Jump to content
Sign in to follow this  
rooster

Blankety-Blank email

Recommended Posts

OK please don't mock me too hard, I know this is something to do with HTML, but that's also not really my bean... However having looked at my email via my ISP's web interface (instead of in Outlook) there is indeed some text in the from field. However the from field only contains the phrase " " (without the quotes) - which may (or may not) simply be an artifact from the way my ISP displays my email via the web interface for my account.

I am not certain if this is helpful - although I suspect that it isn't.

Share this post


Link to post
Share on other sites

Rooster using Thunderbird ... you using Outlook / web-mail .. more things ruled out ....

& nbsp = non-breaking space ... basically, when formatting the text for display, if the tool wants to break a line to shorten it up to fit the display space, this 'variable' suggests looking elsewhere to make the magic happen ... the preceding or following 'real' space charater .... example, trying to keep someone's name on a single line where the decision is either running off the right margin or leaving a lot of white space on that line and moving the whole name down to start the next line ... (the &nbsp character being placed between the first and last name)

Share this post


Link to post
Share on other sites
Rooster using Thunderbird ... you using Outlook / web-mail .. more things ruled out ....

OK well I'm a member of several mailing lists.... and specifically several Linux type mailing lists, KDE, python, mplayer, Xbox Linux, Mplayer-plugin - as well as possibly some others that I can't recall... I'm grasping at straws here... but maybe we might share a comon thread?

Share this post


Link to post
Share on other sites

As far as "this was a rare event to require such memorialization" ...well; if I know what's good for me, I had better remember it. December 31, 1969 (New Year's Eve), 4 p.m. was the very moment I proposed to my wife.

Wikipedia Unix Time: "The Unix epoch is the time 00:00:00 UTC on 1 January 1970."

PST = UTC - 8, so 00:00 UTC = 16:00 or 4PM PST.

I've seen a few of these kinds of emails, and what I think is happening is a "drive-by delivery". The spammer, instead of trying to get some proxy to deliver his dastardly message, does it himself but lazily doesn't add all the normal headers (date, subject, to, from), just inputs the envelope information to the SMTP listener, and then puts in a basically zero or 2-byte (blank) message. Lacking a date header, your email program translates the datestamp "0" to your time-zone. Which in your case happens to be a significant date. You probably didn't realize that it was an auspicious moment in more than one "epoch"!

I think these are either dictionary attacks, a spammer-software failure, or some other harvester at work. I have at times received spam messages via this method, and the receiving system always adds its received header, but the rest of the message is missing any significant headers. Whatever email system you're using must not be showing the full raw message, because the receiving system has to put its received header in. Unless its a really brain-dead non-compliant system!

Edited by alanjshea

Share this post


Link to post
Share on other sites

Well Outlook must be very braindead then, because the emails I'm getting contain no data at all, no received header (indeed no headers anywhere) no from/to field - nothing not a hint of text or meaningful information anywhere.

I'm beginning to suspect that this might be an issue (or a virus?) with my ISP's SMP server - what else logically could it be? Nothing else makes sense - and I am also finding that it is taking longer and longer (maybe 10 or 12 minutes) downloading these 'non messages.' So it seems even the server is having difficulty understanding them.

Now I guess I have the not inconsiderable challenge (and expense given the long wait times on the phone) of persuading my ISP that this is not just some lame spam attack and that they may have a problem with their server which they need to look at.

But then that is my working assumption. It really could be some kind of weird/alien spam attack. But since we are not making much progress in that direction, I suppose I ave very few alternatives.

Share this post


Link to post
Share on other sites

Been too long, so I'm having a problem with coming up with a name for a tool (type) I'm thinking of ... a light-weight POP tool usually used to go grab a list of e-mails sitting on the server, typically used to delete spam or massive e-mails based on simply seeing the list of headers and file sizes (typically prior to firing up your 'real' e-mail client) [this kind of tool dates back to the 'high-speed' modem days <g> but they may still be around]

What I'm trying to suggest, get a list of e-mails sitting on the server, assumedly these empty e-mails woulf occupy a slot in that list .... contact the ISP and ask them to take a direct look at it while it's still on their system ... i.e., directions to their tech folks would be to "look at message #36" ....

The catch is, I'm sure, is that I could do this with any number of the local ISPs .... hitting my massive cable provider with this kind of help request .. probably wouldn't work .... it'd take three calls just to get bounced up to Tier 3 or 4 support level to talk to someone that had a clue ... whether they had the access capabilities to hit the server in question would be another whole problem ....

Share this post


Link to post
Share on other sites

Been too long, so I'm having a problem with coming up with a name for a tool (type) I'm thinking of ... a light-weight POP tool usually used to go grab a list of e-mails sitting on the server, typically used to delete spam or massive e-mails based on simply seeing the list of headers and file sizes (typically prior to firing up your 'real' e-mail client) [this kind of tool dates back to the 'high-speed' modem days <g> but they may still be around]

What I'm trying to suggest, get a list of e-mails sitting on the server, assumedly these empty e-mails would occupy a slot in that list .... contact the ISP and ask them to take a direct look at it while it's still on their system ... i.e., directions to their tech folks would be to "look at message #36" ....

The catch is, I'm sure, is that I could do this with any number of the local ISPs .... hitting my massive cable provider with this kind of help request .. probably wouldn't work .... it'd take three calls just to get bounced up to Tier 3 or 4 support level to talk to someone that had a clue ... whether they had the access capabilities to hit the server in question would be another whole problem ....

I'm in a similar boat. It cost me over £100 (or nearly $200) and 3 weeks of relentless persistence the last time I had a serious (although unrelated) problem with my ISP to finally get through to any technically qualified person who was actually able to investigate and later confirm that they had a real problems with their server.

And even if I do this this time around, there is still no absolute guarantee that this isn't some kind of really weird spam attack.

Share this post


Link to post
Share on other sites

Raid517;

OK well I'm a member of several mailing lists.... and specifically several Linux type mailing lists

Assuming that you are 3 hours east of me, I doubt you would subscribe to the Linux VanLUG mailing list. But who knows? It seems half the people I come across are probing for IT jobs in Vancouver.

Wazoo

Thanks for not providing FQDNs ...????
Sorry 'bout that chief. I hate publishing anything to do with my IP#; call me parnoid. I reckoned identifying my ISP would have sufficed ; don'cha think?

alanjshea

just inputs the envelope information to the SMTP listener, and then puts in a basically zero or 2-byte (blank) message...

<snip>

...and the receiving system always adds its received header,...

<snip>

...the receiving system has to put its received header in. Unless its a really brain-dead non-compliant system!

Although I get the part about putting in a blank message, I have to ask why? The header (Source) doesn't even present the envelope information, so I'm not sure that satisfies the conditions I posted.

I don't want to 'bad mouth' my ISP. They've been very good to me up until recently. I suspect there has been a turnover in their tech pool because my contacts with them recently have been rather frustrating.

I'm 'down with' your explanation for the Date/Time Stamp though. That makes a lot of sense to me.

Share this post


Link to post
Share on other sites

You could test one theory with the following scri_pt using informationazoo provided on the MX'es for your server:

telent mailserver.domain.tld 25

ehlo username.domain.tld

mail from:<username[at]domain.tld>

rcpt to:<username[at]domain.tld>

data

.

quit

that is a dot followed by a carraige return to terminate the mail message

Spamcop shows the following headers, all generated by Spamcop:

Return-Path: <underwood[at]spamcop.net>

Delivered-To: spamcop-net-underwood[at]spamcop.net

Received: (qmail 26097 invoked from network); 10 Nov 2006 02:44:50 -0000

X-spam-Checker-Version: SpamAssassin 3.1.1 (2006-03-10) on blade2.cesmail.net

X-spam-Level: ****

X-spam-Status: hits=4.2 tests=MISSING_HB_SEP,MISSING_HEADERS,MISSING_SUBJECT,

TO_CC_NONE version=3.1.1

Received: from unknown (192.168.1.101)

by blade2.cesmail.net with QMQP; 10 Nov 2006 02:44:50 -0000

Received: from 66-168-115-246.dhcp.oxfr.ma.charter.com (HELO underwood.spamcop.net) (66.168.115.246)

by mailgate.cesmail.net with SMTP; 10 Nov 2006 02:44:44 -0000

and webmail shows the following:

Date From Subject

Unknown Date Invalid Address [No Subject]

What do your messages show? Are they blank (indicating your ISP does not add the headers spamcop does and that may be how these messages are being generated)? Otherwise, maybe your ISP's server is having issues and generating empty files in your account (not likely you are the only one experiencing this, I would think) or something similiar.

If you are not comfortable doing that yourself, please PM your email address to me and I will run the scri_pt and email you when I have so you can know I did the test.

Share this post


Link to post
Share on other sites

Wikipedia Unix Time: "The Unix epoch is the time 00:00:00 UTC on 1 January 1970."

PST = UTC - 8, so 00:00 UTC = 16:00 or 4PM PST.

I've seen a few of these kinds of emails, and what I think is happening is a "drive-by delivery". The spammer, instead of trying to get some proxy to deliver his dastardly message, does it himself but lazily doesn't add all the normal headers (date, subject, to, from), just inputs the envelope information to the SMTP listener, and then puts in a basically zero or 2-byte (blank) message. Lacking a date header, your email program translates the datestamp "0" to your time-zone. Which in your case happens to be a significant date. You probably didn't realize that it was an auspicious moment in more than one "epoch"!

I have replicated the mystery "message" (complete with [my] time offset) in Windoze with Mozilla. Trying to retrieve a deleted email - Edit Undo, Edit Undo - the second undo doesn't work, it presents an apparent message except there's absolutely nothing there (truly), just a listing with the date 1/01/1970 9:00 AM. +9:00 is the current offset (DST) in my location. So, TBird could be the culprit, some mystery process invoking an "undo" too far (or Rooster's advanced senescence) the cause.

Share this post


Link to post
Share on other sites
... Edit Undo, Edit Undo - the second undo doesn't work...
That's Edit - Undo Delete Message, in Mozilla Mail, of course.

Share this post


Link to post
Share on other sites

I've seen this from several mail clients, and it's all been simply anomalies or errors in the processing of the mailbox. In other words, bugs.

Right now I'm using Thunderbird 2.0 beta 2 and my own IMAP server (no spamcop or anything, I just found this post randomly) and I found dozens of such blank emails with the December 31st 1969 4PM date on them, in folders where new mail does not come in. It is NOT spam and it's NOT hacked, they're simply badly delineated or parsed e-mails from the server's storage system, whatever that may be. It could have been a bad copy operation, or bad appending to the mbox file (if that's the method used) or any number of other errors or bugs on either the server or client side. Most likely not a spammer.

As for the "random" date, an above poster was entirely correct -- it's known as the UNIX "Epoch", which is the start of all time measurement on UNIX servers, the minimum of an usigned 32-bit integer representation corresponding to zero (0). In other words, it's your e-mail program's way of translating ABSOLUTELY NOTHING into a date. With that in mind, and the fact that there's no other data in these e-mails, we can basically conclude (and my tests have proven) that the e-mail is one byte long, the null byte, the end-of-file only! It's an error, an off-by-one, a mistake in an operation, a bug. Nothing to worry about. :-)

When I was reading this I couldn't believe the guy who said he proposed to his wife on the UNIX Epoch. I would have given anything to be able to brag about that for the rest of my life, and he didn't even know it.... Just remember that that was the point TIME BEGAN in the eyes of system administrators everywhere. ;-)

Share this post


Link to post
Share on other sites

Thanks for that trisweb - kind of you to drop by and offer your resolution.

No doubt Rooster hugely delights in his retrospective nerdiness but one trusts any resultant offspring might be spared the specific knowledge.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×