Canada post phish from Japan
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Feb 2023 12:23:00 -0700
Received: from conuserg-07.nifty.com ([210.131.2.74]:54722)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from)
id 1pWj5E-000MXs-0L
for dave@doctor.nl2k.ab.ca;
Mon, 27 Feb 2023 12:22:53 -0700
Received: from nifty.com (g52.219-121-83.ppp.wakwak.ne.jp [219.121.83.52]) (authenticated)
by conuserg-07.nifty.com with ESMTP id 31RJKY10032031
for; Tue, 28 Feb 2023 04:20:37 +0900
DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-07.nifty.com 31RJKY10032031
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com;
s=dec2015msa; t=1677525638;
bh=rewGQrqaQJETYPCKyhy8L94QvXhKMv0EH/9qTADfybc=;
h=Reply-To:From:To:Subject:Date:From;
b=YtzgUpZ9xj+tyvPxUCJ8u0GZDmjnOaRCdJh4GPRWf5Unk6qfwBi27JBkqZ+jQKqcM
qO9r0KLaq08CmPwLfFzb2MGJnnS47H/8c7w0Ky165orKYmorHdHfagOvGXDcJC6gja
TNxsEkOopZ8+Ftc3DhcxloUzWMWzFHfYjsn/33wcaNP7oZNd838QxPAnnZam0X/qZN
5XCars2ZMnuT+oOVg8wNWVT3sxMHFsrLpHM0uJ+JeOMig2WM7ihxg6jRFlRtZTiiHz
mcvqhV86o01G8Bwey3z8oVl6TLwQCOJK/nQxkDvieOSKqWs8XmARFCDYnSne/exkHt
XgbdgL9hYIrHg==
X-Nifty-SrcIP: [219.121.83.52]
Message-ID: <805d14bf4a3d17188b2168cbbf7a40098c8f@nifty.com>
Reply-To: canada_post
From: canada_post
To: dave@doctor.nl2k.ab.ca
Subject: Canada Post:Delivery failed!
Date: Mon, 27 Feb 2023 19:20:34 -0800
Organization: bunshun.jp
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="01abe2480fcbe55e7dd796bd489c3ba911"
X-Priority: 1
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Notice left indicates that your delivery cannot be completed
as expected! If the package is not scheduled for delivery or picked up within
48 hours,it will be returned to the sender. You may arrange r [...]
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[210.131.2.74 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 T_REMOTE_IMAGE Message contains an external image
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.0 PDS_SHORT_SPOOFED_URL HTML message short and T_SPOOFED_URL (S_U_FP)
0.8 PDS_NO_FULL_NAME_SPOOFED_URL HTML message short, T_SPOOFED_URL and
T_KHOP_NO_FULL_NAME
Subject: {SPAM?} Canada Post:Delivery failed!
--01abe2480fcbe55e7dd796bd489c3ba911
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Notice left indicates that your delivery cannot be completed as expected!
If the package is not scheduled for delivery or picked up within 48 hours=
,it will be returned to the sender.
You may arrange redelivery by following the link below:
https://www.canadapost-postescanada.ca/cpc/en/personal/sending/parcels/re=
strictions.page
Thank you,
Canada Post Corporation @2023 .
--01abe2480fcbe55e7dd796bd489c3ba911
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
i">
Notice left indicates that your delivery cannot be co=
mpleted as expected!
If the package is not scheduled for delivery =
or picked up within 48 hours,it will be returned to the sender.
Yo=
u may arrange redelivery by following the link below:
ttps://rb.gy/2cni1t">https://www.canadapost-postescanada.ca/cpc/en/person=
al/sending/parcels/restrictions.page
Thank you=
,
Canada Post Corporation @2023 .
--01abe2480fcbe55e7dd796bd489c3ba911--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 Feb 2023 12:23:00 -0700
Received: from conuserg-07.nifty.com ([210.131.2.74]:54722)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.96)
(envelope-from
id 1pWj5E-000MXs-0L
for dave@doctor.nl2k.ab.ca;
Mon, 27 Feb 2023 12:22:53 -0700
Received: from nifty.com (g52.219-121-83.ppp.wakwak.ne.jp [219.121.83.52]) (authenticated)
by conuserg-07.nifty.com with ESMTP id 31RJKY10032031
for
DKIM-Filter: OpenDKIM Filter v2.10.3 conuserg-07.nifty.com 31RJKY10032031
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nifty.com;
s=dec2015msa; t=1677525638;
bh=rewGQrqaQJETYPCKyhy8L94QvXhKMv0EH/9qTADfybc=;
h=Reply-To:From:To:Subject:Date:From;
b=YtzgUpZ9xj+tyvPxUCJ8u0GZDmjnOaRCdJh4GPRWf5Unk6qfwBi27JBkqZ+jQKqcM
qO9r0KLaq08CmPwLfFzb2MGJnnS47H/8c7w0Ky165orKYmorHdHfagOvGXDcJC6gja
TNxsEkOopZ8+Ftc3DhcxloUzWMWzFHfYjsn/33wcaNP7oZNd838QxPAnnZam0X/qZN
5XCars2ZMnuT+oOVg8wNWVT3sxMHFsrLpHM0uJ+JeOMig2WM7ihxg6jRFlRtZTiiHz
mcvqhV86o01G8Bwey3z8oVl6TLwQCOJK/nQxkDvieOSKqWs8XmARFCDYnSne/exkHt
XgbdgL9hYIrHg==
X-Nifty-SrcIP: [219.121.83.52]
Message-ID: <805d14bf4a3d17188b2168cbbf7a40098c8f@nifty.com>
Reply-To: canada_post
From: canada_post
To: dave@doctor.nl2k.ab.ca
Subject: Canada Post:Delivery failed!
Date: Mon, 27 Feb 2023 19:20:34 -0800
Organization: bunshun.jp
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="01abe2480fcbe55e7dd796bd489c3ba911"
X-Priority: 1
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Notice left indicates that your delivery cannot be completed
as expected! If the package is not scheduled for delivery or picked up within
48 hours,it will be returned to the sender. You may arrange r [...]
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[210.131.2.74 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 T_REMOTE_IMAGE Message contains an external image
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.0 PDS_SHORT_SPOOFED_URL HTML message short and T_SPOOFED_URL (S_U_FP)
0.8 PDS_NO_FULL_NAME_SPOOFED_URL HTML message short, T_SPOOFED_URL and
T_KHOP_NO_FULL_NAME
Subject: {SPAM?} Canada Post:Delivery failed!
--01abe2480fcbe55e7dd796bd489c3ba911
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Notice left indicates that your delivery cannot be completed as expected!
If the package is not scheduled for delivery or picked up within 48 hours=
,it will be returned to the sender.
You may arrange redelivery by following the link below:
https://www.canadapost-postescanada.ca/cpc/en/personal/sending/parcels/re=
strictions.page
Thank you,
Canada Post Corporation @2023 .
--01abe2480fcbe55e7dd796bd489c3ba911
Content-Type: text/html; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
i">
Notice left indicates that your delivery cannot be co=
mpleted as expected!
If the package is not scheduled for delivery =
or picked up within 48 hours,it will be returned to the sender.
Yo=
u may arrange redelivery by following the link below:
ttps://rb.gy/2cni1t">https://www.canadapost-postescanada.ca/cpc/en/person=
al/sending/parcels/restrictions.page
Thank you=
,
Canada Post Corporation @2023 .
--01abe2480fcbe55e7dd796bd489c3ba911--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments