Business investment spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 22 Jul 2022 09:31:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1oEubx-00021V-A4
for dave@doctor.nl2k.ab.ca;
Fri, 22 Jul 2022 09:30:41 -0600
Resent-From: The Doctor
Resent-Date: Fri, 22 Jul 2022 09:30:41 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-il1-f193.google.com ([209.85.166.193]:41659)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1oEtvr-000KNh-RD
for doctor@doctor.nl2k.ab.ca;
Fri, 22 Jul 2022 08:47:15 -0600
Received: by mail-il1-f193.google.com with SMTP id d4so2402143ilc.8
for; Fri, 22 Jul 2022 07:46:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=3V7SvSbu0tGl9ojhG/fZRHDe8uteqtSYYE8V4qOvkOA=;
b=MFWm6olOBxjJ1kWSOc7b7OVb1YMxhpdGKZ2R0ddduFJZjGHTurZJhWdmLv2eBp+HJH
4lX3wRJoCm6HMP5KhSgEnWfl7moEp3fCmWsH910Iy+tfCL808U2/KZgO/kSrnlGvyFW+
TifyGnnasubYh0sKBaH6XHnH04N33TiyuzpeJHOSXuRKvrgq0IperEYMBXnuNNaQBsjH
CNCQUL3jdBvjnpvt2rMxCUZFSAbafEx4GyU53QfgOLe8xr/HboPHcsQPMyqR3UhMzRzy
tjGa0HWNulhpNZbJ+7PSABjpKX8a//KEkY6vhU9ct1P3JNL0fdUHFFRlhWTKXxuM0jOP
DmwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=3V7SvSbu0tGl9ojhG/fZRHDe8uteqtSYYE8V4qOvkOA=;
b=hIvDfxgoJzUjp8SOYvW3p6OexBijHFPf87G/1izyMEm+trQ0YdrjBGAB/fLONEVEKM
dHwScmexnZaV07V9AQhKBlpTupr6g9VzQ3ZQEb9pJayzh89rLdxrhrGgBKG5xjN7xaom
unJ7xgy7LNl8Z9iLNtMFXYjPY/UatN8vDJ+P+UCRlot7jkr1ta1bolhC8VWq7J7HLM/n
eEbJ/D+eBg+KMpE7sjYKEotX/6PNVC2V2yQ1T4Vfa6+pNSOYm6g6+7Swg0wX36dMlNXR
JUf58+6dw7SiYT2NGRaB49UiCouNSdq93GZEwnL/AfZWXgOxnPDRHLQ3MKooh7/wtJ3X
2gEg==
X-Gm-Message-State: AJIora9pUY1wToGf7cndduErvS6X9aukMi8+ArrSWYZM1uTE5wO7cDTM
Itpd5Qr4fWhv78SvHDLQD/PqNOU7kBAV5jZPKAs=
X-Google-Smtp-Source: AGRyM1tHAvVDe0e3MJvX3atlujeyLjgjZvXjCJyph1S6UwGKfnUj1cIjk2bMSlvNG8Sm5aZSeFQlyLHE/IQr3bpjseA=
X-Received: by 2002:a92:ce81:0:b0:2dc:fbec:d023 with SMTP id
r1-20020a92ce81000000b002dcfbecd023mr121083ilo.155.1658501204575; Fri, 22 Jul
2022 07:46:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6638:4901:0:0:0:0 with HTTP; Fri, 22 Jul 2022 07:46:43
-0700 (PDT)
Reply-To: saifemohammed100@gmail.com
From: Mr Saife Mohammed
Date: Fri, 22 Jul 2022 14:46:43 +0000
Message-ID:
Subject: Hello
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 15.5
X-Spam_score_int: 155
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello dear,, How are you today with your family, Hope all
is well?. Please, I would like you to give an urgent attention to this proposal.
I have a very lucrative business transaction which requires your utmost di
[...]
Content analysis details: (15.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.166.193 listed in wl.mailspike.net]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[saifemohammed100[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[mrezekieljeremiah22[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[mrezekieljeremiah22[at]gmail.com]
2.6 HK_SCAM_N13 BODY: No description available.
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.5 HK_NAME_FM_MR_MRS No description available.
0.0 T_HK_NAME_FM_MR_MRS No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to
2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 T_MONEY_PERCENT X% of a lot of money for you
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} Hello
Hello dear,,
How are you today with your family, Hope all is well?. Please, I would
like you to give an urgent attention to this proposal.
I have a very lucrative business transaction which requires your
utmost discretion.
Though, I know it would come to you at uttermost surprise. I am Mr.
Saife Mohammed, A banker by profession.
Please, I want to transfer the sum of ($15.5M) dollars into your bank
account. This business is 100% risk free.
Your share will be 40% while 60% for me.
E-mail Address: (saifemohammed100@gmail.com)
Thanks for your anticipated co-operation.
Best regards.
Mr. Saife Mohammed,
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 22 Jul 2022 09:31:01 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1oEubx-00021V-A4
for dave@doctor.nl2k.ab.ca;
Fri, 22 Jul 2022 09:30:41 -0600
Resent-From: The Doctor
Resent-Date: Fri, 22 Jul 2022 09:30:41 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-il1-f193.google.com ([209.85.166.193]:41659)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1oEtvr-000KNh-RD
for doctor@doctor.nl2k.ab.ca;
Fri, 22 Jul 2022 08:47:15 -0600
Received: by mail-il1-f193.google.com with SMTP id d4so2402143ilc.8
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:reply-to:from:date:message-id:subject:to;
bh=3V7SvSbu0tGl9ojhG/fZRHDe8uteqtSYYE8V4qOvkOA=;
b=MFWm6olOBxjJ1kWSOc7b7OVb1YMxhpdGKZ2R0ddduFJZjGHTurZJhWdmLv2eBp+HJH
4lX3wRJoCm6HMP5KhSgEnWfl7moEp3fCmWsH910Iy+tfCL808U2/KZgO/kSrnlGvyFW+
TifyGnnasubYh0sKBaH6XHnH04N33TiyuzpeJHOSXuRKvrgq0IperEYMBXnuNNaQBsjH
CNCQUL3jdBvjnpvt2rMxCUZFSAbafEx4GyU53QfgOLe8xr/HboPHcsQPMyqR3UhMzRzy
tjGa0HWNulhpNZbJ+7PSABjpKX8a//KEkY6vhU9ct1P3JNL0fdUHFFRlhWTKXxuM0jOP
DmwQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:reply-to:from:date:message-id
:subject:to;
bh=3V7SvSbu0tGl9ojhG/fZRHDe8uteqtSYYE8V4qOvkOA=;
b=hIvDfxgoJzUjp8SOYvW3p6OexBijHFPf87G/1izyMEm+trQ0YdrjBGAB/fLONEVEKM
dHwScmexnZaV07V9AQhKBlpTupr6g9VzQ3ZQEb9pJayzh89rLdxrhrGgBKG5xjN7xaom
unJ7xgy7LNl8Z9iLNtMFXYjPY/UatN8vDJ+P+UCRlot7jkr1ta1bolhC8VWq7J7HLM/n
eEbJ/D+eBg+KMpE7sjYKEotX/6PNVC2V2yQ1T4Vfa6+pNSOYm6g6+7Swg0wX36dMlNXR
JUf58+6dw7SiYT2NGRaB49UiCouNSdq93GZEwnL/AfZWXgOxnPDRHLQ3MKooh7/wtJ3X
2gEg==
X-Gm-Message-State: AJIora9pUY1wToGf7cndduErvS6X9aukMi8+ArrSWYZM1uTE5wO7cDTM
Itpd5Qr4fWhv78SvHDLQD/PqNOU7kBAV5jZPKAs=
X-Google-Smtp-Source: AGRyM1tHAvVDe0e3MJvX3atlujeyLjgjZvXjCJyph1S6UwGKfnUj1cIjk2bMSlvNG8Sm5aZSeFQlyLHE/IQr3bpjseA=
X-Received: by 2002:a92:ce81:0:b0:2dc:fbec:d023 with SMTP id
r1-20020a92ce81000000b002dcfbecd023mr121083ilo.155.1658501204575; Fri, 22 Jul
2022 07:46:44 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6638:4901:0:0:0:0 with HTTP; Fri, 22 Jul 2022 07:46:43
-0700 (PDT)
Reply-To: saifemohammed100@gmail.com
From: Mr Saife Mohammed
Date: Fri, 22 Jul 2022 14:46:43 +0000
Message-ID:
Subject: Hello
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 15.5
X-Spam_score_int: 155
X-Spam_bar: +++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello dear,, How are you today with your family, Hope all
is well?. Please, I would like you to give an urgent attention to this proposal.
I have a very lucrative business transaction which requires your utmost di
[...]
Content analysis details: (15.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.166.193 listed in wl.mailspike.net]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[saifemohammed100[at]gmail.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends
in digit
[mrezekieljeremiah22[at]gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[mrezekieljeremiah22[at]gmail.com]
2.6 HK_SCAM_N13 BODY: No description available.
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.5 HK_NAME_FM_MR_MRS No description available.
0.0 T_HK_NAME_FM_MR_MRS No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
3.1 UNDISC_FREEM Undisclosed recipients + freemail reply-to
2.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
0.0 T_MONEY_PERCENT X% of a lot of money for you
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} Hello
Hello dear,,
How are you today with your family, Hope all is well?. Please, I would
like you to give an urgent attention to this proposal.
I have a very lucrative business transaction which requires your
utmost discretion.
Though, I know it would come to you at uttermost surprise. I am Mr.
Saife Mohammed, A banker by profession.
Please, I want to transfer the sum of ($15.5M) dollars into your bank
account. This business is 100% risk free.
Your share will be 40% while 60% for me.
E-mail Address: (saifemohammed100@gmail.com)
Thanks for your anticipated co-operation.
Best regards.
Mr. Saife Mohammed,
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments