incoming mail without information in the from, to, subject fields

Discussion in 'Computer Security' started by Doug Fox, Apr 17, 2004.

  1. Doug Fox

    Scott B. Guest

    You guys are right... it is past time to let it go. I guess I was
    trying to honor the defunct DejaNews, but that seems silly now that I
    think about it; there is no loss involved anyway since the Google
    Usenet archive includes the DejaNews archive. I like Google, so I
    should use the correct name for the Google Usenet archive:
    "Google Groups."
     
    Scott B., Apr 20, 2004
    #21
    1. Advertisements

  2. Doug Fox

    Scott B. Guest

    Barry Margolin has had a high score in my various newsreaders for a
    long time. I read a reply to one of his Usenet articles recently
    that made me think "This guy has no clue regarding Barry Margolin."

    I appreciate Barry Margolin's contributions to Usenet newsgroups.
     
    Scott B., Apr 20, 2004
    #22
    1. Advertisements

  3. Yes, I know. That is why I said "confusing".

    Frank "A really old user, who uses the *right* term." Slootweg
     
    Frank Slootweg, Apr 20, 2004
    #23
  4. Doug Fox

    Leythos Guest

    There are some of us that were on before Deja started, some of us
    started with old 110 Baud modems in the very early 80's. BM is one of
    the people I respect in these groups.
     
    Leythos, Apr 20, 2004
    #24
  5. 110 Baud? ONE HUNDRED AND TEN? What's wrong with 75? :) FWIW, BM and
    I are probably of about the same vintage (computers since 1968, Internet/
    Usenet since 1984, e-mail somewhere in between those dates). I respect
    him too. What was the reason for your comment? Did I show no respect?
     
    Frank Slootweg, Apr 20, 2004
    #25
  6. Doug Fox

    Leythos Guest

    No reason, other than to show my respect for him. Somewhere in this
    thread I got the impression that he needed a little boost and that
    others may not be aware of his value.

    I started with my first computer in the mid-70's, built a COSMAC ELF 4-
    bit unit around 75, got my first real computer - a Commodore PET-2001 in
    76 (memory is bad at this age)... Was using an IBB System 12 mainframe
    with COBOL and RPB around the same time. We use to dial into an open
    line at a university and get 110 baud and access to the net (not called
    the internet in those days)...

    Later, before FIDO started, we use to run BBS's that we wrote that would
    call from one end of the county to the other and then repeat as long as
    it didn't make the call long distance - we could get almost across the
    country like this. Dang, those were great days.
     
    Leythos, Apr 20, 2004
    #26
  7. The "From " line is not a message header, it is a delimiter specific to
    the Unix mbox file format that is added by the MTA (e.g. sendmail or
    procmail). Other file formats like MMDF use different delimiters.

    RFC 822 specifies that a "From:" header is required in the message itself.

    Did you try Barry's experiment with a "MAIL FROM: <address>" different
    than your real <[email protected]> address?
     
    Kevin Rodgers, Apr 20, 2004
    #27
  8. :There are some of us that were on before Deja started, some of us
    :started with old 110 Baud modems in the very early 80's.

    You had a 110 baud modem? Why in my day, we had to go miles in
    winter, uphill in both directions, hand-punch Hollerith cards,
    hand-crafting individual DD statements for a batch job, to get the
    output back a week later telling us we weren't authorized users -- but
    by God, at least they allowed us to do that much! We would have murdered
    some Tilset to have had 110 baud modems!


    (Okay, so I exaggerate a little: sometimes, between semesters, late
    at night when no-one was around, they allowed us to use the KP-19's
    instead of hand-punching the cards. And once they even allowed us
    to use the KP-26!)
     
    Walter Roberson, Apr 20, 2004
    #28
  9. Doug Fox

    Michael Hill Guest

    Hi, all.

    This is my first post to this group; the initial post caught my eye. I
    too am receiving MUCH spam with nothing in the "From", "Subject", or
    "To:" fields.

    The technical back-and-forth is rather interesting; however, I am more
    concerned with blocking future such e-mails. Assuming I do not have
    access to my e-mail server, somebody please tell me how to configure
    Outlook and/or Outlook Express to automatically delete all such future
    e-mails.

    Also, assuming I DO have access to the e-mail server, how do I block
    such e-mails?

    (In either case, there is no "From" address to specify you want
    blocked. Can it be done by IP address?)

    Thanks for any assistance you can provide.


    Michael
     
    Michael Hill, Apr 20, 2004
    #29
  10. Doug Fox

    Leythos Guest

    Mike,

    Short of owning your own email server and installing anti-spam / RBL
    features you can't block spam from being sent to your account.

    What you need to do is create an account name that isn't normal and then
    protect it - don't use it anywhere.

    In case you didn't notice, my posts say they are from ,
    but that's not true. My email address is in my sig and munged so that
    harvesting apps can't easily gather it from usenet.

    This account (below) is considered a throw-away account, meaning if I
    get spam I dispose of the account. I only use that account for Usenet.

    As for how to protect your account, if you use a name like
    you are going to get spam no matter what you do -
    it's an easy guess/name to test.

    Try getting an account name like jsmith55121 or j5smith or j.5.smith or
    something like those to make it hard for the automation scripts to guess
    your address.
     
    Leythos, Apr 20, 2004
    #30
  11. Doug Fox

    Scott B. Guest

    I have never used MS Outlook/Outlook Express, so dunno if those
    programs even offer filters. I do have some suggestions for you,
    though.

    The best (and easiest) thing to do would be to use email through an
    ISP that does the filtering for you. Then just stop using email
    through your current ISP (Shaw?...you could ask them to delete the
    mailbox, I suppose...dunno how much success you would have). Here is
    one example to get you started:

    http://www.blarg.net
    Disclaimer: I use some of the Blarg! services; I am only a customer.

    If you snoop around the Blarg! Website, you'll see that you could get
    email service (POP/IMAP/WWW) for $3(US)/month. You could access your
    email via your cable modem; you would not have to dial in to Blarg!
    They use MAPS RBL+, and you can turn on (and configure) SpamAssassin
    and Accessio via the WWW interface (CCC/BlargMail). If you don't
    know what MAPS RBL+, SpamAssassin, and Accession are, Google
    http://www.google.com
    for them.

    There are various Micros~1 Windows programs that are anti-spam
    "solutions," but I have never used any of them, so I can't recommend
    one. I suspect you would have to pay for each one.

    You should at least switch to the free Micros~1 Windows email client
    Pegasus:
    http://www.pmail.com/
    There is a list of features at this URL:
    http://www.pmail.com/overviews/ovw_winpmail.htm
    There is a review of Pegasus at this URL:
    http://cws.internet.com/mail-pegasus.html

    In case Alan Connor offers his challenge-response thing, use
    http://groups.google.com/advanced_group_search
    Newsgroup news.admin.net-abuse.emal
    Subject Alan Connor
    Language English
    and search for the past month or so, then browse the results to get a
    feel for his stuff.
     
    Scott B., Apr 21, 2004
    #31
  12. Doug Fox

    Scott B. Guest

    Ugh... I hit an extra key... it is Accessio... here you go:
    http://www.miavia.com/
     
    Scott B., Apr 21, 2004
    #32
  13. I'm a young whipper-snapper compared to you, it seems. My first
    computer was a PDP-8i timesharing system in 1977, and I started using
    the Arpanet and email in 1980.
     
    Barry Margolin, Apr 21, 2004
    #33
  14. Erm.. 822 specifies what a From: header /is/, and how it's formatted. RFC
    821 (SMTP, what we're talking about ;o) specifies where a blank From: is
    actually recommended..

    (Hint: mails where failures should not be reported)

    HTH

    H1K
     
    Hairy One Kenobi, Apr 21, 2004
    #34
  15. You may want to have a look at MailWasher (<http://www.mailwasher.net/>).
    It can probably filter out the undesired mail by means of its public and
    your private blacklists. If not, you can create extra Filters. Filters
    can filter on things being (not) equal to some expression, so if you
    make a rule like "From: not equal to <something>", then that essentially
    means "From: empty". FWIW, I use Mailwasher and am quite pleased with it.
    A note of caution: MailWasher can "bounce" back undesired mail. Do *not*
    use that facility, because most likely the bounced message will not be
    sent the the original sender, but to an innocent bystander. I.e. do not
    (try) to 'solve' your spam problem by sending it to someone else.
     
    Frank Slootweg, Apr 21, 2004
    #35
  16. It also lists the headers that are required, and "From:" is one of them.
    RFC 821 refers to the address used in the "MAIL FROM" command, not the
    "From:" header. This address, generally called the "envelope sender",
    ends up in the "Return-Path:" header during final delivery.
     
    Barry Margolin, Apr 21, 2004
    #36
  17. Doug Fox

    Alan Connor Guest

    Ah yes...One of the spammers whose been harassing me for weeks.

    I quit reading his lame posts on the mail groups and now he's following
    me around the Usenet.

    Sometimes he's Peter Ross and sometimes he's.....He has about 50 aliases.


    Spammers HATE mail filters that use Challenge-Responses because they
    can't beat them....

    Hey, spammer's sock puppet "Frank Slootweg"!!

    Thanks for another opportunity to teach people how to keep scum
    like you out of their mailboxes.

    I didn't display this post before deleting everything but the first
    line, because I don't care what creeps like you think.

    You can say anything you want, spammer, but you can't spam ME or
    anyone else that uses these programs.

    Don't like it? Tough you-know-what.

    AC
     
    Alan Connor, Apr 21, 2004
    #37
  18. I haven't gotten much of it lately, but I always thought that spam about
    anti-spam and popup blockers was some of the most ironic stuff on the
    net.
     
    Barry Margolin, Apr 21, 2004
    #38
  19. ... and stipulates specifically when blanks *should* be used. Which is, after
    all, what we're talking about ;o)

    Still, could you point out the section in 822 that states "MUST" have a
    "From:" header? I seem to have missed it, and 4.4.1 seems to contradict your
    view (although it wouldn't be the last time that an RFC wasn't consistent!
    ;o)

    H1K
     
    Hairy One Kenobi, Apr 22, 2004
    #39
  20. Hi H1K.. and TskTsk[tm] to everyone in this subthread because RFC'S 821
    & 822 are **obselete** having been superseded by 2821 & 2822
    respectively.

    RFC 2822 section 3.6 requires "origination date" and "originator
    field(s)". Section 3.6.2 has a slightly different take on Froms, Senders
    et al.

    [email protected]
     
    [email protected], Apr 22, 2004
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.