Okay, let me start out by saying that I am a programmer, and that I have
been developing software for over a dozen years in half a dozen languages,
using virtually all of the technologies that exist until very recently
(including networking software that employs Pipes, Sockets, TCP, UDP, FTP,
HTTP, SMTP, NNTP, and one or 2 others I don't recall).

All those headers are optional according to RFC 2822. That is, the To,
Cc, Bcc (which should not be included), and Subject may appear a minimum
of zero times or a maximum of 1 time. There is also no requirement that
the body be non-blank.

The RFCs do not define what constitutes SPAM.

Wikipedia has one of the best definitions of SPAM that I know of:

"Spamming is the abuse of electronic messaging systems to send unsolicited,
bulk messages. While the most widely recognized form of spam is e-mail spam,
the term is also applied to similar abuses in other media: instant messaging
spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, and
mobile phone messaging spam."

Since there is nothing to sell, scam, phish, or otherwise announce in a
blank e-mail, it can only be spam if it was sent out in bulk. As a single
recipient of the e-mail, you haven't a clue if that mail was sent out to
multiple recipients regardless of what is shown in the headers (which is
merely *data* created by the sender and is NOT used in the actual routing
of the mail). There would be no way to discern that this mail was spam
when it could be, for example, a listserver sending out a newsletter to
which you subscribed but it misconfigured.

The actual routing of the email is indeed included in the message headers. I
am not referring to the headers that are immediately visible when viewing an
email in Outlook, but the actual Internet message headers, which one can see
by selecting "View|Options" when the email is opened, and not in the preview
pane. These are the headers I copied into my post.

Although some of these headers can be faked by the sender, the faked headers
can be distinguished from the actual return path if you know what to look
for, and how to check it out, such as using ARIN whois, pinging, and sending
SMTP messages to the servers detailed in the return path. There are also
blacklists, and a host of other Internet resources available to use in the
diagnostic process.

Now, while it is true that I am a single recipient of the email, I own my
own domain, and the simple fact is that I get dozens of these a day.
Logically, it would follow that, since they are not messages to me (or to
anyone else for that matter), it is highly *unlikely* that some person or
persons unknown is singling *me* out a dozen times a day, and sending me
blank emails. In fact, the fact that these emails originate from a variety
of IP addresses, tends to indicate they are indeed being sent out in bulk,
for what reasons, I do not know. Perhaps they are hoping that they will
receive a few responses from each batch, from which they can build a list of
valid email addresses for the purpose of selling these lists to other
SPAMMers. Again, that is just a supposition. But the likelihood that these
are bulk emailed is not a supposition. It is a logical inference.

So, we have the situation of an email with no message, no From header, no To
header, no Subject header, and the likelihood that such emails are sent by
bulk to an unknown quantity of recipients. That much is certain.

In addition, we have the simple fact that such emails are worthless. They
contain no useful information. They are almost certainly sent without any
*good* intention. Therefore, since they are useless, and appear often in my
(and most probably many others) POP3 mail boxes, it would be *beneficial* to
filter them out, and certainly *not* harmful.

Also, in my research in visiting and reading many articles by authorities
regarding SPAM, these sorts of messages are routinely filtered out by many
anti-SPAM utilities. When I have the time to finish writing a good one, mine
most certainly will as well. Of course, I am quite a busy fellow, and that
could be a matter of years.

In the meantime, the question remains: Barring any logical reason to prevent
the filtering of such "empty" emails, and being the developers of the most
popular email client in the world, and having oodles of development money
and resources to develop the most popular email client in the world, why has
Microsoft not implemented this simple filter?

At any rate, I will implement a Rule such as you have described, using
negative logic, and appreciate the suggestion. Still, my suggestion remains.
And my assertion that such a filter should be created remains.

In fact, I find the Junk Email filtering tools in Outlook to be primitive
and hardly acceptable overall. Why must one include the '@' charactrer to
indicate a domain name? An email address already has one (after the user
name) to distinguish it from a mere domain name. Why can't one use wild
cards or regular expressions to block by domain names? And why can one not
specify IP addresses that are in the Internet headers and return path (which
are made difficult to find), but only in the From header, which is the most
likely (by virtue of being the easiest) header to be faked? I could
certainly understand why Microsoft might make this sort of configuration a
bit difficult to find for typical users, but I have found after much
research that it is simply *impossible* to configure these sorts of filters
in Outlook.

If I had been working on this software for the past 30 years, I most
certainly would have done better by now.

--

Kevin Spencer
Microsoft MVP
Professional Chicken Salad Alchemist

I recycle.
I send everything back to the planet it came from.

"Vanguard" wrote in message
...
"Kevin Spencer" wrote in message
...
I am using Outlook 2003, and recently installed the update that contains
the latest Junk email filters. It certainly improved the Junk email
collection. I combine the use of this with adding SPAM email addresses and
domains to my Blocked Senders list whenever they arrive. However, an
obvious SPAM regularly makes it through, and I'm wondering why Microsoft
seems to have overlooked this for so long.

The obvious SPAM is an email message with *all* of the following blank:
From, To, CC, BCC, Subject, and Body. There is header data, though. Here
is an example of the headers from one of these (recipient and innocent
server names obfuscated):

Return-Path:
Received: from centrmimpi02.***.net ([##.##.###.###])
by centrmmtai02.***.net
(InterMail vM.6.01.06.01 201-2131-130-101-20060113) with ESMTP
id
20060618121714.ZWXD10025.centrmmtai02.***.net@cen trmimpi02.***.net
for ; Sun, 18 Jun 2006 08:17:14 -0400
Received: from mail.******.com ([##.###.##.#])
by centrmimpi02.***.net with IMP
id n0CG1U00x06acko0000000
for ; Sun, 18 Jun 2006 08:12:18 -0400
Received: from SMTP32-FWD by takempis.com
(SMTP32) id A000008AC; Sun, 18 Jun 2006 07:12:35 -0500
Received: from esper.com [86.198.69.128] by mail.*****.com
(SMTPD32-7.07) id A3321A8200CA; Sun, 18 Jun 2006 07:12:34 -0500
Message-Id:
Date: Sun, 18 Jun 2006 07:12:37 -0500

I would suggest that such obvious SPAM be filtered!

I was also unable to create my own Rule for deleting such emails, as the
Rules that use those fields do not allow for blanks.


All those headers are optional according to RFC 2822. That is, the To,
Cc, Bcc (which should not be included), and Subject may appear a minimum
of zero times or a maximum of 1 time. There is also no requirement that
the body be non-blank.

Since there is nothing to sell, scam, phish, or otherwise announce in a
blank e-mail, it can only be spam if it was sent out in bulk. As a single
recipient of the e-mail, you haven't a clue if that mail was sent out to
multiple recipients regardless of what is shown in the headers (which is
merely *data* created by the sender and is NOT used in the actual routing
of the mail). There would be no way to discern that this mail was spam
when it could be, for example, a listserver sending out a newsletter to
which you subscribed but it misconfigured.

Yes, the rules DO allow for blank values. Think about it. You are
looking for an ABSENCE of characters. So why not define a rule that says
to delete all mails EXCEPT if they contain a, e, i, o, u in them? Learn to
use the exception clauses to define a negative rule. If the so-called
spam (which it isn't but rather a nuisance mailing, to you) is coming from
the same sending mail server, you could even define a rule that looks for
the sending mail server's IP name or IP address in the message headers.