Investment spam from Google Gmail

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 18 Jun 2024 07:13:03 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sJYPK-00000000Dx2-42df

for dave@doctor.nl2k.ab.ca;

Tue, 18 Jun 2024 06:57:54 -0600

Resent-From: The Doctor

Resent-Date: Tue, 18 Jun 2024 06:57:54 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yb1-f195.google.com ([209.85.219.195]:45108)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.97.1 (FreeBSD))

(envelope-from )

id 1sJY6N-00000000BDL-281S

for root@doctor.nl2k.ab.ca;

Tue, 18 Jun 2024 06:38:25 -0600

Received: by mail-yb1-f195.google.com with SMTP id 3f1490d57ef6-e02a6d4bdbeso502794276.2

for ; Tue, 18 Jun 2024 05:36:16 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1718714171; x=1719318971; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=302dEi20kuA2GYGPo7JJjQu80ZWXvHNExUSnGBcWVJ8=;

b=DdgT/2y8nwPJeAv8YqzigoIOCaYQYVGgnZZL8mGiiR13ZJL9PH5qua/pBrwOV3L8f4

ZpsN8dHsOMGGVr4RJ63bUnm781F1xqT7MEDuKDuBMNpbln+09nRpiE9XdAuXuAegT2G/

2RcZM2GBHXmHIFNNWmulWLauF9ndcWQBWPMpXvcASQdEPk5rCtuQhHKquKN+q24hbMVb

xvFqOMTaGUzOVmG/n4svsyJILHQC1WLl12x+9bn8MCC9YO8raQLrDVfCpkxhqZ9eCsvn

Z2Hg+t3s7aIxRAfTuv593njopBh1vq809GwMB4+7Htj4UFDD0n7Sy7cF5cPOyiK7Eyrq

4yjg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1718714171; x=1719318971;

h=to:subject:message-id:date:from:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=302dEi20kuA2GYGPo7JJjQu80ZWXvHNExUSnGBcWVJ8=;

b=ulTlbl4wMHHLJGm/lUtYL9Kxh2Zv2hfqxfAFnaYYYHAjw/Y7SjOSz0sQ9izZHID4zJ

vpEjbL3veDjLMzaaCLFjrfwAALa+p4deYlxUOReCza+0bAm1tTCu5Ckva+e8jSRO/Bkm

gcw8ubRtxUNC7XzggWofnqk+s9c/x81nuR0XOUHoW3Xw3OxArVLI38UrPwE879oclU6u

Tj2uFWWBTd6Tt/1R10aHojlSxM9pGda4CqG0Oo/+8hcGqqAcEi+ZjbEjEIvgkGFu1IF6

GltCezPBMIrpGW5GKQrhEAOhZcMkvLySXEpW9cPRNiA6ErIr7LPXrYx0Dz9tZsXtg5BK

mp/A==

X-Forwarded-Encrypted: i=1; AJvYcCUmJiMj1NdD6kPwEfkDwRr7Yz4QP3ZkXl64HUbrwfEBURx4q5WPOst/V/ssDSn67vdzDxz0jVhqsq0kYnlsJkUUvlPuSKp4

X-Gm-Message-State: AOJu0YzVfVBbrCdbGf0I0IjbTjyOJdiL0x8ExL/AmuXHXsvDgHoPAc+Z

LcS1cik/rdIXS8jXaww6jEC9m/RK9r2TPNCRYopWKSGF7BIpsgQZgvLe+dqsrb/WDl5vAp6x6Ef

p0zKGZayEwgb7QXtU0qZp4pV1ejY=

X-Google-Smtp-Source: AGHT+IHE6ptTEtWbsSg8QkPAWZdJCt8r753JLbmegBn3HBjPlZ8Zn9Lubm/BfZ5DRh80y0+Tn/7IJt+Q47yEra7OQWw=

X-Received: by 2002:a5b:b49:0:b0:dff:4294:ca6b with SMTP id

3f1490d57ef6-dff4294d61fmr5835368276.46.1718714170788; Tue, 18 Jun 2024

05:36:10 -0700 (PDT)

MIME-Version: 1.0

Reply-To: khadermashal@outlook.com

From: "Mr.K.Mashal"

Date: Tue, 18 Jun 2024 05:35:51 -0700

Message-ID:

Subject: Reply Very Important

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="0000000000009ed3fe061b2953c0"

Bcc: root@doctor.nl2k.ab.ca

X-Spam_score: 19.7

X-Spam_score_int: 197

X-Spam_bar: +++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Sir, I have a Lucrative Investment business proposal/Next

of Kin opportunity if interested kindly contact me for more details:mrkm620@gmail.com

Regards Mr.Khader Mashal mrkm620@gmail.com



Content analysis details: (19.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.219.195 listed in dnsbl.ahbl.org]

[209.85.219.195 listed in dnsbl.ahbl.org]

[209.85.219.195 listed in dnsbl.ahbl.org]

[209.85.219.195 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.219.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.219.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.219.195 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.219.195 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.219.195 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.219.195 listed in will-spam-for-food.eu.org]

[209.85.219.195 listed in will-spam-for-food.eu.org]

[209.85.219.195 listed in will-spam-for-food.eu.org]

[209.85.219.195 listed in will-spam-for-food.eu.org]

[209.85.219.195 listed in will-spam-for-food.eu.org]

[209.85.219.195 listed in will-spam-for-food.eu.org]

[209.85.219.195 listed in will-spam-for-food.eu.org]

[209.85.219.195 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.219.195 listed in wl.mailspike.net]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[jabelhassan3(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[jabelhassan3(at)gmail.com]

2.5 HK_SCAM_N2 BODY: No description available.

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 T_SCC_BODY_TEXT_LINE No description available.

0.8 HK_SCAM No description available.

1.5 HK_NAME_FM_MR_MRS No description available.

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs

2.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)

Subject: {SPAM?} Reply Very Important



--0000000000009ed3fe061b2953c0

Content-Type: text/plain; charset="UTF-8"



Dear Sir,



I have a Lucrative Investment business proposal/Next of Kin opportunity if

interested kindly contact me for more details:mrkm620@gmail.com



Regards

Mr.Khader Mashal

mrkm620@gmail.com



--0000000000009ed3fe061b2953c0

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Dear Sir,

I have a Lucrative Investment business pr=

oposal/Next of Kin opportunity if interested kindly contact me for more
href=3D"mailto:details%3Amrkm620@gmail.com">details:mrkm620@gmail.com

r>
Regards
Mr.Khader Mashal
m=

rkm620@gmail.com





--0000000000009ed3fe061b2953c0--

I3.46KL0LD42.1KI2.16KwhoissourceRank12.7MPIN0Summary reportDiagnosisDensity00n/a

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA