NetKnow Corporate Blog

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 10 Dec 2025 02:10:00 -0700

Received: from mail-ot1-f71.google.com ([209.85.210.71]:61923)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vTGCI-00000000DmF-05Jt

for dave@doctor.nl2k.ab.ca;

Wed, 10 Dec 2025 02:09:32 -0700

Received: by mail-ot1-f71.google.com with SMTP id 46e09a7af769-7cacaa675feso2164564a34.3

for ; Wed, 10 Dec 2025 01:08:34 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1765357708; x=1765962508; darn=doctor.nl2k.ab.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=MxupQGuYJGmt9TGNY8P3aNNk07GZhd3yQyQN1NS5Tx0=;

b=E5DIloUuzK0zh5LJ+zPC7RkLsbtVFewiACvt7UbTCK3P7a4NntYnSKxc/h9TvXjYbB

icHjdkl9zmqjodclJ93+5gDgGVJ9kGW3ORhsQJF8uXG59+OyH0O8LBnXPC1tcXJ0wVkp

CTbCO3OX1VCZyzyZpaE6BuWrEwAoZrNQGRCrqkwHi83fKLOiQV53a0vWrEgblXArKiCp

l7AhtP3AuhLCHyO6DOmrm7PmPRvN3DiHWLxaBRPbqhLUlih6AWlpuhP60TmmC9Fcj5Ac

v7M7q/egbvOs/hQDoEF78U6caadKyvm+5pI8PVTswaymNrL5y/+zkTH3evxY45mOM/TE

Rn0w==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1765357708; x=1765962508;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=MxupQGuYJGmt9TGNY8P3aNNk07GZhd3yQyQN1NS5Tx0=;

b=riza33De7fvK1oDYv7rbqTqUy9u5N8GSvI4z1Et/NardzjmQfAwMLo5Fblu9vkcgV+

yHKw4nWyuuOsAOSTj938TIDa5RhyHARP7WtiYj5kAKSefvuPBdNtQwLnsrgG/XQWH2iB

UB2eDR5NEU02glk7DNqRkFmpDGs8cPgo5BTEB9vIbbC0/J7BmWCDrRmF0hWbEyxtM3El

85Vi99ejZI2HoKIKxEO+FX/pbxx+CLfGAvp1D8Y/nvsJ19WXADiuVbtaAC0JtTVGzFHa

EaSRWGoOecDCXLwXKUyg6Wj/08hbJkG8J5u/DgyZ+4SUvPYuWGikfg+1+HG0An+hE1cx

HirQ==

X-Gm-Message-State: AOJu0YwnFdRj97YzVTBAelzpHe18f3mpEK1IHpU91PdaYDzfdLwuQDTW

mxOYm1Rerzg2K+TH1Ouyh8B7rWDuNN7JgInQGmM9mI1fHObJ6c96ufYYhs9uZ1s+aesytAlltVB

b7jc=

X-Google-Smtp-Source: AGHT+IEq3o90MtQi6wmmjJItpc+ZOTaYz6usk4w6DgWYa5D6J/AN9zjwMA6moO2O5EeqzqTZLqUTpCynyA==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:1523:b0:659:9a49:9070 with SMTP id

006d021491bc7-65b2ad095d6mr1076498eaf.59.1765357708031; Wed, 10 Dec 2025

01:08:28 -0800 (PST)

Message-ID:

Date: Wed, 10 Dec 2025 09:08:28 +0000

Subject: =?UTF-8?B?8J+TseKYju+4jyBSZTotIEZvbGxvdyB1cCA6LSBTdGFydCBZZWFyIFdpdGggVXBncmFkZQ==?=

=?UTF-8?B?IA==?=

From: megazaxwebseo77425@gmail.com

To: dave@doctor.nl2k.ab.ca

Content-Type: multipart/alternative; boundary="00000000000016be140645955f37"

X-Spam_score: 7.5

X-Spam_score_int: 75

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi there, dave@doctor.nl2k.ab.ca Please reply to my last email.

May I send you a quote for website design or redesign? If you are interested.





Content analysis details: (7.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.210.71 listed in will-spam-for-food.eu.org]

[209.85.210.71 listed in will-spam-for-food.eu.org]

[209.85.210.71 listed in will-spam-for-food.eu.org]

[209.85.210.71 listed in will-spam-for-food.eu.org]

[209.85.210.71 listed in will-spam-for-food.eu.org]

[209.85.210.71 listed in will-spam-for-food.eu.org]

[209.85.210.71 listed in will-spam-for-food.eu.org]

[209.85.210.71 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.210.71 listed in dnsbl.ahbl.org]

[209.85.210.71 listed in dnsbl.ahbl.org]

[209.85.210.71 listed in dnsbl.ahbl.org]

[209.85.210.71 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.210.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.210.71 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.210.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.210.71 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.210.71 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[megazaxwebseo77425(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[megazaxwebseo77425(at)gmail.com]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.210.71 listed in wl.mailspike.net]

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} =?UTF-8?B?8J+TseKYju+4jyBSZTotIEZvbGxvdyB1cCA6LSBTdGFydCBZZWFyIFdpdGggVXBncmFkZQ==?=

=?UTF-8?B?IA==?=



--00000000000016be140645955f37

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes



Hi there, dave@doctor.nl2k.ab.ca



Please reply to my last email.



May I send you a quote for website design or redesign? If you are

interested.



Thank you.





From: Mega

Sent: 15 November, 2025 15:16

To: 'dave@doctor.nl2k.ab.ca'

Subject: Redesign Scope and Pricing Info



Hi there,



We are a web development company.



Are you looking for a cost-effective WordPress website?



Can I send a proposal with pricing? If you are interested.



Best regards,



Mega



--00000000000016be140645955f37

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hi there, dave@doctor.nl2k.ab.ca

Please reply to my last email.
<=

br>May I send you a quote for website design or redesign? If you are intere=

sted.

Thank you.


From: Mega
Sent: 15 November, 2025 15=

:16
To: 'dave@doctor.nl2k.ab.ca'
Subject: Redesign Scope and Pricing =

Info

Hi there,

We are a web development company.

Are =

you looking for a cost-effective WordPress website?

Can I send a pro=

posal with pricing? If you are interested.

Best regards,

Mega

--00000000000016be140645955f37--

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 09 Dec 2025 20:01:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vTARm-0000000061X-2jBq

for dave@doctor.nl2k.ab.ca;

Tue, 09 Dec 2025 20:00:58 -0700

Resent-From: The Doctor

Resent-Date: Tue, 9 Dec 2025 20:00:58 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [208.117.51.123] (port=3014 helo=o2.ptr2.leads.bellmedia.io)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vT8et-00000000OeZ-1t32

for doctor@doctor.nl2k.ab.ca;

Tue, 09 Dec 2025 18:06:31 -0700

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=highlevelmarketing.com;

h=date:subject:from:content-type:reply-to:to:cc:content-type:date:from:

subject:to;

s=hlm; bh=Vul0zf3BO1VyES4KKF6gwFcNmN7hvaAMOY3V0wIrgFM=;

b=DVDantjWNNKW961OUCapysrkf3RatunmksvYaE2jf054Rmr+yvD81Xpt/gMX3k6/mMWg

y4FRzvDRnmc3km336xDuFnzYv/uXYo9wOtSDu5KaVHWR+r0m5ruPLVsw8JL09LXmrcZJ97

UYPPGtUkAurcWWDsTT+DSmvv7Dxzg1dswF5og8s/pGdlV5vlmNfY2n19t5TtTO41Dwhfr8

32ub5dPGCHD8onHavVR/+j5f4TJLxxsT7+/Y5AugImnAwPA8Li/X7j3QCS10ecSXjIHbOC

DybAT+lXSoF48iRU1Ar/e9amKrqBzRsO/K6boYpgR9fuRmE+dztQEYqFsTfpCzlg==

Received: by recvd-78b448d76-zxqfc with SMTP id recvd-78b448d76-zxqfc-1-6938C755-94

2025-12-10 01:05:25.570605138 +0000 UTC m=+1915581.711911105

Received: from tyfoon.azure.bellmedia.io (unknown)

by geopod-ismtpd-22 (SG)

with ESMTP id Hfw58sBwTjeZ0J0mAGAfnw

for ;

Wed, 10 Dec 2025 01:05:25.461 +0000 (UTC)

Date: Wed, 10 Dec 2025 01:05:25 +0000 (UTC)

Subject: Re: CONTACT ME URGENTLY!!!

X-PHP-Originating-Script: 10412:alexusMailer_v2.0.php

From: Hamza Alijani

Content-type: text; charset=utf-8

Message-ID:

Reply-To: diyaa1481@hotmail.com

X-SG-EID:

=?us-ascii?Q?u001=2EoqeGG+pgXYXHwdhvMnlXG1tVVrRI=2FCtLrG0=2FVnQBgpo56l4WJ3RU9VLuq?=

=?us-ascii?Q?05c9Fqu2psgfWlOoWsXwAnOfsVtsNM8u+kuTZkf?=

=?us-ascii?Q?AftyPvDUXTCx2SUCOMWQcdRh8x1VBnUH80pfANF?=

=?us-ascii?Q?FeQpQvMFDGRn4i2NoA5uIrK6wqOJQuNZSG43=2FgM?=

=?us-ascii?Q?Sn79xjcIUXdaX=2FSl6xzbWDZEnQUUVSwaHSSuAP2?=

=?us-ascii?Q?7Avu3fEkTiyMYmo8yMMJNjv1NNjIGM8+VQ8SULG?= =?us-ascii?Q?xFKk?=

To: doctor@doctor.nl2k.ab.ca

X-Entity-ID: u001.pUBg9Y5xUlg2Tm/DA2b9Ig==

X-Spam_score: 11.6

X-Spam_score_int: 116

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: I have very important information for you. Reply and confirm

this e-mail address is still valid so I can send you detailed information.

That needs your urgent attention. Mr. Hamza



Content analysis details: (11.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[208.117.51.123 listed in dnsbl.ahbl.org]

[208.117.51.123 listed in dnsbl.ahbl.org]

[208.117.51.123 listed in dnsbl.ahbl.org]

[208.117.51.123 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[208.117.51.123 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[208.117.51.123 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[208.117.51.123 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[208.117.51.123 listed in dnsbl.ahbl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[208.117.51.123 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[diyaa1481(at)hotmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[alijanihamza(at)att.net]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME

headers

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

Subject: {SPAM?} Re: CONTACT ME URGENTLY!!!



I have very important information for you. Reply and confirm this

e-mail address is still valid so I can send you detailed

information.



That needs your urgent attention.



Mr. Hamza

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 09 Dec 2025 20:01:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vTARm-0000000061X-2jBq

for dave@doctor.nl2k.ab.ca;

Tue, 09 Dec 2025 20:00:58 -0700

Resent-From: The Doctor

Resent-Date: Tue, 9 Dec 2025 20:00:58 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [208.117.51.123] (port=3014 helo=o2.ptr2.leads.bellmedia.io)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vT8et-00000000OeZ-1t32

for doctor@doctor.nl2k.ab.ca;

Tue, 09 Dec 2025 18:06:31 -0700

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=highlevelmarketing.com;

h=date:subject:from:content-type:reply-to:to:cc:content-type:date:from:

subject:to;

s=hlm; bh=Vul0zf3BO1VyES4KKF6gwFcNmN7hvaAMOY3V0wIrgFM=;

b=DVDantjWNNKW961OUCapysrkf3RatunmksvYaE2jf054Rmr+yvD81Xpt/gMX3k6/mMWg

y4FRzvDRnmc3km336xDuFnzYv/uXYo9wOtSDu5KaVHWR+r0m5ruPLVsw8JL09LXmrcZJ97

UYPPGtUkAurcWWDsTT+DSmvv7Dxzg1dswF5og8s/pGdlV5vlmNfY2n19t5TtTO41Dwhfr8

32ub5dPGCHD8onHavVR/+j5f4TJLxxsT7+/Y5AugImnAwPA8Li/X7j3QCS10ecSXjIHbOC

DybAT+lXSoF48iRU1Ar/e9amKrqBzRsO/K6boYpgR9fuRmE+dztQEYqFsTfpCzlg==

Received: by recvd-78b448d76-zxqfc with SMTP id recvd-78b448d76-zxqfc-1-6938C755-94

2025-12-10 01:05:25.570605138 +0000 UTC m=+1915581.711911105

Received: from tyfoon.azure.bellmedia.io (unknown)

by geopod-ismtpd-22 (SG)

with ESMTP id Hfw58sBwTjeZ0J0mAGAfnw

for ;

Wed, 10 Dec 2025 01:05:25.461 +0000 (UTC)

Date: Wed, 10 Dec 2025 01:05:25 +0000 (UTC)

Subject: Re: CONTACT ME URGENTLY!!!

X-PHP-Originating-Script: 10412:alexusMailer_v2.0.php

From: Hamza Alijani

Content-type: text; charset=utf-8

Message-ID:

Reply-To: diyaa1481@hotmail.com

X-SG-EID:

=?us-ascii?Q?u001=2EoqeGG+pgXYXHwdhvMnlXG1tVVrRI=2FCtLrG0=2FVnQBgpo56l4WJ3RU9VLuq?=

=?us-ascii?Q?05c9Fqu2psgfWlOoWsXwAnOfsVtsNM8u+kuTZkf?=

=?us-ascii?Q?AftyPvDUXTCx2SUCOMWQcdRh8x1VBnUH80pfANF?=

=?us-ascii?Q?FeQpQvMFDGRn4i2NoA5uIrK6wqOJQuNZSG43=2FgM?=

=?us-ascii?Q?Sn79xjcIUXdaX=2FSl6xzbWDZEnQUUVSwaHSSuAP2?=

=?us-ascii?Q?7Avu3fEkTiyMYmo8yMMJNjv1NNjIGM8+VQ8SULG?= =?us-ascii?Q?xFKk?=

To: doctor@doctor.nl2k.ab.ca

X-Entity-ID: u001.pUBg9Y5xUlg2Tm/DA2b9Ig==

X-Spam_score: 11.6

X-Spam_score_int: 116

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: I have very important information for you. Reply and confirm

this e-mail address is still valid so I can send you detailed information.

That needs your urgent attention. Mr. Hamza



Content analysis details: (11.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

[208.117.51.123 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[208.117.51.123 listed in dnsbl.ahbl.org]

[208.117.51.123 listed in dnsbl.ahbl.org]

[208.117.51.123 listed in dnsbl.ahbl.org]

[208.117.51.123 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[208.117.51.123 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[208.117.51.123 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[208.117.51.123 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[208.117.51.123 listed in dnsbl.ahbl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[208.117.51.123 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[diyaa1481(at)hotmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[alijanihamza(at)att.net]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

2.0 MIME_HEADER_CTYPE_ONLY 'Content-Type' found without required MIME

headers

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

Subject: {SPAM?} Re: CONTACT ME URGENTLY!!!



I have very important information for you. Reply and confirm this

e-mail address is still valid so I can send you detailed

information.



That needs your urgent attention.



Mr. Hamza

Evidence at Spamcop

evidence at Spamcop

Evidence at Spamcop

Evidence at Scamcop

Evidence at Spamcop

Evidence ay Spamcop

Evidence at spamcop

Evidence at Spamcop

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 09 Dec 2025 14:58:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vT5ho-00000000Lsr-3yi2

for dave@doctor.nl2k.ab.ca;

Tue, 09 Dec 2025 14:57:12 -0700

Resent-From: The Doctor

Resent-Date: Tue, 9 Dec 2025 14:57:12 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oi1-f176.google.com ([209.85.167.176]:52388)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vT4Yg-00000000IRT-25dZ

for sales@nk.ca;

Tue, 09 Dec 2025 13:43:51 -0700

Received: by mail-oi1-f176.google.com with SMTP id 5614622812f47-450be85b7d9so2773109b6e.0

for ; Tue, 09 Dec 2025 12:42:56 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=groupacclaim.co; s=google; t=1765312970; x=1765917770; darn=nk.ca;

h=mime-version:date:message-id:subject:to:from:from:to:cc:subject

:date:message-id:reply-to;

bh=XNnHItT+IqKbf12xIof0EhDk4utDtvAvaU4aDbGhghA=;

b=LYoBrPMTXrCkZEdvHdhsiv4DFo1dDbdZ5cDfXbM1T8IzrWXRi07oNP5fQ27LMcekvc

lJ9P+Kz0GCI8YvepXSfwFbPJE14gER80ttrvocE6UzL4rI69jx2mWhoD2XTQRK5E1dup

pORTpA/PcOEIf1GbYHHXbYWavFTUjzBt9R+wswkY2kcrcMsQCi2JUcev/xZ4V0l14zk9

2fxGbuFwd2DOaj88vUxaFJmstDB+6Epvuchjb/tmmmnh8KqQ2ia1wfhBBXSjgLjKs612

gFwi0WMkVfWNBiCF0WwVXR5Z6uwvT1aNRKLpcgdRXupOsTN+6stgBhMbFAtyTdjH8fA9

5Htw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1765312970; x=1765917770;

h=mime-version:date:message-id:subject:to:from:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=XNnHItT+IqKbf12xIof0EhDk4utDtvAvaU4aDbGhghA=;

b=fZcxnfjfGddTY1SAbAX56xlAvgahblHXVlDDA3buZUjUef/avda0NDJ4T/rrW6qM+P

y7S5sxch9KVWxmS9MhmSDOnOPfBjPJgBIqndU0YQVXbEoBNBoCTt4Fl+Q07uuY3QRpl4

JGTnZgS6XT/DP62QMPB0StR2inpmjZPBicPIPfOUcsV6rS/26l0W7ZGZlUvB9zWp3Yog

VpfAtRLnrPF8h31789RYpq+4dNLSLBQlUh8q1XiUCPi4uSJVokd54XIbFDDIvH9dqkx0

LsvsWfRdrKqHtafYCWoPsZdRGowJd9l9Ufx3wNfbTRSOZx+p7QVBn5w3rpCZ3ngnDBUb

bDZA==

X-Gm-Message-State: AOJu0YwKjSqOCieqpAD935Feq0zuHoB11T1mZXeeBg4PtBggn86UcSBM

Vdh54zocykS3ZpZCpxdqUqGaWTlPUi6fVvBmOjzYcLG9RFkeRPFBOj1+8PJ2JJeSQ1+qVJxoDMg

QFIzXeg==

X-Gm-Gg: ASbGncuk4tvQwxMbY8Ck69OJYS8GtcYHyMFOQI7jWprmkJURWDa14/EipMbkrXGZ3oj

qUgfJxTRWWnbqrQvBDVzkNAMBDxouApQ32NG0cNKJF6RNBsifOC7Ft5nIHtiLMGM7O/BfgvKWW/

f1hmHeMqWqe4f9AFblU2fa6r91NtrNsukcDM0vXS+oJK56L80UBTWfELsLlv7jrRGiNGIkVSAse

tpLkuQe0rioA2dCM0jZu0SM4y7fG5bx/BZyjtx8y4sPhLBYcBoZMvBKapQbES9elCgsNdkHX/b0

O6+kPlVRy8YQ0tI4w3Ops0ZT/5Intyj7sSIIxDP3HFiNmXRnf9RHOzG8M0PCZ2cO0uFNLenOI9Q

3K+fYCUQ31qj0SRmBPI7zUwvcU6+VymGvJCPW6dot9Wr3sGkyCzQG9iW4mFbaHULiSpLfR8DHnT

rwmC1MHfqaery1Xn5slEunINTfJv6eIu15TCI8UKwOsfhmYeXOUE5JudvvpzZ3WgikCYIh3JEaL

zxRqbiSF8ZZV+mZrtmiNj9fWculLYXYDg==

X-Google-Smtp-Source: AGHT+IFb+f+BvJVibxa7oDSNZ18Ups7g4l5XlYn7aWSqFXwbUb8I0xbGgSZEKNRfAbN3vCmPEoNYLQ==

X-Received: by 2002:a05:620a:29d2:b0:8b9:a134:90e0 with SMTP id af79cd13be357-8ba38a7663amr4065085a.16.1765305801801;

Tue, 09 Dec 2025 10:43:21 -0800 (PST)

Received: from ip-172-31-7-170.ec2.internal (ec2-13-218-114-168.compute-1.amazonaws.com. [13.218.114.168])

by smtp.gmail.com with ESMTPSA id af79cd13be357-8b62529e75csm1392648085a.9.2025.12.09.10.43.21

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Tue, 09 Dec 2025 10:43:21 -0800 (PST)

From: =?UTF-8?Q?Natalia_J=C3=B3zefara?=

To: sales@nk.ca

Subject: Hey

Message-ID: <39327c5a-da83-sl92-40aa-a8f1-fbd3b81d6889@groupacclaim.co>

Date: Tue, 09 Dec 2025 18:43:21 +0000

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="--_NmP-e50ca364b95bcbba-Part_1"

X-Spam_score: 6.6

X-Spam_score_int: 66

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: I’ve seen you guys at Netknow do impressive work in web

development. We’re a Polish agency and we often assist companies like yours

with developing websites in Webflow and WordPress when they need extra hands.





Content analysis details: (6.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[13.218.114.168 listed in will-spam-for-food.eu.org]

[13.218.114.168 listed in will-spam-for-food.eu.org]

[13.218.114.168 listed in will-spam-for-food.eu.org]

[13.218.114.168 listed in will-spam-for-food.eu.org]

[13.218.114.168 listed in will-spam-for-food.eu.org]

[13.218.114.168 listed in will-spam-for-food.eu.org]

[13.218.114.168 listed in will-spam-for-food.eu.org]

[13.218.114.168 listed in will-spam-for-food.eu.org]

[209.85.167.176 listed in will-spam-for-food.eu.org]

[209.85.167.176 listed in will-spam-for-food.eu.org]

[209.85.167.176 listed in will-spam-for-food.eu.org]

[209.85.167.176 listed in will-spam-for-food.eu.org]

[209.85.167.176 listed in will-spam-for-food.eu.org]

[209.85.167.176 listed in will-spam-for-food.eu.org]

[209.85.167.176 listed in will-spam-for-food.eu.org]

[209.85.167.176 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.167.176 listed in dnsbl.ahbl.org]

[209.85.167.176 listed in dnsbl.ahbl.org]

[209.85.167.176 listed in dnsbl.ahbl.org]

[209.85.167.176 listed in dnsbl.ahbl.org]

[13.218.114.168 listed in dnsbl.ahbl.org]

[13.218.114.168 listed in dnsbl.ahbl.org]

[13.218.114.168 listed in dnsbl.ahbl.org]

[13.218.114.168 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.167.176 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.167.176 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.167.176 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.167.176 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.167.176 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.167.176 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} Hey



----_NmP-e50ca364b95bcbba-Part_1

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable



I=E2=80=99ve seen you guys at Netknow do impressive work in web development=

.





We=E2=80=99re a Polish agency and we often assist companies like yours =

with developing websites in Webflow and WordPress when they need extra =

hands.





Would you like to take a look at a few websites we recently =

created for another agency in Canada?





Be Well,=C2=A0

Natalia J=C3=B3zefara =C2=A0

The Acclaim Agency

acclaim.agency





----_NmP-e50ca364b95bcbba-Part_1

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable














content=3D"text/html; charset=3Dutf-8">




initial-scale=3D1">



=20

I=E2=80=99ve seen=

you guys at Netknow do impressive work in web development.=

We=E2=80=99re a Polish agency and we often assist =

companies like yours with developing websites in Webflow and WordPress when=

they need extra hands.

Would you like to take a look at =

a few websites we recently created for another agency in Canada?=

Be Well, 

Natalia J=C3=B3zefara =

 

The Acclaim Agency

agency" >acclaim.agency

=20



----_NmP-e50ca364b95bcbba-Part_1--

Evidence at Spamcop

Evidence at Spamcop

=?Windows-1252?Q?af6wzI1WQvrpc46oV4HgvxQ6u6frRzvFM7Ixb5ZqC8cyTzYt25jgx7N/?=

=?Windows-1252?Q?IHSSVsU7zXH+9QWUV2SdHTzOTsq5opLDtHF9UtM5ngYzpUt+RduQ9y6B?=

=?Windows-1252?Q?Ge5JveyuRlyHMkD7HmrulVlhv533lSXQQ+35TOFqkqJmU2eA3sxndpz9?=

=?Windows-1252?Q?bkKFTfKNtB5dP3LMxuy5PHBhjNPlCMPHC9q7lH3u6AIcZejbLZBs40h3?=

=?Windows-1252?Q?b84y0r5TNd8redGATvPyKPfP/eqOvmbnDoA+swwD59LQyd8U2m2POLvA?=

=?Windows-1252?Q?7a0izCKeWfHa+OVaZuLRgVhSaNWKeVXaxSpKabfcdvbKmJRcuaRbBFWg?=

=?Windows-1252?Q?GC5j9ywi2kKDMHzZBMRFCgsDl6MB+Xc9YLcUsKnrmWj7msQhmbwNVsdc?=

=?Windows-1252?Q?M9usFe5sBdiQFHkaSsNMXw=3D=3D?=

Content-Type: multipart/alternative;

boundary="_000_TYZPR01MB56213462F17AECE118762BD3BCA3ATYZPR01MB5621apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: TYZPR01MB5621.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 47e0a664-93bb-4197-ad1b-08de373b0e83

X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Dec 2025 15:53:11.8944

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR01MB5799



--_000_TYZPR01MB56213462F17AECE118762BD3BCA3ATYZPR01MB5621apcp_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable



Hi,







I personally visited your website when I was browsing it.







In order to significantly improve these search results for you, I would lik=

e to send you an Ranking report of your website.







Can I Send you Quote=94 and Cost/=94?







Best regards,



--_000_TYZPR01MB56213462F17AECE118762BD3BCA3ATYZPR01MB5621apcp_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable








252">















































--_000_TYZPR01MB56213462F17AECE118762BD3BCA3ATYZPR01MB5621apcp_--