compensatory spam from Google Gmail
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 04 Feb 2025 06:11:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1tfIhQ-000000009Hl-18T5
for dave@doctor.nl2k.ab.ca;
Tue, 04 Feb 2025 06:10:44 -0700
Resent-From: The Doctor
Resent-Date: Tue, 4 Feb 2025 06:10:44 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yb1-f174.google.com ([209.85.219.174]:49526)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1tfHoA-00000000K2v-2GJx
for root@doctor.nl2k.ab.ca;
Tue, 04 Feb 2025 05:13:42 -0700
Received: by mail-yb1-f174.google.com with SMTP id 3f1490d57ef6-e53a5ff2233so5632841276.3
for; Tue, 04 Feb 2025 04:11:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1738671097; x=1739275897; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=7fiBSXKDV59zXxPnckh00Jzj0pVqacIBjVFFLOwe6RA=;
b=CrVv/g8iIMG/HV/5pvSnn3f4Mh3QyObRaSQxh/aXfO3mC6CmNC1Vkf6P5jvIMHkxc1
hvG6DTyijwm5VJYp50ADA8a/LrnCnzJSlJrrTQq3Neq9SZFZfDs5zqA1NXMzukmlvMa/
VH7Bqv1MvOrzow9mDttctFTSppkx9Fb0owUUxnENh6hYcihbGZjIYxCe8TD42g4hSJRe
5ZQqgSz1E0phHyakCgJHdsv1wmH+yPPANljTQpDd23lOEK5ywdN+wX3LPtqw2+Hk4tXG
QNpqOFPpJjhTca7SShuS5ezCBEJ1HXss65HhkWPKVY83z1VcK4GP14eCBOAOTYjbnW4V
1F+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1738671097; x=1739275897;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=7fiBSXKDV59zXxPnckh00Jzj0pVqacIBjVFFLOwe6RA=;
b=YodvF8nH3NxdIkyW5+k7A5+w3Q/CN5mLm0vnBmlk4QdHh5PkQHswv01udaDHKox2Ce
Z8QlINAhzKjQrXhK20E6GURTCZlHrgNDoxljKQaG89oEZJqEvrsbIBA5poClAA0hUrGe
aF6DrjrqdYJRrtj3ieeyNvjWhZ5ZU+y283CtW9bB1eG1dVv3+IyOPAMs+SARZhYLSSPO
VNclKqaAytPt6ocJ3sk6YOQ/ZyrfKgGjcdZ8vGR3zrasvE9kEaOFR244e+SeokxKM/WI
byVRgo5IE4BgHKC6j27Ls2JTPFmNjZ0X9PBqmX4Zg2cBdBYfk+4gXdzuyQmcba1CKTiK
80Tg==
X-Forwarded-Encrypted: i=1; AJvYcCWUiHr4VqTMh0ADsGoqOl5R+U5HnhJJjI3xUcxe9sTmO8neMxJ1b5Vhgf434XP3c6+8hjHn@doctor.nl2k.ab.ca
X-Gm-Message-State: AOJu0YzVZ2vaBr+2Dz7DWzGdds2wmuOmWKc0OW3sMvMNKoTQS18hy99i
lCkfO0zn0dtK4XR7dOTujwUFPfvxid7pEDAW9YQyURoTD95WteMiu2JQGhzrF9xkg/2hIJkoExl
E1g+ogjsFHgHtmAS3mw0W6WmSDm0=
X-Gm-Gg: ASbGncspSMFqXeVTxkPky+GDNh7BFMu5792WOz/0L2xrpIaj6a6+4AinWgI+gkSS+lY
RM03z452Fk2tAMgTn75xijm1g26kQ+0mAKAd5bqvj8kcQcKQ6djE07qLwr0kg4d5RFYAIrq46KU
y9fUV5Q4PYT9S45+9O7GPgIoWNfwIpIMQ=
X-Google-Smtp-Source: AGHT+IFXKDU2Xu0OdTq/2ilMZ5lmoNwvlbPnBONEwz1lrGBBnmERxL3zTQQhGOejWJwsZ8WrwOBs1jMcyFh/d60ecHw=
X-Received: by 2002:a05:690c:6482:b0:6ef:96f9:2f48 with SMTP id
00721157ae682-6f7a8447dd1mr215578767b3.37.1738671097216; Tue, 04 Feb 2025
04:11:37 -0800 (PST)
MIME-Version: 1.0
Reply-To: donaldfrank133@gmail.com
From: David Edward
Date: Tue, 4 Feb 2025 12:11:24 +0000
X-Gm-Features: AWEUYZl69RvMLUW5gCRk8QkvC57PHz5QSA8zZUjmc03RU5F0q3rR9LzrY8VD5V8
Message-ID:
Subject:
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000218a9f062d4fe9bc"
Bcc: root@doctor.nl2k.ab.ca
X-Spam_score: 5.8
X-Spam_score_int: 58
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: good morning my good friend, have you received the compensation
money I sent to you through my Secretary good morning my good friend, have
you received the compensation money I sent to you through my Secretary
Content analysis details: (5.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.219.174 listed in dnsbl.ahbl.org]
