More link spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 11 May 2023 13:11:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from)
id 1pxBdb-0009uh-L2
for dave@doctor.nl2k.ab.ca;
Thu, 11 May 2023 13:07:39 -0600
Resent-From: The Doctor
Resent-Date: Thu, 11 May 2023 13:07:39 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-lf1-f50.google.com ([209.85.167.50]:59879)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from)
id 1px9wD-000J1f-SA
for doctor@nk.ca;
Thu, 11 May 2023 11:18:49 -0600
Received: by mail-lf1-f50.google.com with SMTP id 2adb3069b0e04-4f13ef4ad91so10349769e87.3
for; Thu, 11 May 2023 10:16:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1683825400; x=1686417400;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=lVMUjT/qOz53v5v+Sc2hoAfzFgOcQNRYsMQx16NGI9U=;
b=NOGaMNh3qBunzS4+zRlf9Ctby3Oc4ke57iNq5shz3F8sxSDjVeoPLKvdc4IQsDwebc
nDdkDy98N7gRFOkTaiIFcReaLBDdrVOSs6R47uVbgzW2mud8nDW89+hIKz2ZFf8xFQNl
1yUYysj5vpMf3jF+RCjNKjg1Ri870cKFxxPNiEfeeu+8gJm6LMhTytLUCDV1sIVJeaMx
Y+qoOIp6E4MVmJcPxsx5cBPizoG+1oVC6MPnNKHET6nN7L/B67XfOGo/3LC0u9cH3qCz
pfwHFETHHMxtmdUVWsPAHHLEZ9vI/hgQw8fVRcGKPcZXyFRTqN/HcHlghjHfHDuxDsr9
qnwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1683825400; x=1686417400;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=lVMUjT/qOz53v5v+Sc2hoAfzFgOcQNRYsMQx16NGI9U=;
b=dPPs3npwQ4XmSRlBWYutgjTgGGatAFhgU4RDyEvIRCgfJww1+qXBte369yiyt0lkBd
ccTltJcnDOtlvQxqmjKWW0hJv0c9p1C6bb90oiC7LaHjRjLU50Z06g1ctbnF7x+ZXFP2
bbtKSWlGzRCAem5xYZ0YMW7gKrOm7VYLEPmEWDsLOMD2o7bj5lpf8Vfb2Tddd7CI7ZQk
paKhIpxECF+1C1H4cJ1NBSAGJyXCzRnxKu9xlkaWY7x14+fiyKozyL7J2NDyzYLBm4wA
L503e4Dgt80NcP48qmgN7dBmY94cibzsGiCxsX3/sC/QfRaXrGosNA7ad84Ccesv9N/d
4Dmg==
X-Gm-Message-State: AC+VfDwhrAu4BHuWyUs2Xs6WwRik0Sr5UKgum3V7bi7ods5IFPVp+4Mg
MD/nG/sBasSxBmTgLpTAgslJGwBDaCIXsbklg3I=
X-Google-Smtp-Source: ACHHUZ4gGW8M+hMKcdnqNpIx8FBseTegTlealPUb4x7mwhoIZtcAMGVUWN85bMKMaJBCdwsC4I+pyAXVSVU5krx+THs=
X-Received: by 2002:ac2:5318:0:b0:4f2:4f26:3e5a with SMTP id
c24-20020ac25318000000b004f24f263e5amr2346888lfh.41.1683825400595; Thu, 11
May 2023 10:16:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6022:73a3:b0:3f:1a51:af32 with HTTP; Thu, 11 May 2023
10:16:40 -0700 (PDT)
From: "studiobuscema@alice.it"
Date: Thu, 11 May 2023 17:16:40 +0000
Message-ID:
Subject: Herr Gomez Rodrigo
To: dlennick, doctor , doctor ,
doctorjjarvis, don ,
donnaninja
Content-Type: text/plain; charset="UTF-8"
X-Spam_score: 8.6
X-Spam_score_int: 86
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://bit.ly/3NN35Di
Content analysis details: (8.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.167.50 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[ddji4371(at)gmail.com]
2.5 SUSPICIOUS_RECIPS Similar addresses in recipient list
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[ddji4371(at)gmail.com]
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.4 NAME_EMAIL_DIFF Sender NAME is an unrelated email address
0.7 PDS_FROM_2_EMAILS No description available.
1.0 FROM_2_EMAILS_SHORT Short body and From looks like 2 different emails
2.8 POSSIBLE_GMAIL_PHISHER Apparent phishing email sent from a gmail
account
1.2 BODY_SINGLE_URI Message body is only a URI
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.50 listed in wl.mailspike.net]
Subject: {SPAM?} Herr Gomez Rodrigo
https://bit.ly/3NN35Di
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 11 May 2023 13:11:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.95 (FreeBSD))
(envelope-from
id 1pxBdb-0009uh-L2
for dave@doctor.nl2k.ab.ca;
Thu, 11 May 2023 13:07:39 -0600
Resent-From: The Doctor
Resent-Date: Thu, 11 May 2023 13:07:39 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-lf1-f50.google.com ([209.85.167.50]:59879)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.95 (FreeBSD))
(envelope-from
id 1px9wD-000J1f-SA
for doctor@nk.ca;
Thu, 11 May 2023 11:18:49 -0600
Received: by mail-lf1-f50.google.com with SMTP id 2adb3069b0e04-4f13ef4ad91so10349769e87.3
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1683825400; x=1686417400;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=lVMUjT/qOz53v5v+Sc2hoAfzFgOcQNRYsMQx16NGI9U=;
b=NOGaMNh3qBunzS4+zRlf9Ctby3Oc4ke57iNq5shz3F8sxSDjVeoPLKvdc4IQsDwebc
nDdkDy98N7gRFOkTaiIFcReaLBDdrVOSs6R47uVbgzW2mud8nDW89+hIKz2ZFf8xFQNl
1yUYysj5vpMf3jF+RCjNKjg1Ri870cKFxxPNiEfeeu+8gJm6LMhTytLUCDV1sIVJeaMx
Y+qoOIp6E4MVmJcPxsx5cBPizoG+1oVC6MPnNKHET6nN7L/B67XfOGo/3LC0u9cH3qCz
pfwHFETHHMxtmdUVWsPAHHLEZ9vI/hgQw8fVRcGKPcZXyFRTqN/HcHlghjHfHDuxDsr9
qnwg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1683825400; x=1686417400;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=lVMUjT/qOz53v5v+Sc2hoAfzFgOcQNRYsMQx16NGI9U=;
b=dPPs3npwQ4XmSRlBWYutgjTgGGatAFhgU4RDyEvIRCgfJww1+qXBte369yiyt0lkBd
ccTltJcnDOtlvQxqmjKWW0hJv0c9p1C6bb90oiC7LaHjRjLU50Z06g1ctbnF7x+ZXFP2
bbtKSWlGzRCAem5xYZ0YMW7gKrOm7VYLEPmEWDsLOMD2o7bj5lpf8Vfb2Tddd7CI7ZQk
paKhIpxECF+1C1H4cJ1NBSAGJyXCzRnxKu9xlkaWY7x14+fiyKozyL7J2NDyzYLBm4wA
L503e4Dgt80NcP48qmgN7dBmY94cibzsGiCxsX3/sC/QfRaXrGosNA7ad84Ccesv9N/d
4Dmg==
X-Gm-Message-State: AC+VfDwhrAu4BHuWyUs2Xs6WwRik0Sr5UKgum3V7bi7ods5IFPVp+4Mg
MD/nG/sBasSxBmTgLpTAgslJGwBDaCIXsbklg3I=
X-Google-Smtp-Source: ACHHUZ4gGW8M+hMKcdnqNpIx8FBseTegTlealPUb4x7mwhoIZtcAMGVUWN85bMKMaJBCdwsC4I+pyAXVSVU5krx+THs=
X-Received: by 2002:ac2:5318:0:b0:4f2:4f26:3e5a with SMTP id
c24-20020ac25318000000b004f24f263e5amr2346888lfh.41.1683825400595; Thu, 11
May 2023 10:16:40 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6022:73a3:b0:3f:1a51:af32 with HTTP; Thu, 11 May 2023
10:16:40 -0700 (PDT)
From: "studiobuscema@alice.it"
Date: Thu, 11 May 2023 17:16:40 +0000
Message-ID:
Subject: Herr Gomez Rodrigo
To: dlennick
doctorjjarvis
donnaninja
Content-Type: text/plain; charset="UTF-8"
X-Spam_score: 8.6
X-Spam_score_int: 86
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://bit.ly/3NN35Di
Content analysis details: (8.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.167.50 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[ddji4371(at)gmail.com]
2.5 SUSPICIOUS_RECIPS Similar addresses in recipient list
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[ddji4371(at)gmail.com]
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.4 NAME_EMAIL_DIFF Sender NAME is an unrelated email address
0.7 PDS_FROM_2_EMAILS No description available.
1.0 FROM_2_EMAILS_SHORT Short body and From looks like 2 different emails
2.8 POSSIBLE_GMAIL_PHISHER Apparent phishing email sent from a gmail
account
1.2 BODY_SINGLE_URI Message body is only a URI
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.50 listed in wl.mailspike.net]
Subject: {SPAM?} Herr Gomez Rodrigo
https://bit.ly/3NN35Di
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments