AAA Phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 26 Nov 2024 17:07:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1tG4dj-0000000050O-1D6v
for dave@doctor.nl2k.ab.ca;
Tue, 26 Nov 2024 16:06:39 -0700
Resent-From: The Doctor
Resent-Date: Tue, 26 Nov 2024 16:06:39 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [64.64.97.32] (port=37407 helo=eaqypbu.as-hawe-lire-i.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1tG4VN-000000004U7-3Y5n
for sales@netknow.ca;
Tue, 26 Nov 2024 15:58:07 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=netknow.ca;
h=Date:To:From:Subject:Content-Type:Mime-Version; i=sales@netknow.ca;
bh=7ijqK5U7ZBpZEvc5WwCRh28h23Y=;
b=dNFURF0n8ozGbUclDqcnU775jRugLxeY7z49mrfCDnBXW+KU8k8d9b2gRpBJcdRGukZN1qEqHxVV
iskALqCw3M6J/JR/8wt5s74PLvFZEO16u61w8y09SQGiXZX+iy6gJfw6oSitK9m3FurLCC58jCos
/YmWTqMC3uW6UM7zYSE=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=netknow.ca;
b=OAsNzcC6qFmELKasJhZf8CoNTW7nRVMnSt2g9dJ0gc4sn3294iQmVCH9/lGQyWjyDLGhxq9apljn
F4LdEAhTx4AeH8WE40Y4CprpM18XdCNqbKo8LDlKCO2gherW5wSyn5pIm55rDGgzko78Kuzo0Bzr
qbuWoBR/CbBbdeP9kUc=;
Date: Tue, 26 Nov 2024 22:55:51 +0000
To: sales@netknow.ca
From: AAA Surprise
Subject: important message for YOU =?UTF-8?B?8J+aqA==?=
Content-Type: text/html
Mime-Version: 1.0
X-Spam_score: 19.3
X-Spam_score_int: 193
X-Spam_bar: +++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Congrats, sales!
Content analysis details: (19.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[64.64.97.32 listed in dnsbl.ahbl.org]
[64.64.97.32 listed in dnsbl.ahbl.org]
[64.64.97.32 listed in dnsbl.ahbl.org]
[64.64.97.32 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[64.64.97.32 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[64.64.97.32 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[64.64.97.32 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[64.64.97.32 listed in dnsbl.ahbl.org]
0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URI: wee.so]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
3.4 DOS_BODY_HIGH_NO_MID High bit body and no message ID header
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
0.0 T_REMOTE_IMAGE Message contains an external image
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?} important message for YOU =?UTF-8?B?8J+aqA==?=
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Tue, 26 Nov 2024 17:07:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tG4dj-0000000050O-1D6v
for dave@doctor.nl2k.ab.ca;
Tue, 26 Nov 2024 16:06:39 -0700
Resent-From: The Doctor
Resent-Date: Tue, 26 Nov 2024 16:06:39 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [64.64.97.32] (port=37407 helo=eaqypbu.as-hawe-lire-i.com)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1tG4VN-000000004U7-3Y5n
for sales@netknow.ca;
Tue, 26 Nov 2024 15:58:07 -0700
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=netknow.ca;
h=Date:To:From:Subject:Content-Type:Mime-Version; i=sales@netknow.ca;
bh=7ijqK5U7ZBpZEvc5WwCRh28h23Y=;
b=dNFURF0n8ozGbUclDqcnU775jRugLxeY7z49mrfCDnBXW+KU8k8d9b2gRpBJcdRGukZN1qEqHxVV
iskALqCw3M6J/JR/8wt5s74PLvFZEO16u61w8y09SQGiXZX+iy6gJfw6oSitK9m3FurLCC58jCos
/YmWTqMC3uW6UM7zYSE=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=netknow.ca;
b=OAsNzcC6qFmELKasJhZf8CoNTW7nRVMnSt2g9dJ0gc4sn3294iQmVCH9/lGQyWjyDLGhxq9apljn
F4LdEAhTx4AeH8WE40Y4CprpM18XdCNqbKo8LDlKCO2gherW5wSyn5pIm55rDGgzko78Kuzo0Bzr
qbuWoBR/CbBbdeP9kUc=;
Date: Tue, 26 Nov 2024 22:55:51 +0000
To: sales@netknow.ca
From: AAA Surprise
Subject: important message for YOU =?UTF-8?B?8J+aqA==?=
Content-Type: text/html
Mime-Version: 1.0
X-Spam_score: 19.3
X-Spam_score_int: 193
X-Spam_bar: +++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Congrats, sales!
Content analysis details: (19.3 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
[64.64.97.32 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[64.64.97.32 listed in dnsbl.ahbl.org]
[64.64.97.32 listed in dnsbl.ahbl.org]
[64.64.97.32 listed in dnsbl.ahbl.org]
[64.64.97.32 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[64.64.97.32 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[64.64.97.32 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[64.64.97.32 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[64.64.97.32 listed in dnsbl.ahbl.org]
0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URI: wee.so]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.8 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
3.4 DOS_BODY_HIGH_NO_MID High bit body and no message ID header
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
0.0 T_REMOTE_IMAGE Message contains an external image
1.7 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.4 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
2.4 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
Subject: {SPAM?} important message for YOU =?UTF-8?B?8J+aqA==?=
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments