Business proprosal spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 28 Mar 2023 08:05:48 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1ph9wn-000J5F-2L
for dave@doctor.nl2k.ab.ca;
Tue, 28 Mar 2023 08:05:13 -0600
Resent-From: The Doctor
Resent-Date: Tue, 28 Mar 2023 08:05:13 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-vs1-f42.google.com ([209.85.217.42]:34472)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96)
(envelope-from)
id 1ph8Ko-000Cnf-0e
for doctor@doctor.nl2k.ab.ca;
Tue, 28 Mar 2023 06:22:00 -0600
Received: by mail-vs1-f42.google.com with SMTP id h27so10217155vsa.1
for; Tue, 28 Mar 2023 05:19:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112; t=1680005989;
h=content-transfer-encoding:to:subject:message-id:date:from:reply-to
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=MZGkP1BUlOY2PzisEl9Hu8MJQ+xJG4yujvwatFxenWo=;
b=ETQSvmiA2g0QpnCHXRo0N2s6q66TREcPk6btrTdjTCkU3IPuZ/XE9c7kx94MVkGt7r
dZ850o2+xwbw7af3nbxTLdJotOhhx8w4W+QUQD5llydQBEYfe5IzaKwsM17TvNmcLhUV
7FzhGoY53dvqnZP/8EnoupLrzVtJ9LblFsvaekI6e1rZGAWk1PXBsM/Qa/ptAvN8Z/Fk
4VY4QuZ/+em/7lxM/B0G/vm6HMCTgTOSBd/JjWguyi3pGxZ7rllBPHZDhU6y+8CafIs9
8D8550ywlA8sfKVvY7U1CMZfeVEf2RfN770WmruIabzHYqBQfShlmURkm3FnyXJG8wiP
9i/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1680005989;
h=content-transfer-encoding:to:subject:message-id:date:from:reply-to
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=MZGkP1BUlOY2PzisEl9Hu8MJQ+xJG4yujvwatFxenWo=;
b=kmV5cBZQAWmuwozdtY64fbj5+q/sU2P/AfuLC6Dhojqvfd3d/PByToUtRHyStN5rD3
XoBxk/bmQtY8SznLCXvN173ONa1YYJYy1ZM5HcNW/6C8iIJLUNoI50rXZu0rGru1UWsr
f8g2/YcaUwTplKIzHArcpmAdBaLtMdaxh/lRTQTOmvb/5xnDasESURmx6IqsArgRRjK9
PbB5K7NXYHBGR4RTENAXQ6VBrzcCbugczRbkJv55O2cTIr11PdB75VYcJncys5yPEDvW
ywhY3Qg0x1bcOYW8kLOMqZZYW8UOhP+IXwPtpK57agOuB1Qqcj7F4hcS0OEH9TWn9wJc
qYUw==
X-Gm-Message-State: AAQBX9fRwB1fcwkbT5a+2Vuh5KMFKHCnNaVK/PdFn7xr/fHTl/1bQke9
kdniItnlaIu1rfB406EmdlZLBjAF1ePKHJ2hrTU=
X-Google-Smtp-Source: AKy350b49PAqStUgadaFORs+5LTeL3eLdXseTES206gdphlhn312NiM+nvurXR9xWnFD8MPxLhi1lJ6U+IJdFIG04q8=
X-Received: by 2002:a67:d484:0:b0:425:87ab:c386 with SMTP id
g4-20020a67d484000000b0042587abc386mr8584450vsj.3.1680005989029; Tue, 28 Mar
2023 05:19:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a59:d7ab:0:b0:3b2:6a8e:fdfc with HTTP; Tue, 28 Mar 2023
05:19:48 -0700 (PDT)
Reply-To: mr_a.m_70@aol.com
From: Issa Isman
Date: Tue, 28 Mar 2023 05:19:48 -0700
Message-ID:
Subject: Good Day
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 13.8
X-Spam_score_int: 138
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Friend, How are you doing Today, My name is Mr.ssa Isman,
and I am the Bill and Exchange Assistant Manager BOA Bank of Afrlca. I have
a business deal worth ( US$18.3 Million Dollars )to execute with you, it'
[...]
Content analysis details: (13.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[info.bfinfo14(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[mr_a.m_70(at)aol.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[info.bfinfo14(at)gmail.com]
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.217.42 listed in list.dnswl.org]
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.217.42 listed in wl.mailspike.net]
Subject: {SPAM?} Good Day
Dear Friend,
=C2=A0 How are you doing Today, My name is Mr.ssa Isman, and I am the Bill
and Exchange Assistant Manager BOA Bank of Afrlca. I have a business
deal worth ( US$18.3 Million Dollars )to execute with you, it's
legitimate' legal and your personal Identity will not be compromised,
Will I have your support to achieve this great opportunity
Yours Sincerely,
Mr.Issa Isman
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 28 Mar 2023 08:05:48 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1ph9wn-000J5F-2L
for dave@doctor.nl2k.ab.ca;
Tue, 28 Mar 2023 08:05:13 -0600
Resent-From: The Doctor
Resent-Date: Tue, 28 Mar 2023 08:05:13 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-vs1-f42.google.com ([209.85.217.42]:34472)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96)
(envelope-from
id 1ph8Ko-000Cnf-0e
for doctor@doctor.nl2k.ab.ca;
Tue, 28 Mar 2023 06:22:00 -0600
Received: by mail-vs1-f42.google.com with SMTP id h27so10217155vsa.1
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112; t=1680005989;
h=content-transfer-encoding:to:subject:message-id:date:from:reply-to
:mime-version:from:to:cc:subject:date:message-id:reply-to;
bh=MZGkP1BUlOY2PzisEl9Hu8MJQ+xJG4yujvwatFxenWo=;
b=ETQSvmiA2g0QpnCHXRo0N2s6q66TREcPk6btrTdjTCkU3IPuZ/XE9c7kx94MVkGt7r
dZ850o2+xwbw7af3nbxTLdJotOhhx8w4W+QUQD5llydQBEYfe5IzaKwsM17TvNmcLhUV
7FzhGoY53dvqnZP/8EnoupLrzVtJ9LblFsvaekI6e1rZGAWk1PXBsM/Qa/ptAvN8Z/Fk
4VY4QuZ/+em/7lxM/B0G/vm6HMCTgTOSBd/JjWguyi3pGxZ7rllBPHZDhU6y+8CafIs9
8D8550ywlA8sfKVvY7U1CMZfeVEf2RfN770WmruIabzHYqBQfShlmURkm3FnyXJG8wiP
9i/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1680005989;
h=content-transfer-encoding:to:subject:message-id:date:from:reply-to
:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
:reply-to;
bh=MZGkP1BUlOY2PzisEl9Hu8MJQ+xJG4yujvwatFxenWo=;
b=kmV5cBZQAWmuwozdtY64fbj5+q/sU2P/AfuLC6Dhojqvfd3d/PByToUtRHyStN5rD3
XoBxk/bmQtY8SznLCXvN173ONa1YYJYy1ZM5HcNW/6C8iIJLUNoI50rXZu0rGru1UWsr
f8g2/YcaUwTplKIzHArcpmAdBaLtMdaxh/lRTQTOmvb/5xnDasESURmx6IqsArgRRjK9
PbB5K7NXYHBGR4RTENAXQ6VBrzcCbugczRbkJv55O2cTIr11PdB75VYcJncys5yPEDvW
ywhY3Qg0x1bcOYW8kLOMqZZYW8UOhP+IXwPtpK57agOuB1Qqcj7F4hcS0OEH9TWn9wJc
qYUw==
X-Gm-Message-State: AAQBX9fRwB1fcwkbT5a+2Vuh5KMFKHCnNaVK/PdFn7xr/fHTl/1bQke9
kdniItnlaIu1rfB406EmdlZLBjAF1ePKHJ2hrTU=
X-Google-Smtp-Source: AKy350b49PAqStUgadaFORs+5LTeL3eLdXseTES206gdphlhn312NiM+nvurXR9xWnFD8MPxLhi1lJ6U+IJdFIG04q8=
X-Received: by 2002:a67:d484:0:b0:425:87ab:c386 with SMTP id
g4-20020a67d484000000b0042587abc386mr8584450vsj.3.1680005989029; Tue, 28 Mar
2023 05:19:49 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a59:d7ab:0:b0:3b2:6a8e:fdfc with HTTP; Tue, 28 Mar 2023
05:19:48 -0700 (PDT)
Reply-To: mr_a.m_70@aol.com
From: Issa Isman
Date: Tue, 28 Mar 2023 05:19:48 -0700
Message-ID:
Subject: Good Day
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 13.8
X-Spam_score_int: 138
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Friend, How are you doing Today, My name is Mr.ssa Isman,
and I am the Bill and Exchange Assistant Manager BOA Bank of Afrlca. I have
a business deal worth ( US$18.3 Million Dollars )to execute with you, it'
[...]
Content analysis details: (13.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[info.bfinfo14(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[mr_a.m_70(at)aol.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[info.bfinfo14(at)gmail.com]
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.217.42 listed in list.dnswl.org]
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.217.42 listed in wl.mailspike.net]
Subject: {SPAM?} Good Day
Dear Friend,
=C2=A0 How are you doing Today, My name is Mr.ssa Isman, and I am the Bill
and Exchange Assistant Manager BOA Bank of Afrlca. I have a business
deal worth ( US$18.3 Million Dollars )to execute with you, it's
legitimate' legal and your personal Identity will not be compromised,
Will I have your support to achieve this great opportunity
Yours Sincerely,
Mr.Issa Isman
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments