[Dshield] Email oddity, ? meaningful to someone here

John Sage jsage at finchhaven.com
Wed Dec 3 15:32:35 GMT 2003

Here's a recent example of this issue; fortunately this spam is not so
mal-formed that fetchmail can at least generate an error message,
warning me that I need go go up and delete the offending spam on my
POP provider's server.

On Tue, Nov 25, 2003 at 02:53:20PM -0500, Synergy wrote:
> Date: Tue, 25 Nov 2003 14:53:20 -0500
> To: list at dshield.org
> From: Synergy <synergx at attglobal.net>
> Old-X-Envelope-To: list at dshield.org
> Subject: [Dshield] Email oddity, ? meaningful to someone here
> In the last mumble years using Eudora email client I've had three or
> four occasions where a particular message hung the 
> ibm.net/attglobal.net/prserv.net pop server or hung Eudora or
> otherwise refused to be retrieved and had to be deleted in situ. 
> I've had about six or so today.  Two that purported to be from
> Paypal and the rest with blank To:, From: and Subject: fields.  I
> could see the rather brief headers on the blank ones, will provide
> if there's interest and I get any more.  One of the "Paypal" ones
> hung the server (or possibly POP3 Scan) when attempting to fetch
> headers,so I didn't poke at the other one.  

Date: Wed, 3 Dec 2003 07:19:19 -0800
From: FETCHMAIL-DAEMON at finchhaven.com
To: jsage at sparky.finchhaven.net

Reporting-MTA: dns; localhost
Final-Recipient: rfc822; jsage at localhost
Last-Attempt-Date: Wed, 03 Dec 2003 07:19:20 -0800 (PST)
Action: failed
Status: 5.1.7
Diagnostic-Code: 501 5.1.7 Syntax error in mailbox address
 "???.?????@eskimo.com" (non-printable character)

Received: from (rdu57-65-186.nc.rr.com [])
        by mx1.eskimo.com (8.9.3/8.8.8) with SMTP id DAA12145
        for <jsage at finchhaven.com>; Wed, 3 Dec 2003 03:50:46 -0800
Message-Id: <200312031150.DAA12145 at mx1.eskimo.com>
Date: Wed, 03 Dec 2003 14:54:31 -0500
From: ???.?????@eskimo.com
X-Mailer: Mozilla 4.73 [en] (Win95; I)^Q
Reply-To: 240882 at hotmail.com
Organization: 1645187379
X-Priority: 3 (Normal)
To: jsage at finchhaven.com
Subject:               ???????? ? ?????????? ??????? ??????         240882
MIME-Version: 1.0
Content-Type: text/html; charset=Windows-1251
Content-Transfer-Encoding: 8bit
X-UIDL: l&^"!F3e!!M>@!!pC/"!
Status: RO

- John
"Most people don't type their own logfiles;  but, what do I care?"
John Sage: InfoSec Groupie
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.

More information about the list mailing list