Blank emails recieved without any sender name

I will present a "strange" situation. Some of the users are receiving blank e-mails without any sender name, recipient, data, subject, etc.  When I look in Microsoft Outlook at Options to see the Internet Headers, at "Received: from" only the IP address is there (no email address). I localized the IP addresses in countries we don't have commercial partnerships, so it's becoming more stranger. My question is what is the purpose of this activity, how our users emails addresses had been disclosed knowing that they are used for business purposes (personally I don't send emails outside company) and if this messages could be blocked at an Exchange box level.

Thank you
destiny777Asked:
Who is Participating?
 
RanjeetRainCommented:
ISS (InterScan Messaging Security) is a email protection software. It is used by corporations to filter out unwanted mails. Either some of users from your domain used to send mails for which ISS needed to generate delivery failure notifs such as "Mail could not be delivered" or there is something wrong with the ISS config on that domain. These mails dont seem to be complete. ISS doesn't send such incomplete mails. These mails seem so abrupt.

One thing is for sure, if this is all you are recievng, no one can harm you in any way. There is nothing that can be used to establish/generate read notifications etc.
0
 
scampgbCommented:
Hi destiny777,

Are the emails unsolicited, junk messages?

Junk mail / spam is a huge problem and it's very difficult to stop.
Take a look at  http://spam.abuse.net/ which explains a little about it.

There are a number of tools you can use for Exchange that are designed to filter out junk mail, and you might want to take a look at the Exchange Message filter - http://www.microsoft.com/exchange/downloads/2003/imf/default.asp
0
 
RanjeetRainCommented:
What you are recieving is termed as SPAM. These are solicited mails that are being sent to your domain.

>> Why, there are no Received: from entries?
The reason is that the SPAMmers use specialized software. These are specifically designed software meant for sending such junk mails that have misleading/missing info, so they can't be traced back.


>> how our users emails addresses had been disclosed
It has to be diclosed only once. Once you submit your address iat a website directly or indirectly, it fnds its way into one or more of databases of millinons of email addresses that spammers use.

To combat this, you need to to use a specialized software that can stop it your Exchange box level. You may find the same easily using Google.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
destiny777Author Commented:
By definition could be a SPAM, but emails without any information to recipient? My concern is like this is a probing activity because a lot of users started recieving these blank emails at the same time and there is no correlation among browsing behavior to say that they registred with same websites. Could be that exchange server, which is not on our premises had been hacked or that somehow our w2000 servers had been "reviewed". I would be glad to be a simple spam but how could I be sure of this?
0
 
RanjeetRainCommented:
I reieve a lot of such mails. I panicked initially. I did all the 'counter probing', only to find out it was SPAM. Do you mind posting the "entire source" of any such message? I have noticed, many of then contain virus/trojan.
0
 
destiny777Author Commented:
Microsoft Mail Internet Headers Version 2.0
Received: from 81-203-246-113.user.ono.com ([81.203.246.113]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Thu, 16 Sep 2004 05:28:19 -0400
Message-ID: <B4[3

Microsoft Mail Internet Headers Version 2.0
Received: from 207.35.190.7 ([200.167.135.244]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Sun, 19 Sep 2004 21:04:56 -0400
Message-ID: <p6[4

Microsoft Mail Internet Headers Version 2.0
Received: from INAPAT ([81.200.165.163]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Thu, 23 Sep 2004 16:50:34 -0400
Message-ID: <h8[4

Microsoft Mail Internet Headers Version 2.0
Received: from 81-203-160-69.user.ono.com ([81.203.160.69]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Mon, 27 Sep 2004 03:13:00 -0400
Message-ID: <A1[3

Nothing more than this!
0
 
destiny777Author Commented:
OK, one thing I don't understand, they are just empty messages, without any attachment, only the header posted, how cold they contain a virus/trojan?
0
 
RanjeetRainCommented:
There is something wrong with the configuration of ISS (InterScan Messaging Security) configuration. Please send a mail to postmaster@ono.com and see if that helps.

Is the size of mails being reflected correctly. Are they in the order of 200-300 bytes?
0
 
destiny777Author Commented:
They are all 264 B. The IP addresses are from Spain, Sweden, Brazil we don't have any partnership, subscription, anything in these regions. What do you mean is something wrong with ISS?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.