More link spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 25 Aug 2023 10:04:33 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from)
id 1qZZ0l-0002Y7-0F
for dave@doctor.nl2k.ab.ca;
Fri, 25 Aug 2023 09:46:11 -0600
Resent-From: The Doctor
Resent-Date: Fri, 25 Aug 2023 09:46:11 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-wm1-f65.google.com ([209.85.128.65]:50348)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1qZYRd-000KC2-2R
for sales@nk.ca;
Fri, 25 Aug 2023 09:09:57 -0600
Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-4013454fa93so8875345e9.0
for; Fri, 25 Aug 2023 08:07:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1692976068; x=1693580868;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=SqVWXB7O4SGpRaeTs11xKNJ/pV5RIKbCvk1vcCEPcZs=;
b=Fh/Pqbd1Q5PH0sfQTa7l2Cp/FzPUHTFJaJzGms35m7wLrN7pFICxXz1vNM11Svl0Eq
5KCxBYH8Q22VVc5yN0QOHwXu3mD+7XrZuPZimBP5sQqyXBH68eYJ82S8R6zYRJit7/we
l4ukb9ADiskLacggbMQjCg7p1Ah0eS2WWUrEdlwQdnVINxdg1Don6AdOyh7ENuLWhs65
Q1ABBYwXvEt1tt0mlvIRSHeOnthAzVw1sxcIidUa/rDErdnywAKEa+ZgGkuE/CIOz6yJ
tLpF3e+KbVNylHNyeJGQ2ClH892ZqE9F7nK3VnY55ti8pUMhiH0+vBpDfFK0oKVLkHjM
QbxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1692976068; x=1693580868;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=SqVWXB7O4SGpRaeTs11xKNJ/pV5RIKbCvk1vcCEPcZs=;
b=CgrBfWUfQpulbfYyRxtY3CXJNtk5pMwzGjGL8jZsAsXrpstKkima5/EzdxSF2mJAyN
ku2lPQn0UdgiQEtLkKZjrx4A/TWIPwxTwP/MgMFmcfp9J2m1frAMzuL0rnwsx4QbMNau
tWV07pCz+IpxJ5qnjSUJdfsJN8NaeYKOb6rqGePD0JoXdpReUfwUlPvLqrBeASKm77oo
o9enW+ZR5Ga2DAMzYzQHTOOCn3dCVn0PliQzA5JrdE/KjFmVFZ3otx3XIoxPVpQ2O82C
JSb94Pm+DXOVBPzlMAFFsg70h6YEyEyo+N0WkCLCPIOwxADcDFRUwAg2uMYGxiteyCTp
GByQ==
X-Gm-Message-State: AOJu0YzvXAC9YY8W0TVb5QDa0i1rwzDaP8i51/AjFHbJqYG4oGVDsADc
Iaxi2hBbwUsHEPRDq4D/qrYAnxAqQW5tykqqKazgjxRnZ7ZnoD0w
X-Google-Smtp-Source: AGHT+IFtG1sx/ICrqDGravSZBRDnJaGzaszUuawxwqMCtdAGD6a+uB0Tl7yNyiR8S6Ksgtg1zOaHvBX+njVxycBC9Vs=
X-Received: by 2002:a05:600c:364a:b0:401:4542:5edd with SMTP id
y10-20020a05600c364a00b0040145425eddmr3956620wmq.34.1692976068168; Fri, 25
Aug 2023 08:07:48 -0700 (PDT)
MIME-Version: 1.0
From: John
Date: Fri, 25 Aug 2023 15:07:37 +0000
Message-ID:
Subject: =?UTF-8?B?SGV5IHRoZXJlIPCfk4g=?=
To: sales, salifrasaki ,
sanni adamu2004
Content-Type: multipart/alternative; boundary="0000000000002811190603c0b588"
X-Spam_score: 7.9
X-Spam_score_int: 79
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Wonderful alternative that John would like to give you - http://ljdtm.llcion.cc/34546de4235m342356?affsub2=vxl&st=ewp
Not necessarily something you see on a daily basis Wonderful alternative
that John would like to give you - http://ljdtm.llcion.cc/34546de4235m342356?affsub2=vxl&st=ewp
Not necessarily something you see on a daily basis
Content analysis details: (7.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: llcion.cc]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: llcion.cc]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: llcion.cc]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: ljdtm.llcion.cc]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.128.65 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[millettecarter3(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[millettecarter3(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.65 listed in wl.mailspike.net]
Subject: {SPAM?} =?UTF-8?B?SGV5IHRoZXJlIPCfk4g=?=
--0000000000002811190603c0b588
Content-Type: text/plain; charset="UTF-8"
Wonderful alternative that John would like to give you -
http://ljdtm.llcion.cc/34546de4235m342356?affsub2=vxl&st=ewp
Not necessarily something you see on a daily basis
--0000000000002811190603c0b588
Content-Type: text/html; charset="UTF-8"
Wonderful alternative that John would like to give you - http://ljdtm.llcion.cc/34546de4235m342356?affsub2=vxl&st=ewp
Not necessarily something you see on a daily basis
--0000000000002811190603c0b588--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 25 Aug 2023 10:04:33 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96 (FreeBSD))
(envelope-from
id 1qZZ0l-0002Y7-0F
for dave@doctor.nl2k.ab.ca;
Fri, 25 Aug 2023 09:46:11 -0600
Resent-From: The Doctor
Resent-Date: Fri, 25 Aug 2023 09:46:11 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-wm1-f65.google.com ([209.85.128.65]:50348)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from
id 1qZYRd-000KC2-2R
for sales@nk.ca;
Fri, 25 Aug 2023 09:09:57 -0600
Received: by mail-wm1-f65.google.com with SMTP id 5b1f17b1804b1-4013454fa93so8875345e9.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20221208; t=1692976068; x=1693580868;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=SqVWXB7O4SGpRaeTs11xKNJ/pV5RIKbCvk1vcCEPcZs=;
b=Fh/Pqbd1Q5PH0sfQTa7l2Cp/FzPUHTFJaJzGms35m7wLrN7pFICxXz1vNM11Svl0Eq
5KCxBYH8Q22VVc5yN0QOHwXu3mD+7XrZuPZimBP5sQqyXBH68eYJ82S8R6zYRJit7/we
l4ukb9ADiskLacggbMQjCg7p1Ah0eS2WWUrEdlwQdnVINxdg1Don6AdOyh7ENuLWhs65
Q1ABBYwXvEt1tt0mlvIRSHeOnthAzVw1sxcIidUa/rDErdnywAKEa+ZgGkuE/CIOz6yJ
tLpF3e+KbVNylHNyeJGQ2ClH892ZqE9F7nK3VnY55ti8pUMhiH0+vBpDfFK0oKVLkHjM
QbxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20221208; t=1692976068; x=1693580868;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=SqVWXB7O4SGpRaeTs11xKNJ/pV5RIKbCvk1vcCEPcZs=;
b=CgrBfWUfQpulbfYyRxtY3CXJNtk5pMwzGjGL8jZsAsXrpstKkima5/EzdxSF2mJAyN
ku2lPQn0UdgiQEtLkKZjrx4A/TWIPwxTwP/MgMFmcfp9J2m1frAMzuL0rnwsx4QbMNau
tWV07pCz+IpxJ5qnjSUJdfsJN8NaeYKOb6rqGePD0JoXdpReUfwUlPvLqrBeASKm77oo
o9enW+ZR5Ga2DAMzYzQHTOOCn3dCVn0PliQzA5JrdE/KjFmVFZ3otx3XIoxPVpQ2O82C
JSb94Pm+DXOVBPzlMAFFsg70h6YEyEyo+N0WkCLCPIOwxADcDFRUwAg2uMYGxiteyCTp
GByQ==
X-Gm-Message-State: AOJu0YzvXAC9YY8W0TVb5QDa0i1rwzDaP8i51/AjFHbJqYG4oGVDsADc
Iaxi2hBbwUsHEPRDq4D/qrYAnxAqQW5tykqqKazgjxRnZ7ZnoD0w
X-Google-Smtp-Source: AGHT+IFtG1sx/ICrqDGravSZBRDnJaGzaszUuawxwqMCtdAGD6a+uB0Tl7yNyiR8S6Ksgtg1zOaHvBX+njVxycBC9Vs=
X-Received: by 2002:a05:600c:364a:b0:401:4542:5edd with SMTP id
y10-20020a05600c364a00b0040145425eddmr3956620wmq.34.1692976068168; Fri, 25
Aug 2023 08:07:48 -0700 (PDT)
MIME-Version: 1.0
From: John
Date: Fri, 25 Aug 2023 15:07:37 +0000
Message-ID:
Subject: =?UTF-8?B?SGV5IHRoZXJlIPCfk4g=?=
To: sales
sanni adamu2004
Content-Type: multipart/alternative; boundary="0000000000002811190603c0b588"
X-Spam_score: 7.9
X-Spam_score_int: 79
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Wonderful alternative that John would like to give you - http://ljdtm.llcion.cc/34546de4235m342356?affsub2=vxl&st=ewp
Not necessarily something you see on a daily basis Wonderful alternative
that John would like to give you - http://ljdtm.llcion.cc/34546de4235m342356?affsub2=vxl&st=ewp
Not necessarily something you see on a daily basis
Content analysis details: (7.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: llcion.cc]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: llcion.cc]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: llcion.cc]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: ljdtm.llcion.cc]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.128.65 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[millettecarter3(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[millettecarter3(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.128.65 listed in wl.mailspike.net]
Subject: {SPAM?} =?UTF-8?B?SGV5IHRoZXJlIPCfk4g=?=
--0000000000002811190603c0b588
Content-Type: text/plain; charset="UTF-8"
Wonderful alternative that John would like to give you -
http://ljdtm.llcion.cc/34546de4235m342356?affsub2=vxl&st=ewp
Not necessarily something you see on a daily basis
--0000000000002811190603c0b588
Content-Type: text/html; charset="UTF-8"
Wonderful alternative that John would like to give you - http://ljdtm.llcion.cc/34546de4235m342356?affsub2=vxl&st=ewp
Not necessarily something you see on a daily basis
--0000000000002811190603c0b588--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments