Slavic Geico Spam from Google

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 07 Jul 2022 06:12:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1o9QLd-000MyW-0t

for dave@doctor.nl2k.ab.ca;

Thu, 07 Jul 2022 06:11:09 -0600

Resent-From: The Doctor

Resent-Date: Thu, 7 Jul 2022 06:11:09 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lj1-f180.google.com ([209.85.208.180]:40695)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.95 (FreeBSD))

(envelope-from )

id 1o9Q5S-000FPf-0l

for doctor@doctor.nl2k.ab.ca;

Thu, 07 Jul 2022 05:54:29 -0600

Received: by mail-lj1-f180.google.com with SMTP id w2so5583489ljj.7

for ; Thu, 07 Jul 2022 04:54:08 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20210112;

h=mime-version:reply-to:from:date:message-id:subject:to

:content-transfer-encoding;

bh=DURwZ1uGyx037ww8qdv5ZaUnYhuUy+jHAAsbpWB7Yoo=;

b=Tbh4MwD8UVh9II2CaKPQb6EUFV7rTkLTRR686mEif1Ovg5pc4wjiCp0vfPAMdl7RP5

RJ1mQ/XFpSaPv0qt3byk5haX5EVL0TX/yqp/o2rzojvDxpfaLjY+A+l7XqzsnDJ2xGFO

Hj6QDvh9E/s9UyFnl3P1Ubx4GDs+0uEv5hclphLevUstumaiQBimmT5CCZwtWNXjGVMI

FF9T5kucpyxU0jroNmzZp2d2KKGHW6PJGFa3jga2/ru7dydH6r3FBFCpkaUyoas3ebUl

vrsgMZ3VtI3GGjDsCMNW9yPwtVWW3Ty87EMZLYkQVmpwm+NA++W1R5Pcw6wFREG5uwTU

Kaow==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20210112;

h=x-gm-message-state:mime-version:reply-to:from:date:message-id

:subject:to:content-transfer-encoding;

bh=DURwZ1uGyx037ww8qdv5ZaUnYhuUy+jHAAsbpWB7Yoo=;

b=B8fwhZCIMjEzwu/7dE+BALe+TdqErCJyWp8DcLEFqX5v6L+E2gW1EsunDMTkpfvklo

rruhZMDCJCBQitlpbGKTebbw+MBSTdYdLKTbwglfBPcKwCfJX60/yZf8a5AxiMoxavnr

BQ9BLtnCVC7ZjupytKppyw/EEcgzClQEAd7ma/Y7ii6tGaoX7SDS35LpW1Rhs4YbdsmG

BXxTvoCRnUniH7RICAAMkycc7jOrt89jEw923gOZky9pDoVsq6jHQrV8ZCDPUa9q5rNR

MdlYw1AWMUxOT5/Dcn47uvFanRcfn7WqzIH1DocK3X+weMRFdQwuXkC4JVwYpr2MLJhP

A3dA==

X-Gm-Message-State: AJIora/KZHnBee7UAAd4mospNsXwf0pUyjhiMZk3sMZsXfPmHkpXuDir

j9dvyyrHBvk5+z/HgNCbUoZasjCMxh7bvLgqsSE=

X-Google-Smtp-Source: AGRyM1urPDruB3pZvpsRXwQmySQbPG7i569rSadVjLFmMIUEQ/1LTmXw0A02v0xccCzvBcaeKqzmn7bTaYdXzFAgB20=

X-Received: by 2002:a2e:b889:0:b0:25d:38ce:976 with SMTP id

r9-20020a2eb889000000b0025d38ce0976mr7934215ljp.357.1657194842258; Thu, 07

Jul 2022 04:54:02 -0700 (PDT)

MIME-Version: 1.0

Received: by 2002:a05:6520:3805:b0:1f7:cd5:a73b with HTTP; Thu, 7 Jul 2022

04:54:01 -0700 (PDT)

Reply-To: geicocommercialloanfirmloanfir@gmail.com

From: Geico commercial loan

Date: Thu, 7 Jul 2022 04:54:01 -0700

Message-ID:

Subject: =?UTF-8?B?R0FVVEkgU0tVQknEhCBQQVNLT0zEhCDEjElBIElSIEZJTkFOU0lOxJggUEFHQUxCxIQ=?=

To: undisclosed-recipients:;

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 5.3

X-Spam_score_int: 53

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: -- Sveiki Mes siūlome paskolą su maža 2% palūkanų norma.

Jei jus domina bet kokios rūšies skubios paskolos gavimas, susisiekite

su mumis pateikdami žemiau esančią informaciją Pilnas vardas: Adresas:

Reikalinga suma: Trukmė: Mobilaus telefono numeris: Amžius: Lytis: Mėnesinės

pajamos: Darbo vieta:



Content analysis details: (5.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.180 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends

in digit

[tobedavid29[at]gmail.com]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail

provider

[tobedavid29[at]gmail.com]

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from

author's domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily

valid

-0.0 T_SCC_BODY_TEXT_LINE No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain

different freemails

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

Subject: {SPAM?} =?UTF-8?B?R0FVVEkgU0tVQknEhCBQQVNLT0zEhCDEjElBIElSIEZJTkFOU0lOxJggUEFHQUxCxIQ=?=



--=20

Sveiki



Mes si=C5=ABlome paskol=C4=85 su ma=C5=BEa 2% pal=C5=ABkan=C5=B3 norma=

. Jei jus domina bet

kokios r=C5=AB=C5=A1ies skubios paskolos gavimas, susisiekite su mumis

pateikdami =C5=BEemiau esan=C4=8Di=C4=85 informacij=C4=85



Pilnas vardas:

Adresas:

Reikalinga suma:

Trukm=C4=97:

Mobilaus telefono numeris:

Am=C5=BEius:

Lytis:

M=C4=97nesin=C4=97s pajamos:

Darbo vieta:



Pateikite mums auk=C5=A1=C4=8Diau nurodyt=C4=85 informacij=C4=85, kad gal=

=C4=97tume greitai

prad=C4=97ti paskolos apdorojim=C4=85.



Laukiu =C4=8Dia nuo tav=C4=99s.



Pagarbiai



Geico komercini=C5=B3 paskol=C5=B3 =C4=AFmon=C4=97

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA