Sam's Club Phish
Posted by Dave Yadallee onX-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 01 Feb 2025 15:22:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1teLrP-00000000C0z-0i0G
for dave@doctor.nl2k.ab.ca;
Sat, 01 Feb 2025 15:21:07 -0700
Resent-From: The Doctor
Resent-Date: Sat, 1 Feb 2025 15:21:07 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [185.75.241.131] (port=42015 helo=betliusder.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1teLOT-000000004KC-0BAn
for sales@netknow.ca;
Sat, 01 Feb 2025 14:51:31 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=netknow.ca;
h=MIME-Version:To:From:Subject:Content-Type:Content-Transfer-Encoding; i=sales@netknow.ca;
bh=y1oO98/Rj+dxbCwdWWIcDEMU4xY=;
b=iQ1T6m82Np60Vqpq8HPoMPaUjEfmJDczve2/BvxVpidQyfOlkGKtkxhy+WoPBNWiuRXZgH9loNtL
dFCIpcbllu5wsayT3P8joibXjbOOTS8v1ElTO2stWNIo/QUv3L1ZtMXYXJKTkdXLwcAw5m5H3AP2
/Ok2lP0l9w7+zWZjGso=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=netknow.ca;
b=NjI4pcqKBxVXhqY1bc0g97KjYGjgt9O7yb9/eoXEXtNAdHxwTls89jh4xYk5XaAedim3QG4vq9ly
A23fA267ttn/7tdJIzS5Z9JPBV6uatxeHKtDuP9OeaaI/zZzAh63bmxe3/08R+faCNqnV5mLjcmD
OshicR5nDR/WAFECl+4=;
MIME-Version: 1.0
To: sales@netknow.ca
From: Sam's Club
Subject: Your Sam's Club Membership has Expired
Content-Type: text/html
Content-Transfer-Encoding: base64
X-Spam_score: 15.3
X-Spam_score_int: 153
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Congrats sales! If you no longer wish to receive these emails,
you may unsubscribe by clicking Here or by writing to 115 E 23rd St New York,
NY, US 10010
Content analysis details: (15.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.4 MISSING_DATE Missing Date: header
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[185.75.241.131 listed in will-spam-for-food.eu.org]
[185.75.241.131 listed in will-spam-for-food.eu.org]
[185.75.241.131 listed in will-spam-for-food.eu.org]
[185.75.241.131 listed in will-spam-for-food.eu.org]
[185.75.241.131 listed in will-spam-for-food.eu.org]
[185.75.241.131 listed in will-spam-for-food.eu.org]
[185.75.241.131 listed in will-spam-for-food.eu.org]
[185.75.241.131 listed in will-spam-for-food.eu.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[185.75.241.131 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[185.75.241.131 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[185.75.241.131 listed in sa-accredit.habeas.com]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[185.75.241.131 listed in dnsbl.ahbl.org]
[185.75.241.131 listed in dnsbl.ahbl.org]
[185.75.241.131 listed in dnsbl.ahbl.org]
[185.75.241.131 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[185.75.241.131 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[185.75.241.131 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[185.75.241.131 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[185.75.241.131 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[185.75.241.131 listed in sa-trusted.bondedsender.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URI: wee.so]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length
greater than 79 characters
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding
0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
0.0 FSL_BULK_SIG Bulk signature with no Unsubscribe
Subject: {SPAM?} Your Sam's Club Membership has Expired
Cgo8aHRtbD48c3R5bGU+MTAwNzYtMzI3PC9zdHlsZT4KPGJvZHk+CjxjZW50ZXI+Cgo8YSBocmVmPSJodHRwczovL3dlZS5zby9vM3VkciI+PGNlbnRlcj48aDIgc3R5bGU9ImNvbG9yOmJsYWNrIj5Db25ncmF0cyBzYWxlcyE8L2gyPjwvY2VudGVyPgo8aW1nIGJvcmRlcj0iMCIgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvR09CSl9TU1dNQUV3dWJTP2Zvcm1hdD1wbmcmbmFtZT05MDB4OTAwIj48L2E+Cjxicj4KPGJyPgoKPGZvbnQgc2l6ZT0iMiI+Cjxicj5JZiB5b3Ugbm8gbG9uZ2VyIHdpc2ggdG8gcmVjZWl2ZSB0aGVzZSBlbWFpbHMsIHlvdSBtYXkgdW5zdWJzY3JpYmUgYnkgY2xpY2tpbmcgCjxhIGhyZWY9Imh0dHBzOi8vd2VlLnNvL3VjMDd2IiBzdHlsZT0iY29sb3I6IzAwMDBmZiI+PHU+SGVyZSA8L3U+PC9hPiBvciBieSB3cml0aW5nIHRvIDExNSBFIDIzcmQgU3QgTmV3IFlvcmssIE5ZLCBVUyAxMDAxMAo8L2ZvbnQ+Cgo8L2NlbnRlcj4KPC9ib2R5Pgo8L2h0bWw+Cgo=