Am I the only one receiving these completely blank emails?
Perhaps you've received some as well.

 

  
 

I can't recall precisely how long I've been receiving blank email messages, but I've been keeping a monthly count since November of 2004. I imagine you're receiving them too. That's probably what brought you to this web page. Perhaps you're trying to figure out what they are. Or, you just want some more information about these pesky pieces of electronic flotsam.

 

  
 

What am I talking about?

I'm talking about "Completely blank email". Well, not precisely; technically, a completely blank email would contain absolutely no data whatsoever. No header, no subject, no body. If that were the case, we couldn't really classify it as an email message, could we? I'm talking about email messages that don't contain message addressing, that lack a subject, and have no content in the body. A "Completely blank email".

These perplexing pieces of eMail may be a sign of trouble to come. Trouble spelled with a capital "S", as in Spam. Yes I'm talking about that scourge of the iGeneration, that plague of the information hiway, that menace of the world wide web.

Before I get much further, let's take a closer look at these strange snippets, these perplexing electronic heralds. Below is a snapshot of my desktop and mail client (Apple's Mail.app application). Here you can see that the contents of a folder are listed. Several messages received during the month of Nov, 2005. All the messages are missing a From: and To: addressee. None of the messages have a subject, and as you can see from the preview pane, and the opened message, none of them messages have content in the body.

 
 
Blank email message
  
 

If you click on the image above, you'll see a larger image of one of these "Completely blank email" messages. I've revealed the header of the message for you, but it's something that you wouldn't normally see. Let's take a closer look at the contents of the header:

  
 Date: Thu, 3 Nov 2005 01:57:26 +0000 (GMT)
         X-Comment: Sending client does not conform to RFC822 minimum requirements
         X-Comment: Date has been added by Maillennium
         Received: from mta-70-122-88-54.houston.rr.com ([70.122.88.54](misconfigured sender))
 by rwcrmxc13.comcast.net (rwcrmxc13) with SMTP
 id <20051103015707r1300gipq6e>; Thu, 3 Nov 2005 01:57:24 +0000
 X-Originating-IP: [70.122.88.54]
 Received: by 192.178.0.5 with HTTP; Wed, 02 Nov 2005 17:57:15 -0800
 Message-ID: <6[3
 

Here we can see that the receiving mail server (my mail service) - Comcast.net, has added some comments (See the X-Comment lines) and a date. Additional analysis of the header, and the IP address that it was sent from [70.122.88.54], indicates that is most likely the source of spam. The IP address was listed as an Open Relay on more than one IP blocking list. An open relay is a mail server that allows anyone to send email through it. Such a machine relays email without so much as insisting that the person using it have an account on the machine. It simply relays/forwards any email received. Free of charge, no questions asked. Open relays are the primary source of spam. The Comcast mail server has also concluded that the sender is misconfigured. I'm not sure how it did that, but the fact that it doesn't conform to RFC822 (An email transmission standard), places it squarely in that corner.

  
 

Wait a minute. You might be asking "How can an email message can be delivered without a To: or From: address?" It's simple really. When email servers talk to each other they communicate outside the actual email message. The sending server connects to the receiving server electronically. Then it tells the receiving server that it has a message for a recipient. The receiving server checks to see if the recipient is one of its customers. If it is, it delivers the message. If it isn't, it either rejects the message or passes it along to another email server.

These messages exchanged between the mail servers have nothing to do with the content of the email message. The address lines, the subject, and body are all parts of the message. They aren't technically necessary in order to deliver a message, but they are 'recommended' by message delivery standards. The receiving email server will add data to the header in order to document the server that it received. the message from, and it may add other information to the header, but for the most part, it leaves the message body (including all address lines, the subject, and the body) untouched.

 
More details!

Here's a little more detail regarding message delivery (between SMTP (Simple Mail Transfer Protocol - Protocol used by mail servers to SEND email) and POP3 (Post Office Protocol - Protocol used to retrieve email from a mail server) mail servers.

Mail servers (Computers that send and receive email), use an Envelope and Message system in order to send and receive email.

 
 

These servers perform handshaking procedures, in order to establish communications. Then they exchange information regarding a messages envelope. The envelope is information associated with a message, but it's not part of the message. The envelope is never seen by the recipient (unless you have access to your mail servers logs). The envelope tells the mail servers who the ultimate recipient(s) of the message are. This envelope data may or may not be saved by a mail server. (Note: Mail servers that do not store/log envelope data are sometimes called an 'Open Proxy' server. Many of the mail servers used by spammers are open proxy servers. They don't like to leave records of their illegal transactions.)

  
 

With standard email servers (using SMTP protocol), the messages To: address line has nothing to do with who actually gets the email. That is determined by the envelope data exchanged by the mail servers. There are a lot of messages exchanged between the mail servers, but here's an example of how one such session might be completed.

  • The sending mail server connects to the receiving/routing mail server.
  • The sender tells the receiving server that it has a message for "user@example.org".
  • The receiving mail server checks to see if it should accept the email. If it decides not to accept it, then it ends the connection. Otherwise...
    • The receiving mail server says "Ok, send the message".
    • The sending mail server sends the email message, which includes the To: From:, and other headers as well as the Subject line, and the message body. The headers don't actually have to contain any content, the Subject line can be blank, and there is no requirement that the body contain anything.
    • The receiving mail server puts the email in the inbox of the person that the sender said the message was for. It never even looks at the message headers. (Normally it will add a "Received" header to the top of the header section to note where and when the message came from
  • It's also possible that the mail server will accept the message, and then pass it on (relay it) to another mail server for delivery.

Sometimes the To: header of a message doesn't match that of the actual recipient. Keep in mind that many legitimate emails are sent to an email list. Only the name of the email list (or an unrelated email address) shows in the To: header. For this reason, it is next to impossible to verify the To: header against the actual recipient.

 
 

The email message that you (as the recipient) receive is the message that is delivered after the sending mail server has negotiated (Using handshaking procedures and envelope data) delivery with the receiving mail server. Your email server never looks at the message, which may be completely blank. The receiving mail server simply puts the message into your inbox. The receiving server does not inspect the email message to determine where it goes. It relies on the sending server to tell it where it is supposed to go.

The important thing to remember is that the envelope information is used for handshaking between mail servers and routing of the message. The message is what gets put into your inbox.

  

So why would I think that this strange sort of message (email with no To: From: Subj: or message body) is a sign of Spam? Why would someone waste their time sending blank emails?

Well, here's what could be happening. These are a lot of reasons why you might receive a completely blank email message. Here are some of the reasons:

  • A spammers email server (usually an open relay) is getting so overwhelmed by the crap being spewed forth, that the server starts dropping everything except the header.
  • Your mail server is receiving so much spam (email) that it is dropping everything except the header.
  • A router between you and the sender is being overloaded, and it's dropping packets in order to force re-transmission in smaller chunks. Since spammers have their email servers configured as send only (simplex mode), they never receive the requests to resend the message.
  • If your connection to your POP3/SMTP email server is severed while checking your email, you might end up with just the header. This depends on the configuration of the email server and your email client (the software you use to download, read and compose email).
  • Perhaps there is a message body. Make sure you are checking the 'Raw source' of the message. It might be encoded as HTML or part of a MIME/Multi-part message. Some email client software is incapable of reading multi-part or HTML encoded email. Or, your mail client may be configured to ignore HTML or MIME/Multi-part encoded messages.
  • The mail server that is sending the messages is misconfigured. It has been misconfigured by an administrator, and the message body is not being sent to the recipients mail server. An unintentionally misconfigured email server.
  • The mail server receiving the messages is misconfigured. It has been misconfigured by an administrator, and the message body is not being delivered to the recipient. This is easy enough to check. Send yourself an email from a different email account (make sure to include content in the body of the message). If the message arrives intact then there's probably nothing wrong with your email service/the receiving email server.
  • The message may have arrived at the receiving mail server with an attached (or inline) virus or executable script. It is possible that your mail server removed the virus/script/code (or even an HTML coded message). Although this is possible, it's unlikely that your mail server would have done so without adding a little note that says something like - 'This message was scanned and found to contain a virus.'
  • The message is the result of a spammer testing his set-up. He/she hasn't quite figured out how to send his spew properly. He's testing his/her ability to forge message headers, or make use of open relays and open proxy servers.
  • Some people send blank email messages to List Servers - mail servers configured to run a mailing list such as MajorDomo. List Servers sometimes use blank emails in order to initiate mailing list actions. Are you running a List Server?
  • The mail server (which may be a compromised machine owned by your aunt Jane) used by the spammer is going through the handshaking motions, but it is not sending a valid message.

Let's talk about this last case. It's the one that's got me convinced that most blank email messages are signs of Spam. While the non-spammer induced cases are possible, they don't happen that often, they're usually easy to detect or rule out, they don't come from an open relay (or open proxy) and they certainly don't happen 36 times in one month!

 

  
 

My conclusion

It is my opinion, (based upon more than ten years worth of fighting spam, ten years of running web sites, and extensive research) that these blank emails (in my experience), and millions like them are part of a growing spam problem. These blank email messages represent part of a spammers whitelisting effort. Responses which generate bounce messages permit the spammer to refine his/her recipient list, while the ones that get delivered are marked as valid addressees. These lists are then used by the spammer in his/her own campaign, sold to other spammers, or both.

  
 

 

What can you do about it?

If you are a recipient of these blank email messages, I encourage you to report them as spam to the administrator of the mail server that originated the email message. While this may be helpful, it often falls on blank ears. The mail server responsible for originating this message is probably a compromised machine. It's 'owned' by the spammer, and any reports sent to the administrator account may be ignored, used to confirm spam delivery or simply go nowhere. I would also recommend that you write your ISP/The administrator of the mail server/service where you received. the blank message (see below).

If you are an email administrator, please consider a filtering mechanism that blocks the general transmission/delivery of null content messages. Ignoring these blank email messages (yes I consider them spam, they're unsolicited and I receive them in bulk from compromised and misconfigured mail servers) will only enable spammers to continue their abuse of you, your mail delivery network, and your legitimate customers. If you're not doing something to stop spammers, you're actually helping them.

References:
Rules for formating email messages - RFC822: <http://www.ietf.org/rfc/rfc0822.txt?number=822>
Rules for sending your email using an SMTP server - RFC <http://www.ietf.org/rfc/rfc0821.txt?number=821>
Rules for storing/retirieving your email from a POP3 mailbox - RFC2384: <http://www.ietf.org/rfc/rfc2384.txt?number=2384>

  
 

If you've got questions or comments regarding my article on "Completely blank email" messages, please feel free to send me an email.

Author: Robert L. Vaessen e-mail: robert robsworld org
Last updated:

This page has been accessed times since Wed, Nov 09, 2005.