Annoying email; Blank subject, body, Sender??
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Annoying email; Blank subject, body, Sender??

  1. #1
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332

    Exclamation Annoying email; Blank subject, body, Sender??

    Everyday I receive an email from nobody, with no subject, and no body; however the email is average 60-75k???? Which appears to be random in size.

    I can't add a filter because there is no email address.
    I have added it as spam with my ISP, yet now I receive more of this message daily. I currently run an updated Win XP Sp1 patched as of 3/21, Computer Associates AV, Active ports running, WinPatrol Scotty Watch Dog, with a few other tweeks including a wall. I do not use Outlook for obvious reasons, I logon to my ISP's server and use my broswer to access my email. Plain and simple, then all the "crap" is on their side not mine.

    I can not find anything on myside that would suggest compromise or infection. So I must assume this email is in fact being sent to me for some reason that is unbeknownst to me. But WTF is the reason? What am I missing?


    Anybody have any good ideas?

    Be safe and stay free
    Your heart was talking, not your mind.
    -Tiger Shark

  2. #2
    Member
    Join Date
    Sep 2006
    Location
    At a keyboard
    Posts
    82
    Sounds like a spam email that was corrupted at some point during transfer, or it could be ina format that the web based mail system can not read correctly. You might not be able to filter for what it is, may be a filter for what it isn't would do the trick. Possible require the sending address to have an @.

  3. #3
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,188
    try setting up a gmail address, and forward the email to it, gmail has a 'view original' option that might show something... it is odd that the message still says 60-75k but contains nothing... I am sure someone here will come up with something better to try... but that is just a thought...


    edit:

    I noticed you said XP SP1... I am hoping you meant SP2 ... not that this would have any affect on the issue that we are discussing, but could have cause quite a few other problems...
    Last edited by westin; March 25th, 2007 at 12:12 AM.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  4. #4
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Read the headers.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  5. #5
    do you have option to block IP address in your spam filter ?? then find the IP in header and block it, in my antispam filter i can make cusotm rules to block blank sender and blank subject.
    one of the great day in my life when i found antionline.com

  6. #6
    AO Part Timer
    Join Date
    Feb 2003
    Posts
    332
    Read the headers.
    What a simple idea, what was I thinking? It appears to be coming from two different sources.

    I am going to start I suppose with filtering the return path?

    Return-Path: <inverness@leehom.net>
    Received: from eastrmimpi03.cox.net ([68.1.16.121])
    by eastrmmtai112.cox.net
    (InterMail vM.7.05.02.00 201-2174-114-20060621) with ESMTP
    id <20070327010049.FDM3038.eastrmmtai112.cox.net@eastrmimpi03.cox.net>;
    Mon, 26 Mar 2007 21:00:49 -0400
    Received: from 201-24-123-56.bnut3702.dsl.brasiltelecom.net.br ([201.24.123.56])
    by eastrmimpi03.cox.net with IMP
    id fczW1W00f1D6zpV0000000; Mon, 26 Mar 2007 21:00:47 -0400
    Received: from 0.132.137.185 by 201.24.123.56; Mon, 26 Mar 2007 22:56:42 -0300
    Message-ID: <20070327010049.FDM3038.eastrmmtai112.cox.net@eastrmimpi03.cox.net>
    Date: Mon, 26 Mar 2007 21:00:49 -0400


    The cox.net if I am reading this correctly is from my side of the mail handling correct?
    Your heart was talking, not your mind.
    -Tiger Shark

  7. #7
    as you said first block return path domain, if it doesnt work try to block IP and see few days. if none of your reguler mails are coming from that IP, keep it in black list.
    one of the great day in my life when i found antionline.com

  8. #8
    Senior Member alakhiyar's Avatar
    Join Date
    Dec 2006
    Location
    Land of Oryx
    Posts
    255
    I receive those-not every day, but frequently enough to note them like you have.

    I think they are a form of spam, sent not just to me but to thousands of others as well. I screen them as best I can at the ISP level, don't open them and delete them.

    If there is a purpose, I don't get it. Maybe I am supposed to respond, saying there was a mistake since there was no message, so that the sender can determine that my e-mail address is a live one. That would be a stupid thing for me to do, of course, but some people may do that.

    Someone else here better versed in e-mail technology may be able to explain them better.
    (\__/)
    (='.'=)
    (")_(")

  9. #9
    rebmeM roineS enilnOitnA steve.milner's Avatar
    Join Date
    Jul 2003
    Posts
    1,018
    It might be worth registering an account with spamcop and then sending the email to them for analysis.

    A complaint to abuse@noc.brasiltelecom.net.br is probably in order since it seems that one of their customers (probably unknowingly) is the source of the spam.

    eastrmimpi03.cox.net ([68.1.16.121]) seems to configured poorly, accepting mail from a dsl connection rather than from another mail server. The address 201-24-123-56.bnut3702.dsl.brasiltelecom.net.br ([201.24.123.56]) is probably a zombied machine being used to deliver spam - running it's own cut down smtp server to send mail directly to your ISPs main gateway.

    [steve@delld820 ~]$ whois cox.net
    [Querying whois.verisign-grs.com]
    [whois.verisign-grs.com]

    Whois Server Version 2.0

    Domain names in the .com and .net domains can now be registered
    with many different competing registrars. Go to http://www.internic.net
    for detailed information.


    Domain Name: COX.NET
    Registrar: NETWORK SOLUTIONS, LLC.
    Whois Server: whois.networksolutions.com
    Referral URL: http://www.networksolutions.com
    Name Server: NS.COX.NET
    Name Server: NS.EAST.COX.NET
    Name Server: NS.WEST.COX.NET
    Status: clientTransferProhibited
    Updated Date: 03-oct-2006
    Creation Date: 14-mar-1995
    Expiration Date: 15-mar-2013


    This look like your ISP ? I guess so.

    What I'm wondering is what is trying to be acheived here. Are your defences removing the nasy stuff in the mail, or is something else afoot.

    Steve
    IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com

  10. #10
    Senior Member
    Join Date
    Mar 2003
    Location
    central il
    Posts
    1,779
    steve had it basicly right. Cox is your ISP. soem zombied computer is hittign your ISP with spam. get teh IP address for that system adn run a block on it...even if that computer is owned by someon you want to get mail from their mail will come from a real mail server....then let brasil telecom know that they have a DSL customer at 201-24-123-56.bnut3702 sending spam...that is surely covered in terms of servie...the ywill either nuke the spammer or help the person clean up their machine.
    Who is more trustworthy then all of the gurus or Buddha’s?

Similar Threads

  1. BS email about sales calls and junk mail
    By valhallen in forum AntiOnline's General Chit Chat
    Replies: 6
    Last Post: August 1st, 2005, 11:30 PM
  2. Tcp/ip
    By gore in forum Newbie Security Questions
    Replies: 11
    Last Post: December 29th, 2003, 08:01 AM
  3. the anonymity tutorial
    By hot_guy in forum AntiOnline's General Chit Chat
    Replies: 3
    Last Post: August 2nd, 2003, 03:18 PM
  4. Newbies, list of many words definitions.
    By -DaRK-RaiDeR- in forum Newbie Security Questions
    Replies: 9
    Last Post: December 14th, 2002, 08:38 PM
  5. Anonymoity Tutorial
    By ac1dsp3ctrum in forum The Security Tutorials Forum
    Replies: 8
    Last Post: February 13th, 2002, 12:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •