From: Invalid Address

[JZiehl]

Has anyone else see this? Since friday, I have gotten hundreds and hundreds of email messages in my inbox that have the from say Invalid Address, these are all spam messages and spamcop knows the address is bad, yet spamcop is not stopping them. I cleaned out my email last night at 12am and only had about 60-75 messages, today I opened my inbox to find almost 400 messages. All but 3 of the new ones were this Invalid Address message.

Whats going on? Spamcop has been so good up until now.

Jonathan

[StevenUnderwood]

spamcop knows the address is bad, yet spamcop is not stopping them

Spamcop does not block on the from address, it blocks on the IP addresses the message has traveled through.

Also, it is not spamcop specific that "knows the address is bad", most likely any client software would see something similiar since that is all the webmail application is.

Most likely, this is similiar to the German spam that some people have been receiving in that it is coming through many new open proxies. Those open proxies appear to have been opened by a virus on each of the machines. It takes a little while for multiple reports to come through about a specific IP address when it can be added to the blocklist. Also, it seems many people are simply deleting these messages because of the sheer numbers, so the IP's are not necessarily being added to the blocklist. Spamcop counts on the cooperation of people who receive spam to report it to protect others using the blocklist.

If a virus writer and spammer get together, they can probably get notification a machine is infected and get spam flowing through the machine within minutes of the virus infecting the machine and keep it running for at least a few hours before it makes the blocklist. If the virus is widespread, so is the spam.

[JZiehl]

I’m actually using the spamcop webmail client. That is the client telling me it’s an invalid address. I understand its what ever software they are using, but if it can figure it out the filters should be able too.

I reported the first 1000 or so messages, but gave up on that because it was slowing down my retrieval of mail and the reporting engine seemed to be hanging.

This has not stopped and its averaging 1 message a minute or about 60 an hour.

Any suggestions, other than creating a white list of email addresses and only allowing those?

[StevenUnderwood]

but if it can figure it out the filters should be able too.

The "filters" that spamcop uses does not look at the From address because it is usually forged. It only looks at the IP addresses. Valid messages could show up with invalid address in the display as well, though not likely.

Since you are using the webmail client you could try to setup the webmail filters to clean out the messages for you either manually or automatically. Perhaps there is a header you can see that is common to them all (perhaps a software version of the sending software) you can filter on. Be careful and I would have the messages transferred to another folder so you can check for any false positives.

Good luck