nk.ca credential phishing from Google User content

Posted by Dave Yadallee on Tuesday, June 16. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 07:28:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ7LP-00000000GJQ-31vb

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 07:27:15 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 07:27:15 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 196.17.127.34.bc.googleusercontent.com ([34.127.17.196]:54882 helo=[10.88.0.4])

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

id 1wZ5Uc-00000000Bep-1iyP

for root@nk.ca;

Mon, 15 Jun 2026 05:28:50 -0600

Content-Type: multipart/related; boundary="===============8017657657442611597=="

MIME-Version: 1.0

From: "Nagindas Khandwala College ."

To: root@nk.ca

Subject: =?utf-8?q?=5Broot=40nk=2Eca=5D=3A_Please_confirm_to_continue=2E?=

X-Priority: 2

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Nagindas Khandwala CollegeMail Hi Root

Content analysis details: (16.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.4 MISSING_DATE Missing Date: header

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[34.127.17.196 listed in bl.score.senderscore.com]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist

[URI: inbrowser.link]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: inbrowser.link]

0.0 TVD_RCVD_IP Message was received from an IP address

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

3.0 VOWEL_URI_7 RAW: URI hostname with 7+ consecutive vowels

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

1.0 IMPRO_URI_3 No description available.

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

1.0 IMPRO_URI_2 No description available.

0.1 TO_IN_SUBJ To address is in Subject

0.2 HELO_MISC_IP Looking for more Dynamic IP Relays

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} =?utf-8?q?=5Broot=40nk=2Eca=5D=3A_Please_confirm_to_continue=2E?=

Nagindas Khandwala CollegeMail

Hi Root

Please note root@nk.ca authentication expires 16 June, 2026.

Continue

Please continue to keep or change your password.

Regards,

Nk Mail

nk.ca credential phishing from Google User content

Posted by Dave Yadallee on Tuesday, June 16. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 07:28:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ7LG-00000000GJ8-2DZP

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 07:27:06 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 07:27:06 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 196.17.127.34.bc.googleusercontent.com ([34.127.17.196]:54884 helo=[10.88.0.4])

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

id 1wZ5Uc-00000000Bes-1j6n

for sales@nk.ca;

Mon, 15 Jun 2026 05:28:46 -0600

Content-Type: multipart/related; boundary="===============9205993337077454948=="

MIME-Version: 1.0

From: "Nagindas Khandwala College ."

To: sales@nk.ca

Subject: =?utf-8?q?=5Bsales=40nk=2Eca=5D=3A_Please_confirm_to_continue=2E?=

X-Priority: 2

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Nagindas Khandwala CollegeMail Hi Sales

Content analysis details: (16.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.4 MISSING_DATE Missing Date: header

0.1 MISSING_MID Missing Message-Id: header

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 TVD_RCVD_IP Message was received from an IP address

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: inbrowser.link]

0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist

[URI: inbrowser.link]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[34.127.17.196 listed in bl.score.senderscore.com]

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

3.0 VOWEL_URI_7 RAW: URI hostname with 7+ consecutive vowels

1.0 IMPRO_URI_2 No description available.

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

1.0 IMPRO_URI_3 No description available.

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.1 TO_IN_SUBJ To address is in Subject

1.0 XPRIO Has X-Priority header

0.2 HELO_MISC_IP Looking for more Dynamic IP Relays

Subject: {SPAM?} =?utf-8?q?=5Bsales=40nk=2Eca=5D=3A_Please_confirm_to_continue=2E?=

Nagindas Khandwala CollegeMail

Hi Sales

Please note sales@nk.ca authentication expires 16 June, 2026.

Continue

Please continue to keep or change your password.

Regards,

Nk Mail

nk.ca credential phishing from Google User content

Posted by Dave Yadallee on Tuesday, June 16. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 07:28:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ7LV-00000000GJX-0oeE

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 07:27:21 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 07:27:21 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 196.17.127.34.bc.googleusercontent.com ([34.127.17.196]:54908 helo=[10.88.0.4])

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

id 1wZ5Uf-00000000Bez-38AI

for doctor@netknow.ca;

Mon, 15 Jun 2026 05:28:50 -0600

Content-Type: multipart/related; boundary="===============2281347982039420509=="

MIME-Version: 1.0

From: "Netknow ."

To: doctor@netknow.ca

Subject: =?utf-8?q?=5Bdoctor=40netknow=2Eca=5D=3A_Please_confirm_to_continue=2E?=

X-Priority: 2

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: NetknowMail Hi Doctor

Content analysis details: (16.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.4 MISSING_DATE Missing Date: header

0.1 MISSING_MID Missing Message-Id: header

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[34.127.17.196 listed in bl.score.senderscore.com]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist

[URI: inbrowser.link]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: inbrowser.link]

0.0 TVD_RCVD_IP Message was received from an IP address

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

3.0 VOWEL_URI_7 RAW: URI hostname with 7+ consecutive vowels

1.0 IMPRO_URI_2 No description available.

1.0 IMPRO_URI_3 No description available.

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.1 TO_IN_SUBJ To address is in Subject

0.2 HELO_MISC_IP Looking for more Dynamic IP Relays

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} =?utf-8?q?=5Bdoctor=40netknow=2Eca=5D=3A_Please_confirm_to_continue=2E?=

NetknowMail

Hi Doctor

Please note doctor@netknow.ca authentication expires 16 June, 2026.

Continue

Please continue to keep or change your password.

Regards,

Netknow Mail

nk.ca credential phishing from Google User content

Posted by Dave Yadallee on Tuesday, June 16. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 07:28:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ7LL-00000000GJK-1kx3

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 07:27:11 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 07:27:11 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 196.17.127.34.bc.googleusercontent.com ([34.127.17.196]:54938 helo=[10.88.0.4])

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

id 1wZ5Uc-00000000Bf3-1jHx

for doctor@nl2k.ab.ca;

Mon, 15 Jun 2026 05:28:46 -0600

Content-Type: multipart/related; boundary="===============0563310363451842819=="

MIME-Version: 1.0

From: "Nl2k ."

To: doctor@nl2k.ab.ca

Subject: =?utf-8?q?=5Bdoctor=40nl2k=2Eab=2Eca=5D=3A_Please_confirm_to_continue=2E?=

X-Priority: 2

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Nl2kMail Hi Doctor

Content analysis details: (16.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.4 MISSING_DATE Missing Date: header

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 TVD_RCVD_IP Message was received from an IP address

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: inbrowser.link]

0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist

[URI: inbrowser.link]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[34.127.17.196 listed in bl.score.senderscore.com]

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

3.0 VOWEL_URI_7 RAW: URI hostname with 7+ consecutive vowels

1.0 IMPRO_URI_2 No description available.

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

1.0 IMPRO_URI_3 No description available.

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.1 TO_IN_SUBJ To address is in Subject

0.2 HELO_MISC_IP Looking for more Dynamic IP Relays

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} =?utf-8?q?=5Bdoctor=40nl2k=2Eab=2Eca=5D=3A_Please_confirm_to_continue=2E?=

Nl2kMail

Hi Doctor

Please note doctor@nl2k.ab.ca authentication expires 16 June, 2026.

Continue

Please continue to keep or change your password.

Regards,

Nl2k Mail

NK.ca credential phishing from Google user content

Posted by Dave Yadallee on Tuesday, June 16. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 07:28:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ7LL-00000000GJK-1kx3

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 07:27:11 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 07:27:11 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 196.17.127.34.bc.googleusercontent.com ([34.127.17.196]:54938 helo=[10.88.0.4])

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

id 1wZ5Uc-00000000Bf3-1jHx

for doctor@nl2k.ab.ca;

Mon, 15 Jun 2026 05:28:46 -0600

Content-Type: multipart/related; boundary="===============0563310363451842819=="

MIME-Version: 1.0

From: "Nl2k ."

To: doctor@nl2k.ab.ca

Subject: =?utf-8?q?=5Bdoctor=40nl2k=2Eab=2Eca=5D=3A_Please_confirm_to_continue=2E?=

X-Priority: 2

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Nl2kMail Hi Doctor

Content analysis details: (16.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.4 MISSING_DATE Missing Date: header

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 TVD_RCVD_IP Message was received from an IP address

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: inbrowser.link]

0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist

[URI: inbrowser.link]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[34.127.17.196 listed in bl.score.senderscore.com]

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

3.0 VOWEL_URI_7 RAW: URI hostname with 7+ consecutive vowels

1.0 IMPRO_URI_2 No description available.

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

1.0 IMPRO_URI_3 No description available.

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

0.1 TO_IN_SUBJ To address is in Subject

0.2 HELO_MISC_IP Looking for more Dynamic IP Relays

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} =?utf-8?q?=5Bdoctor=40nl2k=2Eab=2Eca=5D=3A_Please_confirm_to_continue=2E?=

Nl2kMail

Hi Doctor

Please note doctor@nl2k.ab.ca authentication expires 16 June, 2026.

Continue

Please continue to keep or change your password.

Regards,

Nl2k Mail

NK.ca credential phishing from Google user content

Posted by Dave Yadallee on Tuesday, June 16. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 07:28:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ7LZ-00000000GJl-2i9t

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 07:27:25 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 07:27:25 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 196.17.127.34.bc.googleusercontent.com ([34.127.17.196]:35626 helo=[10.88.0.4])

by doctor.nl2k.ab.ca with esmtp (Exim 4.99.3 (FreeBSD))

id 1wZ5Uc-00000000BfB-1ivE

for doctor@nl2k.ca;

Mon, 15 Jun 2026 05:28:50 -0600

Content-Type: multipart/related; boundary="===============2730067943277651949=="

MIME-Version: 1.0

From: "Nl2k ."

To: doctor@nl2k.ca

Subject: =?utf-8?q?=5Bdoctor=40nl2k=2Eca=5D=3A_Please_confirm_to_continue=2E?=

X-Priority: 2

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Nl2kMail Hi Doctor

Content analysis details: (16.2 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.4 MISSING_DATE Missing Date: header

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

[34.127.17.196 listed in will-spam-for-food.eu.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[34.127.17.196 listed in bl.score.senderscore.com]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[34.127.17.196 listed in dnsbl.ahbl.org]

0.0 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist

[URI: inbrowser.link]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: inbrowser.link]

0.0 TVD_RCVD_IP Message was received from an IP address

0.5 URI_NOVOWEL URI: URI hostname has long non-vowel sequence

1.5 MR_STRANGE_QUESTION URI: No description available.

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

3.0 VOWEL_URI_7 RAW: URI hostname with 7+ consecutive vowels

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

1.0 IMPRO_URI_2 No description available.

1.0 IMPRO_URI_3 No description available.

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.4 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS

1.0 XPRIO Has X-Priority header

0.1 TO_IN_SUBJ To address is in Subject

0.2 HELO_MISC_IP Looking for more Dynamic IP Relays

Subject: {SPAM?} =?utf-8?q?=5Bdoctor=40nl2k=2Eca=5D=3A_Please_confirm_to_continue=2E?=

Nl2kMail

Hi Doctor

Please note doctor@nl2k.ca authentication expires 16 June, 2026.

Continue

Please continue to keep or change your password.

Regards,

Nl2k Mail

Geek squad phish from Google Gmail Part 3

Posted by Dave Yadallee on Tuesday, June 16. 2026

Billing Information
The renewal charge $604.24 is scheduled for processing within the next 24 hours using the payment method currently associated with your account. Once completed, the transaction may appear on your account statement or service invoice.

Please review the details above carefully and retain this notice for your records.

Important note
Kindly note that support for BestBuy services is provided online only. Please do not visit any physical store. If you need help, please contact our support number.

Customer Support Center
+1 (806) 300-2141
+1 (831) 529-6347

--===============0923675148627177337==--

Geek squad phish from Google Gmail Part 2

Posted by Dave Yadallee on Tuesday, June 16. 2026

Geek Squad

Invoice Date: Monday, June 15, 2026
Invoice No: #14099732
Payment Id: 14744JMN-351UOG-681RDM101

Your package is on its way!

Hello Doctor

This notice confirms that your membership for Geek Squad Premium Protection has been successfully renewed for the upcoming 5 Years service period. Your account remains active, and all associated benefits and services will continue without interruption.

We sincerely appreciate your continued confidence in our services and look forward to serving you throughout another year of membership.

Geek squad phish from Google Gmail Part 1

Posted by Dave Yadallee on Tuesday, June 16. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 07:29:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ7Mf-00000000GLi-1uiN

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 07:28:33 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 07:28:33 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oa1-f48.google.com ([209.85.160.48]:44080)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ6Pp-00000000DmB-1HI6

for doctor@nl2k.ab.ca;

Mon, 15 Jun 2026 06:27:55 -0600

Received: by mail-oa1-f48.google.com with SMTP id 586e51a60fabf-43d23173511so1997698fac.0

for ; Mon, 15 Jun 2026 05:26:58 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1781526412; x=1782131212; darn=nl2k.ab.ca;

h=priority:importance:subject:from:to:mime-version:date:message-id

:from:to:cc:subject:date:message-id:reply-to;

bh=Ch/ncDY9xnevh5iFtEBQ1olxaY6BQH5ajcHZyxI45N0=;

b=J3RKOlA0mMzFBC2KPck6S6LAuJrnz75kTfGH2+UIq9HAuIyHLQJPHlcIuAdQHorEUU

g2ohp7ukOpRot6zVsh35GpeIwWLuxJNvL3/k74KXaRE6LuAmzqSN0lcH8wc586CS8GFs

lmiaPcgJMIknhSMDt/HY4l3zQ6dzVDuEkKfm8BnjOUuUlm/+j1bdKT6Q6WnOIJKUbK+j

Xp7RKTEyoT03wpX9jq9bqzRxIORlz5Kbs8XxFjsJS+ZJ7Qi1osztEiw38CT6i8+PEyIC

yx6U2AIIkcEsnD1a41tVERaFLeDmrXXGRVyAIWD2rCOsEwDsGepixyIGB28Fa4yOtAP/

Pwjw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781526412; x=1782131212;

h=priority:importance:subject:from:to:mime-version:date:message-id

:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=Ch/ncDY9xnevh5iFtEBQ1olxaY6BQH5ajcHZyxI45N0=;

b=CBH0HecjM92F9KeQS3JQXs68aom4SrlSvaMea7Wb5wb1nhXpVFW41UuUzKPkS882gn

/ybhSTYrBLibY7umF0q9aXgTMdoJVm1JFeHbQZ6q5ApLhGirhHCeb+dgGf4TB3K01CSQ

E4QG/MF/pAQHbYCDXPuF2DJKU1sXLLcID5PGbn/14xSseKnzaMq0OmzxVQGum9gCe6Nd

p2CSHt8NrTFtHRQcRWanRsGv7ZGA/Sh/AnZqUd99eLohPLzJAC8/aoGrujKQ8H6zg188

HudfkD1ekzPoS166L9d/my4mneo1FgjA7QahXOWzLdqwOBzvUb35c5s76DnwQ6WhhhIy

hZMw==

X-Gm-Message-State: AOJu0YxErPqqNsP+NFkqichakV6sfOcpj3dNw+K+njvwNQI57VR4HiHE

X3/hvZE8Zy8K/xBQRo4Vfg+agyUD5NkBeV+7/4n13TuOCoY4ss/XQfiQOYHFPhKbp3SNhA==

X-Gm-Gg: Acq92OFZdPkETfZTYh4JlNk+LqG/jMUeSfYeju7ohtAFqkAsTOnsMGMUDB+YkSFZP9p

EDXsn9ZlliSGkm/I1uWEfND9n4OmahWM6AG+3oDnyjb8Xp1vL9NNWTOvi8SmaEK3Y7WnlUv96CL

/WQhysOsPTtP0PqaKO+YE0pfENHbh+j5Mn/GaSJPG/mdTqwOlcyHI/wpYlQIhxVJK+pE96pKw/n

A16U8Yf0k4SVo2L81qlXeZYgyngcoXKj3WermLF/h1wnZiimxxXn8YropYt+LkiXwnHCZmQ+kj7

CE1U7tYaL5rn25IJT4hND77CMdk2eOqc3yJB3vQg9JNXWqXT5lE11E5jwBQ0RIA0czKJzxRGgPy

CyFBjgD+N6FcYZuHQpBXdLXzweWQxTYFcawfwKCUaNir6BhQxFovy3yknSHnNO73jVONzlUKcYW

dWq6WJ8zZBKT8nZpISSR4Ra3WKSiA5D5oQoDotRutMeNDrOwA3sZlGqyqg

X-Received: by 2002:a05:6820:2d0b:b0:69e:3a55:a649 with SMTP id 006d021491bc7-69edc703d82mr8954255eaf.33.1781526412101;

Mon, 15 Jun 2026 05:26:52 -0700 (PDT)

Received: from [10.223.1.112] ([43.157.243.31])

by smtp.gmail.com with ESMTPSA id 006d021491bc7-69f00d5e926sm2945949eaf.8.2026.06.15.05.26.51

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Mon, 15 Jun 2026 05:26:51 -0700 (PDT)

Message-ID: <6a2fef8b.131d4d69.2a883f.752d@mx.google.com>

Date: Mon, 15 Jun 2026 05:26:51 -0700 (PDT)

Content-Type: multipart/mixed; boundary="===============0923675148627177337=="

MIME-Version: 1.0

to: Doctor

from: Doctor

subject: Confirmation: Your Invoice #14099732 is Prepped for Shipping

Importance: normal

Priority: normal

--===============0923675148627177337==

Content-Type: text/html; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

Waybill phish from Amazon Part 2

Posted by Dave Yadallee on Tuesday, June 16. 2026

96

Notification

src="https://www.newsbreakexpress.com/t/email_saas/image?trk=t01.cCXs0AHZTO6Zani0DG53uKYq7nIgi1I8n588PgDoVQCTOxx76TM661e07fLDhAMukjHAh9W_3sqccmKJgZoQxhkrISiE075la4_VXJ69EFiqctvQxODw5dVLlH5LuxVvqMrXT-Vw7-mlMbQxshhlhMsQvLV2zxEYgU2nrH_gDHv6WZ_l8v6rUQSyqTsp14bugA1zfZGAtVW1BZbw_-xr4M1KWS5AYaqBiUPTgmq8CxQisx14Plt2iORNZCz2JPMb3_IOGsbgHVatpvZ9GaV17iPlewN3arbbzuWDnP5wW0dt1gAn3punzJ_Is2kAkFnq6e3F7Egw3HO6InGXt-5a_yseAysFjZZNypLRTqytmxxpg6LOOwnwZXpcyB7z0Qm1sBA85fQzGuOC2tyueFtRvi9sKWzpU9AH_qJbYGdpK07IK-bkzj7WTSDuOQa-43821Vuoyue7anxWOQ"

alt=""

width="600"

border="0"

style="display:block;width:100%;max-width:600px;height:auto;border:0;outline:none;text-decoration:none;"

>

This notification was sent regarding recent activity associated with your order.

Waybill phish from Amazon Part 1

Posted by Dave Yadallee on Tuesday, June 16. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 07:29:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ7MX-00000000GLX-3X3h

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 07:28:25 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 07:28:25 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from a27-153.smtp-out.us-west-2.amazonses.com ([54.240.27.153]:52275)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from <0101019ecb2ae285-bb5e014f-f97a-4126-9abc-e562457ebb32-000000@digest.newsbreakexpress.com>)

id 1wZ63o-00000000Cy8-0uAm

for doctor@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 06:05:07 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=vcn3ctxxq7jrv3vfoeigm6hhyacuzucu; d=newsbreakexpress.com;

t=1781525046;

h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Date;

bh=sk2DdLFg22bGl2yhjLLp3yWrcjzKWkIBJiunBBTq3kw=;

b=AnITeJk3OWZHIeKbivyXcqb7nivAKDbg+Na419cA+ejLfNe8xMkGiNKfmCzSSv4U

PDQbXHTobMiRBwItQE2fxWEY1P+9nlZQOnmcAlomiE365bR2Ic+70HDqtuyGZ+QjwgU

Xkym6yNWDLv+KRlNpIAdO1XKzljyNp9Numi5SCCX8+WkJ/owMydW7rwwLboSKhHsx91

pBr9sObMxir90/3XnIyjME5PSpwVbuMYtKa/2f3jxNgi/2hgNICOlMmbaflynDKt58f

ZjqJtSps9UcdrEWh/+sW9ZicDLsSPf1Lcprk7mIANKYO4/GgG3YdUm5QdNiHZylZpjW

Wt4QslO5sg==

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;

s=hsbnp7p3ensaochzwyq5wwmceodymuwv; d=amazonses.com; t=1781525046;

h=From:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Date:Feedback-ID;

bh=sk2DdLFg22bGl2yhjLLp3yWrcjzKWkIBJiunBBTq3kw=;

b=IxCgUtFna56CZYuAPuDbkicdADk3qmPw+38GYEwWJWkdsakfiuGcd+vwEnY0TOO/

laYdj9diFpMRxmLaMRUhizHnK7QUN+901fiqa+4Z2zhShB5lwacAv9iAv5H5ZlMpLdy

R2j5/OaeYFGNTip6Tdu0LhcVn9Q2ERYU2f1x+asA=

From: On Demand Delivery Team

To: doctor@doctor.nl2k.ab.ca

Subject: Update Delivery Terms Waybill No. 457361001 Order

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit

Message-ID: <0101019ecb2ae285-bb5e014f-f97a-4126-9abc-e562457ebb32-000000@us-west-2.amazonses.com>

Date: Mon, 15 Jun 2026 12:04:05 +0000

Feedback-ID: ::1.us-west-2.OinDZMqjOcNoOy6zaYLTzKxdnNODYCeCwSkhQm8wu/c=:AmazonSES

X-SES-Outgoing: 2026.06.15-54.240.27.153

X-Spam_score: 5.4

X-Spam_score_int: 54

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Notification This notification was sent regarding recent

activity associated with your order.

Content analysis details: (5.4 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[54.240.27.153 listed in will-spam-for-food.eu.org]

[54.240.27.153 listed in will-spam-for-food.eu.org]

[54.240.27.153 listed in will-spam-for-food.eu.org]

[54.240.27.153 listed in will-spam-for-food.eu.org]

[54.240.27.153 listed in will-spam-for-food.eu.org]

[54.240.27.153 listed in will-spam-for-food.eu.org]

[54.240.27.153 listed in will-spam-for-food.eu.org]

[54.240.27.153 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[54.240.27.153 listed in dnsbl.ahbl.org]

[54.240.27.153 listed in dnsbl.ahbl.org]

[54.240.27.153 listed in dnsbl.ahbl.org]

[54.240.27.153 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[54.240.27.153 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[54.240.27.153 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[54.240.27.153 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[54.240.27.153 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

2.0 GR_DOMAIN_AMAZON1 Received contains spam friendly host (amazon)

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[54.240.27.153 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 T_REMOTE_IMAGE Message contains an external image

-1.0 RCVD_IN_MSPIKE_H5 RBL: Excellent reputation (+5)

[54.240.27.153 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[54.240.27.153 listed in bl.score.senderscore.com]

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

Subject: {SPAM?} Update Delivery Terms Waybill No. 457361001 Order

<br /><br /> <br /><br />

funding for your projects spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on Tuesday, June 16. 2026

--_000_AS8P195MB204618E45D636BD638305C929EE62AS8P195MB2046EURP_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Dear Sir/Madam,

For your personal or professional projects, we offer financing solutions ta=

ilored to your needs and objectives.

Our expertise allows us to offer:

Loans with competitive terms

Financing for real estate projects

Support for growing businesses

Short, medium, and long-term financing solutions

We are committed to providing you with:

Attractive interest rates

Flexible and tailored repayment terms

Fast processing of your application

Rigorous and personalized monitoring of your file

If you wish to submit a financing request, please provide us with the follo=

wing information:

Full name

Complete address and contact details

Nature of the project or purpose of the financing

Amount requested

Desired financing period

All information provided will be treated with the strictest confidentiality=

and in accordance with applicable security standards.

We remain at your disposal for any further information and look forward to =

reviewing your application.

Please accept, Madam/Sir, the expression of our distinguished greetings.

--_000_AS8P195MB204618E45D636BD638305C929EE62AS8P195MB2046EURP_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

1">

uot;Helvetica", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Dear Sir/Madam,

For your personal or professional projects, we offer financing solutions ta=

ilored to your needs and objectives.

Our expertise allows us to offer:

Loans with competitive terms

Financing for real estate projects

Support for growing businesses

Short, medium, and long-term financing solutions

We are committed to providing you with:

Attractive interest rates

Flexible and tailored repayment terms

Fast processing of your application

Rigorous and personalized monitoring of your file

If you wish to submit a financing request, please provide us with the follo=

wing information:

Full name

Complete address and contact details

Nature of the project or purpose of the financing

Amount requested

Desired financing period

All information provided will be treated with the strictest confidentiality=

and in accordance with applicable security standards.

We remain at your disposal for any further information and look forward to =

reviewing your application.

Please accept, Madam/Sir, the expression of our distinguished greetings.
iv>

uot;Helvetica", sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

--_000_AS8P195MB204618E45D636BD638305C929EE62AS8P195MB2046EURP_--

funding for your projects spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on Tuesday, June 16. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 07:27:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ7L9-00000000GIY-1jzP

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 07:26:59 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 07:26:59 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-francecentralazolkn19013087.outbound.protection.outlook.com ([52.103.46.87]:45529 helo=PA4PR04CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ5Q1-00000000BTJ-1hjb

for doctor@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 05:24:03 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=BEcJ5mCYw7dW5+i9EfXPPjl4U48mzJcsUlrPC02U+misXpz62+05Jxg25bPthQmrSrtuwCJIxjjWm0SAqTyXYQKoAKWOLRJpnkLPg6hElSReGoJsHSFzam9WuotEIW+5dCKlmv0EVC9nqIoYWagIEzI1QoB0yqiL5DNXCIDurp6nhf4/4lT/IJxi3O0dpjix0u/WPC9URzrfZATpyxO/Icrc2kV64nBGE9+1zkn6tdTP9ev6ZHHTQN+FEhLHYy22DmYp99S/YBXVEJzwzgQiamIYzfUJJylUqPJPND2qHJ6TqnIVQ37p0EZWzgsV+jMdR2wlSU84qBO838JMCD1Jug==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=xcmtfw6Y5bvsL6zUHvkJDRDephbTWesHDnN4H9PzkwI=;

b=UwSbkXvyPGCPShI566N/lHMUKYV9OWl00brENK97kyZ/h49e8lXqKDwIx+4dSjJ6PV3fLcXuyv/PpQODxi5lSdclxWKgE6jFdBz4xUG9VD019QZOGtv0ArkIkCAkHz8z+4V80PUkzMU0B1F03JS+hilj2SPXpOt8BJQAZklOPxeEWw7GVohomodMLbx0ckzhpoNr7K/qMldHCS5llWXJowi8kTGn+lIpW3D6cVm74BeUho9An36fCWviA7zV3iYynQtJRzOL3KZsGQG5H/FEzaurJmKz0MTTAkzFsxRIiPf1TjsnxEwYY/tte2aUDp599hSROPMgzEE7hkaBz+U16A==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=xcmtfw6Y5bvsL6zUHvkJDRDephbTWesHDnN4H9PzkwI=;

b=IlZga4Upyxop0VJgt53ap86OX3kidAcoOmfWv1strjcyyskUkoawGLgFSwkFGohGwyL66asnz/s1n5qDgcCf4Olf2otgu3GRhnMfMoBTrOiRcPbLjbW/W44haYrQ4Iy6HgvD++fpbNuR1yd387B1n+Mlvq56Zy+KmEw1SN7wPVO0Dd5XdjVr8v4AY7keuab4GsY9l1O/GwrTgU+3Ma51thPDzKjQdRJmXhrFfdnQqtfA9QzaZHzj/k0bAdKJHZSqbX/NMqXGxOUGA0QTuomhmL3rxPkbVIjDHf3vE1ooATwcQyy9D4cBJokpWQXeCRS/FFbakUM1lNB5P754Qy2cOQ==

Received: from AS8P195MB2046.EURP195.PROD.OUTLOOK.COM (2603:10a6:20b:53d::9)

by FR8P195MB3307.EURP195.PROD.OUTLOOK.COM (2603:10a6:d10:1b4::11) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.113.18; Mon, 15 Jun

2026 11:22:55 +0000

Received: from AS8P195MB2046.EURP195.PROD.OUTLOOK.COM

([fe80::4e3a:fa0f:804f:b1d0]) by AS8P195MB2046.EURP195.PROD.OUTLOOK.COM

([fe80::4e3a:fa0f:804f:b1d0%5]) with mapi id 15.21.0113.015; Mon, 15 Jun 2026

11:22:55 +0000

From: chantal phillipe

To: "ado.philippe85@gmail.com"

Subject: FUNDING FOR YOUR PROJECTS

Thread-Topic: FUNDING FOR YOUR PROJECTS

Thread-Index: AQHc/LkBONZA06ittE2DNC/w95CDSw==

Date: Mon, 15 Jun 2026 11:22:54 +0000

Message-ID:

Accept-Language: fr-FR, en-US

Content-Language: fr-FR

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: AS8P195MB2046:EE_|FR8P195MB3307:EE_

x-ms-office365-filtering-correlation-id: 8818616a-c70e-4db5-cd0c-08decad071e1

x-microsoft-antispam:

BCL:0;ARA:14566002|15080799012|15030799006|24021099003|22091999003|31061999003|19110799012|8062599012|8060799015|24121999003|12121999013|55001999006|7071999006|20031999006|24071999003|39105399006|41001999006|56899033|102099032|35041999009|40105399003|41105399003|43065399003|26131999018|3412199025|440099028|26121999007|12091999003|18061999006;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?013+vtzeKzZ8lEYjIxn6cBCBw0PfGIuB0rqudWJytIpyHw+svcXxzdOdxu?=

=?iso-8859-1?Q?3K79jUwIlfyk+6vKTD/l5WNJtXnBHhqR4m2yZ6VTGyBygVuEWIZ95AFmRi?=

=?iso-8859-1?Q?cxuy3esd49z8q4zL8FXEtoqcT64aalNW2Pdzt4YdZiS+Ssr3KlA732pp9b?=

=?iso-8859-1?Q?AY8GRMr4NGKnna4STAaB1Cd9UuDZEU1IIhgZtG9TwQuoN2aSJXIVfOoZtk?=

=?iso-8859-1?Q?uH8ZRhnnC8AWRsId3h4ps/MhmU49vHVVKzVmZRpK0inoVZCDLiqWU4qQQB?=

=?iso-8859-1?Q?KRpp4u+05QOxDY6mxd4kTfaLw1gpcjHPjOWnELcRreApK9G6NM1zg5gJbc?=

=?iso-8859-1?Q?VWlBKuL35e4qAXY/7QQy3RoFVukDkKn3IIrrHrWP2b/dJePW2M5Aeqz0zR?=

=?iso-8859-1?Q?2qLp85PVRtpu19mRAy8WCpoOgZ2D1wIuZRZ58P7o0ttJ4bm5AB45HUyDKZ?=

=?iso-8859-1?Q?y/fvjJmY63lkMKXfC27aamFWpab+/zW/GwTwa1Cd6RzSCE+7kHvhEHTwix?=

=?iso-8859-1?Q?A6oAs3GgVGjyR4fZ3FjH6SOczZQ0sc2UD615DIkb7R90NFFL65IZbSaId0?=

=?iso-8859-1?Q?vvQwB2WpsJh2zyvyd6OT9390/lKpUEKaMxPZy8xJAUlTtvi1GE5FYNf1fW?=

=?iso-8859-1?Q?GsTuZUT4des0fK0Cs7VdSBr1nHdzkb4CJuiRk3/XHZZs2jL9EKDq7n3k3l?=

=?iso-8859-1?Q?xc5B5QmlMi+tZHuPU3L/+tViT968HhwpVOdyRwi3X27oX5DwdXlHDMRIMu?=

=?iso-8859-1?Q?Awy1o+tib160spdvbUV+vbppLslzcOxg40gzLaOfeYcA99KvSntOC74Kkw?=

=?iso-8859-1?Q?7L65tmc5AwtefIw757ZV6UnGyVPAzXHh0wGNoTA/6gJRPV+ylq97TJAB5s?=

=?iso-8859-1?Q?5q0fMWWNIAP+GpXExcg/iwiMJrvIseGTdJHHoIBamtJsZUVZOxjkfZigp1?=

=?iso-8859-1?Q?45iqkfq8mSQAaKVJy6G+lXDQJEpjvxlCAJ23c14G81fVClintiflVqzYuq?=

=?iso-8859-1?Q?IHN0TK21/cuURdLJiQDM4DnaJONWwQvRJckUJc3dtVjsAIeUGVeGM3pLjg?=

=?iso-8859-1?Q?5mxNzFrbferOqDxESM5IF9N4oY5JyYu1fji+lwdZa036EJ6TrUNWsxdbBv?=

=?iso-8859-1?Q?3yQcDVtPkk4I6+wjfm0XhvgOUjYQu2OfMLw+QXRXGgT1DOl9/KJdnssZYH?=

=?iso-8859-1?Q?f15nkFbJKoDwb5rYggKlcsEU/KTPBLMNy3qKoNSQ7ZC1fbMPAD5xnCglcx?=

=?iso-8859-1?Q?hAQPFieNQrOA7MpRWZV0aw9ZJNCg6L3Mo8Pk2pYdyY2/2pENv31Dh0nKyO?=

=?iso-8859-1?Q?/ha2JzXT9fuJ+JbGiyfuGLmU1JQfT32RENmhi7d5vf2E8Py/69bIa7hTKN?=

=?iso-8859-1?Q?FlobqPKR5l64boOSouXu31rqCJujCRQ/mDpuf/GZi5FKnw6N68wd1fHoQt?=

=?iso-8859-1?Q?d7BHCRP7BGLd0vsaCtkhhcQOre5SKq9FSBJIfzLKif5+bxpzNmqeFo0xBc?=

=?iso-8859-1?Q?k5JUJztIH7GKLoY7sX5rcz?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?/2g1tOBmRkv3Q2FoD4F+QS7UPgR6q36r1LasPvcX9kAx+YKXML5Iv3San8?=

=?iso-8859-1?Q?6kZyCSVbuR1zfudE7JOkGRq1CghIB1JeFyjof8Y0zccMUvBu9EKyRyo+F9?=

=?iso-8859-1?Q?8U1POGSBEtAu8tqqPiq0Knfd+rdCUgUhFeet0abx6QMqs1iaq0XugrVWMJ?=

=?iso-8859-1?Q?o9cPi/gS+HTo4QlwicQOBwxDy/I9NyWPcJEUaOLK1ud556E56hgBjtB/Q/?=

=?iso-8859-1?Q?3fE5GKkLd358bKjk4slTPr2vE+UBHzpoN6W1fseGPdYN1uyzGTShRkLXbl?=

=?iso-8859-1?Q?NzMKXrar/DxwySJFRq/AFFSbAq5cQBzAfumamZ0fOy+R3Oj4prL+/JB96O?=

=?iso-8859-1?Q?KktmCq8zFP5oxqPUkcnTPogUDctuAGTXlvjpLmqEAXJxo+tXcgFcxOkMOQ?=

=?iso-8859-1?Q?eoJCCmXCUo7porXzC149nwtRjZushRqp9LMpOqWgJaQTM7n7XQAqocrI/z?=

=?iso-8859-1?Q?bYqJx1IPVBS1xkzlfvh3x7hwRxKRxlKhkmaIebyED3WGUuQ+ZvoGzD76tJ?=

=?iso-8859-1?Q?BVuVN+LTD8cN/l8bA2TJq5Jx++kDg0CSLkxOCv6KDfI1pUakytoihjVDBi?=

=?iso-8859-1?Q?8GcXH7j9R7dsmJZaOya1BgSAKrZkICbRik6M5UWr9++n92E6g7d6hTkSSY?=

=?iso-8859-1?Q?MJUZ4RIcMHvGblv5h0SOn6GvY4woA0v9TQWdAGvj2CeslY6RQfa1NTdxG7?=

=?iso-8859-1?Q?8pf/JcSbp3bVGp+25ep6gYmC1Dzsv1fiwR7LMIbbJxsoI7TpCnuBBWI1AE?=

=?iso-8859-1?Q?Eq1KPuXEWZjW567D3uKeGNT4kN8LnlU/HGP7EnZvHrGLOUF+SjJ2A58Ap+?=

=?iso-8859-1?Q?kiLP5TZEZl/ltnnuDUANE1BFofyapShW4n59WYli1rz5tJwQ+AOmIcyA3h?=

=?iso-8859-1?Q?F1AwRX3oimXWSqZU4Og4Xcm+Z33v5BQz70vB8QPUsN2kjOxV7gzNdIIfgc?=

=?iso-8859-1?Q?o96D6jvc7fTSC69bB4QJtqCo5MvV/Rcbyat3EwLIcYjYZXLM8ydQlCVBjB?=

=?iso-8859-1?Q?GIgepjZTKHIUTbfRbtWt+2teZ/UiutMG7xPm1vBwEeo5hbFAQTWsH2jC9R?=

=?iso-8859-1?Q?fPCvZ4E2qUw3ujoSSxFbfe1o9piPHHeowU2+b51+4pMlBZsWcV5YOXaTu4?=

=?iso-8859-1?Q?w3cRtYzt9ff2AO8U0kEA1qUYuKJ3xgeuK8ypPSp5ttyOEnpAAokkWOZfSY?=

=?iso-8859-1?Q?iomlQSKQR5gNa+Hw9wEIOor3Geb/U0YfVCm/4Hs8jqs8W/7gw5Q0e3LKcy?=

=?iso-8859-1?Q?oqnjgGcP5hU/1xWP3o+nOoWa2kyCeJz6QUWs+mt8A/yfK6ka43bjfUbRtL?=

=?iso-8859-1?Q?QtwAmVevjD2ojU4cynTUBu9td23qDsGEw46Qny/GQMRnZwtdxASMvW/3uz?=

=?iso-8859-1?Q?uhNnB5Cdvu+26YAYIs1eQF0urfEnk7/YzY72xRWsYbXz0u4rdXh+Eopqb7?=

=?iso-8859-1?Q?vO90m30FDbiKPPQUS9QAHIFWgwb+xYqyKBv8zQ=3D=3D?=

Content-Type: multipart/alternative;

boundary="_000_AS8P195MB204618E45D636BD638305C929EE62AS8P195MB2046EURP_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: AS8P195MB2046.EURP195.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 8818616a-c70e-4db5-cd0c-08decad071e1

X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Jun 2026 11:22:54.5766

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: FR8P195MB3307

Important proposal spam

Posted by Dave Yadallee on Tuesday, June 16. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 15 Jun 2026 07:27:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ7L1-00000000GIN-3pbD

for dave@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 07:26:51 -0600

Resent-From: The Doctor

Resent-Date: Mon, 15 Jun 2026 07:26:51 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from b5-mbi.shop ([45.138.183.26]:40220)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wZ5A9-00000000AuA-2sN9

for doctor@doctor.nl2k.ab.ca;

Mon, 15 Jun 2026 05:07:38 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=default; d=b5-mbi.shop;

h=Reply-To:From:To:Subject:Date:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding; i=sales@b5-mbi.shop;

bh=k/OgerHFUJvGxj554nJ0x2INtj0=;

b=gG1LbwDdz2etyKj5Iiy6qGt9tWs7OcRwO++l6nuqdYkTc94x6AgOIeLn1u/GOUgPrATGs4bBrZTH

Mk21yg76ngZeOBJLEro82lhLuHCPIc27lrS2SUlqIF7gLJAP5YtpLI8nqab7RmClP4X70Z9iJqaF

+KTnJA+ABLtX/ab1GM8=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=default; d=b5-mbi.shop;

b=YU9u7eNvHuRGUnw/BsEm4xuAQVxvK3WL1hORamkMG8X90V5+dxCW9Eb3ZxbCsLoZcOSDRm+G3iWS

Q+0Ea3pFO/gRO411V84cqcRapGSLBKjaKUqQasymJ4HQZhms628+O60HsuXyMX8rR8VAy5YzpYwC

7OsivX4zGB+Fpv1fsfg=;

Reply-To: pmf@tputuk.com

From: "Philip"

To: doctor@doctor.nl2k.ab.ca

Subject: Re: Important proposal.

Date: 15 Jun 2026 14:06:37 +0300

Message-ID: <20260615140637.105B04419142F921@b5-mbi.shop>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

Hello doctor,

I hope you are doing well. I sent you an email earli=

er but haven’t received a reply yet. I’m not sure if you receiv=

ed it.

Please check my message and reply when you can. I would like t=

o present a proposal to you.

Thanks,
Philip Mansfield

=

Waybill Phish from Amazon Part 2

Posted by Dave Yadallee on Tuesday, June 16. 2026

96

Notification

src="https://www.newsbreakexpress.com/t/email_saas/image?trk=t01.qZapXgPAW-LCf3fXXf1YkwxqEnrNw7-uMEsA0CIFp0dOYFXMyq-MY4eytGR112dEZ7EJOyX3oBmTAyVg5-v1fJ-QJmR-9CPmtmec3G5mBcEaR1mJ16g6gf2uGtRiLtLZlvUW4pmXOWcxCm7eXlKEA1Ls78sJ28ZYbaK9Q0nA7sF4PdLZw4s65SYU8r7rYsKIl5vv8tsLWR37HYAqQR0RicHMSJ8VsakSFK8GCT7WFTusY8VTqX8SBL3TCvzS4pN2BrtuxH0tqOWqXFVDtEDg5peuBI4ItTxLQClshgpB4QVX-bVKI8nDsKMhXVYZfOLgPf_xMXPN0ReK8KFiOV0hgcRFLeKOyzE2Wr2LMsxXJQrr-PjwnGlG1LZg-XnVnSzD72HsW4UsCKgVRQvw7JCNMET8oA7yCvtippzXBZm5daWfeOGxUVcodJ3yeEP3iN-QuHfykA"

alt=""

width="600"

border="0"

style="display:block;width:100%;max-width:600px;height:auto;border:0;outline:none;text-decoration:none;"

>

This notification was sent regarding recent activity associated with your order.