Nigerian Spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 19 Jun 2023 23:42:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qBU7i-0009zb-2l
for dave@doctor.nl2k.ab.ca;
Mon, 19 Jun 2023 23:41:50 -0600
Resent-From: The Doctor
Resent-Date: Mon, 19 Jun 2023 23:41:50 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-oi1-f175.google.com ([209.85.167.175]:60533)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1qBPg4-00007l-0P
for root@doctor.nl2k.ab.ca;
Mon, 19 Jun 2023 18:57:04 -0600
Received: by mail-oi1-f175.google.com with SMTP id 5614622812f47-39ce64700cbso3258355b6e.0
for; Mon, 19 Jun 2023 17:55:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1687222495; x=1689814495;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=YVjSM2HmzPldn750rQRY6L93tr7DQg17j943bFk+D84=;
b=pxfGF8Z2EuY38/OvihV+JdlnnY8ztsZaF4mP4DaZpUtZj3hlOYy/CDINLONioq7XCz
gaaykl+Wq4KQ2PBZ7mDSSBGiUXd3JofTWVL/ynlCiK2SbszYurT8b+BwXpE4w794mfun
SEQpkeqoRWGAwm/bCBStU/tVut+Vw3seYk5m28qywACmOpKeZ8F7iKX0oMgCD/Bg2Qm2
cg/zgeIC/yF8lMa8NVcwiFcnzHvyMF26j7I+9sPxlhD+1E0zL2xzFhnF8wzCC6ZNnWuM
otcnH1DuCqZeaYP/44AHIw98TqFSebmYzUH3W7SySEjCupBHzjUEU5zCMqnVkEXhWSUl
xrWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1687222495; x=1689814495;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=YVjSM2HmzPldn750rQRY6L93tr7DQg17j943bFk+D84=;
b=MdzhD+BGTe8Q44jB54g4nINBzSvcJLzNouxvXW2aQQxyu5R+DNYPd8qfK13BopAQNt
PcpxIzUtdOhn3WBrq2FJxiEW6H7qaHJFv4dKUQN2e0ZN7sNegseOb701zFfrmdP9TUpm
CW3aQpqg6VLYQFCabNez1yKrFxvNPIn48+ubReWZ4+HNfJyI3jdn5xBsdTl3VYkeVN2N
roe7oYbIslPYpPywEyb64LHPWa+Z/LiN2MZSmNm04Eiq6BPvCBI0xh7R63oaHE1A074u
ZZEHsFXQExgahRek4FGwnWMRaMvKetGAHhA0m0qPyzw6tNO7IKBxoCFPBv1rTN8CnHb7
cXlQ==
X-Gm-Message-State: AC+VfDzS8pvuNnzg5Q3iBilv4KJ/ZT+Y1dit2VCbl4wmHsoX1y/z6PMy
LvpNWMnoH4WVpZ5WAst55MazA4lwlKuT4bt52kk=
X-Google-Smtp-Source: ACHHUZ412lzLI8eSfaG5J2fO+BDIh88WDAK6A0zW5UwtI3ck7Pn0sZ4oai20wIes8jNIlaR6tDJiBImHvj4OPwyzXBA=
X-Received: by 2002:a05:6808:f02:b0:39e:d037:ebf2 with SMTP id
m2-20020a0568080f0200b0039ed037ebf2mr2665233oiw.58.1687222495055; Mon, 19 Jun
2023 17:54:55 -0700 (PDT)
MIME-Version: 1.0
Reply-To: eric.silva41@onet.pl
From: Eric Silva
Date: Tue, 20 Jun 2023 08:54:46 +0800
Message-ID:
Subject: Ref: Your Payment Is Ready.
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="0000000000007992d705fe8519b4"
Bcc: root@doctor.nl2k.ab.ca
X-Spam_score: 16.5
X-Spam_score_int: 165
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Greetings, I am Eric Silva, a consultant with the United Nations
recovery mandate on delayed payments. I am wondering why you left your funds
unclaimed for this long. However, I am in the right positi [...]
Content analysis details: (16.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[jchriswerner11111(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[eric.silva41(at)onet.pl]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[jchriswerner11111(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.167.175 listed in list.dnswl.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.175 listed in wl.mailspike.net]
Subject: {SPAM?} Ref: Your Payment Is Ready.
--0000000000007992d705fe8519b4
Content-Type: text/plain; charset="UTF-8"
Greetings,
I am Eric Silva, a consultant with the United Nations recovery mandate on
delayed payments.
I am wondering why you left your funds unclaimed for this long.
However, I am in the right position to process the release of your funds
within a couple of days without any delay or breach of the law. The sum of
US$4,650,000 was approved to be released to you within a couple of days.
Kindly get back to me with your full details for more information. Do take
note that I am contacting you in a private capacity.
Best Regards,
Eric Silva.
--0000000000007992d705fe8519b4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
--0000000000007992d705fe8519b4--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 19 Jun 2023 23:42:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qBU7i-0009zb-2l
for dave@doctor.nl2k.ab.ca;
Mon, 19 Jun 2023 23:41:50 -0600
Resent-From: The Doctor
Resent-Date: Mon, 19 Jun 2023 23:41:50 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-oi1-f175.google.com ([209.85.167.175]:60533)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from
id 1qBPg4-00007l-0P
for root@doctor.nl2k.ab.ca;
Mon, 19 Jun 2023 18:57:04 -0600
Received: by mail-oi1-f175.google.com with SMTP id 5614622812f47-39ce64700cbso3258355b6e.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1687222495; x=1689814495;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=YVjSM2HmzPldn750rQRY6L93tr7DQg17j943bFk+D84=;
b=pxfGF8Z2EuY38/OvihV+JdlnnY8ztsZaF4mP4DaZpUtZj3hlOYy/CDINLONioq7XCz
gaaykl+Wq4KQ2PBZ7mDSSBGiUXd3JofTWVL/ynlCiK2SbszYurT8b+BwXpE4w794mfun
SEQpkeqoRWGAwm/bCBStU/tVut+Vw3seYk5m28qywACmOpKeZ8F7iKX0oMgCD/Bg2Qm2
cg/zgeIC/yF8lMa8NVcwiFcnzHvyMF26j7I+9sPxlhD+1E0zL2xzFhnF8wzCC6ZNnWuM
otcnH1DuCqZeaYP/44AHIw98TqFSebmYzUH3W7SySEjCupBHzjUEU5zCMqnVkEXhWSUl
xrWA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1687222495; x=1689814495;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=YVjSM2HmzPldn750rQRY6L93tr7DQg17j943bFk+D84=;
b=MdzhD+BGTe8Q44jB54g4nINBzSvcJLzNouxvXW2aQQxyu5R+DNYPd8qfK13BopAQNt
PcpxIzUtdOhn3WBrq2FJxiEW6H7qaHJFv4dKUQN2e0ZN7sNegseOb701zFfrmdP9TUpm
CW3aQpqg6VLYQFCabNez1yKrFxvNPIn48+ubReWZ4+HNfJyI3jdn5xBsdTl3VYkeVN2N
roe7oYbIslPYpPywEyb64LHPWa+Z/LiN2MZSmNm04Eiq6BPvCBI0xh7R63oaHE1A074u
ZZEHsFXQExgahRek4FGwnWMRaMvKetGAHhA0m0qPyzw6tNO7IKBxoCFPBv1rTN8CnHb7
cXlQ==
X-Gm-Message-State: AC+VfDzS8pvuNnzg5Q3iBilv4KJ/ZT+Y1dit2VCbl4wmHsoX1y/z6PMy
LvpNWMnoH4WVpZ5WAst55MazA4lwlKuT4bt52kk=
X-Google-Smtp-Source: ACHHUZ412lzLI8eSfaG5J2fO+BDIh88WDAK6A0zW5UwtI3ck7Pn0sZ4oai20wIes8jNIlaR6tDJiBImHvj4OPwyzXBA=
X-Received: by 2002:a05:6808:f02:b0:39e:d037:ebf2 with SMTP id
m2-20020a0568080f0200b0039ed037ebf2mr2665233oiw.58.1687222495055; Mon, 19 Jun
2023 17:54:55 -0700 (PDT)
MIME-Version: 1.0
Reply-To: eric.silva41@onet.pl
From: Eric Silva
Date: Tue, 20 Jun 2023 08:54:46 +0800
Message-ID:
Subject: Ref: Your Payment Is Ready.
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="0000000000007992d705fe8519b4"
Bcc: root@doctor.nl2k.ab.ca
X-Spam_score: 16.5
X-Spam_score_int: 165
X-Spam_bar: ++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Greetings, I am Eric Silva, a consultant with the United Nations
recovery mandate on delayed payments. I am wondering why you left your funds
unclaimed for this long. However, I am in the right positi [...]
Content analysis details: (16.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[jchriswerner11111(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[eric.silva41(at)onet.pl]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[jchriswerner11111(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.167.175 listed in list.dnswl.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
3.0 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.175 listed in wl.mailspike.net]
Subject: {SPAM?} Ref: Your Payment Is Ready.
--0000000000007992d705fe8519b4
Content-Type: text/plain; charset="UTF-8"
Greetings,
I am Eric Silva, a consultant with the United Nations recovery mandate on
delayed payments.
I am wondering why you left your funds unclaimed for this long.
However, I am in the right position to process the release of your funds
within a couple of days without any delay or breach of the law. The sum of
US$4,650,000 was approved to be released to you within a couple of days.
Kindly get back to me with your full details for more information. Do take
note that I am contacting you in a private capacity.
Best Regards,
Eric Silva.
--0000000000007992d705fe8519b4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Greetings,
I am Eric Silva, a consultant with the Unite=
d Nations recovery mandate on delayed payments.
I am wondering why you l=
eft your funds unclaimed for this long.
However, I am in the right posit=
ion to process the release of your funds within a couple of days without an=
y delay or breach of the law. The sum of US$4,650,000 was approved to be re=
leased to you within a couple of days.
Kindly get back to me with your f=
ull details for more information. Do take note that I am contacting you in =
a private capacity.
Best Regards,
Eric Silva.
I am Eric Silva, a consultant with the Unite=
d Nations recovery mandate on delayed payments.
I am wondering why you l=
eft your funds unclaimed for this long.
However, I am in the right posit=
ion to process the release of your funds within a couple of days without an=
y delay or breach of the law. The sum of US$4,650,000 was approved to be re=
leased to you within a couple of days.
Kindly get back to me with your f=
ull details for more information. Do take note that I am contacting you in =
a private capacity.
Best Regards,
Eric Silva.
--0000000000007992d705fe8519b4--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments