementioned and given links point to the same spam on my reports, but each taken from a different source.

HTH