SpamCop relies on third-party testing of open relays. When one of these third parties detects an open relay, SpamCop will begin sending reports about any spam travelling through the relay to the administrator.
However, before a server has been checked for relaying, it's very difficult for SpamCop to know whether it has a security problem. It may simply be a legitimate relay which shows up in the headers of some spam. In order to know the difference, SpamCop must submit each server it finds in the headers of spam for testing. This process is not intended to be an implication of guilt. It is a test designed to determine whether a relay has been abused or used legitimately.
To see a sample of spam from SpamCop's database, submit this form:
[Append to This Answer]