google Seller Acount spam from Google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 Mar 2026 17:22:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3jAE-00000000GxG-104j

for dave@doctor.nl2k.ab.ca;

Fri, 20 Mar 2026 17:21:58 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 Mar 2026 17:21:58 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yw1-f178.google.com ([209.85.128.178]:55361)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3cRW-000000003u7-1bwT

for sales@nk.ca;

Fri, 20 Mar 2026 10:11:30 -0600

Received: by mail-yw1-f178.google.com with SMTP id 00721157ae682-7947cf097c1so8100557b3.2

for ; Fri, 20 Mar 2026 09:09:58 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1774022991; cv=none;

d=google.com; s=arc-20240605;

b=BFMafQ2ie825KRWxu5DfSZmv7vzzi2izrvbPFRLzs4HfYNp3dAoowCggNhWgXooPYA

rDMBUOkDv4Bt3/KQfJYa7DdXiW0RlR/0ECIgBFY0qUYsRf3/1mEftZUyhmlji7D4tknE

H28W9cZ2L806CglLQQnXjmQHLLDeTAt+4ANZO6ATRWnxSiYeIUnQn+rWfx7ekEpwokKL

6ZSEVBaVrnl+VvFr7Olvyai/wvdIiIUxIh43o9DGPhjF3cBU0/pKL2dhBpR4SLQZJJhg

z6wg2MjI7UthiWgi0flcvtmecAlSDGxaSFpItCKuMd+RAzq8T90sYUv2DlyH6OO1Y827

Igaw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=ETREsmtwLYBt+yDBKDMdY8vuzfu+PkIDhKrqtJZDZtk=;

fh=C4vsnDG7cTH8aa/8f7sygxKSfblX4MPDg6mph8A3jUw=;

b=Tb6XHO+mSHKs3gy6gUFY5wMTaAkRlQC/U1ZSfSbBBodrI3l9e6L7bvi+mrD/TCm6dy

/BzZ83XHYKlT1EUKyomeBwojaH5uHl5AfMt2bxEFlLvWaOH8wPQA0xsseSqQiPfXBTHU

9X0x53JDhgZOkWFC8fBynTLhLpqeLDv8zw1axiC5B0YMNYnwJ4fPY/dcIatzbXz0er/M

eFOPb5K6Ta76HxoHdnczn5kh0yLFG5CJ13fcR4nAe0wtFrW2tQRGPOqzn5tAte0qViom

m/AbBlCdSkOzci1EnFBcWjd1PxF+JGUPjyxw4NgiG/vL9onpe/2c1W82NxYsPdiyPh0J

RdiQ==;

darn=nk.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1774022991; x=1774627791; darn=nk.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=ETREsmtwLYBt+yDBKDMdY8vuzfu+PkIDhKrqtJZDZtk=;

b=PZ86MUW+aqd/DZKn7KPf321qFmBo2+oQg0BkWOaywGc7FsPicQ6eKWLgdg/VE5GDfa

JZvU6sDpcukocO1BY15i4XlZYuE9GGdj6hWLvsDnGJshuDgBNdd4Q62fSrmp5TR7+5o4

YM2y1rC86MUVAOc+0k7nUxjxh0MQ+uCtbENgcp+wx0zk6aR52OigOWJZhHrN4gs1aeUl

j+vMvPS0SIWTVt+0lKQ20LfSePH4DyjfhRjsiq1NOxy3s4+x7y3WpI1cudfYg2UDsPQZ

jT9wjDu+ZiW/QICMUD5xdUZxVkOgLa6oiK3u8ZsMUsXvDVWqhxARjWODo8deOuWMgtNd

ARQA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774022991; x=1774627791;

h=to:subject:message-id:date:from:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=ETREsmtwLYBt+yDBKDMdY8vuzfu+PkIDhKrqtJZDZtk=;

b=FP4KR54YORlgSjMuO0k4SwguI3QY8cMsO4wxees5oaAHp8FrRtaUitg8pde7YXRyLt

ZlezJC7CIj9whZAZ13Yl7oTOsxImk+APiXhn94O8Tpm/4rATal07tPk6hwupUfC1DzH0

GLueEcEfyEH7H+23seeV7VFsceP+rwcYHao18l6qSHdcm/+5RkPTl8Kfw9gJgfdjzhWG

hp+ZXNa98hD6J+RQdU8fiNFn5VDPzNqVyF6zNeptOdB56aoSfHMtqDQFagigsyuaFoRQ

hoBVyL9c7MDx/gqYqsV9i9CCLN13b9bCDpuW16mvbr/gqtXDmFRk2IEoeSz+aFxtnlbV

jA6g==

X-Gm-Message-State: AOJu0Yyc638fVVUWEWBqZFnZMCD+5Rv/Z4TeDcAAIALoi+M/b38/s442

o4LLwsvV8MY3TI0d9Jc/UVxXUJ8HgaM/3q4app2+AOoQJ6r6oqXrDpU6BZYVp0E1kmKNhljaqlm

Xzv8cQnhUwV51p13z97O12qgWaaoUosZqcQ==

X-Gm-Gg: ATEYQzwuChfdr3ORZPH+XjdGuw9AJW4OW14UqPaLryU+SJTqOt3T3jilmb7OBoRDETl

sFbPYgGhr0QwpPzCFrmDeNT6Xum4QzIYxAFyIantGhYG56dxXVFB95xtrsHALonTb1wL/6HJW2s

Eec+G4n2YboZv4ambcLf4oJgI/ZAoknQegRwWNt2mjINiv7HZfLn04MbLL3tFbwTqZD6x1oybXf

mng5a8kyacZ833zI8OJqAqh+VZF9F5CkswHaL+4IqnpJZgFGH70lsDL1dLcy00VXP8pOUxzTXqE

eFK77Aozoblk

X-Received: by 2002:a05:690e:16d8:b0:646:7a21:f03c with SMTP id

956f58d0204a3-64eaa8b88demr2623551d50.81.1774022578023; Fri, 20 Mar 2026

09:02:58 -0700 (PDT)

MIME-Version: 1.0

From: Konok Ray

Date: Fri, 20 Mar 2026 22:02:47 +0600

X-Gm-Features: AaiRm53gPnT1qyK1jeuUiUJg0Fq0d2QIJ-rWN3_qZvdV2rbcCR7Z1xo40pMP_H8

Message-ID:

Subject: google seller

To: sales@nk.ca

Content-Type: multipart/alternative; boundary="0000000000009633dd064d76d101"

X-Spam_score: 5.1

X-Spam_score_int: 51

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Now available all digital accounts. please replay or whatsapp

me https://wa.me/+88001857150041 Now available all digital accounts. please

replay or whatsapp me https://wa.me/+88001857150041



Content analysis details: (5.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.128.178 listed in will-spam-for-food.eu.org]

[209.85.128.178 listed in will-spam-for-food.eu.org]

[209.85.128.178 listed in will-spam-for-food.eu.org]

[209.85.128.178 listed in will-spam-for-food.eu.org]

[209.85.128.178 listed in will-spam-for-food.eu.org]

[209.85.128.178 listed in will-spam-for-food.eu.org]

[209.85.128.178 listed in will-spam-for-food.eu.org]

[209.85.128.178 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.128.178 listed in dnsbl.ahbl.org]

[209.85.128.178 listed in dnsbl.ahbl.org]

[209.85.128.178 listed in dnsbl.ahbl.org]

[209.85.128.178 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.128.178 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.128.178 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.128.178 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.128.178 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.128.178 listed in list.dnswl.org]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[konokrayk1(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[konokrayk1(at)gmail.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.128.178 listed in wl.mailspike.net]

Subject: {SPAM?} google seller



--0000000000009633dd064d76d101

Content-Type: text/plain; charset="UTF-8"



Now available all digital accounts. please replay or whatsapp me

https://wa.me/+88001857150041



--0000000000009633dd064d76d101

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Now available=C2=A0all digital=C2=A0accounts. please repla=

y or whatsapp me https://wa.me/+8=

8001857150041




--0000000000009633dd064d76d101--

Metamask Phish Part 2

Posted by Dave Yadallee on


1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[180.93.236.215 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[180.93.236.215 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[180.93.236.215 listed in zen.spamhaus.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[180.93.236.215 listed in sbl-xbl.spamhaus.org]

[180.93.236.215 listed in sbl-xbl.spamhaus.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[198.23.60.42 listed in sa-trusted.bondedsender.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[198.23.60.42 listed in sa-accredit.habeas.com]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[198.23.60.42 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[198.23.60.42 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?B?V2UgYXJlIHVuYWJsZSB0byB2ZXJpZnkgeW91=?=








252">


















colspan=3D"3">

 
" src=3D"https://resize.yandex.net/mailservice?url=3Dhttps%3A%2F%2Fnewslett=

er.consensys.io%2Fhs-fs%2Fhubfs%2FMetaMax%2520-%2520white%2520-%2520box%252=

0-%2520logo.webp%3Fwidth%3D200%26upscale%3Dtrue%26name%3DMetaMax%2520-%2520=

white%2520-%2520box%2520-%2520logo.webp&proxy=3Dyes&key=3Df314568eb=

59f3955325f0ec9a2af9161">


" data-proton-remote=3D"remote-0">

ht: 22px; font-size: 15px; background-color: rgb(236, 240, 241);">



 Verify Your MetaMask



Our system has shown =

that your MetaMask (KYC) has not yet been verified, this verification =

can be done easily via the button below. Unverified accounts will be suspen=

ded on:

Monday, 23 March, 2026.



We are sorry for any =

inconvenience caused by this, but please note that our intention is to keep=

our customers safe and happy. Safety is and remains our priority.





 
order-radius: 5px; text-align: center; color: rgb(255, 255, 255); text-deco=

ration: none; display: inline-block; background-color: rgb(51, 117, 187);" =

href=3D"https://glpi-karcher.planetaip.cloud/images/images/lomkinfo/index.h=

tml" target=3D"_blank" rel=3D"noreferrer nofollow noopener">Verify My MetaM=

ask




min-height: 1px;">

vetica, sans-serif" size=3D"2">

Metamask Phish Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 Mar 2026 12:58:00 -0600

Received: from [198.23.60.42] (port=43048 helo=hosted.by.liquidnetlimited.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3f2A-00000000HLQ-1P33

for dave@doctor.nl2k.ab.ca;

Fri, 20 Mar 2026 12:57:29 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=myzzone.com

; s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID

:Date:Subject:To:From:Sender:Reply-To:Cc:Content-ID:Content-Description:

Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:

In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:

List-Post:List-Owner:List-Archive;

bh=M/j9L70uXquC7dDSnytPnUZoSBHmojBXi1+cmhuYXXY=; b=gdOKF+0ZSslvp5N/9HrL6ZkcH1

Fy5SpOhi5gFqETwN4f73nEDo5LWNarLAYeQj9+y2hBqOsgAwsNThd62wI8CfDFfnBc4lLJsl/vrBK

JZCRFBuHIVvuaV/calJMi7/I3P1kV/uz/FLykTRlaYRIpZRyQ9jMYR2k1pXrjmnL5z8hNg/GcJbQE

lVzH+HnLrkE5I+/HTWc1EcEpvqNhKNQzse9wDNDfP1ANYllEm37Zi4+DTGHIUaNhw9eB8MCu6WOjG

lWd88xp0x4ch/R8FjLTbce02RXs/ADmCwPITsf1SE2c9Arvh1EhQkSnR6WCMNF4Ej8APToKkiFTXv

sfZK18eQ==;

Received: from [180.93.236.215] (port=61017)

by 198-23-60-42.cprapid.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.1)

(envelope-from )

id 1w3f1M-0000000AaJi-3lEO

for dave@doctor.nl2k.ab.ca;

Fri, 20 Mar 2026 13:56:33 -0500

From: "=?UTF-8?B?TWV0YU1hc2s=?="

To: dave@doctor.nl2k.ab.ca

Subject: =?UTF-8?B?V2UgYXJlIHVuYWJsZSB0byB2ZXJpZnkgeW91=?=

Date: 20 Mar 2026 12:56:14 -0600

Message-ID: <20260320125613.0431F7D75FD4F9ED@myzzone.com>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - 198-23-60-42.cprapid.com

X-AntiAbuse: Original Domain - doctor.nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - myzzone.com

X-Get-Message-Sender-Via: 198-23-60-42.cprapid.com: authenticated_id: support@myzzone.com

X-Authenticated-Sender: 198-23-60-42.cprapid.com: support@myzzone.com

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 18.1

X-Spam_score_int: 181

X-Spam_bar: ++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Verify Your MetaMask Our system has shown that your MetaMask

(KYC) has not yet been verified, this verification can be done easily via

the button below. Unverified accounts will be suspended on: Monday, 23 March,

2026.



Content analysis details: (18.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[180.93.236.215 listed in will-spam-for-food.eu.org]

[180.93.236.215 listed in will-spam-for-food.eu.org]

[180.93.236.215 listed in will-spam-for-food.eu.org]

[180.93.236.215 listed in will-spam-for-food.eu.org]

[180.93.236.215 listed in will-spam-for-food.eu.org]

[180.93.236.215 listed in will-spam-for-food.eu.org]

[180.93.236.215 listed in will-spam-for-food.eu.org]

[180.93.236.215 listed in will-spam-for-food.eu.org]

[198.23.60.42 listed in will-spam-for-food.eu.org]

[198.23.60.42 listed in will-spam-for-food.eu.org]

[198.23.60.42 listed in will-spam-for-food.eu.org]

[198.23.60.42 listed in will-spam-for-food.eu.org]

[198.23.60.42 listed in will-spam-for-food.eu.org]

[198.23.60.42 listed in will-spam-for-food.eu.org]

[198.23.60.42 listed in will-spam-for-food.eu.org]

[198.23.60.42 listed in will-spam-for-food.eu.org]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[198.23.60.42 listed in bb.barracudacentral.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[180.93.236.215 listed in dnsbl.ahbl.org]

[180.93.236.215 listed in dnsbl.ahbl.org]

[180.93.236.215 listed in dnsbl.ahbl.org]

[180.93.236.215 listed in dnsbl.ahbl.org]

[198.23.60.42 listed in dnsbl.ahbl.org]

[198.23.60.42 listed in dnsbl.ahbl.org]

[198.23.60.42 listed in dnsbl.ahbl.org]

[198.23.60.42 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[180.93.236.215 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[180.93.236.215 listed in dnsbl.ahbl.org]

Nigerian spam

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path: <17739558326192301-112062-1-nl2k.ab.ca@delivery.firstbanknigeria.com>

Envelope-to: dave@nl2k.ab.ca

Delivery-date: Fri, 20 Mar 2026 12:03:00 -0600

Received: from mta9-66.74.ptransmail.com ([175.158.66.74]:36404)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from <17739558326192301-112062-1-nl2k.ab.ca@delivery.firstbanknigeria.com>)

id 1w3eBA-00000000E9P-04Yz

for dave@nl2k.ab.ca;

Fri, 20 Mar 2026 12:02:47 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firstbanknigeria.com; s=pepipost;

h=feedback-id:list-unsubscribe-post:list-unsubscribe:message-id:reply-to:from:

to:subject:mime-version:content-type:from:to:subject;

bh=SOJk+SC23W0KJpD6EUZJmYGH/Xjk2hu3uNaeKJR2DQA=;

b=u/ynf3X+s0aTs59XIAK6L1Vw4QicziHTAjWWiQrkJR8C9sPVvs99jXmEzOwqfw+bGHzKdKmoZo4p2

zUPwOOXKVxJFy5P8jvSCzYYcmqg9CDcnYdd1wuipVeD/wcUZrT0HVWeFdkAeBEW9XEYGPQnoRVxnp7

vHLiiLJZ1D3d+4bw=

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=env.etransmail.com; s=fnc;

h=feedback-id:list-unsubscribe-post:list-unsubscribe:message-id:reply-to:from:

to:subject:mime-version:content-type:from:to:subject;

bh=SOJk+SC23W0KJpD6EUZJmYGH/Xjk2hu3uNaeKJR2DQA=;

b=uq0Yl/AS4zEita8t9/eyDDgA6dzmZxynuh5SKFcPmqFAJHTh03ipg3NVu6ZBThyoELiLtGasBdGCp

sH8iBXF2x9vfB5oni66mKnyauuYwSElORIrHtb/kVCCYLC6ovPNj/xr6oqSR6jbJDJ9JCp8LKT9Bx+

0RLwOrpmh4TN9Sds=

Content-Type: multipart/alternative; boundary="===============0279759135=="

MIME-Version: 1.0

Subject: Investment partnership proposal ..

To: Recipients

From: "Mr. Andrew Chu "

Date: Fri, 20 Mar 2026 23:31:43 +0530

Reply-To:

Message-ID:



Received-SPF: None (HO-EDGESTMT3.firstbanknigeria.com:

admin@firstbanknigeria.com does not designate permitted sender hosts)

X-InjTime: 1774017735

List-Unsubscribe: ,

List-Unsubscribe-Post: List-Unsubscribe=One-Click

Feedback-ID: MTEyMDYyOjIwMjYwMzIwXzIwOg==:pepipostE

X-FNCID: 112062-17739558326192301-0

X-Mta-Source: firstbanknigeriapepi_112062

X-Traffic-Type: 112062-3

X-Mailer: NetcoreCloud Mailer

X-Spam_score: 21.0

X-Spam_score_int: 210

X-Spam_bar: +++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Investment partnership proposal Hello I am contacting you

because we are seeking a professional with whom we can be involved in partnership

overseas, who also has the ability to manage an investment portfolio in your

country. I am represe [...]



Content analysis details: (21.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[175.158.66.74 listed in will-spam-for-food.eu.org]

[175.158.66.74 listed in will-spam-for-food.eu.org]

[175.158.66.74 listed in will-spam-for-food.eu.org]

[175.158.66.74 listed in will-spam-for-food.eu.org]

[175.158.66.74 listed in will-spam-for-food.eu.org]

[175.158.66.74 listed in will-spam-for-food.eu.org]

[175.158.66.74 listed in will-spam-for-food.eu.org]

[175.158.66.74 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[175.158.66.74 listed in dnsbl.ahbl.org]

[175.158.66.74 listed in dnsbl.ahbl.org]

[175.158.66.74 listed in dnsbl.ahbl.org]

[175.158.66.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[175.158.66.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[175.158.66.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[175.158.66.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[175.158.66.74 listed in dnsbl.ahbl.org]

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: pepipost.net]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[chewa6480(at)gmail.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words

0.0 HK_NAME_MR_MRS No description available.

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 MIXED_HREF_CASE Has href in mixed case

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

2.5 CONTENT_AFTER_HTML More content after HTML close tag + other spam

signs

2.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)

Subject: {SPAM?} Investment partnership proposal ..



--===============0279759135==

Content-Type: text/plain; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body





Investment partnership proposal

Hello



I am contacting you because we are seeking a professional with whom we can =

be involved in partnership overseas, who also has the ability to manage an =

investment portfolio in your country. I am representing a group of prospect=

ive investors from China.

=



The proposed investment profile will be large in volume and scale, but beca=

use of the restrictive employment regulations in China, I cannot do this wh=

ile under state employment, hence this proposal.

=



My primary preference is for someone from your country with your profession=

al background, hence this proposal to you. I would like to know if you are =

disposed to that kind of engagement, so that we may open further conversati=

on along that line and provide you additional details.

=



The civil service and employment regulations here prohibit me from getting =

involved in private oversea business, while under government or corporate e=

mployment, hence this proposal to you, in view of your impressive profile.



If you indicate interest, I can send you my ID'S, so you can have a better =

knowledge of who you are dealing with, and I can communicate further detail=

s of the proposal to you. Reply me via this email address chewandrew406@gma=

il.com

=





I look forward to your response if this appeals to you.

Regard



Mr. Andrew Chu



--===============0279759135==

Content-Type: text/html; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body




=3Diso-8859-1"/>
Investment partnership proposal
Hello<=


/PRE>
I am contacting you because we are seeking a professional with wh=


om we can be involved in partnership overseas, who also has the ability to =


manage an investment portfolio in your country. I am representing a group o=


f prospective investors from China.
      =


   
The proposed investment profile will be large in volume an=


d scale, but because of the restrictive employment regulations in China, I =


cannot do this while under state employment, hence this proposal.
 =


        
My primary preference is for=


 someone from your country with your professional background, hence this pr=


oposal to you. I would like to know if you are disposed to that kind of eng=


agement, so that we may open further conversation along that line and provi=


de you additional details.
       
The =


civil service and employment regulations here prohibit me from getting invo=


lved in private oversea business, while under government or corporate emplo=


yment, hence this proposal to you, in view of your impressive profile.

>
If you indicate interest, I can send you my ID'S, so you can have a b=


etter knowledge of who you are dealing with, and I can communicate further =


details of the proposal to you. Reply me via this email address 

mailto:chewandrew406@gmail.com">chewandrew406@gmail.com
 
=



I look forward to your response if this appeals to you.
Regard

>
Mr. Andrew Chu
=0A=


Click 

=3DZ0wBAgJRBQVRThJBQkUWE0ISGEMQRkETEhAXFxEYGUYSEBETE0MVE0MSEkFCRRYTQgJEB1EQ=


BHNcXAVcH1lbSFFRTQIEVAYKVgcKUlBTBwpQAQhSTA4VR0IKGBhVXVUPRFVDSh0FXEEQRlAADA5=


YWgVXSgpRSAJcXx9yZHByfS58aXYMWgdJRVA=3D">here to unsubscribe

'http://delivery.firstbanknigeria.com/ESAJDHNYG?id=3D112062=3DfUwBAgJRBQVRT=


hJBQkUWE0ISGEMQRkETEhAXFxEYGUYSEBETE0MVE0MSEkFCRRYTQgJEB1EQBHNcXAVcH1lbSFFR=


TQIEVAYKVgcKUlBTBwpQAQhSTA4VR0IKGBhVXVUPRFVDSh0FXEEQRlAADA5YWgVXSgpRSAJcXx9=


yZHByfS58aXYMWgdJRVA=3D' />=








--===============0279759135==--

Web/SEO/App spam from Google Gmail Part 2

Posted by Dave Yadallee on


Content preview: Greetings, I was reviewing your website and found that certain

keywords are not performing well and holding back your traffic growth. I

have a few simple solutions to solve this.



Content analysis details: (9.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:400:347:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:347:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:347:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:347:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:347:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:347:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:347:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:347:0:0:0:7 listed in]

[will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.74.78 listed in dnsbl.ahbl.org]

[52.103.74.78 listed in dnsbl.ahbl.org]

[52.103.74.78 listed in dnsbl.ahbl.org]

[52.103.74.78 listed in dnsbl.ahbl.org]

[2603:1096:400:347:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:1096:400:347:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:1096:400:347:0:0:0:7 listed in]

[dnsbl.ahbl.org]

[2603:1096:400:347:0:0:0:7 listed in]

[dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.74.78 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.74.78 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.74.78 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.74.78 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.74.78 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.2 MISSING_HEADERS Missing To: header

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[sonakshi3142(at)outlook.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[sonakshi3142(at)outlook.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.74.78 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Re: SEO Price structure?



--_000_TYUPR01MB53546A520459E758C054A183D24CATYUPR01MB5354apcp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Greetings,



I was reviewing your website and found that certain keywords are not perfor=

ming well and holding back your traffic growth.



I have a few simple solutions to solve this.



Shall I share our work portfolio and price structure?



Warm regards,



Sonakshi



--_000_TYUPR01MB53546A520459E758C054A183D24CATYUPR01MB5354apcp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








color: rgb(0, 0, 0);">

Greetings,



color: rgb(0, 0, 0);" class=3D"elementToProof">

 



color: rgb(0, 0, 0);" class=3D"elementToProof">

I was reviewing your website and found that certain keywords are not perfor=

ming well and holding back your traffic growth.



color: rgb(0, 0, 0);" class=3D"elementToProof">

 



color: rgb(0, 0, 0);" class=3D"elementToProof">

I have a few simple solutions to solve this.



color: rgb(0, 0, 0);" class=3D"elementToProof">

 



color: rgb(200, 38, 19);" class=3D"elementToProof">

Shall I share our work =

portfolio and price structure?



color: rgb(0, 0, 0);" class=3D"elementToProof">

 



color: rgb(0, 0, 0);" class=3D"elementToProof">

Warm regards,



color: rgb(0, 0, 0);" class=3D"elementToProof">







color: rgb(0, 0, 0);" class=3D"elementToProof">

Sonakshi








--_000_TYUPR01MB53546A520459E758C054A183D24CATYUPR01MB5354apcp_--

Web/SEO/App spam from Google Gmail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 Mar 2026 09:03:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3bN8-00000000BD2-2Gey

for dave@doctor.nl2k.ab.ca;

Fri, 20 Mar 2026 09:02:46 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 Mar 2026 09:02:46 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [52.103.74.78] (port=50923 helo=SEYPR02CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3Z0J-000000002fh-17Qf

for root@nk.ca;

Fri, 20 Mar 2026 06:31:14 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=Nh3sYdlohBKi9g3ZHv94BFdDhqkwNN/bKSknSJLc5fbWNCjPQ3/DM4b+DZLs0sQRMUOExxUswmeS1mnlMbQu196PPHvedsHU5WF68ICQV6UJIRmODLp1ZBKV3EtkY0P+UFjff3HFfikznTncC0fOLXSAZIez/iSt1aFbPUfWPhlCqFXE6ShhWjfTJjon8/wBQxOfvgh55eXuLE9FCERBl26tjzH54657gcv0C45H+ds6LML07Dk+7QRJCVX4jAqWKMnZB8hJQywDw6BjnaNw1jvZpGia8Ifa2cPi6Sqs3hALan7zEze7QLZMcxqNBXnW3WxViozTo/Az39Y/U/7Pbw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=F2mo7fomuYvtcjezQxlVco2WmfIJDKgU2PayVjojZoI=;

b=L4fjPqVMwpbos+hNNbQJ7XKeZHkJNLsqjNPJIyXNCI9loIa5Ut7Bm6F80PuhHDnh4Gqi3CVS0K1VyM7iJR+L4TNcR0XpqRaYtafeB2+zjPkVNzlZGkXWnA7LmDyH9/3CjfhSL1wB0JOUKrJs/dDjBuSgTpabGSmQRPZyH3gOGXOIUb53I4gDW+07Z5VfzPFbqKy5a6oAeUzvafaGmmQpzUGwsx7AigmhxaBTC17zj8msk1Pkob0HegbVRmKlt99sd57ftpbKb0KqKLbPLDh+aM9tDkktoXsgKZFL6FpthnLaDm+s6nb99OIK/dDa7Y911LCikIApQ3Xogx7WIvUz7w==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=F2mo7fomuYvtcjezQxlVco2WmfIJDKgU2PayVjojZoI=;

b=EUJwjfuYufRVXvcT9jSKK7W5aPLnvhdIWizNLBcgcANdZlMETgWvRTnWy5Pkv00PLwV9Y6t5aMmRX6QmZTGa2ALi3p1EZYcNDS3S2XwcThCicSftKeswzxhAeK4swXpC4QpRjabaUUdhAXfJbD4hjZeiKwBk2jmLpH+hbQKKeTW9PumIl2N9jX2leK7kA+sVSUPr+3a/M7LJugucS7P4Y+eKhFrCRUaUJR0QvOF1TydGid0NVb0ROyGwomy//l8EecDTGw28+obroOp6NydarFWvzrd3rQLyk63Ymyh4Vn0n1VvoGqoAEl6Bh/NjW+jwErvBO71U9jP2p3Nej7PXoA==

Received: from TYUPR01MB5354.apcprd01.prod.exchangelabs.com

(2603:1096:400:347::7) by OSNPR01MB7881.apcprd01.prod.exchangelabs.com

(2603:1096:604:45f::10) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9723.19; Fri, 20 Mar

2026 12:29:48 +0000

Received: from TYUPR01MB5354.apcprd01.prod.exchangelabs.com

([fe80::5825:5ba4:cc86:b5d8]) by TYUPR01MB5354.apcprd01.prod.exchangelabs.com

([fe80::5825:5ba4:cc86:b5d8%5]) with mapi id 15.20.9723.019; Fri, 20 Mar 2026

12:29:45 +0000

From: Sonakshi Shing

Subject: Re: SEO Price structure?

Thread-Topic: SEO Price structure?

Thread-Index: AQHcuGQCXjx4Erk3lkCVYFnLrM40JQ==

Date: Fri, 20 Mar 2026 12:29:45 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: TYUPR01MB5354:EE_|OSNPR01MB7881:EE_

x-ms-office365-filtering-correlation-id: d41b6083-f7cd-41f7-d55a-08de867c5e99

x-microsoft-antispam:

BCL:0;ARA:14566002|8060799015|37011999003|20031999003|7071999006|22091999003|8062599012|15030799006|15080799012|24121999003|24071999003|39105399006|19110799012|31061999003|461199028|40105399003|51015399003|3412199025|440099028|102099032;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?jP20chAIhleP1IUWiSYtGiAyZWyVzGAaUAx3dbKEaAtwi+zVu6e1LrtD8a?=

=?iso-8859-1?Q?vkO0BF6BtF7OL8kiXRi0uLCIknGaLcWjjvjKxL+NysF5UyXCRg5LdeIjR4?=

=?iso-8859-1?Q?swrXhNg4W39fH1YDXZWhKUA20Wy/++QWXRQbLbUf7tGP4tyAbDD1NPaoW1?=

=?iso-8859-1?Q?Y6JdS6o6MWNeAkqkV4QuCwQrr5PmeTQemNWYcLukgpo28jrYCDnu/HLw8M?=

=?iso-8859-1?Q?QhzzCTxE5M8g2mhqZ9UCVpQ/PmeMx9KW4Qas7NOnyJl1wRT8II1aKmr8zR?=

=?iso-8859-1?Q?O2yWUsgDu4fzOPgDfGFO9HQ+A1/H8A4dphPYadJR9moP2c5BIml6CYWYHV?=

=?iso-8859-1?Q?FvI7fPZdmOAGS2TN4Q0JXY3jYwXzYg28qwO2P/wh2UebB+TmkRf9dbWWNE?=

=?iso-8859-1?Q?Uw4zab+1477dXrGHwmOdGNVqiIViMHrA2QmKi336iqHrlcQXZwZh/1UgsC?=

=?iso-8859-1?Q?C2UhVZDFcrtJYrv+IUAOBDYX1vd1S2jWpI1su4MSt0Q7HBwC2TpV+SK2jr?=

=?iso-8859-1?Q?2seX0kBOD6YFhzeli9MZgzk7Zu5T9rLUM+AK1vYm+i7UHsWY4e+9pKdTxf?=

=?iso-8859-1?Q?oaNdR3O99gbZb850i4DwhjQduMWaHXPtBnh4ZOOBj+cyrQVVnQowRrxQVY?=

=?iso-8859-1?Q?wqS3KGRJWQJyJMyKnFWMx0gtNGJDHSwpXt4mSA6PKOhG/5i1K/ItfZdsWE?=

=?iso-8859-1?Q?TnRx9In0nSmRupNq7QwCDnCbdMDwTK10AtVGoyLoiNY28nj2SdJNypt7Pq?=

=?iso-8859-1?Q?k9eLcDJXnVzqzsno3TqcNFj0LKo9wZaNuP3iXqlAqQWwwPQ/0CHmY0PMrb?=

=?iso-8859-1?Q?+wRWMBtUfCofquJEDjStv8EQLpZG3FG6IKyZFzNDuuQ0ZHcmDVV8ysVWaA?=

=?iso-8859-1?Q?wSOjbC9gYjJlVQS842nZiVIHht5eHVRsdr2VWqJt5epObkdPqahAv1U9h7?=

=?iso-8859-1?Q?GDSszpsVMoE61SboeJnl22uuozqWdKQwUbPNSeXkQT3tb74j1tkY1HYYwl?=

=?iso-8859-1?Q?sp8WUW/cVa6gU+28sKEBxSooAy29VMmRqiMoiiRHUhVpgCmJvk56LbDd54?=

=?iso-8859-1?Q?6zv/d+wyEMsJuwYRMzVSCpvnvVKKJXotSfjb12OzFKxdvHIB29mW24vOx2?=

=?iso-8859-1?Q?r8smThTc5TPgXDH79Z6+Fcqd5V+nn9YjrGupyPYbtmmsCBGP+JmVeKXD1v?=

=?iso-8859-1?Q?+LL82aIQo2jQLw=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?N7v8775MPWycUk2DtZoivELsLlFgtAhdNGv4yL/eFLZpqOny7WrR441scM?=

=?iso-8859-1?Q?4U++/Xo18yyAzlDAy8saOL3udW8m3NW6fYMA6xxrRq+nxccaXtqLaRsZ9N?=

=?iso-8859-1?Q?BssV8KAkbpzKgj6qFkfEwrHGs9avIi+of+Pboj5O5gKVgGi/wIGSJG5DcM?=

=?iso-8859-1?Q?vx5E5SwveZ/GXQAWj/7G4pul0KRMX6XrplZZrAsIiEIu28/RsBU1DKFvdm?=

=?iso-8859-1?Q?kSHiOss4IJl2mB/H4T3Xq9HYGoG+HBRBzquMkjDLuPZe293SbMyYATZq/v?=

=?iso-8859-1?Q?IjiSoZ8ticq5mXLtCcSKwVuGauBicXKF3mWpzmzFmhw9nnwfodXtnYMxNZ?=

=?iso-8859-1?Q?S3DYa5wEp/Dsk6B9XUuyYV5DWg73npDs5kmEfCgfMbEaNbggFiyiAvOJsn?=

=?iso-8859-1?Q?bXhI3qBHMl9aMI7D1IxuCXcToG8Fb2T3a0+e2QT9ykm3quc8CRDKHCJ+ms?=

=?iso-8859-1?Q?j66ohJUGBjKHQSV7DE8H8ZPmFrhHyEWj5XsgrbPuxeGSzRENnXLnmu8q5J?=

=?iso-8859-1?Q?ZlK2smEFl6DoIg1Pp3+eE76wbFx9p+qo+rUU2K4rJJenhEYpiFPYbSDsjf?=

=?iso-8859-1?Q?7CVBcLsj8wgdBlP8lJT6KYCRJmcFpbq7zP4YAccz/pMeiQ0a9vqe2b2GJN?=

=?iso-8859-1?Q?TjRVBusL/9kgmp+0UVZuDHL8oq63ySfd3AwhJHrS7sNECd8jJJfR3fwitO?=

=?iso-8859-1?Q?qR7w3VeWSzhzhmYsnbZFU1ko3KYLJGKhsvQq0CHA3a3+oG993HFaqbwyyR?=

=?iso-8859-1?Q?Y+xZdtmkJym1YCT4FyRhZ3UaMclbJl9HpRi1UZJ4lW2pEvXzhUsXpJoCbn?=

=?iso-8859-1?Q?0qjkahCt4NrLT0caD1Om6YJxErFaBVqY12ZbQKpV05Y3dp7tihHNeTvcDH?=

=?iso-8859-1?Q?zMUgc1wDEtoVWY8AAwWUn5Pyl8Q/YGtxkTZ2eMT8pbXAacjGkZC1V/h1pj?=

=?iso-8859-1?Q?TgiAKtCJetl894Yamasc1P8Mw81qSu2bDfrL5msr37A2d7ToUB246+zy1e?=

=?iso-8859-1?Q?AVWMUshD8Jt2YkaF8eF6lsQ8y+/Y+7D/aGwoPbquw2MIWFoKWrtYpembMF?=

=?iso-8859-1?Q?wpII3pHxM2jC8qM7Qe5rG3QtRG1/5Wiv2LNrWUZxNSQmX5IrxyqEHvh6y5?=

=?iso-8859-1?Q?KF+ADWAbG2tZU5uEz76W3ebfzLdZSLXG0NKu9LMHErEsskvnGD2dMgpzku?=

=?iso-8859-1?Q?kRecItk+fbh6DjPSbdyKssgHlasL9HpvDcGCq02jq2YDFtxAs7Oo7XKi7g?=

=?iso-8859-1?Q?ph+J5N1uh599EcFMv5BJNy0/jAz6RYvKznMB/T3Thm1LeClWKEaJQJ1GJ3?=

=?iso-8859-1?Q?bgvZTyX/FWmyaGaHiDs+nS3A84hBcH/E6OLfJwno69tG4TxSLmvszlPcJ7?=

=?iso-8859-1?Q?g3+rwAMP3xDl0nZyTRyYj/A7m/u/7Rl2LhIi7xam3QJcDvtX0TdYw/749/?=

=?iso-8859-1?Q?VD+AWHVT+TNVtRthXZVEbOn7k53dwSwfrgZkScIE5oLIixFKmvPa3e0SeT?=

=?iso-8859-1?Q?n33LrFnco6PnpuzfBcfTcN?=

Content-Type: multipart/alternative;

boundary="_000_TYUPR01MB53546A520459E758C054A183D24CATYUPR01MB5354apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: TYUPR01MB5354.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: d41b6083-f7cd-41f7-d55a-08de867c5e99

X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Mar 2026 12:29:45.3824

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: OSNPR01MB7881

X-Spam_score: 9.0

X-Spam_score_int: 90

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Loan Phish from Google Mail Part 2

Posted by Dave Yadallee on
Content analysis details: (13.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.221.50 listed in dnsbl.ahbl.org]

[209.85.221.50 listed in dnsbl.ahbl.org]

[209.85.221.50 listed in dnsbl.ahbl.org]

[209.85.221.50 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.221.50 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.221.50 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.221.50 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.221.50 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.221.50 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.221.50 listed in sa-trusted.bondedsender.org]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.221.50 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.50 listed in will-spam-for-food.eu.org]

[209.85.221.50 listed in will-spam-for-food.eu.org]

[209.85.221.50 listed in will-spam-for-food.eu.org]

[209.85.221.50 listed in will-spam-for-food.eu.org]

[209.85.221.50 listed in will-spam-for-food.eu.org]

[209.85.221.50 listed in will-spam-for-food.eu.org]

[209.85.221.50 listed in will-spam-for-food.eu.org]

[209.85.221.50 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.50 listed in wl.mailspike.net]

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.221.50 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.221.50 listed in bl.score.senderscore.com]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[gatewayloans02(at)consultant.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[southafricapolice09(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[southafricapolice09(at)gmail.com]

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 T_FREEMAIL_DOC_PDF MS document or PDF attachment, from freemail

2.7 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

2.6 FREEMAIL_DOC_PDF_BCC MS document or PDF attachment, from freemail,

all recipients hidden

0.0 T_FREEMAIL_DOC_PDF_BCC MS document or PDF attachment, from freemail,

all recipients hidden

Subject: {SPAM?} Dear Sir / Madam,



--000000000000541ba7064d736054

Content-Type: multipart/alternative; boundary="000000000000541ba6064d736052"



--000000000000541ba6064d736052

Content-Type: text/plain; charset="UTF-8"



Are you a business individual, seeking for capital to expand your Business

,A student asking for college loan, credit debts ,medicalexpenses or a

personal Loan. Gateway Trust Loans. We pride ourselves in giving out Loans

without credit report, with a credit score below 650 ,We give capital Loan

with low Interest of 20% for a Duration time of 1-12 years. Depends on the

amount.We also welcome collaboration with certified introducers and

brokers. Successful intermediaries who connect our firm with qualified

project owners are entitled to a 2% commission on the total loan amount

upon closing.Please contact us with your Loan request full names phone

number and Country code.I am pleased to inform you About Our Solution as

follow1.Personal Loan and2.Business Expansion,3.Business

Start-up,4.Education support5.Debt consolidation6.Credit card debt7.Home

Loan,8.Investments Loans9.Commercial Loans10.Car FinanceOffering long-term

debt financing solutions designed to support project development and

business expansion initiatives.Contact Person us now. Best RegardsGateway

Trust LoanInvestment & Loan Consultant.



--000000000000541ba6064d736052

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




=3D"ltr">
Are you a business =

individual, seeking for capital to expand your Business ,A student asking f=

or college loan, credit debts ,medical
expenses or a personal Loan. Gate=

way Trust =C2=A0Loans. We pride ourselves in giving out Loans without credi=

t report, with a credit score below 650 ,
We give capital Loan with low =

Interest of 20% for a Duration time of 1-12 years. Depends on the amount.
r>
We also welcome collaboration with certified introducers and brokers.=


Successful intermediaries who connect our firm with qualified project =

owners are entitled to a 2% commission on the total loan amount upon closin=

g.

Please contact us with your Loan request full names phone number =

and Country code.


I am pleased to inform you =C2=A0About Our Sol=

ution as follow

1.Personal Loan and
2.Business Expansion,
3.Bu=

siness Start-up,
4.Education support
5.Debt consolidation
6.Credit=

card debt
7.Home Loan,
8.Investments Loans
9.Commercial Loans
=

10.Car Finance

Offering long-term debt financing solutions designed =

to support project development and business expansion initiatives.

C=

ontact Person us now.

=C2=A0 =C2=A0Best Regards

Gateway Trust=

Loan
Investment & Loan Consultant.








pdf attached

Loan Phish from Google Mail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 Mar 2026 05:59:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3YUX-00000000Peh-2doI

for dave@doctor.nl2k.ab.ca;

Fri, 20 Mar 2026 05:58:13 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 Mar 2026 05:58:13 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-wr1-f50.google.com ([209.85.221.50]:44101)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3YTq-00000000PJB-19hE

for doctor@mail.nl2k.ab.ca;

Fri, 20 Mar 2026 05:57:41 -0600

Received: by mail-wr1-f50.google.com with SMTP id ffacd0b85a97d-43b4121c40aso1317299f8f.0

for ; Fri, 20 Mar 2026 04:56:41 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1774007794; cv=none;

d=google.com; s=arc-20240605;

b=HsZdatdKalSQqRqKpMDqFdyoDESJwB8QvP5R9gObqHZkXBvFH7CVV2MiMJZ+f4HtG1

NgvFkCQ33P9cXE/ee8A0PghAg/DFriqyCx6YS+GXueCDmxszjrH8Zf9ZqwlpR8nk5bri

Wqa8IJMGdTsxZOaTpNuDFaYWblwI+J2d4Lrr8rIXkWZaYC14fiCKSchyy1ns/9ybZMdW

3AcJrYSU2luTuAg4ekBPnQsHD3fon2uE8rZvyJ9RSrczOoIn9UF4vKOfF7/ajnzlWKOT

HORXiP+OMyN6tLWjGEASXgaiHSm7H9/WAXf4jZPLjvVpuB5dyEkrmuhmlGYOCCU6wCJI

XfFA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:in-reply-to:references

:mime-version:dkim-signature;

bh=CWuHfrihO64MIIWwr28t8kN//Hee7frgw+8ZsWymWIE=;

fh=1qbzfRtePwibdvQMkpxK1LVZkDjLfTFEWR7SYoIkbPA=;

b=QMKhEbW+8lSFZdn1QSN8Ae3SsO/cZpuRECmabSxJnYaZdtC8VSl5Mc5691fKD01ZZu

o+zj3tOsDPiFaOKUpekjKmeUNoxljwH42Pcb22AyEh53QNGyGs2TVfnkwT+zPKC2ta6U

+qQG7Sm+Al7HUDzvZ0U4o7XF1EedlsIiymZPkwVpYtyF6ScIIaWQZSPJ/zT9d/3cvenW

ymM/+HA980gLpoQS33zTSHEeoPmRckW6YdXbYQ4F6RL/PkMAnypx71L59Krn4mCpb28C

+X16VpmbDRHcWDwTHupVYw1z7kUov/UQtkuyIJ1Xtu/ka5tVEuK/gEGx4c2d7ZpSEVHl

W1wA==;

darn=mail.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1774007794; x=1774612594; darn=mail.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:in-reply-to:references

:mime-version:from:to:cc:subject:date:message-id:reply-to;

bh=CWuHfrihO64MIIWwr28t8kN//Hee7frgw+8ZsWymWIE=;

b=eIDldaMFWkVesWLlk8HHazUeJ56TReG9gq8xYsilH4AufPWiQ+pwWFx4hsLJeFIH/4

EqiToojRA3jNsXbZIp53xV0all91+05vB6SEesOKuDLxyMckAMFaa0ggSBp987TMLZw1

XqQBLDmjFRIFsJuItxDqqbZeVgu6u0A3AO6GFUZ9dQtyirja5iGC7acHKUVfDvcf7kbF

75eN1fejvLuZ8hUcR2WwrjwE3C3mNCYtd55qIkCaGFFy4xrGkrVNSv559DGgTxI8mwdb

6sinKHinur9sVY0ke/e5pU74QX2IbdlZPVhBnLhpBWdK+2r6vwgL/KuTmI0RZW3t7Lkk

17WA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774007794; x=1774612594;

h=to:subject:message-id:date:from:reply-to:in-reply-to:references

:mime-version:x-gm-gg:x-gm-message-state:from:to:cc:subject:date

:message-id:reply-to;

bh=CWuHfrihO64MIIWwr28t8kN//Hee7frgw+8ZsWymWIE=;

b=BBbh4cp0KMvUFqle361cKGcT1Mbmg1bIId7oj3sATtcH4KxvOK+7fABIY1F7lTXiJu

ihtcidYzHxp0L6MBKgiCFR90Qpu2qon5W2kVq25pY0dj36PFfAosHUdB9mZLjqekggb1

ymNBIpE38LbA/P8xeNLEO/XvL2qWo9NFM+8xKLiXyGZor2A25ckuuS2KvcESPm1VeyRV

a4973NryJCLZ6HaYCMNMLDlyyOPP2QZvVQIEf6jBf8luut4JvqVXMloDk5mnldD7JzW/

g/FXcGR5d8EGmP4uGPymTf97bClw6x69JKHgidMS5RoskrlPZtYrOoxpksvL09IcL9Zd

uXWA==

X-Forwarded-Encrypted: i=1; AJvYcCUJq5lLPi1PEYnTHxke8T/FIBODdXEfkMrLZMn8iikdHJZNc8JfEtolN+TwTw8PoaxRrxHGI+A=@mail.nl2k.ab.ca

X-Gm-Message-State: AOJu0YxTOaCUPkbz4kC4+n0RrnHAvg1vLaNqt+zuRKmy/dKE61IjW8EB

m3Pb+J1uEI2NVoL8E81H8vGy8ylIjkttflXDEYzKKbnog8oOnbQ+JwQ6OnWCF2YSxeqQVbQ7ZnF

HQRLwZbcy/NHrvNoaIlPJfvYlFAbqKlE=

X-Gm-Gg: ATEYQzzUlQ6oyRMpHV+MuI3ifYBD4JgF35xlO/ND/tyqQrQJ80an7Yr+kdQf0CcqgDg

tH6NVCSlHE32KL4R8k8HpAoExyalMlvSHQfjzMwFecwct2Wf+ZUh1lKb96xOxZ/dgU65tPQKTvy

+f9itdk9Go2ZSULSc/tcZ/QolDh8ukHN2tHB+2jwfOZCrNyegeWIZUCFllnhmiSOMbby7dBpqFO

eNJLzwZraRBYaVO/33oXAiPKwFpBrs8hI6TqaYzFcUMg32+ujSuk6s4qb+RvKn01pzk5YM3KEWX

wGwgvMrGTubb1A==

X-Received: by 2002:a05:6000:2007:b0:43b:4e13:2213 with SMTP id

ffacd0b85a97d-43b6428baa5mr5097408f8f.51.1774007792940; Fri, 20 Mar 2026

04:56:32 -0700 (PDT)

MIME-Version: 1.0

References:



In-Reply-To:

Reply-To: gatewayloans02@consultant.com

From: GATEWAY TRUST LOAN

Date: Fri, 20 Mar 2026 13:56:18 +0200

X-Gm-Features: AaiRm53QMNSMn1dhi-rmPc8oXyQWf82Nt1lk3Cn8wMyMiar1Yeb27H8CVti2kQY

Message-ID:

Subject: Dear Sir / Madam,

To: undisclosed-recipients:;

Content-Type: multipart/mixed; boundary="000000000000541ba7064d736054"

Bcc: doctor@mail.nl2k.ab.ca

X-Spam_score: 13.3

X-Spam_score_int: 133

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: *Are you a business individual, seeking for capital to expand

your Business ,A student asking for college loan, credit debts ,medicalexpenses

or a personal Loan. Gateway Trust Loans. We pride ourselve [...]

Cloud Credential Phish from Google Gmail Part 2

Posted by Dave Yadallee on
















Cloud Disabled













Sent automatically by Cloud Services. Unsubscribe.









--000000000000eb866e064d70e02b--

Cloud Credential Phish from Google Gmail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 Mar 2026 05:41:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3YDU-00000000PyK-2Hmy

for dave@doctor.nl2k.ab.ca;

Fri, 20 Mar 2026 05:40:36 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 Mar 2026 05:40:36 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ot1-f70.google.com ([209.85.210.70]:56637)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3Vgm-00000000CjH-0b9O

for root@nk.ca;

Fri, 20 Mar 2026 02:58:47 -0600

Received: by mail-ot1-f70.google.com with SMTP id 46e09a7af769-7d7e995a87cso8629137a34.1

for ; Fri, 20 Mar 2026 01:57:51 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1773997065; x=1774601865; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=QOHq7jyCdSP8vzHUidZSCnti7MOpsZPIfQEjn/+cFXc=;

b=BVVHOWmHj9ud9scEpE24XjGENVEliNImQP9QT20poGmiwJeDnwf0Y2JqZ9sSzeUMI1

NUZx5P3AZoo7hQOHS6HytqhNLquDine8xVazBjFhCNbwXF6AQQfsD/e7FhAdgFQmjwtS

Nk/FFzlolR2Qsv2lWJiFEHRvni3m8tVoLO9Kqb1sObkDqKL0P+1Hiy58b1/zavzvb19p

yjdZaCUoTh8WPGaf36vE3FiU7So79u3l+Svt3smoSeVtIDJ/p95zQWsjdiI3nJV/6EOZ

p+vsl2xJ16OJn3fTLbafPGVl4GfKFiSBrxUWr316fDSiYKRcNRSybf/r0YIU08z9xsij

NMQQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1773997065; x=1774601865;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=QOHq7jyCdSP8vzHUidZSCnti7MOpsZPIfQEjn/+cFXc=;

b=AXimz4t4lALRt+S7rTH+wNVmxef8s2NCTxYicdT3F8pRmZMvVSQ4jPVE16cuANRu6K

zAlm6sBHwzVUrnR6BfaTESVBDYQuoz5+lY8GI0p2ytCBcOVfWTSB9xPd7YcLJMSwgQU3

EJps5n4Iag9AFirYm5CKNQQjmXzQIVnWWYlVflnh/EtNCXImsK/mSYhnhCUNEO8rKmql

O1uNfN80nXh5zNFOtJpxcjUvGP/DOY9RLuaRMR7QLwhPTOgInurkkLAB/dsQMq7LsZF6

l08DEjRMDa4iOjT/rgnzRbacqHoScbeNhe6rAQfpYiBZAKseldNCRmEQJQtA5I0MwgSa

kTOA==

X-Gm-Message-State: AOJu0YzBlP1ONDh71stGa0XWV8QrLnmiFd3pSazw/W/bEc9aXYI5Zu+L

B2dDrLPtusTkGPypqq5viTrt7YBRGDK85E5gGD4G9qRT9FsJECE2bMH9gfFmvKiJAWCVJPtWFHp

yisgKz0O3/Q==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:138f:b0:67b:f1c8:edc2 with SMTP id

006d021491bc7-67c22fab1d8mr1865478eaf.54.1773997065471; Fri, 20 Mar 2026

01:57:45 -0700 (PDT)

Message-ID: <000000000000eb867e064d70e02e@google.com>

Date: Fri, 20 Mar 2026 08:57:45 +0000

Subject: Storage Limit Reached (100%)

From: Cloud Storage

To: root@nk.ca

Content-Type: multipart/alternative; boundary="000000000000eb866e064d70e02b"

X-Spam_score: 5.0

X-Spam_score_int: 50

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: ! System Alert: Uploads Paused Disabled Your Cloud is Disabled





Content analysis details: (5.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.210.70 listed in will-spam-for-food.eu.org]

[209.85.210.70 listed in will-spam-for-food.eu.org]

[209.85.210.70 listed in will-spam-for-food.eu.org]

[209.85.210.70 listed in will-spam-for-food.eu.org]

[209.85.210.70 listed in will-spam-for-food.eu.org]

[209.85.210.70 listed in will-spam-for-food.eu.org]

[209.85.210.70 listed in will-spam-for-food.eu.org]

[209.85.210.70 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.210.70 listed in dnsbl.ahbl.org]

[209.85.210.70 listed in dnsbl.ahbl.org]

[209.85.210.70 listed in dnsbl.ahbl.org]

[209.85.210.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.210.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.210.70 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.210.70 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.210.70 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.210.70 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.210.70 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Storage Limit Reached (100%)



--000000000000eb866e064d70e02b

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes



!



System Alert: Uploads Paused





Disabled

Your Cloud is Disabled



We cannot sync your photos or documents because your storage is full and

your subscription is inactive.





Used: 50.0 GB Limit: 50.0 GB

Reactivate Storage Now





Sent automatically by Cloud Services. Unsubscribe.



--000000000000eb866e064d70e02b

Content-Type: text/html; charset="UTF-8"

DHL Phish from Mailgun Part 2

Posted by Dave Yadallee on














































DHL


DHL Delivery Notification



Hello,





We would like to inform you that your package has arrived at our facility and is ready for delivery.



















Tracking Number:

cs45******





Status: Received at local DHL terminal





Action Required: Confirm delivery and pay pending charges




Pending Charges





To proceed with delivery, a standard handling and processing fee of $12.47 USD is required.



























Confirm and Pay Now






Need Assistance?







Thank you for using DHL .



Sincerely,
DHL

















Privacy Policy |

Terms & Conditions





This message was sent to you because you previously interacted with our delivery services.



© 2025 DHL . All rights reserved.










 






DHL Phish from Mailgun Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 Mar 2026 05:41:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3YDI-00000000POg-3diC

for dave@doctor.nl2k.ab.ca;

Fri, 20 Mar 2026 05:40:24 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 Mar 2026 05:40:24 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from v5247.v595b88b3.use4.send.mailgun.net ([143.55.235.247]:39412)

by doctor.nl2k.ab.ca with utf8esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3UtF-000000009rw-1n2G

for root@nk.ca;

Fri, 20 Mar 2026 02:07:37 -0600

DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mx5.gtcmail.com; q=dns/txt; s=k1; t=1773993992; x=1774001192;

h=Content-Type: Content-Transfer-Encoding: Message-Id: List-Unsubscribe: Reply-To: To: To: From: From: Subject: Subject: Mime-Version: Date: Sender: Sender;

bh=zit7oUkmzwFF9PV1SFOPC6uW6nO3HkT8wPgkIDJHKy4=;

b=NkB1Dm1RelfLlJTMqce2+fLrgZN9BZgVgJV3ATiFx4C5DLDl0pkkMgxW9Gf9sGDnIH6WtBtwKroW7F1iSeTAidHG6Usvr9mXC+aTSZFXNoOqab4cA0tVCXlCem7gv80wSPisRAbc1pe29hycnFfgYCjp+MgDLvB3izDE9ycFU001Q6Q9SK8YksLkl219URKhIrMVpcVsI63/TS2bCDxKySq83VKTwhUqFrCYQSgY/sg0erCB3ld6+htY+V2GFnz8vj+fL3e2JPzoEDj/8fkzQE2Jb0Mg/Ooo5OHhX4dxSEgYuKcFGPjzdBnJ8AJ5f7up3AjezWOtStYQ8yTxLxpSvw==

X-Mailgun-Sid: WyI5OGM5YyIsInJvb3RAbmsuY2EiLCJmN2VjZWYiXQ==

Received: by e9ee55880790d515b4d723968c5cd4491322f6f4b35ddb5e802876b8c7271e36 with HTTP

id 69bd00083988ca445d131017; Fri, 20 Mar 2026 08:06:32 GMT

X-Mailgun-Sending-Ip: 143.55.235.247

Sender: info@mx5.gtcmail.com

Date: Fri, 20 Mar 2026 08:06:32 +0000

Mime-Version: 1.0

Subject: Confirm delivery and pay pending charges

From: DHL

To: root@nk.ca

Reply-To: support@mx5.gtcmail.com

List-Unsubscribe:

Precedence: bulk

Message-Id: <20260320080632.484a014a1e2a0174@mx5.gtcmail.com>

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset=ascii

X-Spam_score: 10.6

X-Spam_score_int: 106

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: DHL Delivery Notification DHL Delivery Notification



Content analysis details: (10.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[143.55.235.247 listed in dnsbl.ahbl.org]

[143.55.235.247 listed in dnsbl.ahbl.org]

[143.55.235.247 listed in dnsbl.ahbl.org]

[143.55.235.247 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[143.55.235.247 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[143.55.235.247 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[143.55.235.247 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[143.55.235.247 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: gtcmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

1.2 READY_TO_SHIP BODY: No description available.

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

Subject: {SPAM?} Confirm delivery and pay pending charges















DHL Delivery Notification

DHL Phish from Mailgun Part 2

Posted by Dave Yadallee on














































DHL


DHL Delivery Notification



Hello,





We would like to inform you that your package has arrived at our facility and is ready for delivery.



















Tracking Number:

cs45******





Status: Received at local DHL terminal





Action Required: Confirm delivery and pay pending charges




Pending Charges





To proceed with delivery, a standard handling and processing fee of $12.47 USD is required.



























Confirm and Pay Now






Need Assistance?







Thank you for using DHL .



Sincerely,
DHL

















Privacy Policy |

Terms & Conditions





This message was sent to you because you previously interacted with our delivery services.



© 2025 DHL . All rights reserved.










 






DHL Phish from Mailgun Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 20 Mar 2026 05:41:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3YCz-00000000OTa-2bSo

for dave@doctor.nl2k.ab.ca;

Fri, 20 Mar 2026 05:40:05 -0600

Resent-From: The Doctor

Resent-Date: Fri, 20 Mar 2026 05:40:05 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from v5247.v595b88b3.use4.send.mailgun.net ([143.55.235.247]:56354)

by doctor.nl2k.ab.ca with utf8esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w3UBs-000000007f6-0zmy

for doctor@doctor.nl2k.ab.ca;

Fri, 20 Mar 2026 01:22:47 -0600

DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=mx5.gtcmail.com; q=dns/txt; s=k1; t=1773991300; x=1773998500;

h=Content-Type: Content-Transfer-Encoding: Message-Id: List-Unsubscribe: Reply-To: To: To: From: From: Subject: Subject: Mime-Version: Date: Sender: Sender;

bh=MlMDAGY/ymuU18rdfwz6vONU55YldFiOlBZJg2XsLK0=;

b=JOY1pIc+0jsjoLmHg/0D6wsXHX1Zp6cllkQysBFMPxlmMvulbq3bJVZRt6xIA2l63c2MH3jpHmPJhU75p+dNVpHyX3Vbyrq9SHUoh0xTa/AEDq/RiovuNFDjqw5Lsp+UrVIrf0UbmY0tg8awVfXImr626uzwCPlStfnNqennivURY/X5JYrg+TTmxFzHoGghjvrL6zcSeB2SxnJGi8u+0G3DYPY8im1jAbPROWlyBrH6Ujr6giN/znM4wHLRDUPbzs6rWQSr/jbiZplZfRBAiIU82Exj4ZO58+fa8vNPNEgu/yY+6kjGK0aksSeof/P1MYf6crFaUMPJVjMChhOptg==

X-Mailgun-Sid: WyI0YWMzOSIsImRvY3RvckBkb2N0b3Iubmwyay5hYi5jYSIsImY3ZWNlZiJd

Received: by ce6f4ed01feb04956439662a2025a7c9dd3d0676158e46f4ba6f0a60e3ee3665 with HTTP

id 69bcf5841e02d796a03d88f9; Fri, 20 Mar 2026 07:21:40 GMT

X-Mailgun-Sending-Ip: 143.55.235.247

Sender: info@mx5.gtcmail.com

Date: Fri, 20 Mar 2026 07:21:40 +0000

Mime-Version: 1.0

Subject: Confirm delivery and pay pending charges

From: DHL

To: doctor@doctor.nl2k.ab.ca

Reply-To: support@mx5.gtcmail.com

List-Unsubscribe:

Precedence: bulk

Message-Id: <20260320072140.8b0daf63eec27bb9@mx5.gtcmail.com>

Content-Transfer-Encoding: 7bit

Content-Type: text/html; charset=ascii

X-Spam_score: 10.6

X-Spam_score_int: 106

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: DHL Delivery Notification DHL Delivery Notification



Content analysis details: (10.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

[143.55.235.247 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[143.55.235.247 listed in dnsbl.ahbl.org]

[143.55.235.247 listed in dnsbl.ahbl.org]

[143.55.235.247 listed in dnsbl.ahbl.org]

[143.55.235.247 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[143.55.235.247 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[143.55.235.247 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[143.55.235.247 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[143.55.235.247 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: gtcmail.com]

-0.0 SPF_PASS SPF: sender matches SPF record

1.2 READY_TO_SHIP BODY: No description available.

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Confirm delivery and pay pending charges















DHL Delivery Notification

DHL Phish Part 2

Posted by Dave Yadallee on












DHL Delivery Notification















































DHL


DHL Delivery Notification



Hello,





We would like to inform you that your package has arrived at our facility and is ready for delivery.



















Tracking Number:

cs45******





Status: Received at local DHL terminal





Action Required: Confirm delivery and pay pending charges




Pending Charges





To proceed with delivery, a standard handling and processing fee of $12.47 USD is required.



























Confirm and Pay Now






Need Assistance?







Thank you for using DHL .



Sincerely,
DHL

















Privacy Policy |

Terms & Conditions





This message was sent to you because you previously interacted with our delivery services.



© 2025 DHL . All rights reserved.