Solved

Blank emails recieved without any sender name

Posted on 2004-09-28
9
328 Views
Last Modified: 2011-09-20
I will present a "strange" situation. Some of the users are receiving blank e-mails without any sender name, recipient, data, subject, etc.  When I look in Microsoft Outlook at Options to see the Internet Headers, at "Received: from" only the IP address is there (no email address). I localized the IP addresses in countries we don't have commercial partnerships, so it's becoming more stranger. My question is what is the purpose of this activity, how our users emails addresses had been disclosed knowing that they are used for business purposes (personally I don't send emails outside company) and if this messages could be blocked at an Exchange box level.

Thank you
0
Comment
Question by:destiny777
  • 4
  • 4
9 Comments
 
LVL 15

Expert Comment

by:scampgb
Comment Utility
Hi destiny777,

Are the emails unsolicited, junk messages?

Junk mail / spam is a huge problem and it's very difficult to stop.
Take a look at  http://spam.abuse.net/ which explains a little about it.

There are a number of tools you can use for Exchange that are designed to filter out junk mail, and you might want to take a look at the Exchange Message filter - http://www.microsoft.com/exchange/downloads/2003/imf/default.asp
0
 
LVL 19

Expert Comment

by:RanjeetRain
Comment Utility
What you are recieving is termed as SPAM. These are solicited mails that are being sent to your domain.

>> Why, there are no Received: from entries?
The reason is that the SPAMmers use specialized software. These are specifically designed software meant for sending such junk mails that have misleading/missing info, so they can't be traced back.


>> how our users emails addresses had been disclosed
It has to be diclosed only once. Once you submit your address iat a website directly or indirectly, it fnds its way into one or more of databases of millinons of email addresses that spammers use.

To combat this, you need to to use a specialized software that can stop it your Exchange box level. You may find the same easily using Google.
0
 

Author Comment

by:destiny777
Comment Utility
By definition could be a SPAM, but emails without any information to recipient? My concern is like this is a probing activity because a lot of users started recieving these blank emails at the same time and there is no correlation among browsing behavior to say that they registred with same websites. Could be that exchange server, which is not on our premises had been hacked or that somehow our w2000 servers had been "reviewed". I would be glad to be a simple spam but how could I be sure of this?
0
 
LVL 19

Expert Comment

by:RanjeetRain
Comment Utility
I reieve a lot of such mails. I panicked initially. I did all the 'counter probing', only to find out it was SPAM. Do you mind posting the "entire source" of any such message? I have noticed, many of then contain virus/trojan.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:destiny777
Comment Utility
Microsoft Mail Internet Headers Version 2.0
Received: from 81-203-246-113.user.ono.com ([81.203.246.113]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Thu, 16 Sep 2004 05:28:19 -0400
Message-ID: <B4[3

Microsoft Mail Internet Headers Version 2.0
Received: from 207.35.190.7 ([200.167.135.244]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Sun, 19 Sep 2004 21:04:56 -0400
Message-ID: <p6[4

Microsoft Mail Internet Headers Version 2.0
Received: from INAPAT ([81.200.165.163]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Thu, 23 Sep 2004 16:50:34 -0400
Message-ID: <h8[4

Microsoft Mail Internet Headers Version 2.0
Received: from 81-203-160-69.user.ono.com ([81.203.160.69]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Mon, 27 Sep 2004 03:13:00 -0400
Message-ID: <A1[3

Nothing more than this!
0
 

Author Comment

by:destiny777
Comment Utility
OK, one thing I don't understand, they are just empty messages, without any attachment, only the header posted, how cold they contain a virus/trojan?
0
 
LVL 19

Expert Comment

by:RanjeetRain
Comment Utility
There is something wrong with the configuration of ISS (InterScan Messaging Security) configuration. Please send a mail to postmaster@ono.com and see if that helps.

Is the size of mails being reflected correctly. Are they in the order of 200-300 bytes?
0
 

Author Comment

by:destiny777
Comment Utility
They are all 264 B. The IP addresses are from Spain, Sweden, Brazil we don't have any partnership, subscription, anything in these regions. What do you mean is something wrong with ISS?
0
 
LVL 19

Accepted Solution

by:
RanjeetRain earned 200 total points
Comment Utility
ISS (InterScan Messaging Security) is a email protection software. It is used by corporations to filter out unwanted mails. Either some of users from your domain used to send mails for which ISS needed to generate delivery failure notifs such as "Mail could not be delivered" or there is something wrong with the ISS config on that domain. These mails dont seem to be complete. ISS doesn't send such incomplete mails. These mails seem so abrupt.

One thing is for sure, if this is all you are recievng, no one can harm you in any way. There is nothing that can be used to establish/generate read notifications etc.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Suggested Solutions

Are you having trouble connecting or getting your iPhone / Samsung device(s) to sync with Microsoft Exchange Server?   What have you tried?   What haven't you tried?
Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now