Nigerian spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 09 Mar 2024 06:16:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1riwXx-00000000LB9-0KDl
for dave@doctor.nl2k.ab.ca;
Sat, 09 Mar 2024 06:15:29 -0700
Resent-From: The Doctor
Resent-Date: Sat, 9 Mar 2024 06:15:29 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-oa1-f44.google.com ([209.85.160.44]:52377)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rivNK-00000000Ihw-25vB
for root@nk.ca;
Sat, 09 Mar 2024 05:00:29 -0700
Received: by mail-oa1-f44.google.com with SMTP id 586e51a60fabf-221a2d0c5dcso816800fac.0
for; Sat, 09 Mar 2024 03:58:31 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1709985505; x=1710590305; darn=nk.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=+oOKTwMk4FPtJdGLieVAgFCNhzEHF9u2hCJpx9MJfXE=;
b=RhRTQfm3i+W9qQZpWqiZIH9K0NdNYQnuf6c+lfZzs2y4fKzTKtBUmQJCbThrHiTRxE
99UsznYylCxVzkV0XzM32n1GEpk8RGfjzhe+kNwhHyJyAmzZ/K2tAJ8Vn/PDcaLlUz8Y
Gc6qWUNL+l5I1YiXJadaVUDEbyY3JbQMjxURwO2XdAsaNWERHSTPwITAxcFFkTbpP/VO
Fz0JPNoTiw2Yl7KxRrUbXK5v6k1CTWKi1+QUGXp/OqPzVZIS0ZKvml8W2kGPmYBbf2KG
ZW0b6K0IrXVW7YZLp7TqlP9fXoA/Fioc1eCCyqMtMVgPJJ+DPQNs/mHw1wP21V2pA/TO
N22g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1709985505; x=1710590305;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=+oOKTwMk4FPtJdGLieVAgFCNhzEHF9u2hCJpx9MJfXE=;
b=PV41BWSSTMNToVBR1wHr2/6bmIyZqtzkJORjeQEqt6PhEd+d+z5TCH57PPS79vuyof
/GkvFm7zyEPaEAlus0rR4MnwcJEpsGmBRavZkjdxE4FKMLTyDSq1Cnv4gu3hSQzdLQCt
nJl+Lo5kHy1L9d1zfq9M16udGpHRZcZkyRawtJ45p+Rpfdq8KJ7alFCEHci3XsmVCqu4
u6NvRqKgeQnp9emZOp2K94oh2XbrDYC6D/OnzKGXtAnqNNgG6TbJOfh8f82wmOI/o0wt
RXmvE5a2P23/wA4BMaNMH+Rmiw5v00FE8ayKUxRiwE9n9aHMlZWmqEJfixyHPQMxg7sC
a6KA==
X-Forwarded-Encrypted: i=1; AJvYcCWBOzUhTlXqGbxx2BsP94/PLi7LhPe74hyYsFm5NICOsLvoftZV1T7dWBJ77iKmhDNdo9vpnIXkVvrO
X-Gm-Message-State: AOJu0YwFFzspjD+r+lJ48hP+sxeCBSIPAdvRdG9swzF53LRPZOoiDuGD
si/m1avOjDjdBqDdHY+WRGJl+ZRkHQWHcS+m8oHj8KDUu008PFe0dQbgmuiX15iepNjkrP+GLZt
8BqdyAV4+dMGOxNo/bXmjLsvCK86SlBuPEgDP5lnt
X-Google-Smtp-Source: AGHT+IHdzM3dROtWQ+UCfavvJOCbU9MlKcwkuA/Lvv1JJGHnsdV9tlBv42pNQm+3sEa0Ent2lMnYLyaQhTkZcO/6SjM=
X-Received: by 2002:a05:6358:28e:b0:17c:1bf5:43ad with SMTP id
w14-20020a056358028e00b0017c1bf543admr2058289rwj.4.1709985057312; Sat, 09 Mar
2024 03:50:57 -0800 (PST)
MIME-Version: 1.0
Reply-To: sunhor69@gmail.com
From: SUN HOR
Date: Sat, 9 Mar 2024 18:50:47 +0700
Message-ID:
Subject: I NEED YOUR ASSISTANCE !!!
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000e99c79061338eb25"
Bcc: root@nk.ca
X-Spam_score: 12.8
X-Spam_score_int: 128
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Good Day Friend, I am Chief Accountant/Executive with Foreign
Trade Bank of (FTB) . I want to present to you as a beneficiary of $32,640,000
here in my bank. Get back to me for more details. Best Regards, Mr. SUN HOR
Account Manager
Content analysis details: (12.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.160.44 listed in list.dnswl.org]
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[sunhor69(at)gmail.com]
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[raymondjames5678910(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[raymondjames5678910(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.160.44 listed in wl.mailspike.net]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.9 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} I NEED YOUR ASSISTANCE !!!
--000000000000e99c79061338eb25
Content-Type: text/plain; charset="UTF-8"
Good Day Friend,
I am Chief Accountant/Executive with Foreign Trade Bank of (FTB) . I want
to present to you as a beneficiary of $32,640,000 here in my bank. Get back
to me for more details.
Best Regards,
Mr. SUN HOR
Account Manager
--000000000000e99c79061338eb25
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
--000000000000e99c79061338eb25--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 09 Mar 2024 06:16:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1riwXx-00000000LB9-0KDl
for dave@doctor.nl2k.ab.ca;
Sat, 09 Mar 2024 06:15:29 -0700
Resent-From: The Doctor
Resent-Date: Sat, 9 Mar 2024 06:15:29 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-oa1-f44.google.com ([209.85.160.44]:52377)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rivNK-00000000Ihw-25vB
for root@nk.ca;
Sat, 09 Mar 2024 05:00:29 -0700
Received: by mail-oa1-f44.google.com with SMTP id 586e51a60fabf-221a2d0c5dcso816800fac.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1709985505; x=1710590305; darn=nk.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=+oOKTwMk4FPtJdGLieVAgFCNhzEHF9u2hCJpx9MJfXE=;
b=RhRTQfm3i+W9qQZpWqiZIH9K0NdNYQnuf6c+lfZzs2y4fKzTKtBUmQJCbThrHiTRxE
99UsznYylCxVzkV0XzM32n1GEpk8RGfjzhe+kNwhHyJyAmzZ/K2tAJ8Vn/PDcaLlUz8Y
Gc6qWUNL+l5I1YiXJadaVUDEbyY3JbQMjxURwO2XdAsaNWERHSTPwITAxcFFkTbpP/VO
Fz0JPNoTiw2Yl7KxRrUbXK5v6k1CTWKi1+QUGXp/OqPzVZIS0ZKvml8W2kGPmYBbf2KG
ZW0b6K0IrXVW7YZLp7TqlP9fXoA/Fioc1eCCyqMtMVgPJJ+DPQNs/mHw1wP21V2pA/TO
N22g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1709985505; x=1710590305;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=+oOKTwMk4FPtJdGLieVAgFCNhzEHF9u2hCJpx9MJfXE=;
b=PV41BWSSTMNToVBR1wHr2/6bmIyZqtzkJORjeQEqt6PhEd+d+z5TCH57PPS79vuyof
/GkvFm7zyEPaEAlus0rR4MnwcJEpsGmBRavZkjdxE4FKMLTyDSq1Cnv4gu3hSQzdLQCt
nJl+Lo5kHy1L9d1zfq9M16udGpHRZcZkyRawtJ45p+Rpfdq8KJ7alFCEHci3XsmVCqu4
u6NvRqKgeQnp9emZOp2K94oh2XbrDYC6D/OnzKGXtAnqNNgG6TbJOfh8f82wmOI/o0wt
RXmvE5a2P23/wA4BMaNMH+Rmiw5v00FE8ayKUxRiwE9n9aHMlZWmqEJfixyHPQMxg7sC
a6KA==
X-Forwarded-Encrypted: i=1; AJvYcCWBOzUhTlXqGbxx2BsP94/PLi7LhPe74hyYsFm5NICOsLvoftZV1T7dWBJ77iKmhDNdo9vpnIXkVvrO
X-Gm-Message-State: AOJu0YwFFzspjD+r+lJ48hP+sxeCBSIPAdvRdG9swzF53LRPZOoiDuGD
si/m1avOjDjdBqDdHY+WRGJl+ZRkHQWHcS+m8oHj8KDUu008PFe0dQbgmuiX15iepNjkrP+GLZt
8BqdyAV4+dMGOxNo/bXmjLsvCK86SlBuPEgDP5lnt
X-Google-Smtp-Source: AGHT+IHdzM3dROtWQ+UCfavvJOCbU9MlKcwkuA/Lvv1JJGHnsdV9tlBv42pNQm+3sEa0Ent2lMnYLyaQhTkZcO/6SjM=
X-Received: by 2002:a05:6358:28e:b0:17c:1bf5:43ad with SMTP id
w14-20020a056358028e00b0017c1bf543admr2058289rwj.4.1709985057312; Sat, 09 Mar
2024 03:50:57 -0800 (PST)
MIME-Version: 1.0
Reply-To: sunhor69@gmail.com
From: SUN HOR
Date: Sat, 9 Mar 2024 18:50:47 +0700
Message-ID:
Subject: I NEED YOUR ASSISTANCE !!!
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000e99c79061338eb25"
Bcc: root@nk.ca
X-Spam_score: 12.8
X-Spam_score_int: 128
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Good Day Friend, I am Chief Accountant/Executive with Foreign
Trade Bank of (FTB) . I want to present to you as a beneficiary of $32,640,000
here in my bank. Get back to me for more details. Best Regards, Mr. SUN HOR
Account Manager
Content analysis details: (12.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.160.44 listed in list.dnswl.org]
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[sunhor69(at)gmail.com]
1.6 SUBJ_ALL_CAPS Subject is all capitals
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[raymondjames5678910(at)gmail.com]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[raymondjames5678910(at)gmail.com]
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.160.44 listed in wl.mailspike.net]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
-0.0 T_SCC_BODY_TEXT_LINE No description available.
1.9 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} I NEED YOUR ASSISTANCE !!!
--000000000000e99c79061338eb25
Content-Type: text/plain; charset="UTF-8"
Good Day Friend,
I am Chief Accountant/Executive with Foreign Trade Bank of (FTB) . I want
to present to you as a beneficiary of $32,640,000 here in my bank. Get back
to me for more details.
Best Regards,
Mr. SUN HOR
Account Manager
--000000000000e99c79061338eb25
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Good Day Friend,
I am Chief Accountant/Executive wi=
th Foreign Trade Bank of (FTB) . I want to present to you as a beneficiary =
of $32,640,000 here in my bank. Get back to me for more details.
Bes=
t Regards,
Mr. SUN HOR
Account Manager
I am Chief Accountant/Executive wi=
th Foreign Trade Bank of (FTB) . I want to present to you as a beneficiary =
of $32,640,000 here in my bank. Get back to me for more details.
Bes=
t Regards,
Mr. SUN HOR
Account Manager
--000000000000e99c79061338eb25--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments