Piano giveaway spam from Google Cloud
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 14 Feb 2025 07:04:01 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98 (FreeBSD))
(envelope-from
id 1tiwI6-000000001cC-47Ev
for dave@doctor.nl2k.ab.ca;
Fri, 14 Feb 2025 07:03:38 -0700
Resent-From: The Doctor
Resent-Date: Fri, 14 Feb 2025 07:03:38 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from 31.160.38.34.bc.googleusercontent.com ([34.38.160.31]:49846 helo=[10.88.0.3])
by doctor.nl2k.ab.ca with esmtp (Exim 4.98 (FreeBSD))
id 1tiv2L-00000000BEq-1PzA
for sales@nk.ca;
Fri, 14 Feb 2025 05:43:28 -0700
Content-Type: multipart/related; boundary="===============5863140637926314877=="
MIME-Version: 1.0
From: "Nelly Jay."
To: sales@nk.ca
Subject: =?utf-8?q?Steinway_and_Sons_Giveaway?=
X-Priority: 2
X-Spam_score: 29.6
X-Spam_score_int: 296
X-Spam_bar: +++++++++++++++++++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi, Hello, I hope you're doing well! I wanted to reach out
because I recently moved into a new apartment, and unfortunately, I don't
have the space for my piano anymore. It's a beautiful instrument, a [...]
Content analysis details: (29.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.4 MISSING_DATE Missing Date: header
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[34.38.160.31 listed in will-spam-for-food.eu.org]
[34.38.160.31 listed in will-spam-for-food.eu.org]
[34.38.160.31 listed in will-spam-for-food.eu.org]
[34.38.160.31 listed in will-spam-for-food.eu.org]
[34.38.160.31 listed in will-spam-for-food.eu.org]
[34.38.160.31 listed in will-spam-for-food.eu.org]
[34.38.160.31 listed in will-spam-for-food.eu.org]
[34.38.160.31 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[34.38.160.31 listed in sbl-xbl.spamhaus.org]
[34.38.160.31 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[34.38.160.31 listed in dnsbl.ahbl.org]
[34.38.160.31 listed in dnsbl.ahbl.org]
[34.38.160.31 listed in dnsbl.ahbl.org]
[34.38.160.31 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[34.38.160.31 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[34.38.160.31 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[34.38.160.31 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[34.38.160.31 listed in dnsbl.ahbl.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[34.38.160.31 listed in zen.spamhaus.org]
0.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[34.38.160.31 listed in zen.spamhaus.org]
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
[34.38.160.31 listed in zen.spamhaus.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Listed by XBL, see
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
0.0 TVD_RCVD_IP Message was received from an IP address
1.0 HK_RANDOM_FROM From username looks random
0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
[n1sdllldsm(at)gmail.com]
1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.0 XPRIO Has X-Priority header
1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
0.0 SPOOFED_FREEMAIL No description available.
1.5 SPOOF_GMAIL_MID From Gmail but it doesn't seem to be...
Subject: {SPAM?} =?utf-8?q?Steinway_and_Sons_Giveaway?=
--===============5863140637926314877==
Content-Type: text/html; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: base64
SGksCkhlbGxvLCBJIGhvcGUgeW91J3JlIGRvaW5nIHdlbGwhIEkgd2FudGVkIHRvIHJlYWNoIG91
dCBiZWNhdXNlIEkgcmVjZW50bHkgbW92ZWQgaW50byBhIG5ldyBhcGFydG1lbnQsIGFuZCB1bmZv
cnR1bmF0ZWx5LCBJIGRvbid0IGhhdmUgdGhlIHNwYWNlIGZvciBteSBwaWFubyBhbnltb3JlLiBJ
dCdzIGEgYmVhdXRpZnVsIGluc3RydW1lbnQsIGFuZCBJ4oCZbSByZWFsbHkgaG9waW5nIHRvIGZp
bmQgYSBnb29kIGhvbWUgZm9yIGl0LiAKSWYgeW91IGtub3cgYW55b25lIHdobyBtaWdodCBiZSBp
bnRlcmVzdGVkIGluIHRha2luZyBpdCwgSeKAmWQgcmVhbGx5IGFwcHJlY2lhdGUgaXQgaWYgeW91
IGNvdWxkIHJlZmVyIHRoZW0gdG8gbWUuIEnigJlkIGxvdmUgZm9yIGl0IHRvIGdvIHRvIHNvbWVv
bmUgd2hvIHdpbGwgZW5qb3kgaXQgYXMgbXVjaCBhcyBNeSBMYXRlIEh1c2JhbmQgZGlkLiAKVGhh
bmtzIGEgbG90ISBCZXN0LA==
--===============5863140637926314877==--