Domain name spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 17 Sep 2024 10:39:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1sqaub-00000000Kpm-27JK
for dave@doctor.nl2k.ab.ca;
Tue, 17 Sep 2024 10:18:45 -0600
Resent-From: The Doctor
Resent-Date: Tue, 17 Sep 2024 10:18:45 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-io1-f45.google.com ([209.85.166.45]:51268)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1sqZuL-00000000Gkk-2seT
for root@nk.ca;
Tue, 17 Sep 2024 09:14:30 -0600
Received: by mail-io1-f45.google.com with SMTP id ca18e2360f4ac-82d07f32eeaso218270039f.2
for; Tue, 17 Sep 2024 08:12:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1726585948; x=1727190748; darn=nk.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=dTN02TCO6iWmlfNYyrA7pzUbo0Vj1ePTP8PKxtLTUhE=;
b=Rh2ky/j4AO7+l8p/+L+BAi2WFbTejVFXBwABybLUt4f77neSE00XPWFZOlFT1uTaU3
GPFY7d2v0WlvPGsYLtvpuQwWFH0RfHmUB7/ZlH4kVywVnIUBIn9x13WQ/gyxMznA5/ai
8TwbmOJogcD9sQX2pplPiWqbJhhHxsk1PRv6x9K0WvD+uup5S/vJCccipKDDp8cnIpDj
4Z1Og6nfZrpsCu4F7jZ+kCqa/E+Hh8YqSWTeFkSL8joYqoqT+Tjxiuc2O4GH85rSwNTS
5TNfhlSWwFEwuYIwLHbUlV3+nkaxlTv4T01scrw9PjRppK3oJh9YG/2cIdGXyspBe0s6
VqhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1726585948; x=1727190748;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=dTN02TCO6iWmlfNYyrA7pzUbo0Vj1ePTP8PKxtLTUhE=;
b=THi1stznScRjUT4UbkiSeMFkNKGmBmlDfH6tpG7HbOHa2qZ4IQ8mCqZddfST5YlS+h
gegxWF4yBkyHi/sNIBvHm0+Ji0N0VDwZFtkJPGhIPzqyc9STDnxD/qYXyAh2TB27fCpo
zpLU6NrTQv77Qr7V1SJ8xZ8j5N0Ft1bLQ1L/M1sDvoYAXhAMtZONfOPev/90UTPqkWLH
e/gPaXbrddiFEVPUVMShmwaTL+MAfWkdb/OWebXf9Kg28hAT+9eZBnzNFhwmso0bTD8j
njorKvI9QjP4eI2m2RlLG8EjlGBTY9NM65YJ6M4KT/sniE1ZEnz7Pjo7NU7uc3Ea29Vw
uZdQ==
X-Gm-Message-State: AOJu0Yzhi5qztG0B6Hs6ZRr4dmZ17sMhOhAdMWnJJCHzEHs9y0+qeKFP
HP/+XG11+ti/kqMsQe6ZnkIsixYuw0zMqBKMTq1mw7Tbmbmkv00XlV4usT0GvSTWRY6JIBZHAmJ
Vs44mpABvSTfcVqdl6PVn/wWNxm87U/Oq
X-Google-Smtp-Source: AGHT+IFVC/ulSCcKrZ59KoTuCRJ5fTlGtD76MybC/ZwTc1UKCU7cJ8GfFyLWkmd8dL3LX1xovfRJHTuOAFtXkJkHdK8=
X-Received: by 2002:a05:6602:6015:b0:82a:4490:692a with SMTP id
ca18e2360f4ac-82d376e001fmr1288597439f.7.1726585947724; Tue, 17 Sep 2024
08:12:27 -0700 (PDT)
Received: from 326440123436 named unknown by gmailapi.google.com with
HTTPREST; Tue, 17 Sep 2024 11:12:27 -0400
MIME-Version: 1.0
From: Ezekiel Lumi
X-Streak-Sequence-Data: action-key=acn_CH6EQw0gYEZzASmHXA; recipient-key=rcp_CH6ELwg3d2R_0LhG8w
Date: Tue, 17 Sep 2024 11:12:27 -0400
Message-ID:
Subject: Domain Acquisition
To: root@nk.ca
Content-Type: multipart/alternative; boundary="00000000000016a2980622521e22"
X-Spam_score: 5.4
X-Spam_score_int: 54
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi, Just a quick note to inform you that BroadbandAlberta.com
is on sale for just $299 Take advantage of this opportunity!
Content analysis details: (5.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.166.45 listed in dnsbl.ahbl.org]
[209.85.166.45 listed in dnsbl.ahbl.org]
[209.85.166.45 listed in dnsbl.ahbl.org]
[209.85.166.45 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.166.45 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.166.45 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.166.45 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.166.45 listed in dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.166.45 listed in wl.mailspike.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.166.45 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[elprodomains(at)gmail.com]
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
-0.0 T_SCC_BODY_TEXT_LINE No description available.
Subject: {SPAM?} Domain Acquisition
--00000000000016a2980622521e22
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi,
Just a quick note to inform you that BroadbandAlberta.com is on sale for
just $299
Take advantage of this opportunity!
Visit www.BroadbandAlberta.com to complete this acquisition or acquire via
godaddy marketplace
Warm regards
=E1=90=A7
--00000000000016a2980622521e22
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
![3D""]()
=3D"width:0px;max-height:0px;overflow:hidden" src=3D"https://mailfoogae.app=
spot.com/t?sender=3DaZWxwcm9kb21haW5zQGdtYWlsLmNvbQ%3D%3D&type=3Dzeroco=
ntent&guid=3Da13395bf-df25-40e7-8727-f7badd775e92">
ff" size=3D"1">=E1=90=A7
--00000000000016a2980622521e22--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 17 Sep 2024 10:39:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1sqaub-00000000Kpm-27JK
for dave@doctor.nl2k.ab.ca;
Tue, 17 Sep 2024 10:18:45 -0600
Resent-From: The Doctor
Resent-Date: Tue, 17 Sep 2024 10:18:45 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-io1-f45.google.com ([209.85.166.45]:51268)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from
id 1sqZuL-00000000Gkk-2seT
for root@nk.ca;
Tue, 17 Sep 2024 09:14:30 -0600
Received: by mail-io1-f45.google.com with SMTP id ca18e2360f4ac-82d07f32eeaso218270039f.2
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1726585948; x=1727190748; darn=nk.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=dTN02TCO6iWmlfNYyrA7pzUbo0Vj1ePTP8PKxtLTUhE=;
b=Rh2ky/j4AO7+l8p/+L+BAi2WFbTejVFXBwABybLUt4f77neSE00XPWFZOlFT1uTaU3
GPFY7d2v0WlvPGsYLtvpuQwWFH0RfHmUB7/ZlH4kVywVnIUBIn9x13WQ/gyxMznA5/ai
8TwbmOJogcD9sQX2pplPiWqbJhhHxsk1PRv6x9K0WvD+uup5S/vJCccipKDDp8cnIpDj
4Z1Og6nfZrpsCu4F7jZ+kCqa/E+Hh8YqSWTeFkSL8joYqoqT+Tjxiuc2O4GH85rSwNTS
5TNfhlSWwFEwuYIwLHbUlV3+nkaxlTv4T01scrw9PjRppK3oJh9YG/2cIdGXyspBe0s6
VqhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1726585948; x=1727190748;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=dTN02TCO6iWmlfNYyrA7pzUbo0Vj1ePTP8PKxtLTUhE=;
b=THi1stznScRjUT4UbkiSeMFkNKGmBmlDfH6tpG7HbOHa2qZ4IQ8mCqZddfST5YlS+h
gegxWF4yBkyHi/sNIBvHm0+Ji0N0VDwZFtkJPGhIPzqyc9STDnxD/qYXyAh2TB27fCpo
zpLU6NrTQv77Qr7V1SJ8xZ8j5N0Ft1bLQ1L/M1sDvoYAXhAMtZONfOPev/90UTPqkWLH
e/gPaXbrddiFEVPUVMShmwaTL+MAfWkdb/OWebXf9Kg28hAT+9eZBnzNFhwmso0bTD8j
njorKvI9QjP4eI2m2RlLG8EjlGBTY9NM65YJ6M4KT/sniE1ZEnz7Pjo7NU7uc3Ea29Vw
uZdQ==
X-Gm-Message-State: AOJu0Yzhi5qztG0B6Hs6ZRr4dmZ17sMhOhAdMWnJJCHzEHs9y0+qeKFP
HP/+XG11+ti/kqMsQe6ZnkIsixYuw0zMqBKMTq1mw7Tbmbmkv00XlV4usT0GvSTWRY6JIBZHAmJ
Vs44mpABvSTfcVqdl6PVn/wWNxm87U/Oq
X-Google-Smtp-Source: AGHT+IFVC/ulSCcKrZ59KoTuCRJ5fTlGtD76MybC/ZwTc1UKCU7cJ8GfFyLWkmd8dL3LX1xovfRJHTuOAFtXkJkHdK8=
X-Received: by 2002:a05:6602:6015:b0:82a:4490:692a with SMTP id
ca18e2360f4ac-82d376e001fmr1288597439f.7.1726585947724; Tue, 17 Sep 2024
08:12:27 -0700 (PDT)
Received: from 326440123436 named unknown by gmailapi.google.com with
HTTPREST; Tue, 17 Sep 2024 11:12:27 -0400
MIME-Version: 1.0
From: Ezekiel Lumi
X-Streak-Sequence-Data: action-key=acn_CH6EQw0gYEZzASmHXA; recipient-key=rcp_CH6ELwg3d2R_0LhG8w
Date: Tue, 17 Sep 2024 11:12:27 -0400
Message-ID:
Subject: Domain Acquisition
To: root@nk.ca
Content-Type: multipart/alternative; boundary="00000000000016a2980622521e22"
X-Spam_score: 5.4
X-Spam_score_int: 54
X-Spam_bar: +++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi, Just a quick note to inform you that BroadbandAlberta.com
is on sale for just $299 Take advantage of this opportunity!
Content analysis details: (5.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.166.45 listed in dnsbl.ahbl.org]
[209.85.166.45 listed in dnsbl.ahbl.org]
[209.85.166.45 listed in dnsbl.ahbl.org]
[209.85.166.45 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.166.45 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.166.45 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.166.45 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.166.45 listed in dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.166.45 listed in wl.mailspike.net]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.166.45 listed in list.dnswl.org]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[elprodomains(at)gmail.com]
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
-0.0 T_SCC_BODY_TEXT_LINE No description available.
Subject: {SPAM?} Domain Acquisition
--00000000000016a2980622521e22
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi,
Just a quick note to inform you that BroadbandAlberta.com is on sale for
just $299
Take advantage of this opportunity!
Visit www.BroadbandAlberta.com to complete this acquisition or acquire via
godaddy marketplace
Warm regards
=E1=90=A7
--00000000000016a2980622521e22
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi,
Just a quick note to inform you that BroadbandA=
lberta.com is on sale for just $299
Take advantage of this opportuni=
ty!
Visit =C2=A0www.Broa=
dbandAlberta.com to complete this acquisition or acquire via godaddy ma=
rketplace
Warm regards
Just a quick note to inform you that BroadbandA=
lberta.com is on sale for just $299
Take advantage of this opportuni=
ty!
Visit =C2=A0www.Broa=
dbandAlberta.com to complete this acquisition or acquire via godaddy ma=
rketplace
Warm regards
=3D"width:0px;max-height:0px;overflow:hidden" src=3D"https://mailfoogae.app=
spot.com/t?sender=3DaZWxwcm9kb21haW5zQGdtYWlsLmNvbQ%3D%3D&type=3Dzeroco=
ntent&guid=3Da13395bf-df25-40e7-8727-f7badd775e92">
ff" size=3D"1">=E1=90=A7
--00000000000016a2980622521e22--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments