Lottery Nigerian Spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 30 Mar 2023 14:06:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from)
id 1phyWo-000499-1j
for dave@doctor.nl2k.ab.ca;
Thu, 30 Mar 2023 14:05:46 -0600
Resent-From: The Doctor
Resent-Date: Thu, 30 Mar 2023 14:05:46 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-qv1-f43.google.com ([209.85.219.43]:40670)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96)
(envelope-from)
id 1phuDp-000JZf-2t
for doctor@doctor.nl2k.ab.ca;
Thu, 30 Mar 2023 09:29:57 -0600
Received: by mail-qv1-f43.google.com with SMTP id on15so1031137qvb.7
for; Thu, 30 Mar 2023 08:27:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112; t=1680190069;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=j54YnS8gdR/EA9ff8dX3XMxeGOxxSry81nUrcjV9m5s=;
b=MHr+nNznY8rpglrML7455hmSZBeQ9qN6ltplcVFK9JS4s+wVwX8fgeMGfmbyY6bGVr
qfbb74gVS6TQOzO/ytP6cEU1LO94J2peBQoKoV7rqNcbWRebdyyqHdmGO1qYXTI0dm7w
rSwgnQ4F/1Ar20bsxfxon61VBgseFWak59fJ73SsjfsoLxv3q9Lrj3wygYf0xGJdJWSO
wb0KM00+M6d+pAvrOndMnU+3Oyl/UqqUd8RQYgZzdXllp1KaTZlh4KAOy8vZPPraXOgA
hN2Gh1z6h8jBFJ4bdpEC4CK3pzruICUPDruBjTr4LXJluJg44A55zWJvp/J/5k+rNdgf
uFQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1680190069;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=j54YnS8gdR/EA9ff8dX3XMxeGOxxSry81nUrcjV9m5s=;
b=3uYGTZtpdvBHMIwtzuyCazBBxNle40ZDKtQSK6foKPGAQ7WK3lYtpzwW6LMCewMask
p/ukTH7++iwqx9sCGgirZTNndvHHT2yxYs7JbuESrTBhln44vBPKvgv6mmA7uytv9VX6
cLzoLg/Ewg4QZHJsR5520fx5bF5C05SV+pFKRPeofAqZikVw+pOpyrvewZKk+3Rfgsjj
xVbjEqdB8znNK6+uBkgeL4sH1rv5D4rlmqE0GQs5WNHfuwQjwTd2dN0uRQAuFBbq5Dhu
4TMS+LgvH4RvI+fKMuSBNlW5kxyi3gabbZmzFJm9bKW+1VaIyUP1wF4dWH/1Y6i+qWmk
Fe/A==
X-Gm-Message-State: AAQBX9dHQWRnLzhmjyE0x0/n+cZ0PVMNpV+MVbZ+kzcTKKrJKUoqxF7v
27NciZnD5HKftKbgfCdHw9/qXfPNt3xb4oYg3gY=
X-Google-Smtp-Source: AKy350YSgQ8i+qbBZW81ZVKeLws9uBrWOVpQWVMfQcyZYtbibaTkYSfOr00zd8qK+IH8NnMPZmeo3cqpNPncVtp38as=
X-Received: by 2002:ad4:55e5:0:b0:56f:18ed:316f with SMTP id
bu5-20020ad455e5000000b0056f18ed316fmr4525897qvb.1.1680190068941; Thu, 30 Mar
2023 08:27:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a0c:e10d:0:b0:534:2342:7ba2 with HTTP; Thu, 30 Mar 2023
08:27:47 -0700 (PDT)
Reply-To: magrethmc68@gmail.com
From: HELLO BANK PARIS
Date: Thu, 30 Mar 2023 15:27:47 +0000
Message-ID:
Subject: HELLO BANK PNB PARIS
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 14.7
X-Spam_score_int: 147
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: ATTN: CONGRATULATION YOU HAVE BEEN REWARDED WITH THE SUM OF
($1,300,000 USD) GRANT FUNDS FROM INTERNATIONAL MONETARY FUND (IMF) PARIS
AND U.S EMPOWERMENT FUNDS PROGRAM. CONTACT US FOR MORE DETAILS ABOUT YOUR
PAYMENT.
Content analysis details: (14.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.43 listed in list.dnswl.org]
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[magrethmc68(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[ogarokombate(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
1.2 UPPERCASE_75_100 message body is 75-100% uppercase
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 LOTTO_DEPT Claims Department
0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.43 listed in wl.mailspike.net]
Subject: {SPAM?} HELLO BANK PNB PARIS
ATTN:
CONGRATULATION YOU HAVE BEEN REWARDED WITH THE SUM OF ($1,300,000 USD)
GRANT FUNDS FROM INTERNATIONAL MONETARY FUND (IMF) PARIS AND U.S
EMPOWERMENT FUNDS PROGRAM.
CONTACT US FOR MORE DETAILS ABOUT YOUR PAYMENT.
BEST REGARDS
MS MAGRETH GUIMARD
PAYMENT DEPARTMENT BNP PARIBAS
HELLO BANK PARIS FRANCE
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 30 Mar 2023 14:06:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96)
(envelope-from
id 1phyWo-000499-1j
for dave@doctor.nl2k.ab.ca;
Thu, 30 Mar 2023 14:05:46 -0600
Resent-From: The Doctor
Resent-Date: Thu, 30 Mar 2023 14:05:46 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-qv1-f43.google.com ([209.85.219.43]:40670)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96)
(envelope-from
id 1phuDp-000JZf-2t
for doctor@doctor.nl2k.ab.ca;
Thu, 30 Mar 2023 09:29:57 -0600
Received: by mail-qv1-f43.google.com with SMTP id on15so1031137qvb.7
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112; t=1680190069;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=j54YnS8gdR/EA9ff8dX3XMxeGOxxSry81nUrcjV9m5s=;
b=MHr+nNznY8rpglrML7455hmSZBeQ9qN6ltplcVFK9JS4s+wVwX8fgeMGfmbyY6bGVr
qfbb74gVS6TQOzO/ytP6cEU1LO94J2peBQoKoV7rqNcbWRebdyyqHdmGO1qYXTI0dm7w
rSwgnQ4F/1Ar20bsxfxon61VBgseFWak59fJ73SsjfsoLxv3q9Lrj3wygYf0xGJdJWSO
wb0KM00+M6d+pAvrOndMnU+3Oyl/UqqUd8RQYgZzdXllp1KaTZlh4KAOy8vZPPraXOgA
hN2Gh1z6h8jBFJ4bdpEC4CK3pzruICUPDruBjTr4LXJluJg44A55zWJvp/J/5k+rNdgf
uFQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112; t=1680190069;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=j54YnS8gdR/EA9ff8dX3XMxeGOxxSry81nUrcjV9m5s=;
b=3uYGTZtpdvBHMIwtzuyCazBBxNle40ZDKtQSK6foKPGAQ7WK3lYtpzwW6LMCewMask
p/ukTH7++iwqx9sCGgirZTNndvHHT2yxYs7JbuESrTBhln44vBPKvgv6mmA7uytv9VX6
cLzoLg/Ewg4QZHJsR5520fx5bF5C05SV+pFKRPeofAqZikVw+pOpyrvewZKk+3Rfgsjj
xVbjEqdB8znNK6+uBkgeL4sH1rv5D4rlmqE0GQs5WNHfuwQjwTd2dN0uRQAuFBbq5Dhu
4TMS+LgvH4RvI+fKMuSBNlW5kxyi3gabbZmzFJm9bKW+1VaIyUP1wF4dWH/1Y6i+qWmk
Fe/A==
X-Gm-Message-State: AAQBX9dHQWRnLzhmjyE0x0/n+cZ0PVMNpV+MVbZ+kzcTKKrJKUoqxF7v
27NciZnD5HKftKbgfCdHw9/qXfPNt3xb4oYg3gY=
X-Google-Smtp-Source: AKy350YSgQ8i+qbBZW81ZVKeLws9uBrWOVpQWVMfQcyZYtbibaTkYSfOr00zd8qK+IH8NnMPZmeo3cqpNPncVtp38as=
X-Received: by 2002:ad4:55e5:0:b0:56f:18ed:316f with SMTP id
bu5-20020ad455e5000000b0056f18ed316fmr4525897qvb.1.1680190068941; Thu, 30 Mar
2023 08:27:48 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a0c:e10d:0:b0:534:2342:7ba2 with HTTP; Thu, 30 Mar 2023
08:27:47 -0700 (PDT)
Reply-To: magrethmc68@gmail.com
From: HELLO BANK PARIS
Date: Thu, 30 Mar 2023 15:27:47 +0000
Message-ID:
Subject: HELLO BANK PNB PARIS
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 14.7
X-Spam_score_int: 147
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: ATTN: CONGRATULATION YOU HAVE BEEN REWARDED WITH THE SUM OF
($1,300,000 USD) GRANT FUNDS FROM INTERNATIONAL MONETARY FUND (IMF) PARIS
AND U.S EMPOWERMENT FUNDS PROGRAM. CONTACT US FOR MORE DETAILS ABOUT YOUR
PAYMENT.
Content analysis details: (14.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.43 listed in list.dnswl.org]
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[magrethmc68(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[ogarokombate(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
1.2 UPPERCASE_75_100 message body is 75-100% uppercase
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 LOTTO_DEPT Claims Department
0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
3.3 UNDISC_MONEY Undisclosed recipients + money/fraud signs
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.43 listed in wl.mailspike.net]
Subject: {SPAM?} HELLO BANK PNB PARIS
ATTN:
CONGRATULATION YOU HAVE BEEN REWARDED WITH THE SUM OF ($1,300,000 USD)
GRANT FUNDS FROM INTERNATIONAL MONETARY FUND (IMF) PARIS AND U.S
EMPOWERMENT FUNDS PROGRAM.
CONTACT US FOR MORE DETAILS ABOUT YOUR PAYMENT.
BEST REGARDS
MS MAGRETH GUIMARD
PAYMENT DEPARTMENT BNP PARIBAS
HELLO BANK PARIS FRANCE
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments