Chinese Spam from Barracuda
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 27 Apr 2022 15:28:06 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1njp6z-000Gvy-0K
for dave@doctor.nl2k.ab.ca;
Wed, 27 Apr 2022 15:22:13 -0600
Resent-From: The Doctor
Resent-Date: Wed, 27 Apr 2022 15:22:12 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [112.255.137.21] (port=64295 helo=d312913.b.ess.de.barracudanetworks.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1njlEE-000BZ4-BQ
for sales@nk.ca;
Wed, 27 Apr 2022 11:13:30 -0600
Date: Thu, 28 Apr 2022 01:12:54 +0800 (CST)
From: newhopeglassmirror
Sender: euixcox
To: sales
Message-ID: <740300692.1905225.1651079574427@d312913.b.ess.de.barracudanetworks.com>
Subject: Re: Our mirror glass helps you to develop your market(Free Samples)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 8.2
X-Spam_score_int: 82
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello my friend, Good day! I don't know how many times I've
emailed you, Every time I see your name, it's like I see our mirror shining,
and calling me, I can't help contacting you, haha~
Content analysis details: (8.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[112.255.137.21 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[112.255.137.21 listed in ix.dnsbl.manitu.net]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=euixcox%40aeti.edu.lk;ip=112.255.137.21;r=doctor.nl2k.ab.ca]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[newhopeglassmirror[at]163.com]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
EnvelopeFrom freemail headers are
different
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
Subject: {SPAM?} Re: Our mirror glass helps you to develop your market(Free Samples)
gin-top:2px;margin-bottom:2px;">I don't know how many times I've em=
ailed you, Every time I see your name, it's like I see our mirror shini=
ng, and calling me, I can't help contacting you, haha~
argin-top:2px;margin-bottom:2px;">Our mirrors have high safety and high aes=
thetics, but the price is not high.
ttom:2px;">Whether it is architecture, decoration, home, furniture or other=
application scenarios, our products can excellently complete the task of h=
elping you seize the market, and there is no need for you to sacrifice 5% ~=
10% of the profits in exchange for the quality of the products you purchas=
e to ensure your brand building.
m:2px;">I believe our products will certainly help your business developmen=
t. Please feel free to contact me.
tom:2px;">Best Regards
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 27 Apr 2022 15:28:06 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1njp6z-000Gvy-0K
for dave@doctor.nl2k.ab.ca;
Wed, 27 Apr 2022 15:22:13 -0600
Resent-From: The Doctor
Resent-Date: Wed, 27 Apr 2022 15:22:12 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [112.255.137.21] (port=64295 helo=d312913.b.ess.de.barracudanetworks.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1njlEE-000BZ4-BQ
for sales@nk.ca;
Wed, 27 Apr 2022 11:13:30 -0600
Date: Thu, 28 Apr 2022 01:12:54 +0800 (CST)
From: newhopeglassmirror
Sender: euixcox
To: sales
Message-ID: <740300692.1905225.1651079574427@d312913.b.ess.de.barracudanetworks.com>
Subject: Re: Our mirror glass helps you to develop your market(Free Samples)
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 8.2
X-Spam_score_int: 82
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello my friend, Good day! I don't know how many times I've
emailed you, Every time I see your name, it's like I see our mirror shining,
and calling me, I can't help contacting you, haha~
Content analysis details: (8.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[112.255.137.21 listed in bl.score.senderscore.com]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
1.5 NIX_SPAM RBL: Listed in NIX_SPAM DNSBL (thanks to heise.de)
[112.255.137.21 listed in ix.dnsbl.manitu.net]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=euixcox%40aeti.edu.lk;ip=112.255.137.21;r=doctor.nl2k.ab.ca]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[newhopeglassmirror[at]163.com]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
EnvelopeFrom freemail headers are
different
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
Subject: {SPAM?} Re: Our mirror glass helps you to develop your market(Free Samples)
Hello my friend=EF=BC=8C
=Good day!
gin-top:2px;margin-bottom:2px;">I don't know how many times I've em=
ailed you, Every time I see your name, it's like I see our mirror shini=
ng, and calling me, I can't help contacting you, haha~
argin-top:2px;margin-bottom:2px;">Our mirrors have high safety and high aes=
thetics, but the price is not high.
ttom:2px;">Whether it is architecture, decoration, home, furniture or other=
application scenarios, our products can excellently complete the task of h=
elping you seize the market, and there is no need for you to sacrifice 5% ~=
10% of the profits in exchange for the quality of the products you purchas=
e to ensure your brand building.
m:2px;">I believe our products will certainly help your business developmen=
t. Please feel free to contact me.
tom:2px;">Best Regards
Wi=
ll