Jump to content
Sign in to follow this  
unclewoody

'Blank' email / bad headers

Recommended Posts

For the past number of years, I have had an email alias pointing to my Spamcop account. Over the past month, I have been receiving a significant increase in spam emails with bad headers, which come out as 'blank' emails.

It has seemed to significantly ramp up this past week - I've received 350 in the past 12 hours. Previously, I have been able to report them, but now some emails don't even report. Here is one spam report:

Processing spam:

From:

Subject:

error:No IP found

I'd prefer not to post full headers here (I'm not sure what to redact), but is anyone else seeing this sort of activity? Is it possible there's an error with my hosting server that is handling the alias (although normal email has been normal)?

I've just never seen this so was wondering if there's ways of addressing it.

Share this post


Link to post
Share on other sites

For the past number of years, I have had an email alias pointing to my Spamcop account. Over the past month, I have been receiving a significant increase in spam emails with bad headers, which come out as 'blank' emails.

....

I've just never seen this so was wondering if there's ways of addressing it.

Where do the 'blank' emails come from? It is blank on your email client, or is it blank after you submit it? If you have the headers and are able to submit, then you will have a tracking url (see turetzsr's reply)

Share this post


Link to post
Share on other sites

Where do the 'blank' emails come from? It is blank on your email client, or is it blank after you submit it? If you have the headers and are able to submit, then you will have a tracking url (see turetzsr's reply)

usually BOTNET's send blank emails

You have to manually report by pasting headers,

then hit enter key twice

and put in the words

NO TEXT IN spam BODY

Need to see a trckin URL to be sure

Share this post


Link to post
Share on other sites

usually BOTNET's send blank emails

You have to manually report by pasting headers,

then hit enter key twice

and put in the words

NO TEXT IN spam BODY

Need to see a trckin URL to be sure

Ok, here's a spam that was successfully parsed:

http://www.spamcop.net/sc?id=z5615837008zf...70429aef47ab89z

Other's are just giving me the blank report.

I am getting like 400/day and I'm not sure why some are successful and others aren't, although I assume it is just based on how the headers are off.

I also realized these aren't coming through my email aliases - but directly to my non-public spamcop email. Hmmph.

Share this post


Link to post
Share on other sites
Ok, here's a spam that was successfully parsed:

http://www.spamcop.net/sc?id=z5615837008zf...70429aef47ab89z

<snip>

...Thank you for that but we really need to see the results of the parse of one of the blank spam.

...How are you submitting the spam -- directly from "SpamCop e-mail" or by forwarding to your "secret" reporting e-mail address or via the web form at www.spamcop.net?

...Have you tried the Search form at the top of a SpamCop Forum page to see if anyone else has reported a similar problem that has been resolved?

Share this post


Link to post
Share on other sites

...Thank you for that but we really need to see the results of the parse of one of the blank spam.

...How are you submitting the spam -- directly from "SpamCop e-mail" or by forwarding to your "secret" reporting e-mail address or via the web form at www.spamcop.net?

...Have you tried the Search form at the top of a SpamCop Forum page to see if anyone else has reported a similar problem that has been resolved?

That's the thing - that was a blank spam!

Basically, all of the normal headers such as From, To, Subject, etc. are all part of the Received header. So, Spamcop webmail and my various mail readers show it as blank since they don't see a From, To, or Subject header.

I've been submitting them via "Report as spam" in Spamcop webmail. I think Spamcop is able to parse some of them.

I figured since I was seeing such a huge uptick in these emails, someone else was probably seeing them. I do assume it is some bad spambot sending messages with messed up headers, but wanted to doublecheck it wasn't some other issue...

Share this post


Link to post
Share on other sites
<snip>

I've been submitting them via "Report as spam" in Spamcop webmail.

<snip>

...Thanks! Hopefully someone with knowledge of "SpamCop" e-mail will happen by with advice on what else can be done.

Share this post


Link to post
Share on other sites

The problem is that there is no blank line after the end of the headers and before the start of the body text.

Your email client and SpamCop both think there is no text in the message.

SpamCop is looking for the full headers in one contiguous block of text, followed by a blank line, which signals the end of the headers, and then followed by the body text of the spam. The parse won't accept headers if there is no body text with them.

- Don D'Minion - SpamCop Admin -

service[at]admin.spamcop.net

.

Share this post


Link to post
Share on other sites

...So is there something that the victims of such spam can do in "SpamCop" e-mail to result in the "Report as spam" feature submitting something that the SpamCop parser can parse or are they limited to manual reporting?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×