Costco Phish
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 20 Oct 2025 13:05:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))
(envelope-from
id 1vAvB6-00000000MmJ-1U0p
for dave@doctor.nl2k.ab.ca;
Mon, 20 Oct 2025 13:04:20 -0600
Resent-From: The Doctor
Resent-Date: Mon, 20 Oct 2025 13:04:20 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from [87.120.219.77] (port=55795 helo=support-uk.online)
by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))
id 1vAuje-00000000KbW-2pf2
for sales@netknow.ca;
Mon, 20 Oct 2025 12:36:06 -0600
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=netknow.ca;
h=Date:To:From:Subject:Content-Type:Content-Transfer-Encoding:Mime-Version; i=sales@netknow.ca;
bh=pXAxvJPYSQ3NBwx3fSStzoKVUvU=;
b=LHSNv6I+G17LfPepFF+O571QiAIFizo06cjS/rjHykI/NiRAGoYHYH1NRw7bksEPCp9DMoW9l4hx
8SmytkpnhwlKrqulR9ebJDR2xzdAZlqcJYGSubw6I9PSs4cUADChHKNQgbNUxzoVF7OHKkTBsHjc
BG2MyZzRdTQfK4bT7HM=
DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=netknow.ca;
b=ts3tNu7N5cYWYo+/T116Um2Ue7XdxoBQrBSmDO5vemrpz2Ws5MmNPVC69uiLgunhm43zZLoxRKrh
9nGhI8FlHKbk+Zo+MCrX6bKD1ZWd3V0nT8R3ODN2bbcaq9IUGswTNHHzoHiDgdRYTKcmZ2EBn9Uu
RUeBAVEjP6V8Y1g60yY=;
Date: Mon, 20 Oct 2025 18:35:04 +0000
To: sales@netknow.ca
From: Costco Wholesale
Subject: “Special Delivery for Costco Members—Fresh Meat Boxes Inside”
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding :BASE64
Mime-Version: 1.0
X-Spam_score: 12.6
X-Spam_score_int: 126
X-Spam_bar: ++++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Congrats,sales! If you no longer wish to receive these emails,
you can unsubscribe by clicking here.
Content analysis details: (12.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.1 MISSING_MID Missing Message-Id: header
1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org
[87.120.219.77 listed in will-spam-for-food.eu.org]
[87.120.219.77 listed in will-spam-for-food.eu.org]
[87.120.219.77 listed in will-spam-for-food.eu.org]
[87.120.219.77 listed in will-spam-for-food.eu.org]
[87.120.219.77 listed in will-spam-for-food.eu.org]
[87.120.219.77 listed in will-spam-for-food.eu.org]
[87.120.219.77 listed in will-spam-for-food.eu.org]
[87.120.219.77 listed in will-spam-for-food.eu.org]
1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org
[87.120.219.77 listed in dnsbl.ahbl.org]
[87.120.219.77 listed in dnsbl.ahbl.org]
[87.120.219.77 listed in dnsbl.ahbl.org]
[87.120.219.77 listed in dnsbl.ahbl.org]
1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org
[87.120.219.77 listed in dnsbl.ahbl.org]
0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org
[87.120.219.77 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org
[87.120.219.77 listed in dnsbl.ahbl.org]
0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org
[87.120.219.77 listed in dnsbl.ahbl.org]
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4
address
0.0 HTML_MESSAGE BODY: HTML included in message
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words
0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge
2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length
greater than 79 characters
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid
0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image
0.3 MIME_8BIT_HEADER Message header contains 8-bit character
0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!
0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX
0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX
0.0 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX
Subject: {SPAM?} “Special Delivery for Costco Members—Fresh Meat Boxes Inside”
Cgo8IURPQ1RZUEUgaHRtbD4KPGh0bWw+CjxoZWFkPgogICAgPHN0eWxlPgogICAgICAgIGJvZHkgewogICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiAjZWZlZmVmOwogICAgICAgICAgICBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsKICAgICAgICB9CiAgICAgICAgcCB7CiAgICAgICAgICAgIGZvbnQtc2l6ZTogMTNweDsKICAgICAgICAgICAgY29sb3I6ICM3OTc5Nzk7CiAgICAgICAgICAgIG1heC13aWR0aDogNTgwcHg7CiAgICAgICAgICAgIGxpbmUtaGVpZ2h0OiAxLjQ7CiAgICAgICAgfQogICAgICAgIGEgewogICAgICAgICAgICBjb2xvcjogIzY2NjsKICAgICAgICAgICAgdGV4dC1kZWNvcmF0aW9uOiBub25lOwogICAgICAgIH0KICAgICAgICBpbWcgewogICAgICAgICAgICBtYXgtd2lkdGg6IDEwMCU7CiAgICAgICAgICAgIGhlaWdodDogYXV0bzsKICAgICAgICAgICAgd2lkdGg6IDc1MHB4OyAvKiBDaGFuZ2UgdGhpcyB2YWx1ZSB0byByZXNpemUgdGhlIGltYWdlICovCiAgICAgICAgICAgIGRpc3BsYXk6IGJsb2NrOwogICAgICAgIH0KICAgIDwvc3R5bGU+CjwvaGVhZD4KPGJvZHk+CiAgICA8Y2VudGVyPgogICAgICAgIDxicj4KICAgICAgICA8YQogICAgICAgICAgICBocmVmPSJodHRwOi8vMzEuMTI5LjIyLjE4NS80RWxJS1M4MjRiY3lZMzdzeWhremduYW54MVJESkVWTUhOWkJFRVhRTjE3OTczMlNVQVYyMDZMMSI+PGNlbnRlcj48aDIgc3R5bGU9ImNvbG9yOmJsYWNrIj5Db25ncmF0cyxzYWxlcyE8L2gyPjwvY2VudGVyPjxpbWcgYm9yZGVyPSIwIiBzcmM9Imh0dHBzOi8vcGJzLnR3aW1nLmNvbS9tZWRpYS9HM3VUS2VIWEVBQWxKQlc/Zm9ybWF0PWpwZyZuYW1lPTQwOTZ4NDA5NiIgYWx0PSJJbWFnZSI+PC9hPjxicj4KICAgICAgICA8cD4KICAgICAgICAgICAgSWYgeW91IG5vIGxvbmdlciB3aXNoIHRvIHJlY2VpdmUgdGhlc2UgZW1haWxzLCB5b3UgY2FuIHVuc3Vic2NyaWJlIGJ5IGNsaWNraW5nIDxhCiAgICAgICAgICAgICAgICBocmVmPSJodHRwOi8vMzEuMTI5LjIyLjE4NS81dUtKa2Y4MjRKWnNGMzdrdWd0eG5jY252MUpMWkdXRkFWV0xBQlpMUTE3OTczMkxNVkkyMDZLMSI+aGVyZS48L2E+CiAgICAgICAgPC9wPgogICAgPC9jZW50ZXI+CjwvYm9keT4KPGltZyBzcmM9Imh0dHA6Ly8zMS4xMjkuMjIuMTg1L3RyYWNrLzNybGNWVTgyNFVwdHgzN2todGZuZGNrY3UxSEZLWkdUUldRS1hPQUJMMTc5NzMyUU9HSTIwNnMxIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIiBib3JkZXI9IjAiIGFsdD0iIiBzdHlsZT0iZGlzcGxheTogbm9uZTsiPgo8L2h0bWw+Cgo=