Nexcess Phish Part 2
Posted by Dave Yadallee on------=_NextPart_000_7695_5E87E50C.E1ECABF9
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Notice Ref: ADMIN-BILL-77291
Mandatory Update of Account Billing Information
Dear sales@nk.ca,
During a recent administrative audit of your Nexcess Services account, our =
system identified that your current billing credentials are either incomple=
te or have expired.
Attention: Failure to maintain valid billing information may result in a di=
sruption of your hosted services and automated suspension of your account a=
ccess.
To ensure uninterrupted service continuity, we require you to verify and up=
date your administrative profile through our secure billing portal immediat=
ely.
Access Billing Management Panel
For further assistance regarding this compliance requirement, please contac=
t our billing department directly at support@Nexcess.net.
Best Regards,
Billing Administration Department
Nexcess Services
This is a system-generated administrative notification. Please do not reply=
directly to this email.
=C2=A9 2026 Nexcess Services. All Rights Reserved.=20=
------=_NextPart_000_7695_5E87E50C.E1ECABF9
Content-Type: text/html;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
acing=3D0 cols=3D1 cellPadding=3D0 width=3D"100%" align=3Dleft border=3D0><=
tbody>
lPadding=3D0 width=3D"100%" align=3Dleft border=3D0>
ss" src=3D"https://sm.pcmag.com/pcmag_me/review/n/nexcess-we/nexcess-web-ho=
sting_x5sc.jpg">=20
Notice Ref: ADMIN-BILL-77291
Mandatory Up=
date of=20
Account Billing Information
Dear sales@nk.ca,
During a recent administrative audit of your Nexcess=20
Services account, our system identified that your current billing=
=20
credentials are either incomplete or have expired.
Attention: Failure to maintain va=
lid=20
billing information may result in a disruption of your hosted services and=
=20
automated suspension of your account access.
lid=20
billing information may result in a disruption of your hosted services and=
=20
automated suspension of your account access.
To ensure uninterrupted service continuity, we require =
you=20
to verify and update your administrative profile through our secure billing=
=20
portal immediately.
For further assistance regar=
ding=20
this compliance requirement, please contact our billing department directly=
at=20
support@Nexcess.net.
0px; BORDER-LEFT: 0px; MARGIN: 25px 0px">
Best Regards,
Billing=20
Administration Department
Nexcess Services
------=_NextPart_000_7695_5E87E50C.E1ECABF9--
Nexcess Phish Part 1
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:56:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNLIQ-000000004Kv-2bDR
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:55:30 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:55:30 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from smtp2-2213.emaillabs.net.pl ([185.243.31.188]:35606)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNKWp-00000000GXJ-2klb
for sales@nk.ca;
Wed, 13 May 2026 19:06:29 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=newsletter.noreplaysender.xyz; s=default; t=1778720725;
bh=bGrCBiVjpnHKJpJVEFwX4SxWgtJJnNKYtvvqxxghY14=;
h=From:To:Subject:Date:Feedback-ID;
b=KVmLepF7ODFOQOUkSLQXzz13vKY88twYfbsJZ6KKbt4BEeUrcSgpOY/lyc6rx/9Ur
BqrBAVWAZWdtC82r7FUo4/Mf4t7GrOeaPs2rnOtfjxe6tFth5HHEBIHsMu2Jv8r1kE
0BHdVxoH857NH9iACb2zmYTHEzBMDorfD3y8Hi8Jcn0a00JX43xVnIypQTijp3v6PC
a9n6FST1fGMfcEQLcod26z0GLb3K70G5DxvQZos41FLOL1UcmEgoYCCcmg5/rHeZlJ
fJYYy2j+zD1X8AIGlV28ZtLgRkhQaPY5PeusNpwvU9krFtWshT1kNJnydT4Nfu7Hyu
WF5BkW4qblcLw==
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Reply-To: "Nexcess"
Message-ID:
X-Priority: 1 (Highest)
From: "Nexcess"
To: sales@nk.ca
Subject: Urgent: Account Administrative Action Required
Date: Wed, 13 May 2026 21:05:00 -0400
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_7695_5E87E50C.E1ECABF9"
Feedback-ID: :click.newsletter.noreplaysender.xyz:1.nexuscrafttrading.smtp:default
X-Sid: info@newsletter.noreplaysender.xyz
X-Return-Path:
X-Spam_score: 11.9
X-Spam_score_int: 119
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Notice Ref: ADMIN-BILL-77291 Mandatory Update of Account
Billing Information Dear sales@nk.ca, During a recent administrative audit
of your Nexcess Services account, our system identified that your cu [...]
Content analysis details: (11.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[185.243.31.188 listed in dnsbl.ahbl.org]
[185.243.31.188 listed in dnsbl.ahbl.org]
[185.243.31.188 listed in dnsbl.ahbl.org]
[185.243.31.188 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[185.243.31.188 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[185.243.31.188 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[185.243.31.188 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[185.243.31.188 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
-0.0 SPF_PASS SPF: sender matches SPF record
0.7 FROM_FMBLA_NEWDOM From domain was registered in last 7 days
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[185.243.31.188 listed in bl.score.senderscore.com]
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: newsletter.noreplaysender.xyz]
[(xyz)]
1.5 DEAR_EMAIL BODY: Message contains Dear email address
0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
1.0 XPRIO Has X-Priority header
1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
Subject: {SPAM?} Urgent: Account Administrative Action Required
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:56:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNLIQ-000000004Kv-2bDR
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:55:30 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:55:30 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from smtp2-2213.emaillabs.net.pl ([185.243.31.188]:35606)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNKWp-00000000GXJ-2klb
for sales@nk.ca;
Wed, 13 May 2026 19:06:29 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=newsletter.noreplaysender.xyz; s=default; t=1778720725;
bh=bGrCBiVjpnHKJpJVEFwX4SxWgtJJnNKYtvvqxxghY14=;
h=From:To:Subject:Date:Feedback-ID;
b=KVmLepF7ODFOQOUkSLQXzz13vKY88twYfbsJZ6KKbt4BEeUrcSgpOY/lyc6rx/9Ur
BqrBAVWAZWdtC82r7FUo4/Mf4t7GrOeaPs2rnOtfjxe6tFth5HHEBIHsMu2Jv8r1kE
0BHdVxoH857NH9iACb2zmYTHEzBMDorfD3y8Hi8Jcn0a00JX43xVnIypQTijp3v6PC
a9n6FST1fGMfcEQLcod26z0GLb3K70G5DxvQZos41FLOL1UcmEgoYCCcmg5/rHeZlJ
fJYYy2j+zD1X8AIGlV28ZtLgRkhQaPY5PeusNpwvU9krFtWshT1kNJnydT4Nfu7Hyu
WF5BkW4qblcLw==
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 14.0
Reply-To: "Nexcess"
Message-ID:
X-Priority: 1 (Highest)
From: "Nexcess"
To: sales@nk.ca
Subject: Urgent: Account Administrative Action Required
Date: Wed, 13 May 2026 21:05:00 -0400
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_7695_5E87E50C.E1ECABF9"
Feedback-ID: :click.newsletter.noreplaysender.xyz:1.nexuscrafttrading.smtp:default
X-Sid: info@newsletter.noreplaysender.xyz
X-Return-Path:
X-Spam_score: 11.9
X-Spam_score_int: 119
X-Spam_bar: +++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Notice Ref: ADMIN-BILL-77291 Mandatory Update of Account
Billing Information Dear sales@nk.ca, During a recent administrative audit
of your Nexcess Services account, our system identified that your cu [...]
Content analysis details: (11.9 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[185.243.31.188 listed in dnsbl.ahbl.org]
[185.243.31.188 listed in dnsbl.ahbl.org]
[185.243.31.188 listed in dnsbl.ahbl.org]
[185.243.31.188 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[185.243.31.188 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[185.243.31.188 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[185.243.31.188 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[185.243.31.188 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
[185.243.31.188 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
-0.0 SPF_PASS SPF: sender matches SPF record
0.7 FROM_FMBLA_NEWDOM From domain was registered in last 7 days
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[185.243.31.188 listed in bl.score.senderscore.com]
2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs
[URI: newsletter.noreplaysender.xyz]
[(xyz)]
1.5 DEAR_EMAIL BODY: Message contains Dear email address
0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
0.5 FROM_SUSPICIOUS_NTLD From abused NTLD
2.0 FROM_SUSPICIOUS_NTLD_FP From abused NTLD
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
1.0 XPRIO Has X-Priority header
1.4 DOS_OUTLOOK_TO_MX Delivered direct to MX with Outlook headers
Subject: {SPAM?} Urgent: Account Administrative Action Required
Follow up spam from Google Gmail
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:56:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNLI2-000000003no-3wz0
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:55:06 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:55:06 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ej1-f65.google.com ([209.85.218.65]:50660)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNIZ0-000000007Ct-1fdc
for root@nk.ca;
Wed, 13 May 2026 17:00:35 -0600
Received: by mail-ej1-f65.google.com with SMTP id a640c23a62f3a-bcb5370bb0dso1076404966b.1
for; Wed, 13 May 2026 15:59:38 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1778713171; cv=none;
d=google.com; s=arc-20240605;
b=b82SU/UmttVfeG9wkLxFVb5rn348LU6KvlcKNpt1negB5Kv0lPM8/iapmfoZY2ckvj
/4GX0g7KZZeYpRNsTn1c2gVBhpxhESU5UX2f1QvqQcj1Wg9snBhfBep7EniDEpDPDwLO
vbw0AKwD0iyS4HZ5civSGwaKwAQrpMaLHdFCeBPmnuMXT1hZ4XFgBYiHckLBP/aPiMov
goJfTFK+URCzRs+1irNV4V0RbRqZdMBBM5xsLi9kvcmt/JmVwM5AesM8PCM/Xm+3vNYv
jGRCjB8HoWVksgP+M3hQCX780a8jMMb28QJEUhpFV9r8qMu8heHOKjRKMQdZQ8kStrr1
Ajlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=to:subject:message-id:date:from:mime-version:dkim-signature;
bh=IeyKm+J5Zin1MRG7E74zjOvTTyuq+EJ0fBPrB7qPr5g=;
fh=okLrRxdcQ5S5mQ3G3iQaC7KbaU25FN62J8W+dLvpK/A=;
b=RIkg3OEYAT6SLpLq8nNlT4fnxeoFF5uClrVVohPRYMUyhAGCZ2uesm1ayV5Mh/xT7X
74JLGUeBOp8eZrxcr1GORnnFV36/UOarayH4FW06vT99Luo+EuSa6qpCD5wMbtjFzwDb
FC3o3EgOGVkfAP+vyQSkgrdxP2Dxtt64ehyUHNyuj/f6BdFRH+jHmgJ1rmvyyQlF5Sxp
aDqBbh6U9fAZQazvqAUKULRE8KI/+Jc4BzysyP6W96cldiyxltmcbgn93zem+JJrycJ4
OSmcRA/dtmUNpmOGJq9syaEGW/KCsBcYbvkTRE8MPz7FS/P0QpJdmMQlJkpMMh54GQrO
9B6g==;
darn=nk.ca
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20251104; t=1778713171; x=1779317971; darn=nk.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=IeyKm+J5Zin1MRG7E74zjOvTTyuq+EJ0fBPrB7qPr5g=;
b=qzt06iPq4ODeBl9dJk3+YVhlEVxPxTEulXnZykbrWPtjoLZ2HfaLfVxHAPVj+13v7B
uabh4U0GrEhYsj7hYKJhrjpGUqkKocTphf0+6Wy+5zbCp5Kj7hic5vLgc9gJSpYaaL83
2QTs4ocqcU1d5jaxaHvFOLgZTkAHHwlpCZk5pMYMzVeCYWoqQArttTNr/uvRob9aZRzS
8CwEB2hgIqM4Mh4KqCVnfWus/MXkATdTlixB2iXMf03Xn7f4FHJzZJWkODNUlFMaoPtk
jLIdmvzTnShvH/qNdtnpBm1yCiolp7FUgNhId8fzfGoRoSqYrw950BOzikWN7X0Xf6KA
Y+UA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20251104; t=1778713171; x=1779317971;
h=to:subject:message-id:date:from:mime-version:x-gm-gg
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=IeyKm+J5Zin1MRG7E74zjOvTTyuq+EJ0fBPrB7qPr5g=;
b=gq8GXbmdmW0OvHsasJ33NpX5fT7KJ+nHV7ML28nR5+Sf3WoCD8pDV7dMsGv89NUNc+
aLL54AAbCySeEG3aOJYaIWlvTPybSrkMdf5EWmSKu7cwAA3jRPX05Q5KoEdke3ay9XwG
zYyJ8n/pgAIkC5aqIgykowBAGbZMxncmfga01aSy8XRw2jRZ7FyyU8aGB0S1PfsXRDrE
if5HZWzbAPkS+DSeVL4QTuEZCBgIpsHcK5S5EQQTTK1EfXgYzOvlKLdWoBZHP/qkhP44
P2QczK6/LDfQyn+y1BIiQbGf+dMvG7Z5sLEl2/cfQPEqJH6YFEK3AV7BpFUi8QCYWmFk
rR2g==
X-Forwarded-Encrypted: i=1; AFNElJ9wqneOd3s/edYgJ6Ebn8WsRk3/vllJBCr0x/skKf08Ed3mNdA9df5Q40/1dO8gitJ3daAD@nk.ca
X-Gm-Message-State: AOJu0YzupOlQBCCAvdA4FhyG0za8Y+8QMbnnJ1F/88F57xgj79VZHKAX
J9fptdGzLoVm91G+2E85yBAV00EsZce4scWtDK1+SSwp8xFSO8QadVQkvqDQhP84d2+F4JFNTvj
WjprVIbzXBPqDPbK3z/mC2BvFjKUDDYY=
X-Gm-Gg: Acq92OHA5cuauQmyGL+YYIMD7VRzfNWCn4y1GTLhXifHuNL4Ks2Ow96UqLriU6BY31U
1anmMfH674wgFOZ3DEz/JoibCP+L6mQk23mxfvPOGCmMeHVjyouS7NBT3+RC1yybi/FLro0/ejK
e78yA8WgLFmqaEHj1HIVKvFgbunNX5rCKvePCoO1gRChYoW0pVHQe1lCcEPYCuxCtkCvw4h4QJR
nRL4MB6FUTeMeEnkzdfjaXCnFug/YsO2KFuDaMsgq2oah8wuXjZxCiPAvSv2UF1RdNp9dbr7lHT
yCRPf8b+ZOyCIJPNKwpNeMM2
X-Received: by 2002:a17:907:7f8b:b0:bc4:c901:20fc with SMTP id
a640c23a62f3a-bd3c1400c9emr357009566b.30.1778713171556; Wed, 13 May 2026
15:59:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a17:906:af48:b0:bc2:a455:439 with HTTP; Wed, 13 May 2026
15:59:30 -0700 (PDT)
From: Jessica Jessica
Date: Wed, 13 May 2026 15:59:30 -0700
X-Gm-Features: AVHnY4K70BRIU3AhRrUjnO5dqHkKmVJDAMu82rLsFOh6ZEPHFk2m6kEo7l6sG4Y
Message-ID:
Subject: hello
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000bf7f030651baeea4"
Bcc: root@nk.ca
--000000000000bf7f030651baeea4
Content-Type: text/plain; charset="UTF-8"
Good day,
I didn't get your response from my previous
email. Kindly get back to me as soon as
possible.
Thank you.
jessica
--000000000000bf7f030651baeea4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Good day,
I didn't get your response from my previous
email. Kind=
ly get back to me as soon as
possible.
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:56:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNLI2-000000003no-3wz0
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:55:06 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:55:06 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-ej1-f65.google.com ([209.85.218.65]:50660)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNIZ0-000000007Ct-1fdc
for root@nk.ca;
Wed, 13 May 2026 17:00:35 -0600
Received: by mail-ej1-f65.google.com with SMTP id a640c23a62f3a-bcb5370bb0dso1076404966b.1
for
ARC-Seal: i=1; a=rsa-sha256; t=1778713171; cv=none;
d=google.com; s=arc-20240605;
b=b82SU/UmttVfeG9wkLxFVb5rn348LU6KvlcKNpt1negB5Kv0lPM8/iapmfoZY2ckvj
/4GX0g7KZZeYpRNsTn1c2gVBhpxhESU5UX2f1QvqQcj1Wg9snBhfBep7EniDEpDPDwLO
vbw0AKwD0iyS4HZ5civSGwaKwAQrpMaLHdFCeBPmnuMXT1hZ4XFgBYiHckLBP/aPiMov
goJfTFK+URCzRs+1irNV4V0RbRqZdMBBM5xsLi9kvcmt/JmVwM5AesM8PCM/Xm+3vNYv
jGRCjB8HoWVksgP+M3hQCX780a8jMMb28QJEUhpFV9r8qMu8heHOKjRKMQdZQ8kStrr1
Ajlg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;
h=to:subject:message-id:date:from:mime-version:dkim-signature;
bh=IeyKm+J5Zin1MRG7E74zjOvTTyuq+EJ0fBPrB7qPr5g=;
fh=okLrRxdcQ5S5mQ3G3iQaC7KbaU25FN62J8W+dLvpK/A=;
b=RIkg3OEYAT6SLpLq8nNlT4fnxeoFF5uClrVVohPRYMUyhAGCZ2uesm1ayV5Mh/xT7X
74JLGUeBOp8eZrxcr1GORnnFV36/UOarayH4FW06vT99Luo+EuSa6qpCD5wMbtjFzwDb
FC3o3EgOGVkfAP+vyQSkgrdxP2Dxtt64ehyUHNyuj/f6BdFRH+jHmgJ1rmvyyQlF5Sxp
aDqBbh6U9fAZQazvqAUKULRE8KI/+Jc4BzysyP6W96cldiyxltmcbgn93zem+JJrycJ4
OSmcRA/dtmUNpmOGJq9syaEGW/KCsBcYbvkTRE8MPz7FS/P0QpJdmMQlJkpMMh54GQrO
9B6g==;
darn=nk.ca
ARC-Authentication-Results: i=1; mx.google.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20251104; t=1778713171; x=1779317971; darn=nk.ca;
h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
:date:message-id:reply-to;
bh=IeyKm+J5Zin1MRG7E74zjOvTTyuq+EJ0fBPrB7qPr5g=;
b=qzt06iPq4ODeBl9dJk3+YVhlEVxPxTEulXnZykbrWPtjoLZ2HfaLfVxHAPVj+13v7B
uabh4U0GrEhYsj7hYKJhrjpGUqkKocTphf0+6Wy+5zbCp5Kj7hic5vLgc9gJSpYaaL83
2QTs4ocqcU1d5jaxaHvFOLgZTkAHHwlpCZk5pMYMzVeCYWoqQArttTNr/uvRob9aZRzS
8CwEB2hgIqM4Mh4KqCVnfWus/MXkATdTlixB2iXMf03Xn7f4FHJzZJWkODNUlFMaoPtk
jLIdmvzTnShvH/qNdtnpBm1yCiolp7FUgNhId8fzfGoRoSqYrw950BOzikWN7X0Xf6KA
Y+UA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20251104; t=1778713171; x=1779317971;
h=to:subject:message-id:date:from:mime-version:x-gm-gg
:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;
bh=IeyKm+J5Zin1MRG7E74zjOvTTyuq+EJ0fBPrB7qPr5g=;
b=gq8GXbmdmW0OvHsasJ33NpX5fT7KJ+nHV7ML28nR5+Sf3WoCD8pDV7dMsGv89NUNc+
aLL54AAbCySeEG3aOJYaIWlvTPybSrkMdf5EWmSKu7cwAA3jRPX05Q5KoEdke3ay9XwG
zYyJ8n/pgAIkC5aqIgykowBAGbZMxncmfga01aSy8XRw2jRZ7FyyU8aGB0S1PfsXRDrE
if5HZWzbAPkS+DSeVL4QTuEZCBgIpsHcK5S5EQQTTK1EfXgYzOvlKLdWoBZHP/qkhP44
P2QczK6/LDfQyn+y1BIiQbGf+dMvG7Z5sLEl2/cfQPEqJH6YFEK3AV7BpFUi8QCYWmFk
rR2g==
X-Forwarded-Encrypted: i=1; AFNElJ9wqneOd3s/edYgJ6Ebn8WsRk3/vllJBCr0x/skKf08Ed3mNdA9df5Q40/1dO8gitJ3daAD@nk.ca
X-Gm-Message-State: AOJu0YzupOlQBCCAvdA4FhyG0za8Y+8QMbnnJ1F/88F57xgj79VZHKAX
J9fptdGzLoVm91G+2E85yBAV00EsZce4scWtDK1+SSwp8xFSO8QadVQkvqDQhP84d2+F4JFNTvj
WjprVIbzXBPqDPbK3z/mC2BvFjKUDDYY=
X-Gm-Gg: Acq92OHA5cuauQmyGL+YYIMD7VRzfNWCn4y1GTLhXifHuNL4Ks2Ow96UqLriU6BY31U
1anmMfH674wgFOZ3DEz/JoibCP+L6mQk23mxfvPOGCmMeHVjyouS7NBT3+RC1yybi/FLro0/ejK
e78yA8WgLFmqaEHj1HIVKvFgbunNX5rCKvePCoO1gRChYoW0pVHQe1lCcEPYCuxCtkCvw4h4QJR
nRL4MB6FUTeMeEnkzdfjaXCnFug/YsO2KFuDaMsgq2oah8wuXjZxCiPAvSv2UF1RdNp9dbr7lHT
yCRPf8b+ZOyCIJPNKwpNeMM2
X-Received: by 2002:a17:907:7f8b:b0:bc4:c901:20fc with SMTP id
a640c23a62f3a-bd3c1400c9emr357009566b.30.1778713171556; Wed, 13 May 2026
15:59:31 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a17:906:af48:b0:bc2:a455:439 with HTTP; Wed, 13 May 2026
15:59:30 -0700 (PDT)
From: Jessica Jessica
Date: Wed, 13 May 2026 15:59:30 -0700
X-Gm-Features: AVHnY4K70BRIU3AhRrUjnO5dqHkKmVJDAMu82rLsFOh6ZEPHFk2m6kEo7l6sG4Y
Message-ID:
Subject: hello
To: undisclosed-recipients:;
Content-Type: multipart/alternative; boundary="000000000000bf7f030651baeea4"
Bcc: root@nk.ca
--000000000000bf7f030651baeea4
Content-Type: text/plain; charset="UTF-8"
Good day,
I didn't get your response from my previous
email. Kindly get back to me as soon as
possible.
Thank you.
jessica
--000000000000bf7f030651baeea4
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Good day,
I didn't get your response from my previous
email. Kind=
ly get back to me as soon as
possible.
Thank you.=C2=A0
>
--000000000000bf7f030651baeea4--
>
jessica=C2=A0
--000000000000bf7f030651baeea4--
Invoice Phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:55:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNLH6-000000002hU-0cph
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:54:08 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:54:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([]:64912)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNHfK-000000002Py-0Mk1
for games@nl2k.ab.ca;
Wed, 13 May 2026 16:03:02 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: games@nl2k.ab.ca
Subject: lnvoice
Date: 13 May 2026 22:02:05 +0000
Message-ID: <20260513220205.1258A40049E294EA@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
74.208.96.234
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : games@nl2k.ab.ca Thanks,
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.5 ONE_WORD_SUBJECT Subject with only one lower-case word
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : games@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:55:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNLH6-000000002hU-0cph
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:54:08 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:54:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([]:64912)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNHfK-000000002Py-0Mk1
for games@nl2k.ab.ca;
Wed, 13 May 2026 16:03:02 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: games@nl2k.ab.ca
Subject: lnvoice
Date: 13 May 2026 22:02:05 +0000
Message-ID: <20260513220205.1258A40049E294EA@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
74.208.96.234
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : games@nl2k.ab.ca Thanks,
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.5 ONE_WORD_SUBJECT Subject with only one lower-case word
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : games@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
Invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:55:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNLHC-000000002jp-3zEl
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:54:14 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:54:14 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:60480)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNI3q-000000004D6-3F7s
for doctor@mail.nl2k.ab.ca;
Wed, 13 May 2026 16:28:23 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: doctor@mail.nl2k.ab.ca
Subject: Re: lnvoice
Date: 13 May 2026 22:27:26 +0000
Message-ID: <20260513222726.0F42FDC0E24CFBDA@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.1
X-Spam_score_int: 71
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : doctor@mail.nl2k.ab.ca Thanks,
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[74.208.96.234 listed in bb.barracudacentral.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : doctor@mail.nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:55:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNLHC-000000002jp-3zEl
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:54:14 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:54:14 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:60480)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNI3q-000000004D6-3F7s
for doctor@mail.nl2k.ab.ca;
Wed, 13 May 2026 16:28:23 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: doctor@mail.nl2k.ab.ca
Subject: Re: lnvoice
Date: 13 May 2026 22:27:26 +0000
Message-ID: <20260513222726.0F42FDC0E24CFBDA@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.1
X-Spam_score_int: 71
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : doctor@mail.nl2k.ab.ca Thanks,
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[74.208.96.234 listed in bb.barracudacentral.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : doctor@mail.nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
Invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:55:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNLH6-000000002hU-0cph
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:54:08 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:54:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:64912)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNHfK-000000002Py-0Mk1
for games@nl2k.ab.ca;
Wed, 13 May 2026 16:03:02 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: games@nl2k.ab.ca
Subject: lnvoice
Date: 13 May 2026 22:02:05 +0000
Message-ID: <20260513220205.1258A40049E294EA@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : games@nl2k.ab.ca Thanks,
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.5 ONE_WORD_SUBJECT Subject with only one lower-case word
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : games@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:55:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNLH6-000000002hU-0cph
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:54:08 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:54:08 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:64912)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNHfK-000000002Py-0Mk1
for games@nl2k.ab.ca;
Wed, 13 May 2026 16:03:02 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: games@nl2k.ab.ca
Subject: lnvoice
Date: 13 May 2026 22:02:05 +0000
Message-ID: <20260513220205.1258A40049E294EA@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : games@nl2k.ab.ca Thanks,
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.5 ONE_WORD_SUBJECT Subject with only one lower-case word
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : games@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:54:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNLGw-000000002dd-3OFb
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:53:58 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:53:58 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:64405)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNHSY-000000001Sd-0Sii
for doctor@nl2k.ab.ca;
Wed, 13 May 2026 15:49:50 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: doctor@nl2k.ab.ca
Subject: Invoice copy
Date: 13 May 2026 21:48:53 +0000
Message-ID: <20260513214852.F4AEA2EEC0C4E34E@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : doctor@nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.0 FROM_MISSP_SPF_FAIL No description available.
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} Invoice copy
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : doctor@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:54:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNLGw-000000002dd-3OFb
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:53:58 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:53:58 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:64405)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNHSY-000000001Sd-0Sii
for doctor@nl2k.ab.ca;
Wed, 13 May 2026 15:49:50 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: doctor@nl2k.ab.ca
Subject: Invoice copy
Date: 13 May 2026 21:48:53 +0000
Message-ID: <20260513214852.F4AEA2EEC0C4E34E@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : doctor@nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.0 FROM_MISSP_SPF_FAIL No description available.
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} Invoice copy
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : doctor@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
Invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:54:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNLGq-000000002bT-1PSN
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:53:52 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:53:52 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:53233)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNHCu-000000000Qb-0pxs
for support@nk.ca;
Wed, 13 May 2026 15:33:40 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: support@nk.ca
Subject: Re: lnvoice
Date: 13 May 2026 21:32:43 +0000
Message-ID: <20260513213243.848BD44D1B30DF1D@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : support@nk.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.0 FROM_MISSP_SPF_FAIL No description available.
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : support@nk.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:54:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNLGq-000000002bT-1PSN
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:53:52 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:53:52 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:53233)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNHCu-000000000Qb-0pxs
for support@nk.ca;
Wed, 13 May 2026 15:33:40 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: support@nk.ca
Subject: Re: lnvoice
Date: 13 May 2026 21:32:43 +0000
Message-ID: <20260513213243.848BD44D1B30DF1D@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : support@nk.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.0 FROM_MISSP_SPF_FAIL No description available.
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : support@nk.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
Invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:54:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNLGZ-000000001c5-49Zf
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:53:35 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:53:35 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:62843)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNGlx-000000002vW-0I1K
for doctor@netknow.ca;
Wed, 13 May 2026 15:05:49 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: doctor@netknow.ca
Subject: lnvoice
Date: 13 May 2026 21:04:52 +0000
Message-ID: <20260513210452.5D7D170B63BE0754@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : doctor@netknow.ca Thanks,
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.5 ONE_WORD_SUBJECT Subject with only one lower-case word
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : doctor@netknow.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:54:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNLGZ-000000001c5-49Zf
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:53:35 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:53:35 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:62843)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNGlx-000000002vW-0I1K
for doctor@netknow.ca;
Wed, 13 May 2026 15:05:49 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: doctor@netknow.ca
Subject: lnvoice
Date: 13 May 2026 21:04:52 +0000
Message-ID: <20260513210452.5D7D170B63BE0754@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : doctor@netknow.ca Thanks,
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.5 ONE_WORD_SUBJECT Subject with only one lower-case word
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : doctor@netknow.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
Invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:54:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNLGN-000000000sN-2v6g
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:53:23 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:53:23 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:55440)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNGjm-0000000022q-03oG
for root@nl2k.ab.ca;
Wed, 13 May 2026 15:03:34 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: root@nl2k.ab.ca
Subject: Re: lnvoice
Date: 13 May 2026 21:02:47 +0000
Message-ID: <20260513210247.C37CD2B45B171F52@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : root@nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 FROM_MISSPACED From: missing whitespace
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : root@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:54:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNLGN-000000000sN-2v6g
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:53:23 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:53:23 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:55440)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNGjm-0000000022q-03oG
for root@nl2k.ab.ca;
Wed, 13 May 2026 15:03:34 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: root@nl2k.ab.ca
Subject: Re: lnvoice
Date: 13 May 2026 21:02:47 +0000
Message-ID: <20260513210247.C37CD2B45B171F52@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : root@nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 FROM_MISSPACED From: missing whitespace
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : root@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
Invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:54:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNLGj-000000002GB-0Z7C
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:53:45 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:53:44 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:62843)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNGlx-000000002vW-0I1K
for doctor@netknow.ca;
Wed, 13 May 2026 15:05:49 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: doctor@netknow.ca
Subject: lnvoice
Date: 13 May 2026 21:04:52 +0000
Message-ID: <20260513210452.5D7D170B63BE0754@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : doctor@netknow.ca Thanks,
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.5 ONE_WORD_SUBJECT Subject with only one lower-case word
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : doctor@netknow.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 19:54:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNLGj-000000002GB-0Z7C
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 19:53:45 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 19:53:44 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:62843)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNGlx-000000002vW-0I1K
for doctor@netknow.ca;
Wed, 13 May 2026 15:05:49 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: doctor@netknow.ca
Subject: lnvoice
Date: 13 May 2026 21:04:52 +0000
Message-ID: <20260513210452.5D7D170B63BE0754@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 7.0
X-Spam_score_int: 70
X-Spam_bar: +++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : doctor@netknow.ca Thanks,
Content analysis details: (7.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
0.5 ONE_WORD_SUBJECT Subject with only one lower-case word
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : doctor@netknow.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
Invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 14:50:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNGW1-00000000JDh-1VXd
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 14:49:13 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 14:49:13 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:59370)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNGLJ-00000000Eyt-2tJf
for www@doctor.nl2k.ab.ca;
Wed, 13 May 2026 14:38:18 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: www@doctor.nl2k.ab.ca
Subject: Re: lnvoice
Date: 13 May 2026 20:37:22 +0000
Message-ID: <20260513203722.A58C92D06C7C8FC1@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : www@doctor.nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 FROM_MISSPACED From: missing whitespace
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : www@doctor.nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 14:50:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNGW1-00000000JDh-1VXd
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 14:49:13 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 14:49:13 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:59370)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNGLJ-00000000Eyt-2tJf
for www@doctor.nl2k.ab.ca;
Wed, 13 May 2026 14:38:18 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: www@doctor.nl2k.ab.ca
Subject: Re: lnvoice
Date: 13 May 2026 20:37:22 +0000
Message-ID: <20260513203722.A58C92D06C7C8FC1@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : www@doctor.nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 FROM_MISSPACED From: missing whitespace
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : www@doctor.nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 14:50:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNGW1-00000000JDh-1VXd
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 14:49:13 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 14:49:13 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:59370)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNGLJ-00000000Eyt-2tJf
for www@doctor.nl2k.ab.ca;
Wed, 13 May 2026 14:38:18 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: www@doctor.nl2k.ab.ca
Subject: Re: lnvoice
Date: 13 May 2026 20:37:22 +0000
Message-ID: <20260513203722.A58C92D06C7C8FC1@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : www@doctor.nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 FROM_MISSPACED From: missing whitespace
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : www@doctor.nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 14:50:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNGW1-00000000JDh-1VXd
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 14:49:13 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 14:49:13 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:59370)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNGLJ-00000000Eyt-2tJf
for www@doctor.nl2k.ab.ca;
Wed, 13 May 2026 14:38:18 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: www@doctor.nl2k.ab.ca
Subject: Re: lnvoice
Date: 13 May 2026 20:37:22 +0000
Message-ID: <20260513203722.A58C92D06C7C8FC1@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : www@doctor.nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 FROM_MISSPACED From: missing whitespace
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : www@doctor.nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 14:50:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNGVx-00000000JCK-1Gie
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 14:49:09 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 14:49:09 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:56593)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNGKb-00000000EwD-3YrG
for www@nl2k.ab.ca;
Wed, 13 May 2026 14:37:34 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: www@nl2k.ab.ca
Subject: Re: lnvoice
Date: 13 May 2026 20:36:38 +0000
Message-ID: <20260513203638.DAE1541E5FC482C1@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : www@nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : www@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 14:50:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNGVx-00000000JCK-1Gie
for dave@doctor.nl2k.ab.ca;
Wed, 13 May 2026 14:49:09 -0600
Resent-From: The Doctor
Resent-Date: Wed, 13 May 2026 14:49:09 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:56593)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNGKb-00000000EwD-3YrG
for www@nl2k.ab.ca;
Wed, 13 May 2026 14:37:34 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: www@nl2k.ab.ca
Subject: Re: lnvoice
Date: 13 May 2026 20:36:38 +0000
Message-ID: <20260513203638.DAE1541E5FC482C1@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : www@nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSPACED From: missing whitespace
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} Re: lnvoice
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : www@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
Invoice phish
Posted by Dave Yadallee on
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 14:26:00 -0600
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:64482)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from)
id 1wNG9P-00000000EFq-2gG1
for dave@nl2k.ab.ca;
Wed, 13 May 2026 14:26:00 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: dave@nl2k.ab.ca
Subject: Invoice copy
Date: 13 May 2026 20:25:15 +0000
Message-ID: <20260513202515.9851D5CB77481550@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : dave@nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |]
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} Invoice copy
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : dave@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701
X-Mozilla-Status2: 00000000
Return-path:
Envelope-to: dave@nl2k.ab.ca
Delivery-date: Wed, 13 May 2026 14:26:00 -0600
Received: from ip74-208-96-234.pbiaas.com ([74.208.96.234]:64482)
by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384
(Exim 4.99.3 (FreeBSD))
(envelope-from
id 1wNG9P-00000000EFq-2gG1
for dave@nl2k.ab.ca;
Wed, 13 May 2026 14:26:00 -0600
Reply-To: farranbarrow@studiomodernitta.com.br
From: "Farran Barrow"
To: dave@nl2k.ab.ca
Subject: Invoice copy
Date: 13 May 2026 20:25:15 +0000
Message-ID: <20260513202515.9851D5CB77481550@canva.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Spam_score: 6.5
X-Spam_score_int: 65
X-Spam_bar: ++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Please view the attached Invoice copy or request for the download
invoice link. Sent to : dave@nl2k.ab.ca Thanks,
Content analysis details: (6.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
[74.208.96.234 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[74.208.96.234 listed in dnsbl.ahbl.org]
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
[74.208.96.234 listed in will-spam-for-food.eu.org]
-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact
safe-sa@returnpath.net
[Excessive Number of Queries |
-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact
cert-sa@returnpath.net
[Excessive Number of Queries |
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[74.208.96.234 listed in bl.score.senderscore.com]
0.9 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Rejected by SPF record.]
0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in
headers
1.0 FROM_MISSP_SPF_FAIL No description available.
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
0.0 FROM_MISSPACED From: missing whitespace
0.7 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
1.7 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
0.3 FROM_MISSP_EH_MATCH From misspaced, matches envelope
Subject: {SPAM?} Invoice copy
Please view the attached Invoice copy or request for the download=20
invoice link.
Sent to : dave@nl2k.ab.ca
Thanks,
Farran Barrow
Gulf Coast Gasket Guy
8722 Rand Ave., Ste A
Daphne, AL 36526
877-626-0701