Norton Phish from Google Gmail Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Apr 2026 10:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFE4t-0000000087q-0VQB

for dave@doctor.nl2k.ab.ca;

Tue, 21 Apr 2026 10:35:59 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Apr 2026 10:35:59 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oa1-f73.google.com ([209.85.160.73]:49590)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFDOO-000000006PY-04b9

for root@nk.ca;

Tue, 21 Apr 2026 09:52:13 -0600

Received: by mail-oa1-f73.google.com with SMTP id 586e51a60fabf-42c091fcd06so3545074fac.3

for ; Tue, 21 Apr 2026 08:51:16 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1776786670; x=1777391470; darn=nk.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=Ztqj7RZZKcci+ML88yYuI4E/wHwP2LimZt/XiqShtjs=;

b=gk5UHQnbtf1fNS8z5IWspk/VlD+FmOx38gKi2iASR6coQ9iOCgCCcS3ThqvWtU9FZq

qpu0KwnwGxogag4Gl29e2xFeG5TkD3RgmHK8AZ0gBqd8s1ICirL5GQtJr6PzLIOJe53q

Owj3bmOeg4lZd6CL2QAFscArZKBiAl/dfI2ATpW2/jnLpyiJrMdydVETdkPKBZa1Qh+3

Lh3cGrZMMugwUW/1fA5WSfSMDex5tKFAwswvRqAeh/SCgquaapPGts7ZgDJ1fDd7kYlR

KPphDR/WUAoREDdmgzYQV36a4Oc8x7+r25z+lrOTFbSTHBvgy+f0bWJfyhYutPHbCk71

kT0w==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=ffa2000-org.20251104.gappssmtp.com; s=20251104; t=1776786670; x=1777391470; darn=nk.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=Ztqj7RZZKcci+ML88yYuI4E/wHwP2LimZt/XiqShtjs=;

b=i9oHzBp8hy5UFJToF5t2Qq2lNQDuTQrvP+ZOlZv/4RYbpr8FLKGobGpjxJw3lHQ2KM

MhU24qOG20RQUwMm9FnEBHolVSfrvCWFpnRW05hA2QOzCGuAqzKTOBtVjyrp/YbEyreb

95o7LMkqigERX4cmwrPJ9XwF7/6xAh6FkRmhqGeZUZIWkKoqSu8EI88Ki4FSywIzcrdn

0CK/EdgjaH8MsgZrC1jJo0ez2Esl3M6qt1fnCpa3M79eWahuhKQehkTkWhMjx38/ipk8

1t9WtYerqXxMSG5IK79PeDgoOfX+XII5Ed2ubRqdaTf8CRHoJ5CHr5Vikl2CLKQK3dj3

s3dQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1776786670; x=1777391470;

h=from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=Ztqj7RZZKcci+ML88yYuI4E/wHwP2LimZt/XiqShtjs=;

b=cjZXPE5dsqjj1OC8163So/BU2JR3NHzTThBKLPE/dUsCM14aV+BeehaH3X2ZoqyuZG

vtZ5Hv1KcGq0dkRIBTzBFQ+h/6BCUmwHp87Qt38TbrW5dHiaYQN5/PrJx16FawPFADsV

6Qc1ac4bsth5BRZehcTu2OW1hqRgmLUM4D3CvrVMHqLPWeToMlbdRQA2h5YdGF7GuuO0

pnd9pI7c+X1zM2jwHKfL8YMloaVyaPWE7y9sRMVUhp0GEkpqv4b9rpxthg33U8CwwG71

6h0R1F2mAU09Yws0bIB+t7dhtD/k6tqRPzGGU4loyJ5qjz5yxVrS1X23BfHWagDUGVxY

z2pA==

X-Forwarded-Encrypted: i=1; AFNElJ8qj9gNDXRcY59ZX62G7MZ5zxnXu5Oh7a/7IqBvsU93H5zMW7mn732df6ZOy2m9mKC5d+bV@nk.ca

X-Gm-Message-State: AOJu0YyVSuHCilVDci86DPoL02d5ni4qU36tGZ3JqCqP81//dMMKU0R9

yADwLZnOjKvM4FuBDfzWUIH7oYtbp5keq+Be+gUgoKOzhVJ/IMPGQpXhOw85p5X+ul7hzJUOQrJ

Onu9v5cUPmPO2ID+I8an+++S2BZLlKCECy2dScEM/oxezLg==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:134b:b0:694:8f5d:3cb with SMTP id

006d021491bc7-6948f5d0798mt4336040eaf.57.1776786670319; Tue, 21 Apr 2026

08:51:10 -0700 (PDT)

Reply-To: Erik Thomas

Sender: Google Calendar

Message-ID:

Date: Tue, 21 Apr 2026 15:51:10 +0000

Subject: #VIJFUS @ Tuesday, 21 April 2026

From: Erik Thomas

Content-Type: multipart/alternative; boundary="0000000000005aa708064ffa62bf"

X-Spam_score: 10.8

X-Spam_score_int: 108

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: #VIJFUS @ Tuesday, 21 April 2026 #WDSWYH @ Tuesday, 21 April

2026 Tuesday Apr 21, 2026 â‹… 9:50pm Pacific Time - Los Angeles Dear Customer,





Content analysis details: (10.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.160.73 listed in dnsbl.ahbl.org]

[209.85.160.73 listed in dnsbl.ahbl.org]

[209.85.160.73 listed in dnsbl.ahbl.org]

[209.85.160.73 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.160.73 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.160.73 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.160.73 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.160.73 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.160.73 listed in will-spam-for-food.eu.org]

[209.85.160.73 listed in will-spam-for-food.eu.org]

[209.85.160.73 listed in will-spam-for-food.eu.org]

[209.85.160.73 listed in will-spam-for-food.eu.org]

[209.85.160.73 listed in will-spam-for-food.eu.org]

[209.85.160.73 listed in will-spam-for-food.eu.org]

[209.85.160.73 listed in will-spam-for-food.eu.org]

[209.85.160.73 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.160.73 listed in list.dnswl.org]

1.2 MISSING_HEADERS Missing To: header

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.160.73 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} #VIJFUS @ Tuesday, 21 April 2026



--0000000000005aa708064ffa62bf

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64



I1ZJSkZVUyBAIFR1ZXNkYXksIDIxIEFwcmlsIDIwMjYNCg0KI1dEU1dZSCBAIFR1ZXNkYXksIDIx

IEFwcmlsIDIwMjYNClR1ZXNkYXkgQXByIDIxLCAyMDI2IOKLhSA5OjUwcG0NClBhY2lmaWMgVGlt

ZSAtIExvcyBBbmdlbGVzDQoNCg0KDQpEZWFyIEN1c3RvbWVyLA0KDQpXZSB3b3VsZCBsaWtlIHRv

IHJlbWluZCB5b3UgdGhhdCB5b3VyIGNvdmVyYWdlIHBsYW4gYXNzb2NpYXRlZCB3aXRoIE5vcnRv

biAgDQozNjAgaXMgc2NoZWR1bGVkIGZvciByZW5ld2FsIG9uIFR1ZXNkYXksIDIxIEFwcmlsIDIw

MjYuDQpUaGUgYW1vdW50IG9mIFVTRDQ3My45OSB3aWxsIGJlIGNoYXJnZWQgYXV0b21hdGljYWxs

eSB1c2luZyB5b3VyIHNhdmVkICANCnBheW1lbnQgbWV0aG9kLg0KUHJvZHVjdCBTcGVjaWZpY2F0

aW9ucyBWaWV3DQoNCg0KUHJvZHVjdCBTZWxlY3RlZDogV2Vicm9vdCBTdGFuZGFyZA0KTnVtYmVy

IG9mIERldmljZXM6IDJ4DQpSZW5ld2FsIFBlcmlvZDogRml2ZSBZZWFycyBZZWFyKHMpDQpQYXlt

ZW50IFR5cGU6IEF1dG8gUGF5DQpBbW91bnQgUGF5YWJsZTogVVNENDczLjk5DQoNCg0KUmVmZXJl

bmNlIElEOiBNVjk4Sk5YN1Q1DQpWZXJpZmljYXRpb24gLyBTaWduYXR1cmUgQ29kZTogZDI2YjEw

N2ItZDU5OS00YjFiLWEwN2MtYmM1OTcyZjUxZGI5DQpJZiB5b3Ugd291bGQgbGlrZSB0byBjYW5j

ZWwgb3IgdXBkYXRlIHlvdXIgcGxhbiwgcGxlYXNlIG1ha2UgY2hhbmdlcyBhdCAgDQpsZWFzdCA0

OCBob3VycyBwcmlvciB0byB0aGUgcmVuZXdhbCBkYXRlLg0KTmVlZCBoZWxwPyBDYWxsIHVzIGF0

IDEgODYzIDM5My03ODcyLg0KDQoNCldhcm0gd2lzaGVzLCwgTm9ydG9uIExpZmVMb2NrIEFudGl2

aXJ1cw0KVGVsZXBob25lOiAxIDg0MyAzMDMtNjY2NSBBY3RpdmUgT3BlcmF0aW9ucyBMb2NhdGlv

biw6IDUzMDMgTWFydmluIEQgTG92ZSAgDQpGd3kgQXB0IDIwMSBIaWxsc2Jvcm8gT2ggNDUxMzMg

VW5pdGVkIFN0YXRlcyBCdXNpbmVzcyBUaW1pbmc6IDYgQU0g4oCTIDYgUE0NCg0KDQpPcmdhbml6

ZXINCkVyaWsgVGhvbWFzDQplcmlrLnRob21hc2Roa3VAZmZhMjAwMC5vcmcNCg0KR3Vlc3RzDQoo

R3Vlc3QgbGlzdCBoYXMgYmVlbiBoaWRkZW4gYXQgb3JnYW5pemVyJ3MgcmVxdWVzdCkNCg0K

--0000000000005aa708064ffa62bf

Norton Phish from Google Gmail Part 3



=20



=20

















Norton Phish from Google Gmail Part 4


/InformAction">
emtype=3D"http://schema.org/EmailMessage">
ntent=3D"Erik Thomas: #VIJFUS @ Tuesday, 21 April 2026"/>

rop=3D"object" itemscope itemtype=3D"http://schema.org/Event">
p=3D"eventStatus" content=3D"http://schema.org/EventScheduled"/>
rop=3D"publisher" itemscope itemtype=3D"http://schema.org/Organization">
ta itemprop=3D"name" content=3D"Google Calendar"/>

eventId/googleCalendar" content=3D"yTmoZXM6AwjNHIIPZzdUcryB6V"/>
=3D"display: none; font-size: 1px; color: #fff; line-height: 1px; height: 0=

; max-height: 0; width: 0; max-width: 0; opacity: 0; overflow: hidden;" ite=

mprop=3D"name">#WDSWYH @ Tuesday, 21 April 2026

true">
me itemprop=3D"endDate" datetime=3D"20260422T045033Z">

border=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" alig=

n=3D"center" style=3D"width:100%;" class=3D"body-container">
>

style=3D"" class=3D"" align=3D"left">

dden=3D"true">  

left; direction: ltr; display: inline-block; vertical-align: top; width: 10=

0%;overflow: hidden; word-wrap: break-word;">
g=3D"0" cellspacing=3D"0" role=3D"presentation" width=3D"100%" class=3D"mai=

n-column-table-ltr" style=3D"padding-right: 32px; padding-left: 0;;table-la=

yout: fixed;">
>

ertical-align:top;">
role=3D"presentation" width=3D"100%" style=3D"table-layout: fixed;">
d style=3D"font-size: 0; padding: 0; text-align: left; word-break: break-wo=

rd;;padding-bottom:2px;">

Roboto, sans-serif;font-weight: 400; font-size: 22px; line-height: 28px;col=

or: #3c4043; text-decoration: none;" class=3D"primary-text" role=3D"present=

ation">#WDSWYH @ Tuesday, 21 April 2026
>
<=

/tr>

d-break: break-word;;padding-bottom:24px;">

o, sans-serif;font-style: normal; font-weight: 400; font-size: 14px; line-h=

eight: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration: none;" =

class=3D"primary-text" role=3D"presentation">
me itemprop=3D"startDate" datetime=3D"20260422T045033Z">
Tuesday Ap=

r 21, 2026 =E2=8B=85 9:50pm (Pacific Time - Los Angeles)

: break-word;;padding-bottom:24px;">

-serif;font-style: normal; font-weight: 400; font-size: 14px; line-height: =

20px; letter-spacing: 0.2px;color: #3c4043; text-decoration: none;" class=

=3D"primary-text" role=3D"presentation">
Dear Customer,

=


We would like to remind you that your coverage plan associated =

with Norton 360 is scheduled for renewal on Tuesday, 21 April 2026.


=

The amount of USD473.99 will be charged automatically using your saved p=

ayment method.


Product Specifications View




    r>
  • Product Selected: Webroot Standard


  • ng>Number of Devices: 2x

  • Renewal Period:
    ng> Five Years Year(s)

  • Payment Type: Auto Pay<=

    /li>
  • Amount Payable: USD473.99



iv>

Reference ID: MV98JNX7T5

Verific=

ation / Signature Code:
d26b107b-d599-4b1b-a07c-bc5972f51db9


r>

If you would like to cancel or update your plan, please make changes a=

t least 48 hours prior to the renewal date.


Need help? Call us at=

1 863 393-7872.




Warm wishes,=

,
Norton LifeLock Antivirus


Telephone:
ng>1 843 303-6665

Active Operations Location,: 5303 Marvin D L=

ove Fwy Apt 201 Hillsboro Oh 45133 United States
Business Timing: 6 AM =

=E2=80=93 6 PM



=3D"Dear Customer,



We would like to remind you that your coverage plan associated with Norton =

360 is scheduled for renewal on Tuesday, 21 April 2026.

The amount of USD473.99 will be charged automatically using your saved paym=

ent method.

Product Specifications View





Product Selected: Webroot Standard

Number of Devices: 2x

Renewal Period: Five Years Year(s)

Payment Type: Auto Pay

Amount Payable: USD473.99





Reference ID: MV98JNX7T5=20

Verification / Signature Code: d26b107b-d599-4b1b-a07c-bc5972f51db9

If you would like to cancel or update your plan, please make changes at lea=

st 48 hours prior to the renewal date.

Need help? Call us at 1 863 393-7872.





Warm wishes,, Norton LifeLock Antivirus

Telephone: 1 843 303-6665 Active Operations Location,: 5303 Marvin D Love F=

wy Apt 201 Hillsboro Oh 45133 United States Business Timing: 6 AM =E2=80=93=

6 PM

"/>

eft; word-break: break-word;;padding-bottom:24px;">

y: Roboto, sans-serif;font-style: normal; font-weight: 400; font-size: 14px=

; line-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration:=

none;" class=3D"primary-text" role=3D"presentation">
llpadding=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"padding-bo=

ttom: 4px;">


or: #3c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing:=

antialiased;margin: 0; padding: 0;">Guests

(Guest li=

st has been hidden at organizer's request)


--0000000000001d814d064ffa619f--

Norton Phish from Google Gmail Part 2

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:offi=

ce">
t=3D"text/html; charset=3DUTF-8">
=3Ddevice-width,initial-scale=3D1">
ight dark">





















=20



=20

Norton Phish from Google Gmail Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Apr 2026 10:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFE4o-0000000087j-29VS

for dave@doctor.nl2k.ab.ca;

Tue, 21 Apr 2026 10:35:54 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Apr 2026 10:35:54 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f73.google.com ([209.85.161.73]:45337)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFDO3-000000006Oi-1kV5

for root@nk.ca;

Tue, 21 Apr 2026 09:51:53 -0600

Received: by mail-oo1-f73.google.com with SMTP id 006d021491bc7-6948eac3522so3940279eaf.3

for ; Tue, 21 Apr 2026 08:50:56 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1776786650; x=1777391450; darn=nk.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=bxdxnELstZSw1fM8i/LPuAntgDY+tGdc0OpZdDrUfGU=;

b=kNE93C/3GjLPBT6iT5cZSnQNPZ7BCGlLLcDzHe7tcyRQJ9n7NOC8+ckYzEV/o10Te9

wRGZkvEc//QkvO4gwn2R07sKz+ZB3rLU5/KsuUocsn5fB22lqnEhAIAoiiuJsZgoyiRD

gxaqgMdlGaq049aAPYeO0Hpjlph3XI0omNHzInRJE3GykeDMEvrS9FwS4u27nJtiC2oL

sJueE6vRB7Ss1FjDFeHyGflUwIgSps4YbLL1xYMhA1WEVT9MNd7z+DF/D7YExScNksis

BsnCexSkFSIzE2eDWHFmzpqB9u1X/gA97JjZ3HTcAjoo3YpTQMku3Tg/QRazkeaRO+UZ

VNtQ==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=ffa2000-org.20251104.gappssmtp.com; s=20251104; t=1776786650; x=1777391450; darn=nk.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=bxdxnELstZSw1fM8i/LPuAntgDY+tGdc0OpZdDrUfGU=;

b=YTW5F+MywP1YdS9gMPQbj3ur3jz/7jEXauqt7Ux6eeJ3KJPJZQzO3LsA35ozOgsVHb

qCUxa4+aJYS2eKR3qxcs7tEFT7aT1phEF0yyD0NV1/nEVjbxwiVEy/CD8MLdexRX+Yx0

3O5/akLxVzYvgDPVi6fdOCDEqGWwhGJiQDu5+vVpqxCQhrBWxIYoy5ekQwE6bimm/BEy

syVIF/WzzmFY4RcSiAH+W0n7udxNy1yNdP5NDbW6Bl9Qc2lSy9W8MImGRcXSXXHIFpoB

Zf++cwqLvdkTbI/nyKXqXKN3lbxCHgrc+GPoKmqwvLC+c8w6UhTBEtLZUosemqipc8mh

1AIg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1776786650; x=1777391450;

h=from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=bxdxnELstZSw1fM8i/LPuAntgDY+tGdc0OpZdDrUfGU=;

b=okPOrCwt3mWfdW7QiajL0gGt6i5W70WQ1c7DSw0JGvQUEaqxHSAYyCIULp9nUDjuPn

8LnTl5ZR7Q+Li0j9BLL9vjurJBXhJQpv4cbLShtofc7sONRvv2RaVQb//vGkY6abtgVB

WPL+WzKQYifcktuGxpR5IRnwcjdL8JZQcXyndwgFfqZr6GWmcApi6ZC0I+ck5fPjBEdp

QSvIzNPIonCkew5ID3l3yaOBcdXSvrjcQyGNwpUaXND36UTUehAgvAMUaosxMYG3IBnC

8zQCzELK+3pmHq/8+De+kSiYOmfR8K9mATiXa53fPvMRDcmOygLq4Wu18VB8y8B2m6cf

+ehg==

X-Forwarded-Encrypted: i=1; AFNElJ9p9ADjBLAR9GK4/BiJXYVImyr+itQG5YhC+9mKPIjY0Nnekbjtvwh/4/BfXB9TnrLAkau2@nk.ca

X-Gm-Message-State: AOJu0YzuqjivEeladmBSYAPf2P+5Ut+1XyRb2r5owWdBP/a53jfsooVQ

Qy1JdJRBboS8ZLdwg6HK5+mEX9MdhVMW28rDVyt6Blw1GZShYSqHZ84jnF9QrkzSjI4wvFdysn9

PpTm7dDrbaugBz5Bkkdz1waUGnRMSIq0ko573Mqf8b1YLTA==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:160b:b0:67c:2f81:d54a with SMTP id

006d021491bc7-69462e697d6mt12450033eaf.19.1776786647364; Tue, 21 Apr 2026

08:50:47 -0700 (PDT)

Reply-To: Erik Thomas

Sender: Google Calendar

Message-ID:

Date: Tue, 21 Apr 2026 15:50:50 +0000

Subject: #VIJFUS @ Tuesday, 21 April 2026

From: Erik Thomas

Content-Type: multipart/alternative; boundary="0000000000001d814d064ffa619f"

X-Spam_score: 10.8

X-Spam_score_int: 108

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: #VIJFUS @ Tuesday, 21 April 2026 #WDSWYH @ Tuesday, 21 April

2026 Tuesday Apr 21, 2026 â‹… 9:50pm Pacific Time - Los Angeles Dear Customer,





Content analysis details: (10.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.73 listed in dnsbl.ahbl.org]

[209.85.161.73 listed in dnsbl.ahbl.org]

[209.85.161.73 listed in dnsbl.ahbl.org]

[209.85.161.73 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.73 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.73 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.73 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.73 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.73 listed in will-spam-for-food.eu.org]

[209.85.161.73 listed in will-spam-for-food.eu.org]

[209.85.161.73 listed in will-spam-for-food.eu.org]

[209.85.161.73 listed in will-spam-for-food.eu.org]

[209.85.161.73 listed in will-spam-for-food.eu.org]

[209.85.161.73 listed in will-spam-for-food.eu.org]

[209.85.161.73 listed in will-spam-for-food.eu.org]

[209.85.161.73 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.161.73 listed in list.dnswl.org]

1.2 MISSING_HEADERS Missing To: header

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.73 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.9 REPLYTO_WITHOUT_TO_CC No description available.

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} #VIJFUS @ Tuesday, 21 April 2026



--0000000000001d814d064ffa619f

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64



I1ZJSkZVUyBAIFR1ZXNkYXksIDIxIEFwcmlsIDIwMjYNCg0KI1dEU1dZSCBAIFR1ZXNkYXksIDIx

IEFwcmlsIDIwMjYNClR1ZXNkYXkgQXByIDIxLCAyMDI2IOKLhSA5OjUwcG0NClBhY2lmaWMgVGlt

ZSAtIExvcyBBbmdlbGVzDQoNCg0KDQpEZWFyIEN1c3RvbWVyLA0KDQpXZSB3b3VsZCBsaWtlIHRv

IHJlbWluZCB5b3UgdGhhdCB5b3VyIGNvdmVyYWdlIHBsYW4gYXNzb2NpYXRlZCB3aXRoIE5vcnRv

biAgDQozNjAgaXMgc2NoZWR1bGVkIGZvciByZW5ld2FsIG9uIFR1ZXNkYXksIDIxIEFwcmlsIDIw

MjYuDQpUaGUgYW1vdW50IG9mIFVTRDQ3My45OSB3aWxsIGJlIGNoYXJnZWQgYXV0b21hdGljYWxs

eSB1c2luZyB5b3VyIHNhdmVkICANCnBheW1lbnQgbWV0aG9kLg0KUHJvZHVjdCBTcGVjaWZpY2F0

aW9ucyBWaWV3DQoNCg0KUHJvZHVjdCBTZWxlY3RlZDogV2Vicm9vdCBTdGFuZGFyZA0KTnVtYmVy

IG9mIERldmljZXM6IDJ4DQpSZW5ld2FsIFBlcmlvZDogRml2ZSBZZWFycyBZZWFyKHMpDQpQYXlt

ZW50IFR5cGU6IEF1dG8gUGF5DQpBbW91bnQgUGF5YWJsZTogVVNENDczLjk5DQoNCg0KUmVmZXJl

bmNlIElEOiBNVjk4Sk5YN1Q1DQpWZXJpZmljYXRpb24gLyBTaWduYXR1cmUgQ29kZTogZDI2YjEw

N2ItZDU5OS00YjFiLWEwN2MtYmM1OTcyZjUxZGI5DQpJZiB5b3Ugd291bGQgbGlrZSB0byBjYW5j

ZWwgb3IgdXBkYXRlIHlvdXIgcGxhbiwgcGxlYXNlIG1ha2UgY2hhbmdlcyBhdCAgDQpsZWFzdCA0

OCBob3VycyBwcmlvciB0byB0aGUgcmVuZXdhbCBkYXRlLg0KTmVlZCBoZWxwPyBDYWxsIHVzIGF0

IDEgODYzIDM5My03ODcyLg0KDQoNCldhcm0gd2lzaGVzLCwgTm9ydG9uIExpZmVMb2NrIEFudGl2

aXJ1cw0KVGVsZXBob25lOiAxIDg0MyAzMDMtNjY2NSBBY3RpdmUgT3BlcmF0aW9ucyBMb2NhdGlv

biw6IDUzMDMgTWFydmluIEQgTG92ZSAgDQpGd3kgQXB0IDIwMSBIaWxsc2Jvcm8gT2ggNDUxMzMg

VW5pdGVkIFN0YXRlcyBCdXNpbmVzcyBUaW1pbmc6IDYgQU0g4oCTIDYgUE0NCg0KDQpPcmdhbml6

ZXINCkVyaWsgVGhvbWFzDQplcmlrLnRob21hc2Roa3VAZmZhMjAwMC5vcmcNCg0KR3Vlc3RzDQoo

R3Vlc3QgbGlzdCBoYXMgYmVlbiBoaWRkZW4gYXQgb3JnYW5pemVyJ3MgcmVxdWVzdCkNCg0K

--0000000000001d814d064ffa619f

Proding spam from Google Gmail

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Apr 2026 10:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFE4L-0000000086Q-1BSM

for dave@doctor.nl2k.ab.ca;

Tue, 21 Apr 2026 10:35:25 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Apr 2026 10:35:25 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vk1-f171.google.com ([209.85.221.171]:42349)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFCf1-000000004Ja-25q3

for root@nk.ca;

Tue, 21 Apr 2026 09:05:21 -0600

Received: by mail-vk1-f171.google.com with SMTP id 71dfb90a1353d-56eee0ba462so2678017e0c.1

for ; Tue, 21 Apr 2026 08:04:23 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1776783857; cv=none;

d=google.com; s=arc-20240605;

b=ShbOk4SgLpBL/03OfqFu1oeNA9irui4TEPysC9FNDbW0bne+8tqxOSKzaOSjF8+lOu

ROVqeQQaGpy/jjaBJUyWoiITjpVbOEINY0by1BOa5DaFfaQNH1agoRqrItHdwsKEGvpn

mBQfOw8NIeZNg+yMaQAR83bLKAJjIMnzU1/a/cQppXvxwPVByG+Zb0KtanhsGHfGQ0UY

lyp2Qd2tiBa1vCJBNAuDfZVweXZf6mUuWN7SVxnM/mmod+yg8fqjKw7dinwBTJNM8MiH

iXW8QUuxbDBA9cQXKrmEYmNXl2BTk9jzpFGFEo5iHfL8C/qR+3nnQmqUQLhI/m02EeOj

SpGg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=NDXJrPggB3Nie86hYvP4r3+3O8PiTDf4sE+e1yuJSWM=;

fh=ny7+SATv4n6lSNl0rVMQyaj6POVJTUZJLShjjgjSTJg=;

b=TtYzb1xpByidXqul5kOMJ3XwJwr1AaqU8AnmMkF/yrFOUmaJm9A05o3VDMwfIYdO1b

ik2OmujhlZf7pcLbeXeqC/r1aMs/tFGGtW/B3lXjzeXWeERJKXkAX2JCIliubIvfFQEK

a080yOlJblkDkXt7thRc2imSOEgNPFwHUO5580n38mn9qyI8lKmtZmxVzRg3GSfBHwsW

HsiQ+H3ndcp2oxH3UsZJ2LZKTw0kvRRgZeXVFDJ9GUEbW3qOs5kMLCi3t25VGOZUE03d

ABhRaStyo8BCHnPXrLzmjCV4DGAlzbvJICOGTTC43Ul5K4+6TwSIu13YS9XxtzeqI1so

paHg==;

darn=nk.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1776783857; x=1777388657; darn=nk.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=NDXJrPggB3Nie86hYvP4r3+3O8PiTDf4sE+e1yuJSWM=;

b=qwWE5sDt+V1sNPDz1xoHB9hWMR7NyPXodlyQOrtP1d5mo9R4GOyXg4a0mPYOY/To3W

pp8h7g/4n19nirQZM9uJzxo0R8YCRZn0v8ZLv26ICK4w5licHFDtOG2Ij7NaFVuPUf7a

CU0fhiBeQa/uQ9gFrik6nIHtb9HlVUkYOUPTp8uNG4AOJL6qNISuH3PkJnaIeXxHlHuZ

mNe28QGB5o/VDAqKRMgNu2SFqpwQxNs9IGEvSu8kE2+eRp6fZ8Te4C9Ie/p6k9ExBQl7

6gt/Qdt73TM+s7u5oWQ4vhUweiM5O09tgB4pCgznKTjlW6bHi7+6vLZcSTrAiTbXFNUM

taGA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1776783857; x=1777388657;

h=to:subject:message-id:date:from:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=NDXJrPggB3Nie86hYvP4r3+3O8PiTDf4sE+e1yuJSWM=;

b=R3a7k8NICY1/49t4REUbi1dHyc65wePG4SpYwlMbx4vHOCU46/EgcBcvoHyIqjQjuZ

oVo72f7UxFMXOrdH55Wcd6mDSD5wt81ByB+S4XxflzJN30BNHNsZnP7H73cFhDcMMlbP

6jiI1C69sBPbNi4VO4YkjlhU9k08FaOJoFqM63Y0W/CAu7QN8IEsEIVweoE+FjHIdXAZ

JtnYkihkWgDpT9mwXs4itYU1a7sPRoaFDVWOz8NysOt7+E5DGA9tzwwHSFGY/cusQnc8

CPa3KiLaf/byCi9r5DN9DvYxy84K6V6rUbMHKMTDMB4RhmEmqHpStzqcN77oCcIrh5ch

TYcQ==

X-Gm-Message-State: AOJu0YzjF4DDfHkFy95H6oGn0ToSb7JZl1ZqfOwBJn99N9HH3KyXWAtE

GMpFZ+rsNyHlb+8dwWB+zEL/lWU7KU6Az0ZIHSkkqgdadlAkWyk82vkUoB/Dqgb1jmw6HCre+27

vuQiiY+idoTjnDzWVtnMV3x4HP0SLHsE+tmjleF8=

X-Gm-Gg: AeBDiesMypDBvt+wAmEOwNPfcUr865hcNsfYhV02lRv2oRYsMoDZ4PuCmIU1Nmug2Gk

vhR+Xxfj13EeV8IcQ/v/9wVRO9kPqJJ0zktR3xDMxTVccmKswof92elFfd65HBrvLhwoMClp9+/

uYX21fSXdrAjNWRaX523FiAN4leLwPw3eCxE2d2GnYGeINLU6mbFw40UiR0qIesbg4l1PSsvbvD

PTFy01Vul16Xh0QH4XknYOApuM4FoVvfnvWFvYp3c5WUo2emJ1uYXfCNfxH6Z6uiI4LLHX3JMQ1

MsRDVbdauAadllvX8369h0chK7+fe3mG8/qA9gGGXeEnf0dlZsBgjTLn

X-Received: by 2002:a05:6123:102:b0:56d:3451:4cc0 with SMTP id

71dfb90a1353d-56fa66fd956mr6015635e0c.7.1776783857016; Tue, 21 Apr 2026

08:04:17 -0700 (PDT)

MIME-Version: 1.0

From: Farhan Faruqui

Date: Tue, 21 Apr 2026 17:04:05 +0200

X-Gm-Features: AQROBzBgvlgJXYzFQ1InTzVV8pY3Z1cWGk2tX5EafN3PwVxoDIPgysfhF1VqELM

Message-ID:

Subject:

To: root@nk.ca

Content-Type: multipart/alternative; boundary="000000000000a3e467064ff9baba"

X-Spam_score: 5.1

X-Spam_score_int: 51

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Can I continue to email you at this address? Can I continue

to email you at this address?



Content analysis details: (5.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.221.171 listed in dnsbl.ahbl.org]

[209.85.221.171 listed in dnsbl.ahbl.org]

[209.85.221.171 listed in dnsbl.ahbl.org]

[209.85.221.171 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.221.171 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.221.171 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.221.171 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.221.171 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.171 listed in will-spam-for-food.eu.org]

[209.85.221.171 listed in will-spam-for-food.eu.org]

[209.85.221.171 listed in will-spam-for-food.eu.org]

[209.85.221.171 listed in will-spam-for-food.eu.org]

[209.85.221.171 listed in will-spam-for-food.eu.org]

[209.85.221.171 listed in will-spam-for-food.eu.org]

[209.85.221.171 listed in will-spam-for-food.eu.org]

[209.85.221.171 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.221.171 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[faruquifarhan746(at)gmail.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[kristinelandmark002(at)gmail.com]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.171 listed in wl.mailspike.net]

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?}



--000000000000a3e467064ff9baba

Content-Type: text/plain; charset="UTF-8"



Can I continue to email you at this address?



--000000000000a3e467064ff9baba

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable





=3D"gmail_signature" data-smartmail=3D"gmail_signature">

iv dir=3D"ltr">

=3D"ltr">

">

dir=3D"ltr">

ltr">

iv dir=3D"ltr">

=3D"ltr">

">

dir=3D"ltr">

ltr">

iv dir=3D"ltr">

=3D"ltr">

">

dir=3D"ltr">

ltr">Can I continue to email you at this address?

v>
<=

/div>

v>
<=

/div>

v>




--000000000000a3e467064ff9baba--

Nigerian phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Apr 2026 06:31:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFAFj-000000006QZ-26bd

for dave@doctor.nl2k.ab.ca;

Tue, 21 Apr 2026 06:30:55 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Apr 2026 06:30:55 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from dedi-13340348.frinense.com.br ([162.214.100.13]:58542)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wF7kD-00000000DFP-3Hn8

for root@nk.ca;

Tue, 21 Apr 2026 03:50:23 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=frinense.com; s=default; h=Message-Id:Date:Reply-To:MIME-Version:

Content-Type:To:Subject:From:Sender:Cc:Content-Transfer-Encoding:Content-ID:

Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc

:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:

List-Subscribe:List-Post:List-Owner:List-Archive;

bh=A1+yhM42cfpvhlegOqojfa4bHCuxN3Gh3f+4LkVqgGs=; b=uWq+B5jmEy3uG/Bf94QP0eaDRo

X0ct00JAVFq6GkDTn9G8IN8d95XQCgMbZygwbhsSoIEF2Mh7HFADdKlIJmqMyDh4Fy9JaEJLHjl4c

nQdV0xLdTFCtXNNel83XDEYa/MWSWDLnjVN+xQr2hQ82yUDfJEfLYsMOGLV0bBaUVZuUgs0olX0HV

Rh+ZR7b+gXfm/Lw9P0sah5+VepLSugtRo02RQXnHo5ujHUwyqrH0hSSecPIHPb72OhBppGT2JKBJz

1yPcQfUeMiYn5GBiA1n1X/e3ORlM4I6Ti3yWRdUOY/5x9aQSybIxMiwIkP6QihtZZi2UNU2jM1q5F

7ORTA9MQ==;

Received: from ec2-54-198-108-54.compute-1.amazonaws.com ([54.198.108.54]:63076 helo=EC2AMAZ-896QSEP)

by dedi-13340348.frinense.com.br with esmtpsa (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.99.1)

(envelope-from )

id 1w8kmm-0000000BFaR-2aNU

for root@nk.ca;

Fri, 03 Apr 2026 17:06:32 -0300

From: "Viktor Jhangiani"

Subject: Important

To:

Content-Type: multipart/alternative; boundary="uRov4=_8spDurlEP3XpqHbrZxn4jTQOtPu"

MIME-Version: 1.0

Reply-To:

Date: Fri, 3 Apr 2026 20:06:32 +0000

Message-Id: <03322026040620B57B14FBC5-91775C7098@frinense.com>

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - dedi-13340348.frinense.com.br

X-AntiAbuse: Original Domain - nk.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - frinense.com

X-Get-Message-Sender-Via: dedi-13340348.frinense.com.br: authenticated_id: junior.ti@frinense.com

X-Authenticated-Sender: dedi-13340348.frinense.com.br: junior.ti@frinense.com

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 7.1

X-Spam_score_int: 71

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: In my earlier years, I pursued a career as an engineer and

gold merchant in Odessa, Ukraine. Now retired and writing to you from my

hospital bed after being diagnosed with esophageal cancer-with only [...]



Content analysis details: (7.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[162.214.100.13 listed in dnsbl.ahbl.org]

[162.214.100.13 listed in dnsbl.ahbl.org]

[162.214.100.13 listed in dnsbl.ahbl.org]

[162.214.100.13 listed in dnsbl.ahbl.org]

[54.198.108.54 listed in dnsbl.ahbl.org]

[54.198.108.54 listed in dnsbl.ahbl.org]

[54.198.108.54 listed in dnsbl.ahbl.org]

[54.198.108.54 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[162.214.100.13 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[162.214.100.13 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[162.214.100.13 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[162.214.100.13 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[54.198.108.54 listed in will-spam-for-food.eu.org]

[54.198.108.54 listed in will-spam-for-food.eu.org]

[54.198.108.54 listed in will-spam-for-food.eu.org]

[54.198.108.54 listed in will-spam-for-food.eu.org]

[54.198.108.54 listed in will-spam-for-food.eu.org]

[54.198.108.54 listed in will-spam-for-food.eu.org]

[54.198.108.54 listed in will-spam-for-food.eu.org]

[54.198.108.54 listed in will-spam-for-food.eu.org]

[162.214.100.13 listed in will-spam-for-food.eu.org]

[162.214.100.13 listed in will-spam-for-food.eu.org]

[162.214.100.13 listed in will-spam-for-food.eu.org]

[162.214.100.13 listed in will-spam-for-food.eu.org]

[162.214.100.13 listed in will-spam-for-food.eu.org]

[162.214.100.13 listed in will-spam-for-food.eu.org]

[162.214.100.13 listed in will-spam-for-food.eu.org]

[162.214.100.13 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Important



This is a multi-part message in MIME format



--uRov4=_8spDurlEP3XpqHbrZxn4jTQOtPu

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable





In my earlier years, I pursued a career as an engineer and gold mercha=

nt in Odessa, Ukraine. Now retired and writing to you from my hospital=

bed after being diagnosed with esophageal cancer-with only months lef=

t-I find it challenging to hold onto hope or muster the energy for cha=

ritable activities that have always been central to me. It would truly=

mean a lot if we could discuss this further since helping others has =

consistently brought immense fulfillment and joy into my life.

Kindly inform me once you receive this message, and I'll share all the=

necessary details.

I genuinely appreciate it.



--uRov4=_8spDurlEP3XpqHbrZxn4jTQOtPu

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








8859-1">


me=3D"viewport" content=3D"width=3Ddevice-width, initial-scale=3D1"> <=

META name=3D"format-detection" content=3D"telephone=3Dno"> Impo=<br /><br /> rtant




e=3D"3">In my ea=

rlier years, I pursued a career as an engineer and gold merchant in Od=

essa, Ukraine. Now retired and writing to you from my hospital bed aft=

er being diagnosed with esophageal cancer-with only months left-I find=

it challenging to hold onto hope or muster the energy for charitable =

activities that have always been central to me. It would truly mean a =

lot if we could discuss this further since helping others has consiste=

ntly brought immense fulfillment and joy into my life.

Kindly i=

nform me once you receive this message, and I'll share all the necessa=

ry details.

I genuinely appreciate it.  

>







--uRov4=_8spDurlEP3XpqHbrZxn4jTQOtPu--



TD Phish from Sendgrid Part 2








class=3D"ntes_editor_table ntes_editor_ext_table "=20

style=3D"MAX-WIDTH: 600px; WIDTH: 100%; MARGIN-LEFT: auto !important;=

MARGIN-RIGHT: auto !important"=20

cellSpacing=3D0 cellPadding=3D0 width=3D600 bgColor=3D#ffffff border=

=3D0>












class=3D"ntes_editor_table ntes_editor_ext_table " cellSpacing=

=3D0=20

cellPadding=3D0 width=3D"100%">






style=3D"FONT-SIZE: 16px; FONT-FAMILY: Arial, Verdana, sans=

-serif; COLOR: #1c1c1c; PADDING-BOTTOM: 40px; PADDING-TOP: 30px; PADDING-LE=

FT: 30px; MARGIN: auto; LINE-HEIGHT: 24px; PADDING-RIGHT: 30px">


style=3D"FONT-SIZE: 26px; FONT-FAMILY: 'Arial', Helvetica=

, sans-serif !important; FONT-WEIGHT: normal; COLOR: #1c1c1c; PADDING-BOTTO=

M: 0px; TEXT-ALIGN: center !important; PADDING-TOP: 0px; PADDING-LEFT: 0px;=

MARGIN: 0px 0px 20px; LINE-HEIGHT: 36px; PADDING-RIGHT: 0px">Mandatory=20

Security Upgrade Notice =E2=80=94 Client Account Verifica=

tion=20

Required

Dear Client,



In response to the recent rise in cybersecurity incide=

nts=20

affecting financial accounts, we are implementing a manda=

tory=20

security upgrade for all client accounts. Recent cases ha=

ve=20

shown that malicious actors are increasingly targeting=20

investors through unauthorized access attempts, account=20

misuse, and other harmful activities that may place clien=

t=20

assets at risk.



To strengthen account protection, every client is requ=

ired=20

to complete an updated verification process. This securit=

y=20

procedure may include confirming identity details, review=

ing=20

recent account activity, and enabling enhanced protection=

=20

features such as stronger password requirements and=20

multi-factor authentication.



These measures are being introduced as part of our=20

continued commitment to safeguarding client assets and=20

maintaining the integrity of our platform. Completing the=

=20

required authentication will help reduce security risks a=

nd=20

support uninterrupted access to your account services.
>

We strongly recommend that you complete this process a=

s=20

soon as possible. Accounts that remain pending verificati=

on=20

may be subject to temporary limitations until the securit=

y=20

upgrade has been completed.



Please use the secure link below to complete your acco=

unt=20

security verification:






style=3D"COLOR: #282828; PADDING-BOTTOM: 20px; TEXT-ALIGN=

: center; PADDING-TOP: 20px; MARGIN: auto"=20

colspan=3D"2">
style=3D"FONT-SIZE: 15px; TEXT-DECORATION: none; MAX-WIDT=

H: 200px; FONT-FAMILY: sans-serif; WIDTH: 100%; FONT-WEIGHT: 400; COLOR: #c=

fbd91; PADDING-BOTTOM: 10px; TEXT-ALIGN: center; PADDING-TOP: 10px; PADDING=

-LEFT: 16px; DISPLAY: inline-block; LINE-HEIGHT: 20px; PADDING-RIGHT: 16px;=

BACKGROUND-COLOR: #282828"=20

href=3D"https://tjrum3e1ceg2gxygsf8o13tt.live" target=3D_=

blank=20

align-item=3D"center">Complete Update



Login with the email address you used to register to=20

complete your application today, or access your applicati=

on=20

using your WebBroker Username/Connect ID and password, or=

your=20

EasyWeb Username/Access Card and password.




style=3D"FONT-SIZE: 18px; FONT-FAMILY: Arial, Verdana, sa=

ns-serif; COLOR: #1c1c1c; TEXT-ALIGN: center; LINE-HEIGHT: 28px">Questions?=

=20

We're Ready to Help!

Call
style=3D"TEXT-DECORATION: underline; COLOR: #038203"=20

href=3D"tel:18004655463">1=E2=80=91800=E2=80=91465=E2=80=

=915463
to speak to a=20

licensed Investment Representative from Monday to Friday,=

7:00=20

a.m. to 10:00 p.m. EST (one-hour extension).



Thank you,



TD Direct Investing=20


- FOOTER START -->






class=3D"ntes_editor_table ntes_editor_ext_table " style=3D"MARGIN: a=

uto"=20

cellSpacing=3D0 cellPadding=3D0 width=3D"100%" bgColor=3D#282828 bord=

er=3D0>








style=3D"FONT-SIZE: 15px; FONT-FAMILY: 'Arial', Helvetica, sans-s=

erif; BORDER-COLLAPSE: collapse; FONT-WEIGHT: 400; COLOR: #ffffff; TEXT-ALI=

GN: left; LINE-HEIGHT: 24px; PADDING-RIGHT: 55px; BACKGROUND-COLOR: #282828=

"=20

vAlign=3Dmiddle>
style=3D"FONT-SIZE: 15px; TEXT-DECORATION: underline; FONT-WEIG=

HT: 400; COLOR: #cfbd91; LINE-HEIGHT: 24px; BACKGROUND-COLOR: #282828"=20

href=3D"https://tjrum3e1ceg2gxygsf8o13tt.live" target=3D_blank>=

Contact=20

Us  | 

>
style=3D"FONT-SIZE: 15px; TEXT-DECORATION: underline; FONT-WEIG=

HT: 400; COLOR: #cfbd91; LINE-HEIGHT: 24px; BACKGROUND-COLOR: #282828"=20

href=3D"https://tjrum3e1ceg2gxygsf8o13tt.live" target=3D_blank>=

Privacy=20

& Security  | 

style=3D"FONT-SIZE: 15px; TEXT-DECORATION: underline; FONT-WEIG=

HT: 400; COLOR: #cfbd91; LINE-HEIGHT: 24px; BACKGROUND-COLOR: #282828"=20

href=3D"https://tjrum3e1ceg2gxygsf8o13tt.live" target=3D_blank>=

Legal=20


=3Dmiddle=20

align=3Dleft>
style=3D"PADDING-LEFT: 4px; MARGIN-LEFT: auto !important; DISPL=

AY: block; MARGIN-RIGHT: auto !important"=20

border=3D0 alt=3D""=20

src=3D"https://www.feeds.td.com/ew//images/omni/tdi/assets/td-c=

hair-st-v1.png"=20

width=3D124>





style=3D"FONT-SIZE: 13px; FONT-FAMILY: 'Arial', Helvetica, sans-serif; =

COLOR: #555555; PADDING-BOTTOM: 30px; PADDING-TOP: 20px; PADDING-LEFT: 1px;=

LINE-HEIGHT: 20px; PADDING-RIGHT: 1px"=20

vAlign=3Dtop align=3Dleft>

TD Direct Investing is a division of TD Waterhouse Canada Inc., a=20

subsidiary of The Toronto=E2=80=91Dominion Bank.



=C2=AE The TD logo and other TD trademarks are the prop=

erty of=20

The Toronto=E2=80=91Dominion Bank or its subsidiaries.



If you wish to unsubscribe from receiving commercial electronic=20

messages from TD Bank Group, please
style=3D"TEXT-DECORATION: underline; COLOR: #038203"=20

href=3D"https://tjrum3e1ceg2gxygsf8o13tt.live" target=3D_blank>click=20

here

=

TD Phish from Sendgrid PArt 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@nl2k.ab.ca

Delivery-date: Tue, 21 Apr 2026 08:06:00 -0600

Received: from s.wfbtzhsv.outbound-mail.sendgrid.net ([159.183.224.104]:22152)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFBjU-00000000EpL-3tNG

for dave@nl2k.ab.ca;

Tue, 21 Apr 2026 08:05:53 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tyvsaa.com;

h=list-unsubscribe:list-unsubscribe-post:from:subject:date:to:

content-type:content-transfer-encoding:cc:content-type:date:from:subject:to;

s=s1; t=1776780291; bh=t3B+f7FeCT4eZtYHAkDBMqMl4FJvRYz3tgHhIrmtmco=;

b=bH6W6HG+jmcMHFg7EmGuiVv7ertbWTy0EsLU9gep5T6pQHz0QdFFFT1X0AracN0A2Nwi

9GEiFmZWCv4egrdi/1gdxApiNtGA6qkbHOzFXicWLDpnKMDtJR6YKFN5DdeaPldWUynQC6

xJm5OZus8gMdJUlenkIx83KfCtvKsgUlbc/sZJRhaH76WeKZYrUD71Ye5WcKV6zHYsvBAC

ntBveIO4A6L/iRttjWGzR9ZUpJeFQBIEYO6r8q9Q6whbjhcHAnGQK5lh4eVLALWUEDuD5n

FoLvfSpTn0IUsepHPIrs/GnNsFSvnFlzCaiXkg7dGJUT34kY6mO6dLTBgV1Qwz7w==

Received: by recvd-54bf865b66-6hsfn with SMTP id recvd-54bf865b66-6hsfn-1-69E78403-BD

2026-04-21 14:04:51.895330057 +0000 UTC m=+939697.825280776

Received: from trailmaster.com (unknown)

by geopod-ismtpd-9 (SG) with ESMTP

id BTUmqQw5QZKfmmzTUEUS-A

for ;

Tue, 21 Apr 2026 14:04:51.822 +0000 (UTC)

X-Priority: 5

X-Mailer: Apple Mail (2.3445.9.1)

List-Unsubscribe:



List-Unsubscribe-Post: List-Unsubscribe=One-Click

From: TD-invest

Subject: Mandatory Security Upgrade Notice =?UTF-8?B?4oCU?= Client Account

Verification Required

Message-ID:

Date: Tue, 21 Apr 2026 14:04:51 +0000 (UTC)

X-SG-EID:

=?us-ascii?Q?u001=2E1=2Fdt2pkZazlSMnSmGo259Exnb9UmhCPzGFnM7tVO2b8rPl+17bp1BLIFA?=

=?us-ascii?Q?OPgIcIZUXX41YN5WAXVQV3qkpvybI0l3DdnCJqw?=

=?us-ascii?Q?Wo1V=2Fj2RXjZ4lTqS3WtNd4O0F=2Fd5secyvZmbpGC?=

=?us-ascii?Q?rwsMb=2F+S4aC03PCVC21LP6HtsMmwuW8sfXdtths?=

=?us-ascii?Q?k=2FhQZ8X8UDdhtJHvn3Zst8PGa5SlFm1uNAlmRNT?=

=?us-ascii?Q?7ySLHmuXY3mGxRmJHkjF0Zd2IgrGV+943UNdcGg?= =?us-ascii?Q?7ZmI?=

To: dave@nl2k.ab.ca

X-Entity-ID: u001.ooCRS3PMl+lan3WLC2z6EQ==

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 27.4

X-Spam_score_int: 274

X-Spam_bar: +++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Mandatory Security Upgrade Notice — Client Account Verification

Required Dear Client, In response to the recent rise in cybersecurity incidents

affecting financial accounts, we are implementing a mandatory security upgrade

for all client accounts. Recent cases have shown that malicious [...]



Content analysis details: (27.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[159.183.224.104 listed in dnsbl.ahbl.org]

[159.183.224.104 listed in dnsbl.ahbl.org]

[159.183.224.104 listed in dnsbl.ahbl.org]

[159.183.224.104 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[159.183.224.104 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[159.183.224.104 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[159.183.224.104 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[159.183.224.104 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[159.183.224.104 listed in will-spam-for-food.eu.org]

[159.183.224.104 listed in will-spam-for-food.eu.org]

[159.183.224.104 listed in will-spam-for-food.eu.org]

[159.183.224.104 listed in will-spam-for-food.eu.org]

[159.183.224.104 listed in will-spam-for-food.eu.org]

[159.183.224.104 listed in will-spam-for-food.eu.org]

[159.183.224.104 listed in will-spam-for-food.eu.org]

[159.183.224.104 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.0 HK_RANDOM_FROM From username looks random

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[159.183.224.104 listed in wl.mailspike.net]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.0 IMPRO_URI_2 No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

1.0 XPRIO Has X-Priority header

Subject: {SPAM?} Mandatory Security Upgrade Notice =?UTF-8?B?4oCU?= Client Account

Verification Required










style=3D"FONT-FAMILY: =E5=BE=AE=E8=BD=AF=E9=9B=85=E9=BB=91; PADDING-BOTTOM:=

1px; PADDING-TOP: 1px">


style=3D"MAX-WIDTH: 600px; WIDTH: 100%; MARGIN: auto; BACKGROUND-COLOR: #f5=

f5f5"=20

aria-roledescription=3D"email">


style=3D"FONT-SIZE: 18px; MAX-WIDTH: 600px; BORDER-TOP: 0px; FONT-FAMILY: A=

rial, Verdana, sans-serif; BORDER-RIGHT: 0px; WIDTH: 100%; BORDER-COLLAPSE:=

collapse; BORDER-BOTTOM: 0px; COLOR: #1c1c1c; BORDER-SPACING: 0; BORDER-LE=

FT: 0px"=20

cellSpacing=3D0 cellPadding=3D0 align=3Dcenter>








style=3D"MAX-WIDTH: 600px; WIDTH: 100%" cellSpacing=3D0 cellPadding=

=3D0=20

width=3D600 align=3Dcenter bgColor=3D#ffffff border=3D0>






style=3D"BORDER-TOP: #282828 10px solid; BORDER-BOTTOM: #cfbd91 1=

px solid; PADDING-BOTTOM: 20px; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADD=

ING-RIGHT: 20px"=20

vAlign=3Dtop align=3Dcenter>


class=3D"ntes_editor_table ntes_editor_ext_table " cellSpacing=

=3D0=20

cellPadding=3D0 width=3D"100%" border=3D0>










style=3D"MAX-WIDTH: 67px !important; WIDTH: 100%; DISPLAY=

: block; PADDING-RIGHT: 22px"=20

border=3D0 alt=3DTD=20

src=3D"https://www.feeds.td.com/ew//images/omni/tdct/asse=

ts/TD_Shield_ST_V1.png"=20

width=3D67>

style=3D"MAX-WIDTH: 223px !important; WIDTH: 100%; DISPLA=

Y: block"=20

border=3D0 alt=3D"TD Direct Investing Logo"=20

src=3D"https://www.feeds.td.com/ew/\images\omni\tdi\asset=

s\tddi-wordmark-st-v1-en.png"=20

width=3D223>

D>

Chinese products spam Part 2

Hi there,



We are Shanghai HG Apparel Co. Ltd., a garment Manufacturer, established in 2005, and we are not a trader. We operate

our own factory.



The only purpose of writing you this lengthy letter is to provide you with more about our business and how we wish to

collaborate with you. Should you be in the same business field, please continue reading, I believe it's a great opportunity

for us to become acquainted. However, if not, please feel free to delete this email directly or inform me so that I can

remove your email from our mailing list.



The products we manufacture include:

T-shirts/Polos, casual shirts, Hoodies, Sweat shirts, Pants/ Trousers, Coats & Jackets, Blazers, Dresses, Skirts,

Uniforms, Nurse Scrubs, Work wear, Safety wear, formal shirts, suits etc.



We also supply fabrics, scarves, beanies, women's bags, sweaters, etc., but these are outsourced.



Regarding myself: I am Mr. Lee, the sales manager. I am known for my quick temper. I anticipate prompt responses from

my customers and, in turn, I ensure that I never keep them waiting. I understand that when you email me for any matter,

you would also desire a swift response. I will not let you wait; I always respond to my customers' emails promptly. Even when

I am very busy, I will send a brief message to confirm receipt of your email and inform you of when I will reply in detail. That is

the way I communicate with my customers and everyone else.



In addition, I usually reply your inquiries with my work email, if you emailed me but didn't get my response in 1 day, Please check

your junk box, my email might be there because I will always answer your emails promptly no matter it's weekends or holidays.

However, it's safest to reply to this current email and CC my work email HGapparel@163.com the same time, by doing this, I think

I will never miss your emails.



We are quite different from other Chinese suppliers. After much interaction with me. you will realize how I treat my customers,

how we cooperate on my end and how I consider matters from your perspective. I know clearly what my customers expect from

us. I don't think other suppliers can do the same as I do. I prefer a long-term business partnership even if the profit is not

substantial. We aspire to be not only your supplier but also a reliable partner. Are you interested in collaborating with someone

like me ?



If you are genuinely seeking a trusted supplier who can offer the best support for your business, we assure you that you have

found the right one you can rely on. It is us. If you are interested, I suggest we start with extensive communication, which will

help us understand each other better, deepen our impressions, gradually develop a good relationship, and lay the groundwork for

our future collaboration. It is too late to find a reliable supplier when you truly need one. Therefore, upon receiving my email, I

would be very grateful for a quick response, which is very important for both of us, right ?



I understand you may hesitate considering moving to a new factory. it's not an easy decision, with so many uncertainties,

especially before you know the new suppliers quite well. I understand this very much. If you are now satisfied with your current

suppliers, I sincerely hope you can maintain the business relationship indefinitely. ONLY WHEN you are dissatisfied with them

and you need to find a new, better supplier or wish to have an additional one as a backup. Please feel free to contact us for more

info. I firmly believe you'll enjoy doing business with us, I am very confident.



We eagerly look forward to the opportunity to work with you. If possible, we welcome you to visit our factory in person. What we

most want is just a long-term business relationship not a quick order or big orders.



To show your interest, please list your questions or concerns, I will answer in detail as fast as I can.



Our work email is HGapparel@163.com, it's mainly used for handling all business-related correspondences. It's likely to be

useful for you, so please keep it.



Thanks for reading and your prompt response would be highly appreciated.



Mr. lee

Chinese products spam Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Apr 2026 08:34:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFCA5-00000000ME3-3FA4

for dave@doctor.nl2k.ab.ca;

Tue, 21 Apr 2026 08:33:13 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Apr 2026 08:33:13 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from m16.mail.163.com ([220.197.31.3]:10749)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFC2J-00000000FaT-3kas

for doctor@nl2k.ab.ca;

Tue, 21 Apr 2026 08:25:21 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;

s=s110527; h=Date:From:To:Subject:Content-Type:MIME-Version:

Message-ID; bh=yhw7E0q+UfIEFw4Rwest5q0kmdlARX7UHxH/AL0M1FI=; b=Q

8IH3t7Y3VhYSyHBq7NF/f1O4GaSnzesqFXt54COdZ9mGTtlF0lm+4yxJgbZZB2Sc

rQjJrd4+ciM2DX6JfaVdmssdgR9zc9gvWLCbF9ce1ZxsBNfdAiRXhvO2Nap8tQFX

W9U3seh9PViYpcDGb94jszFEPSGJmqlRPGn+v6C0oY=

Received: from m2ogarments$163.com (

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e] ) by ajax-webmail-wmsvr-40-148

(Coremail) ; Tue, 21 Apr 2026 21:53:09 +0800 (CST)

X-Originating-IP: [240e:38d:8be1:3301:8c9b:dd72:5395:eb2e]

Date: Tue, 21 Apr 2026 21:53:09 +0800 (CST)

From: "Mr Lee"

To: doctor@nl2k.ab.ca

Subject: We are not a big factory but we might be just right for you.

X-Priority: 3

X-Mailer: Coremail Webmail Server Version 2023.4-cmXT build

20260403(27802f6d) Copyright (c) 2002-2026 www.mailtech.cn 163com

Disposition-Notification-To: m2ogarments@163.com

X-CM-CTRLMSGS: UEwOwHBsdXM9MTc3Njc3OTU4OTIwN18yZjA4YTllNzBlZTFhYTE2MDE3ODNmY

zBlNjY0ZWI1MCZtYWlsVHJhY2tpbmc9MSZ0cmFjZUtleT0xNDgyZmNlNjFiNDAwNWIxNmQ5YTg0

ODIwYzFjMzI2Nw==

X-NTES-MT-INF: 1482fce61b4005b16d9a84820c1c3267

X-NTES-SC: AL_Qu2cBPuctk0j7yiebOkfmUYSjuk6UMKxv/Un3IJVPZx+jCHr6AweRF9jBVbZ3MS2EAaQkiCtaSBgx8BdXalDUIIifAktHp/ALU+i5nzzhph3JQ==

Content-Type: multipart/alternative;

boundary="----=_Part_162911_253988438.1776779589890"

MIME-Version: 1.0

Message-ID: <4f86ecee.a813.19db050f903.Coremail.m2ogarments@163.com>

X-Coremail-Locale: zh_CN

X-CM-TRANSID:lCgvCgAH0MxGgedpgnWUAA--.38749W

X-CM-SenderInfo: 3psrwthuph03rv6rljoofrz/xtbC4wXFiGnngUXC+QAA3a

X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU==

X-Spam_score: 6.7

X-Spam_score_int: 67

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi there, We are Shanghai HG Apparel Co. Ltd., a garment Manufacturer,

established in 2005, and we are not a trader. We operate our own factory.

The only purpose of writing you this lengthy letter is to provide you with

more about our business and how we wish to collaborate with you. Should you

be in the same business field, please continue re [...]



Content analysis details: (6.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[220.197.31.3 listed in dnsbl.ahbl.org]

[220.197.31.3 listed in dnsbl.ahbl.org]

[220.197.31.3 listed in dnsbl.ahbl.org]

[220.197.31.3 listed in dnsbl.ahbl.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[dnsbl.ahbl.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[dnsbl.ahbl.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[dnsbl.ahbl.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[220.197.31.3 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[220.197.31.3 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[220.197.31.3 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[220.197.31.3 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[will-spam-for-food.eu.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[will-spam-for-food.eu.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[will-spam-for-food.eu.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[will-spam-for-food.eu.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[will-spam-for-food.eu.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[will-spam-for-food.eu.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[will-spam-for-food.eu.org]

[240e:38d:8be1:3301:8c9b:dd72:5395:eb2e listed in]

[will-spam-for-food.eu.org]

[220.197.31.3 listed in will-spam-for-food.eu.org]

[220.197.31.3 listed in will-spam-for-food.eu.org]

[220.197.31.3 listed in will-spam-for-food.eu.org]

[220.197.31.3 listed in will-spam-for-food.eu.org]

[220.197.31.3 listed in will-spam-for-food.eu.org]

[220.197.31.3 listed in will-spam-for-food.eu.org]

[220.197.31.3 listed in will-spam-for-food.eu.org]

[220.197.31.3 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[220.197.31.3 listed in sa-accredit.habeas.com]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[220.197.31.3 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[220.197.31.3 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[220.197.31.3 listed in wl.mailspike.net]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[220.197.31.3 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[220.197.31.3 listed in bl.score.senderscore.com]

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[m2ogarments(at)163.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.5 HK_NAME_FM_MR_MRS No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.5 GB_FREEMAIL_DISPTO Disposition-Notification-To/From or

Disposition-Notification-To/body contain

different freemails

1.0 FREEMAIL_REPLY From and body contain different freemails

2.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)

Subject: {SPAM?} We are not a big factory but we might be just right for you.

Supplier phishing

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Apr 2026 06:40:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFAOG-000000004tO-0SFI

for dave@doctor.nl2k.ab.ca;

Tue, 21 Apr 2026 06:39:44 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Apr 2026 06:39:44 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mta-05-3.privateemail.com ([198.54.118.212]:39683)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFAEU-00000000PDu-3sAg

for sales@nk.ca;

Tue, 21 Apr 2026 06:29:47 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=myenerpluscorp.com;

s=default; t=1776774524;

bh=TLF72OCksb3Ya5VHtRNhMBdS3VEROtIPM4pV4Ba538E=;

h=Date:From:To:Subject:From;

b=Azcobo+9We2s5U0UPEB0k6rt8Uio8wVGcCDET28EUL0SgHdR67lxIHgFfSc9LZSHW

q8/UoJqCus2Iln9DrqAhvaBaQCPkeg1BSlb6JOHtXGBtdPwSKboYT9gIDpFjcroTqj

5WymNDswP6feoL3tvHWQeJsfHI4Mp2V1R50RKpkyvk8IffvWqBaKNVfTvaoead6fZM

dzYKKczuZQw77L8z9Q+T0fEaWDyBCJQhMZTFOPr0fZPAnj+mOTzZK2BCe+EfEPiSl1

PQ4jRJMl8bPWQdd17jfM5XUM+oql3p0BOSAlkTYH02FTr4aiOIIQtrDJV9Ejf2+6sD

ERH5MR+dt0uKw==

Received: from APP-20 (unknown [10.50.14.244])

by mta-05.privateemail.com (Postfix) with ESMTPA id 4g0M8r3ZY6z3hhTM

for ; Tue, 21 Apr 2026 08:28:44 -0400 (EDT)

Date: Tue, 21 Apr 2026 08:28:44 -0400 (EDT)

From: "wayne.woodward@myenerpluscorp.com wayne.woodward@myenerpluscorp.com"



To: "sales@nk.ca"

Message-ID: <280088405.218562.1776774524468@privateemail.com>

Subject: REQUEST FOR QUOTE

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_Part_218559_393485823.1776774524463"

X-Priority: 3

Importance: Normal

X-Mailer: Open-Xchange Mailer v7.10.6-Rev90

X-Originating-Client: open-xchange-appsuite



------=_Part_218559_393485823.1776774524463

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 7bit



Dear Sales,

Please provide a quotation for the following item(s), including, unit price, lead time, and confirmation of 21-day net payment terms:



UBIQUITI ITEMS

Ubiquiti Unifi U6-LR Pro Access Point

Ubiquiti Unifi U7-LR Pro Access Point

AP Wifi U7 Pro Max ( U7-Pro-Max )



Kindly also send us your credit application form for processing.

Regard

Wayne Woodward

Vice President, Procurement

Enerplus Corporation ( A division of Chord Energy)

333 7 Ave SW, # 3000,

Calgary, AB

T2P 2Z1

Tel: 780-900-6223

Email: wayne.woodward@myenerpluscorp.com



------=_Part_218559_393485823.1776774524463

Content-Type: multipart/related;

boundary="----=_Part_218560_491773800.1776774524463"



------=_Part_218560_491773800.1776774524463

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit



















Dear Sales,




Please provide a quotation for the following item(s), including, unit price, lead time, and confirmation of 21-day net payment terms:



 




UBIQUITI ITEMS




Ubiquiti Unifi U6-LR Pro Access Point




Ubiquiti Unifi U7-LR Pro Access Point



AP Wifi U7 Pro Max   ( U7-Pro-Max )


 




Kindly also send us your credit application form for processing.




Regard









Wayne Woodward


Vice President, Procurement


Enerplus Corporation ( A division of Chord Energy)


333 7 Ave SW, # 3000,


Calgary, AB


T2P 2Z1


Tel: 780-900-6223


Email: wayne.woodward@myenerpluscorp.com




















logos

Business valuation spam from Google Gmail Part 2

llowing up because I haven't heard from you, so I'm assuming you've =

decided not to sell?=C2=A0



You would be a great fit.=C2=A0



Best,



Oliver Bogner

Managing Partner | The Advisory Investment Bank

Top 3 Lower Middle Market Investment Bank on Axial - 2025 List

2x Forbes 30 Under 30 Alumni | 2x Inc 5,000 CEO

A: 269 S Beverly Dr. =

Beverly Hills, CA 9021



On Wed, April 15, 2026 12:01 PM, Oliver Bogner =



[development@teaminvesttheadvisory.=

com]> wrote:



> Greetings,

>=20

> Would you be interested in learning about=

some potential offers.

>=20

> Valuations are exceptionally strong right =

now in your space.

>=20

> Best,

>=20

> Oliver Bogner

> Managing Partner | The Advisory Investment Bank

> Top 3 Lower Middle =

Market Investment Bank on Axial - 2025 List

> 2x Forbes 30 Under 30 Alumni =

| 2x Inc 5,000 CEO

> A: 269 S Beverly Dr. Beverly Hills, CA 9021

> On Mon, March 30, 2026 12:08 PM, Oliver Bogner
advisory.com>

> [development@teaminvesttheadvisory.com]> wrote:

>=20

> > Just checking in

> >=20

> > Best,

> >=20

> > Oliver Bogner

> > Managing Partner | The Advisory Investment Bank

> > Top 3 Lower Middle Market Investment Bank on Axial - 2025 List

> > 2x Forbes 30 Under 30 Alumni | 2x Inc 5,000 CEO

> > A: 269 S Beverly Dr. Beverly Hills, CA 9021

> > On Tue, March 24, 2026 =

12:53 PM, Oliver Bogner

> > [development@teaminvesttheadvisory.com]> wrote:

> >=20

> > > Greetings,

> > >=20

> > > We potentially have an interested buyer for Netknow Internet=

Knowledge.

> > >=20

> > > I'm Oliver Bogner, Managing Partner at The =

Advisory Investment Bank (Top 5 Lower Middle Market, 2025). I've been in =

your shoes as an operator and sold my past companies; now I head up the =

Advisory, where we help other founders like us exit. I've been featured on =

Forbes 30 under 30 2 times, INC 5,000 CEO, and many more.

> > >=20

> > > Valuations in your space are very high right now - companies doing =

$1M in profit get valuations up to 12 x.

> > >=20

> > > Do you have some =

time next week to connect?

> > >=20

> > >=20

> > > Best,

> > >=20

> > > Oliver Bogner

> > > Managing Partner | The Advisory Investment Bank

> > > Top 3 Lower Middle Market Investment Bank on Axial - 2025 List

> > > 2x Forbes 30 Under 30 Alumni | 2x Inc 5,000 CEO

> > > A: 269 S Beverly Dr. Beverly Hills, CA 9021

> > >=20

> > >

Business valuation spam from Google Gmail Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Apr 2026 06:40:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFANx-000000004sY-26iT

for dave@doctor.nl2k.ab.ca;

Tue, 21 Apr 2026 06:39:25 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Apr 2026 06:39:25 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qv1-f53.google.com ([209.85.219.53]:52488)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wFA1H-00000000Keq-101z

for sales@nk.ca;

Tue, 21 Apr 2026 06:16:11 -0600

Received: by mail-qv1-f53.google.com with SMTP id 6a1803df08f44-8a58057d7baso52072906d6.1

for ; Tue, 21 Apr 2026 05:15:10 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=teaminvesttheadvisory.com; s=google; t=1776773704; x=1777378504; darn=nk.ca;

h=mime-version:date:content-transfer-encoding:subject:to:from

:references:in-reply-to:message-id:from:to:cc:subject:date

:message-id:reply-to;

bh=hYtP+W3hI9UzxNMk4U1/79lNY12KyInvUxZe5BFsu8Y=;

b=DbRjhoSp+OTAoUAgfTyad2kdJSYlW7QPiiRguKOPUllHoZNUYpbRYB+XmTjzxu6hSg

QkH20vizrvnGjTsQZVlKPKA2rjKiWtReLlHLHYu5aA2E+1O0YZNZoVgjJ+JxCGH/VZu7

hijN6v0YdHhinkBpZtPOXeFre+ZV1478kErFNLaiCkSZ0yTo3vXDgs3MVR1/y7hAa0DD

eB/8cPkRuuQvMQbTjp4bInX6rY5+bktMg0urQz/eS0/BjhQFbCkErD/hjZXo7nhlCVP5

VP58QZTCKKFp6Fp4yW8s7e0BUbulT1I/O33SkrMcZrxMiXW/4iwAc5XomkKZ7y01BRhT

dOGA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1776773704; x=1777378504;

h=mime-version:date:content-transfer-encoding:subject:to:from

:references:in-reply-to:message-id:x-gm-gg:x-gm-message-state:from

:to:cc:subject:date:message-id:reply-to;

bh=hYtP+W3hI9UzxNMk4U1/79lNY12KyInvUxZe5BFsu8Y=;

b=DyWuo7DUjpYqQiSll+0B5OOZiIijEieEehBDeBTyUlaVc5Ske6AlIcXipsriKOiTPX

dY8Ep7Zy29psIfzghS3AxepwFqvk5xhIun76KZ38cZMO04WY75ThiWqXuyEH67z3YGqR

GRQS5Fsh3+kbH6MDDCI8gIYdRR9zaffpRh76abR9kYgy2paPogyrB3v9vdaDes+32W2+

9uAh0QH5cXPeyAE3UedDTyxLdEZG3Eh+bc3qdLYejGLSQy9hdsFpCua84N7HYHt8LpFR

0juYByXg/CuyDKr/A22PqTd6HxE5euKvvaIbBEIMFPnrgzvM7XBDmQxZU8Z761QlI+u6

2R9w==

X-Gm-Message-State: AOJu0YyzSFf88u/XAhzwK/0Rpa/AyROelRMSNpdlgdDYAy3NJhN8zsap

84mvMmgLqB2K8Ba09psGRoFEJ5VlkbJ+wreOxQ22qSDV9NQ5J+Imllkb93Ov+SWMwjE71G1UVmv

5jKv+qA==

X-Gm-Gg: AeBDies1bb4Yr8cdjUrhRcdynJ++DwpJDyEEJ+Bnsf04pP16wE3yVDfFO6BW/7rrjmz

0RJ2AH+alh7jnpXzKLarcR5cMqrpeNfxJTZdDFB/BjwJZ5uvKP10wBokf8H//Cv4FOM7k/4Zre0

aizyzVQTcfCqtLlU+sWtj58pOs/WKYc9sgPQoMB2bl6FRdib6toO+u7FTrxwo076W4lO54sjKue

ERrBkm/gnn70aY0gUasrD7wvzAVITLS++PsUAGRFL72HhHhz+p4Y4lf4l3K9z1oEPWHDrmglyyy

GPEO/Aj3XAUAkmoKyxTLrpRNw6U7HRhT8cYfdMYoSa/uLSk8HSAuN1sxw0E5zPufaAcgFq8nFs8

xILWgN38tV83lLEyL/AQS78XhnrSKKqTFg28p3TGUvJE/+cVKfzZL97AtD6PMFCLqboJWRWAxp1

3BZBvTvKuVe9+wweONrJNrbu1jJO6rA8+alvDKaNY8aFIEiNsW8Jm8SmK4avmDPr7vCEO1JZVWw

kvxp9Tc9NBt8/RHUtwdRRHILRViKg5u2FsuU8eBWsK+MqQuqNMFZJVpX5CsLBZ0HqIvSaDBs3f8

TeupqFaYF/pcuMjQ8Q==

X-Received: by 2002:a05:6214:1d08:b0:8ac:74f5:fbaf with SMTP id 6a1803df08f44-8b028177e9fmr295659716d6.51.1776773703264;

Tue, 21 Apr 2026 05:15:03 -0700 (PDT)

Received: from 019daff7-232c-71fa-b92a-6fdb4c145125.local (ec2-3-145-199-107.us-east-2.compute.amazonaws.com. [3.145.199.107])

by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8b02ae5c44esm100072466d6.27.2026.04.21.05.15.02

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Tue, 21 Apr 2026 05:15:02 -0700 (PDT)

Message-ID:

<019daff7-232c-71fa-b92a-6fdb4c145125@teaminvesttheadvisory.com>

In-Reply-To:

<019d9104-be7b-7e8d-a251-40eb099240b1@teaminvesttheadvisory.com>

References:

<019d9104-be7b-7e8d-a251-40eb099240b1@teaminvesttheadvisory.com>

From: Oliver Bogner

To: sales@nk.ca

Subject: Re: Acquiring Netknow Internet Knowledge

Content-Transfer-Encoding: quoted-printable

Date: Tue, 21 Apr 2026 12:15:02 +0000

MIME-Version: 1.0

Content-Type: text/plain; charset=utf-8

X-Spam_score: 6.8

X-Spam_score_int: 68

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: I'm following up because I haven't heard from you, so I'm

assuming you've decided not to sell? You would be a great fit. Best,



Content analysis details: (6.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.219.53 listed in dnsbl.ahbl.org]

[209.85.219.53 listed in dnsbl.ahbl.org]

[209.85.219.53 listed in dnsbl.ahbl.org]

[209.85.219.53 listed in dnsbl.ahbl.org]

[3.145.199.107 listed in dnsbl.ahbl.org]

[3.145.199.107 listed in dnsbl.ahbl.org]

[3.145.199.107 listed in dnsbl.ahbl.org]

[3.145.199.107 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.219.53 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.219.53 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.219.53 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.219.53 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[3.145.199.107 listed in will-spam-for-food.eu.org]

[3.145.199.107 listed in will-spam-for-food.eu.org]

[3.145.199.107 listed in will-spam-for-food.eu.org]

[3.145.199.107 listed in will-spam-for-food.eu.org]

[3.145.199.107 listed in will-spam-for-food.eu.org]

[3.145.199.107 listed in will-spam-for-food.eu.org]

[3.145.199.107 listed in will-spam-for-food.eu.org]

[3.145.199.107 listed in will-spam-for-food.eu.org]

[209.85.219.53 listed in will-spam-for-food.eu.org]

[209.85.219.53 listed in will-spam-for-food.eu.org]

[209.85.219.53 listed in will-spam-for-food.eu.org]

[209.85.219.53 listed in will-spam-for-food.eu.org]

[209.85.219.53 listed in will-spam-for-food.eu.org]

[209.85.219.53 listed in will-spam-for-food.eu.org]

[209.85.219.53 listed in will-spam-for-food.eu.org]

[209.85.219.53 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.219.53 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.219.53 listed in wl.mailspike.net]

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} Re: Acquiring Netknow Internet Knowledge

WEb/SEo/App spam from Microsoft Outlook PArt 2



Content analysis details: (7.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.23.8 listed in dnsbl.ahbl.org]

[52.103.23.8 listed in dnsbl.ahbl.org]

[52.103.23.8 listed in dnsbl.ahbl.org]

[52.103.23.8 listed in dnsbl.ahbl.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[dnsbl.ahbl.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[dnsbl.ahbl.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[dnsbl.ahbl.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.23.8 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.23.8 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.23.8 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.23.8 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:10b6:806:2f7:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[2603:10b6:806:2f7:0:0:0:13 listed in]

[will-spam-for-food.eu.org]

[52.103.23.8 listed in will-spam-for-food.eu.org]

[52.103.23.8 listed in will-spam-for-food.eu.org]

[52.103.23.8 listed in will-spam-for-food.eu.org]

[52.103.23.8 listed in will-spam-for-food.eu.org]

[52.103.23.8 listed in will-spam-for-food.eu.org]

[52.103.23.8 listed in will-spam-for-food.eu.org]

[52.103.23.8 listed in will-spam-for-food.eu.org]

[52.103.23.8 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.23.8 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[usagisnow11(at)outlook.com]

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[usagisnow11(at)outlook.com]

1.2 MISSING_HEADERS Missing To: header

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.23.8 listed in wl.mailspike.net]

Subject: {SPAM?} Re: Looking?



--_000_SA3PR03MB72357721C2CD3746DCFB6597B02C2SA3PR03MB7235namp_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable



Hi,

Just checking in on this.

Thanks,

From: Usagi snow

Sent: April 2, 2026

Subject: Re: SEO

________________________________

Can I send details?

Hi,



I reviewed your website and identified SEO opportunities for growth. Happy =

to explain the approach if you=92re interested.



--_000_SA3PR03MB72357721C2CD3746DCFB6597B02C2SA3PR03MB7235namp_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable








252">








0pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, =

Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Hi,



0pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, =

Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Just checking in on this.



0pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, =

Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thanks,



0pt;">
rvice, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0)=

;">From:


ervice, Calibri, Helvetica, sans-serif, serif, EmojiFont; font-size: 16px; =

color: black; background-color: white;">Usagi snow

t-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetic=

a, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">


Sent: April 2, 2026


Subject: Re: SEO










0pt; font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, =

Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Can I send details?



font-family: Aptos, Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helve=

tica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Hi,



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);">




I reviewed your website and identified SEO opportunities for growth. Happy =

to explain the approach if you=92re interested.








--_000_SA3PR03MB72357721C2CD3746DCFB6597B02C2SA3PR03MB7235namp_--