Phish from Spain

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 16 Jul 2022 07:03:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oChRh-0004vJ-AY

for dave@doctor.nl2k.ab.ca;

Sat, 16 Jul 2022 07:02:57 -0600

Resent-From: The Doctor

Resent-Date: Sat, 16 Jul 2022 07:02:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mailweb.nyn.es ([212.36.91.155]:58682)

by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oCbmf-0004gV-NH

for doctor@doctor.nl2k.ab.ca;

Sat, 16 Jul 2022 01:00:18 -0600

Received: from User (localhost [127.0.0.1])

by mailweb.nyn.es (Postfix) with SMTP id 521FE6BFD60;

Sat, 16 Jul 2022 08:20:04 +0200 (CEST)

Reply-To:

From: "Ray Wilfred."

Subject: Quick follow-up

Date: Sat, 16 Jul 2022 09:20:45 +0300

MIME-Version: 1.0

Content-Type: text/plain;

charset="Windows-1251"

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2600.0000

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000

Message-Id: <20220716062004.521FE6BFD60@mailweb.nyn.es>

X-Spam_score: 24.1

X-Spam_score_int: 241

X-Spam_bar: ++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Quick follow-up I sent you some headline ideas last week.

Have you had a chance to look at them? I would love to hear what you think?

Direct Contact: rayw@financier.com Regards, Ray Wilfred.



Content analysis details: (24.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 NSL_RCVD_FROM_USER Received from User

0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[rayw3505[at]gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[rayw3505[at]gmail.com]

1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received'

headers

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[rayw3505[at]gmail.com]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

1.2 MISSING_HEADERS Missing To: header

0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is

CUSTOM_MED

1.9 REPLYTO_WITHOUT_TO_CC No description available.

1.4 MALFORMED_FREEMAIL Bad headers on message from free email

service

0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority

3.4 MSOE_MID_WRONG_CASE No description available.

0.6 FSL_NEW_HELO_USER Spam's using Helo and User

0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool

0.0 FROM_MISSP_USER From misspaced, from "User"

0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.6 SCC_BODY_URI_ONLY No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

0.0 FROM_MISSPACED From: missing whitespace

1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing

list

0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To

0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable

0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors

2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook

0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope

1.4 SPOOFED_FREEMAIL No description available.

2.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool

2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail

reply-to

0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider

0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...

Subject: {SPAM?} Quick follow-up



Quick follow-up

I sent you some headline ideas last week. Have you had a chance to look at them? I would love to hear what you think?

Direct Contact: rayw@financier.com

Regards,

Ray Wilfred.