Rocksoc just got a spam which said:

Subject: What does this post mean? Your email was provided in comments

Why did you post this message at <link> (In the third window). Your email was provided in comments. What does this post mean?

I'll contact your internet provider if you do not delete it in 5 hours. Delete this information asap. Our operators will check it in 5 hours.

Now the link (redacted) in question appears to have been deleted from the DNS (though there are variations of it in .net and elsewhere that belong to legitimate groups), there is no other information in the message about who it's from. The body is surrounded by anti-Bayes crud though. In interesting take on persuading people to visit a URL I hadn't seen before, though closely related to the "sending people a false invoice for expensive goods in an attempt to weasel their credit card details out of them later" scam.

Yes, the PuTTY contact address got two identical copies of that one this morning. (You'd think they'd avoid doing that, really. One copy of it might almost have been plausible, but sending two absolutely identical ones from different sender addresses is surely going to alert people that something fishy's going on?)

I've seen a similar trick before in the cover letters for email viruses. The threat of legal action must be a reasonably good way to make people sit up and take notice...

Perhaps they don't monitor incoming mail to a certain set of email addresses, but they do have an automatic rule to forward it to another address. Thus when email arrived at the second address they can deduce that the first address received the message.

Or would that count as monitoring incoming mail?