DHL Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 12 Jan 2025 10:12:00 -0700

Received: from sd96.btc-net.bg ([212.39.90.96]:46436)

by doctor.nl2k.ab.ca with smtp (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tX1UV-000000009VT-2wA4

for dave@doctor.nl2k.ab.ca;

Sun, 12 Jan 2025 10:11:18 -0700

Received: (qmail 10774 invoked by uid 605); 12 Jan 2025 17:09:08 -0000

Received: from unknown (HELO ?135.125.27.212?) (62.176.104.184)

by 0 with SMTP; 12 Jan 2025 17:09:08 -0000

Content-Type: multipart/alternative; boundary="===============2055944867=="

MIME-Version: 1.0

Subject: Action Required

To: mh9155@mclink.it

From: Express Delivery

Date: Sun, 12 Jan 2025 09:07:51 -0800

X-Mailer: Mozilla 4.72 [en] (Windows NT 5.0; I)

X-Priority: 1 (High)

X-Spam_score: 17.5

X-Spam_score_int: 175

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Action Required: Customs Duties Payment Dear Customer, We

are reaching out regarding your shipment with tracking number JR9382912-388319.

Before we can proceed with the delivery, payment of outstandi [...]



Content analysis details: (17.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[212.39.90.96 listed in dnsbl.ahbl.org]

[212.39.90.96 listed in dnsbl.ahbl.org]

[212.39.90.96 listed in dnsbl.ahbl.org]

[212.39.90.96 listed in dnsbl.ahbl.org]

[62.176.104.184 listed in dnsbl.ahbl.org]

[62.176.104.184 listed in dnsbl.ahbl.org]

[62.176.104.184 listed in dnsbl.ahbl.org]

[62.176.104.184 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[212.39.90.96 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[212.39.90.96 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[212.39.90.96 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[212.39.90.96 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[62.176.104.184 listed in will-spam-for-food.eu.org]

[62.176.104.184 listed in will-spam-for-food.eu.org]

[62.176.104.184 listed in will-spam-for-food.eu.org]

[62.176.104.184 listed in will-spam-for-food.eu.org]

[62.176.104.184 listed in will-spam-for-food.eu.org]

[62.176.104.184 listed in will-spam-for-food.eu.org]

[62.176.104.184 listed in will-spam-for-food.eu.org]

[62.176.104.184 listed in will-spam-for-food.eu.org]

[212.39.90.96 listed in will-spam-for-food.eu.org]

[212.39.90.96 listed in will-spam-for-food.eu.org]

[212.39.90.96 listed in will-spam-for-food.eu.org]

[212.39.90.96 listed in will-spam-for-food.eu.org]

[212.39.90.96 listed in will-spam-for-food.eu.org]

[212.39.90.96 listed in will-spam-for-food.eu.org]

[212.39.90.96 listed in will-spam-for-food.eu.org]

[212.39.90.96 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[62.176.104.184 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=mh9155%40mclink.it;ip=212.39.90.96;r=doctor.nl2k.ab.ca]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words

1.0 FROM_MISSP_SPF_FAIL No description available.

1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla

0.0 TO_EQ_FM_SPF_FAIL To == From and external SPF failed

0.0 TO_EQ_FM_DOM_SPF_FAIL To domain == From domain and external SPF

failed

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

1.3 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} Action Required



You will not see this in a MIME-aware mail reader.

--===============2055944867==

Content-Type: text/plain; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body



=



Action Required: Customs Duties Payment

Dear Customer,

We are reaching out regarding your shipment with tracking number JR9382912=

-388319. Before we can proceed with the delivery, payment of outstanding cu=

stoms duties and taxes is required.

The total amount due is =20AC2.99, covering customs clearance fees in comp=

liance with local regulations.

To ensure timely delivery, please complete your payment using the secure l=

ink below:

Pay Now =



Alternatively, scan the QR code below to make the payment:

If you have any questions or require assistance, please don't hesitate to=

contact our customer support team.

Best regards,

John Pearson

Customer Service Representative

DHL Express



--===============2055944867==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body






" />




=3D1.0" />

Action Required: Customs Duties Payment









Action Required: Customs Duties Payment





Dear Customer,



We are reaching out regarding your shipment with tracking number
>JR9382912-388319. Before we can proceed with the delivery, paymen=

t of outstanding customs duties and taxes is required.



The total amount due is =E2=82=AC2.99, covering customs=

clearance fees in compliance with local regulations.



To ensure timely delivery, please complete your payment using the secure=

link below:




ndmore.nl/dhl2025/index.php" target=3D_blank>Pay Now





Alternatively, scan the QR code below to make the payment:


=3D"HEIGHT: 126px; WIDTH: 123px" alt=3D"QR Code for Payment" src=3D"https:/=

/api.qrserver.com/v1/create-qr-code/?size=3D200x200&data=3Dhttps://send=

andmore.nl/dhl2025/index.php" width=3D199 height=3D200>


If you have any questions or require assistance, please don't hesitate t=

o contact our customer support team.





Best regards,



John Pearson



Customer Service Representative
DHL Express


TML>

--===============2055944867==--

Web / SEO / App spam from Microsoft Outlook

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 12 Jan 2025 14:01:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tX54H-00000000Dqw-1sPl

for dave@doctor.nl2k.ab.ca;

Sun, 12 Jan 2025 14:00:21 -0700

Resent-From: The Doctor

Resent-Date: Sun, 12 Jan 2025 14:00:21 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-psaapc01olkn2097.outbound.protection.outlook.com ([40.92.52.97]:55766 helo=APC01-PSA-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tX0Sl-0000000079U-1LJ8;

Sun, 12 Jan 2025 09:05:24 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=T66yOT750XXCITUtqBQoBxahsuuwwMYsJdLan6aQLMJPDCLp3R7ZAb7TExxnAs36BAo4dWb0VX0ixKHA4KS2qgxKLhWqvgmBPtHp8jTEMXW5GOVys6ykUnmIVHZok2+g5mjdf5JMUy1GHVhfLWAmN+kcmpB5aMt0hqVFemrYcSe34cRP1UO8uz56zaHdRnlqByOR+KsqVKf4OtIH0BCE+EhbNJiFaymUJRT4IsgeDgzZ3AFj/Ff3U1YHAL5B07XtmDr0RwPIYGRcGIsjYEggqMjDZWpOnk0CKQeNBnaMoRwuEw/I9yNJGVl42GEgViFc0L1j0xeLTzOI99r2UFnF4Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=B41PGUxwcdqyJson1crJ92mHlnlEuxgGQJkSY+5FVnk=;

b=izB+2JzlahFDsJAVDM6BLnLe0FjSHuElxve+yhiKbrC/tDDZFnBitO6fH/KcUWYl/lNK3K/M7vH7UM17lyDsV8YsCiOS/BIwqCd8K8Q7KBTU8kYvo5FO4JG+OvaD3OR3T/cy/KHK7jnLsmMiyXcTd++nWkBmJpEZUOzpRXO04XjjocprI+1SErgyQ1thbMy7VsTeKOMD3a8D2HycCY1eFmlWslKaAMq2e3WNkXZjSpNhqrQZRDa/sLEIU6duJXA0MWd5xM1YDiqfPT2mAE0V75qin5e19QTpG3oL1lSX0rVlM+M/Frn785O1XInM8A7qyzZdxMJpzMyuEntKMDQqvQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=B41PGUxwcdqyJson1crJ92mHlnlEuxgGQJkSY+5FVnk=;

b=qV5nHa73O2gdI3icKRGBjb5023Oi0+nLd1MRwjBzJdh+S20H4GDp7HMVS4bhH7sSRXwj6AJfn0ocNoZ0gudOdjGoyzih/YqZ+YZRj1EHWB5m/+WKP1Q5coJEjUCTiVB0V5ZUbsCT9rWvA2s5vknDNcXKBZT0PHlV0fOaEZ7CARDsSB3A/tCfiKsFU73iNYoi53xZgCfz//uhBmbfAv1rHiIhq4aGmeaPsK1tvNh5C3XqOorv6quZwbnb3Xe5u/a0uMwHwMWgC6YLc952RrAfeOiOSCMwQ8rAO6lmZjWg9jbwqQ2+SMAo7AC9AI6FnkomYZVy0gAGLw/uQtcTqLbqKg==

Received: from TYZPR01MB6680.apcprd01.prod.exchangelabs.com

(2603:1096:405:6f::12) by KL1PR01MB4984.apcprd01.prod.exchangelabs.com

(2603:1096:820:b5::12) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.15; Sun, 12 Jan

2025 16:02:46 +0000

Received: from TYZPR01MB6680.apcprd01.prod.exchangelabs.com

([fe80::6a13:582d:6971:954d]) by TYZPR01MB6680.apcprd01.prod.exchangelabs.com

([fe80::6a13:582d:6971:954d%3]) with mapi id 15.20.8335.012; Sun, 12 Jan 2025

16:02:46 +0000

From: Noah SEOexperts

To: Noah SEOexperts

Subject: Re: Cost..

Thread-Topic: Cost..

Thread-Index: AQHbZQqW0uvT5Hpsd0CldNEMJuhnUg==

Date: Sun, 12 Jan 2025 16:02:45 +0000

Message-ID:



Accept-Language: en-US, en-GB

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: TYZPR01MB6680:EE_|KL1PR01MB4984:EE_

x-ms-office365-filtering-correlation-id: 1a571f4f-123f-4fdb-3dea-08dd33228daa

x-microsoft-antispam:

BCL:0;ARA:14566002|15080799006|8062599003|8060799006|15030799003|461199028|19110799003|7042599007|102099032|3412199025|440099028|1710799026;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?nIqo0mmcXcj3A91Ou5oeuo/uN6yvNo6Pwwix0mB5IwTo7Ldzktesud5d2X?=

=?iso-8859-1?Q?4NnLRUrw54/4qvbE+dT9PPtn1qllcewmX7IxAoO84zfAcMCGHJ+qiPxO8M?=

=?iso-8859-1?Q?TA7crzMd7deod9VEHH3NaQ47dy4WXd1FXkqXfx3mJi1i1e3jn1LqWKAcSF?=

=?iso-8859-1?Q?LQsZBl2RgtcdTyEZtNB7oWRdm0QaC08irkEOM9O+eQO/67OZ7Awfc0POx9?=

=?iso-8859-1?Q?D2LF+FZ8IXNghfhdFu8EkNU+hCsxYstIWeIpAaMWMBvWO4FQov8sGGbU48?=

=?iso-8859-1?Q?nFN92L7FuhY7D2XZx9BApNrgZhIhW//YB90AAc63GtVFbnMjyQSqOJYvD1?=

=?iso-8859-1?Q?O4LglLx8+/Q9SZox8UnM3zmjhAC4a8hLSMdl5qynsmOsSuA86HgOhZm+uF?=

=?iso-8859-1?Q?v/qfbTvPdl2u3TX6x3sFgUZSRJApRxLCQIQkjkIUcUWVhQDtK7IxMJzvhm?=

=?iso-8859-1?Q?JGIXdtSLXHHYWzJOL57PoR/Zai053LIn1t/vl7j95gF40HMBwlIWOwKUve?=

=?iso-8859-1?Q?7iuyn3rcCAE2UmTGMBeHBIYddEIG+5r1JsGWjur+qz5gXYryExXLuCgK+E?=

=?iso-8859-1?Q?QjvMd4IqlYOOkHiv+4Rx1T+mB6mGhMUxI2L6y4QYf6i/8IvPYM2mgv15wy?=

=?iso-8859-1?Q?U4Rea+5qzOvbF52RwNZXENN8hxts7d8Tn7jp/3Ljbc/JVGHq3HaGtrKQcg?=

=?iso-8859-1?Q?VbSBX491NCkr85imyS2D/Fuzc+fRi61r5qV0Pi7EQWMOubwiZV9HWmjM79?=

=?iso-8859-1?Q?999Nx76pEm44oBIFKrhW3/4vdXcLhxMr38khJnWd+kWgwWDkVdgOESsDWm?=

=?iso-8859-1?Q?AaDPkGX8ZCEYZ3sIOSy0Fo47I22Z6F/jPlrIAchiuWFjljvvNv6Ldtj3pS?=

=?iso-8859-1?Q?s8YBFt3niN0GNxEamF396osAyt1vOrVpWgK6N4QvWkcc5PsP8+XVQCRkui?=

=?iso-8859-1?Q?Pob3NGkDG8q+fBJZeO8tTPV3wroIjS6M+5zpBOwYKlIjj9LFi5z+Lr1ggE?=

=?iso-8859-1?Q?xVXL0TuWV7uIRkApveCHnFAPqnhfOV8RwvhiQds3iV6ioy8qAGzRxyojI0?=

=?iso-8859-1?Q?f8gaJZqGvi5Piqnk1TJEXYzhPDpYNm14H2hw3J7YwCNMeo3Y300NBOCNPH?=

=?iso-8859-1?Q?WeKRj4V8+yPMG4mD/r9qV2bdcBwibMRiTMrH7b95FLv2OJr3Pm?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?YkPp9sxhDE5ySykGkuzMDZ+Xza26oev90SYdGaHyUYfcN2YTJuveBhev5K?=

=?iso-8859-1?Q?NEm5gxGoADJW3LT6sXNrxolekqynCyzIazNCcf27KMilDwIKaim1SmE+Av?=

=?iso-8859-1?Q?XgTU8uvzrnDSq4enSEYz5BNr77sNTqvb5+AyQXAWloDXFb7ZDl3Qs7I+eb?=

=?iso-8859-1?Q?MWqUaCgMGp0UIwyX54xDqmDclkFOFVa9hylPmbkn4Z2nd1yMkquAS4OBK/?=

=?iso-8859-1?Q?shl9vvokg94Z+QBxStMIp4E6jskZ4e6wmdTTfcfRuo1PLyXosECnZrleXR?=

=?iso-8859-1?Q?pSPB4y9NRor41xT7FF/Z1npQUlZYt8p54jgSkYiHeeIGP0rLv7irvd6DR9?=

=?iso-8859-1?Q?Rsq0tChj7T8a0Z0XPqB/7lZuTCm/etDQtG7UW0FGmuKjGlcx1OY46PPOCv?=

=?iso-8859-1?Q?yGVAP/12xoMNgqXTbQaD8rr77i/rbaD3cFIHfmG9EHKX4FokK6aUJrTf2o?=

=?iso-8859-1?Q?dxgAviiGkHiMLxOOhizQIb+2xTdi0pTgWJ4ajIb+b3qUAVEVFCivjEZvqU?=

=?iso-8859-1?Q?AOLaxfcFyXq9pvTYDXEPMR1xv9ij6rwaBdO9ZDacPld+4f8Pxpeu7yV8Qg?=

=?iso-8859-1?Q?zTLugaOI+0BfQaIQFvjbjg37D7ef8XIjZs2O6dafANkKPuzFC0xD1FGkwz?=

=?iso-8859-1?Q?niW4mPg/t9opTdycTjuyaMx2tLptd3ESCLVJk3b76XnDz9CwT4vsK0Yfge?=

=?iso-8859-1?Q?S5IF3tOMjzNnfBF+AjkqZyDy5ANGGlobIE2IwJTuGhExgfEmnXmyl+sOwL?=

=?iso-8859-1?Q?RBdBVq0HBadimO9b7NanW9y0B3F56WDUpTIPy3n6QnB9kUAoKPH49EFxYM?=

=?iso-8859-1?Q?LWktVfAVnZ2RyLsl/HlSe1ru4kcO5ceZy2t/M9/1x/YNCTv4s/X5eWuT2f?=

=?iso-8859-1?Q?Aadi744INc8gKHJVGdWRsk4KxsK98uB+LWzHzaRcGqZkg8W8qfKnEKMzOB?=

=?iso-8859-1?Q?cxtUZXUl/blH6ATX5bWiLcGGFQGG/2JaOtimpr0s3nTilTqOZa+sSgxbnd?=

=?iso-8859-1?Q?9o9IdW4AVsZ4EIWsBNOKRMDm7qLyIl6a1YO1o5H7kLnsWaJ9/5tTNFI2xk?=

=?iso-8859-1?Q?vGr5A0sMTdSldmAOO3063njBe1ls5SGg6widFA2tzOhEiW254ZqhMpUAcO?=

=?iso-8859-1?Q?XfkqCBSfb+iOlX0nqgu61l3APpM1qS7KERzWCm9gtTVet4bBUqxPn6QtQ8?=

=?iso-8859-1?Q?LRBNbJ+E0qlBkDw4/zOrwJWu0oRIqJZCLi7fPvWHwucnVnA7VY2QzbQNV6?=

=?iso-8859-1?Q?O3pK4rppT1OhryZLuqmyhUz6rKj8peeetcjifEE6I4eAOJaDWcAUKzROWD?=

=?iso-8859-1?Q?U7KjHIPxLBFCIW3+GOZQIsoTc5boHJYOm0a16JLnKoeF5PGdH6cmjD0Ls0?=

=?iso-8859-1?Q?cOnchkXMyM?=

Content-Type: multipart/alternative;

boundary="_000_TYZPR01MB6680479C11949D755E5DA30CA71E2TYZPR01MB6680apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: TYZPR01MB6680.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 1a571f4f-123f-4fdb-3dea-08dd33228daa

X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jan 2025 16:02:45.5070

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR01MB4984



--_000_TYZPR01MB6680479C11949D755E5DA30CA71E2TYZPR01MB6680apcp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hi



I was going through your website, and I personally see a lot of potential i=

n your website and business.



I would like to send you a errors of this business website!



You can get your website on the 1st page of GOOGLE.



May I send you a error & report ?



Thanks



--_000_TYZPR01MB6680479C11949D755E5DA30CA71E2TYZPR01MB6680apcp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">

Hi



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

I was going through your website, and I personally see a lot of potential i=

n your website and business.



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

I would like to send you a errors of this  business website!



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

You can get your website on the 1st page of GOOGLE.



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

May I send you a  error & report ?



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thanks








--_000_TYZPR01MB6680479C11949D755E5DA30CA71E2TYZPR01MB6680apcp_--

DHL Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 12 Jan 2025 14:01:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tX544-00000000Dpz-31af

for dave@doctor.nl2k.ab.ca;

Sun, 12 Jan 2025 14:00:08 -0700

Resent-From: The Doctor

Resent-Date: Sun, 12 Jan 2025 14:00:08 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from sd95.btc-net.bg ([212.39.90.95]:53252)

by doctor.nl2k.ab.ca with smtp (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tX0Bo-000000006ZI-1zIl

for doctor@nl2k.ab.ca;

Sun, 12 Jan 2025 08:47:53 -0700

Received: (qmail 32078 invoked by uid 605); 12 Jan 2025 15:45:44 -0000

Received: from unknown (HELO ?172.20.10.3?) (83.148.111.157)

by 0 with SMTP; 12 Jan 2025 15:45:44 -0000

Content-Type: multipart/alternative; boundary="===============0084467118=="

MIME-Version: 1.0

Subject: Your package could not be delivered

To: "info@dhlexpress.com"

From: Express Delivery

Date: Sun, 12 Jan 2025 16:44:17 +0100

Reply-To: 5@doctor.nl2k.ab.ca

X-Mailer: Apple Mail (2.619)

X-Spam_score: 8.2

X-Spam_score_int: 82

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Action Required: Customs Duties Payment Dear Customer, We

are reaching out regarding your shipment with tracking number JR9382912-388319.

Before we can proceed with the delivery, payment of outstandi [...]



Content analysis details: (8.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[83.148.111.157 listed in dnsbl.ahbl.org]

[83.148.111.157 listed in dnsbl.ahbl.org]

[83.148.111.157 listed in dnsbl.ahbl.org]

[83.148.111.157 listed in dnsbl.ahbl.org]

[212.39.90.95 listed in dnsbl.ahbl.org]

[212.39.90.95 listed in dnsbl.ahbl.org]

[212.39.90.95 listed in dnsbl.ahbl.org]

[212.39.90.95 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[83.148.111.157 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[83.148.111.157 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[83.148.111.157 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[83.148.111.157 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[83.148.111.157 listed in will-spam-for-food.eu.org]

[83.148.111.157 listed in will-spam-for-food.eu.org]

[83.148.111.157 listed in will-spam-for-food.eu.org]

[83.148.111.157 listed in will-spam-for-food.eu.org]

[83.148.111.157 listed in will-spam-for-food.eu.org]

[83.148.111.157 listed in will-spam-for-food.eu.org]

[83.148.111.157 listed in will-spam-for-food.eu.org]

[83.148.111.157 listed in will-spam-for-food.eu.org]

[212.39.90.95 listed in will-spam-for-food.eu.org]

[212.39.90.95 listed in will-spam-for-food.eu.org]

[212.39.90.95 listed in will-spam-for-food.eu.org]

[212.39.90.95 listed in will-spam-for-food.eu.org]

[212.39.90.95 listed in will-spam-for-food.eu.org]

[212.39.90.95 listed in will-spam-for-food.eu.org]

[212.39.90.95 listed in will-spam-for-food.eu.org]

[212.39.90.95 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[212.39.90.95 listed in sa-trusted.bondedsender.org]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[212.39.90.95 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[212.39.90.95 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[212.39.90.95 listed in bl.score.senderscore.com]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

1.3 FSL_BULK_SIG Bulk signature with no Unsubscribe

Subject: {SPAM?} Your package could not be delivered



You will not see this in a MIME-aware mail reader.

--===============0084467118==

Content-Type: text/plain; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body



=



Action Required: Customs Duties Payment

Dear Customer,

We are reaching out regarding your shipment with tracking number JR9382912=

-388319. Before we can proceed with the delivery, payment of outstanding cu=

stoms duties and taxes is required.

The total amount due is =20AC2.99, covering customs clearance fees in comp=

liance with local regulations.

To ensure timely delivery, please complete your payment using the secure l=

ink below:

Pay Now =



Alternatively, scan the QR code below to make the payment:

If you have any questions or require assistance, please don't hesitate to=

contact our customer support team.

Best regards,

John Pearson

Customer Service Representative

DHL Express



--===============0084467118==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body






" />




=3D1.0" />

Action Required: Customs Duties Payment









Action Required: Customs Duties Payment





Dear Customer,



We are reaching out regarding your shipment with tracking number
>JR9382912-388319. Before we can proceed with the delivery, paymen=

t of outstanding customs duties and taxes is required.



The total amount due is =E2=82=AC2.99, covering customs=

clearance fees in compliance with local regulations.



To ensure timely delivery, please complete your payment using the secure=

link below:




ndmore.nl/dhl2025/index.php" target=3D_blank>Pay Now





Alternatively, scan the QR code below to make the payment:


=3D"HEIGHT: 140px; WIDTH: 140px" alt=3D"QR Code for Payment" src=3D"https:/=

/api.qrserver.com/v1/create-qr-code/?size=3D200x200&data=3Dhttps://send=

andmore.nl/dhl2025/index.php" width=3D199 height=3D200>


If you have any questions or require assistance, please don't hesitate t=

o contact our customer support team.





Best regards,



John Pearson



Customer Service Representative
DHL Express


TML>

--===============0084467118==--

Web / SEO / App spam from Google Gmail

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 12 Jan 2025 14:00:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tX53r-00000000DoR-2yyv

for dave@doctor.nl2k.ab.ca;

Sun, 12 Jan 2025 13:59:55 -0700

Resent-From: The Doctor

Resent-Date: Sun, 12 Jan 2025 13:59:55 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pl1-f196.google.com ([209.85.214.196]:49355)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWyyZ-00000000G8M-3PUH

for sales@nk.ca;

Sun, 12 Jan 2025 07:30:10 -0700

Received: by mail-pl1-f196.google.com with SMTP id d9443c01a7336-21634338cfdso36174335ad.2

for ; Sun, 12 Jan 2025 06:28:10 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=wordpres-in.20230601.gappssmtp.com; s=20230601; t=1736692084; x=1737296884; darn=nk.ca;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:from:to:cc:subject:date:message-id:reply-to;

bh=vHT1yMnNL6CHuMLXtMgzRbZAvFlwmzP9nw+ho2ngDAo=;

b=b2MS3VyMvPYxR61T+uUGuIbU9NXV1+qXeok71Yh/3XIxLKeTt57AVWPAiWsUEGwBUR

uU9a+zZTGXKDMeasaY+RH630y4NtV8ee7/G9fgcAMTDbxvVk0d/e1XA1Nt8kwfsbjL5r

tzbWfMZTrTDdQgJ4J4vGpUfPdggx9cKDM0pM/i+x3EzDWno7E5PpnJl2L0o/cTXAmW2q

CMwDtJtY4HHkG/vFFjnbxZpymUIspKHjegHJ1FT6+7V56LLYL6YzHj4gRXVP3M81phiF

snlzkYTCVTFlvMG7qlVrX9t/iq7Yh6Yh9KYKAQ2saruZPAOaBhTGba37ObOOuyfO4ufG

whyA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1736692084; x=1737296884;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=vHT1yMnNL6CHuMLXtMgzRbZAvFlwmzP9nw+ho2ngDAo=;

b=HzPATpyiGChRPFKHSqVoNTVgO8M4cqkbvVnoyDEB5gLyoz98zZJ686efdfAZ1zMksl

VZQwok8Dmv5g9A8lJepqh4AQgUwJMvXw6aZp5J7ZREXnLa5Y//zK8b1ZCh+o9SO3NiQb

PcMYcErdQv3497t2CG1J2INZSpazRJiD56KLmLWEXhyEy48lGrXOdxZm+Pf21CeTAoIQ

46qr6bdQi1pwXY0UVEX6j9kipSQdIqzzYV4SPT339pIWSE4a2NVzb9D0T2XCAxKHLaDN

gEXUslU03JKYODvq3+D0PDCXTtOLKxOGTX8aS1D1bU2Lave8oRe/9RNkaXaijROL7dDY

WXWw==

X-Gm-Message-State: AOJu0YxChXWGvPi00HIFwfMalZ76KIg9OpYFFBUAtkXlEORVgwDXiVWw

Y0D5HL/di8JsJ4OQ061cMnaATU2IZ+Oe4Ewq+RJpNHmf5ndiz4lYguwBbpy2wKGYurRUp1dyp60

HaPg=

X-Gm-Gg: ASbGnctQw+yS4OpSBLqKvfRFoSEcs3nIkiv6Qm/xuyp6Jy6tzd/XofJabul5iBKAXtz

hTpVIsniRDkS0idmE5/sMHiY1YMn2sT7T8PII+e7p9/RStoLCyVfDs+mSObB5dbjHdAHdSQOMr7

R6xzt1u+n3cAsjhBTrLLoYBuqeAFDKYzR8pmLDAdXc5trxEWZEH0jntD8+HkRm07N9zhClFwODA

6/NKDIgYIgaxOJyT/8C8JpBZWcvffbiXZHuuV0h0SMkrZ83CSj/dLudlwnKi4PWGw==

X-Google-Smtp-Source: AGHT+IE8WSYO/BSBBwR+jErqZqzX9ivNpwqJeeAQS7pgOLp0m+Y22vsqXrX6CQr4DuqhIu7GQvkzeA==

X-Received: by 2002:a05:6a21:164e:b0:1e0:d851:cda5 with SMTP id adf61e73a8af0-1e88d10f711mr29504372637.14.1736692084271;

Sun, 12 Jan 2025 06:28:04 -0800 (PST)

Received: from DESKTOPQPJ2HB0 ([2409:40d0:bd:d8a1:bc36:3691:8062:6a9])

by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-a31ddb9e409sm5475022a12.74.2025.01.12.06.27.59

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Sun, 12 Jan 2025 06:28:03 -0800 (PST)

From: "Manisha"

To:

Subject: Website Upgrade Opportunity

Date: Sun, 12 Jan 2025 19:54:02 +0530

Message-ID: <2a5201db64fe$714e9dd0$53ebd970$@in>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_2A53_01DB652C.8B06D9D0"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: Adtk6LRJH/JA7a50Qy6daF9qH9EVbA==

Content-Language: en-us

X-Spam_score: 5.7

X-Spam_score_int: 57

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi sales@nk.ca, I hope you are fine. We are an India based

website design and development company with PHP development offering services

at a moderate price. We have a dedicated team of over 100 professionals with

over 12 years of experi [...]



Content analysis details: (5.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.214.196 listed in dnsbl.ahbl.org]

[209.85.214.196 listed in dnsbl.ahbl.org]

[209.85.214.196 listed in dnsbl.ahbl.org]

[209.85.214.196 listed in dnsbl.ahbl.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[dnsbl.ahbl.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[dnsbl.ahbl.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[dnsbl.ahbl.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.214.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.214.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.214.196 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.214.196 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:bd:d8a1:bc36:3691:8062:6a9 listed in]

[will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

[209.85.214.196 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.214.196 listed in list.dnswl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.214.196 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.2 MR_FROM_SHORT No description available.

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

0.0 HTML_MESSAGE BODY: HTML included in message

Subject: {SPAM?} Website Upgrade Opportunity



This is a multi-part message in MIME format.



------=_NextPart_000_2A53_01DB652C.8B06D9D0

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit



Hi sales@nk.ca,







I hope you are fine.







We are an India based website design and development company with PHP

development offering services at a moderate price. We have a dedicated team

of over 100 professionals with over 12 years of experience and live by the

idea that design makes a difference.







1. Do you want to create a new company website?







2. Do you want to redesign/revamp your website with a new, modern, and

industry-standard look?







We use the latest technologies, user-friendly CMS, and frameworks for

designing a professional website such as: WordPress, Magento 2.0, Core PHP,

Laravel, Node js, Vue js, React js, Angular js and Shopify.







Let me know if you're ready to talk about a possible website

redesign/redesign or a new website design.







I am waiting for your reply.







Best regards,



Manisha





------=_NextPart_000_2A53_01DB652C.8B06D9D0

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable




xmlns:o=3D"urn:schemas-microsoft-com:office:office" =

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =

xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =

xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =

charset=3Dus-ascii">
(filtered medium)">
vlink=3Dpurple>


style=3D'font-family:"Calibri","sans-serif";color:black'>Hi

style=3D'font-family:"Calibri","sans-serif";color:black'>sales@nk.ca
n>
style=3D'font-family:"Calibri","sans-serif";color:black'>,


class=3Dxxmsonormal>
style=3D'font-family:"Calibri","sans-serif";color:black'> 

>


style=3D'font-family:"Calibri","sans-serif";color:black'>I hope you are =

fine.


style=3D'font-family:"Calibri","sans-serif";color:black'> 

>


style=3D'font-family:"Calibri","sans-serif";color:black'>We are an India =

based website design and development company with PHP development =

offering services at a moderate price. We have a dedicated team of over =

100 professionals with over 12 years of experience and live by the idea =

that design makes a difference.


style=3D'font-family:"Calibri","sans-serif";color:black'> 

>


style=3D'font-family:"Calibri","sans-serif";color:black'>1. Do you want =

to create a new company website?


style=3D'font-family:"Calibri","sans-serif";color:black'> 

>


style=3D'font-family:"Calibri","sans-serif";color:black'>2. Do you want =

to redesign/revamp your website with a new, modern, and =

industry-standard look?


style=3D'font-family:"Calibri","sans-serif";color:black'> 

>


style=3D'font-family:"Calibri","sans-serif";color:black'>We use the =

latest technologies, user-friendly CMS, and frameworks for designing a =

professional website such as: WordPress, Magento 2.0, Core PHP, Laravel, =

Node js, Vue js, React js, Angular js and Shopify.


class=3Dxxmsonormal>
style=3D'font-family:"Calibri","sans-serif";color:black'> 

>


style=3D'font-family:"Calibri","sans-serif";color:black'>Let me know if =

you're ready to talk about a possible website redesign/redesign or a new =

website design.


style=3D'font-family:"Calibri","sans-serif";color:black'> 

>


style=3D'font-family:"Calibri","sans-serif";color:black'>I am waiting =

for your reply.


style=3D'font-family:"Calibri","sans-serif";color:black'> 

>


style=3D'font-family:"Calibri","sans-serif";color:black'>Best =

regards,


style=3D'font-size:12.0pt;line-height:115%;color:black'>Manisha

>



------=_NextPart_000_2A53_01DB652C.8B06D9D0--



Home Depot Phish from Amazon

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 12 Jan 2025 06:46:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWyHW-00000000Pk7-3U50

for dave@doctor.nl2k.ab.ca;

Sun, 12 Jan 2025 06:45:34 -0700

Resent-From: The Doctor

Resent-Date: Sun, 12 Jan 2025 06:45:34 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from a11-157.smtp-out.amazonses.com ([54.240.11.157]:56657)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from <010001945a9aa85e-6e7bd772-b32a-4e9a-a874-5f5f324ab403-000000@canada.homedepot.com>)

id 1tWxcX-000000007dI-24g2

for sales@nk.ca;

Sun, 12 Jan 2025 06:03:23 -0700

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=fz3l6bde6bqnthypodw7t6cgaw4k7pib; d=homedepot.com; t=1736686872;

h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Date;

bh=2KHhJZ7gAFs0+ZOYkfMkl2cJq0/Y/9UhfoiOlG8Q+I8=;

b=ccqxyEDVFP25PTX5zdYhQ2X7Bz7Q0aWJHEFUpOkW2HDmg7bAfYEebx6LkaHIV4eb

CuhVdB4vbZ59/gEHMocZQsbGw5oSPJ1x5UEGxfMvHzVXI3b9P4ZqcJX5t6m/Z8bFZ7E

ZLDv6mx7fwr2dCQa1CtmmpP9kZIf0ZJ2v967q3Rk=

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=ug7nbtf4gccmlpwj322ax3p6ow6yfsug; d=amazonses.com; t=1736686872;

h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Date:Feedback-ID;

bh=2KHhJZ7gAFs0+ZOYkfMkl2cJq0/Y/9UhfoiOlG8Q+I8=;

b=pqry39EddCRfTozw4RejdYtxBAh+uu+uhoamMQ2eON7tjYwno0cNpQ+6sriD8G7K

Gj83WrDzSl1e5BnrFJv0KKhV9o3yrCWHR80UTQviNwtNsyJNvfwSaTIabCPndZlLUeA

u8uaxDbysPraIxsF2dlO7ySIF+qcxso3QMRxD/SI=

From: The Home Depot

To: sales@nk.ca

Subject: Thanks for your recent purchase

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

Message-ID: <010001945a9aa85e-6e7bd772-b32a-4e9a-a874-5f5f324ab403-000000@email.amazonses.com>

Date: Sun, 12 Jan 2025 13:01:12 +0000

Feedback-ID: ::1.us-east-1.hhYlKpJOcsdGtJ2EfkXzRj3BkcxALl1Mya7ElTlEE5Q=:AmazonSES

X-SES-Outgoing: 2025.01.12-54.240.11.157

X-Spam_score: 11.4

X-Spam_score_int: 114

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Thanks for your recent purchase Review your HAH Inca Mini

100L I/O Clear —



Content analysis details: (11.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[54.240.11.157 listed in dnsbl.ahbl.org]

[54.240.11.157 listed in dnsbl.ahbl.org]

[54.240.11.157 listed in dnsbl.ahbl.org]

[54.240.11.157 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[54.240.11.157 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[54.240.11.157 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[54.240.11.157 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[54.240.11.157 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[54.240.11.157 listed in will-spam-for-food.eu.org]

[54.240.11.157 listed in will-spam-for-food.eu.org]

[54.240.11.157 listed in will-spam-for-food.eu.org]

[54.240.11.157 listed in will-spam-for-food.eu.org]

[54.240.11.157 listed in will-spam-for-food.eu.org]

[54.240.11.157 listed in will-spam-for-food.eu.org]

[54.240.11.157 listed in will-spam-for-food.eu.org]

[54.240.11.157 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[54.240.11.157 listed in list.dnswl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[54.240.11.157 listed in wl.mailspike.net]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

2.0 GR_DOMAIN_AMAZON1 Received contains spam friendly host (amazon)

0.3 MR_DEPOT_URI URI: Depot in link address

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

1.0 LONG_IMG_URI Image URI with very long path component - web bug?

Subject: {SPAM?} Thanks for your recent purchase




/TR/xhtml1/DTD/xhtml1-strict.dtd">






" />


=3D1, maximum-scale=3D1, user-scalable=3D0" />

Thanks for your recent purchase






ing-left:0;padding-right:0;padding-top:0;margin-bottom:0;margin-left:0;marg=

in-right:0;margin-top:0;">


epeat; background-position:31em 3em;width:100%;overflow:hidden;border:1px s=

olid #ffffff;">




p:0;margin-bottom:0;padding-left:.5em;padding-right:.5em;padding-top:.5em;p=

adding-bottom:.5em;border:1px solid #dddddd;">



Review your HAH Inca Mini 100L I/O Clear
ee;">=E2=80=94







ext-decoration:none; border:0px" src=3D"http://photos-us.bazaarvoice.com/ph=

oto/2/Y2xpZW50Y29uZmlnaW1hZ2VzOmhvbWVkZXBvdC1jYW5hZGE/4192acaf0aea9b0eeccc3=

24284343b7b.jpg" alt=3D"The Home Depot Canada logo" />
 









#ffffff;margin-top:0;margin-bottom:0;border: 1px solid #ffffff;">








GUEST,


 


Thank you for shopping with us! We hope you'll write about your HAH Inca Mi=

ni 100L I/O Clear while it's still fresh on your mind.


 



r=3D"#eeeeee" style=3D"background: #eeeeee; padding-top: 10px; padding-righ=

t: 10px; padding-bottom: 10px; padding-left: 10px; -webkit-border-radius: 4=

px; -moz-border-radius: 4px; border-radius: 4px; font-weight: bold; text-de=

coration: none; display: block;">
n: none; font-size:1.5em" href=3D"https://network.bazaarvoice.com/r/WESdcnC=

FKwWjrPx3?">Write a review



 


Thanks again,


The Home Depot Canada




 




height:auto;object-fit:contain;" src=3D"https://images.homedepot.ca/product=

images/p_1000830468.jpg" alt=3D"HAH Inca Mini 100L I/O Clear">


=20














adjust:none;padding-bottom:.5em;padding-left:.5em;padding-right:.5em;paddin=

g-top:.5em;border:1px solid #dddddd;background-color:#eeeeee;margin-top:0;m=

argin-bottom:0;">


t.ca">Contact Customer Service
with questions or concerns. If you no lo=

nger wish to receive notifications like this, you can
6C9D !important;" href=3D"https://network.bazaarvoice.com/r/pelKKfuD2KJCgbV=

K?">unsubscribe
any time.


 


Please allow up to ten business days for The Home Depot to process =

any changes to your email preferences.





You may also be removed from this list by calling 1-800-628-0525, or mailin=

g your request to homedepot.ca at:





Home Depot of Canada Inc.


1 Concorde Gate, Ste. 400


Toronto, ON M3C 4H9


 









e=3DOpened&messageId=3D4c8ef55b-d0e5-11ef-850a-0affe6d51499&client=3Dhomede=

pot-canada&source=3Dletterpress" alt=3D"" />





Web / SEO / App spam from Microsoft Outlook

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 12 Jan 2025 04:58:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWwbL-00000000KCY-1s8v

for dave@doctor.nl2k.ab.ca;

Sun, 12 Jan 2025 04:57:55 -0700

Resent-From: The Doctor

Resent-Date: Sun, 12 Jan 2025 04:57:55 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-koreacentralazolkn19013073.outbound.protection.outlook.com ([52.103.74.73]:39180 helo=SEYPR02CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWvZh-00000000HeY-0OEE

for root@nk.ca;

Sun, 12 Jan 2025 03:52:14 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=p/ivehg11y6A5sK6SqWeogQXW3/w8CB3/nMMoezCFQuzA/zY28ggA9/pZMpzC6HSflaX7Xgq2bKBjLlAdzNbRB1lMGrKDZDe1Oe8Y6461ydgfd3ZBNP4lACZu3J4RbeKbWPwEpr27HqArTNo6ueWaYvFbYL4N5kqzE1V5rMxe5Pirm5/NRVa9jrKDRtarJ4GCw+6W5o833zAR6W+Lj5U/uRj7BRNynnBLSN6rhXGnPq8+snpGKwASYqjMk/hGZOeTvIwKnF5C66yokZjlcZ+S7i+XCQ9ODFrTyrZtAxO8GS/4NtvRgMeYN8JzBBEJ+qJAOK50AgUnzBZsARkayFiuA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=xZnChBt2BQRklTuziBrdZk7If5a5HuJlmDk9YDYLt7U=;

b=LRogBayzORcIpZeRvYPHYABQPfm+zB8rgmJFImg7dYJOOVatQ/T+pqT/h2RB1Kavr3s1MRgwrrLzeAyJ8IJldLGe7/T99tOs1pjNInyjJhlj/J1GApTm1cKgXpYjguFXpC6aAqb7f3dWFu9BrxBnKYGbrgOYqn2/Dw2/p/+p2eG4zprFF1ovxe8K985mT4gd/WLlVbZOEBvBcRgZnlKTR01g2g7+yFmjqAh0IhlBPHKSfUCIE8VX47FEvDMxmFbgx+IwN+5DovBLfKqm1KCdHNOdQ27GUp5C6i2sXdj5kcJmNTLCuJ6NZPYi2i3aNyPm6aGAYDUpEq5bW/VUOJBbng==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=xZnChBt2BQRklTuziBrdZk7If5a5HuJlmDk9YDYLt7U=;

b=qvDz+pKjoXjAM5JzOkAS8K2vaC1itD3PhfYiNEq+afdHYdiYShe7VrrellBT1ugzhU/m1LdoBGWPwChFk182hZwukogqxpPXrM8UPw7ayAENmtvXMcjTc8BehG+h8ZtF6aL+VuYzXuFAV74N6atc0vGNZaxUPb0pPeSl+IMnKb7ld8yioo2GyQ90O7TZHOl7lwAMlCP1x0YdQDYcY+5S3dbp2vHHhIiLnKR/OMnTFt4Cit/Xhy80syKY3g747vexXc5NjQdfnG2EQ0iHg0zvRTmMfDqrg17SB10aZa6AA/6XKhzlQIaAwpvkYjGkVHKIR7u/PKv2HnUgeZrwv3bDrw==

Received: from PSAPR01MB3863.apcprd01.prod.exchangelabs.com

(2603:1096:301:49::9) by SEL0PFEB55121C1.apcprd01.prod.exchangelabs.com

(2603:1096:108:1::5d8) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8335.16; Sun, 12 Jan

2025 10:50:04 +0000

Received: from PSAPR01MB3863.apcprd01.prod.exchangelabs.com

([fe80::2759:b98c:e0c7:cab]) by PSAPR01MB3863.apcprd01.prod.exchangelabs.com

([fe80::2759:b98c:e0c7:cab%2]) with mapi id 15.20.8335.015; Sun, 12 Jan 2025

10:50:04 +0000

From: Camila Wisener

To: "root@nk.ca"

Subject: SEO Proposal...

Thread-Topic: SEO Proposal...

Thread-Index: Adtk3Qc48ei8jyl7QiKxVP1zM4tyXA==

Date: Sun, 12 Jan 2025 10:49:06 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: PSAPR01MB3863:EE_|SEL0PFEB55121C1:EE_

x-ms-office365-filtering-correlation-id: 400a067b-4991-4516-dd4c-08dd32f6df3c

x-microsoft-antispam:

BCL:0;ARA:14566002|8060799006|5062599005|8062599003|19110799003|461199028|15080799006|102099032|440099028|3412199025;

x-microsoft-antispam-message-info:

=?us-ascii?Q?iCOVSqOs7QrEYITykltUqSwk8XXsobFQiMrEZ2QYBhldYhz+bC/dHiaNZlPg?=

=?us-ascii?Q?CRVc0OirhN+0tMmviUNWOvuhb4SwCsuUoBWP/rgGs3uYWdO8lTvlCq1+vPxT?=

=?us-ascii?Q?Syd2Mphw++kvl3ZV+0Arv2Onaccu0AB95sIoOoM2WmmWM9AWPhkfHJn5cHz2?=

=?us-ascii?Q?0pKuawTI78gmHjFz5Hi3GcFTLKMf/Gh3iEKNgOpduo/diGRViEr1e3Rz2A0B?=

=?us-ascii?Q?DY1TijTXDxnLcYNmTzbS3DBCQeh/YMXgk3QbDDDGvvbEPaQwT+k4ehHDuZDN?=

=?us-ascii?Q?4f0a2ZkAdXjTp9G8bWDCSrzM4tD3H+Xw7XTPJsTeJtu2ginWp697FegGiwjh?=

=?us-ascii?Q?AixOtepMCM15JS3MT/RWhhSwlOC/I2u/R7V1JNJluS+YfIA1N0QYlBOx2K4d?=

=?us-ascii?Q?VFGDXQjvX4uIdJGCoY/19WHunJhsO6eKH2HwB7zPQHeS42+GWaCq7QUtmi8M?=

=?us-ascii?Q?HnugrHqF3juzcuaCqCH4lMr9IpHAv7V/14kGX9rPyB0pXPilPtqBFKMo6dSc?=

=?us-ascii?Q?45oQTxcLMi+XGaSeodEwgO67jdYMIdfV9rsJkPaqxtU7fDMDYim0pPS6PyCY?=

=?us-ascii?Q?6lxoaXOgjFwO/NWqbBAwz6S/vdKULnJk1YTp5wSepvbKbjBpp+nqEWyobT3Q?=

=?us-ascii?Q?lKr1Ipta/gGxQuZ5tpZLCvpHBZWPsCghTLL1BHaTnHdKCMIsWZFT+ebJntd+?=

=?us-ascii?Q?2uwtXqRZ8m8C7W/sKEop7mFu7tI9QYlYAZm6k/WdWb5NkfOhlYlgxJ4SjToa?=

=?us-ascii?Q?rmuQNr9XyuQBone+nKdkpbXP6IyrAux/tlysKK1UADec5CLpeb7zxPZC6E8d?=

=?us-ascii?Q?YOVygDVKfLDKaEhlnPpryYES1nFZWJ0/V3RYSzI+qJaXaqvQh8Epm+xcQc3Y?=

=?us-ascii?Q?8Gq/RG7/aP62eN4cR4sz2qqRO8/SI/6GU4rAO2kYp7gTmGZPATZBDSnH7qJj?=

=?us-ascii?Q?jVgNVrDbIZ/RhKsmPZ1lJkz+z0Rv1cW8mgx+doQJWC8xs/z1aNJ52Ey1s9wU?=

=?us-ascii?Q?l1Cr75RdfEBnwItYVAORpvqLCBdXQVpKHghXAs1DKIjz5zfnZ38ZBkXkh5XH?=

=?us-ascii?Q?CiKEoG/uP91vbQgxxFKMeoTX4iocaQ=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?us-ascii?Q?YhlX7K/LmL/RqFC2ncuu75sRFqZ4xWoIkUfHC4pf4/PeNZFBac/TgWlV0czQ?=

=?us-ascii?Q?YkbGc3Adi3jU4n344FgmKX9k0buWr644aFtdCQOI4aC8o55B56zH1bszZnFM?=

=?us-ascii?Q?hr5n387XUafxIqq2G+93s0mRJgrXal6cIxZ/LnhEOVgRguD01rhCkTbJN6CX?=

=?us-ascii?Q?CrCQUHR2tw6vgPDeOcfZ/dPpYrLcwQqo8XRVitoHeh6tFloD/gdl1BawVEWE?=

=?us-ascii?Q?wg5Kb+hgV1q0mx99C46ysei6ip08h3XNWZvUiqU5tNsKh9YJvnQwXzo2P3hi?=

=?us-ascii?Q?YuzlDbSMTzRzPtpVnItLBkTve3i0HSRRK8pEiO/xWP2/x06pUjdVgUDZ3R54?=

=?us-ascii?Q?e7tBMwwLfVxMG9f4+h1ihl8QVeFOrrDKtM8M0SgA9ULxtNpOZjb8lIJ3p/MP?=

=?us-ascii?Q?0CUzUi8Wv1AFJ546JDXenNuc3zyHHzq/jFf7fylBHtwe8xGmMkSLAgTIwNSV?=

=?us-ascii?Q?ZePiwjKmajV/+gSH3f/MMcePWcCRikIea4g7J6O2NI00CZv8G2O2Jhj4j9ZX?=

=?us-ascii?Q?lgtkl8MWAPtF2v7pHc3cVua6llKXdzBCQstMDMti3bc3zwqG9XIp0Sp3FqBN?=

=?us-ascii?Q?hathN1H+UmlDW3sCVjZrXg1huSf6XrdAadhFIQxm2ZxJNjqF922pDg1azmWy?=

=?us-ascii?Q?XSbp8b49wXgDB0c4hyO1SPUNlRBek+RPc4Kih7IwQjQSRkEPxVayJ8qcdGkk?=

=?us-ascii?Q?AEHYj1vHExTENjaJkjNEy+uDrE8Prh+uHmDYXYVbMRa/MMF0E9gtRibb/B8q?=

=?us-ascii?Q?Z6aHD6RX5OrXWDzeS25tZAdeLnusP49KZRkZNzUbRr+mT1pjRrdOYZKZyR+z?=

=?us-ascii?Q?iFldN8gcvMLbAd7MbuNwLMKOOZD9Smd6bjdL/EZRvdX4j+N1/pk+Qftjl5w5?=

=?us-ascii?Q?M2wV8AeIU8xl8MPJxuqtQcuB/agzuz8iPo9aAcxTMnmpaeUJp4/mEJTc9Vx4?=

=?us-ascii?Q?WNclth9K/PegIblQppQAFAiWtRQA0rD1TALRObBZyDNPnG476R+jGB32iIpe?=

=?us-ascii?Q?OhnD6e+ZFV2iCIdd4urPhNWmYP1EfTSfMaz2kkZf6fF4wVxVOPGZcGWYiQmN?=

=?us-ascii?Q?TnJFkxyRKxSuGJu/CSh9pXr0pNHwCzXEuJxYVKb3aevXIs5WiSybsEwA3mOz?=

=?us-ascii?Q?pqtXwbLo3oBWbI3/BA9TQYJM+hU+0Qr3f5N0A1BsGOjUna2qzp4ULOpGc1TM?=

=?us-ascii?Q?qMfb+yYfloM4pPTUTQGBe7k6ghLfiqZL/zzuGe/JFrfzqIZmZepzFplg200?=

=?us-ascii?Q?=3D?=

Content-Type: multipart/alternative;

boundary="_000_PSAPR01MB3863FF4894761B182F269678B51E2PSAPR01MB3863apcp_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-7719-20-msonline-outlook-b4c57.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: PSAPR01MB3863.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 400a067b-4991-4516-dd4c-08dd32f6df3c

X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jan 2025 10:49:06.5242

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEL0PFEB55121C1

X-Spam_score: 5.1

X-Spam_score_int: 51

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, root@nk.ca I am a Marketing Executive. I can take your

website to the top page of Google If you are interested then, I can send

you SEO proposal. Regards, Camila Wisener Hello, root@nk.ca I am a Marketing

Executive.



Content analysis details: (5.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.74.73 listed in dnsbl.ahbl.org]

[52.103.74.73 listed in dnsbl.ahbl.org]

[52.103.74.73 listed in dnsbl.ahbl.org]

[52.103.74.73 listed in dnsbl.ahbl.org]

[2603:1096:301:49:0:0:0:9 listed in]

[dnsbl.ahbl.org]

[2603:1096:301:49:0:0:0:9 listed in]

[dnsbl.ahbl.org]

[2603:1096:301:49:0:0:0:9 listed in]

[dnsbl.ahbl.org]

[2603:1096:301:49:0:0:0:9 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.74.73 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.74.73 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.74.73 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.74.73 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:301:49:0:0:0:9 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:49:0:0:0:9 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:49:0:0:0:9 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:49:0:0:0:9 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:49:0:0:0:9 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:49:0:0:0:9 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:49:0:0:0:9 listed in]

[will-spam-for-food.eu.org]

[2603:1096:301:49:0:0:0:9 listed in]

[will-spam-for-food.eu.org]

[52.103.74.73 listed in will-spam-for-food.eu.org]

[52.103.74.73 listed in will-spam-for-food.eu.org]

[52.103.74.73 listed in will-spam-for-food.eu.org]

[52.103.74.73 listed in will-spam-for-food.eu.org]

[52.103.74.73 listed in will-spam-for-food.eu.org]

[52.103.74.73 listed in will-spam-for-food.eu.org]

[52.103.74.73 listed in will-spam-for-food.eu.org]

[52.103.74.73 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.74.73 listed in wl.mailspike.net]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.74.73 listed in list.dnswl.org]

0.0 ARC_SIGNED Message has a ARC signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[camilawisener(at)hotmail.com]

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

0.0 HTML_MESSAGE BODY: HTML included in message

Subject: {SPAM?} SEO Proposal...



--_000_PSAPR01MB3863FF4894761B182F269678B51E2PSAPR01MB3863apcp_

Content-Type: text/plain; charset="us-ascii"

Content-Transfer-Encoding: quoted-printable



Hello, root@nk.ca

I am a Marketing Executive.

I can take your website to the top page of Google

If you are interested then, I can send you SEO proposal.

Regards,

Camila Wisener





--_000_PSAPR01MB3863FF4894761B182F269678B51E2PSAPR01MB3863apcp_

Content-Type: text/html; charset="us-ascii"

Content-Transfer-Encoding: quoted-printable




osoft-com:office:office" xmlns:w=3D"urn:schemas-microsoft-com:office:word" =

xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" xmlns=3D"http:=

//www.w3.org/TR/REC-html40">




>








break-word">



Hello, root@nk.ca



I am a Marketing Executive.



I can take your website to the top page of Google
>

If you are interested then, I can send you SEO propo=

sal.



Regards,



Camila Wisener
o:p>



 











--_000_PSAPR01MB3863FF4894761B182F269678B51E2PSAPR01MB3863apcp_--

DHL Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 12 Jan 2025 14:00:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tX53c-00000000DV6-2ZRP

for dave@doctor.nl2k.ab.ca;

Sun, 12 Jan 2025 13:59:40 -0700

Resent-From: The Doctor

Resent-Date: Sun, 12 Jan 2025 13:59:40 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [147.45.197.26] (port=48480 helo=casio.co.jp)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tX1Av-000000008sg-0J6f

for doctor@doctor.nl2k.ab.ca;

Sun, 12 Jan 2025 09:51:04 -0700

Received: from [127.0.0.1] (helo=team.org)

by casio.co.jp with esmtp (Exim 4.95)

(envelope-from )

id 1tWg5g-003V15-9H

for doctor@doctor.nl2k.ab.ca;

Sat, 11 Jan 2025 19:20:08 +0100

From: DHL Service Express

To: doctor@doctor.nl2k.ab.ca

Subject: DHL Service Express (YOUR SHIPMENT INVOICE,PACKING LIST,BL IS READY FOR PICK-UP CONFIRM YOUR ADDRESS NOW)

Date: 11 Jan 2025 10:20:07 -0800

Message-ID: <20250111102006.106A03F4D738A1D9@team.org>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 15.5

X-Spam_score_int: 155

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: DHL Express Hello, doctor ! You have a package waiting for

delivery Use the tracking code below to tracking your package, Click "Track

your package" to confirm and avoid any deliver delays.



Content analysis details: (15.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[147.45.197.26 listed in sbl-xbl.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.45.197.26 listed in will-spam-for-food.eu.org]

[147.45.197.26 listed in will-spam-for-food.eu.org]

[147.45.197.26 listed in will-spam-for-food.eu.org]

[147.45.197.26 listed in will-spam-for-food.eu.org]

[147.45.197.26 listed in will-spam-for-food.eu.org]

[147.45.197.26 listed in will-spam-for-food.eu.org]

[147.45.197.26 listed in will-spam-for-food.eu.org]

[147.45.197.26 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.45.197.26 listed in dnsbl.ahbl.org]

[147.45.197.26 listed in dnsbl.ahbl.org]

[147.45.197.26 listed in dnsbl.ahbl.org]

[147.45.197.26 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.45.197.26 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.45.197.26 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.45.197.26 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.45.197.26 listed in dnsbl.ahbl.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[147.45.197.26 listed in zen.spamhaus.org]

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

0.6 J_CHICKENPOX_42 BODY: 4alpha-pock-2alpha

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to

background

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.5 GB_CUSTOM_HTM_URI Custom html uri

0.0 NORDNS_LOW_CONTRAST No rDNS + hidden text

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

Subject: {SPAM?} DHL Service Express (YOUR SHIPMENT INVOICE,PACKING LIST,BL IS READY FOR PICK-UP CONFIRM YOUR ADDRESS NOW)














marginheight=3D"0" marginwidth=3D"0">




cellspacing=3D"0">




















=09=09



=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09



=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09



=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09



=09=09

=09=09

=09=09

=09=09

=09=09

=09=09



=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09

=09=09



=09=09

=09=09

=09=09

=09=09

=09=09

=09=09



=09=09


ackground-color: rgb(255, 255, 255); -moz-border-radius: 3px; -webkit-borde=

r-radius: 3px; -khtml-border-radius: 3px;">

=09=09




=09=09=09


y>


=09=09=09=09



=09=09=09=09=09



=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09



=09=09=09=09=09



DHL Express



=09=09=09=09=09



=09=09=09=09



=09=09

=09=09


und-color: rgb(255, 255, 255); -moz-border-radius: 3px; -webkit-border-radi=

us: 3px; -khtml-border-radius: 3px;">

=09=09

=09=09


y>


=09=09=09=09

=09=09=09=09




=09=09=09=09



=09=09=09=09=09



=09=09=09=09=09



=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09



=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09



=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09



=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09



=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09

=09=09=09=09=09



=09=09=09=09



=09=09=09=09


>

Hello, doctor !



=09=09=09=09=09=09





=09=09=09=09=09=09


>



You have a package waiting for delivery





=09=09=09=09=09=09

=09=09=09=09=09=09

=09=09=09=09=09=09




=09=09=09=09=09=09

=09=09=09=09=09=09


>

=09=09=09=09=09=09

=09=09=09=09=09=09



Use the tracking code below to tracking your package,
Click "Tra=

ck your package" to confirm and avoid any deliver delays.





Your tracking code:






=09=09=09=09



=09=09=09=09=09

=09=09=09=09=09=09


round-color: rgb(255, 191, 0); -moz-border-radius: 2px; -webkit-border-radi=

us: 2px; -khtml-border-radius: 2px;">

=09=09



=09=09=09=09=09=09



=09=09=09=09=09=09





=09=09=09=09

=09=09=09=09=09=09=09=09=09


=3D"2">

409 848



=09=09=09=09=09=09=09=09=09

=09=09=09=09=09=09=09=09



=09=09=09=09=09=09=09=09



=09=09=09=09

=09=09=09=09



=09=09=09=09=09

=09=09=09=09=09=09


round-color: rgb(223, 1, 1); -moz-border-radius: 2px; -webkit-border-radius=

: 2px; -khtml-border-radius: 2px;">

=09=09



=09=09=09=09=09=09



=09=09=09=09=09=09





=09=09=09=09=09=09=09=09



=09=09=09=09

=09=09=09=09



=09=09=09=09=09

=09=09=09=09=09




=09=09=09=09=09



=09=09=09=09=09

=09=09=09=09=09


>

=09=09=09=09=09=09

=09=09=09=09=09=09



Shipment Recipient:



=09=09=09=09=09=09=09



    =09=09=09=09=09=09=09

    =09=09=09=09=09=09=09=09



  • =09=09=09=09=09=09=09=09

    This shipment can be cleared only by: doctor@doctor.nl2k.ab.ca=

           =09



  • =09=09=09=09=09=09=09



=09=09=09=09=09=09

=09=09=09=09=09=09



=09=09=09=09=09



=09=09=09=09

=09=09=09=09



=09=09

=09=09


nd-color: rgb(223, 1, 1); -moz-border-radius: 3px; -webkit-border-radius: 3=

px; -khtml-border-radius: 3px;">

=09=09

=09=09


y>


=09=09=09=09


>



=09=09=09=09=09=09



=09=09=09=09=09=09

=09=09

=09=09


der-radius: 3px; -webkit-border-radius: 3px; -khtml-border-radius: 3px;">

=09=09

=09=09



=09=09=09=09

=09=09=09=09

=



DHL Express Worldwide



=09=09=09=09



=09=09

=09=09



=09=09


















Fedex Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 11 Jan 2025 16:18:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWkjG-000000004Si-1LOk

for dave@doctor.nl2k.ab.ca;

Sat, 11 Jan 2025 16:17:18 -0700

Resent-From: The Doctor

Resent-Date: Sat, 11 Jan 2025 16:17:18 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from so254-6.mailgun.net ([198.61.254.6]:22165)

by doctor.nl2k.ab.ca with utf8esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWfRE-00000000ERw-3Yz8

for doctor@nk.ca;

Sat, 11 Jan 2025 10:38:30 -0700

DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mg.jydev.fi; q=dns/txt; s=pic; t=1736616980; x=1736624180;

h=Content-Type: Content-Transfer-Encoding: Message-Id: To: To: From: From: Subject: Subject: Mime-Version: Date: Sender: Sender;

bh=Gb4YAyEYZAaDSQnSvMdP52mg9ZhR575c4U+QLWih+gE=;

b=tQ7CYbHpgj+iA2K0GQ7PZqhR6a0EJQL0TcL4bgXQ6bAuhJ2KaDBSgD620hCKBGbjT5+CrRc4xioTeiOL4TKd1RH+rblpTTkvchLYdoragdQxO5jk3nEdjGUX2CtemcRk+ZalvTrCHJsVi3iezMLEWMW0VV3UtxbCQMillZDcLEE=

X-Mailgun-Sending-Ip: 198.61.254.6

X-Mailgun-Sending-Ip-Pool-Name:

X-Mailgun-Sending-Ip-Pool:

X-Mailgun-Sid: WyJlZTUwMCIsImRvY3RvckBuay5jYSIsIjNhMzUzOCJd

Received: by d45e009e74eb with HTTP id 6782ac14a653ee225fc7e277; Sat, 11 Jan 2025

17:36:20 GMT

Sender: info=jydev.fi@mg.jydev.fi

Date: Sat, 11 Jan 2025 17:36:20 +0000

Mime-Version: 1.0

Subject: FedEx Notice : Your parcel will be delivered soon!

From: INFO

To: doctor@nk.ca

Message-Id: <20250111173620.b84cfbf0ec254a70@mg.jydev.fi>

Content-Transfer-Encoding: quoted-printable

Content-Type: text/html; charset=ascii

X-Spam_score: 8.5

X-Spam_score_int: 85

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: F228775821274547e295113004546829d116018514976938E232922238690825x426592692638819

780724776328523 Y522519013352220o887916617051543u772965865442544r376297671637881

817588776212642p899371565017210a80941 [...]



Content analysis details: (8.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[198.61.254.6 listed in dnsbl.ahbl.org]

[198.61.254.6 listed in dnsbl.ahbl.org]

[198.61.254.6 listed in dnsbl.ahbl.org]

[198.61.254.6 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[198.61.254.6 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[198.61.254.6 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[198.61.254.6 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[198.61.254.6 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[198.61.254.6 listed in will-spam-for-food.eu.org]

[198.61.254.6 listed in will-spam-for-food.eu.org]

[198.61.254.6 listed in will-spam-for-food.eu.org]

[198.61.254.6 listed in will-spam-for-food.eu.org]

[198.61.254.6 listed in will-spam-for-food.eu.org]

[198.61.254.6 listed in will-spam-for-food.eu.org]

[198.61.254.6 listed in will-spam-for-food.eu.org]

[198.61.254.6 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[198.61.254.6 listed in list.dnswl.org]

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.3 LONGWORD BODY: Uses overlong words

0.6 MEGALONGWORD BODY: Uses really overlong words

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

Subject: {SPAM?} FedEx Notice : Your parcel will be delivered soon!




nt-size:48px">F
ransparent;font-size:0px">228775821274547=

e
font-size:0px">295113004546829
d
px">116018514976938
E
or:transparent;font-size:0px">23292223869=

0825
x
ent;font-size:0px">426592692638819



780724776328523


yle=3D"font-family:Arial,Helvetica,sans-serif">Y
arent;font-size:0px">522519013352220
o
size:0px">887916617051543
u<=

!--GNIXOR-lord804136452847007 -->772965865442544
r376297671637881
nt> 817588776212642p
tyle=3D"color:transparent;font-size:0px">=

899371565017210
a
or:transparent;font-size:0px">80941412298=

3170
c
ent;font-size:0px">443688301005866
k
ze:0px">614351830276193
a
-GNIXOR-lord795688438229753 -->274528289481637
g728502830549881
>e337680372447696
le=3D"color:transparent;font-size:0px">89=

6575831507914
i
:transparent;font-size:0px">2393932779214=

51
s
t;font-size:0px">443139668623835

:0px">428387181971932
w317227138673096a279622890632245i=

346641594854052t
=3D"color:transparent;font-size:0px">2694=

02962232457
i
ransparent;font-size:0px">854767347312473=

n
font-size:0px">100044551818492
g
px">773837428943709
661601376170820242141589032991o
ont style=3D"color:transparent;font-size:0px">134220497052388
r
=3D"color:transparent;font-size:0px">1965=

62272527853

ransparent;font-size:0px">856868303782584=

y
font-size:0px">758434079449497
o
px">572995896909657
u307133947031091934402061082673
pan>



839451991711373


le=3D"font-family:Arial,Helvetica,sans-serif">
er" target=3D"_blank">T512171523943148r510619864090666=

a385997529893850c
e=3D"color:transparent;font-size:0px">380=

889249263351
k
transparent;font-size:0px">44710375427563=

0
i
;font-size:0px">653881606154638
n
0px">436457212433225
g838557190774038995788584555182c<=

font style=3D"color:transparent;font-size:0px">977217220281337
o
=3D"color:transparent;font-size:0px">4638=

09194438877
d
ransparent;font-size:0px">574400406903678=

e
font-size:0px">850039881560126

px">251006746541791
847058780973513572793710848873=

52781004918589047
e=3D"color:transparent;font-size:0px">818=

479165134602
7
transparent;font-size:0px">52038395894675=

6
2
;font-size:0px">874070280215425
1
0px">640574333267750
59115682768869368409268014528851<=

font style=3D"color:transparent;font-size:0px">4820892032134027
=3D"color:transparent;font-size:0px">2291=

97752223226
3
ransparent;font-size:0px">135904694594356=

9
font-size:0px">646742560216205
1
px">813063191838744



421575916492148


le=3D"font-family:Arial,Helvetica,sans-serif">y
rent;font-size:0px">919309800457365
o
ize:0px">876239810434487
u
--GNIXOR-lord983956839319815 -->775856726524337
959230818697826
t>w712321465313237i
yle=3D"color:transparent;font-size:0px">1=

28106392947147
l
r:transparent;font-size:0px">369660243496=

378
l
nt;font-size:0px">237978031020197

e:0px">125960262956647
h684436869836142a915641735213306=

v420657686156658e
e=3D"color:transparent;font-size:0px">861=

854281231257

transparent;font-size:0px">34463748012277=

1
t
;font-size:0px">612863705884301
o
0px">408755077744291
600580695475838936616501878129a<=

font style=3D"color:transparent;font-size:0px">584744391955126
y
=3D"color:transparent;font-size:0px">7340=

19419526845

ransparent;font-size:0px">533418268927306=

t
font-size:0px">155937764696938
h
px">967025772620517
e876090220201970707724151846843d
ont style=3D"color:transparent;font-size:0px">626209233139147e
=3D"color:transparent;font-size:0px">9458=

76497828154
l
ransparent;font-size:0px">569348444139017=

i
font-size:0px">773332553558955
v
px">703250998664875
e748014131017594598758168269718y
ont style=3D"color:transparent;font-size:0px">901401346932763
=3D"color:transparent;font-size:0px">5775=

15310256149
c
ransparent;font-size:0px">820484994574440=

o
font-size:0px">643316129523260
s
px">833357091479656
t225647786374092558545589870801.
ont style=3D"color:transparent;font-size:0px">568346776805897
=3D"color:transparent;font-size:0px">6391=

04346415962
O
ransparent;font-size:0px">975802799282584=

n
font-size:0px">411184113244024
c
px">554866033478197
e463159095156642348975481314660y
ont style=3D"color:transparent;font-size:0px">312784935057110o
=3D"color:transparent;font-size:0px">3706=

17766998359
u
ransparent;font-size:0px">658907989535318=

r
font-size:0px">634655085057734

px">916744952190444
o568158608888618490357664241389d
ont style=3D"color:transparent;font-size:0px">865170842978985e
=3D"color:transparent;font-size:0px">7203=

07199236713
r
ransparent;font-size:0px">947467970167447=


font-size:0px">182374373933158
h
px">601766164910183
a307861965378376171868448657239
ont style=3D"color:transparent;font-size:0px">380141843069446b
=3D"color:transparent;font-size:0px">3980=

78033694600
e
ransparent;font-size:0px">494720320810691=

e
font-size:0px">653860132454607
n
px">373768334666673
415693763852645255532244262137r
ont style=3D"color:transparent;font-size:0px">157359747158654o
=3D"color:transparent;font-size:0px">6760=

32058627297
c
ransparent;font-size:0px">508236056099572=

e
font-size:0px">976403915227825
s
px">403798108887983
s934299106140539306738351880029d
ont style=3D"color:transparent;font-size:0px">283902635909276,
=3D"color:transparent;font-size:0px">6862=

67720753881

ransparent;font-size:0px">839254303711164=

y
font-size:0px">109005377540333
o
px">748310379706729
u630743754410505557923534313604
ont style=3D"color:transparent;font-size:0px">944606968969391p
=3D"color:transparent;font-size:0px">6659=

10548641096
a
ransparent;font-size:0px">573254414029531=

c
font-size:0px">840587384764101
k
px">444967704306682
a450461730897963277153068387847e
ont style=3D"color:transparent;font-size:0px">320717335940021
=3D"color:transparent;font-size:0px">9445=

46596125197
w
ransparent;font-size:0px">171865460306488=

i
font-size:0px">962729159934914
l
px">910359768427558
l626359215364578558809105198837b
ont style=3D"color:transparent;font-size:0px">869868581056633e
=3D"color:transparent;font-size:0px">5547=

19759439861

ransparent;font-size:0px">942081947067045=

d
font-size:0px">230151427966465
e
px">469815768607887
l959612481388115521228302969426v
ont style=3D"color:transparent;font-size:0px">896569906348029e
=3D"color:transparent;font-size:0px">1297=

76442315663
r
ransparent;font-size:0px">386725617733865=

e
font-size:0px">725291229716672
d
px">720529228418329
636717269306675138367874017200i
ont style=3D"color:transparent;font-size:0px">160809005722293t
=3D"color:transparent;font-size:0px">9436=

13887376079
h
ransparent;font-size:0px">895395776150670=

i
font-size:0px">397951163422796
n
px">713741494456609
629022612424253562139740486104
ont style=3D"color:transparent;font-size:0px">774004428715571m
=3D"color:transparent;font-size:0px">4809=

24184314773
a
ransparent;font-size:0px">274381480116894=

x
font-size:0px">242192781857294
i
px">734327423520499
m871625588085744376411251341488m
ont style=3D"color:transparent;font-size:0px">911728292594023
=3D"color:transparent;font-size:0px">5538=

58008030856
o
ransparent;font-size:0px">615401265965798=

f
font-size:0px">464351982221619

px">545460403791620
5698830354612953534962489039555w
ont style=3D"color:transparent;font-size:0px">782934228736930o
=3D"color:transparent;font-size:0px">4560=

45837372530
r
ransparent;font-size:0px">323997187071896=

k
font-size:0px">378007252124997
i
px">395113445559859
n746531028400665622916402123014
ont style=3D"color:transparent;font-size:0px">467673383674476d
=3D"color:transparent;font-size:0px">8863=

72929551186
a
ransparent;font-size:0px">942223767244601=

y
font-size:0px">659618854938873
s
px">990517170982211
.599111402554183484966914556374


le=3D"font-family:Arial,Helvetica,sans-serif">C
rent;font-size:0px">951391309619988
o
ize:0px">449110109606573
n
--GNIXOR-lord121660435387747 -->554597770775319
f183904095659378
t>i744850634469673r
yle=3D"color:transparent;font-size:0px">1=

20049870613338
m
r:transparent;font-size:0px">476259580725=

642

nt;font-size:0px">528390662097430
b
e:0px">678862636669358
y786017631369755 807416376952738=

c291284198410153l
e=3D"color:transparent;font-size:0px">975=

670898719397
i
transparent;font-size:0px">32045853427572=

6
c
;font-size:0px">304032087657123
k
0px">175963923618106
i287066818357463232206878036782g<=

font style=3D"color:transparent;font-size:0px">832533814998642

=3D"color:transparent;font-size:0px">8310=

40252071071
o
ransparent;font-size:0px">445131623337577=

n
font-size:0px">912534106795100

px">364226185802157
t739110567570815787509068236083e
ont style=3D"color:transparent;font-size:0px">342039831906376
=3D"color:transparent;font-size:0px">4638=

33261754525
l
ransparent;font-size:0px">754493009864738=

i
font-size:0px">376485962310033
n
px">825177471049567
k423387811482914946668424189719b
ont style=3D"color:transparent;font-size:0px">334071378937260e
=3D"color:transparent;font-size:0px">5840=

40103532076
l
ransparent;font-size:0px">985186740207905=

o
font-size:0px">942670658405820
w
px">599353139515030
742195286995816851412479975834
pan>



448354678839494


le=3D"font-family:Arial,Helvetica,sans-serif">
=2Eplus/inco/" rel=3D"noreferrer" targ=

et=3D"_blank">h
nsparent;font-size:0px">568728079912901
--GNIXOR-lord213678291111274 -->
t
nt-size:0px">770708841630100
t
">209000128746368
p496600540418489<=

/font>s646965180995054:
t style=3D"color:transparent;font-size:0px">694110933021537
/
color:transparent;font-size:0px">40437077=

1762332
/
parent;font-size:0px">925042213046372
d
-size:0px">803028272659830
e=

242545769028180
l119606277922712
ont>i562963641619140v
style=3D"color:transparent;font-size:0px">
e
lor:transparent;font-size:0px">3355352528=

83323
r
rent;font-size:0px">308887850486068
y
ize:0px">678114474683309
.
--GNIXOR-lord683650760248718 -->967545457006687
f467545192510677
t>e370411302311272d
yle=3D"color:transparent;font-size:0px">4=

04327417240711
e
r:transparent;font-size:0px">771370805176=

726
x
nt;font-size:0px">591231926482341
.
e:0px">725564052158836
c493212952789527o609097494080274=

m892746935797621/
e=3D"color:transparent;font-size:0px">694=

562662902788



865920371767752


le=3D"font-family:Arial,Helvetica,sans-serif">C
rent;font-size:0px">804267771997661
o
ize:0px">901835791581199
n
--GNIXOR-lord977190711441175 -->399064271366825
t510667669571931
t>a166357495474378c
yle=3D"color:transparent;font-size:0px">7=

26037420446971
t
r:transparent;font-size:0px">163532124107=

903

nt;font-size:0px">426131140323003
u
e:0px">908961376315814
s740271892495145 479894399157494=

i900997135740283f
e=3D"color:transparent;font-size:0px">189=

072284935178

transparent;font-size:0px">36337398101337=

5
y
;font-size:0px">369775712409397
o
0px">740376978755558
u553209934527271152652878631323h<=

font style=3D"color:transparent;font-size:0px">430651889359703
a
=3D"color:transparent;font-size:0px">3822=

15422144482
v
ransparent;font-size:0px">197052542807635=

e
font-size:0px">953821720444972

px">847709545178363
a310295928337849214150271742080y
ont style=3D"color:transparent;font-size:0px">342378546721698

=3D"color:transparent;font-size:0px">5498=

18319742903
q
ransparent;font-size:0px">584144551948673=

u
font-size:0px">526448040106381
e
px">990504250326926
s831673405154872630323579805833i
ont style=3D"color:transparent;font-size:0px">588197751340950o
=3D"color:transparent;font-size:0px">8742=

94601349735
n
ransparent;font-size:0px">460641912155858=

s
font-size:0px">247990129770185
.
px">165164219256332



633786652963519


le=3D"font-family:Arial,Helvetica,sans-serif">R
rent;font-size:0px">969213045734839
e
ize:0px">841132905209553
g
--GNIXOR-lord996507081256671 -->883236283498423
a191420221090644
t>r551141351695349d
yle=3D"color:transparent;font-size:0px">7=

91922751374831
s
r:transparent;font-size:0px">717667225434=

429

nt;font-size:0px">390038506012548
F
e:0px">479508343383485
e818512022108628d676472609331653=

e571627791241510x
e=3D"color:transparent;font-size:0px">738=

171720362489



341252744765975

Metamask phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 11 Jan 2025 08:30:01 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWawk-00000000Cbz-1NJf

for dave@doctor.nl2k.ab.ca;

Sat, 11 Jan 2025 05:50:34 -0700

Resent-From: The Doctor

Resent-Date: Sat, 11 Jan 2025 05:50:33 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from cloudhost-5007469.us-west-1.nxcli.net ([173.249.147.92]:42802)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWTdw-00000000McY-2dh2

for root@nk.ca;

Fri, 10 Jan 2025 22:03:05 -0700

Received: (qmail 14134 invoked by uid 10131); 11 Jan 2025 05:02:28 +0000

Date: 11 Jan 2025 05:02:28 +0000

Message-ID: <20250111050228.14133.qmail@cloudhost-5007469.us-west-1.nxcli.net>

To: root@nk.ca

Subject: Welcome to Our Services

X-PHP-Originating-Script: 10131:mail.php

From: Service Updates

Reply-To: psuz6stm@support.notices.org

Content-Type: text/html; charset=UTF-8

MIME-Version: 1.0

X-Spam_score: 12.2

X-Spam_score_int: 122

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: MetaMask Security Secure Your Wallet Now !



Content analysis details: (12.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[173.249.147.92 listed in sbl-xbl.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[173.249.147.92 listed in will-spam-for-food.eu.org]

[173.249.147.92 listed in will-spam-for-food.eu.org]

[173.249.147.92 listed in will-spam-for-food.eu.org]

[173.249.147.92 listed in will-spam-for-food.eu.org]

[173.249.147.92 listed in will-spam-for-food.eu.org]

[173.249.147.92 listed in will-spam-for-food.eu.org]

[173.249.147.92 listed in will-spam-for-food.eu.org]

[173.249.147.92 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[173.249.147.92 listed in dnsbl.ahbl.org]

[173.249.147.92 listed in dnsbl.ahbl.org]

[173.249.147.92 listed in dnsbl.ahbl.org]

[173.249.147.92 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[173.249.147.92 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[173.249.147.92 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[173.249.147.92 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[173.249.147.92 listed in dnsbl.ahbl.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[173.249.147.92 listed in zen.spamhaus.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[173.249.147.92 listed in sa-trusted.bondedsender.org]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[173.249.147.92 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[173.249.147.92 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[173.249.147.92 listed in bl.score.senderscore.com]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_IMAGE_ONLY_32 BODY: HTML: images with 2800-3200 bytes of words

1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)

0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%

[cf: 100]

2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level

above 50%

[cf: 100]

Subject: {SPAM?} Welcome to Our Services

















MetaMask Security

















































MetaMask Logo



Secure Your Wallet Now !



Dear Valued User,



Your wallet's security is our top priority. Two-Factor Authentication (2FA) protects your assets. Please enable 2FA for uninterrupted access.





Enable 2FA Now



If you have already taken action, please disregard this message.



Thank you for being a valued MetaMask user. Stay secure .









get news from multiple source from Microsoft Outlook

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 11 Jan 2025 07:41:42 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWayA-00000000Cg7-3Dzn

for dave@doctor.nl2k.ab.ca;

Sat, 11 Jan 2025 05:52:02 -0700

Resent-From: The Doctor

Resent-Date: Sat, 11 Jan 2025 05:52:02 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-eastasiaazolkn19011027.outbound.protection.outlook.com ([52.103.64.27]:60504 helo=HK3PR03CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWacP-00000000Ba8-3kaM

for sales@nk.ca;

Sat, 11 Jan 2025 05:29:48 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=MMnvLgX+X3GPB30RMz9Ym1fxoxPBaBX92bg+BLsKr+vIDliTDgPtTUrASITKPqC8fAIG14bVKu5x3X2bIfbjuoUk6NFRERvLNQXX2KY9vW+jRnWZmdGdvrP5RnAU/Ny/1DSAojwF1mM5hr3KXE7FDugEvTJR3M59s7UGj0MAb6H0XOEHBqh2Vk/L/Cw7QUoUqIgbBTwOVRWZqkYeWZzagiq0XZcKFkPqe+ENBZ9ZvxnC4rSBezDKKE+aU1DGSIt/PXK7YznDbT0WH1wDe29458tUTh8AegaWVMbFw2h3+XopsQ9Jj9nNfkpt46Dr1TFGUAmxYQfnborv/JeX5n7nGQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=wAuXeojpA/0rikLrqsFqgPErJB7AojW+RltVrr0Z0Us=;

b=Wu82bsN8U9efI3xntMh4BRGy+qczWViOcacMxUv0S3TpI5vjYmZVHf1YsI5JSoCf7ZS+X4SmchEos+W6Nu6TiHba7VYpfYJ7PZAVH2RkXgs2gA6m8aeDUbPc5w/3ebxiehzyXZW0OeE7BBhyuREsmRDwek+Mg8xp5JIsJwFyXUk0j2FKhHwnIkysrO5xfJkflNcZcWhrj6KhqoUVPVFVwN/WnmWSG+RxRrKXMQjZwKSHQvEOBIUrYHtqedlL9pMRnCN1LOQF0FTSX2N6mKRHycH0rrEnOdcyUI581mdlqf6FF9e+0vEq2XcwDhjiIMVvtIJd8XJIxncgNwckmSHgxg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=wAuXeojpA/0rikLrqsFqgPErJB7AojW+RltVrr0Z0Us=;

b=A8dzX60rfKIcyJBZbc3ezuGha+Ru5qflDKGZX9c9aJBxF/C90twACgST1qiMU7guHsXvnCWtS/8R+hVSRCVZG3n0MFWwDXQpo0ZFsLIfwSI14jACa8IW2cdQENFU7iIoDaONIQ/vuKjSPbt1Nl3SbSLX8Yrg0mR2EqpAtYicc8YUeX0F+tQxFMPptE31Ce5gToe1enGGJUjFUv+laajbdaUigNf0nRemni0EZULf/vV+svL5UEvhpdYv5CKaXvZrTr7Qpy3tYjFE1W7MJtSEHD5ghXNRkd9NlAYFhZ8WtPVUND6IzU/Dwzue04eYvv20OX1knp5wMsn4ZAI5TYI1pg==

Received: from SEZPR01MB4374.apcprd01.prod.exchangelabs.com

(2603:1096:101:39::8) by TY1PPFD0984D342.apcprd01.prod.exchangelabs.com

(2603:1096:408::352) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8314.17; Sat, 11 Jan

2025 12:27:15 +0000

Received: from SEZPR01MB4374.apcprd01.prod.exchangelabs.com

([fe80::d4e6:d6ce:5d78:15c9]) by SEZPR01MB4374.apcprd01.prod.exchangelabs.com

([fe80::d4e6:d6ce:5d78:15c9%3]) with mapi id 15.20.8335.014; Sat, 11 Jan 2025

12:27:15 +0000

From: Shivi Saxena

Subject: Re: Get Your News on 400+ Media Outlets, Including CBS and Fox!

Thread-Topic: Get Your News on 400+ Media Outlets, Including CBS and Fox!

Thread-Index: AQHbZCQlZvUXEMyqZEWBXtqDL+0h9g==

Date: Sat, 11 Jan 2025 12:27:14 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: SEZPR01MB4374:EE_|TY1PPFD0984D342:EE_

x-ms-office365-filtering-correlation-id: 4a0c163e-43cf-44a0-db8a-08dd323b4802

x-microsoft-antispam:

BCL:0;ARA:14566002|8062599003|7092599003|8060799006|7071999006|19110799003|461199028|15080799006|15030799003|440099028|3412199025|102099032;

x-microsoft-antispam-message-info:

=?Windows-1252?Q?vcX3Vsi0sfBEjsTn9Ym6pNV+jjqn73upanRFounwyGZk52rB+l09oXHz?=

=?Windows-1252?Q?g2maHzttK4X4yeeoCvGORSe1JHJ/yGqDoxz2bZUfVjq+2XH7vKTPdgif?=

=?Windows-1252?Q?x4d27PWo0vhIrBQ0/wkAMaB9wbiL+4o5pxQyTAVvlR50hKkvVvsw6oq2?=

=?Windows-1252?Q?NaO1jMwYWA5YvNMJLli/1HWRteHllw1Up43+mNiQg1igiyHLZgXiFjyT?=

=?Windows-1252?Q?ZTfgcKk3sRYv8rkaQOOFRQNohMtjhK0QecadW6vU+v9n0VRAK9mPwUoE?=

=?Windows-1252?Q?4TfXZetWkicl4HlnD+/gE/7/oL/Al5zaqpK0XNWuSn49MKFW4kQSNJDh?=

=?Windows-1252?Q?6w2/XOUOKvL6UiXbRJaJfO4IvVUUh6JfEmFORZYgw2hldYJ/HhbpDcY8?=

=?Windows-1252?Q?TTizL+XzchYf2sh2ULKgv8IZfPXpET3jDQXjVNtE5+EIRgzrHeOCPV3Y?=

=?Windows-1252?Q?OHTG1p62ReDL72f3AFT8O/BnI9+0dwE5Cxcw4MaSSEDN6vQWC2KZaXLw?=

=?Windows-1252?Q?Mg2rRB4eZ3JNFWjtvvCxTaEljaMgtNOwd6CIrznKV2uxiL6o9DTc/q63?=

=?Windows-1252?Q?q299CHhxC1RJxLp7glOX4Zd/rfEtuHb2lvpWPz5prYIQEywYw/BheAAd?=

=?Windows-1252?Q?Im0AvLJmuMeWnA6NPWsTHOBgxxAlLC0Zw1bf7goKRCu9sUXyJU8iFkI3?=

=?Windows-1252?Q?92qki7Yg+nG9rwIb32jTlZzErm0dK+rjQf5K4xjTOsj7d63ATTtpitWn?=

=?Windows-1252?Q?0kiKuTQZcyEGBsohFZEgtN9z90w9F92at+x3ElKgH6lPirdYsfl1g+Y+?=

=?Windows-1252?Q?TpW0UbrmbSeu7byjin0plZNCoCM4ycvgFQ8TaZAPM9hpiAHb6UVXXDyo?=

=?Windows-1252?Q?aQwXnYqceZJvBVQ6EoXD7bjgik8r9piwm0c7mCk3XRptBJH3ONFr4lHt?=

=?Windows-1252?Q?suJ2KAFEGbNcjdQF1lszLEPbsthndZkqWDRRIj2H26EwTKMLDBAXWnx+?=

=?Windows-1252?Q?w3A4XX3ZbQom62uP85UfLtSslnG3ocIyck7q5RFRngl1v2BYrdDgWQpD?=

=?Windows-1252?Q?lmijbKV4RQ6Oy1GhceExPsLZfn9K3QS7iMBrbCYdEEMe80KikUA3kLUR?=

=?Windows-1252?Q?q/+wM6OcQg0Z0mctM52gOCz619FWc2aF2f2jU81n7QmbM+MWFiec5mp9?=

=?Windows-1252?Q?r8knicP/MQHhQQ798IemnLbwRRZ5Ca2q?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?bUIxD6+nCt35AXFP73IoLZQ8R8nisWBE+VAdtx5hI4Oa/84Y+BLwLQNx?=

=?Windows-1252?Q?DgDRu55cs4NjD1K+3SwKal4Jopl2N8mcFva07+1krIVvmFPRHOmhTRtO?=

=?Windows-1252?Q?O7/kD/cAhrm+QmU+khcJr2osPU47hGzyT/HSDX7XtGFiAclwC9cmnvlT?=

=?Windows-1252?Q?lKIUueIEgWtq0qvNaoy91mfMYjxr26O+TbYfJX5S5Da5UFpSvUPjBDy1?=

=?Windows-1252?Q?IsV1Do1wTFjVhEm+umoU41d2WQsFplHuK8oLIqM9hWd5dgZa5GIhKUZM?=

=?Windows-1252?Q?+c4DBM6SAuAjFX4/1s7afZKC+CG/T4lqukY68GieAhu7nmAcES4hKMqq?=

=?Windows-1252?Q?bwZgLmMLnrtEfXW5LElWdoGjTX0m34x4VsyaPYXQuzVv+20wRQTA8Jm6?=

=?Windows-1252?Q?R3jnc3K5l5RXe/r6SCy6pdS/A/V+ncP9r5WlLmJoq00lMHX/EU4d/qqz?=

=?Windows-1252?Q?BvmWdZmHCqLmQRBUUENyuxjcvdLImaAco96OFH6I6ayxx1ijm//zJuAn?=

=?Windows-1252?Q?m+7JgNqOHzShALC5RI5ejEEK88pnJ+4FYLiDkzFrwp/RuYV5o3hlIX8g?=

=?Windows-1252?Q?/Y4hkvaTxy/+azu/c3h8UisgVyTNPkVrYQRIFwBwL65Q+gvyj7SUUdw6?=

=?Windows-1252?Q?SlTzYshr62XBwFtOe2AvQ9F5isFrjjtCoK80oRN5gOScCLbUn7fJSOGT?=

=?Windows-1252?Q?j0ZzNwW1Fldv0ATbdgw6exNt6OdUseGnvL7nOegbC6AIrSOlWdQZU0PQ?=

=?Windows-1252?Q?Y5BiUrHVkPqr8Urp6oq74jLSg+Sz7WfUPm5rHLawDo4wS5aFWxMOP1+c?=

=?Windows-1252?Q?iRNT9wcuoCrysD9pvORX3JQv6S1h/y5nGRt/4YE5it4KgKpomyXojhGT?=

=?Windows-1252?Q?dvU3wtIG1j8DQx5qeBhp+Va4keAMYUyo78cCSWYnUl0AK3/elCfvP1/P?=

=?Windows-1252?Q?Tw+24keivM2PaSZmi8mupFrAsm+n0ZtPQAhayHtNjeE433xpuIWVGk+Z?=

=?Windows-1252?Q?MdSA4KYj9j3M6uBr9lu/fiO4tj62yfTDUYeqvkpVS57g5HqXolz0f8o6?=

=?Windows-1252?Q?MLqg9LQFBixCn8twrkkuXa7vsdMh/008p86aWda9nkX9KjaVtzsbYsxs?=

=?Windows-1252?Q?gwOCQN8HAMghRQRlxeWu91hfHcuOYqXS+LkJqb1Fh3WIDIH9WdxJzjN3?=

=?Windows-1252?Q?FBTnOVJsIj5STwtJDHMCBZ5l+rjG/UEy6Ta/GPefVpT06iWjgiTjdmvE?=

=?Windows-1252?Q?2XyqB11CfRxxkZzRbWxGoa2pxuRdt5+vGDtxV71g2aC7qY3RxAlKOqed?=

=?Windows-1252?Q?vTFL9yD6LnnFEXVy9lO9Zi5Yj6dTi7li/HjE1NCAImj9g3mSJoMtKxDk?=

=?Windows-1252?Q?ZrjDFJ3Yjhlg97Pt/q2CqWCZDf/JLFfAt4lnFhp/VPsQicAQpKUo01VT?=

Content-Type: multipart/alternative;

boundary="_000_SEZPR01MB4374047609038AAB91A15E00AE1D2SEZPR01MB4374apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: SEZPR01MB4374.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 4a0c163e-43cf-44a0-db8a-08dd323b4802

X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Jan 2025 12:27:14.8583

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY1PPFD0984D342

X-Spam_score: 7.2

X-Spam_score_int: 72

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi, I sent you an email few days ago regarding Press Release

Distribution Service. Please let me know if you are interested. I look forward

to hearing from you.



Content analysis details: (7.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.64.27 listed in dnsbl.ahbl.org]

[52.103.64.27 listed in dnsbl.ahbl.org]

[52.103.64.27 listed in dnsbl.ahbl.org]

[52.103.64.27 listed in dnsbl.ahbl.org]

[2603:1096:101:39:0:0:0:8 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:39:0:0:0:8 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:39:0:0:0:8 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:39:0:0:0:8 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.64.27 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.64.27 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.64.27 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.64.27 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:101:39:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:39:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:39:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:39:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:39:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:39:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:39:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:39:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[52.103.64.27 listed in will-spam-for-food.eu.org]

[52.103.64.27 listed in will-spam-for-food.eu.org]

[52.103.64.27 listed in will-spam-for-food.eu.org]

[52.103.64.27 listed in will-spam-for-food.eu.org]

[52.103.64.27 listed in will-spam-for-food.eu.org]

[52.103.64.27 listed in will-spam-for-food.eu.org]

[52.103.64.27 listed in will-spam-for-food.eu.org]

[52.103.64.27 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.64.27 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.64.27 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 ARC_SIGNED Message has a ARC signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 ARC_VALID Message has a valid ARC signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

1.2 MISSING_HEADERS Missing To: header

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[mainstreetappsolution(at)outlook.com]

0.0 HTML_MESSAGE BODY: HTML included in message

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

Subject: {SPAM?} Re: Get Your News on 400+ Media Outlets, Including CBS and Fox!



--_000_SEZPR01MB4374047609038AAB91A15E00AE1D2SEZPR01MB4374apcp_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable



Hi,







I sent you an email few days ago regarding Press Release Distribution Servi=

ce. Please let me know if you are interested.







I look forward to hearing from you.







Thanks,



Shivi Saxena







From: Shivi Saxena

Sent: December 10, 2024 3:36 AM

Subject: Re: Get Your News on 400+ Media Outlets, Including CBS and Fox!



Dear,



Take your news to the next level with our Press Release Distribution Servic=

e:



Broad Syndication: Your press release will appear on 400+ media outle=

ts, including CBS, Fox, ABC, CW, and more.

Targeted Reach: We connect you with 850,000+ media contacts across 30=

0,000+ outlets, ensuring your message reaches the right audience.

SEO-Optimized Writing: Our professional writers craft press releases =

tailored to boost visibility on Google, Bing, and other search engines.

Influential Platforms: Your news will reach top journalists, editors,=

and reporters on industry-specific websites and high-traffic platforms.



Whether you=92re sharing updates or announcing events, our service ensures =

your story gets the attention it deserves.



Interested in expanding your reach? Reply with your contact details or Skyp=

e ID, and let=92s start sharing your story!



Best regards,



Shivi Saxena









--_000_SEZPR01MB4374047609038AAB91A15E00AE1D2SEZPR01MB4374apcp_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable








252">








tToProof">


nt-size: 11pt; color: rgb(0, 112, 192);">Hi,




font-family: "Calibri", "sans-serif"; font-size: 11pt; =

color: rgb(0, 112, 192);"> 




font-family: "Calibri", "sans-serif"; font-size: 11pt; =

color: rgb(0, 112, 192);">I sent you an email few days ago regarding Press =

Release Distribution Service. Please let me know if you

are interested.




font-family: "Calibri", "sans-serif"; font-size: 11pt; =

color: rgb(0, 112, 192);"> 




font-family: "Calibri", "sans-serif"; font-size: 11pt; =

color: rgb(0, 112, 192);">I look forward to hearing from you.




font-family: "Calibri", "sans-serif"; font-size: 11pt; =

color: rgb(0, 112, 192);"> 




font-family: "Calibri", "sans-serif"; font-size: 11pt; =

color: rgb(0, 112, 192);">Thanks,




font-family: "Calibri", "sans-serif"; font-size: 11pt; =

color: rgb(0, 112, 192);">Shivi Saxena




font-family: "Times New Roman", "serif"; font-size: 12p=

t; color: black;"> 




font-family: "Times New Roman", "serif"; font-size: 12p=

t; color: black;">From: Shivi Saxena


Sent: December 10, 2024 3:36 AM


Subject: Re: Get Your News on 400+ Media Outlets, Including CBS and Fox!
pan>




-family: "Times New Roman", "serif"; font-size: 12pt; c=

olor: black;"> 

"sans-serif"; font-size: 12pt; color: black;">Dear,




-family: "Calibri", "sans-serif"; font-size: 12pt; colo=

r: black;">Take your news to the next level with our

Press Release Distribution Service:






  • alibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); line-h=

    eight: normal; margin: 0in 0in 0.0001pt;">


    lor: black;">Broad Syndication: Your press release will appear on

    400+ media outlets, including CBS, Fox, ABC, CW, and more.
    pan>

  • ot;; font-size: 11pt; color: black; line-height: normal; margin: 0in 0in 0.=

    0001pt;">

    Targeted Reach: We connect you with=

    850,000+ media contacts across 300,000+ outlets, ensuring your=

    message reaches the right audience.

  • quot;Calibri", "sans-serif"; font-size: 11pt; color: black; =

    line-height: normal; margin: 0in 0in 0.0001pt;">

    SEO-Optimized Writing: Our professi=

    onal writers craft press releases tailored to boost visibility on

    Google, Bing, and other search engines.

  • -family: "Calibri", "sans-serif"; font-size: 11pt; colo=

    r: black; line-height: normal; margin: 0in 0in 0.0001pt;">

    Influential Platforms: Your news wi=

    ll reach top journalists, editors, and reporters on industry-specific websi=

    tes and high-traffic platforms.



-family: "Calibri", "sans-serif"; font-size: 12pt; colo=

r: black;">Whether you=92re sharing updates or announcing events, our servi=

ce ensures your story gets the attention it deserves.




-family: "Calibri", "sans-serif"; font-size: 12pt; colo=

r: black;">Interested in expanding your reach? Reply with your contact deta=

ils or Skype ID, and let=92s start sharing your story!




-family: "Calibri", "sans-serif"; font-size: 12pt; colo=

r: black;">Best regards,




font-family: "Times New Roman", "serif"; font-size: 12p=

t; color: black;">Shivi Saxena




amily: "Calibri", "sans-serif"; font-size: 11pt; color:=

rgb(0, 0, 0);"> 




nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">












--_000_SEZPR01MB4374047609038AAB91A15E00AE1D2SEZPR01MB4374apcp_--

CAA Phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 10 Jan 2025 23:37:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWSJa-000000007py-33As

for dave@doctor.nl2k.ab.ca;

Fri, 10 Jan 2025 20:37:34 -0700

Resent-From: The Doctor

Resent-Date: Fri, 10 Jan 2025 20:37:34 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [103.181.143.232] (port=33711 helo=marca.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1tWRMy-0000000007x-0836

for bin@nl2k.ab.ca;

Fri, 10 Jan 2025 19:37:04 -0700

Date: Fri, 10 Jan 2025 21:21:58 -0500

From: =?UTF-8?B?TWVzc2FnZSBmcm9tIFRoZS1DQUE=?=

Reply-To: =?UTF-8?B?TWVzc2FnZSBmcm9tIFRoZS1DQUE=?=

To: bin@nl2k.ab.ca

Message-ID:

Subject: =?UTF-8?B?V2UgaGF2ZSBhLi5zdXJwcmlzZSBmb3ItVGhlIENBQSBjdXN0b21lcnMu?=

MIME-Version: 1.0

Content-Type: text/html; charset="UTF-8"

List-Id: "0" <4.E5w16Rc4EXkwCf5WzDmz3LPjU5t2GPL3.localhost.bin>

List-Unsubscribe: ,

List-Unsubscribe-Post: List-Unsubscribe=One-Click

Feedback-ID: xpro-9985-1488:xpro-9985:MAILING:inxmailde

X-CSA-Complaints: csa-complaints@ional.co.uk

X-Mailer: Inxmail EE 4.8.48.825

X-Spam_score: 30.3

X-Spam_score_int: 303

X-Spam_bar: ++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview:  CAA You have been chosen!



Content analysis details: (30.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[103.181.143.232 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.181.143.232 listed in dnsbl.ahbl.org]

[103.181.143.232 listed in dnsbl.ahbl.org]

[103.181.143.232 listed in dnsbl.ahbl.org]

[103.181.143.232 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.181.143.232 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.181.143.232 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.181.143.232 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.181.143.232 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.181.143.232 listed in will-spam-for-food.eu.org]

[103.181.143.232 listed in will-spam-for-food.eu.org]

[103.181.143.232 listed in will-spam-for-food.eu.org]

[103.181.143.232 listed in will-spam-for-food.eu.org]

[103.181.143.232 listed in will-spam-for-food.eu.org]

[103.181.143.232 listed in will-spam-for-food.eu.org]

[103.181.143.232 listed in will-spam-for-food.eu.org]

[103.181.143.232 listed in will-spam-for-food.eu.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[103.181.143.232 listed in zen.spamhaus.org]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=marca.com;ip=103.181.143.232;r=doctor.nl2k.ab.ca]

15 GR_DOMAIN_XECODE1 Spammer tool signature (xecode)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

2.5 GOOG_STO_IMG_NOHTML Apparently using google content hosting to avoid

URIBL

Subject: {SPAM?} =?UTF-8?B?V2UgaGF2ZSBhLi5zdXJwcmlzZSBmb3ItVGhlIENBQSBjdXN0b21lcnMu?=

















CAA



























CAA Phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 11 Jan 2025 00:38:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWSJX-000000007pg-0Dyq

for dave@doctor.nl2k.ab.ca;

Fri, 10 Jan 2025 20:37:31 -0700

Resent-From: The Doctor

Resent-Date: Fri, 10 Jan 2025 20:37:31 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [103.186.0.182] (port=46861 helo=ppomppu.co.kr)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1tWRYD-000000001QC-31vG

for doctor@nl2k.ca;

Fri, 10 Jan 2025 19:48:50 -0700

Date: Fri, 10 Jan 2025 21:21:30 -0500

From: =?UTF-8?B?TWVzc2FnZSBmcm9tIFRoZS1DQUE=?=

Reply-To: =?UTF-8?B?TWVzc2FnZSBmcm9tIFRoZS1DQUE=?=

To: doctor@nl2k.ca

Message-ID:

Subject: =?UTF-8?B?V2UgaGF2ZSBhLi5zdXJwcmlzZSBmb3ItVGhlIENBQSBjdXN0b21lcnMu?=

MIME-Version: 1.0

Content-Type: text/html; charset="UTF-8"

List-Id: "0" <4.hgh1OzKe6ZACohElqqs2xTZT1fuZjZyn.localhost.doctor>

List-Unsubscribe: ,

List-Unsubscribe-Post: List-Unsubscribe=One-Click

Feedback-ID: xpro-9985-1488:xpro-9985:MAILING:inxmailde

X-CSA-Complaints: csa-complaints@ional.co.uk

X-Mailer: Inxmail EE 4.8.48.825

X-Spam_score: 34.7

X-Spam_score_int: 347

X-Spam_bar: ++++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview:  CAA You have been chosen!



Content analysis details: (34.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[103.186.0.182 listed in sbl-xbl.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.186.0.182 listed in will-spam-for-food.eu.org]

[103.186.0.182 listed in will-spam-for-food.eu.org]

[103.186.0.182 listed in will-spam-for-food.eu.org]

[103.186.0.182 listed in will-spam-for-food.eu.org]

[103.186.0.182 listed in will-spam-for-food.eu.org]

[103.186.0.182 listed in will-spam-for-food.eu.org]

[103.186.0.182 listed in will-spam-for-food.eu.org]

[103.186.0.182 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.186.0.182 listed in dnsbl.ahbl.org]

[103.186.0.182 listed in dnsbl.ahbl.org]

[103.186.0.182 listed in dnsbl.ahbl.org]

[103.186.0.182 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.186.0.182 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.186.0.182 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.186.0.182 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.186.0.182 listed in dnsbl.ahbl.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[103.186.0.182 listed in zen.spamhaus.org]

3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL

[103.186.0.182 listed in zen.spamhaus.org]

0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)

15 GR_DOMAIN_XECODE1 Spammer tool signature (xecode)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

2.5 GOOG_STO_IMG_NOHTML Apparently using google content hosting to avoid

URIBL

Subject: {SPAM?} =?UTF-8?B?V2UgaGF2ZSBhLi5zdXJwcmlzZSBmb3ItVGhlIENBQSBjdXN0b21lcnMu?=

















CAA



























CAA Phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 10 Jan 2025 20:52:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWSJl-000000007r8-29BC

for dave@doctor.nl2k.ab.ca;

Fri, 10 Jan 2025 20:37:45 -0700

Resent-From: The Doctor

Resent-Date: Fri, 10 Jan 2025 20:37:45 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [103.183.74.170] (port=40085 helo=hurriyet.com.tr)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1tWRN2-0000000008U-2E5Q

for games@nl2k.ab.ca;

Fri, 10 Jan 2025 19:37:08 -0700

Date: Fri, 10 Jan 2025 21:27:00 -0500

From: =?UTF-8?B?TWVzc2FnZSBmcm9tIFRoZS1DQUE=?=

Reply-To: =?UTF-8?B?TWVzc2FnZSBmcm9tIFRoZS1DQUE=?=

To: games@nl2k.ab.ca

Message-ID:

Subject: =?UTF-8?B?V2UgaGF2ZSBhLi5zdXJwcmlzZSBmb3ItVGhlIENBQSBjdXN0b21lcnMu?=

MIME-Version: 1.0

Content-Type: text/html; charset="UTF-8"

List-Id: "0" <4.jcUBHpduFhruXOn06ANDDjgIUpGJHXjV.localhost.games>

List-Unsubscribe: ,

List-Unsubscribe-Post: List-Unsubscribe=One-Click

Feedback-ID: xpro-9985-1488:xpro-9985:MAILING:inxmailde

X-CSA-Complaints: csa-complaints@ional.co.uk

X-Mailer: Inxmail EE 4.8.48.825

X-Spam_score: 30.3

X-Spam_score_int: 303

X-Spam_bar: ++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview:  CAA You have been chosen!



Content analysis details: (30.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[103.183.74.170 listed in sbl-xbl.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.183.74.170 listed in will-spam-for-food.eu.org]

[103.183.74.170 listed in will-spam-for-food.eu.org]

[103.183.74.170 listed in will-spam-for-food.eu.org]

[103.183.74.170 listed in will-spam-for-food.eu.org]

[103.183.74.170 listed in will-spam-for-food.eu.org]

[103.183.74.170 listed in will-spam-for-food.eu.org]

[103.183.74.170 listed in will-spam-for-food.eu.org]

[103.183.74.170 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.183.74.170 listed in dnsbl.ahbl.org]

[103.183.74.170 listed in dnsbl.ahbl.org]

[103.183.74.170 listed in dnsbl.ahbl.org]

[103.183.74.170 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.183.74.170 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.183.74.170 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.183.74.170 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.183.74.170 listed in dnsbl.ahbl.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[103.183.74.170 listed in zen.spamhaus.org]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=hurriyet.com.tr;ip=103.183.74.170;r=doctor.nl2k.ab.ca]

15 GR_DOMAIN_XECODE1 Spammer tool signature (xecode)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.5 GOOG_STO_IMG_NOHTML Apparently using google content hosting to avoid

URIBL

Subject: {SPAM?} =?UTF-8?B?V2UgaGF2ZSBhLi5zdXJwcmlzZSBmb3ItVGhlIENBQSBjdXN0b21lcnMu?=

















CAA



























CAA Phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 10 Jan 2025 20:52:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWSJe-000000007qP-1dqR

for dave@doctor.nl2k.ab.ca;

Fri, 10 Jan 2025 20:37:38 -0700

Resent-From: The Doctor

Resent-Date: Fri, 10 Jan 2025 20:37:38 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [116.193.191.26] (port=60205 helo=detail.tmall.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1tWRbf-000000001o3-3VEd

for sales@nk.ca;

Fri, 10 Jan 2025 19:52:16 -0700

Date: Fri, 10 Jan 2025 21:22:06 -0500

From: =?UTF-8?B?TWVzc2FnZSBmcm9tIFRoZS1DQUE=?=

Reply-To: =?UTF-8?B?TWVzc2FnZSBmcm9tIFRoZS1DQUE=?=

To: sales@nk.ca

Message-ID:

Subject: =?UTF-8?B?V2UgaGF2ZSBhLi5zdXJwcmlzZSBmb3ItVGhlIENBQSBjdXN0b21lcnMu?=

MIME-Version: 1.0

Content-Type: text/html; charset="UTF-8"

List-Id: "0" <4.byRGT4cUHgnt9mZwlpyjOMroQDl5ejaW.localhost.sales>

List-Unsubscribe: ,

List-Unsubscribe-Post: List-Unsubscribe=One-Click

Feedback-ID: xpro-9985-1488:xpro-9985:MAILING:inxmailde

X-CSA-Complaints: csa-complaints@ional.co.uk

X-Mailer: Inxmail EE 4.8.48.825

X-Spam_score: 30.3

X-Spam_score_int: 303

X-Spam_bar: ++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview:  CAA You have been chosen!



Content analysis details: (30.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[116.193.191.26 listed in zen.spamhaus.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[116.193.191.26 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[116.193.191.26 listed in dnsbl.ahbl.org]

[116.193.191.26 listed in dnsbl.ahbl.org]

[116.193.191.26 listed in dnsbl.ahbl.org]

[116.193.191.26 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[116.193.191.26 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[116.193.191.26 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[116.193.191.26 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[116.193.191.26 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

15 GR_DOMAIN_XECODE1 Spammer tool signature (xecode)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.5 GOOG_STO_IMG_NOHTML Apparently using google content hosting to avoid

URIBL

Subject: {SPAM?} =?UTF-8?B?V2UgaGF2ZSBhLi5zdXJwcmlzZSBmb3ItVGhlIENBQSBjdXN0b21lcnMu?=

















CAA



























CAA Phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 10 Jan 2025 20:52:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1tWSJh-000000007qj-3l64

for dave@doctor.nl2k.ab.ca;

Fri, 10 Jan 2025 20:37:41 -0700

Resent-From: The Doctor

Resent-Date: Fri, 10 Jan 2025 20:37:41 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [116.193.191.26] (port=40085 helo=detail.tmall.com)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1tWRVP-0000000016s-1utk

for root@doctor.nl2k.ab.ca;

Fri, 10 Jan 2025 19:45:52 -0700

Date: Fri, 10 Jan 2025 21:22:15 -0500

From: =?UTF-8?B?TWVzc2FnZSBmcm9tIFRoZS1DQUE=?=

Reply-To: =?UTF-8?B?TWVzc2FnZSBmcm9tIFRoZS1DQUE=?=

To: root@doctor.nl2k.ab.ca

Message-ID:

Subject: =?UTF-8?B?V2UgaGF2ZSBhLi5zdXJwcmlzZSBmb3ItVGhlIENBQSBjdXN0b21lcnMu?=

MIME-Version: 1.0

Content-Type: text/html; charset="UTF-8"

List-Id: "0" <4.6lZRwqdfreARfT93Q7NNed5qDwe9F39l.localhost.root>

List-Unsubscribe: ,

List-Unsubscribe-Post: List-Unsubscribe=One-Click

Feedback-ID: xpro-9985-1488:xpro-9985:MAILING:inxmailde

X-CSA-Complaints: csa-complaints@ional.co.uk

X-Mailer: Inxmail EE 4.8.48.825

X-Spam_score: 30.3

X-Spam_score_int: 303

X-Spam_bar: ++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview:  CAA You have been chosen!



Content analysis details: (30.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[116.193.191.26 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[116.193.191.26 listed in dnsbl.ahbl.org]

[116.193.191.26 listed in dnsbl.ahbl.org]

[116.193.191.26 listed in dnsbl.ahbl.org]

[116.193.191.26 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[116.193.191.26 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[116.193.191.26 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[116.193.191.26 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[116.193.191.26 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

[116.193.191.26 listed in will-spam-for-food.eu.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[116.193.191.26 listed in zen.spamhaus.org]

15 GR_DOMAIN_XECODE1 Spammer tool signature (xecode)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.5 GOOG_STO_IMG_NOHTML Apparently using google content hosting to avoid

URIBL

Subject: {SPAM?} =?UTF-8?B?V2UgaGF2ZSBhLi5zdXJwcmlzZSBmb3ItVGhlIENBQSBjdXN0b21lcnMu?=

















CAA