At Cocoon's request I ran thorough malware scans. I used Malwarebytes, Microsoft Security Essentials, and Spybot, all with latest signature updates. All scans were negative.
Also ran ShieldsUp! at grc.com to test the ZoneAlarm (free) firewall. All ports on my system are hidden and no packets were sent out when ShieldsUp! tried to ping my system. So I think it's fair to say that my system is clean and secure.
Since disabling the Cocoon Add-On for IE last Tues, I haven't received a single additional spam message (porn or otherwise) at the address in question. There could be several explanations for this, including:
1. My ISP's filters may have identifed the porno as spam and are now blocking it before it reaches my inbox.
2. I disabled Cocoon and haven't logged into their service since last Tues.
3. It was an entirely coincidental 'drive-by' spam attack.
There may be other explanations too. My ISP is rather obscure, so I don't think this can be blamed on spam being sent to randomly generated email addresses at @my ISP, like it might happen if this were a yahoo or hotmail account.
Cocoon asked for copies of the porno spam (
), but I'd already deleted all of it and emptied the trash, so I couldn't provide any for their investigation.
I'm rather reluctant to test #2 (above) by re-enabling their Add-On and logging into their service to see if that triggers another round of spam. So I don't know how much further Cocoon or I can take this. Cocoon did take my complaint seriously so I can't fault them for their concern or efforts.
Everyone here should evaluate the risks of using Cocoon for themselves. Perhaps, if someone has an unused, disposable email address and is willing to invest some effort, that might be the way to see if using their service leads to a spam attack, porno or otherwise.