Jump to content

Unknown Date, Invalid Address, [No Subject]


sam-cop
 Share

Recommended Posts

Does anyone else get these types of emails and end up in your heldmail and are able to get through to inbox?

it was about 2 months ago I started getting flooded with these constantly. The emails are sent directly to my spamcop address. Its always missing the Date, Return Path (always <>), and never a subject. Here's a copy of the last email from this spammer (spamcop message source). Please note I intentionally left off my spamcop email address [at] cesmail.net:

Return-Path: <>

Delivered-To: intentionally left off [at]cesmail.net

Received: (qmail 16082 invoked from network); 15 Apr 2009 05:33:00 -0000

X-spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on blade2.cesmail.net

X-spam-Level: ****************

X-spam-Status: hits=16.3 tests=MISSING_DATE,MISSING_HB_SEP,MISSING_HEADERS,

MISSING_MID,MISSING_SUBJECT,TVD_SPACE_RATIO,URIBL_BLACK,URIBL_JP_SURBL,

URIBL_SBL version=3.2.4

Received: from unknown (192.168.1.107)

by blade2.cesmail.net with QMQP; 15 Apr 2009 05:33:00 -0000

Received: from z9280179.dgrad.ru (92.252.241.37)

by mx70.cesmail.net with SMTP; 15 Apr 2009 05:32:59 -0000

X-AntiVirus: Checked by Dr.Web [version: 4.44, engine: 4.44.0.09170, virus records: 565644, updated: 14.04.2009]

Received: (qmail 3211 invoked from network); Wed, 15 Apr 2009 09:07:54 +0300

Received: from unknown (HELO drthgf) (36.216.167.146)

by z9280179.dgrad.ru with SMTP; Wed, 15 Apr 2009 09:07:54 +0300

Message-ID: <002601c9bd88$227a92b0$24d8a792[at]DARS2drthgf>

From: "Reggie Newsome" <mavirenkgrafik[at]nl.abb.com>

To: <intentionally left off [at]cesmail.net>

Subject: Your manhood will stay, our licensed goods guarantee it!

Date: Wed, 15 Apr 2009 09:07:54 +0300

MIME-Version: 1.0

Content-Type: text/plain;

format=flowed;

charset="windows-1252";

reply-type=original

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 5.50.4029.2901

X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4029.2901

Sale closing tomorrow http://uxf.haomkunsel.com/

***************

In my heldmail I have been simply checking off "report as spam" and figured the emails were being reported. One day I decided to copy and paste the entire message found in the message source screen and report it manually. Here's what spamcop reports back to me when I copy and pasted the above:

SpamCop v 4.5.0.101 © 1992-2009 Cisco Systems, Inc. All rights reserved.

No blank line delineating headers from body - abort

Here is your TRACKING URL - it may be saved for future reference:

http://www.spamcop.net/sc?id=z2794054071zd...335d057e41d3b4z

Skip to Reports

View entire message

Parsing header:

This header is incomplete. Please supply the full headers of the spam you're trying to report.

No source IP address found, cannot proceed.

Add/edit your mailhost configuration

Finding full email headers

Submitting spam via email (may work better)

Example: What spam headers should look like

No body text provided, check format of submission. spam must have body text.

**************

Is this some new spammer tactic? Would a filter rule just help to block these types of spammer altogether from even getting through to my spamcop mail?

If anyone has any suggestions or explanation please post. Thanks!

Link to comment
Share on other sites

It has been demonstrated that the "message source" shown in the webmail system when using Internet Explorer sometimes isn't really the raw source, while Firefox behaves properly. If you have Firefox installed (and I'd recommend it), try that...otherwise, if you're using IE, then once you've clicked on the "Message source" link, then "right mouse click" on that "source" and do a "View source" to get the true source. You might find that the problems you've mentioned above are fixed.

DT

Link to comment
Share on other sites

(Unknown address [no subject]) in SpamCop Mail display

Does anyone else get these types of emails and end up in your heldmail and are able to get through to inbox?

it was about 2 months ago I started getting flooded with these constantly. The emails are sent directly to my spamcop address. Its always missing the Date, Return Path (always <>), and never a subject. Here's a copy of the last email from this spammer (spamcop message source). Please note I intentionally left off my spamcop email address [at] cesmail.net:

Return-Path: <>

[...]

If anyone has any suggestions or explanation please post. Thanks!

The <> is legitimate, some servers do this when forwarding.

I can't say as to this one, but it is always worth going to the VER Reports tab and looking to see what is still marked as "no reports" hours after everything else is complete.

Thus if the parser thinks there is no body, because no blank line separates, it will get reported properly from SpamCop Mail Held Mail, "report as spam" but not from VER Quick Report.

I have had a trickle of [No Subject] for years and these often won't report because the parser objects to not having a "From:". If you copy/paste from SpamCop Mail "source" into the Web page box and add a blank From: they parse but this is a improper alteration so the report must be canceled and if wanted a manual report done but for your case you may properly paste, adding a trailing blank line followed by a "improper or missing body" comment line

For missing From you can find all such with "Search" for "From does not contain ".". You may be able to think up something similar for missing subject or just scan the SpamCop Mail folder listing on screen.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...