[209.85.219.174 listed in dnsbl.ahbl.org]
[209.85.219.174 listed in dnsbl.ahbl.org]
[209.85.219.174 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.219.174 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.219.174 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.219.174 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.219.174 listed in dnsbl.ahbl.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.174 listed in list.dnswl.org]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.219.174 listed in sa-accredit.habeas.com]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.219.174 listed in sa-trusted.bondedsender.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.174 listed in wl.mailspike.net]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[209.85.219.174 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.219.174 listed in bl.score.senderscore.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[edwarddavid720(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[donaldfrank133(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[edwarddavid720(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
2.9 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
Subject: {SPAM?}
--000000000000218a9f062d4fe9bc
Content-Type: text/plain; charset="UTF-8"
good morning my good friend, have you received the compensation money I
sent to you through my Secretary
--000000000000218a9f062d4fe9bc
Content-Type: text/html; charset="UTF-8"
--000000000000218a9f062d4fe9bc--
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 04 Feb 2025 06:11:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tfIhQ-000000009Hl-18T5
for dave@doctor.nl2k.ab.ca;
Tue, 04 Feb 2025 06:10:44 -0700
Resent-From: The Doctor
Resent-Date: Tue, 4 Feb 2025 06:10:44 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yb1-f174.google.com ([209.85.219.174]:49526)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from
id 1tfHoA-00000000K2v-2GJx
for root@doctor.nl2k.ab.ca;
Tue, 04 Feb 2025 05:13:42 -0700
Received: by mail-yb1-f174.google.com with SMTP id 3f1490d57ef6-e53a5ff2233so5632841276.3
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1738671097; x=1739275897; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=7fiBSXKDV59zXxPnckh00Jzj0pVqacIBjVFFLOwe6RA=;
b=CrVv/g8iIMG/HV/5pvSnn3f4Mh3QyObRaSQxh/aXfO3mC6CmNC1Vkf6P5jvIMHkxc1
hvG6DTyijwm5VJYp50ADA8a/LrnCnzJSlJrrTQq3Neq9SZFZfDs5zqA1NXMzukmlvMa/
VH7Bqv1MvOrzow9mDttctFTSppkx9Fb0owUUxnENh6hYcihbGZjIYxCe8TD42g4hSJRe
5ZQqgSz1E0phHyakCgJHdsv1wmH+yPPANljTQpDd23lOEK5ywdN+wX3LPtqw2+Hk4tXG
QNpqOFPpJjhTca7SShuS5ezCBEJ1HXss65HhkWPKVY83z1VcK4GP14eCBOAOTYjbnW4V
1F+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1738671097; x=1739275897;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=7fiBSXKDV59zXxPnckh00Jzj0pVqacIBjVFFLOwe6RA=;
b=YodvF8nH3NxdIkyW5+k7A5+w3Q/CN5mLm0vnBmlk4QdHh5PkQHswv01udaDHKox2Ce
Z8QlINAhzKjQrXhK20E6GURTCZlHrgNDoxljKQaG89oEZJqEvrsbIBA5poClAA0hUrGe
aF6DrjrqdYJRrtj3ieeyNvjWhZ5ZU+y283CtW9bB1eG1dVv3+IyOPAMs+SARZhYLSSPO
VNclKqaAytPt6ocJ3sk6YOQ/ZyrfKgGjcdZ8vGR3zrasvE9kEaOFR244e+SeokxKM/WI
byVRgo5IE4BgHKC6j27Ls2JTPFmNjZ0X9PBqmX4Zg2cBdBYfk+4gXdzuyQmcba1CKTiK
80Tg==
X-Forwarded-Encrypted: i=1; AJvYcCWUiHr4VqTMh0ADsGoqOl5R+U5HnhJJjI3xUcxe9sTmO8neMxJ1b5Vhgf434XP3c6+8hjHn@doctor.nl2k.ab.ca
X-Gm-Message-State: AOJu0YzVZ2vaBr+2Dz7DWzGdds2wmuOmWKc0OW3sMvMNKoTQS18hy99i
lCkfO0zn0dtK4XR7dOTujwUFPfvxid7pEDAW9YQyURoTD95WteMiu2JQGhzrF9xkg/2hIJkoExl
E1g+ogjsFHgHtmAS3mw0W6WmSDm0=
X-Gm-Gg: ASbGncspSMFqXeVTxkPky+GDNh7BFMu5792WOz/0L2xrpIaj6a6+4AinWgI+gkSS+lY
RM03z452Fk2tAMgTn75xijm1g26kQ+0mAKAd5bqvj8kcQcKQ6djE07qLwr0kg4d5RFYAIrq46KU
y9fUV5Q4PYT9S45+9O7GPgIoWNfwIpIMQ=
X-Google-Smtp-Source: AGHT+IFXKDU2Xu0OdTq/2ilMZ5lmoNwvlbPnBONEwz1lrGBBnmERxL3zTQQhGOejWJwsZ8WrwOBs1jMcyFh/d60ecHw=
X-Received: by 2002:a05:690c:6482:b0:6ef:96f9:2f48 with SMTP id
00721157ae682-6f7a8447dd1mr215578767b3.37.1738671097216; Tue, 04 Feb 2025
04:11:37 -0800 (PST)
MIME-Version: 1.0
Reply-To: donaldfrank133@gmail.com
From: David Edward
Date: Tue, 4 Feb 2025 12:11:24 +0000
X-Gm-Features: AWEUYZl69RvMLUW5gCRk8QkvC57PHz5QSA8zZUjmc03RU5F0q3rR9LzrY8VD5V8
Message-ID:
Subject:
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000218a9f062d4fe9bc"
Bcc: root@doctor.nl2k.ab.ca
X-Spam_score: 5.8
X-Spam_score_int: 58
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: good morning my good friend, have you received the compensation
money I sent to you through my Secretary good morning my good friend, have
you received the compensation money I sent to you through my Secretary
Content analysis details: (5.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.219.174 listed in dnsbl.ahbl.org]
[209.85.219.174 listed in dnsbl.ahbl.org]
[209.85.219.174 listed in dnsbl.ahbl.org]
[209.85.219.174 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.219.174 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.219.174 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.219.174 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.219.174 listed in dnsbl.ahbl.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.174 listed in list.dnswl.org]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.219.174 listed in sa-accredit.habeas.com]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.219.174 listed in sa-trusted.bondedsender.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.174 listed in wl.mailspike.net]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[209.85.219.174 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.219.174 listed in bl.score.senderscore.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[edwarddavid720(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[donaldfrank133(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[edwarddavid720(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
2.9 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
Subject: {SPAM?}
--000000000000218a9f062d4fe9bc
Content-Type: text/plain; charset="UTF-8"
good morning my good friend, have you received the compensation money I
sent to you through my Secretary
--000000000000218a9f062d4fe9bc
Content-Type: text/html; charset="UTF-8"
good morning my good friend, have you received the compensation money I sent to you through my Secretary
--000000000000218a9f062d4fe9bc--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments