Spammer ‘address probe’ likely cause of empty e-mails - East Valley Tribune: Business

Spammer ‘address probe’ likely cause of empty e-mails

Print
Font Size:
Default font size
Larger font size

Posted: Monday, January 3, 2005 9:48 am | Updated: 9:54 am, Fri Oct 7, 2011.

January 3, 2005

Q: I have been getting a lot of empty e-mails with no sender’s name or subject in the header. Is this possibly a new attempt by someone to deliver a virus or more likely someone that doesn’t know how to send email? — Reyn

A: The "blank e-mail" trend that seems to be growing can be attributed to a number of possible causes.

One likely cause is from a spammer that is operating an "address probe" process which simply sends a blank message to a mail server to see whether it will accept it.

If it does, the automated system makes note of the address and adds it to a list of validated addresses. If it’s rejected, then it knows not to send any more spam to that address.

Another possibility is an automated spam attempt that has the recipient addresses but none of the other information (including the spam itself !) made it into the message because of poor scripting or coding.

All large-scale spam operations work with automated processes and much of their automation is derived from the process of trial and error in an effort to beat out spam filters.

Another very likely cause is that a malicious "worm" with a poorly coded "payload" (which is the resulting actions after a successful attack) has infected a computer that has your email address in its address book and is sending these blank e-mail messages as a result.

The majority of known email worms and viruses have very poorly written routines that often break down in the middle, which prevents the intended malicious activity from completing properly.

There are a handful of known virus and worm attacks (most notably the W32.Beagle family) that can use a blank message as a delivery vehicle, but they are always accompanied by an attachment (usually a .exe file) that is required to be opened in order to complete the attack.

Many large corporate email servers as well as many ISPs will strip away known malicious file attachments from messages before delivering them to users, which would result in a message to the recipient with no subject, no sender, no message and no attachment.

Depending upon how your mail server handles this situation, you may or may not get a notification about a stripped file attachment, so you may want to contact your administrator or ISP to find out whether this is a possibility.

There is yet another more technical possibility which has to do with the format of the message.

E-mail programs that are capable of displaying HTML messages (much like a Web site) can be fooled into running a script in the background of a message, while displaying what appears to be nothing to the user.

These scripts — aka "web bugs" — can notify the spammer that not only did you receive the blank message, but you also tried to read it, which makes you a more desirable target for them.

All of these possibilities should be a wake up call to lazy e-mail senders that don’t bother to put anything into the Subject line; your mail is now even more likely to be ignored or deleted before it’s opened!

  • Discuss

'EV Women in Business'

A PDF of the Tribune special section, featuring a mix of sponsored content from our loyal advertisers and newsroom coverage of the East Valley business community.

Your Az Jobs