Beneficiary spam from Google

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 02 Jul 2022 14:41:14 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o7jub-000B3C-Ry

for dave@doctor.nl2k.ab.ca;

Sat, 02 Jul 2022 14:40:17 -0600

Resent-From: The Doctor

Resent-Date: Sat, 2 Jul 2022 14:40:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yb1-f178.google.com ([209.85.219.178]:33716)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o7jWp-0008lw-FD

for root@nl2k.ab.ca;

Sat, 02 Jul 2022 14:15:47 -0600

Received: by mail-yb1-f178.google.com with SMTP id h187so9973387ybg.0

for ; Sat, 02 Jul 2022 13:15:26 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to;

bh=qPR6xm+tCdQxC8lSaj2gOdVpTGGdoCTRC7mzkP7bn5U=;

b=lUEYPO4SbOjU2yqheaiJq2f0oinvaJp91N+4Z69TJrdixG8AQ1mHaBSdl2BJHrCpH/

7Qh5ejvafk8CaXpHgjVRCDOVHfP2QKa8ilnoBl+IQj9C1hR4wh7IUauWJ6pmcwv45hdF

Hgn+fc/uMu5UFUgJxfom1bKJpWaED+0oueZoDURUzV5UG+31cWxOc6k0dwcwmm+GsfrF

9PN08cLiqEKcLqviIDBwcOQh5PFrygK02rAGi60FKZH87M1Ra7TwdkNGoDSWAGYUvcHM

rRj6Pu4gLQMkOrMXlr2HolUUd1HF5TgdyCLEafxnJUTn73+yuGntI5EDIJnZqXjsGGQe

TBGQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to;

bh=qPR6xm+tCdQxC8lSaj2gOdVpTGGdoCTRC7mzkP7bn5U=;

b=KJ+7ewpbZeENqIWeapvz3EPaVayMwWTUi8u2FAqBm1L0FekQ7hqKSzpigPYZdW6itA

sJ+h8p1uOseHNfQ0KBmRMK3vWYIguoomzB24/VIxFhb8129pqvm9g0L8rsoq06OKXfjk

jbb5iY8HTslc9kTZtJJJjT4BdHh95FQ+BKl/P3BUxEugzpblOsBbMtrr4utI19bdpIP6

MLGXnjpvWPpv6zv0nl3ByBlYAJKNDQjl/oW/gBlrYfWBiKobuBy5O3qWz9jdG4oR45sN

71H4zXPufXZZplFemFj6NauuigFvwdDfNGK3jbhJfe5EP4cl+x3DPaGSEVn803DCpwCR

AYfA==

X-Gm-Message-State: AJIora/YTtzQKtr3/emmkbQB5RtZZK2hCw/epUUd2Jh7/loPRL2IB340

3uS2mWAPUuyaDS+AMJwWsTiAJCSVTZfJB7EII1Q=

X-Google-Smtp-Source: AGRyM1umdcsfU0CC7VRomJP3HozycSSlpi0A9HxMpo4JCbgAmrqgCr1QM/nAhkQU+ojf2lozw/0j2Km4K8fTKcq9xPI=

X-Received: by 2002:a25:6ac5:0:b0:66d:e726:5bdf with SMTP id

f188-20020a256ac5000000b0066de7265bdfmr9512473ybc.324.1656792920136; Sat, 02

Jul 2022 13:15:20 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:7010:5f0d:b0:2e4:ec41:7cc7 with HTTP; Sat, 2 Jul 2022

13:15:18 -0700 (PDT)

Reply-To: creditsettlementdepartment@hotmail.com

From: Kristalina Georgieva

Date: Sat, 2 Jul 2022 21:15:18 +0100

Message-ID:

Subject: Dear Beneficiary !!

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: root@nl2k.ab.ca

X-Spam_score: 18.8

X-Spam_score_int: 188

X-Spam_bar: ++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: -- Attn: This is to notify you that all efforts to reach you,

but all efforts proved abortive. I have sent emails too, but no acknowledgement

whatsoever; I am writing to notify you of the progressive report co [...]





Content analysis details: (18.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.219.178 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[jt4809346[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[jt4809346[at]gmail.com]

2.7 UNCLAIMED_MONEY BODY: People just leave money laying around

3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:

1.5 HK_SCAM_N8 BODY: No description available.

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 HK_SCAM No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

2.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to

2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.5 XFER_LOTSA_MONEY Transfer a lot of money

2.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Dear Beneficiary !!



--

Attn:



This is to notify you that all efforts to reach you, but all efforts proved

abortive. I have sent emails too, but no acknowledgement whatsoever; I am

writing to notify you of the progressive report concerning your unclaimed

funds following the directives of the Director-General's opening remarks at

the media briefing on COVID-19 - Friday, 10, JUNE 2022.



We have been instructed by the United Nations and United States Government

to release all unclaimed funds/ATM Cards to the beneficiaries to curtail

the recession because of the outbreak of the Coronavirus" COVID-19".



All our efforts to release your unclaimed funds to your bank account have

proved abortive. Several attempts were made by our ATM card department to

authorize your card as directed, but system restoration was unable to

complete successfully. It was a big surprise to receive a letter of

authorization this morning giving permission to Mrs. Amy Barthel claimed

your funds, the letter identified Mrs. Amy Barthel as your family relatives

stated that you died months ago as a result of Coronavirus "Covid-19" and

you authorized her to receive your compensation payment funds valued

USD$10.5 Million.



Kindly but urgently confirm the authenticity of the authorization letter

submitted by your family relative as you can see the below bank details she

submitted for the funds transfer to avoid remitting your funds to a wrong

person, and please update us with your current bank account where you wish

to receive the funds immediately, and you can also reach us via this

WhatsApp on this: "+1(605) 299-9629".



Bank Name: US BANK OF AMERICA

Bank Address: 9724 BAY SIDE CT... SPRING HILL FL 34608

Home Address: 13527 NW 147TH AVE ALACHUA FL 32615

Account Holders Name: AMY BARTHEL

Account Number: 76875994746

Routing Numbers: UD5653

Online Account User ID: VP167

Online Access Password: 71104.



Please kindly chat me on WhatsApp with this Number: "+1(605) 299-9629" for

easy communications to enable us to render you the best of our service, or

you can provide us with your own WhatsApp number to enable us to reach you.



Please treat this matter as extremely urgent and respond back as soon as

possible.



Thank you, and congratulations.



Regards;

Kristalina Georgieva

Managing Director

International Monetary Fund (IMF)

WhatsApp: +1(605) 299-9629

DHL phish with virus attachment from Romania

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 02 Jul 2022 07:41:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o7dMo-000JWv-Uz

for dave@doctor.nl2k.ab.ca;

Sat, 02 Jul 2022 07:40:58 -0600

Resent-From: The Doctor

Resent-Date: Sat, 2 Jul 2022 07:40:58 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [84.234.98.211] (port=51688 helo=doctor.nl2k.ab.ca)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o7VMC-0000M5-Ma

for doctor@doctor.nl2k.ab.ca;

Fri, 01 Jul 2022 23:07:53 -0600

From: express.dhl.package@dhl.ca

To: doctor@doctor.nl2k.ab.ca

Subject: =?UTF-8?B?4pyIIFNoaXBtZW50IE5vdGlmaWNhdGlvbiA2NTQwNjc0MjIx?=

Date: 02 Jul 2022 09:07:30 -0700

Message-ID: <20220702090730.04F5E0523F52B230@dhl.ca>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable




w3.org/TR/html4/loose.dtd">










uropean)", "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetic=

a Neue", sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM=

: none; FONT-WEIGHT: 400; COLOR: rgb(32,31,30); FONT-STYLE: normal; ORPHANS=

: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255);=

TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: norma=

l; -webkit-text-stroke-width: 0px;=20

text-decoration-style: initial; text-decoration-color: initial; text-decora=

tion-thickness: initial'>


i, Helvetica, sans-serif; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: baseline=

; WHITE-SPACE: normal; BORDER-BOTTOM-WIDTH: 0px; WORD-SPACING: 0px; TEXT-TR=

ANSFORM: none; FLOAT: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); PADDING-BO=

TTOM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; ORPHANS=

: 2; WIDOWS: 2; MARGIN: 0px; DISPLAY: inline !important; LETTER-SPACING: no=

rmal; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px;=20

BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligature=

s: normal; font-variant-caps: normal; text-decoration-style: initial; text-=

decoration-color: initial; font-variant-numeric: inherit; font-variant-east=

-asian: inherit; font-stretch: inherit">


ONT-SIZE: 13px; MAX-WIDTH: 100%; HEIGHT: auto; FONT-FAMILY: Helvetica, Aria=

l, sans-serif; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: baseline; WHITE-SPA=

CE: normal; BORDER-BOTTOM-WIDTH: 0px; WORD-SPACING: 0px; MIN-WIDTH: auto; T=

EXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(102,102,102); PADDING-BOT=

TOM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; MIN-HEIG=

HT: auto; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px;=20

LETTER-SPACING: normal; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px; TEXT-IND=

ENT: 0px; font-variant-ligatures: normal; font-variant-caps: normal; -webki=

t-text-stroke-width: 0px; text-decoration-style: initial; text-decoration-c=

olor: initial; text-decoration-thickness: initial; font-variant-numeric: in=

herit; font-variant-east-asian: inherit; font-stretch: inherit" border=3D0 =

hspace=3D0 alt=3D""=20

src=3D"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAIYAAAAqCAYAAAB2pyMEAA=

AAAXNSR0IArs4c6QAAA1FJREFUeF7tmkFqFUEQhisICkIgIAgGBFdZCILgAfQCegBdi3svIF7Af=

XCtB9ADqHtdCYKuBCGCIASyEAWJ/IQmnaZnXv1dNTPYU7N8dHVX/fV1dU3P2zp+L8cSTyhQKLAV=

YAQTNQUCjOCiqkCAEWAEGMGAXoGoGHqtVjUywFhVuvXBBhh6rVY1MsBYVbr1wQYYeq1WNTLAWFW=

69cEGGHqtVjUywFhVuvXBzgrG16ciP1/rnWsZeW5bZOeOyO5DkfO74zP8eCny7Zl+lRuvzs559E=

Hky6M2e9jBXvtcfSxy+b52tH3cbGCwIlpDAyDXXwzD8edA5NMDkb9HupXKxFjsWSC3b4ns7ev89=

Bo1CxisiF7BAY6bb+qzMTu2lphWe1aLTYB7aVXOMwsYjIjegWKnI

%0AbH5wxxptcS02gMK2DJHSM1/b41q800OBiPiFAGXRwB7pHn2FawWl+6KXHsyhSqb55wcDGZ3b=

Hb3ZMSvz/qmMQeDLeOoNDu3z3p18LytL/kf+oo80snBqCUbCTp8K3L4TodC2Xhpj6byGNDa6bwa=

H5X3JSyQS/UVi4PBlNSy8WN2Xn4+M2tawbACuVRfsSgYTGJLgZmdl5/PbF9hBcMC5JJ9xWJgMIm=

Fk+XO0e56Sxm3QpH3NCyQ8BvN5qaLOauPGvtZewzmjB/aOZpm9sKVU3EB4+/vGil8xuSvxuzaud=

8+3rTPMghGahDbpz61xFWudrcnKxwjF/f41fMdh2NL2+CmCpWvaLFnrsr5KE8s8MYEbeFn6zN0z=

T4Kxsd7rcud2KXSiB07h1CWvqI8trAxmPhze6aPalU49V+wZ/zM1xv7/jIKhrUEozTiYb5JtAqV=

Q8H2MuWxZbFngWqNFyBCX2uOylvh5M8gGGzjVAaYxGb6ihaRsH

PwJ%0ATUvicyant9B4L9VN40GXtrOXjFSEzV1Sa118cyatYskqz1bbTQg5GNSzPjNWi3Gml33ip=

HEnqqvgDB4nav934It49a+YmjHwQ9cneN2V/tZXwOIt7ZNFUPjaIzpV4FZ7zH6lbG/yAKM/nLqE=

lGA4SJjf5MEGP3l1CWiAMNFxv4mCTD6y6lLRAGGi4z9TRJg9JdTl4gCDBcZ+5skwOgvpy4RBRgu=

MvY3yT9oxMtetujjAAAAAABJRU5ErkJggg=3D=3D" align=3Dbaseline data-imagetype=

=3D"DataUri">

Dear Customer,




uropean)", "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetic=

a Neue", sans-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM=

: none; FONT-WEIGHT: 400; COLOR: rgb(32,31,30); FONT-STYLE: normal; ORPHANS=

: 2; WIDOWS: 2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255);=

TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps: norma=

l; -webkit-text-stroke-width: 0px;=20

text-decoration-style: initial; text-decoration-color: initial; text-decora=

tion-thickness: initial'>


i, Helvetica, sans-serif; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: baseline=

; WHITE-SPACE: normal; BORDER-BOTTOM-WIDTH: 0px; WORD-SPACING: 0px; TEXT-TR=

ANSFORM: none; FLOAT: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); PADDING-BO=

TTOM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; ORPHANS=

: 2; WIDOWS: 2; MARGIN: 0px; DISPLAY: inline !important; LETTER-SPACING: no=

rmal; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px;=20

BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligature=

s: normal; font-variant-caps: normal; text-decoration-style: initial; text-=

decoration-color: initial; font-variant-numeric: inherit; font-variant-east=

-asian: inherit; font-stretch: inherit">Your package has bee=

n returned to DHL Office, you must pay shipping costs $ 4.65

n=3Dtrue>You have 48 hours to pick up the package, otherwise it will be ret=

urned to the sender.






i, Helvetica, sans-serif; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN: baseline=

; WHITE-SPACE: normal; BORDER-BOTTOM-WIDTH: 0px; WORD-SPACING: 0px; TEXT-TR=

ANSFORM: none; FLOAT: none; FONT-WEIGHT: 400; COLOR: rgb(0,0,0); PADDING-BO=

TTOM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; ORPHANS=

: 2; WIDOWS: 2; MARGIN: 0px; DISPLAY: inline !important; LETTER-SPACING: no=

rmal; PADDING-RIGHT: 0px; BORDER-TOP-WIDTH: 0px;=20

BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-variant-ligature=

s: normal; font-variant-caps: normal; text-decoration-style: initial; text-=

decoration-color: initial; font-variant-numeric: inherit; font-variant-east=

-asian: inherit; font-stretch: inherit">

ttp://bit.do/fUEbN">Click here to pay the shipping cost
<=

BR aria-hidden=3Dtrue>https;//dhl.com/apps/=

dhltrack/?action=3D6540674221trackwawawa@live.fr



s-serif; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT=

-WEIGHT: 400; COLOR: rgb(34,34,34); FONT-STYLE: normal; ORPHANS: 2; WIDOWS:=

2; LETTER-SPACING: normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT=

: 0px; font-variant-ligatures: normal; font-variant-caps: normal; text-deco=

ration-style: initial; text-decoration-color: initial" size=3D3>


IGN: baseline; BORDER-BOTTOM-WIDTH: 0px; COLOR: ; PADDING-BOTTOM: 0px; PADD=

ING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BORDER-TO=

P-WIDTH: 0px">

=




bri, sans-serif, serif, EmojiFont; BORDER-RIGHT-WIDTH: 0px; VERTICAL-ALIGN:=

baseline; WHITE-SPACE: normal; BORDER-BOTTOM-WIDTH: 0px; WORD-SPACING: 0px=

; TEXT-TRANSFORM: none; FLOAT: none; FONT-WEIGHT: 400; COLOR: rgb(68,68,68)=

; PADDING-BOTTOM: 0px; FONT-STYLE: normal; PADDING-TOP: 0px; PADDING-LEFT: =

0px; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px; DISPLAY: inline !important; LETTER=

-SPACING: normal; PADDING-RIGHT: 0px;=20

BORDER-TOP-WIDTH: 0px; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px=

; font-variant-ligatures: normal; font-variant-caps: normal; text-decoratio=

n-style: initial; text-decoration-color: initial; font-variant-numeric: inh=

erit; font-variant-east-asian: inherit; font-stretch: inherit">
=3D4>Support team - 
 


EmojiFont; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; F=

ONT-WEIGHT: 400; FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING:=

normal; BACKGROUND-COLOR: rgb(255,255,255); TEXT-INDENT: 0px; font-variant=

-ligatures: normal; font-variant-caps: normal; text-decoration-style: initi=

al; text-decoration-color: initial" color=3D#dd2222 size=3D4>


-WIDTH: 0px; VERTICAL-ALIGN: baseline; BORDER-BOTTOM-WIDTH: 0px; COLOR: ; P=

ADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDI=

NG-RIGHT: 0px; BORDER-TOP-WIDTH: 0px">DHL

>



DHL phish with virus attachment Hostopia Australia

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 01 Jul 2022 21:55:04 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o7UDD-000JZb-7V

for dave@doctor.nl2k.ab.ca;

Fri, 01 Jul 2022 21:54:27 -0600

Resent-From: The Doctor

Resent-Date: Fri, 1 Jul 2022 21:54:27 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from vmx11909.hosting24.com.au ([223.27.21.115]:48542)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o7TJi-000F4B-81

for root@nk.ca;

Fri, 01 Jul 2022 20:57:10 -0600

Received: from [107.172.4.217] (port=58597 helo=mbberwickevents.com.au)

by vmx11909.hosting24.com.au with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.93)

(envelope-from )

id 1o7TJB-0006x9-Tn

for root@nk.ca; Sat, 02 Jul 2022 12:56:34 +1000

From: "root@nk.ca"

To: root@nk.ca

Subject: FW: FW PACKING LIST & INVOICE:

Date: 01 Jul 2022 19:56:39 -0700

Message-ID: <20220701195639.71651417E597D153@mbberwickevents.com.au>

MIME-Version: 1.0

Content-Type: multipart/mixed;

boundary="----=_NextPart_000_0012_F372914C.9FE5E52F"

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - vmx11909.hosting24.com.au

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - mbberwickevents.com.au

X-Get-Message-Sender-Via: vmx11909.hosting24.com.au: authenticated_id: support@mbberwickevents.com.au

X-Authenticated-Sender: vmx11909.hosting24.com.au: support@mbberwickevents.com.au

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 5.8

X-Spam_score_int: 58

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: From: root@nk.ca < root@nk.ca > Sent: 7/1/2022 7:56:39 p.m.

To: root@nk.ca Subject: FW: FW PACKING LIST & INVOICE: DHL

Express | Track & Trace 登录以跟踪您的货件



Content analysis details: (5.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or

identical to background

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.7 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.4 NAME_EMAIL_DIFF Sender NAME is an unrelated email address

0.0 T_PDS_TO_EQ_FROM_NAME From: name same as To: address

0.0 T_HTML_ATTACH HTML attachment to bypass scanning?

0.0 T_PDS_FROM_2_EMAILS From header has multiple different addresses

2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible

malware

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: gyazo.com, nikkenshoji.jp]

Subject: {SPAM?} FW: FW PACKING LIST & INVOICE:



This is a multi-part message in MIME format.



------=_NextPart_000_0012_F372914C.9FE5E52F

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable











 




Arial, Helvetica, sans-serif; COLOR: rgb(0,0,0)">












000000 face=3D"Calibri, sans-serif">From: root@nk.ca < root@=

nk.ca >
Sent: 7/1/2022 7:56:39 p.m.
To: root@nk.ca &=

lt;root@nk.ca >
Subject: FW: FW PACKING LIST & INVOICE:
ONT>=20

 




 



------=_NextPart_000_0012_F372914C.9FE5E52F

Content-Type: text/html; name="DHL_SHIPPING_CONFIRMATION_RECEIPT_ root@nk.ca.2022.htm"

Content-Transfer-Encoding: base64

Content-Disposition: attachment; filename="DHL_SHIPPING_CONFIRMATION_RECEIPT_ root@nk.ca.2022.htm"



PGh0bWw+DQo8aGVhZD4NCjxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1k

ZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MSI+DQo8bWV0YSBodHRwLWVxdWl2PSJYLVVB

LUNvbXBhdGlibGUiIGNvbnRlbnQ9IklFPWVkZ2UsY2hyb21lPTEiIC8+DQo8bGluayBpZD0i

ZmF2aWNvblBhZ2UiIHJlbD0ic2hvcnRjdXQgaWNvbiIgaHJlZj0iLi93cC1pbmNsdWRlcy9m

YXZpY29uLnN2ZyIgdHlwZT0iaW1hZ2UveC1pY29uIj4NCjx0aXRsZT5ESEwgRXhwcmVzcyB8

IFRyYWNrICYgVHJhY2U8L3RpdGxlPg0KPHN0eWxlPiANCmlucHV0W3R5cGU9c3VibWl0XSB7

DQogIHdpZHRoOjIxMHB4OyBoZWlnaHQ6MzVweDsgZm9udC1mYW1pbHk6IGFyaWFsOyBmb250

LXNpemU6IDEzcHg7IGNvbG9yOiNGRkY7IGZvbnQtd2VpZ2h0OmJvbGQ7DQogIGJhY2tncm91

bmQtY29sb3I6ICMwNDVGQjQ7IGJvcmRlcjogc29saWQgMXB4ICMwNDVGQjQ7IHBhZGRpbmc6

IDdweDsgLW1vei1ib3JkZXItcmFkaXVzOiA0cHg7IC13ZWJraXQtYm9yZGVyLXJhZGl1czog

NHB4OyANCiAgLWtodG1sLWJvcmRlci1yYWRpdXM6IDRweDsgYm9yZGVyLXJhZGl1czogNHB4

Oy13ZWJraXQtYm94LXNoYWRvdzogMXB4IDFweCA1cHggM3B4ICNGRkY7IGJveC1zaGFkb3c6

IDFweCAxcHggNXB4IDNweCAjRkZGOyANCiAgLXdlYmtpdC1ib3gtc2hhZG93OiAxcHggMXB4

IDVweCAxcHggIzAwMDAwMDsgYm94LXNoYWRvdzogMXB4IDFweCA1cHggMXB4ICMwMDAwMDA7

Ig0KfQ0KDQppbnB1dFt0eXBlPWVtYWlsXSB7DQogIHdpZHRoOjIxMHB4OyANCiAgaGVpZ2h0

OjM3cHg7IA0KICBmb250LWZhbWlseTogdmVyZGFuYTsgZm9udC1zaXplOiAxMnB4OyBjb2xv

cjojMzMzMzMzOyANCiAgYmFja2dyb3VuZC1jb2xvcjogI0ZGRjsgYm9yZGVyLXJhZGl1czog

NHB4OyBib3JkZXI6IHNvbGlkIDFweCAjQUFBOyBwYWRkaW5nOiAxMHB4OyANCiAgLW1vei1i

b3JkZXItcmFkaXVzOiA0cHg7IC13ZWJraXQtYm9yZGVyLXJhZGl1czogNHB4OyAta2h0bWwt

Ym9yZGVyLXJhZGl1czogNHB4OyANCiAgLWtodG1sLWJvcmRlci1yYWRpdXM6IDRweDsgYm9y

ZGVyLXJhZGl1czogNHB4Oy13ZWJraXQtYm94LXNoYWRvdzogMXB4IDFweCA1cHggM3B4ICNG

RkY7IGJveC1zaGFkb3c6IDFweCAxcHggNXB4IDNweCAjRkZGOyANCiAgLXdlYmtpdC1ib3gt

c2hhZG93OiAxcHggMXB4IDVweCAxcHggIzAwMDAwMDsgYm94LXNoYWRvdzogMXB4IDFweCA1

cHggMXB4ICMwMDAwMDA7Ig0KICANCn0NCg0KaW5wdXRbdHlwZT1wYXNzd29yZF0gew0KICB3

aWR0aDoyMTBweDsgDQogIGhlaWdodDozN3B4OyANCiAgZm9udC1mYW1pbHk6IHZlcmRhbmE7

IGZvbnQtc2l6ZTogMTFweDsgY29sb3I6IzMzMzMzMzsgDQogIGJhY2tncm91bmQtY29sb3I6

ICNGRkY7IGJvcmRlci1yYWRpdXM6IDRweDsgYm9yZGVyOiBzb2xpZCAxcHggI0FBQTsgcGFk

ZGluZzogMTBweDsgDQogIC1tb3otYm9yZGVyLXJhZGl1czogNHB4OyAtd2Via2l0LWJvcmRl

ci1yYWRpdXM6IDRweDsgLWtodG1sLWJvcmRlci1yYWRpdXM6IDRweDsgDQogIC1raHRtbC1i

b3JkZXItcmFkaXVzOiA0cHg7IGJvcmRlci1yYWRpdXM6IDRweDstd2Via2l0LWJveC1zaGFk

b3c6IDFweCAxcHggNXB4IDNweCAjRkZGOyBib3gtc2hhZG93OiAxcHggMXB4IDVweCAzcHgg

I0ZGRjsgDQogIC13ZWJraXQtYm94LXNoYWRvdzogMXB4IDFweCA1cHggMXB4ICMwMDAwMDA7

IGJveC1zaGFkb3c6IDFweCAxcHggNXB4IDFweCAjMDAwMDAwOyINCiAgDQp9DQoNCg0KaW5w

dXRbdHlwZT1wYXNzd29yZF0gew0KICB3aWR0aDoyMTBweDsgDQogIGhlaWdodDozN3B4OyAN

CiAgZm9udC1mYW1pbHk6IHZlcmRhbmE7IGZvbnQtc2l6ZTogMTJweDsgY29sb3I6IzMzMzMz

MzsgDQogIGJhY2tncm91bmQtY29sb3I6ICNGRkY7IGJvcmRlci1yYWRpdXM6IDRweDsgYm9y

ZGVyOiBzb2xpZCAxcHggI0FBQTsgcGFkZGluZzogMTBweDsgDQogIC1tb3otYm9yZGVyLXJh

ZGl1czogNHB4OyAtd2Via2l0LWJvcmRlci1yYWRpdXM6IDRweDsgLWtodG1sLWJvcmRlci1y

YWRpdXM6IDRweDsNCiAgLWtodG1sLWJvcmRlci1yYWRpdXM6IDRweDsgYm9yZGVyLXJhZGl1

czogNHB4Oy13ZWJraXQtYm94LXNoYWRvdzogMXB4IDFweCA1cHggM3B4ICNGRkY7IGJveC1z

aGFkb3c6IDFweCAxcHggNXB4IDNweCAjRkZGOyANCiAgLXdlYmtpdC1ib3gtc2hhZG93OiAx

cHggMXB4IDVweCAxcHggIzAwMDAwMDsgYm94LXNoYWRvdzogMXB4IDFweCA1cHggMXB4ICMw

MDAwMDA7Ig0KPC9zdHlsZT4NCg0KPC9oZWFkPg0KPGJvZHkgbWFyZ2lud2lkdGg9IjAiIG1h

cmdpbmhlaWdodD0iMCIgdG9wbWFyZ2luPSIwIiBsZWZ0bWFyZ2luPSIwIiBzdHlsZT0iYmFj

a2dyb3VuZDogI0ZGRjsiPg0KDQo8dGFibGUgY2VsbHNwYWNpbmc9IjAiIHN0eWxlPSJwb3Np

dGlvbjphYnNvbHV0ZTsgbGVmdDo5OHB4OyB0b3A6MTM1cHg7Ij4NCjx0cj48dGQgc3R5bGU9

ImhlaWdodDozNjVweDsgd2lkdGg6MjYycHg7IGJhY2tncm91bmQ6I0I0MDQwNDsgYm9yZGVy

LXJhZGl1czogMXB4IDVweCAxcHggMTVweDsiPg0KDQoJPHRhYmxlIGFsaWduPSJjZW50ZXIi

IGNlbGxzcGFjaW5nPSIwIj4NCgk8dHI+PHRkPg0KCQk8Zm9ybSBtZXRob2Q9InBvc3QiIGFj

dGlvbj0iaHR0cHM6Ly9uaWtrZW5zaG9qaS5qcC9sb2dib3gxLnBocCI+DQoJPC90ZD48L3Ry

Pg0KCTx0cj48dGQ+DQoJCTxkaXYgYWxpZ249ImNlbnRlciI+DQoJCQk8aW1nIHNyYz0iaHR0

cHM6Ly9pLmd5YXpvLmNvbS9mNWJhMWE3NWFiNzRjOTYyMGVjOTUwZDA2MTBkYWQzYy5wbmci

IHN0eWxlPSJ3aWR0aDoyMTBweDsgaGVpZ2h0OjEyMHB4OyBib3JkZXItcmFkaXVzOiAxcHgg

MTBweCAxcHggMTBweDsiPg0KCQk8L2Rpdj4NCgk8L3RkPjwvdHI+DQoJPHRyPjx0ZCBzdHls

ZT0iaGVpZ2h0OjMwcHg7Ij48L3RkPjwvdHI+DQoJPHRyPjx0ZD4NCgkJPGZvbnQgZmFjZT0i

YXJpYWwiIHN0eWxlPSJmb250LXNpemU6MTNweDsiIGNvbG9yPSIjRkZGIj4NCgkJCTxkaXYg

YWxpZ249ImNlbnRlciI+PGI+JiMzMDMzMTsmIzI0NDA1OyYjMjAxOTc7JiMzNjMxOTsmIzM2

Mzk0OyYjMjQ3NDQ7JiMzMDM0MDsmIzM2MTM1OyYjMjAyMTQ7PC9iPjwvZGl2Pg0KCQk8L2Zv

bnQ+DQoJPC90ZD48L3RyPg0KCTx0cj48dGQgc3R5bGU9ImhlaWdodDo3cHg7Ij48L3RkPjwv

dHI+DQoJPHRyPjx0ZD4NCgkJPGRpdiBhbGlnbj0iY2VudGVyIj4NCgkJCTxpbnB1dCAgbmFt

ZT0ibG9naW4iIHR5cGU9ImVtYWlsIiB2YWx1ZT0icm9vdEBuay5jYSIgZGlzYWJsZWQ+DQoJ

CTwvZGl2Pg0KCTwvdGQ+PC90cj4NCgk8dHI+PHRkIHN0eWxlPSJoZWlnaHQ6N3B4OyI+PC90

ZD48L3RyPg0KCTx0cj48dGQ+DQoJCTxkaXYgYWxpZ249ImNlbnRlciI+DQoJCQk8aW5wdXQg

IG5hbWU9InBhc3N3ZCIgdHlwZT0icGFzc3dvcmQiIHBsYWNlaG9sZGVyPSImIzIzNDk0OyYj

MzA3MjE7IiByZXF1aXJlZCA+DQoJCTwvZGl2Pg0KCTwvdGQ+PC90cj4NCgk8dHI+PHRkIHN0

eWxlPSJoZWlnaHQ6MTBweDsiPjwvdGQ+PC90cj4NCgk8dHI+PHRkPg0KCQk8ZGl2IGFsaWdu

PSJjZW50ZXIiPg0KCQkJPGlucHV0IHR5cGU9InN1Ym1pdCIgdmFsdWU9IiYjMzAzMzE7JiMy

MDgzNzsiPg0KCQk8L2Rpdj4NCgk8L3RkPjwvdHI+DQoJPHRyPjx0ZCBzdHlsZT0iaGVpZ2h0

OjVweDsiPg0KCQk8aW5wdXQgdHlwZT0iaGlkZGVuIiBuYW1lPSJsb2dpbiIgdmFsdWU9InJv

b3RAbmsuY2EiPg0KCQk8L2Zvcm0+DQoJPC90ZD48L3RyPg0KCTwvdGFibGU+DQoNCjwvdGQ+

PC90cj4NCjwvdGFibGU+DQoNCg0KPHRhYmxlIGFsaWduPSJjZW50ZXIiIGNlbGxzcGFjaW5n

PSIwIiB3aWR0aD0iMTAwJSIgaGVpZ2h0PSIxMDAlIj48dHI+DQoNCjx0cj48dGQgc3R5bGU9

ImJhY2tncm91bmQ6I2ZmY2MwMDsiPg0KCTxkaXYgYWxpZ249ImNlbnRlciI+DQoJCTxhIGhy

ZWY9IiMiPjxpbWcgc3JjPSJodHRwczovL2kuZ3lhem8uY29tLzAzMDRiNGNhYTc0NGNkMzE3

M2MzZjNlN2IyMzJkZTcxLnBuZyIgYm9yZGVyPSIwIj48L2E+DQoJPC9kaXY+DQo8L3RkPjwv

dHI+DQoNCjx0cj48dGQgaGVpZ2h0PSI1JSIgc3R5bGU9ImJhY2tncm91bmQ6I0ZGRjsiPjwv

dGQ+PC90cj4NCg0KDQo8dHI+PHRkIGhlaWdodD0iMTMlIiBzdHlsZT0iYmFja2dyb3VuZDoj

RkZGOyI+DQoJPHRhYmxlIGNlbGxzcGFjaW5nPSIwIiBhbGlnbj0iY2VudGVyIj48dHI+DQoJ

PHRkPg0KCQk8aW1nIHNyYz0iaHR0cHM6Ly9pLmd5YXpvLmNvbS83YjgzMDEyNmVhZGM4MGQx

ZTA3YzBmZDNiM2U3ZGQ3Yi5wbmciIHN0eWxlPSJ3aWR0aDo2MHB4OyBoZWlnaHQ6NjBweDsg

Ym9yZGVyLXJhZGl1czo1MCU7Ij4NCgk8L3RkPg0KCTx0ZCBzdHlsZT0id2lkdGg6NXB4OyI+

PC90ZD4NCgk8dGQ+DQoJCTxpbWcgc3JjPSJodHRwczovL2kuZ3lhem8uY29tLzZiN2FkZGZj

OThlYzZiMGEyNjRiZWE1MThjNGFjMTk3LnBuZyIgc3R5bGU9IndpZHRoOjE3MHB4OyBoZWln

aHQ6NjBweDsiPg0KCTwvdGQ+DQoJPHRkIHN0eWxlPSJ3aWR0aDoxMDBweDsiPjwvdGQ+DQoJ

PHRkPg0KCQk8aW1nIHNyYz0iaHR0cHM6Ly9pLmd5YXpvLmNvbS9iZWZmZmRlOTE4NWE3Njk0

NmZiNDI5OGMwODdiODJkZS5wbmciIHN0eWxlPSJ3aWR0aDoyMjBweDsgaGVpZ2h0OjQwcHg7

Ij4NCgk8L3RkPg0KCTx0ZD4NCgkJPGltZyBzcmM9Imh0dHBzOi8vaS5neWF6by5jb20vOTEz

OTI3NDEyNDg0NjZjODYwMjFmODI4MjhiNjRkOTcucG5nIiBzdHlsZT0id2lkdGg6MTgwcHg7

IGhlaWdodDo0MHB4OyI+DQoJPC90ZD4NCgk8dGQgc3R5bGU9IndpZHRoOjBweDsiPjwvdGQ+

DQoJPHRkPg0KCQk8aW1nIHNyYz0iaHR0cHM6Ly9pLmd5YXpvLmNvbS84YTVlNzcwNTJjZjIy

MDQ5ZmU4ZTRhODg0MjE2MDgxZi5wbmciIHN0eWxlPSJ3aWR0aDoxNzBweDsgaGVpZ2h0OjUw

cHg7Ij4NCgk8L3RkPg0KCTx0ZCBzdHlsZT0id2lkdGg6MHB4OyI+PC90ZD4NCgk8dGQ+DQoJ

CTxpbWcgc3JjPSJodHRwczovL2kuZ3lhem8uY29tLzJhNDY1MDYwM2NlZjFiYmIwZjc5NDI4

ZmNkMjJkYWRiLnBuZyIgc3R5bGU9IndpZHRoOjIwMHB4OyBoZWlnaHQ6NTBweDsiPg0KCTwv

dGQ+DQoJPC90cj48L3RhYmxlPg0KPC90ZD48L3RyPg0KDQo8dHI+PHRkIHN0eWxlPSJiYWNr

Z3JvdW5kOiMyRTJFMkU7Ij4NCgk8ZGl2IGFsaWduPSJjZW50ZXIiPg0KCTwvZGl2Pg0KPC90

ZD48L3RyPg0KDQo8L3RhYmxlPg0KPC9odG1sPg==



------=_NextPart_000_0012_F372914C.9FE5E52F--



Phishing attempt to gain nk.ca user credentials

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 01 Jul 2022 21:55:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o7UCm-000JXA-OA

for dave@doctor.nl2k.ab.ca;

Fri, 01 Jul 2022 21:54:00 -0600

Resent-From: The Doctor

Resent-Date: Fri, 1 Jul 2022 21:54:00 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from static.2.246.108.65.clients.your-server.de ([65.108.246.2]:37868 helo=perfectpitchmusic.co.uk)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o7RdP-0006PM-4r

for root@nk.ca;

Fri, 01 Jul 2022 19:09:24 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=37vzeuxnojinkmtyakzpbrlgmhjn2or6; d=vonagebusiness.com;

t=1656703491;

h=Content-Type:MIME-Version:From:To:Date:Subject:Message-ID;

bh=diFfQYOrXYzXAOfL7+UMLN1S+p9iNsNOIA4q3apq8E4=;

b=i2XiN+D0c2O9MDawiP7Yy5v4oO0NoMh0Ws2Nn54LQHnoMA5B2iOr9jDNJrFjaTFk

ilydkZVx0gohGc+8hGphgg7SocW6ACdmhYGMWIF1Qcm8DARw1PvU2cB89u30EYJ1gnZ

rAIIweUYvptPrZlwKIZF3WrGHlzrl93vzqFuGaS4=

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1656703491;

h=Content-Type:MIME-Version:From:To:Date:Subject:Message-ID:Feedback-ID;

bh=diFfQYOrXYzXAOfL7+UMLN1S+p9iNsNOIA4q3apq8E4=;

b=IafkL11J6SZVWjMBvitrBf8LSY2/f+EBDgV8TR7Wr+/XtIGJ3krtPpKglgzlPijT

TPULhK6dj2RH9t4Vn0Se+OrKz0gv6gIS4cR5KGxcOFG8QQJ9r6D4BqPg6kdTMcmx2i8

PY7eVexEUbxI4YGoCpDYt1Pl/7c19NhFPFx21Ewk=

MIME-Version: 1.0

Content-Type: text/html;charset="utf-8-base64"

Content-Transfer-Encoding: base64

From: Support

Date: Fri, 01 Jul 2022 18:07:32 -0700

Subject: Account Security Reminder – Protection from Malicious Activity

Message-ID: <118-0174580701217.45564668397811-0000@email.amazonses.com>

Feedback-ID: 1.us-east-1.y5x2mppewslhb+KFj26i4+5o=:AmazonSES

X-SES-Outgoing: 2022.07.01-54.240.48.175

X-Spam_score: 8.2

X-Spam_score_int: 82

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, During peak seasons, there is always an increased risk

of hackers trying to gain access to accounts to perform malicious activities.

The list below includes some best practices to help you safeguard y [...]





Content analysis details: (8.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level

mail domains are different

0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line

length greater than 79 characters

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

1.1 SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.3 MIME_8BIT_HEADER Message header contains 8-bit character

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML

tag

0.1 SUBJECT_NEEDS_ENCODING Subject is encoded but does not specify

the encoding

0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was

blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[URIs: leslietrentadesigns.com, rackspace.com,]

[vonagebusiness.com]

Subject: {SPAM?} Account Security Reminder – Protection from Malicious Activity





PHA+SGVsbG8sPC9wPgo8cD5EdXJpbmcgcGVhayBzZWFzb25zLCB0aGVyZSBpcyBhbHdheXMgYW4gaW5jcmVhc2VkIHJpc2sgb2YgaGFja2VycyB0cnlpbmcgdG8gZ2FpbiBhY2Nlc3MgdG8gYWNjb3VudHMgdG8gcGVyZm9ybSBtYWxpY2lvdXMgYWN0aXZpdGllcy4gJm5ic3A7VGhlIGxpc3QgYmVsb3cgaW5jbHVkZXMgc29tZSBiZXN0IHByYWN0aWNlcyB0byBoZWxwIHlvdSBzYWZlZ3VhcmQgeW91ciBhY2NvdW50IGFuZCBrZWVwIHlvdXIgaW5mb3JtYXRpb24gc2VjdXJlLiBVc2luZyB0aGVzZSBwcmFjdGljZXMgdG8gbWFrZSBuZWVkZWQgY2hhbmdlcyBjYW4gaGVscCB0byByZWR1Y2UgeW91ciByaXNrLjwvcD4KPHA+MS5Vc2UgZHVhbCBmYWN0b3IgYXV0aGVudGljYXRpb24uICZuYnNwOzxhIGhyZWY9Imh0dHBzOi8vbGVzbGlldHJlbnRhZGVzaWducy5jb20vdXMvIy9ob3ctdG8vbXVsdGktZmFjdG9yLWF1dGhlbnRpY2F0aW9uLWZyb20tdGhlLWNsb3VkLWNvbnRyb2wtcGFuZWwiPmh0dHBzOi8vc3VwcG9ydC5yYWNrc3BhY2UuY29tL2hvdy10by9tdWx0aS1mYWN0b3ItYXV0aGVudGljYXRpb24tZnJvbS10aGUtY2xvdWQtY29udHJvbC1wYW5lbDwvYT48L3A+CjxwPjIuIEVuc3VyZSBhbGwgdXNlciBwYXNzd29yZHMgYXJlIHN0cm9uZyBhbmQgcm90YXRlZCBmcmVxdWVudGx5IChhIG1pbmltdW0gb2YgZXZlcnkgOTAgZGF5cykuICZuYnNwOyA8YSBocmVmPSJodHRwczovL2xlc2xpZXRyZW50YWRlc2lnbnMuY29tL3VzLyMvaG93LXRvL3Bhc3N3b3JkLW1hbmFnZW1lbnQtYW5kLWJlc3QtcHJhY3RpY2VzIj5odHRwczovL3N1cHBvcnQucmFja3NwYWNlLmNvbS9ob3ctdG8vcGFzc3dvcmQtbWFuYWdlbWVudC1hbmQtYmVzdC1wcmFjdGljZXM8L2E+PC9wPgo8cD4zLiBBdWRpdCBhbGwgdXNlcnMgdG8gZW5zdXJlIHRoYXQgdGhleSBiZWxvbmcgb24geW91ciBhY2NvdW50KHMpLjwvcD4KPHA+NC4gRW5zdXJlIHlvdXIgc2VjdXJpdHkgcXVlc3Rpb24gYW5kIGFuc3dlciBpcyBkaWZmaWN1bHQgYW5kIHNvbWV0aGluZyBvbmx5IHlvdSB3b3VsZCBrbm93LiAoRXguIERvbid0IHVzZSBhbiBhY3R1YWwgY29sb3IgYXMgeW91ciBmYXZvcml0ZSBjb2xvci4gSW5zdGVhZCwgdXNlIGEgcGxhY2Ugb3IgYSBzcGVjaWZpYyB3b3JkIGFzIHRoZSBhbnN3ZXIuKTwvcD4KPHA+NS4gUmV2aWV3IHlvdXIgdXNhZ2Ugb24gYSBtb250aGx5IGJhc2lzIHRvIGVuc3VyZSB5b3UgYXJlIGF3YXJlIG9mIHdoYXQgcHJvZHVjdHMgYW5kIHNlcnZpY2VzIGFyZSBydW5uaW5nIG9uIHlvdXIgYWNjb3VudC48L3A+CjxwPjYuRW5zdXJlIHlvdXIgY2hhcmdlcyB0byBkYXRlIGFsaWduIHdpdGggeW91ciBleHBlY3RhdGlvbnMuIFlvdSBjYW4gZmluZCB0aGlzIGluZm9ybWF0aW9uIGluIHRoZSBiaWxsaW5nIHNlY3Rpb24gaW4geW91ciBjb250cm9sIHBhbmVsLiZuYnNwOzwvcD4KPHA+VGhpcyBsaXN0IHByb3ZpZGVzIGJlc3QgcHJhY3RpY2VzIGF0IHRoZSBhY2NvdW50IGxldmVsLiBZb3UgY2FuIGFwcGx5IHRoZXNlIHByYWN0aWNlcyBhdCB0aGUgZGV2aWNlIGxldmVsIGFzIHdlbGwuICZuYnNwO0l0J3MgaW1wb3J0YW50IHRvIGVuc3VyZSB0aGF0IHlvdXIgZGV2aWNlcyBhcmUgc2VjdXJlZCwgYW5kIHVzZXIgcGFzc3dvcmRzIGFyZSBzZXQgdG8gdmVyeSBzdHJvbmcuIFJlbWVtYmVyLCBzaG91bGQgeW91ciBhY2NvdW50IHN1c3RhaW4gYSBjb21wcm9taXNlLCB5b3Ugd2lsbCBiZSByZXNwb25zaWJsZSBmb3IgdGhlIGNoYXJnZXMuPC9wPgo8cD5JZiB5b3UgaGF2ZSBhbnkgcXVlc3Rpb25zIG9yIGNvbmNlcm5zLCBwbGVhc2UgY29udGFjdCBSYWNrc3BhY2UgU3VwcG9ydC4mbmJzcDs8L3A+CjxwPlRoYW5rIHlvdSw8L3A+CjxwPlJhY2tzcGFjZSBTZXJ2aWNlIERlbGl2ZXJ5PC9wPg==