CAA Phish

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 26 Sep 2024 10:33:03 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1stnoL-000000003pi-1LdY

for dave@doctor.nl2k.ab.ca;

Thu, 26 Sep 2024 06:41:33 -0600

Resent-From: The Doctor

Resent-Date: Thu, 26 Sep 2024 06:41:33 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [78.135.89.157] (port=52170 helo=q98a11s1s1w.it)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

(envelope-from )

id 1stnFa-000000000yz-25bs

for doctor@netknow.ca;

Thu, 26 Sep 2024 06:07:06 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmx.de;

s=s31663417; t=1727352054; x=1727956854;

i=assistanceteammaj@gmx.de;

bh=tjNc44pbppA+/PPRfTWTvHI8LGsIBpIW7y03eBt6pX4=;

h=X-UI-Sender-Class:MIME-Version:Message-ID:From:To:Subject:

Content-Type:Date:cc:content-transfer-encoding:content-type:date:

from:message-id:mime-version:reply-to:subject:to;

b=nEqgRsd3omoTkYIQs9Yv6vr/fmf564v5TVrPsjQaBfbIWHRZm6PxR/DKNGQpu19V

on+brK8lE+g4j7UfJL8mb3g1YZOGmblDmlPzLUr2LwFBsyh/0c0hdqCFsFYARN5II

3XVq5XRpkGGL1Vx28hBY8o9JwiT6o3H6EeYoc/L0LpT3Ph//DT0+92nWbaTQ9Z/87

rvzMPY9GXNs7B2BIMU/lrwSELk6Dyp34Fggr45coAgZ3PcQsMZ0Kw58xgAawP2TQm

496oc5vDdi6HcYpzJL+ALXm6zn3FLSbBU+j1k6B6lDA/pP+XPKpqCZ0d6RU1zjI5I

i41s6ROiCLO/jPhuPQ==

X-UI-Sender-Class: 724b4f7f-cbec-4199-ad4e-598c01a50d3a

MIME-Version: 1.0

Message-ID:

From: Message from The CAA

To: utgolovep@gmail.com

Subject: Confirmation#1307

Content-Type: text/html; charset=UTF-8

Date: Thu, 26 Sep 2024 14:00:54 +0200

Importance: normal

Sensitivity: Normal

X-Priority: 3

X-Provags-ID: V03:K1:dACwKQweKc5IZ7oDxW/pntMvMEaew/K12jmjnZNPWhhrA79T41DRGz21h9MttO5Wc4YkB

chVFZPm4RAGG3cmsm9pgC4kMMAp5sfDLmcmyrpseo3u8DDFttt2xRi+0/dhH47XyE5Ma51B1jBI3

LXhLmEwAGJ1AgBfaeJ6P0OyqrNDA9o6JDWm0f6uwqOwACiNMFHsCeH/X2NrWU72rOrvIMD2gx0ea

1grkuHMjff4YEhOR/LOhxqTP5o5Y6cuPimdc5cUQ2bsz+fPrm0ZPsOjszc91qEqm2sP8hlDcrD9F

vE=

X-Spam-Flag: NO

UI-OutboundReport: notjunk:1;M01:P0:DTwE6M5FIrU=;vlBjXV+yjpewfQAZB0Sqn88FhGw

kx61FD949YzzHH/7Abvo2tWCoaG89pe0+j3zDKpTiOD0EgfEAYuFV0wGwUGSEt2QU1zFz+qff

MQyW/JjD91VdE5vmF0wKyplj0xb4DYA/nXx2hWICU556qq9PZqDXz4WwuTFIbCpd6b9Df/X4d

NG1LmJnoA6WT68buulEsEhJRNftrdaXw/UQ3CyobiYKriTmml0kVmXTMyDg4EBYIGzFeTvukQ

SJmk5pyWNu/MrWCd6EAB0i9uE9FRJL/X4pKKWch9PME2v/IKFuZ2dyOwYkvcU6WrZQQcHwhCk

H6zvzp1Xr8o4j32mgRbu+skq3i/I/QoeMMCnAt4EdnDeCRuMiP/H3nVodhuehMEZY3tOk6pwo

aniiCSRfms+NrCMxrBwCNb84y79Ee2vQmL4kThkVx8qyGxvMvRxsam2JK+1zCp4Ey5TLLbZ6L

gELC9yb1Pw9+ehaDkML0e6zkueTC1aCK2B+M2GndvAKtxoTYZ4tnpcMIMoBDcG8rFHwfDXiys

7lKi/Iz+diUlWvKQ/wtWuWmrmMyZvBpynDCssDgniCo92cSKO1XrSP1SG9xdFhHFVfsE3U2jI

mTEoYSPk1eAAzRSsZwInRNAd23m0IkCY142T+XPontbyh8jRJjwjsuqeJSOoRz9Dz7zzf1GBI

bFFKt4fznRAqkRcmgkKQutKBbAI+0d28oTbiJUuDaAjvUY/BdoV0PoT62r4az0yAYh5ODgBD+

gHTPPoRNi7TmJamjoqltGth61c0kIZwig==

X-Spam_score: 18.1

X-Spam_score_int: 181

X-Spam_bar: ++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Are you ready? Your emergency car kit is waiting for you!





Content analysis details: (18.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[78.135.89.157 listed in will-spam-for-food.eu.org]

[78.135.89.157 listed in will-spam-for-food.eu.org]

[78.135.89.157 listed in will-spam-for-food.eu.org]

[78.135.89.157 listed in will-spam-for-food.eu.org]

[78.135.89.157 listed in will-spam-for-food.eu.org]

[78.135.89.157 listed in will-spam-for-food.eu.org]

[78.135.89.157 listed in will-spam-for-food.eu.org]

[78.135.89.157 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[78.135.89.157 listed in dnsbl.ahbl.org]

[78.135.89.157 listed in dnsbl.ahbl.org]

[78.135.89.157 listed in dnsbl.ahbl.org]

[78.135.89.157 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[78.135.89.157 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[78.135.89.157 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[78.135.89.157 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[78.135.89.157 listed in dnsbl.ahbl.org]

0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[assistanceteammaj(at)gmx.de]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

1.9 SUBJ_LACKS_WORDS Subject is not short yet lacks words

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

2.9 GOOG_STO_NOIMG_HTML Apparently using google content hosting to avoid

URIBL

1.0 XPRIO Has X-Priority header

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} Confirmation#1307



Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA