Nigerian spam from Microsoft outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 12 Feb 2024 13:44:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rZd9K-00000000M7V-3Fl5
for dave@doctor.nl2k.ab.ca;
Mon, 12 Feb 2024 13:43:34 -0700
Resent-From: The Doctor
Resent-Date: Mon, 12 Feb 2024 13:43:34 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm3gcc02hn2231.outbound.protection.outlook.com ([52.100.154.231]:64864 helo=GCC02-DM3-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rZbTg-00000000Iqu-3nPG
for doctor@nl2k.ab.ca;
Mon, 12 Feb 2024 11:56:32 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=RmikuTJ11ulC8fQ4qd0kd8tJ4D5YIDsTQ4EZVw/aLjOvLicc9/0kddJ6PBiyg8qNRAMwmA57oD2mEOWCEhqAgZfeG5Lj+vL2CO04klJ6WzrMkn9M8qxahCIkiPMCjDwo8mc/dFCl4IXz1yj6rGa/TFCFHPza+49nvB26R8uvHbGWrNPssbFwXsCK+PseYjQY+PJ33Btje+Tlxkj5sXfsxiwFI2mDuczVHd9ugWWsR36C5NpUcKmuLQE8wUhEfaGi2jP/adQtuMQQWYxAdJHMgBjJ2efNQrnjT+nW/IRGvuoE8LlM9X+77U+SkwpEi/BsYgk2ih5LvG8+qXOlDETFyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=75aj16Ef1/YIJoPNXXX5UeoPWQ2tnntO6yoK373NA8E=;
b=HavxJtcCVlOR+xVlrdUl4lt3Sm1BDGEIj7Q0VUbb3DOZUiIz2NIfSytZs7Ha0uNEGasSewBCKMi6Lw9ZuUZlpAJkh8SfeO+zgYdPVlkXhnDLbpt3fgT2qwtIZ9s7bv2nhvd5PNbgJZ9iNQ+rVG4F20/+G7e3tzW1PCdmYZ08xHtUGBc8wKsK+XB22a0F9tGUxBaRYfzUzs+XrUW1tCMuJMoRw2g918QF/j5cYXxkEF9aeAX/cM8eM5pB4APxWW0bjK5KzQklXkHpmUCZCy/vgL7WRe+4kBNTPzWc67wVFjyyXo8aW/7TqsQBNAUtQf1y779ZxtVsCxXnhAxmsq7ByQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 204.235.229.20) smtp.rcpttodomain=aol.com smtp.mailfrom=gmail.com;
dmarc=fail (p=none sp=quarantine pct=100) action=none header.from=gmail.com;
dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=houstonpolice.onmicrosoft.com; s=selector2-houstonpolice-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=75aj16Ef1/YIJoPNXXX5UeoPWQ2tnntO6yoK373NA8E=;
b=Rw2ZYji9V1LnN8/sDYUw3UUostYB4JasRwHHIvikFlAOvE7RC5GAquB5JsXpA1JSvaHC9JCzR5t2tNd/kWB/ovO33K0Al/3U30qTyTv5Ama7N16jrbfN0ttOz8GSXCchpSul6e1UOiVq7zYy+CzWYFI1JgzUmSdWARvigrCLgT4=
Received: from BL0PR0901CA0028.namprd09.prod.outlook.com
(2603:10b6:208:1c0::38) by SA1PR09MB9958.namprd09.prod.outlook.com
(2603:10b6:806:285::22) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.25; Mon, 12 Feb
2024 18:54:25 +0000
Received: from DS1PEPF00017E07.namprd09.prod.outlook.com
(2603:10b6:208:1c0:cafe::dc) by BL0PR0901CA0028.outlook.office365.com
(2603:10b6:208:1c0::38) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.39 via Frontend
Transport; Mon, 12 Feb 2024 18:54:24 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is
204.235.229.20) smtp.mailfrom=gmail.com; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=gmail.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
gmail.com discourages use of 204.235.229.20 as permitted sender)
Received: from mail.houstonpolice.org (204.235.229.20) by
DS1PEPF00017E07.mail.protection.outlook.com (10.167.18.164) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7249.19 via Frontend Transport; Mon, 12 Feb 2024 18:54:24 +0000
Received: from PHSHPDCLSTR000B.HPDWINAD.HPD (10.10.132.103) by
PHSHPDCLSTR001B.HPDWINAD.HPD (10.10.132.104) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.35; Mon, 12 Feb 2024 12:54:24 -0600
Received: from User (10.10.132.248) by PHSHPDCLSTR000B.HPDWINAD.HPD
(10.10.132.103) with Microsoft SMTP Server id 15.1.2507.35 via Frontend
Transport; Mon, 12 Feb 2024 12:54:18 -0600
Reply-To:
From: Artistry Angel Quest
To:
Subject: Hello. Funds Investment. Reply.
Date: Mon, 12 Feb 2024 10:54:24 -0800
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <927fb3a1-b55b-4b38-8d4a-659aebfd070c@PHSHPDCLSTR000B.HPDWINAD.HPD>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS1PEPF00017E07:EE_|SA1PR09MB9958:EE_
X-MS-Office365-Filtering-Correlation-Id: 3b21c499-57d4-4b02-a65c-08dc2bfc0828
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?VCRs3x48OaMioeTsFfbVJSlmztWd6JnBE8kXtvV0iULnNu4gOGJyDWxb?=
=?windows-1251?Q?mqX8XZM3mGaskv/Afc8tVjMQC6xtAIa0fbM/KEni2ApUHmuIZb7nfbYW?=
=?windows-1251?Q?UlKusym/jjHtoTUSf+ekJqGw5F1sQ07Y1g2AcqFZQaELbZFWQotqAdqG?=
=?windows-1251?Q?ajO+hor1VPG47TzbAtCj7gXzfCIwgsDmkned8gtcIOgafN8npx7bNsbE?=
=?windows-1251?Q?WCcF2H23fx56koA2Fs+5MBiB3zlmYilh7F4hdNHv1mW18iGw6nHNZ5kR?=
=?windows-1251?Q?YztvVx5e/6EofW8NMBn/HneFZlBTZd5McEDrgqxsnL51tTxzp6UBHUxR?=
=?windows-1251?Q?lGk5xabUb6o+ETWKTIL8qn12ILOUXnjtZBEIU77OZtdyccbdBtw3fyXC?=
=?windows-1251?Q?gJu2LLs0GqmKAZXj25gQ8ymlX5PILe3WvU0T1GZ6rAzfc0Rs7XMeTALr?=
=?windows-1251?Q?IUl0tkClty+7MP7Z8xH1GAT8JrlaeRqOTdG/SUNmDgZtCvOAL3BFoWk9?=
=?windows-1251?Q?gD2UUbObj2Qnr6TTzxCGm3o2LlpJVyjgkYPdf6xXAjk6a0u5WulGLBxE?=
=?windows-1251?Q?xU4v7rZCNFo4NYxLFQFE13Pt0p8lZLZrGz/p4K1Bdvogu/xV8eRJ+QXL?=
=?windows-1251?Q?Cqe3SHeZsNKL3hYQnnTY1wzEbRDD+/JhjPO6yCCkM79aUPwAa3jEUUen?=
=?windows-1251?Q?3I+AXOSFGfqKad+gOXexGSHi+gX5Iu7hieXd0KSZleV8cASS4xj7350P?=
=?windows-1251?Q?Nb0P5x0LCCbj5cdeLG1lIk0mrut1er3pvvT004oi/QYhm3Veuc/WAtvI?=
=?windows-1251?Q?Xd3TjvNiytkmYQncYL/jnLHPIJgjjcvbhcrc43pTP93WegMaFAl3VOvW?=
=?windows-1251?Q?1iJdQx/Q5/YyUlIoxY9tcyaAlm9tTJSNbTJOGUnhaWTJAzDMJvdXrTDs?=
=?windows-1251?Q?AF3fYWvK2tqqW5jAjNCaMwDSguDWNuRaUqQxSYgtT5Af3ovuZGeqAqPW?=
=?windows-1251?Q?L9nqsSZ6prw+tNPECVKd3t0pKJnT72Ts/l1wTynF3q495GQqgf9HmPSP?=
=?windows-1251?Q?qaMMAtbrxTlAVyZ3tSsTBLowVy00q09aWRSo7L9oBk+glkCEuFp0IsLX?=
=?windows-1251?Q?Ie4=3D?=
X-Forefront-Antispam-Report:
CIP:204.235.229.20;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail.houstonpolice.org;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230031)(4636009)(396003)(136003)(39830400003)(84050400002)(230922051799003)(82310400011)(64100799003)(451199024)(40470700004)(9686003)(508600001)(31686004)(41300700001)(6200100001)(8936002)(8676002)(6862004)(5660300002)(7406005)(7416002)(2906002)(4744005)(3450700001)(7366002)(76482006)(2860700004)(6666004)(70586007)(316002)(70206006)(73392003)(83380400001)(336012)(31696002)(356005)(86362001)(81166007)(26005)(82202003)(23876011);DIR:OUT;SFP:1501;
X-OriginatorOrg: houstonpolice.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Feb 2024 18:54:24.7621
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3b21c499-57d4-4b02-a65c-08dc2bfc0828
X-MS-Exchange-CrossTenant-Id: 64c753ca-2ec6-4981-81e7-5c7597f9e7d8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64c753ca-2ec6-4981-81e7-5c7597f9e7d8;Ip=[204.235.229.20];Helo=[mail.houstonpolice.org]
X-MS-Exchange-CrossTenant-AuthSource:
DS1PEPF00017E07.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB9958
X-Spam_score: 12.3
X-Spam_score_int: 123
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: [Message Came from Outside the Houston Police Department Mail
System] Attn Sir / Madam, Happy New Year, Still waiting for your answer regards
our clearance settlement cost to permit us to authorize the release and impounded
$8.497 241 00 US dollar with the real Dubai Commercial Bank Limi [...]
Content analysis details: (12.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[52.100.154.231 listed in list.dnswl.org]
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 ARC_VALID Message has a valid ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 ARC_SIGNED Message has a ARC signature
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[52.100.154.231 listed in wl.mailspike.net]
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[globalchember(at)gmail.com]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
2.7 UNCLAIMED_MONEY BODY: People just leave money laying around
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
freemail headers are different
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
1.9 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
1.0 XPRIO Has X-Priority header
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Subject: {SPAM?} Hello. Funds Investment. Reply.
251">
" bottommargin=3D"5">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 12 Feb 2024 13:44:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rZd9K-00000000M7V-3Fl5
for dave@doctor.nl2k.ab.ca;
Mon, 12 Feb 2024 13:43:34 -0700
Resent-From: The Doctor
Resent-Date: Mon, 12 Feb 2024 13:43:34 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-dm3gcc02hn2231.outbound.protection.outlook.com ([52.100.154.231]:64864 helo=GCC02-DM3-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rZbTg-00000000Iqu-3nPG
for doctor@nl2k.ab.ca;
Mon, 12 Feb 2024 11:56:32 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=RmikuTJ11ulC8fQ4qd0kd8tJ4D5YIDsTQ4EZVw/aLjOvLicc9/0kddJ6PBiyg8qNRAMwmA57oD2mEOWCEhqAgZfeG5Lj+vL2CO04klJ6WzrMkn9M8qxahCIkiPMCjDwo8mc/dFCl4IXz1yj6rGa/TFCFHPza+49nvB26R8uvHbGWrNPssbFwXsCK+PseYjQY+PJ33Btje+Tlxkj5sXfsxiwFI2mDuczVHd9ugWWsR36C5NpUcKmuLQE8wUhEfaGi2jP/adQtuMQQWYxAdJHMgBjJ2efNQrnjT+nW/IRGvuoE8LlM9X+77U+SkwpEi/BsYgk2ih5LvG8+qXOlDETFyA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=75aj16Ef1/YIJoPNXXX5UeoPWQ2tnntO6yoK373NA8E=;
b=HavxJtcCVlOR+xVlrdUl4lt3Sm1BDGEIj7Q0VUbb3DOZUiIz2NIfSytZs7Ha0uNEGasSewBCKMi6Lw9ZuUZlpAJkh8SfeO+zgYdPVlkXhnDLbpt3fgT2qwtIZ9s7bv2nhvd5PNbgJZ9iNQ+rVG4F20/+G7e3tzW1PCdmYZ08xHtUGBc8wKsK+XB22a0F9tGUxBaRYfzUzs+XrUW1tCMuJMoRw2g918QF/j5cYXxkEF9aeAX/cM8eM5pB4APxWW0bjK5KzQklXkHpmUCZCy/vgL7WRe+4kBNTPzWc67wVFjyyXo8aW/7TqsQBNAUtQf1y779ZxtVsCxXnhAxmsq7ByQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
is 204.235.229.20) smtp.rcpttodomain=aol.com smtp.mailfrom=gmail.com;
dmarc=fail (p=none sp=quarantine pct=100) action=none header.from=gmail.com;
dkim=none (message not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=houstonpolice.onmicrosoft.com; s=selector2-houstonpolice-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=75aj16Ef1/YIJoPNXXX5UeoPWQ2tnntO6yoK373NA8E=;
b=Rw2ZYji9V1LnN8/sDYUw3UUostYB4JasRwHHIvikFlAOvE7RC5GAquB5JsXpA1JSvaHC9JCzR5t2tNd/kWB/ovO33K0Al/3U30qTyTv5Ama7N16jrbfN0ttOz8GSXCchpSul6e1UOiVq7zYy+CzWYFI1JgzUmSdWARvigrCLgT4=
Received: from BL0PR0901CA0028.namprd09.prod.outlook.com
(2603:10b6:208:1c0::38) by SA1PR09MB9958.namprd09.prod.outlook.com
(2603:10b6:806:285::22) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.25; Mon, 12 Feb
2024 18:54:25 +0000
Received: from DS1PEPF00017E07.namprd09.prod.outlook.com
(2603:10b6:208:1c0:cafe::dc) by BL0PR0901CA0028.outlook.office365.com
(2603:10b6:208:1c0::38) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.39 via Frontend
Transport; Mon, 12 Feb 2024 18:54:24 +0000
X-MS-Exchange-Authentication-Results: spf=softfail (sender IP is
204.235.229.20) smtp.mailfrom=gmail.com; dkim=none (message not signed)
header.d=none;dmarc=fail action=none header.from=gmail.com;
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
gmail.com discourages use of 204.235.229.20 as permitted sender)
Received: from mail.houstonpolice.org (204.235.229.20) by
DS1PEPF00017E07.mail.protection.outlook.com (10.167.18.164) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7249.19 via Frontend Transport; Mon, 12 Feb 2024 18:54:24 +0000
Received: from PHSHPDCLSTR000B.HPDWINAD.HPD (10.10.132.103) by
PHSHPDCLSTR001B.HPDWINAD.HPD (10.10.132.104) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
15.1.2507.35; Mon, 12 Feb 2024 12:54:24 -0600
Received: from User (10.10.132.248) by PHSHPDCLSTR000B.HPDWINAD.HPD
(10.10.132.103) with Microsoft SMTP Server id 15.1.2507.35 via Frontend
Transport; Mon, 12 Feb 2024 12:54:18 -0600
Reply-To:
From: Artistry Angel Quest
To:
Subject: Hello. Funds Investment. Reply.
Date: Mon, 12 Feb 2024 10:54:24 -0800
MIME-Version: 1.0
Content-Type: text/html; charset="Windows-1251"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <927fb3a1-b55b-4b38-8d4a-659aebfd070c@PHSHPDCLSTR000B.HPDWINAD.HPD>
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DS1PEPF00017E07:EE_|SA1PR09MB9958:EE_
X-MS-Office365-Filtering-Correlation-Id: 3b21c499-57d4-4b02-a65c-08dc2bfc0828
X-MS-Exchange-SenderADCheck: 2
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
=?windows-1251?Q?VCRs3x48OaMioeTsFfbVJSlmztWd6JnBE8kXtvV0iULnNu4gOGJyDWxb?=
=?windows-1251?Q?mqX8XZM3mGaskv/Afc8tVjMQC6xtAIa0fbM/KEni2ApUHmuIZb7nfbYW?=
=?windows-1251?Q?UlKusym/jjHtoTUSf+ekJqGw5F1sQ07Y1g2AcqFZQaELbZFWQotqAdqG?=
=?windows-1251?Q?ajO+hor1VPG47TzbAtCj7gXzfCIwgsDmkned8gtcIOgafN8npx7bNsbE?=
=?windows-1251?Q?WCcF2H23fx56koA2Fs+5MBiB3zlmYilh7F4hdNHv1mW18iGw6nHNZ5kR?=
=?windows-1251?Q?YztvVx5e/6EofW8NMBn/HneFZlBTZd5McEDrgqxsnL51tTxzp6UBHUxR?=
=?windows-1251?Q?lGk5xabUb6o+ETWKTIL8qn12ILOUXnjtZBEIU77OZtdyccbdBtw3fyXC?=
=?windows-1251?Q?gJu2LLs0GqmKAZXj25gQ8ymlX5PILe3WvU0T1GZ6rAzfc0Rs7XMeTALr?=
=?windows-1251?Q?IUl0tkClty+7MP7Z8xH1GAT8JrlaeRqOTdG/SUNmDgZtCvOAL3BFoWk9?=
=?windows-1251?Q?gD2UUbObj2Qnr6TTzxCGm3o2LlpJVyjgkYPdf6xXAjk6a0u5WulGLBxE?=
=?windows-1251?Q?xU4v7rZCNFo4NYxLFQFE13Pt0p8lZLZrGz/p4K1Bdvogu/xV8eRJ+QXL?=
=?windows-1251?Q?Cqe3SHeZsNKL3hYQnnTY1wzEbRDD+/JhjPO6yCCkM79aUPwAa3jEUUen?=
=?windows-1251?Q?3I+AXOSFGfqKad+gOXexGSHi+gX5Iu7hieXd0KSZleV8cASS4xj7350P?=
=?windows-1251?Q?Nb0P5x0LCCbj5cdeLG1lIk0mrut1er3pvvT004oi/QYhm3Veuc/WAtvI?=
=?windows-1251?Q?Xd3TjvNiytkmYQncYL/jnLHPIJgjjcvbhcrc43pTP93WegMaFAl3VOvW?=
=?windows-1251?Q?1iJdQx/Q5/YyUlIoxY9tcyaAlm9tTJSNbTJOGUnhaWTJAzDMJvdXrTDs?=
=?windows-1251?Q?AF3fYWvK2tqqW5jAjNCaMwDSguDWNuRaUqQxSYgtT5Af3ovuZGeqAqPW?=
=?windows-1251?Q?L9nqsSZ6prw+tNPECVKd3t0pKJnT72Ts/l1wTynF3q495GQqgf9HmPSP?=
=?windows-1251?Q?qaMMAtbrxTlAVyZ3tSsTBLowVy00q09aWRSo7L9oBk+glkCEuFp0IsLX?=
=?windows-1251?Q?Ie4=3D?=
X-Forefront-Antispam-Report:
CIP:204.235.229.20;CTRY:US;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:mail.houstonpolice.org;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230031)(4636009)(396003)(136003)(39830400003)(84050400002)(230922051799003)(82310400011)(64100799003)(451199024)(40470700004)(9686003)(508600001)(31686004)(41300700001)(6200100001)(8936002)(8676002)(6862004)(5660300002)(7406005)(7416002)(2906002)(4744005)(3450700001)(7366002)(76482006)(2860700004)(6666004)(70586007)(316002)(70206006)(73392003)(83380400001)(336012)(31696002)(356005)(86362001)(81166007)(26005)(82202003)(23876011);DIR:OUT;SFP:1501;
X-OriginatorOrg: houstonpolice.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Feb 2024 18:54:24.7621
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 3b21c499-57d4-4b02-a65c-08dc2bfc0828
X-MS-Exchange-CrossTenant-Id: 64c753ca-2ec6-4981-81e7-5c7597f9e7d8
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=64c753ca-2ec6-4981-81e7-5c7597f9e7d8;Ip=[204.235.229.20];Helo=[mail.houstonpolice.org]
X-MS-Exchange-CrossTenant-AuthSource:
DS1PEPF00017E07.namprd09.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SA1PR09MB9958
X-Spam_score: 12.3
X-Spam_score_int: 123
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: [Message Came from Outside the Houston Police Department Mail
System] Attn Sir / Madam, Happy New Year, Still waiting for your answer regards
our clearance settlement cost to permit us to authorize the release and impounded
$8.497 241 00 US dollar with the real Dubai Commercial Bank Limi [...]
Content analysis details: (12.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[52.100.154.231 listed in list.dnswl.org]
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 ARC_VALID Message has a valid ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 ARC_SIGNED Message has a ARC signature
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 AXB_X_FF_SEZ_S Forefront sez this is spam
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[52.100.154.231 listed in wl.mailspike.net]
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[globalchember(at)gmail.com]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
2.7 UNCLAIMED_MONEY BODY: People just leave money laying around
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.6 FSL_NEW_HELO_USER Spam's using Helo and User
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom
freemail headers are different
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
1.9 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
1.0 XPRIO Has X-Priority header
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
Subject: {SPAM?} Hello. Funds Investment. Reply.
251">
" bottommargin=3D"5">
n style=3D"font-size:8.0pt;color:black">[Message Came from Outside the Hous=
ton Police Department Mail System]
Attn Sir / Madam, =
; &n=
bsp; =
; &n=
bsp; =
; &n=
bsp; =
; &n=
bsp; =
;
; &n=
bsp; =
; &n=
bsp; =
; &n=
bsp; =
; &n=
bsp; =
;
Happy New Year, Still waiting for your answer regards our clearance se=
ttlement cost to permit us to authorize the release and impounded $8.497 24=
1 00 US dollar with the real Dubai Commercial Bank Limited Headquarters her=
e in Dubai, UAE
ttlement cost to permit us to authorize the release and impounded $8.497 24=
1 00 US dollar with the real Dubai Commercial Bank Limited Headquarters her=
e in Dubai, UAE
The board of the Monetary Task Force Unit Committee Headquarters, BOG,=
Dubai, UAE, thinking of closing the file at the desk by confiscating your =
abandoned unclaimed funds as long impounded illegal business recovered fund=
s in UAE, add into the government
treasury, as you refuse the claim till date now informing you directly now=
to know our next decision.
Dubai, UAE, thinking of closing the file at the desk by confiscating your =
abandoned unclaimed funds as long impounded illegal business recovered fund=
s in UAE, add into the government
treasury, as you refuse the claim till date now informing you directly now=
to know our next decision.
Hope you make wise an urgent u turn decision to comply with the claim =
requirement,
requirement,
Respectfully
Artistry Angel Quest
Executive Director Operation
Task Force Unit Committee Headquarters
Email address globalchember@gmail.com