Jump to content

How to handle null from emails?


spiralocean

Recommended Posts

Everyonce in a while, I receive an email with a null from field! I didn't think this was possible, but apparently in the world of spam anything is possible.

I looked at the article in the FAQ

http://www.spamcop.net/fom-serve/cache/372.html

&

http://seclists.org/lists/bugtraq/2002/Mar/0051.html

But these articles are more from an admin point of view than an email recipient point of view.

My question is this:

How should I handle these emails? Do I report them or just delete them.

Here is the raw source:

From (null) Thu Jul 29 20:35:43 2004

Return-Path: <BXYQOSAYIBP[at]mail15.com>

Delivered-To: mymungedemail[at]spamcop.net

Received: (qmail 12580 invoked from network); 30 Jul 2004 02:34:47 -0000

Received: from unknown (192.168.1.101)

by blade6.cesmail.net with QMQP; 30 Jul 2004 02:34:47 -0000

Received: from xxxx-xxx-xx-xx-80.xxxxxxxx.net (HELO myhost.com) (xxx.xx.xxx.80)

by mailgate.xxxxxx.net with SMTP; 30 Jul 2004 02:34:47 -0000

Received: (qmail 2598 invoked by uid 51); 30 Jul 2004 02:35:16 -0000

Delivered-To: popuser-xxxxxx-xxxxxx[at]xxxxxx.com

Received: (qmail 2590 invoked from network); 30 Jul 2004 02:35:15 -0000

Received: from unknown (HELO 207.44.232.49) (61.74.200.6)

by localhost with SMTP; 30 Jul 2004 02:35:15 -0000

X-Message-Info: 00+rqqs7618/pZv[1-3

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6

X-spam-Level: ***

X-spam-Status: hits=3.2 tests=DATE_MISSING,FROM_NO_LOWER,RCVD_NUMERIC_HELO

version=2.63

X-SpamCop-Checked: 192.168.1.101 207.44.233.80 207.44.232.49 61.74.200.6

Link to comment
Share on other sites

Everyonce in a while, I receive an email with a null from field!  I didn't think this was possible, but apparently in the world of spam anything is possible.

I looked at the article in the FAQ

http://www.spamcop.net/fom-serve/cache/372.html

&

http://seclists.org/lists/bugtraq/2002/Mar/0051.html

But these articles are more from an admin point of view than an email recipient point of view.

My question is this:

How should I handle these emails?  Do I report them or just delete them.

Here is the raw source:

From (null) Thu Jul 29 20:35:43 2004

Return-Path: <BXYQOSAYIBP[at]mail15.com>

Delivered-To: mymungedemail[at]spamcop.net

Received: (qmail 12580 invoked from network); 30 Jul 2004 02:34:47 -0000

Received: from unknown (192.168.1.101)

  by blade6.cesmail.net with QMQP; 30 Jul 2004 02:34:47 -0000

Received: from xxxx-xxx-xx-xx-80.xxxxxxxx.net (HELO myhost.com) (xxx.xx.xxx.80)

  by mailgate.xxxxxx.net with SMTP; 30 Jul 2004 02:34:47 -0000

Received: (qmail 2598 invoked by uid 51); 30 Jul 2004 02:35:16 -0000

Delivered-To: popuser-xxxxxx-xxxxxx[at]xxxxxx.com

Received: (qmail 2590 invoked from network); 30 Jul 2004 02:35:15 -0000

Received: from unknown (HELO 207.44.232.49) (61.74.200.6)

  by localhost with SMTP; 30 Jul 2004 02:35:15 -0000

X-Message-Info: 00+rqqs7618/pZv[1-3

X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on blade6

X-spam-Level: ***

X-spam-Status: hits=3.2 tests=DATE_MISSING,FROM_NO_LOWER,RCVD_NUMERIC_HELO

version=2.63

X-SpamCop-Checked: 192.168.1.101 207.44.233.80 207.44.232.49 61.74.200.6

14267[/snapback]

FROM is not an RFC required header. Your determinant as to whether an email is spm aor not shouldn't be based on whether there is a FROM name or not altho it's more likely to be spam if there is no FROM I would guess as rational correspondents would include a FROM header :-)

Link to comment
Share on other sites

Also, remember that the majority of spam messages us forged From and Reply to fields anyway.

I would say that a null from is actually "nicer" than a forged one.

Link to comment
Share on other sites

Thanks for the responses. The strange thing about these emails, is there is no from, no to, no subject and no body! The raw source that I posted in this thread is the entire email!

So when I report this to Spamcop, I get the error message:

No data / Too much data

from SpamCop.

These emails are strange. Is a spammer trying to locate working accounts? Can anyone say what is going on with these emails?

Link to comment
Share on other sites

Thanks for the reply Wazoo. As long as that is the cause, I don't have to worry too much. I'll just keep hitting the delete key.

Maybe these emails have something to do with getting through SpamCop? Since they can't be reported because they have no body? So a spammer can send out these blank emails, and see how many get through. If they get through, then they know they can send. Because the "test" emails have no body they can't be reported and the path remains open for the real spew.

Link to comment
Share on other sites

Thank you! I added no body to the email before processing. When it got to the spamcop processing page there was a message stating that body information was found in the header. I'm not sure what I need to do to start the header. I looked at some other emails and there wasn't a body tag, but there was some charset information.

Anyway, Spamcop accepted that report!

Much appreciation for sending me to that link!

Link to comment
Share on other sites

Thank you!  I added no body to the email before processing.  When it got to the spamcop processing page there was a message stating that body information was found in the header.  I'm not sure what I need to do to start the header.  I looked at some other emails and there wasn't a body tag, but there was some charset information.

Anyway, Spamcop accepted that report!

Much appreciation for sending me to that link!

14329[/snapback]

...You're quite welcome. And thanks for posting back here to let us know that you were successful in achieving your goal.
Link to comment
Share on other sites

Thank you!  I added no body to the email before processing.  When it got to the spamcop processing page there was a message stating that body information was found in the header.  I'm not sure what I need to do to start the header.  I looked at some other emails and there wasn't a body tag, but there was some charset information.

If you're talking about the item that you previously posted, the only way I can see a "body in header" error showing up is if you forgot the blank line between the header and the added content.

Anyway, Spamcop accepted that report!

Much appreciation for sending me to that link!

14329[/snapback]

Glad it helped.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...