Energy investment spam from Google
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 06 Nov 2024 09:39:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1t8j39-00000000DXL-1aCI
for dave@doctor.nl2k.ab.ca;
Wed, 06 Nov 2024 09:38:31 -0700
Resent-From: The Doctor
Resent-Date: Wed, 6 Nov 2024 09:38:31 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 202.54.237.35.bc.googleusercontent.com ([35.237.54.202]:35090 helo=[10.88.0.6])
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t8iGN-00000000AK6-49sJ
for root@nk.ca;
Wed, 06 Nov 2024 08:48:13 -0700
Content-Type: multipart/related; boundary="===============3939822187625423304=="
MIME-Version: 1.0
From: SMN Financial
To: root@nk.ca
Subject: =?utf-8?q?Exploring_Investment_Synergies?=
X-Priority: 2
X-Spam_score: 19.2
X-Spam_score_int: 192
X-Spam_bar: +++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Sir/Madam, Exploring Investment Synergies
Content analysis details: (19.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.4 MISSING_DATE Missing Date: header
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[35.237.54.202 listed in dnsbl.ahbl.org]
[35.237.54.202 listed in dnsbl.ahbl.org]
[35.237.54.202 listed in dnsbl.ahbl.org]
[35.237.54.202 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[35.237.54.202 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[35.237.54.202 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[35.237.54.202 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[35.237.54.202 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[35.237.54.202 listed in sbl-xbl.spamhaus.org]
[35.237.54.202 listed in sbl-xbl.spamhaus.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[35.237.54.202 listed in zen.spamhaus.org]
0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[35.237.54.202 listed in zen.spamhaus.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Listed by XBL, see]
0.0 TVD_RCVD_IP Message was received from an IP address
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[35.237.54.202 listed in wl.mailspike.net]
1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.0 MIXED_HREF_CASE Has href in mixed case
Subject: {SPAM?} =?utf-8?q?Exploring_Investment_Synergies?=
--===============3939822187625423304==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
PEhUTUw+PEhFQUQ+CiAgICA8TUVUQSBuYW1lPUdFTkVSQVRPUiBjb250ZW50PSJNU0hUTUwgMTEu
MDAuMTA1NzAuMTAwMSI+PC9IRUFEPgogICAgPEJPRFk+CiAgICA8UD5EZWFyIFNpci9NYWRhbSw8
L1A+CiAgICA8UD5FeHBsb3JpbmcgSW52ZXN0bWVudCBTeW5lcmdpZXM8L1A+CiAgICA8UD5JIGhv
cGUgdGhpcyBtZXNzYWdlIGZpbmRzIHlvdSB3ZWxsLiBJJiM4MjE3O20gd3JpdGluZyB0byBpbnRy
b2R1Y2UgU01OIEZpbmFuY2lhbCwgd2hlcmUgd2Ugc3BlY2lhbGl6ZSBpbiBwcm92aWRpbmcgdGFp
bG9yZWQgbG9hbiBhbmQgaW52ZXN0bWVudCBvcHBvcnR1bml0aWVzIGRlc2lnbmVkIHRvIG1lZXQg
dGhlIHVuaXF1ZSBmaW5hbmNpYWwgbmVlZHMgb2YgaW5kaXZpZHVhbHMgYW5kIGJ1c2luZXNzZXMg
YWxpa2UuPC9QPgogICAgPFA+V2hldGhlciB5b3UgYXJlIGxvb2tpbmcgZm9yIGZ1bmRpbmcgdG8g
ZXhwYW5kIHlvdXIgYnVzaW5lc3Mgb3Igc2Vla2luZyBhIHByb2ZpdGFibGUgaW52ZXN0bWVudCBh
dmVudWUsIHdlIG9mZmVyIGZsZXhpYmxlIHNvbHV0aW9ucyB3aXRoIGNvbXBldGl0aXZlIHJhdGVz
IGFuZCB0ZXJtcy4gT3VyIGFpbSBpcyB0byBoZWxwIHlvdSBhY2hpZXZlIHlvdXIgZmluYW5jaWFs
IGdvYWxzIHdpdGggY29uZmlkZW5jZSBhbmQgZWFzZS48L1A+CiAgICA8UD5XZSB3b3VsZCBsb3Zl
IHRvIGRpc2N1c3MgaG93IG91ciBzZXJ2aWNlcyBjYW4gc3VwcG9ydCB5b3VyIGZpbmFuY2lhbCBh
c3BpcmF0aW9ucy4gUGxlYXNlIGZlZWwgZnJlZSB0byByZWFjaCBvdXQgYXQgeW91ciBjb252ZW5p
ZW5jZSB0byBhcnJhbmdlIGEgbWVldGluZyBvciBwaG9uZSBjYWxsLjwvUD4KICAgIDxQPlRoYW5r
IHlvdSBmb3IgY29uc2lkZXJpbmcgU01OIEZpbmFuY2lhbCBhcyB5b3VyIHRydXN0ZWQgZmluYW5j
aWFsIHBhcnRuZXIuIEkgbG9vayBmb3J3YXJkIHRvIGhlYXJpbmcgZnJvbSB5b3Ugc29vbi5Db250
YWN0OiA8QSBocmVmPSJtYWlsdG86amFtZXNidXJnZXIxMEBnbWFpbC5jb20iPmphbWVzYnVyZ2Vy
MTBAZ21haWwuY29tPC9BPjwvUD4KICAgIDxQPldhcm0gcmVnYXJkcyw8QlI+TXIuIFNob3duIE0u
IE5lbHNvbjxCUj5DRU8vU01OIEZpbmFuY2lhbDxCUj5JbnZlc3RtZW50IEFkdmlzZXI8L1A+PC9C
T0RZPjwvSFRNTD4=
--===============3939822187625423304==--
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 06 Nov 2024 09:39:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1t8j39-00000000DXL-1aCI
for dave@doctor.nl2k.ab.ca;
Wed, 06 Nov 2024 09:38:31 -0700
Resent-From: The Doctor
Resent-Date: Wed, 6 Nov 2024 09:38:31 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 202.54.237.35.bc.googleusercontent.com ([35.237.54.202]:35090 helo=[10.88.0.6])
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1t8iGN-00000000AK6-49sJ
for root@nk.ca;
Wed, 06 Nov 2024 08:48:13 -0700
Content-Type: multipart/related; boundary="===============3939822187625423304=="
MIME-Version: 1.0
From: SMN Financial
To: root@nk.ca
Subject: =?utf-8?q?Exploring_Investment_Synergies?=
X-Priority: 2
X-Spam_score: 19.2
X-Spam_score_int: 192
X-Spam_bar: +++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Sir/Madam, Exploring Investment Synergies
Content analysis details: (19.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.4 MISSING_DATE Missing Date: header
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
[35.237.54.202 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[35.237.54.202 listed in dnsbl.ahbl.org]
[35.237.54.202 listed in dnsbl.ahbl.org]
[35.237.54.202 listed in dnsbl.ahbl.org]
[35.237.54.202 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[35.237.54.202 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[35.237.54.202 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[35.237.54.202 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[35.237.54.202 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[35.237.54.202 listed in sbl-xbl.spamhaus.org]
[35.237.54.202 listed in sbl-xbl.spamhaus.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[35.237.54.202 listed in zen.spamhaus.org]
0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[35.237.54.202 listed in zen.spamhaus.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Listed by XBL, see
0.0 TVD_RCVD_IP Message was received from an IP address
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[35.237.54.202 listed in wl.mailspike.net]
1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
2.0 MIXED_HREF_CASE Has href in mixed case
Subject: {SPAM?} =?utf-8?q?Exploring_Investment_Synergies?=
--===============3939822187625423304==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
PEhUTUw+PEhFQUQ+CiAgICA8TUVUQSBuYW1lPUdFTkVSQVRPUiBjb250ZW50PSJNU0hUTUwgMTEu
MDAuMTA1NzAuMTAwMSI+PC9IRUFEPgogICAgPEJPRFk+CiAgICA8UD5EZWFyIFNpci9NYWRhbSw8
L1A+CiAgICA8UD5FeHBsb3JpbmcgSW52ZXN0bWVudCBTeW5lcmdpZXM8L1A+CiAgICA8UD5JIGhv
cGUgdGhpcyBtZXNzYWdlIGZpbmRzIHlvdSB3ZWxsLiBJJiM4MjE3O20gd3JpdGluZyB0byBpbnRy
b2R1Y2UgU01OIEZpbmFuY2lhbCwgd2hlcmUgd2Ugc3BlY2lhbGl6ZSBpbiBwcm92aWRpbmcgdGFp
bG9yZWQgbG9hbiBhbmQgaW52ZXN0bWVudCBvcHBvcnR1bml0aWVzIGRlc2lnbmVkIHRvIG1lZXQg
dGhlIHVuaXF1ZSBmaW5hbmNpYWwgbmVlZHMgb2YgaW5kaXZpZHVhbHMgYW5kIGJ1c2luZXNzZXMg
YWxpa2UuPC9QPgogICAgPFA+V2hldGhlciB5b3UgYXJlIGxvb2tpbmcgZm9yIGZ1bmRpbmcgdG8g
ZXhwYW5kIHlvdXIgYnVzaW5lc3Mgb3Igc2Vla2luZyBhIHByb2ZpdGFibGUgaW52ZXN0bWVudCBh
dmVudWUsIHdlIG9mZmVyIGZsZXhpYmxlIHNvbHV0aW9ucyB3aXRoIGNvbXBldGl0aXZlIHJhdGVz
IGFuZCB0ZXJtcy4gT3VyIGFpbSBpcyB0byBoZWxwIHlvdSBhY2hpZXZlIHlvdXIgZmluYW5jaWFs
IGdvYWxzIHdpdGggY29uZmlkZW5jZSBhbmQgZWFzZS48L1A+CiAgICA8UD5XZSB3b3VsZCBsb3Zl
IHRvIGRpc2N1c3MgaG93IG91ciBzZXJ2aWNlcyBjYW4gc3VwcG9ydCB5b3VyIGZpbmFuY2lhbCBh
c3BpcmF0aW9ucy4gUGxlYXNlIGZlZWwgZnJlZSB0byByZWFjaCBvdXQgYXQgeW91ciBjb252ZW5p
ZW5jZSB0byBhcnJhbmdlIGEgbWVldGluZyBvciBwaG9uZSBjYWxsLjwvUD4KICAgIDxQPlRoYW5r
IHlvdSBmb3IgY29uc2lkZXJpbmcgU01OIEZpbmFuY2lhbCBhcyB5b3VyIHRydXN0ZWQgZmluYW5j
aWFsIHBhcnRuZXIuIEkgbG9vayBmb3J3YXJkIHRvIGhlYXJpbmcgZnJvbSB5b3Ugc29vbi5Db250
YWN0OiA8QSBocmVmPSJtYWlsdG86amFtZXNidXJnZXIxMEBnbWFpbC5jb20iPmphbWVzYnVyZ2Vy
MTBAZ21haWwuY29tPC9BPjwvUD4KICAgIDxQPldhcm0gcmVnYXJkcyw8QlI+TXIuIFNob3duIE0u
IE5lbHNvbjxCUj5DRU8vU01OIEZpbmFuY2lhbDxCUj5JbnZlc3RtZW50IEFkdmlzZXI8L1A+PC9C
T0RZPjwvSFRNTD4=
--===============3939822187625423304==--