NetKnow Corporate Blog

Nigerian spam Part 1

Posted by Dave Yadallee on Monday, June 29. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 29 Jun 2026 07:13:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1weBn1-0000000007e-3Fdp

for dave@doctor.nl2k.ab.ca;

Mon, 29 Jun 2026 07:12:43 -0600

Resent-From: The Doctor

Resent-Date: Mon, 29 Jun 2026 07:12:43 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-outd.mail.t-online.hu ([195.228.240.56]:25083)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1we30U-00000000BrT-48vv

for sales@nk.ca;

Sun, 28 Jun 2026 21:50:13 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=t-online.hu; s=mail;

t=1782704880; bh=686ReW5847c9+QCUVq6Q/a8L+n9pSApuBwVs3+KOXTI=;

h=Date:From:To:Subject:Reply-to;

b=jny4g8axAN28KQ7cLVBQKKWAkEq0dqYsICRFAvVTfb8GUzIXtWzpYNkvgnrgqJYQb

U7jL5KB+FiiACfKoNbZY/EreAGoc9JoV2CB+mGxBrmYWlUNEMGkmBazMQj27Q722GP

Pok+FYmRytEXZ8aVdKlcIb+bSxEGiChxDKZDxYZ4z8P2V1gJfk6wb3JJrgwLKfFxXH

mM6dlk5RWZc4zLK9fwtuk3yCuOdIEcEv1itrs+byhiv2AOHFO+P7ZcvNuD0Jjpb9rM

udlMeIe5PFh+V4PJcJS9IofryxOgbjeYqbEKIFqlqMfPbPOIkpJshPuCVNvIiQWEC5

3hkEEnyNZueaQ==

Received: from maxwm03a.mail.t-online.hu (maxwm03a.mail.telekom.hu [195.228.240.101])

by mail-outd.mail.t-online.hu (Postfix) with ESMTP id 4gpXFH0vm8zDrDC;

Mon, 29 Jun 2026 05:43:46 +0200 (CEST)

Received: from public-nat-01.vpngate.v4.open.ad.jp

(public-nat-01.vpngate.v4.open.ad.jp [219.100.37.233]) by webmail.telekom.hu

(Horde Framework) with HTTP; Mon, 29 Jun 2026 05:47:59 +0200

Date: Mon, 29 Jun 2026 05:47:59 +0200

Message-ID: <20260629054759.Horde.5XpDEMuGFi1gE9MYFR9hACj@webmail.telekom.hu>

From: Olena Zelenska

To: me@gmail.com

Subject: N41-

Reply-to: olenazelenska68@gmail.com

User-Agent: Horde Application Framework 5

Content-Type: text/html; charset=utf-8

Content-Description: HTML =?utf-8?b?bGV2w6ls?=

MIME-Version: 1.0

Content-Disposition: inline

X-VadeSecure-Status: Legit

X-VadeSecure-Score: 0

X-VadeSecure-Verdict: Legit

Authentication-Results: iprev=notverified ip=195.228.240.101;

spf=notverified client-ip=195.228.240.101 smtp.mailfrom=attila6303@t-online.hu;

dkim=notverified (), header.i=;

dmarc=notverified

Received-SPF: SPF not checked

X-VadeSecure-Status: Legit

X-VadeSecure-Score: 0

X-VadeSecure-Cause: gggruggvucftvghtrhhoucdtuddrgeefhedrtddtgddvheekgeefucetufdoteggodetrfdotffvucfrrhhofhhilhgvmecuofetifgjteftvffgnffgmffqofdpucfqfgfvnecuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufhrfggtgggusehhtddttddtreejnecuhfhrohhmpefqlhgvnhgrucgkvghlvghnshhkrgcuoegrthhtihhlrgeifedtfeesthdqohhnlhhinhgvrdhhuheqnecuggftrfgrthhtvghrnhepudfgieejtdefkeevleelgfehkedvkedvffeihfdtvefhtdegveffgffhtdegfeevnecukfhppeduleehrddvvdekrddvgedtrddutddupddvudelrddutddtrdefjedrvdeffeenuceurggutfgvphhuthfkphepvdduledruddttddrfeejrddvfeefnecuvehluhhsthgvrhfuihiivgephedtnecurfgrrhgrmhepmhhouggvpehsmhhtphdpihhnvghtpeduleehrddvvdekrddvgedtrddutddupdhhvghlohepmhgrgiifmhdtfegrrdhmrghilhdrthdqohhnlhhinhgvrdhhuhdpmhgrihhlfhhrohhmpegrthhtihhlrgeifedtfeesthdqohhnlhhinhgvrdhhuhdpnhgspghrtghpthhtohepfedupdhrtghpthhtohepmhgvsehgmhgrihhlrdgtohhmpdhrtghpthhtohepshgrlhgvshesmhgrnhgtohhmrdgtrgdprhgtphhtthhopehsrghlvghssehmrghrthgvtgdrtggrpdhrtghpthhtohepshgrlhgvshesmhgrthhrihigthgvtghhnhholhhoghihrdgtrgdprhgtph

htthhopehsrghlvghssehmrghtthhitgdrtggrpdhrtghpthhtohepshgrlhgvshesmhgrthhtphgrrhhkvghsrdgtrgdprhgtphhtthhopehsrghlvghssehmugguohhulhhtohhnshdrohhnrdgtrg

X-VadeSecure-Verdict: Legit

X-Spam_score: 13.7

X-Spam_score_int: 137

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Greetings. This is Mrs. Olena Zelenska, I am contacting you

based on my personal interest to develop a mutual businesRelationship with

you in your country or your company. which I believe we could mutually benef

[...]

Content analysis details: (13.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[219.100.37.233 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.101 listed in will-spam-for-food.eu.org]

[195.228.240.56 listed in will-spam-for-food.eu.org]

[195.228.240.56 listed in will-spam-for-food.eu.org]

[195.228.240.56 listed in will-spam-for-food.eu.org]

[195.228.240.56 listed in will-spam-for-food.eu.org]

[195.228.240.56 listed in will-spam-for-food.eu.org]

[195.228.240.56 listed in will-spam-for-food.eu.org]

[195.228.240.56 listed in will-spam-for-food.eu.org]

[195.228.240.56 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[219.100.37.233 listed in dnsbl.ahbl.org]

[219.100.37.233 listed in dnsbl.ahbl.org]

[219.100.37.233 listed in dnsbl.ahbl.org]

[219.100.37.233 listed in dnsbl.ahbl.org]

[195.228.240.101 listed in dnsbl.ahbl.org]

[195.228.240.101 listed in dnsbl.ahbl.org]

[195.228.240.101 listed in dnsbl.ahbl.org]

[195.228.240.101 listed in dnsbl.ahbl.org]

[195.228.240.56 listed in dnsbl.ahbl.org]

[195.228.240.56 listed in dnsbl.ahbl.org]

[195.228.240.56 listed in dnsbl.ahbl.org]

[195.228.240.56 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[219.100.37.233 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[219.100.37.233 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[219.100.37.233 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[219.100.37.233 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[195.228.240.56 listed in bb.barracudacentral.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[219.100.37.233 listed in sbl-xbl.spamhaus.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[195.228.240.56 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[olenazelenska68(at)gmail.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.7 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)

Subject: {SPAM?} N41-

Customs Phish from OVH

Posted by Dave Yadallee on Monday, June 29. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 28 Jun 2026 19:34:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1we0sh-00000000Etj-1cjC

for dave@doctor.nl2k.ab.ca;

Sun, 28 Jun 2026 19:33:51 -0600

Resent-From: The Doctor

Resent-Date: Sun, 28 Jun 2026 19:33:51 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [15.235.216.184] (port=57832 helo=mail.canvas-otp.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdvuc-000000004ZF-2hhE

for sales@nk.ca;

Sun, 28 Jun 2026 14:15:39 -0600

Received: from mail.canvas-otp.com (localhost [127.0.0.1])

by mail.canvas-otp.com (Postfix) with ESMTP id 4gpLGv34WMz1LK4V

for ; Sun, 28 Jun 2026 20:14:31 +0000 (UTC)

Authentication-Results: mail.canvas-otp.com (amavis); dkim=pass (2048-bit key)

reason="pass (just generated, assumed good)" header.d=canvas-otp.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=canvas-otp.com;

h=content-transfer-encoding:content-type:mime-version

:message-id:subject:from:to:date; s=dkim; t=1782677670; x=

1785269671; bh=p1AeP5GOLOiwkwXwFI1ZEQN+BT5Yn7WIqqEuS2zZS1M=; b=Q

z5Q9xcdJiHA68xuxWR92Ci3YFGWb4EjkzikBshkL05XBrr39mjM1kmF+ZFJnG89S

adyM+qGt7jKqKzlB8jlaHqIcOSKeJcf9wu4STlS86qoPpJr6dAltmTVy1/xTqz8S

wDxPcYwYqkqc2PoBWIQu2b1BqXxl/c5eXxEsiKxQSognw/hcEAM+0PMhO2psXfQm

T0kekuSNDrgr3Grhbuh8JzzzBvrnuPxhgUgYQ1ow7uQbvLETxohreFG7TJELWX06

fjgiJYoUH4dcxrzUpZDgwUdsJqbYmFpD2V5FaXqPbuiBf+seH9HT78+j6gSAsOMN

ODfseozV3kdV1KVPuEt4g==

X-Virus-Scanned: amavis at mail.canvas-otp.com

X-Spam-Flag: NO

X-Spam-Score: 3.166

X-Spam-Level: ***

X-Spam-Status: No, score=3.166 tagged_above=2 required=6.2

tests=[ALL_TRUSTED=-1, FSL_BULK_SIG=0.001, HTML_FONT_LOW_CONTRAST=0.001,

HTML_MESSAGE=0.001, RAZOR2_CF_RANGE_51_100=2.43, RAZOR2_CHECK=1.729,

TVD_RCVD_IP=0.001, TVD_RCVD_IP4=0.001, URIBL_BLOCKED=0.001,

URIBL_DBL_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no

Received: from mail.canvas-otp.com ([127.0.0.1])

by mail.canvas-otp.com (mail.canvas-otp.com [127.0.0.1]) (amavis, port 10026)

with ESMTP id hxQ54Gfr7qJB for ;

Sun, 28 Jun 2026 20:14:30 +0000 (UTC)

Received: from 127.0.0.1 (unknown [196.119.213.60])

by mail.canvas-otp.com (Postfix) with ESMTPSA id 4gpLGr4C3Bz1LJlM

for ; Sun, 28 Jun 2026 20:14:28 +0000 (UTC)

Date: Sun, 28 Jun 2026 22:01:48 +0200

To: sales@nk.ca

From: Ittelcam

Subject: =?UTF-8?Q?Delivery_Update_=E2=80=93_Action_Required_for_Your_Shipment?=

Message-ID: <4b4314d47b2bb16fe5fc45309d3ac444@canvas-otp.com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="11a931b24499bc0249625a7e271427724"

Content-Transfer-Encoding: 7bit

This is a multi-part message in MIME format.

--11a931b24499bc0249625a7e271427724

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

Intelcom=20

Dear Customer,=20

Goods imported into Canada may be subject to applicable duties and/or tax=

es. Carriers are authorized by the CBSA (Canada Border Services Agency) t=

o process occasional shipments on behalf of the importer or owner and may=

remit applicable duties and taxes.=20

However, a parcel belonging to you has been held by customs due to missin=

g declaration details from the sender. Please pay 2.96 CAD in duties and =

taxes as soon as possible using the button below:=20

Schedule my delivery=20

Thank you for choosing Intelcom.=20

This email was sent by an automated system. Please do not reply.=20

=C2=A9 2026 Intelcom Express - Dragonfly Express. All rights reserved.=20

--11a931b24499bc0249625a7e271427724

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable

x; PADDING-RIGHT: 0px" cellSpacing=3D0 cellPadding=3D0 width=3D"100%" bor=

der=3D0>

TABLE>

--11a931b24499bc0249625a7e271427724--

Web/SEO/App spam from Google Gmail Part 2

Posted by Dave Yadallee on Sunday, June 28. 2026

------=_NextPart_000_3920F_01DD0755.3EFBB200

Content-Type: text/html;

charset="us-ascii"

Content-Transfer-Encoding: quoted-printable

xmlns:o=3D"urn:schemas-microsoft-com:office:office" =

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =

xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =

xmlns=3D"http://www.w3.org/TR/REC-html40">
HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; =

charset=3Dus-ascii">
(filtered medium)">

class=3DWordSection1>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>Hi,
style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#22222=

2'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#22222=

2'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>We would like to discuss for your website
style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#22222=

2'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>I make clean, creative designs & Do you want to Revamp or =

redesign your current website at very low cost?
style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#22222=

2'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>Let me know if you’d like to know more. I can send you some =

work samples.
style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#22222=

2'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>If you are interested, Can I send over a few Samples and =

pricing?
style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#22222=

2'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>If you are interested can I breakdown our pricing,
style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#22222=

2'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>Best regards,
style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#22222=

2'>

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
lang=3DEN =

style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#18191=

B'>Anthony
style=3D'font-size:11.5pt;font-family:"Calibri","sans-serif";color:#22222=

2'>

------=_NextPart_000_3920F_01DD0755.3EFBB200--

Web/SEO/App spam from Google Gmail Part 1

Posted by Dave Yadallee on Sunday, June 28. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 28 Jun 2026 12:21:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdu7E-00000000I0i-2QXI

for dave@doctor.nl2k.ab.ca;

Sun, 28 Jun 2026 12:20:24 -0600

Resent-From: The Doctor

Resent-Date: Sun, 28 Jun 2026 12:20:24 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pl1-f196.google.com ([209.85.214.196]:57788)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdtir-0000000077M-3S0o

for sales@nk.ca;

Sun, 28 Jun 2026 11:55:22 -0600

Received: by mail-pl1-f196.google.com with SMTP id d9443c01a7336-2c7ebfb63c6so15626945ad.3

for ; Sun, 28 Jun 2026 10:54:26 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=thetechnicalpeople.com; s=google; t=1782669260; x=1783274060; darn=nk.ca;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:from:to:cc:subject:date:message-id:reply-to;

bh=8XBfc/x1Jtfe5JlbhNAnOPYAqve863MNQkKmx//THWQ=;

b=fwI4YN4Apz5aO6H4zot0AS8IHOP5jO86jLq97azO21d2/+ppiTBUPk4YAFBDuukp9Z

Rl6q0EG+/oLUbst5oHGebNph2gYzvm9gTPvBRoX60u4sjGavgaYivW78gcI4PYobe0rc

ACFTYuiEW1WyUy5xbPXU0u9qdX9Cd8r3JTueM=

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1782669260; x=1783274060;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date

:message-id:reply-to;

bh=8XBfc/x1Jtfe5JlbhNAnOPYAqve863MNQkKmx//THWQ=;

b=qFMrHb+Z18KRH8wnVFewy3jOuvLns9HrqO1d000nH23fCkETeJvdSr9/68AJES2Q3C

014jbr864/GGPeP9iswGcsp8QSLtkfxFe5uEG6HbdFt4SNwVjwrL0mFgbJ0z4X6J/YOa

biZ9vq/vlCU06bnHMle9p1fz0ofxBKGrnLOcBpaNmK7rTWM+byihEb9LU6w5Ct4561ei

beF1t/kGpKONKxUVU5QrrKrnhlE+jF5qxFlf9gOC6b0YVk2c1Leu+J8/i2lOe3tyR8rV

b2mI/yItUbzdr431K+SZFtEnk7/vISMcMpG4KVttkTFKeI4bRKfJHoVKCkSFF+5AqVds

dKjw==

X-Gm-Message-State: AOJu0Yxa2ctoW4LjxlhnA7mub2Az/ak2HbjAAyu7ttriRL4K4BpZ1A8p

OnCiVZl/TXbP1piw8xBd9OAH3Wd8KZucjDIVB2FIKLiWGO2EzSQfQMt22ykNgqyA7alLqKJoSMz

JQQA36UM=

X-Gm-Gg: AfdE7clzvz+Ct7YyYl11/o/S1n2JcrnBZhPg/UOvLARC5rXHQPnoCf+qfMU6+Gkk9gR

fKoOjYm4YNBlp5RyCp8nUjb5XcjpXgfJGvifxjQyoTni9juUfcBkvA+PfC0cbBADak9JwlH+fjj

0QOypfdGazNeI3SCUhM2890YP4QIIPFPr0zthpsyXaQU8EjjrNYcNDvJ5xI56aXGUh/zLQdu3K5

+HS4Zz7EPpbSRGXp7hsSe85ceMbAb0fgh7mokfsnZ/zA98EUOOB4LNRhq3vCTKRFDA5qEp8GIme

0j07P2D6v1T7HEZKXgLaUhP917MSD9tWBXE3PCl+q/mUH/zA8ao1nbyakbkyzcXDsyjZNQjH6ld

f2ZTmXx9K1dffSTDx4dh+CEQHz+DsFSFphvZ7ZUz00SUF7JqfbUTWbX/bF6C0ehfuz9qZl1wBy6

VDUgO+fhGalEmxkkoWoIz69hA8Fh7uvikmRtZjb9gFhf/5

X-Received: by 2002:a17:903:110d:b0:2c9:97a8:aff1 with SMTP id d9443c01a7336-2c997a8b1admr57618145ad.42.1782669260488;

Sun, 28 Jun 2026 10:54:20 -0700 (PDT)

Received: from DESKTOPNPADQ8A ([103.192.66.122])

by smtp.gmail.com with ESMTPSA id d9443c01a7336-2c9dbd09695sm16726365ad.81.2026.06.28.10.54.18

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Sun, 28 Jun 2026 10:54:19 -0700 (PDT)

From: Anthony

X-Google-Original-From: "Anthony"

To:

Subject: website Redesign

Date: Sun, 28 Jun 2026 23:11:56 +0530

Message-ID: <3920e01dd0727$25437600$6fca6200$@com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_3920F_01DD0755.3EFBB200"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: Ad0G9VABoLUmV2ODRuWaCGa99JSt+A==

Content-Language: en-us

This is a multi-part message in MIME format.

------=_NextPart_000_3920F_01DD0755.3EFBB200

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

Hi,

We would like to discuss for your website

I make clean, creative designs & Do you want to Revamp or redesign your

current website at very low cost?

Let me know if you'd like to know more. I can send you some work samples.

If you are interested, Can I send over a few Samples and pricing?

If you are interested can I breakdown our pricing,

Best regards,

Anthony

Nigerian Spam from Google Gmail Part 2

Posted by Dave Yadallee on Sunday, June 28. 2026

Content analysis details: (14.4 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.218.43 listed in will-spam-for-food.eu.org]

[209.85.218.43 listed in will-spam-for-food.eu.org]

[209.85.218.43 listed in will-spam-for-food.eu.org]

[209.85.218.43 listed in will-spam-for-food.eu.org]

[209.85.218.43 listed in will-spam-for-food.eu.org]

[209.85.218.43 listed in will-spam-for-food.eu.org]

[209.85.218.43 listed in will-spam-for-food.eu.org]

[209.85.218.43 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.218.43 listed in dnsbl.ahbl.org]

[209.85.218.43 listed in dnsbl.ahbl.org]

[209.85.218.43 listed in dnsbl.ahbl.org]

[209.85.218.43 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.218.43 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.218.43 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.218.43 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.218.43 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.218.43 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[donaldtitas(at)gmail.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.218.43 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.218.43 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

1.0 FREEMAIL_REPLY From and body contain different freemails

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 TVD_PH_BODY_META No description available.

1.0 MONEY_BARRISTER Lots of money from a UK lawyer

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

2.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs

3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} URGENT INFORMATION

--00000000000049f09c065553db1c

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

URGENT INFORMATION

You have been nominated as the beneficiary to the total sum of

=C2=A319,700,000.00 GBP in the intent of the deceased Client who died on t=

he

1/8/2020. I nominated you by the authority given to me.

In your acceptance, the papers will be processed and fund wire to your

account; forward to me your details to enable me file necessary legal

documents at our high court division for the release of the Fund to you.

I'll explain to you in details about the fund as soon as I get your

response,

REPLY TO MY EMAIL:.bqllssolicitors@outlook.com

Awaiting your response.

Regards

Barrister Donald Titas

--00000000000049f09c065553db1c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

URGENT INFORMATION

You have been nominated as the b=

eneficiary to the total sum of =C2=A319,700,000.00 GBP in the intent of the=

deceased Client =C2=A0who died on the 1/8/2020. I nominated you by the aut=

hority given to me.

In your acceptance, the papers will be processed=

and fund wire to your account; forward to me your details to enable me fil=

e necessary legal documents at our high court division for the release of t=

he Fund to you. I'll explain to you in details about the fund as soon a=

s I get your response,

REPLY TO MY
olicitors@outlook.com">EMAIL:.bqllssolicitors@outlook.com

Awaiti=

ng your response.

Regards
Barrister Donald Titas

--00000000000049f09c065553db1c--

Nigerian Spam from Google Gmail Part 1

Posted by Dave Yadallee on Sunday, June 28. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 28 Jun 2026 12:21:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdu7A-00000000I0Q-1hvY

for dave@doctor.nl2k.ab.ca;

Sun, 28 Jun 2026 12:20:20 -0600

Resent-From: The Doctor

Resent-Date: Sun, 28 Jun 2026 12:20:20 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ej1-f43.google.com ([209.85.218.43]:59464)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdtWm-000000006nc-2dP2

for root@nk.ca;

Sun, 28 Jun 2026 11:42:54 -0600

Received: by mail-ej1-f43.google.com with SMTP id a640c23a62f3a-c0e124d2a21so276500266b.2

for ; Sun, 28 Jun 2026 10:41:57 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1782668510; cv=none;

d=google.com; s=arc-20260327;

b=m5tv3wgKGQl/Yd6J0zDR+4bEnk3aqrZpTiukHeT9rM5w6wHeVX/8jgbrp6O65ICQxW

7Cq/iqUYt2kusRiJgu0VHtuSqSAK5x8HItdUsHwgCv7ZHQ/kGJCh0l24ikmi7v8OSazb

BkgjPrsGrxC3bcK5HPihE/Ss6b1+gaFkXZzAWBXdEvysK0iPI9ykKWq3WatsKj32CDrw

IKQVo0nJM9clEfu/I8xEDSbOwNLgSxO+yGLHebCHSsD/3gkSBIubBJsM7vNWUXWSqlac

T8lPMYLhrVzqha3Sbtrhqn5COIS2HXbZO0nP9Jz5cD3uNUdz2sAKpPuI5vFM4vyyGD/G

CtWA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20260327;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=vp/2vox3pc3fcYmP8etCmm/6bYIP0wbGk1tuFExFILc=;

fh=YfS2ah6OnEhpnkXQKmzqpDVlzgR1MrTE08kZao3QL+c=;

b=LhIFug6yW6TAGTPN8pDzSRv6RSOYEwFggfMz4GaAwkSkpx/RvLbX4Sh0HPvI3YjQuG

Dolmy9hiqHgYpo/3MzAj56qoC1VLohln+2PUIhXz8cnCVC5evsB1ltRdZZ5E9J9ovLoN

BuxxyJ6Q7wcIL0O4zT5uuKxujVAmw6PWE3YPumNBhXrXQ9kMXC3nAEUKA/L5ODChXQ3R

mISxOw1Y0X94yuTidsWazCEnU6BBUgI0eJxTwifaBIL8thiiea7Hpg/meq6Kx4vY1D14

UyV8p8Vq+TnDT3TzIzFKl24SWVtRbsmib0F2VMUzzC1z/ZmWTGh9wAFIB02KeSfeCfhS

cQpQ==;

darn=nk.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1782668510; x=1783273310; darn=nk.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=vp/2vox3pc3fcYmP8etCmm/6bYIP0wbGk1tuFExFILc=;

b=r9ZP1UpuskuiKt1QW48PPrJZvhkaI++BFZ2NV19pPQ/YfG+LKJ8R5ohp6mBbjSPNvM

3Z9qvZ7sTf+6UPOZVkJs+xL4MOtf+JdeZfdPtyI0HYTJQhrs1jLjCOntT4Ef4bb/MX+T

3EcKTj9ef2ezv4ohGg3pyAUVXMSNnktNVqfeRFiLFh3O46O2U4d/cr5CklQWH6kit2ax

uw1vlOV9Ju47Mg4//HHFs4EKCOjoXQMX4ZrpBBYV6DT9JSFvaG3AAVMdD3tOe/gyjR01

l8B4Kh9mQWE7A4vnkcv876Nw/PQq6foycT3ODGyiUy3NnhOtxXO+UDxNZIncV1HRzGJj

bILQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1782668510; x=1783273310;

h=to:subject:message-id:date:from:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=vp/2vox3pc3fcYmP8etCmm/6bYIP0wbGk1tuFExFILc=;

b=WcTx/sECRbMrAbp5t/tYb0G7xUSSNBzT7Hu25/23X3hQhnSjBxL7d5Ba3D9laNj6Zk

xZ4jasSpubCiU25SYtTeH4qRzMAuAasl+A2veoHfdhJo4HVapIWGXGkrhemVxUqpKz//

u9RpI//qq7xNqapx3vhWfuxjsedS/C6gltZbpGxzPH6q855OYAMnII7FGrB/GJjfN8aC

mhFEVLUkQdi3hTQrhdS8ay3e/9CKv6ybidYRBaJbRjUoSPi609NwzwHX6aVlP87i9SHi

2JQHpqrwEqpXYO/4qeuhTrIaKNj15fKtP08a7SI7u2WonPJKRQ/zuX5sMnCo+74T6IT6

8hew==

X-Forwarded-Encrypted: i=1; AHgh+Row1DlaKcRc8Vruo+VxTc0Vn2Jx1IQoNiF18cn8DQK3XBDOsCoIyMTQzZcRZXNdpHR+Ajqu@nk.ca

X-Gm-Message-State: AOJu0YxNDckbZvN3Qt2c7JL2S0RzQ7LMJYiGF96gwxjN+4RzIuD/W3/c

oH4z0wsRjMZ2krOAM6H4jK8cJdbey5OyRUV7ufPBuczVGzW4VKLrU76KEw/MHa10ExXmp0v4lL3

vkcOOGbwhCd72prS36/Yum/ZHYqrv6kw=

X-Gm-Gg: AfdE7cnJUK7zDw8bgm0V6V9dHcfn5rchPHorhyGSaE4T/xVly+sX/KZNjCrCWFtbqt0

7232AOGGE4iSAUYw0SSW4Lah1mAteF/VKiqdmZG5CZ+VnSKU3ufqZHxidYTj2H4nSvyC7IgHh54

Og7jyYGZKAKSDMyYBkvpA3lKptOrv0S9Cp1nWbWuRKUwGw6wh7DaTON8JRreNnTjB+1+n4NQ/zv

B5/zAPlq6cRrKiDaFE3BMIbKfzxSSO2+DA9wQbFkc1Tu85Qk1SYkPQyw2Eb7Epo8r5Co3gS

X-Received: by 2002:a17:907:a08a:b0:bec:2a21:785d with SMTP id

a640c23a62f3a-c1205f09ea5mr754114266b.46.1782668509965; Sun, 28 Jun 2026

10:41:49 -0700 (PDT)

MIME-Version: 1.0

From: Donald Titas

Date: Sun, 28 Jun 2026 10:41:38 -0700

X-Gm-Features: AVVi8CfvH1R9hMePJnj2YrXoCR1xbDN2djA7zlZNKR72Soz3UVCs0AZnyaNB1gU

Message-ID:

Subject: URGENT INFORMATION

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="00000000000049f09c065553db1c"

Bcc: root@nk.ca

X-Spam_score: 14.4

X-Spam_score_int: 144

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: URGENT INFORMATION You have been nominated as the beneficiary

to the total sum of Â£19,700,000.00 GBP in the intent of the deceased Client

who died on the 1/8/2020. I nominated you by the authority given to me.

Web/SEo/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on Sunday, June 28. 2026

> Hi,

>

> Quick follow up - are you getting my emails?

>

> Thanks!

______________________________

From: "Elsa Eve"

Sent: September 1, 2025 5:50 PM

Subject: Re: Ref:-

Hi ,

I really liked your website’s design, but I noticed a few issues affecting its Google ranking.

I can send you screenshots of these errors along with a short ranking report showing exactly how to improve your visibility.

Shall I send it over?

Best regards,

[Elsa Eve]

Web/SEo/App spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on Sunday, June 28. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 28 Jun 2026 05:27:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdned-00000000PWU-23Yb

for dave@doctor.nl2k.ab.ca;

Sun, 28 Jun 2026 05:26:27 -0600

Resent-From: The Doctor

Resent-Date: Sun, 28 Jun 2026 05:26:27 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-koreacentralazolkn19011030.outbound.protection.outlook.com ([52.103.74.30]:36327 helo=SE2P216CU007.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdnNC-00000000Hct-0scS

for sales@nk.ca;

Sun, 28 Jun 2026 05:08:36 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=yvOwhRkkXGUQ/7Se9NYxc7DwC3ix8+X1lNq1EjkBMash/qiwpl8uORZbvuxPoFFLiXuAxCLnppa47ZgloekwR0rZb2NUH8Ua6Ls+HqydrmofSv5D4WdzJ8msnDePUepEHml9ltN8UmDzGmHu0cW501ut0OXJQ0h4Pl1R1lP1fYxQ7urOFVtFZLKcBoCBTUq4mwRgReXt8Vk571mMklopBRuZDr2rUpHgmu7j9KQndXBCQlT6v0BoYVhfCm95UHd7OuqxwS8qXAp3I8tbk/I+JeVRTGNqhI2grd7ybFfeJtc+8dwTOjONqlQSTGAC1pJZ+o6VBzK3iYaJlcuBKzi/yQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=nVk465qU27CTb021OLZVq4x61WIzNN0kCoq4I8VKRNo=;

b=my1ERl41LVfpEF56vieGHUdYMfS0X+E2yLPQzC2ddRCAJSQ1g+PtqFK8LBRZRJbvQRcHZeXtxCtY4+AQOjKwSWEjWi50rAkOf34vg4PKA2Gk/l9D/y1RbtYHdO7IxA8X4xQWlFAOBALni5Rh8+5ua/gJYUKpcb1jiByk6IcxVdDiHIlEnfRVFyi2E6BN0ioxDL5p0G3TEy7z885fP+aTWBxuY9xnCpNpdVvJI6UK3yP+NVb0E7B78gZ92S7LTOK9pznXWllurnBJGbcC6IFXXmnSXSOr7uWSf0b364kSEvViD5rtyjm0fSb9IAv7/F421ndg8e2RiBJw3ZEr3tmSew==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=nVk465qU27CTb021OLZVq4x61WIzNN0kCoq4I8VKRNo=;

b=iPCcIxXd7wjrGeQyxPpZsF/jaM4MHErv9/UtozPrH6DSjA5HJcqhCGKRtxXAmmFLrAvHNCC4IG7ankYULRprBlEFefzF6Lpv6HD6Tq5DW4sKU/fYfsJJO18ay7NxvdamqoaJl9hk9oeIo1zY8v66SrG/kzDawsAUPvd9fbk9uCvU7Qx9YwZEjHI76uLx+bL9To/2rKUVRufaRPk0X8jEwoPFT1zepopCx+uqWd8AoUo+gxjjHvAvLH8oXuLhIw3z4xVtQJ0XhhzTbGbuR7+uv94/WSWM6HJi8mo2//MFTtYCxFKIe3eyqW75d5KunkJ+1vyTJ4CUtScISNPPnP1mVw==

Received: from SE2P216MB3217.KORP216.PROD.OUTLOOK.COM (2603:1096:101:2f7::20)

by SE1P216MB2234.KORP216.PROD.OUTLOOK.COM (2603:1096:101:15f::11) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.21.159.19; Sun, 28 Jun

2026 11:07:15 +0000

Received: from SE2P216MB3217.KORP216.PROD.OUTLOOK.COM

([fe80::afaf:686:ada2:1fc2]) by SE2P216MB3217.KORP216.PROD.OUTLOOK.COM

([fe80::afaf:686:ada2:1fc2%3]) with mapi id 15.21.0159.013; Sun, 28 Jun 2026

11:07:15 +0000

From: Elsa Eve

To: Elsa Eve

Subject: Re: Ref:-

Thread-Topic: Ref:-

Thread-Index: AQHdBu4ECPN5pHpUo0aMrli+H2SiCw==

Date: Sun, 28 Jun 2026 11:07:15 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: SE2P216MB3217:EE_|SE1P216MB2234:EE_

x-ms-office365-filtering-correlation-id: dbdf3c87-d478-42fe-b2bd-08ded505693c

x-microsoft-antispam:

BCL:0;ARA:14566002|15080799012|2604032081799003|2604032031799003|4140399003|15030799006|25010399006|704163111799003|24021099003|55001999006|16051099003|5062599005|39105399006|15001099006|24121999003|37011999003|22091999003|31061999003|6072599003|8062599012|19110799012|8060799015|3412199025|440099028|102099032|51015399003|40105399003|18071099003|1710799026;

x-microsoft-antispam-message-info:

=?utf-8?B?ZkRiR2lMckswSE15cWdBM1RZSEFwUGJTc2w5S05TSUU1cE5ENGpGalhnRWFQ?=

=?utf-8?B?N2ExY041b2kzL29VR2ZKbXpnbTE4c2dPM1dwYVlKd3lhOW5RRDI0TVZHZEhi?=

=?utf-8?B?Z0VxcWwySjQyQ21UbmduNWp6R0FybFJUSFlsbXpyblFQZTJkQ3hGOU9WK3Az?=

=?utf-8?B?dExONHFIaUEySTJBUnAvcXN4WmpweXV0SCtWakNzTzVRMXN5ckdpcE5GQWdN?=

=?utf-8?B?N0o2MlVJeEJIRkc1RjBsN2VUblI5a2htZDhlb3BETzRGdjZTVVh6bjJtTWMy?=

=?utf-8?B?bjAxMFpFU0JDWEJBa0paWGtudjloNHN2VXppcmZ2S0JISmovdjVRVlExME9F?=

=?utf-8?B?S01tZmN0akVxeXJUMkJwa2diN1lsRWc1QjhRdUdka0VMVk1WeTZHcHlOTXNY?=

=?utf-8?B?L2FzcktLUFpnbDVPQUcwRWdndHQ0SEc5M2t3U3ZDNkM0bmROb1FqbXhBYW9r?=

=?utf-8?B?Y2lXbHVJclowOXAvSXFjVjVCOG1WeitaYzNCc0JyL1Mva3R6OXE3K3V6dDRS?=

=?utf-8?B?Tjk0NDFMblAvTlYzN2o1WjQrbGoyaHBJQzd2K0lGenY4UHgwSXc5STdzTnBn?=

=?utf-8?B?dXUyRlA3MmFCQWZmZHZYYlhxMU03QlZjZHVLdEZ4QzdkemNZYTRXWDUyYSt3?=

=?utf-8?B?U3l0UXJ0L1UrZTRxQjNWdTVBWVVjZk1ibHRSbDlpWlBaNDV1RVpuK2c1Nkxn?=

=?utf-8?B?VmxPMU9iVHdqbXVuWXdicWpOblVnOTQ3d0Y5L1NNb1hrNE5SaEhoenhXOEkw?=

=?utf-8?B?bkZBOFFrdmdWY0l6MFNEYXoxL3ZjRTIrYUcrWjFseklXUVJ2V3dDRE1zSXdi?=

=?utf-8?B?bHZlendQekZWUEhHb2FuOWp5S1hRTnFxVXZ0eDdzWXJiSkpORm9rS0lCNi9M?=

=?utf-8?B?aEVjdTgvdk9sRUN4OGRRZmVlOG5yRm9yM00zZTRzSTdEcnZuL3dieFIzN0s0?=

=?utf-8?B?ck5NazlxM0JDSCtYVllQYlRNakdZWUF2R3R2ckg2SExnQWtISWZ6eWsvUVhv?=

=?utf-8?B?MVNSS1Zha3FZZjFRMCtOWDlHM1FsM2dPWm9YTW1PcmF0KzZyS1BndkdFbXNQ?=

=?utf-8?B?bHlnVW5WeUJVZWlRYndYS25wRkhQSHBWeGoxQUh0QWxMOU55Rzd1MlZOUXZ3?=

=?utf-8?B?MWhLTklGV21NbHJTQkhwMnR0OXZScldaY2Y0c09iODA0WEd1WXllYnVZelFM?=

=?utf-8?B?OWNmWE10Z2tOOUpyN3VST0o3WmFWMVZNNHBmZ2p1OG5SM1dhZ25yNUlGd3JK?=

=?utf-8?B?TEVCMmdqckRrSjVYT1dpZkh0UlpCRmZsRnRoL1AvelFvb3VhK29haXpLN2hm?=

=?utf-8?B?MkxodVJ6YzJBaVZhT1gwMW00b0ZaME1RODZKTnZmM1BIdFVTaTRwQ1Q3cnZB?=

=?utf-8?B?dUI1anlrV0F6K2pzTWM4elJabHcyT09YdGIyV1RTRHJEU0h3cTBBNUtBdHR2?=

=?utf-8?B?VjJsYXlRSXkyczliTkYvbmhkRU9CQURXL3QwQXlEOTJIVFRLNTNhbVlXMzRR?=

=?utf-8?B?NDRDeXVKU0N5eTRONzlPODY2T3JTV2JHejdLYmhkN3hMTXJuaGxpU3JZM1hr?=

=?utf-8?B?NERUS1hEYlZURjk1MjluNTBvNFNEWEd6Q005ZktmcVlSNVp6Ty9wQy9mMzdh?=

=?utf-8?B?bU1LREM1ZDdvdVhEQTR1NnNXZGN4VE9LdHlpYXJPYWl2cERTU0Y0OUlrWlRp?=

=?utf-8?B?c1h2RzRmQ2NuWnd4OEFZa0c2WVhzcGowM082a3Ixem9kcFJBNmpmTjNROEdO?=

=?utf-8?B?cDZFZmROSWtWTC9NWFJvOWs5RUtmSGZKOGZJblM3bDhiOEFxbDI4ZDYxSEZN?=

=?utf-8?B?dVZvYitDa3BSVENzYURaU2gxdzZIY1ZWanYyWUZSYU1XZW9GTXFsZUhLSHQy?=

=?utf-8?B?UDZkVUVjQTFKdmpxU1c1eUppTmFSMFZNb3E0KzlQcWpKN2xKTmJCNElSMU9o?=

=?utf-8?Q?oj3Um1pn+O6e0LK+X+jsEok5fPaHysUu?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?utf-8?B?aE5VSllvUlpTek83Qm4rU3F0MHpIQ3diYzVvUTZ5SUY2T0tQRzZlYyt5cEQy?=

=?utf-8?B?SVFWRzR4QnAyL3BGUitzUzZxd2l5MUNxSkF5bFl6QlhmVW9Yb2NZWGNCYm9T?=

=?utf-8?B?VFZjSXJxZW5Vb3hZclFGSS9Sa3NMVlJ6MHVNNDFMeG5laUl6ejE2Tk9SVGs1?=

=?utf-8?B?dW13TlR0cVc5LzY1VUUxc2c0WlRHUklCNmZrVm0wN0RDV1hEV2ZHWlhrMFUz?=

=?utf-8?B?ZUExZW1BR0dpcHdsbkFpd2FkMnJ0bytlejdteHlXKzFTNUtFT25JZmlzdSto?=

=?utf-8?B?TUVZVVRCaTF6NUZuN0h4alRYUnh0OUdRbVZNckxxeE1YdklCaWtUM0hLSDI2?=

=?utf-8?B?WGh5ZXd0N0tHMzdBU1o5NFVyTDZYZTZ1b0lwWjM5YzZBVWZhNDlhMTllSzBF?=

=?utf-8?B?eWM1SVgzRWxLcThTYnhDb2hrK0lqeENFMGkvRW4zWXRIR3hFby9sTTBSeCs5?=

=?utf-8?B?ZzhvYXBrajhXNG1nOGp1Q1hkWWcrQiswZmFuRUVOODJyelBwNHhNRFVEWlk2?=

=?utf-8?B?Wjc4Q1Q5WnVnZktKdnAxbmVSdktNaVZ5Z2tiNExjdVRvYTZ2a09QKzJjTmk0?=

=?utf-8?B?WDc0Z0tLK2hnb21RVUtEdXg2RkxoWG5nM1JrK21FckRCcFArQmZoRjExRHRG?=

=?utf-8?B?QVNjRHMwYjJkTEErTHRrM3pEMlFhcEFTdWpRR2NXN3hkakVuUnc2akVEZ2xh?=

=?utf-8?B?QWdCMnV0NDhKMkxTa3dVaGw5eUU5V09ZeVBnMzRMbjdWajArcVJZNUdBZnlC?=

=?utf-8?B?Z3E0MWRQNTNKeDU5dFh6TW9XTjJnQ2M2WEJCQnFaeUFQL1J3VWxncWYySHFN?=

=?utf-8?B?S2Z4aWE1cHVPbTR4QUQvOU1yZVNVVzFMYnpTS0QxSUVEc0tUeHFsdzBHVFVY?=

=?utf-8?B?aDh4M3N1UHJvUDA0V1FicHFMUUpiYU9vVllyZkRGSDFtdzdPeGpGRnVVazZu?=

=?utf-8?B?ODB1VVI4bGJMYWpBOG8zOWxmeGZvSk12dUV2a21nT1hXRElKZHJvRFdpUGF3?=

=?utf-8?B?cW5rTXpCSFlINmxGelRDUzVpWDllSkV0b1c4RkxUT0VzdTh0UkFoRlJySDlE?=

=?utf-8?B?NFBiOG5PaENPU1BsOXpEWGpMaUUvdzJvcEVUbVhXaXRqVjJPenVldHYrNXFB?=

=?utf-8?B?aGkrendVKzFObTB3cExOV2g5bkIveGt0aE5maTYwNVU2cjhnOFRhRWJIVXJ1?=

=?utf-8?B?dVVYZk05Rk9jT1phN1lhOTF6K0lVOUw4V3ByWVRoVXFiRkFlTjlaMWFJVXlY?=

=?utf-8?B?MGh3RjVtZFdJVEk2MGxuVTlTbE9QNDcyTkRyU2Q5YjM4Wm5yK3FIR1NJN2Q5?=

=?utf-8?B?andKVm15dll5K0NNRk5ybUNjN2VobTdVYUxucnFvWEdQczZkc2VmdFNZYW11?=

=?utf-8?B?RE5EQ0lVc3p6THNpRUJGUENxZHZjKzltaWs5Zm44SXlkcFVDSVk0S2FubFNX?=

=?utf-8?B?YzUyeHlzRUhkbVBtcFptUUdqdTZCYnIwZC9KeGtCdWZCT2g0bHNHcWhvZnVy?=

=?utf-8?B?ODdPb1JEV3Vmb1ZrY3E3SEVvVktBbWJUaXZmb0hLeVVUcHVVZXBZVldtVlJt?=

=?utf-8?B?M09UbHhrWE9FZmdPZ3cvamRsVjczK1dDK3BvWmc3OUNibi9rYUpVbFRTWW03?=

=?utf-8?B?MVlEd3hNVkdLS1dBLzRhYkxuWCtwVjEwelFFb1R0ZlR2QStjZVVRaWh6OEUy?=

=?utf-8?B?d1NXVXFRTUZWSzYvNEJkM0phUXFBV2JrbEQ5YXVxbDI0aXlQdmVQQmhwRjRk?=

=?utf-8?B?WERocTZVbmVaR0hob0t3RUF0M2VQeEpzeTV3ZkFkSmRJUUIvelVrRGVMRVJl?=

=?utf-8?B?dTZEWWp5QkRBTXFzRTRoTGVPNVBTaCtQSU5OT1NhRkljdEdGTUVnNXkrWkF4?=

=?utf-8?B?Y0JRUHBOakNULzZ6L0Q2NEl2Smw0MW9sVUpQOTIrTGlGVHBuTlBqZDRlMTd6?=

=?utf-8?Q?nNCkWbnfSuYqLQGuD8LzKng0/NHoXVBd?=

Content-Type: multipart/alternative;

boundary="_000_SE2P216MB321773D043D5EEFD1E4F3482D8E92SE2P216MB3217KORP_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-94596.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: SE2P216MB3217.KORP216.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: dbdf3c87-d478-42fe-b2bd-08ded505693c

X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Jun 2026 11:07:15.0315

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SE1P216MB2234

Nigerian spam

Posted by Dave Yadallee on Sunday, June 28. 2026

Domain monetisation spam from Google Gmail Part 3

Posted by Dave Yadallee on Sunday, June 28. 2026

--000000000000693d9906554e0d21

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Hi, can we have a quick chat?

I think we can offer you a very strong=

solution and would be happy to discuss a possible integration :)=20

On Friday, June 2=

6, 2026 at 3:09 AM, Niko <nik=

o@wearerollerads.com> wrote:

yle=3D"margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

dir=3D"ltr">
Hey, this is Nik from Roller. Could you please clarify whe=

ther you currently monetize your domains?

ss=3D"gmail_signature_prefix">--

_signature" data-smartmail=3D"gmail_signature">

tr" style=3D"color:rgb(34,34,34);line-height:1.8;margin-top:0pt;margin-bott=

om:0pt">
rgb(0,0,0);background-color:transparent;vertical-align:baseline">Teams :=C2=

=A0
,204)" target=3D"_blank">
sans-serif;color:rgb(61,101,255);background-color:transparent;vertical-alig=

n:baseline">nik@rollerads.com

gb(34,34,34);line-height:1.8;margin-top:0pt;margin-bottom:0pt">
=3D"font-size:10pt;font-family:Raleway,sans-serif;color:rgb(0,0,0);backgrou=

nd-color:transparent;vertical-align:baseline">Telegram :=C2=A0
f=3D"https://wearerollerads-com.rmailroute.net/x/d?c=3D51984853&l=3D324=

92627-e514-479b-9c1a-7f23d37ddec8&r=3D44ed6dd5-5b51-4f06-8f4a-be37dfe50=

98a" style=3D"color:rgb(17,85,204)" target=3D"_blank">
ize:10pt;font-family:Raleway,sans-serif;color:rgb(61,101,255);background-co=

lor:transparent;vertical-align:baseline">@nikrollerads

=3D"ltr" style=3D"color:rgb(34,34,34);line-height:1.2;margin-top:6pt;margin=

-bottom:0pt">
1984853&l=3D79e14ed5-e0d0-48be-82d6-2046629a4f22&r=3D44ed6dd5-5b51-=

4f06-8f4a-be37dfe5098a" style=3D"color:rgb(17,85,204)" target=3D"_blank">
pan style=3D"font-size:2.25pt;font-family:Inter,sans-serif;background-color=

:transparent;vertical-align:baseline">
rder-style:none;border-color:currentcolor;display:inline-block;overflow:hid=

den;width:29px;height:29px">
TU2P6eNkI7ODZiH9uTXVdhaDO5LLgqxAo83zMEGnjTwjV84D46Vl9HH0JdvuhoLCCYQZhHcjICV=

2Vh96079A69V1hlkrggTLo1GW_ZdFdsc3L5s6eRaUnrcXsZCLQNUZffPbl83KzNDbiPoNbiWUwQ=

" width=3D"29" height=3D"29" style=3D"margin-left:0px;margin-top:0px">
n>
olor:rgb(51,51,51);background-color:transparent;vertical-align:baseline">=

=C2=A0
1984853&l=3D083d7851-4875-44e2-a705-fd2b7d4c519f&r=3D44ed6dd5-5b51-=

4f06-8f4a-be37dfe5098a" style=3D"color:rgb(17,85,204)" target=3D"_blank">
pan style=3D"font-size:2.25pt;font-family:Inter,sans-serif;background-color=

:transparent;vertical-align:baseline">
rder-style:none;border-color:currentcolor;display:inline-block;overflow:hid=

den;width:29px;height:29px">
_LdgS_iUjSIzAnbYXRSRfLQlCx-PWtEsL6Rt4rC1fVs-neJV3V-Zy2eejwAS3CZqH4KzKWmWxQv=

oAjpo9gTCg0zjwHOMT8hexaOJMPYRs77Ra5ioHCfc0ZUkbSmba5hZHBZjYyTd1YZt638RWcPj14=

" width=3D"29" height=3D"29" style=3D"margin-left:0px;margin-top:0px">
n>
olor:rgb(51,51,51);background-color:transparent;vertical-align:baseline">=

=C2=A0
1984853&l=3D8190a883-1ef5-4752-9b0a-b000ffc7bb1f&r=3D44ed6dd5-5b51-=

4f06-8f4a-be37dfe5098a" style=3D"color:rgb(17,85,204)" target=3D"_blank">
pan style=3D"font-size:2.25pt;font-family:Inter,sans-serif;background-color=

:transparent;vertical-align:baseline">
rder-style:none;border-color:currentcolor;display:inline-block;overflow:hid=

den;width:29px;height:29px">
SM_gt9kYDdaepq-KeOuz5w1ieXIZLGsvEwsjrrjd35ZqPfjywU6MjMv5A1ibZuVsMKb4_wz8G-6=

3TkawvITv6fQ5h9cBMylj1QZgaG6_nzMo1Y0m6YOsCdJ1geNrB7ol6ES0FmqlbcKfO5EFWArWIA=

" width=3D"29" height=3D"29" style=3D"margin-left:0px;margin-top:0px">
n>
olor:rgb(51,51,51);background-color:transparent;vertical-align:baseline">=

=C2=A0=C2=A0
?c=3D51984853&l=3De5884f1b-199d-4272-a0c7-ad873130ee8d&r=3D44ed6dd5=

-5b51-4f06-8f4a-be37dfe5098a" style=3D"color:rgb(17,85,204)" target=3D"_bla=

nk">
-color:transparent;vertical-align:baseline">
ium;border-style:none;border-color:currentcolor;display:inline-block;overfl=

ow:hidden;width:29px;height:29px">
.com/zeF6Fm2lylM2nQM7NRYoFFRlVhZm_ShgaU7PCpBR67bLIj-mzeGy37hAo8FSSlJii63OjH=

06tfKxMxzKlqC9Fk4QUUarHs92cOMMEAyD_LtIH1p52ZboLPDh2V2tGPvhvE6ZCcF2qqpxw10QL=

8Bq-V4" width=3D"29" height=3D"29" style=3D"margin-left:0px;margin-top:0px"=

>
b(0,0,0);background-color:transparent;vertical-align:baseline">=C2=A0 =C2=

=A0 =C2=A0 =C2=A0=C2=A0
ute.net/x/d?c=3D51984853&l=3D32492627-e514-479b-9c1a-7f23d37ddec8&r=

=3D44ed6dd5-5b51-4f06-8f4a-be37dfe5098a" style=3D"color:rgb(17,85,204)" tar=

get=3D"_blank">
background-color:transparent;vertical-align:baseline">
-width:medium;border-style:none;border-color:currentcolor;display:inline-bl=

ock;overflow:hidden;width:108px;height:23px">
usercontent.com/vkTobz8uGezGseujZQGbTzFlavwAqhqnG7I-_JwLchoxxv9hdHnqYMR7rty=

JNK22HsONx6rP0_xDiXbJbH_p_Q2RS-lB4xbycRlDe7xe-ouu8soMibD6nkRtV_GVji3CvGtoFP=

1y9WInoA_fH53yJLc" width=3D"108" height=3D"23" style=3D"margin-left:0px;mar=

gin-top:0px">

-M-Fc68Xr3uGtKDlJcR0ByHNbRyuNtwC_WLzCTjEOCDAnibCsZKuo8bzPkdwOXHYmTNQ4oMxQeY=

AQ_84t4eDnAprg6t7YpqRf-ocLsxO6G2WYUy4iCWMdsRMTs5mQWJWewcIvXjdTrVsAWmwvMaEsM=

ajgmzq4-vcdraV93hYvuyXEi" alt=3D"">

"https://wearerollerads-com.hmailroute.net/AlH_SJcbbUQ_26C7FjIZGFiv3ijacVX0=

_K7x3iz9w6e0HRhrmrnyUEUHG11_j2iOZDkrKVbtQTACS0RmIqRElKzn0zaH5l57GnF7vMmcodi=

2j7LgIrHqmfwBF6lYoH9oydvoJARxDabtrDX7akKKJFFuU98CxMvcFgEVh9JdpqoajgmyAu8ZHI=

lqlr002Wu5V_BtCNMrbJCZzoKqPPOnAw4656nZex2uDUIgTsKneV" alt=3D"">

--000000000000693d9906554e0d21--

Domain monetisation spam from Google Gmail Part 2

Posted by Dave Yadallee on Sunday, June 28. 2026

Content analysis details: (6.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.222.195 listed in will-spam-for-food.eu.org]

[209.85.222.195 listed in will-spam-for-food.eu.org]

[209.85.222.195 listed in will-spam-for-food.eu.org]

[209.85.222.195 listed in will-spam-for-food.eu.org]

[209.85.222.195 listed in will-spam-for-food.eu.org]

[209.85.222.195 listed in will-spam-for-food.eu.org]

[209.85.222.195 listed in will-spam-for-food.eu.org]

[209.85.222.195 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.195 listed in dnsbl.ahbl.org]

[209.85.222.195 listed in dnsbl.ahbl.org]

[209.85.222.195 listed in dnsbl.ahbl.org]

[209.85.222.195 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.195 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.195 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: rmailroute.net]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: rmailroute.net]

[URI: hmailroute.net]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.222.195 listed in list.dnswl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.195 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.222.195 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.5 SMILEY BODY: Contains one or more Smileys

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

Subject: {SPAM?} Re: Parker Roller Party

--000000000000693d9906554e0d21

Content-Type: text/plain; charset="UTF-8"

Hi, can we have a quick chat?

I think we can offer you a very strong solution and would be happy to

discuss a possible integration

On Friday, June 26, 2026 at 3:09 AM, Niko wrote:

> Hey, this is Nik from Roller. Could you please clarify whether you

> currently monetize your domains?

>

> --

>

> Teams : nik@rollerads.com

>

> Telegram : @nikrollerads

>

>

>

>

>

>

>

>

>

>

>

>

>

Domain monetisation spam from Google Gmail Part 1

Posted by Dave Yadallee on Sunday, June 28. 2026

On

Friday, June 26, 2026 at 3:09 AM, Niko wrote:

Canada Post phish Part 3

Posted by Dave Yadallee on Sunday, June 28. 2026

Ref: SHIP-2026-06 / June 2026

Action required: Ñ€Ð°ÑƒmÐµnt needed to release your shipment

Dear Customer,

We hope this message finds you well.

We are pleased to inform you that your shipment has arrived at our local facility. However, before we can complete the final delivery, there is an outstanding fee that must be paid.

Tracking Number

CP123456789CA

Sender

--

Amount Due

$0.99 Ð¡ÐD

Status

Held at local facility â€“ awaiting Ñ€Ð°ÑƒmÐµnt

ðŸ“¦

Your package is temporarily held at our local depot. Delivery will be scheduled within 1â€“2 business days after Ñ€Ð°ÑƒmÐµnt is confirmed.

To release your package and schedule delivery, please click the button below to complete the Ñ€Ð°ÑƒmÐµnt.

class="pay-button"

target="_blank"

rel="noopener noreferrer">

âž¤ Pay Now â€“ $0.99 Ð¡ÐD

Secure Ñ€Ð°ÑƒmÐµnt page provided by Ð¡Ð°nÐ°dÐ° Ð Ð¾Ñ•t.

Once your Ñ€Ð°ÑƒmÐµnt is confirmed, your package will be delivered within 1â€“2 business days.

If you have already made this Ñ€Ð°ÑƒmÐµnt, please disregard this message.

Thank you for choosing Ð¡Ð°nÐ°dÐ° Ð Ð¾Ñ•t.

Canada Post phish Part 2

Posted by Dave Yadallee on Sunday, June 28. 2026

Ð¡Ð°nÐ°dÐ° Ð Ð¾Ñ•t â€“ Ñ€Ð°ÑƒmÐµnt Required for Shipment Release

Canada Post phish Part 1

Posted by Dave Yadallee on Sunday, June 28. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 28 Jun 2026 05:25:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdncj-00000000KAY-33qa

for dave@doctor.nl2k.ab.ca;

Sun, 28 Jun 2026 05:24:29 -0600

Resent-From: The Doctor

Resent-Date: Sun, 28 Jun 2026 05:24:29 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from v2202606373977475748.ultrasrv.de ([159.195.138.89]:48900)

by doctor.nl2k.ab.ca with utf8esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wdjsp-00000000662-3iKK

for sales@nk.ca;

Sun, 28 Jun 2026 01:24:59 -0600

Received: by v2202606373977475748.ultrasrv.de (Postfix, from userid 33)

id 0BFE713FC33; Sun, 28 Jun 2026 05:18:04 +0200 (CEST)

To: sales@nk.ca

Subject: Shipment held â€“ action needed

MIME-Version: 1.0

Content-type: text/html; charset=UTF-8

From: CA Post

Message-Id: <20260628031947.0BFE713FC33@v2202606373977475748.ultrasrv.de>

Date: Sun, 28 Jun 2026 05:18:04 +0200 (CEST)

X-Spam_score: 7.0

X-Spam_score_int: 70

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Ð¡Ð°nÐ°dÐ° Ð Ð¾Ñ•t â€“ Ñ€Ð°ÑƒmÐµnt Required for Shipment

Release Ð¡Ð°nÐ°dÐ° Ð Ð¾Ñ•t â€¢ Shipping Department

Content analysis details: (7.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[159.195.138.89 listed in will-spam-for-food.eu.org]

[159.195.138.89 listed in will-spam-for-food.eu.org]

[159.195.138.89 listed in will-spam-for-food.eu.org]

[159.195.138.89 listed in will-spam-for-food.eu.org]

[159.195.138.89 listed in will-spam-for-food.eu.org]

[159.195.138.89 listed in will-spam-for-food.eu.org]

[159.195.138.89 listed in will-spam-for-food.eu.org]

[159.195.138.89 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[159.195.138.89 listed in dnsbl.ahbl.org]

[159.195.138.89 listed in dnsbl.ahbl.org]

[159.195.138.89 listed in dnsbl.ahbl.org]

[159.195.138.89 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[159.195.138.89 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[159.195.138.89 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[159.195.138.89 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[159.195.138.89 listed in dnsbl.ahbl.org]

1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[159.195.138.89 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

2.5 UNICODE_OBFU_ASC Obfuscating text with unicode

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.3 MIME_8BIT_HEADER Message header contains 8-bit character

Subject: {SPAM?} Shipment held â€“ action needed

x; box-shadow: 0 4px 8px rgba(0,0,0,0.1)" cellSpacing=3D0 cellPadding=3D0=

width=3D600 border=3D0>

=

; PADDING-LEFT: 15px; PADDING-RIGHT: 15px" align=3Dcenter>
FONT-SIZE: 28px; FONT-WEIGHT: bold; COLOR: #ffffff">Intelcom

TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px" align=3Dcenter>Dear C=

ustomer,

TOP: 0px; PADDING-LEFT: 25px; LINE-HEIGHT: 1.6; PADDING-RIGHT: 25px">

Goods imported into Canada may be subje=

ct to applicable duties and/or taxes. Carriers are authorized by the
ONG>CBSA (Canada Border Services Agency) to pro=

cess occasional shipments on behalf of the importer or owner and may remi=

t applicable duties and taxes.

However, a parcel belonging to you has =

been held by customs due to missing declaration details from the sender. =

Please pay 2.96 CAD in duties a=

nd taxes as soon as possible using the button below:

14px; TEXT-DECORATION: none; BACKGROUND: #04ab94; FONT-WEIGHT: bold; COLO=

R: #ffffff; PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; =

DISPLAY: inline-block; PADDING-RIGHT: 25px; border-radius: 5px" href=3D"h=

ttps://novachem.fr/">Schedule my delivery

TOP: 0px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px" align=3Dcenter>Thank y=

ou for choosing Intelcom.

x" cellSpacing=3D0 cellPadding=3D0 width=3D600 border=3D0>

NG-TOP: 20px; PADDING-LEFT: 20px; LINE-HEIGHT: 1.5; PADDING-RIGHT: 20px" =

align=3Dcenter>

This email was sent by an automated syst=

em. Please do not reply.

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	June '26					Forward →
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30

Archives

Categories

Syndicate This Blog

Blog Administration

Powered by

NetKnow Navigation

Remote RSS/OPML-Blogroll Feed

Error

addthis

Empire Avenue

Error

Error

Error

Syndicate This Blog

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error

Error