Nigerian spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 21 Oct 2023 06:16:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.2 (FreeBSD))
(envelope-from)
id 1quAsh-000PcR-06
for dave@doctor.nl2k.ab.ca;
Sat, 21 Oct 2023 06:15:03 -0600
Resent-From: The Doctor
Resent-Date: Sat, 21 Oct 2023 06:15:03 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-qv1-f53.google.com ([209.85.219.53]:56673)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96.2 (FreeBSD))
(envelope-from)
id 1qu8Ud-0007dN-2e
for doctor@doctor.nl2k.ab.ca;
Sat, 21 Oct 2023 03:42:10 -0600
Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-66d12b3b479so10302216d6.1
for; Sat, 21 Oct 2023 02:40:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1697881198; x=1698485998; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=GywJ0IX1XfZC1BibOZ8SJVmGHDTU23K+7nACfKtAiLk=;
b=KspvebGx82xjFyVZyNfnj89g+xCSVwoBUOBf9uu6n89wc6I/dQgrvN0v9bM1r3R4z8
dNyCcMz9kMQEbg4NOdsemqV9VUebznecO2L1phTjnxTEXYHFr8cZo07oeDuADOJN++aV
bE0q8fKQXlbgGdlPXessHa9BiMajHH3nAM+2aisSwprWsUujW4wJwwG5z8ozP+eA/ARj
idP3HnEbLRVwfwnM1f7Is0sBw1vR4lEmgZRUn0Dq4xJ/Uk9qq2+heNsoiZ9VkV7tOlRT
TNA2PAg1Y5F+04fw2OVbbOCy2QNCvn8AVYMysBypWpTfCei+1o88yOZQC0JG+JBNVEun
q9tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1697881198; x=1698485998;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=GywJ0IX1XfZC1BibOZ8SJVmGHDTU23K+7nACfKtAiLk=;
b=IltZQTlxLu4tapOmzlo9yIByZhA/PkqxAnt0RSLj3vrUd297Z3T+WyDrmPVzDRObxM
kdAf6Jitn5Z0WBtBSMAo1UekmAaxQuHQjm6ZaoA/ulgNej28wJ+rKi9MWYTA+Ib1o0pO
HqE3cUid4dDYoJzYuPrtD8YHwodIaQnHS+bziml1/irjRvPe3F5iXiKlQOroH34vU0OW
Frt8+envAJ2Qqpy8aV9ZAvK4uTIx1HewVEqQucuQTDc4NEFruI0EaX3SADcPrFllkvpe
3LzIhu6LCpTeqFrCkY/X6kg+cB+bV4eaCeWFfiEV43Iz5ynAZrPGrfwUHDjIss5doHVJ
6a5Q==
X-Gm-Message-State: AOJu0Yy0IE2qcxh6ZOp/6s36Sf0h18U1zD4S49Rj6Xai+/M/jIUcu/6V
N7YMaqwCdkX0btEpTHc9t47Gik9J3CLGC+fgnXA=
X-Google-Smtp-Source: AGHT+IGI6uXcj4qGC2b2Kj5KgiluGf1liy3SLN0fy0CUgqjFS8NlTnOtmjxOHNCYoUck+C84c2Noz4r+v0QP4EXeg/U=
X-Received: by 2002:a05:6214:da2:b0:66d:130c:bb9d with SMTP id
h2-20020a0562140da200b0066d130cbb9dmr5589277qvh.13.1697881198124; Sat, 21 Oct
2023 02:39:58 -0700 (PDT)
MIME-Version: 1.0
Reply-To: philipmosaki@gmail.com
From: Philip Mosakki
Date: Sat, 21 Oct 2023 02:39:39 -0700
Message-ID:
Subject: Re: This is to inform you about the death of my late client a
nationality of your country and his fund 12.5 million Euro to be paid to you
as his next of kin beneficiary, Waiting to hear from you"
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000af6542060836c5f5"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 18.1
X-Spam_score_int: 181
X-Spam_bar: ++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (18.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.53 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.53 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[mohamedwasir(at)gmail.com]
2.5 HK_SCAM_N2 BODY: No description available.
0.0 HTML_MESSAGE BODY: HTML included in message
1.4 HK_SCAM No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
2.7 UNDISC_MONEY Undisclosed recipients + money/fraud signs
3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} Re: This is to inform you about the death of my late client a
nationality of your country and his fund 12.5 million Euro to be paid to you
as his next of kin beneficiary, Waiting to hear from you"
X-Antivirus: AVG (VPS 231019-6, 10/19/2023), Inbound message
X-Antivirus-Status: Clean
--000000000000af6542060836c5f5
Content-Type: text/plain; charset="UTF-8"
--000000000000af6542060836c5f5
Content-Type: text/html; charset="UTF-8"
--000000000000af6542060836c5f5--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 21 Oct 2023 06:16:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.96.2 (FreeBSD))
(envelope-from
id 1quAsh-000PcR-06
for dave@doctor.nl2k.ab.ca;
Sat, 21 Oct 2023 06:15:03 -0600
Resent-From: The Doctor
Resent-Date: Sat, 21 Oct 2023 06:15:03 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-qv1-f53.google.com ([209.85.219.53]:56673)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.96.2 (FreeBSD))
(envelope-from
id 1qu8Ud-0007dN-2e
for doctor@doctor.nl2k.ab.ca;
Sat, 21 Oct 2023 03:42:10 -0600
Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-66d12b3b479so10302216d6.1
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1697881198; x=1698485998; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=GywJ0IX1XfZC1BibOZ8SJVmGHDTU23K+7nACfKtAiLk=;
b=KspvebGx82xjFyVZyNfnj89g+xCSVwoBUOBf9uu6n89wc6I/dQgrvN0v9bM1r3R4z8
dNyCcMz9kMQEbg4NOdsemqV9VUebznecO2L1phTjnxTEXYHFr8cZo07oeDuADOJN++aV
bE0q8fKQXlbgGdlPXessHa9BiMajHH3nAM+2aisSwprWsUujW4wJwwG5z8ozP+eA/ARj
idP3HnEbLRVwfwnM1f7Is0sBw1vR4lEmgZRUn0Dq4xJ/Uk9qq2+heNsoiZ9VkV7tOlRT
TNA2PAg1Y5F+04fw2OVbbOCy2QNCvn8AVYMysBypWpTfCei+1o88yOZQC0JG+JBNVEun
q9tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1697881198; x=1698485998;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=GywJ0IX1XfZC1BibOZ8SJVmGHDTU23K+7nACfKtAiLk=;
b=IltZQTlxLu4tapOmzlo9yIByZhA/PkqxAnt0RSLj3vrUd297Z3T+WyDrmPVzDRObxM
kdAf6Jitn5Z0WBtBSMAo1UekmAaxQuHQjm6ZaoA/ulgNej28wJ+rKi9MWYTA+Ib1o0pO
HqE3cUid4dDYoJzYuPrtD8YHwodIaQnHS+bziml1/irjRvPe3F5iXiKlQOroH34vU0OW
Frt8+envAJ2Qqpy8aV9ZAvK4uTIx1HewVEqQucuQTDc4NEFruI0EaX3SADcPrFllkvpe
3LzIhu6LCpTeqFrCkY/X6kg+cB+bV4eaCeWFfiEV43Iz5ynAZrPGrfwUHDjIss5doHVJ
6a5Q==
X-Gm-Message-State: AOJu0Yy0IE2qcxh6ZOp/6s36Sf0h18U1zD4S49Rj6Xai+/M/jIUcu/6V
N7YMaqwCdkX0btEpTHc9t47Gik9J3CLGC+fgnXA=
X-Google-Smtp-Source: AGHT+IGI6uXcj4qGC2b2Kj5KgiluGf1liy3SLN0fy0CUgqjFS8NlTnOtmjxOHNCYoUck+C84c2Noz4r+v0QP4EXeg/U=
X-Received: by 2002:a05:6214:da2:b0:66d:130c:bb9d with SMTP id
h2-20020a0562140da200b0066d130cbb9dmr5589277qvh.13.1697881198124; Sat, 21 Oct
2023 02:39:58 -0700 (PDT)
MIME-Version: 1.0
Reply-To: philipmosaki@gmail.com
From: Philip Mosakki
Date: Sat, 21 Oct 2023 02:39:39 -0700
Message-ID:
Subject: Re: This is to inform you about the death of my late client a
nationality of your country and his fund 12.5 million Euro to be paid to you
as his next of kin beneficiary, Waiting to hear from you"
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000af6542060836c5f5"
Bcc: doctor@doctor.nl2k.ab.ca
X-Spam_score: 18.1
X-Spam_score_int: 181
X-Spam_bar: ++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (18.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.53 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.53 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[mohamedwasir(at)gmail.com]
2.5 HK_SCAM_N2 BODY: No description available.
0.0 HTML_MESSAGE BODY: HTML included in message
1.4 HK_SCAM No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.3 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
2.7 UNDISC_MONEY Undisclosed recipients + money/fraud signs
3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} Re: This is to inform you about the death of my late client a
nationality of your country and his fund 12.5 million Euro to be paid to you
as his next of kin beneficiary, Waiting to hear from you"
X-Antivirus: AVG (VPS 231019-6, 10/19/2023), Inbound message
X-Antivirus-Status: Clean
--000000000000af6542060836c5f5
Content-Type: text/plain; charset="UTF-8"
--000000000000af6542060836c5f5
Content-Type: text/html; charset="UTF-8"
--000000000000af6542060836c5f5--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments