Jump to content
euphorique

"No body text provided" with Bcc: header

Recommended Posts

There is no plan to fix a problem that does not exist with the parser.  The problem is that a blank line is missing.  The standard requires a blank line to define the end of the header/beginning of the body.  If the spammer's email package does not include the blank line the parser can not identify the where the body starts.

As you can understand that it is not practical to try to program the parser to handle all the ways that a spammer could NOT follow the email format standard.

You can identify the end of the header and insert a blank line to correct the spammer's error.

Share this post


Link to post
Share on other sites

Agreed, the blank line usually present after the headers appears to be missing.

What I'm seeing when I follow the tracking link and then clicking on "View entire message" is just the headers, with absolutely nothing at all after the BCC header. Is this an accurate representation of what actually made it into your inbox?

Share this post


Link to post
Share on other sites
13 hours ago, Lking said:

The problem is that a blank line is missing.

No. The blank line *is present*.

You can add a BCC: header to your next reported spam and see for yourself.

Edited by euphorique

Share this post


Link to post
Share on other sites

Ok, I've put together a minimal example to demonstrate the problem.

Make sure the date in the "Received:" header is close to today, otherwise the parser will bail out just after this header.

 

Case 1

Received: from mailb-cd.linkedin.com (mailb-cd.linkedin.com. [108.174.6.148])
        by mx.google.com with ESMTPS id some-id-here;
        Tue, 17 May 2018 12:37:00 -0700 (PDT)
From: some-body@linkedin.com
To: me@mailinator.com
Subject: problem with BCC: header
ACC: none

Hey! There is a blank line between the headers and the body!

Note the "ACC:" header.

The result: message source is found, reporting address is found. As expected.

 

Case 2

Received: from mailb-cd.linkedin.com (mailb-cd.linkedin.com. [108.174.6.148])
        by mx.google.com with ESMTPS id some-id-here;
        Tue, 17 May 2018 12:37:00 -0700 (PDT)
From: some-body@linkedin.com
To: me@mailinator.com
Subject: problem with BCC: header
BCC: none

Hey! There is a blank line between the headers and the body!

Note the "BCC:" header.

The result: "No body text provided, check format of submission. spam must have body text."

 

Case 3

Received: from mailb-cd.linkedin.com (mailb-cd.linkedin.com. [108.174.6.148])
        by mx.google.com with ESMTPS id some-id-here;
        Tue, 17 May 2018 12:37:00 -0700 (PDT)
From: some-body@linkedin.com
To: me@mailinator.com
BCC: none
Subject: problem with BCC: header

Hey! There is a blank line between the headers and the body!

Note that there is another header after "BCC:" header.

The result: message source is found, reporting address is found. As expected.

 

Share this post


Link to post
Share on other sites

One or more Tracking URL would be the information you need to provide.

Share this post


Link to post
Share on other sites

I provided one in the very first post, but lisati reported above that he could not see the body, only the headers. That report *does* have the body, or at least I can see it.  So probably there is another bug lurking.

 

Anyway, for the sake of completeness, here are the links. Again, I am submitting both headers and body (in RFC822 sense).

Case 1: https://www.spamcop.net/sc?id=z6465379953zc617c730898b61e14b1fdeb6434218a7z

Case 2: https://www.spamcop.net/sc?id=z6465380058zf95de8717cee940fc5bc0a91cb15aaddz

Case 3: https://www.spamcop.net/sc?id=z6465380112z1c4ae87f11a33a2ba7dcbef68f944f62z

 

Edited by euphorique

Share this post


Link to post
Share on other sites
10 hours ago, euphorique said:

Nine months on, the bug is still there. Fresh tracking URL: https://www.spamcop.net/sc?id=z6523123683za99d8a142d504f688c643e1e02f281d8z

Not a bug? SpamCop recieved no body in text?
when there is no body you just hit the enter key twice under last line
Subject: PAYMENT NOTIFICATION OF YOUR FUNDS.
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: x
  here and write

No text in spam body

 

Share this post


Link to post
Share on other sites

The page referred in tracking URL has a link "View entire message" (don't know whether others can see the original). The boundary between headers and body looks like:

[--- most of headers skipped ---]
Subject: PAYMENT NOTIFICATION OF YOUR FUNDS.
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: x@y.com

U.S. DEPARTMENT HOMELAND SECURITY,
MG Timothy J. Lowenberg,Adjutant
General and Director State Military
Department Washington Military Dept,
Bldg1 Camp Murry ,Wash USA[--- the rest of the body---]
  1. There is body.
  2. There is blank line between headers and body.
  3. The last line of headers is Bcc:

I could copy-paste three snippets from my comment of 17th May 2018 but I would rather not. They demonstrated the problem then, and they demonstrate the same problem now.

Share this post


Link to post
Share on other sites
31 minutes ago, euphorique said:

The page referred in tracking URL has a link "View entire message" (don't know whether others can see the original). The boundary between headers and body looks like:


[--- most of headers skipped ---]
Subject: PAYMENT NOTIFICATION OF YOUR FUNDS.
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: x@y.com

U.S. DEPARTMENT HOMELAND SECURITY,
MG Timothy J. Lowenberg,Adjutant
General and Director State Military
Department Washington Military Dept,
Bldg1 Camp Murry ,Wash USA[--- the rest of the body---]
  1. There is body.
  2. There is blank line between headers and body.
  3. The last line of headers is Bcc:

I could copy-paste three snippets from my comment of 17th May 2018 but I would rather not. They demonstrated the problem then, and they demonstrate the same problem now.

Hey euphorique

Are you able to copy the entire source data to a text file (mung your email address & any other fields that may include your email address, do a search for the first part of your email address after you've munged the obvious fields) then post the text file here so we can parse it, we may get the same result as you, in which case it at least confirms your results or if we get different results it may help get to the bottom of why there's a recurring issue.

I'm only a grass🦗hopper so my suggestion may not be helpful but (imo) it's worth a try.

Cheers.

Edited by MIG
grass🦗hoppers always need to correct spelling! :)

Share this post


Link to post
Share on other sites

Hey euphorique,

grass🦗hoppe  again, I can see the entire msg, to a grass🦗hoppe  the following seems odd as (in my grass🦗hoppe experience) the following normally preceeds  [ MIME-Version: 1.0 ]

Received: by 2002:a9d:588d:0:0:0:0:0 with HTTP; Wed, 20 Feb 2019 00:20:37 -0800 (PST)
From: DHL DELIVERY COMPANY <dhlno1deliverycompany@gmail.com>
Date: Wed, 20 Feb 2019 09:20:37 +0100
Message-ID: <CAMM___________________________________________v+iQ@mail.gmail.com>
Subject: PAYMENT NOTIFICATION OF YOUR FUNDS.
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: x

grass🦗hoppe  🤔

 

Edited by MIG

Share this post


Link to post
Share on other sites
2 hours ago, MIG said:

Are you able to copy the entire source data to a text file ... then post the text file here so we can parse it, we may get the same result as you, in which case it at least confirms your results or if we get different results it may help get to the bottom of why there's a recurring issue.
 

Yep, the file is attached. Enjoy!

 

SC-parser-Bcc-field-no-body.txt

Share this post


Link to post
Share on other sites
22 minutes ago, euphorique said:

Yep, the file is attached. Enjoy!

SC-parser-Bcc-field-no-body.txt

Hmmm, maybe grass🦗hopper  should stick to being a  grass🦗hopper...

I  get [http://forum.spamcop.net/applications/core/interface/file/attachment.php?id=1880, This attachment is not available. It may have been removed or the person who shared it may not have permission to share it to this location]

🤫, can you pm it to me please?

Cheers.

Edited by MIG
grass🦗hopper grammar correction

Share this post


Link to post
Share on other sites

Hey euphorique

grass🦗hopper  is a grass🦗hopper  for a good reason, I'm not having much luck with the parser, striking errors not the same as what you got. Need someone like RobiBue to pitch in, he's very good at the convoluted, upside down interpretation of these. I did pm you a question, if you could let me know please.

I must say you deserve "US$35 MILLION US DOLLARS" (I guess the 💩spammer💩 said "US" twice 'cause he/she wants to remind you "US" means sharing with him/her... Yeah right!") after being plagued by creatures with such poor grammar! Grrrr!

Edited by MIG

Share this post


Link to post
Share on other sites

Please forgive my ignorance here, but

  1. I've never seen receiving headers with bcc in them...
    afaik they get stripped by the sending mail host and never shown to any recepient.

ok, after reading rfc2822 section 3.6.3, I stand corrected that there might be mail software that includes a bcc: header to the recipient.

