link spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 25 Sep 2023 07:13:03 -0600
Received: from mail-oi1-f196.google.com ([209.85.167.196]:59561)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from)
id 1qklO1-0000y8-1H
for dave@doctor.nl2k.ab.ca;
Mon, 25 Sep 2023 07:12:36 -0600
Received: by mail-oi1-f196.google.com with SMTP id 5614622812f47-3ae31be5ee9so2129202b6e.2
for; Mon, 25 Sep 2023 06:10:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1695647425; x=1696252225; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=UV+fv9xTvanxoLJa27gszS0lxciAIRAY+saiwkXzKxo=;
b=WMY4o8Y/q6LGHUmlSwteHxbsSCcOtAxKmDSrBKffsmnmAX+hXQ+oQpb5bz94PM0JLA
wGgbqnyPXXd7CDWY8pEDwMgDebOAT4HNvDk/9jJPTAXEVdSZsIFTmn845fu8Ti8mmnkU
4VAZXxMCqQX/dtcgjdJOA8p5NF07z1YK914ICGuFWFwrtawXJvlBLDSwGIIqkV+AYf0t
4cmOPLUnzMKp0azXQSsHdtQ1exwBjxr4cGWMiom3eJpXf+ziUtGUa26psNLKmynPQkv6
cIfTu4Uzw3BXoN7Rm9ABrwQBMN6oz1iWFGNn0uUqO1iOOj4srX5nwcHYf+4ISIU44USn
Gb1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1695647425; x=1696252225;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=UV+fv9xTvanxoLJa27gszS0lxciAIRAY+saiwkXzKxo=;
b=MUidpEz79kv9mBJZfu4hSaFThQ3Slk/Se8zf4RAhz2bAJxHiVWliKO9gbjYYTM3QFv
NrvTkbm35x/ZdGCYsOlWBl13GdbfyA4uW6yexGaENc1RF8HSHSFeiWELrBWxiKPFASZh
4+Pw7900tHgDQ7AA06v8/kFlBY6X8zRvj5nFSSRz2KvCrDZSgK8S/Fg0l2Scvvo5E3Z0
+FEYCb5UjygYS/q/gBtuKtrBfV96TJgcMusLhS0NDwxbHwq1N+TUM1JKIDoUI3ZbYRe4
iLp+muHhSZLQwrslcpCvh8T2529qJHq20T0c85fxnKMmYlHsTJicTPOhifRtAhQBk8ol
ZO+Q==
X-Gm-Message-State: AOJu0YxtpzbwDIAydTYKv/55O/8sYuVy4tfghvdtt3gUHkMu9nMAltw5
hwMVMcG/p24wuXOASn8sy/CobEWP4IhxbC6ZG+SmQKQmullYbA==
X-Google-Smtp-Source: AGHT+IHHw8CJkNz24DzGqxm6mfJThn5vHUTEhC3l9Lqasvs62MY+5f+dWTAWZJCM/jpe+RkJC9ovFALTCpDeuSR39r8=
X-Received: by 2002:a25:b11c:0:b0:d81:a0c5:f275 with SMTP id
g28-20020a25b11c000000b00d81a0c5f275mr5374913ybj.15.1695639805005; Mon, 25
Sep 2023 04:03:25 -0700 (PDT)
MIME-Version: 1.0
From: Dr Charles Edward
Date: Mon, 25 Sep 2023 11:03:17 +0000
Message-ID:
Subject: Good day
To: daria b55,
darnaque leschats2011, datok jp ,
datsit1968, dave ,
davelongaphie5309,
david cameletti2, david100
Content-Type: multipart/alternative; boundary="0000000000003e9ad706062ce803"
X-Spam_score: 6.8
X-Spam_score_int: 68
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dr Charles Edward needs you to immediately check this thing
out - https://www.google.com/url?q=https://mgef00j5.page.link/V9Hh&source=gmail&ust=1695642028968000&usg=AOvVaw2VvLmCupqjyi_Lfys_TI9i
You ce [...]
Content analysis details: (6.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: mgef00j5.page.link]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.167.196 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.196 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
2.5 SORTED_RECIPS Recipient list is sorted by address
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[ssk822835(at)gmail.com]
2.5 SUSPICIOUS_RECIPS Similar addresses in recipient list
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[ssk822835(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_HK_NAME_FM_DR No description available.
Subject: {SPAM?} Good day
X-Antivirus: AVG (VPS 230925-0, 9/24/2023), Inbound message
X-Antivirus-Status: Clean
--0000000000003e9ad706062ce803
Content-Type: text/plain; charset="UTF-8"
Dr Charles Edward needs you to immediately check this thing out -
https://www.google.com/url?q=https://mgef00j5.page.link/V9Hh&source=gmail&ust=1695642028968000&usg=AOvVaw2VvLmCupqjyi_Lfys_TI9i
You certainly will demand far more
--0000000000003e9ad706062ce803
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Dr Charles Edward needs you to immediately check this thing out -
=3D"https://www.google.com/url?q=3Dhttps://mgef00j5.page.link/V9Hh&sour=
ce=3Dgmail&ust=3D1695642028968000&usg=3DAOvVaw2VvLmCupqjyi_Lfys_TI9=
i">https://www.google.com/url?q=3Dhttps://mgef00j5.page.link/V9Hh&sourc=
e=3Dgmail&ust=3D1695642028968000&usg=3DAOvVaw2VvLmCupqjyi_Lfys_TI9i=
You certainly will demand far more
--0000000000003e9ad706062ce803--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 25 Sep 2023 07:13:03 -0600
Received: from mail-oi1-f196.google.com ([209.85.167.196]:59561)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96 (FreeBSD))
(envelope-from
id 1qklO1-0000y8-1H
for dave@doctor.nl2k.ab.ca;
Mon, 25 Sep 2023 07:12:36 -0600
Received: by mail-oi1-f196.google.com with SMTP id 5614622812f47-3ae31be5ee9so2129202b6e.2
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1695647425; x=1696252225; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=UV+fv9xTvanxoLJa27gszS0lxciAIRAY+saiwkXzKxo=;
b=WMY4o8Y/q6LGHUmlSwteHxbsSCcOtAxKmDSrBKffsmnmAX+hXQ+oQpb5bz94PM0JLA
wGgbqnyPXXd7CDWY8pEDwMgDebOAT4HNvDk/9jJPTAXEVdSZsIFTmn845fu8Ti8mmnkU
4VAZXxMCqQX/dtcgjdJOA8p5NF07z1YK914ICGuFWFwrtawXJvlBLDSwGIIqkV+AYf0t
4cmOPLUnzMKp0azXQSsHdtQ1exwBjxr4cGWMiom3eJpXf+ziUtGUa26psNLKmynPQkv6
cIfTu4Uzw3BXoN7Rm9ABrwQBMN6oz1iWFGNn0uUqO1iOOj4srX5nwcHYf+4ISIU44USn
Gb1w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1695647425; x=1696252225;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=UV+fv9xTvanxoLJa27gszS0lxciAIRAY+saiwkXzKxo=;
b=MUidpEz79kv9mBJZfu4hSaFThQ3Slk/Se8zf4RAhz2bAJxHiVWliKO9gbjYYTM3QFv
NrvTkbm35x/ZdGCYsOlWBl13GdbfyA4uW6yexGaENc1RF8HSHSFeiWELrBWxiKPFASZh
4+Pw7900tHgDQ7AA06v8/kFlBY6X8zRvj5nFSSRz2KvCrDZSgK8S/Fg0l2Scvvo5E3Z0
+FEYCb5UjygYS/q/gBtuKtrBfV96TJgcMusLhS0NDwxbHwq1N+TUM1JKIDoUI3ZbYRe4
iLp+muHhSZLQwrslcpCvh8T2529qJHq20T0c85fxnKMmYlHsTJicTPOhifRtAhQBk8ol
ZO+Q==
X-Gm-Message-State: AOJu0YxtpzbwDIAydTYKv/55O/8sYuVy4tfghvdtt3gUHkMu9nMAltw5
hwMVMcG/p24wuXOASn8sy/CobEWP4IhxbC6ZG+SmQKQmullYbA==
X-Google-Smtp-Source: AGHT+IHHw8CJkNz24DzGqxm6mfJThn5vHUTEhC3l9Lqasvs62MY+5f+dWTAWZJCM/jpe+RkJC9ovFALTCpDeuSR39r8=
X-Received: by 2002:a25:b11c:0:b0:d81:a0c5:f275 with SMTP id
g28-20020a25b11c000000b00d81a0c5f275mr5374913ybj.15.1695639805005; Mon, 25
Sep 2023 04:03:25 -0700 (PDT)
MIME-Version: 1.0
From: Dr Charles Edward
Date: Mon, 25 Sep 2023 11:03:17 +0000
Message-ID:
Subject: Good day
To: daria b55
darnaque leschats2011
datsit1968
davelongaphie5309
david cameletti2
Content-Type: multipart/alternative; boundary="0000000000003e9ad706062ce803"
X-Spam_score: 6.8
X-Spam_score_int: 68
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dr Charles Edward needs you to immediately check this thing
out - https://www.google.com/url?q=https://mgef00j5.page.link/V9Hh&source=gmail&ust=1695642028968000&usg=AOvVaw2VvLmCupqjyi_Lfys_TI9i
You ce [...]
Content analysis details: (6.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: mgef00j5.page.link]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.167.196 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.196 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
2.5 SORTED_RECIPS Recipient list is sorted by address
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[ssk822835(at)gmail.com]
2.5 SUSPICIOUS_RECIPS Similar addresses in recipient list
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[ssk822835(at)gmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 T_HK_NAME_FM_DR No description available.
Subject: {SPAM?} Good day
X-Antivirus: AVG (VPS 230925-0, 9/24/2023), Inbound message
X-Antivirus-Status: Clean
--0000000000003e9ad706062ce803
Content-Type: text/plain; charset="UTF-8"
Dr Charles Edward needs you to immediately check this thing out -
https://www.google.com/url?q=https://mgef00j5.page.link/V9Hh&source=gmail&ust=1695642028968000&usg=AOvVaw2VvLmCupqjyi_Lfys_TI9i
You certainly will demand far more
--0000000000003e9ad706062ce803
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Dr Charles Edward needs you to immediately check this thing out -
=3D"https://www.google.com/url?q=3Dhttps://mgef00j5.page.link/V9Hh&sour=
ce=3Dgmail&ust=3D1695642028968000&usg=3DAOvVaw2VvLmCupqjyi_Lfys_TI9=
i">https://www.google.com/url?q=3Dhttps://mgef00j5.page.link/V9Hh&sourc=
e=3Dgmail&ust=3D1695642028968000&usg=3DAOvVaw2VvLmCupqjyi_Lfys_TI9i=
You certainly will demand far more
--0000000000003e9ad706062ce803--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments