Rona phish from sendgrid
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 24 Jun 2023 14:52:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qDAES-000Cje-17
for dave@doctor.nl2k.ab.ca;
Sat, 24 Jun 2023 14:51:44 -0600
Resent-From: The Doctor
Resent-Date: Sat, 24 Jun 2023 14:51:44 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from wfbtdvbd.outbound-mail.sendgrid.net ([159.183.216.189]:55914)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1qD8Rw-000Pon-0F
for root@nk.ca;
Sat, 24 Jun 2023 12:57:36 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quickbox.net;
h=from:subject:content-type:to:cc:cc:content-type:from:subject:to;
s=s1; bh=BMBbRjQ8zrr3jUij663Ev06bdddTvbfuaGY4aNcz3sY=;
b=chr8LvQtli6yrtnB2r/YuQfHKL1Pu6C6CAuPXPTYodPTP7ziAH9zAFURbVGgzg7iKKFi
gL+tAMASux/DoNLcnfIL20oKV89AcB4dWt1uLDI9wVzhFzI1m8MWhf5iYob3BjZoiKFdbd
uxCofa4TaM8VId/AYb5Hlvd3Y8bGLOxEQJGT3mgMHkkKaV96kPjUayNTqHIRERiKTNm4sX
uVbd2xoLvnv393QYs5CTnmgscKLyXB8CVwwSMe4Xy9W81WxXnC/PsmADCX1P13T7Mzn33w
1Bkr33AhOUHXR8mJIjixfBUr51iqMxao36KCaiHlpjvqKswk4xgtq1c04G/GtjwA==
Received: by filterdrecv-68f649d54f-gj2pk with SMTP id filterdrecv-68f649d54f-gj2pk-1-649732B2-2B
2023-06-24 18:15:14.224679851 +0000 UTC m=+3868741.565998708
Received: from alpro.com (unknown)
by geopod-ismtpd-canary-0 (SG) with ESMTP
id U6Hyev8BTySSqFqFkMqyzQ
for;
Sat, 24 Jun 2023 18:15:14.081 +0000 (UTC)
Date: Sat, 24 Jun 2023 18:15:14 +0000 (UTC)
From: Rona Department
Subject: RE:Verification #74004-35 Dewalt Power Station
Content-Type: multipart/alternative;
boundary="b1_493f3521f617a60df11e3e28d4b9a36b"
Message-ID:
X-SG-EID:
=?us-ascii?Q?TXuRUVr81VqCx5z9ah9ectDsQX7lgoLeL4cM3kMFdiEmCQsALaiZvUvMgmt88k?=
=?us-ascii?Q?L9mYbZEn3+zduDtL31vC9lfNNZ+BqghGmnH4136?=
=?us-ascii?Q?xkl7g9bNuq=2Fjybx14Bq2TQjjMpPERz4jLVy28Ml?=
=?us-ascii?Q?k2ORHr5usg7b0c54NGygAnAK0LYjD95x+517cwj?=
=?us-ascii?Q?3Z5F1crMzgomR9kyu1NXdsLx750Ab4Wfg1++4WQ?=
=?us-ascii?Q?sypWsuolNVvbzbmJ24mUM0QCuekmAp6pi0gWWQ?=
To: root@nk.ca, root@nk.ca
Cc: root@nk.ca, root@nk.ca
X-Entity-ID: gEo36SWoY7+1oZo3Fb4yzQ==
X-Spam_score: 6.7
X-Spam_score_int: 67
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Â Tracking number165414491 Your package is waiting for delivery
!
Content analysis details: (6.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.1 URIBL_GREY Contains an URL listed in the URIBL greylist
[URI: sendgrid.net]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags
1.5 MPART_ALT_DIFF_COUNT BODY: HTML and text parts are different
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.3 SENDGRID_REDIR Redirect URI via Sendgrid
Subject: {SPAM?} RE:Verification #74004-35 Dewalt Power Station
--b1_493f3521f617a60df11e3e28d4b9a36b
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Â
Tracking number165414491
Your package is waiting for delivery !
Hi memka,In order to complete the delivery of your package , please confirm the payment (1.65 CAD). Online confirmation must be made within the next 14 days, before it expires.
Deliver my package
Kind regards,2023 © DHL International GmbH. All rights reserved.
Â
Â
Â
--b1_493f3521f617a60df11e3e28d4b9a36b
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 24 Jun 2023 14:52:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qDAES-000Cje-17
for dave@doctor.nl2k.ab.ca;
Sat, 24 Jun 2023 14:51:44 -0600
Resent-From: The Doctor
Resent-Date: Sat, 24 Jun 2023 14:51:44 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from wfbtdvbd.outbound-mail.sendgrid.net ([159.183.216.189]:55914)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from
id 1qD8Rw-000Pon-0F
for root@nk.ca;
Sat, 24 Jun 2023 12:57:36 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quickbox.net;
h=from:subject:content-type:to:cc:cc:content-type:from:subject:to;
s=s1; bh=BMBbRjQ8zrr3jUij663Ev06bdddTvbfuaGY4aNcz3sY=;
b=chr8LvQtli6yrtnB2r/YuQfHKL1Pu6C6CAuPXPTYodPTP7ziAH9zAFURbVGgzg7iKKFi
gL+tAMASux/DoNLcnfIL20oKV89AcB4dWt1uLDI9wVzhFzI1m8MWhf5iYob3BjZoiKFdbd
uxCofa4TaM8VId/AYb5Hlvd3Y8bGLOxEQJGT3mgMHkkKaV96kPjUayNTqHIRERiKTNm4sX
uVbd2xoLvnv393QYs5CTnmgscKLyXB8CVwwSMe4Xy9W81WxXnC/PsmADCX1P13T7Mzn33w
1Bkr33AhOUHXR8mJIjixfBUr51iqMxao36KCaiHlpjvqKswk4xgtq1c04G/GtjwA==
Received: by filterdrecv-68f649d54f-gj2pk with SMTP id filterdrecv-68f649d54f-gj2pk-1-649732B2-2B
2023-06-24 18:15:14.224679851 +0000 UTC m=+3868741.565998708
Received: from alpro.com (unknown)
by geopod-ismtpd-canary-0 (SG) with ESMTP
id U6Hyev8BTySSqFqFkMqyzQ
for
Sat, 24 Jun 2023 18:15:14.081 +0000 (UTC)
Date: Sat, 24 Jun 2023 18:15:14 +0000 (UTC)
From: Rona Department
Subject: RE:Verification #74004-35 Dewalt Power Station
Content-Type: multipart/alternative;
boundary="b1_493f3521f617a60df11e3e28d4b9a36b"
Message-ID:
X-SG-EID:
=?us-ascii?Q?TXuRUVr81VqCx5z9ah9ectDsQX7lgoLeL4cM3kMFdiEmCQsALaiZvUvMgmt88k?=
=?us-ascii?Q?L9mYbZEn3+zduDtL31vC9lfNNZ+BqghGmnH4136?=
=?us-ascii?Q?xkl7g9bNuq=2Fjybx14Bq2TQjjMpPERz4jLVy28Ml?=
=?us-ascii?Q?k2ORHr5usg7b0c54NGygAnAK0LYjD95x+517cwj?=
=?us-ascii?Q?3Z5F1crMzgomR9kyu1NXdsLx750Ab4Wfg1++4WQ?=
=?us-ascii?Q?sypWsuolNVvbzbmJ24mUM0QCuekmAp6pi0gWWQ?=
To: root@nk.ca, root@nk.ca
Cc: root@nk.ca, root@nk.ca
X-Entity-ID: gEo36SWoY7+1oZo3Fb4yzQ==
X-Spam_score: 6.7
X-Spam_score_int: 67
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Â Tracking number165414491 Your package is waiting for delivery
!
Content analysis details: (6.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.1 URIBL_GREY Contains an URL listed in the URIBL greylist
[URI: sendgrid.net]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags
1.5 MPART_ALT_DIFF_COUNT BODY: HTML and text parts are different
0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME
headers
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.3 SENDGRID_REDIR Redirect URI via Sendgrid
Subject: {SPAM?} RE:Verification #74004-35 Dewalt Power Station
--b1_493f3521f617a60df11e3e28d4b9a36b
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Â
Tracking number165414491
Your package is waiting for delivery !
Hi memka,In order to complete the delivery of your package , please confirm the payment (1.65 CAD). Online confirmation must be made within the next 14 days, before it expires.
Deliver my package
Kind regards,2023 © DHL International GmbH. All rights reserved.
Â
Â
Â
--b1_493f3521f617a60df11e3e28d4b9a36b
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit