Blank emails

Chris Fortune cfortune at telus.net
Fri Jun 4 22:48:26 CEST 2004 

The answer to empty emails:  "550 user not found" after the DATA command (ok by RFC2821).  Are there any "real-life" smtp programs
that send empty data ?  I don't think so, and if there are then maybe the sysadmin should be alerted by their users who receive
these bounces.  If this is just caused by poorly constructed spam programs, then we can offer them an opportunity to clean their
lists of "invalid" email addresses.


"-  If the verb is initially accepted and the 354 reply issued, the
      DATA command should fail only if the mail transaction was
      incomplete (for example, no recipients), or if resources were
      unavailable (including, of course, the server unexpectedly
      becoming unavailable), or if the server determines that the
      message should be rejected for policy or other reasons...."

                            - http://www.faqs.org/rfcs/rfc2821.html

Give that spammer a slap!



----- Original Message ----- 
From: "Andreas Pardeike" <andreas at pardeike.net>
To: <bogofilter at bogofilter.org>
Sent: Friday, June 04, 2004 12:31 PM
Subject: Re: Blank emails


> Jozef Hitzinger wrote:
> 
> > I've seen these a few months ago quite a lot, now it ceased. If it appears
> > again in quantities that'll be a problem, I plan to patch MTA to refuse
> > mail without headers (fisrt line in DATA section is empty) during SMTP
> > phase.
> > 
> > I know it's not strictly following the RFC, but in a world where so many
> > mails abuse that RFC by forging headers, it's one of the ways to ease
> > things for the us before we get some SMTP fix/replacement. It's about how
> > many legitimate mails without headers you expect to get (me zero).
> 
> At first I thought that those empty emails were just a clever way to 
> work around spam filters by having users delete them without classifying 
> them as spam. The idea here is that if you just send out enough empty 
> emails before you deliver the payload (real message) then most filters 
> might pass the payload message as ham because of the very hammy headers.
> 
> But then again, quite some of those empty emails contain little if not 
> no header information at all. So my second guess is that there is some 
> kind of buggy or difficult to configure spam software out and lots of 
> spammers have problems with it.
> 
> Still, I see this as an interesting phenomena,
> Andreas Pardeike
> 
> 
> _______________________________________________
> Bogofilter mailing list
> Bogofilter at bogofilter.org
> http://www.bogofilter.org/mailman/listinfo/bogofilter
>

More information about the Bogofilter mailing list