Spam report reply comes to me??

[podsiadlik]

I got a kind of spooky email response to one of my spam reports. It seems like it was sent in error, but how it got to me, and how my first name came to be associated with the report, are things I'd like to know. Below are the full headers with partial text:

Content-Disposition: inline

Content-Type: text/plain; charset=us-ascii

Date: Tue, 23 Mar 2004 19:49:51 -0500 [23 Mar 2004 06:49:51 PM CST]

Delivered-To: spamcop-net-podsiadlik[at]spamcop.net

From: marcusw[at]bluefrog.com

In-Reply-To: <rid_816924072[at]msgid.spamcop.net>

Message-ID: <20040324004951.GB8691[at]goodman.ofc.bluefrog.com>

Mime-Version: 1.0

Received: (qmail 10472 invoked from network); 24 Mar 2004 00:58:48 -0000

from unknown (192.168.1.101) by blade6.cesmail.net with QMQP; 24 Mar 2004 00:58:48 -0000

from vmx1.spamcop.net (206.14.107.113) by mailgate.cesmail.net with SMTP; 24 Mar 2004 00:58:48 -0000

from unknown (HELO spamcop.net) (192.168.11.203) by vmx1.spamcop.net with SMTP; 23 Mar 2004 16:58:49 -0800

from vmx1.spamcop.net (sc-smtp1.verio.ironport.com [192.168.11.200]) by sc-app3.verio.ironport.com (Postfix) with ESMTP id 06C0E142E1 for <816924072[at]reports.spamcop.net>; Tue, 23 Mar 2004 16:49:55 -0800 (PST)

from mail2.bluefrog.com (205.232.82.76) by vmx1.spamcop.net with ESMTP; 23 Mar 2004 16:49:55 -0800

from [205.232.78.52] (helo=goodman.ofc.bluefrog.com) by mail2.bluefrog.com with esmtp (Exim 4.24) id 1B5wae-0003Kn-EZ for 816924072[at]reports.spamcop.net; Wed, 24 Mar 2004 00:49:52 +0000

(from admin[at]localhost) by goodman.ofc.bluefrog.com (8.12.8/8.12.8) id i2O0nq7J008774 for 816924072[at]reports.spamcop.net; Tue, 23 Mar 2004 19:49:52 -0500

References: <rid_816924072[at]msgid.spamcop.net>

Return-Path: <spamcop[at]devnull.spamcop.net>

Subject: Re: [spamCop (205.232.76.235) id:816924072]V  I  C  O  D  I  N    ONLINE  Private

To: Kevin <816924072[at]reports.spamcop.net>

User-Agent: Mutt/1.4.1i

X-spam-BlueFrog: Testing

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6

X-spam-Level: 

X-spam-NEW-Report: 

MAIL2:(-2.1 points) BAYES_00=-4.9,GAPPY_SUBJECT=2.27,HTML_FONT_BIG=0.267,HTML_MESSAGE=0.1,NO_REAL_NAME=0.16 autolearn=no dcc=lunchladydoris.ptroc.bluefrog.com 1201; Body=1 Fuz1=1 Fuz2=1(dcc.uncw.edu)

X-spam-Score: -2.1 (--)

X-spam-Status: hits=-95.2 tests=GAPPY_SUBJECT,HTML_FONT_BIG,HTML_MESSAGE, J_CHICKENPOX_15,LOCAL_DRUGS_MALEDYSFUNCTION, LOCAL_DRUGS_MALEDYSFUNCTION_OBFU,LOCAL_DRUGS_PAIN, LOCAL_DRUGS_PAIN_MALEDYS,NO_REAL_NAME,USER_IN_WHITELIST_TO version=2.63

X-SpamCop-Checked: 192.168.1.101 206.14.107.113 192.168.11.203 192.168.11.200 205.232.82.76 205.232.78.52

X-SpamCop-Return-Path: <admin[at]goodman.ofc.bluefrog.com>

need to block port 25 soon.  pls review my config.

On Tue, Mar 23, 2004 at 12:45:12PM -0800, Kevin wrote:

> [ SpamCop V1.3.4 ]

> This message is brief for your comfort.  Please use links below for details.

>

> Email from 205.232.76.235 / Tue, 23 Mar 2004 12:45:12 -0800

> http://www.spamcop.net/w3m?i=z816924072zd9...6fd578c11c3ddaz

>

> [ Offending message ]

> Return-Path: <Georgianncxrcyrpwn[at]accessware.com>

> Delivered-To: x

> Received: (qmail 28511 invoked from network); 23 Mar 2004 20:56:23 -0000

> Received: from unknown (HELO c60.cesmail.net) (192.168.1.105)

>   by blade4.cesmail.net with SMTP; 23 Mar 2004 20:56:23 -0000

> Received: from mailgate.cesmail.net (216.154.195.36)

>   by c60.cesmail.net with SMTP; 23 Mar 2004 15:56:21 -0500

> Received: (qmail 20901 invoked from network); 23 Mar 2004 20:56:21 -0000

> Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)

>   by mailgate.cesmail.net with SMTP; 23 Mar 2004 20:56:21 -0000

> X-Apparently-To: x via 66.218.79.71; Tue, 23 Mar 2004 12:45:23 -0800

> X-YahooFilteredBulk: 205.232.76.235

[...portions removed...]

--

Marc Winkler

Chief Technical Officer

www.BlueFrog.com

585.756.4593

BlueFrog.com - The Best Internet

[Jeff G.]

You appear to be a SpamCop Email System Customer. Your first name "Kevin" is probably in the "Display Name" field on http://mailsc.spamcop.net/mcgi?action=showadvanced - please feel free to change it there.

SpamCop appears to have sent a Report with ID "816924072" to email address "abuse[at]rpa.net" on your behalf using return email address "816924072[at]reports.spamcop.net" and your "Display Name" "Kevin", and then Mr. Winkler got ahold of that Report and replied.

You'll have to ask Mr. Winkler what he meant by "pls review my config."

[Miss Betsy]

Replies to spamcop reports that are sent by human are sent to the report number and forwarded to you. It is always a surprise to get one! However, if you reply, your email address will be revealed unless you take precautions. (like using a sneakemail address or changing your address to the report number in your email client)

Your name is set in your spamcop preferences and goes on every spamcop report.

If I am reading this correctly, the respondent thinks that the spammers are using his port 25 to send the spam and he is closing it. He may be asking for spamcop to test that his port is now closed. I don't believe that spamcop does that.

Hopefully, someone will come along who is more conversant with the technical side and give you some information to respond with.

IMHO, it is only polite to respond to someone who has taken the time to respond to a spamcop report - particularly one who seems to be closing the door on spam.

Miss Betsy