Domain name spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 17 Sep 2024 10:39:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1sqauX-00000000Kpb-1b9i
for dave@doctor.nl2k.ab.ca;
Tue, 17 Sep 2024 10:18:41 -0600
Resent-From: The Doctor
Resent-Date: Tue, 17 Sep 2024 10:18:40 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-lf1-f53.google.com ([209.85.167.53]:47383)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1sqZqI-00000000GW9-46UJ
for sales@nk.ca;
Tue, 17 Sep 2024 09:10:19 -0600
Received: by mail-lf1-f53.google.com with SMTP id 2adb3069b0e04-535be093a43so7107882e87.3
for; Tue, 17 Sep 2024 08:08:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1726585693; x=1727190493; darn=nk.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=uiEUqOtHt55KsCtmhXA47RgB5vGLLlq42jnU5/LArHs=;
b=TABfuClrjpk3iF5rnb1XOGXDqpERBnEnyWU/hYF8Y3aaJsaSNSaRVAWdOH2d80tIhy
o992H4+m+QgLAt4VECZafYHlK8M8JmFobe6/cN89y4kAFDoL0cNWL1MvN22fieO8oP76
otfSkb5mMG6OnbO+Sq800mYpD/8wVaJCeQtWX8pITr8sEjrDTcGSSGh/jOvUGIxEKwOV
doqDoIq/srgrNZthn4BpF5F9jD2l1JZUtnZlz3wQNEGmSilXr6z80B908YzBHXrfZKzK
cPhQgYXtpyUnC+6/uOCThP+7+0m+inYjNYjCpu+G9KtgduvDHGc4f3fquE9UTJWbye4d
Gf0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1726585693; x=1727190493;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=uiEUqOtHt55KsCtmhXA47RgB5vGLLlq42jnU5/LArHs=;
b=FkWy6sm5fRehVfGdsm9jFpjk+7gtpn2znKFOMx3C6RuIrsjCCIoCtRcNSWpxA/k6sc
VE9/YorIsozvQFP1jgXyTepMNrFY0HCFGv+kP7fE1NpigjwcP3Z1XG83CJNeryr7fpTb
uzQ/0P+NMcJqb4L13UNGNlFhALlp0w7WK56d53vV0CuKpTjWafSxFXTbmhNbdITCYScu
PegOxgJznke604SK+DjnBu1kQ9m9egkiFSHd6VWzbLGboxSa2/CuD0dLhVpQxcux6DKK
G65ZBikm+kfATSPoz1gjwszudHks8yVeVZs7hyCeJ8ws6Vp40p+CXI333hO0erzj2EAg
NKpQ==
X-Gm-Message-State: AOJu0YxWauo16SsAZLP0TenbcqGkQ8ejNVU3XDERQ/2Az0/jGzblTNSL
HzZNgDwqHvupkNM7ewZu0JKeBzmyc8DoXgY9H0AqHwNUyV4uAuyVzIXTx0on8bLuLAgOsmuay+x
9Lb7jqjEyCpGX+GdaCY4s+o87nSbfee4O
X-Google-Smtp-Source: AGHT+IEYZAu1MQBzdkdBenKb7qbGd52II1LUoMd6FyPAzJ8rq2nMxW3iJvtOMp9IjKodOj3KRmQmwQiZkeHoR1NpfJQ=
X-Received: by 2002:a05:6512:ba8:b0:530:ae4a:58d0 with SMTP id
2adb3069b0e04-53678fb1d2bmr10613355e87.8.1726585692790; Tue, 17 Sep 2024
08:08:12 -0700 (PDT)
Received: from 326440123436 named unknown by gmailapi.google.com with
HTTPREST; Tue, 17 Sep 2024 08:08:12 -0700
MIME-Version: 1.0
From: Ezekiel Laolu
X-Streak-Sequence-Data: action-key=acn_CH6ETPjt7XQQhGBDcA; recipient-key=rcp_CH6EPGCurs3NmMkIlw
Date: Tue, 17 Sep 2024 08:08:12 -0700
Message-ID:
Subject: Domain Acquisition
To: sales@nk.ca
Content-Type: multipart/alternative; boundary="000000000000e4a9b20622520eeb"
X-Spam_score: 6.4
X-Spam_score_int: 64
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi, Just a quick note to inform you that BroadbandAlberta.com
is on sale for just $299 Take advantage of this opportunity!
Content analysis details: (6.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.167.53 listed in dnsbl.ahbl.org]
[209.85.167.53 listed in dnsbl.ahbl.org]
[209.85.167.53 listed in dnsbl.ahbl.org]
[209.85.167.53 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.167.53 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.167.53 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.167.53 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.167.53 listed in dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.53 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.167.53 listed in list.dnswl.org]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[ezekielprodomains(at)gmail.com]
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} Domain Acquisition
--000000000000e4a9b20622520eeb
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi,
Just a quick note to inform you that BroadbandAlberta.com is on sale for
just $299
Take advantage of this opportunity!
Visit www.BroadbandAlberta.com to complete this acquisition or acquire via
godaddy marketplace
Warm regards
=E1=90=A7
--000000000000e4a9b20622520eeb
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
![3D""]()
=3D"width:0px;max-height:0px;overflow:hidden" src=3D"https://mailfoogae.app=
spot.com/t?sender=3DaZXpla2llbHByb2RvbWFpbnNAZ21haWwuY29t&type=3Dzeroco=
ntent&guid=3D36423add-c54a-4136-9b76-1392c8b5f4d8">
ff" size=3D"1">=E1=90=A7
--000000000000e4a9b20622520eeb--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 17 Sep 2024 10:39:02 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1sqauX-00000000Kpb-1b9i
for dave@doctor.nl2k.ab.ca;
Tue, 17 Sep 2024 10:18:41 -0600
Resent-From: The Doctor
Resent-Date: Tue, 17 Sep 2024 10:18:40 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-lf1-f53.google.com ([209.85.167.53]:47383)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98 (FreeBSD))
(envelope-from
id 1sqZqI-00000000GW9-46UJ
for sales@nk.ca;
Tue, 17 Sep 2024 09:10:19 -0600
Received: by mail-lf1-f53.google.com with SMTP id 2adb3069b0e04-535be093a43so7107882e87.3
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1726585693; x=1727190493; darn=nk.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=uiEUqOtHt55KsCtmhXA47RgB5vGLLlq42jnU5/LArHs=;
b=TABfuClrjpk3iF5rnb1XOGXDqpERBnEnyWU/hYF8Y3aaJsaSNSaRVAWdOH2d80tIhy
o992H4+m+QgLAt4VECZafYHlK8M8JmFobe6/cN89y4kAFDoL0cNWL1MvN22fieO8oP76
otfSkb5mMG6OnbO+Sq800mYpD/8wVaJCeQtWX8pITr8sEjrDTcGSSGh/jOvUGIxEKwOV
doqDoIq/srgrNZthn4BpF5F9jD2l1JZUtnZlz3wQNEGmSilXr6z80B908YzBHXrfZKzK
cPhQgYXtpyUnC+6/uOCThP+7+0m+inYjNYjCpu+G9KtgduvDHGc4f3fquE9UTJWbye4d
Gf0w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1726585693; x=1727190493;
h=to:subject:message-id:date:from:mime-version:x-gm-message-state
:from:to:cc:subject:date:message-id:reply-to;
bh=uiEUqOtHt55KsCtmhXA47RgB5vGLLlq42jnU5/LArHs=;
b=FkWy6sm5fRehVfGdsm9jFpjk+7gtpn2znKFOMx3C6RuIrsjCCIoCtRcNSWpxA/k6sc
VE9/YorIsozvQFP1jgXyTepMNrFY0HCFGv+kP7fE1NpigjwcP3Z1XG83CJNeryr7fpTb
uzQ/0P+NMcJqb4L13UNGNlFhALlp0w7WK56d53vV0CuKpTjWafSxFXTbmhNbdITCYScu
PegOxgJznke604SK+DjnBu1kQ9m9egkiFSHd6VWzbLGboxSa2/CuD0dLhVpQxcux6DKK
G65ZBikm+kfATSPoz1gjwszudHks8yVeVZs7hyCeJ8ws6Vp40p+CXI333hO0erzj2EAg
NKpQ==
X-Gm-Message-State: AOJu0YxWauo16SsAZLP0TenbcqGkQ8ejNVU3XDERQ/2Az0/jGzblTNSL
HzZNgDwqHvupkNM7ewZu0JKeBzmyc8DoXgY9H0AqHwNUyV4uAuyVzIXTx0on8bLuLAgOsmuay+x
9Lb7jqjEyCpGX+GdaCY4s+o87nSbfee4O
X-Google-Smtp-Source: AGHT+IEYZAu1MQBzdkdBenKb7qbGd52II1LUoMd6FyPAzJ8rq2nMxW3iJvtOMp9IjKodOj3KRmQmwQiZkeHoR1NpfJQ=
X-Received: by 2002:a05:6512:ba8:b0:530:ae4a:58d0 with SMTP id
2adb3069b0e04-53678fb1d2bmr10613355e87.8.1726585692790; Tue, 17 Sep 2024
08:08:12 -0700 (PDT)
Received: from 326440123436 named unknown by gmailapi.google.com with
HTTPREST; Tue, 17 Sep 2024 08:08:12 -0700
MIME-Version: 1.0
From: Ezekiel Laolu
X-Streak-Sequence-Data: action-key=acn_CH6ETPjt7XQQhGBDcA; recipient-key=rcp_CH6EPGCurs3NmMkIlw
Date: Tue, 17 Sep 2024 08:08:12 -0700
Message-ID:
Subject: Domain Acquisition
To: sales@nk.ca
Content-Type: multipart/alternative; boundary="000000000000e4a9b20622520eeb"
X-Spam_score: 6.4
X-Spam_score_int: 64
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi, Just a quick note to inform you that BroadbandAlberta.com
is on sale for just $299 Take advantage of this opportunity!
Content analysis details: (6.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
[209.85.167.53 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[209.85.167.53 listed in dnsbl.ahbl.org]
[209.85.167.53 listed in dnsbl.ahbl.org]
[209.85.167.53 listed in dnsbl.ahbl.org]
[209.85.167.53 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[209.85.167.53 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[209.85.167.53 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[209.85.167.53 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[209.85.167.53 listed in dnsbl.ahbl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[209.85.167.53 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.167.53 listed in list.dnswl.org]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[ezekielprodomains(at)gmail.com]
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} Domain Acquisition
--000000000000e4a9b20622520eeb
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi,
Just a quick note to inform you that BroadbandAlberta.com is on sale for
just $299
Take advantage of this opportunity!
Visit www.BroadbandAlberta.com to complete this acquisition or acquire via
godaddy marketplace
Warm regards
=E1=90=A7
--000000000000e4a9b20622520eeb
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Hi,
Just a quick note to inform you that BroadbandA=
lberta.com is on sale for just $299
Take advantage of this opportuni=
ty!
Visit =C2=A0www.Broa=
dbandAlberta.com to complete this acquisition or acquire via godaddy ma=
rketplace
Warm regards
Just a quick note to inform you that BroadbandA=
lberta.com is on sale for just $299
Take advantage of this opportuni=
ty!
Visit =C2=A0www.Broa=
dbandAlberta.com to complete this acquisition or acquire via godaddy ma=
rketplace
Warm regards
=3D"width:0px;max-height:0px;overflow:hidden" src=3D"https://mailfoogae.app=
spot.com/t?sender=3DaZXpla2llbHByb2RvbWFpbnNAZ21haWwuY29t&type=3Dzeroco=
ntent&guid=3D36423add-c54a-4136-9b76-1392c8b5f4d8">
ff" size=3D"1">=E1=90=A7
--000000000000e4a9b20622520eeb--
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments