DHL Phish
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 08 Apr 2024 13:28:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rtuet-00000000MrB-2VYa
for dave@doctor.nl2k.ab.ca;
Mon, 08 Apr 2024 13:27:59 -0600
Resent-From: The Doctor
Resent-Date: Mon, 8 Apr 2024 13:27:59 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from vm-dad845ed-abd5-44c0-90af-082dbff6c093.ams.resource.cloud ([83.96.254.206]:60074 helo=mail37.suw17.mcsv.net)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rtuXy-00000000JjR-2j0I
for sales@nk.ca;
Mon, 08 Apr 2024 13:20:55 -0600
Date: Mon, 8 Apr 2024 21:08:03 +0200
To: sales@nk.ca
From: DHL Online
Subject: Re: AW: [EXTERNAL] Outstanding delivery. 206
Message-ID:
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="1baceccfbba672dd8dff703dee2aafba6"
Content-Transfer-Encoding: 8bit
X-Spam_score: 5.5
X-Spam_score_int: 55
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Good day , Your DHL package with tracking number CS470434653690723781
is subject to a customs fee. To avoid delivery impact, click the link below
to make payment.. https://del.dhl.com/prg/shipment-options.xhtml
Content analysis details: (5.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=mail37.suw17.mcsv.net;ip=83.96.254.206;r=doctor.nl2k.ab.ca]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
2.5 HTML_SINGLET_MANY Many single-letter HTML format blocks
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.7 SINGLETS_LOW_CONTRAST Single-letter formatted HTML + hidden text
Subject: {SPAM?} Re: AW: [EXTERNAL] Outstanding delivery. 206
X-Antivirus: AVG (VPS 240404-6, 4/4/2024), Inbound message
X-Antivirus-Status: Clean
This is a multi-part message in MIME format.
--1baceccfbba672dd8dff703dee2aafba6
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Good day  ,Â
Your DHL package with tracking number CS470434653690723781 is subject to a customs fee.
To avoid delivery impact, click the link below to make payment..
https://del.dhl.com/prg/shipment-options.xhtml
Have a great day.
Best regards,DHL Express
DHL Group
© 2024 - All right reservedÂ
Â
Â
a
a
a
Â
a
a
a
a
a
a
a
Â
Â
Â
Â
Â
Â
Â
aaa
Â
Â
a
a
a
a
a
a
Â
a
a
a
a
a
a
Â
a
Â
Â
Â
Â
Â
Â
Â
Â
Â
--1baceccfbba672dd8dff703dee2aafba6
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
Good day  ,Â
To avoid delivery impact, click the link below to make payment..
https://del.dhl.com/prg/shipment-options.xhtml
Have a great day.
Best regards,
DHL Express
|
Â
Â
a
a
a
Â
a
a
a
a
a
a
a
Â
Â
Â
Â
Â
Â
Â
aaa
Â
Â
a
a
a
a
a
a
Â
a
a
a
a
a
a
Â
a
Â
Â
Â
Â
Â
Â
Â
Â
Â
--1baceccfbba672dd8dff703dee2aafba6--