![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Re: Ghost emails from spamcop
WazoO
nobody at devnull.spamcop.net
Sun Sep 26 15:16:21 EDT 2004
"David Barnard" <spamcop.newsgroups at didactylos.net> wrote in message
news:cj6vo0$8if$1 at news.spamcop.net...
> Occasionally (about once a week) I get a mystery email from spamcop
> (although from the look of it, it didn't originate with spamcop). It is
> blank, and broken in other ways. Here are the headers (suitably munged):
>
> Microsoft Mail Internet Headers Version 2.0
> Received: from c60.cesmail.net ([216.154.195.49]) by
ehost004.intermedia.net
> with Microsoft SMTPSVC(6.0.3790.0);
> Sat, 18 Sep 2004 23:53:37 -0700
> Received: from unknown (HELO blade4.cesmail.net) (192.168.1.214)
> by c60.cesmail.net with SMTP; 19 Sep 2004 02:53:25 -0400
> Received: (qmail 1705 invoked by uid 1010); 19 Sep 2004 06:53:25 -0000
> Date: 19 Sep 2004 06:53:25 -0000
> From: spamcop-net at blade4.cesmail.net
> Cc: recipient list not shown: ;
> Delivered-To: spamcop-net-(my spamcop account)
> Received: (qmail 1677 invoked from network); 19 Sep 2004 06:53:24 -0000
> Received: from unknown (192.168.1.103)
> by blade4.cesmail.net with QMQP; 19 Sep 2004 06:53:24 -0000
> Received: from mailforward.freeparking.com (207.61.90.202)
> by mailgate2.cesmail.net with SMTP; 19 Sep 2004 06:53:24 -0000
> Received: from [210.86.94.254] (helo=210-86-94-254.jetstream.xtra.co.nz)
> by mailforward.freeparking.com with smtp (Exim 4.41 #1 (Debian))
> id 1C8vZN-0002SL-0L
> for <(me)>; Sun, 19 Sep 2004 02:53:10 -0400
> Message-ID: <k5[4
> X-Spam-Checker-Version: SpamAssassin 2.64 (2004-01-11) on blade4
> X-Spam-Level: ****
> X-Spam-Status: hits=4.7 tests=DATE_MISSING,FROM_NO_LOWER,INVALID_MSGID
> version=2.64
> X-SpamCop-Checked: 192.168.1.103 207.61.90.202 210.86.94.254
> Return-Path: Kaitlin at targetedmarketing.biz
> X-OriginalArrivalTime: 19 Sep 2004 06:53:38.0038 (UTC)
> FILETIME=[63E09160:01C49E15]
>
> (Note that I have not modified the CC line.)
> Any idea what is going on? Is it a spamcop bug? Badly formatted spam? Or a
> combination of both?
The Message ID is a bit "famous" as being associated with
"blank" spams. Why you are using the phrase "mystery email
from SpamCop" seems odd ... The only thing in your sample
pointing to SpamCop is that the SpamCop e-mail servers
handled your e-mail for you, assumedly in the same fashion
as you "programmed" things and events to occur.
Technically, it's not known whether it's a specific spammer
construct, some idiot that can't sort out the "great" spamming
software just bought, or the handling of the e-mail by one
of the (usually) compromised systems involved in spewing
out the crud. Again, in this case, the SpamCop system
passed on what was received.
More information about the SpamCop-List
mailing list