[SC-Help] Re: Spam from nobody@spamcop.net

[Berny]

"Miss Betsy" <nobody at devnull.spamcop.net> wrote in message
news:cvlom3$lu8$1 at news.spamcop.net...
> > Yeah, but, where would they get the reporting mail address? I
> mean, I may
> > recieve spam at A @ b . com, but submit them to SC from C @ d .
> com, the
> > report recipient shouldn't receive any information pointing to C
> @ d . com,
> > nor to E @ f . com which may be the SC account address. (Where
> SC's
> > acknowledgements go.) there well may be traces of A @ b . com in
> the spam
> > for a scanner to find.
>
> The sc mung doesn't get all the addresses.  Most people think that
> it is useless to try to conceal addresses from a spammer who wants
> them.  Also, if you are leaving the spamvertised site abuse
> addresses checked, there are many of them where the reports go
> directly to the spammer (until somebody in .routing suggests an
> alternative).  Some blackhat source abuse desks also forward
> reports directly to the spammer.
>
> Miss Betsy

I am pretty sure that MOST, if not all, Chinese and Korean ISP's hosting
spamvertizing forward ALL complaints they don't simply devnull to their
spammers. And the spammers also construct bogus headers from the internal
routings they see in the headers of reported spam, so the fakes are getting
better all the time. Enough to fool many a human doing a simplistic "parse",
so far not quite enough to fool SC.

I agree about the munging, my point is simply that neither the spam, nor the
report will have any references to either of C @ D, or E @ F. , which is
what the OP implied. Remember the spam was sent to A @ B.