More link spam from Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 07 Jul 2023 14:05:21 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qHrgr-000LEZ-1b
for dave@doctor.nl2k.ab.ca;
Fri, 07 Jul 2023 14:04:29 -0600
Resent-From: The Doctor
Resent-Date: Fri, 7 Jul 2023 14:04:29 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-qt1-f177.google.com ([209.85.160.177]:52498)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from <113eross@gmail.com>)
id 1qHq6F-0001Nm-3D
for doctor@nl2k.ab.ca;
Fri, 07 Jul 2023 12:22:39 -0600
Received: by mail-qt1-f177.google.com with SMTP id d75a77b69052e-40373bc598dso17727451cf.1
for; Fri, 07 Jul 2023 11:20:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1688754043; x=1691346043;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=T5e9IasPmRLPshk6EhHjI8g0FXD+EEDOAR359l/3Xrg=;
b=dzXPftxsHUQf6Xt7EQ8IBoTCje5PeQdcO3FOs+nWiUcckcr32G5N5DVxB+YJg6XN59
kZCP6xOHjpJ8xvMSB7RU3PtAEEjzyRslrdRjJXU7YNqceKCih5OSmmV8gJghhKxHq7qA
Y2L76kuakkaPr1pnK6nruh1dCYEx7r6UFk7heHkOotbUzoT/RfsVbLbe8eQctrrgN43U
mTIo+jaAsde3Aae6dxlaoD7DwBna4ZRYMrb/2fYzDjrFIFkJDk2V6iwylbxs6VXz+PyG
szIu/BkbnhE00cmWHRTfqTghJYQsV/o4Wb1xaHVUsR8l3yMJmh4jmqNAPpC2v+0vAqHQ
STHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1688754043; x=1691346043;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=T5e9IasPmRLPshk6EhHjI8g0FXD+EEDOAR359l/3Xrg=;
b=I0+/OiederylNZvZEfO7KwUJuAAFgXd5KAMaRlhk7frgJ1jMypgcd6Ssm1w00o9AH0
0narQjm0wGeN088SX2zJmNMTwgmxTcCjI1Bfexakp49Ty4tVzII4jfloZd0pn4x/bQ5c
hu5sdJYaHZsO4gaY5bxHG/aDvushKTB2BrS9wrk/lOghJuIpRdr91IAPC9tH1Qb0Ih7d
bpYYPy9Rgr8ZBSj83aOPvIUqGLgBoYKBtbSPfRjkxFT30U1lqwsDzKfnyyMbFRMXlRlV
RwCJVkBfRNlDbHkYdYbaRytUKeVMF5QtYdhsqG5X+wQZXLIrJOw1+tDhRY1jurxFNTc9
BQaQ==
X-Gm-Message-State: ABy/qLYwl95wfbv9Y3Nr8boXK9yYgfvNVI+1ukBCdoo4m2ZnLMl2Jfyl
qKcnllWivey2J0bJsTsdjsQdMk0nz4PzHxRVZ4GcobVF
X-Google-Smtp-Source: APBJJlEPBDlvh7KQDlGj0r8APJhxFXLxHycOQx+K0VKDBRX7+yblCKDF7y7ga7/Px0M38Ilcd2juLUY8yWUFiFoQ39w=
X-Received: by 2002:a05:622a:181:b0:400:7965:d01 with SMTP id
s1-20020a05622a018100b0040079650d01mr6754596qtw.6.1688754043517; Fri, 07 Jul
2023 11:20:43 -0700 (PDT)
MIME-Version: 1.0
From: MONICA DAN <113eross@gmail.com>
Date: Fri, 7 Jul 2023 18:20:31 +0000
Message-ID:
Subject:
To: doctor, doug ,
drdexterhiggins, dstevesingh ,
dsywong, dunphyd ,
dwight sawler, dwight ,
elena fort, englerh
Content-Type: multipart/alternative; boundary="000000000000e07e4b05ffe9b0fc"
X-Spam_score: 5.6
X-Spam_score_int: 56
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://1drv.ms/b/s!AipbQ4Opvzdxc2yRAi0RCl7Ag70 https://1drv.ms/b/s!AipbQ4Opvzdxc2yRAi0RCl7Ag70
Content analysis details: (5.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: 1drv.ms/13.107.42.12]
-0.0 SPF_PASS SPF: sender matches SPF record
0.6 FROM_STARTS_WITH_NUMS From: starts with several numbers
2.5 SORTED_RECIPS Recipient list is sorted by address
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[113eross(at)gmail.com]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.160.177 listed in list.dnswl.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 TVD_SPACE_RATIO No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 BODY_SINGLE_WORD Message body is only one word (no spaces)
2.5 BODY_SINGLE_URI Message body is only a URI
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.160.177 listed in wl.mailspike.net]
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
Subject: {SPAM?}
--000000000000e07e4b05ffe9b0fc
Content-Type: text/plain; charset="UTF-8"
https://1drv.ms/b/s!AipbQ4Opvzdxc2yRAi0RCl7Ag70
--000000000000e07e4b05ffe9b0fc
Content-Type: text/html; charset="UTF-8"
https://1drv.ms/b/s!AipbQ4Opvzdxc2yRAi0RCl7Ag70
--000000000000e07e4b05ffe9b0fc--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 07 Jul 2023 14:05:21 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qHrgr-000LEZ-1b
for dave@doctor.nl2k.ab.ca;
Fri, 07 Jul 2023 14:04:29 -0600
Resent-From: The Doctor
Resent-Date: Fri, 7 Jul 2023 14:04:29 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-qt1-f177.google.com ([209.85.160.177]:52498)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from <113eross@gmail.com>)
id 1qHq6F-0001Nm-3D
for doctor@nl2k.ab.ca;
Fri, 07 Jul 2023 12:22:39 -0600
Received: by mail-qt1-f177.google.com with SMTP id d75a77b69052e-40373bc598dso17727451cf.1
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1688754043; x=1691346043;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=T5e9IasPmRLPshk6EhHjI8g0FXD+EEDOAR359l/3Xrg=;
b=dzXPftxsHUQf6Xt7EQ8IBoTCje5PeQdcO3FOs+nWiUcckcr32G5N5DVxB+YJg6XN59
kZCP6xOHjpJ8xvMSB7RU3PtAEEjzyRslrdRjJXU7YNqceKCih5OSmmV8gJghhKxHq7qA
Y2L76kuakkaPr1pnK6nruh1dCYEx7r6UFk7heHkOotbUzoT/RfsVbLbe8eQctrrgN43U
mTIo+jaAsde3Aae6dxlaoD7DwBna4ZRYMrb/2fYzDjrFIFkJDk2V6iwylbxs6VXz+PyG
szIu/BkbnhE00cmWHRTfqTghJYQsV/o4Wb1xaHVUsR8l3yMJmh4jmqNAPpC2v+0vAqHQ
STHA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1688754043; x=1691346043;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=T5e9IasPmRLPshk6EhHjI8g0FXD+EEDOAR359l/3Xrg=;
b=I0+/OiederylNZvZEfO7KwUJuAAFgXd5KAMaRlhk7frgJ1jMypgcd6Ssm1w00o9AH0
0narQjm0wGeN088SX2zJmNMTwgmxTcCjI1Bfexakp49Ty4tVzII4jfloZd0pn4x/bQ5c
hu5sdJYaHZsO4gaY5bxHG/aDvushKTB2BrS9wrk/lOghJuIpRdr91IAPC9tH1Qb0Ih7d
bpYYPy9Rgr8ZBSj83aOPvIUqGLgBoYKBtbSPfRjkxFT30U1lqwsDzKfnyyMbFRMXlRlV
RwCJVkBfRNlDbHkYdYbaRytUKeVMF5QtYdhsqG5X+wQZXLIrJOw1+tDhRY1jurxFNTc9
BQaQ==
X-Gm-Message-State: ABy/qLYwl95wfbv9Y3Nr8boXK9yYgfvNVI+1ukBCdoo4m2ZnLMl2Jfyl
qKcnllWivey2J0bJsTsdjsQdMk0nz4PzHxRVZ4GcobVF
X-Google-Smtp-Source: APBJJlEPBDlvh7KQDlGj0r8APJhxFXLxHycOQx+K0VKDBRX7+yblCKDF7y7ga7/Px0M38Ilcd2juLUY8yWUFiFoQ39w=
X-Received: by 2002:a05:622a:181:b0:400:7965:d01 with SMTP id
s1-20020a05622a018100b0040079650d01mr6754596qtw.6.1688754043517; Fri, 07 Jul
2023 11:20:43 -0700 (PDT)
MIME-Version: 1.0
From: MONICA DAN <113eross@gmail.com>
Date: Fri, 7 Jul 2023 18:20:31 +0000
Message-ID:
Subject:
To: doctor
drdexterhiggins
dsywong
dwight sawler
elena fort
Content-Type: multipart/alternative; boundary="000000000000e07e4b05ffe9b0fc"
X-Spam_score: 5.6
X-Spam_score_int: 56
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: https://1drv.ms/b/s!AipbQ4Opvzdxc2yRAi0RCl7Ag70 https://1drv.ms/b/s!AipbQ4Opvzdxc2yRAi0RCl7Ag70
Content analysis details: (5.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist
[URI: 1drv.ms/13.107.42.12]
-0.0 SPF_PASS SPF: sender matches SPF record
0.6 FROM_STARTS_WITH_NUMS From: starts with several numbers
2.5 SORTED_RECIPS Recipient list is sorted by address
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[113eross(at)gmail.com]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.160.177 listed in list.dnswl.org]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.0 TVD_SPACE_RATIO No description available.
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 BODY_SINGLE_WORD Message body is only one word (no spaces)
2.5 BODY_SINGLE_URI Message body is only a URI
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.160.177 listed in wl.mailspike.net]
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
Subject: {SPAM?}
--000000000000e07e4b05ffe9b0fc
Content-Type: text/plain; charset="UTF-8"
https://1drv.ms/b/s!AipbQ4Opvzdxc2yRAi0RCl7Ag70
--000000000000e07e4b05ffe9b0fc
Content-Type: text/html; charset="UTF-8"
https://1drv.ms/b/s!AipbQ4Opvzdxc2yRAi0RCl7Ag70
--000000000000e07e4b05ffe9b0fc--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments