CRA PHish

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 29 Mar 2026 05:19:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6o9j-00000000IRs-1C3P

for dave@doctor.nl2k.ab.ca;

Sun, 29 Mar 2026 05:18:11 -0600

Resent-From: The Doctor

Resent-Date: Sun, 29 Mar 2026 05:18:11 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from smtp2-3261.email-labs.net ([147.78.234.25]:55128)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6k4r-000000006ul-3eps

for sales@nk.ca;

Sun, 29 Mar 2026 00:57:01 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ato.ink; s=default;

t=1774767327; bh=pGzJUCAXbfOH9TFj5laLMoEW/0IBSNwEa30UxB9d3Dg=;

h=From:To:Date:Subject:Feedback-ID;

b=QWvbyDUE4qIjVNibKqXg1Z3LKUC4So6PH3ffH4IgEOGdG/TBj2Jy2PLUIabCJi8zE

MSXCahMYOdLfS6CIdDy5JaD8FsSG80wtyyZOSuWxWZVIpmJUhehw2ExKZoJUTFjAmx

72y9vvmnnb+AYlpCSx0OiVws/jMcs05vMZB6duwp+PKv+y/MScItg6NUwbbchMNnuL

z8OTscCEKAnjOn6QfCvfGEyMd3hfTdzOMWyWh/teZ7UC/khN4t6cl/d0WgbXFRXuEz

31FBhx3g8thX83kJifsytmiVT+B0KVu/6qyp7UVllBOiPzMyQYckVDOaxaFU2l6Dwr

rUfOe3RCZqeqQ==

Authentication-Results: smtp-12; auth=none

MIME-Version: 1.0

From: "Canada Revenue Agency (CRA)"

To: sales@nk.ca

Date: 29 Mar 2026 08:55:27 +0200

Subject: Canada Revenue Agency (CRA) sent you new mail online

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: base64

Feedback-ID: :tracking.ato.ink:1.ato.smtp:default

X-Sid: info@ato.ink

X-Return-Path:

Message-Id: <4fk4rv4X3XzHwvyLW@smtp2-3261.email-labs.net>

X-Spam_score: 14.0

X-Spam_score_int: 140

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: English version ** La version française suit ** sales@nk.ca

The Canada Revenue Agency (CRA) sent you new mail online called:



Content analysis details: (14.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.78.234.25 listed in dnsbl.ahbl.org]

[147.78.234.25 listed in dnsbl.ahbl.org]

[147.78.234.25 listed in dnsbl.ahbl.org]

[147.78.234.25 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.78.234.25 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.78.234.25 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.78.234.25 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.78.234.25 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: casaki.ru]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: casaki.ru]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[147.78.234.25 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: casaki.ru]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[147.78.234.25 listed in sa-accredit.habeas.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: casaki.ru]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[147.78.234.25 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[147.78.234.25 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 MIXED_HREF_CASE Has href in mixed case

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: b.dnspod.com/43.161.3.75]

[URI: a.dnspod.com/43.134.249.74]

[URI: c.dnspod.com/43.134.249.75]

[URI: b.dnspod.com/220.196.136.75]

[URI: b.dnspod.com/163.177.5.79]

[URI: a.dnspod.com/117.135.128.175]

[URI: a.dnspod.com/101.227.168.75]

[URI: c.dnspod.com/125.94.59.175]

[URI: c.dnspod.com/112.80.181.175]

[URI: a.dnspod.com/43.130.172.75]

Subject: {SPAM?} Canada Revenue Agency (CRA) sent you new mail online







English version ** La version française suit **

sales@nk.ca



The Canada Revenue Agency (CRA) sent you new mail online called:



Notice of assessment



This mail may require your attention.

View attachment in PDF



If you have My Account, sign-in and click on "Mail" to read your mail.



If you signed up to receive mail online but don't have My Account, go to the CRA web page to register.



This is an automated email message. Please do not reply.

Version française ** The English version precedes **

sales@nk.ca



L'Agence du revenu du Canada (ARC) vous a envoyé du nouveau courrier en ligne intitulé :



Avis de cotisation



Ce courrier peut nécessiter votre attention.

Voir la pièce jointe en PDF

Si vous êtes inscrit à Mon dossier, ouvrez une session et cliquez sur « Courrier » pour lire votre courrier.



Si vous vous êtes inscrit pour recevoir votre courrier en ligne, mais n'êtes pas inscrit à Mon dossier, allez à la page Web de l'ARC pour vous y inscrire.



Ceci est un message électronique automatisé. Veuillez ne pas y répondre.





Shared document phish

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 29 Mar 2026 05:18:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6o8u-00000000IPT-45TA

for dave@doctor.nl2k.ab.ca;

Sun, 29 Mar 2026 05:17:20 -0600

Resent-From: The Doctor

Resent-Date: Sun, 29 Mar 2026 05:17:20 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from smtp2-3261.email-labs.net ([147.78.234.25]:43600)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6hXQ-000000000aZ-2Eds

for sales@nk.ca;

Sat, 28 Mar 2026 22:14:16 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ato.ink; s=default;

t=1774757598; bh=3/9dNF2aSNe+arpUL/5sdipxdDn5Bv86SdCQ10gv3I0=;

h=From:To:Date:Subject:Feedback-ID;

b=vMtwutgYQiysqHeImQLAoamuksymFu1QcVsYOce/IdsSWZSfPt6lblpjJhRO5yCk0

V005Rs9OKm00hRtWk+IjyBl+CSLw0JlUgvRUMkK3L1RZ/zs2VOX456Oqfj7WZL4l4t

yEWgxu0q+H8PyE1Q+huHVlRtr5jou8ebLS+VcWMplQGuOHXHM0TfnlTwSAnAwJJO9G

cH++zxdfIlNV+YpzjceoEsOp4q1/5kVGz8FeNmMYb1SVvnglACGqKU42EACr7dcz2V

LztOyhniHnCGr6hLWIo5u5ks2JTpNKc3+5o23SbFQEaHs644BHReEAeP+k/G+fpFgy

rv5NDAKUlUruA==

Authentication-Results: smtp-18; auth=none

MIME-Version: 1.0

From: "David Morgan"

To: sales@nk.ca

Date: 29 Mar 2026 06:13:17 +0200

Subject: Document shared with you: "260105

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: base64

Feedback-ID: :tracking.ato.ink:1.ato.smtp:default

X-Sid: info@ato.ink

X-Return-Path:

Message-Id: <4fk1Fn6rrXzHwtR6v@smtp2-3261.email-labs.net>

X-Spam_score: 17.6

X-Spam_score_int: 176

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: David Morgan shared a file with you Here's the document that

David Morgan shared with you.



Content analysis details: (17.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[147.78.234.25 listed in dnsbl.ahbl.org]

[147.78.234.25 listed in dnsbl.ahbl.org]

[147.78.234.25 listed in dnsbl.ahbl.org]

[147.78.234.25 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[147.78.234.25 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[147.78.234.25 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[147.78.234.25 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[147.78.234.25 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

[147.78.234.25 listed in will-spam-for-food.eu.org]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: casaki.ru]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: casaki.ru]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: casaki.ru]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: casaki.ru]

-0.0 SPF_PASS SPF: sender matches SPF record

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 MIXED_HREF_CASE Has href in mixed case

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

Subject: {SPAM?} Document shared with you: "260105



Share image



David Morgan shared a file with you



Here's the document that David Morgan shared with you.

icon CORRECT STATEMENT

This link only works for the direct recipients of this message.

Open

Privacy Statement

Web/SEo/App spam from Google Gmail PArt 2

Posted by Dave Yadallee on


Received-SPF: pass (google.com: domain of aabbysolace1020@gmail.com designates 209.85.220.65 as permitted sender) client-ip=209.85.220.65;

ARC-Seal: i=1; a=rsa-sha256; t=1774751907; cv=none;

d=google.com; s=arc-20240605;

b=H6GgR/3olMgkzoMiwKWlIdE1zIc++wmyu6kQzRDBK1nQFEFd0444cRpEZTqMO3QEo4

oC4TLXzixX/rwGQA8dR0B5qwctbk3RrXabdIF3BAbY5XqS92Q/JqxPZB3BphzWKH54YQ

OFmYD2VyU+ytmQ/c0NJzRTrbl3dWHA6x82qlvVgWLO7izunlssqQlegx+YLM5012oBv7

eYm1KG3o3t5o5iOxig/HTAlqd3mopGzedMjqvoqhCq0Xv3zzBIJwpK5YjH1TBVVcsC2r

N52ekQIFIiUGoNPKcojgFcHzfX4SCJqfpvrJZTh6RkyYgM42KelSI4OPwbFI6ABA3bdp

eIig==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:in-reply-to:references:mime-version

:dkim-signature;

bh=8E0u83WeRoqHdC60Bptx8duv+Jrq3+u5nixQGeSdMJo=;

fh=ZEpQHcG/9HVDzkZfr5siLIl1tSBfam4XgqfB5GnSGnc=;

b=DVcKpdzoyyc7E7d68+uEoCWvUNkqtfQ8FzVnmLLInZ9Oz//9VX/UrM66pGB6aBuJ+R

3y3xo7/b5ZHyjsXHZI+n5OTSLBK3zoGxgob8J2ynI7KrsQd+7em5iKNi/juP5F3T8Htr

wEpwEu6CnfGGNp43ABQPPGdEuvImyVEKmr5wlAK4X2BbcsDACsYkvW74+nEQcuML/Zcz

PWc7Sdk5cK/aIgTcIHOv5YSnbi460PFz9IX5KaHyt3gsl9creFu830y260yC/jb8zgBp

JUES3i8sEEEgdF7r1yh+ERAzecIHSSqRWTvLtQ+hMcBg8jioi/lP4dx9IvPuYBJ/h/0z

s+Rg==;

darn=appmindset.shop

ARC-Authentication-Results: i=1; mx.google.com; arc=none

X-Forwarded-Encrypted: i=1; AJvYcCWyFRShdBnHo2RotHl5IjFFjX8DZ4q3yBJc4yzyuc2vITDj8D/C51Z55WY0DyaVOzQgZENgMQ==@appmindset.shop

X-Gm-Gg: ATEYQzwxdhgPQjLtAyNFe33NbPOQBtl+2+7E8Hmsp6dvoj1YdhVYjzbTl8JFox0qn2/

LGNtcUtlhkj3RCceFfQNcHDJVL1FISJe3bzlzrpzVhjfGwiuQre978ci5Lb6YgwPf0K/03hbBRC

97nz3cGznT7HKb15BuMSnlllptd0AaO0bCfASU/B4wq5I3ITf0P0RrP3R8wAnzpxzgBmW/WdjFG

NnBeSk4iBP23wcJuaAwLD/6zuERbZoGuA993rQfnTvdxAGjm3uxGGuQBdVc8FrouaIdaQpNR0Bb

tkJDDABp2U6NDZ/31efbJ+tjdCW97QK2x1XrN5bm

X-Received: by 2002:a05:622a:30f:b0:509:50d:b9c8 with SMTP id

d75a77b69052e-50ba383f5bdmr109783921cf.1.1774751907446; Sat, 28 Mar 2026

19:38:27 -0700 (PDT)

MIME-Version: 1.0

References:

In-Reply-To:

From: Simran Singh

Date: Sun, 29 Mar 2026 08:08:15 +0530

X-Gm-Features: AQROBzAEsOX5biB7wo4wze5z2xP__-f1mqFxBWUtEqSTdTebVACWKs1mpe1t0FI

Message-ID:

Subject: Reminder: SEO Ranking Proposal...!!!

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000020219064e20a170"

Bcc: 11mar@appmindset.shop

X-Original-Sender: aabbysolace1020@gmail.com

X-Original-Authentication-Results: mx.google.com; dkim=pass

header.i=@gmail.com header.s=20251104 header.b=WedARNcP; arc=pass

(i=1); spf=pass (google.com: domain of aabbysolace1020@gmail.com

designates 209.85.220.65 as permitted sender) smtp.mailfrom=aabbysolace1020@gmail.com;

dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;

dara=neutral header.i=@appmindset.shop

Precedence: list

Mailing-list: list 11mar@appmindset.shop; contact 11mar+owners@appmindset.shop

List-ID: <11mar.appmindset.shop>

X-Spam-Checked-In-Group: 11mar@appmindset.shop

X-Google-Group-Id: 618764003250

List-Post: ,

List-Help: ,



List-Archive:

List-Subscribe: ,



List-Unsubscribe: ,





--000000000000020219064e20a170

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello,



Just a quick follow-up on my SEO proposal. Please let me know if you're

interested, and I=E2=80=99ll share the details.



Thanks,

Simran



On Wed, 11 Mar 2026 at 14:01, Simran Singh

wrote:



> Hello,

>

> I'm an SEO Expert. I found your details on Google search.

>

> SEO Proposal for website ranking in Google 1st Page.

>

> Beat Your Competition

>

> If you are interested, then I can send you our Packages and Price list.

>

> Thanks,

> Simran

>



--000000000000020219064e20a170

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hello,
p>

Just a quick follow-up on my SEO proposa=

l. Please let me know if you're interested, and I=E2=80=99ll share the =

details.

Thanks,
Simran



il_quote_container">
On Wed, 11 Mar 20=

26 at 14:01, Simran Singh <=

aabbysolace1020@gmail.com> wrote:

l_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,20=

4,204);padding-left:1ex">
Hello,

I'm an=C2=A0
an>SEO=C2=A0Expert. I found your details on Google sear=

ch.

SEO=C2=A0Proposal for website ranking =

in Google 1st Page.

Beat Your Competition

If you are interest=

ed, then I can send you our Packages and Price list.

Thanks,

>Simran






--000000000000020219064e20a170--

Web/SEo/App spam from Google Gmail PArt 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 29 Mar 2026 05:18:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6o8f-00000000IOG-1aaz

for dave@doctor.nl2k.ab.ca;

Sun, 29 Mar 2026 05:17:05 -0600

Resent-From: The Doctor

Resent-Date: Sun, 29 Mar 2026 05:17:05 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qv1-f70.google.com ([209.85.219.70]:57836)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <11mar+bncBCB33OUOQQPRBJFBULHAMGQE674ORYQ@appmindset.shop>)

id 1w6g6I-00000000N0A-2NEV

for sales@nk.ca;

Sat, 28 Mar 2026 20:42:16 -0600

Received: by mail-qv1-f70.google.com with SMTP id 6a1803df08f44-89e56a8c863sf49665626d6.3

for ; Sat, 28 Mar 2026 19:41:18 -0700 (PDT)

ARC-Seal: i=3; a=rsa-sha256; t=1774752072; cv=pass;

d=google.com; s=arc-20240605;

b=L1iAPoucd/KNaawYHBrBzoG4CptErAzs92fWBN1AI3vWFPniy5E/dn8C7Apyx9WSKC

SO3UO9PDNDZ8kM1yKaLv6D8BVieh9fxQdmYQKKUeAYr3/gO7W6EpMTnlNSnQQlqxUffK

1eebH6TzvIYlyN4ff3WF0KzVIEYql4GtsNqfrJL+1aq1EQbHy/IV2Z+x47SLVJaGEB6h

DDJoLztJ2+yHcsKouQYV3sHVR51GK1azicKbz49pglXCO/7285Uak98N1hdycHAMJqpH

bh2pxtB231aixhT2FAPb6B9N0mfybILxG1gblcC57e6QjoWMWPkh1h0NkQ3va9VmXhLA

115A==

ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post

:list-id:mailing-list:precedence:to:subject:message-id:date:from

:in-reply-to:references:mime-version:dkim-signature;

bh=8E0u83WeRoqHdC60Bptx8duv+Jrq3+u5nixQGeSdMJo=;

fh=gRnXDO0W2+gUZhwD/aPtvhQz8TdQQY4CwKuydHGOMBQ=;

b=DMyK9iTTVlP0y8tu5ieqfor5O3so6ute63eBGdux/pYS70b1ZEy5jSm+KeLHR7zmOF

o80OCksXtHHGG/ByE4cxpdo6liNDk0WfenyHfO1g6Qt+mlQrRzgJoTd3h7ZHUW2WesTG

6EMB8G3RoM/YQO1lPR+hjGBj97utG1fuVBYsc9fgjOgsZBqBoutYqUltA43+PkEDTvOD

WtViSz2+v+RjzLVisVQzb8pt8Sweg6KXOA8fQGKNTiA83+nmp0YCAVq6OGh2XNoBIL8H

4rLBqhEo7eWtLRkFafuVSGM/JnASI90hkBy/24LOVh8qSpkHxxto/ihJFEvOG+wxfSxf

PKdw==;

darn=nk.ca

ARC-Authentication-Results: i=3; mx.google.com;

dkim=pass header.i=@gmail.com header.s=20251104 header.b=WedARNcP;

arc=pass (i=1);

spf=pass (google.com: domain of aabbysolace1020@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=aabbysolace1020@gmail.com;

dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;

dara=neutral header.i=@appmindset.shop

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=appmindset-shop.20230601.gappssmtp.com; s=20230601; t=1774752072; x=1775356872; darn=nk.ca;

h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post

:list-id:mailing-list:precedence:x-original-authentication-results

:x-original-sender:to:subject:message-id:date:from:in-reply-to

:references:mime-version:from:to:cc:subject:date:message-id:reply-to;

bh=8E0u83WeRoqHdC60Bptx8duv+Jrq3+u5nixQGeSdMJo=;

b=jfA4KvQJ/LIQP3dLuHGPOiy3uKDHjoiH4VGvRjuzA0iRiKvytcWcy9umfOUgRvFXrm

n2gdnMGVNVDVOhB+Tnl6CEvnKOyiE/jcOd3LTP9hA309xXIg4HdxxWlWobb44l1lWgtZ

tm+hI94I7xtO5Q+BUbJ16yiK+wDcsYEA5F84UOJRPVq8mArhVUotAfEBE4y/wZh1ZZWg

TVb1TgzG0v3NYUG97Ftkblqa0iXyoZNUcZ7dEFeo2owuMYZDu9kxTDUQRqJFvtTX32jH

2+TUX99Vbd1C6K3TFlnXk5XfmXDP+B959LEbpGaCap/g+BGfMwsG8nakkKWPfGOSzyUX

vRpQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774752072; x=1775356872;

h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post

:x-spam-checked-in-group:list-id:mailing-list:precedence

:x-original-authentication-results:x-original-sender:to:subject

:message-id:date:from:in-reply-to:references:mime-version:x-gm-gg

:x-beenthere:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=8E0u83WeRoqHdC60Bptx8duv+Jrq3+u5nixQGeSdMJo=;

b=ok2n5FgXslQeDJigx2cKrOmLXRnqeQtboWtRmOqiLCiQcD1siiEoXZLUjrUqK4/W8r

l8a48eGLGNUwSyR2mUPmaCV00FSlSwkvxD5c5v5mo0VdtbFrfR+cPdwsEabZoOZuMvGa

reLTos9q8+8BFHeDmFluUgGPkpKyvOT+UGmZo+mocHhmrgMcmuB0f6GrhM1r4YIl5jZg

pa1Fd4EZIEXOam30gACrb8EDi3zymprzdRbnMcm7RWMan7kFldCMxu3IpxheQt1sZThf

H58Kzemif/VdbqiJ0XkFA26OU5OPPBAwUz+RXnA4pXv6aVQBYVyAXcvuA2C5EEVqb6Q4

xC3g==

X-Forwarded-Encrypted: i=3; AJvYcCX7xqqR+krTMm0Mdgc1uGftUI+/yGgYDJ7mTxXfDhSgAX4i5XuDV7PbqFtIO+b//4NLRuWXJg==@nk.ca

X-Gm-Message-State: AOJu0YxRTFa8nADpYz6UbnZVZ5lo1bYiQ6ohv0qhsAGMn1/+x8YlUloT

8G8fTA+J5PKIXPwBnzZMZWP0ZEtS4VVBhS53TOI4B9YEesit2MPyLhyeRYIu4gm+erA=

X-Received: by 2002:a05:6214:19c4:b0:89c:9c8d:e985 with SMTP id 6a1803df08f44-89ce8dd5af3mr117760576d6.27.1774752071290;

Sat, 28 Mar 2026 19:41:11 -0700 (PDT)

X-BeenThere: 11mar@appmindset.shop; h="AYAyTiIqPrlSelGxaCZjsTSR09dGFl+ALYznI3fZgTOJlOCc2A=="

Received: by 2002:ac8:5a0c:0:b0:509:2a0e:163b with SMTP id d75a77b69052e-50b93a4b40fls50861161cf.1.-pod-prod-07-us;

Sat, 28 Mar 2026 19:38:28 -0700 (PDT)

X-Forwarded-Encrypted: i=3; AJvYcCW3DrmJg2Tl2xX5x9UvyZCz9TCruG3UCjwDWkGrxNpwV7FwjIzMX26mSKgvG36ToW7yAiTJ3A==@appmindset.shop

X-Received: by 2002:a05:622a:1aaa:b0:509:764:2f04 with SMTP id d75a77b69052e-50ba3a2243cmr106054841cf.68.1774751908133;

Sat, 28 Mar 2026 19:38:28 -0700 (PDT)

ARC-Seal: i=2; a=rsa-sha256; t=1774751908; cv=pass;

d=google.com; s=arc-20240605;

b=J3M49YABRhyRNGZdZPuNcaO7ytY6qXbhSQxTcsVe7fTbBihFWAgOJ14q8vD9HChyOI

a9vni++01AoJ7uWOar1BM5ka1cWHuxg4XQCw/xAgrfXtkrmP3zDJHrV2jFfAtNFXObIF

Q8WJzzcE83pzZrxCkyo81YLIBrz915m/2zmKoySWat1AHKb93gQzZS6SLWkgwVRYXk+O

cza0tx9elELr7DgS1UpjUksgMux4eBPejOxkMqzbIWMGBXbdijg6dhEbW+2BudvS/b1Z

i9EogN9ytiJpfYeXN1omTivdq57J2ynyKTrYjRPUHS8DAof+vN/7IqBUy+Pw+K5mRO3m

sWxA==

ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:in-reply-to:references:mime-version

:dkim-signature;

bh=8E0u83WeRoqHdC60Bptx8duv+Jrq3+u5nixQGeSdMJo=;

fh=ZEpQHcG/9HVDzkZfr5siLIl1tSBfam4XgqfB5GnSGnc=;

b=SPXiLy2QgEbY1yANtLKaho7KtvjEC8BZS+XmClL1tT0Bdn2CooVYfZsqlte2eumaFr

12dEvsxlKOVtl91dZ888qNYXOWuTEKch8E69SJcVLX79hs2iWexpvrY6Gp35ERRYvUd9

DcQDwHRx/mvJUqwMrw1hCz9MgAoL5WBNAEvyrBq+qEBu9PYQQZOOG9m2hIEqPr3nYyDM

KfPxSymIEJlr7us3VEASr0v+vVzotBkH/phzrKmKxcA0d77sNIBp29pkfyPCwSq32DbM

CYsfex/A9nRDtMdfIcCsbRhSz/wvb37nmj8+Y40deb8uotZhIOqFwtGrJSWStSq7sQzr

4fNQ==;

dara=google.com

ARC-Authentication-Results: i=2; mx.google.com;

dkim=pass header.i=@gmail.com header.s=20251104 header.b=WedARNcP;

arc=pass (i=1);

spf=pass (google.com: domain of aabbysolace1020@gmail.com designates 209.85.220.65 as permitted sender) smtp.mailfrom=aabbysolace1020@gmail.com;

dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;

dara=neutral header.i=@appmindset.shop

Received: from mail-sor-f65.google.com (mail-sor-f65.google.com. [209.85.220.65])

by mx.google.com with SMTPS id d75a77b69052e-50bb2e62cd0sor15318881cf.8.2026.03.28.19.38.28

for <11mar@appmindset.shop>

(Google Transport Security);

Sat, 28 Mar 2026 19:38:28 -0700 (PDT)

Instagram followers spam from Google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 28 Mar 2026 19:14:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6eir-00000000IiI-26ma

for dave@doctor.nl2k.ab.ca;

Sat, 28 Mar 2026 19:13:49 -0600

Resent-From: The Doctor

Resent-Date: Sat, 28 Mar 2026 19:13:49 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qv1-f70.google.com ([209.85.219.70]:58853)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <3eXjIaQoJBeAYKUVQPNGNKIOCKN.EQOUCNGUPM.EC@maestro.bounces.google.com>)

id 1w6eRn-00000000I2S-1yc6

for sales@nk.ca;

Sat, 28 Mar 2026 18:56:19 -0600

Received: by mail-qv1-f70.google.com with SMTP id 6a1803df08f44-89c3e0be5ccso35847396d6.1

for ; Sat, 28 Mar 2026 17:55:27 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1774745721; x=1775350521; darn=nk.ca;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:from:to:cc:subject:date:message-id:reply-to;

bh=npSzxG715XdnVldxX0mQDvjr8HLzOxeIh5WBu9gEgOY=;

b=eGJAqJEvIQj9cS8MRNr2ydqu6Y8pZ0UhdFHs50skw4k0WlLxqzlmKztuTlVyWTUlrK

hbJXgT82HRdPRH+yQb42mq4UGZhEr5yeh6O18fXsuVjYW7AlhABprTWqaxwvVAQTMd+U

n4NN82b13fP33wGAv/tFT/looHmuYcWggwUFr/dSr1oQLsS2Bcgfn9/J9/S0OpZDp8xK

u6kIX1MO9EZX+WnrWxIA6DkkEaqO9mYGuoG+mosLI6c25rlZ+OMlsG6Ffp8W2An8nECx

dg0+U4x/Y7c3qvkWOxuoicnkfo2UXektSb9XqLE3Gu2LMsqc7mSuRizzrdpzuHqhTO33

G3Dg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774745721; x=1775350521;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=npSzxG715XdnVldxX0mQDvjr8HLzOxeIh5WBu9gEgOY=;

b=bUybCbPd8kYFe1TjavCKftpz9Ni0CKOUkHU/DhfljoO9Erps8BsXsUvgaYJI96b/TS

rhDRpXMoYytVAY+oP7Pou3piBfQAN0EnwWR+jNeVQl2wXQNHvLuvoM4nDRPClImXsnyA

EOsLyMGwlyGPDiIF1CtOYuK10MOqiZLPDDYJwaOxbl00byrARgVytqcTn5NFf4QB9RRP

4wi5Y4NAjpd3VMn6gmwXZG/eTYUzq/+pwjhmB3aMc5O/KEEQ+ReOlxN9+Gy3h537mEnt

sKbx07zgtzJ2UaKn/8KsudwxDkHeFZQISPGoVB7ANRwBifQ8gyiJP/kjBq53L4S1tD4r

rw/w==

X-Gm-Message-State: AOJu0YxQLCN7GcDI+IdlSjbBiC9XFAgW6OHbs60gFJGJt3egqFoKyMhw

0UVVUughNIPDGlXeTKWzbStrmJXMeS7bwPccuZldH6QjBzu3GhyGcV7xTvuI3xRyOo7oQK069vx

zcMfJhg==

MIME-Version: 1.0

X-Received: by 2002:a05:6214:5b85:b0:89f:d46f:47f9 with SMTP id

6a1803df08f44-89fd46f4affmr26473236d6.29.1774745721319; Sat, 28 Mar 2026

17:55:21 -0700 (PDT)

Message-ID:

Date: Sun, 29 Mar 2026 00:55:21 +0000

Subject: daveyadallee, Get More 10,000 Instagram Followers

From: wistonleli@gmail.com

To: sales@nk.ca

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

X-Spam_score: 9.6

X-Spam_score_int: 96

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi, daveyadallee, Get More 10,000 Instagram Followers Sorry

to interrupt your time. We offer social media services, If you're interested,

please visit our Website. If you're not interested, please skip this step.





Content analysis details: (9.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.219.70 listed in dnsbl.ahbl.org]

[209.85.219.70 listed in dnsbl.ahbl.org]

[209.85.219.70 listed in dnsbl.ahbl.org]

[209.85.219.70 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.219.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.219.70 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.219.70 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.219.70 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.219.70 listed in will-spam-for-food.eu.org]

[209.85.219.70 listed in will-spam-for-food.eu.org]

[209.85.219.70 listed in will-spam-for-food.eu.org]

[209.85.219.70 listed in will-spam-for-food.eu.org]

[209.85.219.70 listed in will-spam-for-food.eu.org]

[209.85.219.70 listed in will-spam-for-food.eu.org]

[209.85.219.70 listed in will-spam-for-food.eu.org]

[209.85.219.70 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.219.70 listed in list.dnswl.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: instatool.site]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[wistonleli(at)gmail.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 URIBL_RED Contains an URL listed in the URIBL redlist

[URI: instatool.site]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.219.70 listed in wl.mailspike.net]

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} daveyadallee, Get More 10,000 Instagram Followers

Hi, daveyadallee, Get More 10,000 Instagram Followers

Sorry to interrupt your time.



We offer social media services,

If you're interested, please visit our Website.

If you're not interested, please skip this step.



We will help you increase your social media presence to another level.

( Threads, Instagram, Twitter, Youtube, Facebook, etc. )



Are you interested in a free trial ?

Special For You Bonus Extra $2 - $5 FREE BALANCE TODAY SIGNUP NOW..!!!

GET 100K Followers Instagram NOW !!!

Order here :



[ https://instatool.site/services/?daveyadallee ]





Take free trial service today only...!!

10 -101K Instagram Followers



- Instant Start

- Safest Methods

- Privacy Protection

- Speed 200K Followers/day

- High Quality Followers

- Drop-Back Guarantee

- Trusted Seller testimony

- Starting get 100K Followers Instagram

- Guaranteed to be the cheapest



Thank you,

Regards,



Copyright © 2014 - 2026 instatool.site

Web/SEo/App spam from Microsoft Outlook Part 3

Posted by Dave Yadallee on
--_000_SEZPR01MB510952FA4C927FDC19B1EDA58354ASEZPR01MB5109apcp_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable








252">








background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

Hello!



background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

 



background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

Your website looks great_, but it=92s not Rank well on



background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

Google.



background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

 



background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

Can I send you a free_ analysis report and price_ list?<=

/div>


background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

 



background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

Looking forward to your reply!



background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

 



background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thank you!



background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

 



background-color: rgb(255, 255, 255); margin: 0in 0in 0.0001pt; font-family=

: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-=

serif; font-size: 12pt; color: rgb(0, 0, 0);">

Richel Green



os_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-=

size: 12pt; color: rgb(0, 0, 0);">







nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">












--_000_SEZPR01MB510952FA4C927FDC19B1EDA58354ASEZPR01MB5109apcp_--

Web/SEo/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on
Content analysis details: (7.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.74.87 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.74.87 listed in dnsbl.ahbl.org]

[52.103.74.87 listed in dnsbl.ahbl.org]

[52.103.74.87 listed in dnsbl.ahbl.org]

[52.103.74.87 listed in dnsbl.ahbl.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.74.87 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.74.87 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.74.87 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.74.87 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:101:e2:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:e2:0:0:0:8 listed in]

[will-spam-for-food.eu.org]

[52.103.74.87 listed in will-spam-for-food.eu.org]

[52.103.74.87 listed in will-spam-for-food.eu.org]

[52.103.74.87 listed in will-spam-for-food.eu.org]

[52.103.74.87 listed in will-spam-for-food.eu.org]

[52.103.74.87 listed in will-spam-for-food.eu.org]

[52.103.74.87 listed in will-spam-for-food.eu.org]

[52.103.74.87 listed in will-spam-for-food.eu.org]

[52.103.74.87 listed in will-spam-for-food.eu.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.74.87 listed in wl.mailspike.net]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[rachelgreen353(at)outlook.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[rachelgreen353(at)outlook.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

Subject: {SPAM?} Yes



--_000_SEZPR01MB510952FA4C927FDC19B1EDA58354ASEZPR01MB5109apcp_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable



Hello!



Your website looks great_, but it=92s not Rank well on

Google.



Can I send you a free_ analysis report and price_ list?



Looking forward to your reply!



Thank you!



Richel Green





Web/SEo/App spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 28 Mar 2026 07:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6TKw-000000000qB-1vXg

for dave@doctor.nl2k.ab.ca;

Sat, 28 Mar 2026 07:04:22 -0600

Resent-From: The Doctor

Resent-Date: Sat, 28 Mar 2026 07:04:22 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-koreacentralazolkn19013087.outbound.protection.outlook.com ([52.103.74.87]:62330 helo=SEYPR02CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6Rc4-00000000Gnz-0HOY

for sales@nk.ca;

Sat, 28 Mar 2026 05:14:07 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=WM+8tBoFN4Qc7A93Y3CydpbViXYnDQvIwvqkd/q5p701eqj37b5xpNejPnsAMKEZZd43vwEBNeaVP86x1trvTbe4zHaJQpysphq1sjAF46aAb6EgPwmGqBfy9RKWI3G4f/i01Ryu4djuYlVZeX5w5JfcrSFl8g9w6uttDZ/z+J+sM+jn8EOGWZsf9kGlMHsh6Wc3I8sp6zCdME+zhqc1w5yEa2WoF7KPhQ7CYaJ+2of4KkAcAWtnhH8Vt7Esj++MmkX5Kp7izO5ZCb0SWaLZrcGlnI+xGhLij/hwXVLxrnuyt/9gnQAD0uJ9WZnF1r3h4mIgN4Arp18rIurSeW4sQA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=c/qhnjwSmBIryg5DCCSnHb3CRnMOnuvKaFw9G8fLKSY=;

b=pYfrKLyXIL+/faAvBpriNRki8mf9vztD1vGJ94uzOmz7/Ev5VovDZE9RqHYIVYdmJl8KX0VchdN4M6Qk65rrdEwYNRwitkYJGAm+lYXXMrnTEHrioglwZkIAPzGW/UV2ei+3JhgUOtT7bANVY2sU9vNyvbS1iFYAA54iy9n/5CXmmNBJdaamZOieVu3ouNYgTzHB1MimcugQwzOlGm9d/Rra4bWC9hubk5GfEdxu2A+4XEeg4Su8mKxRMuJSFQStJPFMNktrbny3SdvEtYlsnzfIPJsrJSUG9PeXyw/Gy1SYgDHyW6O7kRnsJoipi57Ye9jWbVVqPPLR5dZafITF3Q==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=c/qhnjwSmBIryg5DCCSnHb3CRnMOnuvKaFw9G8fLKSY=;

b=u3ysFoOXH0ZG8++B4+2kA3VVk2QUpPvmsxaeLEwIQAX9NcTxAT1E0byu5SOmCP2pOcv+mSBsgB5cy6lYWwPY75uKMKLUDMRHyaYxAMJOnm5BZ5LsBbA++vvG43ybSXxT/sDHwBQkfdUaJCG0sy2qs7Hxg/kN8INp8K/4o+OaCm3d+rNlW+GJN+uRX6y4tPlAXICGhXiMgHjbgfX1cEcjUD5uxlNqaiE0gigHKfmqzAcnz9jyXnhg8mw0Zt6HgRYrzEnXCbBTursELNzbzLMjZU2qI7WjALa5TFn6Xn1TlrETk1yJAfSzIpzi/7VG/tjBKuKeBZ13G3jKRs3GVsrvVQ==

Received: from SEZPR01MB5109.apcprd01.prod.exchangelabs.com

(2603:1096:101:e2::8) by TYSPR01MB6054.apcprd01.prod.exchangelabs.com

(2603:1096:405:60::13) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9745.23; Sat, 28 Mar

2026 11:12:35 +0000

Received: from SEZPR01MB5109.apcprd01.prod.exchangelabs.com

([fe80::306a:2a8e:1fc6:8548]) by SEZPR01MB5109.apcprd01.prod.exchangelabs.com

([fe80::306a:2a8e:1fc6:8548%2]) with mapi id 15.20.9745.024; Sat, 28 Mar 2026

11:12:35 +0000

From: Rachel Rachel

Subject: Yes

Thread-Topic: Yes

Thread-Index: AQHcvqPBfixeaInimUm2vdqpn198Ew==

Date: Sat, 28 Mar 2026 11:12:34 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-exchange-messagesentrepresentingtype: 1

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: SEZPR01MB5109:EE_|TYSPR01MB6054:EE_

x-ms-office365-filtering-correlation-id: a92bcd45-ea03-40d1-ed80-08de8cbae9d3

x-microsoft-antispam:

BCL:0;ARA:14566002|24121999003|37011999003|15080799012|24071999003|15030799006|31061999003|22091999003|461199028|19110799012|39105399006|8060799015|8062599012|20031999003|10112599003|7071999006|440099028|3412199025|12091999003|56001999003|44111999015|102099032|41105399003|39145399003|40105399003;

x-microsoft-antispam-message-info:

=?Windows-1252?Q?s1n9Qur0Wvi7w3Si5GOxoeisLiU8oDaXCQK5pOsxJqhtvlYotu4TEfq4?=

=?Windows-1252?Q?QVQk3OFtfxzms2Cau3fUiCxapVtW1TCyMNEcHLxBA0C6FwQ2QvpShmcW?=

=?Windows-1252?Q?CsRvbB63CtkRnBNkKk4DqF8lmMGfF5jWVCTtdzl6RoyThpjMT2o0u8iH?=

=?Windows-1252?Q?Cw5Ar84vN3n5E+JPCccvN0ZyQYljd36/SSMffc/amTvHEtXPik0LD6BP?=

=?Windows-1252?Q?3Yrbt/1myt7G2drv3KtCN6R90OK92nC3XPP4ldewJgRj8DLAHwI8Ubpu?=

=?Windows-1252?Q?G2mQQ2Yc7YakoxldWAvB9Ow8M0aY5P4/HNe0MJ31FHHx09EeY+ihiN9f?=

=?Windows-1252?Q?9OB1aUPSsLASELaN0XXX9svHBWPXiSRRUS5wHuNll29SoIpYC2ubTwps?=

=?Windows-1252?Q?6iX2BjxLEQtT7ajVEyq3w25HTNO82EZnoDvflS4PViNkqf324vLpJYVI?=

=?Windows-1252?Q?03VTvKBs9wtt1oEFYY9EDdP6SKLz6oaRX3VW1EPNIz3YBLT3Ow7ePfuX?=

=?Windows-1252?Q?NdHiyPjJt54bR+ddExWgPaNoFseNNOYqzpdHD9reXPfIXp6kmSi5eNVL?=

=?Windows-1252?Q?RctMYELoXRBQtIQidWWHV1PhXtA0MfOO27hs5VnBV/t1FancG3fNLXzP?=

=?Windows-1252?Q?eCmNhBffSTRsUMB2mEv0V/jNnV65KyV3tLVLugy88dzYO3dqudytbKDF?=

=?Windows-1252?Q?SiFswA6AojHgdh4bYxGCZOjBnr3ZC+3B7mlzLPuvd79Zeyb/eI5VSNlv?=

=?Windows-1252?Q?OPQ6JyUL4CVG7gMd4vjEOC6sYSz/Y84JBm3lGHEyNWaETEkymun4dBzZ?=

=?Windows-1252?Q?1G4mD9n7rZJVyR1WwvlmyNQdC4ggmWcJV41VzXPVd7PJufQvNG58K10F?=

=?Windows-1252?Q?b7YBIQuu7SCrNSHOSDlCyDqFZz+xgJ7qLOGleKWHNGmDz1bBPjjP7ucf?=

=?Windows-1252?Q?87JIeOYeiOZWiDd7Ogx3jdQpyd7O+IL1Eg77kM7Y9z+16EM5s2VHClSk?=

=?Windows-1252?Q?QwHl3pgH3Vrk7Xm8fADp4Bp9FwWGIm977OmFW+aTETx+CUzcsPM6143z?=

=?Windows-1252?Q?9O3N5smTizKmjEDEa7d6Nc2yDUPBSkPq1+XtbaoZfvTyYK1sMX68lCUB?=

=?Windows-1252?Q?kc1+ERrgRVB0J2mIBct+ZGuuXEPlGmNAw/Bx0g/LSXpuVd+NPPFitfMu?=

=?Windows-1252?Q?hS/1Zzmmz5GI4SAj/GRfpl5nDnasNQs/bHMd56ZRpBX7nBgLwvEPaL3I?=

=?Windows-1252?Q?GqLEUEgZC7ESiJC5NteF6OG4hoHUeRj4xiGHEMnwbCHj+/anyrQ+rnPN?=

=?Windows-1252?Q?DcA+wzvHBs39qMa5sxaJIlIIKVXmh7ktJKGxR1JoTMsHYXwAHnn5DS8X?=

=?Windows-1252?Q?VWLe0ElxkddXFdFmbtAGpiqfNA+YPxbQawjE40rF7f2aKkMMvXvCbGgE?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?wchL014jPl36KbkZn1KlofZHcmo6iO1nlR1tNz8+qS4sBw6R4iVeMkN8?=

=?Windows-1252?Q?i2EVQppIC8Z83I4sjW8WnAA2c9KvLpTouu3yD4PrYucFCzllvd625ojc?=

=?Windows-1252?Q?N9bks+7BG+PtKRw85sc6ZCuXUYxm1T7AC3rALMexjhZ3XzVOXJYXOyiN?=

=?Windows-1252?Q?AhHhKFi/gsAzmXXF0pDpsSf4VcWa4UHDW1n5i93vl4V5WxKpPsWGqUYh?=

=?Windows-1252?Q?n6mwsXnJ08VvY44Cz4+zmHhn+5iwBtIJjrbtROSPu4xxHBbl30+QqzaF?=

=?Windows-1252?Q?vr9NXcKTqLtaz3Glm/hEA0Vv6IDZl1fIL67RouspneFAAZj3Q1J0hiS8?=

=?Windows-1252?Q?htTKEJ7cOyEEpAWtmiyzoZwna3zTY1FD5XotnRrPk49gdHigs9CrClMf?=

=?Windows-1252?Q?kKhSHwnVitgYdxIy5c6FzrpXg8hllJw/j6aimLWKroclgpiHXHvlUWHN?=

=?Windows-1252?Q?XbNDB2PJK3L2TJT4sONB20LAdzp/tq0UZUCc59Rd/XedQ1/qxBW4wyd8?=

=?Windows-1252?Q?bZypZH8A+6kVbRRyf+sjc87eRyVcjqqmpx4Bgub1GOeCgPUJSAX2O16d?=

=?Windows-1252?Q?v3yWviUyL6WkMD1SQv6RYyuTd10vDnAb3K9ZeldGHG7bA1W+5xFdOf2E?=

=?Windows-1252?Q?cwwEufp7cy6axF/ctlrRIanRj1pP4CeTWZH6zc+2Bt4sIt9Tg8ITVY2I?=

=?Windows-1252?Q?UoyLYyoKC7tjf2a1KkkuSF2YffMovVXSh5BWqL50Av4EoIrjHAWBA6qi?=

=?Windows-1252?Q?4QxgAMpUE4XlPvx7u1QtkmUx2Iz5NP7oml9FgeL/PevDvsnqxpDa8kR/?=

=?Windows-1252?Q?n1oIkIl/EodFRBmZ9vm4witL98/utc/4Aqe++aEyjK1guSsZcliU3ai3?=

=?Windows-1252?Q?GPo7LpoDKP98jwLnGY493punv2T1ayYm/nUyAeciygp2dx6PTU+yUqEA?=

=?Windows-1252?Q?wEurC9xb8tJAhgchvSZ9N07pCa7A8ZrSFKPyaV/KQnbOLYzKbgtp2OAQ?=

=?Windows-1252?Q?1hpS9S22OHiLPMIn85I0199LN+k9h1/4Q9OIkB3345hp+1AqMqaSu7u7?=

=?Windows-1252?Q?L0khEVeeNlckZ2HLEuoLHz/jdag/ei1W8JhtffQvtyOrzVQuTbwVinE0?=

=?Windows-1252?Q?6WiUQS16DFi2vvqlIf6sf/fRqySrHQJuCUqfzVjmjOl6lHtuQkf2iuBK?=

=?Windows-1252?Q?/fiPrHfFUrXaFRyBf6Irdm7ue1RpWGBmVKbuel+0gvidj59+KdOsOWfT?=

=?Windows-1252?Q?jgNYR6roXg/cSmmC+neLX+06ky8U2VKloUgxuGGF/r2eiQj6/zDM9azu?=

=?Windows-1252?Q?1lM7O+zwbVx0Wp6Qb4Aq3VuuSf/+busiLUomxed1nSEOr7b94JNAHbUC?=

=?Windows-1252?Q?g7zAET/tySW1Y/DDVSB/3QAz7uiwpec2Q2MoHemDyDjCAvnn8DjJoLXF?=

=?Windows-1252?Q?FuHpL+bar/aEly44cWklMe7id4c8LA5uIxHmHFrErp82ceWZd1HBdkme?=

=?Windows-1252?Q?+l2IIjsc9OvAYnEwXFb9MVviK3h3a2wHPA/hdh8gPgu45NhdNxpfGfII?=

=?Windows-1252?Q?gubKXvN9a+Wh2ob3?=

Content-Type: multipart/alternative;

boundary="_000_SEZPR01MB510952FA4C927FDC19B1EDA58354ASEZPR01MB5109apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: SEZPR01MB5109.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: a92bcd45-ea03-40d1-ed80-08de8cbae9d3

X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2026 11:12:34.7747

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TYSPR01MB6054

X-Spam_score: 7.7

X-Spam_score_int: 77

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello! Your website looks great_, but it’s not Rank well

on Google. Can I send you a free_ analysis report and price_ list?

TD Phish Part 4

Posted by Dave Yadallee on


", Arial, sans-serif;">=C2=A0


font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Ro=

boto, "Helvetica Neue", Arial, sans-serif, -apple-system, Blink=

MacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", =

Arial, sans-serif;">=C2=A0


mily: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, &q=

uot;Helvetica Neue", Arial, sans-serif, -apple-system, BlinkMacSyste=

mFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, s=

ans-serif;">=C2=A0


pple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helv=

etica Neue", Arial, sans-serif, -apple-system, BlinkMacSystemFont, &=

quot;Segoe UI", Roboto, "Helvetica Neue", Arial, sans-seri=

f;">=C2=A0


tem, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Ne=

ue", Arial, sans-serif, -apple-system, BlinkMacSystemFont, "Seg=

oe UI", Roboto, "Helvetica Neue", Arial, sans-serif;">=C2=A0=


MacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", =

Arial, sans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI"=

;, Roboto, "Helvetica Neue", Arial, sans-serif;">=C2=A0

<=

/p>


mFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, s=

ans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Robot=

o, "Helvetica Neue", Arial, sans-serif;">=C2=A0


yle=3D"font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, &=

quot;Segoe UI", Roboto, "Helvetica Neue", Arial, sans-seri=

f, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "=

;Helvetica Neue", Arial, sans-serif;">=C2=A0


ont-size: 14px; font-family: -apple-system, BlinkMacSystemFont, "Seg=

oe UI", Roboto, "Helvetica Neue", Arial, sans-serif, -appl=

e-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helveti=

ca Neue", Arial, sans-serif;">=C2=A0


: 14px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI&qu=

ot;, Roboto, "Helvetica Neue", Arial, sans-serif, -apple-system=

, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue&=

quot;, Arial, sans-serif;">=C2=A0


font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Rob=

oto, "Helvetica Neue", Arial, sans-serif, -apple-system, BlinkM=

acSystemFont, "Segoe UI", Roboto, "Helvetica Neue", A=

rial, sans-serif;">=C2=A0


ily: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, &qu=

ot;Helvetica Neue", Arial, sans-serif, -apple-system, BlinkMacSystem=

Font, "Segoe UI", Roboto, "Helvetica Neue", Arial, sa=

ns-serif;">=C2=A0


ple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helve=

tica Neue", Arial, sans-serif, -apple-system, BlinkMacSystemFont, &q=

uot;Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif=

;">=C2=A0


em, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neu=

e", Arial, sans-serif, -apple-system, BlinkMacSystemFont, &</=

p>">







ont','Segoe UI','Roboto','Oxygen-Sans','Ubuntu','Cantarell','Helvetica Ne=

ue','Arial','sans-serif'; font-size: 12px; line-height: 1.5; color: #4954=

5c; margin: 10px 0 14px 0; padding-top: 10px;">

Este correo electr=C3=B3nico es un servicio de Support. Entregado por=


tm_content=3DSupport&utm_medium=3Dpoweredbyzendesk&utm_source=3De=

mail-notification" style=3D"color:black;" target=3D"_blank">Zendesk




=









----==_mimepart_69c7633ad72ab_ab19c0694cc--

TD Phish Part 3

Posted by Dave Yadallee on
----==_mimepart_69c7633ad72ab_ab19c0694cc

Content-Type: text/html;

charset=utf-8

Content-Transfer-Encoding: quoted-printable










" />












ont','Segoe UI','Roboto','Oxygen-Sans','Ubuntu','Cantarell','Helvetica Ne=

ue','Arial','sans-serif'; font-size: 14px; line-height: 1.5; color:#44444=

4;">







-size: 14px; font-family: -apple-system, BlinkMacSystemFont, "Segoe =

UI", Roboto, "Helvetica Neue", Arial, sans-serif, -apple-s=

ystem, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica =

Neue", Arial, sans-serif;">
data-olk-copy-source=3D"MessageBody" style=3D"color: rgb(46, 125, 50);">=

TD Bank


ily: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, &qu=

ot;Helvetica Neue", Arial, sans-serif, -apple-system, BlinkMacSystem=

Font, "Segoe UI", Roboto, "Helvetica Neue", Arial, sa=

ns-serif;">Dear Customer,=C2=A0
9px;">
if;">dave@doctor.nl2k.ab.ca=C2=A0


t-size: 14px; font-family: -apple-system, BlinkMacSystemFont, "Segoe=

UI", Roboto, "Helvetica Neue", Arial, sans-serif, -apple-=

system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica=

Neue", Arial, sans-serif;">We would like to inform you that a=C2=A0=

secure message=C2=A0containing important updates regarding your ac=

count has been sent to you.


amily: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, &=

quot;Helvetica Neue", Arial, sans-serif, -apple-system, BlinkMacSyst=

emFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, =

sans-serif;">For your protection, we use secure messaging to promptly not=

ify you of any changes or activities related to your account security.
>


SystemFont, "Segoe UI", Roboto, "Helvetica Neue", Ari=

al, sans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", =

Roboto, "Helvetica Neue", Arial, sans-serif;">
//email.mail.track123.com/c/eJwczDFuxSAMANDTwPYjMASnA0OX3AMMJFYJfAWUqrev2=

vEtL_kVN4ogs9eI1hltDcjTB8RYVg0FQwH8wITBhXUrjhzFYo1kDwqcMoAatTKwbHn7I6lEMa=

VVC6uuwHWZd6AvDWahfsnqzznfQ5hPAbuAPRDlMV7fOb5qP7gtvVVuWcA--OoC9pnk7Q9-j59=

x8pNvboewKvVamXob_-nj4TcAAP__4wI80A" style=3D"margin-top: 15px; margin-bo=

ttom: 15px; padding: 12px 20px; font-weight: bold; background-color: rgb(=

22, 163, 74); color: rgb(255, 255, 255); display: inline-block; border-ra=

dius: 5px;">View Secure Message


; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", R=

oboto, "Helvetica Neue", Arial, sans-serif, -apple-system, Blin=

kMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue",=

Arial, sans-serif;">This secure message contains sensitive information r=

egarding your banking account. Please sign in to your online banking port=

al to review the complete details.


font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Ro=

boto, "Helvetica Neue", Arial, sans-serif, -apple-system, Blink=

MacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", =

Arial, sans-serif;">Thank you for choosing our banking services.


p>


Font, "Segoe UI", Roboto, "Helvetica Neue", Arial, sa=

ns-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto=

, "Helvetica Neue", Arial, sans-serif;">Sincerely,

C=

ustomer Security Department


amily: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, &=

quot;Helvetica Neue", Arial, sans-serif, -apple-system, BlinkMacSyst=

emFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, =

sans-serif;">=C2=A9 2026 Secure Bank. All rights reserved.


tyle=3D"font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, =

"Segoe UI", Roboto, "Helvetica Neue", Arial, sans-ser=

if, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, &quo=

t;Helvetica Neue", Arial, sans-serif;">=C2=A0


font-size: 14px; font-family: -apple-system, BlinkMacSystemFont, "Se=

goe UI", Roboto, "Helvetica Neue", Arial, sans-serif, -app=

le-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvet=

ica Neue", Arial, sans-serif;">=C2=A0


e: 14px; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI&q=

uot;, Roboto, "Helvetica Neue", Arial, sans-serif, -apple-syste=

m, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue=

TD Phish Part 2

Posted by Dave Yadallee on


nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;">This secure message conta=

ins sensitive information regarding your banking account. Please sign in =

to your online banking portal to review the complete details.






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;">Thank you for choosing ou=

r banking services.






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;">Sincerely,


Customer Security Department






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;">© 2026 Secure Bank. =

All rights reserved.






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;"> 






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, &



Este correo electr=C3=B3nico es un servicio de Support.





----==_mimepart_69c7633ad72ab_ab19c0694cc

Content-Type: text/html;

charset=utf-8

Content-Transfer-Encoding: quoted-printable










" />







TD Phish Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 28 Mar 2026 02:37:00 -0600

Received: from mta-retry4.pod27.use2.zdsys.com ([192.161.152.49]:54424)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6P9u-00000000A0k-0t2b

for dave@doctor.nl2k.ab.ca;

Sat, 28 Mar 2026 02:36:49 -0600

Received: from zendesk.com (unknown [127.0.0.6])

by mta-out15.pod27.use2.zdsys.com (Zendesk) with ESMTP

id 34550085-fdd4-47ca-a9ba-c8a9bea79cd6

for ;

Sat, 28 Mar 2026 05:12:26 +0000 (UTC)

Date: Sat, 28 Mar 2026 05:12:26 +0000

From: TDBank =?UTF-8?B?Tm90aWZpY2F0aW9uc+KchQ==?=

Reply-To: TDBank =?UTF-8?B?Tm90aWZpY2F0aW9uc+KchQ==?=

To: dave

Message-ID:

In-Reply-To:

Subject: Notification: New Secure Message !

Mime-Version: 1.0

Content-Type: multipart/alternative;

boundary="--==_mimepart_69c7633ad72ab_ab19c0694cc";

charset=utf-8

Content-Transfer-Encoding: 7bit

X-Delivery-Context: automatic-answer-48398331932059

X-Zendesk-From-Account-Id: 1b83d2b

Auto-Submitted: auto-generated

X-Auto-Response-Suppress: All

X-Mailer: Zendesk Mailer

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zendesk.com;

q=dns/txt; s=zendesk2; t=1774674746;

bh=eaLEUG42cjxjGNNoKwZbjO33yCsngNteRjGDBFMLjM8=;

h=date:from:reply-to:to:message-id:in-reply-to:subject:mime-version:content-type:content-transfer-encoding;

b=MQqFWhR2ad7is9ul6X37tVGC7SOcufo7+8D7bBIt/BNWm5FSzBfB9kcK1WqodQ02+m5ulKWoFmekLP/0NcfqI1rao5ruwo98AVw+4ClN8CBHkBJkkGUuhVPDOIfBlMCW3kC9ytUxrbFMdp2gz+CnTcoLvyiC1XtzQ76WctmTaxuTM3U+pRzgQ3bhOWKnsFCA+gW/s0D48OIWS7QIv0+nq/nrg13jORy2aRVETgmwH9FPylmi+fgAXslo+cTudhPmz+lSyIypnwP6PjuYGgdDUKiNT81JjnuIjE/CZnl4G31McizTdTDGxUN76s1+C5DRyIAzWUYFpwCMezUC7LYl+Q==

X-Spam_score: 11.1

X-Spam_score_int: 111

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview:


nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;">
24px;">
(46, 125, 50);">TD Bank






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;">Dear Customer
rong>, 
51, 51); font-family: Arial, sans-serif;">dave@doctor.nl2k.ab.ca 
pan>






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;">We would like to inform y=

ou that a secure message containing important updates re=

garding your account has been sent to you.






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;">For your protection, we u=

se secure messaging to promptly notify you of any changes or activities r=

elated to your account security.






nt, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans=

-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, =

"Helvetica Neue", Arial, sans-serif;">
mail.track123.com/c/eJwczDFuxSAMANDTwPYjMASnA0OX3AMMJFYJfAWUqrev2vEtL_kVN=

4ogs9eI1hltDcjTB8RYVg0FQwH8wITBhXUrjhzFYo1kDwqcMoAatTKwbHn7I6lEMaVVC6uuwH=

WZd6AvDWahfsnqzznfQ5hPAbuAPRDlMV7fOb5qP7gtvVVuWcA--OoC9pnk7Q9-j59x8pNvboe=

wKvVamXob_-nj4TcAAP__4wI80A" style=3D"margin-top: 15px; margin-bottom: 15=

px; padding: 12px 20px; font-weight: bold; background-color: rgb(22, 163,=

74); color: rgb(255, 255, 255); display: inline-block; border-radius: 5p=

x;">View Secure Message

Urgency Spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on
Content analysis details: (21.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.13.37 listed in dnsbl.ahbl.org]

[52.103.13.37 listed in dnsbl.ahbl.org]

[52.103.13.37 listed in dnsbl.ahbl.org]

[52.103.13.37 listed in dnsbl.ahbl.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[dnsbl.ahbl.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.13.37 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.13.37 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.13.37 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.13.37 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:10b6:208:43b:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:208:43b:0:0:0:21 listed in]

[will-spam-for-food.eu.org]

[52.103.13.37 listed in will-spam-for-food.eu.org]

[52.103.13.37 listed in will-spam-for-food.eu.org]

[52.103.13.37 listed in will-spam-for-food.eu.org]

[52.103.13.37 listed in will-spam-for-food.eu.org]

[52.103.13.37 listed in will-spam-for-food.eu.org]

[52.103.13.37 listed in will-spam-for-food.eu.org]

[52.103.13.37 listed in will-spam-for-food.eu.org]

[52.103.13.37 listed in will-spam-for-food.eu.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

3.5 VOWEL_FROM_7 Impronouncable from header (7+ consecutive vowels)

0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters

1.0 HK_RANDOM_FROM From username looks random

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.13.37 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.13.37 listed in wl.mailspike.net]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[hilcpoioivbnmnbcdeiqww(at)outlook.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

1.2 MISSING_HEADERS Missing To: header

2.7 UNCLAIMED_MONEY BODY: People just leave money laying around

0.9 URG_BIZ BODY: Contains urgent matter

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.0 FREEMAIL_REPLY From and body contain different freemails

2.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)

Subject: {SPAM?} URGENT CLARITY



--_000_IA0PR12MB76014FD920468E664C6CD7CDC354AIA0PR12MB7601namp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hi,



Kindly E-mail Mrs. Katherine Thorn on: thornkatherine32@gmail.com FOR URGEN=

T CLARITY OF OUR LATE CLIENT UNCLAIMED FUNDS that was registered under your=

Name. Your urgent reply needed.



Thank you.



--_000_IA0PR12MB76014FD920468E664C6CD7CDC354AIA0PR12MB7601namp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">

Hi,



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Kindly E-mail Mrs. Katherine Thorn on: thornkatherine32@gmail.com FOR URGEN=

T CLARITY OF OUR LATE CLIENT UNCLAIMED FUNDS that was registered under your=

Name. Your urgent reply needed.



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thank you.








--_000_IA0PR12MB76014FD920468E664C6CD7CDC354AIA0PR12MB7601namp_--

Urgency Spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 27 Mar 2026 21:21:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6KE0-00000000Lei-3sAa

for dave@doctor.nl2k.ab.ca;

Fri, 27 Mar 2026 21:20:36 -0600

Resent-From: The Doctor

Resent-Date: Fri, 27 Mar 2026 21:20:36 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-centralusazolkn19011037.outbound.protection.outlook.com ([52.103.13.37]:15259 helo=DM5PR21CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w6Itp-00000000Hjj-49pM

for root@nk.ca;

Fri, 27 Mar 2026 19:55:52 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=it94BT1S7bKlJSoXic25p0Z5S6rHOOSvJsEt/qA+rdRc+MkOc/exrngjb6uQnRAjuhwOjzG2SeTTkf94RoIvbxsR76EenmYKyjaLtFNA9iDv0cy+uRx4ZOKR8fDswVvkbF7Os+wXONitzcyuIBwP1grs9zm5PO9D99kM4YgRWvTTS4/TUlm6f+RHhvQ/4R9wnVHRZeqrVO43ER0vTglfqzGT1l9Kwq7e8o4ShvUzZoRWfGZk4ypv046e3+1LCfvHC6hr538HI5+oevA6gxmXW54do89QMwFJhAQssei6VYI+BqGeJSsnHTQzHtupIIUCPSbAPgWV4uj3cTf39V7Dpg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=a79U6fCUowoat2MrL16HKYtVBpHoDfwB46OyftG0EDs=;

b=S3JPjFxzk66XS4eesZnIxLsDKU0MlE6vNWz7Ciq9VIFW3QYdhhh85GIEgmQwiCliLyQLswD0DZt7aHiQlSgJ4T/cWjVv0lFQAqD0pwOxFyoFumqfeJ+GmdulqJcz4nufwXZjZc9B3HcPzN9o41o7Dcxev0YY+MYJL+TurtoWGwwBB2JqcIPzPbcISm8Ja5zjFC6bLdQpVdAlKLLeHcBYWIus1GoujJlXrOZy7/1Reb06smq0kqP5WiCe1HK4+vVQJQ0H7NStjiDMIjaHuRmVO9OcD0q/MTcgx+XB2hnMGWLYpNVC67Qf0C20wELsYrE7kLFmnioRe3JPE/D2LFCWBA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=a79U6fCUowoat2MrL16HKYtVBpHoDfwB46OyftG0EDs=;

b=k5zT6NZSrDY+UlqqD/jxlWmJDD2gNj30g/uZ+X8VASQfiGm4rlAoPZn5VAAFCV6/zp5VCn4CaXnjjbrU7EMMXlk+MCp2Z4p6jeBHVGas5z1+FoUeQKzoggBPM2yuOWartOxXy+lXZBaWxY7CzVnEDe5TyBLTssSJ1PBs4ylCSe7rWEUvX8BHJmk2uumyptSPBt+eYLQXu/KvwbR3oZYkFT1V5IFmR4ZUp/6XHW2VG6qBiU3lwbdzPB7W30DQfMIaM5QFb4VvObNe5dYiDTzTtYjP4fOutm1iWsjomZy2+duI0oA3aboyiixnEWg/fSHtlek9e6ZCXBn5TRAqiOlh7w==

Received: from IA0PR12MB7601.namprd12.prod.outlook.com (2603:10b6:208:43b::21)

by SJ1PR12MB6124.namprd12.prod.outlook.com (2603:10b6:a03:459::15) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9769.10; Sat, 28 Mar

2026 01:54:32 +0000

Received: from IA0PR12MB7601.namprd12.prod.outlook.com

([fe80::85bb:2f78:4935:c550]) by IA0PR12MB7601.namprd12.prod.outlook.com

([fe80::85bb:2f78:4935:c550%5]) with mapi id 15.20.9769.009; Sat, 28 Mar 2026

01:54:32 +0000

From: Info Web

Subject: URGENT CLARITY

Thread-Topic: URGENT CLARITY

Thread-Index: AQHcvlWuP+vvsd58XUyZUfeBrF1vnA==

Date: Sat, 28 Mar 2026 01:54:32 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-exchange-messagesentrepresentingtype: 1

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: IA0PR12MB7601:EE_|SJ1PR12MB6124:EE_

x-ms-office365-filtering-correlation-id: f5678cfb-340a-4e2d-9212-08de8c6cf4ba

x-microsoft-antispam:

BCL:0;ARA:14566002|22091999003|24121999003|21061999006|19110799012|8060799015|8062599012|15080799012|15030799006|12121999013|5062599005|461199028|39105399006|31061999003|18010799003|440099028|3412199025|26104999006|102099032|39145399003|41105399003|40105399003;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?tU8QTIQHr9bObVpA9yHUHE19cj/kIV190sBNtbYu6ueYb64JqGoOCXCa8r?=

=?iso-8859-1?Q?rq4slcDAfwwjk7sGpUpUnYga5IBlC7q/6HpErQxIHVfAgYCCFht1tlOVWF?=

=?iso-8859-1?Q?/ckaeoBz1Xq8ENoBG8nHQdsYPjkNXPQjEZyQBUA5isYsypwJMf2KMTuayM?=

=?iso-8859-1?Q?VQcUvXDIvU2eZbRHLZT98yZguczzX4gojTV7Oh5gAeDKxlr/oqeI2oIC4x?=

=?iso-8859-1?Q?KInQzD7REZ/7TGYJW98zhUi3IVGGPS22yL1W8jUwATtBkp+/BsCmKRfGMB?=

=?iso-8859-1?Q?BcyY2T2ib68ue9LXlOdXGEX+K8iXHM4s01sn1clYw+poY2zOXF/bliyB72?=

=?iso-8859-1?Q?SWcTu2AobxNDmbuRGsEj6jEG/hpsRZSB1uOglhA9WIAcRzdJZGVxx5CFDj?=

=?iso-8859-1?Q?iJbOA9tPydLJqBvhpfTNGSliwmb4/FQSHphotWiJdzIoXMEO4/AUn9FygK?=

=?iso-8859-1?Q?K91hydivH7HnO/0jjpss9/bNMg/d3Pqz4sCUBt46Xr7IR6eu7bjRCzRZeC?=

=?iso-8859-1?Q?7XgfILJufJfZmT/C1H/0Zs86IQq+TE/bu/lDRpSK4uQrgR7YOKL/TsSjlR?=

=?iso-8859-1?Q?bigX681gTRvEUsjzuHeqIo78+LjypF5Gfl1692CSgjhVg7LrtsxAr6zg48?=

=?iso-8859-1?Q?EqycjpwE0DAhEEDxQcMOqmR26KcubwYFm6NtQiYfeuBYQVkWH+7CRibJpU?=

=?iso-8859-1?Q?tFec/CwDsAzuyC6GghQSsvuA01c5wYUo7iBsfLTe1UwOlVB1rIp0Qdm+o0?=

=?iso-8859-1?Q?wEOS0AnYKPFVpi3BFGC9u70sL3lT6A4AphNs3ES5dI8pHS7wFbXxfcxrA7?=

=?iso-8859-1?Q?Ywvct5r0wnwflTjaloyF5ZoSo/mJIoO0GIl49T+gqthkZ/8xjbIBTuioly?=

=?iso-8859-1?Q?Et8WRaabAz3d66Tw4hDe7OqcbzGg8yHS37ppf7M7i1jOMod0NCVwNfebGc?=

=?iso-8859-1?Q?7l+6cPBTEV+EXWZwl78TtrvyVQECqCmO2nBxiOVkMIKD9ZtMxXVJH+U1uw?=

=?iso-8859-1?Q?ijh7ssN/HcCgtp2cSF/rSyzc85CvPAYLhopLhY1xqioZLhh+RCi2T24EDO?=

=?iso-8859-1?Q?rQUuWiEcZgDee/dYfPTBf1GDUIJ3I+bt69ZP5NS0xX7svsgofLHITRVAe2?=

=?iso-8859-1?Q?Bz+HVN8DVYkmjCaAs8U1na66CGfK7tjVZ4/+EeVDs/SJzW1Wt++M8f+r7P?=

=?iso-8859-1?Q?Ux3lwR4OCvqkx98K8wNDMDOhcUVJD6idowvHx3yVo0vVGzu+dLBJnysIfl?=

=?iso-8859-1?Q?LAJuKYQ//sXWXC9ntdjQ=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?oOI68rmN8Ysl5fn5q6GSFWOq5FZlB3lxb2P6i6rmHHfw9O6RHAmq894Wdw?=

=?iso-8859-1?Q?lAddL+pXIxjXfvnieDjnqT2AqWQBa0ILCVtA3MngEWj9BL3F15i/SxVcPb?=

=?iso-8859-1?Q?Mr1STLuCrD5LrE1wH8TH5ldJhmUEnuu6Wg58EJ2LsddnYvDZK4361QZ/IZ?=

=?iso-8859-1?Q?2sMhbtSPW0vpl/1kO3U9VTx+SVubNf5o6fzWBci4bz2s5kOh/hZqNBmvF/?=

=?iso-8859-1?Q?kbW8KMvB/+2DmZXtRTF3AZrdo12Oeffo5nWJCXrFENkzAi1zedraLlLxBn?=

=?iso-8859-1?Q?PlLpfkk1SFtHF/GVMVQoMiunK10AaH742MVYAoCYXX1j8p29jz91UWEorr?=

=?iso-8859-1?Q?w5DTUAUqjZMzyJiwUPdlXjuTUTBF3nkyWpp7MCpT87aXAAlAiw6NkWY09B?=

=?iso-8859-1?Q?gmPgH2W3XzbWbIHP1eNuuW+YU3zTA79hidFB6NChcIiq/9YDsVi1RnaltX?=

=?iso-8859-1?Q?FlKQ+U1PYSTPvgdYo5gHwxxqWdCSBuHSPHJk0lAirsRnzH2zPdQDP9A7Qq?=

=?iso-8859-1?Q?Vd1MaZ++YDIL3k9YWGI8OxwamToHv7wdSubNsyTKyGqi7TaLg1VMBJFGtd?=

=?iso-8859-1?Q?WvMmgpU+m9ddOjoB+PiMQwVHbhYK15UnU0tO3V5es8idKHqTkPc6AUzF7U?=

=?iso-8859-1?Q?/YFwQRA/HmqfI798xxvVhC8zg1DBmzPepPw+FQHhAkNotsbW/fdouEjQBu?=

=?iso-8859-1?Q?xcT7JzXmhC6puh5rosFdr3JoIZ3p2LDI8e6E51Ht3FkX7UCabSfuob/s09?=

=?iso-8859-1?Q?/S6+x28J+PE7UCSTnNdVWksqfWlX0ExY3TwD3Zb/TfAKr5tIoFsBlrqEJr?=

=?iso-8859-1?Q?QFXZem+1A4Vb49d8X/xdIOeaUGSyuMWLNjgqcpQVQGnu4TGvCJQfvbxX+J?=

=?iso-8859-1?Q?LFy3vVMDJT6fOJZG0aEpCncvk5AaJfkZgSmtC4ZQfxDUq84owImEDlQM8G?=

=?iso-8859-1?Q?GjufcsVMT30p5pKkuicRBu5NCREgB2VdNHfuovCJdFEqMSRKZk8EOz3eAn?=

=?iso-8859-1?Q?kfUWYCyweRyoGFsUzCCiRsXFpfPdV/vArXg+/isx5+nOT4bOSxS49BYYFr?=

=?iso-8859-1?Q?JFp9HGW0bsTBHbJWcTo3ko799Azd4wemNDN3U8/50pocejtQCXic7/Xv/4?=

=?iso-8859-1?Q?PatgWu84TKwPuMQzqJOKX7tOHdKQOYpgOIvyW3RbOr4cjEULGhUEMqhmLO?=

=?iso-8859-1?Q?vMgZxa4PPLcFVLK+TD1qOy/Wxj/YjQeLe39AICiiS2O+1TJyzo+xlxbalh?=

=?iso-8859-1?Q?jzJB3hxErmbjinqrz39He0YV37vivKnkCb7dRdL+PtHOV7ABt0t8b4gNYf?=

=?iso-8859-1?Q?mcIvWbp+h3wAGq/uwhob6DFESJNHw0WBJqp7yM7xQN81cur5ltVpR9kcU5?=

=?iso-8859-1?Q?Yz9JuVoRz3Plw60XOmQ6J3a+3C7VgQHxyZfhpL776WRPt+unWyHbjB22zn?=

=?iso-8859-1?Q?qpe+XXEfMcPa09FRH6x8+mtbZZRvwfKLWI2SMw=3D=3D?=

Content-Type: multipart/alternative;

boundary="_000_IA0PR12MB76014FD920468E664C6CD7CDC354AIA0PR12MB7601namp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: IA0PR12MB7601.namprd12.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: f5678cfb-340a-4e2d-9212-08de8c6cf4ba

X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Mar 2026 01:54:32.2659

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SJ1PR12MB6124

X-Spam_score: 21.9

X-Spam_score_int: 219

X-Spam_bar: +++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi, Kindly E-mail Mrs. Katherine Thorn on: thornkatherine32@gmail.com

FOR URGENT CLARITY OF OUR LATE CLIENT UNCLAIMED FUNDS that was registered

under your Name. Your urgent reply needed. Thank you.

Follow up spam from Google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 27 Mar 2026 08:27:00 -0600

Received: from mail-ed1-f50.google.com ([209.85.208.50]:43093)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w688f-000000009u9-3kPI

for dave@doctor.nl2k.ab.ca;

Fri, 27 Mar 2026 08:26:27 -0600

Received: by mail-ed1-f50.google.com with SMTP id 4fb4d7f45d1cf-66b32fd9f26so850837a12.0

for ; Fri, 27 Mar 2026 07:25:30 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1774621523; cv=none;

d=google.com; s=arc-20240605;

b=j9KAy3VeDugFtfEqTL6qoEINm8qPomwhs4sAsVZumZCkM38JVag5ArHj4y5J9D5T1g

Kl7Qcsth0oAU2Kp1FflNSxX4vsSHdoDQlwQRVPBiNwf/yMgbFrIQ4CgosD84j7xtL40/

oVX5xmHrV+r6IU2Wrys+s5PPPipjKdCx1qeKQ/l2eOwWiVwtdYBkr9A4nCEeRsovdpjC

YhDR5iHXeigdh/FD6PVj7dtVyrg5AW/T1YYpbQ+JO+4YmQhEJKXLlEQAhGc7u+5cR+wx

ing6lEc9ecrmH6+ML6Mx52tKNCoMPA59GZ8XZQnpTNtm73ow0dw9lidCtjCDtlj2mOqX

GnwA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=GKCV4Q8JmlXG/zOFzFVmWn+EayUf1zc4qv/BPY4VjRM=;

fh=bZ2yQ9fvc11Ln0LED1zg5Pgh3QhrlmgCUdHo209cacg=;

b=jTjp8UMjr5O2skUY/reu998XVRXpYV61hU+HXZGrjczt5dsXsxLBjaJRVw6CFe9L+9

MYh+CuL0yQxtvUa6ux0LdNlc+CyflDYtG8IuUgcopi4DD9LXr1iz/KK11N9CLW5D+79D

w2Phq3hbu1hZtVCGm+OdToK+1QMpv+iPAZJXKifYjIPlZ1oEuYhIfkV5fykZjdYEoGKV

aSzXhgRthlf4IQRl4e5DiTwlKLc4VIaXUbICJewtd8F3f4raFE/mfrFdwbUbRc6a5nvi

dwwazdJ78E0jAtx/qTiIqOUYNpqs5s9jtjaxWGNuM5rme6Qq9rT6BQsllSeiAqqU5Ah1

UICg==;

darn=doctor.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1774621523; x=1775226323; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=GKCV4Q8JmlXG/zOFzFVmWn+EayUf1zc4qv/BPY4VjRM=;

b=sw7Ll2h+tbDk/d4PRk2HnpSn6o5aOLebC33Uc7FwqLzIm+VHOaP1zT9FQT1ZXp1OgR

2oG+ZB8iBOV1TzOEl4Jjy1+5AkWtWpih22C8EIsVwpMgCojSeQlCBI/6jiW255RkvpkH

ljyj+bS0JmIa4W0v6zIVZJSGDbsAVaCVQxxE35ttCfEy2saEuEkswN9w+/Qp95Psn3ln

4LA+iUvlmJDGay5BUdFq+kC2Il6ZcNXGK3OKmBkxvdiDsqU5vuiR0GxxdExXaJKTvtMw

S6aNncJ1G42KgLsHq+uOvnh5F+aYXiQJFwJ1cJHJvGgfKTyJgXcmmJUKqbFnHuF9i3Z6

csDA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1774621523; x=1775226323;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=GKCV4Q8JmlXG/zOFzFVmWn+EayUf1zc4qv/BPY4VjRM=;

b=Br4PB5SFJ2YQCJze5YLYbNj8XRzQTvrP8OyzwXyIMVR+oxMs8Q0qygeE1/nwTZb02B

7ErlTPJhVwnQRhfXJKAxcPnhaPdrWoxam1gPhBicR6u5nYUd6DWCmTQEbpkuEHyBUIEb

PDHYFGLYlXNuTHNmrYFI3TPtmdyxKRj8QbFzT/dvTVvgTWONgZTtaE8ZobPiMI4j7qlu

cLHOyVy4zo/cH0Mg4kCsfiTs1phd29fUj7qjyqhPM/sBwNE61qoNF0jBjfHCxrZ6Q20z

t5MDlhOKQN0DNqYcM2hBAs/+vaWbhk83nTnt5xzoGFcWctDc/HzA31giTJRwQn1G2Xmb

h7JQ==

X-Forwarded-Encrypted: i=1; AJvYcCUZy4pMn1H+Y7H31FmXQ+pBYgYoUUoyUIJHFviSRemkxxD9u0jKNDVkjgy7szOZikSB789e@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YzEqLrc6ekWRQ6rueUcYBCub3t5JX4fGqAlhntzXMkM8PQc6VLC

EocSm7ZwGvPlU1A7RYoIn+mnlGtZ5SWWzHFhCAqa4s/O6/XmDBD9OQJwlrT683usacscJk9D54H

i08tp6XXH/t8AdnJ8rZSryTQgYkBggA==

X-Gm-Gg: ATEYQzywX9wV85gEBl0lHsMW8DgOeKGwlsdb6pV6OR+gVZdOCgiaVmyYuyF3Mg+1sW1

Q9UAyRW4OJzvL9q7WgAGR7C62rqHjw6s9I0rqNsc6H//yPmzSJi17UUt86y73ws0OwWS2jNRCsJ

DCFVZmDUTH1K4XuOgmwOa/U99BVX24cOFgcSu1HwmUm1O8hoTQUIges95fV4AolxVYIoEUgs9dI

U4009K1PQf3oOpBnil+h0OG80fUSNrLvXUy3R+of/R2VB+hawoOhEmysvhg9FNrrkWmHBvmOgFF

gchhjIhSQ4oPJybK2I8t7YduRd6EhiLfIFIv4GTDcOC2ytUeQlLQWw==

X-Received: by 2002:a17:907:9485:b0:b98:42de:3700 with SMTP id

a640c23a62f3a-b9b2e9b23b1mr365597066b.17.1774621522463; Fri, 27 Mar 2026

07:25:22 -0700 (PDT)

MIME-Version: 1.0

Reply-To: paymentinfodepartment101@gmail.com

From: Kevin Martinez

Date: Fri, 27 Mar 2026 15:25:08 +0100

X-Gm-Features: AQROBzAmNZ5pqa-fROa_MfokhDlkU_rXq03JIE68VP8YR10PotIlj7UUagEjBN8

Message-ID:

Subject: Re: Greetings,

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000751143064e024530"

Bcc: dave@doctor.nl2k.ab.ca

X-Spam_score: 13.1

X-Spam_score_int: 131

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: NATIONAL BUREAU OF STATISTICS (NBS) DHS/USCIS 24 Grosvenor

Square, Florida, 33312, USA, Dear: Beneficiary. this is the second time i'm

writting you an email, I don't know if you received the first mail I send

to you. We need to talk. it is about your outstanding fund, Kindly confirm

if you are still using [...]



Content analysis details: (13.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.208.50 listed in dnsbl.ahbl.org]

[209.85.208.50 listed in dnsbl.ahbl.org]

[209.85.208.50 listed in dnsbl.ahbl.org]

[209.85.208.50 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.208.50 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.208.50 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.208.50 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.208.50 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

[209.85.208.50 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.208.50 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.50 listed in wl.mailspike.net]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[paymentinfodepartment101(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[kevinmar1964(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[kevinmar1964(at)gmail.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.5 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} Re: Greetings,



--000000000000751143064e024530

Content-Type: text/plain; charset="UTF-8"



NATIONAL BUREAU OF STATISTICS (NBS)

DHS/USCIS 24 Grosvenor Square,

Florida, 33312, USA,



Dear: Beneficiary.



this is the second time i'm writting you an email, I don't know if you

received the first mail I send to you. We need to talk. it is about your

outstanding fund, Kindly confirm if you are still using this e-mail address.



Waiting for your immediate confirmation.



Yours faithfully,



Dennis Matthias,

Director NBS

USA.



Thanks.



--000000000000751143064e024530

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



NATIONAL BUREAU OF STATISTICS (NBS)
DHS/USCIS 24 Grosve=

nor Square,
Florida, 33312, USA,

Dear: Beneficiary.

this i=

s the second time i'm writting you an email, =C2=A0I don't =C2=A0kn=

ow if you received the first mail I send to you. We need to talk. it is abo=

ut your outstanding fund, Kindly confirm if you are still using this e-mail=

address.
=C2=A0
Waiting for your immediate confirmation.

Your=

s faithfully,
=C2=A0
Dennis Matthias,
Director NBS
USA.

=

Thanks.




--000000000000751143064e024530--