spam messges with no body

[kluless]

Just started getting spam mails with no body, but there is a block of HTML in the header - like this one:

From Keren Anslow Sun Jan 20 19:42:34 2013

X-Apparently-To: xxxxxxxxx[at]yahoo.com via 98.138.227.224; Sun, 20 Jan 2013 10:47:12 -0800

Return-Path: <laylao[at]avera.org>

X-YahooFilteredBulk: 213.230.203.68

Received-SPF: none (domain of avera.org does not designate permitted sender hosts)

X-YMailISG: _rZYFIMWLDvfywGilY8nM.Abt_cFU_xZiDEUptNolKRk60Uv

HkrpSsS90Pv4kf48AyIZA2an1fGsRUdVQenFSt2XK_K9HL4NooSzljO8Pdea

_mTPVXyArn7XNDqyJLTgiCOGLxIqtG8uTrhqdIIc_uMKIBWBY14aQU84fqnv

pQ64eba6HbJHJNuv1xd2HzSaA4bJcnykQ0mV3j5TlfeIc_lCOeOZtB_eQGsx

.20j8LC09ToIGWKrPCWJGuwqE45VrIY3T9lOwfSfwPYBECSPbPkT415CmBpF

JBizFVwO1M9QMT8PBgq6_xLpGMsLbEPxKDU85oGUj7bIFzCW5V9QY_LSNRbB

I8yNLBFoxuDls5YFzIfP1lgXo0kfFMFWog9K1Tioy_.05ynrFFbXT.75V.N2

ypE8ypJN6H.W0gOMkEjFrJd_OKTT8qHWnnDrErjdXUm1tZomVIC9qo22afAa

6dPQBGAlQAlXZL69SFHf85WKh2EXI54BwVitSQ_5Dh552Qm63pKAGsRRE4DR

OlSw33odZZ8yBnLf_1UXtX21ObG_YJXfSvjYBfL88KcBf25oqJdaiEA3roVp

Zty9WteEPFcRPKELV57DVtsiE5Y.x7yE7fv1e.sSKAycgEPNiFIsI3wINcbM

fnqaeUu1F0r.30JrcpaRDl7C.fY8MlxWOQhhcnXpxFHobwsqRV0omfBjXNHU

ZJcHkZQmhOes5HL7TIX0dRuZF3dLewfaWyx4QZRS4eftEZS9qLnRlNvP1Y5L

YX_FiA3UMlxyEYr.SiwKy2G7PN4FOr_twe7cRF2QkH_qM5xjY6oQ3neEghDJ

CtIEMKrUnXUWR9P5tsAPsLsF0If2gS_RhrUdD9Qljblst_du.yU_xoqKIwAH

FahS1SBd24ygfOBxF3ZC4JHB576okZgMuawxwsrcx9G.oQSN3gpvnjWh1rI0

RXmTJ6j_4bc7kOtZJ4XMXmPy.tkQ9Tjax6RzgfNiTCKBqOJuNR10Pe38vMQu

rsRfZBiiSZE3gaDz.TYHcm_.j9a5ykB4yzSXzeAG2kjmT.Z9sB2Ygxj4nSrj

Fk15q.DrHMNKNL5MGC07VXcAwORJ2ePpQG.zLstLSxVD9EQ1K2htFWhWRP.3

Gp1oLq5rI6h6x4hl9zsIMB5mylH6Nxu0tL8qvmHr2ynHovapptWjiMWU0.sd

OmTeoJOxWNa0FD2_BJJapb4-

X-Originating-IP: [213.230.203.68]

Authentication-Results: mta1386.mail.bf1.yahoo.com from=avera.org; domainkeys=neutral (no sig); from=avera.org; dkim=neutral (no sig)

Received: from 127.0.0.1 (HELO web5.uh-hosting.co.uk) (213.230.203.68)

by mta1386.mail.bf1.yahoo.com with SMTP; Sun, 20 Jan 2013 10:47:12 -0800

Return-path: <laylao[at]avera.org>

Received: from laylao by web5.uh-hosting.co.uk with local (Exim 4.3)

id JeMS6X-iOsHuF-B2

for xxxxxxxxx[at]yahoo.com; Mon, 21 Jan 2013 03:42:34 +0000

To: "xxxxxxxxx" <xxxxxxxxx[at]yahoo.com>

Subject: Do you wanna rendezvous and bang or not?

Message-Id: <JeMS6X-iOsHuF-B2[at]web5.uh-hosting.co.uk>

From: "Keren Anslow" <laylao[at]avera.org>

Date: Mon, 21 Jan 2013 03:42:34 +0000

Mime-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: 8bit

<html><body>Hi, when we last speaking you said you wanted to rendezvous and screw?<br>

What was happend did I scare you off?<br>Sorry if I am a little forward but I am done with fellows goind round the houses.<br>

I want gb and much of it if you are not the dude for the job<br>

just tell it please and i will pick up somebody else.<br>

<a href="http://htleyrta.blondesprofiles.com/">Authorise me at this site if you are still open for some passionate screw</a><br>

Kiss you, Elle</body></html>

Content-Length: 0

I found that by cutting & pasting the HTML block as the body of the message Spamcop can process them.

[xenu]

Same for me and this started long ago - empty body, spam on subject and SpamCop does not process such spam.

[Farelf]

kluless,

You mustn't "alter" the headers to "help" the parser. Sure this is (probably) just a mass mailer whose user has made a botch of it but Don may get quite short with you if you touch the headers. You are allowed to "add" a brief body to the spam when none has been provided (one or two blank lines and a statement like "[no body]" - not sure if that would be enough to parse this one, since the body HTML has been mangled into the midst of the header (some would consider that a bit of a grey area), but it works with most of them. If that means a spamvertized URL doesn't get parsed, so be it - at least the integrity of the spam header "evidence" is not compromised. LOTS of previous discussion and topics and FAQs and Wiki entry on the "no body" case. They come and go but generally don't last long in the grand scheme of things.

Next, it is the convention here to post a TRACKING URL when you want to discuss a specific piece of spam (yes, you can get one even for aborted parses and - even easier - cancelled parses). That way you don't have to laboriously go through and munge your addresses and things (and maybe miss one), the exact format of the header is preserved as it was presented to the parser (no auto compression of spaces), you don't have to be concerned about breaking any spamvertized links there might be (or other nasties), all the parser messages and notes are shown AND readers who don't necessarily want to be confronted by "your" spam are not smacked straight in the eye by it. Much better idea all around. Can you do me/us a favour and use tracking URLs for any future discussion of specific spam?

[xenu]

Discuss: http://www.spamcop.net/sc?id=z5457105709zf...5c13307ec9b813z

"No body text provided, check format of submission. spam must have body text."

[Farelf]

Per above, - You are allowed to "add" a brief body to the spam when none has been provided (one or two blank lines and a statement like "[no body]" - should then parse fine - see cancelled submission based on your data with that alteration:

http://www.spamcop.net/sc?id=z5457190118zd...ec2acc41aa89f1z

What do you need to discuss???

[xenu]

Per above, - You are allowed to "add" a brief body to the spam when none has been provided (one or two blank lines and a statement like "[no body]" - should then parse fine - see cancelled submission based on your data with that alteration:

"You are allowed to add body." Well, I don't know how to add email body. Your suggestions do not work.

Here's another: http://www.spamcop.net/sc?id=z5457243333z3...af0046651033d4z

[alvarnell]

"You are allowed to add body." Well, I don't know how to add email body.

Paste your submission to the web site, scroll to the bottom and type in "[no body]"

[xenu]

Paste your submission to the web site, scroll to the bottom and type in "[no body]"

That does not work. All my submission go through website.

[Farelf]

If you wish to report a "no body" spam you need to paste it in (the full e-mail source, with full headers) to the submission form at your SC member's page - http://members.spamcop.net/mcgi?action=loginform (sets cookies) or http://members.spamcop.net/ ("HTTP basic auth" login - no I've never understood what that means either but it's the "non cookie" login) - and add the line to the bottom of that pasted-in spam, as alvarnell says.

Both log-in methods require username and password. The username is the e-mail address with which you registered for a reporting account and your initial password (and the secret e-mail submission address for e-mail submissions) were advised in the confirmation e-mail from SC when you created your reporting account. A "lost" password can be recovered (reset) via SpamCop.

Of course you can't make that small edit for "no body" spams if you submit some other way, direct from your mail/webmail inbox (e-mail or by VER through an integrated SC mail account or through MailWasher., etc.). That may mean it is inconvenient to report those "no body" ones because you don't even know about them until after the (first) parse has failed and then you need to follow the procedure above to re-submit those. Perhaps you might just let them go? They come and go but seldom last long - probably just an individual spammer's "broken" mass-mailer.

But if you want to persist and are still having difficulties, you should maybe contact the SpamCop Administrator, Don D'Minion at service[at]admin.spamcop.net. He can access your reporting account (once you tell him your username) and will set you on the right path. Don't post details of your reporting account here.

[alvarnell]

That does not work. All my submission go through website.

Did you leave a blank line or two between the last line of the header and [No Body]?