Web Link spam from Google
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Feb 2023 08:33:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1pWfUU-0000yP-1W
for dave@doctor.nl2k.ab.ca;
Mon, 27 Feb 2023 08:32:38 -0700
Resent-From: The Doctor
Resent-Date: Mon, 27 Feb 2023 08:32:38 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ed1-f67.google.com ([209.85.208.67]:44764)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96)
(envelope-from)
id 1pWaXG-000IPr-07
for doctor@nl2k.ab.ca;
Mon, 27 Feb 2023 03:15:13 -0700
Received: by mail-ed1-f67.google.com with SMTP id s26so23356187edw.11
for; Mon, 27 Feb 2023 02:13:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=iGbyWXWy7fG/GaMl7aTubyx7HLCOeE6yK8wEJ35uJVE=;
b=ATxrGTbJMi55iCveJBFDmS0LFp+vW9QQ5QgnMBz6w/vM3XNEVy4xixhoxwnG6OWA4a
e5QslTvPTj1zp5wG+bUtw614eOi7/kJGP0+W2TkQvKFt7L1BdxjT9s7/5s9W1OJT5Bn1
5X0YuKGCPOSx6CA1YTjzLFBBbrJm6wHwDp+W8EFcLbqUhmLXqkfMBxh84sUrVNnnUhPR
BeW92enp5rbEofVk/DlBssMZD1TZuWtmPwGHHjhXw3UHMuzMd9YPGYSgGDBRl8Vd72s5
DIWK5DEy4LyVIFwyVAiG541486uSGt8XIqi8aSbAJrRoXPfPy4FQ+9h7sutIwyxmYF0N
v1gA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=iGbyWXWy7fG/GaMl7aTubyx7HLCOeE6yK8wEJ35uJVE=;
b=P9R5GazJG+WDiLU7ZP6A+W/LqxAwOHToDiEdW9+YutzLC4gKOjbmHW1Q1UlAIeicu1
aB5/7aTO17Uiqtj2YiIgtpUShLvQB0aATfAvGAFKVWubUA09DfxEZrPioaTTUKbkiTQF
iWFmRH5HmN2LL9nTPCRrFaNE/W4E6w19iBWTFPUrM8iBAV6dhRKeneTmKG/A34/+Pp0y
bWzeywKNvyLqu8dx1Nq3ifsSA/5nqpXW6nVF0jtDeeYN8UiiDW1RKQJWpA5Pir5rC/JZ
PSMNIy4Mgdukwrs2zliuNVBWItRVOzKTx+Ev8kO9EHiap/GyyUGryQtLuizMy29j2huC
fHJw==
X-Gm-Message-State: AO0yUKXvpfal8LUhSs9Hep/WGxizt4/L58gWah3ylrOWuw5Zgm43+Yj7
5qYjw/1DYLiOmFlYSwoV0DZ8pOy26Oe10kjGDeM=
X-Google-Smtp-Source: AK7set+DNxlLdXfDDq0uGZMl8hKIXDJ0cgkTs/MUhvfCD4ENU/Ikx0LoHxiRD5+P4wSdjaBPkxcW137aqj0UKEOvx+0=
X-Received: by 2002:a17:906:698:b0:8ae:1078:722f with SMTP id
u24-20020a170906069800b008ae1078722fmr14723917ejb.9.1677492784476; Mon, 27
Feb 2023 02:13:04 -0800 (PST)
MIME-Version: 1.0
From: "dieudonnenzuzi07@yahoo.fr"
Date: Mon, 27 Feb 2023 10:13:02 +0000
Message-ID:
Subject:
To: dcreativ, deniscarole5 ,
denisefob1991, desjar m ,
dianelefort, dleroux ,
doctor, dominique myre
Content-Type: multipart/alternative; boundary="00000000000088349b05f5abb906"
X-Spam_score: 10.1
X-Spam_score_int: 101
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://6qm62.app.link/b56FzOozJxb https://6qm62.app.link/b56FzOozJxb
Content analysis details: (10.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.208.67 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
2.5 SORTED_RECIPS Recipient list is sorted by address
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[petrtmavy80(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[petrtmavy80(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.208.67 listed in wl.mailspike.net]
0.0 TVD_SPACE_RATIO No description available.
0.7 PDS_FROM_2_EMAILS From header has multiple different addresses
2.0 FROM_2_EMAILS_SHORT Short body and From looks like 2 different emails
0.4 NAME_EMAIL_DIFF Sender NAME is an unrelated email address
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?}
--00000000000088349b05f5abb906
Content-Type: text/plain; charset="UTF-8"
https://6qm62.app.link/b56FzOozJxb
--00000000000088349b05f5abb906
Content-Type: text/html; charset="UTF-8"
https://6qm62.app.link/b56FzOozJxb
--00000000000088349b05f5abb906--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Feb 2023 08:33:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1pWfUU-0000yP-1W
for dave@doctor.nl2k.ab.ca;
Mon, 27 Feb 2023 08:32:38 -0700
Resent-From: The Doctor
Resent-Date: Mon, 27 Feb 2023 08:32:38 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ed1-f67.google.com ([209.85.208.67]:44764)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96)
(envelope-from
id 1pWaXG-000IPr-07
for doctor@nl2k.ab.ca;
Mon, 27 Feb 2023 03:15:13 -0700
Received: by mail-ed1-f67.google.com with SMTP id s26so23356187edw.11
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=iGbyWXWy7fG/GaMl7aTubyx7HLCOeE6yK8wEJ35uJVE=;
b=ATxrGTbJMi55iCveJBFDmS0LFp+vW9QQ5QgnMBz6w/vM3XNEVy4xixhoxwnG6OWA4a
e5QslTvPTj1zp5wG+bUtw614eOi7/kJGP0+W2TkQvKFt7L1BdxjT9s7/5s9W1OJT5Bn1
5X0YuKGCPOSx6CA1YTjzLFBBbrJm6wHwDp+W8EFcLbqUhmLXqkfMBxh84sUrVNnnUhPR
BeW92enp5rbEofVk/DlBssMZD1TZuWtmPwGHHjhXw3UHMuzMd9YPGYSgGDBRl8Vd72s5
DIWK5DEy4LyVIFwyVAiG541486uSGt8XIqi8aSbAJrRoXPfPy4FQ+9h7sutIwyxmYF0N
v1gA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=iGbyWXWy7fG/GaMl7aTubyx7HLCOeE6yK8wEJ35uJVE=;
b=P9R5GazJG+WDiLU7ZP6A+W/LqxAwOHToDiEdW9+YutzLC4gKOjbmHW1Q1UlAIeicu1
aB5/7aTO17Uiqtj2YiIgtpUShLvQB0aATfAvGAFKVWubUA09DfxEZrPioaTTUKbkiTQF
iWFmRH5HmN2LL9nTPCRrFaNE/W4E6w19iBWTFPUrM8iBAV6dhRKeneTmKG/A34/+Pp0y
bWzeywKNvyLqu8dx1Nq3ifsSA/5nqpXW6nVF0jtDeeYN8UiiDW1RKQJWpA5Pir5rC/JZ
PSMNIy4Mgdukwrs2zliuNVBWItRVOzKTx+Ev8kO9EHiap/GyyUGryQtLuizMy29j2huC
fHJw==
X-Gm-Message-State: AO0yUKXvpfal8LUhSs9Hep/WGxizt4/L58gWah3ylrOWuw5Zgm43+Yj7
5qYjw/1DYLiOmFlYSwoV0DZ8pOy26Oe10kjGDeM=
X-Google-Smtp-Source: AK7set+DNxlLdXfDDq0uGZMl8hKIXDJ0cgkTs/MUhvfCD4ENU/Ikx0LoHxiRD5+P4wSdjaBPkxcW137aqj0UKEOvx+0=
X-Received: by 2002:a17:906:698:b0:8ae:1078:722f with SMTP id
u24-20020a170906069800b008ae1078722fmr14723917ejb.9.1677492784476; Mon, 27
Feb 2023 02:13:04 -0800 (PST)
MIME-Version: 1.0
From: "dieudonnenzuzi07@yahoo.fr"
Date: Mon, 27 Feb 2023 10:13:02 +0000
Message-ID:
Subject:
To: dcreativ
denisefob1991
dianelefort
doctor
Content-Type: multipart/alternative; boundary="00000000000088349b05f5abb906"
X-Spam_score: 10.1
X-Spam_score_int: 101
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://6qm62.app.link/b56FzOozJxb https://6qm62.app.link/b56FzOozJxb
Content analysis details: (10.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.208.67 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
2.5 SORTED_RECIPS Recipient list is sorted by address
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[petrtmavy80(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[petrtmavy80(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.208.67 listed in wl.mailspike.net]
0.0 TVD_SPACE_RATIO No description available.
0.7 PDS_FROM_2_EMAILS From header has multiple different addresses
2.0 FROM_2_EMAILS_SHORT Short body and From looks like 2 different emails
0.4 NAME_EMAIL_DIFF Sender NAME is an unrelated email address
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?}
--00000000000088349b05f5abb906
Content-Type: text/plain; charset="UTF-8"
https://6qm62.app.link/b56FzOozJxb
--00000000000088349b05f5abb906
Content-Type: text/html; charset="UTF-8"
https://6qm62.app.link/b56FzOozJxb
--00000000000088349b05f5abb906--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments