Urgency Spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 14 Jun 2022 19:09:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1o1HW4-0009lc-TQ
for dave@doctor.nl2k.ab.ca;
Tue, 14 Jun 2022 19:08:16 -0600
Resent-From: The Doctor
Resent-Date: Tue, 14 Jun 2022 19:08:16 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-oa1-f66.google.com ([209.85.160.66]:39854)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1o1GEU-0007GT-Hp
for doctor@doctor.nl2k.ab.ca;
Tue, 14 Jun 2022 17:46:06 -0600
Received: by mail-oa1-f66.google.com with SMTP id 586e51a60fabf-10113b4c2b5so12866612fac.6
for; Tue, 14 Jun 2022 16:45:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=r4uL6sckAnaCJM6MEQaHZL7fDy5zSQzjqi9SEPfLKhw=;
b=eWrv+rZKQFx2doAAFLNa7l3L41vl+A+rV7RG3sPRrX1XCpbcgc1N3n4lXRAVvTzxpP
AeJW3EPDoHtWxgPV2qZzLX+D1KmK8HF+iyMK5FRKB4OjJfpr1kW20ju953HCfZdoy+w+
pn/k5oasDfZRjxiysl3uPh1Afv4MLKMiwxz0eUeYDK9qOpavRFlpHGFe2BpJv7sbmxVN
NFQ0CiGyGj6XIYdt+F8Avh3oZPqilPiF1drQzd4ThAZ1G0WFHzL+ofz7BY3VCNVk/InR
xCvHyXrloYwW0zgGuTlR2DISjJXyHfeupxHHyjzuDC6ENfCuhC4bzdiDEJv4K9+/CGOH
Nx8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=r4uL6sckAnaCJM6MEQaHZL7fDy5zSQzjqi9SEPfLKhw=;
b=aXSz9hRf0/LeriJcivWqqQTW9welJFldsIPwnM+EaHrxDs4+Acg+40GSu1hA+Z+xst
bmY8+qcu+793rUWEsh+Yhe/DNl1Mb5FGPKSkOJ2T5T81vj9tRZ/xXCHix4XFOas059P3
Aw4m28SEswh/kz82VudwNsVWuBmux0iaKQTx0xMBU0vfLTb1dgzCxOrs14wUIqI3AYeK
skTnFlkr2Dxw6DbH9naSQaRLoWGZd1VT6kFSUAAR73cBv3rcgVpMJk/7/Hy7YyTE+0qR
44yseWgfP7IBOBu3hNBnnN/5/3ql2SxWep5XMX+fw/qzaLJhbmHHLuT9PYH829yhtvSt
tFyw==
X-Gm-Message-State: AJIora9JnaY+5auDFmYrcrjCh2xDjpkuNGiSqy7pBgloby4gZvFApWDa
MkFFZBKDYTz/GOXD9b3B5wKWuiXxmgNHzspv1YE=
X-Google-Smtp-Source: AGRyM1skFD3oim993NItY3e2Hrvg2iZMvwb+09aJmJ/SFUHtrGoI/mvTtl87TcthDYWBxpdTbfQAIfB9mp/6kh4YIqA=
X-Received: by 2002:a05:6870:4307:b0:f2:3989:e85f with SMTP id
w7-20020a056870430700b000f23989e85fmr3802959oah.265.1655250336015; Tue, 14
Jun 2022 16:45:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6358:ba99:b0:a9:5cd0:a1f2 with HTTP; Tue, 14 Jun 2022
16:45:35 -0700 (PDT)
Reply-To: muali000111@gmail.com
From: MR MUSSA ALI
Date: Tue, 14 Jun 2022 16:45:35 -0700
Message-ID:
Subject: Urgent Reply
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 20.1
X-Spam_score_int: 201
X-Spam_bar: ++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear friend, I know this means of communication may not be
morally right to you as a person but I also have had a great thought about
it and I have come to this conclusion which I am about to share with you.
Content analysis details: (20.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud collector
mailbox
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[kabrelassane918[at]gmail.com]
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
DNSWL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[209.85.160.66 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.160.66 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[kabrelassane918[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[muali000111[at]gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.9 URG_BIZ BODY: Contains urgent matter
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.0 LOTS_OF_MONEY Huge... sums of money
1.5 HK_NAME_FM_MR_MRS No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 T_MONEY_PERCENT X% of a lot of money for you
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
0.5 MONEY_FRAUD_8 Lots of money and very many fraud phrases
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
Subject: {SPAM?} Urgent Reply
Dear friend,
I know this means of communication may not be morally right to you as
a person but I also have had a great thought about it and I have come
to this conclusion which I am about to share with you.
INTRODUCTION: I am a assistance and in one way or the other was hoping
you will cooperate with me as a partner in a project of transferring
an abandoned fund of a late customer of the bank worth of $18,000,000
(Eighteen Million Dollars US).
This will be disbursed or shared between the both of us in these
percentages, 55% for me and 45% for you. Contact me immediately if
that is alright for you so that we can enter in agreement before we
start processing for the transfer of the funds. If you are satisfied
with this proposal, please provide the below details for the Mutual
Confidential Agreement:
1. Full Name and Address
2. Occupation and Country of Origin
3. Telephone Number
I wait for your response so that we can commence on this project as
soon as possible.
Regards,
Mr. Mussa Ali
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 14 Jun 2022 19:09:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1o1HW4-0009lc-TQ
for dave@doctor.nl2k.ab.ca;
Tue, 14 Jun 2022 19:08:16 -0600
Resent-From: The Doctor
Resent-Date: Tue, 14 Jun 2022 19:08:16 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-oa1-f66.google.com ([209.85.160.66]:39854)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1o1GEU-0007GT-Hp
for doctor@doctor.nl2k.ab.ca;
Tue, 14 Jun 2022 17:46:06 -0600
Received: by mail-oa1-f66.google.com with SMTP id 586e51a60fabf-10113b4c2b5so12866612fac.6
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=r4uL6sckAnaCJM6MEQaHZL7fDy5zSQzjqi9SEPfLKhw=;
b=eWrv+rZKQFx2doAAFLNa7l3L41vl+A+rV7RG3sPRrX1XCpbcgc1N3n4lXRAVvTzxpP
AeJW3EPDoHtWxgPV2qZzLX+D1KmK8HF+iyMK5FRKB4OjJfpr1kW20ju953HCfZdoy+w+
pn/k5oasDfZRjxiysl3uPh1Afv4MLKMiwxz0eUeYDK9qOpavRFlpHGFe2BpJv7sbmxVN
NFQ0CiGyGj6XIYdt+F8Avh3oZPqilPiF1drQzd4ThAZ1G0WFHzL+ofz7BY3VCNVk/InR
xCvHyXrloYwW0zgGuTlR2DISjJXyHfeupxHHyjzuDC6ENfCuhC4bzdiDEJv4K9+/CGOH
Nx8Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=r4uL6sckAnaCJM6MEQaHZL7fDy5zSQzjqi9SEPfLKhw=;
b=aXSz9hRf0/LeriJcivWqqQTW9welJFldsIPwnM+EaHrxDs4+Acg+40GSu1hA+Z+xst
bmY8+qcu+793rUWEsh+Yhe/DNl1Mb5FGPKSkOJ2T5T81vj9tRZ/xXCHix4XFOas059P3
Aw4m28SEswh/kz82VudwNsVWuBmux0iaKQTx0xMBU0vfLTb1dgzCxOrs14wUIqI3AYeK
skTnFlkr2Dxw6DbH9naSQaRLoWGZd1VT6kFSUAAR73cBv3rcgVpMJk/7/Hy7YyTE+0qR
44yseWgfP7IBOBu3hNBnnN/5/3ql2SxWep5XMX+fw/qzaLJhbmHHLuT9PYH829yhtvSt
tFyw==
X-Gm-Message-State: AJIora9JnaY+5auDFmYrcrjCh2xDjpkuNGiSqy7pBgloby4gZvFApWDa
MkFFZBKDYTz/GOXD9b3B5wKWuiXxmgNHzspv1YE=
X-Google-Smtp-Source: AGRyM1skFD3oim993NItY3e2Hrvg2iZMvwb+09aJmJ/SFUHtrGoI/mvTtl87TcthDYWBxpdTbfQAIfB9mp/6kh4YIqA=
X-Received: by 2002:a05:6870:4307:b0:f2:3989:e85f with SMTP id
w7-20020a056870430700b000f23989e85fmr3802959oah.265.1655250336015; Tue, 14
Jun 2022 16:45:36 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6358:ba99:b0:a9:5cd0:a1f2 with HTTP; Tue, 14 Jun 2022
16:45:35 -0700 (PDT)
Reply-To: muali000111@gmail.com
From: MR MUSSA ALI
Date: Tue, 14 Jun 2022 16:45:35 -0700
Message-ID:
Subject: Urgent Reply
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 20.1
X-Spam_score_int: 201
X-Spam_bar: ++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear friend, I know this means of communication may not be
morally right to you as a person but I also have had a great thought about
it and I have come to this conclusion which I am about to share with you.
Content analysis details: (20.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 REPTO_419_FRAUD_GM Reply-To is known advance fee fraud collector
mailbox
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[kabrelassane918[at]gmail.com]
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to
DNSWL was blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[209.85.160.66 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.160.66 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[kabrelassane918[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[muali000111[at]gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.9 URG_BIZ BODY: Contains urgent matter
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.0 LOTS_OF_MONEY Huge... sums of money
1.5 HK_NAME_FM_MR_MRS No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
3.4 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
0.1 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 T_MONEY_PERCENT X% of a lot of money for you
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
0.5 MONEY_FRAUD_8 Lots of money and very many fraud phrases
1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form
3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
1.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
0.0 FORM_FRAUD_5 Fill a form and many fraud phrases
Subject: {SPAM?} Urgent Reply
Dear friend,
I know this means of communication may not be morally right to you as
a person but I also have had a great thought about it and I have come
to this conclusion which I am about to share with you.
INTRODUCTION: I am a assistance and in one way or the other was hoping
you will cooperate with me as a partner in a project of transferring
an abandoned fund of a late customer of the bank worth of $18,000,000
(Eighteen Million Dollars US).
This will be disbursed or shared between the both of us in these
percentages, 55% for me and 45% for you. Contact me immediately if
that is alright for you so that we can enter in agreement before we
start processing for the transfer of the funds. If you are satisfied
with this proposal, please provide the below details for the Mutual
Confidential Agreement:
1. Full Name and Address
2. Occupation and Country of Origin
3. Telephone Number
I wait for your response so that we can commence on this project as
soon as possible.
Regards,
Mr. Mussa Ali
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments