SpamCop FAQ : Help for abuse-desks and administrators :
SOCKS Proxy Servers
Spammers have increasingly been hijacking SOCKS proxy servers to send their spam out. Because SOCKS works at a lower level, there is no trace of the true origin of the spam in the header, and it will appear to originate from the proxy IP. Examples of SOCKS proxies are AnalogX, Wingate, Proxy+ and Microsoft ISA.
To prevent your system from being abused, you should ensure that your proxy is only accessible to your local network (or that it has authentication in place).
AnalogX version 4 has an insecure configuration by default and must be reconfigured to bind only to the local network interface. Earlier versions of AnalogX and versions of Wingate prior to 2.1 cannot be secured and must be upgraded to a current version.
[Append to This Answer]