-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sun, Aug 06, 2017 at 03:30:41PM -0400, Fungi4All wrote: > >Clever. Yes, going by the headers, those seem genuine replies to spam. > > > The spam is crafted in a way (cc) that the reply lands here (for the > > spammer, this distribution channel is what they want). The Goozim > > bit seems compelling :)
[...] > I am confident that the reply is the spam [...] We have only the headers to go by, and some of that can be spoofed. So I think your guess is as good as Thomas's and/or mine. What favors our guess is spammer economy: one scarce resource for the spammer is genuine domains/addresses (a spamhole domain quickly garners a high spam score), and bouncing off unsuspecting users covers that nicely. Cheers - -- tomás -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlmHcPcACgkQBcgs9XrR2kayPACfXQcSEHpU44zyYo1xCs1qKty+ Rm4An00m2Cj0G7gvQ43ECx30pS4X4Nwq =ia99 -----END PGP SIGNATURE-----
