Link spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 01 Jan 2023 20:23:57 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pCBJN-000NYJ-11
for dave@doctor.nl2k.ab.ca;
Sun, 01 Jan 2023 20:16:29 -0700
Resent-From: The Doctor
Resent-Date: Sun, 1 Jan 2023 20:16:29 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-pj1-f50.google.com ([209.85.216.50]:45842)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96)
(envelope-from)
id 1pC7nQ-000O7W-2O
for root@doctor.nl2k.ab.ca;
Sun, 01 Jan 2023 16:31:20 -0700
Received: by mail-pj1-f50.google.com with SMTP id v13-20020a17090a6b0d00b00219c3be9830so26805402pjj.4
for; Sun, 01 Jan 2023 15:28:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=YoSyeKqJvPf5V9P6lkp/SJrAW0V2UsV7Rcb5eDjX204=;
b=fCAuWW8P9+x00ERNXpPRUvK2I20WFNKkALvDlMXUiNEmkhcPNDAyDXm8nBgwzYhRMo
QWnZ3gRM8e0Q2xYPMNJiOEG2wgGjyFTp8tjuU736lvSMMz0514uaiqjUbIJPSNwer2dg
uzB4aUpzz+K8cdk03fejZbwisH3mVXcuRJTMEr94Q9KYr1nEkkVLfihnzHRWkTO2sRIx
tt5531TXPkcRYPrY4ovIKlSegmjcRH0ehHdHahPMPYcYGO7cKQClqsdogmqUVNrQgdNb
fNZs6CXwJoqsx02WITdS2BO3/fIeGll0aRj9Yb8AoryWJGGMiLoaz5CAGXvEQgSqSjgW
RgZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=YoSyeKqJvPf5V9P6lkp/SJrAW0V2UsV7Rcb5eDjX204=;
b=AmHhDKMqZAqLJyUeaRTDE/uthUlfJdiVtYvMvp306QO5yV9srqtawx9UIpAQIeNdKu
CsJGCeIh0RWpClwhDIyiwKFAL0DurxEMgNxYhxcDT2pImrxtB6SelolxK3HQpKooyrN0
r5QUZiLgxGDdV8f6SQggW71uNuDV7pHEQW1IwPVaQPi+0IkldZZVSmE+HZf2GC+QdU2N
XFxIBM6SiiyK4e+jxYjimCY6JTccdSt3NmtJzcTgVOeB+j6ZnpG/00LSJIji6aOb6zWS
SFYMR8OG96YaOUtV8XnjtZmtl4+v9rtvKnRPkQLja5vxXxONEZgWE2mJF7J/uxk1RLn3
argA==
X-Gm-Message-State: AFqh2koPpDdbTF+rK+beRa99srX1VZMpA1cDl3qR0g/xshtwIddghgMY
Y2VXX8D7xEKYisG3y/RXvGn1SIURY5u3Y35XOG4=
X-Google-Smtp-Source: AMrXdXsTjr0y/tV2olvPuS0kxoogSHzx6zUXfYr4QMgI3fRUUZw0SHkU0Zbcykujy5F0bHdW95oA78YyoCquqYmfSUo=
X-Received: by 2002:a17:90a:2808:b0:225:d9c3:ebc0 with SMTP id
e8-20020a17090a280800b00225d9c3ebc0mr1755119pjd.211.1672615721858; Sun, 01
Jan 2023 15:28:41 -0800 (PST)
MIME-Version: 1.0
From: "evs_idea@yahoo.com"
Date: Sun, 1 Jan 2023 23:31:22 +0000
Message-ID:
Subject:
To: montreal, mpol , nacyki ,
nlangmuir, patrickhenault1 ,
pierre tremblay, romtrade mtl ,
root, sabby cattery
Content-Type: multipart/alternative; boundary="000000000000f27b4d05f13c31c4"
X-Spam_score: 10.1
X-Spam_score_int: 101
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://lme02.app.link/1AfuMh2G9vb https://lme02.app.link/1AfuMh2G9vb
Content analysis details: (10.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust
[209.85.216.50 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[jhojan.rodriguez[at]gmail.com]
2.5 SORTED_RECIPS Recipient list is sorted by address
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.216.50 listed in wl.mailspike.net]
0.0 HTML_MESSAGE BODY: HTML included in message
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.5 FROM_2_EMAILS_SHORT Short body and From looks like 2 different
emails
0.0 TVD_SPACE_RATIO No description available.
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.7 PDS_FROM_2_EMAILS From header has multiple different addresses
Subject: {SPAM?}
--000000000000f27b4d05f13c31c4
Content-Type: text/plain; charset="UTF-8"
https://lme02.app.link/1AfuMh2G9vb
--000000000000f27b4d05f13c31c4
Content-Type: text/html; charset="UTF-8"
https://lme02.app.link/1AfuMh2G9vb
--000000000000f27b4d05f13c31c4--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 01 Jan 2023 20:23:57 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pCBJN-000NYJ-11
for dave@doctor.nl2k.ab.ca;
Sun, 01 Jan 2023 20:16:29 -0700
Resent-From: The Doctor
Resent-Date: Sun, 1 Jan 2023 20:16:29 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-pj1-f50.google.com ([209.85.216.50]:45842)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96)
(envelope-from
id 1pC7nQ-000O7W-2O
for root@doctor.nl2k.ab.ca;
Sun, 01 Jan 2023 16:31:20 -0700
Received: by mail-pj1-f50.google.com with SMTP id v13-20020a17090a6b0d00b00219c3be9830so26805402pjj.4
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=YoSyeKqJvPf5V9P6lkp/SJrAW0V2UsV7Rcb5eDjX204=;
b=fCAuWW8P9+x00ERNXpPRUvK2I20WFNKkALvDlMXUiNEmkhcPNDAyDXm8nBgwzYhRMo
QWnZ3gRM8e0Q2xYPMNJiOEG2wgGjyFTp8tjuU736lvSMMz0514uaiqjUbIJPSNwer2dg
uzB4aUpzz+K8cdk03fejZbwisH3mVXcuRJTMEr94Q9KYr1nEkkVLfihnzHRWkTO2sRIx
tt5531TXPkcRYPrY4ovIKlSegmjcRH0ehHdHahPMPYcYGO7cKQClqsdogmqUVNrQgdNb
fNZs6CXwJoqsx02WITdS2BO3/fIeGll0aRj9Yb8AoryWJGGMiLoaz5CAGXvEQgSqSjgW
RgZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=YoSyeKqJvPf5V9P6lkp/SJrAW0V2UsV7Rcb5eDjX204=;
b=AmHhDKMqZAqLJyUeaRTDE/uthUlfJdiVtYvMvp306QO5yV9srqtawx9UIpAQIeNdKu
CsJGCeIh0RWpClwhDIyiwKFAL0DurxEMgNxYhxcDT2pImrxtB6SelolxK3HQpKooyrN0
r5QUZiLgxGDdV8f6SQggW71uNuDV7pHEQW1IwPVaQPi+0IkldZZVSmE+HZf2GC+QdU2N
XFxIBM6SiiyK4e+jxYjimCY6JTccdSt3NmtJzcTgVOeB+j6ZnpG/00LSJIji6aOb6zWS
SFYMR8OG96YaOUtV8XnjtZmtl4+v9rtvKnRPkQLja5vxXxONEZgWE2mJF7J/uxk1RLn3
argA==
X-Gm-Message-State: AFqh2koPpDdbTF+rK+beRa99srX1VZMpA1cDl3qR0g/xshtwIddghgMY
Y2VXX8D7xEKYisG3y/RXvGn1SIURY5u3Y35XOG4=
X-Google-Smtp-Source: AMrXdXsTjr0y/tV2olvPuS0kxoogSHzx6zUXfYr4QMgI3fRUUZw0SHkU0Zbcykujy5F0bHdW95oA78YyoCquqYmfSUo=
X-Received: by 2002:a17:90a:2808:b0:225:d9c3:ebc0 with SMTP id
e8-20020a17090a280800b00225d9c3ebc0mr1755119pjd.211.1672615721858; Sun, 01
Jan 2023 15:28:41 -0800 (PST)
MIME-Version: 1.0
From: "evs_idea@yahoo.com"
Date: Sun, 1 Jan 2023 23:31:22 +0000
Message-ID:
Subject:
To: montreal
nlangmuir
pierre tremblay
root
Content-Type: multipart/alternative; boundary="000000000000f27b4d05f13c31c4"
X-Spam_score: 10.1
X-Spam_score_int: 101
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://lme02.app.link/1AfuMh2G9vb https://lme02.app.link/1AfuMh2G9vb
Content analysis details: (10.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/,
no trust
[209.85.216.50 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[jhojan.rodriguez[at]gmail.com]
2.5 SORTED_RECIPS Recipient list is sorted by address
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.216.50 listed in wl.mailspike.net]
0.0 HTML_MESSAGE BODY: HTML included in message
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.5 FROM_2_EMAILS_SHORT Short body and From looks like 2 different
emails
0.0 TVD_SPACE_RATIO No description available.
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.7 PDS_FROM_2_EMAILS From header has multiple different addresses
Subject: {SPAM?}
--000000000000f27b4d05f13c31c4
Content-Type: text/plain; charset="UTF-8"
https://lme02.app.link/1AfuMh2G9vb
--000000000000f27b4d05f13c31c4
Content-Type: text/html; charset="UTF-8"
https://lme02.app.link/1AfuMh2G9vb
--000000000000f27b4d05f13c31c4--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments