home depot phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 08 May 2023 08:23:36 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1pw1jJ-000JHP-OU
for dave@doctor.nl2k.ab.ca;
Mon, 08 May 2023 08:20:45 -0600
Resent-From: The Doctor
Resent-Date: Mon, 8 May 2023 08:20:45 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [45.10.244.244] (port=35447 helo=AmosHamilton.org)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from)
id 1pvyaf-0001AZ-Ir
for root@nk.ca;
Mon, 08 May 2023 04:59:55 -0600
MIME-Version: 1.0
Message-Id:
From: HOME DEPOT
Subject:Today you have been chosen to receive a brand new Dyson V11
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 May 2023 12:57:23 +0200
X-Spam_score: 11.9
X-Spam_score_int: 119
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Home Depot Survey
Content analysis details: (11.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[45.10.244.244 listed in zen.spamhaus.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=smkh5158671695%40shop.clair-voyance.me;ip=45.10.244.244;r=doctor.nl2k.ab.ca]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
1.2 MISSING_HEADERS Missing To: header
0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.7 HDRS_MISSP Misspaced headers
0.7 BODY_URI_ONLY Message body is only a URI in one line of text or for
an image
1.4 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid
URIBL
Subject: {SPAM?} Today you have been chosen to receive a brand new Dyson V11
Home Depot Survey
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 08 May 2023 08:23:36 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1pw1jJ-000JHP-OU
for dave@doctor.nl2k.ab.ca;
Mon, 08 May 2023 08:20:45 -0600
Resent-From: The Doctor
Resent-Date: Mon, 8 May 2023 08:20:45 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [45.10.244.244] (port=35447 helo=AmosHamilton.org)
by doctor.nl2k.ab.ca with esmtp (Exim 4.95 (FreeBSD))
(envelope-from
id 1pvyaf-0001AZ-Ir
for root@nk.ca;
Mon, 08 May 2023 04:59:55 -0600
MIME-Version: 1.0
Message-Id:
From: HOME DEPOT
Subject:Today you have been chosen to receive a brand new Dyson V11
Content-Transfer-Encoding: 7bit
Content-Type: text/html; charset=UTF-8
Date: Mon, 08 May 2023 12:57:23 +0200
X-Spam_score: 11.9
X-Spam_score_int: 119
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Home Depot Survey
Content analysis details: (11.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[45.10.244.244 listed in zen.spamhaus.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=smkh5158671695%40shop.clair-voyance.me;ip=45.10.244.244;r=doctor.nl2k.ab.ca]
0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail
domains are different
1.2 MISSING_HEADERS Missing To: header
0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.7 HDRS_MISSP Misspaced headers
0.7 BODY_URI_ONLY Message body is only a URI in one line of text or for
an image
1.4 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid
URIBL
Subject: {SPAM?} Today you have been chosen to receive a brand new Dyson V11
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments