TD Phish
Posted by Dave Yadallee on
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 21 Nov 2025 12:06:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from)
id 1vMWRv-00000000626-2D1W
for dave@doctor.nl2k.ab.ca;
Fri, 21 Nov 2025 12:05:39 -0700
Resent-From: The Doctor
Resent-Date: Fri, 21 Nov 2025 12:05:39 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from smtp1.guam.net ([202.128.81.31]:39832 helo=smtp4.guam.net)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98.2 (FreeBSD))
(envelope-from)
id 1vMVRz-00000000BkF-20SE
for doctor@doctor.nl2k.ab.ca;
Fri, 21 Nov 2025 11:01:46 -0700
Received: from localhost (localhost [127.0.0.1])
by smtp4.guam.net (Postfix) with ESMTP id 8CF6B2006C11;
Sat, 22 Nov 2025 04:00:29 +1000 (ChST)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.guam.net 8CF6B2006C11
X-Virus-Scanned: amavis at guam.net
Received: from smtp4.guam.net ([127.0.0.1])
by localhost (dpacsmtp.guam.net [127.0.0.1]) (amavis, port 10024) with ESMTP
id x56zZnhd9LCi; Sat, 22 Nov 2025 04:00:28 +1000 (ChST)
Received: from [185.170.214.235] (121-55-250-127.d.c100.guam.net [121.55.250.127])
by smtp4.guam.net (Postfix) with ESMTP id 886312006D59;
Sat, 22 Nov 2025 03:59:28 +1000 (ChST)
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.guam.net 886312006D59
Authentication-Results: OpenDMARC; dmarc=fail (p=none dis=none) header.from=teleguam.net
Authentication-Results: OpenDMARC; spf=fail smtp.mailfrom=teleguam.net
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.guam.net 886312006D59
Content-Type: multipart/alternative; boundary="===============1518565766=="
MIME-Version: 1.0
Subject: =?utf-8?q?Mise_=C3=A0_jour_importante_de_votre_compte!?=
To: GreenPay Service Center
From: "TD Bank"
Date: Fri, 21 Nov 2025 09:59:26 -0800
Message-Id: <20251121180029.8CF6B2006C11@smtp4.guam.net>
X-Spam_score: 12.0
X-Spam_score_int: 120
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: TD Bank Dear Customer, We are pleased to inform you about
recent updates to your TD Bank account. Please review your account details
by following the button below. Go to TD Bank Sincerely, TD Bank Cu [...]
Content analysis details: (12.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[121.55.250.127 listed in dnsbl.ahbl.org]
[121.55.250.127 listed in dnsbl.ahbl.org]
[121.55.250.127 listed in dnsbl.ahbl.org]
[121.55.250.127 listed in dnsbl.ahbl.org]
[202.128.81.31 listed in dnsbl.ahbl.org]
[202.128.81.31 listed in dnsbl.ahbl.org]
[202.128.81.31 listed in dnsbl.ahbl.org]
[202.128.81.31 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[121.55.250.127 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[121.55.250.127 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[121.55.250.127 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[121.55.250.127 listed in dnsbl.ahbl.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[121.55.250.127 listed in zen.spamhaus.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[121.55.250.127 listed in sbl-xbl.spamhaus.org]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.0 NO_RDNS2 Sending MTA has no reverse DNS
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} =?utf-8?q?Mise_=C3=A0_jour_importante_de_votre_compte!?=
You will not see this in a MIME-aware mail reader.
--===============1518565766==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
List-Unsubscribe: mailto:?subject=unsubscribe>"
List-Unsubscribe: mailto:?subject=unsubscribe>"
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
TD Bank Dear Customer,
We are pleased to inform you about recent updates to your TD Bank account.
Please review your account details by following the button below.
Go to TD Bank =
Sincerely,
TD Bank Customer Relations
dddddddd
--===============1518565766==
Content-Type: text/html; charset="iso-8859-1"
MIME-Version: 1.0
List-Unsubscribe: mailto:?subject=unsubscribe>"
List-Unsubscribe: mailto:?subject=unsubscribe>"
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Diso-8859-1"/>
rt" />
![3D"TD](3D"htt=<br)
ps://authentication.td.com/uap-ui/assets/img/td-logo.png"> =
IV>G=
o to TD Bank =
ter">
ter">Sincerely,
TD Bank Customer Relationsdddddddd
L>
--===============1518565766==--
------=_NextPart_000_29A78_01DC5B47.AE6BAC90--
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Fri, 21 Nov 2025 12:06:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from
id 1vMWRv-00000000626-2D1W
for dave@doctor.nl2k.ab.ca;
Fri, 21 Nov 2025 12:05:39 -0700
Resent-From: The Doctor
Resent-Date: Fri, 21 Nov 2025 12:05:39 -0700
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from smtp1.guam.net ([202.128.81.31]:39832 helo=smtp4.guam.net)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.98.2 (FreeBSD))
(envelope-from
id 1vMVRz-00000000BkF-20SE
for doctor@doctor.nl2k.ab.ca;
Fri, 21 Nov 2025 11:01:46 -0700
Received: from localhost (localhost [127.0.0.1])
by smtp4.guam.net (Postfix) with ESMTP id 8CF6B2006C11;
Sat, 22 Nov 2025 04:00:29 +1000 (ChST)
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.guam.net 8CF6B2006C11
X-Virus-Scanned: amavis at guam.net
Received: from smtp4.guam.net ([127.0.0.1])
by localhost (dpacsmtp.guam.net [127.0.0.1]) (amavis, port 10024) with ESMTP
id x56zZnhd9LCi; Sat, 22 Nov 2025 04:00:28 +1000 (ChST)
Received: from [185.170.214.235] (121-55-250-127.d.c100.guam.net [121.55.250.127])
by smtp4.guam.net (Postfix) with ESMTP id 886312006D59;
Sat, 22 Nov 2025 03:59:28 +1000 (ChST)
DMARC-Filter: OpenDMARC Filter v1.4.2 smtp4.guam.net 886312006D59
Authentication-Results: OpenDMARC; dmarc=fail (p=none dis=none) header.from=teleguam.net
Authentication-Results: OpenDMARC; spf=fail smtp.mailfrom=teleguam.net
DKIM-Filter: OpenDKIM Filter v2.11.0 smtp4.guam.net 886312006D59
Content-Type: multipart/alternative; boundary="===============1518565766=="
MIME-Version: 1.0
Subject: =?utf-8?q?Mise_=C3=A0_jour_importante_de_votre_compte!?=
To: GreenPay Service Center
From: "TD Bank"
Date: Fri, 21 Nov 2025 09:59:26 -0800
Message-Id: <20251121180029.8CF6B2006C11@smtp4.guam.net>
X-Spam_score: 12.0
X-Spam_score_int: 120
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: TD Bank Dear Customer, We are pleased to inform you about
recent updates to your TD Bank account. Please review your account details
by following the button below. Go to TD Bank Sincerely, TD Bank Cu [...]
Content analysis details: (12.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[121.55.250.127 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
[202.128.81.31 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[121.55.250.127 listed in dnsbl.ahbl.org]
[121.55.250.127 listed in dnsbl.ahbl.org]
[121.55.250.127 listed in dnsbl.ahbl.org]
[121.55.250.127 listed in dnsbl.ahbl.org]
[202.128.81.31 listed in dnsbl.ahbl.org]
[202.128.81.31 listed in dnsbl.ahbl.org]
[202.128.81.31 listed in dnsbl.ahbl.org]
[202.128.81.31 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[121.55.250.127 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[121.55.250.127 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[121.55.250.127 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[121.55.250.127 listed in dnsbl.ahbl.org]
3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
[121.55.250.127 listed in zen.spamhaus.org]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[121.55.250.127 listed in sbl-xbl.spamhaus.org]
1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.7 HTML_IMAGE_ONLY_28 BODY: HTML: images with 2400-2800 bytes of words
0.0 NO_RDNS2 Sending MTA has no reverse DNS
0.0 T_REMOTE_IMAGE Message contains an external image
Subject: {SPAM?} =?utf-8?q?Mise_=C3=A0_jour_importante_de_votre_compte!?=
You will not see this in a MIME-aware mail reader.
--===============1518565766==
Content-Type: text/plain; charset="iso-8859-1"
MIME-Version: 1.0
List-Unsubscribe: mailto:
List-Unsubscribe: mailto:
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
TD Bank Dear Customer,
We are pleased to inform you about recent updates to your TD Bank account.
Please review your account details by following the button below.
Go to TD Bank =
Sincerely,
TD Bank Customer Relations
dddddddd
--===============1518565766==
Content-Type: text/html; charset="iso-8859-1"
MIME-Version: 1.0
List-Unsubscribe: mailto:
List-Unsubscribe: mailto:
Content-Transfer-Encoding: quoted-printable
Content-Description: Mail message body
=3Diso-8859-1"/>
rt" />
ps://authentication.td.com/uap-ui/assets/img/td-logo.png"> =
TD Bank
Dear Customer,
We are pleased to inform you about recent updates to your TD Bank accoun=
t.
Please review your account details by following the button below.
IV>G=
o to TD Bank =
ter">
ter">Sincerely,
TD Bank Customer Relations
L>
--===============1518565766==--
Web/SEO/App Spam from Google Gmail
Posted by Dave Yadallee on
Return-path:
Envelope-to: daave@doctor.nl2k.ab.ca
Delivery-date: Fri, 21 Nov 2025 12:06:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from)
id 1vMWS8-0000000063x-1zfc
for daave@doctor.nl2k.ab.ca;
Fri, 21 Nov 2025 12:05:52 -0700
Resent-From: The Doctor
Resent-Date: Fri, 21 Nov 2025 12:05:52 -0700
Resent-Message-ID:
Resent-To: daave@doctor.nl2k.ab.ca
Received: from mail-pj1-f65.google.com ([209.85.216.65]:47266)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98.2 (FreeBSD))
(envelope-from)
id 1vMWR5-000000005KG-31eS
for sales@nk.ca;
Fri, 21 Nov 2025 12:04:57 -0700
Received: by mail-pj1-f65.google.com with SMTP id 98e67ed59e1d1-3437af8444cso2491992a91.2
for; Fri, 21 Nov 2025 11:04:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=appwebzone-com.20230601.gappssmtp.com; s=20230601; t=1763751835; x=1764356635; darn=nk.ca;
h=content-language:thread-index:mime-version:message-id:date:subject
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=4fMbgCZPmFCU66qVR5NpFCCVSUoRk70uxg7VPOnrMgk=;
b=TQxHlXgsvX0wLhaWY6vL0q5DXG48qO+HMH0XeQuXUVD0LOrPiZJWbcji3df4Gt4geh
ugKTHfOrt6YSwWU2Mb81s8PgDYxyBckW/42MBV7R+tgwNZsC3I2+oTfckTSikAZO65h9
IiF2r8OPox83Pqrzzn20fMwNobC9KkvZKjFbXjbUQt8lx7v61XHAdsJTBe3XQNU3YpvG
+RvRXMvAA3+/dTMLbSzcQNPx/sIEpcP/4Hfy/lXcvRG8AfK/V7wb+tZnMI717wS/ePDY
ThKevtbffH/NM+f+0dh5HujqvywKYzg1i4teo6KthS4AVDCjLpszfxzKRrelN0ciznxv
d7DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1763751835; x=1764356635;
h=content-language:thread-index:mime-version:message-id:date:subject
:to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=4fMbgCZPmFCU66qVR5NpFCCVSUoRk70uxg7VPOnrMgk=;
b=knRo9GONw0YbhOCVsWujN8hI/KGLyAhEHNRx6Sa+/i+6Tskc7yuyDVG7/g6/SE/CFW
SyjA1nCGKcupFUMv9kPXQko3sWqHBUWOkpW3RhxVyGq+JSMcScVQEKteFgjzRwj7enhC
XrWxWpgHO89RYJQ7IbDsPXZH3Xcs+19q3rg2/H83oCQ5VT6WUOC7P7+8qjgGsReavepg
8OxOleCSogT86XlUS9uyOreTTu6IO2Q0cpAFIdEwo2++d9T9Y+PluD0wBDWcOWOyvz1k
NpkNH4c2D6HHwSulzSQ2HnrRly5bc4GvOszR9MUmhkJA3xaszyRKZi3DX7dQ9wAbNPW0
EmLQ==
X-Gm-Message-State: AOJu0Yz1f0/sa77lKtGSTQ6ovKdiG8laGUTahMa+3nSldxyh5LJOdNGC
jkJwHyrJYjDeSvS/T722couuVuv9dc/lUhzL+EVEOtL2KAdaZ4nuQ7TpqYuKIbeyM8CRJFF2vOx
AdoX0s/8=
X-Gm-Gg: ASbGnctev1G6yxb7xsPEa5aUopiFkzWZEuOtl2/5yv0IvHTY4zGQO12RoCpHFj0Z25t
xP1ibux4+TyvDZRYDurj+stbqXgd5g3cPt7x6tlIAitPOwpm9YUPn41IAZdPd17PKaHGJa2EnO7
T/YMqVRTe+x/Ym1jD3WNayOzYGBmk+k5JRqhzXnFa/NLTKaYNy2M5zmzoTPAGihZ+8neyPcbnVj
nnaXNz1K5VokLDwb7DBXOaws5gfHZaGipsm7Jc3EoVxKqsvpMJ0BVQJm85vY2yHZ7EzJ8IpxGjz
gPxVXh21rOb7sNvTQRmQMnz7pMjJz5TOYPBVeSEGOxQsZP+Qn3W6CcvhruSGnPKXYEIPnhaZaek
fGk8WuHETNoMbrKI1iNIx0aJDrSs5gTDrIQUuWKHCArpxLDNHolQVXAPSeBorA631Qmq53tgZPI
LBxQ/qtpFNbGqsRYL3qIMsbHcp8H0=
X-Google-Smtp-Source: AGHT+IExdrN77FZoiaTJ6NIRHMcBFw5dspwamiL2QdGbyo0vSmjGZ+0l3/mPdQxJoEI4txPmXgsm9w==
X-Received: by 2002:a17:90b:2d85:b0:343:688e:3252 with SMTP id 98e67ed59e1d1-34733e77513mr4385832a91.12.1763751834717;
Fri, 21 Nov 2025 11:03:54 -0800 (PST)
Received: from DESKTOPMNUB0HV ([106.219.159.164])
by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7c3ed076eb3sm6804134b3a.1.2025.11.21.11.03.53
for
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Fri, 21 Nov 2025 11:03:54 -0800 (PST)
From: "Naina"
To:
Subject: Quote?
Date: Sat, 22 Nov 2025 00:33:31 +0530
Message-ID: <29a7701dc5b19$94b37090$be1a51b0$@com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_29A78_01DC5B47.AE6BAC90"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Adxa7JK99Eu8JNE1SEuhnD/pTj/Dqw==
Content-Language: en-in
X-Spam_score: 8.7
X-Spam_score_int: 87
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi sales@nk.ca, I was checking your website www.nk.ca and
see you have a good design, and it looks great, but it's not ranking on Google
and other major search engines. Do you want more targeted visitors on your
webs [...]
Content analysis details: (8.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[106.219.159.164 listed in dnsbl.ahbl.org]
[106.219.159.164 listed in dnsbl.ahbl.org]
[106.219.159.164 listed in dnsbl.ahbl.org]
[106.219.159.164 listed in dnsbl.ahbl.org]
[209.85.216.65 listed in dnsbl.ahbl.org]
[209.85.216.65 listed in dnsbl.ahbl.org]
[209.85.216.65 listed in dnsbl.ahbl.org]
[209.85.216.65 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[106.219.159.164 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[106.219.159.164 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[106.219.159.164 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[106.219.159.164 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Listed by XBL, see]
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[106.219.159.164 listed in sbl-xbl.spamhaus.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.216.65 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.216.65 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.0 NO_RDNS2 Sending MTA has no reverse DNS
Subject: {SPAM?} Quote?
This is a multi-part message in MIME format.
------=_NextPart_000_29A78_01DC5B47.AE6BAC90
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hi sales@nk.ca,
I was checking your website www.nk.ca and see you have a good design, and it
looks great, but it's not ranking on Google and other major search engines.
Do you want more targeted visitors on your website?
We can place your website on Google 1st page. Yahoo, Facebook, LinkedIn,
YouTube, Instagram, Pinterest etc.).
May I send you a quote, SEO Packages? If interested.
Thanks & Regards
Naina
------=_NextPart_000_29A78_01DC5B47.AE6BAC90
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
(filtered medium)">
class=3DWordSection1>
style=3D'margin-bottom:0cm;margin-bottom:.0001pt;line-height:normal'>
n style=3D'font-family:"Cambria","serif"'>Hi sales@nk.ca,
I was =
checking your website
style=3D'font-family:"Cambria","serif"'>www.nk.ca
style=3D'font-family:"Cambria","serif"'> and see you have a good design, =
and it looks great, but it’s not ranking on Google and other major =
search engines. Do you want more targeted visitors on your =
website?
We can place your website on Google 1st page. =
Yahoo, Facebook, LinkedIn, YouTube, Instagram, Pinterest =
etc.).
May I send you a quote, SEO Packages? If =
interested.
Thanks & =
Regards
Naina
Envelope-to: daave@doctor.nl2k.ab.ca
Delivery-date: Fri, 21 Nov 2025 12:06:00 -0700
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from
id 1vMWS8-0000000063x-1zfc
for daave@doctor.nl2k.ab.ca;
Fri, 21 Nov 2025 12:05:52 -0700
Resent-From: The Doctor
Resent-Date: Fri, 21 Nov 2025 12:05:52 -0700
Resent-Message-ID:
Resent-To: daave@doctor.nl2k.ab.ca
Received: from mail-pj1-f65.google.com ([209.85.216.65]:47266)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.98.2 (FreeBSD))
(envelope-from
id 1vMWR5-000000005KG-31eS
for sales@nk.ca;
Fri, 21 Nov 2025 12:04:57 -0700
Received: by mail-pj1-f65.google.com with SMTP id 98e67ed59e1d1-3437af8444cso2491992a91.2
for
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=appwebzone-com.20230601.gappssmtp.com; s=20230601; t=1763751835; x=1764356635; darn=nk.ca;
h=content-language:thread-index:mime-version:message-id:date:subject
:to:from:from:to:cc:subject:date:message-id:reply-to;
bh=4fMbgCZPmFCU66qVR5NpFCCVSUoRk70uxg7VPOnrMgk=;
b=TQxHlXgsvX0wLhaWY6vL0q5DXG48qO+HMH0XeQuXUVD0LOrPiZJWbcji3df4Gt4geh
ugKTHfOrt6YSwWU2Mb81s8PgDYxyBckW/42MBV7R+tgwNZsC3I2+oTfckTSikAZO65h9
IiF2r8OPox83Pqrzzn20fMwNobC9KkvZKjFbXjbUQt8lx7v61XHAdsJTBe3XQNU3YpvG
+RvRXMvAA3+/dTMLbSzcQNPx/sIEpcP/4Hfy/lXcvRG8AfK/V7wb+tZnMI717wS/ePDY
ThKevtbffH/NM+f+0dh5HujqvywKYzg1i4teo6KthS4AVDCjLpszfxzKRrelN0ciznxv
d7DA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1763751835; x=1764356635;
h=content-language:thread-index:mime-version:message-id:date:subject
:to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date
:message-id:reply-to;
bh=4fMbgCZPmFCU66qVR5NpFCCVSUoRk70uxg7VPOnrMgk=;
b=knRo9GONw0YbhOCVsWujN8hI/KGLyAhEHNRx6Sa+/i+6Tskc7yuyDVG7/g6/SE/CFW
SyjA1nCGKcupFUMv9kPXQko3sWqHBUWOkpW3RhxVyGq+JSMcScVQEKteFgjzRwj7enhC
XrWxWpgHO89RYJQ7IbDsPXZH3Xcs+19q3rg2/H83oCQ5VT6WUOC7P7+8qjgGsReavepg
8OxOleCSogT86XlUS9uyOreTTu6IO2Q0cpAFIdEwo2++d9T9Y+PluD0wBDWcOWOyvz1k
NpkNH4c2D6HHwSulzSQ2HnrRly5bc4GvOszR9MUmhkJA3xaszyRKZi3DX7dQ9wAbNPW0
EmLQ==
X-Gm-Message-State: AOJu0Yz1f0/sa77lKtGSTQ6ovKdiG8laGUTahMa+3nSldxyh5LJOdNGC
jkJwHyrJYjDeSvS/T722couuVuv9dc/lUhzL+EVEOtL2KAdaZ4nuQ7TpqYuKIbeyM8CRJFF2vOx
AdoX0s/8=
X-Gm-Gg: ASbGnctev1G6yxb7xsPEa5aUopiFkzWZEuOtl2/5yv0IvHTY4zGQO12RoCpHFj0Z25t
xP1ibux4+TyvDZRYDurj+stbqXgd5g3cPt7x6tlIAitPOwpm9YUPn41IAZdPd17PKaHGJa2EnO7
T/YMqVRTe+x/Ym1jD3WNayOzYGBmk+k5JRqhzXnFa/NLTKaYNy2M5zmzoTPAGihZ+8neyPcbnVj
nnaXNz1K5VokLDwb7DBXOaws5gfHZaGipsm7Jc3EoVxKqsvpMJ0BVQJm85vY2yHZ7EzJ8IpxGjz
gPxVXh21rOb7sNvTQRmQMnz7pMjJz5TOYPBVeSEGOxQsZP+Qn3W6CcvhruSGnPKXYEIPnhaZaek
fGk8WuHETNoMbrKI1iNIx0aJDrSs5gTDrIQUuWKHCArpxLDNHolQVXAPSeBorA631Qmq53tgZPI
LBxQ/qtpFNbGqsRYL3qIMsbHcp8H0=
X-Google-Smtp-Source: AGHT+IExdrN77FZoiaTJ6NIRHMcBFw5dspwamiL2QdGbyo0vSmjGZ+0l3/mPdQxJoEI4txPmXgsm9w==
X-Received: by 2002:a17:90b:2d85:b0:343:688e:3252 with SMTP id 98e67ed59e1d1-34733e77513mr4385832a91.12.1763751834717;
Fri, 21 Nov 2025 11:03:54 -0800 (PST)
Received: from DESKTOPMNUB0HV ([106.219.159.164])
by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7c3ed076eb3sm6804134b3a.1.2025.11.21.11.03.53
for
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Fri, 21 Nov 2025 11:03:54 -0800 (PST)
From: "Naina"
To:
Subject: Quote?
Date: Sat, 22 Nov 2025 00:33:31 +0530
Message-ID: <29a7701dc5b19$94b37090$be1a51b0$@com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_29A78_01DC5B47.AE6BAC90"
X-Mailer: Microsoft Office Outlook 12.0
Thread-Index: Adxa7JK99Eu8JNE1SEuhnD/pTj/Dqw==
Content-Language: en-in
X-Spam_score: 8.7
X-Spam_score_int: 87
X-Spam_bar: ++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Hi sales@nk.ca, I was checking your website www.nk.ca and
see you have a good design, and it looks great, but it's not ranking on Google
and other major search engines. Do you want more targeted visitors on your
webs [...]
Content analysis details: (8.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[106.219.159.164 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
[209.85.216.65 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[106.219.159.164 listed in dnsbl.ahbl.org]
[106.219.159.164 listed in dnsbl.ahbl.org]
[106.219.159.164 listed in dnsbl.ahbl.org]
[106.219.159.164 listed in dnsbl.ahbl.org]
[209.85.216.65 listed in dnsbl.ahbl.org]
[209.85.216.65 listed in dnsbl.ahbl.org]
[209.85.216.65 listed in dnsbl.ahbl.org]
[209.85.216.65 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[106.219.159.164 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[106.219.159.164 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[106.219.159.164 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[106.219.159.164 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org
[Listed by XBL, see
1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL
[106.219.159.164 listed in sbl-xbl.spamhaus.org]
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[209.85.216.65 listed in list.dnswl.org]
-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)
[209.85.216.65 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.0 NO_RDNS2 Sending MTA has no reverse DNS
Subject: {SPAM?} Quote?
This is a multi-part message in MIME format.
------=_NextPart_000_29A78_01DC5B47.AE6BAC90
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hi sales@nk.ca,
I was checking your website www.nk.ca and see you have a good design, and it
looks great, but it's not ranking on Google and other major search engines.
Do you want more targeted visitors on your website?
We can place your website on Google 1st page. Yahoo, Facebook, LinkedIn,
YouTube, Instagram, Pinterest etc.).
May I send you a quote, SEO Packages? If interested.
Thanks & Regards
Naina
------=_NextPart_000_29A78_01DC5B47.AE6BAC90
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
xmlns:w=3D"urn:schemas-microsoft-com:office:word" =
xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =
xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =
charset=3Dus-ascii">
(filtered medium)">
class=3DWordSection1>
style=3D'margin-bottom:0cm;margin-bottom:.0001pt;line-height:normal'>
n style=3D'font-family:"Cambria","serif"'>Hi sales@nk.ca,
I was =
checking your website
style=3D'font-family:"Cambria","serif"'>www.nk.ca
style=3D'font-family:"Cambria","serif"'> and see you have a good design, =
and it looks great, but it’s not ranking on Google and other major =
search engines. Do you want more targeted visitors on your =
website?
We can place your website on Google 1st page. =
Yahoo, Facebook, LinkedIn, YouTube, Instagram, Pinterest =
etc.).
May I send you a quote, SEO Packages? If =
interested.
Thanks & =
Regards
Naina
------=_NextPart_000_29A78_01DC5B47.AE6BAC90--