Costco Phish from Google Gmail
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 29 Nov 2024 14:06:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from)
id 1tH8Af-0000000064D-2Txs
for dave@doctor.nl2k.ab.ca;
Fri, 29 Nov 2024 14:05:01 -0700
Resent-From: The Doctor
Resent-Date: Fri, 29 Nov 2024 14:05:01 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 82.83.155.104.bc.googleusercontent.com ([104.155.83.82]:40000 helo=sncf-connect.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from)
id 1tH86h-000000005sQ-3Tny
for root@nl2k.ab.ca;
Fri, 29 Nov 2024 14:01:00 -0700
Received: by sncf-connect.com (Postfix, from userid 1000)
id BF2B422ADEC; Fri, 29 Nov 2024 20:34:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=sncf-connect.com; s=20230601; t=1726561367; x=1727166167; dara=sncf-connect.com;
h=in-reply-to:references:subject:from:date:message-id:auto-submitted
:to:from:to:cc:subject:date:message-id:reply-to;
bh=wtoDS2/ZYmP6JTJR7Mo9X0oVUcuHiuU4XKK7bOHJOeQ=;
b=Nll/WDt2gQK3B1pLcBWnOeDo4ix8zlwU6y4wcQbET3e8Ud4yKxxayR97VfQaD/yEUB
/3lzrmI9aVrjMBKp4UBbzQEFy1CJ9o5KInk0Ue6G3N45uCA3KibMcA+hx3xlrX+tiQ7d
l5cSlBY1buJ29w5kVEMdgyVnBY3wARaW9fTRpkr29z3//BpwF1Ky4QG4nx42bq+y7GI/
fjLekQhu1kX0dCBNKI5S3BR9X+KLbFHRgJDrW5MAxF2G695yFOfybboVnR7bbN1LHnNC
VvJ4XTu8y6sgmXes+FmgCvhR0+deazi4IyT4hcGkUr3tgAZa7ZBs7/amS6XWB4t3ECbo
ThZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1726561367; x=1727166167;
h=in-reply-to:references:subject:from:date:message-id:auto-submitted
:to:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=wtoDS2/ZYmP6JTJR7Mo9X0oVUcuHiuU4XKK7bOHJOeQ=;
b=hKeB+IPnwQCcgtmF/hdw8S8R1s6Ma7WWp9Kzfw6x8bdfXSg3eKLVGu1tp8GHKbCiF8
KD3+7DgE3aTLFVqHFJWorhQAU1kw6iaNZOqIq8LVHess6499p84z9qr9GgSNmmDdSmfT
Of+JW8FjnLMsA4uJ+e1HMQwkEtvU6aN6UCegBZI6UDXC7bCG4E66F7ygIkEN9Sb+jU7g
QMbQYlq1vGWQqXN0LcHOeootC1R4sKfMC9H635FcQcjFV/rhkLs/kH4S1dTfhQs+DKo7
BwBla4YFwO7tuS7S9sYYpPyK1ZdI+vQ4Y52FOUKnMZN+AL3BhWPAb5aPNkElNYJ6G7CI
mTAg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@sncf-connect.com header.s=20230601 header.b="Nll/WDt2";
spf=pass (google.com: mail-sor-f69.google.com does not designate permitted sender hosts) smtp.helo=mail-sor-f69.google.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=sncf-connect.com;
dara=pass header.i=@sncf-connect.com
To: root@nl2k.ab.ca
From: "Support"
Subject: 500$ Costco voucher back in stock, with ZERO cost
List-Unsubscribe-Post: List-Unsubscribe=One-Click
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20241129204515.BF2B422ADEC@sncf-connect.com>
Date: Fri, 29 Nov 2024 20:34:42 +0000 (UTC)
X-Spam_score: 20.4
X-Spam_score_int: 204
X-Spam_bar: ++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello Don't miss out on this incredible opportunity to stock
your pantry.
Content analysis details: (20.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[104.155.83.82 listed in dnsbl.ahbl.org]
[104.155.83.82 listed in dnsbl.ahbl.org]
[104.155.83.82 listed in dnsbl.ahbl.org]
[104.155.83.82 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[104.155.83.82 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[104.155.83.82 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[104.155.83.82 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[104.155.83.82 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[104.155.83.82 listed in sbl-xbl.spamhaus.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[104.155.83.82 listed in zen.spamhaus.org]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: upsearching.com]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: upsearching.com]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: upsearching.com]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: upsearching.com]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
Subject: {SPAM?} 500$ Costco voucher back in stock, with ZERO cost
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 29 Nov 2024 14:06:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tH8Af-0000000064D-2Txs
for dave@doctor.nl2k.ab.ca;
Fri, 29 Nov 2024 14:05:01 -0700
Resent-From: The Doctor
Resent-Date: Fri, 29 Nov 2024 14:05:01 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 82.83.155.104.bc.googleusercontent.com ([104.155.83.82]:40000 helo=sncf-connect.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98 (FreeBSD))
(envelope-from
id 1tH86h-000000005sQ-3Tny
for root@nl2k.ab.ca;
Fri, 29 Nov 2024 14:01:00 -0700
Received: by sncf-connect.com (Postfix, from userid 1000)
id BF2B422ADEC; Fri, 29 Nov 2024 20:34:42 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=sncf-connect.com; s=20230601; t=1726561367; x=1727166167; dara=sncf-connect.com;
h=in-reply-to:references:subject:from:date:message-id:auto-submitted
:to:from:to:cc:subject:date:message-id:reply-to;
bh=wtoDS2/ZYmP6JTJR7Mo9X0oVUcuHiuU4XKK7bOHJOeQ=;
b=Nll/WDt2gQK3B1pLcBWnOeDo4ix8zlwU6y4wcQbET3e8Ud4yKxxayR97VfQaD/yEUB
/3lzrmI9aVrjMBKp4UBbzQEFy1CJ9o5KInk0Ue6G3N45uCA3KibMcA+hx3xlrX+tiQ7d
l5cSlBY1buJ29w5kVEMdgyVnBY3wARaW9fTRpkr29z3//BpwF1Ky4QG4nx42bq+y7GI/
fjLekQhu1kX0dCBNKI5S3BR9X+KLbFHRgJDrW5MAxF2G695yFOfybboVnR7bbN1LHnNC
VvJ4XTu8y6sgmXes+FmgCvhR0+deazi4IyT4hcGkUr3tgAZa7ZBs7/amS6XWB4t3ECbo
ThZA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1726561367; x=1727166167;
h=in-reply-to:references:subject:from:date:message-id:auto-submitted
:to:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=wtoDS2/ZYmP6JTJR7Mo9X0oVUcuHiuU4XKK7bOHJOeQ=;
b=hKeB+IPnwQCcgtmF/hdw8S8R1s6Ma7WWp9Kzfw6x8bdfXSg3eKLVGu1tp8GHKbCiF8
KD3+7DgE3aTLFVqHFJWorhQAU1kw6iaNZOqIq8LVHess6499p84z9qr9GgSNmmDdSmfT
Of+JW8FjnLMsA4uJ+e1HMQwkEtvU6aN6UCegBZI6UDXC7bCG4E66F7ygIkEN9Sb+jU7g
QMbQYlq1vGWQqXN0LcHOeootC1R4sKfMC9H635FcQcjFV/rhkLs/kH4S1dTfhQs+DKo7
BwBla4YFwO7tuS7S9sYYpPyK1ZdI+vQ4Y52FOUKnMZN+AL3BhWPAb5aPNkElNYJ6G7CI
mTAg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@sncf-connect.com header.s=20230601 header.b="Nll/WDt2";
spf=pass (google.com: mail-sor-f69.google.com does not designate permitted sender hosts) smtp.helo=mail-sor-f69.google.com;
dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=sncf-connect.com;
dara=pass header.i=@sncf-connect.com
To: root@nl2k.ab.ca
From: "Support"
Subject: 500$ Costco voucher back in stock, with ZERO cost
List-Unsubscribe-Post: List-Unsubscribe=One-Click
MIME-Version: 1.0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 7bit
Message-Id: <20241129204515.BF2B422ADEC@sncf-connect.com>
Date: Fri, 29 Nov 2024 20:34:42 +0000 (UTC)
X-Spam_score: 20.4
X-Spam_score_int: 204
X-Spam_bar: ++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hello Don't miss out on this incredible opportunity to stock
your pantry.
Content analysis details: (20.4 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
[104.155.83.82 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[104.155.83.82 listed in dnsbl.ahbl.org]
[104.155.83.82 listed in dnsbl.ahbl.org]
[104.155.83.82 listed in dnsbl.ahbl.org]
[104.155.83.82 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[104.155.83.82 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[104.155.83.82 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[104.155.83.82 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[104.155.83.82 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[104.155.83.82 listed in sbl-xbl.spamhaus.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[104.155.83.82 listed in zen.spamhaus.org]
2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist
[URI: upsearching.com]
1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URI: upsearching.com]
1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
[URI: upsearching.com]
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URI: upsearching.com]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 TVD_RCVD_IP Message was received from an IP address
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to
background
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
Subject: {SPAM?} 500$ Costco voucher back in stock, with ZERO cost
|
Trackbacks
Trackback specific URI for this entryThis link is not meant to be clicked. It contains the trackback URI for this entry. You can use this URI to send ping- & trackbacks from your own blog to this entry. To copy the link, right click and select "Copy Shortcut" in Internet Explorer or "Copy Link Location" in Mozilla.
No Trackbacks
Comments
Display comments as Linear | ThreadedNo comments