Donation spam from gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 19 Aug 2022 13:56:05 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oP85q-000Hcw-T1
for dave@doctor.nl2k.ab.ca;
Fri, 19 Aug 2022 13:55:46 -0600
Resent-From: The Doctor
Resent-Date: Fri, 19 Aug 2022 13:55:46 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ot1-f43.google.com ([209.85.210.43]:35586)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oP3rN-000Knh-Iw
for doctor@doctor.nl2k.ab.ca;
Fri, 19 Aug 2022 09:24:37 -0600
Received: by mail-ot1-f43.google.com with SMTP id o15-20020a9d718f000000b00638c1348012so3287898otj.2
for; Fri, 19 Aug 2022 08:24:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc;
bh=BIQam98RKV6s6PrsEMQjDJGRauQkLr+LISFt7jW6tVs=;
b=Ns068UbvMpwOqiWDUBI9h3vTdx6WHnNd0FZU62OxtDY+bFmAV/TzgLhUq6FC+o4Rzo
8xiMSD7WeZ+rP05twGjUX4G5jIW7hOQFI3DsisbCCnwvZ+sw9VBHZ21KEB21vyzx83ZL
X7ieKJLgQazEv+erYkCVqcgdzL8yztv5Ghcq6heZpl48QEDek5oLJkBGc62xAxx1t6lM
3OXUa67LnJCOCg8BMVQ1Bn4CZJLJ9JOv1fYHnis55wZ3R17FNU6S6v4y+1Mlbj7uxEzW
9u4E0Ypz9S0rnLp9dTJrmnKGryUJ/sQezuDIWmuSAdyFQFAt72rRRKQOBN/ZjvxI7B30
F+rA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc;
bh=BIQam98RKV6s6PrsEMQjDJGRauQkLr+LISFt7jW6tVs=;
b=F2ixZOk3zFW1NCYmbKno/lHY/J1ySfRXa92l+Zz0Le8w3hwWzS1Gocnyk4By40PBqt
BFGv4MHuf3M0T1wKvbrjvvNPm8dnBuzDjPm2Xzu5jCOoiseLc5e+jWl213W3oGBVSZ4Q
Ttwgi9UAbjDmB8GnLt61NKOgN9OpVYYhMSDZi2bM9SWsJWF1ZcGV/kfetYPfymmIzQr2
8KSykrkMpxI3L4FsjeOQbX6JCWMjTl+aU1m9tg8rtPj7nw5zsGwpRL1mCsGcnDjg2vBo
b6jXAP18AVjTTkdHPWmivmp/ijnGeQUvPypwiSUJFcQOOQNE4VsW4BGSidFRSMmYFZKz
Mh8Q==
X-Gm-Message-State: ACgBeo0ndeF4YCSLXC4plWw0R4bUoCN5DdD77+353rXixXtTKlXRo/WE
gOo9LFDAkuM1y31cWciYfUEwsri579Vol/UZ8/A=
X-Google-Smtp-Source: AA6agR6azxidaqIG1k3/wYQcd9OV69hLKHUqgYZr40zXq1Pl3tWWv417AxRxVVRQ5rBxJrJI1mfi62DdrWL0lVuJr4o=
X-Received: by 2002:a9d:f05:0:b0:637:1068:1081 with SMTP id
5-20020a9d0f05000000b0063710681081mr2956954ott.224.1660922642372; Fri, 19 Aug
2022 08:24:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a8a:c8a:0:0:0:0:0 with HTTP; Fri, 19 Aug 2022 08:24:02 -0700 (PDT)
Reply-To: sigridruasungs@gmail.com
From: Sigrid Ruasungs
Date: Fri, 19 Aug 2022 08:24:02 -0700
Message-ID:
Subject: RE:
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 9.0
X-Spam_score_int: 90
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: -- I will donate 1,000,000.00 euros to you and challenge you
to help someone close to you with the little you can. For more information
about me, see my Wikipedia here: https://en.wikipedia.org/wiki/Sigrid_Rausing
.
Content analysis details: (9.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: wikipedia.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.210.43 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[johnmuriithigitonga002[at]gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[johnmuriithigitonga002[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} RE:
--
I will donate 1,000,000.00 euros to you and challenge you to help
someone close to you with the little you can.
For more information about me, see my Wikipedia here:
https://en.wikipedia.org/wiki/Sigrid_Rausing .
Contact me on: sigridruasungs@gmail.com
Regards.
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 19 Aug 2022 13:56:05 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oP85q-000Hcw-T1
for dave@doctor.nl2k.ab.ca;
Fri, 19 Aug 2022 13:55:46 -0600
Resent-From: The Doctor
Resent-Date: Fri, 19 Aug 2022 13:55:46 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ot1-f43.google.com ([209.85.210.43]:35586)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oP3rN-000Knh-Iw
for doctor@doctor.nl2k.ab.ca;
Fri, 19 Aug 2022 09:24:37 -0600
Received: by mail-ot1-f43.google.com with SMTP id o15-20020a9d718f000000b00638c1348012so3287898otj.2
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc;
bh=BIQam98RKV6s6PrsEMQjDJGRauQkLr+LISFt7jW6tVs=;
b=Ns068UbvMpwOqiWDUBI9h3vTdx6WHnNd0FZU62OxtDY+bFmAV/TzgLhUq6FC+o4Rzo
8xiMSD7WeZ+rP05twGjUX4G5jIW7hOQFI3DsisbCCnwvZ+sw9VBHZ21KEB21vyzx83ZL
X7ieKJLgQazEv+erYkCVqcgdzL8yztv5Ghcq6heZpl48QEDek5oLJkBGc62xAxx1t6lM
3OXUa67LnJCOCg8BMVQ1Bn4CZJLJ9JOv1fYHnis55wZ3R17FNU6S6v4y+1Mlbj7uxEzW
9u4E0Ypz9S0rnLp9dTJrmnKGryUJ/sQezuDIWmuSAdyFQFAt72rRRKQOBN/ZjvxI7B30
F+rA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc;
bh=BIQam98RKV6s6PrsEMQjDJGRauQkLr+LISFt7jW6tVs=;
b=F2ixZOk3zFW1NCYmbKno/lHY/J1ySfRXa92l+Zz0Le8w3hwWzS1Gocnyk4By40PBqt
BFGv4MHuf3M0T1wKvbrjvvNPm8dnBuzDjPm2Xzu5jCOoiseLc5e+jWl213W3oGBVSZ4Q
Ttwgi9UAbjDmB8GnLt61NKOgN9OpVYYhMSDZi2bM9SWsJWF1ZcGV/kfetYPfymmIzQr2
8KSykrkMpxI3L4FsjeOQbX6JCWMjTl+aU1m9tg8rtPj7nw5zsGwpRL1mCsGcnDjg2vBo
b6jXAP18AVjTTkdHPWmivmp/ijnGeQUvPypwiSUJFcQOOQNE4VsW4BGSidFRSMmYFZKz
Mh8Q==
X-Gm-Message-State: ACgBeo0ndeF4YCSLXC4plWw0R4bUoCN5DdD77+353rXixXtTKlXRo/WE
gOo9LFDAkuM1y31cWciYfUEwsri579Vol/UZ8/A=
X-Google-Smtp-Source: AA6agR6azxidaqIG1k3/wYQcd9OV69hLKHUqgYZr40zXq1Pl3tWWv417AxRxVVRQ5rBxJrJI1mfi62DdrWL0lVuJr4o=
X-Received: by 2002:a9d:f05:0:b0:637:1068:1081 with SMTP id
5-20020a9d0f05000000b0063710681081mr2956954ott.224.1660922642372; Fri, 19 Aug
2022 08:24:02 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a8a:c8a:0:0:0:0:0 with HTTP; Fri, 19 Aug 2022 08:24:02 -0700 (PDT)
Reply-To: sigridruasungs@gmail.com
From: Sigrid Ruasungs
Date: Fri, 19 Aug 2022 08:24:02 -0700
Message-ID:
Subject: RE:
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 9.0
X-Spam_score_int: 90
X-Spam_bar: +++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: -- I will donate 1,000,000.00 euros to you and challenge you
to help someone close to you with the little you can. For more information
about me, see my Wikipedia here: https://en.wikipedia.org/wiki/Sigrid_Rausing
.
Content analysis details: (9.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: wikipedia.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.210.43 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[johnmuriithigitonga002[at]gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[johnmuriithigitonga002[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
3.2 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.7 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} RE:
--
I will donate 1,000,000.00 euros to you and challenge you to help
someone close to you with the little you can.
For more information about me, see my Wikipedia here:
https://en.wikipedia.org/wiki/Sigrid_Rausing .
Contact me on: sigridruasungs@gmail.com
Regards.
