Nigerian spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 10 Dec 2023 05:59:11 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))
(envelope-from)
id 1rCJNp-00000000EmH-0geP
for dave@doctor.nl2k.ab.ca;
Sun, 10 Dec 2023 05:58:09 -0700
Resent-From: The Doctor
Resent-Date: Sun, 10 Dec 2023 05:58:09 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ot1-f67.google.com ([209.85.210.67]:52304)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97 (FreeBSD))
(envelope-from)
id 1rCHqJ-00000000JIU-0pVk
for doctor@netknow.ca;
Sun, 10 Dec 2023 04:19:30 -0700
Received: by mail-ot1-f67.google.com with SMTP id 46e09a7af769-6d8029dae41so2697771a34.0
for; Sun, 10 Dec 2023 03:17:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1702207042; x=1702811842; darn=netknow.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=JtUsl5dcz4oWGpU6YhyvbaXfduJFelmRCF8fzbkyDsw=;
b=cCcKAm4lmf9pTi8nIkb2uReeCvo/umKzPxg7eoAugasyCKvDq5YmMVrVG5ByMk8QYt
OqTuzL/5y+HINzCa9HjonmnS4CxNGjsZdI7qXijp4r+Je7LNa8b9+u9UkR1tyaVXUBxr
6UV2VvXRQvCr+Ul8e8gKqtjLhAfKpcxAkBpeA7BmPENvn6QzCv7iobKXn4VOwQpZYnO0
tmG1TRFeOJhz7pHaOMWQ6zy3vTxtRfJdxsoJX1XF43+zWns5xjKvO6QX21BL33MKl0CP
Is3dcghEh0HxVi77GE6t1M1ukq16g10a1wfCQSNziE3EbMt9Yi115XvqVJprPNnYM5oL
HwGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1702207042; x=1702811842;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=JtUsl5dcz4oWGpU6YhyvbaXfduJFelmRCF8fzbkyDsw=;
b=Pfm7Ly/iapo/aHnkUQcqr9l0RIv/TZYuOQvRlGiDSHdkAFy7eKdk9WtfIvdC2zIZ0f
rK1ATE4d39EHR5VrK0G8F9GvDiZQI89bff0CvBrkGbDpvSA+Ro62pehuIyyT78MnXFSt
Z6dYF+pJVRKjgVliBSOwHQltwxXe3eu1/7y7VTKU0SpS9g/0C2MdAfBCHpmNitCs/jpc
Q9ZbUCzVTzXxlRX27Ywg5toIV/uIc24LRsmXf5yWLW/0p3jx2gxcj88FxMCJTOPL9/bQ
khjsirv1TRWd5zKKK0GmQ9iMInVgMDGgJM5QiofMC+81d9fAWdhwfFC8YIbBpQ/+BrEJ
Dj/Q==
X-Gm-Message-State: AOJu0YyIQH9CJUl3blK8106+VumoTcTE+1GzmveP1a1KjFcoYmKiXlw4
yYgzYmhieIs4AZdb57nFvdO+LYvqEWJl0sK80vJpxkIhF4smz8BpgWs=
X-Google-Smtp-Source: AGHT+IHnFSmBdovxtQnSWd73n6aW8nH9uw2IBLkjRF6aI+XR4iKIEPORnsHSDjn+onjiIKRuNyjCpfTqNZ/yXyp9HS8=
X-Received: by 2002:a9d:7ac7:0:b0:6d7:f540:4618 with SMTP id
m7-20020a9d7ac7000000b006d7f5404618mr2733660otn.3.1702203874226; Sun, 10 Dec
2023 02:24:34 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:ac9:58cb:0:b0:509:fff4:c0ac with HTTP; Sun, 10 Dec 2023
02:24:34 -0800 (PST)
From: Ndud shjs
Date: Sun, 10 Dec 2023 02:24:34 -0800
Message-ID:
Subject: Attention: Dear Beneficiary
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@netknow.ca
X-Spam_score: 11.9
X-Spam_score_int: 119
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attention: Dear Beneficiary This is to bring to your notice
that we have credited your total sum of $5.500.000.00 USD into an ATM VISA
card and we have deposited it with DHL Express Company to deliver it to you.
We paid all the [...]
Content analysis details: (11.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.210.67 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[ndudshjs39(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[ndudshjs39(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.210.67 listed in wl.mailspike.net]
0.0 LOTS_OF_MONEY Huge... sums of money
2.0 MONEY_NOHTML Lots of money in plain text
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.0 FREEMAIL_REPLY From and body contain different freemails
0.0 MONEY_FORM Lots of money if you fill out a form
0.0 FILL_THIS_FORM Fill in a form with personal information
2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Attention: Dear Beneficiary
X-Antivirus: AVG (VPS 231209-4, 12/9/2023), Inbound message
X-Antivirus-Status: Clean
Attention: Dear Beneficiary
This is to bring to your notice that we have credited your total sum of
$5.500.000.00 USD into an ATM VISA card and we have deposited it with DHL
Express Company to deliver it to you. We paid all the necessary charges
such as Company registration and delivery fee.
The only money you will send to them is the security keeping charges of your
ATM VISA card $35.00 dollars. We tried to pay that but they complained that
they don't know when you will contact them for the delivery and the demurrage
might have increased by then. I deposited it on 09/12/2023. Therefore, contact
them now with Your:
Your Full Name........
Your Country............
Your City Airport........
Your Home Address........
Telephone Number.........
Gender...................
DHL Express
Email address: deploymentagent711@gmail.com
Tel/+22964083699
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 10 Dec 2023 05:59:11 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))
(envelope-from
id 1rCJNp-00000000EmH-0geP
for dave@doctor.nl2k.ab.ca;
Sun, 10 Dec 2023 05:58:09 -0700
Resent-From: The Doctor
Resent-Date: Sun, 10 Dec 2023 05:58:09 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ot1-f67.google.com ([209.85.210.67]:52304)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97 (FreeBSD))
(envelope-from
id 1rCHqJ-00000000JIU-0pVk
for doctor@netknow.ca;
Sun, 10 Dec 2023 04:19:30 -0700
Received: by mail-ot1-f67.google.com with SMTP id 46e09a7af769-6d8029dae41so2697771a34.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1702207042; x=1702811842; darn=netknow.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=JtUsl5dcz4oWGpU6YhyvbaXfduJFelmRCF8fzbkyDsw=;
b=cCcKAm4lmf9pTi8nIkb2uReeCvo/umKzPxg7eoAugasyCKvDq5YmMVrVG5ByMk8QYt
OqTuzL/5y+HINzCa9HjonmnS4CxNGjsZdI7qXijp4r+Je7LNa8b9+u9UkR1tyaVXUBxr
6UV2VvXRQvCr+Ul8e8gKqtjLhAfKpcxAkBpeA7BmPENvn6QzCv7iobKXn4VOwQpZYnO0
tmG1TRFeOJhz7pHaOMWQ6zy3vTxtRfJdxsoJX1XF43+zWns5xjKvO6QX21BL33MKl0CP
Is3dcghEh0HxVi77GE6t1M1ukq16g10a1wfCQSNziE3EbMt9Yi115XvqVJprPNnYM5oL
HwGA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1702207042; x=1702811842;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=JtUsl5dcz4oWGpU6YhyvbaXfduJFelmRCF8fzbkyDsw=;
b=Pfm7Ly/iapo/aHnkUQcqr9l0RIv/TZYuOQvRlGiDSHdkAFy7eKdk9WtfIvdC2zIZ0f
rK1ATE4d39EHR5VrK0G8F9GvDiZQI89bff0CvBrkGbDpvSA+Ro62pehuIyyT78MnXFSt
Z6dYF+pJVRKjgVliBSOwHQltwxXe3eu1/7y7VTKU0SpS9g/0C2MdAfBCHpmNitCs/jpc
Q9ZbUCzVTzXxlRX27Ywg5toIV/uIc24LRsmXf5yWLW/0p3jx2gxcj88FxMCJTOPL9/bQ
khjsirv1TRWd5zKKK0GmQ9iMInVgMDGgJM5QiofMC+81d9fAWdhwfFC8YIbBpQ/+BrEJ
Dj/Q==
X-Gm-Message-State: AOJu0YyIQH9CJUl3blK8106+VumoTcTE+1GzmveP1a1KjFcoYmKiXlw4
yYgzYmhieIs4AZdb57nFvdO+LYvqEWJl0sK80vJpxkIhF4smz8BpgWs=
X-Google-Smtp-Source: AGHT+IHnFSmBdovxtQnSWd73n6aW8nH9uw2IBLkjRF6aI+XR4iKIEPORnsHSDjn+onjiIKRuNyjCpfTqNZ/yXyp9HS8=
X-Received: by 2002:a9d:7ac7:0:b0:6d7:f540:4618 with SMTP id
m7-20020a9d7ac7000000b006d7f5404618mr2733660otn.3.1702203874226; Sun, 10 Dec
2023 02:24:34 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:ac9:58cb:0:b0:509:fff4:c0ac with HTTP; Sun, 10 Dec 2023
02:24:34 -0800 (PST)
From: Ndud shjs
Date: Sun, 10 Dec 2023 02:24:34 -0800
Message-ID:
Subject: Attention: Dear Beneficiary
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: doctor@netknow.ca
X-Spam_score: 11.9
X-Spam_score_int: 119
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attention: Dear Beneficiary This is to bring to your notice
that we have credited your total sum of $5.500.000.00 USD into an ATM VISA
card and we have deposited it with DHL Express Company to deliver it to you.
We paid all the [...]
Content analysis details: (11.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.210.67 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[ndudshjs39(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[ndudshjs39(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.210.67 listed in wl.mailspike.net]
0.0 LOTS_OF_MONEY Huge... sums of money
2.0 MONEY_NOHTML Lots of money in plain text
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.0 FREEMAIL_REPLY From and body contain different freemails
0.0 MONEY_FORM Lots of money if you fill out a form
0.0 FILL_THIS_FORM Fill in a form with personal information
2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Attention: Dear Beneficiary
X-Antivirus: AVG (VPS 231209-4, 12/9/2023), Inbound message
X-Antivirus-Status: Clean
Attention: Dear Beneficiary
This is to bring to your notice that we have credited your total sum of
$5.500.000.00 USD into an ATM VISA card and we have deposited it with DHL
Express Company to deliver it to you. We paid all the necessary charges
such as Company registration and delivery fee.
The only money you will send to them is the security keeping charges of your
ATM VISA card $35.00 dollars. We tried to pay that but they complained that
they don't know when you will contact them for the delivery and the demurrage
might have increased by then. I deposited it on 09/12/2023. Therefore, contact
them now with Your:
Your Full Name........
Your Country............
Your City Airport........
Your Home Address........
Telephone Number.........
Gender...................
DHL Express
Email address: deploymentagent711@gmail.com
Tel/+22964083699
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments