Nigerian Spam from Microsoft outlook
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 16 Mar 2024 14:31:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rlafu-00000000AKU-3eIK
for dave@doctor.nl2k.ab.ca;
Sat, 16 Mar 2024 14:30:38 -0600
Resent-From: The Doctor
Resent-Date: Sat, 16 Mar 2024 14:30:38 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-vi1eur02on2101.outbound.protection.outlook.com ([40.107.241.101]:14017 helo=EUR02-VI1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1rlXVo-00000000AlF-26CR
for doctor@nl2k.ab.ca;
Sat, 16 Mar 2024 11:08:05 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=EvwVQTPcoQlfMMN+3AxVlxq60Yhd95wfFNY0QnLmdfjWT393NEZop54KPOoHohLsUa3cWiF825IETkVK77iwMAU/SJSWRYPzl0pDHBmx03YLptE/lwbap1xB6sI/LYoDQb8xeBmTWHTC/Xn/xpnzGQEzYFV6Q1MnowHoRD8DdMxtSXtLklLXtXW9NIuAkhteKNbCVbM/dJlTenu0BifSlX/WzngNs3MRJqNuX+Lm8BPG6oqbeLi+OSpf2It2rVlXTKvNGW077TaEWWiHWabTCQN/UO6+PMr5MMsQacRoKNJrTx9H3qvDwuXaLXwAchVaNz9lfWB3SMTWb7GfegZOGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=7byt52WwTMu7XgqxfIDvd9AjwmIOKR4+pA3NhLEQ+2I=;
b=a64F0GmyaKtkaXgBZ0g0kMbqhZsnS1Uazf94QjmA/gn+VG6TUEqRj3HMQN+gHEE4nXCHgOLnVpkiUOf50xr3XOP6/gaJjFm5Zh3eWWfYHNh84u8xJPzPmRgjeWuKDg2CehFUtlSfld6KFqVsPkIHgcM+f4ouJzAKMt3w89ybUtnohT64ipOtznA2kQIWd2EPu814C6nRM2MTZvL5A0wlut+mP2+zbOoa0ovG0OHM8H+agm44Gvtgu3bh0FoBtG4ErtQcsm6/Styoyxv8/Vtb4TrvxEFXu+WoQ02IbXbvQjcVgHiZg367/VMZW55nQdn/fybWZRHcXTUT/1jxTl9JPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip
is 2001:67c:2564:a187::2:73) smtp.rcpttodomain=gmail.com
smtp.mailfrom=alumni.itc.nl; dmarc=pass (p=quarantine sp=quarantine pct=100)
action=none header.from=alumni.itc.nl; dkim=pass (signature was verified)
header.d=alumni.itc.nl; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alumni.itc.nl;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=7byt52WwTMu7XgqxfIDvd9AjwmIOKR4+pA3NhLEQ+2I=;
b=Km9s6yHZTJxtUE7CoIEoJisdIKpe3jt8rJCcDEqL5HTD63rGibW7rXia/yAcOemUUAkAOfJUZXHl+K+PRZepn7ORvABCVtZ3WcsTlMdwOBCjtmyPeIQCANRYp/RcC7fjqKBEJ0G6QtYI5HG4AQiwmdi5jQs8IBgSE4mjAVzNlSK6BSAPQ37sQlmHZpAT8C0xoGrgA26Zj8CwcK24VpsZHoLy7nK2Z5slzvhlACKsL44+WBL8StWoFGpLrIzE7Jc6LdNaHoK6wgkPx4wXudzA3K4VKYEj5fc+N80ezw3mUWSwkr1zEAIrEAyEg1AYQb88eOulnXJ1E268OsS84RNbLA==
Received: from AM6PR10CA0008.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:89::21)
by PR3P195MB0976.EURP195.PROD.OUTLOOK.COM (2603:10a6:102:a8::8) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.23; Sat, 16 Mar
2024 17:05:53 +0000
Received: from AMS1EPF00000040.eurprd04.prod.outlook.com
(2603:10a6:209:89:cafe::10) by AM6PR10CA0008.outlook.office365.com
(2603:10a6:209:89::21) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.23 via Frontend
Transport; Sat, 16 Mar 2024 17:05:53 +0000
X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is
2001:67c:2564:a187::2:73) smtp.mailfrom=alumni.itc.nl; dkim=pass (signature
was verified) header.d=alumni.itc.nl;dmarc=pass action=none
header.from=alumni.itc.nl;
Received-SPF: TempError (protection.outlook.com: error in processing during
lookup of alumni.itc.nl: DNS Timeout)
Received: from mail.ad.utwente.nl (130.89.9.12) by
AMS1EPF00000040.mail.protection.outlook.com (10.167.16.37) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7386.12 via Frontend Transport; Sat, 16 Mar 2024 17:05:52 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
s=s2048; d=alumni.itc.nl;
h=from:subject:date:message-id:content-type:mime-version:to;
bh=7byt52WwTMu7XgqxfIDvd9AjwmIOKR4+pA3NhLEQ+2I=;
b=dbIg0/A39b0WCVGmMhS46oV874lFLdoeCYiMrg8NVD38jAW+q8e94AvlUkvwVY
2KDp1K0dnyx5OH0Ffx20pBxoJYFBmyfrdA3HA4F9GbDsj66dKsoJuozzghDIps
XVmaO5BhdvQO3jwAs0yc5f54kqKxtTdaDZss75FVPehvhXfiIDFDT3GFJ90XrD
OQq1fHtyq0GEf/sicqhStYByRQ3k4l5XAmXJEyJjgjINnZs0oURh3NsWQ9XK8/
P9NY6r6vKaB3ygs6Zfj4PPO/XhsCyoyYxZ4hQuefoJ08iTIIk8ZIZIN+Jw6LrT
uzH3YXTAfLfUlgpkl/BA9ywStziYoNNg==
Received: from exmrs73.ad.utwente.nl (2001:67c:2564:a187::2:73) by
mail.ad.utwente.nl (2001:67c:2564:a187::2:161) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1544.9; Sat, 16 Mar 2024 18:05:52 +0100
Received: from exmrs72.ad.utwente.nl (2001:67c:2564:a187::2:72) by
exmrs73.ad.utwente.nl (2001:67c:2564:a187::2:73) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1544.9; Sat, 16 Mar 2024 18:05:52 +0100
Received: from exmrs72.ad.utwente.nl ([fe80::dcd:fa20:abf1:7a3d]) by
exmrs72.ad.utwente.nl ([fe80::dcd:fa20:abf1:7a3d%16]) with mapi id
15.02.1544.009; Sat, 16 Mar 2024 18:05:52 +0100
From: Yaseen Taha Mustafa
Subject: Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
Thread-Topic: Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
Thread-Index: AQHad8QlkHwmB2JHY02qjw5hoP0r+g==
Date: Sat, 16 Mar 2024 17:05:52 +0000
Message-ID: <7c4a666bd7cc40e59b68e4a876e29486@alumni.itc.nl>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.89.9.62]
Content-Type: multipart/alternative;
boundary="_000_7c4a666bd7cc40e59b68e4a876e29486alumniitcnl_"
MIME-Version: 1.0
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-Exchange-SkipListedInternetSender:
ip=[2001:67c:2564:a187::2:73];domain=exmrs73.ad.utwente.nl
X-MS-Exchange-ExternalOriginalInternetSender:
ip=[2001:67c:2564:a187::2:73];domain=exmrs73.ad.utwente.nl
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AMS1EPF00000040:EE_|PR3P195MB0976:EE_
X-MS-Office365-Filtering-Correlation-Id: 9dcc1180-4e7c-44ca-7484-08dc45db5680
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
tPFoPxfUP6xdudfoODZFbudh0Iu+0n4lz/dDtDSinjsA0IeiVBZ2lRJ2B5J7h1XmBQ4Nmt4hyWcj9DAVgDERfYejOmaMeZ1nhS3zEVMRAo/SK1fk3r2zFFp5EJy1fY3TW/0EPkvkemEa2ZhVmraCGkCN/saIQq+IcUUTNtAHvpvwRgf3gp/Csu338+hqlflpzkmWhBq9Nhr03ZcmI2KVREWgZ/pqZ4CNyROeyvguoeNmVeO5lsqNHbMfKC8DVeVBtjD5LZ87Frwi8wLmlxnyFJVbqPoKB3GBppxobsdleYPzgVMxkpTUc8T/2ksrJn8L7NH3udSmboNSF8kHFgAWGaMMHzlUxkKb+ZIa3iIOr+1svjOGvmEqfeUMrdp/LEkYltDmIghNNNAKQE/4nMIiFmmloGTIMRAk8aDbly7X9C1UCTaqmio79+7OybO7V9qddWPVqzHXKMVoNJoE6J4UmMF8szFgavQqdSgFD69UY+rbvS1OcyPz3XQwRSX+TfwARfKT/kMkqH+l3PFMBXWdh+U65Xv84CU5FKePZq9FcGAESAn5/674QF6A0oP1jJA0
X-Forefront-Antispam-Report:
CIP:130.89.9.12;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:exmrs73.ad.utwente.nl;PTR:exmrs73.ad.utwente.nl;CAT:NONE;SFS:(13230031)(7416005)(1800799015)(376005)(32650700005)(36860700004)(82310400014);DIR:OUT;SFP:1102;
X-OriginatorOrg: alumni.itc.nl
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2024 17:05:52.8993
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 9dcc1180-4e7c-44ca-7484-08dc45db5680
X-MS-Exchange-CrossTenant-Id: 723246a1-c3f5-43c5-acdc-43adb404ac4d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=723246a1-c3f5-43c5-acdc-43adb404ac4d;Ip=[130.89.9.12];Helo=[mail.ad.utwente.nl]
X-MS-Exchange-CrossTenant-AuthSource:
AMS1EPF00000040.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P195MB0976
X-Spam_score: 10.2
X-Spam_score_int: 102
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (10.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.107.241.101 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.107.241.101 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 ARC_VALID Message has a valid ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 ARC_SIGNED Message has a ARC signature
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
--_000_7c4a666bd7cc40e59b68e4a876e29486alumniitcnl_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_000_7c4a666bd7cc40e59b68e4a876e29486alumniitcnl_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
-family:Calibri,Helvetica,sans-serif;" dir=3D"ltr">
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Sat, 16 Mar 2024 14:31:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rlafu-00000000AKU-3eIK
for dave@doctor.nl2k.ab.ca;
Sat, 16 Mar 2024 14:30:38 -0600
Resent-From: The Doctor
Resent-Date: Sat, 16 Mar 2024 14:30:38 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-vi1eur02on2101.outbound.protection.outlook.com ([40.107.241.101]:14017 helo=EUR02-VI1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rlXVo-00000000AlF-26CR
for doctor@nl2k.ab.ca;
Sat, 16 Mar 2024 11:08:05 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=EvwVQTPcoQlfMMN+3AxVlxq60Yhd95wfFNY0QnLmdfjWT393NEZop54KPOoHohLsUa3cWiF825IETkVK77iwMAU/SJSWRYPzl0pDHBmx03YLptE/lwbap1xB6sI/LYoDQb8xeBmTWHTC/Xn/xpnzGQEzYFV6Q1MnowHoRD8DdMxtSXtLklLXtXW9NIuAkhteKNbCVbM/dJlTenu0BifSlX/WzngNs3MRJqNuX+Lm8BPG6oqbeLi+OSpf2It2rVlXTKvNGW077TaEWWiHWabTCQN/UO6+PMr5MMsQacRoKNJrTx9H3qvDwuXaLXwAchVaNz9lfWB3SMTWb7GfegZOGw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=7byt52WwTMu7XgqxfIDvd9AjwmIOKR4+pA3NhLEQ+2I=;
b=a64F0GmyaKtkaXgBZ0g0kMbqhZsnS1Uazf94QjmA/gn+VG6TUEqRj3HMQN+gHEE4nXCHgOLnVpkiUOf50xr3XOP6/gaJjFm5Zh3eWWfYHNh84u8xJPzPmRgjeWuKDg2CehFUtlSfld6KFqVsPkIHgcM+f4ouJzAKMt3w89ybUtnohT64ipOtznA2kQIWd2EPu814C6nRM2MTZvL5A0wlut+mP2+zbOoa0ovG0OHM8H+agm44Gvtgu3bh0FoBtG4ErtQcsm6/Styoyxv8/Vtb4TrvxEFXu+WoQ02IbXbvQjcVgHiZg367/VMZW55nQdn/fybWZRHcXTUT/1jxTl9JPg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip
is 2001:67c:2564:a187::2:73) smtp.rcpttodomain=gmail.com
smtp.mailfrom=alumni.itc.nl; dmarc=pass (p=quarantine sp=quarantine pct=100)
action=none header.from=alumni.itc.nl; dkim=pass (signature was verified)
header.d=alumni.itc.nl; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alumni.itc.nl;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=7byt52WwTMu7XgqxfIDvd9AjwmIOKR4+pA3NhLEQ+2I=;
b=Km9s6yHZTJxtUE7CoIEoJisdIKpe3jt8rJCcDEqL5HTD63rGibW7rXia/yAcOemUUAkAOfJUZXHl+K+PRZepn7ORvABCVtZ3WcsTlMdwOBCjtmyPeIQCANRYp/RcC7fjqKBEJ0G6QtYI5HG4AQiwmdi5jQs8IBgSE4mjAVzNlSK6BSAPQ37sQlmHZpAT8C0xoGrgA26Zj8CwcK24VpsZHoLy7nK2Z5slzvhlACKsL44+WBL8StWoFGpLrIzE7Jc6LdNaHoK6wgkPx4wXudzA3K4VKYEj5fc+N80ezw3mUWSwkr1zEAIrEAyEg1AYQb88eOulnXJ1E268OsS84RNbLA==
Received: from AM6PR10CA0008.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:209:89::21)
by PR3P195MB0976.EURP195.PROD.OUTLOOK.COM (2603:10a6:102:a8::8) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.23; Sat, 16 Mar
2024 17:05:53 +0000
Received: from AMS1EPF00000040.eurprd04.prod.outlook.com
(2603:10a6:209:89:cafe::10) by AM6PR10CA0008.outlook.office365.com
(2603:10a6:209:89::21) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.23 via Frontend
Transport; Sat, 16 Mar 2024 17:05:53 +0000
X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is
2001:67c:2564:a187::2:73) smtp.mailfrom=alumni.itc.nl; dkim=pass (signature
was verified) header.d=alumni.itc.nl;dmarc=pass action=none
header.from=alumni.itc.nl;
Received-SPF: TempError (protection.outlook.com: error in processing during
lookup of alumni.itc.nl: DNS Timeout)
Received: from mail.ad.utwente.nl (130.89.9.12) by
AMS1EPF00000040.mail.protection.outlook.com (10.167.16.37) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7386.12 via Frontend Transport; Sat, 16 Mar 2024 17:05:52 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
s=s2048; d=alumni.itc.nl;
h=from:subject:date:message-id:content-type:mime-version:to;
bh=7byt52WwTMu7XgqxfIDvd9AjwmIOKR4+pA3NhLEQ+2I=;
b=dbIg0/A39b0WCVGmMhS46oV874lFLdoeCYiMrg8NVD38jAW+q8e94AvlUkvwVY
2KDp1K0dnyx5OH0Ffx20pBxoJYFBmyfrdA3HA4F9GbDsj66dKsoJuozzghDIps
XVmaO5BhdvQO3jwAs0yc5f54kqKxtTdaDZss75FVPehvhXfiIDFDT3GFJ90XrD
OQq1fHtyq0GEf/sicqhStYByRQ3k4l5XAmXJEyJjgjINnZs0oURh3NsWQ9XK8/
P9NY6r6vKaB3ygs6Zfj4PPO/XhsCyoyYxZ4hQuefoJ08iTIIk8ZIZIN+Jw6LrT
uzH3YXTAfLfUlgpkl/BA9ywStziYoNNg==
Received: from exmrs73.ad.utwente.nl (2001:67c:2564:a187::2:73) by
mail.ad.utwente.nl (2001:67c:2564:a187::2:161) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1544.9; Sat, 16 Mar 2024 18:05:52 +0100
Received: from exmrs72.ad.utwente.nl (2001:67c:2564:a187::2:72) by
exmrs73.ad.utwente.nl (2001:67c:2564:a187::2:73) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1544.9; Sat, 16 Mar 2024 18:05:52 +0100
Received: from exmrs72.ad.utwente.nl ([fe80::dcd:fa20:abf1:7a3d]) by
exmrs72.ad.utwente.nl ([fe80::dcd:fa20:abf1:7a3d%16]) with mapi id
15.02.1544.009; Sat, 16 Mar 2024 18:05:52 +0100
From: Yaseen Taha Mustafa
Subject: Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
Thread-Topic: Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
Thread-Index: AQHad8QlkHwmB2JHY02qjw5hoP0r+g==
Date: Sat, 16 Mar 2024 17:05:52 +0000
Message-ID: <7c4a666bd7cc40e59b68e4a876e29486@alumni.itc.nl>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.89.9.62]
Content-Type: multipart/alternative;
boundary="_000_7c4a666bd7cc40e59b68e4a876e29486alumniitcnl_"
MIME-Version: 1.0
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-Exchange-SkipListedInternetSender:
ip=[2001:67c:2564:a187::2:73];domain=exmrs73.ad.utwente.nl
X-MS-Exchange-ExternalOriginalInternetSender:
ip=[2001:67c:2564:a187::2:73];domain=exmrs73.ad.utwente.nl
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AMS1EPF00000040:EE_|PR3P195MB0976:EE_
X-MS-Office365-Filtering-Correlation-Id: 9dcc1180-4e7c-44ca-7484-08dc45db5680
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
tPFoPxfUP6xdudfoODZFbudh0Iu+0n4lz/dDtDSinjsA0IeiVBZ2lRJ2B5J7h1XmBQ4Nmt4hyWcj9DAVgDERfYejOmaMeZ1nhS3zEVMRAo/SK1fk3r2zFFp5EJy1fY3TW/0EPkvkemEa2ZhVmraCGkCN/saIQq+IcUUTNtAHvpvwRgf3gp/Csu338+hqlflpzkmWhBq9Nhr03ZcmI2KVREWgZ/pqZ4CNyROeyvguoeNmVeO5lsqNHbMfKC8DVeVBtjD5LZ87Frwi8wLmlxnyFJVbqPoKB3GBppxobsdleYPzgVMxkpTUc8T/2ksrJn8L7NH3udSmboNSF8kHFgAWGaMMHzlUxkKb+ZIa3iIOr+1svjOGvmEqfeUMrdp/LEkYltDmIghNNNAKQE/4nMIiFmmloGTIMRAk8aDbly7X9C1UCTaqmio79+7OybO7V9qddWPVqzHXKMVoNJoE6J4UmMF8szFgavQqdSgFD69UY+rbvS1OcyPz3XQwRSX+TfwARfKT/kMkqH+l3PFMBXWdh+U65Xv84CU5FKePZq9FcGAESAn5/674QF6A0oP1jJA0
X-Forefront-Antispam-Report:
CIP:130.89.9.12;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:exmrs73.ad.utwente.nl;PTR:exmrs73.ad.utwente.nl;CAT:NONE;SFS:(13230031)(7416005)(1800799015)(376005)(32650700005)(36860700004)(82310400014);DIR:OUT;SFP:1102;
X-OriginatorOrg: alumni.itc.nl
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Mar 2024 17:05:52.8993
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 9dcc1180-4e7c-44ca-7484-08dc45db5680
X-MS-Exchange-CrossTenant-Id: 723246a1-c3f5-43c5-acdc-43adb404ac4d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=723246a1-c3f5-43c5-acdc-43adb404ac4d;Ip=[130.89.9.12];Helo=[mail.ad.utwente.nl]
X-MS-Exchange-CrossTenant-AuthSource:
AMS1EPF00000040.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PR3P195MB0976
X-Spam_score: 10.2
X-Spam_score_int: 102
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (10.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.107.241.101 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.107.241.101 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 ARC_VALID Message has a valid ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 ARC_SIGNED Message has a ARC signature
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
--_000_7c4a666bd7cc40e59b68e4a876e29486alumniitcnl_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_000_7c4a666bd7cc40e59b68e4a876e29486alumniitcnl_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
-family:Calibri,Helvetica,sans-serif;" dir=3D"ltr">
--_000_7c4a666bd7cc40e59b68e4a876e29486alumniitcnl_--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments