Blank e-mails

[Jan Il]

Hi all -

I have been getting a lot of blank e-mails lately. There is no From, Subject
or body. I am just curious as to what kind of pest this may be related to,
if any. I have looked at the Properties details and message source and they
all seem to be coming from a @cox.net origin. All different names though.

I would truly appreciate any information on these.

Jan

 

[Geese_Hunter]

Hi all -

I have been getting a lot of blank e-mails lately. There is no From, Subject
or body. I am just curious as to what kind of pest this may be related to,
if any. I have looked at the Properties details and message source and they
all seem to be coming from a @cox.net origin. All different names though.

I would truly appreciate any information on these.

Jan

I received a bunch of these types of e-mails in the past 2 weeks. Last
week I didn't receive a 1. Non of them were from cox.com though, I
think the 1's I received were from yahoo.com.

 

[Jan Il]

Hi Geese,

I received a bunch of these types of e-mails in the past 2 weeks. Last
week I didn't receive a 1. Non of them were from cox.com though, I
think the 1's I received were from yahoo.com.

Do you have a Yahoo account too? I truly don't mean to pry, I ask only
because someone in another forum mentioned they got some of these as well,
but did not mention where they came from. I use Cox Cable, and /all/ of the
ones I am getting are from a cox.net origin as well. I was trying to see if
there is a pattern for these being targeted to people who use the same
providers before I contact Cox to look into it. I believe there are also
some out there from Hotmail to Hotmail accounts as well.

Thank you very much for your time and information, I really do appreciate
it.

Jan

 

[See signature below]

Do you have a Yahoo account too? I truly don't mean to pry, I ask only
because someone in another forum mentioned they got some of these as well,

I am not the original poster, but I have one Yahoo email account that
has been getting a lot of these. I don't even open them, so I have no
idea where they are originating. I just mark them as spam, and let
Yahoo do with them what they do.

You know what to do: shdb at slip dot net

 

[Jack the Bear]

Varios people wrote in several messages:

Thank you very much for your time and information, I really do appreciate
it.

Very likely No Text Virus mails which have had the attachments deleted by
Egress Filters.
- Jack.

 

[Jan Il]

Hi,

well,


I am not the original poster, but I have one Yahoo email account that
has been getting a lot of these. I don't even open them, so I have no
idea where they are originating. I just mark them as spam, and let
Yahoo do with them what they do.

Thank you very much for the additional information. I really do appreciate
it.

You know what to do: shdb at slip dot net

.....I do....???

Jan

 

[Jan Il]

Hi,

Varios people wrote in several messages:


Very likely No Text Virus mails which have had the attachments deleted by
Egress Filters.

Haven't heard of that one, but, there are a lot of things going on out there
right now.

Thank you very much for your input, I appreciate it.

Jan

 

[Dale Simmons]

I have too, and I'm a COX user... I have contacted cox about this but have
not received an answer yet... I keep deleting them just in case

 

[Jan Il]

Hi Dale,

I have too, and I'm a COX user... I have contacted cox about this but have
not received an answer yet... I keep deleting them just in case

Hmmm..now it will be interesting to see what they do, if anything. I guess
it would be easier if they were all from the same sender, but, so far all
the ones I've gotten have been from different names and locations. I kept a
couple for reference. It looks like it is just an auto generated message,
and sent to another Cox user. Strange??

Thank you for the additional confirmation on the Cox, I really do appreciate
it. I'll send them some info on the ones I have. Maybe they can find
something somewhere to put the freeze on them within their system. I have
not gotten one yet that was from something other than a cox.net location.

Jan

 

[Dale Simmons]

Hmmmm. I know that when I was in San Diego, COX used .net

Now I'm in Phoenix and COX uses .com here... Don't know if that may help or
not, but just realized it myself

 

[Geese_Hunter]

Hi Geese,



Do you have a Yahoo account too? I truly don't mean to pry, I ask only
because someone in another forum mentioned they got some of these as well,
but did not mention where they came from. I use Cox Cable, and /all/ of the
ones I am getting are from a cox.net origin as well. I was trying to see if
there is a pattern for these being targeted to people who use the same
providers before I contact Cox to look into it. I believe there are also
some out there from Hotmail to Hotmail accounts as well.

Thank you very much for your time and information, I really do appreciate
it.

Jan



Outgoing mail is scanned by AVG
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.592 / Virus Database: 375 - Release Date: 2/18/2004

I think the blank e-mails were from bogus isp's. I seem to recall it was
from something in the neighborhood of y67.com, and a few from hotmail &
yahoo.com

I do have a Yahoo account, but I never really look at that 1, to much
spam so I usually just select all & delete them. The Blank e-mails were
on my main ISP account mtco dot com.

My Isp has a spam filter prog, Postini which I almost never get any
spam. As well it does a virus check before anything is delivered to my
in box.

I did not try to copy the body of the message into notepad to see if
there was any text with a white color

 

[Jan Il]

Hi Dale,

Hmmmm. I know that when I was in San Diego, COX used .net

Now I'm in Phoenix and COX uses .com here... Don't know if that may help or
not, but just realized it myself

Well...that's novel. I live in the San Diego area and I did not realize that
Cox used other extensions such as .com. Never thought of it I guess. So that
might narrow it down to some areas anyway since so far they all end with
cox.net. I've prepared a message to Cox and waiting for a report back from a
contact back east who also uses Cox and has gotten some of these. It's as if
it is going alphabetically. All the names on the ones I have gotten have
started with v's. ???

Thank you for the additional information. I really appreciate it. It's sorta
curious. ;-))

Jan

 

[Jan Il]

Hi Geese,

Hi Geese,

I think the blank e-mails were from bogus isp's. I seem to recall it was
from something in the neighborhood of y67.com, and a few from hotmail &
yahoo.com

I do have a Yahoo account, but I never really look at that 1, to much
spam so I usually just select all & delete them. The Blank e-mails were
on my main ISP account mtco dot com.

My Isp has a spam filter prog, Postini which I almost never get any
spam. As well it does a virus check before anything is delivered to my
in box.

I did not try to copy the body of the message into notepad to see if
there was any text with a white color

Yes, mine are on the main e-mail account. Don't know what all Cox has for
blocking, but, it could be that the composition of these, with little or no
information at all may make it harder to filter. I dunno. ??

Thank you very much for all your time and information, I really appreciate
it.

Jan

 

[Geese_Hunter]

Hi Geese,

Hi Geese,

We had to bring up the blank e-mails didn't we. Look what just came in
the mail, a blank message. here's the message source from outlook
express.

Return-Path: <[email protected]>
Delivered-To: (e-mail address removed)
Received: (qmail 11794 invoked from network); 23 Feb 2004 17:03:18 -0000
Received: from unknown (HELO psmtp.com) (12.158.34.212)
by www.SOMEISP.com with SMTP; 23 Feb 2004 17:03:18 -0000
Received: from source ([68.xxx.223.139]) by exprod5mx45.postini.com
([12.xxx.34.245]) with SMTP;
Mon, 23 Feb 2004 11:03:12 CST
Received: from 196.16.244.181 by 68.xxx.223.139; Mon, 23 Feb 2004
22:53:36 +0600
Message-ID: <M[20
X-pstn-levels: (S:15.43666/98.94254 R:95.9108 P:95.9108 M:98.9607
C:78.1961 )

 

[Geese_Hunter]

Hi Geese,

Hi Geese,

Maybe we should have been talking about getting $20 million delivered to
our doorsteps. I just received a blank everything today.
Here's the message source;

Return-Path: <[email protected]>
Delivered-To: (e-mail address removed)
Received: (qmail 11794 invoked from network); 23 Feb 2004 17:03:18 -0000
Received: from unknown (HELO psmtp.com) (12.158.34.212)
by www.SOMEISP.com with SMTP; 23 Feb 2004 17:03:18 -0000
Received: from source ([68.xxx.223.139]) by exprod5mx45.postini.com
([12.xxx.34.245]) with SMTP;
Mon, 23 Feb 2004 11:03:12 CST
Received: from 196.16.244.181 by 68.xxx.223.139; Mon, 23 Feb 2004
22:53:36 +0600
Message-ID: <M[20
X-pstn-levels: (S:15.43666/98.94254 R:95.9108 P:95.9108 M:98.9607
C:78.1961 )

Doubt if it helps, but just weird timing. Unless someone reading these
posts have figured out my real e-mail & is taunting me now.

 

[See signature below]

Thank you very much for the additional information. I really do appreciate

Here is one I got today. It came to a old geocities address (xxxx
out) that is equated to a yahoo address after Yahoo bought out
geocities.

X-Apparently-To: (e-mail address removed) via 216.109.117.228; Sun, 22 Feb
2004 19:33:21 -0800
Return-Path: <[email protected]>
Received: from 66.130.127.233 (HELO
modemcable233.127-130-66.mc.videotron.ca) (66.130.127.233) by
mta132.mail.dcn.yahoo.com with SMTP; Sun, 22 Feb 2004 19:33:17 -0800
Received: from 132.164.224.206 by 66.130.127.233; Mon, 23 Feb 2004
04:32:56 +0100
Message-ID: <N[20
Content-Length: 0


You know what to do: shdb at slip dot net

 

[Jan Il]

Maybe we should have been talking about getting $20 million delivered to
our doorsteps. I just received a blank everything today.
Here's the message source;

Return-Path: <[email protected]>
Delivered-To: (e-mail address removed)
Received: (qmail 11794 invoked from network); 23 Feb 2004 17:03:18 -0000
Received: from unknown (HELO psmtp.com) (12.158.34.212)
by www.SOMEISP.com with SMTP; 23 Feb 2004 17:03:18 -0000
Received: from source ([68.xxx.223.139]) by exprod5mx45.postini.com
([12.xxx.34.245]) with SMTP;
Mon, 23 Feb 2004 11:03:12 CST
Received: from 196.16.244.181 by 68.xxx.223.139; Mon, 23 Feb 2004
22:53:36 +0600
Message-ID: <M[20
X-pstn-levels: (S:15.43666/98.94254 R:95.9108 P:95.9108 M:98.9607
C:78.1961 )

Doubt if it helps, but just weird timing. Unless someone reading these
posts have figured out my real e-mail & is taunting me now.

Hey, we have the Lotto here in CA., maybe I should buy a Quick-pick. ;-))
Well, in the latest one I just got (AV scanned), the return path is now
showing yahoo.com. First with that one. All the others have been cox.net.,
although it does seem to be inlcuding a cox.net addy. ??? And, there is no
Delivered to or Received in any of the ones I am getting. And there is an
extra Message-id. I doubt anyone is tageting you, or anyone else purposely,
but, you can be sure you'll probably be getting more. I started with only
one or two, now I am getting 15-20 per day. I've been trying to set up the
Rules to filter them, but, it's a bit hard with nothing much to go by. Time
to call in the GhostBusters I guess. ;-))

Return-Path: <[email protected]>
Received: from adsl-67-114-229-214.dsl.lsan03.pacbell.net
([67.114.229.214]) by lakemtai06.cox.net
(InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP
id
<20040223214143.UCJM11045.lakemtai06.cox.net@adsl-67-114-229-214.dsl.lsan03.
pacbell.net>;
Mon, 23 Feb 2004 16:41:43 -0500
Received: from 239.118.180.186 by 67.114.229.214; Mon, 23 Feb 2004
20:39:31 -0100
Message-ID: <S[20
Message-Id:
<20040223214143.UCJM11045.lakemtai06.cox.net@adsl-67-114-229-214.dsl.lsan03.
pacbell.net>
Date: Mon, 23 Feb 2004 16:41:44 -0500

Jan

 

[Jan Il]

Thank you very much for the additional information. I really do

appreciate

Here is one I got today. It came to a old geocities address (xxxx
out) that is equated to a yahoo address after Yahoo bought out
geocities.

X-Apparently-To: (e-mail address removed) via 216.109.117.228; Sun, 22 Feb
2004 19:33:21 -0800
Return-Path: <[email protected]>
Received: from 66.130.127.233 (HELO
modemcable233.127-130-66.mc.videotron.ca) (66.130.127.233) by
mta132.mail.dcn.yahoo.com with SMTP; Sun, 22 Feb 2004 19:33:17 -0800
Received: from 132.164.224.206 by 66.130.127.233; Mon, 23 Feb 2004
04:32:56 +0100
Message-ID: <N[20
Content-Length: 0

Well..looks like yours is sorta between the ones Geese is getting, and the
ones I'm getting. But, they all seem to have to do with Yahoo at ths point.
I got another earlier today and it is with yahoo.com, but has a cox.net addy
in it too.

Return-Path: <[email protected]>
Received: from cpe-68-115-240-201.spa.sc.charter.com ([68.115.240.201])
by fed1mtai09.cox.net
(InterMail vM.5.01.06.08 201-253-122-130-108-20031117) with SMTP
id
<20040223213732.SDTY17016.fed1mtai09.cox.net@cpe-68-115-240-201.spa.sc.chart
er.com>;
Mon, 23 Feb 2004 16:37:32 -0500
Received: from 30.253.162.96 by 68.115.240.201; Mon, 23 Feb 2004 22:34:20
+0100
Message-ID: <G[20
Message-Id:
<20040223213732.SDTY17016.fed1mtai09.cox.net@cpe-68-115-240-201.spa.sc.chart
er.com>
Date: Mon, 23 Feb 2004 16:37:33 -0500

You know what to do: shdb at slip dot net

....nope...not yet. Ahmm...is this a trick question?

Jan

 

[Jan Il]

Hi Dale,



Well...that's novel. I live in the San Diego area and I did not realize that
Cox used other extensions such as .com. Never thought of it I guess. So that
might narrow it down to some areas anyway since so far they all end with
cox.net. I've prepared a message to Cox and waiting for a report back from a
contact back east who also uses Cox and has gotten some of these. It's as if
it is going alphabetically. All the names on the ones I have gotten have
started with v's. ???

Well, this is no longer the case. I am now getting more of them with the
yahoo.com extension, but, there is still a cox.net addy in the details. The
information from my friend back east is for hotmail.com, but, it also has a
cox.net addy in the details. I dunno. ???

Jan

<snip original message>

 

[Trog Dog]

Hi all -

I have been getting a lot of blank e-mails lately. There is no From,
Subject or body. I am just curious as to what kind of pest this may
be related to, if any. I have looked at the Properties details and
message source and they all seem to be coming from a @cox.net origin.
All different names though.

I would truly appreciate any information on these.

Jan

Hi Jan

They could be an attempt to verify that your email address is actually
valid. By having no from,subject or body they will bypass most spam filters
except those that work by analysing the IP addresses in the headers.

Additionally, by not being flagged as spam - those filters that do analyse
the IP addresses, won't flag that IP as a spam source because the message
isn't "spam".