NetKnow Corporate Blog

Web/SEO/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on Sunday, March 1. 2026

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.43.74 listed in dnsbl.ahbl.org]

[52.103.43.74 listed in dnsbl.ahbl.org]

[52.103.43.74 listed in dnsbl.ahbl.org]

[52.103.43.74 listed in dnsbl.ahbl.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[dnsbl.ahbl.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.43.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.43.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.43.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.43.74 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.2 MISSING_HEADERS Missing To: header

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[sugarmanwww.in(at)hotmail.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.43.74 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Re: Yes

--_000_SEYPR06MB60619E01A244266884C2A9CD8171ASEYPR06MB6061apcp_

Content-Type: text/plain; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

Hi,

I am still waiting for your reply. Please let me know if you are interested=

. In my services.

Thanks

________________________________

From: sugarman stuart

Sent: Tuesday, February 3, 2026, 11:17 AM

Subject: Yes

Hi,

I saw your site =97 it has great potential! A few small SEO tweaks can boos=

t your Google position.

I can send you a (low-cost) price list.

Thanks.

sugarman stuart

--_000_SEYPR06MB60619E01A244266884C2A9CD8171ASEYPR06MB6061apcp_

Content-Type: text/html; charset="Windows-1252"

Content-Transfer-Encoding: quoted-printable

252">

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Hi,

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

I am still waiting for your reply. Please let me know if you are interested=

. In my services.

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Thanks

11pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

From: sugarman stuart

Sent: Tuesday, February 3, 2026, 11:17 AM

Subject: Yes

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb=

(0, 0, 0);" class=3D"elementToProof">

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb=

(0, 0, 0);" class=3D"elementToProof">

Hi,

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

I saw your site =97 it has great potential! A few small SEO tweaks can boos=

t your Google position.

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

I can send you a (low-cost) price list.

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Thanks.

Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb=

(0, 0, 0);" class=3D"elementToProof">

sugarman stuart

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

--_000_SEYPR06MB60619E01A244266884C2A9CD8171ASEYPR06MB6061apcp_--

Web/SEO/App spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on Sunday, March 1. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 01 Mar 2026 10:35:00 -0700

Received: from mail-japaneastazolkn19013074.outbound.protection.outlook.com ([52.103.43.74]:63542 helo=TYDPR03CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwkgM-00000000CjR-2drN

for dave@doctor.nl2k.ab.ca;

Sun, 01 Mar 2026 10:34:29 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=IrYqs0a86/5nq66H6S2TWSGlFjzM3ZNX0PJHVYMIBSmha0Pa5ymsKjiP6kWeEiTZHKuDnY++1v34aXdHc3Q1uBObuvlaRwnsfqz4VnqbXt6JJ0bt5zkLiQD9q0GEEyyCsZm5WDebze3jMwWgILqUH6zqoOTS2zY2qj1k6OXlFX9XpJO3IlRrtX3W1RRyGYLGcEjOuVMBCWSUYlXX8EpGOO/Imu2E7vMx6fobExPzBbSJZgjA0VHyhMXOaOWXJzED64hODrsrq/GJ/tgeJhiZq1MqTvxywGaxM/53XQZJcWlIHHVEH5DI82+CcxgZV+7jnEzIQR2OAc6YSyFHUtHPRw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=JwyDJ2XsU9GtO1bfrV91WM/L7ml1DBXXSc/Dl9eeI1c=;

b=jUhfzUvVWIG6huJ/PhiVyHB/KiASNQFmOzv5PEr1spBlrWgsKYeJ5UpLD2sDsATxBmknsRzmsq8S/YIdyyl0F31UKoUAyB2J8BkcYsjFHgAgtMKQDXFF0VEH/c9weB5TbUGQCOWTYvGnKs41zsTmGTILBOwZnqBcVvVc1a/6XmPKXGhJNFYpWXK6f0TFYnGljaGllMnt75B+JJJErEx81YkZyMIeFqF5aGBPCu8jZorexKYOy1x9FKaomWemnyYqxm3a0S0LPMr5QgD9AWR/qnUd3YLja3IXnYqSoYn5CcJq6nsmz175HHkh9kW9XH3NeHd71XWW9eBEYlgiPfHuOQ==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=JwyDJ2XsU9GtO1bfrV91WM/L7ml1DBXXSc/Dl9eeI1c=;

b=KnmttOANx8hXFT/5V/O3yW+flFljuWlOBxUY9PO8dLbSz529Z3/bLWDqIesjUiZw8q47A9QnIoUzYAln8ejd0uO3ViJ9AsGWCk1Ud4gae9htrJmV3Ao+5tHGvCF54/9QLeGet7uzmcLdfbFDm9/6/BU+LeVXpnBD9U9+fsXLj5rMYCYpxYJfhjegYyk4xptG1MVNeSzVe0ft3x9KTcMTrUlXG6Wyf+KEUDoaWFsI//lAPsCfV5hylo24gsHN7dwj/cbZ7NGeqPbH/QXqiNUBCNh+xjGshAkQMMdbGp0v128S6S4gvHwbYpMxkncs3b0rFywxfEWrcjwpmtr/+6BCfQ==

Received: from SEYPR06MB6061.apcprd06.prod.outlook.com (2603:1096:101:d3::14)

by KL1PR06MB6111.apcprd06.prod.outlook.com (2603:1096:820:d9::14) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9654.18; Sun, 1 Mar

2026 17:33:02 +0000

Received: from SEYPR06MB6061.apcprd06.prod.outlook.com

([fe80::afe2:1291:9aee:7614]) by SEYPR06MB6061.apcprd06.prod.outlook.com

([fe80::afe2:1291:9aee:7614%4]) with mapi id 15.20.9654.020; Sun, 1 Mar 2026

17:33:02 +0000

From: sugarman stuart

Subject: Re: Yes

Thread-Topic: Yes

Thread-Index: AQHcqaEB2zA/DFhVTEiSsU9IlzpO0A==

Date: Sun, 1 Mar 2026 17:33:02 +0000

Message-ID:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: SEYPR06MB6061:EE_|KL1PR06MB6111:EE_

x-ms-office365-filtering-correlation-id: fe409cd1-5e51-4feb-bcdb-08de77b896cd

x-microsoft-antispam:

BCL:0;ARA:14566002|31061999003|19110799012|8062599012|8060799015|15080799012|9112599006|15030799006|461199028|20031999003|39105399006|440099028|3412199025|102099032|3420499032|40105399003|51015399003;

x-microsoft-antispam-message-info:

=?Windows-1252?Q?fYCNoYjgvs3sfjFFvCjtuqb2uDNMzezSb5pLjBOduw/MSBPWF1rtaZvb?=

=?Windows-1252?Q?auf6n1k8vpUn0yDVbfH9QCjufABjK6KPrpl+hcHW2dQPB2tGpB1+2egw?=

=?Windows-1252?Q?zHxWl6Yc1sfLTOtgLakZT7DrTWVY8VtgxFjX3mcEVYH4ps+jkLqBDEte?=

=?Windows-1252?Q?sbGBCxnIMT0aqzBQWK6CsmpaKf1+gheh4veOSSXoeRvCbh66mRsp03aN?=

=?Windows-1252?Q?Xq2eU8gHvvVHUJZ+zr6m2yerN7FbShKs+trjc43GuJ+VBql6P/aUSDR5?=

=?Windows-1252?Q?QfZCUsHxJ+bpFkHH4GkUV8uI6s/R+2D+p6JbICEjBk6bLaQXfCdZEP6E?=

=?Windows-1252?Q?w1GnuqIF0tVtZ85Ewb6kMUn90w875KWlW58U2GwlnGfXqhQr4jGCTxrR?=

=?Windows-1252?Q?PveqAvWqITYAu1Qzevk7dSEmL8GHFZAGAGkg3SQLchA4kOfDLGmrN4mR?=

=?Windows-1252?Q?ERBzlXOnvZAyc2BGk2eVwvHh0zfRwviijrnetI/cu5tQsLlmpU8zRVYI?=

=?Windows-1252?Q?Q99GJkty43FxRAmAL93IQlzX/tVc8ocuPaA5ppWKZrobQqfRUGr21JOp?=

=?Windows-1252?Q?BtQGJDCiEQNo8kPprRuNGWnXcpuKmgvW1tykoFbaUtOnoVW7Bi+iaf6I?=

=?Windows-1252?Q?lfwm6Xf/AVDgvIGcEg2O/7+y8fyF5mcd3cBrZapeG66odp0VLxXjS9d9?=

=?Windows-1252?Q?jOr4jDTCVFvP6bY+VpaNQ4a/Z3a5GE/b69mTykAsrGoNHcwy+gj4/Yy3?=

=?Windows-1252?Q?kXobN8lt7KEYjwJSWqFtMdG6VnkxykKWMrU+kzpegYlNDJiRzIVqMhUJ?=

=?Windows-1252?Q?ShYc+syl47D0aF+2sbqVH8HUn2d2X6B9jzMOBLtsPbJF+V1yJ/25CjeD?=

=?Windows-1252?Q?X0hhZnmmXQW/tuy2jtQaKAI8UcNS6WBBMFnEH2J7+rtgYZADL4nashJG?=

=?Windows-1252?Q?UbdWVcjQcZrhKAx/MIAl5fn2NBcaS1dc3mRJ8qYO4IXn/aj8oGSrwJQz?=

=?Windows-1252?Q?lDtDmmeGSNbkMZLxZv9JrsMSUSLQYyjGAPMK84ngDPcwOtvB6a80Nnin?=

=?Windows-1252?Q?s18OvYo/3Un0bYpvcV3jGfNLh/OQBd6SRt6aoA=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?Windows-1252?Q?WeiWl9OFP19kYm4m1YVkhYbsbbjWYUWqyBGJRrcSsayynnJWPqBDBhbY?=

=?Windows-1252?Q?HYg1eE0AkXcECDlwSoX8lyWe9Gc3HhdEFRi8JboxbnxlSZifJ9JHleGC?=

=?Windows-1252?Q?QQ88ye7ATdkNhLM7j7UAFUcpkTdr/agycAg8tc25ktb6RVSoXvrMibpt?=

=?Windows-1252?Q?U6MLQmMs7AODzWk7oP8ahWKo19MF5JzmIZpXOTLZtOagzXc4OJ1HtL2h?=

=?Windows-1252?Q?WEqxJbngYQQ0KW2PWIxZlFPv8aqjFUZzDFjN6UrzPKkPT/rbUUSXkftn?=

=?Windows-1252?Q?9BMa/IYPI91fQwcicTCwQYJtE00xnZWs+hBNK68NqsuVNb58elV/9wg0?=

=?Windows-1252?Q?2vXe/mc8aajcvYyOrKCBq9sQaCJmJmkJyGqWw84xGcM40GBsTzLcLA0g?=

=?Windows-1252?Q?n0Txm3h3UOko/DirwdEt26NZp6zqFh2s2Rw9Y7sJs1I5wczFDyjdQ6yq?=

=?Windows-1252?Q?1aQ9P+zjnDgHx5aRYWugC2OhmLmeR5ylPSiq1IEbi8xWKm6Z2ZjdqZ1s?=

=?Windows-1252?Q?ELB/VE5zNGTCPruUE8PrP8i+sQFzZV+oGp94A98+l/1x48vQEJyDX5ze?=

=?Windows-1252?Q?GnJIDBbQhv2LwvMEts1U6TammxRFZWV05Zm3Nvt6eIUe2k8Oq96zlgjf?=

=?Windows-1252?Q?POIr/4PYhchdixP7b5RtCpO93lToCp2F64VK9lFJc8ZA1xos1WWMnlVq?=

=?Windows-1252?Q?TS2tCG9KIV5Hhl4wmIE7abPP5UeLU1j8h7m5/h2S4atYElw4RbYFC45G?=

=?Windows-1252?Q?jHc5IkcTL3RQ9Cs/xRYX9mR+P8exS4ZDCK737EMACic/iuyckJ6BlTy3?=

=?Windows-1252?Q?reIyjQ5nWm7TCO7Xnvd6g7jlRG6wEJqR47pvPoiXpkYOWNUvQ/h0YdSQ?=

=?Windows-1252?Q?KNX4fcRGrABs88uCY3dELO0r276AkA0LaXz1lgSBJlpFFLgi3ZmfgOWy?=

=?Windows-1252?Q?P6LznWQ9X5C6mCCs5alE3iTLhkLPT4ZMJP81NMroGEG+PZj+aUkwHr/m?=

=?Windows-1252?Q?H4JPyyzn9oSA1FK0nblxUKbQVEyeDNu6WOSOTKzY9sQF2NyS66YRl0m4?=

=?Windows-1252?Q?+DqLFtDstOXi9TI+iP95tH9cKJQttlgOnTbiCScgOox/HeZqnsYo/xB0?=

=?Windows-1252?Q?xuIlHuReEhicy0NTzkNs8rXeuw1M5uGTjtB3psMC5D+I2Pb4xefe6EX1?=

=?Windows-1252?Q?N5BUahtuoVPGPFHudC9dCtFZqZ8jwM/aK5v7QzAIfE/4bZ51CmY4XIBn?=

=?Windows-1252?Q?SAvm4QNHqMSVFJ1NetEre3eWk4eZK0AME6Hl5Y7GGGjYZTO5L28PRpXP?=

=?Windows-1252?Q?7vVXd0/T8PTe/xsBxHjX5m5FSmiRxsAuA5eKsTTiNshjQkUAULfXlvzI?=

=?Windows-1252?Q?QBv1howYD2dvmLNg0ZmkU9yb9XVpl6v1rqf7cHhzEfnKsSDemgacQXtV?=

=?Windows-1252?Q?LGsvbTdDBxeLKBs4jwwa/4q5yYQLDVkazU1CAEvd815DkXPuRdRUAtg0?=

=?Windows-1252?Q?tjdrvh9gviV5/gyvVG9TtIk+5eVMhreHGUIDOb6Q+kqFa3/toXtny8Av?=

=?Windows-1252?Q?ODIMygjAwrCwgw/W?=

Content-Type: multipart/alternative;

boundary="_000_SEYPR06MB60619E01A244266884C2A9CD8171ASEYPR06MB6061apcp_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-25b72.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: SEYPR06MB6061.apcprd06.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: fe409cd1-5e51-4feb-bcdb-08de77b896cd

X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2026 17:33:02.0796

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: KL1PR06MB6111

X-Spam_score: 7.4

X-Spam_score_int: 74

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hi, I am still waiting for your reply. Please let me know

if you are interested. In my services. Thanks From: sugarman stuart Sent:

Tuesday, February 3, 2026, 11:17 AM Subject: Yes

Content analysis details: (7.4 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:101:d3:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:101:d3:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[52.103.43.74 listed in will-spam-for-food.eu.org]

[52.103.43.74 listed in will-spam-for-food.eu.org]

[52.103.43.74 listed in will-spam-for-food.eu.org]

[52.103.43.74 listed in will-spam-for-food.eu.org]

[52.103.43.74 listed in will-spam-for-food.eu.org]

[52.103.43.74 listed in will-spam-for-food.eu.org]

[52.103.43.74 listed in will-spam-for-food.eu.org]

[52.103.43.74 listed in will-spam-for-food.eu.org]

Web/SEO/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on Sunday, March 1. 2026

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?obkxnbO9GXTKqk2J473FzBRqslrgYGO6EaucnklVsw2K4yHfVqkcgHa2B3?=

=?iso-8859-1?Q?9lzl3KT5LkAO/FrnxIuwFAsmZG6WepHtKY5ArYg2QHPf1N2slbo2kXO8YF?=

=?iso-8859-1?Q?F4gOhs4bcTa3k6s1IY/bZ2l65ZjdRdErBBDQfzjrz+e8mwZGTFwznWUdB5?=

=?iso-8859-1?Q?IzSVivFGvhCM3Q5azrqfG3NjBA3gxxnxYZBWDDtD5v9AHlCjQBmwrvHET/?=

=?iso-8859-1?Q?zk8xxkY/pOVwTIiBWqXaDpTmBJYbr+oFNt4zxKPik7o7r54HpvU7/GSYie?=

=?iso-8859-1?Q?ZCMKMR5gfE7YO1fI7FPT9qVH2OnzKPL4J2a+b/k0j6lnBTB2KEH2JFdWd4?=

=?iso-8859-1?Q?2GxDsYczhdS0szXzhHPAnUGYIduFK3eRKNUCUy2/qEQ1OedlaaUs0vIimi?=

=?iso-8859-1?Q?A84gmhzwYPlOdeXYQpeUdPXSTcsxnlEbHTB95dHX/GRySiY561YKLiyhQ+?=

=?iso-8859-1?Q?n5vr8OSF/yuRslq2R7BZIqXwUxay0lwPVa1zTOwj+0fi/BtKYqB801ZJG3?=

=?iso-8859-1?Q?E8ezdS51hFJKf1FrqXxX8R8oaY4a+HchJbV4bhxGi2auDeVK7V2TZnihGM?=

=?iso-8859-1?Q?pq1P/Db/Cm4pbOrAePcjHGb6DlAyihBcbZ6K+ugpaCAeBSUjbWMN6VpJfG?=

=?iso-8859-1?Q?tjshqjowH6sxBRQJS6P/DrMloSEV4EmAVoGJALs5t4nWdI5K2ZtoVmFGrb?=

=?iso-8859-1?Q?/Odb8ArpIpk9/4s29f2WpPBjWGYfs2xOkkfCBxBg0Y67tVRSNlTZKhSofQ?=

=?iso-8859-1?Q?KsSTT9nyspiGwNfFHafhmagnD/Bo+TBFpF/QpSl+m7mA9LHfUSt4EQRYNv?=

=?iso-8859-1?Q?/ptwQj2smr5WKC7StM1znbBBPewDTPbj/hziZwI1zsapiyEYZSLJ+RTQyK?=

=?iso-8859-1?Q?nio+W9Qe+Z7bKUMYwFqI4WGfLTSHxC4I2pOcvGSSs+E11Phw3IwkMCTlPC?=

=?iso-8859-1?Q?rr7ZY9QeTh4/qmMR83orf3c8PHBcFHOTqJ7iqugZqtR0fhWtkcVBEiOFPz?=

=?iso-8859-1?Q?cNoM4ytBHE83VmedNcEhTKwAXUYpV05FLC0SbcuIf5kaCqlnnp23g1Bdf2?=

=?iso-8859-1?Q?pJ+BIgWtk3epdQXkenz7EBl9H3nPboCpoRVfIRrTThCgv+yasnHl9CCGTe?=

=?iso-8859-1?Q?58GJqhG+gQUCdORh0ypICRWpORw0GO6B83rtbR8bSkXSqmTQr+S4CgR4SW?=

=?iso-8859-1?Q?r2xrThYMT4EqD4ehyeLKM1mGvRI/Wr3LvBl+WUAPnDHGb94KJgxdNTKMqH?=

=?iso-8859-1?Q?76zdDH2+K6eFTI7C7SyA2h8Oovb7l6MUStm6IQUIhz8bhPEji+lc5joAQw?=

=?iso-8859-1?Q?ljSQc9Opf8vtLBdjk+OXPMK0TVJ+JKaMwLY08De6xTWHaCPFNNqyg5Q2Cm?=

=?iso-8859-1?Q?4qR6x5dl0n5zE/A7h8AxYyspeP1SuFZzpxihOdDRJQp2Aog0pPJ+5sNRfF?=

=?iso-8859-1?Q?NaUXkaTaEF86KGX8?=

Content-Type: multipart/alternative;

boundary="_000_SEZPR01MB76073F343295A72BAA0F25089571ASEZPR01MB7607apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: SEZPR01MB7607.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 167a86b3-feec-45b8-043c-08de7781991b

X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Mar 2026 10:59:23.6181

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: JH0PR01MB5793

--_000_SEZPR01MB76073F343295A72BAA0F25089571ASEZPR01MB7607apcp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Hello,

I checked your website you have an impressive site but ranking is not good =

on Google, Yahoo and Bing.

Would you like to optimize your site? I will be happy to share with you our=

pricing and proposals.

Let me know If you are interested, I will send you our SEO Packages and pri=

ce list.

Thanks

--_000_SEZPR01MB76073F343295A72BAA0F25089571ASEZPR01MB7607apcp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

1">

Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Hello,

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);">

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);">

I checked your website you have an impressive site but ranking is not good =

on Google, Yahoo and Bing.

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);">

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);">

Would you like to optimize your site? I will be happy to share with you our=

pricing and proposals.

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);">

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);">

Let me know If you are interested, I will send you our SEO Packages and pri=

ce list.

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);">

_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb=

(0, 0, 0);">

Thanks

--_000_SEZPR01MB76073F343295A72BAA0F25089571ASEZPR01MB7607apcp_--

E-mail lottery spam

Posted by Dave Yadallee on Sunday, March 1. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 01 Mar 2026 06:43:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwh4F-00000000M6P-2rZ2

for dave@doctor.nl2k.ab.ca;

Sun, 01 Mar 2026 06:42:43 -0700

Resent-From: The Doctor

Resent-Date: Sun, 1 Mar 2026 06:42:43 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mx.ite.net ([202.88.64.59]:36596 helo=mail.ite.net)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwgr3-00000000LWD-3mpq

for sales@nk.ca;

Sun, 01 Mar 2026 06:29:15 -0700

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mail.ite.net;

s=smtp1dkim; t=1772371691;

bh=0x8ScmTTO5n8x2XdOns6/NcW36w0r8auEXNk/pP8Yhs=;

h=Subject:To:From:Date:Reply-To:From;

b=o1/5I1yPRgbK7Pfw5wxXAs1ovTkSNTFDhU8nwCTOiuXHu3SA4EDQPK0yWEb1igY+M

HqM2LFXprAajVZ7PGNSF6x7C12o3l/AMcxj/i++hJsU/isBZcHv7EB9naa7gpRrLFX

2y74uRnjqM+JR2kwACBvgoT7yppDF/hUFAiJM/Hg=

Received: from [100.112.5.210] (unknown [209.107.192.209])

by mail.ite.net (Postfix) with ESMTPA id E0FE68CCCCCB;

Sun, 1 Mar 2026 23:28:08 +1000 (ChST)

Content-Type: text/plain; charset="iso-8859-1"

MIME-Version: 1.0

Content-Transfer-Encoding: quoted-printable

Content-Description: Mail message body

Subject: - YOUR GRANT OF $850,000.00 USD IS APPROVED -

To: THE ASIA FOUNDATION

From: "The Asia Foundation - MALAYSIA GRANT OFFICE"

Date: Sun, 01 Mar 2026 07:27:58 -0600

Reply-To: theasiafoundation2026-claimsoffice@wellsadmusr.com

X-Virus-Scanned: clamav-milter 1.4.3 at av01.ite.net

X-Virus-Status: Clean

X-Spam_score: 8.7

X-Spam_score_int: 87

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: THE ASIA FOUNDATION Â© [ Head Office ] - KUALA LUMPUR, MALAYSIA

Your Reference Number is : TAF/WU407/2026/ASIA CONGRATULATIONS - YOUR E-MAIL

WAS SELECTED TO RECEIVE THE GRANT SUM OF $850,000.00 USD.

Content analysis details: (8.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.107.192.209 listed in will-spam-for-food.eu.org]

[209.107.192.209 listed in will-spam-for-food.eu.org]

[209.107.192.209 listed in will-spam-for-food.eu.org]

[209.107.192.209 listed in will-spam-for-food.eu.org]

[209.107.192.209 listed in will-spam-for-food.eu.org]

[209.107.192.209 listed in will-spam-for-food.eu.org]

[209.107.192.209 listed in will-spam-for-food.eu.org]

[209.107.192.209 listed in will-spam-for-food.eu.org]

[202.88.64.59 listed in will-spam-for-food.eu.org]

[202.88.64.59 listed in will-spam-for-food.eu.org]

[202.88.64.59 listed in will-spam-for-food.eu.org]

[202.88.64.59 listed in will-spam-for-food.eu.org]

[202.88.64.59 listed in will-spam-for-food.eu.org]

[202.88.64.59 listed in will-spam-for-food.eu.org]

[202.88.64.59 listed in will-spam-for-food.eu.org]

[202.88.64.59 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[202.88.64.59 listed in dnsbl.ahbl.org]

[202.88.64.59 listed in dnsbl.ahbl.org]

[202.88.64.59 listed in dnsbl.ahbl.org]

[202.88.64.59 listed in dnsbl.ahbl.org]

[209.107.192.209 listed in dnsbl.ahbl.org]

[209.107.192.209 listed in dnsbl.ahbl.org]

[209.107.192.209 listed in dnsbl.ahbl.org]

[209.107.192.209 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[202.88.64.59 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[202.88.64.59 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[202.88.64.59 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[202.88.64.59 listed in dnsbl.ahbl.org]

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.8 UPPERCASE_50_75 message body is 50-75% uppercase

0.0 LOTS_OF_MONEY Huge... sums of money

0.5 MONEY_NOHTML Lots of money in plain text

0.0 MONEY_FROM_MISSP Lots of money and misspaced From

Subject: {SPAM?} - YOUR GRANT OF $850,000.00 USD IS APPROVED -

THE ASIA FOUNDATION =A9

[ Head Office ] - KUALA LUMPUR, MALAYSIA

Your Reference Number is : TAF/WU407/2026/ASIA

CONGRATULATIONS - YOUR E-MAIL WAS SELECTED TO RECEIVE THE GRANT SUM OF $850=

,000.00 USD.

For More Information - Please Contact The Grant Claims Agent / Internation=

al Relations Officer :

AGENT NAME : MR CHRISTOPHER WONG

CALL : ( +601 116050015 )

WHATSAPP : ( +601 4986 8900 )

E-MAIL : theasiafoundation-grantoffice@wellsadmusr.com

" YOUR GRANT FUNDS AWAITS YOU, REPLY TO CLAIM IMMEDIATELY "

Web/SEO/App spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on Sunday, March 1. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 01 Mar 2026 05:32:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwfxI-00000000B5I-093a

for dave@doctor.nl2k.ab.ca;

Sun, 01 Mar 2026 05:31:28 -0700

Resent-From: The Doctor

Resent-Date: Sun, 1 Mar 2026 05:31:27 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-koreacentralazolkn19013075.outbound.protection.outlook.com ([52.103.74.75]:31761 helo=SEYPR02CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vweXS-00000000FXh-28a7

for sales@nk.ca;

Sun, 01 Mar 2026 04:00:53 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=bvy88s6EwYhSTkMiup8WpegvfXvf+QCKxp3X+AGhOqU9nr1bYxPBWmAIuniBayy7jPj7c8G2nLMfXfCOTAQ4uGNEhpavQ5Q/zKMSt7qRLEGADGjpadzJJnDNSZUr+oDygTVIPcs/Fn0cWkTkzd4fDdDzF0fts2vPYy5+biRm2OO0WuZYrduKLTDjwwr3retInUv6hiXE1hxmN1eLzHMRg+MgyCbLDWU6znuzO+xYfrlBN5yAJY0yAMb3QXwZdeK//7Ex7G0cE0mB9GpzneMMDfM/YST/GR4CczEl8LUZPYwMpZuV65qqSDQe2tTzG1mXe5p8AD06kiEhoMD2Qmo9sw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=jFlnHVd0oRdjhsq2vPd6L9FJjRGXyNZjD+rmFCGIJKk=;

b=e5uVOUJzoQTHspKxlUluKQeg4P/9JwiVbfbNLmUTNID0qZ4C2v0itDDV8RgOFc4AJDwqbI0e898OyWQsDGd6j7JvJVFiu+JgMUBEbhrXHlOfbrLD2Z2zcgAKWNGM+SEPOMBlfm6AlVOzisN/9icTMALuQoCoxQSVe2S0pyB7QI+PwATYStUeetFA5Ib2fT5wpF9FPpOOIpu2RSFXTsu86EjxJrCIXo7mTpdRkdAJ0rPSZfAJuqnkWECdlyTLTxnJMgR0iwLpp4ctVYVUEdWW979XikqJrj5tKKeaqUrzVLikMVkOqkJghaNk/cJ/cwPBcOQUANSC0oiBuRtVYMeNhg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=jFlnHVd0oRdjhsq2vPd6L9FJjRGXyNZjD+rmFCGIJKk=;

b=GpZBlc3h/hih5kDfgG3/4Q/WAMEV97lyh4eoyzgLhsROUnV0ormzBnTNObU6urlQDZUcRlhJx1C5SDlOgdGPR5MBPsAvmMdpIr8yyiDjkDQWaXHgaYC9jItbzXS0a3lY8g2Jmm2n26HQIxeNmc8ns9JneupHT7wtQRII7Y8dSmAB5VVnc+BckB6+KDAXxFdVlnvsWYQL/QXEL82TXa3XWAL8LHkLFPFHWHo11iEvOcvyW83u2PNIBfZ/rVqX5oEAAiXxxzb7pbEntpbfzbh55OI+CC2g9y2M6Nu4GVjSJGlFOiFquHWxkoYsXWKiEBMiEd9mWSLSw7JbWOFDzFiv0w==

Received: from SEZPR01MB7607.apcprd01.prod.exchangelabs.com

(2603:1096:101:29e::13) by JH0PR01MB5793.apcprd01.prod.exchangelabs.com

(2603:1096:990:42::14) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9654.18; Sun, 1 Mar

2026 10:59:26 +0000

Received: from SEZPR01MB7607.apcprd01.prod.exchangelabs.com

([fe80::5ccd:864c:5068:8c20]) by SEZPR01MB7607.apcprd01.prod.exchangelabs.com

([fe80::5ccd:864c:5068:8c20%5]) with mapi id 15.20.9654.015; Sun, 1 Mar 2026

10:59:23 +0000

From: Ankita Singh

To: Ankita Singh

Subject: Re:

Thread-Index: AQHcp9QQKVO7OMTkSE6+cP4bdfGleLWWWsK2gAMqWRg=

Date: Sun, 1 Mar 2026 10:59:23 +0000

Message-ID:

References:

In-Reply-To:

Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: SEZPR01MB7607:EE_|JH0PR01MB5793:EE_

x-ms-office365-filtering-correlation-id: 167a86b3-feec-45b8-043c-08de7781991b

x-microsoft-antispam:

BCL:0;ARA:14566002|31061999003|19110799012|8062599012|15080799012|15030799006|461199028|8060799015|9112599006|39105399006|440099028|3412199025|102099032|3420499032|3430499032|40105399003|51015399003|1710799026;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?KdyH0Qg/uEQD2PnVA/+/o2PrytKXGgpsc42FX813ditcH/2MHhcZtKUN75?=

=?iso-8859-1?Q?jCEMgZSkR6mzK7ZApWu31r4EeCSlB9gcQwi7lcokJ0MRM7tp3Ne/qXpKL6?=

=?iso-8859-1?Q?NX8JzwNgp+SYI42BHY9ABR0H6Ga5NfexPafxjCgkL8NA0aofIvHI/p35KH?=

=?iso-8859-1?Q?cPKiqKZtNtcNIzPjlkWrwytL2+1TboOVrLwExHGwKoyU8zlJpRCy9wHyXR?=

=?iso-8859-1?Q?fs4YbphGumteRGZ+dklOgmBAGWUKqhldH7LJ5T+FWFeSPw937TkHuFAWdv?=

=?iso-8859-1?Q?wY8rSuLKSWnv9f1seORd8W7b1yo0JuIinEcgAMibojeQgXySdzFUvBbiB4?=

=?iso-8859-1?Q?ghyhqw/OD9jIcJaurxE0ZQ/QP8Cd3LYT9zJ7joCG9sUbZEw3oRgWUj82/O?=

=?iso-8859-1?Q?/Wb6GBfLUvH9xtWGcKeT6vSXbl8gahbkcG6YNubSYDOwNGXk7sgCc/Zojo?=

=?iso-8859-1?Q?/gARez4f8c7wMnXFA14byFdpyaVuokMUNfBuZAh8JFhHqa9175HbhV+Ssk?=

=?iso-8859-1?Q?oEdWFrmaKa7MORJ0PDkMl4O5iqxsjZUJfBIy+VoAnUYKjsnZEYB+6m0CuY?=

=?iso-8859-1?Q?QJIBAzhUBW/pSuz1iTENdbhVnXmC8c9GgwrmJSvkncNZwsv4lQ7hVedDN1?=

=?iso-8859-1?Q?Z/J6DUUHKJloj9bZnwfZug3ekjyJ50Id5D48AEi+oQLU7ZS7SDdYDFPWVD?=

=?iso-8859-1?Q?Z37NoOxX6kwUcaelYpXXQf5QskVm4MfMfQTU1xqm/tidt7ITs/IIy3Do4A?=

=?iso-8859-1?Q?0ml8fuu9MZ/w7n6r2F0d2/vmXcF10LghLp3UupeWFHpRpgrM7HIN6MZWaM?=

=?iso-8859-1?Q?cG3lCm4W7UG5IfMyz0Imr5uLIg4rPpxYPLTs7osJW9HYNuWBo/YJgZiOlh?=

=?iso-8859-1?Q?f/eY61yX6jCUZ3SN32YOPDxNm3wKIXuErvIAiY0vM75FEqYVddowoBtxSb?=

=?iso-8859-1?Q?wxG+e/LN2H7CVqCMBGZgDCV0HqYl9/+xyfXXRyeutdPyoZiVHyn3YBp6l5?=

=?iso-8859-1?Q?h9dEc603vW3dNN7hYqK6+QmQ9OkpnI2hMxLndFKnxyPDwyk8YQ+Avt7Urk?=

=?iso-8859-1?Q?aQ=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

FYI Spam

Posted by Dave Yadallee on Sunday, March 1. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 28 Feb 2026 19:04:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwW9y-000000008M8-3Al3

for dave@doctor.nl2k.ab.ca;

Sat, 28 Feb 2026 19:03:54 -0700

Resent-From: The Doctor

Resent-Date: Sat, 28 Feb 2026 19:03:54 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mx.diaserv-braunschweig.de ([62.156.167.189]:42742)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwW3r-000000007qx-0lqA

for root@doctor.nl2k.ab.ca;

Sat, 28 Feb 2026 18:57:44 -0700

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=dachstiftung-diakonie.de; s=exch-gifhorn; h=MIME-Version:Content-Type:

In-Reply-To:References:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:

Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:

Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Id:

List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive;

bh=4IVAQBmlNrxHt1Wdo/N5/jH+cBrTgNEv8+FVja4f3Zs=; b=zYAXiy+hadhFlRc4fZ24tDOQSM

RTMihp2IaY1p6DHlRPraLcnCPAKv5ALD2rO0VOw+oNQdxBL0brEKQNSYXgQVteiLfaT0rx8ficcIo

cnRkO2LaJsg9G/R7mzM4o3Jx3XbtO9IwMziUJOjai8ejUcVjJ1H+M3uIp1jf2WriiybACxHnGMV81

6TmOe736KsMF6oZjf0JYQp5V8FdS6q3fAJnqUoM7gRTj+0VIOLzDNBTgX4uw94nHSJBD8Zb2HzMsD

7UiPlwcGmAsXyfhsSqdQvp3/6TFwfdLpw/aql7aNtMdQfXDc4D4pgUxAYWG6TNQPDVwSiBhXGueC1

HdDg68UQ==;

Received: from [10.254.1.43] (port=57749 helo=mail.diaserv-braunschweig.de)

by mx.diaserv-braunschweig.de with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384

(Exim 4.98.2)

(envelope-from )

id 1vwTsN-000000004bq-0wEa;

Sun, 01 Mar 2026 00:37:35 +0100

Received: from MSX01.ex.local (10.254.1.43) by MSX01.ex.local (10.254.1.43)

with Microsoft SMTP Server (TLS) id 15.0.1497.38; Sun, 1 Mar 2026 00:37:34

+0100

Received: from MSX01.ex.local ([fe80::8090:b369:d591:3912]) by MSX01.ex.local

([fe80::8090:b369:d591:3912%16]) with mapi id 15.00.1497.040; Sun, 1 Mar 2026

00:37:34 +0100

From: "Hecking, Ingo"

To: "Hecking, Ingo"

Subject: Re: FYI

Thread-Topic: FYI

Thread-Index: AdypCvUeevR+EsXUSECXKVyw7zYUoA==

Date: Sat, 28 Feb 2026 23:37:34 +0000

Message-ID: <1772321839825.1643@dachstiftung-diakonie.de>

References: <066bfbc23c724c77ba9932bc1837cea2@MSX01.ex.local>

In-Reply-To: <066bfbc23c724c77ba9932bc1837cea2@MSX01.ex.local>

Accept-Language: en-US, de-DE

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

x-ms-exchange-transport-fromentityheader: Hosted

x-originating-ip: [10.254.254.254]

Content-Type: multipart/alternative;

boundary="_000_17723218398251643dachstiftungdiakoniede_"

MIME-Version: 1.0

X-Sophos-OBS: success

X-SASI-Version: Antispam-Engine: 6.0.1, AntispamData: 2026.2.28.222719

X-SASI-RCODE: 200

X-SASI-SpamProbability: 8%

X-SASI-Hits: BODYTEXTH_SIZE_10000_LESS 0.000000,

BODYTEXTH_SIZE_3000_MORE 0.000000, BODYTEXTP_SIZE_3000_LESS 0.000000,

BODY_SIZE_8000_8999 0.000000, FROM_SAME_AS_TO 0.050000,

FROM_SAME_AS_TO_DOMAIN 0.000000, HTML_NO_HTTP 0.100000, IN_REP_TO 0.000000,

LEGITIMATE_SIGNS 0.000000, MSG_THREAD 0.000000, NO_FUR_HEADER 0.000000,

NO_URI_HTTPS 0.000000, OBFUSCATION 0.000000, OUTBOUND 0.000000,

OUTBOUND_SOPHOS 0.000000, REFERENCES 0.000000, SENDER_NO_AUTH 0.000000,

SINGLE_URI_IN_BODY 0.000000, SUSP_DH_NEG 0.000000, TEXT_DIRECTION 0.000000,

TEXT_DIR_LTR_ONLY 0.000000, WEBMAIL_SOURCE 0.000000, WEBMAIL_XOIP 0.000000,

WEBMAIL_X_IP_HDR 0.000000, __ANY_URI 0.000000,

__ATTACH_CTE_QUOTED_PRINTABLE 0.000000, __BODY_NO_MAILTO 0.000000,

__BODY_TEXT_X4 0.000000, __BOUNCE_CHALLENGE_SUBJ 0.000000,

__BOUNCE_NDR_SUBJ_EXEMPT 0.000000, __BULK_NEGATE 0.000000, __CT 0.000000,

__CTYPE_HAS_BOUNDARY 0.000000, __CTYPE_MULTIPART 0.000000,

__CTYPE_MULTIPART_ALT 0.000000, __DQ_NEG_DOMAIN 0.000000,

__DQ_NEG_HEUR 0.000000, __DQ_NEG_IP 0.000000, __EXCESSIVE_NEWLINES 0.000000,

__FRAUD_BODY_WEBMAIL 0.000000, __FRAUD_SUBJ_ALLCAPS 0.000000,

__FRAUD_WEBMAIL 0.000000, __FROM_DOMAIN_IN_ANY_TO1 0.000000,

__FROM_NAME_NOT_IN_BODY 0.000000, __FUR_RDNS_SOPHOS 0.000000,

__HAS_FROM 0.000000, __HAS_HTML 0.000000, __HAS_MSGID 0.000000,

__HAS_REFERENCES 0.000000, __HAS_XOIP 0.000000,

__HIDDEN_HTML_CONTENT 0.000000, __HIGHBIT_ASCII_MIX 0.000000,

__HTML_ATTR_DIR 0.000000, __HTML_DIR_LTR 0.000000, __HTML_TAG_DIV 0.000000,

__IN_REP_TO 0.000000, __MIME_HTML 0.000000, __MIME_TEXT_H 0.000000,

__MIME_TEXT_H1 0.000000, __MIME_TEXT_H2 0.000000, __MIME_TEXT_P 0.000000,

__MIME_TEXT_P1 0.000000, __MIME_TEXT_P2 0.000000, __MIME_VERSION 0.000000,

__MULTIPLE_URI_TEXT 0.000000, __OUTBOUND_SOPHOS_FUR 0.000000,

__OUTBOUND_SOPHOS_FUR_IP 0.000000, __OUTBOUND_SOPHOS_FUR_RDNS 0.000000,

__RATWARE_SIGNATURE_3_N1 0.000000, __RCVD_FROM_HOMEUSER 0.000000,

__REFERENCES 0.000000, __SANE_MSGID 0.000000, __SCAN_D_NEG 0.000000,

__SCAN_D_NEG2 0.000000, __SCAN_D_NEG_HEUR 0.000000,

__SCAN_D_NEG_HEUR2 0.000000, __SINGLE_URI_MPART_BOTH 0.000000,

__SL_HEAVY 0.000000, __STOCK_PHRASE_24 0.000000,

__STYLE_RATWARE_NEG 0.000000, __STYLE_TAG 0.000000,

__SUBJ_ALPHA_END 0.000000, __SUBJ_ALPHA_NEGATE 0.000000,

__SUBJ_REPLY 0.000000, __SUBJ_SHORT 0.000000, __TAG_EXISTS_BODY 0.000000,

__TAG_EXISTS_HEAD 0.000000, __TAG_EXISTS_HTML 0.000000,

__TAG_EXISTS_META 0.000000, __TEXT_DIR_LTR 0.000000,

__TO_DOMAIN_IN_FROM 0.000000, __TO_DOMAIN_IN_MSGID 0.000000,

__TO_MALFORMED_2 0.000000, __TO_NAME 0.000000,

__TO_NAME_DIFF_FROM_ACC 0.000000, __TO_REAL_NAMES 0.000000,

__URI_IN_BODY 0.000000, __URI_MAILTO 0.000000, __URI_NOT_IMG 0.000000,

__URI_NO_PATH 0.000000, __URI_NS 0.000000, __URI_WITHOUT_PATH 0.000000

ou have been awarded to help the less privileged in your community! for more details contact lpjobswelll@gmail.com

Bounced E-mail spam from Yahoo! Spam

Posted by Dave Yadallee on Saturday, February 28. 2026

Evidence at spamcop

update phish from Google Gmail PArt 4

Posted by Dave Yadallee on Saturday, February 28. 2026

Ledger

.94V127.998H382.57V91.6548H374.511V119.94H327.262ZM327.262 0V8.05844H374.51=

1V36.3452H382.57V0H327.262ZM298.74 62.3411V43.6158H311.382C317.546 43.6158 =

319.758 45.6696 319.758 51.2803V54.5982C319.758 60.3657 317.624 62.3411 311=

.382 62.3411H298.74ZM318.808 65.6589C324.575 64.1578 328.604 58.7842 328.60=

4 52.3856C328.604 48.3564 327.025 44.7211 324.023 41.7972C320.23 38.1619 31=

5.172 36.3452 308.615 36.3452H290.838V91.6529H298.74V69.6097H310.592C316.67=

5 69.6097 319.125 72.1378 319.125 78.4599V91.6548H327.184V79.7239C327.184 7=

1.0325 325.13 67.7147 318.808 66.7662V65.6589ZM252.282 67.4756H276.618V60.2=

07H252.282V43.6139H278.988V36.3452H244.222V91.6529H280.173V84.3842H252.282V=

67.4756ZM225.812 70.3995V74.1916C225.812 82.1717 222.888 84.78 215.541 84.7=

8H213.803C206.454 84.78 202.899 82.4088 202.899 71.4264V56.5717C202.899 45.=

5109 206.613 43.2181 213.96 43.2181H215.539C222.73 43.2181 225.021 45.9048 =

225.099 53.3322H233.791C233.001 42.4283 225.732 35.5555 214.828 35.5555C209=

.535 35.5555 205.11 37.2153 201.792 40.3745C196.814 45.0367 194.049 52.9383=

194.049 63.9991C194.049 74.6659 196.42 82.5675 201.318 87.4649C204.636 90.=

7044 209.219 92.4426 213.723 92.4426C218.463 92.4426 222.81 90.5456 225.021=

86.438H226.126V91.6529H233.395V63.1309H211.983V70.3995H225.812ZM156.126 43=

.6139H164.739C172.878 43.6139 177.303 45.6677 177.303 56.7304V71.2677C177.3=

03 82.3285 172.878 84.3842 164.739 84.3842H156.126V43.6139ZM165.449 91.6548=

C180.541 91.6548 186.149 80.1982 186.149 64.001C186.149 47.5666 180.145 36.=

3471 165.29 36.3471H148.223V91.6548H165.449ZM110.063 67.4756H134.399V60.207=

H110.063V43.6139H136.768V36.3452H102.002V91.6529H137.954V84.3842H110.063V67=

.4756ZM63.4464 36.3452H55.3879V91.6529H91.7332V84.3842H63.4464V36.3452ZM0 9=

1.6548V128H55.3076V119.94H8.05844V91.6548H0ZM0 0V36.3452H8.05844V8.05844H55=

.3076V0H0Z" fill=3D"currentColor" style=3D"fill: currentColor;" />

=20

size: 13px; line-height: 1.7; font-family: -apple-system, BlinkMacSystemFon=

t, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif; margin-top: 16px;">

Ledger SAS

1 rue du Mail, 75002 Paris, Fra=

nce

=C2=A9 2026 Ledger. All rights =

reserved.

=20

=20

=20

--0000000000009f3e31064be17f83--

update phish from Google Gmail PArt 3

Posted by Dave Yadallee on Saturday, February 28. 2026

.org/2000/svg" width=3D"383" height=3D"128" viewBox=3D"0 0 383 128" fill=3D=

"none" role=3D"img" aria-label=3D"Ledger" style=3D"width: 100%; height: aut=

o; display: block;">

Ledger

.94V127.998H382.57V91.6548H374.511V119.94H327.262ZM327.262 0V8.05844H374.51=

1V36.3452H382.57V0H327.262ZM298.74 62.3411V43.6158H311.382C317.546 43.6158 =

319.758 45.6696 319.758 51.2803V54.5982C319.758 60.3657 317.624 62.3411 311=

.382 62.3411H298.74ZM318.808 65.6589C324.575 64.1578 328.604 58.7842 328.60=

4 52.3856C328.604 48.3564 327.025 44.7211 324.023 41.7972C320.23 38.1619 31=

5.172 36.3452 308.615 36.3452H290.838V91.6529H298.74V69.6097H310.592C316.67=

5 69.6097 319.125 72.1378 319.125 78.4599V91.6548H327.184V79.7239C327.184 7=

1.0325 325.13 67.7147 318.808 66.7662V65.6589ZM252.282 67.4756H276.618V60.2=

07H252.282V43.6139H278.988V36.3452H244.222V91.6529H280.173V84.3842H252.282V=

67.4756ZM225.812 70.3995V74.1916C225.812 82.1717 222.888 84.78 215.541 84.7=

8H213.803C206.454 84.78 202.899 82.4088 202.899 71.4264V56.5717C202.899 45.=

5109 206.613 43.2181 213.96 43.2181H215.539C222.73 43.2181 225.021 45.9048 =

225.099 53.3322H233.791C233.001 42.4283 225.732 35.5555 214.828 35.5555C209=

.535 35.5555 205.11 37.2153 201.792 40.3745C196.814 45.0367 194.049 52.9383=

194.049 63.9991C194.049 74.6659 196.42 82.5675 201.318 87.4649C204.636 90.=

7044 209.219 92.4426 213.723 92.4426C218.463 92.4426 222.81 90.5456 225.021=

86.438H226.126V91.6529H233.395V63.1309H211.983V70.3995H225.812ZM156.126 43=

.6139H164.739C172.878 43.6139 177.303 45.6677 177.303 56.7304V71.2677C177.3=

03 82.3285 172.878 84.3842 164.739 84.3842H156.126V43.6139ZM165.449 91.6548=

C180.541 91.6548 186.149 80.1982 186.149 64.001C186.149 47.5666 180.145 36.=

3471 165.29 36.3471H148.223V91.6548H165.449ZM110.063 67.4756H134.399V60.207=

H110.063V43.6139H136.768V36.3452H102.002V91.6529H137.954V84.3842H110.063V67=

.4756ZM63.4464 36.3452H55.3879V91.6529H91.7332V84.3842H63.4464V36.3452ZM0 9=

1.6548V128H55.3076V119.94H8.05844V91.6548H0ZM0 0V36.3452H8.05844V8.05844H55=

.3076V0H0Z" fill=3D"currentColor" style=3D"fill: currentColor;" />

=20

e-height: 40px; font-size: 0;">

=20

e-height: 20px; font-size: 0;">

=20

ry" style=3D"margin: 0; padding: 0; color: #4a4a4a; font-size: 16px; line-h=

eight: 1.7; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Rob=

oto, Helvetica, Arial, sans-serif;">

Dear
=3D"color: #0b0b0b; font-weight: 600;">doctor@nk.ca,

esponsive dark-mode-text-secondary" style=3D"margin: 0; padding: 0; color: =

#4a4a4a; font-size: 16px; line-height: 1.7; font-family: -apple-system, Bli=

nkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;">

We have identified a critical issue preventing your device from upd=

ating to the latest system version.

While your hardware wallet remains secure, =

this is your final reminder that access to your device may be compromised i=

f the required update is not completed immediately.

=

=3D"margin: 0; padding: 0; color: #4a4a4a; font-size: 16px; line-height: 1.=

7; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helv=

etica, Arial, sans-serif;">

To maintain uninterrupted access and continue protecting your assets, you m=

ust manually update your device before
le=3D"color: #0b0b0b; font-weight: 600;">March 1, 2026. Please com=

plete the update now to avoid any potential service disruption.

=20

=20

e-height: 32px; font-size: 0;">

=20

lpadding=3D"0" cellspacing=3D"0" border=3D"0" style=3D"width: 100%;">

0;">

ctor" target=3D"_blank" rel=3D"noopener" class=3D"btn-responsive dark-mode-=

btn" style=3D"display: inline-block; background-color: #0b0b0b; color: #fff=

fff; text-decoration: none; padding: 12px 40px; border-radius: 8px; font-we=

ight: 400; font-size: 17px; min-width: 100px; text-align: center; font-fami=

ly: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial=

, sans-serif;">

>Update Now

=20

e-height: 40px; font-size: 0;">

=20

=20

e-height: 20px; font-size: 0;">

=20

style=3D"margin: 0; padding: 0; color: #6a6a6a; font-size: 16px; line-heigh=

t: 1.7; font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto,=

Helvetica, Arial, sans-serif;">

Thank you for taking prompt action to keep =

your device safe and reliable.

=20

=20

: 1px; background-color: #e9e9e9; border: 0; margin: 0; padding: 0;"> =

=20

dding: 28px 32px; background-color: #ffffff; font-family: -apple-system, Bl=

inkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;">

lpadding=3D"0" cellspacing=3D"0" border=3D"0" style=3D"width: 100%;">

">

target=3D"_blank" rel=3D"noopener" style=3D"text-decoration: none; display:=

inline-block; margin-bottom: 16px;">

update phish from Google Gmail PArt 2

Posted by Dave Yadallee on Saturday, February 28. 2026

w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

" />

=3D1.0" />

Keep Your Ledger Device Secure

xt-size-adjust: 100%; -ms-text-size-adjust: 100%;">

=20

ng=3D"0" border=3D"0" style=3D"width: 100%; background-color: #f5f5f5; min-=

width: 100%;">

20px 0; background-color: #f5f5f5;">

=20

" cellspacing=3D"0" border=3D"0" align=3D"center" class=3D"main-table" styl=

e=3D"width: 100%; max-width: 600px; background-color: #ffffff; border-radiu=

s: 0;">

=20

dding: 40px 32px; background-color: #ffffff; font-family: -apple-system, Bl=

inkMacSystemFont, 'Segoe UI', Roboto, Helvetica, Arial, sans-serif;">

=20

lpadding=3D"0" cellspacing=3D"0" border=3D"0" style=3D"width: 100%;">

ottom: 12px;">

target=3D"_blank" rel=3D"noopener" style=3D"text-decoration: none; display:=

inline-block;">

ogo-svg-dark dark-mode-text" style=3D"max-width: 260px; margin: 0 auto; col=

or: #0b0b0b;">

update phish from Google Gmail PArt 1

Posted by Dave Yadallee on Saturday, February 28. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 28 Feb 2026 07:41:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwLUb-00000000Hxu-1GrE

for dave@doctor.nl2k.ab.ca;

Sat, 28 Feb 2026 07:40:29 -0700

Resent-From: The Doctor

Resent-Date: Sat, 28 Feb 2026 07:40:29 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f72.google.com ([209.85.161.72]:61726)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwJSF-00000000AnK-2R63

for doctor@nk.ca;

Sat, 28 Feb 2026 05:30:03 -0700

Received: by mail-oo1-f72.google.com with SMTP id 006d021491bc7-679943693c0so53338845eaf.3

for ; Sat, 28 Feb 2026 04:29:07 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1772281741; x=1772886541; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=Li9wBAq5yuZIt+GVAIFXYnlqHS6/kNzCIqOGGmESdYg=;

b=RFHdpucPtsoLjUS9ZXZugyZaJBmj3vAG9ShrKY0AbSCq2Vj0H6l8cF3S744N+un7nO

onlFWO1axjdf6v4UTeBBC/WEpffAuf55hzt2IYtReEifziR3h5CZ0dd8xZl96+YrHjJS

79Ims7q35vdIbX9h/nKMKrk8pgNl+mh81OEwV+ghwvUPXjECwNYGe9RzuxOYgJ5q4tDM

xjTJjDPcOm/FXHmuaMHQ0vbc56bUoDzxaI4RFwE12glQpeFHvllADPtWrld4R3glGV4+

+dhSMYhQG8yBlWuSjuZZcxK/w4SAlhnQzjUcUsjWyDItpl9UmwogheHApxmfO4nXHlks

FOag==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1772281741; x=1772886541;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=Li9wBAq5yuZIt+GVAIFXYnlqHS6/kNzCIqOGGmESdYg=;

b=AxuIyyjgzuxpU/wRuZwTyoM6YlkWuFkIzT2pE/MWbpM1Rd+OUTQedNphk6KzoFIVel

ffOM/Wt6NJNTUDdA80A78+zPoN6IOrJWe5KQuelNeO8mv/+Zw6B97a70SFk7Mf8W4GL7

+UrynvgX3lMMMNSLPBLUzC3mBCZHwF//O7w07ktITPB4pq0Azs57OWPWRtt7uuKJN9tq

up7mhHiYRmzaG0tYMnyTyn53vHi3akjta4eNSPWS15CAEoeqM2LTo4zbTfJ/qpqSDJDP

Tu9smg7s1v16+qACRLwS9W0MUahMy/eb7mwEPtjo6a96CwWV9rwsALq9Z/qop4SmF+qK

64lg==

X-Gm-Message-State: AOJu0YxueK0i7cvuJdMKLY4nKXajtOtv1R7YeqHV94FKyS5IBw42sVTg

yfyp9aKfCobRdIbMCsE0kNS8t1gyyK3AIOpfv00VOS0HgJtocy7Jfd5cqnv4bkNdLSUy5wYQ4qR

Fto5E5bqC2A==

MIME-Version: 1.0

X-Received: by 2002:a05:6820:f0b:b0:679:c3e3:c360 with SMTP id

006d021491bc7-679fae7661cmr3833376eaf.32.1772281741130; Sat, 28 Feb 2026

04:29:01 -0800 (PST)

Message-ID: <0000000000009f3e3f064be17f86@google.com>

Date: Sat, 28 Feb 2026 12:29:01 +0000

Subject: Notice: Device Update Required

From: Ledger

To: doctor@nk.ca

Content-Type: multipart/alternative; boundary="0000000000009f3e31064be17f83"

X-Spam_score: 10.5

X-Spam_score_int: 105

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear doctor@nk.ca, We have identified a critical issue preventing

your device from updating to the latest system version. While your hardware

wallet remains secure, this is your final reminder that access to your device

[...]

Content analysis details: (10.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

[209.85.161.72 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.72 listed in dnsbl.ahbl.org]

[209.85.161.72 listed in dnsbl.ahbl.org]

[209.85.161.72 listed in dnsbl.ahbl.org]

[209.85.161.72 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.72 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.72 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.72 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.72 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: nitraperk.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.72 listed in sa-accredit.habeas.com]

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.72 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.161.72 listed in bl.score.senderscore.com]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.161.72 listed in sa-trusted.bondedsender.org]

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

1.5 DEAR_EMAIL BODY: Message contains Dear email address

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.72 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.5 TVD_PH_SUBJ_META No description available.

Subject: {SPAM?} Notice: Device Update Required

--0000000000009f3e31064be17f83

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

RGVhciBkb2N0b3JAbmsuY2EsDQoNCldlIGhhdmUgaWRlbnRpZmllZCBhIGNyaXRpY2FsIGlzc3Vl

IHByZXZlbnRpbmcgeW91ciBkZXZpY2UgZnJvbSB1cGRhdGluZyB0byAgDQp0aGUgbGF0ZXN0IHN5

c3RlbSB2ZXJzaW9uLiBXaGlsZSB5b3VyIGhhcmR3YXJlIHdhbGxldCByZW1haW5zIHNlY3VyZSwg

dGhpcyAgDQppcyB5b3VyIGZpbmFsIHJlbWluZGVyIHRoYXQgYWNjZXNzIHRvIHlvdXIgZGV2aWNl

IG1heSBiZSBjb21wcm9taXNlZCBpZiB0aGUgIA0KcmVxdWlyZWQgdXBkYXRlIGlzIG5vdCBjb21w

bGV0ZWQgaW1tZWRpYXRlbHkuDQoNCg0KVG8gbWFpbnRhaW4gdW5pbnRlcnJ1cHRlZCBhY2Nlc3Mg

YW5kIGNvbnRpbnVlIHByb3RlY3RpbmcgeW91ciBhc3NldHMsIHlvdSAgDQptdXN0IG1hbnVhbGx5

IHVwZGF0ZSB5b3VyIGRldmljZSBiZWZvcmUgTWFyY2ggMSwgMjAyNi4gUGxlYXNlIGNvbXBsZXRl

IHRoZSAgDQp1cGRhdGUgbm93IHRvIGF2b2lkIGFueSBwb3RlbnRpYWwgc2VydmljZSBkaXNydXB0

aW9uLg0KDQoNClVwZGF0ZSBOb3cNCg0KDQpUaGFuayB5b3UgZm9yIHRha2luZyBwcm9tcHQgYWN0

aW9uIHRvIGtlZXAgeW91ciBkZXZpY2Ugc2FmZSBhbmQgcmVsaWFibGUuDQoNCg0KDQoNCg0KDQpM

ZWRnZXIgU0FTDQoxIHJ1ZSBkdSBNYWlsLCA3NTAwMiBQYXJpcywgRnJhbmNlDQoNCsKpIDIwMjYg

TGVkZ2VyLiBBbGwgcmlnaHRzIHJlc2VydmVkLg0KDQoNCg0KDQoNCg==

--0000000000009f3e31064be17f83

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Chinese products spam

Posted by Dave Yadallee on Saturday, February 28. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 28 Feb 2026 07:40:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwLTa-00000000Cu4-3Efh

for dave@doctor.nl2k.ab.ca;

Sat, 28 Feb 2026 07:39:26 -0700

Resent-From: The Doctor

Resent-Date: Sat, 28 Feb 2026 07:39:26 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mta43-53.mmglsmd.net ([103.37.43.53]:41864)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwGdY-000000000sm-3kHc

for root@nk.ca;

Sat, 28 Feb 2026 02:29:38 -0700

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;

d=hn.srtsteelpipe.com; i=@hn.srtsteelpipe.com; q=dns/txt;

s=umail; t=1772270915; h=content-type : mime-version :

message-id : reply-to : subject : from : to : date :

subject : from : date;

bh=/peqqRcfAlWNe4kFJJMIPTMQm0Ri2o45nwra/yWuHyk=;

b=dv44wJ3CvtG0nz/eaH/fZIc9uAZ6gZmEqBqrK6y5EWPhjXhvI4iTpTOg

tltCcsUVJhPgdAmUiBDn1cTaYiSTTxeGvRTj27wWidA8b2JtsTbmmZCcc/

UFpPrLfJo3WtRyU0BRNpdZN3i/serjc6b04/kPIC+aBqZd0bjV2OB18KQ=

Received: from helo (unknown [127.0.0.1])

by smtp.hn.srtsteelpipe.com (Postfix) with ESMTP id GLlXndCaAZDU

for ; Sat, 28 Feb 2026 17:28:25 +0800

Content-Type: multipart/mixed; boundary="===============8924168633570832905=="

MIME-Version: 1.0

Message-Id: <20260228172825.55251-{13477:20260228170929-13477-35}-0017397@hn.srtsteelpipe.com>

Reply-to: stephen@threewaysteel.com

Subject: =?utf-8?q?Steel_pipe_and_fittings_supplier_in_China?=

From: Stephen Zhou

To: root

Date: Sat, 28 Feb 2026 17:28:25 +0800

Mail-ID: 69a2b0d8e1382308b46c9934

X-Spam_score: 12.7

X-Spam_score_int: 127

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear root, I hope this email finds you well. Threeway Steel

Co., Ltd has over 30 years of experience in steel supply and has become a

reputable and capable global supplier. We supply high quality steel products

for energy industry and industrial [...]

Content analysis details: (12.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.37.43.53 listed in will-spam-for-food.eu.org]

[103.37.43.53 listed in will-spam-for-food.eu.org]

[103.37.43.53 listed in will-spam-for-food.eu.org]

[103.37.43.53 listed in will-spam-for-food.eu.org]

[103.37.43.53 listed in will-spam-for-food.eu.org]

[103.37.43.53 listed in will-spam-for-food.eu.org]

[103.37.43.53 listed in will-spam-for-food.eu.org]

[103.37.43.53 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.37.43.53 listed in dnsbl.ahbl.org]

[103.37.43.53 listed in dnsbl.ahbl.org]

[103.37.43.53 listed in dnsbl.ahbl.org]

[103.37.43.53 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.37.43.53 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.37.43.53 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.37.43.53 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.37.43.53 listed in dnsbl.ahbl.org]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[103.37.43.53 listed in bb.barracudacentral.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

3.4 RATWARE_RCVD_PF Bulk email fingerprint (Received PF) found

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

0.6 J_CHICKENPOX_52 BODY: 5alpha-pock-2alpha

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[103.37.43.53 listed in wl.mailspike.net]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} =?utf-8?q?Steel_pipe_and_fittings_supplier_in_China?=

Dear root,

I hope this email finds you well.

Threeway Steel Co., Ltd has over 30 years of experience in steel supply and has become a reputable and capable global supplier. We supply high quality steel products for energy industry and industrial applications

1. Carbon steel pipe (seamless/welded)

- Material: ASTM A106 Gr.B / A53 Gr.B / API 5L Gr.B

- Size range:

- Seamless pipe: OD 1/2"~24" | WT SCH10~XXS

- Welded pipe: OD 1/2"~48" | WT SCH10~SCH160

- Standard: ASME B36.10M, EN 10255, DIN 2448

2. Carbon steel pipe fittings (butt weld/socket/thread)

- Type: elbow (90°/45°), tee, reducer, cap, flange

- Material: ASTM A234 WPB / A105

- Size: 1/2"~36" | Class 3000~6000

3.Alloy steel pipe: seamless/welded

- Material: ASTM A335 P5/P9/P11/P22/P91, A213 T5/T9/T11/T22/T91, EN 10216-2 15Mo3/13CrMo4-5

- Size range:OD 1/2" to 48" WTSCH 10 to SCH 160

4.Alloy steel Pipe fittings: elbows, tees, reducers, flanges

-ASME B16.9/B16.28, MSS-SP-43

-Fittings: Sizes cover 1/2" to 24", pressure levels SCH 40/SCH 80/XS/XXS

Strict quality control:

- All products provide Original Material Certificate (MTC), and accept third-party inspection

Welcome your steel pipes inquiry!

Best Regards

Stephen Zhou

Threeway Steel Co., Ltd

(Office:(0086)731-88678534

(Fax:(0086)731-88678578 | Mobile/Whatsapp : +86-15616250814

Email:stephen@threewaysteel.com

Social Media management spam from Google Gmail Part 2

Posted by Dave Yadallee on Saturday, February 28. 2026

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.128.198 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.128.198 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.128.198 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.128.198 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.128.198 listed in sa-trusted.bondedsender.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

1.0 HK_RANDOM_FROM From username looks random

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[kundankumarzxcds(at)gmail.com]

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[209.85.128.198 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.128.198 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.128.198 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.5 VOWEL_FROM_6 Impronouncable from header (6 consecutive vowels)

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Re: Social Media Management root@nk.ca

--000000000000788193064bdd378c

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

R29vZCBBZnRlcm5vb24sDQpJIHNlbnQgeW91IGFuIGVtYWlsIG9uIEZyaWRheSBidXQgZGlkbid0

IGhlYXIgYmFjay5JIG9mZmVyIGFmZm9yZGFibGUgVkEgIA0Kc3VwcG9ydC4NCkNvdWxkIHdlIHNj

aGVkdWxlIGEgYnJpZWYgNS1taW51dGUgY2FsbCBuZXh0IFR1ZXNkYXkgb3IgV2VkbmVzZGF5Pw0K

VGhhbmsgeW91IQ0KS3VuZGFuDQpWQSBUZWFtISENCg0KDQpPbiBGcmksIERlYyAxMiwgMjAyNSwg

YXQgOTo0MyBBTSwgPCA+IHdyb3RlOg0KDQpIaSwgcm9vdEBuay5jYQ0KDQpDb3VsZCB5b3UgcGxl

YXNlIGxldCBtZSBrbm93IGlmIHlvdSB3b3VsZCBiZSBpbnRlcmVzdGVkIGluIGhpcmluZyBhICAN

CkRlZGljYXRlZCBSZW1vdGUgVmlydHVhbCBBc3Npc3RhbnQgYXQgYSByZWFzb25hYmxlIGNvc3Q/

DQoNCldlIHNwZWNpYWxpemUgaW46DQoNCuKAoiBFbWFpbCBNYW5hZ2VtZW50ICYgQ2FsZW5kYXIg

TWFuYWdlbWVudA0K4oCiIEFwcG9pbnRtZW50IFNjaGVkdWxpbmcgJiBGb2xsb3ctdXBzDQrigKIg

TGVhZCBHZW5lcmF0aW9uICYgV2ViIFJlc2VhcmNoDQrigKIgQ29sZCBDYWxsaW5nICYgQ2xpZW50

IE91dHJlYWNoDQrigKIgQ1JNIEhhbmRsaW5nICYgRGF0YWJhc2UgTWFuYWdlbWVudA0K4oCiIERh

dGEgRW50cnkgJiBEYXRhIE1pbmluZw0K4oCiIERvY3VtZW50IFByZXBhcmF0aW9uICYgRmlsZSBN

YW5hZ2VtZW50DQrigKIgQWRtaW5pc3RyYXRpdmUgU3VwcG9ydA0K4oCiIEN1c3RvbWVyIFN1cHBv

cnQgKENoYXQgJiBFbWFpbCkNCuKAoiBTb2NpYWwgTWVkaWEgTWFuYWdlbWVudA0K4oCiIENvbnRl

bnQgQ3JlYXRpb24gJiBQb3N0IFNjaGVkdWxpbmcNCuKAoiBHcmFwaGljIERlc2lnbmluZyAoQ2Fu

dmEsIGJhc2ljIGJyYW5kaW5nKQ0K4oCiIFdlYnNpdGUgdXBkYXRlcyAoV29yZFByZXNzIOKAkyBi

YXNpYykNCuKAoiBPbmxpbmUgcmVzZWFyY2ggJiByZXBvcnQgcHJlcGFyYXRpb24NCuKAoiBQZXJz

b25hbCBhc3Npc3RhbnQgdGFza3MNCg0KSWYgaW50ZXJlc3RlZCwgY2FuIHdlIHNjaGVkdWxlIGEg

cXVpY2sgY2FsbCBzb21ldGltZSB0aGlzIHdlZWsgb3IgbmV4dCB3ZWVrPw0KDQpTaW5jZXJlbHks

DQpLdW5kYW4sDQpWQSBUZWFtISENCg==

--000000000000788193064bdd378c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

Good Afternoon,
I sent you an email on Friday but didn=E2=80=99t hear ba=

ck.I offer affordable VA support.
Could we schedule a brief 5-minute cal=

l next Tuesday or Wednesday?
Thank you!
Kundan
VA Team!!

r>On Fri, Dec 12, 2025, at 9:43=E2=80=AFAM, < > wrote:

Hi, root@nk.c=

a

Could you please let me know if you would be interested in hiring =

a Dedicated Remote Virtual Assistant at a reasonable cost?

We specia=

lize in:

=E2=80=A2 Email Management & Calendar Management
=E2=80=

=A2 Appointment Scheduling & Follow-ups
=E2=80=A2 Lead Generation & Web =

Research
=E2=80=A2 Cold Calling & Client Outreach
=E2=80=A2 CRM Handl=

ing & Database Management
=E2=80=A2 Data Entry & Data Mining
=E2=80=

=A2 Document Preparation & File Management
=E2=80=A2 Administrative Supp=

ort
=E2=80=A2 Customer Support (Chat & Email)
=E2=80=A2 Social Media =

Management
=E2=80=A2 Content Creation & Post Scheduling
=E2=80=A2 Gra=

phic Designing (Canva, basic branding)
=E2=80=A2 Website updates (WordPr=

ess =E2=80=93 basic)
=E2=80=A2 Online research & report preparation
=

=E2=80=A2 Personal assistant tasks

If interested, can we schedule a =

quick call sometime this week or next week?

Sincerely,
Kundan,
>VA Team!!

--000000000000788193064bdd378c--

Social Media management spam from Google Gmail Part 1

Posted by Dave Yadallee on Saturday, February 28. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 28 Feb 2026 01:26:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwFe0-00000000MOz-3oJI

for dave@doctor.nl2k.ab.ca;

Sat, 28 Feb 2026 01:25:48 -0700

Resent-From: The Doctor

Resent-Date: Sat, 28 Feb 2026 01:25:48 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yw1-f198.google.com ([209.85.128.198]:56484)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwEg3-00000000Ihc-1HJj

for root@nk.ca;

Sat, 28 Feb 2026 00:24:00 -0700

Received: by mail-yw1-f198.google.com with SMTP id 00721157ae682-79801be4ca3so50493517b3.0

for ; Fri, 27 Feb 2026 23:22:37 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1772263351; x=1772868151; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=LAemg93AebOCgP/LU7jFldsE7azdftPNbrip/TmWhzo=;

b=b1ToN1o+BjRJvBJ1NqtNZl3+XqoUaThbZ3VVWyQ2tFeyM8hM+M/Js2t68DGzsstvVt

B6YCQZJWG977rxvkTfFDwF6fA7cg5Di0RL67dpg0PxsB2LqB+q3ZWZy0XeG8yLG3EE75

7zdBrf3WGB1mmuVVe8vs9xUS66U2+YV/x23qQ0mve5vEllM9lJS58aR/UcarejOGWN7z

Xy7Z0HeQEMbbltbA4sXJBbwIzcc++41rA/NVvaoGXWQl3xVTaICEy/oqyEE8ruyIYN6S

gYxYpapb56PS4ezju4sV3LyV9SxKg7nNZXfVV+fE2ibIHfuaFEPbCLAPbsDRc1D8QTPy

rdfw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1772263351; x=1772868151;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=LAemg93AebOCgP/LU7jFldsE7azdftPNbrip/TmWhzo=;

b=joB9raSO7waL/zweyJypIsntHl1CN0Q/F6rm8Uxp+MJI5Ikn42FqoF1+4NlIDH4K3U

Rk/YFkjsSHXBtBLw6pydWeCwL4k3WVIrOOlyp+uUP1+yZ6nu9Hw0uYsNlucX+05jGona

2B40CWNI2/JricbRFEN2avpfiyPd5JUKykhX+UnVkP8MXIoA+epktRB6m/G0UPyvhA3V

tF2lCTlRJnHPd+H1WGT6jlKLqC8ZEhqx2Cy26u22HXHoZ4+Etwvw8lCS5zVe/mRCZsJP

fc3p5i5kBEJMOG56bcY+8QrPaRkm13LyPYfcXezIbrBAeb/jtb/7037xEaVxv7cxOTcZ

3u8Q==

X-Gm-Message-State: AOJu0Yx6xlLz0MDqxRXQ+OoqhUbaV4f10AaK2xM9VHIQf0bbgbIzDdbp

o0mBjE9vmmaHwoCpznMTLPLXbnXMfcokLcVKv/XXSX+xXmIvwBVGII7qKndeUYIT4s1ht604UOo

ymH2DMg==

MIME-Version: 1.0

X-Received: by 2002:a53:ee42:0:b0:641:f5bc:69a4 with SMTP id

956f58d0204a3-64cc236a35amr3566847d50.82.1772263350762; Fri, 27 Feb 2026

23:22:30 -0800 (PST)

Message-ID:

Date: Sat, 28 Feb 2026 07:22:30 +0000

Subject: Re: Social Media Management root@nk.ca

From: kundankumarzxcds@gmail.com

To: root@nk.ca

Content-Type: multipart/alternative; boundary="000000000000788193064bdd378c"

X-Spam_score: 8.9

X-Spam_score_int: 89

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Good Afternoon, I sent you an email on Friday but didn't hear

back.I offer affordable VA support. Could we schedule a brief 5-minute call

next Tuesday or Wednesday? Thank you! Kundan VA Team!! On Fri, Dec 12, 2025,

at 9:43 AM, < > wrote:

Content analysis details: (8.9 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

[209.85.128.198 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.128.198 listed in dnsbl.ahbl.org]

[209.85.128.198 listed in dnsbl.ahbl.org]

[209.85.128.198 listed in dnsbl.ahbl.org]

[209.85.128.198 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.128.198 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.128.198 listed in dnsbl.ahbl.org]

Donation spam

Posted by Dave Yadallee on Saturday, February 28. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 28 Feb 2026 01:26:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwFdV-00000000MNn-31YR

for dave@doctor.nl2k.ab.ca;

Sat, 28 Feb 2026 01:25:17 -0700

Resent-From: The Doctor

Resent-Date: Sat, 28 Feb 2026 01:25:17 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [200.192.64.24] (port=50108 helo=lnpmf-zimbra.pmf.sc.gov.br)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vwCwp-000000009MA-3a9h

for sales@nk.ca;

Fri, 27 Feb 2026 22:33:13 -0700

Received: from localhost (localhost.localdomain [127.0.0.1])

by lnpmf-zimbra.pmf.sc.gov.br (Postfix) with ESMTP id 9DC3A1985835;

Sat, 28 Feb 2026 00:38:36 -0300 (-03)

Received: from lnpmf-zimbra.pmf.sc.gov.br ([127.0.0.1])

by localhost (lnpmf-zimbra.pmf.sc.gov.br [127.0.0.1]) (amavisd-new, port 10032)

with ESMTP id GnY7g4pfY_lE; Sat, 28 Feb 2026 00:38:36 -0300 (-03)

Received: from localhost (localhost.localdomain [127.0.0.1])

by lnpmf-zimbra.pmf.sc.gov.br (Postfix) with ESMTP id 8DBF4198580A;

Sat, 28 Feb 2026 00:38:33 -0300 (-03)

DKIM-Filter: OpenDKIM Filter v2.10.3 lnpmf-zimbra.pmf.sc.gov.br 8DBF4198580A

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pmf.sc.gov.br;

s=C9FDC13E-AA56-11EA-95E9-DD25EFAE2574; t=1772249913;

bh=4UEHNDS31GRLR7vJbQF63El11KbKwYSmjgxHW+8JPcI=;

h=Date:From:Message-ID:MIME-Version;

b=cLlQKVb38yCNxwb7T34xRxzKJE/zBNVzQmpzrECPxCIrVUXAIpwnvJCkIpLU3DL5S

77YLKFyicd/v2a5a9AhnpEH0XD9DlpGzIAPcp4KADWXgyO/392vN+YGAdDoqg3MitA

g5Apoti8JDFdV7YlT4kuLXu8NDh+q0xztDfiRKm6O6fEYwPcHbMsjBFlcPqyLxUNS+

/Rajs5jCMSwsuLWiGLP6LBWQwVY7NTx06+LbwWcvJSCZHO9cdDG2masRgp+3lH5OjB

DyQHJ32bB3mKHmB8xRvysNqdmgu8U4UuiB3heGrXgBQhII/w2evXcSib1f9o2XM4wo

UfU6dZg0xL5cw==

X-Virus-Scanned: amavisd-new at pmf.sc.gov.br

Received: from lnpmf-zimbra.pmf.sc.gov.br ([127.0.0.1])

by localhost (lnpmf-zimbra.pmf.sc.gov.br [127.0.0.1]) (amavisd-new, port 10026)

with ESMTP id 5PV2pkt_BTuc; Sat, 28 Feb 2026 00:38:33 -0300 (-03)

Received: from lnpmf-zimbra.pmf.sc.gov.br (lnpmf-zimbra.pmf.sc.gov.br [200.192.64.24])

by lnpmf-zimbra.pmf.sc.gov.br (Postfix) with ESMTP id DFC0E19857FA;

Sat, 28 Feb 2026 00:38:25 -0300 (-03)

Date: Sat, 28 Feb 2026 00:38:25 -0300 (BRT)

From: Cheng Saephan

Reply-To: Cheng Saephan

Message-ID: <170048781.31208672.1772249905835.JavaMail.zimbra@pmf.sc.gov.br>

Subject: Donation of 2.8 Dollars.

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="=_fc369b15-1be0-43ed-aa09-b7a1efcde323"

X-Originating-IP: [140.174.187.15]

X-Mailer: Zimbra 8.8.15_GA_4508 (zclient/8.8.15_GA_4508)

Thread-Index: HMBDxUdinZH1BtKGP+ptxQA0lv+k4Q==

Thread-Topic: Donation of 2.8 Dollars.

X-Spam_score: 14.7

X-Spam_score_int: 147

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview:

The sum of 2.8 million Dollars has been donated to you

by Mr Cheng Saephan. Get back for more details via (chengsaephandonation83@gmail.com)

FOR MORE INFORMATION.

The sum of 2.8 million Dollars has

been donated to you by Mr Cheng Saephan. Get back for more details via (chengsaephandonation83@gmail.com)

FOR MORE INFORMATION.

Content analysis details: (14.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[140.174.187.15 listed in will-spam-for-food.eu.org]

[140.174.187.15 listed in will-spam-for-food.eu.org]

[140.174.187.15 listed in will-spam-for-food.eu.org]

[140.174.187.15 listed in will-spam-for-food.eu.org]

[140.174.187.15 listed in will-spam-for-food.eu.org]

[140.174.187.15 listed in will-spam-for-food.eu.org]

[140.174.187.15 listed in will-spam-for-food.eu.org]

[140.174.187.15 listed in will-spam-for-food.eu.org]

[200.192.64.24 listed in will-spam-for-food.eu.org]

[200.192.64.24 listed in will-spam-for-food.eu.org]

[200.192.64.24 listed in will-spam-for-food.eu.org]

[200.192.64.24 listed in will-spam-for-food.eu.org]

[200.192.64.24 listed in will-spam-for-food.eu.org]

[200.192.64.24 listed in will-spam-for-food.eu.org]

[200.192.64.24 listed in will-spam-for-food.eu.org]

[200.192.64.24 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[200.192.64.24 listed in dnsbl.ahbl.org]

[200.192.64.24 listed in dnsbl.ahbl.org]

[200.192.64.24 listed in dnsbl.ahbl.org]

[200.192.64.24 listed in dnsbl.ahbl.org]

[140.174.187.15 listed in dnsbl.ahbl.org]

[140.174.187.15 listed in dnsbl.ahbl.org]

[140.174.187.15 listed in dnsbl.ahbl.org]

[140.174.187.15 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[200.192.64.24 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[200.192.64.24 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[200.192.64.24 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[200.192.64.24 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[200.192.64.24 listed in list.dnswl.org]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[chengsaephandonation83(at)gmail.com]

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

1.0 XFER_LOTSA_MONEY Transfer a lot of money

Subject: {SPAM?} Donation of 2.8 Dollars.

--=_fc369b15-1be0-43ed-aa09-b7a1efcde323

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: 7bit

The sum of 2.8 million Dollars has been donated to you by Mr Cheng Saephan. Get back for more details via (chengsaephandonation83@gmail.com) FOR MORE INFORMATION.

--=_fc369b15-1be0-43ed-aa09-b7a1efcde323

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: 7bit

<div>The sum of 2.8 million Dollars has been donated to you by Mr Cheng Saephan. Get back for more details via (chengsaephandonation83@gmail.com) FOR MORE INFORMATION.<br /></div>

--=_fc369b15-1be0-43ed-aa09-b7a1efcde323--