celebrity gmail spam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 06 May 2022 16:41:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn6d9-0009Bw-QS

for dave@doctor.nl2k.ab.ca;

Fri, 06 May 2022 16:40:59 -0600

Resent-From: The Doctor

Resent-Date: Fri, 6 May 2022 16:40:59 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f42.google.com ([209.85.161.42]:39504)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn6QH-00084p-Tz

for doctor@doctor.nl2k.ab.ca;

Fri, 06 May 2022 16:27:47 -0600

Received: by mail-oo1-f42.google.com with SMTP id q7-20020a4adc47000000b0035f4d798376so652497oov.6

for ; Fri, 06 May 2022 15:27:21 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:from:date:message-id:subject:to;

bh=fNxIcoVZy02Kv8K9AYyWui1FDlUi2LBMjI+aIEwCMlo=;

b=I/N15SaFa0jSQ0OUygsusyVzLnPVyjVZSXcS6h4SsqUy7fptGefgA7wqNOy+vLCAZ5

1+KYc5UTlAEOALJ9rbnkREyeXhqT6nkaL8AO2nvYbpwPeyjir74u2eFGQ7uWUF05qfVz

g4MP6oi4c2FKMecRtdSDI1ZxYjRq8ZExJcoM0p0cy+cCRgIMyDjiF/Q6dvoUoyqsxl/J

bDkwmW/znI+BueI/q5pssBU95Ni/VcLGa6jwlCcRVzq6YTXjS2gGv3jRwFd20dJ72UbZ

DWqJ84OUvj9SjS7VFYtLbeUaxphWzrvlfd5VcefarCE/R7gwPnDH+48a3MIZU+0nciXb

qawA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:from:date:message-id:subject:to;

bh=fNxIcoVZy02Kv8K9AYyWui1FDlUi2LBMjI+aIEwCMlo=;

b=th2uoyAOE35Y0t+U5NFoGF4V+YOU7bxvBBZgLMFWE2sn1oCoqqH6Q1RXHdJNlaPHGv

PD+cAGNmfpKkwrgQwqnMzkGai8ulFzzYM9Ktpfrs3+MaDjw5pQ8Nr8mcXtFJT46uH5MU

rPhH+pcwSKQuVhV+4ked6qbhF62sO/7LnfjHBRLh84jXFN1/qWKXaLjBIe/t8r2tWzNt

kwpP2HQK3RZrrHCF5BZhq1ZuB9UV1IDEYXfI3n45JGrEEyB3OwoJ/h++VoPsZswoGOXc

hPAqzBDt50yAX8Z9xT3gmjRkZOl28BBQ3GwLoA4yTN5CTqkr7f+j0rqLtul2jP0ejGHN

BQ3w==

X-Gm-Message-State: AOAM530KtlytFLssSprNAuBSy6jiiatR7q7CJyy1J+Gv+S1RvlTHspXs

ItQu4mneHe6WFOoKOwK3nM2YKIUJMoR9iaXOZtk=

X-Google-Smtp-Source: ABdhPJwaRieZOVCjzjmakrrUhaPDr2SKslsNCGmtcHgCOFUhL3tnS+s1hlISdDDtOeoJUgmTpj4xVP3PEYkUA+Ns3sU=

X-Received: by 2002:a4a:6f49:0:b0:35e:1902:1d3b with SMTP id

i9-20020a4a6f49000000b0035e19021d3bmr1883567oof.1.1651876035902; Fri, 06 May

2022 15:27:15 -0700 (PDT)

MIME-Version: 1.0

From: Mrs Aisha Al-Qaddafi

Date: Fri, 6 May 2022 15:26:37 -0700

Message-ID:

Subject: Dear friend please can i trust you

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="0000000000005540ec05de5f5c89"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 16.5

X-Spam_score_int: 165

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear friend please can i trust you Please bear with me. I

am writing this letter to you with tears and sorrow from my heart. I am Aisha

Muammar Gaddafi, the only daughter of the embattled president of Libya, Hon.

Muammar Gaddafi. I know my mail might come to you as a surprise because you

don’t know me, but due to the unso [...]



Content analysis details: (16.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.42 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[jm5606021[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[jm5606021[at]gmail.com]

2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!

1.0 HK_SCAM_N15 BODY: No description available.

1.3 MILLION_HUNDRED BODY: Million "One to Nine" Hundred

2.5 HK_SCAM_N2 BODY: No description available.

0.0 HTML_MESSAGE BODY: HTML included in message

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

1.9 HK_SCAM No description available.

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 XFER_LOTSA_MONEY Transfer a lot of money

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

1.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Dear friend please can i trust you



--0000000000005540ec05de5f5c89

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Dear friend please can i trust you





Please bear with me. I am writing this letter to you with tears and sorrow

from my heart.



I am Aisha Muammar Gaddafi, the only daughter of the embattled president of

Libya, Hon. Muammar Gaddafi. I know my mail might come to you as a surprise

because you don=E2=80=99t know me, but due to the unsolicited nature of my

situation here in Refugee camp Ouagadougou Burkina Faso i decided to

contact you for help. I have passed through pains and sorrowful moments

since the death of my father. At the same time, my family is the target of

Western nations led by Nato who want to destroy my father at all costs. Our

investments and bank accounts in several countries are their targets to

freeze.



My Father of blessed memory deposited the sum of $27.5M (Twenty Seven

Million Five Hundred Thousand Dollars) in a Bank at Burkina Faso which he

used my name as the next of kin. I have been commissioned by the (BOA) bank

to present an interested foreign investor/partner who can stand as my

trustee and receive the fund in his account for a possible investment in

his country due to my refugee status here in Burkina Faso.



I am in search of an honest and reliable person who will help me and stand

as my trustee so that I will present him to the Bank for the transfer of

the fund to his bank account overseas. I have chosen to contact you after

my prayers and I believe that you will not betray my trust but rather take

me as your own sister or daughter. If this transaction interests you, you

don't have to disclose it to anybody because of what is going on with my

entire family, if the United nation happens to know this account, they will

freeze it as they freeze others, so please keep this transaction only to

yourself until we finalize it.



Sorry for my pictures. I will enclose it in my next mail and more about me

when I hear from you okay.



Yours Sincerely

Best Regard,

Aisha Gaddafi



--0000000000005540ec05de5f5c89

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




Dear friend please can i trust you


Please b=

ear with me. I am writing this letter to you with tears and sorrow from my =

heart.

I am Aisha Muammar Gaddafi, the only daughter of the embattle=

d president of Libya, Hon. Muammar Gaddafi. I know my mail might come to yo=

u as a surprise because you don=E2=80=99t know me, but due to the unsolicit=

ed nature of my situation here in Refugee camp Ouagadougou Burkina Faso i d=

ecided to contact you for help. I have passed through pains and sorrowful m=

oments since the death of my father. At the same time, my family is the tar=

get of Western nations led by Nato who want to destroy my father at all cos=

ts. Our investments and bank accounts in several countries are their target=

s to freeze.

My Father of blessed memory deposited the sum of $27.5M=

(Twenty Seven Million Five Hundred Thousand Dollars) in a Bank at Burkina =

Faso which he used my name as the next of kin. I have been commissioned by =

the (BOA) bank to present an interested foreign investor/partner who can st=

and as my trustee and receive the fund in his account for a possible invest=

ment in his country due to my refugee status here in Burkina Faso.

I=

am in search of an honest and reliable person who will help me and stand a=

s my trustee so that I will present him to the Bank for the transfer of the=

fund to his bank account overseas. I have chosen to contact you after my p=

rayers and I believe that you will not betray my trust but rather take me a=

s your own sister or daughter. If this transaction interests you, you don&#=

39;t have to disclose it to anybody because of what is going on with my ent=

ire family, if the United nation happens to know this account, they will fr=

eeze it as they freeze others, so please keep this transaction only to your=

self until we finalize it.

Sorry for my pictures. I will enclose it =

in my next mail and more about me when I hear from you okay.

Yours S=

incerely
Best Regard,
Aisha Gaddafi




--0000000000005540ec05de5f5c89--

Chinese product Spam from Microsoft

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 06 May 2022 16:42:12 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn6dM-0009Da-Nm

for dave@doctor.nl2k.ab.ca;

Fri, 06 May 2022 16:41:12 -0600

Resent-From: The Doctor

Resent-Date: Fri, 6 May 2022 16:41:12 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [119.133.33.253] (port=5997 helo=undp-org.mail.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn6HC-0007A6-09

for sales@nk.ca;

Fri, 06 May 2022 16:18:23 -0600

Date: Sat, 7 May 2022 06:17:38 +0800 (CST)

From: peibaohuang

Sender: qoamhaeiz

To: sales

Message-ID: <1777383944.3257.1651875458456@undp-org.mail.protection.outlook.com>

Subject: Re:LED S19/S14s Tube $1.3/pc -7W

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 8.4

X-Spam_score_int: 84

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi , I found your email address online. Then I went straight

to your company's website and your LinkedIn page. No, I am not a stalker.

What I am trying to do here is to learn more about your business. I bet you're

a bit like me. We both spent many years in the LED lighting space. We've

been in the upstream.



Content analysis details: (8.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[119.133.33.253 listed in bb.barracudacentral.org]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[peibaohuang[at]163.com]

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML

tag

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and

EnvelopeFrom freemail headers are

different

0.6 PDS_HP_HELO_NORDNS High profile HELO with no sender rDNS

0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS

1.9 SPOOFED_FREEMAIL No description available.

Subject: {SPAM?} Re:LED S19/S14s Tube $1.3/pc -7W




=91, Tahoma;font-variant-numeric: normal;font-variant-east-asian: normal;li=

ne-height: normal;white-space: normal;background-color: rgb(255, 255, 255);=

margin-right: 0;margin-bottom: 2px;margin-left: 0">
: 16px;font-family: Arial, sans-serif;color: rgb(0, 112, 192)">Hi ,<=

/p>


=BB=91, Tahoma;font-variant-numeric: normal;font-variant-east-asian: normal=

;line-height: normal;white-space: normal;background-color: rgb(255, 255, 25=

5);margin-right: 0;margin-bottom: 2px;margin-left: 0"> 


"margin-top:2px;font-family: =E5=BE=AE=E8=BD=AF=E9=9B=85=E9=BB=91, Tahoma;f=

ont-variant-numeric: normal;font-variant-east-asian: normal;line-height: no=

rmal;white-space: normal;background-color: rgb(255, 255, 255);margin-right:=

0;margin-bottom: 2px;margin-left: 0">
amily: Arial, sans-serif;color: rgb(0, 112, 192)">I found your email addres=

s online. Then I went straight to your company's website and your Linke=

dIn page.


=AF=E9=9B=85=E9=BB=91, Tahoma;font-variant-numeric: normal;font-variant-eas=

t-asian: normal;line-height: normal;white-space: normal;background-color: r=

gb(255, 255, 255);margin-right: 0;margin-bottom: 2px;margin-left: 0"> =


=BB=91, Tahoma;font-variant-numeric: normal;font-variant-east-asian: normal=

;line-height: normal;white-space: normal;background-color: rgb(255, 255, 25=

5);margin-right: 0;margin-bottom: 2px;margin-left: 0">
ize: 16px;font-family: Arial, sans-serif;color: rgb(0, 112, 192)">No, I am =

not a stalker. What I am trying to do here is to learn more about your busi=

ness. I bet you're a bit like me. We both spent many years in the LED l=

ighting space. We've been in the upstream.


-top:2px;font-family: =E5=BE=AE=E8=BD=AF=E9=9B=85=E9=BB=91, Tahoma;font-var=

iant-numeric: normal;font-variant-east-asian: normal;line-height: normal;wh=

ite-space: normal;background-color: rgb(255, 255, 255);margin-right: 0;marg=

in-bottom: 2px;margin-left: 0"> 


mily: =E5=BE=AE=E8=BD=AF=E9=9B=85=E9=BB=91, Tahoma;font-variant-numeric: no=

rmal;font-variant-east-asian: normal;line-height: normal;white-space: norma=

l;background-color: rgb(255, 255, 255);margin-right: 0;margin-bottom: 2px;m=

argin-left: 0">
f;color: rgb(0, 112, 192)">Just out of curiosity, would you be open-minded =

about trying a sample of our LED S19 / S14S tube?


gin-top:2px;font-family: =E5=BE=AE=E8=BD=AF=E9=9B=85=E9=BB=91, Tahoma;font-=

variant-numeric: normal;font-variant-east-asian: normal;line-height: normal=

;white-space: normal;background-color: rgb(255, 255, 255);margin-right: 0;m=

argin-bottom: 2px;margin-left: 0"> 


-family: =E5=BE=AE=E8=BD=AF=E9=9B=85=E9=BB=91, Tahoma;font-variant-numeric:=

normal;font-variant-east-asian: normal;line-height: normal;white-space: no=

rmal;background-color: rgb(255, 255, 255);margin-right: 0;margin-bottom: 2p=

x;margin-left: 0">
erif;color: rgb(0, 112, 192)">P.S. When would be a good time for me to foll=

ow up with you?


=E8=BD=AF=E9=9B=85=E9=BB=91, Tahoma;font-variant-numeric: normal;font-varia=

nt-east-asian: normal;line-height: normal;white-space: normal;background-co=

lor: rgb(255, 255, 255);margin-right: 0;margin-bottom: 2px;margin-left: 0">=

 


=85=E9=BB=91, Tahoma;font-variant-numeric: normal;font-variant-east-asian: =

normal;line-height: normal;white-space: normal;background-color: rgb(255, 2=

55, 255);margin-right: 0;margin-bottom: 2px;margin-left: 0">
font-size: 16px;font-family: Arial, sans-serif;color: olive">Best regards,<=

/span>


=85=E9=BB=91, Tahoma;font-variant-numeric: normal;font-variant-east-asian: =

normal;line-height: normal;white-space: normal;background-color: rgb(255, 2=

55, 255);margin-right: 0;margin-bottom: 2px;margin-left: 0">
font-size: 16px;font-family: Arial, sans-serif;color: olive">Peibao Huang
span>
--------------------=

------------


=BD=AF=E9=9B=85=E9=BB=91, Tahoma;font-variant-numeric: normal;font-variant-=

east-asian: normal;line-height: normal;white-space: normal;background-color=

: rgb(255, 255, 255);margin-right: 0;margin-bottom: 2px;margin-left: 0">
an style=3D"font-size: 16px;font-family: Arial, sans-serif;color: olive">TI=

ANCI

 



Chinese product Spam from Microsoft

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 06 May 2022 16:10:02 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn68w-0006UG-R1

for dave@doctor.nl2k.ab.ca;

Fri, 06 May 2022 16:09:46 -0600

Resent-From: The Doctor

Resent-Date: Fri, 6 May 2022 16:09:46 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [112.111.1.27] (port=57542 helo=ulstein-com.mail.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn4eK-000POK-8c

for root@nk.ca;

Fri, 06 May 2022 14:34:12 -0600

Date: Sat, 7 May 2022 04:33:42 +0800 (CST)

From: superiorcctv

Sender: tbqtpa

To: root

Message-ID: <1883851486.2159257.1651869222835@ulstein-com.mail.protection.outlook.com>

Subject: Re:Camera Lens for suveillance

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit

X-Spam_score: 12.6

X-Spam_score_int: 126

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear sir, SUPERIOR CCTV LENS is top10 CCTV LENS manufacturer

in china. We offer 1/3 of your price and 3 years quality guarantee, are you

interested to get our catalog with pricelist?



Content analysis details: (12.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[112.111.1.27 listed in bl.score.senderscore.com]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

1.0 HK_RANDOM_FROM From username looks random

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=tbqtpa%40utp.ac.pa;ip=112.111.1.27;r=doctor.nl2k.ab.ca]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[superiorcctv[at]163.com]

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML

tag

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and

EnvelopeFrom freemail headers are

different

0.6 PDS_HP_HELO_NORDNS High profile HELO with no sender rDNS

0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS

1.9 SPOOFED_FREEMAIL No description available.

Subject: {SPAM?} Re:Camera Lens for suveillance



Dear sir,


SUPERIOR CCTV LENS is top10 CCTV LENS manufacturer in china.


We offer 1/3 of your price and 3 years quality guarantee, are you interested to get our catalog with pricelist?


Regards

Sally




password phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 06 May 2022 16:10:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn68H-0006Re-Ff

for dave@doctor.nl2k.ab.ca;

Fri, 06 May 2022 16:09:05 -0600

Resent-From: The Doctor

Resent-Date: Fri, 6 May 2022 16:09:05 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from marula.iwayafrica.co.zw ([41.190.32.8]:52008 helo=smtp11.utande.co.zw)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn3xA-000Lsm-OL

for root@nl2k.ab.ca;

Fri, 06 May 2022 13:49:33 -0600

Received: from [196.44.176.151] (port=39354 helo=pop3.utande.co.zw)

by smtp11.utande.co.zw with esmtp (Exim 4.94)

(envelope-from )

id 1nn3wo-0001Uk-2N

for root@nl2k.ab.ca; Fri, 06 May 2022 21:49:06 +0200

Received: from [192.168.1.101] (unknown [85.237.194.26])

by pop3.utande.co.zw (Postfix) with ESMTPSA id 082222005A5039

for ; Fri, 6 May 2022 21:49:03 +0200 (CAT)

Content-Type: multipart/alternative; boundary="===============0977781784=="

MIME-Version: 1.0

Subject: Account Deactivation Request for root@nl2k.ab.ca

To: root@nl2k.ab.ca

From: "ITHELP DESK"

Date: Fri, 06 May 2022 12:48:58 -0700

Message-Id: ac449dabff3c898a2a93ba86b377fe48@smtp11.utande.co.zw

X-Spam_score: 8.1

X-Spam_score_int: 81

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear root@nl2k.ab.ca , Series of account deactivation requests

have been made from your Email Address root@nl2k.ab.ca . If you did not make

this request, stop the process by clicking Stop Deactivation and follow the

instruc [...]



Content analysis details: (8.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_MESSAGE BODY: HTML included in message

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.5 FSL_BULK_SIG Bulk signature with no Unsubscribe

1.2 INVALID_MSGID Message-Id is not valid, according to RFC 2822

0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: 360autodisplayusa.com, cranstonfamilyclinic.com]

Subject: {SPAM?} Account Deactivation Request for root@nl2k.ab.ca



You will not see this in a MIME-aware mail reader.

--===============0977781784==

Content-Type: text/plain; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body



Dear root@nl2k.ab.ca ,



Series of account deactivation requests have been made from your Email Addr=

ess root@nl2k.ab.ca . If you did not make this request, stop the process b=

y clicking Stop Deactivation and follow the instruction.



You have 12 Hours after Notification or your account will be closed. =



Note:Move the email to your Inbox to stop the deactivation



=A9 Support Team- Support Team.



--===============0977781784==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body




=3Dutf-8"/>
)">Dear  
30)">root@nl2k.ab.ca  
R: rgb(32,31,30)">,

COLOR: rgb(32,31,30)">

R: rgb(32,31,30)">Ser=

ies of account deactivation requests have been made from your Email Address=

  root@nl2k.ab.ca . If you did not make this request, stop the process=

by clicking 
x; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM-WIDTH: =

0px; COLOR: rgb(17,85,204); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-=

LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px; font-var=

iant-numeric: inherit; font-variant-east-asian: inherit; font-stretch: inhe=

rit" href=3D"https://cranstonfamilyclinic.com/zimbra/webner/" rel=3D"noopen=

er noreferrer" target=3D_blank data-saferedirecturl=3D"https://www.google.c=

om/url?q=3Dhttps://www.360autodisplayusa.com/SDCFVSD/97884/38840/&sourc=

e=3Dgmail&ust=3D1651946190854000&usg=3DAOvVaw34_KBx6BqJneO9I9txdpVD=

">Stop Deactivation
"> and follow the instruction.

ONT-SIZE: 15px; COLOR: rgb(32,31,30)">

SIZE: 15px; COLOR: rgb(32,31,30)">
b(32,31,30)">You have 12 Hours after Notification or your account will be c=

losed. 


0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM-WIDTH: 0px; COLOR: rgb(32,31,3=

0); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; =

PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px; font-variant-numeric: inherit; f=

ont-variant-east-asian: inherit; font-stretch: inherit">

rue>



0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM-WIDTH: 0px; COLOR: rgb(32,31,3=

0); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; =

PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px; font-variant-numeric: inherit; f=

ont-variant-east-asian: inherit; font-stretch: inherit">Note:Move the email=

to your Inbox to stop the deactivation


en=3Dtrue>=C2=A9 Support Team- Support Team.

ONT-FAMILY: Arial, Helvetica, sans-serif; WHITE-SPACE: normal; WORD-SPACING=

: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(32,31,30); FONT-S=

TYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COL=

OR: rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligatures: normal; fon=

t-variant-caps: normal; -webkit-text-stroke-width: 0px; text-decoration-thi=

ckness: initial; text-decoration-style: initial; text-decoration-color: ini=

tial">


--===============0977781784==--

Nigerian gmail spam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 06 May 2022 16:02:02 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn60V-0005qn-Bh

for dave@doctor.nl2k.ab.ca;

Fri, 06 May 2022 16:01:03 -0600

Resent-From: The Doctor

Resent-Date: Fri, 6 May 2022 16:01:03 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lj1-f180.google.com ([209.85.208.180]:39747)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmzgX-000P6m-KQ

for root@nk.ca;

Fri, 06 May 2022 09:16:06 -0600

Received: by mail-lj1-f180.google.com with SMTP id t25so9643854ljd.6

for ; Fri, 06 May 2022 08:15:37 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to;

bh=UgI++iS9XxPvlCcicLh9wfG+HKsx14RkJl+BHZ/9ADY=;

b=D454k5mi+wBu2dFfm23ecpte22ZDcq6+B8/00chg+0k8PVP0azvZFAPgi584rXEYuy

5loqcXOrEOQpdma9T1PG07H5lt7XFEmCkEHgsGx27ssYmT/JnTEgb5MiCslN6veJJeU7

7Fu55xiyxQo+dRAsV7u8oAu4gROKWOPytO+XH+iixk3etS9HIFxqhW7imbP2kD+izPZ2

Gu50IyME8m9cSXP74uyWAN6y/hTe4coTcJ4fu7RN4JXKEb3IOH2sEABd+7prfdcj5XuK

2yIgOegFD7X9VyyH/mjNuh/R91b2f7MlFopctEUW/aQGHiVjtO7dKpVFEi04roDwkH8A

lWQw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to;

bh=UgI++iS9XxPvlCcicLh9wfG+HKsx14RkJl+BHZ/9ADY=;

b=DDWgN9Aqt1C6qemwA6qKidJ4E5bVHUC2mz31amk9jZRx67JK2sm6bJ0W73JBkUY5aF

xYOqvBrtUxbg8eI8rRnoXEPXErZL44Y3ALX1X7AWATcK2mrGrKNv43FR2k4clG1mtDf7

4Kj3iGmj17yZpBHrkymx7ez0Seo/AfIvEOiCXbIPLgg9yV7102uWsa6u/FANf6CZTo/G

qK54nM9MpAQsZ4S6LjdbatuO0Vpn47YKJW5U26h+QLyKZWcKafRD1bHJtUB6GYhouTBU

p8v7Rp4QRfoPL205PSJ/plYDS2NiDahZoXVsd11a4l6bmL2P9nrSFKjboTH1j5B2q9Gv

0Gdw==

X-Gm-Message-State: AOAM532XaJqC6D/DoucBACsRXeI9qM/k6SsLCUoDiid4I+hM6CM+81IK

V6bglkR1Ggq2E4HfMYoBo08Zj0X6f9SBucfAv/k=

X-Google-Smtp-Source: ABdhPJyxItTW6mjrfGhugQNMaVK0yMT5liCtDv+wjnnyS9ASQlhawyVmkA0b4YBMUQJydt+Zh6n7c7v1J1X0g8LVxEQ=

X-Received: by 2002:a05:651c:89:b0:250:87c9:d4e6 with SMTP id

9-20020a05651c008900b0025087c9d4e6mr2307462ljq.315.1651850130879; Fri, 06 May

2022 08:15:30 -0700 (PDT)

MIME-Version: 1.0

Reply-To: mrspeninnaharielbenaiah62@gmail.com

From: "Mrs. Peninnah Ariel Benaiah"

Date: Fri, 6 May 2022 07:08:57 -0800

Message-ID:

Subject: Assalamualaikum, May The Peace Of God Be On Your And You Family.

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="00000000000045fb8d05de595488"

Bcc: root@nk.ca

X-Spam_score: 19.7

X-Spam_score_int: 197

X-Spam_bar: +++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Assalamualaikum, May The Peace Of God Be On Your And You Family.

My name is Mrs. Peninnah Ariel Benaiah I am a Norway Citizen who is living

in Burkina Faso, I am married to Mr. Benaiah Jeremiah, am a politician who

owns a small gold company in Burkina Faso; He died [...]



Content analysis details: (19.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.180 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[mrspeninnaharielbenaiah62[at]gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[minaa.brunel1[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[minaa.brunel1[at]gmail.com]

2.7 UNCLAIMED_MONEY BODY: People just leave money laying around

2.5 HK_SCAM_N2 BODY: No description available.

0.0 HTML_MESSAGE BODY: HTML included in message

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

1.9 HK_SCAM No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.5 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.0 XFER_LOTSA_MONEY Transfer a lot of money

0.5 MONEY_FRAUD_8 Lots of money and very many fraud phrases

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

1.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Assalamualaikum, May The Peace Of God Be On Your And You Family.



--00000000000045fb8d05de595488

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Assalamualaikum, May The Peace Of God Be On Your And You Family.









My name is Mrs. Peninnah Ariel Benaiah I am a Norway Citizen who is living

in Burkina Faso, I am married to Mr. Benaiah Jeremiah, am a politician who

owns a small gold company in Burkina Faso; He died of Leprosy and Radesyge,

in the year February 2010, During his lifetime he deposited the sum of =E2=

=82=AC

8.5 Million Euro in a bank in Brussels the capital city of Belgium in

Europe The money was from the sale of his company and death benefits

payment and entitlements of my deceased husband by his company.



I am sending you this message with heavy tears in my eyes and great sorrow

in my heart, and also praying that it will reach you in good health because

I am not in good health. I have been suffering for a long time and

presently I am partially suffering from Leprosy, which has become difficult

for me to move around. I was married to my late husband for more than 6

years without having a child and my doctor confided that I have less chance

to live, having to know when the cup of death will come.



I have decided to donate this money for the support of helping Motherless

babies, less privileged, Widows and churches also to build the house of God

because I am dying and diagnosed with cancer about 3 years ago. I have

decided to donate what I have inherited from my late husband to you for the

good work of Almighty God; I will be going in for an operation soon.



Now I want you to stand as my next of kin to claim the funds for charity

purposes. Because of this money remains unclaimed after my death, the bank

executives or the government will take the money as unclaimed fund and

maybe use it for selfishness and worthless ventures, I need a very honest

person who can claim this money and use it for Charity works, for

orphanages, widows and also build schools and churches for less privilege

that will be named after my late husband and my name.



I will give you more information on how the fund will be transferred to you

through an online banking account.











Reply at my private email: mrspeninnaharielbenaiah62@gmail.com





Thanks



Mrs. Peninnah Ariel Benaiah



--00000000000045fb8d05de595488

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable





nature" data-smartmail=3D"gmail_signature">

">


ine-height:normal;background-image:initial;background-position:initial;back=

ground-repeat:initial">
lifornian FB","serif";color:#222222">Assalamualaikum, May Th=

e Peace Of God Be On Your And You Family.


style=3D"margin-bottom:0.0001pt;line-height:normal;background-image:initial=

;background-position:initial;background-repeat:initial">
-size:13.0pt;font-family:"Californian FB","serif";color=

:#222222">=C2=A0


0001pt;line-height:normal;background-image:initial;background-position:init=

ial;background-repeat:initial">
"Californian FB","serif";color:#222222">


My name is Mrs. Peninnah Ariel Benaiah I am a Norway Citizen who is living =

in

Burkina Faso, I am married to Mr. Benaiah Jeremiah, am a politician who own=

s a

small gold company in Burkina Faso; He died of Leprosy and Radesyge, in the

year February 2010, During his lifetime he deposited the sum of =E2=82=AC 8=

.5 Million

Euro in a bank in Brussels the capital city of Belgium in Europe The money =

was

from the sale of his company and death benefits payment and entitlements of=

my

deceased husband by his company.





I am sending you this message with heavy tears in my eyes and great sorrow =

in

my heart, and also praying that it will reach you in good health because I =

am

not in good health. I have been suffering for a long time and presently I a=

m

partially suffering from Leprosy, which has become difficult for me to move

around. I was married to my late husband for more than 6 years without havi=

ng a

child and my doctor confided that I have less chance to live, having to kno=

w

when the cup of death will come.





I have decided to donate this money for the support of helping Motherless

babies, less privileged, Widows and churches also to build the house of God

because I am dying and diagnosed with cancer about 3 years ago. I have deci=

ded

to donate what I have inherited from my late husband to you for the good wo=

rk

of Almighty God;=C2=A0=C2=A0 I will be going in for an operation soon.





Now I want you to stand as my next of kin to claim the funds for charity

purposes. Because of this money remains unclaimed after my death, the bank

executives or the government will take the money as unclaimed fund and mayb=

e

use it for selfishness and worthless ventures, I need a very honest person =

who

can claim this money and use it for Charity works, for orphanages, widows a=

nd

also build schools and churches for less privilege that will be named after=

my

late husband and my name.





I will give you more information on how the fund will be transferred to you

through an online banking account.


=3D"margin-bottom:0.0001pt;line-height:normal;background-image:initial;back=

ground-position:initial;background-repeat:initial">
:13.0pt;font-family:"Californian FB","serif";color:#222=

222">=C2=A0


t;line-height:normal;background-image:initial;background-position:initial;b=

ackground-repeat:initial">
;Californian FB","serif";color:#222222">=C2=A0


class=3D"MsoNormal" style=3D"margin-bottom:0.0001pt;line-height:normal;back=

ground-image:initial;background-position:initial;background-repeat:initial"=

>
;serif";background-image:initial;background-position:initial;backgroun=

d-repeat:initial">Reply at my private email:
:13.0pt;font-family:"Californian FB","serif";color:#222=

222">
nk">mrspeninnaharielbenaiah62@gmail.com


" style=3D"margin-bottom:0.0001pt;line-height:normal;background-image:initi=

al;background-position:initial;background-repeat:initial">
nt-size:13.0pt;font-family:"Californian FB","serif";col=

or:#222222">=C2=A0


Thanks





Mrs. Peninnah Ariel Benaiah


n-bottom:0.0001pt;line-height:normal;background-image:initial;background-po=

sition:initial;background-repeat:initial">




























ont-family:"Californian FB","serif";background-image:in=

itial;background-position:initial;background-repeat:initial">=C2=A0<=

/p>





--00000000000045fb8d05de595488--

Sexual Blackmail phishing scam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 06 May 2022 16:01:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn5zk-0005mu-0b

for dave@doctor.nl2k.ab.ca;

Fri, 06 May 2022 16:00:16 -0600

Resent-From: The Doctor

Resent-Date: Fri, 6 May 2022 16:00:15 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from r186-55-16-17.dialup.adsl.anteldata.net.uy ([186.55.16.17]:14617)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nn0St-0003OF-FG

for root@nk.ca;

Fri, 06 May 2022 10:06:05 -0600

Message-ID: <002301d86149$0269536f$47a7d4ad@uaegrxss>

From:

To:

Subject: You have an outstanding payment. Debt settlement required.

Date: 6 May 2022 08:44:40 -0400

MIME-Version: 1.0

Content-Type: text/plain;

charset="windows-1250"

Content-Transfer-Encoding: 8bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

X-Spam_score: 14.5

X-Spam_score_int: 145

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all

devices that you use to browse internet. Afterwards, I have proceeded with

[...]



Content analysis details: (14.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.2 CK_HELO_GENERIC Relay used name indicative of a Dynamic Pool or

Generic rPTR

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[186.55.16.17 listed in bb.barracudacentral.org]

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.5 PDS_BTC_ID FP reduced Bitcoin ID

3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP

addr 1)

2.5 HELO_DYNAMIC_HCC Relay HELO'd using suspicious hostname (HCC)

0.0 BITCOIN_XPRIO Bitcoin + priority

0.2 HDR_ORDER_FTSDMCXX_DIRECT Header order similar to spam

(FTSDMCXX/boundary variant) + direct-to-MX

0.0 PDS_BTC_MSGID Bitcoin ID with T_MSGID_NOFQDN2

1.7 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX

3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers

Subject: {SPAM?} You have an outstanding payment. Debt settlement required.



Hello!



Unfortunately, I have some unpleasant news for you.

Roughly several months ago I have managed to get a complete access to all devices that you use to browse internet.

Afterwards, I have proceeded with monitoring all internet activities of yours.



You can check out the sequence of events summarize below:

Previously I have bought from hackers a special access to various email accounts (currently, it is rather a straightforward thing that can be done online).

Clearly, I could effortlessly log in to your email account as well (root@nk.ca).



One week after that, I proceeded with installing a Trojan virus in Operating Systems of all your devices, which are used by you to login to your email.

Actually, that was rather a simple thing to do (because you have opened a few links from your inbox emails previously).

Genius is in simplicity. ( ~_^)



Thanks to that software I can get access to all controllers inside your devices (such as your video camera, microphone, keyboard etc.).

I could easily download all your data, photos, web browsing history and other information to my servers.

I can access all your social networks accounts, messengers, emails, including chat history as well as contacts list.

This virus of mine unceasingly keeps refreshing its signatures (since it is controlled by a driver), and as result stays unnoticed by antivirus software.



Hereby, I believe by this time it is already clear for you why I was never detected until I sent this letter...



While compiling all the information related to you, I have also found out that you are a true fan and frequent visitor of adult websites.

You truly enjoy browsing through porn websites, while watching arousing videos and experiencing an unimaginable satisfaction.

To be honest, I could not resist but to record some of your kinky solo sessions and compiled them in several videos, which demonstrate you masturbating and cumming in the end.



If you still don't trust me, all it takes me is several mouse clicks to distribute all those videos with your colleagues, friends and even relatives.

In addition, I can upload them online for entire public to access.

I truly believe, you absolutely don't want such things to occur, bearing in mind the kinky stuff exposed in those videos that you usually watch, (you definitely understand what I am trying to say) it will result in a complete disaster for you.



We can still resolve it in the following manner:

You perform a transfer of $1590 USD to me (a bitcoin equivalent based on the exchange rate during the funds transfer), so after I receive the transfer, I will straight away remove all those lecherous videos without hesitation.

Then we can pretend like it has never happened before. In addition, I assure that all the harmful software will be deactivated and removed from all devices of yours. Don't worry, I am a man of my word.



It is really a good deal with a considerably low the price, bearing in mind that I was monitoring your profile as well as traffic over an extended period.

If you still unaware about the purchase and transfer process of bitcoins - all you can do is find the necessary information online.



My bitcoin wallet is as follows: 1MW4maqRuqi62YiRNMaBiHT65WJJMEAvQw



You are left with 48 hours and the countdown starts right after you open this email (2 days to be specific).



Don't forget to keep in mind and abstain from doing the following:

> Do not attempt to reply my email (this email was generated in your inbox together with the return address).

> Do not attempt to call police as well as other security services. Moreover, don't even think of sharing it with your friends. If I get to know about it (based on my skills, that would be very easy, since that I have all your systems under my control and constant monitoring) - your dirty video will become public without delay.

> Don't attempt searching for me - it is completely useless. Cryptocurrency transactions always remain anonymous.

> Don't attempt reinstalling the OS of your devices or even getting rid of them. It is meaningless too, because all your private videos are already been available on remote servers.



Things you should be concerned about:

> That I will not receive the funds transfer you make.

Relax, I will be able to track it immediately, after you complete the funds transfer, because I unceasingly monitor all activities that you do (trojan virus of mine can control remotely all processes, same as TeamViewer).

> That I will still distribute your videos after you have sent the money to me.

Believe me, it is pointless for me to proceed with troubling you after that. Besides that, if that really was my intention, it would happen long time ago!



It all will be settled on fair conditions and terms!



One last advice from me... Moving forward make sure you don't get involved in such type of incidents again!

My suggestion - make sure you change all your passwords as often as possible.



Emotional Gmail blackmail spam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 05 May 2022 15:27:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmizd-000LCz-53

for dave@doctor.nl2k.ab.ca;

Thu, 05 May 2022 15:26:37 -0600

Resent-From: The Doctor

Resent-Date: Thu, 5 May 2022 15:26:37 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ot1-f48.google.com ([209.85.210.48]:35647)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmdty-0008nh-He

for root@nk.ca;

Thu, 05 May 2022 10:00:29 -0600

Received: by mail-ot1-f48.google.com with SMTP id z5-20020a9d62c5000000b00606041d11f1so3217265otk.2

for ; Thu, 05 May 2022 09:00:09 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to;

bh=77BwqRII9XCweQU8IJul6unijI/BEL+vUJmVmCRLxH4=;

b=VFsFzzURbJSi4EVHezNjLehkIdLP0GgzYLdagWQ0Gr2AblF82aZgOejcLpp1PTPorh

gjbQm+ArjD4q5hxPlu6hbjNwcNDAT2I6msJhQ4p3adAFpOveWlQclQMoYsn/OI1QncOz

f5SRu2lJvh8jdsLRR1xv5M3DLeQze2x+0eBaG3qHbCWkVZWb0bRu5pyCIvHeIsGRO9eG

ZlSgFiXtEE6kSBy3EnRZRJ5Fy1bAZcNYAmGv1SFEJYWVqpu3H6xY9madIh6fHGLPGg67

KuO/SOd6pHfBQMvfKvAHaji5ywsy6EQb5yPXjFHjM/SLn9KDoOS5zvsHfOX4s3u+S1I6

fl0Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to;

bh=77BwqRII9XCweQU8IJul6unijI/BEL+vUJmVmCRLxH4=;

b=XbbhrJMXlQGfshXzIZHPX0qtR2wN5QEY25duedEyuRx16//UlWN6I6T6vLcuRfSbdl

OpTBJsm7h6x9QStEeBQ3bP6LDgxZBIENbSapgHyDW8tSarRNdZex7d25TLc4bViOUnG1

oKJl4rQ0H29kGqczGW16wVWG7zQaCgLlTVKSRuxwfaojMmYhuNpoX9ZBqufplbH16Ose

3l799+3/QiiOMyWdq1XEOIsUK+VaT6T6+znD8OAfxs4RpnmjQp/ccvFJRqQOK61EJOq8

v9dyXI+WYBZThRUiFMDt3O94bJgeGJ5gVdhDDZIphKs+Kj/pxxCgatgIYi0P3nZpAzo3

kIRQ==

X-Gm-Message-State: AOAM532KyU3+RvozXie2OiztMkUygDmcmDViGIpKOTwjWIEI6epMaWqc

l5tQadkr9BTlP+CjaqmYiMRTiL7QWfQAR2wODSw=

X-Google-Smtp-Source: ABdhPJz6B70++fXHkppBIj9KCVuig3exCrtXIaTSi0tcqcSJcoZ3YSrb6axk9r2yNW9ej8dOtCeUl1dFDGg9uN1TGmM=

X-Received: by 2002:a9d:6645:0:b0:605:fb52:3739 with SMTP id

q5-20020a9d6645000000b00605fb523739mr9868807otm.124.1651766403369; Thu, 05

May 2022 09:00:03 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:6850:d811:b0:2e5:dbf5:b714 with HTTP; Thu, 5 May 2022

09:00:02 -0700 (PDT)

Reply-To: info202025@gmail.com

From: Rihab Manyang

Date: Thu, 5 May 2022 16:00:02 +0000

Message-ID:

Subject: hello dear.

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: root@nk.ca



--

How are you?I am miss.Rihab Manyang i will like to be your friend

please write me back on my email for more details, Thanks.

Canada post phish from Russia

Posted by Dave Yadallee on
Return-path: <>

Envelope-to: dave@nk.ca

Delivery-date: Thu, 05 May 2022 05:04:00 -0600

Received: from [109.237.96.57] (port=60331 helo=businessbuy.ru)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

id 1nmZG6-0001po-7L

for dave@nk.ca;

Thu, 05 May 2022 05:03:03 -0600

MIME-Version: 1.0

Message-Id:

From:Canada Post

Subject:Distribution On hold,Open immediately!!

Reply-To: reply_to@businessbuy.ru

To: dave@nk.ca

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset=UTF-8

Date: Thu, 05 May 2022 13:00:21 +0200

X-Spam_score: 18.3

X-Spam_score_int: 183

X-Spam_bar: ++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Delivery failed. Your delivery has been redirected. The shipment

371-34632900 from a webshop has been detained, due to missing information.





Content analysis details: (18.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in

bl.spamcop.net

[Blocked - see ]

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[109.237.96.57 listed in psbl.surriel.com]

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel

letters

2.2 FROM_WSP_TRAIL Trailing whitespace before '>' in From header

field

1.0 HK_RANDOM_FROM From username looks random

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[109.237.96.57 listed in wl.mailspike.net]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.5 FSL_BULK_SIG Bulk signature with no Unsubscribe

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.0 HDRS_MISSP Misspaced headers

0.4 FROM_ADDR_WS Malformed From address

Subject: {SPAM?} Distribution On hold,Open immediately!!















































Chinese Spam from Microsoft

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 06 May 2022 07:57:02 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmyRn-0003WJ-9Z

for dave@doctor.nl2k.ab.ca;

Fri, 06 May 2022 07:56:43 -0600

Resent-From: The Doctor

Resent-Date: Fri, 6 May 2022 07:56:43 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [123.180.197.178] (port=25365 helo=wimech-pl.mail.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmp1q-0001Du-7g

for sales@nk.ca;

Thu, 05 May 2022 21:53:23 -0600

Date: Fri, 6 May 2022 11:52:43 +0800 (CST)

From: sunonwirecloth2021

Sender: xcifsein

To: sales

Message-ID: <1119811844.1768632.1651809163522@wimech-pl.mail.protection.outlook.com>

Subject: Re: New Price List

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable




16px;">
n: normal; line-height: 21px; font-family: Arial; background-color: rgb(255=

, 255, 255);">Attn: Purchasing

mal;font-variant-east-asian: normal;white-space: normal;background-color: r=

gb(255, 255, 255);font-family: 'Microsoft YaHei';font-size: medium"=

/>

;white-space: normal;background-color: rgb(255, 255, 255);font-family: '=

;Microsoft YaHei';font-size: medium"/>
ic: normal; font-variant-east-asian: normal; line-height: 21px; background-=

color: rgb(255, 255, 255); font-family: Arial, Helvetica, sans-serif;">
n style=3D"line-height: 2;">We produce k=

inds of the High Quality Stainless Steel Woven Wire Cloth / Mesh, Safety Sc=

reens, Welded Mesh, Extruder Screen, Cylinder & Conical Screen Pack, Mi=

ni Filters, Pleated Filters, Oilfield Screens, Quarry Screens, Papermaking =

filters,Customized Mesh Fabric, Fence Mesh, Architectural Mesh, etc<=

/strong>

Our advantage:  
r/>1:  No any set up cost for repeat order<=

/span>
2:  High quality as we have very=

strictly quality department
3  Perfect Service

tyle=3D"widows: 1;">4:  Factory direct sales, one =E2=80=93 stop servi=

ces.
5:  Large quantity stocks, the quickly delivery date
span>

Please contact us to get the full price list for checking. &=

nbsp;


Best Regards


>Helen
Tel/Skype/WhatsApp/Wechat: 0086 =

138 3382 9852



Spam from mailspamprotection.com

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 06 May 2022 07:56:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmyQz-0003Rv-IY

for dave@doctor.nl2k.ab.ca;

Fri, 06 May 2022 07:55:53 -0600

Resent-From: The Doctor

Resent-Date: Fri, 6 May 2022 07:55:53 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [113.88.154.160] (port=53192 helo=mx20.mailspamprotection.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmoIq-000Njr-Dw

for root@nk.ca;

Thu, 05 May 2022 21:06:58 -0600

Date: Fri, 6 May 2022 11:06:25 +0800 (GMT+08:00)

From: electronics168

Sender: uvouououk

To: root

Message-ID: <960639927.558703.1651806385113@mx20.mailspamprotection.com>

Subject: Re: Power banks for heated jacket vest, coat, belt .etc

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable



Hi Manager


rgin-top:2px;margin-bottom:2px;">


-bottom:2px;">How is everything going there?


margin-bottom:2px;">


>Do you look for power banks?


px;">

You can put ou=

r power banks into a heated jacket vest, heated coat, heated belt. Etc.

=



top:2px;margin-bottom:2px;">And you don't need to worry about the safet=

y issue.



e=3D"margin-top:2px;margin-bottom:2px;">We have been in this field for almo=

st 14 years.



style=3D"margin-top:2px;margin-bottom:2px;">I will send you the e-catalog u=

pon request.



style=3D"margin-top:2px;margin-bottom:2px;">Best regards


gin-top:2px;margin-bottom:2px;">


bottom:2px;">Lydia




More Compensation spam from Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 05 May 2022 20:30:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmniy-000Kgj-3H

for dave@doctor.nl2k.ab.ca;

Thu, 05 May 2022 20:29:44 -0600

Resent-From: The Doctor

Resent-Date: Thu, 5 May 2022 20:29:44 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ed1-f67.google.com ([209.85.208.67]:39850)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmmcl-000F3C-He

for doctor@doctor.nl2k.ab.ca;

Thu, 05 May 2022 19:19:19 -0600

Received: by mail-ed1-f67.google.com with SMTP id g20so7070027edw.6

for ; Thu, 05 May 2022 18:18:58 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to;

bh=I2L2LouFWPIhCB7T9h6fJ7Uv6+4k8zkn/OvRKyP7074=;

b=qFmsOJguqL2nwxOX72gT08Mpjpu4okZhbXaYzv1P2Lfnl1RriuKNHbithWewKj4fO1

8s0GMkohc/YeDUuVCMXOg16vXAh4qyQwv+QVHJOTHG8gC7R0wkpWixEO1LGmS9F8MZfK

VsZ7pwhD5s8BqhKSzgyktdD/e11z6tlp7c0BWPwhrsCJmfGQSiM5iS4IAymAPOhn374y

8JrG/QUAzcqZUAU/bLmX1/U3gYyjPdX/9/T/AXL0i+qOBGCo0kLVfr852njjZP4kJ4iv

y9mhHqR3KRftFhD88aePE0XqzkMLyZCMz/MyIrGkQtkV481Rgi+sdwX8gR4dUP4OVawY

zKCw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to;

bh=I2L2LouFWPIhCB7T9h6fJ7Uv6+4k8zkn/OvRKyP7074=;

b=sG/vVamo2w18lqnHU8sU8foMOpQVzmxfSXx8WTFOP+e+OlA01c1Wp6Mg9iwPq1wKdN

GbE0cVECljYaWOWIN6bdVMCZpYVRpnOMcRbTf2zzCm4ZbKjy7hGkfq23uqjtdeIYMFjZ

LKCbpzSuA9PFb7PBdrceBSy7nw72rusYGBNTOKEcu+ubXHXu7poTHTUMXNZBKUOv7UQN

X0qLrwlMBkDPk0EkbE65tRiZuqqQn0lhOnpz9rIzNl2by3mVct2lHfTGjLaqD6PYNxXd

3X5/rar4MlYycJjNVuEEAdjOAvNiZPtjBdbdUhscoEQl3LhDWyAeNxB2HPn5lZLwMqqK

q7Nw==

X-Gm-Message-State: AOAM533YCywor5XDEouPTVqi9flGtu5PePYG5+8YkobnoI+XrW7bC/PB

PdoU2iVA72nw1NvUEGg/JXyg7A0CnKmBLypIgRA=

X-Google-Smtp-Source: ABdhPJw6tVGLSbCfwAfsJXNraixdQfokJQ9kOeys25O1FEY3mJ+1Yfp6FHofyxl4uh85iqC1C9P8dXuLvnXZ1CHhC+0=

X-Received: by 2002:aa7:cd0a:0:b0:425:bc13:4ccb with SMTP id

b10-20020aa7cd0a000000b00425bc134ccbmr978484edw.229.1651799931813; Thu, 05

May 2022 18:18:51 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a54:2bca:0:0:0:0:0 with HTTP; Thu, 5 May 2022 18:18:51 -0700 (PDT)

Reply-To: charlsekable@yandex.com

From: " Mr. Charles H. Kable"

Date: Fri, 6 May 2022 02:18:51 +0100

Message-ID:

Subject: FBI/IMF FUND COMPENSATION PAYMENT NOTIFICATION.

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 9.4

X-Spam_score_int: 94

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: ATTENTION: DEAR. FBI/IMF FUND COMPENSATION PAYMENT NOTIFICATION.

Please, I want to know if you got my previous email to you? If you do please

let me know for more information or i have to resend it again.



Content analysis details: (9.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

3.4 FROMSPACE Idiosyncratic "From" header format

1.6 SUBJ_ALL_CAPS Subject is all capitals

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.67 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[honmrsjulietadams96[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[honmrsjulietadams96[at]gmail.com]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.5 UNDISC_FREEM Undisclosed recipients + freemail reply-to

Subject: {SPAM?} FBI/IMF FUND COMPENSATION PAYMENT NOTIFICATION.



ATTENTION: DEAR.



FBI/IMF FUND COMPENSATION PAYMENT NOTIFICATION.



Please, I want to know if you got my previous email to you? If you do

please let me know for more information or i have to resend it again.



best regards



Mr. Charles H. Kable

The Director, FBI Terrorist Screening Center (TSC).

Personal Contact Email: charlsekable@yandex.com

Consumable spam from outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 05 May 2022 18:45:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmm4u-000CCx-2Z

for dave@doctor.nl2k.ab.ca;

Thu, 05 May 2022 18:44:16 -0600

Resent-From: The Doctor

Resent-Date: Thu, 5 May 2022 18:44:16 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [115.214.150.195] (port=16808 helo=intersearch-no.mail.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmlQP-0008mD-M8

for sales@nk.ca;

Thu, 05 May 2022 18:02:29 -0600

Date: Fri, 6 May 2022 08:01:57 +0800 (CST)

From: yuyangtextile2012

Sender: xesldeldok

To: sales

Message-ID: <1689675483.110152.1651795317793@intersearch-no.mail.protection.outlook.com>

Subject: Re:AW:AW Shipping fleece jacket ,puffer jacket

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 7.7

X-Spam_score_int: 77

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello Friend outdoor wear honest vertical supplier , Located

in Ningbo ,China.MOQ:50pcs . we can make free sample for you to Check our

quality and workmanship.



Content analysis details: (7.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=xesldeldok%40apitech.com;ip=115.214.150.195;r=doctor.nl2k.ab.ca]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[yuyangtextile2012[at]163.com]

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML

tag

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and

EnvelopeFrom freemail headers are

different

0.6 PDS_HP_HELO_NORDNS High profile HELO with no sender rDNS

1.0 FREEMAIL_REPLY From and body contain different freemails

0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS

1.9 SPOOFED_FREEMAIL No description available.

Subject: {SPAM?} Re:AW:AW Shipping fleece jacket ,puffer jacket



Hello Friend


margin-top: 2px; margin-bottom: 2px;">


margin-bottom: 2px;">outdoor wear honest vertical supplier , Located in Ni=

ngbo ,China.MOQ:50pcs . 


: 2px;">

we can m=

ake free sample for you to Check our quality and workmanship.


=3D"margin-top: 2px; margin-bottom: 2px;">


2px; margin-bottom: 2px;">Fleece and puffer jacket is our strong product .<=

/p>



argin-top: 2px; margin-bottom: 2px;">Reply us ,let us talk more


=3D"margin-top: 2px; margin-bottom: 2px;">


2px; margin-bottom: 2px;">Apex


m: 2px;">

Ningbo =

Yuyang Clothing Co.,Ltd.


;">Whatsapp:+86 18967897369


2px;">E:apexwang1@gmail.com



Compensation spam from Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@nl2k.ab.ca

Delivery-date: Thu, 05 May 2022 17:49:00 -0600

Received: from mail-wr1-f48.google.com ([209.85.221.48]:33308)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nmlD2-0007fN-AK

for dave@nl2k.ab.ca;

Thu, 05 May 2022 17:48:39 -0600

Received: by mail-wr1-f48.google.com with SMTP id x18so7989006wrc.0

for ; Thu, 05 May 2022 16:48:19 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to;

bh=j6k4+uRS4RtRRD9pAYteN/2lL426z4uuqpmrOuos+wU=;

b=dydXFzVJXmgo4Bxv17/MJQ90v7zPsi1Z65ySAqt/cKa5nXfIG5T95f5aBH3gk/kFMg

sjPRbs5qEhwbMaqZ2ogD4zj1vRxL46CjmK8iEJF/KXwERqrhAqqFOxLVsxh3eXjzjhi5

Sv4voWZqP617s4paRbL0AKhPltz0vj5sac3fRyWx3INdyqEjE1lftmnVa9gKBRwn0qGf

bAhq5jbyjl3xtE3QxbNxLqQUdTFqOIdXPP4dRG/ncL5P4STpDIcczkuCK83gOoE0Z9Vu

KXVIlglda78ENZB2os4h1t4hJA0WtV9dMOz00ZVSZYcLuhDvrdAA9CjvhBnRU4GAuSrO

0N8Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to;

bh=j6k4+uRS4RtRRD9pAYteN/2lL426z4uuqpmrOuos+wU=;

b=6cfuAZitYrdw2Y+r0Jc27mskySN1DYvzH0XIYRFhmV//Y3UdHCbAinAmvajmRzDu5m

wMvTC4touUQmsmfnib5gTZ8NF8F/Un8yF8fot2G7cpbBRv+vCDswVGjCIIQWRwOjDKr/

kqao64Z3ydvzOuuweRnCYak/Q+tdf+YmWosUiCUL4IoWxXnp6aorZkys01tWxd5DxRDh

b4FMoEPEhhRFEw5I4Cv+ScQqZ4kJOgFw9hLbbRw4AlCHg+iTcrdtJF3SzsWcr/7yjrwK

S4dwkzQmUxgqft0rYvdwiop/LuHXI9xHv6PWQoL2ZR9Lmo7eTWKB+sLANt/d6ga+Wyof

YPWA==

X-Gm-Message-State: AOAM530X3fFpF0hmVr4eLwKmiAkgf6lIJV0gymB+jK4dZP2uuc/KeGz6

PGLgKF3RzJ+s23FMTgwY5mRaXyBEEyjhndrxGbU=

X-Google-Smtp-Source: ABdhPJyS70X9Jf3EOUlgI2KCJmBdOvY/32jEE+AdN8pKm2dJI3uF4LneuOvWxbJfdYMt/fgEUq3yLC2DKUZLgCQ9Stg=

X-Received: by 2002:a5d:4205:0:b0:20a:e23c:a7f4 with SMTP id

n5-20020a5d4205000000b0020ae23ca7f4mr404228wrq.576.1651794492699; Thu, 05 May

2022 16:48:12 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:6020:6bc8:b0:1cf:c7ff:6607 with HTTP; Thu, 5 May 2022

16:48:12 -0700 (PDT)

Reply-To: mrs.bill.chantalone01@gmail.com

From: "Mrs.Chantal "

Date: Fri, 6 May 2022 01:48:12 +0200

Message-ID:

Subject: hello....

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: dave@nl2k.ab.ca

X-Spam_score: 8.3

X-Spam_score_int: 83

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: You have been compensated with the sum of 5 million dollars

in this united nation the payment will be issue into atm visa card and send

to you from the santander bank we need your address and your Wha [...]



Content analysis details: (8.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.48 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[mrs.bill.chantalone01[at]gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[ewacxwq007644[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[ewacxwq007644[at]gmail.com]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.5 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

1.9 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} hello....



You have been compensated with the sum of 5 million dollars in this

united nation the payment will be issue into atm visa card and send

to you from the santander bank we need your address and your

Whatsapp number + 1 6465853907 this my email.ID

( mrs.bill.chantal0101@gmail.com ) contact me



Thanks my



mrs bill chantal