sam-cop Posted April 15, 2009 Posted April 15, 2009 Does anyone else get these types of emails and end up in your heldmail and are able to get through to inbox? it was about 2 months ago I started getting flooded with these constantly. The emails are sent directly to my spamcop address. Its always missing the Date, Return Path (always <>), and never a subject. Here's a copy of the last email from this spammer (spamcop message source). Please note I intentionally left off my spamcop email address [at] cesmail.net: Return-Path: <> Delivered-To: intentionally left off [at]cesmail.net Received: (qmail 16082 invoked from network); 15 Apr 2009 05:33:00 -0000 X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade2.cesmail.net X-spam-Level: **************** X-spam-Status: hits=16.3 tests=MISSING_DATE,MISSING_HB_SEP,MISSING_HEADERS, MISSING_MID,MISSING_SUBJECT,TVD_SPACE_RATIO,URIBL_BLACK,URIBL_JP_SURBL, URIBL_SBL version=3.2.4 Received: from unknown (192.168.1.107) by blade2.cesmail.net with QMQP; 15 Apr 2009 05:33:00 -0000 Received: from z9280179.dgrad.ru (92.252.241.37) by mx70.cesmail.net with SMTP; 15 Apr 2009 05:32:59 -0000 X-AntiVirus: Checked by Dr.Web [version: 4.44, engine: 4.44.0.09170, virus records: 565644, updated: 14.04.2009] Received: (qmail 3211 invoked from network); Wed, 15 Apr 2009 09:07:54 +0300 Received: from unknown (HELO drthgf) (36.216.167.146) by z9280179.dgrad.ru with SMTP; Wed, 15 Apr 2009 09:07:54 +0300 Message-ID: <002601c9bd88$227a92b0$24d8a792[at]DARS2drthgf> From: "Reggie Newsome" <mavirenkgrafik[at]nl.abb.com> To: <intentionally left off [at]cesmail.net> Subject: Your manhood will stay, our licensed goods guarantee it! Date: Wed, 15 Apr 2009 09:07:54 +0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="windows-1252"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4029.2901 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4029.2901 Sale closing tomorrow http://uxf.haomkunsel.com/ *************** In my heldmail I have been simply checking off "report as spam" and figured the emails were being reported. One day I decided to copy and paste the entire message found in the message source screen and report it manually. Here's what spamcop reports back to me when I copy and pasted the above: SpamCop v 4.5.0.101 © 1992-2009 Cisco Systems, Inc. All rights reserved. No blank line delineating headers from body - abort Here is your TRACKING URL - it may be saved for future reference: http://www.spamcop.net/sc?id=z2794054071zd...335d057e41d3b4z Skip to Reports View entire message Parsing header: This header is incomplete. Please supply the full headers of the spam you're trying to report. No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like No body text provided, check format of submission. spam must have body text. ************** Is this some new spammer tactic? Would a filter rule just help to block these types of spammer altogether from even getting through to my spamcop mail? If anyone has any suggestions or explanation please post. Thanks!
DavidT Posted April 15, 2009 Posted April 15, 2009 It has been demonstrated that the "message source" shown in the webmail system when using Internet Explorer sometimes isn't really the raw source, while Firefox behaves properly. If you have Firefox installed (and I'd recommend it), try that...otherwise, if you're using IE, then once you've clicked on the "Message source" link, then "right mouse click" on that "source" and do a "View source" to get the true source. You might find that the problems you've mentioned above are fixed. DT
michaelanglo Posted April 15, 2009 Posted April 15, 2009 (Unknown address [no subject]) in SpamCop Mail display Does anyone else get these types of emails and end up in your heldmail and are able to get through to inbox? it was about 2 months ago I started getting flooded with these constantly. The emails are sent directly to my spamcop address. Its always missing the Date, Return Path (always <>), and never a subject. Here's a copy of the last email from this spammer (spamcop message source). Please note I intentionally left off my spamcop email address [at] cesmail.net: Return-Path: <> [...] If anyone has any suggestions or explanation please post. Thanks! The <> is legitimate, some servers do this when forwarding. I can't say as to this one, but it is always worth going to the VER Reports tab and looking to see what is still marked as "no reports" hours after everything else is complete. Thus if the parser thinks there is no body, because no blank line separates, it will get reported properly from SpamCop Mail Held Mail, "report as spam" but not from VER Quick Report. I have had a trickle of [No Subject] for years and these often won't report because the parser objects to not having a "From:". If you copy/paste from SpamCop Mail "source" into the Web page box and add a blank From: they parse but this is a improper alteration so the report must be canceled and if wanted a manual report done but for your case you may properly paste, adding a trailing blank line followed by a "improper or missing body" comment line For missing From you can find all such with "Search" for "From does not contain ".". You may be able to think up something similar for missing subject or just scan the SpamCop Mail folder listing on screen.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.