unclewoody Posted October 22, 2013 Share Posted October 22, 2013 For the past number of years, I have had an email alias pointing to my Spamcop account. Over the past month, I have been receiving a significant increase in spam emails with bad headers, which come out as 'blank' emails. It has seemed to significantly ramp up this past week - I've received 350 in the past 12 hours. Previously, I have been able to report them, but now some emails don't even report. Here is one spam report: Processing spam: From: Subject: error:No IP found I'd prefer not to post full headers here (I'm not sure what to redact), but is anyone else seeing this sort of activity? Is it possible there's an error with my hosting server that is handling the alias (although normal email has been normal)? I've just never seen this so was wondering if there's ways of addressing it. Link to comment Share on other sites More sharing options...
turetzsr Posted October 22, 2013 Share Posted October 22, 2013 ...Do you have a Tracking URL? Link to comment Share on other sites More sharing options...
gnarlymarley Posted October 23, 2013 Share Posted October 23, 2013 For the past number of years, I have had an email alias pointing to my Spamcop account. Over the past month, I have been receiving a significant increase in spam emails with bad headers, which come out as 'blank' emails. .... I've just never seen this so was wondering if there's ways of addressing it. Where do the 'blank' emails come from? It is blank on your email client, or is it blank after you submit it? If you have the headers and are able to submit, then you will have a tracking url (see turetzsr's reply) Link to comment Share on other sites More sharing options...
petzl Posted October 23, 2013 Share Posted October 23, 2013 Where do the 'blank' emails come from? It is blank on your email client, or is it blank after you submit it? If you have the headers and are able to submit, then you will have a tracking url (see turetzsr's reply) usually BOTNET's send blank emails You have to manually report by pasting headers, then hit enter key twice and put in the words NO TEXT IN spam BODY Need to see a trckin URL to be sure Link to comment Share on other sites More sharing options...
unclewoody Posted October 23, 2013 Author Share Posted October 23, 2013 usually BOTNET's send blank emails You have to manually report by pasting headers, then hit enter key twice and put in the words NO TEXT IN spam BODY Need to see a trckin URL to be sure Ok, here's a spam that was successfully parsed: http://www.spamcop.net/sc?id=z5615837008zf...70429aef47ab89z Other's are just giving me the blank report. I am getting like 400/day and I'm not sure why some are successful and others aren't, although I assume it is just based on how the headers are off. I also realized these aren't coming through my email aliases - but directly to my non-public spamcop email. Hmmph. Link to comment Share on other sites More sharing options...
turetzsr Posted October 23, 2013 Share Posted October 23, 2013 Ok, here's a spam that was successfully parsed: http://www.spamcop.net/sc?id=z5615837008zf...70429aef47ab89z <snip> ...Thank you for that but we really need to see the results of the parse of one of the blank spam. ...How are you submitting the spam -- directly from "SpamCop e-mail" or by forwarding to your "secret" reporting e-mail address or via the web form at www.spamcop.net? ...Have you tried the Search form at the top of a SpamCop Forum page to see if anyone else has reported a similar problem that has been resolved? Link to comment Share on other sites More sharing options...
unclewoody Posted October 23, 2013 Author Share Posted October 23, 2013 ...Thank you for that but we really need to see the results of the parse of one of the blank spam. ...How are you submitting the spam -- directly from "SpamCop e-mail" or by forwarding to your "secret" reporting e-mail address or via the web form at www.spamcop.net? ...Have you tried the Search form at the top of a SpamCop Forum page to see if anyone else has reported a similar problem that has been resolved? That's the thing - that was a blank spam! Basically, all of the normal headers such as From, To, Subject, etc. are all part of the Received header. So, Spamcop webmail and my various mail readers show it as blank since they don't see a From, To, or Subject header. I've been submitting them via "Report as spam" in Spamcop webmail. I think Spamcop is able to parse some of them. I figured since I was seeing such a huge uptick in these emails, someone else was probably seeing them. I do assume it is some bad spambot sending messages with messed up headers, but wanted to doublecheck it wasn't some other issue... Link to comment Share on other sites More sharing options...
turetzsr Posted October 23, 2013 Share Posted October 23, 2013 <snip> I've been submitting them via "Report as spam" in Spamcop webmail. <snip> ...Thanks! Hopefully someone with knowledge of "SpamCop" e-mail will happen by with advice on what else can be done. Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted October 24, 2013 Share Posted October 24, 2013 The problem is that there is no blank line after the end of the headers and before the start of the body text. Your email client and SpamCop both think there is no text in the message. SpamCop is looking for the full headers in one contiguous block of text, followed by a blank line, which signals the end of the headers, and then followed by the body text of the spam. The parse won't accept headers if there is no body text with them. - Don D'Minion - SpamCop Admin - service[at]admin.spamcop.net . Link to comment Share on other sites More sharing options...
turetzsr Posted October 24, 2013 Share Posted October 24, 2013 ...So is there something that the victims of such spam can do in "SpamCop" e-mail to result in the "Report as spam" feature submitting something that the SpamCop parser can parse or are they limited to manual reporting? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.