Phantom e-mail
October 29, 2005 9:51 PM   Subscribe

Phantom e-mail: I keep getting e-mail messages that don't appear to be from anyone at all. No sender, no recipient, no subject.

Here's what the headers look like:

Date: October 29, 2005 11:37:12 PM EDT
X-Comment: Sending client does not conform to RFC822 minimum requirements
X-Comment: Date has been added by Maillennium
Received: from tdev253-109.codetel.net.do ([200.88.253.109]) by sccrmxc17.comcast.net (sccrmxc17) with SMTP id <2 0051030033612s17002hvsge>; Sun, 30 Oct 2005 03:36:58 +0000
Received: from localhost.localdomain (200.88.253.109 [200.88.253.109]) by 63.240.76.26 with ESMTP id e99si1[2][7]qbe.2005.91.0[2
X-Originating-Ip: [200.88.253.109]


The only indication that there's something in my inbox is there's a date stamp.

I know how to go after spammers via Spamcop, or by tracking down info from IP addresses and such contained in the headers, so my question isn't about that. I guess I'm wondering How did they do that? considering there apparently are minimum requirements for header information. Have spammers found the ultimate way of circumventing spam filters?
posted by emelenjr to Computers & Internet (17 answers total)
 
That would take 30 seconds to write a filter for. Write one yourself or email Comcast, who may have a valid reason for letting these in.
posted by onalark at 9:59 PM on October 29, 2005


Different mail servers have different requirements for this type of thing, but many implementations simply don't care what you put (or don't put) in the header.

I suspect the drama plays out something like this:

Client: MAIL FROM:
Server: OK
Client: RCPT TO: someuser@example.com
Server: OK

The server most likely does its own timestamping, so there's that, but it's not obligated to follow up on the data it's getting and it works with what it's got.
posted by moift at 10:22 PM on October 29, 2005


Response by poster: Huh, thanks for that. It's not a big hassle over here, as I already have Mail.app set to dump any messages that don't come from people in my address book or people I've already e-mailed into the Junk folder. Just odd... very limited header info (which doesn't appear to follow somebody's rules) and no e-mail text at all.
posted by emelenjr at 10:38 PM on October 29, 2005


Thanks for asking the question. I've been getting a couple of those a day for a few weeks now, and it's been perplexing me. At least now I know I'm not alone.
posted by mkhall at 1:49 AM on October 30, 2005


I had them for a while, a few months ago. Googling seems to indicate lots of people have had them. They didn't show up in Mailwasher but when I went to download mail into OE there would sometimes be 50+ of the things.

Then they went away and (touch wood) I haven't seen them since.
posted by essexjan at 3:16 AM on October 30, 2005


do these email carry any content ?
posted by flyby22 at 5:14 AM on October 30, 2005


do these email carry any content ?

The ones I had carried no addressee, no sender, no subject line, no attachment, no content, absolutely nothing. The size showed as 1kb in my Inbox.
posted by essexjan at 7:01 AM on October 30, 2005


Response by poster: No content at all, flyby22. Since posting this thread I've received at least three more (I think at least one more came in last night before I went to bed, and there are two in my inbox this morning) all seeming to originate from different ISPs, judging by the headers—which don't seem all that reliable anyway.

From the headers I posted above, codetel.net.do is interesting...
posted by emelenjr at 8:30 AM on October 30, 2005


Yeah...seems to be a big barrage of these blank emails this week. I got 4 earlier this week and 4 more this morning.
posted by Thorzdad at 11:01 AM on October 30, 2005


Sometimes people testing a list will run a scripted delivery this way, trying to pickup bounce messages, delivery errors, and such to clean their lists. Keeping headers to a minimum and zero content cuts their computer time per delivery. I recommend you auto-filter all zero content message to dev/null, and never look back. Few folks doing this are likely to be doing it from valid addresses, so unless you especially like playing internet whack-a-mole, ignore, delete, rinse & repeat, IMHO.
posted by paulsc at 1:14 PM on October 30, 2005


I've been bouncing them back manually in my mail app hoping it is someone testing a spam list.
posted by jerseygirl at 2:13 PM on October 30, 2005


I've been getting these too, and I also use Comcast. They've clearly switched to a new spam filter.
posted by ikkyu2 at 3:03 PM on October 30, 2005


I've been getting them too, for about three or four days now. I'm also with Comcast.
posted by Acetylene at 4:16 PM on October 30, 2005


Oh, also with Comcast here too.
posted by jerseygirl at 4:36 PM on October 30, 2005


I've received around 100 of these over the last 3 days on my comcast.net account. None on gmail, mail.com, hotmail or work accounts.
posted by nenequesadilla at 12:29 AM on October 31, 2005


There's a ghost in the machine.
posted by Four Flavors at 9:49 AM on October 31, 2005


Hooray! I only received two of these today!
posted by nenequesadilla at 5:52 PM on November 1, 2005


« Older Was Edison's original light bulb really designed...   |   Broken Car Key Newer »
This thread is closed to new comments.


Tags

Share