Nigerian funds spam from Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 12 Apr 2023 07:06:33 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pmaB5-0004nK-2o
for dave@doctor.nl2k.ab.ca;
Wed, 12 Apr 2023 07:06:23 -0600
Resent-From: The Doctor
Resent-Date: Wed, 12 Apr 2023 07:06:23 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-mw2nam10rlhn2173.outbound.protection.outlook.com ([40.95.33.173]:11358 helo=NAM10-MW2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pmSQf-000HeU-0e
for doctor@nl2k.ab.ca;
Tue, 11 Apr 2023 22:49:22 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=kOCbL7H8E+/M4QLsNHYKwJPt1lYf2kJ/TSdGE4ETZq2mLwJO85Yu1xhKobWOkH0gkRgip+FKELNeX7/p2e7dkOReB3nOMm983+QZ+TtppqL4gSzgxLsfODIqCOfRi/KbIAeO+ayVl5bFnawPURUUxbi/mKZopBzOu+EoGCHYB5mDrl+gjk/477SeJZK6hvrX2nIvrGIx0ahJtzo5U9Xo2j9wb19hlPcJooY40joyHcFYbVK/VyOSqweTuhkdbdx8sO1maR1zsC3sOKcecnnXNVr5RnDy66yb9b602oPDczwmClQUAs7J7Ll0HQcoT0fN7IIKlohNHuKo2W5AfpHUcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=/7GocbTHZfK8HfxPS77eAopNGySB/pwC+X6eUbQhv2k=;
b=aPBhuPs0Vm4aazxN06rQIUQPAsPunXbOQuy8D4bBvXSWU1HpLKD0jkzCrPx9y+o7LZaiXe2a9ovod19aBNs7d4/5msmKmkPCHiFTP7pE3w6v5xkspEno+V3TaSodBdE5zhBahGUgis1kGc25+jqaHbOVtXlAt798hOexzq2EFz0CWfRKbLuo2KJlOdxqO42tvu9dHHE4kpP7ZxTvN6b9EXiUMKTN0I5V4c5ZbmOh6fEzf1BliFRWfL0J4GnpuM2Mmwq2/AfMKc7c/9eTHsEj5FV/RPULfL1hJ9cJikedBlg8ll+HKmSglr6mSyHfglFiBKR5oNXTXhoeeCG6J0oyiQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 8.42.207.80) smtp.rcpttodomain=iprimus.ca smtp.mailfrom=aristotle.net;
dmarc=fail (p=none sp=none pct=100) action=none header.from=aristotle.net;
dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wwjwm.onMicrosoft.com;
s=selector2-wwjwm-onMicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=/7GocbTHZfK8HfxPS77eAopNGySB/pwC+X6eUbQhv2k=;
b=RMMOYvrtK/1T9CuM8gLmgNSt3I1nwjFB4hTCQXTVYTffZS75EY86akTUNZpBFadLZXX27fHQtMhpSfwHpHytgn42aPdIu9Lb3wpp82KekDpyE1B/5kxzK/Bz1dYU/U2F+tUGpHojm8tVp+qVE39E0yea+yVU2LOSEJNSw9G4x+g=
Received: from BN0PR04CA0152.namprd04.prod.outlook.com (2603:10b6:408:eb::7)
by PH0PR01MB6471.prod.exchangelabs.com (2603:10b6:510:b::11) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6298.30; Wed, 12 Apr 2023 04:47:11 +0000
Received: from BN8NAM12FT022.eop-nam12.prod.protection.outlook.com
(2603:10b6:408:eb:cafe::22) by BN0PR04CA0152.outlook.office365.com
(2603:10b6:408:eb::7) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.40 via Frontend
Transport; Wed, 12 Apr 2023 04:47:11 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 8.42.207.80)
smtp.mailfrom=aristotle.net; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=aristotle.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
aristotle.net discourages use of 8.42.207.80 as permitted sender)
Received: from mail1.jas.com (8.42.207.80) by
BN8NAM12FT022.mail.protection.outlook.com (10.13.183.82) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6319.4 via Frontend Transport; Wed, 12 Apr 2023 04:47:10 +0000
Received: from USBCDPSMBX02.jas1.ds.Jas.com (172.29.10.52) by
USBCDPSMBX02.jas1.ds.Jas.com (172.29.10.52) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.26; Wed, 12 Apr 2023 00:46:43 -0400
Received: from User (95.214.24.111) by USBCDPSMBX02.jas1.ds.Jas.com
(172.29.10.52) with Microsoft SMTP Server id 15.2.1118.26 via Frontend
Transport; Wed, 12 Apr 2023 00:46:38 -0400
Reply-To:
From: "Edward Stevenson,CSO"
Subject: RE: INVESTMENT PROPOSITION:
Date: Tue, 11 Apr 2023 21:46:43 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <0c75ef35-14a0-438a-8d9d-b42d0d0414f4@USBCDPSMBX02.jas1.ds.Jas.com>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM12FT022:EE_|PH0PR01MB6471:EE_
X-MS-Office365-Filtering-Correlation-Id: 4d4d004a-cbce-4044-9870-08db3b10fa3f
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?ZXl/w1YqzY59Un9Qf3n3D2FRcxjmu+QoCufn2QnYcfH0EP0xtn+4pvUs?=
=?windows-1251?Q?yJhfTVsdgUo36ALVSVTYYeFBurfd+YI2RJxy+kwbTCEmr0QLsABhkxWP?=
=?windows-1251?Q?FV02OiB+9b0M4fatT8lXQzSWILC/p1AO7aGFe4rU2vjfgt28zdkf3Zi3?=
=?windows-1251?Q?dBrFjYuA+GVsAWmxi2+vIVg1WEK3s8b/9G7taskSjPJR3/czVzazolqs?=
=?windows-1251?Q?3EnlFrsxPyK+XNzIILjMPk/SXQLkgfl3MnBi65dNgGbFsXF5h8hs9yFZ?=
=?windows-1251?Q?X7hwDbS9Bs6YmhA8/kF4W4zJNV9MEyXUPSwkscMBPwvp2/2ePVjArBUB?=
=?windows-1251?Q?zKzITJ9j8Wt8TpoXKP/DJoeU9Vy+7+Z3TtaZzyH/Q8G2ZxrinVJn8VTC?=
=?windows-1251?Q?OpFPoW3wDwnoqjhPpAnFuA9eLK049yN35HlhjLZFw6PgVEGZxDzVsDoX?=
=?windows-1251?Q?StWISfRIgf4YcOg/xAciUhR1jG32RNTVVthFjFVwBADKoKrtx5XYLkO2?=
=?windows-1251?Q?Pjy5MqNOAfu8XddvUf4+UTOQkIqbWuo/Or1HrFpnQKb/MASIQ2YoMPlD?=
=?windows-1251?Q?F+Q+cKqmU7DsP37IcqjZozHpcO+sQHBZLroL84xD1HGE0aTG2dhp/Bvx?=
=?windows-1251?Q?5kJMrN01fG7Sk5nHKgAM91rBnoEJb1zNXA56oD6uTRwVS4x9o62gmvYH?=
=?windows-1251?Q?/+zoKPXZ5NSnjWWTza3Ajl9MsTVarxHGBScqg/o/DdvdNNII1JmxYmwo?=
=?windows-1251?Q?fej3RYvm502DwVpco34XRvjOnmvpZCfljCm+jAWNljImyUk6dgPy8Kse?=
=?windows-1251?Q?kFRMxkwg5R4qHV/gbtXcDmDs9M8a4zdoIL2j9ddQVZOKm2oaZ0fWjQ0p?=
=?windows-1251?Q?2V4DvbpWTsCEGZXQeLkUClPGfuuUV29ZQ41PtH9tHUlTWS8SujuPFbRm?=
=?windows-1251?Q?xlHcKuY/NV8KNYAUi38ZRGE2kG9oyg/pvIUhxMYigfYReJSVAu6MqMAb?=
=?windows-1251?Q?0hiHSBFrHAVj0Qi7DkVQLr6q5dI3BNO5pukC8XBtk+UH08xiXqJVjkL9?=
=?windows-1251?Q?PKqE0R8awC1ui/hz4h2sRt/JyPGTCJcoUVg9j9S+zk20TumVqY7FcLbI?=
=?windows-1251?Q?Cq2gJlWB6rsoOwjN5zWYoLd3gwu/PCCt7eRXblrxMWFYA4y3npInZ0D7?=
=?windows-1251?Q?VRuhIcnbjqms9h/nQP0NR1gQBH1lnmdM?=
X-Forefront-Antispam-Report:
CIP:8.42.207.80;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.jas.com;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230028)(4636009)(396003)(376002)(346002)(136003)(39860400002)(451199021)(109986019)(40470700004)(956004)(336012)(82310400005)(31696002)(86362001)(66899021)(2906002)(83380400001)(3480700007)(40480700001)(32650700002)(356005)(81166007)(82740400003)(35950700001)(40460700003)(6666004)(41300700001)(70586007)(70206006)(8936002)(8676002)(7416002)(7116003)(7366002)(7406005)(5660300002)(498600001)(316002)(31686004)(2860700004)(9686003)(26005)(2700400008);DIR:OUT;SFP:1023;
X-OriginatorOrg: WWJWM.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Apr 2023 04:47:10.6419
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4d4d004a-cbce-4044-9870-08db3b10fa3f
X-MS-Exchange-CrossTenant-Id: fa3414ca-197f-48b7-8ff3-892f8bdd8e93
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=fa3414ca-197f-48b7-8ff3-892f8bdd8e93;Ip=[8.42.207.80];Helo=[mail1.jas.com]
X-MS-Exchange-CrossTenant-AuthSource:
BN8NAM12FT022.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR01MB6471
X-Spam_score: 17.1
X-Spam_score_int: 171
X-Spam_bar: +++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: RE: INVESTMENT PROPOSITION: To Whom It May Concern: My name
is Edward Stevenson. I am a Certified Outsourcing Specialist {COS} based
in the Republic of Ghana. By virtue of my profession,I have my client’s
mandate to source for Investment/Fund Manager [...]
Content analysis details: (17.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[95.214.24.111 listed in zen.spamhaus.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[40.95.33.173 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[40.95.33.173 listed in bl.score.senderscore.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM10-MW2-obe.outbound.protection.outlook.com;ip=40.95.33.173;r=doctor.nl2k.ab.ca]
0.0 NSL_RCVD_FROM_USER Received from User
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[edwardstevenson445(at)aol.com]
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
0.0 FAKE_REPLY_C No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} RE: INVESTMENT PROPOSITION:
RE: INVESTMENT PROPOSITION:
To Whom It May Concern:
My name is Edward Stevenson. I am a Certified Outsourcing Specialist {COS} based in the Republic of Ghana. By virtue of my profession,I have my client’s mandate to source for Investment/Fund Manager or Entrepreneur with wealth of experience from any part of the World that will be willing and ready to manage my client's Investment Capital for a long period of 10 years and above without interference from the ultimate beneficial owner either directly or indirectly.
Furthermore, you shall retain 15% of the Investment Capital as your Gratification, Commission and Investment Management Fees should you find this offer interesting. In addition, you will at the same time ratain 30% Net Profit from the client's Investment Capital for managing the Investment satisfactorily. The Return on Investment {ROI} payable annually to my client will be determined by you and finally, you will have a Grace Period of 18 months before ROI will be paid to my client annually. If you are eminently qualified to work with us as specified herein, kindly introduce yourself, your company and what type of business you do in order to assess your qualifications. Moreso, add your WhatsApp Number for more effective communication.
Truly Yours,
Edward Stevenson,CSO
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 12 Apr 2023 07:06:33 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pmaB5-0004nK-2o
for dave@doctor.nl2k.ab.ca;
Wed, 12 Apr 2023 07:06:23 -0600
Resent-From: The Doctor
Resent-Date: Wed, 12 Apr 2023 07:06:23 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-mw2nam10rlhn2173.outbound.protection.outlook.com ([40.95.33.173]:11358 helo=NAM10-MW2-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pmSQf-000HeU-0e
for doctor@nl2k.ab.ca;
Tue, 11 Apr 2023 22:49:22 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=kOCbL7H8E+/M4QLsNHYKwJPt1lYf2kJ/TSdGE4ETZq2mLwJO85Yu1xhKobWOkH0gkRgip+FKELNeX7/p2e7dkOReB3nOMm983+QZ+TtppqL4gSzgxLsfODIqCOfRi/KbIAeO+ayVl5bFnawPURUUxbi/mKZopBzOu+EoGCHYB5mDrl+gjk/477SeJZK6hvrX2nIvrGIx0ahJtzo5U9Xo2j9wb19hlPcJooY40joyHcFYbVK/VyOSqweTuhkdbdx8sO1maR1zsC3sOKcecnnXNVr5RnDy66yb9b602oPDczwmClQUAs7J7Ll0HQcoT0fN7IIKlohNHuKo2W5AfpHUcQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=/7GocbTHZfK8HfxPS77eAopNGySB/pwC+X6eUbQhv2k=;
b=aPBhuPs0Vm4aazxN06rQIUQPAsPunXbOQuy8D4bBvXSWU1HpLKD0jkzCrPx9y+o7LZaiXe2a9ovod19aBNs7d4/5msmKmkPCHiFTP7pE3w6v5xkspEno+V3TaSodBdE5zhBahGUgis1kGc25+jqaHbOVtXlAt798hOexzq2EFz0CWfRKbLuo2KJlOdxqO42tvu9dHHE4kpP7ZxTvN6b9EXiUMKTN0I5V4c5ZbmOh6fEzf1BliFRWfL0J4GnpuM2Mmwq2/AfMKc7c/9eTHsEj5FV/RPULfL1hJ9cJikedBlg8ll+HKmSglr6mSyHfglFiBKR5oNXTXhoeeCG6J0oyiQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 8.42.207.80) smtp.rcpttodomain=iprimus.ca smtp.mailfrom=aristotle.net;
dmarc=fail (p=none sp=none pct=100) action=none header.from=aristotle.net;
dkim=none (message not signed); arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wwjwm.onMicrosoft.com;
s=selector2-wwjwm-onMicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=/7GocbTHZfK8HfxPS77eAopNGySB/pwC+X6eUbQhv2k=;
b=RMMOYvrtK/1T9CuM8gLmgNSt3I1nwjFB4hTCQXTVYTffZS75EY86akTUNZpBFadLZXX27fHQtMhpSfwHpHytgn42aPdIu9Lb3wpp82KekDpyE1B/5kxzK/Bz1dYU/U2F+tUGpHojm8tVp+qVE39E0yea+yVU2LOSEJNSw9G4x+g=
Received: from BN0PR04CA0152.namprd04.prod.outlook.com (2603:10b6:408:eb::7)
by PH0PR01MB6471.prod.exchangelabs.com (2603:10b6:510:b::11) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6298.30; Wed, 12 Apr 2023 04:47:11 +0000
Received: from BN8NAM12FT022.eop-nam12.prod.protection.outlook.com
(2603:10b6:408:eb:cafe::22) by BN0PR04CA0152.outlook.office365.com
(2603:10b6:408:eb::7) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6277.40 via Frontend
Transport; Wed, 12 Apr 2023 04:47:11 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is 8.42.207.80)
smtp.mailfrom=aristotle.net; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=aristotle.net;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
aristotle.net discourages use of 8.42.207.80 as permitted sender)
Received: from mail1.jas.com (8.42.207.80) by
BN8NAM12FT022.mail.protection.outlook.com (10.13.183.82) with Microsoft SMTP
Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.6319.4 via Frontend Transport; Wed, 12 Apr 2023 04:47:10 +0000
Received: from USBCDPSMBX02.jas1.ds.Jas.com (172.29.10.52) by
USBCDPSMBX02.jas1.ds.Jas.com (172.29.10.52) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1118.26; Wed, 12 Apr 2023 00:46:43 -0400
Received: from User (95.214.24.111) by USBCDPSMBX02.jas1.ds.Jas.com
(172.29.10.52) with Microsoft SMTP Server id 15.2.1118.26 via Frontend
Transport; Wed, 12 Apr 2023 00:46:38 -0400
Reply-To:
From: "Edward Stevenson,CSO"
Subject: RE: INVESTMENT PROPOSITION:
Date: Tue, 11 Apr 2023 21:46:43 -0700
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <0c75ef35-14a0-438a-8d9d-b42d0d0414f4@USBCDPSMBX02.jas1.ds.Jas.com>
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BN8NAM12FT022:EE_|PH0PR01MB6471:EE_
X-MS-Office365-Filtering-Correlation-Id: 4d4d004a-cbce-4044-9870-08db3b10fa3f
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?ZXl/w1YqzY59Un9Qf3n3D2FRcxjmu+QoCufn2QnYcfH0EP0xtn+4pvUs?=
=?windows-1251?Q?yJhfTVsdgUo36ALVSVTYYeFBurfd+YI2RJxy+kwbTCEmr0QLsABhkxWP?=
=?windows-1251?Q?FV02OiB+9b0M4fatT8lXQzSWILC/p1AO7aGFe4rU2vjfgt28zdkf3Zi3?=
=?windows-1251?Q?dBrFjYuA+GVsAWmxi2+vIVg1WEK3s8b/9G7taskSjPJR3/czVzazolqs?=
=?windows-1251?Q?3EnlFrsxPyK+XNzIILjMPk/SXQLkgfl3MnBi65dNgGbFsXF5h8hs9yFZ?=
=?windows-1251?Q?X7hwDbS9Bs6YmhA8/kF4W4zJNV9MEyXUPSwkscMBPwvp2/2ePVjArBUB?=
=?windows-1251?Q?zKzITJ9j8Wt8TpoXKP/DJoeU9Vy+7+Z3TtaZzyH/Q8G2ZxrinVJn8VTC?=
=?windows-1251?Q?OpFPoW3wDwnoqjhPpAnFuA9eLK049yN35HlhjLZFw6PgVEGZxDzVsDoX?=
=?windows-1251?Q?StWISfRIgf4YcOg/xAciUhR1jG32RNTVVthFjFVwBADKoKrtx5XYLkO2?=
=?windows-1251?Q?Pjy5MqNOAfu8XddvUf4+UTOQkIqbWuo/Or1HrFpnQKb/MASIQ2YoMPlD?=
=?windows-1251?Q?F+Q+cKqmU7DsP37IcqjZozHpcO+sQHBZLroL84xD1HGE0aTG2dhp/Bvx?=
=?windows-1251?Q?5kJMrN01fG7Sk5nHKgAM91rBnoEJb1zNXA56oD6uTRwVS4x9o62gmvYH?=
=?windows-1251?Q?/+zoKPXZ5NSnjWWTza3Ajl9MsTVarxHGBScqg/o/DdvdNNII1JmxYmwo?=
=?windows-1251?Q?fej3RYvm502DwVpco34XRvjOnmvpZCfljCm+jAWNljImyUk6dgPy8Kse?=
=?windows-1251?Q?kFRMxkwg5R4qHV/gbtXcDmDs9M8a4zdoIL2j9ddQVZOKm2oaZ0fWjQ0p?=
=?windows-1251?Q?2V4DvbpWTsCEGZXQeLkUClPGfuuUV29ZQ41PtH9tHUlTWS8SujuPFbRm?=
=?windows-1251?Q?xlHcKuY/NV8KNYAUi38ZRGE2kG9oyg/pvIUhxMYigfYReJSVAu6MqMAb?=
=?windows-1251?Q?0hiHSBFrHAVj0Qi7DkVQLr6q5dI3BNO5pukC8XBtk+UH08xiXqJVjkL9?=
=?windows-1251?Q?PKqE0R8awC1ui/hz4h2sRt/JyPGTCJcoUVg9j9S+zk20TumVqY7FcLbI?=
=?windows-1251?Q?Cq2gJlWB6rsoOwjN5zWYoLd3gwu/PCCt7eRXblrxMWFYA4y3npInZ0D7?=
=?windows-1251?Q?VRuhIcnbjqms9h/nQP0NR1gQBH1lnmdM?=
X-Forefront-Antispam-Report:
CIP:8.42.207.80;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail1.jas.com;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230028)(4636009)(396003)(376002)(346002)(136003)(39860400002)(451199021)(109986019)(40470700004)(956004)(336012)(82310400005)(31696002)(86362001)(66899021)(2906002)(83380400001)(3480700007)(40480700001)(32650700002)(356005)(81166007)(82740400003)(35950700001)(40460700003)(6666004)(41300700001)(70586007)(70206006)(8936002)(8676002)(7416002)(7116003)(7366002)(7406005)(5660300002)(498600001)(316002)(31686004)(2860700004)(9686003)(26005)(2700400008);DIR:OUT;SFP:1023;
X-OriginatorOrg: WWJWM.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Apr 2023 04:47:10.6419
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 4d4d004a-cbce-4044-9870-08db3b10fa3f
X-MS-Exchange-CrossTenant-Id: fa3414ca-197f-48b7-8ff3-892f8bdd8e93
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=fa3414ca-197f-48b7-8ff3-892f8bdd8e93;Ip=[8.42.207.80];Helo=[mail1.jas.com]
X-MS-Exchange-CrossTenant-AuthSource:
BN8NAM12FT022.eop-nam12.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR01MB6471
X-Spam_score: 17.1
X-Spam_score_int: 171
X-Spam_bar: +++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: RE: INVESTMENT PROPOSITION: To Whom It May Concern: My name
is Edward Stevenson. I am a Certified Outsourcing Specialist {COS} based
in the Republic of Ghana. By virtue of my profession,I have my client’s
mandate to source for Investment/Fund Manager [...]
Content analysis details: (17.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[95.214.24.111 listed in zen.spamhaus.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[40.95.33.173 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[40.95.33.173 listed in bl.score.senderscore.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=NAM10-MW2-obe.outbound.protection.outlook.com;ip=40.95.33.173;r=doctor.nl2k.ab.ca]
0.0 NSL_RCVD_FROM_USER Received from User
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[edwardstevenson445(at)aol.com]
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 CTE_8BIT_MISMATCH Header says 7bits but body disagrees
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
0.0 FAKE_REPLY_C No description available.
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} RE: INVESTMENT PROPOSITION:
RE: INVESTMENT PROPOSITION:
To Whom It May Concern:
My name is Edward Stevenson. I am a Certified Outsourcing Specialist {COS} based in the Republic of Ghana. By virtue of my profession,I have my client’s mandate to source for Investment/Fund Manager or Entrepreneur with wealth of experience from any part of the World that will be willing and ready to manage my client's Investment Capital for a long period of 10 years and above without interference from the ultimate beneficial owner either directly or indirectly.
Furthermore, you shall retain 15% of the Investment Capital as your Gratification, Commission and Investment Management Fees should you find this offer interesting. In addition, you will at the same time ratain 30% Net Profit from the client's Investment Capital for managing the Investment satisfactorily. The Return on Investment {ROI} payable annually to my client will be determined by you and finally, you will have a Grace Period of 18 months before ROI will be paid to my client annually. If you are eminently qualified to work with us as specified herein, kindly introduce yourself, your company and what type of business you do in order to assess your qualifications. Moreso, add your WhatsApp Number for more effective communication.
Truly Yours,
Edward Stevenson,CSO