Phish from Spain
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 16 Jul 2022 07:03:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oChRh-0004vJ-AY
for dave@doctor.nl2k.ab.ca;
Sat, 16 Jul 2022 07:02:57 -0600
Resent-From: The Doctor
Resent-Date: Sat, 16 Jul 2022 07:02:57 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mailweb.nyn.es ([212.36.91.155]:58682)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oCbmf-0004gV-NH
for doctor@doctor.nl2k.ab.ca;
Sat, 16 Jul 2022 01:00:18 -0600
Received: from User (localhost [127.0.0.1])
by mailweb.nyn.es (Postfix) with SMTP id 521FE6BFD60;
Sat, 16 Jul 2022 08:20:04 +0200 (CEST)
Reply-To:
From: "Ray Wilfred."
Subject: Quick follow-up
Date: Sat, 16 Jul 2022 09:20:45 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20220716062004.521FE6BFD60@mailweb.nyn.es>
X-Spam_score: 24.1
X-Spam_score_int: 241
X-Spam_bar: ++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Quick follow-up I sent you some headline ideas last week.
Have you had a chance to look at them? I would love to hear what you think?
Direct Contact: rayw@financier.com Regards, Ray Wilfred.
Content analysis details: (24.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[rayw3505[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[rayw3505[at]gmail.com]
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received'
headers
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[rayw3505[at]gmail.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.2 MISSING_HEADERS Missing To: header
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
1.9 REPLYTO_WITHOUT_TO_CC No description available.
1.4 MALFORMED_FREEMAIL Bad headers on message from free email
service
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
3.4 MSOE_MID_WRONG_CASE No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 FROM_MISSP_USER From misspaced, from "User"
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.6 SCC_BODY_URI_ONLY No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.0 FROM_MISSPACED From: missing whitespace
1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing
list
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
1.4 SPOOFED_FREEMAIL No description available.
2.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
Subject: {SPAM?} Quick follow-up
Quick follow-up
I sent you some headline ideas last week. Have you had a chance to look at them? I would love to hear what you think?
Direct Contact: rayw@financier.com
Regards,
Ray Wilfred.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 16 Jul 2022 07:03:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oChRh-0004vJ-AY
for dave@doctor.nl2k.ab.ca;
Sat, 16 Jul 2022 07:02:57 -0600
Resent-From: The Doctor
Resent-Date: Sat, 16 Jul 2022 07:02:57 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mailweb.nyn.es ([212.36.91.155]:58682)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1oCbmf-0004gV-NH
for doctor@doctor.nl2k.ab.ca;
Sat, 16 Jul 2022 01:00:18 -0600
Received: from User (localhost [127.0.0.1])
by mailweb.nyn.es (Postfix) with SMTP id 521FE6BFD60;
Sat, 16 Jul 2022 08:20:04 +0200 (CEST)
Reply-To:
From: "Ray Wilfred."
Subject: Quick follow-up
Date: Sat, 16 Jul 2022 09:20:45 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20220716062004.521FE6BFD60@mailweb.nyn.es>
X-Spam_score: 24.1
X-Spam_score_int: 241
X-Spam_bar: ++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Quick follow-up I sent you some headline ideas last week.
Have you had a chance to look at them? I would love to hear what you think?
Direct Contact: rayw@financier.com Regards, Ray Wilfred.
Content analysis details: (24.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[rayw3505[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[rayw3505[at]gmail.com]
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received'
headers
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[rayw3505[at]gmail.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.2 MISSING_HEADERS Missing To: header
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
1.9 REPLYTO_WITHOUT_TO_CC No description available.
1.4 MALFORMED_FREEMAIL Bad headers on message from free email
service
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
3.4 MSOE_MID_WRONG_CASE No description available.
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 FROM_MISSP_USER From misspaced, from "User"
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.6 SCC_BODY_URI_ONLY No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.0 FROM_MISSPACED From: missing whitespace
1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing
list
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
1.4 SPOOFED_FREEMAIL No description available.
2.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
Subject: {SPAM?} Quick follow-up
Quick follow-up
I sent you some headline ideas last week. Have you had a chance to look at them? I would love to hear what you think?
Direct Contact: rayw@financier.com
Regards,
Ray Wilfred.