Lowe's Phish from Microsoft Outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 25 Feb 2024 12:22:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1reK43-0000000020K-3ySt
for dave@doctor.nl2k.ab.ca;
Sun, 25 Feb 2024 12:21:31 -0700
Resent-From: The Doctor
Resent-Date: Sun, 25 Feb 2024 12:21:31 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-bn1nam02on2101.outbound.protection.outlook.com ([40.107.212.101]:53878 helo=NAM02-BN1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1reH9Y-00000000IiR-0eMa
for root@nk.ca;
Sun, 25 Feb 2024 09:15:04 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=T0KP9iEfNfIpV2FrKu3T0uWCpKu1RoKJX7Q3IygVWjvSZ48IgWgHZB3iUuAebkPW3mujU83elBusipDftY6Os6TPaPsWCo7SbARms7kU6VJiStzeU/C9qzhf7RT1IWM3A9T1koBh+jskYU5I3lAYCth0AabSX0SsGEnAFkSRYAAORMmbiSwjuatj3R/prlybk4Oj572juxE5Xh77CmIdaYljXPcEMcK0vwrayOuuBVOH+8zCrnF1zhCnBsSIhSV3b7uGtM/4bqb0E6qTi5nikXmQFHljUjLk5GVW/s93VKynpgihjxNQmIigzQAO5bsyYuiYbjBEerjJJhm02xHtsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Y7y2Y8ehHtTwYxbmMuPRInkluyVsdA0vVYp6M+vNkRU=;
b=nHQ1XHooxdnYjOGW4VeCKK5me6ugeR5dluNB9LZtc2xDLIeqmKK15Pe0JeL09FRbJMOVdNbztieg07MlaGm170dTBFLRyDwdDItCa5SFNHjOntKEsiu5TR8XRWPtIHUvxfYXdTCtdsu4v5ltq48yQXRYU7tWldyna78jn1RwMEmLdIWy5W/AIBLW9HuGeIJoqDng3/eyI6NWQMmej5rdXVCETlw56QCHuPFm85Ys78GwM6AagPwnc8Cbn24CWSZ/hN1dRDcSu98wASDBCDWeV7LdRC2iit5mtPUcufbEjWEsFZLGrHG2oQny3vgupTJyoOff5VtampS2/rAC687/bA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
172.105.40.168) smtp.rcpttodomain=nk.ca smtp.mailfrom=usxl.onmicrosoft.com;
dmarc=none action=none header.from=usxl.onmicrosoft.com; dkim=none (message
not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=liceovicentepalacioscl.onmicrosoft.com;
s=selector1-liceovicentepalacioscl-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=Y7y2Y8ehHtTwYxbmMuPRInkluyVsdA0vVYp6M+vNkRU=;
b=bRh5wMAM8OSUYdR9ePVOVkmJighgh73TNK4bu9u8QRNwPJTD5PUU4cz4r1pjMf/Sgvd1Gm1G3vu5of3wtsyZPPuf176v6dcwqfLgl9xmuCaFwba9Io5Y5Z+GYRithOZEe+1D/Vou+ACrpffg0awHdTKjY3GOyn96tEPFlTyzLlQ=
Received: from CH0PR04CA0104.namprd04.prod.outlook.com (2603:10b6:610:75::19)
by CPRP152MB6342.LAMP152.PROD.OUTLOOK.COM (2603:10d6:103:231::14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Sun, 25 Feb
2024 16:12:55 +0000
Received: from CH3PEPF0000000A.namprd04.prod.outlook.com
(2603:10b6:610:75:cafe::53) by CH0PR04CA0104.outlook.office365.com
(2603:10b6:610:75::19) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend
Transport; Sun, 25 Feb 2024 16:12:54 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 172.105.40.168)
smtp.mailfrom=usxl.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=usxl.onmicrosoft.com;
Received-SPF: Fail (protection.outlook.com: domain of usxl.onmicrosoft.com
does not designate 172.105.40.168 as permitted sender)
receiver=protection.outlook.com; client-ip=172.105.40.168;
helo=usxl.onmicrosoft.com;
Received: from usxl.onmicrosoft.com (172.105.40.168) by
CH3PEPF0000000A.mail.protection.outlook.com (10.167.244.37) with Microsoft
SMTP Server id 15.20.7292.25 via Frontend Transport; Sun, 25 Feb 2024
16:12:53 +0000
CC: root@aol.com
Subject: =?UTF-8?B?8J+UlA==?= Get the Job Done Right with the FLEX 4-Tool Combo Kit =?UTF-8?B?8J+UlA==?=
Thread-Index: M1PnDINfeKq9idgrGDXCZTucKCoh4o==
Thread-Topic: psdlfzunsbDiuyze zMQy7m
msip_labels:
Message-ID:
To: root@aol.com
X-MS-Has-Attach: yes
Date: Sun, 25 Feb 2024 16:12:52 +0000
X-MS-TNEF-Correlator:
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Lowe's Tools Department <513SC2OYY48.UTFbyEtC@usxl.onmicrosoft.com>
MIME-Version: 1.0
Accept-Language: fr-FR, en-US
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CH3PEPF0000000A:EE_|CPRP152MB6342:EE_
X-MS-Office365-Filtering-Correlation-Id: a80107e3-0a30-4241-e19c-08dc361c9f81
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
1W4fUmsWr7zT69QS2U86IgoOu6B0rHaz1pvW+y9aB6lbZ9+fgegg0igl28MBIM8Geqm5mP1fnpDZQOA6dNKtKJ4IIrQ4DN3AfHdZ7Hj1mW2PRc9yw+kj6jylcuOdQjBdDpT1CDgwnfYNrFxhK64YpYa1tklXi/sJ9v2drwIBbWCD/EBiDQ+q1/EfMYTFrr6QmsOeoXmBE6TpJTJY1kLktM6z+XsKLCEF0g/LhjnWFvDmuHvDOLIpXOkQy5GI2VCkFYMFt7coFY9WZ8hQh65kcpHGvhiI8HZBYPntoludf2zlG82FxpqMofCpIKM04jddYGCvKvQAPLUwt0MfVrm4SFZppzbcQA8KPhYQz2/GZAw17Ir5k4x2q9mgr1v3zyx/ybhATKlSJqunGpRSmb8p1U6vFKG8/v25KO0WQUafwip6VyNH411ZN2AQ9XS+edFe4k73dr1zL/ZxOSYul39lDt9zMrE1zTTZRvrECFFlComKyTQ2w9/S1OiVPyubHFCchul7zTaTIgWm2CC8c+A3jzMmXI5yo4UHPUPCzGDM0k7GkB50+/D0xf/slRUffYYmnvXiVsjUcBAY6+X2CEZmgdiQMjMAkfTOVHYjLQl+jMXYcuw2z6kpUewB33gf9f/RMNA373VpxCYwwu3lvIY73Q==
X-Forefront-Antispam-Report:
CIP:172.105.40.168;CTRY:IN;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:usxl.onmicrosoft.com;PTR:172-105-40-168.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(230273577357003)(7200799017)(36860700004)(46966006)(40470700004);DIR:OUT;SFP:1102;
X-OriginatorOrg: usxl.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2024 16:12:53.7997
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a80107e3-0a30-4241-e19c-08dc361c9f81
X-MS-Exchange-CrossTenant-Id: aad980c3-b21b-4b8d-a781-8bfdd8af16bf
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aad980c3-b21b-4b8d-a781-8bfdd8af16bf;Ip=[172.105.40.168];Helo=[usxl.onmicrosoft.com]
X-MS-Exchange-CrossTenant-AuthSource:
CH3PEPF0000000A.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CPRP152MB6342
X-Spam_score: 8.1
X-Spam_score_int: 81
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Center Parcs >> Take Your Projects to the Next Level with
the FLEX Combo Kit <<
Content analysis details: (8.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.107.212.101 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.107.212.101 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 ARC_VALID Message has a valid ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 ARC_SIGNED Message has a ARC signature
0.6 HK_RANDOM_ENVFROM Envelope sender username looks random
0.6 FROM_STARTS_WITH_NUMS From: starts with several numbers
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[513sc2oyy48.utfbyetc(at)usxl.onmicrosoft.com]
0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
0.7 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} =?UTF-8?B?8J+UlA==?= Get the Job Done Right with the FLEX 4-Tool Combo Kit =?UTF-8?B?8J+UlA==?=
Center Parcs
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 25 Feb 2024 12:22:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1reK43-0000000020K-3ySt
for dave@doctor.nl2k.ab.ca;
Sun, 25 Feb 2024 12:21:31 -0700
Resent-From: The Doctor
Resent-Date: Sun, 25 Feb 2024 12:21:31 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-bn1nam02on2101.outbound.protection.outlook.com ([40.107.212.101]:53878 helo=NAM02-BN1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1reH9Y-00000000IiR-0eMa
for root@nk.ca;
Sun, 25 Feb 2024 09:15:04 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=T0KP9iEfNfIpV2FrKu3T0uWCpKu1RoKJX7Q3IygVWjvSZ48IgWgHZB3iUuAebkPW3mujU83elBusipDftY6Os6TPaPsWCo7SbARms7kU6VJiStzeU/C9qzhf7RT1IWM3A9T1koBh+jskYU5I3lAYCth0AabSX0SsGEnAFkSRYAAORMmbiSwjuatj3R/prlybk4Oj572juxE5Xh77CmIdaYljXPcEMcK0vwrayOuuBVOH+8zCrnF1zhCnBsSIhSV3b7uGtM/4bqb0E6qTi5nikXmQFHljUjLk5GVW/s93VKynpgihjxNQmIigzQAO5bsyYuiYbjBEerjJJhm02xHtsA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=Y7y2Y8ehHtTwYxbmMuPRInkluyVsdA0vVYp6M+vNkRU=;
b=nHQ1XHooxdnYjOGW4VeCKK5me6ugeR5dluNB9LZtc2xDLIeqmKK15Pe0JeL09FRbJMOVdNbztieg07MlaGm170dTBFLRyDwdDItCa5SFNHjOntKEsiu5TR8XRWPtIHUvxfYXdTCtdsu4v5ltq48yQXRYU7tWldyna78jn1RwMEmLdIWy5W/AIBLW9HuGeIJoqDng3/eyI6NWQMmej5rdXVCETlw56QCHuPFm85Ys78GwM6AagPwnc8Cbn24CWSZ/hN1dRDcSu98wASDBCDWeV7LdRC2iit5mtPUcufbEjWEsFZLGrHG2oQny3vgupTJyoOff5VtampS2/rAC687/bA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=fail (sender ip is
172.105.40.168) smtp.rcpttodomain=nk.ca smtp.mailfrom=usxl.onmicrosoft.com;
dmarc=none action=none header.from=usxl.onmicrosoft.com; dkim=none (message
not signed); arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=liceovicentepalacioscl.onmicrosoft.com;
s=selector1-liceovicentepalacioscl-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=Y7y2Y8ehHtTwYxbmMuPRInkluyVsdA0vVYp6M+vNkRU=;
b=bRh5wMAM8OSUYdR9ePVOVkmJighgh73TNK4bu9u8QRNwPJTD5PUU4cz4r1pjMf/Sgvd1Gm1G3vu5of3wtsyZPPuf176v6dcwqfLgl9xmuCaFwba9Io5Y5Z+GYRithOZEe+1D/Vou+ACrpffg0awHdTKjY3GOyn96tEPFlTyzLlQ=
Received: from CH0PR04CA0104.namprd04.prod.outlook.com (2603:10b6:610:75::19)
by CPRP152MB6342.LAMP152.PROD.OUTLOOK.COM (2603:10d6:103:231::14) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.34; Sun, 25 Feb
2024 16:12:55 +0000
Received: from CH3PEPF0000000A.namprd04.prod.outlook.com
(2603:10b6:610:75:cafe::53) by CH0PR04CA0104.outlook.office365.com
(2603:10b6:610:75::19) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.49 via Frontend
Transport; Sun, 25 Feb 2024 16:12:54 +0000
X-MS-Exchange-Authentication-Results: spf=fail (sender IP is 172.105.40.168)
smtp.mailfrom=usxl.onmicrosoft.com; dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=usxl.onmicrosoft.com;
Received-SPF: Fail (protection.outlook.com: domain of usxl.onmicrosoft.com
does not designate 172.105.40.168 as permitted sender)
receiver=protection.outlook.com; client-ip=172.105.40.168;
helo=usxl.onmicrosoft.com;
Received: from usxl.onmicrosoft.com (172.105.40.168) by
CH3PEPF0000000A.mail.protection.outlook.com (10.167.244.37) with Microsoft
SMTP Server id 15.20.7292.25 via Frontend Transport; Sun, 25 Feb 2024
16:12:53 +0000
CC: root@aol.com
Subject: =?UTF-8?B?8J+UlA==?= Get the Job Done Right with the FLEX 4-Tool Combo Kit =?UTF-8?B?8J+UlA==?=
Thread-Index: M1PnDINfeKq9idgrGDXCZTucKCoh4o==
Thread-Topic: psdlfzunsbDiuyze zMQy7m
msip_labels:
Message-ID:
To: root@aol.com
X-MS-Has-Attach: yes
Date: Sun, 25 Feb 2024 16:12:52 +0000
X-MS-TNEF-Correlator:
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Lowe's Tools Department <513SC2OYY48.UTFbyEtC@usxl.onmicrosoft.com>
MIME-Version: 1.0
Accept-Language: fr-FR, en-US
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: CH3PEPF0000000A:EE_|CPRP152MB6342:EE_
X-MS-Office365-Filtering-Correlation-Id: a80107e3-0a30-4241-e19c-08dc361c9f81
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
1W4fUmsWr7zT69QS2U86IgoOu6B0rHaz1pvW+y9aB6lbZ9+fgegg0igl28MBIM8Geqm5mP1fnpDZQOA6dNKtKJ4IIrQ4DN3AfHdZ7Hj1mW2PRc9yw+kj6jylcuOdQjBdDpT1CDgwnfYNrFxhK64YpYa1tklXi/sJ9v2drwIBbWCD/EBiDQ+q1/EfMYTFrr6QmsOeoXmBE6TpJTJY1kLktM6z+XsKLCEF0g/LhjnWFvDmuHvDOLIpXOkQy5GI2VCkFYMFt7coFY9WZ8hQh65kcpHGvhiI8HZBYPntoludf2zlG82FxpqMofCpIKM04jddYGCvKvQAPLUwt0MfVrm4SFZppzbcQA8KPhYQz2/GZAw17Ir5k4x2q9mgr1v3zyx/ybhATKlSJqunGpRSmb8p1U6vFKG8/v25KO0WQUafwip6VyNH411ZN2AQ9XS+edFe4k73dr1zL/ZxOSYul39lDt9zMrE1zTTZRvrECFFlComKyTQ2w9/S1OiVPyubHFCchul7zTaTIgWm2CC8c+A3jzMmXI5yo4UHPUPCzGDM0k7GkB50+/D0xf/slRUffYYmnvXiVsjUcBAY6+X2CEZmgdiQMjMAkfTOVHYjLQl+jMXYcuw2z6kpUewB33gf9f/RMNA373VpxCYwwu3lvIY73Q==
X-Forefront-Antispam-Report:
CIP:172.105.40.168;CTRY:IN;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:usxl.onmicrosoft.com;PTR:172-105-40-168.ip.linodeusercontent.com;CAT:NONE;SFS:(13230031)(230273577357003)(7200799017)(36860700004)(46966006)(40470700004);DIR:OUT;SFP:1102;
X-OriginatorOrg: usxl.onmicrosoft.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2024 16:12:53.7997
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: a80107e3-0a30-4241-e19c-08dc361c9f81
X-MS-Exchange-CrossTenant-Id: aad980c3-b21b-4b8d-a781-8bfdd8af16bf
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=aad980c3-b21b-4b8d-a781-8bfdd8af16bf;Ip=[172.105.40.168];Helo=[usxl.onmicrosoft.com]
X-MS-Exchange-CrossTenant-AuthSource:
CH3PEPF0000000A.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CPRP152MB6342
X-Spam_score: 8.1
X-Spam_score_int: 81
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Center Parcs >> Take Your Projects to the Next Level with
the FLEX Combo Kit <<
Content analysis details: (8.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.107.212.101 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.107.212.101 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 ARC_VALID Message has a valid ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 ARC_SIGNED Message has a ARC signature
0.6 HK_RANDOM_ENVFROM Envelope sender username looks random
0.6 FROM_STARTS_WITH_NUMS From: starts with several numbers
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[513sc2oyy48.utfbyetc(at)usxl.onmicrosoft.com]
0.8 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image area
0.7 HTML_TAG_BALANCE_BODY BODY: HTML has unbalanced "body" tags
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
Subject: {SPAM?} =?UTF-8?B?8J+UlA==?= Get the Job Done Right with the FLEX 4-Tool Combo Kit =?UTF-8?B?8J+UlA==?=
| ||||||||||
