Solved

Blank emails recieved without any sender name

Posted on 2004-09-28
9
369 Views
Last Modified: 2011-09-20
I will present a "strange" situation. Some of the users are receiving blank e-mails without any sender name, recipient, data, subject, etc.  When I look in Microsoft Outlook at Options to see the Internet Headers, at "Received: from" only the IP address is there (no email address). I localized the IP addresses in countries we don't have commercial partnerships, so it's becoming more stranger. My question is what is the purpose of this activity, how our users emails addresses had been disclosed knowing that they are used for business purposes (personally I don't send emails outside company) and if this messages could be blocked at an Exchange box level.

Thank you
0
Comment
Question by:destiny777
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
9 Comments
 
LVL 15

Expert Comment

by:scampgb
ID: 12170367
Hi destiny777,

Are the emails unsolicited, junk messages?

Junk mail / spam is a huge problem and it's very difficult to stop.
Take a look at  http://spam.abuse.net/ which explains a little about it.

There are a number of tools you can use for Exchange that are designed to filter out junk mail, and you might want to take a look at the Exchange Message filter - http://www.microsoft.com/exchange/downloads/2003/imf/default.asp
0
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 12172912
What you are recieving is termed as SPAM. These are solicited mails that are being sent to your domain.

>> Why, there are no Received: from entries?
The reason is that the SPAMmers use specialized software. These are specifically designed software meant for sending such junk mails that have misleading/missing info, so they can't be traced back.


>> how our users emails addresses had been disclosed
It has to be diclosed only once. Once you submit your address iat a website directly or indirectly, it fnds its way into one or more of databases of millinons of email addresses that spammers use.

To combat this, you need to to use a specialized software that can stop it your Exchange box level. You may find the same easily using Google.
0
 

Author Comment

by:destiny777
ID: 12173510
By definition could be a SPAM, but emails without any information to recipient? My concern is like this is a probing activity because a lot of users started recieving these blank emails at the same time and there is no correlation among browsing behavior to say that they registred with same websites. Could be that exchange server, which is not on our premises had been hacked or that somehow our w2000 servers had been "reviewed". I would be glad to be a simple spam but how could I be sure of this?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 19

Expert Comment

by:RanjeetRain
ID: 12173569
I reieve a lot of such mails. I panicked initially. I did all the 'counter probing', only to find out it was SPAM. Do you mind posting the "entire source" of any such message? I have noticed, many of then contain virus/trojan.
0
 

Author Comment

by:destiny777
ID: 12173794
Microsoft Mail Internet Headers Version 2.0
Received: from 81-203-246-113.user.ono.com ([81.203.246.113]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Thu, 16 Sep 2004 05:28:19 -0400
Message-ID: <B4[3

Microsoft Mail Internet Headers Version 2.0
Received: from 207.35.190.7 ([200.167.135.244]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Sun, 19 Sep 2004 21:04:56 -0400
Message-ID: <p6[4

Microsoft Mail Internet Headers Version 2.0
Received: from INAPAT ([81.200.165.163]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Thu, 23 Sep 2004 16:50:34 -0400
Message-ID: <h8[4

Microsoft Mail Internet Headers Version 2.0
Received: from 81-203-160-69.user.ono.com ([81.203.160.69]) by SYYZANTIVIRUS with InterScan Messaging Security Suite; Mon, 27 Sep 2004 03:13:00 -0400
Message-ID: <A1[3

Nothing more than this!
0
 

Author Comment

by:destiny777
ID: 12173840
OK, one thing I don't understand, they are just empty messages, without any attachment, only the header posted, how cold they contain a virus/trojan?
0
 
LVL 19

Expert Comment

by:RanjeetRain
ID: 12173871
There is something wrong with the configuration of ISS (InterScan Messaging Security) configuration. Please send a mail to postmaster@ono.com and see if that helps.

Is the size of mails being reflected correctly. Are they in the order of 200-300 bytes?
0
 

Author Comment

by:destiny777
ID: 12173942
They are all 264 B. The IP addresses are from Spain, Sweden, Brazil we don't have any partnership, subscription, anything in these regions. What do you mean is something wrong with ISS?
0
 
LVL 19

Accepted Solution

by:
RanjeetRain earned 200 total points
ID: 12174034
ISS (InterScan Messaging Security) is a email protection software. It is used by corporations to filter out unwanted mails. Either some of users from your domain used to send mails for which ISS needed to generate delivery failure notifs such as "Mail could not be delivered" or there is something wrong with the ISS config on that domain. These mails dont seem to be complete. ISS doesn't send such incomplete mails. These mails seem so abrupt.

One thing is for sure, if this is all you are recievng, no one can harm you in any way. There is nothing that can be used to establish/generate read notifications etc.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will describe some of the best ways to process an ex-employee from an Office 365 subscription. I will describe the methods I would recommend when the data needs to be kept for the ex-employee as well as how to manage any new email as we…
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …
Many of my clients call in with monstrous Gmail overloading issues with Outlook. A quick tip is to turn off the All Mail and Important folders from synching. Here is a quick video I made to show you how to turn off these and other folders in Gmail s…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question