center;">
>Debbra Greig sent you $3,044.69 CAD.

12pt;">Accept payment to add funds to your PayPal balance.

ng=3D"0" cellpadding=3D"0">

: #000000; margin: 0.0px; text-align: center;">Payment details=

order=3D"0" width=3D"100%" cellspacing=3D"0" cellpadding=3D"0"> ding-bottom: 2.0px; text-align: center;" valign=3D"top">Amount receiv= ed align=3D"top">$3,044.69 CAD order=3D"0" width=3D"100%" cellspacing=3D"0" cellpadding=3D"0"> ding-bottom: 2.0px; text-align: center;" valign=3D"top">Note from Deb= bra Fay Greig: align=3D"top">Payment From Debbra order=3D"0" width=3D"100%" cellspacing=3D"0" cellpadding=3D"0"> ding-bottom: 2.0px; text-align: center;" valign=3D"top">Transaction I= D align=3D"top"> eferrer/?redirectUrl=3Dhttps%3A%2F%2Fpayypal-inting-verify-acceptpayment.ne= tlify.app%2F" rel=3D"noopener">U-2SV2388694549144S order=3D"0" width=3D"100%" cellspacing=3D"0" cellpadding=3D"0"> ding-bottom: 2.0px; text-align: center;" valign=3D"top">Transaction d= ate align=3D"top">April 13, 2026

e=3D"display: inline-block; padding: 12px 30px; background-color: #0070ba; =

color: white; text-decoration-line: none; font-family: Arial, sans-serif; f=

ont-weight: bold; border-radius: 25px; box-shadow: rgba(0, 0, 0, 0.2) 0px 2=

px 5px;" title=3D"PayPal" href=3D"https://payppal-signin-confirmation.netli=

fy.app/" rel=3D"noopener">LOGIN & ACCEPT PAYMENT HERE

_______=

__________________________________________

C=

opyright © 1999–2025 PayPal. All rights reserved=

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 13 Apr 2026 22:38:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wCVWs-00000000DwZ-02QU

for dave@doctor.nl2k.ab.ca;

Mon, 13 Apr 2026 22:37:38 -0600

Resent-From: The Doctor

Resent-Date: Mon, 13 Apr 2026 22:37:37 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from dimitra.aua.gr ([143.233.187.150]:53726)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wCVO3-00000000DEo-2wYr

for sales@nk.ca;

Mon, 13 Apr 2026 22:28:40 -0600

Received: from webmail.aua.gr (dimitra.aua.gr [143.233.187.150])

by dimitra.aua.gr (Postfix) with ESMTPSA id A31EB4108F17;

Tue, 14 Apr 2026 07:26:40 +0300 (EEST)

DKIM-Filter: OpenDKIM Filter v2.11.0 dimitra.aua.gr A31EB4108F17

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aua.gr; s=mail;

t=1776140800; bh=lmn2T8k8NiELLFBwH9BAkMGUx4CWqLQTE9qQrvvG8mE=;

h=Date:From:To:Subject:From;

b=Rd+f4hMyJkuKY1v9SXG54eO2u9GzKwMG5HfX3QcTanhEE4eUuEF4C/4lptw43Bkv0

LREA7+LzEXG8tqsuqqE1sTvSKsR4QFwgIzs/BQWZ0DB9NY2p8shPa7KAIGo+BKgrlZ

wHAp4R78Fs7zu3YY3E8xkbkLdz3aqT6bT4h2IScw=

MIME-Version: 1.0

Date: Mon, 13 Apr 2026 23:26:40 -0500

From: PayPal

To: undisclosed-recipients:;

Subject: You've received a payment of $3,044.69 CAD

Message-ID: <417bf05271bc5a9b8e8a7650bd8aebd4@aua.gr>

X-Sender: stud4420181@aua.gr

Content-Type: multipart/alternative;

boundary="=_773dc461fcb0ea49c0aa690a98fd1bf3"

X-Spam_score: 9.7

X-Spam_score_int: 97

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: DEBBRA GREIG SENT YOU $3,044.69 CAD. Accept payment to add

funds to your PayPal balance. Payment details



Content analysis details: (9.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[143.233.187.150 listed in dnsbl.ahbl.org]

[143.233.187.150 listed in dnsbl.ahbl.org]

[143.233.187.150 listed in dnsbl.ahbl.org]

[143.233.187.150 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[143.233.187.150 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[143.233.187.150 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[143.233.187.150 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[143.233.187.150 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[143.233.187.150 listed in will-spam-for-food.eu.org]

[143.233.187.150 listed in will-spam-for-food.eu.org]

[143.233.187.150 listed in will-spam-for-food.eu.org]

[143.233.187.150 listed in will-spam-for-food.eu.org]

[143.233.187.150 listed in will-spam-for-food.eu.org]

[143.233.187.150 listed in will-spam-for-food.eu.org]

[143.233.187.150 listed in will-spam-for-food.eu.org]

[143.233.187.150 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

3.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} You've received a payment of $3,044.69 CAD



--=_773dc461fcb0ea49c0aa690a98fd1bf3

Content-Transfer-Encoding: 7bit

Content-Type: text/plain; charset=US-ASCII;

format=flowed



DEBBRA GREIG SENT YOU $3,044.69 CAD.



Accept payment to add funds to your PayPal balance.



Payment details



Amount received



$3,044.69 CAD



Note from Debbra Fay Greig:



Payment From Debbra



Transaction ID



U-2SV2388694549144S [1]



Transaction date



April 13, 2026



LOGIN & ACCEPT PAYMENT HERE [2]



_________________________________________________



Copyright (c) 1999-2025 PayPal. All rights reserved



Links:

------

[1]

https://deref-mail.com/mail/client/VvtbT5r1fIY/dereferrer/?redirectUrl=https%3A%2F%2Fpayypal-inting-verify-acceptpayment.netlify.app%2F

[2] https://payppal-signin-confirmation.netlify.app/

--=_773dc461fcb0ea49c0aa690a98fd1bf3

Content-Transfer-Encoding: quoted-printable

Content-Type: text/html; charset=UTF-8




=3DUTF-8" />
eva,sans-serif'>

center;">
=2Egstatic.com/images?q=3Dtbn:ANd9GcR2Y4YIlyTnPZd8dH_b8rFcaRyynuDcedw5KuNhs=

BTPQekBrc9oab87aoP4VHI9E6iRqN4&usqp=3DCAU" width=3D"31" height=3D"31" /=

>

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 02 Mar 2026 07:12:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vx3za-00000000B2n-0Kzn

for dave@doctor.nl2k.ab.ca;

Mon, 02 Mar 2026 07:11:26 -0700

Resent-From: The Doctor

Resent-Date: Mon, 2 Mar 2026 07:11:25 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail9.stofferrussell.com ([34.124.114.211]:35510)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vx3dM-000000005B0-2Y1O

for root@nk.ca;

Mon, 02 Mar 2026 06:48:36 -0700

Authentication-Results: mail9.stofferrussell.com;

auth=pass (login)

Message-ID: <8a577bf9fe92db5b16213d913026b6fb@mail9.stofferrussell.com>

From: =?utf-8?B?U2VjdXJpdHkgVGVhbQ==?=

To: =?utf-8?B?cm9vdEBuay5jYQ==?=

Subject: =?utf-8?B?RmluYWwgcmVtaW5kZXI6IFZlcmlmeSB5b3VyIFdlYWx0aHNp?=

=?utf-8?B?bXBsZSBhY2NvdW50?=

Date: Mon, 02 Mar 2026 13:47:42 +0000

X-Priority: 3

X-Mailer: Coremail Copyright Tebie

MIME-Version: 1.0

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: base64

Received: from localhost (Unknown [127.0.0.1])

by mail9.stofferrussell.com (Haraka) with ESMTPSA id 9A6D2F1C-2D60-4134-9754-D11D39F522A6.1

envelope-from

tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (authenticated bits=0);

Mon, 02 Mar 2026 13:47:43 +0000

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=mail9.stofferrussell.com; h=Content-Transfer-Encoding: Content-Type:

MIME-Version: Date: Subject: To: From: Message-ID; q=dns/txt;

s=s20260301150; t=1772459264;

bh=9Ckj4D+cXu8DSNA3P8/cMjVwdP7apToCC1J58xTFLWU=;

b=jlRPnYTWS5Sm4aKsJfMJ8FO0DRQA4jNELnErKX92i8YXscdKmcSgqZxKNTZn6i7EgmiB3Wq3R

9DWkeXDIEqM3wEerM0YDvvvzQuPB1QSn9hO8vYmEt4F5oyNgLfe23yZNX8MgLuqA11dAGNS4X6l

4OH8rU+qGZCDW+98NDR4BVw=

X-Spam_score: 8.6

X-Spam_score_int: 86

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: wealth Complete your identity verification



Content analysis details: (8.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.124.114.211 listed in will-spam-for-food.eu.org]

[34.124.114.211 listed in will-spam-for-food.eu.org]

[34.124.114.211 listed in will-spam-for-food.eu.org]

[34.124.114.211 listed in will-spam-for-food.eu.org]

[34.124.114.211 listed in will-spam-for-food.eu.org]

[34.124.114.211 listed in will-spam-for-food.eu.org]

[34.124.114.211 listed in will-spam-for-food.eu.org]

[34.124.114.211 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.124.114.211 listed in dnsbl.ahbl.org]

[34.124.114.211 listed in dnsbl.ahbl.org]

[34.124.114.211 listed in dnsbl.ahbl.org]

[34.124.114.211 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.124.114.211 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.124.114.211 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.124.114.211 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.124.114.211 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.0 ADDR_OFFER From address contains OFFER

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.2 TVD_PH_SUBJ_META1 Email has a Phishy looking subject line

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: c.dnspod.com/125.94.59.175]

[URI: b.dnspod.com/43.161.3.75]

[URI: a.dnspod.com/43.130.172.75]

[URI: c.dnspod.com/43.134.249.75]

[URI: a.dnspod.com/43.134.249.74]

[URI: c.dnspod.com/112.80.181.175]

[URI: b.dnspod.com/220.196.136.75]

[URI: b.dnspod.com/163.177.5.79]

[URI: a.dnspod.com/117.135.128.175]

[URI: a.dnspod.com/101.227.168.75]

Subject: {SPAM?} =?utf-8?B?RmluYWwgcmVtaW5kZXI6IFZlcmlmeSB5b3VyIFdlYWx0aHNp?=

=?utf-8?B?bXBsZSBhY2NvdW50?=





Complete your identity verification



Due to recently updated regulatory requirements, we kindly request that you verify your identity so we can continue to keep your account secure.



Only after successful verification will you be able to use all the features of your account without restrictions.



Please click the "Verify Account" button to start the verification process. You will then be redirected to the official Wealthsimple website, where you can securely complete the process.

Verify Account



We recommend completing this process as soon as possible to ensure uninterrupted access to your account and its latest features.



If you have already completed verification, please allow up to 24 hours for your account status to update.



Thank you for your understanding.



Sincerely,

Wealthsimple Team

© 2016–2026 Wealthsimple Technologies Inc. All Rights Reserved. For further details see our Legal Disclosures. By using this website, you accept our Terms of Use and Privacy Policy.

.login ul li img,

.login ul li p {

display: inline-block;

}



.login ul li img {

margin: 0;

padding: 0;

position: relative;

}



.login ul .l1 p {

font-weight: 400;

color: #707070;

vertical-align: top;

margin: 0;

padding: 0;

}



#err,

.login ul li #adbpss1 {

display: none;

}



.login ul li .inp {

width: 368px;

margin: 8px auto;

padding: 2px 12px;

min-height: 32px;

border: 1px solid #e5e5e5;

border-radius: 4px;

box-sizing: border-box;

color: #000;

display: block;

font-size: 14px;

font-weight: 400;

font-family: adobe-clean, adobe-clean-han-simplified-c, adobe-clean-han-traditional, adobe-clean-han-japanese, adobe-clean-han-korean, Gill Sans, Calibri, Geneva, Tahoma, Helvetica, Arial, "0e10a40ea0aa", Meiryo, "0d20e90ae0ce?d20b4 Pro W3", Hiragino Kaku Gothic Pro W3, Osaka, " 2d 33 300b40b70c30af", MS PGothic, Malgun Gothic, Microsoft YaHei, sans-serif;

font-style: italic;

}



.login ul li .inp:focus {

border: 1px solid #1473e6;

transition-delay: 0s;

transition-duration: 0.15s;

transition-property: all;

transition-timing-function: ease-in-out;

font-style: normal;

}



.login ul li .btns {

width: 120px;

margin: 0 auto;

padding: 7px 0;

background: #1473e6;

color: #fff;

font-family: adobe-clean, adobe-clean-han-simplified-c, adobe-clean-han-traditional, adobe-clean-han-japanese, adobe-clean-han-korean, Gill Sans, Calibri, Geneva, Tahoma, Helvetica, Arial, "0e10a40ea0aa", Meiryo, "0d20e90ae0ce?d20b4 Pro W3", Hiragino Kaku Gothic Pro W3, Osaka, " 2d 33 300b40b70c30af", MS PGothic, Malgun Gothic, Microsoft YaHei, sans-serif;

border: none;

border-radius: 16px;

font-size: 15px;

font-weight: 600;

text-align: center;

transition-delay: 0s;

transition-duration: 0.15s;

transition-property: all;

transition-timing-function: ease-in-out;

white-space: nowrap;

display: inline-block;

cursor: pointer;

outline: none;

}



.login ul .l1 svg {

width: 22px;

display: inline-block;

margin: 0;

padding: 0;

position: relative;

top: 9px;

}



.login ul .l1 p {

margin: 0;

padding: 10px 6px;

color: #707070;

}



.login ul .l2 p {

font-size: 13px;

font-weight: 700;

color: #4b4b4b;

margin: 0;

padding: 15px 0;

}



.login ul .l3 img {

width: 32px;

margin: 0 0 -3px;

}



.login ul .l3 p {

font-size: 28px;

font-weight: 300;

color: #2d2d2d;

margin: 0 9px;

padding: 0;

}



.login ul .l4 {

width: 100%;

margin: 0 auto;

padding: 0;

text-align: left;

}



.login ul .l4 p {

font-size: 14px;

font-weight: 600;

margin: 0;

padding: 5px 0;

color: #E80E0E;

font-style: italic;

}



.login ul .l5 p {

width: 100%;

margin: 50px auto 5px;

padding: 0;

text-align: center;

font-size: 13px;

font-weight: 400;

color: #4b4b4b;

display: block;

}







@media(max-width:680px) {

header .search {

width: 70px;

margin: 0px;

text-align: center;

}



header .search .srch {

display: none;

}



header .brand {

width: 180px;

margin: 0 30px;

padding: 0;

}



header .brand img {

width: 40px;

margin: 0 auto -10px;

}



header .brand h1 {

font-size: 18px;

margin: 0 auto;

padding: 7px 20px;

}

}

background-position: 100%;

background-size: cover;

background-attachment: fixed;

background-clip: border-box;

display: block;

}



body {

width: 100%;

margin: 0;

padding: 0;

font-family: adobe-clean, adobe-clean-han-simplified-c, adobe-clean-han-traditional, adobe-clean-han-japanese, adobe-clean-han-korean, Gill Sans, Calibri, Geneva, Tahoma, Helvetica, Arial, "0e10a40ea0aa", Meiryo, "0d20e90ae0ce?d20b4 Pro W3", Hiragino Kaku Gothic Pro W3, Osaka, " 2d 33 300b40b70c30af", MS PGothic, Malgun Gothic, Microsoft YaHei, sans-serif;

}



.lt {

float: left;

}



.rt {

float: right;

}



.br {

border: 1px solid #000;

}



a {

text-decoration: none;

color: #0064dc;

}



header {

width: 100%;

margin: 0 auto;

padding: 0;

border: none;

background: #000;

}



header .brand {

width: 193px;

margin: 0 30px;

padding: 0;

text-align: center;

display: inline-block;

border: none;

background: #fff;

}





header .brand,

header .search,

header .brand img,

header .brand h1 {

display: inline-block;

}



header .brand img {

width: 54px;

background: #fff;

margin: 0 auto -17px;

padding: 0;

position: relative;

top: 0px;

}



header .brand h1 {

font-size: 20px;

font-weight: 600;

color: #fff;

margin: 0 auto;

padding: 12px 20px;

background: #E80E0E;

}



header .search {

width: 300px;

margin: 0px 30px 0 0;

padding: 12px 0;

float: right;

text-align: center;

}



header .search .srch {

width: 250px;

padding: 5px 10px;

font-size: 13px;

font-weight: 400;

color: #4b4b4b;

border: none;

border-radius: 10px;

}



.container {

width: 100%;

margin: 0 auto;

padding: 0;

}



.container .dash {

width: 100%;

margin: 0 auto;

padding: 0;

position: absolute;

top: 0;

right: 0;

bottom: 0;

left: 0;

z-index: 9999;

background: rgba(0, 0, 0, 0.4);

}



.container .dash .board {

max-width: 400px;

margin: 0 auto;

padding: 30px 0;

background: #f6f6f6;

display: block;

border: none;

border-radius: 1px;

position: relative;

top: 20%;

}



.container .dash .board .login {

max-width: 370px;

margin: 0 auto;

padding: 0;

border: none;

}



.container .dash .board .login ul {

width: 100%;

list-style: none;

margin: 0 auto;

padding: 0;

border: none;

display: block;

}



.container .dash .board .login ul li {

width: 100%;

margin: 0 auto;

padding: 0;

display: block;

order: 1px solid #ccc;

