Piano giveaway spam from google
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 03 Nov 2024 12:39:03 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1t7gQT-000000004zY-3k5j
for dave@doctor.nl2k.ab.ca;
Sun, 03 Nov 2024 12:38:17 -0700
Resent-From: The Doctor
Resent-Date: Sun, 3 Nov 2024 12:38:17 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 2.129.73.34.bc.googleusercontent.com ([34.73.129.2]:41528 helo=[10.88.0.4])
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t7e08-000000004Hm-34H8
for doctor@edmontonab.ca;
Sun, 03 Nov 2024 10:03:03 -0700
Content-Type: multipart/related; boundary="===============0193750335752940014=="
MIME-Version: 1.0
From: "Shelly Shebly ."
To: doctor@edmontonab.ca
Subject: =?utf-8?q?Piano_Giveaway_doctor=40edmontonab=2Eca=3A?=
X-Priority: 2
X-Spam_score: 16.2
X-Spam_score_int: 162
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, I recently downsized to a smaller apartment and I'm
looking for someone who might be interested in taking my Steinway upright
piano. If you or anyone you know would love to have it, please let [...]
Content analysis details: (16.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.4 MISSING_DATE Missing Date: header
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[34.73.129.2 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[34.73.129.2 listed in dnsbl.ahbl.org]
[34.73.129.2 listed in dnsbl.ahbl.org]
[34.73.129.2 listed in dnsbl.ahbl.org]
[34.73.129.2 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[34.73.129.2 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[34.73.129.2 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[34.73.129.2 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[34.73.129.2 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver; ]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
0.0 TVD_RCVD_IP Message was received from an IP address
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[shellishelby6(at)gmail.com]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.0 SPOOFED_FREEMAIL No description available.
0.7 BODY_URI_ONLY Message body is only a URI in one line of text or for
an image
0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
0.1 TO_IN_SUBJ To address is in Subject
1.0 XPRIO Has X-Priority header
1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
Subject: {SPAM?} =?utf-8?q?Piano_Giveaway_doctor=40edmontonab=2Eca=3A?=
--===============0193750335752940014==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
SGVsbG8sCkkgcmVjZW50bHkgZG93bnNpemVkIHRvIGEgc21hbGxlciBhcGFydG1lbnQgYW5kIEkn
bSBsb29raW5nIGZvciBzb21lb25lIHdobyBtaWdodCBiZSBpbnRlcmVzdGVkIGluIHRha2luZyBt
eSBTdGVpbndheSB1cHJpZ2h0IHBpYW5vLiBJZiB5b3Ugb3IgYW55b25lIHlvdSBrbm93IHdvdWxk
IGxvdmUgdG8gaGF2ZSBpdCwgcGxlYXNlIGxldCBtZSBrbm93LiAKClRoYW5rIHlvdSBmb3IgeW91
ciBoZWxwIQ==
--===============0193750335752940014==--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 03 Nov 2024 12:39:03 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1t7gQT-000000004zY-3k5j
for dave@doctor.nl2k.ab.ca;
Sun, 03 Nov 2024 12:38:17 -0700
Resent-From: The Doctor
Resent-Date: Sun, 3 Nov 2024 12:38:17 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 2.129.73.34.bc.googleusercontent.com ([34.73.129.2]:41528 helo=[10.88.0.4])
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t7e08-000000004Hm-34H8
for doctor@edmontonab.ca;
Sun, 03 Nov 2024 10:03:03 -0700
Content-Type: multipart/related; boundary="===============0193750335752940014=="
MIME-Version: 1.0
From: "Shelly Shebly ."
To: doctor@edmontonab.ca
Subject: =?utf-8?q?Piano_Giveaway_doctor=40edmontonab=2Eca=3A?=
X-Priority: 2
X-Spam_score: 16.2
X-Spam_score_int: 162
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, I recently downsized to a smaller apartment and I'm
looking for someone who might be interested in taking my Steinway upright
piano. If you or anyone you know would love to have it, please let [...]
Content analysis details: (16.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.4 MISSING_DATE Missing Date: header
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[34.73.129.2 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[34.73.129.2 listed in dnsbl.ahbl.org]
[34.73.129.2 listed in dnsbl.ahbl.org]
[34.73.129.2 listed in dnsbl.ahbl.org]
[34.73.129.2 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[34.73.129.2 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[34.73.129.2 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[34.73.129.2 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[34.73.129.2 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Error: open resolver;
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
[34.73.129.2 listed in will-spam-for-food.eu.org]
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
0.0 TVD_RCVD_IP Message was received from an IP address
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[shellishelby6(at)gmail.com]
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.0 SPOOFED_FREEMAIL No description available.
0.7 BODY_URI_ONLY Message body is only a URI in one line of text or for
an image
0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
0.1 TO_IN_SUBJ To address is in Subject
1.0 XPRIO Has X-Priority header
1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
Subject: {SPAM?} =?utf-8?q?Piano_Giveaway_doctor=40edmontonab=2Eca=3A?=
--===============0193750335752940014==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
SGVsbG8sCkkgcmVjZW50bHkgZG93bnNpemVkIHRvIGEgc21hbGxlciBhcGFydG1lbnQgYW5kIEkn
bSBsb29raW5nIGZvciBzb21lb25lIHdobyBtaWdodCBiZSBpbnRlcmVzdGVkIGluIHRha2luZyBt
eSBTdGVpbndheSB1cHJpZ2h0IHBpYW5vLiBJZiB5b3Ugb3IgYW55b25lIHlvdSBrbm93IHdvdWxk
IGxvdmUgdG8gaGF2ZSBpdCwgcGxlYXNlIGxldCBtZSBrbm93LiAKClRoYW5rIHlvdSBmb3IgeW91
ciBoZWxwIQ==
--===============0193750335752940014==--