A duplicate of the RR financial spam e-mail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 27 Apr 2022 17:31:03 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1njr7H-0004gs-HT
for dave@doctor.nl2k.ab.ca;
Wed, 27 Apr 2022 17:30:39 -0600
Resent-From: The Doctor
Resent-Date: Wed, 27 Apr 2022 17:30:39 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from rrcs-71-41-126-170.se.biz.rr.com ([71.41.126.170]:43304 helo=securemail.indigomanor.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1njqh3-0001ch-J9
for doctor@netknow.ca;
Wed, 27 Apr 2022 17:03:38 -0600
Received: from [192.168.1.101] ([103.79.170.157])
(user=testtest@indigomanor.com mech=LOGIN bits=0)
by securemail.indigomanor.com with ESMTP id 23RN1kD6030903-23RN1kD7030903;
Wed, 27 Apr 2022 19:01:47 -0400
Message-Id: <202204272301.23RN1kD6030903-23RN1kD7030903@securemail.indigomanor.com>
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: "EUR Credit Offer" #
To: Recipients
From: "Tom Crist Finance Ltd"
Date: Wed, 27 Apr 2022 16:01:41 -0700
Reply-To: tmc0163@aol.com
X-FEAS-AUTH-USER: testtest@indigomanor.com
X-Spam_score: 12.3
X-Spam_score_int: 123
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: We Offer Loan At A Very Low Rate Of 3%. If Interested, Kindly
Email Us For More Details.
Content analysis details: (12.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[71.41.126.170 listed in psbl.surriel.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[71.41.126.170 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=testtest%40indigomanor.com;ip=71.41.126.170;r=doctor.nl2k.ab.ca]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[tmc0163[at]aol.com]
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.0 FROM_MISSP_SPF_FAIL No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.3 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
Subject: {SPAM?} "EUR Credit Offer" #
We Offer Loan At A Very Low Rate Of 3%. If Interested, Kindly Email Us For =
More Details.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 27 Apr 2022 17:31:03 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1njr7H-0004gs-HT
for dave@doctor.nl2k.ab.ca;
Wed, 27 Apr 2022 17:30:39 -0600
Resent-From: The Doctor
Resent-Date: Wed, 27 Apr 2022 17:30:39 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from rrcs-71-41-126-170.se.biz.rr.com ([71.41.126.170]:43304 helo=securemail.indigomanor.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
(Exim 4.95 (FreeBSD))
(envelope-from
id 1njqh3-0001ch-J9
for doctor@netknow.ca;
Wed, 27 Apr 2022 17:03:38 -0600
Received: from [192.168.1.101] ([103.79.170.157])
(user=testtest@indigomanor.com mech=LOGIN bits=0)
by securemail.indigomanor.com with ESMTP id 23RN1kD6030903-23RN1kD7030903;
Wed, 27 Apr 2022 19:01:47 -0400
Message-Id: <202204272301.23RN1kD6030903-23RN1kD7030903@securemail.indigomanor.com>
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: "EUR Credit Offer" #
To: Recipients
From: "Tom Crist Finance Ltd"
Date: Wed, 27 Apr 2022 16:01:41 -0700
Reply-To: tmc0163@aol.com
X-FEAS-AUTH-USER: testtest@indigomanor.com
X-Spam_score: 12.3
X-Spam_score_int: 123
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: We Offer Loan At A Very Low Rate Of 3%. If Interested, Kindly
Email Us For More Details.
Content analysis details: (12.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[71.41.126.170 listed in psbl.surriel.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[71.41.126.170 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=testtest%40indigomanor.com;ip=71.41.126.170;r=doctor.nl2k.ab.ca]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[tmc0163[at]aol.com]
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.0 FROM_MISSP_SPF_FAIL No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.3 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF
failed
0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed
Subject: {SPAM?} "EUR Credit Offer" #
We Offer Loan At A Very Low Rate Of 3%. If Interested, Kindly Email Us For =
More Details.