Blank emails recieved without any sender name

Hi destiny777,

Are the emails unsolicited, junk messages?

Junk mail / spam is a huge problem and it's very difficult to stop.
Take a look at  http://spam.abuse.net/ which explains a little about it.

There are a number of tools you can use for Exchange that are designed to filter out junk mail, and you might want to take a look at the Exchange Message filter - http://www.microsoft.com/exchange/downloads/2003/imf/default.asp

What you are recieving is termed as SPAM. These are solicited mails that are being sent to your domain.

>> Why, there are no Received: from entries?
The reason is that the SPAMmers use specialized software. These are specifically designed software meant for sending such junk mails that have misleading/missing info, so they can't be traced back.


>> how our users emails addresses had been disclosed
It has to be diclosed only once. Once you submit your address iat a website directly or indirectly, it fnds its way into one or more of databases of millinons of email addresses that spammers use.

To combat this, you need to to use a specialized software that can stop it your Exchange box level. You may find the same easily using Google.

By definition could be a SPAM, but emails without any information to recipient? My concern is like this is a probing activity because a lot of users started recieving these blank emails at the same time and there is no correlation among browsing behavior to say that they registred with same websites. Could be that exchange server, which is not on our premises had been hacked or that somehow our w2000 servers had been "reviewed". I would be glad to be a simple spam but how could I be sure of this?

I reieve a lot of such mails. I panicked initially. I did all the 'counter probing', only to find out it was SPAM. Do you mind posting the "entire source" of any such message? I have noticed, many of then contain virus/trojan.

Microsoft Mail Internet Headers Version 2.0
Received: from 81-203-246-113.user.ono.com ([81.203.246.113]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Thu, 16 Sep 2004 05:28:19 -0400
Message-ID: <B4[3

Microsoft Mail Internet Headers Version 2.0
Received: from 207.35.190.7 ([200.167.135.244]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Sun, 19 Sep 2004 21:04:56 -0400
Message-ID: <p6[4

Microsoft Mail Internet Headers Version 2.0
Received: from INAPAT ([81.200.165.163]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Thu, 23 Sep 2004 16:50:34 -0400
Message-ID: <h8[4

Microsoft Mail Internet Headers Version 2.0
Received: from 81-203-160-69.user.ono.com ([81.203.160.69]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Mon, 27 Sep 2004 03:13:00 -0400
Message-ID: <A1[3

Nothing more than this!

OK, one thing I don't understand, they are just empty messages, without any attachment, only the header posted, how cold they contain a virus/trojan?

There is something wrong with the configuration of ISS (InterScan Messaging Security) configuration. Please send a mail to postmaster@ono.com and see if that helps.

Is the size of mails being reflected correctly. Are they in the order of 200-300 bytes?

They are all 264 B. The IP addresses are from Spain, Sweden, Brazil we don't have any partnership, subscription, anything in these regions. What do you mean is something wrong with ISS?