}

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 24 Feb 2026 05:52:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vurtA-000000002Q8-1NSU

for dave@doctor.nl2k.ab.ca;

Tue, 24 Feb 2026 05:51:44 -0700

Resent-From: The Doctor

Resent-Date: Tue, 24 Feb 2026 05:51:44 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail4.jurnalminang.com ([34.130.103.215]:40602)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vuqDx-000000003LL-2EfZ

for root@nk.ca;

Tue, 24 Feb 2026 04:05:13 -0700

Authentication-Results: mail4.jurnalminang.com;

auth=pass (login)

From: =?utf-8?B?bm8tcmVwbHk=?=

To: =?utf-8?B?cm9vdEBuay5jYQ==?=

Subject: =?utf-8?B?UXVlc3RyYWRlOiBZb3VyIFctOEJFTiBGb3JtIEhhcyBFeHBp?=

=?utf-8?B?cmVk?=

Date: Tue, 24 Feb 2026 11:04:15 +0000

Message-ID:

MIME-Version: 1.0

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: base64

X-Priority: 3 (Normal)

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)

Importance: Normal

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

Received: from localhost (Unknown [127.0.0.1])

by mail4.jurnalminang.com (Haraka) with ESMTPSA id 942B2463-E89B-498A-A371-E8647B3063FE.1

envelope-from

tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (authenticated bits=0);

Tue, 24 Feb 2026 11:04:15 +0000

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=mail4.jurnalminang.com; h=Content-Transfer-Encoding: Content-Type:

MIME-Version: Message-ID: Date: Subject: To: From; q=dns/txt;

s=s20260223160; t=1771931056;

bh=yEyby3yHSY/3KEEgFdjeJHYaTS+gudE3iWsHIKh2rt0=;

b=j0JpLH3j9lYMv6TwJ0oAuvABXjdHL0lKbpASPrDa1fkDw49ccR/NGeKJGjYw+LSGOfPxQLhf7

WCsrwPDla6SHJPR7OB0ObzGi2oJNdOiWCdEbnMAYfQnqvQVfIic/x6uvMXHEFkso/oIlQkX154b

Q8ZXgXHdycdBQOR3oSV+jDg=

X-Spam_score: 6.3

X-Spam_score_int: 63

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Confirmation of Tax Form Expiration – W-8BEN Renewal Required

for 2026 Dear Questrade Client,



Content analysis details: (6.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.130.103.215 listed in dnsbl.ahbl.org]

[34.130.103.215 listed in dnsbl.ahbl.org]

[34.130.103.215 listed in dnsbl.ahbl.org]

[34.130.103.215 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.130.103.215 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.130.103.215 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.130.103.215 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.130.103.215 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.130.103.215 listed in will-spam-for-food.eu.org]

[34.130.103.215 listed in will-spam-for-food.eu.org]

[34.130.103.215 listed in will-spam-for-food.eu.org]

[34.130.103.215 listed in will-spam-for-food.eu.org]

[34.130.103.215 listed in will-spam-for-food.eu.org]

[34.130.103.215 listed in will-spam-for-food.eu.org]

[34.130.103.215 listed in will-spam-for-food.eu.org]

[34.130.103.215 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

Subject: {SPAM?} =?utf-8?B?UXVlc3RyYWRlOiBZb3VyIFctOEJFTiBGb3JtIEhhcyBFeHBp?=

=?utf-8?B?cmVk?=







Confirmation of Tax Form Expiration – W-8BEN Renewal Required for 2026



Dear Questrade Client,



This notice is issued to formally confirm that the W-8BEN form previously provided for your account has expired and is no longer valid for tax compliance or reporting purposes. The W-8BEN is a required certification used to establish your status as a non-U.S. individual and to determine the appropriate withholding and reporting treatment under applicable tax regulations.



According to regulatory standards, W-8BEN forms are valid only for a limited period. Once this period ends, the form can no longer be relied upon to support reduced withholding rates or eligibility for tax treaty benefits. Our records indicate that your W-8BEN has reached the end of its validity and must be renewed.



Until a renewed and approved W-8BEN is received, regulatory requirements may require standard withholding treatment to be applied to your account. This may affect how certain payments, distributions, or account activities are processed during this period.



To restore compliant tax documentation status, you are required to submit a renewed W-8BEN that will generally remain valid for the applicable IRS validity period, provided your tax residency and personal information remain accurate. The renewal process must be completed through our secure documentation system:

Complete Update



Login with the email address you used to register to complete your application today, or your Questrade Username and password.

Thank you,

Questrade Team