Nigerian spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 30 May 2023 08:51:18 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1q40e3-0006vU-32
for dave@doctor.nl2k.ab.ca;
Tue, 30 May 2023 08:48:19 -0600
Resent-From: The Doctor
Resent-Date: Tue, 30 May 2023 08:48:19 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-qt1-f174.google.com ([209.85.160.174]:47423)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1q3urp-0005y1-3B
for root@nk.ca;
Tue, 30 May 2023 02:38:17 -0600
Received: by mail-qt1-f174.google.com with SMTP id d75a77b69052e-3f829e958bdso8031541cf.3
for; Tue, 30 May 2023 01:36:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1685435765; x=1688027765;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=tFAYU5hQSPOpDFryWl9WuX85TkVkky3MXqexQ2JPTIk=;
b=oMn7VKLswmGl2GKlOxoi3VK7X4vV653mZT2pvoRVKeQRleKZNRTVd6+hHpT0LWFZf9
jqjHI6zG4ouu0dQFPvdooR4+ZZLNdb9Km4OiRzpJM6xkzNQxhCvqc88toOKkTNg/dmTt
Nc3b+mYgYf0WTvIkMTfI9fRNA7ePDj4Q3pp4TulOdT0q8PJcZ+wpiwipm5We4nGkKvVF
9jWfJCnMqaQm/Gw5V8E8AVWPv+tf2QRYLK1Au38R5sr/ipdhLAxQRHX6m1Vjafg+d29+
vAbnJrbm7Rni/OqAWFDkVd3R9nz+mWp3+PDTTuWv9voHEi7aToFEwWnASLZ8++U7aYRU
pfQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1685435765; x=1688027765;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=tFAYU5hQSPOpDFryWl9WuX85TkVkky3MXqexQ2JPTIk=;
b=HKCziTMAx0DZCM+Cx6Q0LeHiQKUBkvBvc9DgA+saA4GwLro4ALxnkHTrJdRG+/WoZg
7h4KniYqbU7rKMN7WZBIMCBQ148yZOu3vl+Rd1FiuHki1mbiE5Q7/TgKzauG7oq/h0WO
k6TmhC5u3deIVsnz4Mf6u4v7j4aIn4ZG9NX0qjzFGmgRdTUQJbcPeAWteIRQULHllF8f
vtpdXi+4eT9bnG9QqHEEUxDEBCsLXOyBabXTGZZ9bMwUe48r+nQ7FWJiDATnERDqVmrr
y+YEJxHA8wFEgwSoRObgkHPhdibc6OqwJV2VqQYHmFl8Kgk0F2qouVfhJuOH6+hQSJZ/
fP4A==
X-Gm-Message-State: AC+VfDxKL4yN3AcprBS4uKHA1bEI8PVsbzczK2uAzKAge+Ldy224jZTP
lUKA3XECTQl6CwT82j7ysp4dVXPyHR9z5qKPY7Q=
X-Google-Smtp-Source: ACHHUZ4I5jx52B9vSMttFLVVqKh60qLFWzGrKo3nZARUO+ZYBJJcjMAc65pmuJw/Sg1/doV9Ks1sHbRmFquG59VtHWc=
X-Received: by 2002:ac8:5cc4:0:b0:3f5:41d9:fde8 with SMTP id
s4-20020ac85cc4000000b003f541d9fde8mr987039qta.57.1685435764441; Tue, 30 May
2023 01:36:04 -0700 (PDT)
MIME-Version: 1.0
Reply-To: sun.hor13@gmail.com
From: Sun hor
Date: Tue, 30 May 2023 15:35:55 +0700
Message-ID:
Subject: LET US WORK TOGETHER TO HAVE THIS FUNDS,
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000080a0905fce51824"
Bcc: root@nk.ca
X-Spam_score: 14.2
X-Spam_score_int: 142
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Good Day Friend, I am Chief Accountant/Executive with Foreign
Trade Bank of (FTB) . I want to present to you as a beneficiary of $32,640,000
here in my bank. Get back to me for more details. Best Regards, Mr. SUN HOR
Account Manager
Content analysis details: (14.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[yonao1727(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[sun.hor13(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[yonao1727(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.160.174 listed in list.dnswl.org]
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to known
advance fee fraud collector mailbox
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.160.174 listed in wl.mailspike.net]
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
Subject: {SPAM?} LET US WORK TOGETHER TO HAVE THIS FUNDS,
X-Antivirus: AVG (VPS 230530-2, 5/30/2023), Inbound message
X-Antivirus-Status: Clean
--000000000000080a0905fce51824
Content-Type: text/plain; charset="UTF-8"
Good Day Friend,
I am Chief Accountant/Executive with Foreign Trade Bank of (FTB) . I want
to present to you as a beneficiary of $32,640,000 here in my bank. Get back
to me for more details.
Best Regards,
Mr. SUN HOR
Account Manager
--000000000000080a0905fce51824
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
--000000000000080a0905fce51824--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 30 May 2023 08:51:18 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1q40e3-0006vU-32
for dave@doctor.nl2k.ab.ca;
Tue, 30 May 2023 08:48:19 -0600
Resent-From: The Doctor
Resent-Date: Tue, 30 May 2023 08:48:19 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-qt1-f174.google.com ([209.85.160.174]:47423)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from
id 1q3urp-0005y1-3B
for root@nk.ca;
Tue, 30 May 2023 02:38:17 -0600
Received: by mail-qt1-f174.google.com with SMTP id d75a77b69052e-3f829e958bdso8031541cf.3
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1685435765; x=1688027765;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=tFAYU5hQSPOpDFryWl9WuX85TkVkky3MXqexQ2JPTIk=;
b=oMn7VKLswmGl2GKlOxoi3VK7X4vV653mZT2pvoRVKeQRleKZNRTVd6+hHpT0LWFZf9
jqjHI6zG4ouu0dQFPvdooR4+ZZLNdb9Km4OiRzpJM6xkzNQxhCvqc88toOKkTNg/dmTt
Nc3b+mYgYf0WTvIkMTfI9fRNA7ePDj4Q3pp4TulOdT0q8PJcZ+wpiwipm5We4nGkKvVF
9jWfJCnMqaQm/Gw5V8E8AVWPv+tf2QRYLK1Au38R5sr/ipdhLAxQRHX6m1Vjafg+d29+
vAbnJrbm7Rni/OqAWFDkVd3R9nz+mWp3+PDTTuWv9voHEi7aToFEwWnASLZ8++U7aYRU
pfQg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1685435765; x=1688027765;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=tFAYU5hQSPOpDFryWl9WuX85TkVkky3MXqexQ2JPTIk=;
b=HKCziTMAx0DZCM+Cx6Q0LeHiQKUBkvBvc9DgA+saA4GwLro4ALxnkHTrJdRG+/WoZg
7h4KniYqbU7rKMN7WZBIMCBQ148yZOu3vl+Rd1FiuHki1mbiE5Q7/TgKzauG7oq/h0WO
k6TmhC5u3deIVsnz4Mf6u4v7j4aIn4ZG9NX0qjzFGmgRdTUQJbcPeAWteIRQULHllF8f
vtpdXi+4eT9bnG9QqHEEUxDEBCsLXOyBabXTGZZ9bMwUe48r+nQ7FWJiDATnERDqVmrr
y+YEJxHA8wFEgwSoRObgkHPhdibc6OqwJV2VqQYHmFl8Kgk0F2qouVfhJuOH6+hQSJZ/
fP4A==
X-Gm-Message-State: AC+VfDxKL4yN3AcprBS4uKHA1bEI8PVsbzczK2uAzKAge+Ldy224jZTP
lUKA3XECTQl6CwT82j7ysp4dVXPyHR9z5qKPY7Q=
X-Google-Smtp-Source: ACHHUZ4I5jx52B9vSMttFLVVqKh60qLFWzGrKo3nZARUO+ZYBJJcjMAc65pmuJw/Sg1/doV9Ks1sHbRmFquG59VtHWc=
X-Received: by 2002:ac8:5cc4:0:b0:3f5:41d9:fde8 with SMTP id
s4-20020ac85cc4000000b003f541d9fde8mr987039qta.57.1685435764441; Tue, 30 May
2023 01:36:04 -0700 (PDT)
MIME-Version: 1.0
Reply-To: sun.hor13@gmail.com
From: Sun hor
Date: Tue, 30 May 2023 15:35:55 +0700
Message-ID:
Subject: LET US WORK TOGETHER TO HAVE THIS FUNDS,
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000080a0905fce51824"
Bcc: root@nk.ca
X-Spam_score: 14.2
X-Spam_score_int: 142
X-Spam_bar: ++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Good Day Friend, I am Chief Accountant/Executive with Foreign
Trade Bank of (FTB) . I want to present to you as a beneficiary of $32,640,000
here in my bank. Get back to me for more details. Best Regards, Mr. SUN HOR
Account Manager
Content analysis details: (14.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[yonao1727(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[sun.hor13(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[yonao1727(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.160.174 listed in list.dnswl.org]
0.0 HTML_MESSAGE BODY: HTML included in message
1.0 REPTO_419_FRAUD_GM_LOOSE Ends-in-digits Reply-To is similar to known
advance fee fraud collector mailbox
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.160.174 listed in wl.mailspike.net]
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
Subject: {SPAM?} LET US WORK TOGETHER TO HAVE THIS FUNDS,
X-Antivirus: AVG (VPS 230530-2, 5/30/2023), Inbound message
X-Antivirus-Status: Clean
--000000000000080a0905fce51824
Content-Type: text/plain; charset="UTF-8"
Good Day Friend,
I am Chief Accountant/Executive with Foreign Trade Bank of (FTB) . I want
to present to you as a beneficiary of $32,640,000 here in my bank. Get back
to me for more details.
Best Regards,
Mr. SUN HOR
Account Manager
--000000000000080a0905fce51824
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Good Day Friend,
I am Chief Accountant/Executive wi=
th Foreign Trade Bank of (FTB) . I want to present to you as a beneficiary =
of $32,640,000 here in my bank. Get back to me for more details.
Bes=
t Regards,
Mr. SUN HOR
Account Manager
I am Chief Accountant/Executive wi=
th Foreign Trade Bank of (FTB) . I want to present to you as a beneficiary =
of $32,640,000 here in my bank. Get back to me for more details.
Bes=
t Regards,
Mr. SUN HOR
Account Manager
--000000000000080a0905fce51824--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments