Jump to content

Blank spams in Held Email


Keithj

Recommended Posts

In the past, I've had the odd blank item in the long daily list of spam held by Spamcop.

Abruptly, on 27th February 2012, I started getting large numbers of "blanks". These are cases where there is a reference number, but absolutely nothing in the body. Clicking on one brings up the message "error:Cannot find 173112" (or whatever the number may be).

Google tells me that's because a spammer is probing to see if my address is live - but in that case he's doing a lot of probing because I'm getting 50 to 100 a day of these.

This is a fairly typical evening's crop of spam:

http://jillings.org/spamcopblanks.jpg

What exactly is happening? Where are these items coming from? Should I do anything?

[edit] - image converted to URL, it's done its job - and we don't do external images on the forum.

Link to comment
Share on other sites

Yes, they are probably probes to see whether your mail service bounces them. They may be part of so-called mail-host attacks (or "dictionary attacks") used to create or launder spam mailing lists. I don't know why the spammer would keep doing this over and over on the same domains or addresses, he may just be stupid (that is disappointingly often the case).

You can report these, although SpamCop may refuse to do so if they literally have no bodies. You can add a body to get around this: simply copy the header (which you can see with the preview link), paste it into a text editor, add a blank line at the end (important) followed by another line saying "(no body in original message)" or some such simple statement in order to make clear that they've been altered by you. Then, copy the now-bodied message and paste it into the SC reporting form and the reporting should proceed.

Of course, reporting these will not necessarily stop the culprit, but if he is too greedy then his MTA address might wind up on the SC blocking list, which if nothing else should attract the attention of the operator of the address.

-- rick

Link to comment
Share on other sites

Log into the webmail interface

http://webmail.spamcop.net/horde/imp/login.php

Use the "Folders" icon and empty your Held Mail and Trash folders.

No promises, but that should fix it.

Just so there's no confusion... I work for the reporting side of SpamCop, which is a completely separate company from the Email Service you have your account with. If the problem is not about spam reporting, all I can offer is advice.

Your contact at the Email Service is: support[at]spamcop.net

- Don -

Link to comment
Share on other sites

Oh, my bad, now I have to clean up my mess. Looking at your JPG again I see that the empty messages don't show from-addresses or date info so you may just be looking at "ghosts" or artifacts of the SpamCop mail system that could be purged in the manner that Don suggests. If you can't get any headers from the preview links, then they aren't real messages that could be reported.

-- rick

(wow, post number 1000 for me!)

Link to comment
Share on other sites

http://jillings.org/spamcopblanks.jpg

What exactly is happening? Where are these items coming from? Should I do anything?

http://jillings.org/spamcopblanks.jpg

IMO a spambot has your email address and bombing you with spam.

To report blank spam

you have to click preview and copy the text of headers

Then going (log in) to your "report spam" page paste this text in "box'

Push enter twice and type in "NO TEXT IN spam BODY" then enter again

The "Process spam" button should work

By reporting it does shut the spambot down (most ISP's do react to abuse/security reports

particularly if you use Greylisting. As this means mail is being sent through a hacked computer or password compromised email account. Greylisting only accepts email from genuine email servers.

When this happens to me to make it a bit easier I past the

Push enter twice and type in "NO TEXT IN spam BODY" then enter again

[edit] img converted to URL. We don't do external images on the forum.

Link to comment
Share on other sites

...

To report blank spam

...

I think we're talking about the REALLY blank "messages" with no headers or deficient headers. Probably no "Received:" lines which are essential, certainly no "From:", "Date:" or "Subject:" lines (and a "From:" is certainly amongst the headers needed to keep the parser happy). If that is the case those ones are some sort of "artefact", as Ric has suggested.

If there were (at least) "Received:" and "From:" headers but no body, then petzl's method of inserting "NO TEXT IN spam BODY" will certainly be effective in making a valid spam submission out of something which would otherwise fail.

Link to comment
Share on other sites

I think we're talking about the REALLY blank "messages" with no headers or deficient headers. \

O K but I get on occasions the exact same thing as the picture indicates (they have headers but no "from" address or subject hitting the "preview" shows headers sometime spamvertisted url in headers). Which I then report and after a few days the "blank" emails disappear (the spam-bot sending them dies dies).

Link to comment
Share on other sites

O K but I get on occasions the exact same thing as the picture indicates (they have headers but no "from" address or subject hitting the "preview" shows headers sometime spamvertisted url in headers).

[...]

Yes, but as the OP said "error:Cannot find 173112" , VER preview doesn't work for a sufficiently defective email. IIRC either From or Subject missing. you have to view it from webmail plus the parse insists on a basic minimum of header fields.

This has been discussed wrt the reporting RULEZs - it isn't allowed to send a report having added Subject: blank to get the parser to work.

In the past these have been due to a damaged spam emitter and all had a message-id with a "[".

Link to comment
Share on other sites

Curious, I'd almost be tempted to try to POP one of these just to see what I got.

I occasionally get messages with the "error:Cannot find" business, but I always chalked it up to a cranky database. In most cases, trying again a time or two would in fact reveal a message that SpamCop wasn't incined to give me at first.

-- rick

Link to comment
Share on other sites

Well, clearing out the Folders didn't do it. A few hours later, this is what appears in the "Held" mail folder:

http://jillings.org/spamcopb2.jpg

I can delete them quite happily, but I'm curious about what they are - there's no body, no subject, no headers, no nothing.

That image is from "WebMail"

You need to view it from VER heldmail

http://mailsc.spamcop.net/reportheld?action=heldlog

This is the image (note preview link where you should be able to copy header text from)

http://dl.dropbox.com/u/50667687/VER.png

Link to comment
Share on other sites

That image is from "WebMail"

You need to view it from VER heldmail

http://mailsc.spamcop.net/reportheld?action=heldlog

This is the image (note preview link where you should be able to copy header text from)

http://dl.dropbox.com/u/50667687/VER.png

As I noted and the OP complained, VER Preview doesn't work here "error:Cannot find 173112"

IIRC SC webmail view original does work as does POP and these minimalist emails do turn out to have Received: header lines.

Link to comment
Share on other sites

Well, the blanks have stopped. But so has everything else. Spamcop is dead: I can't get into webmail to read my mail and it's not forwarding it to me either.

I prefer the blanks. At least I was getting the important mail.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...