For a while, Lauren’s junk email filter was not working. No junk emails were being filtered out, and eventually Mail.app would crash whenever manually marking a message as spam. I would delete LSMMap2 and it would work for a bit, but eventually it would start all over again. I believe I have found the reason for it.
Both Lauren and I, and apparently lots of other people, have been getting emails without a Subject header field. Upon viewing the “raw source” of one of these messages sent to Lauren, I saw something interesting:
Received: from xxx.client.comcast.net ([24.12.xx.xxx]) by xxx.xxx.com with Microsoft SMTPSVC(6.0.3790.0);
Tue, 17 Feb 2004 14:24:58 -0500
Received: from 252.228.xx.xx by 24.12.xx.xxx; Mon, 16 Feb 2004 20:31:49 +0100
Message-ID: <F[20
That was the entire email. The ones I get are slightly different:
Return-Path: <xvwpgwpozseta@yahoo.com>
X-Original-To: eric@xxx
Delivered-To: eric@xxx
Received: from mail.rochester.edu (mail1.ats.rochester.edu [128.151.224.31])
by xxx (Postfix) with ESMTP id 3501480DD1
for <eric@xxx>; Wed, 18 Feb 2004 12:10:29 -0500 (EST)
Received: from antivirus1.its.rochester.edu (antivirus1.its.rochester.edu [128.151.57.50])
by mail.rochester.edu (8.12.10/8.12.4) with ESMTP id i1IHLsv1000683
for <em002i@mail.rochester.edu>; Wed, 18 Feb 2004 12:21:54 -0500 (EST)
Received: from antivirus1.its.rochester.edu (localhost [127.0.0.1])
by antivirus1.its.rochester.edu (8.12.9/8.12.4) with ESMTP id i1IHLroc008761
for <em002i@mail.rochester.edu>; Wed, 18 Feb 2004 12:21:53 -0500 (EST)
Received: from xxx.sjo1.dsl-verizon.net (xxx.sjo1.dsl-verizon.net [4.4.x.xxx])
by antivirus1.its.rochester.edu (8.12.9/8.12.4) with SMTP id i1IHLM6b008619
for <em002i@mail.rochester.edu>; Wed, 18 Feb 2004 12:21:39 -0500 (EST)
Date: Wed, 18 Feb 2004 12:21:22 -0500 (EST)
From: xvwpgwpozseta@yahoo.com
Received: from 240.198.xxx.xxx by 4.4.x.xxx; Wed, 18 Feb 2004 16:20:30 -0100
Message-ID: <U[20
To: undisclosed-recipients:;
X-Spam-Checker-Version: SpamAssassin 2.60 (1.212-2003-09-23-exp) on
xxx.limulus.net
X-Spam-Level: **
X-Spam-Status: No, hits=2.8 required=5.0 tests=FORGED_YAHOO_RCVD,
INVALID_MSGID,NO_REAL_NAME,RCVD_IN_NJABL,RCVD_IN_SORBS autolearn=no
version=2.60
These at least have a From field. I think the To field might be added on by some mail server along the way (perhaps Rochester’s or mine). I know at the very least my mail server is adding the X-Spam headers.
Anyway, the interesting thing is the Message-ID field. <F[20 and <U[20 are not exactly good Message-IDs, and I highly doubt they are valid. It took me a little while to find some other people who have noticed these emails since “message-id” is on a lot of webpages that include the number 20 and Google cannot search for the ‘[‘ character. But searching for message-id-w-20 (you can replace the ‘w’ with other letters to find different messages) finds some interesting results, and in that search even a few interesting discussions.
I have yet to find anything about what the cause or purpose of these emails might be, but it would seem as though they can cause Mail.app’s junk mail filters to turn off. This doesn’t happen to me, I think because of the extra headers added to the end, but that seems to be what is happening to Lauren. I added the following rule in her filters: “If Message-ID ends with ‘[20′ then Delete and stop evaluating rules.” We’ll see if that stops it.
The obvious question: Is turning off junk mail filtering in Mail.app the reason for sending out these “blank”, and malformed, messages?