Nigerian spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 15 Jun 2023 20:04:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1q9ymi-0006aG-0H
for dave@doctor.nl2k.ab.ca;
Thu, 15 Jun 2023 20:01:56 -0600
Resent-From: The Doctor
Resent-Date: Thu, 15 Jun 2023 20:01:56 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ot1-f45.google.com ([209.85.210.45]:62470)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1q9y7J-000HRm-2i
for doctor@doctor.nl2k.ab.ca;
Thu, 15 Jun 2023 19:19:15 -0600
Received: by mail-ot1-f45.google.com with SMTP id 46e09a7af769-6b251ef7b77so967904a34.0
for; Thu, 15 Jun 2023 18:17:10 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1686878225; x=1689470225;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=ZYBnwFGfvJ2Lwf9QX7P2Omo4PyQIUqzj2wzSUnblnXg=;
b=riF+oMcrTjvA5KOTcQ4r3AuiV0KuYh+88sRK0avYADduSfvohkf9Xpoq/B/BNM0PJK
pJJmYMCnxtcP0bArYnyjiF1mKxGcP7L3xrqlguYB72BjfAF7NjKFn9dTOTyw/Vz4tSgW
kWkEwxtqhDPh4Aqdlx8cg6t1+tuAwoW4eIfsLFl2OripCzFKU3/HMasBxxzDbMqhih7v
MUx5D5gWxGHzv1vMCjLC3MNgnyg1A/X/LqIsnGRuGy0GI/iydHCpRBC7kw+8VjNTpTuE
UnvWOR0sDrIQOuwn6LA4Ya3zqG+Zbwj0h5KZy8yuduK7TpPNd9OQH1+IAkb7SbW6I5+/
Yf9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1686878225; x=1689470225;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=ZYBnwFGfvJ2Lwf9QX7P2Omo4PyQIUqzj2wzSUnblnXg=;
b=iPgi83MO6vpBpyWrLDvNnDFjtq8wzLFYIeoNsZPUNZpO60UhFydS/dymEPGBx+Sg8Y
bdTN2UuRywYolNIrQohTJb9nWtxXSi2/OLMU0pJqvq6GHNVX7+cOo/dhDi8Btl2j0Kvy
6Nyad4Egaraeg5N98W0VIjOZgwB3yr53EVSKheoDL+ngH8or/ujwdxjr4vLbyWVN7+jy
KJAmTljykg6nDJyczoLEJ4cBvujoJQkFgtV2dkowvJnNgJJ3nOTpTpSlyt0zADHZxd1G
MgVetFW5d9jV1Y/slKb5znpFqe3RslGSehPdemCyRtuqXTZ9q0d80Ql1lzRyLe3XN7np
Wb4Q==
X-Gm-Message-State: AC+VfDyzTaIWganv6A7l26Lf9aU5pTVPAsI3UyEWQCgU8ruUCNO6yx4Q
4+6bITH5UPlQrKEH4ojy5N5D38sGp3vKY3I1YjI=
X-Google-Smtp-Source: ACHHUZ45Ic75C/WshUk5v3saRnoidEwJL7Zs4tCGVAWKhGSbE1/YvHf4B/cDwd5N3WZJ4h9Mmb0jJHMVsjWSNUoKSq8=
X-Received: by 2002:aca:3203:0:b0:39e:98c2:5568 with SMTP id
y3-20020aca3203000000b0039e98c25568mr952945oiy.21.1686878224557; Thu, 15 Jun
2023 18:17:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6358:61c6:b0:11f:2744:aec5 with HTTP; Thu, 15 Jun 2023
18:17:04 -0700 (PDT)
Reply-To: inforwugilbert01@gmail.com
From: "Gilbert W.K"
Date: Fri, 16 Jun 2023 01:17:04 +0000
Message-ID:
Subject: Hello
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 13.6
X-Spam_score_int: 136
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: -- Greetings, I'm Mr. Bryan W. Gilbert, I work with a prime
bank in Turkey, I have this propose to present you as next of KIN, for Twenty
Six Million Great British Pounds, so willing to partner with me kindly get
b [...]
Content analysis details: (13.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.210.45 listed in list.dnswl.org]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[yendoupoyehame76(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[inforwugilbert01(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[yendoupoyehame76(at)gmail.com]
2.5 HK_SCAM_N2 BODY: No description available.
2.0 HK_SCAM No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.210.45 listed in wl.mailspike.net]
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
Subject: {SPAM?} Hello
X-Antivirus: AVG (VPS 230615-8, 6/15/2023), Inbound message
X-Antivirus-Status: Clean
--
Greetings,
I'm Mr. Bryan W. Gilbert, I work with a prime bank in Turkey, I have
this propose to present you as next of KIN, for Twenty Six Million
Great British Pounds, so willing to partner with me kindly get back to
me and I shall send details way forward
Thanks, and God blessings
B. Gilbert
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Thu, 15 Jun 2023 20:04:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1q9ymi-0006aG-0H
for dave@doctor.nl2k.ab.ca;
Thu, 15 Jun 2023 20:01:56 -0600
Resent-From: The Doctor
Resent-Date: Thu, 15 Jun 2023 20:01:56 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ot1-f45.google.com ([209.85.210.45]:62470)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from
id 1q9y7J-000HRm-2i
for doctor@doctor.nl2k.ab.ca;
Thu, 15 Jun 2023 19:19:15 -0600
Received: by mail-ot1-f45.google.com with SMTP id 46e09a7af769-6b251ef7b77so967904a34.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1686878225; x=1689470225;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=ZYBnwFGfvJ2Lwf9QX7P2Omo4PyQIUqzj2wzSUnblnXg=;
b=riF+oMcrTjvA5KOTcQ4r3AuiV0KuYh+88sRK0avYADduSfvohkf9Xpoq/B/BNM0PJK
pJJmYMCnxtcP0bArYnyjiF1mKxGcP7L3xrqlguYB72BjfAF7NjKFn9dTOTyw/Vz4tSgW
kWkEwxtqhDPh4Aqdlx8cg6t1+tuAwoW4eIfsLFl2OripCzFKU3/HMasBxxzDbMqhih7v
MUx5D5gWxGHzv1vMCjLC3MNgnyg1A/X/LqIsnGRuGy0GI/iydHCpRBC7kw+8VjNTpTuE
UnvWOR0sDrIQOuwn6LA4Ya3zqG+Zbwj0h5KZy8yuduK7TpPNd9OQH1+IAkb7SbW6I5+/
Yf9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1686878225; x=1689470225;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=ZYBnwFGfvJ2Lwf9QX7P2Omo4PyQIUqzj2wzSUnblnXg=;
b=iPgi83MO6vpBpyWrLDvNnDFjtq8wzLFYIeoNsZPUNZpO60UhFydS/dymEPGBx+Sg8Y
bdTN2UuRywYolNIrQohTJb9nWtxXSi2/OLMU0pJqvq6GHNVX7+cOo/dhDi8Btl2j0Kvy
6Nyad4Egaraeg5N98W0VIjOZgwB3yr53EVSKheoDL+ngH8or/ujwdxjr4vLbyWVN7+jy
KJAmTljykg6nDJyczoLEJ4cBvujoJQkFgtV2dkowvJnNgJJ3nOTpTpSlyt0zADHZxd1G
MgVetFW5d9jV1Y/slKb5znpFqe3RslGSehPdemCyRtuqXTZ9q0d80Ql1lzRyLe3XN7np
Wb4Q==
X-Gm-Message-State: AC+VfDyzTaIWganv6A7l26Lf9aU5pTVPAsI3UyEWQCgU8ruUCNO6yx4Q
4+6bITH5UPlQrKEH4ojy5N5D38sGp3vKY3I1YjI=
X-Google-Smtp-Source: ACHHUZ45Ic75C/WshUk5v3saRnoidEwJL7Zs4tCGVAWKhGSbE1/YvHf4B/cDwd5N3WZJ4h9Mmb0jJHMVsjWSNUoKSq8=
X-Received: by 2002:aca:3203:0:b0:39e:98c2:5568 with SMTP id
y3-20020aca3203000000b0039e98c25568mr952945oiy.21.1686878224557; Thu, 15 Jun
2023 18:17:04 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a05:6358:61c6:b0:11f:2744:aec5 with HTTP; Thu, 15 Jun 2023
18:17:04 -0700 (PDT)
Reply-To: inforwugilbert01@gmail.com
From: "Gilbert W.K"
Date: Fri, 16 Jun 2023 01:17:04 +0000
Message-ID:
Subject: Hello
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 13.6
X-Spam_score_int: 136
X-Spam_bar: +++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: -- Greetings, I'm Mr. Bryan W. Gilbert, I work with a prime
bank in Turkey, I have this propose to present you as next of KIN, for Twenty
Six Million Great British Pounds, so willing to partner with me kindly get
b [...]
Content analysis details: (13.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.210.45 listed in list.dnswl.org]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[yendoupoyehame76(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[inforwugilbert01(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[yendoupoyehame76(at)gmail.com]
2.5 HK_SCAM_N2 BODY: No description available.
2.0 HK_SCAM No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.210.45 listed in wl.mailspike.net]
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
Subject: {SPAM?} Hello
X-Antivirus: AVG (VPS 230615-8, 6/15/2023), Inbound message
X-Antivirus-Status: Clean
--
Greetings,
I'm Mr. Bryan W. Gilbert, I work with a prime bank in Turkey, I have
this propose to present you as next of KIN, for Twenty Six Million
Great British Pounds, so willing to partner with me kindly get back to
me and I shall send details way forward
Thanks, and God blessings
B. Gilbert
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments