nigerian spam from Google Gmail
Posted by Dave Yadallee onX-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 03 Feb 2025 03:37:00 -0700
Received: from mail-yb1-f169.google.com ([209.85.219.169]:50340)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from
id 1tetoo-000000001Ax-3VYi
for dave@doctor.nl2k.ab.ca;
Mon, 03 Feb 2025 03:36:46 -0700
Received: by mail-yb1-f169.google.com with SMTP id 3f1490d57ef6-e3c8ae3a3b2so3933243276.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1738578882; x=1739183682; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=ZGObwPm5qHjFZR6U0bAAphZ4eIjEzP9A2zgGF5nnp+E=;
b=L1qz2AGjc3nWeoLnhaiGu/e3ym4o0XR0tEu0PkXjHlWAb57p0syt35W/tUV2zOyEj3
NhE60YH//1mak4JpKn8f4HNkZe9JoEENzEF0Lg/T2vxKogzzIRntDgJNs/05IDSsNcMl
w1HB3L2mkeVcnBTOl930/wyAmg6d+qg6J8ZJoqzu8RYRTthxjIscnnMRsB6FLoaLwGOX
MO8KobB74/lcn6OZIiFjbEhq6CGBKYrTJqE/vSknNHnWDxGrVdc6kMFms6+ya4wZ+QOG
S/8vzp61tU9vVQ/lxUX3EFvt+zGE4b0UESElVdnpJLjdnDg0jsMysHWzzfrbZ0HVzlET
yXZg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1738578882; x=1739183682;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=ZGObwPm5qHjFZR6U0bAAphZ4eIjEzP9A2zgGF5nnp+E=;
b=krClsHH+8VAuSGIAcXKyJOD1eWXRnsTPo0pBorkdozGYP3BVB680CELbrjWzhF+9qg
fsr93/Z2g3hFUqKQKXE7EbKKJN0wCCrQM2v2UXfRvKG3lrhK0i2OLetlGqDlQpMGshId
Hw7pqs7vHjAR+MbeEFHekeCRRUfuWZgItArQ2Yda8tWlf6Yqeh7hHgIJt9dXK1cXCcPz
GoBeB9Y+bGK8CXMt2L9t5w7AsixKIrNvB4GKSuY++ZNEuwWHwIiep9uP7VAV8+Ksx+Uo
WFMGRJe/fSF0uGzC0IEcAeZJKcTWND3999nk9hAC0gmR8EyaZVZewGZUTXUPbK3CjJ2g
0afg==
X-Forwarded-Encrypted: i=1; AJvYcCXSB2nyZuByPUxZO7tWDy1DcyhvuecRdCE9gr2R9RsVAmaMCq+guH/jY5X1PD2n5AUFjSvn@doctor.nl2k.ab.ca
X-Gm-Message-State: AOJu0YxPKDzJn61IA9rh7LODLj9MsYvi+Lq6nE10OTxk6Vo4xULNI1fh
IjL83wOhGKjITYzyBZSEY6CjxcQRv8FCXX4uKY0VWJb9/yq9oT7zxyqkWDE4ghjsKtuOGoSewto
hqR8WVJRV87ZHDTQVsa3+RZvizz0=
X-Gm-Gg: ASbGncuV0C7c1T1l/4SXNpksncjaZx4ouljZD7+dcZVg+m1NVo8ZsWEouN3hdp08cRS
U0wMWJMG0gOU0cmfqzNC5pb3zbU6/pGk4Icq9GhKgytyXvsPrkM4QGMZGSiy/eu5UybnsACF67i
o=
X-Google-Smtp-Source: AGHT+IE6gMRCda6tRVYzhZQqXQkdniSjsKIPC81XPlkMRtiJWfs2MyUkhRZ/0n3QUsTm0X5SDL1KdJ5weHLNWoDkuWA=
X-Received: by 2002:a05:6902:1029:b0:e57:2a07:a975 with SMTP id
3f1490d57ef6-e58a4b33e0emr15572172276.29.1738578881739; Mon, 03 Feb 2025
02:34:41 -0800 (PST)
MIME-Version: 1.0
Reply-To: mrsaishagaddafi76@hotmail.com
From: Mrs Aisha Gaddaf
Date: Mon, 3 Feb 2025 22:33:16 -0800
X-Gm-Features: AWEUYZl4pSLdxuRYim2yXgmdiFyazA-t48wGmatSDUyVeNthefKOgQUhKulnS2Q
Message-ID:
Subject: Investment
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000a90b17062d3a7085"
Bcc: dave@doctor.nl2k.ab.ca
X-Spam_score: 26.4
X-Spam_score_int: 264
X-Spam_bar: ++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: My name is Aisha Gaddafi, a single Mother and a Widow withthreeChildren.
I am the only biological Daughter of the late LibyanPresident Late Colonel
Muammar Gaddafi.I have an investment fund worthTwent [...]
Content analysis details: (26.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.219.169 listed in will-spam-for-food.eu.org]
[209.85.219.169 listed in will-spam-for-food.eu.org]
[209.85.219.169 listed in will-spam-for-food.eu.org]
[209.85.219.169 listed in will-spam-for-food.eu.org]
[209.85.219.169 listed in will-spam-for-food.eu.org]
[209.85.219.169 listed in will-spam-for-food.eu.org]
[209.85.219.169 listed in will-spam-for-food.eu.org]
[209.85.219.169 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.219.169 listed in dnsbl.ahbl.org]
[209.85.219.169 listed in dnsbl.ahbl.org]
[209.85.219.169 listed in dnsbl.ahbl.org]
[209.85.219.169 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.219.169 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.219.169 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.219.169 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.219.169 listed in dnsbl.ahbl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.169 listed in list.dnswl.org]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.169 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[aias02261(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[mrsaishagaddafi76(at)hotmail.com]
2.5 DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[aias02261(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
2.5 MILLION_USD BODY: Talks about millions of dollars
2.7 HK_SCAM_N1 BODY: No description available.
1.2 MILLION_HUNDRED BODY: Million "One to Nine" Hundred
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
1.5 HK_NAME_FM_MR_MRS No description available.
0.8 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.9 UNDISC_FREEM Undisclosed recipients + freemail reply-to
2.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Investment
--000000000000a90b17062d3a7085
Content-Type: text/plain; charset="UTF-8"
My name is Aisha Gaddafi, a single Mother and a Widow withthreeChildren. I
am the only biological Daughter of the late LibyanPresident Late Colonel
Muammar Gaddafi.I have an investment fund worthTwenty-Seven Million Five
HundredThousand United States Dollar$27,500,000.00 which I want to entrust
to you for investment project assistance in your
mrsaishagaddafi76@hotmail.com
Best Regards
Mrs Aisha Gaddaf
--000000000000a90b17062d3a7085
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
My name is Aisha Gaddafi, a single Mother and a Widow =
withthreeChildren. I am the only biological Daughter of the late LibyanPres=
ident Late Colonel Muammar Gaddafi.I have an investment fund worthTwenty-Se=
ven Million Five HundredThousand United States Dollar$27,500,000.00 =C2=A0w=
hich I want to entrust to you for investment project assistance in your
=
mrsaishagaddafi76@=
hotmail.com
Best Regards
Mrs Aisha Gaddaf
iv>
--000000000000a90b17062d3a7085--
WEb/SEo/App spam from Microsoft Outlook
Posted by Dave Yadallee onX-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 03 Feb 2025 13:46:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tf3KJ-00000000Lze-3Fwo
for dave@doctor.nl2k.ab.ca;
Mon, 03 Feb 2025 13:45:51 -0700
Resent-From: The Doctor
Resent-Date: Mon, 3 Feb 2025 13:45:51 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-tyzapc01olkn2035.outbound.protection.outlook.com ([40.92.107.35]:5368 helo=APC01-TYZ-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from
id 1tf09r-000000002oU-2gx3
for doctor@netknow.ca;
Mon, 03 Feb 2025 10:22:56 -0700
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
b=OxQAdJSBEQtd7ntlgYog2pFXqdeVhFsReQerDYtW6iggp3HLi4LPtczux9/FdU5Dz7OChl1rkUD2nJ0mOroS+sD7OJpay81KgOgj4b0Z0e242La4WW0kZawx41hEPlKgoo8z5WvLtSdDhaiFZxE4vS8Zbgb839OfhdrEMZ2ODMPvYzTAxVopoTW6aTUth8p+lwksnCsZJw8CypzZZNeMs5Jdwm2h115iznxmqvRDzfTH9VD/iMvi2XLc9mhxFVwtCflq5c3QqXqva1npqAhykRw3ElgWiJZXhboetJLrhAog83qR5RHWpqMveTjfquCRxG6pRhRrbFywImXEhR6WSA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector10001;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=pMOOBYv9ACDMjMUsCUZj76PRJGyZCXuzVF2BF7fhdN0=;
b=m+KNuSa29CFUiTT0OKliZ5LqD+IOAky7vFZb6DtuoNFtYA0xBKdzJULMpPTL7SAm5miQXtP1IwJPgcdRvYAuG/uz1bci73i0oiGCvc3ppar2yhX8/Nlm93Lq9uRaGVBSYbSkOQ4RJ4gR1IVUHficaVVfN8HDil6rmlr/YeWRbH80Idi70aWIaeSSC4hsoiHxpQwMGsdgL7hxkQupWyxm6Jg2VsjGXN0C4DCPB8kbDzGi/8tN4ttZhVvyrg3oQHH3Q6GdxKjHG2/BefacadnFHAsHfWwypxHVeKEgIzHwGymHiZpiC8UgKH2GIeIe8jTz/tomTEHd4aXhayEjifI/Iw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;
dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=pMOOBYv9ACDMjMUsCUZj76PRJGyZCXuzVF2BF7fhdN0=;
b=DjIHDoNh8AGD9gDPwscGg5ay9h5X8ar7Omr32z7bIyFQMXnVkoaHdqRiMtBuPSK60wFlwK73Jm+XBbi0/CyO3OXY1Bxzyj7PqtXi9wqj2Txs41N1ooT7XpWJ6vbToSxEV7DZve1H2qqJCMxh9e6DiBmOH5qUAFskvDZYKFR27xzROBQ+GpRcy9Ef0RnsiiiR74NJX2koB/DQTKKjr3JjNcDRlZUuMfKYgWzOj+fjlMrZjTQAOfY+df/evo8AaFN0hXCuu3n6xM13Jb6tz8pVtcebj69nmmc6I18qRItBT/qyNPWvtIBI0p2khScZIyO4shA/rFbWcpMsWxqxf9laUA==
Received: from PUZPR04MB5372.apcprd04.prod.outlook.com (2603:1096:301:bf::12)
by SEZPR04MB5675.apcprd04.prod.outlook.com (2603:1096:101:44::11) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8398.24; Mon, 3 Feb
2025 17:19:58 +0000
Received: from PUZPR04MB5372.apcprd04.prod.outlook.com
([fe80::e7f5:7ea5:9f0d:eb83]) by PUZPR04MB5372.apcprd04.prod.outlook.com
([fe80::e7f5:7ea5:9f0d:eb83%5]) with mapi id 15.20.8398.025; Mon, 3 Feb 2025
17:19:58 +0000
From: Chhavi Singh
Subject: Mobile App Development..!
Thread-Topic: Mobile App Development..!
Thread-Index: Adt2X3ZcpC3Sp3R9QR2DGURqvAI8Kw==
Date: Mon, 3 Feb 2025 17:19:57 +0000
Message-ID:
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PUZPR04MB5372:EE_|SEZPR04MB5675:EE_
x-ms-office365-filtering-correlation-id: ea8eb579-256d-4e8f-06f3-08dd4476fba6
x-microsoft-antispam:
BCL:0;ARA:14566002|15080799006|8062599003|8060799006|461199028|12300799018|19110799003|3412199025|440099028|12091999003|102099032|56899033;
x-microsoft-antispam-message-info:
=?us-ascii?Q?EyaCuHd+4cmDLDr64iJlInKmfWWoEMLquu7OSb37hV9Nif4iSAR4jCFb/6dF?=
=?us-ascii?Q?yoBJKJps8sJ3ixX+w5B45TxiHH8NYh+Hunc5I/lzB9PnY30tbZPx0F/p/D0Z?=
=?us-ascii?Q?FMlcCWXCxHeEuTBI1+pwfMXWp8njS0GOrCkNXw3pCYb+S213pRM65hNezaS0?=
=?us-ascii?Q?1Wn0x6l115Sr3xCZO7Z4AlXbHtiWWUsj+8M7ez1JqJPfXvb6nL9NC7o06Eoh?=
=?us-ascii?Q?e/fYppX09Iv3LMx+4sXNcA3UolhdEKKeeNSwxlYAsAci5Je4HQ8ZqoJkc4e9?=
=?us-ascii?Q?2Eh+dGynvTElhP8FzmdRBLDJWd34A3J7mvIPVWLbz/KSrj9dhbakjim3Lp0a?=
=?us-ascii?Q?y9DMy4waYrGgX7RerY8cuFZd9N2mzFEYW9q/2iX/Ypn2DvPWK7D36HCe50Ls?=
=?us-ascii?Q?u2Nv8bHnWwrinCxZHZDNii2BXWu97O4iS741zf82AbldlawmZJMaou/9t5HL?=
=?us-ascii?Q?HL+Fag0HuTQcCQzaqMc732s3E14DtNtrqgylwbQBLH/8n/hR0tS8b33EB666?=
=?us-ascii?Q?x+KJ6pBodckyyRzBIWJufQQvWwjrUJ2cxZme/6+oKZ6XDygNgcs0TrHkfBM2?=
=?us-ascii?Q?h0dX4UTqYNEsk6g/2fhXswnGdhdyWIETYxxk96fDMsyJvaGdCtFuJTjySIcz?=
=?us-ascii?Q?4sZWuxlBZyL5Z5yTEucGvxibLzi7C081YUxPSWRO2naNU2P6xwPHlhnni7Nj?=
=?us-ascii?Q?FJPUI87VL4uwbQS/a5whZiSUyGs8dCKggXZzEW2FlCxr7qmr729Ys456ipC3?=
=?us-ascii?Q?HF/8NgIokSLuTmyhB79hYJjzHZKQ+/eeEkS1KAh001B5987XSXC0qYVTDAJw?=
=?us-ascii?Q?yEqfgl9kKOJ2FlaDw/qYT/aGa0TWx9r1VYwyIVHjVyz6SvRIR0hp1Xp4kSZc?=
=?us-ascii?Q?klssaOJ/A15amNh8z57SgLvFnQFKBaqUyu4dPVWfa/wtAlpEabRlG3iGPppz?=
=?us-ascii?Q?yY2yarr/Omwf3XA22ivHgCf+pre81e48x4GWSKTNxY7eAFUvKIKxuoryEcC5?=
=?us-ascii?Q?buLHcrlSKaSGsNgxsmPZa//jJwxyjBaPOxAb03K2h7TLm8W1NndSj0ru2ieL?=
=?us-ascii?Q?9eQCrdAF34g/r0VJIW8286tiqFDdRE76vLLZneOK1XZDmp2b82M=3D?=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0:
=?us-ascii?Q?o2UZOA3veeRa5G8gcV5p0ZqI9U7lSyuTuPT4FZ5g323gCINRLUfeERq38y2Y?=
=?us-ascii?Q?s8QMhA+JtamEvaMQpvftFGbgdeFKtQJT9U+IjN1MdZeb+mvXDHzznFgtJJXt?=
=?us-ascii?Q?e2SV7iyKqGmAX34sFJPS50BOgadlzMNDNjhAO/JNZ+WouoLfMvdD0Ko7oBPb?=
=?us-ascii?Q?pky+g40Y773A74regdfO1XlSC97eHz34kXgxCKK0T9FqnMNxjlA9mrs4CjQO?=
=?us-ascii?Q?mTexHE2lkyXgguiZbAP+fGXABrIy/kYPgPL4t/kCnR3bkRFit15e3a9zRojc?=
=?us-ascii?Q?WnxLjqo0XdnkP8ZVIPHF0yN/gUCA+5jGTCQZ8f3vDDEdXmHaYUfg4DkzF58V?=
=?us-ascii?Q?S4mlyBqwFpvy1SQyxhJZX7/E2T6RYwrU8ytexUXYLTOkucV1IkFX931YP2ay?=
=?us-ascii?Q?BhHbN7lTWMR0C1wXQoOi+fc0I78E1dbI2d7P1UnyB13vJf+Ko1KejOQU8g0r?=
=?us-ascii?Q?iNFKPqPcfuD8JxtukL3XB0r/IbsDA30iufJDyOgQrdj4S1cfaPOBkJ6nLZcX?=
=?us-ascii?Q?tQZEV0NHK+j3TSovY7acD7t4PokDD5TpLqEdG7KCVc24Fl8gL4b8rBWPTVdv?=
=?us-ascii?Q?Dzppke/+ngN7vI7iOcdNEaoZ4SKQuYeW843HlcHa7BdwR7pViQ/dNWeQKR8q?=
=?us-ascii?Q?4B7aub/VN9nHuyLMaaZ0k7umdPhmq4oQ92mLEO3TekuAB6vdPZLzKAtMeVB8?=
=?us-ascii?Q?5VH4opuWqewAyJq1U/L992NpTjG/elUhQ5oCfZh5793Liwq9ci0vqsvBdsyG?=
=?us-ascii?Q?feLwb8kwFmNoOraifE0GvBv4GioZQ1h2oFC64HggLTod3Avg3INQT4zDXl71?=
=?us-ascii?Q?6VLMAtQnQ5WbfVIyyiG62C7ZZZ5ufND4ccRGdqvtZR2X7KfMLWRFB8G+hVI+?=
=?us-ascii?Q?cT4TE64timQdOlWjPgzI2aYTlAINffW+N5lYFUBm9C6s95cH3n+U+e998p3O?=
=?us-ascii?Q?ALl22afhPo2NMY+q24x/suCNHU3D73aWd7B8JKDv7rglhv91EqCePeDM0TTB?=
=?us-ascii?Q?367P1YDI22bBFThekWeoUJBuRjDYq//4qUvbp0K2cCUkJeg9NAPa6Mguc8O5?=
=?us-ascii?Q?kr9f/SSvdEkE2AStYNLjSHYzgKp9R/3l6ckQFBkLgCVIGPD0XI1AsWH7eya6?=
=?us-ascii?Q?yu4NWBosMrM4Uu6kUKvzx8JmGpzmrvupmQb7l4Qu1y9QY1UeheQj9znmAbyK?=
=?us-ascii?Q?P0d5dZ+D1uSuFSj/0zRbKRsfBdWfoxnAab3CIp0xKtVvjGLkOKiucEeIJpX0?=
=?us-ascii?Q?xiHWMmMiMvqiziB4zb00?=
Content-Type: multipart/alternative;
boundary="_000_PUZPR04MB5372CA189CAA7858FC3DF1CAADF52PUZPR04MB5372apcp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7719-19-msonline-outlook-4bae0.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PUZPR04MB5372.apcprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: ea8eb579-256d-4e8f-06f3-08dd4476fba6
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Feb 2025 17:19:57.4821
(UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEZPR04MB5675
X-Spam_score: 7.4
X-Spam_score_int: 74
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, Hope you are doing great. Are you considering developing
a mobile app for your business? Our team of experienced developers specializes
in creating custom mobile applications across various sec [...]
Content analysis details: (7.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[2603:1096:301:bf:0:0:0:12 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[will-spam-for-food.eu.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[will-spam-for-food.eu.org]
[40.92.107.35 listed in will-spam-for-food.eu.org]
[40.92.107.35 listed in will-spam-for-food.eu.org]
[40.92.107.35 listed in will-spam-for-food.eu.org]
[40.92.107.35 listed in will-spam-for-food.eu.org]
[40.92.107.35 listed in will-spam-for-food.eu.org]
[40.92.107.35 listed in will-spam-for-food.eu.org]
[40.92.107.35 listed in will-spam-for-food.eu.org]
[40.92.107.35 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[40.92.107.35 listed in dnsbl.ahbl.org]
[40.92.107.35 listed in dnsbl.ahbl.org]
[40.92.107.35 listed in dnsbl.ahbl.org]
[40.92.107.35 listed in dnsbl.ahbl.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[dnsbl.ahbl.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[dnsbl.ahbl.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[dnsbl.ahbl.org]
[2603:1096:301:bf:0:0:0:12 listed in]
[dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[40.92.107.35 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[40.92.107.35 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[40.92.107.35 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[40.92.107.35 listed in dnsbl.ahbl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.0 ARC_SIGNED Message has a ARC signature
0.0 ARC_VALID Message has a valid ARC signature
1.2 MISSING_HEADERS Missing To: header
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[chhavisinghseoservice(at)hotmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
1.4 MALFORMED_FREEMAIL Bad headers on message from free email service
Subject: {SPAM?} Mobile App Development..!
--_000_PUZPR04MB5372CA189CAA7858FC3DF1CAADF52PUZPR04MB5372apcp_
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Hello,
Hope you are doing great.
Are you considering developing a mobile app for your business? Our team of =
experienced developers specializes in creating custom mobile applications a=
cross various sectors, including:
Taxi App
Food App
Fitness App
Dating App
Music App
Travel App
Business App
Educational App
Web App
Hybrid App & etc.
If you are interested, then I can send you our past work details, company i=
nformation and an affordable quotation with the best offer.
Thanks & regards,
Chhavi
--_000_PUZPR04MB5372CA189CAA7858FC3DF1CAADF52PUZPR04MB5372apcp_
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
>
Hope you are doing great.
Are you considering developing a mobile app for your business? Our team of =
experienced developers specializes in creating custom mobile applications a=
cross various sectors, including:
• T=
axi App
• Food App
• Fitness App
• Dating App
• Music App
• Travel App
• Business App
• Educational App
• Web App
• Hybrid App & etc.
If you are interested, then I can send you our past work details, company i=
nformation and an affordable quotation with the best offer.
Thanks & regards,
Chhavi
--_000_PUZPR04MB5372CA189CAA7858FC3DF1CAADF52PUZPR04MB5372apcp_--
DHL Phish
Posted by Dave Yadallee onX-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 03 Feb 2025 06:47:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tewmW-00000000A3d-1slR
for dave@doctor.nl2k.ab.ca;
Mon, 03 Feb 2025 06:46:32 -0700
Resent-From: The Doctor
Resent-Date: Mon, 3 Feb 2025 06:46:32 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from wartam.com ([107.173.122.165]:58418)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from
id 1tewQv-00000000964-0Zel
for root@nk.ca;
Mon, 03 Feb 2025 06:24:18 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wartam.com; s=202500;
t=1738589046; bh=HxuJD7YoEFBM5aXmFDED6/RlaXR5KL2zUbXLP0TihJc=;
h=From:To:Subject:Date:From;
b=Jmj1FsQWIHc/HA8XgoKlRPuuLig7LSP0++1LH/j+9PNhfeatGCtwKrrDjfYwrycBq
x9rDPFfOxJyvQ8K0q3ZzZ0LNSodOguy1gU0BpjOq9XaTcj6qzxijP7MO5KtmfHNmmk
PGOSBaRVaAWl4eP0e2XTzcqa1QeojFyD1m9QeqocUJUNXRXX/G5WkACuVm04E+5LHZ
5/wWfP8KfYpGrmriX8g1xmPegKmhvwzrfWZ0Jimn3tC8/QHLa8+25BzvoaIjCwgX5L
YYePQ23pDR6fvscRJOucDbb6TiTm9jO213sA94W5ZE8iDLuAQ7CSLvKahid3GgkO7R
4juF+Ug8QayAA==
Received: from [176.65.139.60] (unknown [176.65.139.60])
by wartam.com (Postfix) with ESMTPSA id 78E531CF525
for
From: " DHL "
To: root@nk.ca
Subject: Shipping Notification: Track your package with DHL
Date: 3 Feb 2025 05:24:03 -0800
Message-ID: <20250203052402.447B395AE6967472@wartam.com>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 24.7
X-Spam_score_int: 247
X-Spam_bar: ++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: INCOMING SHIPMENT NOTIFICATION Hello root
Content analysis details: (24.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[107.173.122.165 listed in dnsbl.ahbl.org]
[107.173.122.165 listed in dnsbl.ahbl.org]
[107.173.122.165 listed in dnsbl.ahbl.org]
[107.173.122.165 listed in dnsbl.ahbl.org]
[176.65.139.60 listed in dnsbl.ahbl.org]
[176.65.139.60 listed in dnsbl.ahbl.org]
[176.65.139.60 listed in dnsbl.ahbl.org]
[176.65.139.60 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[107.173.122.165 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[107.173.122.165 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[107.173.122.165 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[107.173.122.165 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[107.173.122.165 listed in sbl-xbl.spamhaus.org]
[176.65.139.60 listed in sbl-xbl.spamhaus.org]
[176.65.139.60 listed in sbl-xbl.spamhaus.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[107.173.122.165 listed in zen.spamhaus.org]
0.1 URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS
blocklist
[URI: wartam.com/107.173.122.165]
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[176.65.139.60 listed in zen.spamhaus.org]
2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist
[URI: wartam.com]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: wartam.com]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: wartam.com]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: wartam.com/107.173.122.165]
[URI: ipfs.io/209.94.90.1]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FROMSPACE Idiosyncratic "From" header format
0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HTML_MESSAGE BODY: HTML included in message
0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 T_MXG_EMAIL_FRAG BODY: URI with email in fragment
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 URI_IPFSIO References Interplanetary File System PtP content via
ipfs.io, likely phishing
1.5 GB_CUSTOM_HTM_URI Custom html uri
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
0.0 URI_GOOGLE_PROXY Accessing a blacklisted URI or obscuring source of
phish via Google proxy?
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
0.0 URI_IPFS References Interplanetary File System PtP content, probable
phishing
Subject: {SPAM?} Shipping Notification: Track your package with DHL
order-image: none;" alt=3D"On Demand Delivery" src=3D"https://ci5.googleuse=
rcontent.com/proxy/5ehwsj614AMDg_JrsSCmH8EYnk3FtDiHL7Q2qkwuGLTgkX3N1CcQCRJE=
M0l4kqVrpO_37uZF6rYLHEasRE5MYUsONgANTInr1w=3Ds0-d-e1-ft#https://del.dhl.com=
/img/email_assets/images/header.jpg">
r: rgb(0, 0, 0); text-transform: none; letter-spacing: normal; font-family:=
"Times New Roman"; font-size: 13px; font-style: normal; word-spacing: 0px;=
vertical-align: bottom; white-space: normal; border-collapse: collapse; ba=
ckground-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-va=
riant-caps: normal; text-decoration-style: initial; text-decoration-color: =
initial; text-decoration-thickness: initial;'=20
border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
ft" style=3D"padding: 10px 25px 40px; font-size: 0px; border-collapse: coll=
apse;">
1; font-family: "Helvetica Neue", Arial, sans-serif; font-size: 22px;'>INC=
OMING SHIPMENT NOTIFICATION
padding: 10px 25px 0px; font-size: 0px; border-collapse: collapse;">
font-family: "Helvetica Neue", Arial, sans-serif; font-size: 16px;'> &=
nbsp;
>
er-collapse: collapse;">
=3D"line-height: 0px; border-collapse: separate;" border=3D"0" cellspacing=
=3D"0" cellpadding=3D"0">
" valign=3D"left" style=3D"padding: 15px 25px; border-radius: 3px; border: =
currentColor; border-image: none; color: rgb(255, 255, 255); border-collaps=
e: collapse; cursor: auto;" bgcolor=3D"#d90000">
55); text-transform: none; line-height: 18px; font-family: "Helvetica Neue"=
, Arial, sans-serif; font-size: 15px; font-weight: normal; text-decoration:=
none; display: block;'>
ion: none;" href=3D"https://ipfs.io/ipfs/bafkreih6kdzajhcbb5lh3lc2bkrayyrpk=
uaznj32lqafreemcvixaqgady?filename=3Dorseac.html#root@nk.ca">TRACK MY SHIPM=
ENT NOW
pse: collapse;">
e-height: 0px; font-family: "Helvetica Neue", Arial, sans-serif; font-size:=
16px;'>Thank you for using DHL On-Demand Delivery.
align=3D"center" style=3D"padding: 10px 25px; font-size: 0px; border-collap=
se: collapse;">
5px; font-size: 0px; border-collapse: collapse;">
t-family: "Helvetica Neue", Arial, sans-serif; font-size: 18px;'>Sincerely,=
DHL Parcel team
x;">
>
nk" rel=3D"noreferrer">
c=3D"https://clientesparcel.dhl.es/RecursosMailSP/ig_icon.png" width=3D"80"=
height=3D"80">
valign=3D"middle" style=3D"width: 16%;">
m/dhlparcelespana/" target=3D"_blank" rel=3D"noreferrer">
height: 100%; max-width: 100%;" src=3D"https://clientesparcel.dhl.es/Recurs=
osMailSP/fb_icon.png" width=3D"80" height=3D"80"> =
=3D"width: 16%;">
=3D"_blank" rel=3D"noreferrer">
00%;" src=3D"https://clientesparcel.dhl.es/RecursosMailSP/ln_icon.png" widt=
h=3D"80" height=3D"80"> =
td>
https://youtube.com/c/DHLParcelIberia" target=3D"_blank" rel=3D"noreferrer"=
>
rcel.dhl.es/RecursosMailSP/yt_icon.png" width=3D"80" height=3D"80"> =
e" style=3D"width: 16%;">
d40511" size=3D"5">dhlparcel.com <=
/div>
DHL Phish
Posted by Dave Yadallee onX-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 03 Feb 2025 06:47:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tewmR-00000000A3B-3zsr
for dave@doctor.nl2k.ab.ca;
Mon, 03 Feb 2025 06:46:27 -0700
Resent-From: The Doctor
Resent-Date: Mon, 3 Feb 2025 06:46:27 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from wartam.com ([107.173.122.165]:58416)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from
id 1tewQv-00000000963-0ZcB
for doctor@nl2k.ab.ca;
Mon, 03 Feb 2025 06:24:18 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=wartam.com; s=202500;
t=1738589045; bh=kIvHLxHzvUJT+8IOE9WJEoebFFpocZFeLGStVp8ZHXc=;
h=From:To:Subject:Date:From;
b=jb3V153a0Lk236HSCT4GpNhLC9JtUQ45Rhb4jQemmxHp5v5KNaeHKKquL/IgcwlLF
V0LEa1hqW5vYHz48tqC9bR2z6uNWZWTrbs2WDx0AV6U1a4ZXXX29q/LtTKZw7BiK5x
uf60oZ0SI8W52ua/WAtNuEjnC4WXpKJO/wz++I+OGNjhCUhp+jqcjFXQU8/hDDp66k
6WRLdz7F8M5km8L54gNJUrs5VPTil+0t0fE+hF5Twn/xkyIIB5CIDvYNh/xhbU/jJv
aRu1ghiazIBtveK2F42quXf7+fPu4l0UKz4AHfQ+P7KgtQC1tLzZqC0dLygN6qRNOD
c2ebyRINrqQDg==
Received: from [176.65.139.60] (unknown [176.65.139.60])
by wartam.com (Postfix) with ESMTPSA id 2F55F1C80ED
for
From: " DHL "
To: doctor@nl2k.ab.ca
Subject: Shipping Notification: Track your package with DHL
Date: 3 Feb 2025 05:24:02 -0800
Message-ID: <20250203052402.D999D22E96A1E580@wartam.com>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 23.2
X-Spam_score_int: 232
X-Spam_bar: +++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: INCOMING SHIPMENT NOTIFICATION Hello doctor
Content analysis details: (23.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[176.65.139.60 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
[107.173.122.165 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[107.173.122.165 listed in sbl-xbl.spamhaus.org]
[176.65.139.60 listed in sbl-xbl.spamhaus.org]
[176.65.139.60 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[107.173.122.165 listed in dnsbl.ahbl.org]
[107.173.122.165 listed in dnsbl.ahbl.org]
[107.173.122.165 listed in dnsbl.ahbl.org]
[107.173.122.165 listed in dnsbl.ahbl.org]
[176.65.139.60 listed in dnsbl.ahbl.org]
[176.65.139.60 listed in dnsbl.ahbl.org]
[176.65.139.60 listed in dnsbl.ahbl.org]
[176.65.139.60 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[107.173.122.165 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[107.173.122.165 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[107.173.122.165 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[107.173.122.165 listed in dnsbl.ahbl.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[107.173.122.165 listed in zen.spamhaus.org]
0.1 URIBL_CSS_A Contains URL's A record listed in the Spamhaus CSS
blocklist
[URI: wartam.com/107.173.122.165]
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[176.65.139.60 listed in zen.spamhaus.org]
2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist
[URI: wartam.com]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: wartam.com]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: wartam.com]
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: wartam.com/107.173.122.165]
[URI: ipfs.io/209.94.90.1]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FROMSPACE Idiosyncratic "From" header format
0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
0.0 HTML_MESSAGE BODY: HTML included in message
0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area
0.0 T_MXG_EMAIL_FRAG BODY: URI with email in fragment
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 URI_IPFSIO References Interplanetary File System PtP content via
ipfs.io, likely phishing
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
0.0 URI_GOOGLE_PROXY Accessing a blacklisted URI or obscuring source of
phish via Google proxy?
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
0.0 URI_IPFS References Interplanetary File System PtP content, probable
phishing
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} Shipping Notification: Track your package with DHL
order-image: none;" alt=3D"On Demand Delivery" src=3D"https://ci5.googleuse=
rcontent.com/proxy/5ehwsj614AMDg_JrsSCmH8EYnk3FtDiHL7Q2qkwuGLTgkX3N1CcQCRJE=
M0l4kqVrpO_37uZF6rYLHEasRE5MYUsONgANTInr1w=3Ds0-d-e1-ft#https://del.dhl.com=
/img/email_assets/images/header.jpg">
r: rgb(0, 0, 0); text-transform: none; letter-spacing: normal; font-family:=
"Times New Roman"; font-size: 13px; font-style: normal; word-spacing: 0px;=
vertical-align: bottom; white-space: normal; border-collapse: collapse; ba=
ckground-color: rgb(255, 255, 255); font-variant-ligatures: normal; font-va=
riant-caps: normal; text-decoration-style: initial; text-decoration-color: =
initial; text-decoration-thickness: initial;'=20
border=3D"0" cellspacing=3D"0" cellpadding=3D"0">
ft" style=3D"padding: 10px 25px 40px; font-size: 0px; border-collapse: coll=
apse;">
1; font-family: "Helvetica Neue", Arial, sans-serif; font-size: 22px;'>INC=
OMING SHIPMENT NOTIFICATION
padding: 10px 25px 0px; font-size: 0px; border-collapse: collapse;">
font-family: "Helvetica Neue", Arial, sans-serif; font-size: 16px;'> &=
nbsp;
/tr>
er-collapse: collapse;">
=3D"line-height: 0px; border-collapse: separate;" border=3D"0" cellspacing=
=3D"0" cellpadding=3D"0">
" valign=3D"left" style=3D"padding: 15px 25px; border-radius: 3px; border: =
currentColor; border-image: none; color: rgb(255, 255, 255); border-collaps=
e: collapse; cursor: auto;" bgcolor=3D"#d90000">
55); text-transform: none; line-height: 18px; font-family: "Helvetica Neue"=
, Arial, sans-serif; font-size: 15px; font-weight: normal; text-decoration:=
none; display: block;'>
ion: none;" href=3D"https://ipfs.io/ipfs/bafkreih6kdzajhcbb5lh3lc2bkrayyrpk=
uaznj32lqafreemcvixaqgady?filename=3Dorseac.html#doctor@nl2k.ab.ca">TRACK M=
Y SHIPMENT NOW
pse: collapse;">
e-height: 0px; font-family: "Helvetica Neue", Arial, sans-serif; font-size:=
16px;'>Thank you for using DHL On-Demand Delivery.
align=3D"center" style=3D"padding: 10px 25px; font-size: 0px; border-collap=
se: collapse;">
5px; font-size: 0px; border-collapse: collapse;">
t-family: "Helvetica Neue", Arial, sans-serif; font-size: 18px;'>Sincerely,=
DHL Parcel team
x;">
>
nk" rel=3D"noreferrer">
c=3D"https://clientesparcel.dhl.es/RecursosMailSP/ig_icon.png" width=3D"80"=
height=3D"80">
valign=3D"middle" style=3D"width: 16%;">
m/dhlparcelespana/" target=3D"_blank" rel=3D"noreferrer">
height: 100%; max-width: 100%;" src=3D"https://clientesparcel.dhl.es/Recurs=
osMailSP/fb_icon.png" width=3D"80" height=3D"80"> =
=3D"width: 16%;">
=3D"_blank" rel=3D"noreferrer">
00%;" src=3D"https://clientesparcel.dhl.es/RecursosMailSP/ln_icon.png" widt=
h=3D"80" height=3D"80"> =
td>
https://youtube.com/c/DHLParcelIberia" target=3D"_blank" rel=3D"noreferrer"=
>
rcel.dhl.es/RecursosMailSP/yt_icon.png" width=3D"80" height=3D"80"> =
e" style=3D"width: 16%;">
d40511" size=3D"5">dhlparcel.com <=
/div>
Nigerian Spam from Google Gmail
Posted by Dave Yadallee onX-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 03 Feb 2025 06:46:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tewlf-00000000A0i-2pVE
for dave@doctor.nl2k.ab.ca;
Mon, 03 Feb 2025 06:45:39 -0700
Resent-From: The Doctor
Resent-Date: Mon, 3 Feb 2025 06:45:39 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ej1-f65.google.com ([209.85.218.65]:44535)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from
id 1tevQi-000000006XT-1YuC
for doctor@doctor.nl2k.ab.ca;
Mon, 03 Feb 2025 05:20:00 -0700
Received: by mail-ej1-f65.google.com with SMTP id a640c23a62f3a-ab737e5674bso81470966b.1
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1738585080; x=1739189880; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=dVK8dxwqkMB8/izuoDJiNZ7Y9TtVnyhC2ENORj01bvw=;
b=OEFfKL2bdVzEBIp6Rh5g+IlcSn7mmy/0gBb+e+OywI5DTRk47E8wm+VCboBhjq3RrQ
+VJDsbbGClyeGamiT6Ki1VdCLKv6r6nz37N0rwz5yB7AIinG1QUqklAn6uJh0w2RJxJ7
HtvALZywcSzP8IDvpYRmm2hdykaYHk3lkbS0PunN384owoo/ykvorERfaRyL4hj36ELS
m3mQE9i8EzLWWLqQUzUFe2L6JeZz8I63v5+33XuV+cgLZV33JXpu6e8TkKSk0BLUSsIp
bvWUsaLel1vGD9RYsRxYDSqZwTmTURDh9FI3lv2WZT/qo/2+j/bTd2Z/hWa8fXCagpTk
ZSKA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1738585080; x=1739189880;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=dVK8dxwqkMB8/izuoDJiNZ7Y9TtVnyhC2ENORj01bvw=;
b=PnIK/8bb33CMq/vvcSARJ/pithg41O4SrAy48vh/TjSz6N8FP7GqwVJ4tsUWNfKiBx
xqWjk1yli97ADeDUQDZ/x96Q8FhBnZ1FKxSaNDvJDT7fvpLxDtc9pLHtsfHFt/iSCMDX
TCe/FWQW0RHw1ghnInNWScVe8iS2UpnFl7Yx0yUurmUYjUV09Cpsf9bzVPHHQXY2nskK
/p6tTz3YBceTBMmdNDIQMgdvfDJEVLwirxl8/wtnoPmfsCQDQMoYon7b4KGs865sbRn+
l0YkDnB4webrjBi6KpReEAPS+eM8mS6UftCd/bQTegeGjtPotGTFXj1afFjBrvo7mHoZ
rbXw==
X-Forwarded-Encrypted: i=1; AJvYcCXR9u/XvvL+w1W3xYUw3clVqiRpe3hsZtYGA09VXZT2yABYxRhgjHI0Cft7LIUefI1r4UlusUo=@doctor.nl2k.ab.ca
X-Gm-Message-State: AOJu0YyfFvfWE6yUEIY3YiX4azsL4Yqc71qEq8hwkxTmj69WxzqTnN/Q
PbsJqRR381i3F/o9taou5rlPnZ8fC6IlcCYTpoj39fIa6tE92LpgaFYDht0QL8ZhGHdAi4a9ZpL
7JBxvctk6Ttka54bV7I/cgxGQeCAd2O6JG3EBpH7L
X-Gm-Gg: ASbGncvmKz4i1sRCdTX2CAUAculEjfh92a4N1+i/NtAGtWk86Zt+z+1qsKhGFt1j7qF
xkWvzoS+eOWgiRBZ6IN+HKG9kZXBM6nVJ/ufn9VvoGUk78QyXe05Qw9NcOhT8yKbGbj6XdDzEcQ
==
X-Google-Smtp-Source: AGHT+IGOKLYYLbGC5ngVj+WT3Ps4pqTIqNKnH+Fa1ie+d+skdOdpU6OFJ1Pq8cYpjJd24EGIKkILnQ7Z80ZKWaKxINk=
X-Received: by 2002:a05:651c:242:b0:300:360b:bc36 with SMTP id
38308e7fff4ca-3079694bae0mr67324541fa.23.1738584773332; Mon, 03 Feb 2025
04:12:53 -0800 (PST)
MIME-Version: 1.0
Reply-To: adrveronicaamadi@gmail.com
From: "Dr.Mrs. Veronica Amadi JP"
Date: Mon, 3 Feb 2025 13:09:14 +0100
X-Gm-Features: AWEUYZlPB7b0RKonZ8CvQAUX5RTsym7_2A492_u92_AfmBkq0T7z7wETL--dhcs
Message-ID:
Subject: Re: From Dr.Mrs. Veronica Amadi JP
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000d39885062d3bcf33"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 12.7
X-Spam_score_int: 127
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dearest, This might come to you as a surprise but what I'm
about telling you is nothing but the reality about your fund which has been
held for so long with the Central Bank of Nigeria. Do you know that all the
money you have been sending to the officials for one certificate clearance
or the other is being used against you?
Content analysis details: (12.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.218.65 listed in will-spam-for-food.eu.org]
[209.85.218.65 listed in will-spam-for-food.eu.org]
[209.85.218.65 listed in will-spam-for-food.eu.org]
[209.85.218.65 listed in will-spam-for-food.eu.org]
[209.85.218.65 listed in will-spam-for-food.eu.org]
[209.85.218.65 listed in will-spam-for-food.eu.org]
[209.85.218.65 listed in will-spam-for-food.eu.org]
[209.85.218.65 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.218.65 listed in dnsbl.ahbl.org]
[209.85.218.65 listed in dnsbl.ahbl.org]
[209.85.218.65 listed in dnsbl.ahbl.org]
[209.85.218.65 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.218.65 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.218.65 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.218.65 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.218.65 listed in dnsbl.ahbl.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.218.65 listed in list.dnswl.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.218.65 listed in sa-accredit.habeas.com]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.218.65 listed in sa-trusted.bondedsender.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.218.65 listed in wl.mailspike.net]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[209.85.218.65 listed in bl.score.senderscore.com]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[209.85.218.65 listed in bl.score.senderscore.com]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[jonbasil001(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[jonbasil001(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
0.0 T_HK_NAME_FM_DR No description available.
2.9 UNDISC_FREEM Undisclosed recipients + freemail reply-to
3.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)
2.2 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Re: From Dr.Mrs. Veronica Amadi JP
--000000000000d39885062d3bcf33
Content-Type: text/plain; charset="UTF-8"
Dearest,
This might come to you as a surprise but what I'm about telling you is
nothing but the reality about your fund which has been held for so long
with the Central Bank of Nigeria.
Do you know that all the money you have been sending to the officials for
one certificate clearance or the other is being used against you?
Well, this might sound strange but I am taking this bold step because of my
religious belief as a Christian. The truth is there are a lot of forces
working against you right from the last central bank Governor and the
current Governor with other top officials of all the commercial banks in
Nigeria, they have been frustrating you by delaying your payment.
There is a way I can assist you get your fund without further delay and
avoid unnecessary expenses; it is risky on my own-side to exposes the
secret of authorities but one has to take it because I am not happy as
things is going against a humanity, I have directed many people through
this way, and they receive their long-awaited outstanding payment.
Get back to me as soon as you get this mail so that I will be in a better
position to direct you what to do so you will receive your funds. Waiting
for your immediate reply to this address ( adrveronicaamadi@gmail.com ).
Yours sister in the lord
Dr.Mrs. Veronica Amadi JP.
--000000000000d39885062d3bcf33
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
W-avf gmail-tS-tW gmail-tS-tY" aria-label=3D"Message Body" role=3D"textbox"=
aria-multiline=3D"true" style=3D"direction:ltr;min-height:288px" tabindex=
=3D"1" aria-controls=3D":qh" aria-expanded=3D"false">Dearest,
This m=
ight come to you as a surprise but what I'm about telling you is nothin=
g but the reality about your fund which has been held for so long with the =
Central Bank of Nigeria.
Do you know that all the money you have bee=
n sending to the officials for one certificate clearance or the other is be=
ing used against you?
Well, this might sound strange but I am taking=
this bold step because of my religious belief as a Christian. The truth is=
there are a lot of forces working against you right from the last central =
bank Governor and the current Governor with other top officials of all the =
commercial banks in Nigeria, they have been frustrating you by delaying you=
r payment.
There is a way I can assist you get your fund without fur=
ther delay and avoid unnecessary expenses; it is risky on my own-side to ex=
poses the secret of authorities but one has to take it because I am not hap=
py as things is going against a humanity, I have directed many people throu=
gh this way, and they receive their long-awaited outstanding payment.
r>Get back to me as soon as you get this mail so that I will be in a better=
position to direct you what to do so you will receive your funds. Waiting =
for your immediate reply to this address (
di@gmail.com">adrveronicaamadi@gmail.com ).
Yours sister in the =
lord
Dr.Mrs. Veronica Amadi JP.
--000000000000d39885062d3bcf33--