Nigerian spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 10 Dec 2023 06:04:39 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))
(envelope-from)
id 1rCJP8-00000000PQe-00Hu
for dave@doctor.nl2k.ab.ca;
Sun, 10 Dec 2023 05:59:30 -0700
Resent-From: The Doctor
Resent-Date: Sun, 10 Dec 2023 05:59:29 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-pf1-f194.google.com ([209.85.210.194]:49187)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97 (FreeBSD))
(envelope-from)
id 1rCHur-000000003uv-1OFL
for bin@nl2k.ab.ca;
Sun, 10 Dec 2023 04:24:13 -0700
Received: by mail-pf1-f194.google.com with SMTP id d2e1a72fcca58-6ce939ecfc2so2917066b3a.2
for; Sun, 10 Dec 2023 03:22:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1702207325; x=1702812125; darn=nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=JtUsl5dcz4oWGpU6YhyvbaXfduJFelmRCF8fzbkyDsw=;
b=Hek4kS2JK7RKlhMQ2+wOvJuxEj/jNXefgZTJiyXE7YR9iqwEyXPMuwpL6yT4Oi+z7Q
MXYI2Ds4ZdK0QLvHug4DvYd7uiJl2qDZwiwDOZi4jKsBaMRbt80beObnw9evQwz7H0tF
n9Jrsl4jCmtBcc3W9s0sbDoFFTGlJs39BZV8udHkcKKabtpGHm2cPB7pwysoQGXaRN3f
NLWIVivKaCLYNohEXyNnZod59OOlDlGuwRa1hnptusvDgHYN4zIN+tsbQxOKLAaKWZkd
ZlavhriEVWZTpJ/2LloOYAWg7IftuWEBHulDuzv6LUmD84Swq+aXDBQYUFeUrIOxJNB9
kBDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1702207325; x=1702812125;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=JtUsl5dcz4oWGpU6YhyvbaXfduJFelmRCF8fzbkyDsw=;
b=P5DkMjcp4wk1B6Q/GtDMyXHkk6jNpkVmw2m8VvqEWBan6g75kjSQQc/c6YwXxdloNx
0UajTM8UjZ+rhdd8V6LDghS3yXmWzfVboEBp9I6EdqiCleEjVxkFe9dePQzlMxMFtoGP
Uq5qUZTZR2jGFG2rdIrB0yka1HvQWvRu0ejtz9ALxyfvcCxy6lRYZGPO6ID0dflPR9Yo
Oy9xzfvsogUhCKarYVgM45dGKKuxt9/X+XCR1WuH4JzVr+HwOUh96VDG4megvP3OhulT
EMUkQLufzqPYwyrqvhTj6tXHATIFd3mU+33XsoKLt6/hMfw9a9ROHUWk0zW3oukzfRTh
5QDA==
X-Gm-Message-State: AOJu0YxQj0MrJvW808e/SL12XL/+oSSspgD7/G/j3OY0fS5RopjcExW8
jNbLXkvADOjWhphbVEg0xiWm9+RbArME4Vy2hwpYJ08cXIeL1J1Ocqlf8Lo2
X-Google-Smtp-Source: AGHT+IHPBJhLuW8j1f4gekIQOHWOMRaH4DuscJUoayXHEPuWpUWI5P1QX2wIR3ItV0hvbY1pF/veyf7FoQBzzbTjgA8=
X-Received: by 2002:a05:6808:118b:b0:3b8:3ea1:1cec with SMTP id
j11-20020a056808118b00b003b83ea11cecmr2596867oil.50.1702206882076; Sun, 10
Dec 2023 03:14:42 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:ac9:7f14:0:b0:509:7b7e:f4af with HTTP; Sun, 10 Dec 2023
03:14:41 -0800 (PST)
From: Jdijs dhjs
Date: Sun, 10 Dec 2023 03:14:41 -0800
Message-ID:
Subject: Dear Beneficiary
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: bin@nl2k.ab.ca
X-Spam_score: 11.9
X-Spam_score_int: 119
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attention: Dear Beneficiary This is to bring to your notice
that we have credited your total sum of $5.500.000.00 USD into an ATM VISA
card and we have deposited it with DHL Express Company to deliver it to you.
We paid all the [...]
Content analysis details: (11.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.210.194 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.210.194 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[jdijsdhjs1(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[jdijsdhjs1(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
0.0 LOTS_OF_MONEY Huge... sums of money
2.0 MONEY_NOHTML Lots of money in plain text
1.0 FREEMAIL_REPLY From and body contain different freemails
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 FILL_THIS_FORM Fill in a form with personal information
0.0 MONEY_FORM Lots of money if you fill out a form
2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Dear Beneficiary
X-Antivirus: AVG (VPS 231209-4, 12/9/2023), Inbound message
X-Antivirus-Status: Clean
Attention: Dear Beneficiary
This is to bring to your notice that we have credited your total sum of
$5.500.000.00 USD into an ATM VISA card and we have deposited it with DHL
Express Company to deliver it to you. We paid all the necessary charges
such as Company registration and delivery fee.
The only money you will send to them is the security keeping charges of your
ATM VISA card $35.00 dollars. We tried to pay that but they complained that
they don't know when you will contact them for the delivery and the demurrage
might have increased by then. I deposited it on 09/12/2023. Therefore, contact
them now with Your:
Your Full Name........
Your Country............
Your City Airport........
Your Home Address........
Telephone Number.........
Gender...................
DHL Express
Email address: deploymentagent711@gmail.com
Tel/+22964083699
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sun, 10 Dec 2023 06:04:39 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97 (FreeBSD))
(envelope-from
id 1rCJP8-00000000PQe-00Hu
for dave@doctor.nl2k.ab.ca;
Sun, 10 Dec 2023 05:59:30 -0700
Resent-From: The Doctor
Resent-Date: Sun, 10 Dec 2023 05:59:29 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-pf1-f194.google.com ([209.85.210.194]:49187)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97 (FreeBSD))
(envelope-from
id 1rCHur-000000003uv-1OFL
for bin@nl2k.ab.ca;
Sun, 10 Dec 2023 04:24:13 -0700
Received: by mail-pf1-f194.google.com with SMTP id d2e1a72fcca58-6ce939ecfc2so2917066b3a.2
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1702207325; x=1702812125; darn=nl2k.ab.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=JtUsl5dcz4oWGpU6YhyvbaXfduJFelmRCF8fzbkyDsw=;
b=Hek4kS2JK7RKlhMQ2+wOvJuxEj/jNXefgZTJiyXE7YR9iqwEyXPMuwpL6yT4Oi+z7Q
MXYI2Ds4ZdK0QLvHug4DvYd7uiJl2qDZwiwDOZi4jKsBaMRbt80beObnw9evQwz7H0tF
n9Jrsl4jCmtBcc3W9s0sbDoFFTGlJs39BZV8udHkcKKabtpGHm2cPB7pwysoQGXaRN3f
NLWIVivKaCLYNohEXyNnZod59OOlDlGuwRa1hnptusvDgHYN4zIN+tsbQxOKLAaKWZkd
ZlavhriEVWZTpJ/2LloOYAWg7IftuWEBHulDuzv6LUmD84Swq+aXDBQYUFeUrIOxJNB9
kBDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1702207325; x=1702812125;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=JtUsl5dcz4oWGpU6YhyvbaXfduJFelmRCF8fzbkyDsw=;
b=P5DkMjcp4wk1B6Q/GtDMyXHkk6jNpkVmw2m8VvqEWBan6g75kjSQQc/c6YwXxdloNx
0UajTM8UjZ+rhdd8V6LDghS3yXmWzfVboEBp9I6EdqiCleEjVxkFe9dePQzlMxMFtoGP
Uq5qUZTZR2jGFG2rdIrB0yka1HvQWvRu0ejtz9ALxyfvcCxy6lRYZGPO6ID0dflPR9Yo
Oy9xzfvsogUhCKarYVgM45dGKKuxt9/X+XCR1WuH4JzVr+HwOUh96VDG4megvP3OhulT
EMUkQLufzqPYwyrqvhTj6tXHATIFd3mU+33XsoKLt6/hMfw9a9ROHUWk0zW3oukzfRTh
5QDA==
X-Gm-Message-State: AOJu0YxQj0MrJvW808e/SL12XL/+oSSspgD7/G/j3OY0fS5RopjcExW8
jNbLXkvADOjWhphbVEg0xiWm9+RbArME4Vy2hwpYJ08cXIeL1J1Ocqlf8Lo2
X-Google-Smtp-Source: AGHT+IHPBJhLuW8j1f4gekIQOHWOMRaH4DuscJUoayXHEPuWpUWI5P1QX2wIR3ItV0hvbY1pF/veyf7FoQBzzbTjgA8=
X-Received: by 2002:a05:6808:118b:b0:3b8:3ea1:1cec with SMTP id
j11-20020a056808118b00b003b83ea11cecmr2596867oil.50.1702206882076; Sun, 10
Dec 2023 03:14:42 -0800 (PST)
MIME-Version: 1.0
Received: by 2002:ac9:7f14:0:b0:509:7b7e:f4af with HTTP; Sun, 10 Dec 2023
03:14:41 -0800 (PST)
From: Jdijs dhjs
Date: Sun, 10 Dec 2023 03:14:41 -0800
Message-ID:
Subject: Dear Beneficiary
To: undisclosed-recipients:;
Content-Type: text/plain; charset="UTF-8"
Bcc: bin@nl2k.ab.ca
X-Spam_score: 11.9
X-Spam_score_int: 119
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Attention: Dear Beneficiary This is to bring to your notice
that we have credited your total sum of $5.500.000.00 USD into an ATM VISA
card and we have deposited it with DHL Express Company to deliver it to you.
We paid all the [...]
Content analysis details: (11.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.210.194 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.210.194 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[jdijsdhjs1(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[jdijsdhjs1(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
3.5 DEAR_BENEFICIARY BODY: Dear Beneficiary:
0.0 LOTS_OF_MONEY Huge... sums of money
2.0 MONEY_NOHTML Lots of money in plain text
1.0 FREEMAIL_REPLY From and body contain different freemails
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 FILL_THIS_FORM Fill in a form with personal information
0.0 MONEY_FORM Lots of money if you fill out a form
2.8 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Dear Beneficiary
X-Antivirus: AVG (VPS 231209-4, 12/9/2023), Inbound message
X-Antivirus-Status: Clean
Attention: Dear Beneficiary
This is to bring to your notice that we have credited your total sum of
$5.500.000.00 USD into an ATM VISA card and we have deposited it with DHL
Express Company to deliver it to you. We paid all the necessary charges
such as Company registration and delivery fee.
The only money you will send to them is the security keeping charges of your
ATM VISA card $35.00 dollars. We tried to pay that but they complained that
they don't know when you will contact them for the delivery and the demurrage
might have increased by then. I deposited it on 09/12/2023. Therefore, contact
them now with Your:
Your Full Name........
Your Country............
Your City Airport........
Your Home Address........
Telephone Number.........
Gender...................
DHL Express
Email address: deploymentagent711@gmail.com
Tel/+22964083699
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments