Philantropy Gmail spam

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 30 Apr 2022 07:34:03 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1nknEN-0004wo-5J

for dave@doctor.nl2k.ab.ca;

Sat, 30 Apr 2022 07:33:51 -0600

Resent-From: The Doctor

Resent-Date: Sat, 30 Apr 2022 07:33:51 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yw1-f194.google.com ([209.85.128.194]:46932)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1nkiHv-000IUH-8h

for doctor@nl2k.ab.ca;

Sat, 30 Apr 2022 02:17:16 -0600

Received: by mail-yw1-f194.google.com with SMTP id 00721157ae682-2f7d19cac0bso105777967b3.13

for ; Sat, 30 Apr 2022 01:16:54 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to;

bh=kGiCWWebgZBObxuMUIZtbt0ahoX7mzZtcenQfNh4yho=;

b=kiiibv1TSDAdn+LC74xej5pGyE2+MuJakfeBj1zzHF1RO8Sg8GRGhaHThY40jFmSqx

7JKcAUdKKgDPQNauP+Zh+5/xBur9p3/Ks1eNyu22vdkHqAWYel/vtrYrwABs138nBvBJ

9GMRAhVJA4l/uctZsmfTKHa0xTBMGX3kfmruFGWGToTaZ4WY/taTiOpQz1MOoL9k49fP

Y0iwtzu/SfHtOHDdfodbJYxPUkP6JBuNQXqudDwngeFUsqfosB2UBW/f3AmkbNNjj9Fu

S+01DbhX10hq5ghBfDWqSfEujIs9m2UuB4tjZmtd2V/hU9bRHgDOiQRhi/EeME3MFxLN

srUQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to;

bh=kGiCWWebgZBObxuMUIZtbt0ahoX7mzZtcenQfNh4yho=;

b=ka5q15jrCNdC0oR2s3UDe8Pb6AJn3M3S/a/07MLMKLdl2ZXjxw0BRKQ76EjgE8WawU

5TqxuPRZd3ZZjKBwgGwlxf7+iiKE01n9buU0XIHhSUVKu4BU4gAwAeIjrX4WCah8SnFS

EO03WTtg4K0GZ7W9K+Ktsa5Iw4+mUOWmgv2kpoo93KSLKLwnlfU7JV+g8BuCMFKhA8um

gPk4sisu1LTXkn/Iij90vIpljAQO6VsSVUZPIl/DLbP4evonG6IsN4vJQjyQIi1EQOXv

Nyp+loOdX4a4P/rvIq2oMslLscVM70CXCrTSd8yhf9ePDAHEvj1AUbYZruCNzPKgwr1E

NoGQ==

X-Gm-Message-State: AOAM5305xsmrKNsO3hd4f+xOdsncyKxnV3UhOQk8NVk5D0puIK1oAj9z

TZ+eqBJ/AuGomhgsbFigAWHJYo5oFTY3+qsUodY=

X-Google-Smtp-Source: ABdhPJwoZH9LRYdP87VSLYu1w5Se6stRdFYhQm11xh2R+vgLbLtTST8GfWT4O40NRKmw3glT4Oz0ERxuc2iia3ByL1U=

X-Received: by 2002:a81:9955:0:b0:2f4:dfb8:7b57 with SMTP id

q82-20020a819955000000b002f4dfb87b57mr3016570ywg.225.1651306608239; Sat, 30

Apr 2022 01:16:48 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:7010:1e1c:b0:28b:4f30:5bc4 with HTTP; Sat, 30 Apr 2022

01:16:47 -0700 (PDT)

Reply-To: mrgreenman199@gmail.com

From: "Mr. Green"

Date: Sat, 30 Apr 2022 01:16:47 -0700

Message-ID:

Subject: HELLO DEAR PLEASE I HAVE THIS FUND THAT I HAVE TO TRANSFER INTO YOUR BANK

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Bcc: doctor@nl2k.ab.ca

X-Spam_score: 13.3

X-Spam_score_int: 133

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: -- Good day dear, Please I have fund ($7Million) to transfer

into your account, you will take 45% as your share from the total fund, 10%

will be shared to Charity Organizations in both countries and 45% will be

for me [...]



Content analysis details: (13.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.128.194 listed in bl.score.senderscore.com]

1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,

https://senderscore.org/blocklistlookup/

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[kafandoadama800[at]gmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in

digit

[mrgreenman199[at]gmail.com]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[kafandoadama800[at]gmail.com]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 LOTS_OF_MONEY Huge... sums of money

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 T_HK_NAME_FM_MR_MRS No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

3.6 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

0.0 T_MONEY_PERCENT X% of a lot of money for you

2.4 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} HELLO DEAR PLEASE I HAVE THIS FUND THAT I HAVE TO TRANSFER INTO YOUR BANK



--

Good day dear,



Please I have fund ($7Million) to transfer into your account, you

will take 45% as your share from the total fund, 10% will be shared to

Charity Organizations in both countries and 45% will be for me if you

agree to my business proposal reply for further details of the

transfer will be forward to you as soon as I receive your responses.



Regards,

Mr. Green (mrgreenman199@gmail.com)

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA