Business advisement spam from Google Gmail

Posted by Dave Yadallee on Tuesday, May 5. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 05 May 2026 13:59:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKLuv-000000007n0-207z

for dave@doctor.nl2k.ab.ca;

Tue, 05 May 2026 13:58:53 -0600

Resent-From: The Doctor

Resent-Date: Tue, 5 May 2026 13:58:52 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qv1-f42.google.com ([209.85.219.42]:47378)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKKmi-00000000HLJ-0scZ

for root@nk.ca;

Tue, 05 May 2026 12:46:29 -0600

Received: by mail-qv1-f42.google.com with SMTP id 6a1803df08f44-8b74b460d77so33906326d6.3

for ; Tue, 05 May 2026 11:45:33 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=salescloseraisystem.com; s=google; t=1778006727; x=1778611527; darn=nk.ca;

h=mime-version:date:content-transfer-encoding:subject:to:from

:message-id:from:to:cc:subject:date:message-id:reply-to;

bh=v7tNjbkxUrDMU9ef7OxQ+MnyV+xgn+2EeM+nggYHxIc=;

b=XLHzbUpQjoVDifseV+QSW2wpRCb6z6qYa55ndy6vB1pjh8LDeYhWOsDmvDIrGExUYg

3vf33/jqKeUxcux+BkB5syhOH5maU6HaSXx7dhPDGrL01W0z2WsjJGkKgyaf5g5WA6Xy

sD9apRylphKijaCQ+/3q19v/WLtgKuaZ9f0vy+zY/Futq53bDwuBE++PfHwRksoL1we6

3rrpo+2hmxvmae6snW9mpGzUIEPAuTmTkULaNIj/pylHNtvcJ9QKwrfNc6knaYHduN0B

tX4Cy9n2pvv84C/WcopWjHp5rezKcZlEgNfjkdq4pEmlGwpQQ5VerQn4/EssqUaUldf6

t1Zw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1778006727; x=1778611527;

h=mime-version:date:content-transfer-encoding:subject:to:from

:message-id:x-gm-gg:x-gm-message-state:from:to:cc:subject:date

:message-id:reply-to;

bh=v7tNjbkxUrDMU9ef7OxQ+MnyV+xgn+2EeM+nggYHxIc=;

b=EydkZfCUo7ZTIjEB0uHaBbgmXhC1ea0/Yg7d4xMzFRp3fz5hSq//FKJo6+mSdqi1Ep

wFsnlvgB2LXt6KHM3442R0waZiaS+wCcygM4XDwAu7UZv157v5VuVGeFd5N6WqXftQPW

ArTrzjbDjGlh1rPXuF4f4GwWrP+0RScCwvQ1buiwAWaP64EgY9OvaLGLAohJ5xJX2ESm

l4Gok8zib8BYnnxDfNXclk//5PsA5ttOyCijXPeDA+boiEAOz+6v259GYLMrR+JrmEXj

PoI2OuxPE2vyelJ1eTSLB5OWZwSgXrZxUCV8I/QyQmRQuJlCnWjYfLzQfFuIfquLThVy

WqtA==

X-Gm-Message-State: AOJu0Yz3VZ7EOclrUkwKaNEMMKkd6zd3q28KVVsN7o7KWdcDczw8OmvY

fhWlwu4POKJncXbjEjGqlco6Iu1Ue7Q8pTo7PIui8kCW/rlA7DOQYREH328NhR5ttha79hV3kHu

Z+QRMS5A=

X-Gm-Gg: AeBDievpwqLQPzXaJ/c/kq+LONcdn0ocfm1dEDu2LpzF+AQLilZQHpKSrEINRYJgc+M

vKQcuZYnmOwAnCRU7Y0R8QU+eqF03PjDyYJM6rOg1vmxaQmwJ/JeLaxXXcJJd1mWcmbDl3n24Pt

eapKbw9sp4rB1ln8lcjb6jkfrYoGLEu36QvQxz4hR+PlZNPMEQwISwtr8h1mQ+5COH9BL8oV4jV

41RNdKYvHVjexfBgOv8bzHOgsteSkTXC9QAB/Kdr4YTlgOMAqVZYjwBbY042yhhx11iR67zKVD0

jUZohhOFWDmSKp9/GUY6HReJJzKrSB7cJAZTYAAs2AJRFvrRpj5cJrJ+amHT+jgU8aH8Mtvo2C8

RKkuZUN6OEZm3x9PihcSJwOibn2Fi40t/9jonT5AbQVElixm13VGg23v09UtZf1XxUYPi/JjMxs

HNTvq1AwYWXb0ddokKAVqDmUweaZWQydxNM3PeKS1sEnyO2M+nq7mrN+8yDpjRBRpn0jwT+Se/6

GLalILePP6vz9dQHF1VR0iQPbVPL7+S84ob/S+5ATL32drrRuU2wA9/O7tfUWnpPLyX4PfduaKJ

Mw==

X-Received: by 2002:a0c:f40f:0:b0:89c:4fab:3783 with SMTP id 6a1803df08f44-8b6628b89c6mr255176506d6.0.1778006726454;

Tue, 05 May 2026 11:45:26 -0700 (PDT)

Received: from 019df975-91ae-73c6-87d2-651569372401.local (ec2-44-222-103-188.compute-1.amazonaws.com. [44.222.103.188])

by smtp.gmail.com with ESMTPSA id 6a1803df08f44-8b538b1d761sm158205856d6.9.2026.05.05.11.45.25

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Tue, 05 May 2026 11:45:25 -0700 (PDT)

Message-ID: <019df975-91ae-73c6-87d2-651569372401@salescloseraisystem.com>

X-Mail-Abuse-Inquiries:

https://app.instantly.ai/privacy/report-abuse/019df975-91ae-73c6-87d2-651569372401

From: Callum Hawthorne

To: root@nk.ca

Subject: NK sales

Content-Transfer-Encoding: quoted-printable

Date: Tue, 05 May 2026 18:45:25 +0000

MIME-Version: 1.0

Content-Type: text/plain; charset=utf-8

X-Spam_score: 7.7

X-Spam_score_int: 77

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hi, I noticed your focus on reliable and secure internet services

in Edmonton. Handling client communication smoothly while keeping security

tight can be a challenge, especially when resources are limited.

Content analysis details: (7.7 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.219.42 listed in dnsbl.ahbl.org]

[209.85.219.42 listed in dnsbl.ahbl.org]

[209.85.219.42 listed in dnsbl.ahbl.org]

[209.85.219.42 listed in dnsbl.ahbl.org]

[44.222.103.188 listed in dnsbl.ahbl.org]

[44.222.103.188 listed in dnsbl.ahbl.org]

[44.222.103.188 listed in dnsbl.ahbl.org]

[44.222.103.188 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.219.42 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.219.42 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.219.42 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.219.42 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[44.222.103.188 listed in will-spam-for-food.eu.org]

[44.222.103.188 listed in will-spam-for-food.eu.org]

[44.222.103.188 listed in will-spam-for-food.eu.org]

[44.222.103.188 listed in will-spam-for-food.eu.org]

[44.222.103.188 listed in will-spam-for-food.eu.org]

[44.222.103.188 listed in will-spam-for-food.eu.org]

[44.222.103.188 listed in will-spam-for-food.eu.org]

[44.222.103.188 listed in will-spam-for-food.eu.org]

[209.85.219.42 listed in will-spam-for-food.eu.org]

[209.85.219.42 listed in will-spam-for-food.eu.org]

[209.85.219.42 listed in will-spam-for-food.eu.org]

[209.85.219.42 listed in will-spam-for-food.eu.org]

[209.85.219.42 listed in will-spam-for-food.eu.org]

[209.85.219.42 listed in will-spam-for-food.eu.org]

[209.85.219.42 listed in will-spam-for-food.eu.org]

[209.85.219.42 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.219.42 listed in list.dnswl.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: salescloseraisystem.com]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: salescloseraisystem.com]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.219.42 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.219.42 listed in wl.mailspike.net]

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} NK sales

Hi,

I noticed your focus on reliable and secure internet services in =

Edmonton.

Handling client communication smoothly while keeping security =

tight can be a challenge, especially when resources are limited.

We work with businesses to automate lead engagement and appointment =

scheduling without adding extra budget or staff.

One local provider =

recently improved their customer interactions and freed up their team to =

focus on core tasks with this approach.

Would you be open to a quick chat =

about how this might help your service flow?=C2=A0

Callum

422 Richards St, Suite 170. Vancouver, BC V6B 2Z4

P.S. Please let me know =

if you don't want to hear from me again

Spreadsheet spam from Google Gmail

Posted by Dave Yadallee on Tuesday, May 5. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 05 May 2026 13:59:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKLuP-000000007cW-1MDp

for dave@doctor.nl2k.ab.ca;

Tue, 05 May 2026 13:58:21 -0600

Resent-From: The Doctor

Resent-Date: Tue, 5 May 2026 13:58:21 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-dl1-f52.google.com ([74.125.82.52]:54617)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKKTu-00000000GSh-1qY6

for root@nk.ca;

Tue, 05 May 2026 12:27:07 -0600

Received: by mail-dl1-f52.google.com with SMTP id a92af1059eb24-12dca45ca21so7595285c88.1

for ; Tue, 05 May 2026 11:26:07 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1778005561; cv=none;

d=google.com; s=arc-20240605;

b=XhOrfov7hBn6CUQT6rpp37h8HViab5/ka77iUA+h01h8Vexpq6l/1S0tl1uCiC3xTJ

B12t/AShon+HypXQqU88QX2ipIrfjfL8X+Rq+TetREBBMF52zh2oJ+J03/b6gf1LEXKR

+nT4y6k5YSzzL15+5k73+z/DHeMR78xSvtA+5BXvSqVJICHwNJmQHtaYeisEN8JfTQz3

D/B4XHjdD2Jb+o2O8lv19pPeHF9LPUIF6N+boCDq3Yr2gCPd93AQdYdLLs9O72H/sweW

OjH7n2ReQ5NgNr8CNxAVoDQc5hApn1b7UNRFhThP8qgp4pbWe/1d5QOyZrU34Ch3HK5s

kKkA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=lG9IdjwW1o9I7Nv8xUQpvFjb19IKPP/qnYD6fZ3Rr5c=;

fh=/W6ZTlz31UGmzmdzZ9gUd6ljcGOJQNb6mwI6kO1wG+I=;

b=WdzKhvE5cInyA/VX3NoEhc2Wpzn6zYz9+Cc1c/7lVvd5pVEW7nnOZV9uuzOrDSI66l

/rBqFNGQuwndn+2WmEO/x9XzWmebjGb0nim9vMdTF/9AGrZyHRMXOG//IWLErFK1+c1g

+ev+kDxPDvqWRa2io72QIixpIdNiHGYcf3aRafxJgBHQnLVppuOpXU1MPZE3LBJ/Tv5n

bNq4nXeOfvnUlyAnKn5mBjxI6z8KxeQPvZomdC+Cymml7inX4SYvNrEb0v0JJgUdqTbL

TUC8z2bve0DO0JC/p2cdjcZOeURl23ckbPq1IdXiuHgnU9qUUgDYwVxHDXMOuVEIfBtF

12TA==;

darn=nk.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1778005561; x=1778610361; darn=nk.ca;

h=to:subject:message-id:date:from:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=lG9IdjwW1o9I7Nv8xUQpvFjb19IKPP/qnYD6fZ3Rr5c=;

b=Wfr0efz5Rhdu3IUGrjnBIMo/UDoc/1vsWQ/X6cg9v+ErFtIT/wPjtt1IhR65Orqenw

m85lU4rsRUCKq/ppmcStfSvY3Jn0SDHrE4chB+jUDzrMWAN8+1M3G/Om2CQsYDtEeY0a

P3ajOebhioklgfaKnrpv7rvNCfKkvDcFD7sKjhxyoTgg+z56M1cUbS6HhvCqFKow2cug

y1whY3y46JiItYtuX0zGpo2flLKVRW8i3e9AJXIZsK7BWztHc0lrxMDwUBTd0WB1FvRH

JQvwqacEwKUYrud16G3L5tleAXfyQ1vyVzK9wbutRtef62rYPqzcxLaoO/VYI55AB0wm

/M8Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1778005561; x=1778610361;

h=to:subject:message-id:date:from:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=lG9IdjwW1o9I7Nv8xUQpvFjb19IKPP/qnYD6fZ3Rr5c=;

b=dzcBqikM4j8+HuEAGDbNkL//ZRLRtlNUxauvPDk2R24hYr6BXNxtwHCPsNHsGphhW5

p6ZYJBL6AIeMO6vHVUf9PhURSONpz6mnbrEcMJb294kfg571+ivrEsWxHSVF2yS/u9Pr

u8QkuNy8Ip2ytjkvn/jY2+Z7JZ5b2wRaZHoDGoRpw8iJxgaR92xAV6gO29W/Ts+Xh9gP

Z8SJy4Y1iWTXczEQOIh/mNhWLmDv25WgZkcekIyjIpqYOvNy09/NKIP/jAGb6VNvHIsC

+QZT6EEmj4MKmiz3t5Z1J2QzibyCyt/isi21nwX7nWTQFaqRx1oypTmZ67gZcoTfwv83

aCrg==

X-Forwarded-Encrypted: i=1; AFNElJ9WpqzsAXARw9+UsFURc0j3yp3uNfFvj9U8IcZfMyg3k0Uq3ZCcRiT/dNAVcEWQiwS8ScFX@nk.ca

X-Gm-Message-State: AOJu0Yw809SRAsy9pquqX47WYEqjDDL2ln/Vz6Nbh6G+/2Ar1bKA9Ftw

v6MTxmw1he/pNSmFGRMDtxqoTOfboGNSR0ogsxu3ULh9M8I71nXavpWNyd3V47ixpuH5bc4QFLI

VH9WacEcUoeh6TNUcwEu3j5GMg3t+aOo=

X-Gm-Gg: AeBDievksbJ6eUdQcpRxsRCP2sPy/f6tNTOjkpeKfoyvwvYCncK262fPKlQSNu9tqfr

GLdsLzrTmY0HoTxyq93vtqPK7Bouln+bt+ZOa+LXqcCpmQm0z01au3zCOycQYl9wxAna+xLVhue

LcIlBrSsZuNSPv4Ye1TTPfT59nA6BhnKE8ik8zxsQKxCuTdGt4henDlFU2ajFkKG74rzPm1bqiT

unyd1xbmwrwQo+nASN2Swvqv2zoBx4fhXPxewSYLcVlufctZd0KDD1hE5aUZxKvb3goOmG8OWYE

uFJDaU22DAhXi0sFTix2lHEXxz+EqKaMSXEL

X-Received: by 2002:a05:693c:3015:b0:2ef:2878:7ade with SMTP id

5a478bee46e88-2f548b9d579mr262216eec.15.1778005560241; Tue, 05 May 2026

11:26:00 -0700 (PDT)

MIME-Version: 1.0

From: Anu Singh

Date: Tue, 5 May 2026 23:55:48 +0530

X-Gm-Features: AVHnY4K_r7M5Y7VEGiob3Alp6JYPZ4n93LoG2V2t52S3msWYRBW5DwB4tuYSNQw

Message-ID:

Subject:

To: EDSRFS76335@gmail.com

Content-Type: multipart/mixed; boundary="000000000000d423280651162d9f"

Bcc: root@nk.ca

--000000000000d423280651162d9f

Content-Type: multipart/alternative; boundary="000000000000d423270651162d9d"

--000000000000d423270651162d9d

Content-Type: text/plain; charset="UTF-8"

--000000000000d423270651162d9d

Content-Type: text/html; charset="UTF-8"

--000000000000d423270651162d9d--

--000000000000d423280651162d9f

Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet;

name="PRODUCTeens een hert.xlsx"

Content-Disposition: attachment; filename="PRODUCTeens een hert.xlsx"

Content-Transfer-Encoding: base64

Content-ID:

X-Attachment-Id: f_mosylezr0

Huge attachment

--000000000000d423280651162d9f--

Web/SEO/App spam Part 2

Posted by Dave Yadallee on Tuesday, May 5. 2026

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?OSYTs19Fvq72WWlFOOh5EiZxYG5waEftjk3t3Nh4inuh7j9Uv4L7NIPGwV?=

=?iso-8859-1?Q?tIpYIogFhMp9gz8utKaGUXAljD2V+Szlo2RwPINAApFPD5hp9nKHgOjZ/s?=

=?iso-8859-1?Q?FCKf1Cn3EXGZog5IW6rUOBFgWy6Z2YI2eaobm0RMqlOdOt+Cb99N5a06RU?=

=?iso-8859-1?Q?4iP59cRBhUYOQGhc9JJ5ioYdbqKwYC4LLXCK4Qo1ES481kO9tB6s3sEY90?=

=?iso-8859-1?Q?3lnIaFV3H2meQIbTaqzWyQ3dACm4m/WJQQWYTKYgL80mTDJ4VGBELum77P?=

=?iso-8859-1?Q?IfnfGhOS12Oo6xHBT3QeZNNtIMDYCG6Qh+URancaag4YfR5h9QZ7ad5h6D?=

=?iso-8859-1?Q?EDw0bAyqxJU/3Alg+dNd1PNhqj4XTq/M6A+OIX+OkgxUtkaHTDkOvuczve?=

=?iso-8859-1?Q?VqD2v11PTrYHKhKOOO39MQJRa17zDOtZ7no8ZqBnXVSabZvEYZen9AoL9V?=

=?iso-8859-1?Q?7c/xcYyIQpelJzz0L0OC4l84zuhWT3s3FfSMpiZqBaSZ4C9sWyLOzM0nhH?=

=?iso-8859-1?Q?oSmbyIBAZvanKt9Ed0qcRuxYTdnXvKWYFhTu8OktvaYke4rzP99iQ4DTuw?=

=?iso-8859-1?Q?nQIzj9J7D7N+uutcZya3JwblJMGj8kfucvAsEComDJXBZ+adXgtPTTYa8Q?=

=?iso-8859-1?Q?VIdJZQfB/ed8bxvLoJLD/GX8tRlaFLQEm++oxwa1kKkR0D8dGodVBJMIFj?=

=?iso-8859-1?Q?bhIiNRxos2agV9zo+4QuhEWpJTKPDg87MEJAcD4A9xPERHBegdihh9WzdX?=

=?iso-8859-1?Q?NiP1aIxSAOcdWMBWe2uuJHsOpUgklMp9syjWlJJPR6xQRpurk6k1zr9eaV?=

=?iso-8859-1?Q?SR/+dqpzuIk3Dn4dWsPNRNeWEoU1E90zoFdpHbJOTzzNeeg5O2iD+EKost?=

=?iso-8859-1?Q?+6N/qS9ZtXK1W61g639RF3tqHDeiul4Lg4rjmyInfNSynZl91cabGxPew9?=

=?iso-8859-1?Q?w/WFQlLQNcaA6uDW/FOJpTTOnuv2QgGLl92gwAl7xE9U/Izov0W9nmxbd2?=

=?iso-8859-1?Q?ImVec4w4EgmN/3kQeX++HCUmxZNrgPeQ1DjV/K5t61YJ7M2/WUJ3olXgOT?=

=?iso-8859-1?Q?GPJ9f1xIKXVMz6t8ji8PBk3VOLDUOHiy/EzpKu2FZ5E2i9c+NT4Gv3Iqmw?=

=?iso-8859-1?Q?UWtNtxEmP42iyY1u2TXtK+ecyxHaMLE5XQ8TYYZfSzr3hxk/xC1D8NrkRp?=

=?iso-8859-1?Q?0AFcVcy1MPibimog+9kZn9uFkXcanPAm84w9pIcjXCK9clYpkDmIWk1NUA?=

=?iso-8859-1?Q?leuKUSY5A/dM7eNbBmcWRDU/RDxd+MwbBoNlvMHIPop8nBOBWL6hCrGRIV?=

=?iso-8859-1?Q?0/qAhEIzTrjImsO9h3OBjF7657L8hmzXyLdEEGoQqkIeOQoqFs2EVhDvuJ?=

=?iso-8859-1?Q?TOBBzXaDXFirOUmBMZw84MzSXxwHyHRWurRt/OM8ru1RLd8ZOEE50=3D?=

Content-Type: multipart/alternative;

boundary="_000_SEYPR01MB5364ED9D234B287015FF2965D7EE2SEYPR01MB5364apcp_"

MIME-Version: 1.0

X-OriginatorOrg: sct-15-20-9412-4-msonline-outlook-3e488.templateTenant

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: SEZPR01MB5984.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 4d5dc5a5-b575-45c0-ad39-08deaad13ac6

X-MS-Exchange-CrossTenant-originalarrivaltime: 05 May 2026 18:07:54.3736

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: PUZPR01MB4753

--_000_SEYPR01MB5364ED9D234B287015FF2965D7EE2SEYPR01MB5364apcp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

Hi,

I visited your site and it looks great, but it seems to be falling short on=

search engine rankings for Google, Yahoo, and Bing.

Can I send over my price list and a proposal to help you improve your resul=

ts?

Thank you!

Gabya Lewis

--_000_SEYPR01MB5364ED9D234B287015FF2965D7EE2SEYPR01MB5364apcp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

1">

margin: 0px; font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; =

color: rgb(0, 0, 0);">

Hi,

s-serif; font-size: 12pt; color: rgb(0, 0, 0);">

s-serif; font-size: 12pt; color: rgb(0, 0, 0);">

I visited your site and it looks great, but it seems to be falling short on=

search engine rankings for Google, Yahoo, and Bing.

s-serif; font-size: 12pt; color: rgb(0, 0, 0);">

s-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Can I send over my p=

rice list and a proposal to help you improve your results?

s-serif; font-size: 12pt; color: rgb(0, 0, 0);">

s-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Thank you!

s-serif; font-size: 12pt; color: rgb(0, 0, 0);">

s-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Gabya Lewis

--_000_SEYPR01MB5364ED9D234B287015FF2965D7EE2SEYPR01MB5364apcp_--

Web/SEO/App spam Part 1

Posted by Dave Yadallee on Tuesday, May 5. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 05 May 2026 13:58:13 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKLu4-000000007as-4APS

for dave@doctor.nl2k.ab.ca;

Tue, 05 May 2026 13:58:00 -0600

Resent-From: The Doctor

Resent-Date: Tue, 5 May 2026 13:58:00 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japanwestazolkn19012058.outbound.protection.outlook.com ([52.103.66.58]:19798 helo=OS8PR02CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKKCw-00000000Fdg-2NBA

for sales@nk.ca;

Tue, 05 May 2026 12:09:32 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=jqajBkp3cUJuIVj9FYEskwPKzZ/nsF45QPCRdXHurjwOCctLyoqddgP420XZVG7TMf8qrq8ZQ86yV2Evd64/NWCn3eEOwtiSfd5xXFv7J4/orFro8pp+1KvWVeOsEEKAJQNyrw40QOp2CkvISQOySbTLloVucxDcaKoFvrfM6diKeiv1eSstvp4Fc8/Ga8Qkkhtp+gToObs2DQ5jkpPWYm1verC9ePA1hdCthWtvKM6NOmBg2cFTIMIb36YI98PA5J4iBzRnXTbjO6DMOThPJCwblADfJkZ4xdp65aCPeAnNvech+4eO7cuMi+SzmyH3WEqcD0q5oqbr3eZRGxxZxA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=36YRegjKQ4BOh8DYsQl3MLxUeLsKEV7LentGweEBPDo=;

b=dQ5dGUIRC+srSSztdpRkU4LfAaE11P823tMUpyv4AoO5vU1CsM3TfyG1sbu6a/LeNt830M1W2IXfflI2rv58daRXHzxzep/qddYs2b3KVKNZgURRbmNiREhm5DvcYMmTHXwxxMs7r+aYKBVmJCc8srY6rt3+CcJYdxKUE7a7KP6nsfajrmGDeWQjhwFnVdGBdsrOnyZVwhg/3ZhkcwDN+g2a8sp2SGkaXCcLcyxoiTNlSKVOBN37R+obOOBporB70mO+z6fZ4JrXRV9xlEkHQc22hud5rP/6RN96HwQYWhOElmecQqs+VIn40PosBOoD64wRNjwIppUkzwojHemdOw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=36YRegjKQ4BOh8DYsQl3MLxUeLsKEV7LentGweEBPDo=;

b=kg7Pl121T2RQOkdhK5HGWM/ck57/An7WJyBSuQ/M8SlfCGG3h4IeTJaQQP6EwYLTa1eAzhnyfpmkA5E2S+cEcOzRX9lWSaLPK9C9xwQm9X+UCzwMvU9NGyyAreNzumCyWk9xAj7nInEgrBR06dDuGfTMbLydUKLafUxTEWaSAG65SuroXBlEFkGzcDISbzNv0lCH2PkN97/mTCdlzMPWdm000T0CBZqn2KPdaQ+f1fgyUVt8pJ02Z3+UDvUqi3iYg+Ld1u6YV8YMYZLQzyW65xzE3eIrwNYBI3OJ0Sz4c9xtcLmWg8467WYHNS03beI6I5afl390MFCWdY08Dhzwlw==

Received: from SEZPR01MB5984.apcprd01.prod.exchangelabs.com

(2603:1096:101:1f3::9) by PUZPR01MB4753.apcprd01.prod.exchangelabs.com

(2603:1096:301:102::14) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9891.15; Tue, 5 May

2026 18:07:55 +0000

Received: from SEZPR01MB5984.apcprd01.prod.exchangelabs.com

([fe80::1d72:94de:83b9:d9d3]) by SEZPR01MB5984.apcprd01.prod.exchangelabs.com

([fe80::1d72:94de:83b9:d9d3%6]) with mapi id 15.20.9870.023; Tue, 5 May 2026

18:07:55 +0000

From: Gabya Lewis

To: Gabya Lewis

Subject: Follow up, yes....

Thread-Topic: Follow up, yes....

Thread-Index: AQHbcl9VB02BfLkorUSntMxlstsQHA==

Date: Tue, 5 May 2026 18:07:54 +0000

Message-ID:

Accept-Language: en-US, en-IN

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: SEZPR01MB5984:EE_|PUZPR01MB4753:EE_

x-ms-office365-filtering-correlation-id: 4d5dc5a5-b575-45c0-ad39-08deaad13ac6

x-microsoft-antispam:

BCL:0;ARA:14566002|461199028|19110799012|15030799006|15080799012|8060799015|8062599012|31061999003|24021099003|22091999003|24121999003|39105399006|37011999003|3412199025|440099028|18071099003|102099032|39145399003|41105399003|40105399003|1710799026;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?iI1LqIbejtzg2cq7H1c4TlaRukT9it8ah1Ea0/ecreIbIC7gdEo2uQsj7N?=

=?iso-8859-1?Q?stYFoDiSWG+mxpgM9QEXoq0RjhCHfXCCqV8v3RY1KpydpthX70YeyjR0Vx?=

=?iso-8859-1?Q?14qCcP3/Z7nejxc4LQe5ajvZFsjqgogcTmbsENAKKrMUORfFLSUPzDrTVs?=

=?iso-8859-1?Q?WZ4DlmgykiWaVrJ0HYei+YqPENJ52Jy//LBE/WcRGU5hu2Uysf6eQAnZS/?=

=?iso-8859-1?Q?ST1sAOC1f26KNOlZoUeY8TnuUAyXH2M8yVRNBgOa9R9EejimgkI+wFbXCp?=

=?iso-8859-1?Q?u3Hk0jT3o5GxlzS139SF/K85YAKLwSpC/VfEW1PwS9snDe4jPC8q2trr4v?=

=?iso-8859-1?Q?d/NtCqDO0EVaezyph1nJ6Eur73y7z9kOh1OCYWXH4sgEsW9GPHkkzbrNR3?=

=?iso-8859-1?Q?ddv0EzfQkdzwpBEeSfCH8HtP3OvfJhFVRQ4kbXaO+lLwuxSr0xQ3Dr9WIM?=

=?iso-8859-1?Q?jadFBlI/Y+KZaQZ9yC7cPSaYXqBsiCvLDc1XPvz5fG3FVIOgJ20KJtnaM0?=

=?iso-8859-1?Q?K/d+U5jvduV1maY9jAMZ0EZONxcqtvIRoRjQ5+QwpTEMnmj1SBs13Gx1Sp?=

=?iso-8859-1?Q?Qhz6jD9htJZUzoJkIsmgFIX8cuShAL1JSjNuNyvghB3/qLhzf3YTutha/r?=

=?iso-8859-1?Q?ZAUCyy+tn3WHkJdvqezFGB3jQ8oPRJNU9zmpaPFdfQjH4GF58ytDOrxjLS?=

=?iso-8859-1?Q?JdxrUoeq1sjAW5Aw44Haf+1M6zVshQAJNOHRwaE1YOb85NvO3Kq7qYdwf2?=

=?iso-8859-1?Q?QF2VQrvSREYOoRtbvsdOpQqVb0OUIbH6CwP81wEudqlK+f9KmbdYIv+iea?=

=?iso-8859-1?Q?KllhNsRtMlJwa5QHlcM2rw08nCXMJZxc/aMhEOJqATrn9ey3hCjh3DNtnm?=

=?iso-8859-1?Q?yyGmvU0aKCzg6HAHuiL28s7VuwEMrESVXuy1z4r/47Pv/8908oJoRrj9/8?=

=?iso-8859-1?Q?++YlbrLPSt0pQKu2yw10W2C6lJ4bDE6TYXW6p+ZXxd3HMftO14hZQePTf2?=

=?iso-8859-1?Q?r1NvB5o6hmR+7CqweZ1J77LMDand0B2Row530r/en5MWjiMSOqoPx5Q1Cr?=

=?iso-8859-1?Q?6FDAPzLBxAEw1r34ZB+VnOydrUdqKk//pEtq+kFNI76vILcbIgtjVeRw9X?=

=?iso-8859-1?Q?2W5FZObzoFDGPaXzv4OtGLfzto+pZpUickXqYAJnktxBjg/AhppaskDvZE?=

=?iso-8859-1?Q?5CnyQGMRId6TbP0lV6172T09z/lCNcSytAI08A8lvo9aHBi5Xlw5LJRr?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

Paypal phish from Google Gmail Part 4

Posted by Dave Yadallee on Tuesday, May 5. 2026

Secure Transactions: State-of-the-art encryption and fraud protection.
Fast Payments: Instant access to funds and the ability to send and receive money globally. Comprehensive Reporting: Detailed financial reports and insights to help manage your Business.

Important Notice:
If you did not authorize this account creation, please contact us immediately to resolve this matter. Your security is our top priority, and we will work swiftly to address any concerns.

Yours sincerely
PayPal Business Support
+1 (803) 290-2227
+1 (859) 247-0362

--===============7159839042201245390==--

Paypal phish from Google Gmail Part 3

Posted by Dave Yadallee on Tuesday, May 5. 2026

PayPal

Request to Create Corporate/Business Account

Dear Doctor,

We're thrilled to inform you that your PayPal Business account has been successfully created and verified using your SSN. Your new account offers you a range of features to enhance your Business transactions and financial management.

Account Details:
Account Creation Date: Tuesday, May 05, 2026
Invoice No: #46510068
Tracking Id: 873T44ODYSQA12
Business Id: 44be28b6-cd24-48c3-bed0-cd60edeb902e
Verification Status: Completed

A merchant fee of $251.99 has been deducted from your account and will be reflected on your bank statement within 2 days. This fee covers the setup and maintenance of your new Business account, providing you with the following benefits:

Paypal Phish from Google Gmail Part 2

Posted by Dave Yadallee on Tuesday, May 5. 2026

--===============7159839042201245390==

Content-Type: text/html; charset="us-ascii"

MIME-Version: 1.0

Content-Transfer-Encoding: 7bit

Paypal Phish from Google Gmail Part 1

Posted by Dave Yadallee on Tuesday, May 5. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 05 May 2026 08:30:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKGmF-000000004Jc-1AXZ

for dave@doctor.nl2k.ab.ca;

Tue, 05 May 2026 08:29:35 -0600

Resent-From: The Doctor

Resent-Date: Tue, 5 May 2026 08:29:35 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qt1-f173.google.com ([209.85.160.173]:45365)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKFTY-00000000PbC-06hm

for doctor@nl2k.ab.ca;

Tue, 05 May 2026 07:06:22 -0600

Received: by mail-qt1-f173.google.com with SMTP id d75a77b69052e-50e5bea4045so43249191cf.3

for ; Tue, 05 May 2026 06:05:23 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1777986317; x=1778591117; darn=nl2k.ab.ca;

h=priority:importance:subject:from:to:mime-version:date:message-id

:from:to:cc:subject:date:message-id:reply-to;

bh=7t6YRzPIFdiC7rq5JQ7oCgeL9A5ApvfrbAy59xjTtq8=;

b=NLnn/vl+JbjciPA2EXEEdmr6jzAg63N857LZ0EryaDz2VxmpnbYZ910/OXHV2dLHEK

OzKoB7nNnqLqMIIocRo4BGZ3XpyJUFbQ+09HFYMkHivBI641VVbqXp84l5LhFUiL2+So

Pgy1uzBfxtBefh5sVbLgvpHHsiRiYfpoHvQRzXznWR27L04dB17qJX7SctI3JbyYxQpg

3Bc5zL90JXWLKwA8z2TF05waUhxvMbifpV2/Xkenv96dc6QFqLKBI7u+Rxbw/m4allzU

x1URb5k2dulutJYTQ6PsbOLA2sxGsx7GUaJp0KIWBNxibZwMy1Hwq+gyFCYoIx32xlVp

T/tQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1777986317; x=1778591117;

h=priority:importance:subject:from:to:mime-version:date:message-id

:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=7t6YRzPIFdiC7rq5JQ7oCgeL9A5ApvfrbAy59xjTtq8=;

b=jKEFtcGolYB35ajL6qiOjKOcJisyUM43C4zwdKKnTaOVyDd+7AbcwA69iOadWL+O6l

u9NlhscFHlRlE2Rw8YuXFU/wjk/JbsRntl+8iLNb8zCX5zN93Q9j9DqWV/n2DblLwRNy

bpSgeRjx4WwmnquUXq8IIssnsalo3m3c8EACN6qtVD4jdRIk+PsG8+lSDMNyzX+sGIkU

GbpTuG2kdc1vw46Qb7oO4iQjcbKZqGC73Ayqv7cUQhMD9FFe3koxr0BoS0YQYOKYNNNz

5kXK5vMFBaLZlJBMh4tRsF7+x/nFMimKkzQ9+JlT07yQHp9idS7TQIULkv3UdmeQgh+2

0U3A==

X-Gm-Message-State: AOJu0Yx/pNNsGxitCJGckowhr1LVlXDB9POlOWxELVyVZ1ePO5dlfCh2

52YFqCHddjnNTeIAdfV4iVaDIE1PJN0OQBRahc4OLHYIND/cXZyI5o0yfx+mu3YzagvM924n

X-Gm-Gg: AeBDievNwfQ+1sFLOr87RpyJWO6O4bRJEgfgqnqFP1qC3NR1C4QY3zuGkKkqlxbC7pt

Nu9yhzJXWsz9IMyE9IR6RuaSU6vPQb1VZdPTz7PpzGEsnu63lEyWRvnN+JT+kztB9dDD5cIgfmR

M9kI4RrE35/Pk49CSc431NLC2ttPkKRgfgvLXdXen/0RJKj36s6+qsM/Sm+2zUcZTEn94qbgCz1

MUYrjxqo2VvvMIlGrOO//0+9G7Udh0rDtuAIrgMefNj3b8L2XjY3TR2dDxyN7/A1B7ukTxJDCu/

bcwARehNdz2ajkbo2VWCfN1rGpi9xwUKMZGUdG1kWg55uZy1WpEHFN+fWl2FxZz/6iEHX1G+enz

XFgVyefeyUV/stmJmJt6ARNIY63aiK6ObPWU1bPT7O5coXK2ZavJ3I2IrqcR1NgykuDWlIcFmar

3JYwuKsIznsX0/vfIndPCjUjSpAy0djcU1d267mJ8BNpwCp6d+Wm1qGqo1CJ9PjFJ5qAsbZ9Jzv

XwJFg==

X-Received: by 2002:ac8:5983:0:b0:50b:577c:e259 with SMTP id d75a77b69052e-5104bf0a240mr194669701cf.35.1777986316858;

Tue, 05 May 2026 06:05:16 -0700 (PDT)

Received: from [172.22.16.198] ([43.163.119.139])

by smtp.gmail.com with ESMTPSA id d75a77b69052e-51040b5af36sm120003581cf.20.2026.05.05.06.05.15

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Tue, 05 May 2026 06:05:16 -0700 (PDT)

Message-ID: <69f9eb0c.c80a0220.2c282f.f6f6@mx.google.com>

Date: Tue, 05 May 2026 06:05:16 -0700 (PDT)

Content-Type: multipart/mixed; boundary="===============7159839042201245390=="

MIME-Version: 1.0

to: Doctor

from: Doctor

subject: Your request No #46510068 is being processed for you

Importance: normal

Priority: normal

X-Spam_score: 6.6

X-Spam_score_int: 66

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: PayPal Request to Create Corporate/Business Account Dear

Doctor,

Content analysis details: (6.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.160.173 listed in dnsbl.ahbl.org]

[209.85.160.173 listed in dnsbl.ahbl.org]

[209.85.160.173 listed in dnsbl.ahbl.org]

[209.85.160.173 listed in dnsbl.ahbl.org]

[43.163.119.139 listed in dnsbl.ahbl.org]

[43.163.119.139 listed in dnsbl.ahbl.org]

[43.163.119.139 listed in dnsbl.ahbl.org]

[43.163.119.139 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.160.173 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.160.173 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.160.173 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.160.173 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[43.163.119.139 listed in will-spam-for-food.eu.org]

[43.163.119.139 listed in will-spam-for-food.eu.org]

[43.163.119.139 listed in will-spam-for-food.eu.org]

[43.163.119.139 listed in will-spam-for-food.eu.org]

[43.163.119.139 listed in will-spam-for-food.eu.org]

[43.163.119.139 listed in will-spam-for-food.eu.org]

[43.163.119.139 listed in will-spam-for-food.eu.org]

[43.163.119.139 listed in will-spam-for-food.eu.org]

[209.85.160.173 listed in will-spam-for-food.eu.org]

[209.85.160.173 listed in will-spam-for-food.eu.org]

[209.85.160.173 listed in will-spam-for-food.eu.org]

[209.85.160.173 listed in will-spam-for-food.eu.org]

[209.85.160.173 listed in will-spam-for-food.eu.org]

[209.85.160.173 listed in will-spam-for-food.eu.org]

[209.85.160.173 listed in will-spam-for-food.eu.org]

[209.85.160.173 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[nompilondzinisa706(at)gmail.com]

1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[nompilondzinisa706(at)gmail.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.160.173 listed in list.dnswl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.160.173 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.160.173 listed in bl.score.senderscore.com]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 T_MXG_LOWER_HDR_SPAM Lower case header spam

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} Your request No #46510068 is being processed for you

Sendgrid spam Part 1

Posted by Dave Yadallee on Tuesday, May 5. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 05 May 2026 08:29:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKGld-000000004Hh-330J

for dave@doctor.nl2k.ab.ca;

Tue, 05 May 2026 08:28:57 -0600

Resent-From: The Doctor

Resent-Date: Tue, 5 May 2026 08:28:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from wrqvfpbd.outbound-mail.sendgrid.net ([149.72.243.189]:53266)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKElS-00000000Oi2-3uYu

for sales@nk.ca;

Tue, 05 May 2026 06:20:49 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dealsndrops.com;

h=content-type:date:from:mime-version:subject:to:cc:content-type:date:

from:subject:to;

s=s1; t=1777983585;

bh=3Eu+gJTsup2chbci4Ff1G9LFHMvBQ6QTLJz8WohtReg=;

b=swliDHhjauq6uTbvrrJRJrV3VueoHaeCMdPiijyj/ZLqeCUayLvRlLBhdeDpN2QFif2w

bM3djlKjQVjas7zaNlfoUFeTnXoeU+m1xSb23O+KskmD2EZ1cRbrkIS+WsU+L23ajDaJ0T

h7oSImhewyGhYm7J4OWMS5O5/wp6yBFFVzJ92/G5xGoyYHpfoaFscx3zKPSZnDhqvM1Qbp

ao3486sXcCH8UbykJEZXwFnWBPUTOf/vgIUQRASj+7N64eOsl/xt3nhW6d0DbloNxo6In0

kQcr69T2rnEgyAUAROr8mtehICHF09v/gWV2yzXeeG65jKbq4ZGemnoUcXsi0bDQ==

Received: by recvd-6d75975858-8pn2v with SMTP id recvd-6d75975858-8pn2v-1-69F9E061-36

2026-05-05 12:19:45.429101793 +0000 UTC m=+572183.132257548

Received: from MTc0OTYwOTc (unknown)

by geopod-ismtpd-5 (SG) with HTTP

id jXl2MfB7R-aEYHdj2_KMxA

Tue, 05 May 2026 12:19:45.367 +0000 (UTC)

Content-Type: multipart/alternative; boundary=28bf9c672803c8d0356d003f33f74c12e9c36860a5fb752c639af5aebce1

Date: Tue, 05 May 2026 12:19:45 +0000 (UTC)

From: Indigo-Deals

Mime-Version: 1.0

Message-ID:

Subject: Cotton-Linen Henley Neck Relaxed-Fit Shirts @ 50%OFF

X-SG-EID:

=?us-ascii?Q?u001=2E3t5l1RirBNXDFokocY3RJfw80kFdekzOFj8n4P+=2FBlQrCmi7IkcQwX1sM?=

=?us-ascii?Q?ZpWJmBwsEwAwHF=2FbP=2Fb+3fEmM+Bk+=2FA=2Fwz17QXg?=

=?us-ascii?Q?SBdAeYg03T50zIVlyiAtuRorRr1vsshuA816U5f?=

=?us-ascii?Q?qagvL2tQICyuc+5rOppQ9ioS2BUX6LeAmGvGh50?=

=?us-ascii?Q?BFw0RUkmBP6Ehv1tr6Ws=2FXsd5KVbef8Jy50ACSx?=

=?us-ascii?Q?dydp=2F7d5xeqHYVN97zcfiA=3D?=

To: sales@nk.ca

X-Entity-ID: u001.5S4JktQEodO4bREbryE29g==

X-Spam_score: 38.0

X-Spam_score_int: 380

X-Spam_bar: ++++++++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: [Image](https://u17496097.ct.sendgrid.net/ls/click?upn=u001.CzZ18fCz8BpP-2FTLsMMDad1jzeVjV-2FUgSbYCxFrt8tX58wVtVyBRNx0EXxzwOBzZIy2ESxcCfbBRzRVSApKJqyikXq1FRkA2srAq71021rKko7Zx-2B7dol-2BKqmOwKlhIzHcnMm

[...]

Content analysis details: (38.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[149.72.243.189 listed in dnsbl.ahbl.org]

[149.72.243.189 listed in dnsbl.ahbl.org]

[149.72.243.189 listed in dnsbl.ahbl.org]

[149.72.243.189 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[149.72.243.189 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[149.72.243.189 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[149.72.243.189 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[149.72.243.189 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[149.72.243.189 listed in will-spam-for-food.eu.org]

[149.72.243.189 listed in will-spam-for-food.eu.org]

[149.72.243.189 listed in will-spam-for-food.eu.org]

[149.72.243.189 listed in will-spam-for-food.eu.org]

[149.72.243.189 listed in will-spam-for-food.eu.org]

[149.72.243.189 listed in will-spam-for-food.eu.org]

[149.72.243.189 listed in will-spam-for-food.eu.org]

[149.72.243.189 listed in will-spam-for-food.eu.org]

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URI: sendgrid.net]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[149.72.243.189 listed in bl.score.senderscore.com]

0.3 LONGWORD BODY: Uses overlong words

0.1 TW_ZC BODY: Odd Letter Triples with ZC

0.1 TW_QO BODY: Odd Letter Triples with QO

0.1 TW_TD BODY: Odd Letter Triples with TD

0.1 TW_GW BODY: Odd Letter Triples with GW

0.1 TW_QH BODY: Odd Letter Triples with QH

0.6 MEGALONGWORD BODY: Uses really overlong words

0.1 TW_BZ BODY: Odd Letter Triples with BZ

0.1 TW_JN BODY: Odd Letter Triples with JN

0.1 TW_FQ BODY: Odd Letter Triples with FQ

0.1 TW_JV BODY: Odd Letter Triples with JV

0.1 TW_DX BODY: Odd Letter Triples with DX

0.1 TW_WJ BODY: Odd Letter Triples with WJ

0.1 TW_XJ BODY: Odd Letter Triples with XJ

0.1 TW_VB BODY: Odd Letter Triples with VB

0.1 TW_XQ BODY: Odd Letter Triples with XQ

0.1 TW_ZQ BODY: Odd Letter Triples with ZQ

0.1 TW_ZG BODY: Odd Letter Triples with ZG

0.1 TW_KZ BODY: Odd Letter Triples with KZ

15 GR_DOMAIN_SENDGR6 URI: Body contains known spammer URI (sendgr)

0.0 HTML_MESSAGE BODY: HTML included in message

0.6 HTML_IMAGE_RATIO_04 BODY: HTML has a low ratio of text to image area

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

Subject: {SPAM?} Cotton-Linen Henley Neck Relaxed-Fit Shirts @ 50%OFF

Sendgrid spam Part 2

Posted by Dave Yadallee on Tuesday, May 5. 2026

Image

Trending Products - Don't Miss Out

Everything Now 40-60%OFF For a Limited Time!

Use code M3DEAL19 at checkout for extra 5%OFF

BreezeWear Cotton-Linen Henley Neck Short Sleeve Relaxed-Fit Shirt

Image

Upgrade your warm-weather wardrobe with this Cotton Linen Henley Shirt — the perfect blend of relaxed comfort and clean, classic style.

Made from a breathable cotton-linen fabric, it feels light and airy on the skin, making it ideal for summer days, beach trips, vacations, and everyday casual wear.

The Henley neckline with a button placket adds a timeless vintage touch, while the chest pocket brings practical style you can actually use. With a short-sleeve, easy-fit cut and a solid color design, this shirt pairs effortlessly with shorts, jeans, chinos, or linen pants for a laid-back look that still feels put-together.

Why you’ll love it:

Cotton-linen blend for lightweight, breathable comfort

Henley button neckline for a classic vintage feel

Chest pocket for added function and style

Short sleeves + relaxed fit for easy summer layering

Perfect for beach, travel, weekends, streetwear, and casual nights out

VIEW OFFER / BUY NOW

Leather Retro EDC Organizer Waist-Bag for Men

Image

An all in one EDC leather pouch/Waist Bag for men on belt, with a specific multitool sheath, also a flashlight sheath and key holder.

This EDC Organizer is made of Genuine Leather and is suitable for any occasion, work, or travel & hash plenty of space to store all your belongings!

***High-Quality Material / Large Capacity Design / Durable & Convenient***

It's tough and hard-wearing, with a stylish appearance!

So you can easily take all your EDC pocket gear with you!

VIEW OFFER / BUY NOW

CozyGrip Unisex Warm Winter Non-Slip Floor Socks

Image

These socks are the ultimate combination of comfort, style, and safety, designed to keep you warm and secure during the colder months. Whether you're relaxing at home or moving about, these fleece-lined, non-slip socks will become your favorite go-to for cold weather.

Crafted from ultra-soft coral fleece, these socks provide a cozy and luxurious feel, making them perfect for cold winter days. The fluffy material hugs your feet, locking in warmth and ensuring your toes stay comfortable whether you’re lounging at home, sleeping, or walking around the house. The fleece lining feels like you’re stepping into a pair of warm slippers, ideal for those chilly mornings.

VIEW OFFER / BUY NOW

Military Grade Polymer Buckle Tactical Belt

Image

Crafted for durability and convenience, this belt is designed with 100% quick-dry, stain-resistant military-grade nylon, ensuring it's rugged and ready for any situation. Paired with a premium polymer buckle made in Japan, this belt provides a nickel-free, hypoallergenic, and metal-free solution, allowing frequent travelers to pass through airport security with ease—no need to remove the belt.

Why Military Grade?

Our belts are made with military-grade nylon webbing, originally engineered for high-stress scenarios and reliable payload delivery. The heavy-duty materials and construction make this belt virtually indestructible, with the strength and resilience to last a lifetime under normal use. The high-quality polymer buckle offers a sturdy yet comfortable fit without the discomfort of traditional metal buckles.

VIEW OFFER / BUY NOW

Vintage Soft Cotton Breathable Lightweight Adjustable Fit Newsboy Cap

Image

Sometimes the best things never go out of style — they just get better with age.

We’re excited to introduce a true classic: the Vintage Cotton Newsboy Cap, thoughtfully designed for comfort, simplicity, and timeless charm. Whether you're heading to the market, enjoying an afternoon stroll, or just want a little extra shade in the sun — this hat offers easygoing elegance that fits like an old friend.

Why you’ll love it:

✔️ Soft, breathable cotton — gentle on the scalp

✔️ Adjustable fit — no pinching or slipping

✔️ Stylish and subtle — perfect for any occasion

✔️ Lightweight — great for warmer days and travel

✔️ Classic shades — from denim blue to coffee brown

This isn’t about chasing trends. It’s about honoring your personal style, staying comfortable, and wearing something that just feels right.

VIEW OFFER / BUY NOW

Magnetic Therapy Boxer Briefs

Image

These Special Boxer Briefs Utilize Magnetic Therapy By Incorporating 18 Built-In Static Magnets That Provide Astonishing Health Benefits.

Enhanced Immune System & General Body Resistance

Boost Blood Circulation And Stabilize Blood Pressure

More Powerful Erections

Intensify Sexual Arousal And Orgasms

Start Enjoying The Benefits And Get The Healthiest Magnetic Underwear For Your Body!

VIEW OFFER / BUY NOW

Image

Deep Penetration & Long-Lasting Relief Natural Herbal S...

VIEW PRODUCT

Image

Extra-Wide 45° Diagonal Full Visibility Design Ergonom...

VIEW PRODUCT

Image

Ultra-thin 3X Magnifying Reading Aid Sheet For The Elde...

VIEW PRODUCT

Image

Bee Venom Joint Lotion — Hypoallergenic & Fast-Absorb...

VIEW PRODUCT

VIEW ALL NEW ARRIVALS

VIEW FULL GADGETS COLLECTION

VIEW FULL OUTDOORS COLLECTION

VIEW FULL KITCHEN COLLECTION

VIEW ALL AVAILABLE COLLECTIONS

Sent By : Indigo Retail Group inc.

ref : 6161A-5865920-1288D

1201 N Orange Street

Wilmington, DE 19801, USA

Don't like these emails? Click HERE to unsubscribe / Report SPAM

tracking pixel image

Chinese products spam

Posted by Dave Yadallee on Tuesday, May 5. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 04 May 2026 22:10:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wK75u-00000000GzM-2rek

for dave@doctor.nl2k.ab.ca;

Mon, 04 May 2026 22:09:14 -0600

Resent-From: The Doctor

Resent-Date: Mon, 4 May 2026 22:09:14 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from out208-125.dm.aliyun.com ([140.205.208.125]:52669)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wK6z2-00000000GY9-2pVg

for root@nk.ca;

Mon, 04 May 2026 22:02:19 -0600

X-AliDM-RcptTo: cm9vdEBuay5jYQ==

Feedback-ID: default:vip@vip0.clamp.ltd:vip_edm_WebBatch:324942

DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed;

d=vip0.clamp.ltd; s=aliyun-cn-hangzhou;

t=1777953670; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;

bh=M6WLmA6KXHP62d1nlQqnH1yIga89zm9bfv+fbT7Aue0=;

b=UKxV7FCMKz7FzMKVcgCLNMMtmRIExxD4mgFuNgMnYcNnnjQEFdQIQylj9oizn6BzAjH5s/jfbBrmPnTFbRXwjHZN1rXTOP7oArzZraM5dg5DWAY5sx5/nnTJZa3mL1/EsH6cin+dcJo7N5JamFt6F/EiEnI94MXjvQp032bfmqg=

DKIM-Signature:v=1; a=rsa-sha256; c=relaxed/relaxed;

d=dm-fbl.aliyuncs.com; s=feedback;

t=1777953670; h=Date:From:To:Message-ID:Subject:MIME-Version:Content-Type;

bh=M6WLmA6KXHP62d1nlQqnH1yIga89zm9bfv+fbT7Aue0=;

b=VIJQdJEHJDREdUTxvnC2h7C24HGMmD0mXdxE4AnS8vKXPL1kGnJTcodar0QezLMxGg6M44PS3jSrnbrUBeH0w8/ixcUx6WL9brMs0OWOuMYaclm/MYVs6yJBwSxkbgMsm7nbcen5uNvVMA9gNWyI7ynq3dWkG3p1uYZekmI/ZfM=

Received: from chitu-hsf(mailfrom:vip@vip0.clamp.ltd fp:ma_600000296767093570 cluster:AY35D)

by smtp.aliyun-inc.com(127.0.0.1);

Tue, 05 May 2026 12:00:31 +0800

Date: Tue, 05 May 2026 12:00:31 +0800

From: "Vivian"

To:

Reply-To:

Message-ID: <2f08f5e4-22b8-4723-92a8-0fbc10bcb98d@alibaba.com>

Subject: =?UTF-8?B?Um9ja2V0aXMgaG9zZSBjbGFtcCB3aWRlIHJhbmdl?=

X-Priority: 3

MIME-Version: 1.0

X-EnvId: 600000296767093577

X-AliDM-Settings: eyJPdXRib3VuZElwIjp7IklwTGlzdCI6W10sIklwUG9vbElkIjoiIn0sIlVuc3Vic2NyaWJlIjp7IkZpbHRlckxldmVsIjoiZGVmYXVsdCIsIkxpbmtUeXBlIjoiZGVmYXVsdCJ9LCJWZXJzaW9uIjoiMS4wIn0=

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 9.5

X-Spam_score_int: 95

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear Sir/Madam, Happy New Year!

Content analysis details: (9.5 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[140.205.208.125 listed in will-spam-for-food.eu.org]

[140.205.208.125 listed in will-spam-for-food.eu.org]

[140.205.208.125 listed in will-spam-for-food.eu.org]

[140.205.208.125 listed in will-spam-for-food.eu.org]

[140.205.208.125 listed in will-spam-for-food.eu.org]

[140.205.208.125 listed in will-spam-for-food.eu.org]

[140.205.208.125 listed in will-spam-for-food.eu.org]

[140.205.208.125 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[140.205.208.125 listed in dnsbl.ahbl.org]

[140.205.208.125 listed in dnsbl.ahbl.org]

[140.205.208.125 listed in dnsbl.ahbl.org]

[140.205.208.125 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[140.205.208.125 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[140.205.208.125 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[140.205.208.125 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[140.205.208.125 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[140.205.208.125 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[140.205.208.125 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[140.205.208.125 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs

[URI: chvsta.068000.xyz (xyz)]

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} =?UTF-8?B?Um9ja2V0aXMgaG9zZSBjbGFtcCB3aWRlIHJhbmdl?=

Dear =

Sir/Madam,

mily: Calibri;">Happy New Year!

<=

span style=3D"font-family: Calibri;">I am writing to introduce our
an style=3D"color:#548dd4">Hose Clamp products range if t
n>hey are in your need or fulfill your p=

roducts range, we would like to seek the opportunity to cooperate. Our product=

s covers:

ily: Calibri;">Worm drive cla=

mp, Bolt clamp, Constant tension clamp, Ear clamp, Wire clamp, Rubber clamp et=

c.

le=3D"text-wrap-mode: wrap;">With our fu=

ll export capabilites and experience shipping worldwide, we would be happy to =

be your new supplier.

=3D"font-family: Calibri;">For any interest, please feel free to reach out for=

more information.

"text-wrap-mode: wrap;">
5de179a243ea88d31afcbffa7fd4613.jpg"/>

<=

img src=3D"https://s1.imagehub.cc/images/2025/12/15/735709f847694006b14bbd1288=

e5713c.jpg"/>

: Calibri;">Best regards,

tyle=3D"font-family: Calibri;">Vivian Zhang

de: wrap;">TIANJIN ROCKETIS TECHNOLOGY C=

O.,LTD

: Calibri;">D1-403, XEDA Testing and Certification Park, Xiqing District, Tian=

jin, China

Metamask phish from nxcli

Posted by Dave Yadallee on Tuesday, May 5. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 05 May 2026 06:08:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wKEZA-00000000Gyb-1muf

for dave@doctor.nl2k.ab.ca;

Tue, 05 May 2026 06:07:56 -0600

Resent-From: The Doctor

Resent-Date: Tue, 5 May 2026 06:07:56 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from cloudhost-5807391.uk-south-2.nxcli.net ([165.84.218.145]:27518)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wK7Ns-00000000HSX-1kE0

for sales@nk.ca;

Mon, 04 May 2026 22:27:57 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

s=default; d=9d02a74209.nxcli.io;

b=sYhgKi5j6wRLUOIG24Mdi+uB9ZnudT+3vdavVu9F0oyqbr/9kdIwjJLvfGK/SBPo5TO3rQYwcL/NKd/9VVbKcmcfqXlq0QSkFXmD1fI1BkIQjPTcy9tZWg50jSIIK0QXz+YOM3Q/vq0831bgpk/Pwd3VrfzAehMUz+/c08Ec3ddAK1RXshD10AUm3skuCd6KRQBYUAPyVRHS/jiZ8UEgiIdwXybqFJjnbnx/oU1iDgUWtSj3RHRQyrA68BU8Er6NJpYAVlZUE8mzD9nL1AdQkU0gZQqlqDG1AnhDy6He5R9DJFjfBkUppbKM/KvDY0KhVpbBbLEiot4/0UKzloST2A==;

h=Received:To:Subject:X-PHP-Originating-Script:Date:From:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9d02a74209.nxcli.io; h=

to:subject:date:from:message-id:mime-version:content-type

:content-transfer-encoding; s=default; bh=d6zCWCTXiqooVmN+o+Oa7M

vV7yUBP01UXabubmpmcU8=; b=e0aLbtNdSJdLt5XPZSnSmRDJt5oBJl0PRaeSXw

R1FsYhuOSSq8Q79TV6a5FpRqzpKE0/OWIeWm0K7tf3V7l87sEECBmciBUlywwAtk

2mJRSQeQ15HAmdvbA4wBvUieqDiUgDWmmmFn7wg37vkIzEhices7iQpocK2XMDSZ

SKKIZle6SeG+/QscLeIPpO0Ifwzpvb+Co+4iwmveRBfU8us18zYlI0cJRX9yQ8GX

uNmfeW1yMn762iube2T9FAcTReNLMhJY730boVDi8CiSAu77T3nvIO8dtpeBvMYv

wrqIMYnR/4rAzcaIo9LO7Zxl90iVR9qVc67Rc06LQG8wkVAQ==

Received: (qmail 28950 invoked by uid 10173); 5 May 2026 04:34:52 +0100

To: sales@nk.ca

Subject: New Device/IP Login

X-PHP-Originating-Script: 10173:yo.php

Date: Tue, 5 May 2026 03:34:52 +0000

From: SUPPORT

Message-ID:

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_c6787c928b70e59f5cf8a1682d7c99f3"

Content-Transfer-Encoding: 8bit

This is a multi-part message in MIME format.

--b1_c6787c928b70e59f5cf8a1682d7c99f3

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

MetaMÐ°sk - Review Required

Review Required

Your account was accessed from an unfamiliar IP address.

Check this alert and make sure it was you. If not, please take action immediately to protect your wallet.

Acknowledge Login

Action is recommended if this was not expected.â€” MetaMÐ°sk Security Team

--b1_c6787c928b70e59f5cf8a1682d7c99f3

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit

MetaMÐ°sk - Review Required

Review Required

Your account was accessed from an unfamiliar IP address.

Check this alert and make sure it was you. If not, please take action immediately to protect your wallet.

Acknowledge Login

Action is recommended if this was not expected.

â€” MetaMÐ°sk Security Team

--b1_c6787c928b70e59f5cf8a1682d7c99f3--

Metamask phish from nxcli

Posted by Dave Yadallee on Tuesday, May 5. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 04 May 2026 22:09:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wK75c-00000000GxU-07bg

for dave@doctor.nl2k.ab.ca;

Mon, 04 May 2026 22:08:56 -0600

Resent-From: The Doctor

Resent-Date: Mon, 4 May 2026 22:08:55 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from cloudhost-5807391.uk-south-2.nxcli.net ([165.84.218.145]:43552)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wK72V-00000000Gcd-3Qxc

for sales@nk.ca;

Mon, 04 May 2026 22:05:52 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

s=default; d=9d02a74209.nxcli.io;

b=mMHZqOEQJR0i8VKIw8ylyfUoCRqi3y+zpB+w0s13BjrFphZzdq6xBgGHs5nvy53XwRs94OoH3WoAfLtCy+3uvVl+m0Ot+SnzBf0EHQfG1kqOC8SqQd75DrnLqgWeUNDhuHHBLhm0Or3aa1NwbI5YAWBkzAR8K9br6rwRKcAc0virXVVcRWR+n9BclrvA7eUDTauguLKhpMD9tVezgWSVrhaw3dL8EDgW5sCpwWDbJbDixZM9Qbng0Jf7gqFZBToJ9AuzrrNq47K/UEMn4SY24KjN0mboWA5/CwgHVaL9aCnQ300Fv+bnxCdtmmAy1ouHUbrPZOu/YZ/WMqpWBuF0eQ==;

h=Received:To:Subject:X-PHP-Originating-Script:Date:From:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=9d02a74209.nxcli.io; h=

to:subject:date:from:message-id:mime-version:content-type

:content-transfer-encoding; s=default; bh=/hpRvfb/FgKf6RRTa0T9cG

60TegHDapQ2PpWvEIfplE=; b=fyJfcUCMyRfgdI+8luzf9recGKvBVu7uyznjpy

MAGWc5z9rOIyiJNe8XUOvcS5YOQhwG4Kq6vXvNq1khHvCzBIe+IS0Jmnhk+E2pDP

O6UWcVhrnYMimoGu31nVOzEycG8lc2krMcuYWOfiLwkWQFxXSFjQhiWa94wh/UYN

v02HuAzO3K36RfmkSCce7wSUSLz4TamJIPCF1NJfMI22mX+5EpOjsQTTj7IPwd1e

4fUj4Z67JPQrBtBTIKjdfLQ5n6o/EULlF4vWuzzooHHvFv0hPZ2l104BbS+7NTOV

6gxYUPiE0HwP5p96eAtT+YJkLQUbyAp9yi9co8qgdC/a2q2A==

Received: (qmail 21307 invoked by uid 10173); 5 May 2026 04:24:54 +0100

To: sales@nk.ca

Subject: New Device/IP Login

X-PHP-Originating-Script: 10173:yo.php

Date: Tue, 5 May 2026 03:24:54 +0000

From: SUPPORT

Message-ID: <12a799b1285b79561c26c83dcdfe189b@9d02a74209.nxcli.io>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_12a799b1285b79561c26c83dcdfe189b"

Content-Transfer-Encoding: 8bit

This is a multi-part message in MIME format.

--b1_12a799b1285b79561c26c83dcdfe189b

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

MetaMÐ°sk - Review Required

Review Required

Your account was accessed from an unfamiliar IP address.

Check this alert and make sure it was you. If not, please take action immediately to protect your wallet.

Acknowledge Login

Action is recommended if this was not expected.â€” MetaMÐ°sk Security Team

--b1_12a799b1285b79561c26c83dcdfe189b

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit

MetaMÐ°sk - Review Required

Review Required

Your account was accessed from an unfamiliar IP address.

Check this alert and make sure it was you. If not, please take action immediately to protect your wallet.

Acknowledge Login

Action is recommended if this was not expected.

â€” MetaMÐ°sk Security Team

--b1_12a799b1285b79561c26c83dcdfe189b--

German language phish from Zendesk

Posted by Dave Yadallee on Tuesday, May 5. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 04 May 2026 21:12:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wK6CS-00000000EE6-1Bd3

for dave@doctor.nl2k.ab.ca;

Mon, 04 May 2026 21:11:56 -0600

Resent-From: The Doctor

Resent-Date: Mon, 4 May 2026 21:11:56 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mta-out6.pod28.euc1.zdsys.com ([188.172.138.36]:46394)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wK0xQ-00000000KLy-1oyw

for doctor@doctor.nl2k.ab.ca;

Mon, 04 May 2026 15:36:13 -0600

Received: from zendesk.com (unknown [127.0.0.6])

by mta-out15.pod28.euc1.zdsys.com (Zendesk) with ESMTP

id 33610ce1-2de2-47e5-9d01-168e4472f67c

for ;

Mon, 04 May 2026 21:35:10 +0000 (UTC)

Date: Mon, 04 May 2026 21:35:10 +0000

From: Les Petites =?UTF-8?B?RnJhbsOnYWlzZXM=?=

Reply-To: Les Petites =?UTF-8?B?RnJhbsOnYWlzZXM=?=

To: Client

Message-ID:

In-Reply-To:

Subject: Anfrage eingegangen

Mime-Version: 1.0

Content-Type: multipart/alternative;

boundary="--==_mimepart_69f9110ed2e1f_5319c01503677";

charset=utf-8

Content-Transfer-Encoding: 7bit

X-Delivery-Context: automatic-answer-27231069861276

X-Zendesk-From-Account-Id: db24c4a

Auto-Submitted: auto-generated

X-Auto-Response-Suppress: All

X-Mailer: Zendesk Mailer

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=zendesk.com;

q=dns/txt; s=zendesk2; t=1777930510;

bh=qZxHEC7M39Be8cyj4L4dQIIah+i6TXYEECwvhw+q1TI=;

h=date:from:reply-to:to:message-id:in-reply-to:subject:mime-version:content-type:content-transfer-encoding;

b=VgXecZHmjCxSQjbxD57O/a9acH1CiWwf0nCPvBSUPz/n9BOjh+belcY60C4npMUSveU2EkjArMxc2kEtminmfKxwEZuvbJIgVJWWNtzQq1ZjKdM6jVp3phZfOLWrABKwrcVBW01LL9UtoKKH0FtefYl2TOwbJh9XqXpi3xG1b8W1cQVXWKmVKGpr6LHmj9CPPFt/FrBa9yR1KWTjkog8Kxr2jcVjKkblTpmrYLIi6iatXAthe/at8qKmCVbkPw2qFrEW4RG9PUipNWL09124XOZjnWoYPtegECCgkZjuZ3Ol07aGKJ5zzPObyhwo3iWcrr9jhbYiTuWpL+g/uvKPtQ==

----==_mimepart_69f9110ed2e1f_5319c01503677

Content-Type: text/plain;

charset=utf-8

Content-Transfer-Encoding: quoted-printable

Ihre Anfrage (21276) ist eingegangen und wird von unserem Supportteam =C3=

=BCberpr=C3=BCft.

Um zus=C3=A4tzliche Kommentare hinzuzuf=C3=BCgen, antworten Sie auf dies=

e E-Mail.

Diese E-Mail ist ein Service von Les Petites Fran=C3=A7aises.

----==_mimepart_69f9110ed2e1f_5319c01503677

Content-Type: text/html;

charset=utf-8

Content-Transfer-Encoding: quoted-printable

" />

ont','Segoe UI','Roboto','Oxygen-Sans','Ubuntu','Cantarell','Helvetica Ne=

ue','Arial','sans-serif'; font-size: 14px; line-height: 1.5; color:#44444=

4;">

Ihre Anfrage (21276) ist eingegangen und wird von unserem Supportt=

eam =C3=BCberpr=C3=BCft.
Um zus=C3=A4tzliche Kommentare hinzuzuf=C3=

=BCgen, antworten Sie auf diese E-Mail.

ont','Segoe UI','Roboto','Oxygen-Sans','Ubuntu','Cantarell','Helvetica Ne=

ue','Arial','sans-serif'; font-size: 12px; line-height: 1.5; color: #4954=

5c; margin: 10px 0 14px 0; padding-top: 10px;">

Diese E-Mail ist ein Service von Les Petites Fran=C3=A7aises. Bereitg=

estellt von
t&utm_content=3DLes+Petites+Fran%C3%A7aises&utm_medium=3Dpoweredb=

yzendesk&utm_source=3Demail-notification" style=3D"color:black;" targ=

et=3D"_blank">Zendesk

=

----==_mimepart_69f9110ed2e1f_5319c01503677--

Nexcess phish from nxcli

Posted by Dave Yadallee on Tuesday, May 5. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 04 May 2026 21:13:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wK6D5-00000000EGq-3oUJ

for dave@doctor.nl2k.ab.ca;

Mon, 04 May 2026 21:12:35 -0600

Resent-From: The Doctor

Resent-Date: Mon, 4 May 2026 21:12:35 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from cloudhost-2883480.uk-south-2.nxcli.net ([165.84.218.233]:37826)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1wK3rO-00000000Fnm-49Jr

for sales@nk.ca;

Mon, 04 May 2026 18:42:12 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

s=default; d=88ea5ffd91.nxcli.io;

b=tFRafEn5MrPWEjLcJR6D7tZU3LcQTdMQu3X4q4MN8Wm8XE0vGeodn0JTcjQgLd4WoBLgnr0Cj8vvJw/pt3J3iRlJL/StNm1znq61VcCWvPbV3IZwVpRPU6+7fXLNQs8eM2Zx8ZeQ8dgSYspV2W2eIWtrg9ipQVBclE6ICHCJ1pallYBUWgdvLIDz0mmy8FV3x9YAtMLMWkrs5XdIRA8xrKbzs6rN46ldgWVWEsIZqHeJQZYVFKY4awyeM2Q7+zIvQbrVRveVJR0eXXMr6sI8M/gVN+6ltQbXIE7bjlG+CtzEWwzCETMwP20jUh08kKiLyNXH5Hyvlff9VpsvhWEkDg==;

h=Received:To:Subject:X-PHP-Originating-Script:Date:From:Message-ID:MIME-Version:Content-Type:Content-Transfer-Encoding;

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed; d=88ea5ffd91.nxcli.io; h=

to:subject:date:from:message-id:mime-version:content-type

:content-transfer-encoding; s=default; bh=gYljACccz8Wtt1ca0dZkg3

twSrHeotrQAASDsQvsmpo=; b=Me3CJrpDmhmtYQg1/s2WC6m6EmjEUkANjC3pwz

EX4eaOVZJETrJ7LDfebPE4z3Y10blQ/1ByVx+ImZXuMJChx2AhhlpZqkNJkbC4WB

x3u4beQMiWDHeaBgnXBju6Skwob3skhbuST7Xn0DnZKOBgvi7+NDUwbHRTjItzCB

KZDrdc+Pt6JJw/8BLG46ysxHk6RyJgp4CncvMXujdK8KBO00Gl/6j/W/yIsj88Wp

MokxZ211DFIGfuOWvvXxrK3+YPIxjWLz6vMOQ1pia5LvRJHPi7EayMzXcUnFepns

hBVqPMaOckwAy7mMFSU3ETe+xcMWi+RnFf02qenAEwCSvMkg==

Received: (qmail 2044 invoked by uid 10200); 5 May 2026 01:36:30 +0100

To: sales@nk.ca

Subject: To ensure uninterrupted service

X-PHP-Originating-Script: 10200:yo.php

Date: Tue, 5 May 2026 00:36:30 +0000

From: Nexcess

Message-ID: <76f32cd82a2884e96127c686644044b0@88ea5ffd91.nxcli.io>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="b1_76f32cd82a2884e96127c686644044b0"

Content-Transfer-Encoding: 8bit

X-Spam_score: 11.3

X-Spam_score_int: 113

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Account Billing Notification body, table, td, p, a { background-color:

#ffffff !important; color: #000000 !important; font-family: Arial, sans-serif

!important; } a { color: #1a73e8 !important; text-decoration: underline !import

[...]

Content analysis details: (11.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[165.84.218.233 listed in dnsbl.ahbl.org]

[165.84.218.233 listed in dnsbl.ahbl.org]

[165.84.218.233 listed in dnsbl.ahbl.org]

[165.84.218.233 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[165.84.218.233 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[165.84.218.233 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[165.84.218.233 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[165.84.218.233 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[165.84.218.233 listed in will-spam-for-food.eu.org]

[165.84.218.233 listed in will-spam-for-food.eu.org]

[165.84.218.233 listed in will-spam-for-food.eu.org]

[165.84.218.233 listed in will-spam-for-food.eu.org]

[165.84.218.233 listed in will-spam-for-food.eu.org]

[165.84.218.233 listed in will-spam-for-food.eu.org]

[165.84.218.233 listed in will-spam-for-food.eu.org]

[165.84.218.233 listed in will-spam-for-food.eu.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: nexcess.click]

1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist

[URI: nexcess.click]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

2.0 PDS_OTHER_BAD_TLD Untrustworthy TLDs

[URI: www.nexcess.click (click)]

0.6 J_CHICKENPOX_37 BODY: 3alpha-pock-7alpha

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[165.84.218.233 listed in bl.score.senderscore.com]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image area

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.5 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts

suspended", "account credited", "account

verification"

1.0 ACCT_PHISHING Possible phishing for account information

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} To ensure uninterrupted service

This is a multi-part message in MIME format.

--b1_76f32cd82a2884e96127c686644044b0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Account Billing Notification

body, table, td, p, a {

background-color: #ffffff !important;

color: #000000 !important;

font-family: Arial, sans-serif !important;

}

a {

color: #1a73e8 !important;

text-decoration: underline !important;

}

Hello,

This is a notification from Nexcess Services regarding

your account billing information.

Our system indicates that some of your billing details are incomplete

or outdated. To ensure uninterrupted service, please review and update

your information.

You can access your account using the link below:

Open Billing Panel

If you need assistance, you may contact our support team at support@Nexcess.net.

Thank you,Nexcess Services â€“ Billing

Department

--b1_76f32cd82a2884e96127c686644044b0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 8bit

Account Billing Notification

Hello,

This is a notification from Nexcess Services regarding

your account billing information.

Our system indicates that some of your billing details are incomplete

or outdated. To ensure uninterrupted service, please review and update

your information.

You can access your account using the link below:

Open Billing Panel

If you need assistance, you may contact our support team at support@Nexcess.net.

Thank you,
Nexcess Services â€“ Billing

Department

--b1_76f32cd82a2884e96127c686644044b0--