BUT

after running a test with case 2 but using a "validly formed" email address, it parses correctly for me...

https://www.spamcop.net/sc?id=z6523542341z5a77154fb65b822d44a3e26a007ad52dz

Share this post


Link to post
Share on other sites
10 minutes ago, RobiBue said:

BUT

after running a test with case 2 but using a "validly formed" email address, it parses correctly for me...

https://www.spamcop.net/sc?id=z6523542341z5a77154fb65b822d44a3e26a007ad52dz

This is probably because the message is 9 months old, and you get "Sorry, this email is too old" before the parser has a chance to get the bcc: header.

 

Here is the new one: https://www.spamcop.net/sc?id=z6523547462ze5946ba4c2eff5336884fa5afac35a32z

Received: from mbkd0231.ocn.ad.jp (mbkd0231.ocn.ad.jp. [153.149.233.32])
        by mx.google.com with ESMTP id e96si22718016plb.123.2019.02.21.05.54.06;
        Thu, 22 Feb 2019 05:54:07 -0800 (PST)
From: some-body@linkedin.com
To: me@mailinator.com
Subject: problem with BCC: header
BCC: none

Hey! There is a blank line between the headers and the body!

 

Share this post


Link to post
Share on other sites
14 minutes ago, RobiBue said:

Please forgive my ignorance here, but

  1. I've never seen receiving headers with bcc in them...
    afaik they get stripped by the sending mail host and never shown to any recepient.

ok, after reading rfc2822 section 3.6.3, I stand corrected that there might be mail software that includes a bcc: header to the recipient.

BUT

after running a test with case 2 but using a "validly formed" email address, it parses correctly for me...

https://www.spamcop.net/sc?id=z6523542341z5a77154fb65b822d44a3e26a007ad52dz

Hey RobiBue

Whew, grass🦗hopper sure is glad you're here, I thought the bcc was odd to but I'm a bit out of my grass🦗hoppe depth. I'm not sure what mail sfw is being used, that was my next ? but your parser results may be all euphorique needs. I totally knew you could bring some clarity to 132315. Thank you!

euphorique, what do you reckon?😊 The age msg is normal once a spam is 48 hrs old, I think from SpamCops rules any spam reported outside that window always generates the "age" msg. What type of mail tool do you use, excuse my ? if it's posted earlier, just trying to cover all bases?

Edited by MIG

Share this post


Link to post
Share on other sites
6 minutes ago, MIG said:

What type of mail tool do you use, excuse my ? if it's posted earlier, just trying to cover all bases?

gvim :)

Just changed the date to future, for others to have more than 48h to examine.

Share this post


Link to post
Share on other sites

RobiBue,

Thank you fo pitching in!! :) If you're still here can you elaborate please on "validly formed" email address, grass🦗hopper  keen to learn please.

Cheers!

Share this post


Link to post
Share on other sites
3 minutes ago, MIG said:

can you elaborate please on "validly formed" email address

This one has "validly formed" address in bcc: https://www.spamcop.net/sc?id=z6523551992z5978bb9216921fdbce50eebacde4661az

 

Received: from mbkd0231.ocn.ad.jp (mbkd0231.ocn.ad.jp. [153.149.233.32])
        by mx.google.com with ESMTP id e96si22718016plb.123.2019.02.21.05.54.06;
        Thu, 25 Feb 2019 05:54:07 -0800 (PST)
From: spammer@spam.com
To: me@mailinator.com
Subject: problem with BCC: header
BCC: spammer@spam.com

Hey! There is a blank line between the headers and the body!

 

Share this post


Link to post
Share on other sites

gvim euphorique?😵grass🦗hopper don't understand abbreviations!😂 Just tried a google, it's talking about gnomes, grass🦗hopper  feels like it's stuck in mud 😉

 

Edited by MIG

Share this post


Link to post
Share on other sites
5 minutes ago, euphorique said:

This one has "validly formed" address in bcc: https://www.spamcop.net/sc?id=z6523551992z5978bb9216921fdbce50eebacde4661az

 


Received: from mbkd0231.ocn.ad.jp (mbkd0231.ocn.ad.jp. [153.149.233.32])
        by mx.google.com with ESMTP id e96si22718016plb.123.2019.02.21.05.54.06;
        Thu, 25 Feb 2019 05:54:07 -0800 (PST)
From: spammer@spam.com
To: me@mailinator.com
Subject: problem with BCC: header
BCC: spammer@spam.com

Hey! There is a blank line between the headers and the body!

 

Re [this one], so going back to RobiBues post, are you able to replicate what he/she has?

Share this post


Link to post
Share on other sites
38 minutes ago, MIG said:

Re [this one], so going back to RobiBues post, are you able to replicate what he/she has?

As always, "No body text provided, check format of submission. spam must have body text."

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×