Nigerian Spam from Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 28 Jul 2022 22:30:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oHHcg-000Dff-95
for dave@doctor.nl2k.ab.ca;
Thu, 28 Jul 2022 22:29:14 -0600
Resent-From: The Doctor
Resent-Date: Thu, 28 Jul 2022 22:29:14 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-co1nam11rlhn2185.outbound.protection.outlook.com ([40.95.37.185]:18401 helo=NAM11-CO1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oHE55-0005ab-1r
for doctor@nl2k.ab.ca;
Thu, 28 Jul 2022 18:42:24 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=fZIH/ZCS5/TZSOCW+W2q+fH5sPm3X3x0GoDS7FEUO/rSuyD+xF0BRAyMDBtDZcUptfQUzjBdMwclPvZh6nhMbZQ1glHmqBU0MzwBSeBHhsX7CWBlE+ErSH2m7pqE+YtUlo74YtTtyD25VQn/8nhE2u+/aEEXLYekzqr4nskV6+HfyfklG4JZV05oYE7mxnzLZLLZGV5M1lcQSiTehZh3VMij4URw1IekcSju4g8Av/iJzyCz0AOSDmjRJLIt1zSULI745IsiRgKt8G224KrTZDhB29TQy6mDhq6+Wnccq1v8YpxHhJxsURJ3YjTxppiHmCRKpnzdfKES8/j3LspZ3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=DWq7LlnfGvyaJQQx/7QzReVTiB9kqsqSS+P3/1g0uXI=;
b=KcY4qXu+izCm43JCHEukqVHAFwoWLhPaJoqePTYsQb0w/EFs+yZeZb0V2YrpTgNtsOOcBpH1CusGtb0h1HghjE5fqxpi6RX/LmmcBWCTTYAd2WkFJDiPS3qBqpWpOz4Frhg6e5iFR7dqxVUJ+tYpxdnvKtb8WVzBeBdArwKN1rWrF73C1ItXH7+96KNfe+raraCicw9pJIcSA003RXaqaipqCgURk8GMOAsKHC8TrCL7TQ3eFkPVWVAIYmojYALxiMdyHSmLuaIsLs5Ck/9NwUYnJujhiku973tyE8VkzXHV/+gMBC5hUUdRBgMouXEhd061eO/oXH7DD1snLovbeg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=neutral (sender ip is
50.203.123.22) smtp.rcpttodomain=aol.com smtp.mailfrom=aim.com; dmarc=fail
(p=reject sp=reject pct=100) action=oreject header.from=aim.com; dkim=none
(message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=meyersprinting.onmicrosoft.com; s=selector2-meyersprinting-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=DWq7LlnfGvyaJQQx/7QzReVTiB9kqsqSS+P3/1g0uXI=;
b=k367+udFWvoOA5KMYC+1oxH6Zh0yQfa1c8vDgNpGBY4cj6mZsSB3FHvnWSLkj3rTqpEH9EP8blr9p50nzs/GYMHjeJqGWH5DYdd0t3XXPcLgLLUWQiZhpBsYA+YsRtgpaE6SH83nmkqL77pRRUbjjRtEMYJ6hrSU7n8iTKaSb3M=
Received: from MW4PR03CA0214.namprd03.prod.outlook.com (2603:10b6:303:b9::9)
by SN1PR18MB2269.namprd18.prod.outlook.com (2603:10b6:802:25::22) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.25; Fri, 29 Jul
2022 00:41:50 +0000
Received: from MW2NAM10FT053.eop-nam10.prod.protection.outlook.com
(2603:10b6:303:b9:cafe::4b) by MW4PR03CA0214.outlook.office365.com
(2603:10b6:303:b9::9) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.21 via Frontend
Transport; Fri, 29 Jul 2022 00:41:49 +0000
X-MS-Exchange-Authentication-Results: spf=neutral (sender IP is 50.203.123.22)
smtp.mailfrom=aim.com; dkim=none (message not signed)
header.d=none;dmarc=fail action=oreject header.from=aim.com;
Received-SPF: Neutral (protection.outlook.com: 50.203.123.22 is neither
permitted nor denied by domain of aim.com)
Received: from mpEx16.meyers.com (50.203.123.22) by
MW2NAM10FT053.mail.protection.outlook.com (10.13.155.73) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.5482.10 via Frontend Transport; Fri, 29 Jul 2022 00:41:49 +0000
Received: from mpEX16.meyers.com (10.5.0.37) by mpEx16.meyers.com (10.5.0.37)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.14; Thu, 28 Jul
2022 19:41:23 -0500
Received: from [107.182.129.162] (107.182.129.162) by mpEX16.meyers.com
(10.5.0.37) with Microsoft SMTP Server id 15.1.2176.14 via Frontend
Transport; Thu, 28 Jul 2022 19:41:20 -0500
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Dear Sir/Madam,
To: Recipients
From: "Mr. Tyson T. Abston"
Date: Thu, 28 Jul 2022 17:41:14 -0700
Reply-To:
Message-ID: <31e71c1a-6219-4957-a4ae-5ec939cdaa20@mpEX16.meyers.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 00e19912-6999-4993-e225-08da70fb1fc3
X-MS-TrafficTypeDiagnostic: SN1PR18MB2269:EE_
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?iso-8859-1?Q?zgjsVYQ4pNcvmAn6qpHkt2pySAvXBmYd6UwDcvzaHuTUJb/2aH4MxumLCL?=
=?iso-8859-1?Q?oIlYJ5kiiZ/eotsA7ahVOZeCCoZoprdosRt8qgzl6Brl585pGtutz2teIk?=
=?iso-8859-1?Q?wN1QALF3msvltmPWdKAtm6ezQ27V9rF4+cAE0YPyImX32Wk/ZfNbXVfk2h?=
=?iso-8859-1?Q?X6i430p9XT4fC0O9nWS01AEFPmN2xXlNNHWIoO4fxpCSCsiQ4fnAg+XlGb?=
=?iso-8859-1?Q?iAkYErlZmgNpasUC2sl0VELRHjQiSczQUbLHSmObIGIDxGitKxu3cvYwRZ?=
=?iso-8859-1?Q?F7njgE89HOsmKAC6mBGN4+jr1oxTt+mvSC08c/Hd9c3jiie7GYCiyfzH6z?=
=?iso-8859-1?Q?A1nz8ZQXT4vdH8tW94a5Lpm5NucrvLd989p5/PcYLOr3/ECYSTHc95VTtF?=
=?iso-8859-1?Q?WDOxdPfUs9mmNSaY6QlgOjGIlUWWCQjVeVv2p74uMbhh27Qi8up3TgK+h2?=
=?iso-8859-1?Q?qJbHINNw5at6Xwe9lSYw6rcnlAVSI/RrRDcOJinv1uI356XlPkCdNp5k8v?=
=?iso-8859-1?Q?Bvvs0oa+qQH/CMqmJ4QghLud6BrnQ3zU++MlRQm+Yiq8i85zBNQ2CU5+vE?=
=?iso-8859-1?Q?IKcDbSBxLS+YTQf5HfK3k5s6nkWQj4LM2jffvlbSE9J7LI+SPdhTXtl7Nl?=
=?iso-8859-1?Q?MiMVIyPOPxkoAhM1qiq6JZYk8KO4RgCKpO2FX+gkF/QEp0qa4OEq/QvtYy?=
=?iso-8859-1?Q?gvHy7/o/nDK7t0AovxEUqQcIvYNIeP/3clmqe65E9omvb8nObuif5aLe6a?=
=?iso-8859-1?Q?CssiqAp3F2Va3WTpBO3Iz096kChJyOrdONT+jmSYd52qG5dFghGXMATf84?=
=?iso-8859-1?Q?v1HZB7bxguLFHhqKO/J4Y4fRRd32AFFWfVoAMO9+3p435//b4JHHvw5y6K?=
=?iso-8859-1?Q?abodyc/S7j22T6fpxEXFZPtMwYJuXNTPP51YcrPvLac70RQDEqifqpahD5?=
=?iso-8859-1?Q?VcGj0a4bs/WeDzTtOUV98MTLgTipuOKb8jlVjMIyYCS9r6+/KS+lhQ33Zg?=
=?iso-8859-1?Q?pklZ1SM3ceX7pBZuDmAPSJNG7oaRNnzPILYyzik52Gfl6LYds95paXDagr?=
=?iso-8859-1?Q?Afqmc/+hR8nh78XtNxcvjvnJrLYtUaCCeUf5GyDDI7XTLkoFxWO9I98AIg?=
=?iso-8859-1?Q?i24jPN308JblERbkkxu8HAZ/eM8MXMUDYpssPFUU4GQmHT0c8PyZyNnps0?=
=?iso-8859-1?Q?fv1ydPKfOSRM6g=3D=3D?=
X-Forefront-Antispam-Report:
CIP:50.203.123.22;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mpEx16.meyers.com;PTR:50-203-123-22-static.hfc.comcastbusiness.net;CAT:OSPM;SFS:(13230016)(136003)(376002)(346002)(39860400002)(396003)(84050400002)(40470700004)(6862004)(70586007)(35950700001)(70206006)(8676002)(40480700001)(82310400005)(8936002)(336012)(82740400003)(83380400001)(32650700002)(6666004)(316002)(40460700003)(6706004)(9686003)(41300700001)(82202003)(81166007)(956004)(16576012)(508600001)(86362001)(26005)(3480700007)(5660300002)(2906002)(6200100001)(4744005)(31686004)(356005)(31696002)(7416002)(7140200001);DIR:OUT;SFP:1023;
X-OriginatorOrg: meyers.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jul 2022 00:41:49.6192
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 00e19912-6999-4993-e225-08da70fb1fc3
X-MS-Exchange-CrossTenant-Id: b5354487-c6c9-43da-a055-464d64479ee2
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b5354487-c6c9-43da-a055-464d64479ee2;Ip=[50.203.123.22];Helo=[mpEx16.meyers.com]
X-MS-Exchange-CrossTenant-AuthSource:
MW2NAM10FT053.eop-nam10.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR18MB2269
X-Spam_score: 16.3
X-Spam_score_int: 163
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Sir/Madam, According to your data here in my office (Debt
Settlement Office) your settlement/compensation cash sum of (US$35,000,000.00)
has been Approved today. To receive your due fund via Rapid Transfer (Inst
[...]
Content analysis details: (16.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[toyren[at]aim.com]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM11-CO1-obe.outbound.protection.outlook.com;ip=40.95.37.185;r=doctor.nl2k.ab.ca]
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.5 HK_NAME_FM_MR_MRS No description available.
0.0 T_HK_NAME_FM_MR_MRS No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} Dear Sir/Madam,
Dear Sir/Madam,
According to your data here in my office (Debt Settlement Office) your sett=
lement/compensation cash sum of (US$35,000,000.00) has been Approved today.=
To receive your due fund via Rapid Transfer (Instant Cash Transfer) please=
reply immediately.
Sealed,
Mr. Tyson T. Abston.
Chairman & Chief Executive Officer - Guaranty Bank & Trust N.A
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 28 Jul 2022 22:30:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oHHcg-000Dff-95
for dave@doctor.nl2k.ab.ca;
Thu, 28 Jul 2022 22:29:14 -0600
Resent-From: The Doctor
Resent-Date: Thu, 28 Jul 2022 22:29:14 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-co1nam11rlhn2185.outbound.protection.outlook.com ([40.95.37.185]:18401 helo=NAM11-CO1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oHE55-0005ab-1r
for doctor@nl2k.ab.ca;
Thu, 28 Jul 2022 18:42:24 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=fZIH/ZCS5/TZSOCW+W2q+fH5sPm3X3x0GoDS7FEUO/rSuyD+xF0BRAyMDBtDZcUptfQUzjBdMwclPvZh6nhMbZQ1glHmqBU0MzwBSeBHhsX7CWBlE+ErSH2m7pqE+YtUlo74YtTtyD25VQn/8nhE2u+/aEEXLYekzqr4nskV6+HfyfklG4JZV05oYE7mxnzLZLLZGV5M1lcQSiTehZh3VMij4URw1IekcSju4g8Av/iJzyCz0AOSDmjRJLIt1zSULI745IsiRgKt8G224KrTZDhB29TQy6mDhq6+Wnccq1v8YpxHhJxsURJ3YjTxppiHmCRKpnzdfKES8/j3LspZ3w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=DWq7LlnfGvyaJQQx/7QzReVTiB9kqsqSS+P3/1g0uXI=;
b=KcY4qXu+izCm43JCHEukqVHAFwoWLhPaJoqePTYsQb0w/EFs+yZeZb0V2YrpTgNtsOOcBpH1CusGtb0h1HghjE5fqxpi6RX/LmmcBWCTTYAd2WkFJDiPS3qBqpWpOz4Frhg6e5iFR7dqxVUJ+tYpxdnvKtb8WVzBeBdArwKN1rWrF73C1ItXH7+96KNfe+raraCicw9pJIcSA003RXaqaipqCgURk8GMOAsKHC8TrCL7TQ3eFkPVWVAIYmojYALxiMdyHSmLuaIsLs5Ck/9NwUYnJujhiku973tyE8VkzXHV/+gMBC5hUUdRBgMouXEhd061eO/oXH7DD1snLovbeg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=neutral (sender ip is
50.203.123.22) smtp.rcpttodomain=aol.com smtp.mailfrom=aim.com; dmarc=fail
(p=reject sp=reject pct=100) action=oreject header.from=aim.com; dkim=none
(message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=meyersprinting.onmicrosoft.com; s=selector2-meyersprinting-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=DWq7LlnfGvyaJQQx/7QzReVTiB9kqsqSS+P3/1g0uXI=;
b=k367+udFWvoOA5KMYC+1oxH6Zh0yQfa1c8vDgNpGBY4cj6mZsSB3FHvnWSLkj3rTqpEH9EP8blr9p50nzs/GYMHjeJqGWH5DYdd0t3XXPcLgLLUWQiZhpBsYA+YsRtgpaE6SH83nmkqL77pRRUbjjRtEMYJ6hrSU7n8iTKaSb3M=
Received: from MW4PR03CA0214.namprd03.prod.outlook.com (2603:10b6:303:b9::9)
by SN1PR18MB2269.namprd18.prod.outlook.com (2603:10b6:802:25::22) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.25; Fri, 29 Jul
2022 00:41:50 +0000
Received: from MW2NAM10FT053.eop-nam10.prod.protection.outlook.com
(2603:10b6:303:b9:cafe::4b) by MW4PR03CA0214.outlook.office365.com
(2603:10b6:303:b9::9) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.21 via Frontend
Transport; Fri, 29 Jul 2022 00:41:49 +0000
X-MS-Exchange-Authentication-Results: spf=neutral (sender IP is 50.203.123.22)
smtp.mailfrom=aim.com; dkim=none (message not signed)
header.d=none;dmarc=fail action=oreject header.from=aim.com;
Received-SPF: Neutral (protection.outlook.com: 50.203.123.22 is neither
permitted nor denied by domain of aim.com)
Received: from mpEx16.meyers.com (50.203.123.22) by
MW2NAM10FT053.mail.protection.outlook.com (10.13.155.73) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.20.5482.10 via Frontend Transport; Fri, 29 Jul 2022 00:41:49 +0000
Received: from mpEX16.meyers.com (10.5.0.37) by mpEx16.meyers.com (10.5.0.37)
with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2176.14; Thu, 28 Jul
2022 19:41:23 -0500
Received: from [107.182.129.162] (107.182.129.162) by mpEX16.meyers.com
(10.5.0.37) with Microsoft SMTP Server id 15.1.2176.14 via Frontend
Transport; Thu, 28 Jul 2022 19:41:20 -0500
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Dear Sir/Madam,
To: Recipients
From: "Mr. Tyson T. Abston"
Date: Thu, 28 Jul 2022 17:41:14 -0700
Reply-To:
Message-ID: <31e71c1a-6219-4957-a4ae-5ec939cdaa20@mpEX16.meyers.com>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 00e19912-6999-4993-e225-08da70fb1fc3
X-MS-TrafficTypeDiagnostic: SN1PR18MB2269:EE_
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?iso-8859-1?Q?zgjsVYQ4pNcvmAn6qpHkt2pySAvXBmYd6UwDcvzaHuTUJb/2aH4MxumLCL?=
=?iso-8859-1?Q?oIlYJ5kiiZ/eotsA7ahVOZeCCoZoprdosRt8qgzl6Brl585pGtutz2teIk?=
=?iso-8859-1?Q?wN1QALF3msvltmPWdKAtm6ezQ27V9rF4+cAE0YPyImX32Wk/ZfNbXVfk2h?=
=?iso-8859-1?Q?X6i430p9XT4fC0O9nWS01AEFPmN2xXlNNHWIoO4fxpCSCsiQ4fnAg+XlGb?=
=?iso-8859-1?Q?iAkYErlZmgNpasUC2sl0VELRHjQiSczQUbLHSmObIGIDxGitKxu3cvYwRZ?=
=?iso-8859-1?Q?F7njgE89HOsmKAC6mBGN4+jr1oxTt+mvSC08c/Hd9c3jiie7GYCiyfzH6z?=
=?iso-8859-1?Q?A1nz8ZQXT4vdH8tW94a5Lpm5NucrvLd989p5/PcYLOr3/ECYSTHc95VTtF?=
=?iso-8859-1?Q?WDOxdPfUs9mmNSaY6QlgOjGIlUWWCQjVeVv2p74uMbhh27Qi8up3TgK+h2?=
=?iso-8859-1?Q?qJbHINNw5at6Xwe9lSYw6rcnlAVSI/RrRDcOJinv1uI356XlPkCdNp5k8v?=
=?iso-8859-1?Q?Bvvs0oa+qQH/CMqmJ4QghLud6BrnQ3zU++MlRQm+Yiq8i85zBNQ2CU5+vE?=
=?iso-8859-1?Q?IKcDbSBxLS+YTQf5HfK3k5s6nkWQj4LM2jffvlbSE9J7LI+SPdhTXtl7Nl?=
=?iso-8859-1?Q?MiMVIyPOPxkoAhM1qiq6JZYk8KO4RgCKpO2FX+gkF/QEp0qa4OEq/QvtYy?=
=?iso-8859-1?Q?gvHy7/o/nDK7t0AovxEUqQcIvYNIeP/3clmqe65E9omvb8nObuif5aLe6a?=
=?iso-8859-1?Q?CssiqAp3F2Va3WTpBO3Iz096kChJyOrdONT+jmSYd52qG5dFghGXMATf84?=
=?iso-8859-1?Q?v1HZB7bxguLFHhqKO/J4Y4fRRd32AFFWfVoAMO9+3p435//b4JHHvw5y6K?=
=?iso-8859-1?Q?abodyc/S7j22T6fpxEXFZPtMwYJuXNTPP51YcrPvLac70RQDEqifqpahD5?=
=?iso-8859-1?Q?VcGj0a4bs/WeDzTtOUV98MTLgTipuOKb8jlVjMIyYCS9r6+/KS+lhQ33Zg?=
=?iso-8859-1?Q?pklZ1SM3ceX7pBZuDmAPSJNG7oaRNnzPILYyzik52Gfl6LYds95paXDagr?=
=?iso-8859-1?Q?Afqmc/+hR8nh78XtNxcvjvnJrLYtUaCCeUf5GyDDI7XTLkoFxWO9I98AIg?=
=?iso-8859-1?Q?i24jPN308JblERbkkxu8HAZ/eM8MXMUDYpssPFUU4GQmHT0c8PyZyNnps0?=
=?iso-8859-1?Q?fv1ydPKfOSRM6g=3D=3D?=
X-Forefront-Antispam-Report:
CIP:50.203.123.22;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mpEx16.meyers.com;PTR:50-203-123-22-static.hfc.comcastbusiness.net;CAT:OSPM;SFS:(13230016)(136003)(376002)(346002)(39860400002)(396003)(84050400002)(40470700004)(6862004)(70586007)(35950700001)(70206006)(8676002)(40480700001)(82310400005)(8936002)(336012)(82740400003)(83380400001)(32650700002)(6666004)(316002)(40460700003)(6706004)(9686003)(41300700001)(82202003)(81166007)(956004)(16576012)(508600001)(86362001)(26005)(3480700007)(5660300002)(2906002)(6200100001)(4744005)(31686004)(356005)(31696002)(7416002)(7140200001);DIR:OUT;SFP:1023;
X-OriginatorOrg: meyers.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 29 Jul 2022 00:41:49.6192
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 00e19912-6999-4993-e225-08da70fb1fc3
X-MS-Exchange-CrossTenant-Id: b5354487-c6c9-43da-a055-464d64479ee2
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=b5354487-c6c9-43da-a055-464d64479ee2;Ip=[50.203.123.22];Helo=[mpEx16.meyers.com]
X-MS-Exchange-CrossTenant-AuthSource:
MW2NAM10FT053.eop-nam10.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR18MB2269
X-Spam_score: 16.3
X-Spam_score_int: 163
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Sir/Madam, According to your data here in my office (Debt
Settlement Office) your settlement/compensation cash sum of (US$35,000,000.00)
has been Approved today. To receive your due fund via Rapid Transfer (Inst
[...]
Content analysis details: (16.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[toyren[at]aim.com]
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM11-CO1-obe.outbound.protection.outlook.com;ip=40.95.37.185;r=doctor.nl2k.ab.ca]
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.5 HK_NAME_FM_MR_MRS No description available.
0.0 T_HK_NAME_FM_MR_MRS No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} Dear Sir/Madam,
Dear Sir/Madam,
According to your data here in my office (Debt Settlement Office) your sett=
lement/compensation cash sum of (US$35,000,000.00) has been Approved today.=
To receive your due fund via Rapid Transfer (Instant Cash Transfer) please=
reply immediately.
Sealed,
Mr. Tyson T. Abston.
Chairman & Chief Executive Officer - Guaranty Bank & Trust N.A