Nigerian Spam from Outlook

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 28 Jul 2022 22:30:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oHHcg-000Dff-95

for dave@doctor.nl2k.ab.ca;

Thu, 28 Jul 2022 22:29:14 -0600

Resent-From: The Doctor

Resent-Date: Thu, 28 Jul 2022 22:29:14 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-co1nam11rlhn2185.outbound.protection.outlook.com ([40.95.37.185]:18401 helo=NAM11-CO1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1oHE55-0005ab-1r

for doctor@nl2k.ab.ca;

Thu, 28 Jul 2022 18:42:24 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=fZIH/ZCS5/TZSOCW+W2q+fH5sPm3X3x0GoDS7FEUO/rSuyD+xF0BRAyMDBtDZcUptfQUzjBdMwclPvZh6nhMbZQ1glHmqBU0MzwBSeBHhsX7CWBlE+ErSH2m7pqE+YtUlo74YtTtyD25VQn/8nhE2u+/aEEXLYekzqr4nskV6+HfyfklG4JZV05oYE7mxnzLZLLZGV5M1lcQSiTehZh3VMij4URw1IekcSju4g8Av/iJzyCz0AOSDmjRJLIt1zSULI745IsiRgKt8G224KrTZDhB29TQy6mDhq6+Wnccq1v8YpxHhJxsURJ3YjTxppiHmCRKpnzdfKES8/j3LspZ3w==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=DWq7LlnfGvyaJQQx/7QzReVTiB9kqsqSS+P3/1g0uXI=;

b=KcY4qXu+izCm43JCHEukqVHAFwoWLhPaJoqePTYsQb0w/EFs+yZeZb0V2YrpTgNtsOOcBpH1CusGtb0h1HghjE5fqxpi6RX/LmmcBWCTTYAd2WkFJDiPS3qBqpWpOz4Frhg6e5iFR7dqxVUJ+tYpxdnvKtb8WVzBeBdArwKN1rWrF73C1ItXH7+96KNfe+raraCicw9pJIcSA003RXaqaipqCgURk8GMOAsKHC8TrCL7TQ3eFkPVWVAIYmojYALxiMdyHSmLuaIsLs5Ck/9NwUYnJujhiku973tyE8VkzXHV/+gMBC5hUUdRBgMouXEhd061eO/oXH7DD1snLovbeg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=neutral (sender ip is

50.203.123.22) smtp.rcpttodomain=aol.com smtp.mailfrom=aim.com; dmarc=fail

(p=reject sp=reject pct=100) action=oreject header.from=aim.com; dkim=none

(message not signed); arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=meyersprinting.onmicrosoft.com; s=selector2-meyersprinting-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=DWq7LlnfGvyaJQQx/7QzReVTiB9kqsqSS+P3/1g0uXI=;

b=k367+udFWvoOA5KMYC+1oxH6Zh0yQfa1c8vDgNpGBY4cj6mZsSB3FHvnWSLkj3rTqpEH9EP8blr9p50nzs/GYMHjeJqGWH5DYdd0t3XXPcLgLLUWQiZhpBsYA+YsRtgpaE6SH83nmkqL77pRRUbjjRtEMYJ6hrSU7n8iTKaSb3M=

Received: from MW4PR03CA0214.namprd03.prod.outlook.com (2603:10b6:303:b9::9)

by SN1PR18MB2269.namprd18.prod.outlook.com (2603:10b6:802:25::22) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.25; Fri, 29 Jul

2022 00:41:50 +0000

Received: from MW2NAM10FT053.eop-nam10.prod.protection.outlook.com

(2603:10b6:303:b9:cafe::4b) by MW4PR03CA0214.outlook.office365.com

(2603:10b6:303:b9::9) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.21 via Frontend

Transport; Fri, 29 Jul 2022 00:41:49 +0000

X-MS-Exchange-Authentication-Results: spf=neutral (sender IP is 50.203.123.22)

smtp.mailfrom=aim.com; dkim=none (message not signed)

header.d=none;dmarc=fail action=oreject header.from=aim.com;

Received-SPF: Neutral (protection.outlook.com: 50.203.123.22 is neither

permitted nor denied by domain of aim.com)

Received: from mpEx16.meyers.com (50.203.123.22) by

MW2NAM10FT053.mail.protection.outlook.com (10.13.155.73) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id

15.20.5482.10 via Frontend Transport; Fri, 29 Jul 2022 00:41:49 +0000

Received: from mpEX16.meyers.com (10.5.0.37) by mpEx16.meyers.com (10.5.0.37)

with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.14; Thu, 28 Jul

2022 19:41:23 -0500

Received: from [107.182.129.162] (107.182.129.162) by mpEX16.meyers.com

(10.5.0.37) with Microsoft SMTP Server id 15.1.2176.14 via Frontend

Transport; Thu, 28 Jul 2022 19:41:20 -0500

Content-Type: text/plain; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body

Subject: Dear Sir/Madam,

To: Recipients

From: "Mr. Tyson T. Abston"

Date: Thu, 28 Jul 2022 17:41:14 -0700

Reply-To:

Message-ID: <31e71c1a-6219-4957-a4ae-5ec939cdaa20@mpEX16.meyers.com>

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-Office365-Filtering-Correlation-Id: 00e19912-6999-4993-e225-08da70fb1fc3

X-MS-TrafficTypeDiagnostic: SN1PR18MB2269:EE_

X-MS-Exchange-SenderADCheck: 2

X-MS-Exchange-AntiSpam-Relay: 1

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?iso-8859-1?Q?zgjsVYQ4pNcvmAn6qpHkt2pySAvXBmYd6UwDcvzaHuTUJb/2aH4MxumLCL?=

=?iso-8859-1?Q?oIlYJ5kiiZ/eotsA7ahVOZeCCoZoprdosRt8qgzl6Brl585pGtutz2teIk?=

=?iso-8859-1?Q?wN1QALF3msvltmPWdKAtm6ezQ27V9rF4+cAE0YPyImX32Wk/ZfNbXVfk2h?=

=?iso-8859-1?Q?X6i430p9XT4fC0O9nWS01AEFPmN2xXlNNHWIoO4fxpCSCsiQ4fnAg+XlGb?=

=?iso-8859-1?Q?iAkYErlZmgNpasUC2sl0VELRHjQiSczQUbLHSmObIGIDxGitKxu3cvYwRZ?=

=?iso-8859-1?Q?F7njgE89HOsmKAC6mBGN4+jr1oxTt+mvSC08c/Hd9c3jiie7GYCiyfzH6z?=

=?iso-8859-1?Q?A1nz8ZQXT4vdH8tW94a5Lpm5NucrvLd989p5/PcYLOr3/ECYSTHc95VTtF?=

=?iso-8859-1?Q?WDOxdPfUs9mmNSaY6QlgOjGIlUWWCQjVeVv2p74uMbhh27Qi8up3TgK+h2?=

=?iso-8859-1?Q?qJbHINNw5at6Xwe9lSYw6rcnlAVSI/RrRDcOJinv1uI356XlPkCdNp5k8v?=

=?iso-8859-1?Q?Bvvs0oa+qQH/CMqmJ4QghLud6BrnQ3zU++MlRQm+Yiq8i85zBNQ2CU5+vE?=

=?iso-8859-1?Q?IKcDbSBxLS+YTQf5HfK3k5s6nkWQj4LM2jffvlbSE9J7LI+SPdhTXtl7Nl?=

=?iso-8859-1?Q?MiMVIyPOPxkoAhM1qiq6JZYk8KO4RgCKpO2FX+gkF/QEp0qa4OEq/QvtYy?=

=?iso-8859-1?Q?gvHy7/o/nDK7t0AovxEUqQcIvYNIeP/3clmqe65E9omvb8nObuif5aLe6a?=

=?iso-8859-1?Q?CssiqAp3F2Va3WTpBO3Iz096kChJyOrdONT+jmSYd52qG5dFghGXMATf84?=

=?iso-8859-1?Q?v1HZB7bxguLFHhqKO/J4Y4fRRd32AFFWfVoAMO9+3p435//b4JHHvw5y6K?=

=?iso-8859-1?Q?abodyc/S7j22T6fpxEXFZPtMwYJuXNTPP51YcrPvLac70RQDEqifqpahD5?=

=?iso-8859-1?Q?VcGj0a4bs/WeDzTtOUV98MTLgTipuOKb8jlVjMIyYCS9r6+/KS+lhQ33Zg?=

=?iso-8859-1?Q?pklZ1SM3ceX7pBZuDmAPSJNG7oaRNnzPILYyzik52Gfl6LYds95paXDagr?=

=?iso-8859-1?Q?Afqmc/+hR8nh78XtNxcvjvnJrLYtUaCCeUf5GyDDI7XTLkoFxWO9I98AIg?=

=?iso-8859-1?Q?i24jPN308JblERbkkxu8HAZ/eM8MXMUDYpssPFUU4GQmHT0c8PyZyNnps0?=

=?iso-8859-1?Q?fv1ydPKfOSRM6g=3D=3D?=

X-Forefront-Antispam-Report:

CIP:50.203.123.22;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mpEx16.meyers.com;PTR:50-203-123-22-static.hfc.comcastbusiness.net;CAT:OSPM;SFS:(13230016)(136003)(376002)(346002)(39860400002)(396003)(84050400002)(40470700004)(6862004)(70586007)(35950700001)(70206006)(8676002)(40480700001)(82310400005)(8936002)(336012)(82740400003)(83380400001)(32650700002)(6666004)(316002)(40460700003)(6706004)(9686003)(41300700001)(82202003)(81166007)(956004)(16576012)(508600001)(86362001)(26005)(3480700007)(5660300002)(2906002)(6200100001)(4744005)(31686004)(356005)(31696002)(7416002)(7140200001);DIR:OUT;SFP:1023;

X-OriginatorOrg: meyers.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jul 2022 00:41:49.6192

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 00e19912-6999-4993-e225-08da70fb1fc3

X-MS-Exchange-CrossTenant-Id: b5354487-c6c9-43da-a055-464d64479ee2

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b5354487-c6c9-43da-a055-464d64479ee2;Ip=[50.203.123.22];Helo=[mpEx16.meyers.com]

X-MS-Exchange-CrossTenant-AuthSource:

MW2NAM10FT053.eop-nam10.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR18MB2269

X-Spam_score: 16.3

X-Spam_score_int: 163

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Sir/Madam, According to your data here in my office (Debt

Settlement Office) your settlement/compensation cash sum of (US$35,000,000.00)

has been Approved today. To receive your due fund via Rapid Transfer (Inst

[...]



Content analysis details: (16.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[toyren[at]aim.com]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM11-CO1-obe.outbound.protection.outlook.com;ip=40.95.37.185;r=doctor.nl2k.ab.ca]

0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 T_HK_NAME_FM_MR_MRS No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail

reply-to

2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Dear Sir/Madam,



Dear Sir/Madam,



According to your data here in my office (Debt Settlement Office) your sett=

lement/compensation cash sum of (US$35,000,000.00) has been Approved today.=

To receive your due fund via Rapid Transfer (Instant Cash Transfer) please=

reply immediately.



Sealed,



Mr. Tyson T. Abston.

Chairman & Chief Executive Officer - Guaranty Bank & Trust N.A