Piano giveaway spam from google

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 02 Nov 2024 18:44:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))

(envelope-from )

id 1t7Ohr-000000005n0-3kBG

for dave@doctor.nl2k.ab.ca;

Sat, 02 Nov 2024 18:43:03 -0600

Resent-From: The Doctor

Resent-Date: Sat, 2 Nov 2024 18:43:03 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 41.14.75.34.bc.googleusercontent.com ([34.75.14.41]:50542 helo=[10.88.0.9])

by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))

id 1t7N7G-000000000zV-0Jz5

for doctor@nk.ca;

Sat, 02 Nov 2024 17:02:11 -0600

Content-Type: multipart/related; boundary="===============8282189875764579939=="

MIME-Version: 1.0

From: "Shelly Shebly ."

To: doctor@nk.ca

Subject: =?utf-8?q?Piano_Giveaway_doctor=40nk=2Eca=3A?=

X-Priority: 2

X-Spam_score: 15.8

X-Spam_score_int: 158

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, I recently downsized to a smaller apartment and I'm

looking for someone who might be interested in taking my Steinway upright

piano. If you or anyone you know would love to have it, please let [...]



Content analysis details: (15.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.4 MISSING_DATE Missing Date: header

0.1 MISSING_MID Missing Message-Id: header

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.75.14.41 listed in dnsbl.ahbl.org]

[34.75.14.41 listed in dnsbl.ahbl.org]

[34.75.14.41 listed in dnsbl.ahbl.org]

[34.75.14.41 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.75.14.41 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.75.14.41 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.75.14.41 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.75.14.41 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_ZEN_BLOCKED_OPENDNS RBL: ADMINISTRATOR NOTICE: The query to

zen.spamhaus.org was blocked due to usage of an

open resolver. See

https://www.spamhaus.org/returnc/pub/

[34.75.14.41 listed in zen.spamhaus.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[34.75.14.41 listed in sbl-xbl.spamhaus.org]

0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL

was blocked. See

http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block

for more information.

[34.75.14.41 listed in list.dnswl.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Error: open resolver; ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.75.14.41 listed in will-spam-for-food.eu.org]

[34.75.14.41 listed in will-spam-for-food.eu.org]

[34.75.14.41 listed in will-spam-for-food.eu.org]

[34.75.14.41 listed in will-spam-for-food.eu.org]

[34.75.14.41 listed in will-spam-for-food.eu.org]

[34.75.14.41 listed in will-spam-for-food.eu.org]

[34.75.14.41 listed in will-spam-for-food.eu.org]

[34.75.14.41 listed in will-spam-for-food.eu.org]

0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is

CUSTOM_MED

0.0 TVD_RCVD_IP Message was received from an IP address

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[shellishelby6(at)gmail.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list

1.0 XPRIO Has X-Priority header

0.1 TO_IN_SUBJ To address is in Subject

0.7 BODY_URI_ONLY Message body is only a URI in one line of text or for

an image

0.0 SPOOFED_FREEMAIL No description available.

0.0 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...

Subject: {SPAM?} =?utf-8?q?Piano_Giveaway_doctor=40nk=2Eca=3A?=



--===============8282189875764579939==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: base64



SGVsbG8sCkkgcmVjZW50bHkgZG93bnNpemVkIHRvIGEgc21hbGxlciBhcGFydG1lbnQgYW5kIEkn

bSBsb29raW5nIGZvciBzb21lb25lIHdobyBtaWdodCBiZSBpbnRlcmVzdGVkIGluIHRha2luZyBt

eSBTdGVpbndheSB1cHJpZ2h0IHBpYW5vLiBJZiB5b3Ugb3IgYW55b25lIHlvdSBrbm93IHdvdWxk

IGxvdmUgdG8gaGF2ZSBpdCwgcGxlYXNlIGxldCBtZSBrbm93LiAKClRoYW5rIHlvdSBmb3IgeW91

ciBoZWxwIQ==



--===============8282189875764579939==--

Trackbacks

Trackback specific URI for this entry

This link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA