Nigerian Spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 21 Feb 2023 07:23:16 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pUTWs-000G86-1S
for dave@doctor.nl2k.ab.ca;
Tue, 21 Feb 2023 07:22:02 -0700
Resent-From: The Doctor
Resent-Date: Tue, 21 Feb 2023 07:22:02 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 189.46.136.34.bc.googleusercontent.com ([34.136.46.189]:33666 helo=service.maropost-staging.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pUQJu-00089p-2I
for doctor@nl2k.ab.ca;
Tue, 21 Feb 2023 03:56:23 -0700
Received: from [147.78.103.137] (unknown [147.78.103.137])
by service.maropost-staging.com (Postfix) with ESMTP id 9625335DAAB8;
Tue, 21 Feb 2023 08:48:27 +0000 (UTC)
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Captain Frank R.Dickson
To: Recipients
From: "U.S ARMY"
Date: Tue, 21 Feb 2023 00:48:25 -0800
Reply-To: capt.frankdickson@yahoo.com
X-Spam_score: 12.8
X-Spam_score_int: 128
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, I sincerely apologize for encroaching into your privacy
in this manner. I want to solicit your attention to receive money on my behalf.
I am Captain Frank R.Dickson, an officer in the US Army Peacekeeping force
in Syria. I will explain further when I get a response from you. Anticipating
a prompt response from you
Content analysis details: (12.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[147.78.103.137 listed in zen.spamhaus.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[34.136.46.189 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[34.136.46.189 listed in bl.score.senderscore.com]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[34.136.46.189 listed in bb.barracudacentral.org]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[34.136.46.189 listed in psbl.surriel.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 TVD_RCVD_IP Message was received from an IP address
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[capt.frankdickson(at)gmail.com]
0.0 SPOOFED_FREEMAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
0.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail reply-to
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[34.136.46.189 listed in wl.mailspike.net]
Subject: {SPAM?} Captain Frank R.Dickson
Hello,
I sincerely apologize for encroaching into your privacy in this manner. I w=
ant to solicit your attention to receive money on my behalf. I am Captain =
Frank =
R.Dickson, an officer in the US Army Peacekeeping force in Syria. I will ex=
plain further when I get a response from you. Anticipating a prompt respon=
se from you =
via email: capt.frankdickson@yahoo.com
Best Regards,
Captain Frank R.Dickson
U.S ARMY
capt.frankdickson@gmail.com
capt.frankdickson@yahoo.com
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 21 Feb 2023 07:23:16 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pUTWs-000G86-1S
for dave@doctor.nl2k.ab.ca;
Tue, 21 Feb 2023 07:22:02 -0700
Resent-From: The Doctor
Resent-Date: Tue, 21 Feb 2023 07:22:02 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 189.46.136.34.bc.googleusercontent.com ([34.136.46.189]:33666 helo=service.maropost-staging.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pUQJu-00089p-2I
for doctor@nl2k.ab.ca;
Tue, 21 Feb 2023 03:56:23 -0700
Received: from [147.78.103.137] (unknown [147.78.103.137])
by service.maropost-staging.com (Postfix) with ESMTP id 9625335DAAB8;
Tue, 21 Feb 2023 08:48:27 +0000 (UTC)
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
Subject: Captain Frank R.Dickson
To: Recipients
From: "U.S ARMY"
Date: Tue, 21 Feb 2023 00:48:25 -0800
Reply-To: capt.frankdickson@yahoo.com
X-Spam_score: 12.8
X-Spam_score_int: 128
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello, I sincerely apologize for encroaching into your privacy
in this manner. I want to solicit your attention to receive money on my behalf.
I am Captain Frank R.Dickson, an officer in the US Army Peacekeeping force
in Syria. I will explain further when I get a response from you. Anticipating
a prompt response from you
Content analysis details: (12.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL
[147.78.103.137 listed in zen.spamhaus.org]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[34.136.46.189 listed in bl.score.senderscore.com]
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[34.136.46.189 listed in bl.score.senderscore.com]
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[34.136.46.189 listed in bb.barracudacentral.org]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[34.136.46.189 listed in psbl.surriel.com]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.0 TVD_RCVD_IP Message was received from an IP address
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[capt.frankdickson(at)gmail.com]
0.0 SPOOFED_FREEMAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps
0.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
0.0 SPOOFED_FREEM_REPTO Forged freemail sender with freemail reply-to
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[34.136.46.189 listed in wl.mailspike.net]
Subject: {SPAM?} Captain Frank R.Dickson
Hello,
I sincerely apologize for encroaching into your privacy in this manner. I w=
ant to solicit your attention to receive money on my behalf. I am Captain =
Frank =
R.Dickson, an officer in the US Army Peacekeeping force in Syria. I will ex=
plain further when I get a response from you. Anticipating a prompt respon=
se from you =
via email: capt.frankdickson@yahoo.com
Best Regards,
Captain Frank R.Dickson
U.S ARMY
capt.frankdickson@gmail.com
capt.frankdickson@yahoo.com
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments