Blank Email.... whats the point?
Results 1 to 8 of 8

Thread: Blank Email.... whats the point?

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    171

    Question Blank Email.... whats the point?

    Ok,

    Been getting more and more emails into my exchange server that are blank. Meaning no sender, no subject, no body. Nadda. They do have header info, and always the RDNS fails, once in a great while it will have some info about the sender.. Twice that has been "easypost.com".

    My question is whats the point of sending these? Is there some purpose that they can be used for, other then detecting the actual domain exsists? They dont look like they are being stripped on the way in. Why would someone send these messages repeatedly?


    Thanks!
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  2. #2
    Senior Member
    Join Date
    Feb 2004
    Location
    Near Manchester (England)
    Posts
    145

    Lightbulb This is just a guess...

    Perhaps to steal bandwidth?

    Other than that, I'm as puzzled as you are. Would be interested in others thoughts on this. I wonder if anyone else here has a similar experience.

    Just to clarify, I haven't experienced this.
    Tomorrow is another day for yesterdays work!

  3. #3
    I've experienced similar things just on my e-mail client. Beats the heck outta me. Perhaps a test message of some sort? Spammers fishing to see if there's life over there?

  4. #4
    Member
    Join Date
    Aug 2004
    Posts
    51
    specially if you're gonna reply on it, then they know that you exists
    juicy`peanut

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Sometimes a spam dork will send an email run out with a mis-configuration in their software
    sending millions of blank emails.

    Whatever you do, try not to tell your MTA to drop email from NULL (<>) senders.

    Most NDR's ( non delivery reports) are sent with a null sender.
    RFC-821 wants you to take delivery of email with null senders.

    Lot's of people say Q!#$ the RFC...
    It's usually not a big deal if you don't but I know of several blacklists using zone listings
    from rfc-ignorant.org which will list mail exchangers not accepting email from null senders.
    FYI

  6. #6
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,228
    Perhaps they're not really empty emails...

    From Wikipedia, the free encyclopedia.

    A web bug (also known as a tracking bug, pixel tag, Web beacon or clear gif) is a technique for determining who viewed an HTML-based email message or a web page, when they did so, how many times, how long they kept the message open, etc.

    Usually, a web bug is a transparent image or an image in the colour of the background of what you are viewing. It is typically 1*1 pixels in size. But other techniques can also be used to track usage, such as iframes.

    In effect, most people won't notice that what they are viewing is bugged. Web bugs are a favorite tool that spammers use to verify working email addresses.

    Web bugs usually have a unique name that somehow identifes what is being tracked. For example, let's name one http://nosey-site.example.com/mail_to_john_doe.gif. When you read email sent by profit-motive.example.com, the HTML information in the message you are viewing causes your email software to automatically fetch the image, and thus give some information to nosey-site.example.com. Because they usually have a uniquely named bug in each message sent out (mail_to_john_doe in this case), they can see who read each message and when. This info can be used to measure the effect of advertisements, see when people look at pages, and enable them to look up the region the person is from via IP address information. Since many web bugs point to sites that aggregate information from hundreds or thousands of firms, and since HTTP cookies are often employed, they can be used to track people's browsing habits or even email usage across a wide swath of the Internet and can be used to accumulate personal information. Note that most aggregators deny that they use the information to invade the privacy of individuals.

    Web bugs are also used on web pages when the author of a web page wants to allow another organization to also track people who use their page.

    Some email software is designed to prohibit the display of remote graphics in HTML email by default, and thus prevent traditional web bugs from working. Examples include the Yahoo! and SpamCop/Horde webmail clients, and the Thunderbird, Opera, Mutt and Pine mail clients. But other HTML techniques like iframes can still be used to track email viewing, so some of these clients still aren't adequately protecting their users.

    Plain-text email messages cannot contain web bugs. Avoiding the use of HTML when you forward mail will prevent others from being tracked by any web bugs that might be in the mail you are forwarding (e.g. you can convert them to plain text via copy-all and paste).

    Disabling "third party" cookies will help prevent web bug users from linking together information on what email you read with the different web sites you visit, and thus from building a bigger personal information dossier...
    Source: http://en.wikipedia.org/wiki/Web_bug
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  7. #7
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    ss2: The RFC mandates, (if you want to play in the real world), that NDR's are sent from &lt;&gt; and all messages from &lt;&gt; should be accepted.... But a lot of people who don't get why the from is &lt;&gt; start blocking it.... Then they spend hours working on issues of email transmission where the user knows they sent it and have spoken to the recipient on the phne and knows they didn't receive it..... Guess who is to blame.....

    Binary: Since I'll only mispell your name if I try to write it...

    Yep, I read about a bunch who are refining lists so that there are the minimum "dead mailboxes" for when they sell the lists that use the same thing.... If you right click on the email and "View source" you will sometimes find the img source. However, as was already mentioned a lot of them are just misconfigured spambots.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  8. #8
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    Originally posted here by Tiger Shark
    ss2: The RFC mandates, (if you want to play in the real world), that NDR's are sent from &lt;&gt; and all messages from &lt;&gt; should be accepted.... But a lot of people who don't get why the from is &lt;&gt; start blocking it.... Then they spend hours working on issues of email transmission where the user knows they sent it and have spoken to the recipient on the phne and knows they didn't receive it..... Guess who is to blame.....
    Add to that things like out of office loops and it makes me want to go back to paper mail...

    Don't mis-understand my reason for posting, I got screwed by the null sender thing years ago and like to be sure people are careful when considering checking that box to ignore null senders in Exchange..It's very tempting..

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides