Nigerian spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 May 2024 06:28:00 -0600
Received: from mail-lj1-f196.google.com ([209.85.208.196]:52427)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1sBZS0-00000000F7n-0eNg
for dave@doctor.nl2k.ab.ca;
Mon, 27 May 2024 06:27:44 -0600
Received: by mail-lj1-f196.google.com with SMTP id 38308e7fff4ca-2e95a1d5ee2so61287221fa.0
for; Mon, 27 May 2024 05:25:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1716812738; x=1717417538; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=4il67ZlHeVAdQq1/cJ4c6n/bsWK0DXMx1wDMk6PDFBQ=;
b=JhUT72AMrVBoIPu4yVDKySaL1StiHrDZgMJdFKwFAPHE6I+3JuKvDSfvfTXCpbOhG2
UZDKQay3ZqwTdNeVQc0+4jUgHjJWvx0w7KS9lkECeNrsnlD5/wM1flU1WDrYeJbW7C70
Va/X148zUZTg9p4xrH5wg/vShb/ztLA30VhI+kY35PtpU5OFb6YoEkukyCMU2WOKA6MQ
T2gBb68yykI64wOFSekrIZW5Bf1RgfOCxosKdauNcyMGfaYk9lAk/9n4cps23Lcvd+NO
stjmC2tvSZEkW7z8PmY9e0RtwBxMNSn5iDTj6mbzWGORhX9NhA476xS6UBNR4LFT8Z4k
/pdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1716812738; x=1717417538;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=4il67ZlHeVAdQq1/cJ4c6n/bsWK0DXMx1wDMk6PDFBQ=;
b=R7Wp3VWEPeM7KvqVj4WbA9GbQqdj+kfIEll8AT698pq7/soZd4qz0PkuRe3cmr5zj0
kUHhNC7nIpm4gIqSyGLziMJ9nJjTOCOoDnm/9yn0y8xmPpCgV2VG6u35aIYp5VsMnGop
YRMFd/2IisBVCK3UKt+vq06CenCOMn/np5df5ZIK0zmLYdRre7nBtg2dk/GHZLeqj0nK
b9IT3xshVv4wAHGxkU6U65ebbfSkE0HL2TtOcmrRifl4WdsMLgVJBnDqgOk8QeAtfu4m
s/i9sXsm/3yASvrYF6W5i9hKDc+L2pL0zdUIwnwaaZc3+qK2isbUZHMe2VDmm2WSb89x
hhew==
X-Forwarded-Encrypted: i=1; AJvYcCV4Yp3YH7Q8DFDTpR9aC/LG3FdaL23X6kVzTG2mhr3coae25rBcYYwo7MxwoKNxgVOAEnOmHtyB2deCVSinFz4hdL6eRObu
X-Gm-Message-State: AOJu0YwUE/iR0nrCmDepGai6DjsalOE1RealVRg3oL55rLJ5/zDuC+co
1ZS8odM8RqqHJsCG/qsimao+n7Vj+sGms029a4bXkDyQy0TshydNyUevgG5NeaHUCri5N1MqFlp
MBIndWsVoAWBPYCVJezgFB6d6Cg==
X-Google-Smtp-Source: AGHT+IHftQSqFuGn1gTVQFVclpDJsclpz7ka2K8MvRRT+4UHt+Y9eNYM1lp4N2i/Bqs1PFi6V4npBxta3LlcOP5u6GI=
X-Received: by 2002:a2e:7808:0:b0:2e7:134d:f7ac with SMTP id
38308e7fff4ca-2e95b27b0a6mr77513251fa.44.1716812737871; Mon, 27 May 2024
05:25:37 -0700 (PDT)
MIME-Version: 1.0
Reply-To: umurumbano0@gmail.com
From: Umuru Mbano
Date: Mon, 27 May 2024 12:25:25 +0000
Message-ID:
Subject: hello
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="0000000000006307bc06196e9d75"
Bcc: dave@doctor.nl2k.ab.ca
X-Spam_score: 22.9
X-Spam_score_int: 229
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear friend, I know that this mail will come to you as
a surprise. I am a practitioner at law to a deceased Immigrant property
Magnate. I hope *that you will not expose or betray this trust and confidence
tha [...]
Content analysis details: (22.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.208.196 listed in dnsbl.ahbl.org]
[209.85.208.196 listed in dnsbl.ahbl.org]
[209.85.208.196 listed in dnsbl.ahbl.org]
[209.85.208.196 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.208.196 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.208.196 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.208.196 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.208.196 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.208.196 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.5 ONE_WORD_SUBJECT Subject with only one lower-case word
1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.208.196 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[emebambano(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[umurumbano0(at)gmail.com]
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters
2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} hello
X-Antivirus: AVG (VPS 240527-2, 5/27/2024), Inbound message
X-Antivirus-Status: Clean
--0000000000006307bc06196e9d75
Content-Type: text/plain; charset="UTF-8"
Dear friend,
I know that this mail will come to you as a surprise. I am a practitioner
at law to a deceased Immigrant property Magnate. I hope that you will not
expose or betray this trust and confidence that I am
about to repose to you for the mutual benefit of our both families. I have
an important message for you concerning the death of your relative, and
the funds valued at $11.5 million he left behind in Security and Finance
Company here in my country Lome (Togo), Contact me at my private mailbox
( **umurmbano0@gmail.com
**
)
for the full details
as soon as possible. Best Regards,
Mr.Umuru Mbano.
--0000000000006307bc06196e9d75
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
:0in 0in 10pt;font-size:11pt;font-family:"Calibri","sans-ser=
if"">
ot;sans-serif";color:black">Dear friend,
ont-size:9pt;font-family:"Helvetica","sans-serif";color=
:black">
I know that this mail will come to you as a surprise. I am a<=
span style=3D"font-size:9pt;font-family:"Arial","sans-serif&=
quot;;color:black">=C2=A0
mily:"Helvetica","sans-serif";color:black">practitioner=
at law to a deceased Immigrant property Magnate. I
hope
;,"sans-serif";color:black">=C2=A0
nt-size:9pt;font-family:"Helvetica","sans-serif";color:=
black">that you will not expose or betray this trust
and confidence that I am
ily:"Arial","sans-serif";color:black">=C2=A0=
s-serif";color:black">about to repose to you for the mutual benefit of
our both families.
I have an important message for you concerning the death of your=
rif";color:black">=C2=A0
t-family:"Helvetica","sans-serif";color:black">relative=
, and the funds valued at $11.5 million he left behind in
n style=3D"font-size:9pt;font-family:"Arial","sans-serif&quo=
t;;color:black">=C2=A0
y:"Helvetica","sans-serif";color:black">Security and Fi=
nance Company here in my country Lome (Togo),
Contact
uot;,"sans-serif";color:black">=C2=A0
"font-size:9pt;font-family:"Helvetica","sans-serif";col=
or:black">me at my private mailbox (=C2=A0
-size:9pt;font-family:"Arial","sans-serif";color:rgb(34=
,34,34)">
cs=3Dwh&v=3Db&to=3Dumurmbano0@gmail.com" target=3D"_blank">
yle=3D"font-family:"Helvetica","sans-serif";color:rgb(0=
,0,204)">umurmbano0@gmail.com
ize:9pt;font-family:"Arial","sans-serif";color:black">=
=C2=A0) for the full details=C2=A0
t;font-family:"Helvetica","sans-serif";color:black">as =
soon as possible.
Best Regards,
span>
:0in 0in 10pt;font-size:11pt;font-family:"Calibri","sans-ser=
if"">
,"sans-serif";color:black">
Mr.Umuru Mbano.=
--0000000000006307bc06196e9d75--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 27 May 2024 06:28:00 -0600
Received: from mail-lj1-f196.google.com ([209.85.208.196]:52427)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1sBZS0-00000000F7n-0eNg
for dave@doctor.nl2k.ab.ca;
Mon, 27 May 2024 06:27:44 -0600
Received: by mail-lj1-f196.google.com with SMTP id 38308e7fff4ca-2e95a1d5ee2so61287221fa.0
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1716812738; x=1717417538; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=4il67ZlHeVAdQq1/cJ4c6n/bsWK0DXMx1wDMk6PDFBQ=;
b=JhUT72AMrVBoIPu4yVDKySaL1StiHrDZgMJdFKwFAPHE6I+3JuKvDSfvfTXCpbOhG2
UZDKQay3ZqwTdNeVQc0+4jUgHjJWvx0w7KS9lkECeNrsnlD5/wM1flU1WDrYeJbW7C70
Va/X148zUZTg9p4xrH5wg/vShb/ztLA30VhI+kY35PtpU5OFb6YoEkukyCMU2WOKA6MQ
T2gBb68yykI64wOFSekrIZW5Bf1RgfOCxosKdauNcyMGfaYk9lAk/9n4cps23Lcvd+NO
stjmC2tvSZEkW7z8PmY9e0RtwBxMNSn5iDTj6mbzWGORhX9NhA476xS6UBNR4LFT8Z4k
/pdQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1716812738; x=1717417538;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=4il67ZlHeVAdQq1/cJ4c6n/bsWK0DXMx1wDMk6PDFBQ=;
b=R7Wp3VWEPeM7KvqVj4WbA9GbQqdj+kfIEll8AT698pq7/soZd4qz0PkuRe3cmr5zj0
kUHhNC7nIpm4gIqSyGLziMJ9nJjTOCOoDnm/9yn0y8xmPpCgV2VG6u35aIYp5VsMnGop
YRMFd/2IisBVCK3UKt+vq06CenCOMn/np5df5ZIK0zmLYdRre7nBtg2dk/GHZLeqj0nK
b9IT3xshVv4wAHGxkU6U65ebbfSkE0HL2TtOcmrRifl4WdsMLgVJBnDqgOk8QeAtfu4m
s/i9sXsm/3yASvrYF6W5i9hKDc+L2pL0zdUIwnwaaZc3+qK2isbUZHMe2VDmm2WSb89x
hhew==
X-Forwarded-Encrypted: i=1; AJvYcCV4Yp3YH7Q8DFDTpR9aC/LG3FdaL23X6kVzTG2mhr3coae25rBcYYwo7MxwoKNxgVOAEnOmHtyB2deCVSinFz4hdL6eRObu
X-Gm-Message-State: AOJu0YwUE/iR0nrCmDepGai6DjsalOE1RealVRg3oL55rLJ5/zDuC+co
1ZS8odM8RqqHJsCG/qsimao+n7Vj+sGms029a4bXkDyQy0TshydNyUevgG5NeaHUCri5N1MqFlp
MBIndWsVoAWBPYCVJezgFB6d6Cg==
X-Google-Smtp-Source: AGHT+IHftQSqFuGn1gTVQFVclpDJsclpz7ka2K8MvRRT+4UHt+Y9eNYM1lp4N2i/Bqs1PFi6V4npBxta3LlcOP5u6GI=
X-Received: by 2002:a2e:7808:0:b0:2e7:134d:f7ac with SMTP id
38308e7fff4ca-2e95b27b0a6mr77513251fa.44.1716812737871; Mon, 27 May 2024
05:25:37 -0700 (PDT)
MIME-Version: 1.0
Reply-To: umurumbano0@gmail.com
From: Umuru Mbano
Date: Mon, 27 May 2024 12:25:25 +0000
Message-ID:
Subject: hello
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="0000000000006307bc06196e9d75"
Bcc: dave@doctor.nl2k.ab.ca
X-Spam_score: 22.9
X-Spam_score_int: 229
X-Spam_bar: ++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear friend, I know that this mail will come to you as
a surprise. I am a practitioner at law to a deceased Immigrant property
Magnate. I hope *that you will not expose or betray this trust and confidence
tha [...]
Content analysis details: (22.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.208.196 listed in dnsbl.ahbl.org]
[209.85.208.196 listed in dnsbl.ahbl.org]
[209.85.208.196 listed in dnsbl.ahbl.org]
[209.85.208.196 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.208.196 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.208.196 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.208.196 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.208.196 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
[209.85.208.196 listed in will-spam-for-food.eu.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.208.196 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.5 ONE_WORD_SUBJECT Subject with only one lower-case word
1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.208.196 listed in wl.mailspike.net]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[emebambano(at)gmail.com]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
[umurumbano0(at)gmail.com]
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?
1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters
2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to
3.1 UNDISC_MONEY Undisclosed recipients + money/fraud signs
3.1 MONEY_FRAUD_3 Lots of money and several fraud phrases
2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
Subject: {SPAM?} hello
X-Antivirus: AVG (VPS 240527-2, 5/27/2024), Inbound message
X-Antivirus-Status: Clean
--0000000000006307bc06196e9d75
Content-Type: text/plain; charset="UTF-8"
Dear friend,
I know that this mail will come to you as a surprise. I am a practitioner
at law to a deceased Immigrant property Magnate. I hope that you will not
expose or betray this trust and confidence that I am
about to repose to you for the mutual benefit of our both families. I have
an important message for you concerning the death of your relative, and
the funds valued at $11.5 million he left behind in Security and Finance
Company here in my country Lome (Togo), Contact me at my private mailbox
( **umurmbano0@gmail.com
)
for the full details
as soon as possible. Best Regards,
Mr.Umuru Mbano.
--0000000000006307bc06196e9d75
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
:0in 0in 10pt;font-size:11pt;font-family:"Calibri","sans-ser=
if"">
ot;sans-serif";color:black">Dear friend,
ont-size:9pt;font-family:"Helvetica","sans-serif";color=
:black">
I know that this mail will come to you as a surprise. I am a<=
span style=3D"font-size:9pt;font-family:"Arial","sans-serif&=
quot;;color:black">=C2=A0
mily:"Helvetica","sans-serif";color:black">practitioner=
at law to a deceased Immigrant property Magnate. I
hope
;,"sans-serif";color:black">=C2=A0
nt-size:9pt;font-family:"Helvetica","sans-serif";color:=
black">that you will not expose or betray this trust
and confidence that I am
ily:"Arial","sans-serif";color:black">=C2=A0=
s-serif";color:black">about to repose to you for the mutual benefit of
our both families.
I have an important message for you concerning the death of your=
rif";color:black">=C2=A0
t-family:"Helvetica","sans-serif";color:black">relative=
, and the funds valued at $11.5 million he left behind in
n style=3D"font-size:9pt;font-family:"Arial","sans-serif&quo=
t;;color:black">=C2=A0
y:"Helvetica","sans-serif";color:black">Security and Fi=
nance Company here in my country Lome (Togo),
Contact
uot;,"sans-serif";color:black">=C2=A0
"font-size:9pt;font-family:"Helvetica","sans-serif";col=
or:black">me at my private mailbox (=C2=A0
-size:9pt;font-family:"Arial","sans-serif";color:rgb(34=
,34,34)">
cs=3Dwh&v=3Db&to=3Dumurmbano0@gmail.com" target=3D"_blank">
yle=3D"font-family:"Helvetica","sans-serif";color:rgb(0=
,0,204)">umurmbano0@gmail.com
ize:9pt;font-family:"Arial","sans-serif";color:black">=
=C2=A0) for the full details=C2=A0
t;font-family:"Helvetica","sans-serif";color:black">as =
soon as possible.
Best Regards,
span>
:0in 0in 10pt;font-size:11pt;font-family:"Calibri","sans-ser=
if"">
,"sans-serif";color:black">
Mr.Umuru Mbano.=
--0000000000006307bc06196e9d75--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments