-
March 24th, 2007, 07:18 AM
#1
Annoying email; Blank subject, body, Sender??
Everyday I receive an email from nobody, with no subject, and no body; however the email is average 60-75k???? Which appears to be random in size.
I can't add a filter because there is no email address.
I have added it as spam with my ISP, yet now I receive more of this message daily. I currently run an updated Win XP Sp1 patched as of 3/21, Computer Associates AV, Active ports running, WinPatrol Scotty Watch Dog, with a few other tweeks including a wall. I do not use Outlook for obvious reasons, I logon to my ISP's server and use my broswer to access my email. Plain and simple, then all the "crap" is on their side not mine.
I can not find anything on myside that would suggest compromise or infection. So I must assume this email is in fact being sent to me for some reason that is unbeknownst to me. But WTF is the reason? What am I missing?
Anybody have any good ideas?
Be safe and stay free
Your heart was talking, not your mind.
-Tiger Shark
-
March 24th, 2007, 08:30 AM
#2
Sounds like a spam email that was corrupted at some point during transfer, or it could be ina format that the web based mail system can not read correctly. You might not be able to filter for what it is, may be a filter for what it isn't would do the trick. Possible require the sending address to have an @.
-
March 24th, 2007, 11:07 PM
#3
try setting up a gmail address, and forward the email to it, gmail has a 'view original' option that might show something... it is odd that the message still says 60-75k but contains nothing... I am sure someone here will come up with something better to try... but that is just a thought...
edit:
I noticed you said XP SP1... I am hoping you meant SP2 ... not that this would have any affect on the issue that we are discussing, but could have cause quite a few other problems...
Last edited by westin; March 24th, 2007 at 11:12 PM.
\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"
-HST
-
March 25th, 2007, 06:54 AM
#4
“Everybody is ignorant, only on different subjects.” — Will Rogers
-
March 25th, 2007, 08:01 AM
#5
Member
do you have option to block IP address in your spam filter ?? then find the IP in header and block it, in my antispam filter i can make cusotm rules to block blank sender and blank subject.
one of the great day in my life when i found antionline.com
-
March 28th, 2007, 07:52 AM
#6
What a simple idea, what was I thinking? It appears to be coming from two different sources.
I am going to start I suppose with filtering the return path?
Return-Path: <inverness@leehom.net>
Received: from eastrmimpi03.cox.net ([68.1.16.121])
by eastrmmtai112.cox.net
(InterMail vM.7.05.02.00 201-2174-114-20060621) with ESMTP
id <20070327010049.FDM3038.eastrmmtai112.cox.net@eastrmimpi03.cox.net>;
Mon, 26 Mar 2007 21:00:49 -0400
Received: from 201-24-123-56.bnut3702.dsl.brasiltelecom.net.br ([201.24.123.56])
by eastrmimpi03.cox.net with IMP
id fczW1W00f1D6zpV0000000; Mon, 26 Mar 2007 21:00:47 -0400
Received: from 0.132.137.185 by 201.24.123.56; Mon, 26 Mar 2007 22:56:42 -0300
Message-ID: <20070327010049.FDM3038.eastrmmtai112.cox.net@eastrmimpi03.cox.net>
Date: Mon, 26 Mar 2007 21:00:49 -0400
The cox.net if I am reading this correctly is from my side of the mail handling correct?
Your heart was talking, not your mind.
-Tiger Shark
-
March 28th, 2007, 08:45 AM
#7
Member
as you said first block return path domain, if it doesnt work try to block IP and see few days. if none of your reguler mails are coming from that IP, keep it in black list.
one of the great day in my life when i found antionline.com
-
March 28th, 2007, 01:28 PM
#8
I receive those-not every day, but frequently enough to note them like you have.
I think they are a form of spam, sent not just to me but to thousands of others as well. I screen them as best I can at the ISP level, don't open them and delete them.
If there is a purpose, I don't get it. Maybe I am supposed to respond, saying there was a mistake since there was no message, so that the sender can determine that my e-mail address is a live one. That would be a stupid thing for me to do, of course, but some people may do that.
Someone else here better versed in e-mail technology may be able to explain them better.
-
March 30th, 2007, 08:38 AM
#9
It might be worth registering an account with spamcop and then sending the email to them for analysis.
A complaint to abuse@noc.brasiltelecom.net.br is probably in order since it seems that one of their customers (probably unknowingly) is the source of the spam.
eastrmimpi03.cox.net ([68.1.16.121]) seems to configured poorly, accepting mail from a dsl connection rather than from another mail server. The address 201-24-123-56.bnut3702.dsl.brasiltelecom.net.br ([201.24.123.56]) is probably a zombied machine being used to deliver spam - running it's own cut down smtp server to send mail directly to your ISPs main gateway.
[steve@delld820 ~]$ whois cox.net
[Querying whois.verisign-grs.com]
[whois.verisign-grs.com]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: COX.NET
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS.COX.NET
Name Server: NS.EAST.COX.NET
Name Server: NS.WEST.COX.NET
Status: clientTransferProhibited
Updated Date: 03-oct-2006
Creation Date: 14-mar-1995
Expiration Date: 15-mar-2013
This look like your ISP ? I guess so.
What I'm wondering is what is trying to be acheived here. Are your defences removing the nasy stuff in the mail, or is something else afoot.
Steve
IT, e-commerce, Retail, Programme & Project Management, EPoS, Supply Chain and Logistic Services. Yorkshire. http://www.bigi.uk.com
-
March 30th, 2007, 03:46 PM
#10
steve had it basicly right. Cox is your ISP. soem zombied computer is hittign your ISP with spam. get teh IP address for that system adn run a block on it...even if that computer is owned by someon you want to get mail from their mail will come from a real mail server....then let brasil telecom know that they have a DSL customer at 201-24-123-56.bnut3702 sending spam...that is surely covered in terms of servie...the ywill either nuke the spammer or help the person clean up their machine.
Who is more trustworthy then all of the gurus or Buddha’s?
Similar Threads
-
By valhallen in forum AntiOnline's General Chit Chat
Replies: 6
Last Post: August 1st, 2005, 10:30 PM
-
By gore in forum Newbie Security Questions
Replies: 11
Last Post: December 29th, 2003, 08:01 AM
-
By hot_guy in forum AntiOnline's General Chit Chat
Replies: 3
Last Post: August 2nd, 2003, 02:18 PM
-
By -DaRK-RaiDeR- in forum Newbie Security Questions
Replies: 9
Last Post: December 14th, 2002, 08:38 PM
-
By ac1dsp3ctrum in forum The Security Tutorials Forum
Replies: 8
Last Post: February 13th, 2002, 12:36 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|