Donation spam from outlook

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 22 Jul 2022 08:12:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))

(envelope-from )

id 1oEtMx-000OKh-IY

for dave@doctor.nl2k.ab.ca;

Fri, 22 Jul 2022 08:11:07 -0600

Resent-From: The Doctor

Resent-Date: Fri, 22 Jul 2022 08:11:07 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vi1eur05hn2225.outbound.protection.outlook.com ([52.100.175.225]:49504 helo=EUR05-VI1-obe.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.95 (FreeBSD))

id 1oEmAR-000PCh-S5

for doctor@doctor.nl2k.ab.ca;

Fri, 22 Jul 2022 00:29:49 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;

b=MuJo02Cft0wCEM7XSCw/JccHeJBQceQFQnKtuUjRy82cNHcOsG2keI+xI75VMSTHlOeg+J26sJFL9n/QnG50jVmIvBS2iXuH7LzRtieTBOg58cyA9WE0AogCCL63G4ohMIr9Yc+E+LB5CKJYRXsgeqGM/YJPjrOO404VYQ4trBh6w0jjyLIonlIW7jApSR18HS4vc8tMsZ4sVUNztgiv2DJvhrbiN6z2aFNXJhY7/NkqyvjZ37XNZmkiz7njOpI7/eaoo6afLVT4dHz3JVvaDwkgUWep3FBglNgNxC7X2g1LKJFigVcfl+64PCLLAHhR/Gdwu4+ikUBfs8iRAnKbtQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector9901;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=vKbVtJ06D/6eKG87vLG6Cm0zynXdVFDSSHU/1Oz2mEw=;

b=OHiwSAnpYt63UakIcZUpCHnzwI0p5kZ/s0WJRi+v99XzVLdCsQI95neFsqbnu2JL2e8laREgaM6lYKtPtAVC7b0GqgVztfNup/vvZvF2g56O7yJ9/ZFMg6PxQPe5S0Y8MZ3NeU0k2igLklaZv7CirCNENxwivrHZR+/myrrRr6LIKV84337xtawLCMDDWQM/I4AVKTm+VLVVmZnBfWFYKILUATvMVvvhV6uTq2uYkGMmUOBhunLRaVHInycVKSpDCfijF4KXWE1EGamf8nRZ4bmqk4cnPgz0BEHN95WT0sjW8VWLrAL/jGUsQ+aX3V3vkDK+8MA5AxTG9TEXGj7HEA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none (sender ip is

193.183.126.23) smtp.rcpttodomain=doctor.nl2k.ab.ca

smtp.helo=smtp.husqvarnagroup.com; dmarc=none; dkim=none (message not

signed); arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=Husqvarnagroup.onmicrosoft.com; s=selector1-Husqvarnagroup-onmicrosoft-com;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=vKbVtJ06D/6eKG87vLG6Cm0zynXdVFDSSHU/1Oz2mEw=;

b=ZeDr9RRWqUwoJKTsUn0WqIXiMOX0Pse4f9WAVEHZ1YLamIvdOp960asACAcI3fmZFGiBsB3DXzeJviloXMdZLtk32xsDZvdt8Atir+D+cMJTFoa97tP5nFptUM3D0BfitXwM+Iuouq86n8rg4vQN2llm0eJO+zMJGCGNVDK188I=

Received: from AM5PR0502CA0018.eurprd05.prod.outlook.com

(2603:10a6:203:91::28) by DU0PR04MB9372.eurprd04.prod.outlook.com

(2603:10a6:10:35b::7) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.19; Fri, 22 Jul

2022 06:29:18 +0000

Received: from AM5EUR02FT019.eop-EUR02.prod.protection.outlook.com

(2603:10a6:203:91:cafe::d2) by AM5PR0502CA0018.outlook.office365.com

(2603:10a6:203:91::28) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5458.19 via Frontend

Transport; Fri, 22 Jul 2022 06:29:18 +0000

X-MS-Exchange-Authentication-Results: spf=none (sender IP is 193.183.126.23)

smtp.helo=smtp.husqvarnagroup.com; dkim=none (message not signed)

header.d=none;dmarc=none action=none header.from=;

Received-SPF: None (protection.outlook.com: smtp.husqvarnagroup.com does not

designate permitted sender hosts)

Received: from smtp.husqvarnagroup.com (193.183.126.23) by

AM5EUR02FT019.mail.protection.outlook.com (10.152.8.169) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id

15.20.5458.17 via Frontend Transport; Fri, 22 Jul 2022 06:29:18 +0000

Received: from AS400TGT.CP.ELECTROLUX-NA.COM ([10.80.249.221]) by smtp.husqvarnagroup.com with Microsoft SMTPSVC(8.5.9600.16384);

Fri, 22 Jul 2022 08:29:01 +0200

Received: from [192.168.43.247](::ffff:129.205.124.216[129.205.124.216])

by AS400TGT.CP.ELECTROLUX-NA.COM (IBM i SMTP 7.3.0) with TCP;

Fri, 22 Jul 2022 01:28:29 -0500

Content-Type: text/plain; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body

Subject: YOU HAVE A DONATION

To: Recipients <>

From: "UNITED WORLD CHARITY ORGANIZATIONS" <>

Date: Fri, 22 Jul 2022 14:26:23 +0800

Reply-To: unitedworldcharityorg@gmail.com

Message-ID:

X-OriginalArrivalTime: 22 Jul 2022 06:29:01.0536 (UTC) FILETIME=[55117E00:01D89D94]

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-Office365-Filtering-Correlation-Id: 75740f3b-3f61-48f0-d41c-08da6bab8174

X-MS-TrafficTypeDiagnostic: DU0PR04MB9372:EE_

X-MS-Exchange-SenderADCheck: 2

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam: BCL:0;

X-Microsoft-Antispam-Message-Info:

=?iso-8859-1?Q?Et3/iukul0FsII2VQW/jkN6aFwrkFTY+bxgw0nt4GYwHCcpglkzZcvycyZ?=

=?iso-8859-1?Q?IurUMfuPruT7XXHQmaqPvS9Ae0BY75fkUPjkv0OXwe3yvsdKJXzmgfrMnB?=

=?iso-8859-1?Q?OXyWaAGKPNdHpTJ0f3aDQLF6TfgEYkE1uejayOiUMvHqlxD06I7rAKsRsd?=

=?iso-8859-1?Q?BL1TQ77kj7eIcqdRMILlV5gS6qc74Iuy/bIw9B5P3HopOh3bpIGCrcIDlP?=

=?iso-8859-1?Q?1FCbbbXzXScLBwAAn9UXmHH87GVgLtdoZwyJDCXnoITWPBevrMkNllpcFq?=

=?iso-8859-1?Q?9OUFMR4HnDHsofLkYjW9AaJZFeeew99LbCtWV4A1Ua1vGFc34nkn3ONv2r?=

=?iso-8859-1?Q?NeLz6FAkHHGa5jutSlfzvV6l3fN/dLmD/O6gEeEu5tc0ZHEVWvkJXWPlwP?=

=?iso-8859-1?Q?+QzbWZsCZvB6mL8yoONtyxUBtsLApzA18aKWKW+O/cUhfFkgZg+CspshKw?=

=?iso-8859-1?Q?T3+gFEUbwdI5N9xhn2ZSVfg+8oZW67qZq9reza5vMFxMi+FlCcFsBErnLH?=

=?iso-8859-1?Q?0btxa0f9vcmDRFGvw43UrmwZ1aBacaSW5Dq3G/0guWIQfahQaRqYeVPT92?=

=?iso-8859-1?Q?jeoKzeze4rAp8ZBH+81U8YYBv3o/d/gjM5+kWRMa6ImcmTIx2r5wpXywPy?=

=?iso-8859-1?Q?ww5GdQWw2SWjuMWSOzwO23yJXUc521gU/cwwqL8DvyaPO63yG2xWJGRH1Q?=

=?iso-8859-1?Q?0ZPCzY84fgRN4d7QGwCae+75b2RyAqgoVXihNBjt2vHk+qlmU13HCcfyuc?=

=?iso-8859-1?Q?OphdbCzOkmYY7z7CzyR2G23O3t6YSZhMoTp8owDTb+VMWX9FNDw3RZ58Si?=

=?iso-8859-1?Q?wI/CPHs1duUPMqOpRfx7ljZTgUBoklDbdtVYMf+SG4LpnlCpqNQPO+YRl+?=

=?iso-8859-1?Q?7ujo7aGhi4i9p3692InjaFW5UDmrKjKe4/0FFZdo9D+LtPnoJCfSr1wdKU?=

=?iso-8859-1?Q?n8eIdEgrI1zfYvtf8YVjEUlHyAtrahpEdCKCnqD7JB1KQtPDtIrbt04+Vo?=

=?iso-8859-1?Q?ncSn02cT4iER+J+MwOEnsoPji7/kS9L5aP4z/vjT+YuRvMifC7nbcFRxpA?=

=?iso-8859-1?Q?77DjM+rbY3Rc+Bf5q6f1DbLwNoLYPF19D0xhu7tvCWlqKJeNyi8NlamL5C?=

=?iso-8859-1?Q?FUjD82ZUz32dtbahOm+ODD0cayTBpqu5Ls9uWKZ7mbjBML+2srEQSVao5E?=

=?iso-8859-1?Q?rEaALN0BIlKDjA=3D=3D?=

X-Forefront-Antispam-Report:

CIP:193.183.126.23;CTRY:SE;LANG:en;SCL:6;SRV:;IPV:NLI;SFV:SPM;H:smtp.husqvarnagroup.com;PTR:InfoDomainNonexistent;CAT:OSPM;SFS:(13230016)(4636009)(39860400002)(396003)(346002)(376002)(136003)(5005620100009)(40470700004)(46966006)(8936002)(4744005)(5660300002)(356005)(81166007)(82740400003)(40460700003)(4743002)(109986005)(956004)(2860700004)(316002)(26005)(508600001)(41300700001)(6666004)(3480700007)(336012)(47076005)(83380400001)(42882007)(8676002)(78352004)(70206006)(70586007)(35950700001)(40480700001)(86362001)(2906002)(82310400005)(1557600019);DIR:OUT;SFP:1501;

X-OriginatorOrg: Husqvarnagroup.onmicrosoft.com

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 22 Jul 2022 06:29:18.0593

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 75740f3b-3f61-48f0-d41c-08da6bab8174

X-MS-Exchange-CrossTenant-Id: 2a1c169e-715a-412b-b526-05da3f8412fa

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=2a1c169e-715a-412b-b526-05da3f8412fa;Ip=[193.183.126.23];Helo=[smtp.husqvarnagroup.com]

X-MS-Exchange-CrossTenant-AuthSource:

AM5EUR02FT019.eop-EUR02.prod.protection.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: DU0PR04MB9372

X-Spam_score: 11.2

X-Spam_score_int: 112

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: YOU HAVE A DONATION OF 2,000,000.00 GBP OF COVID19 SUPPORT

FROM UNITED WORLD CHARITY ORGANIZATIONS, FOR CHARITABLE WORK IN YOUR COUNTRY,

TO RECEIVE YOUR DONATION AMOUNT KINDLY SEND YOUR FULL DETAILS T [...]



Content analysis details: (11.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.2 TO_MALFORMED To: has a malformed address

0.0 AXB_X_FF_SEZ_S Forefront sez this is spam

2.6 FROM_NO_USER From: has no local-part before @ sign

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.100.175.225 listed in wl.mailspike.net]

1.6 SUBJ_ALL_CAPS Subject is all capitals

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.0 FORGED_SPF_HELO No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 LOTS_OF_MONEY Huge... sums of money

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free

email?

Subject: {SPAM?} YOU HAVE A DONATION



YOU HAVE A DONATION OF 2,000,000.00 GBP OF COVID19 SUPPORT FROM UNITED WORL=

D CHARITY ORGANIZATIONS, FOR CHARITABLE WORK IN YOUR COUNTRY, TO RECEIVE Y=

OUR DONATION AMOUNT KINDLY SEND YOUR FULL DETAILS TO VIA unitedworldcharity=

org@gmail.com





The information in this email may be confidential and/or legally privileged=

. It has been sent for the sole use of the intended recipient(s). If you ar=

e not an intended recipient, you are strictly prohibited from reading, disc=

losing, distributing, copying or using this email or any of its contents, i=

n any way whatsoever. If you have received this email in error, please cont=

act the sender by reply email and destroy all copies of the original messag=

e. Please also be advised that emails are not a secure form for communicati=

on, and may contain errors.

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA