Piano giveaway spam from Google Gmail
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path: <>
Envelope-to: dave@nk.ca
Delivery-date: Fri, 01 Nov 2024 11:23:01 -0600
Received: from 59.45.231.35.bc.googleusercontent.com ([35.231.45.59]:37002 helo=[10.88.0.5])
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t6vLu-00000000HiD-3pJc
for dave@nk.ca;
Fri, 01 Nov 2024 11:22:34 -0600
Content-Type: multipart/related; boundary="===============8549780019815915241=="
MIME-Version: 1.0
From: "Lisa Locke ."
To: dave@nk.ca
Subject: =?utf-8?q?Steinway_Upright_for_Giveaway_dave=40nk=2Eca=3A?=
X-Priority: 2
X-Spam_score: 13.8
X-Spam_score_int: 138
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, I recently downsized to a smaller apartment and I'm
looking for someone who might be interested in taking my Steinway upright
piano. If you or anyone you know would love to have it, please let [...]
Content analysis details: (13.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.4 MISSING_DATE Missing Date: header
0.1 MISSING_MID Missing Message-Id: header
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[35.231.45.59 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[35.231.45.59 listed in dnsbl.ahbl.org]
[35.231.45.59 listed in dnsbl.ahbl.org]
[35.231.45.59 listed in dnsbl.ahbl.org]
[35.231.45.59 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[35.231.45.59 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[35.231.45.59 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[35.231.45.59 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[35.231.45.59 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[eshakchoufq(at)outlook.com]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.1 TO_IN_SUBJ To address is in Subject
1.0 XPRIO Has X-Priority header
0.0 SPOOFED_FREEMAIL No description available.
0.7 BODY_URI_ONLY Message body is only a URI in one line of text or for
an image
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
Subject: {SPAM?} =?utf-8?q?Steinway_Upright_for_Giveaway_dave=40nk=2Eca=3A?=
--===============8549780019815915241==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
SGVsbG8sCkkgcmVjZW50bHkgZG93bnNpemVkIHRvIGEgc21hbGxlciBhcGFydG1lbnQgYW5kIEkn
bSBsb29raW5nIGZvciBzb21lb25lIHdobyBtaWdodCBiZSBpbnRlcmVzdGVkIGluIHRha2luZyBt
eSBTdGVpbndheSB1cHJpZ2h0IHBpYW5vLiBJZiB5b3Ugb3IgYW55b25lIHlvdSBrbm93IHdvdWxk
IGxvdmUgdG8gaGF2ZSBpdCwgcGxlYXNlIGxldCBtZSBrbm93LiAKClRoYW5rIHlvdSBmb3IgeW91
ciBoZWxwIQ==
--===============8549780019815915241==--
X-Mozilla-Status2: 00000000
Return-path: <>
Envelope-to: dave@nk.ca
Delivery-date: Fri, 01 Nov 2024 11:23:01 -0600
Received: from 59.45.231.35.bc.googleusercontent.com ([35.231.45.59]:37002 helo=[10.88.0.5])
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t6vLu-00000000HiD-3pJc
for dave@nk.ca;
Fri, 01 Nov 2024 11:22:34 -0600
Content-Type: multipart/related; boundary="===============8549780019815915241=="
MIME-Version: 1.0
From: "Lisa Locke ."
To: dave@nk.ca
Subject: =?utf-8?q?Steinway_Upright_for_Giveaway_dave=40nk=2Eca=3A?=
X-Priority: 2
X-Spam_score: 13.8
X-Spam_score_int: 138
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, I recently downsized to a smaller apartment and I'm
looking for someone who might be interested in taking my Steinway upright
piano. If you or anyone you know would love to have it, please let [...]
Content analysis details: (13.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.4 MISSING_DATE Missing Date: header
0.1 MISSING_MID Missing Message-Id: header
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[35.231.45.59 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[35.231.45.59 listed in dnsbl.ahbl.org]
[35.231.45.59 listed in dnsbl.ahbl.org]
[35.231.45.59 listed in dnsbl.ahbl.org]
[35.231.45.59 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[35.231.45.59 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[35.231.45.59 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[35.231.45.59 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[35.231.45.59 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
[35.231.45.59 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver;
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[eshakchoufq(at)outlook.com]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.1 TO_IN_SUBJ To address is in Subject
1.0 XPRIO Has X-Priority header
0.0 SPOOFED_FREEMAIL No description available.
0.7 BODY_URI_ONLY Message body is only a URI in one line of text or for
an image
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
Subject: {SPAM?} =?utf-8?q?Steinway_Upright_for_Giveaway_dave=40nk=2Eca=3A?=
--===============8549780019815915241==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
SGVsbG8sCkkgcmVjZW50bHkgZG93bnNpemVkIHRvIGEgc21hbGxlciBhcGFydG1lbnQgYW5kIEkn
bSBsb29raW5nIGZvciBzb21lb25lIHdobyBtaWdodCBiZSBpbnRlcmVzdGVkIGluIHRha2luZyBt
eSBTdGVpbndheSB1cHJpZ2h0IHBpYW5vLiBJZiB5b3Ugb3IgYW55b25lIHlvdSBrbm93IHdvdWxk
IGxvdmUgdG8gaGF2ZSBpdCwgcGxlYXNlIGxldCBtZSBrbm93LiAKClRoYW5rIHlvdSBmb3IgeW91
ciBoZWxwIQ==
--===============8549780019815915241==--