incoming mail without information in the from, to, subject fields

Discussion in 'Computer Security' started by Doug Fox, Apr 17, 2004.

  1. Doug Fox

    Doug Fox Guest

    Lately, a friend has been receiveing many incoming mail without any
    information (blank) in the form, to, and subject fields. He uses MS
    Outlook. How a mail without information in the "To" field arriving in his
    inbox? Any info are gratefully appreciated.

    Thanks,
     
    Doug Fox, Apr 17, 2004
    #1
    1. Advertisements

  2. Doug Fox

    Alan Connor Guest

    His address is probably in the Bcc field, the contents of which are stripped off
    by the ISP before sending to his POP/IMAP account. "Blind Carbon Copy"....

    The rest were just left off the original post.

    Getting the mail out with nothing in the From: field means it is coming from an
    unusually-configured MTA, probably. Most will not accept mail with no From:
    header.

    (MTA -- Mail Transfer Agent. They handle Mail (SMTP) for some users and all ISPs
    and LANs...Recieving and sending.)

    When you send mail off, it probably goes to your ISP's full-featured MTA and is sent
    there by a minimally-featured 'partial' MTA on your box.


    AC
     
    Alan Connor, Apr 17, 2004
    #2
    1. Advertisements

  3. In SMTP, the headers are not used for mail delivery, they're strictly
    "FYI" information for humans. Mail delivery is controlled by commands
    given during the SMTP dialogue.

    Try this from a command prompt:

    telnet <yourmailserver> 25
    helo anyname
    mail from:<>
    rcpt to:<>
    data
    This is a message with no header.
    ..
    quit

    Replace <yourmailserver> with the SMTP server you have configured in
    your mail client.
     
    Barry Margolin, Apr 17, 2004
    #3
  4. You want to give an example of that?

    Bearing in mind that, (i) IIRC, the RFC explicitly states that a blank SMTP
    from should be accepted, and (ii) that performing content inspection is
    usually the prerogative of an anti-spam engine.

    OK, so there's at least one server that combines the two functions (I wrote
    it ;o), and there may well be more out there. Wouldn't necessarily call them
    common, though..

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Apr 17, 2004
    #4
  5. An empty return path doesn't mean that there would be no "From:" line. For
    bounce messages, the latter is usually set to postmaster, mailer-daemon or
    something similar, "at" the domain in question.

    Anyway, I can't recall when I would have encountered an SMTP server that
    would have rejected a message because of a lacking "From:" line. I have seen
    many which have read, and optionally modified, the "From:" line though.

    Not a security issue; follow-ups set.

    Thor
     
    Thor Kottelin, Apr 17, 2004
    #5
  6. Doug Fox

    Alan Connor Guest

    I tried that and got a "From " header with the address in the "mail from:<.*>
    header. No other headers, but that one for sure. Tried twice.

    AC
     
    Alan Connor, Apr 17, 2004
    #6
  7. Doug Fox

    Don Kelloway Guest


    To expand upon Barry's example and if you want to send/receive the email
    with a blank From and Subject line, do this:

    Type telnet <yourmailserver> 25 (press Enter)
    Type HELO anyname (press Enter)
    Type MAIL FROM:<> (press Enter)
    Type RCPT to:<> (press Enter)
    Type DATA (press Enter)
    Type From: (press Enter)
    Type Subject: (press Enter 3x)
    Type . (press Enter)
    Type QUIT (press Enter)

    --
    Best regards,
    Don Kelloway
    Commodon Communications

    Visit http://www.commodon.com to learn about the "Threats to Your
    Security on the Internet".
     
    Don Kelloway, Apr 17, 2004
    #7
  8. Doug Fox

    Alan Connor Guest


    The Earthlink SMTP servers won't accept that.

    550 rejected: there is no valid sender in any header line (envelope sender is <>)

    I also tried it with an address in the "MAIL FROM:<>" but with the
    From: after DATA being blank, but it was rejected too:

    550 rejected: there is no valid sender in any header line (envelope sender is <>)

    (For the OP: If you can't get off the server, press Ctrl-], which is {usually} the
    escape character for telnet, and then type quit again)


    AC
     
    Alan Connor, Apr 17, 2004
    #8
  9. Doug Fox

    Don Kelloway Guest

     
    Don Kelloway, Apr 18, 2004
    #9
  10. Doug Fox

    Alan Connor Guest

     
    Alan Connor, Apr 18, 2004
    #10
  11. Doug Fox

    Bill Unruh Guest

    ]>
    ]>> >>
    ]>> >> > Lately, a friend has been receiveing many incoming mail without
    ]> any
    ]>> >> > information (blank) in the form, to, and subject fields. He uses
    ]> MS
    ]>> >> > Outlook. How a mail without information in the "To" field
    ]> arriving
    ]>> > in his
    ]>> >> > inbox? Any info are gratefully appreciated.

    Bcc:
    Blind carbon copy sends a copy of the message without a To: field
    necessarily. It is used to send copies of a message to undisclosed
    recipients, just like Cc: but without displaying the name of the
    recipient.

    You can certainly send a message without a From: or subject fields.
    Whether such is accepted by the recipient is up to the recipient.



    ]You signature, Don, is oversized. The maximum size is 4 lines below
    ]the delimiter. If I see it again I will killfile you.


    OOO. A real threat that. Next you will say you will hold your breath
    until you are blue in the face.
     
    Bill Unruh, Apr 18, 2004
    #11
  12. Doug Fox

    Alan Connor Guest

    The SMTP hosts at most ISPs will reject mail without a From: field.
    Try it.
    That makes TWO stupid statements you have made in this post.


    AC
     
    Alan Connor, Apr 18, 2004
    #12
  13. Doug Fox

    Scott B. Guest

    Just for amusement, dejagoogle news.admin.net-abuse.email (subject
    contains Alan Connor) for the past month. For particular amusement,
    check out the thread with the subject
    "Messages from Alan Connor qualify as cancellable excessive bulk
    postings" or if you want to read just that one article, here is the
    MessageID:


    For some readers who may not know what I meant by dejagoogle, it is a
    term for Google's Usenet archive, and here is a URL:
    http://groups.google.com/advanced_group_search
     
    Scott B., Apr 18, 2004
    #13
  14. Doug Fox

    Alan Connor Guest

    So Scott, are you one of the spammers who is so upset with the sort of
    mail filters I advocate and use that you can't see straight?

    Why else would you post something so utterly irrelevant to this newsgroup
    and the thread?

    Spammers hate these filters because they can't beat them, and will stop
    at nothing to discredit them: Most of the participants in that thread
    are spammers' sockpuppets, which you surely know, yet fail to inform
    the readers here...

    The fact is, that people who use these filters get no spam, have no problems
    receiving mail they want to receive (including from mailing lists com-
    mericial and non-commercial) and don't have to mess with their filters
    at all: Spam is just GONE from their lives.

    See the URLs in my sig for lots of useful information on the topic,
    including links to pages that Scott here would definitely approve
    of: They are filled with lies about such filters.

    AC
     
    Alan Connor, Apr 18, 2004
    #14
  15. Some do. Many don't.
     
    Barry Margolin, Apr 19, 2004
    #15
  16. Not in my experience. I just sent a test message, and it went through
    OK.

    telnet smtp.comcast.net 25
    helo barmar
    mail from:<>
    rcpt to:<>
    data
    This is a message with no headers.
    ..
    quit

    Here's the message that arrived as a result:

    Received: from alum-2.mit.edu ([18.7.21.145])
    by sccrmxc17.comcast.net (sccrmxc17) with ESMTP
    id <20040419011330s1700dt9fde>; Mon, 19 Apr 2004 01:13:30 +0000
    X-Originating-IP: [18.7.21.145]
    Received: from rwcrmhc13.comcast.net (rwcrmhc13.comcast.net
    [204.127.198.39])
    by alum-2.mit.edu (8.12.8p2/8.12.8) with ESMTP id i3J1DT3Y015969
    for <>; Sun, 18 Apr 2004 21:13:29 -0400 (EDT)
    Message-Id: <>
    Date: Mon, 19 Apr 2004 01:13:29 +0000 (GMT)
    X-Comment: Sending client does not conform to RFC822 minimum requirements
    X-Comment: Date has been added by Maillennium
    Received: from barmar (h0030bdc4b3bb.ne.client2.attbi.com[24.128.26.140])
    by comcast.net (rwcrmhc13) with SMTP
    id <2004041901131501500rh81re>; Mon, 19 Apr 2004 01:13:23 +0000
    X-EFL-Spamscore: 22%
    X-Spam-Flag: NO

    This is a message with no header
     
    Barry Margolin, Apr 19, 2004
    #16
  17. Have. Doesn't.

    One US ISP != The World

    From your other point
    (it's fairly
    apparent that you either haven't done a lot of research on spam, or (again)
    are in a special case of approximately one.

    The is all drifting a little OT for this froup - if you want to start a
    discussion, I'd suggest that you take a look at this:

    http://www.codecutters.org/spam/

    and respond offline (i.e. via email)

    H1K
     
    Hairy One Kenobi, Apr 19, 2004
    #17
  18. [Subject changed. Strip ("was: ...") part, if present, when responding.]

    Why don't you call it "Google Groups"? That is what Google calls it
    and that is good enough for me and most other people. "dejagoogle" is
    just a meaningless, confusing and wrong term.
     
    Frank Slootweg, Apr 19, 2004
    #18
  19. He must be an older user. Before Google acquired it, it was DejaNews.
    And even after several years, he can't let it go.
     
    Barry Margolin, Apr 19, 2004
    #19
  20. It still sometimes turns up as a reference to "Deja/Google", for the
    chronically-challenged.

    (Incidentally, from [cough] Google, it appears that we're in the presence of
    a Usenet "god". 1983, no less: with an Oric-1 at home and an RML-380Z at
    school.. well, my life! Heck, you'd have to sell at least two teachers on
    the open market to afford a modem, and a classroom to pay for the online
    charges ;o)

    Ahhh... 300 baud modems: "LIST? What?!? NO! Sh*t - wrong key!", followed by
    "Ah well, let's get a coffee - we'll be able to reboot their system in
    another 20 minutes or so"

    --

    Hairy One Kenobi

    Disclaimer: the opinions expressed in this opinion do not necessarily
    reflect the opinions of the highly-opinionated person expressing the opinion
    in the first place. So there!
     
    Hairy One Kenobi, Apr 20, 2004
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.