docusign phish from comcaSt.com
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 22 Nov 2024 11:07:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1tEY39-000000008BK-0ARf
for dave@doctor.nl2k.ab.ca;
Fri, 22 Nov 2024 11:06:35 -0700
Resent-From: The Doctor
Resent-Date: Fri, 22 Nov 2024 11:06:35 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from c-174-171-88-203.hsd1.tx.comcast.net ([174.171.88.203]:63652 helo=cardmember.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
(envelope-from)
id 1tEXbu-000000006yp-1tjh
for doctor@nk.ca;
Fri, 22 Nov 2024 10:38:30 -0700
From: "DocuSign"
To: doctor@nk.ca
Subject: Please review the EFT/Remittance document shared.
Date: 22 Nov 2024 11:41:28 -0600
Message-ID: <20241122114128.41740804FFFC4A3C@cardmember.com>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0012_D3D3426E.D58EC792"
X-Spam_score: 13.5
X-Spam_score_int: 135
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please review the EFT/Remittance document shared. VIEW COMPLETED
DOCUMENT Approval status
Content analysis details: (13.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[174.171.88.203 listed in zen.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[174.171.88.203 listed in dnsbl.ahbl.org]
[174.171.88.203 listed in dnsbl.ahbl.org]
[174.171.88.203 listed in dnsbl.ahbl.org]
[174.171.88.203 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[174.171.88.203 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[174.171.88.203 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[174.171.88.203 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[174.171.88.203 listed in dnsbl.ahbl.org]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.3 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic
rDNS
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.5 TO_NO_BRKTS_HTML_IMG To: misformatted and HTML and one image
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
Subject: {SPAM?} Please review the EFT/Remittance document shared.
------=_NextPart_000_0012_D3D3426E.D58EC792
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
ular", "Segoe UI Symbol", "Helvetica Neue", Arial, "sans-serif"; WHITE-SPAC=
E: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR=
: rgb(51,51,51); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING:=
normal; font-variant-ligatures: normal; font-variant-caps: normal; -webkit=
-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoratio=
n-style: initial; text-decoration-color: initial'=20
cellSpacing=3D0 cellPadding=3D0 width=3D"100%" align=3Dcenter border=3D0>
OR: rgb(255,255,255)">
ADDING-RIGHT: 24px">![]()
dium none; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none" alt=3DDocu=
Sign src=3D"https://na4.docusign.net/Signing/Images/email/Email_Logo.png" w=
idth=3D116>
DDING-RIGHT: 24px">
llSpacing=3D0 cellPadding=3D0 width=3D"100%" align=3Dcenter border=3D0>
WIDTH: 572px; COLOR: rgb(255,255,255); PADDING-BOTTOM: 36px; TEXT-ALIGN: ce=
nter; PADDING-TOP: 28px; PADDING-LEFT: 10px; PADDING-RIGHT: 10px; BACKGROUN=
D-COLOR: rgb(6,98,14); border-radius: 2px' align=3Dcenter>![]()
GHT: 75px; WIDTH: 75px" src=3D"https://na4.docusign.net/member/Images/email=
/docComplete-white.png" width=3D75 height=3D75>=20
COLOR: rgb(0,0,0); PADDING-BOTTOM: 24px; PADDING-TOP: 0px; PADDING-LEFT: 24=
px; PADDING-RIGHT: 24px; BACKGROUND-COLOR: white'>
OLOR: rgb(51,51,51); LINE-HEIGHT: 20px'>Approval status
>
COLOR: rgb(102,102,102); PADDING-BOTTOM: 12px; PADDING-TOP: 0px; PADDING-LE=
FT: 24px; PADDING-RIGHT: 24px; BACKGROUND-COLOR: rgb(255,255,255)'>
ADDING-RIGHT: 24px; BACKGROUND-COLOR: rgb(234,234,234)">
00>
NT-FAMILY: Helvetica, Arial, "Sans Serif"; MARGIN-TOP: 0px; COLOR: rgb(102,=
102,102); LINE-HEIGHT: 18px'>
ATION: none; COLOR: rgb(36,99,209); BACKGROUND-COLOR: transparent" href=3D"=
https://www.docusign.com/features-and-benefits/mobile?utm_campaign=3DGBL_XX=
_DBU_UPS_2211_SignNotificationEmailFooter&utm_medium=3Dproduct&utm_=
source=3Dpostsend" rel=3Dnoreferrer target=3D_blank>
![]()
: medium none; VERTICAL-ALIGN: middle; BORDER-BOTTOM: medium none; BORDER-L=
EFT: medium none; MARGIN-RIGHT: 7px" src=3D"cid:icon-download-app.png" widt=
h=3D"18" height=3D"18">Download the Docusign App
ial, "Sans Serif"; COLOR: rgb(102,102,102); LINE-HEIGHT: 14px'>This message=
was sent to you by the DocuSign Electronic Signature Service. If you would=
rather not receive email from this sender you may contact the sender with =
your request.
ass=3DApple-interchange-newline>
------=_NextPart_000_0012_D3D3426E.D58EC792
Content-Type: image/png; name="icon-download-app.png"
Content-Transfer-Encoding: base64
Content-ID:
iVBORw0KGgoAAAANSUhEUgAAACQAAAAkCAYAAADhAJiYAAABhElEQVR4Ae2XP04CQRSHf48A
hTQYK7q1N6jhAthbGGgo8QbeADmBegK2pACC8QCuByB6AKKzNQ0NWmyy4xvIJoSoO44uMwVf
MjP7523y7eybl1mCJrLZfIaUJzCF6IV71e5pOBx/GwZdoUbjjQcP/4Pg1qXRyN+8kYMdPG49
fsnO5g1bQgnXnAq99Qu2hTgXZJtn6io5tS+0oiNbLU8duCJURhQt88nWKvuaON53ZYZW5HJt
t4SIjukc8lFqfIrX0pH3saxnP3NRqeCmWoUhIs9dXSeRwsUC71ikxt1Op5hHEXq1GgwoZ/LJ
/DDE5WQCA8qZ5ZCpVKZJbSA1z3yV/UqKSGxl2QezmV5gHIeu1aGxW0LFYuCOEFFA/b5wSair
BjeEiHwaDAJ16IKQQKHQTU5sCwlO5DOVO8kFe0JS3nHdOV2XUeR1nz9AnfsAJuyhpAahKjGL
PPGs+JsiCWo/JJExvL0RD6BDnVi3CiN2QunshNLYCaXhnhBB4+/vj3DlnevGfgInEnK1LhRO
TQAAAABJRU5ErkJggg==
------=_NextPart_000_0012_D3D3426E.D58EC792--
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 22 Nov 2024 11:07:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tEY39-000000008BK-0ARf
for dave@doctor.nl2k.ab.ca;
Fri, 22 Nov 2024 11:06:35 -0700
Resent-From: The Doctor
Resent-Date: Fri, 22 Nov 2024 11:06:35 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from c-174-171-88-203.hsd1.tx.comcast.net ([174.171.88.203]:63652 helo=cardmember.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
(envelope-from
id 1tEXbu-000000006yp-1tjh
for doctor@nk.ca;
Fri, 22 Nov 2024 10:38:30 -0700
From: "DocuSign"
To: doctor@nk.ca
Subject: Please review the EFT/Remittance document shared.
Date: 22 Nov 2024 11:41:28 -0600
Message-ID: <20241122114128.41740804FFFC4A3C@cardmember.com>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_0012_D3D3426E.D58EC792"
X-Spam_score: 13.5
X-Spam_score_int: 135
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please review the EFT/Remittance document shared. VIEW COMPLETED
DOCUMENT Approval status
Content analysis details: (13.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
[174.171.88.203 listed in will-spam-for-food.eu.org]
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[174.171.88.203 listed in zen.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[174.171.88.203 listed in dnsbl.ahbl.org]
[174.171.88.203 listed in dnsbl.ahbl.org]
[174.171.88.203 listed in dnsbl.ahbl.org]
[174.171.88.203 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[174.171.88.203 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[174.171.88.203 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[174.171.88.203 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[174.171.88.203 listed in dnsbl.ahbl.org]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.3 DYN_RDNS_AND_INLINE_IMAGE Contains image, and was sent by dynamic
rDNS
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.5 TO_NO_BRKTS_HTML_IMG To: misformatted and HTML and one image
0.0 NO_FM_NAME_IP_HOSTN No From name + hostname using IP address
Subject: {SPAM?} Please review the EFT/Remittance document shared.
------=_NextPart_000_0012_D3D3426E.D58EC792
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
ular", "Segoe UI Symbol", "Helvetica Neue", Arial, "sans-serif"; WHITE-SPAC=
E: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR=
: rgb(51,51,51); FONT-STYLE: normal; ORPHANS: 2; WIDOWS: 2; LETTER-SPACING:=
normal; font-variant-ligatures: normal; font-variant-caps: normal; -webkit=
-text-stroke-width: 0px; text-decoration-thickness: initial; text-decoratio=
n-style: initial; text-decoration-color: initial'=20
cellSpacing=3D0 cellPadding=3D0 width=3D"100%" align=3Dcenter border=3D0>
OR: rgb(255,255,255)">
ADDING-RIGHT: 24px">
dium none; BORDER-BOTTOM: medium none; BORDER-LEFT: medium none" alt=3DDocu=
Sign src=3D"https://na4.docusign.net/Signing/Images/email/Email_Logo.png" w=
idth=3D116>
DDING-RIGHT: 24px">
llSpacing=3D0 cellPadding=3D0 width=3D"100%" align=3Dcenter border=3D0>
WIDTH: 572px; COLOR: rgb(255,255,255); PADDING-BOTTOM: 36px; TEXT-ALIGN: ce=
nter; PADDING-TOP: 28px; PADDING-LEFT: 10px; PADDING-RIGHT: 10px; BACKGROUN=
D-COLOR: rgb(6,98,14); border-radius: 2px' align=3Dcenter>
GHT: 75px; WIDTH: 75px" src=3D"https://na4.docusign.net/member/Images/email=
/docComplete-white.png" width=3D75 height=3D75>=20
COLOR: rgb(0,0,0); PADDING-BOTTOM: 24px; PADDING-TOP: 0px; PADDING-LEFT: 24=
px; PADDING-RIGHT: 24px; BACKGROUND-COLOR: white'>
OLOR: rgb(51,51,51); LINE-HEIGHT: 20px'>Approval status
>
COLOR: rgb(102,102,102); PADDING-BOTTOM: 12px; PADDING-TOP: 0px; PADDING-LE=
FT: 24px; PADDING-RIGHT: 24px; BACKGROUND-COLOR: rgb(255,255,255)'>
All parties have completed and Docu-Sign a=
ll pending documents
&nbs=
p; File Name : EFT/Settlement =
Claim Payment.pdf.
=
Status : &nb=
sp; Sign to complete.
=
Comments: Everything looks good.=
=2E.. we can proceed
ADDING-RIGHT: 24px; BACKGROUND-COLOR: rgb(234,234,234)">
00>
NT-FAMILY: Helvetica, Arial, "Sans Serif"; MARGIN-TOP: 0px; COLOR: rgb(102,=
102,102); LINE-HEIGHT: 18px'>
ATION: none; COLOR: rgb(36,99,209); BACKGROUND-COLOR: transparent" href=3D"=
https://www.docusign.com/features-and-benefits/mobile?utm_campaign=3DGBL_XX=
_DBU_UPS_2211_SignNotificationEmailFooter&utm_medium=3Dproduct&utm_=
source=3Dpostsend" rel=3Dnoreferrer target=3D_blank>
: medium none; VERTICAL-ALIGN: middle; BORDER-BOTTOM: medium none; BORDER-L=
EFT: medium none; MARGIN-RIGHT: 7px" src=3D"cid:icon-download-app.png" widt=
h=3D"18" height=3D"18">Download the Docusign App
ial, "Sans Serif"; COLOR: rgb(102,102,102); LINE-HEIGHT: 14px'>This message=
was sent to you by the DocuSign Electronic Signature Service. If you would=
rather not receive email from this sender you may contact the sender with =
your request.
ass=3DApple-interchange-newline>
------=_NextPart_000_0012_D3D3426E.D58EC792
Content-Type: image/png; name="icon-download-app.png"
Content-Transfer-Encoding: base64
Content-ID:
iVBORw0KGgoAAAANSUhEUgAAACQAAAAkCAYAAADhAJiYAAABhElEQVR4Ae2XP04CQRSHf48A
hTQYK7q1N6jhAthbGGgo8QbeADmBegK2pACC8QCuByB6AKKzNQ0NWmyy4xvIJoSoO44uMwVf
MjP7523y7eybl1mCJrLZfIaUJzCF6IV71e5pOBx/GwZdoUbjjQcP/4Pg1qXRyN+8kYMdPG49
fsnO5g1bQgnXnAq99Qu2hTgXZJtn6io5tS+0oiNbLU8duCJURhQt88nWKvuaON53ZYZW5HJt
t4SIjukc8lFqfIrX0pH3saxnP3NRqeCmWoUhIs9dXSeRwsUC71ikxt1Op5hHEXq1GgwoZ/LJ
/DDE5WQCA8qZ5ZCpVKZJbSA1z3yV/UqKSGxl2QezmV5gHIeu1aGxW0LFYuCOEFFA/b5wSair
BjeEiHwaDAJ16IKQQKHQTU5sCwlO5DOVO8kFe0JS3nHdOV2XUeR1nz9AnfsAJuyhpAahKjGL
PPGs+JsiCWo/JJExvL0RD6BDnVi3CiN2QunshNLYCaXhnhBB4+/vj3DlnevGfgInEnK1LhRO
TQAAAABJRU5ErkJggg==
------=_NextPart_000_0012_D3D3426E.D58EC792--