Investment spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 18 Jun 2024 07:13:03 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1sJYPK-00000000Dx2-42df
for dave@doctor.nl2k.ab.ca;
Tue, 18 Jun 2024 06:57:54 -0600
Resent-From: The Doctor
Resent-Date: Tue, 18 Jun 2024 06:57:54 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yb1-f195.google.com ([209.85.219.195]:45108)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from)
id 1sJY6N-00000000BDL-281S
for root@doctor.nl2k.ab.ca;
Tue, 18 Jun 2024 06:38:25 -0600
Received: by mail-yb1-f195.google.com with SMTP id 3f1490d57ef6-e02a6d4bdbeso502794276.2
for; Tue, 18 Jun 2024 05:36:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1718714171; x=1719318971; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=302dEi20kuA2GYGPo7JJjQu80ZWXvHNExUSnGBcWVJ8=;
b=DdgT/2y8nwPJeAv8YqzigoIOCaYQYVGgnZZL8mGiiR13ZJL9PH5qua/pBrwOV3L8f4
ZpsN8dHsOMGGVr4RJ63bUnm781F1xqT7MEDuKDuBMNpbln+09nRpiE9XdAuXuAegT2G/
2RcZM2GBHXmHIFNNWmulWLauF9ndcWQBWPMpXvcASQdEPk5rCtuQhHKquKN+q24hbMVb
xvFqOMTaGUzOVmG/n4svsyJILHQC1WLl12x+9bn8MCC9YO8raQLrDVfCpkxhqZ9eCsvn
Z2Hg+t3s7aIxRAfTuv593njopBh1vq809GwMB4+7Htj4UFDD0n7Sy7cF5cPOyiK7Eyrq
4yjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1718714171; x=1719318971;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=302dEi20kuA2GYGPo7JJjQu80ZWXvHNExUSnGBcWVJ8=;
b=ulTlbl4wMHHLJGm/lUtYL9Kxh2Zv2hfqxfAFnaYYYHAjw/Y7SjOSz0sQ9izZHID4zJ
vpEjbL3veDjLMzaaCLFjrfwAALa+p4deYlxUOReCza+0bAm1tTCu5Ckva+e8jSRO/Bkm
gcw8ubRtxUNC7XzggWofnqk+s9c/x81nuR0XOUHoW3Xw3OxArVLI38UrPwE879oclU6u
Tj2uFWWBTd6Tt/1R10aHojlSxM9pGda4CqG0Oo/+8hcGqqAcEi+ZjbEjEIvgkGFu1IF6
GltCezPBMIrpGW5GKQrhEAOhZcMkvLySXEpW9cPRNiA6ErIr7LPXrYx0Dz9tZsXtg5BK
mp/A==
X-Forwarded-Encrypted: i=1; AJvYcCUmJiMj1NdD6kPwEfkDwRr7Yz4QP3ZkXl64HUbrwfEBURx4q5WPOst/V/ssDSn67vdzDxz0jVhqsq0kYnlsJkUUvlPuSKp4
X-Gm-Message-State: AOJu0YzVfVBbrCdbGf0I0IjbTjyOJdiL0x8ExL/AmuXHXsvDgHoPAc+Z
LcS1cik/rdIXS8jXaww6jEC9m/RK9r2TPNCRYopWKSGF7BIpsgQZgvLe+dqsrb/WDl5vAp6x6Ef
p0zKGZayEwgb7QXtU0qZp4pV1ejY=
X-Google-Smtp-Source: AGHT+IHE6ptTEtWbsSg8QkPAWZdJCt8r753JLbmegBn3HBjPlZ8Zn9Lubm/BfZ5DRh80y0+Tn/7IJt+Q47yEra7OQWw=
X-Received: by 2002:a5b:b49:0:b0:dff:4294:ca6b with SMTP id
3f1490d57ef6-dff4294d61fmr5835368276.46.1718714170788; Tue, 18 Jun 2024
05:36:10 -0700 (PDT)
MIME-Version: 1.0
Reply-To: khadermashal@outlook.com
From: "Mr.K.Mashal"
Date: Tue, 18 Jun 2024 05:35:51 -0700
Message-ID:
Subject: Reply Very Important
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="0000000000009ed3fe061b2953c0"
Bcc: root@doctor.nl2k.ab.ca
X-Spam_score: 19.7
X-Spam_score_int: 197
X-Spam_bar: +++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Sir, I have a Lucrative Investment business proposal/Next
of Kin opportunity if interested kindly contact me for more details:mrkm620@gmail.com
Regards Mr.Khader Mashal mrkm620@gmail.com
Content analysis details: (19.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.219.195 listed in dnsbl.ahbl.org]
[209.85.219.195 listed in dnsbl.ahbl.org]
[209.85.219.195 listed in dnsbl.ahbl.org]
[209.85.219.195 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.219.195 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.219.195 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.219.195 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.219.195 listed in dnsbl.ahbl.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.195 listed in list.dnswl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.195 listed in wl.mailspike.net]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[jabelhassan3(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[jabelhassan3(at)gmail.com]
2.5 HK_SCAM_N2 BODY: No description available.
1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.8 HK_SCAM No description available.
1.5 HK_NAME_FM_MR_MRS No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to
0.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs
2.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
Subject: {SPAM?} Reply Very Important
--0000000000009ed3fe061b2953c0
Content-Type: text/plain; charset="UTF-8"
Dear Sir,
I have a Lucrative Investment business proposal/Next of Kin opportunity if
interested kindly contact me for more details:mrkm620@gmail.com
Regards
Mr.Khader Mashal
mrkm620@gmail.com
--0000000000009ed3fe061b2953c0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
--0000000000009ed3fe061b2953c0--
I3.46KL0LD42.1KI2.16KwhoissourceRank12.7MPIN0Summary reportDiagnosisDensity00n/a
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 18 Jun 2024 07:13:03 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1sJYPK-00000000Dx2-42df
for dave@doctor.nl2k.ab.ca;
Tue, 18 Jun 2024 06:57:54 -0600
Resent-From: The Doctor
Resent-Date: Tue, 18 Jun 2024 06:57:54 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-yb1-f195.google.com ([209.85.219.195]:45108)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1sJY6N-00000000BDL-281S
for root@doctor.nl2k.ab.ca;
Tue, 18 Jun 2024 06:38:25 -0600
Received: by mail-yb1-f195.google.com with SMTP id 3f1490d57ef6-e02a6d4bdbeso502794276.2
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1718714171; x=1719318971; darn=doctor.nl2k.ab.ca;
h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc
:subject:date:message-id:reply-to;
bh=302dEi20kuA2GYGPo7JJjQu80ZWXvHNExUSnGBcWVJ8=;
b=DdgT/2y8nwPJeAv8YqzigoIOCaYQYVGgnZZL8mGiiR13ZJL9PH5qua/pBrwOV3L8f4
ZpsN8dHsOMGGVr4RJ63bUnm781F1xqT7MEDuKDuBMNpbln+09nRpiE9XdAuXuAegT2G/
2RcZM2GBHXmHIFNNWmulWLauF9ndcWQBWPMpXvcASQdEPk5rCtuQhHKquKN+q24hbMVb
xvFqOMTaGUzOVmG/n4svsyJILHQC1WLl12x+9bn8MCC9YO8raQLrDVfCpkxhqZ9eCsvn
Z2Hg+t3s7aIxRAfTuv593njopBh1vq809GwMB4+7Htj4UFDD0n7Sy7cF5cPOyiK7Eyrq
4yjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1718714171; x=1719318971;
h=to:subject:message-id:date:from:reply-to:mime-version
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=302dEi20kuA2GYGPo7JJjQu80ZWXvHNExUSnGBcWVJ8=;
b=ulTlbl4wMHHLJGm/lUtYL9Kxh2Zv2hfqxfAFnaYYYHAjw/Y7SjOSz0sQ9izZHID4zJ
vpEjbL3veDjLMzaaCLFjrfwAALa+p4deYlxUOReCza+0bAm1tTCu5Ckva+e8jSRO/Bkm
gcw8ubRtxUNC7XzggWofnqk+s9c/x81nuR0XOUHoW3Xw3OxArVLI38UrPwE879oclU6u
Tj2uFWWBTd6Tt/1R10aHojlSxM9pGda4CqG0Oo/+8hcGqqAcEi+ZjbEjEIvgkGFu1IF6
GltCezPBMIrpGW5GKQrhEAOhZcMkvLySXEpW9cPRNiA6ErIr7LPXrYx0Dz9tZsXtg5BK
mp/A==
X-Forwarded-Encrypted: i=1; AJvYcCUmJiMj1NdD6kPwEfkDwRr7Yz4QP3ZkXl64HUbrwfEBURx4q5WPOst/V/ssDSn67vdzDxz0jVhqsq0kYnlsJkUUvlPuSKp4
X-Gm-Message-State: AOJu0YzVfVBbrCdbGf0I0IjbTjyOJdiL0x8ExL/AmuXHXsvDgHoPAc+Z
LcS1cik/rdIXS8jXaww6jEC9m/RK9r2TPNCRYopWKSGF7BIpsgQZgvLe+dqsrb/WDl5vAp6x6Ef
p0zKGZayEwgb7QXtU0qZp4pV1ejY=
X-Google-Smtp-Source: AGHT+IHE6ptTEtWbsSg8QkPAWZdJCt8r753JLbmegBn3HBjPlZ8Zn9Lubm/BfZ5DRh80y0+Tn/7IJt+Q47yEra7OQWw=
X-Received: by 2002:a5b:b49:0:b0:dff:4294:ca6b with SMTP id
3f1490d57ef6-dff4294d61fmr5835368276.46.1718714170788; Tue, 18 Jun 2024
05:36:10 -0700 (PDT)
MIME-Version: 1.0
Reply-To: khadermashal@outlook.com
From: "Mr.K.Mashal"
Date: Tue, 18 Jun 2024 05:35:51 -0700
Message-ID:
Subject: Reply Very Important
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="0000000000009ed3fe061b2953c0"
Bcc: root@doctor.nl2k.ab.ca
X-Spam_score: 19.7
X-Spam_score_int: 197
X-Spam_bar: +++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Dear Sir, I have a Lucrative Investment business proposal/Next
of Kin opportunity if interested kindly contact me for more details:mrkm620@gmail.com
Regards Mr.Khader Mashal mrkm620@gmail.com
Content analysis details: (19.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.219.195 listed in dnsbl.ahbl.org]
[209.85.219.195 listed in dnsbl.ahbl.org]
[209.85.219.195 listed in dnsbl.ahbl.org]
[209.85.219.195 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.219.195 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.219.195 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.219.195 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.219.195 listed in dnsbl.ahbl.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.219.195 listed in list.dnswl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
[209.85.219.195 listed in will-spam-for-food.eu.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.219.195 listed in wl.mailspike.net]
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit
[jabelhassan3(at)gmail.com]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[jabelhassan3(at)gmail.com]
2.5 HK_SCAM_N2 BODY: No description available.
1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'
0.0 HTML_MESSAGE BODY: HTML included in message
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.8 HK_SCAM No description available.
1.5 HK_NAME_FM_MR_MRS No description available.
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to
0.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs
2.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
Subject: {SPAM?} Reply Very Important
--0000000000009ed3fe061b2953c0
Content-Type: text/plain; charset="UTF-8"
Dear Sir,
I have a Lucrative Investment business proposal/Next of Kin opportunity if
interested kindly contact me for more details:mrkm620@gmail.com
Regards
Mr.Khader Mashal
mrkm620@gmail.com
--0000000000009ed3fe061b2953c0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Dear Sir,
I have a Lucrative Investment business pr=
oposal/Next of Kin opportunity if interested kindly contact me for more
href=3D"mailto:details%3Amrkm620@gmail.com">details:mrkm620@gmail.com
r>
Regards
Mr.Khader Mashal
m=
rkm620@gmail.com
I have a Lucrative Investment business pr=
oposal/Next of Kin opportunity if interested kindly contact me for more
href=3D"mailto:details%3Amrkm620@gmail.com">details:mrkm620@gmail.com
r>
Regards
Mr.Khader Mashal
m=
rkm620@gmail.com
--0000000000009ed3fe061b2953c0--
I3.46KL0LD42.1KI2.16KwhoissourceRank12.7MPIN0Summary reportDiagnosisDensity00n/a
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments