Contract Witness spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on
Content analysis details: (8.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[193.48.143.83 listed in will-spam-for-food.eu.org]

[193.48.143.83 listed in will-spam-for-food.eu.org]

[193.48.143.83 listed in will-spam-for-food.eu.org]

[193.48.143.83 listed in will-spam-for-food.eu.org]

[193.48.143.83 listed in will-spam-for-food.eu.org]

[193.48.143.83 listed in will-spam-for-food.eu.org]

[193.48.143.83 listed in will-spam-for-food.eu.org]

[193.48.143.83 listed in will-spam-for-food.eu.org]

[193.48.143.88 listed in will-spam-for-food.eu.org]

[193.48.143.88 listed in will-spam-for-food.eu.org]

[193.48.143.88 listed in will-spam-for-food.eu.org]

[193.48.143.88 listed in will-spam-for-food.eu.org]

[193.48.143.88 listed in will-spam-for-food.eu.org]

[193.48.143.88 listed in will-spam-for-food.eu.org]

[193.48.143.88 listed in will-spam-for-food.eu.org]

[193.48.143.88 listed in will-spam-for-food.eu.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[will-spam-for-food.eu.org]

[40.107.160.136 listed in will-spam-for-food.eu.org]

[40.107.160.136 listed in will-spam-for-food.eu.org]

[40.107.160.136 listed in will-spam-for-food.eu.org]

[40.107.160.136 listed in will-spam-for-food.eu.org]

[40.107.160.136 listed in will-spam-for-food.eu.org]

[40.107.160.136 listed in will-spam-for-food.eu.org]

[40.107.160.136 listed in will-spam-for-food.eu.org]

[40.107.160.136 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[40.107.160.136 listed in dnsbl.ahbl.org]

[40.107.160.136 listed in dnsbl.ahbl.org]

[40.107.160.136 listed in dnsbl.ahbl.org]

[40.107.160.136 listed in dnsbl.ahbl.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:4b8:0:0:0:6 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[dnsbl.ahbl.org]

[2603:10a6:10:4b8:cafe:0:0:58 listed in]

[dnsbl.ahbl.org]

[193.48.143.88 listed in dnsbl.ahbl.org]

[193.48.143.88 listed in dnsbl.ahbl.org]

[193.48.143.88 listed in dnsbl.ahbl.org]

[193.48.143.88 listed in dnsbl.ahbl.org]

[193.48.143.83 listed in dnsbl.ahbl.org]

[193.48.143.83 listed in dnsbl.ahbl.org]

[193.48.143.83 listed in dnsbl.ahbl.org]

[193.48.143.83 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[40.107.160.136 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[40.107.160.136 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[40.107.160.136 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[40.107.160.136 listed in dnsbl.ahbl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[40.107.160.136 listed in wl.mailspike.net]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[40.107.160.136 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.9 REPLYTO_WITHOUT_TO_CC No description available.

Subject: {SPAM?} Essential Skills Needed For Witnessing!!

Contract Witness spam from Microsoft Outlook Part 3

Posted by Dave Yadallee on
--_000_3c687370476e4a4eaf9495443e1aef1cupecfr_

Content-Type: text/plain; charset="us-ascii"

Content-Transfer-Encoding: quoted-printable



Hello, Good Day



How are you? I'm a recruiter for Silesian Steel and we have a unique opport=

unity that I believe aligns well with your status. I am reaching out to see=

if you would be willing to serve as a neutral party to witness the signing=

of an important sales contract I am finalizing. This is a standard practic=

e that can provide peace of mind and strengthen the validity of the contrac=

t. I am happy to discuss this further if you are interested.



I look forward to hearing from you!



Regards

Mohamed Diawara

Executive Recruiter c/o Silesian Steel



--_000_3c687370476e4a4eaf9495443e1aef1cupecfr_

Content-Type: text/html; charset="us-ascii"

Content-Transfer-Encoding: quoted-printable




hemas-microsoft-com:office:word" xmlns:m=3D"http://schemas.microsoft.com/of=

fice/2004/12/omml" xmlns=3D"http://www.w3.org/TR/REC-html40">




>








break-word">



Hello, Good Day
>



 
span>



How are you? I'm a =

recruiter for Silesian Steel and we have a unique opportunity that I believ=

e aligns well with your status. I am reaching out to see if you would be wi=

lling to serve as a neutral party to

witness the signing of an important sales contract I am finalizing. This i=

s a standard practice that can provide peace of mind and strengthen the val=

idity of the contract. I am happy to discuss this further if you are intere=

sted.



 
span>



I look forward to h=

earing from you!



 
span>



Regards<=

/span>



Mohamed Diawara
>



Executive Recruiter=

c/o Silesian Steel











--_000_3c687370476e4a4eaf9495443e1aef1cupecfr_--

Contract Witness spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 25 Feb 2026 12:19:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vvKOw-00000000Pd7-202Y

for dave@doctor.nl2k.ab.ca;

Wed, 25 Feb 2026 12:18:26 -0700

Resent-From: The Doctor

Resent-Date: Wed, 25 Feb 2026 12:18:26 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-francecentralazon11021136.outbound.protection.outlook.com ([40.107.160.136]:14909 helo=PAUP264CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vvJ5I-00000000Edy-18TV

for sales@nk.ca;

Wed, 25 Feb 2026 10:54:15 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=PLzvjcP6QkZH87oggzhQr8ExRKpoxinhPJ6DhYdHiY1Riy6gBSVIsFoY6w/ZoSWMr82EMBmo53F+9E7QbnnU9wOmxSARiaDTIf8FOzplb5H/mOtcilbzuEFmAPmI0fzzc8tX0YzsWFLjtiHZR7Km/f71F9gwL1HYwU/IgNNnf3MIRDyg625jwtzaSQeiARgBVbWoTVsPE614g7PJwY8VcO0kTGRMePFSY/pGwcqTDaEGGvXCprhCcxn0OhGSldR71fOu1xO2VyehmNWcoF1mHlUtdHqfkIw5+zbhzk9VLv5R+4cdmZ3TdEHWX4gyYmDIUDP5PksK0o89F4tLAnZ21A==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=Kf74MipObS8aW5FlQ3tdEZKpEXrKbUM/OEvRvYZLC5I=;

b=EJ1RNPAzvM+Locl39Z64TnpKIuETmMjb3bIn29sEF4+x+EREtk0ufBDRatDnAixFErTZF695VH+0pKSteW8C+WOPM2G5xlshV8X7yKk214eaHZMrTMAW70ESdyWsKnLmOs6gOnACI4iqAvXNbCXpW4GUse/KUspEPpRyqv1hK0LXXDCwHt74+npw51JeJWaxkcboUmVyyaZRebRIqfUE/L64rBNt/fS711ZCqo6ggOlsxXyPGiZ3HbvEX8VyQgIWgiHyjYyZPeC1yQZiEcXplQMeSQa3bB/Dx3UgC6AGYqeRaDEpM5vajTtUiJm4uc7C6J0aLzvreyPqvVD4AoR7Pg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is

193.48.143.88) smtp.rcpttodomain=journeystheroadhome.org

smtp.mailfrom=u-pec.fr; dmarc=bestguesspass action=none header.from=u-pec.fr;

dkim=none (message not signed); arc=none (0)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=u-pec.fr; s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=Kf74MipObS8aW5FlQ3tdEZKpEXrKbUM/OEvRvYZLC5I=;

b=orWo9b2kbYtil/5lavSSLFaqhBr+0MJtn4t5d1ndchWxhaRbsUHPGbeQM6ypSrmh1jZcwxUUfczWzyUJFxzcx49rRHPuS+xTzgCu2CtJC9f66SopvrJTwJ+WXJxwpP+i4USf8yQFU+BSKbfZirAoFSHX7Z3vPFqF4ncNtTXjkSc=

Received: from DUZPR01CA0354.eurprd01.prod.exchangelabs.com

(2603:10a6:10:4b8::6) by MR1P264MB3394.FRAP264.PROD.OUTLOOK.COM

(2603:10a6:501:28::9) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9654.11; Wed, 25 Feb

2026 17:53:06 +0000

Received: from DU2PEPF00028D05.eurprd03.prod.outlook.com

(2603:10a6:10:4b8:cafe::58) by DUZPR01CA0354.outlook.office365.com

(2603:10a6:10:4b8::6) with Microsoft SMTP Server (version=TLS1_3,

cipher=TLS_AES_256_GCM_SHA384) id 15.20.9632.24 via Frontend Transport; Wed,

25 Feb 2026 17:53:06 +0000

X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 193.48.143.88)

smtp.mailfrom=u-pec.fr; dkim=none (message not signed)

header.d=none;dmarc=bestguesspass action=none header.from=u-pec.fr;

Received-SPF: Pass (protection.outlook.com: domain of u-pec.fr designates

193.48.143.88 as permitted sender) receiver=protection.outlook.com;

client-ip=193.48.143.88; helo=pmg01.u-pec.fr; pr=C

Received: from pmg01.u-pec.fr (193.48.143.88) by

DU2PEPF00028D05.mail.protection.outlook.com (10.167.242.165) with Microsoft

SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.9632.12

via Frontend Transport; Wed, 25 Feb 2026 17:53:05 +0000

Received: from pmg01.u-pec.fr (localhost.localdomain [127.0.0.1])

by pmg01.u-pec.fr (Proxmox) with ESMTP id 4D34C3632AC;

Wed, 25 Feb 2026 18:53:05 +0100 (CET)

From: Mohamed Diawara

Subject: Essential Skills Needed For Witnessing!!

Thread-Topic: Essential Skills Needed For Witnessing!!

Thread-Index: Adymf5chHMZXWSCvGkKCuc1RZgs3SA==

Date: Wed, 25 Feb 2026 17:53:04 +0000

Message-ID: <3c687370476e4a4eaf9495443e1aef1c@u-pec.fr>

Reply-To: Mohamed Diawara , Dawid kaminski



Accept-Language: fr-FR, en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

x-originating-ip: [193.48.143.83]

Content-Type: multipart/alternative;

boundary="_000_3c687370476e4a4eaf9495443e1aef1cupecfr_"

MIME-Version: 1.0

X-EOPAttributedMessage: 0

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: DU2PEPF00028D05:EE_|MR1P264MB3394:EE_

X-MS-Office365-Filtering-Correlation-Id: 601bd62c-84ba-442b-1bc7-08de7496baa0

X-MS-Exchange-SenderADCheck: 1

X-MS-Exchange-AntiSpam-Relay: 0

X-Microsoft-Antispam:

BCL:0;ARA:13230040|82310400026|1800799024|7416014|376014|786006|32650700017|36860700013|8096899003;

X-Microsoft-Antispam-Message-Info:

v8AmHHa/KnOG027IMGa7UEL7YRrrPzYRFe2mPHYOMdITpKnS4eawot/Rh3XKflMovOsj+qCv4roTjmsvWAp6TufSMmwKbDs+MUfbk3qk2JvbQd7DExMZO0d7/wvMOxCAv1/tyGZr0TPzuBRLUGdesiLY4X1gFuGaAQimj2zQ7lUM3MaMf6CsR0k4rEuKJ+7GRF515nxFz6sfFxuUGNlFuf1jgdqGWmRpuKH0D+8xCBYJncCtAWvoKZPZruKmXhHoOB1UhMQ68iaAyfHxrkLTLtV4AwDREl96sPWTVBfFoaW/VpzVjkUaHXpFwkw59bnM9z1Tw7/Z6z4EFuIlLITHFaMDqkR3Wox7dXqz48J6/veh5Lxa7J8Ees4ZLuMDrGFIdexVAYWpeXUOt169I+UKo2ZNS2LtSOxr/BhXjMtnMQ1DpoDxwGNLTasNT1CMmvZ6WHMNSlobVGNhGxcjIUAk2nYkK/0T5DqEngzelI7baHzSc0jrjxX03epS5yFHicgGywwcxCZ/uO3pYys+Mv6SVvJadSwNey5N6ZeM6wiY2Y9U9k6K1rC7xac662bQvhsN20aLEum95Ppk7t/xiVasy7vMR7UyjQrFUD89Ffo5qz/e2igtXY1+1nPRMMCD2H+uDzlF8ec3o/QQwh2Joq5C28X8XgIHFqLT7u1T+ius6ryX//+pbN77ksVDF0lpbfHPNydxXE/9tKasH4d6xDf+dZz9XFRl/XuBYU4tfi4j1MeXNnqr43SmzGR8gA3MdCmnWk2IfoJEVQary7Rg1QvGoHu3QsBeuP+vHbmKzeoeVjMJxXyg/rAFtNPso+cGX8kQ

X-Forefront-Antispam-Report:

CIP:193.48.143.88;CTRY:FR;LANG:en;SCL:1;SRV:;IPV:CAL;SFV:NSPM;H:pmg01.u-pec.fr;PTR:pmg01.u-pec.fr;CAT:NONE;SFS:(13230040)(82310400026)(1800799024)(7416014)(376014)(786006)(32650700017)(36860700013)(8096899003);DIR:OUT;SFP:1102;

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

X-MS-Exchange-AntiSpam-MessageData-0:

ct5SJlfZSwjg1cH/yYyjEZlZEHEiVHZS6HqItbyPEXibcdAi5rQwJl1vgue7yKJE5XUxvEMKRVUGwdiZOzmn2onm9Er4Qc47Hqa0KTwb8oDWtt0Hx2MVtCyTqmluh5zIhiGJagPinWUFPGwiiMCBZTAzx1weN37KkEbRI/Vgem6NAKjJ83Nshjy7+5qAFERYvZBJ/gHVSHw+LaXQxHwYRhhHC8wCWGDNESzszbY2pe0yycJNq9cWVyy1nhHbfZC1UPmx9/BYkwRk2+H3MQc6c/kA21QR4CzF5UKwX5ck+NwW79PAYAis7RqjHZJZL8mk77APpnPRpn8+OYkHsMZypmVL5GBmFbA5+OAyb/aaEDaWUHCJ1mtwkcjtV9cm2apbrad6B3Q1iPPrM8Cs9gj+NL6uSO4BaRc9Y3r7kJoLOsmTygb51KUaAlmzeov1Qj3v

X-OriginatorOrg: u-pec.fr

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Feb 2026 17:53:05.7437

(UTC)

X-MS-Exchange-CrossTenant-Network-Message-Id: 601bd62c-84ba-442b-1bc7-08de7496baa0

X-MS-Exchange-CrossTenant-Id: 144b6294-952d-4b86-87aa-aa8bf2979a47

X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=144b6294-952d-4b86-87aa-aa8bf2979a47;Ip=[193.48.143.88];Helo=[pmg01.u-pec.fr]

X-MS-Exchange-CrossTenant-AuthSource:

DU2PEPF00028D05.eurprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Anonymous

X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem

X-MS-Exchange-Transport-CrossTenantHeadersStamped: MR1P264MB3394

X-Spam_score: 8.0

X-Spam_score_int: 80

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, Good Day How are you? I'm a recruiter for Silesian

Steel and we have a unique opportunity that I believe aligns well with your

status. I am reaching out to see if you would be willing to serve as a neutral

par [...]

Bitcoin phish from Google Gmail Part 4

Posted by Dave Yadallee on

/InformAction">
emtype=3D"http://schema.org/EmailMessage">
ntent=3D"=E0=B8=89=E0=B8=B1=E0=B8=95=E0=B8=A3=E0=B8=B2=E0=B8=A7=E0=B8=B8=E0=

=B8=92=E0=B8=B4 =E0=B9=80=E0=B8=99=E0=B8=95=E0=B8=A3=E0=B8=AA=E0=B8=B8=E0=

=B8=99=E0=B8=97=E0=B8=A3: Dear Valued Customer, On February 25, 2026, your =

linked PayPal account was charged for a BTC purchase. Order Ref: PP-2026-65=

83 Customer Ref: PC-728491-GH Amount Debited: $849.00 Verification: Approve=

d For immediate help, please dial +1 (806) 230-2037. Support Desk: +1 (806)=

230-2037."/>
schema.org/Event">
rg/EventScheduled"/>
://schema.org/Organization">
dar"/>
eo1kqhbv4rue29hi7"/>
ff; line-height: 1px; height: 0; max-height: 0; width: 0; max-width: 0; opa=

city: 0; overflow: hidden;" itemprop=3D"name">Billing Confirmation Statemen=

t =E2=80=93 Bitcoin Purchase via PayPal<=

time itemprop=3D"startDate" datetime=3D"20260226">
g=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"center" style=3D"w=

idth:100%;" class=3D"body-container">
dy>

lign=3D"left">
  <=

/div>
llpadding=3D"0" cellspacing=3D"0" role=3D"presentation" align=3D"center" st=

yle=3D"width:100%;" class=3D"">

=3D"left">


emprop=3D"description">Dear Valued Customer,

On February 25, 2026, your l=

inked PayPal account was charged for a BTC
purchase.
Order Ref: PP-20=

26-6583
Customer Ref: PC-728491-GH
Amount Debited: $849.00
Verific=

ation: Approved

For immediate help, please dial +1 (806) 230-2037.
Sup=

port Desk: +1 (806) 230-2037.


e border=3D"0" cellpadding=3D"0" cellspacing=3D"0" role=3D"presentation" al=

ign=3D"center" style=3D"width:100%;" class=3D"">

der: solid 1px #dadce0; border-radius: 8px; direction: rtl; font-size: 0; p=

adding: 24px 32px; text-align: left; vertical-align: top;" class=3D"main-co=

ntainer-inner">

=3D"font-size: 13px; text-align: left; direction: ltr; display: inline-bloc=

k; vertical-align: top; width: 100%;overflow: hidden; word-wrap: break-word=

;">
tion" width=3D"100%" class=3D"main-column-table-ltr" style=3D"padding-right=

: 32px; padding-left: 0;;table-layout: fixed;">
dy>

-column-td" style=3D"padding:0; vertical-align:top;">
llpadding=3D"0" cellspacing=3D"0" role=3D"presentation" width=3D"100%" styl=

e=3D"table-layout: fixed;">

align: left; word-break: break-word;;padding-bottom:2px;">

t-family: 'Google Sans', Roboto, sans-serif;font-weight: 400; font-=

size: 22px; line-height: 28px;color: #3c4043; text-decoration: none;" class=

=3D"primary-text" role=3D"presentation">Billing Con=

firmation Statement =E2=80=93 Bitcoin Purchase via PayPal

>

ak: break-word;;padding-bottom:24px;">

ns-serif;font-style: normal; font-weight: 400; font-size: 14px; line-height=

: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration: none;" class=

=3D"primary-text" role=3D"presentation">Thursday Feb 26, 2026
iv>

ord-break: break-word;;padding-bottom:24px;">

oto, sans-serif;font-style: normal; font-weight: 400; font-size: 14px; line=

-height: 20px; letter-spacing: 0.2px;color: #3c4043; text-decoration: none;=

" class=3D"primary-text" role=3D"presentation">
ing=3D"0" cellspacing=3D"0" role=3D"presentation" style=3D"padding-bottom: =

4px;">


c4043; text-decoration: none;font-weight: 700;-webkit-font-smoothing: antia=

liased;margin: 0; padding: 0;">Guests

(Guest list has=

been hidden at organizer's request)


--0000000000004917b1064ba95a48--

Bitcoin phish from Google Gmail Part 3

Posted by Dave Yadallee on


=20

















Bitcoin phish from Google Gmail Part 2

Posted by Dave Yadallee on




















=20



=20



=20

Bitcoin phish from Google Gmail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 25 Feb 2026 12:19:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vvKOe-00000000PQS-2X48

for dave@doctor.nl2k.ab.ca;

Wed, 25 Feb 2026 12:18:08 -0700

Resent-From: The Doctor

Resent-Date: Wed, 25 Feb 2026 12:18:08 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qk1-f201.google.com ([209.85.222.201]:54401)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <22415@thamai.ac.th>)

id 1vvIin-00000000P9a-0e2A

for doctor@doctor.nl2k.ab.ca;

Wed, 25 Feb 2026 10:30:59 -0700

Received: by mail-qk1-f201.google.com with SMTP id af79cd13be357-8c70fadd9a3so4061637485a.0

for ; Wed, 25 Feb 2026 09:30:02 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20230601; t=1772040596; x=1772645396; darn=doctor.nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=xZPVElSoa37qH72fFgTYppF7GpqFigJ/ctne8NasIms=;

b=3H14fNzFjlv08uGP/Z78IBc1Z81zDXqbIBKFgjUH3NBujtaouzPGiJQa2oKdw1qwxW

ntmOzz6EgYJcljT5pCPB2KXCMus+DliMAo9o3FeTHopu9bvGQsqsJ1q22QzbWAdNbwsQ

LzFx0xgK3F6voi4USWKR/lkVR6WWs1PeWwLQNBPFeMT39Q/Z45MkLV46/uI4neGYY+cX

io5HnxTxdDooCiSWGSNzSd4v3Fe7ziGTt3aqqQdSAZIOqn5uQeoWGgD0pQ2inVUCsgtQ

YPu/ieCMF5XEGCHLGllpucbpn1eaS/rgZKe96u4Pg3YLpRNMEyv2UMLX1CFaQ7SvogJK

idJg==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=thamai-ac-th.20230601.gappssmtp.com; s=20230601; t=1772040596; x=1772645396; darn=doctor.nl2k.ab.ca;

h=from:subject:date:message-id:sender:reply-to:mime-version:from:to

:cc:subject:date:message-id:reply-to;

bh=xZPVElSoa37qH72fFgTYppF7GpqFigJ/ctne8NasIms=;

b=FZOHkkZEIOjjz2BzkcxWU9MLfxJlSe64JL2EvDg4zk9qdPpIqWyUEdMqx/Gcb9VPxs

DfHXsgDND+tHO4K3BYiyULiWcFEAmT/PAmPKUtqsDMwTXb5REp95T8oyDRk88tGbxpbI

v5U/Xnr1cMBzZStdldzeZrdoZji3CT8fz1QlLIyOOX8SNA+QUFz6LHlqDWcCvpvCiIkw

vaGI3TwDc/fh1IUCu0hA1i2EJbhkUzyiwXnM3JwPSGpEMCh+CH1WBj5XuWyjC+sfdOzY

32WP2R5fqOEe9rV4zCRmWSUSOvIUbWfpGJdOM/h/qqqwPZCct8+lXVJjFe3Gyb460tp8

+Rkw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1772040596; x=1772645396;

h=from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=xZPVElSoa37qH72fFgTYppF7GpqFigJ/ctne8NasIms=;

b=PKDaFhFOfN0iezF8qPNqf3gWF58pdSymyw1CsUkKbqFo/UBrGjweR4IshoK9FSbfZi

JVZzeWRJlIdyXM9flghvQXOq6/3/isRUK6xKQLqMQPD6mikC1428p5bMJR88wqDQ8sY7

FGOGaXdxVqmwqM1VxxAp9stHvL4mbq71I43yuOf9m/6IbIARs3KKPTWAZ5rcJ5cgoz5L

ISHnK+lXSzfbbhVP+GVdw2LlWSj0p6mojo8k361W0v6NMaJqqUW0jATm7iBbYWXSDCyS

4lAiLYWcRCxtTkJZm4ZGuWhcxEDJW4VySjmSsXPWCyvfPVhc0AYdSODcRiRNp5PzY7Cb

Cc2Q==

X-Forwarded-Encrypted: i=1; AJvYcCU6d7aOuZm/nfNgixsCPh9UGF3bcBLf7Vc4Wae1zj6juBiWm55f9lmUpDJt4fbz2bICFksUDeE=@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YyICuE2WmYRRP4Snm1opJ1jAq4aLdDdDAWBAvP0xj/+HitB0i2I

gbNXFAFcOrWYkpulHCNaLkw8v0mRaxEKlx1CYjK1gYfBlfy/p5DcqmmLeL1VqoLUV14LE+qeu/e

ZtgHnBOOR5ysMphO7qPtVBxboELQGGiGYByaQTOCPOyGhcw==

MIME-Version: 1.0

X-Received: by 2002:a05:620a:370a:b0:8b2:7435:f5ef with SMTP id

af79cd13be357-8cbbd0102dfmt204952185a.41.1772040596273; Wed, 25 Feb 2026

09:29:56 -0800 (PST)

Reply-To: =?UTF-8?B?4LiJ4Lix4LiV4Lij4Liy4Lin4Li44LiS4Li0IOC5gOC4meC4leC4o+C4quC4uOC4mQ==?=

=?UTF-8?B?4LiX4Lij?= <22415@thamai.ac.th>

Sender: Google Calendar

Message-ID:

Date: Wed, 25 Feb 2026 17:29:56 +0000

Subject: Billing Confirmation Statement - Bitcoin Purchase via PayPal

From: =?UTF-8?B?4LiJ4Lix4LiV4Lij4Liy4Lin4Li44LiS4Li0IOC5gOC4meC4leC4o+C4quC4uOC4meC4l+C4ow==?= <22415@thamai.ac.th>

Content-Type: multipart/alternative; boundary="0000000000004917b1064ba95a48"

X-Spam_score: 12.6

X-Spam_score_int: 126

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Valued Customer, On February 25, 2026, your linked PayPal

account was charged for a BTC purchase. Order Ref: PP-2026-6583 Customer

Ref: PC-728491-GH Amount Debited: $849.00 Verification: Approved [...]



Content analysis details: (12.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.222.201 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.222.201 listed in will-spam-for-food.eu.org]

[209.85.222.201 listed in will-spam-for-food.eu.org]

[209.85.222.201 listed in will-spam-for-food.eu.org]

[209.85.222.201 listed in will-spam-for-food.eu.org]

[209.85.222.201 listed in will-spam-for-food.eu.org]

[209.85.222.201 listed in will-spam-for-food.eu.org]

[209.85.222.201 listed in will-spam-for-food.eu.org]

[209.85.222.201 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.201 listed in dnsbl.ahbl.org]

[209.85.222.201 listed in dnsbl.ahbl.org]

[209.85.222.201 listed in dnsbl.ahbl.org]

[209.85.222.201 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.201 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.201 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.201 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.201 listed in dnsbl.ahbl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.201 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

1.2 MISSING_HEADERS Missing To: header

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.9 REPLYTO_WITHOUT_TO_CC No description available.

2.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} Billing Confirmation Statement - Bitcoin Purchase via PayPal



--0000000000004917b1064ba95a48

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64



RGVhciBWYWx1ZWQgQ3VzdG9tZXIsIE9uIEZlYnJ1YXJ5IDI1LCAyMDI2LCB5b3VyIGxpbmtlZCBQ

YXlQYWwgYWNjb3VudCB3YXMgIA0KY2hhcmdlZCBmb3IgYSBCVEMgcHVyY2hhc2UuIE9yZGVyIFJl

ZjogUFAtMjAyNi02NTgzIEN1c3RvbWVyIFJlZjogIA0KUEMtNzI4NDkxLUdIIEFtb3VudCBEZWJp

dGVkOiAkODQ5LjAwIFZlcmlmaWNhdGlvbjogQXBwcm92ZWQgRm9yIGltbWVkaWF0ZSAgDQpoZWxw

LCBwbGVhc2UgZGlhbCArMSAoODA2KSAyMzAtMjAzNy4gU3VwcG9ydCBEZXNrOiArMSAoODA2KSAy

MzAtMjAzNy4NCg0KQmlsbGluZyBDb25maXJtYXRpb24gU3RhdGVtZW50IOKAkyAgQml0Y29pbiBQ

dXJjaGFzZSB2aWEgUGF5UGFsDQpUaHVyc2RheSBGZWIgMjYsIDIwMjYNCg0KDQoNCk9yZ2FuaXpl

cg0K4LiJ4Lix4LiV4Lij4Liy4Lin4Li44LiS4Li0IOC5gOC4meC4leC4o+C4quC4uOC4meC4l+C4

ow0KMjI0MTVAdGhhbWFpLmFjLnRoDQoNCkd1ZXN0cw0KKEd1ZXN0IGxpc3QgaGFzIGJlZW4gaGlk

ZGVuIGF0IG9yZ2FuaXplcidzIHJlcXVlc3QpDQoNCg==

--0000000000004917b1064ba95a48

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




schemas-microsoft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:offi=

ce">
t=3D"text/html; charset=3DUTF-8">
=3Ddevice-width,initial-scale=3D1">
ight dark">

Web/SEO/App spam from Microsoft Outlook Part 3

Posted by Dave Yadallee on

d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>

From: Amjad khan



d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>

Sent: Friday, December 13, 2024 12:58 PM


Subject: Re: Cost ......



d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>

 



ht: normal; background-color: rgb(255, 255, 255); margin: 0cm 0cm 12pt; fon=

t-family: Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0, 0,=

0);" class=3D"elementToProof">

Hello,





I checked your website, you have an impressive site, but the ranking is not=

good on Google, Yahoo and Bing. 





Would you like to optimize your site? I will be happy to share with you our=

pricing and proposals.





May I send you a quo=

te? If interested!





Waiting for a quick reply



ht: normal; background-color: rgb(255, 255, 255); margin: 0cm 0cm 0.0001pt;=

font-family: Calibri, Helvetica, sans-serif; font-size: 11pt; color: rgb(0=

, 0, 0);" class=3D"elementToProof">

Thanks,



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">












--_000_KL1PR0302MB53134CDE1B6A51EEEFBDCA37CE75AKL1PR0302MB5313_--

Web/SEO/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on
Content analysis details: (7.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:820:4f:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[52.103.43.51 listed in will-spam-for-food.eu.org]

[52.103.43.51 listed in will-spam-for-food.eu.org]

[52.103.43.51 listed in will-spam-for-food.eu.org]

[52.103.43.51 listed in will-spam-for-food.eu.org]

[52.103.43.51 listed in will-spam-for-food.eu.org]

[52.103.43.51 listed in will-spam-for-food.eu.org]

[52.103.43.51 listed in will-spam-for-food.eu.org]

[52.103.43.51 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.43.51 listed in dnsbl.ahbl.org]

[52.103.43.51 listed in dnsbl.ahbl.org]

[52.103.43.51 listed in dnsbl.ahbl.org]

[52.103.43.51 listed in dnsbl.ahbl.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:4f:0:0:0:10 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.43.51 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.43.51 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.43.51 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.43.51 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.2 MISSING_HEADERS Missing To: header

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[mobileappsservices5874(at)outlook.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[mobileappsservices5874(at)outlook.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.43.51 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Re: Cost ......



--_000_KL1PR0302MB53134CDE1B6A51EEEFBDCA37CE75AKL1PR0302MB5313_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hello,



I am waiting for your response.



Please let me know if you are interested.



Thanks,



From: Amjad khan

Sent: Friday, December 13, 2024 12:58 PM

Subject: Re: Cost ......



Hello,



I checked your website, you have an impressive site, but the ranking is not=

good on Google, Yahoo and Bing.



Would you like to optimize your site? I will be happy to share with you our=

pricing and proposals.



May I send you a quote? If interested!



Waiting for a quick reply

Thanks,





--_000_KL1PR0302MB53134CDE1B6A51EEEFBDCA37CE75AKL1PR0302MB5313_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>

Hello,



d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>

 



d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>

I am waiting for your response.



d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>







d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>

Please let me know if you are interested.



d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>







d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>

Thanks,



d-color: rgb(255, 255, 255); margin: 0px; font-family: Calibri, Helvetica, =

sans-serif; font-size: 11pt; color: rgb(0, 0, 0);" class=3D"elementToProof"=

>




Web/SEO/App spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 25 Feb 2026 12:18:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vvKOS-00000000PHN-2rj7

for dave@doctor.nl2k.ab.ca;

Wed, 25 Feb 2026 12:17:56 -0700

Resent-From: The Doctor

Resent-Date: Wed, 25 Feb 2026 12:17:56 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japaneastazolkn19012051.outbound.protection.outlook.com ([52.103.43.51]:17129 helo=TYPPR03CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vvIJj-00000000HR6-3LdB

for root@nk.ca;

Wed, 25 Feb 2026 10:05:07 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=SixSJgatgTjipzoWMvFmSWavO5EQNZq0MSeWCQ9pPvU3RhscKdW3Ez0fBoCYoq3Nvb12xzGhvrFwl4Ej1vxpsmY6jUzAKv79IYByjrMnXE1ttjlPzs4RiD86cQ529cW5ngFW2mBurN5zWG5pe+2PE8Rxy8HK3rCech6BDK3Mh09WmNuFh8RCawlchqgcZbrn8838m25beXJzaa0jh7TbYcVK8MI+osWyueNqkpiuOCc/Cm9d2YECWq4IRy06u2d6ldgrvc8QfBODGOmknQlSbSevfBXFycXHYu2F8xR5gM1JykQDNhZObJKusGlWJYCJAM+RNUyK1zjpFAL3F6IeYw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=o+KlhAnL419Ll90HCeKy4zF08G1Vs6QILSq/rAkedDU=;

b=UPOx1L6CfGUVP1DEOGLiDwU70DIViSk/K28JB0EdZSkt+3IWzpqcntnHXC6nGbmI1lihTc5Ybe/Qtk99Fgdfpp6huKO2oPo8GgsfKM6/N5ApsGLKEZvMQfAv9keSOALTxKdlZ1f5uiUFqY+ifhDABtANnJbmfSKlBiek+quRByZvYNeUqZmcOqu8OPNPz9cAM8bu14AAIhMWWv/YUD8ZS9Ssju1C9d6QVSCectzNCtuPtTOC8SUsXqT6t5egLMHBZ1oAlYJAGPXulwUyN3/dmKTot/rdU+YjYAIiPi1j8tyYYEfOrG6zKHWnDQC/mQvlUBoG8Ba/IpP4xhZNTR4FYA==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=o+KlhAnL419Ll90HCeKy4zF08G1Vs6QILSq/rAkedDU=;

b=HKdK48XCx/UlN2OpLpdQwQsIO96FIwx3bgn1RDX7LHNsGWuaxnvOE2W5FaDYp1fxpTWNpsplm/UJTRjQQeIiZgffuePVj4ORj6fXCUHq6aeeEjPG64oAs60W0cfqB3P9Ui/+S2SnBZm09uYCCfPWXpd3vjM3uzCpM5XVqa3i9/BF+1mIH7WWqqFMS65yEqM0U0hs+rDm0qb1ACnxm04lo2AHd8VbEe2udHVTixQYlPdWC7+KdiWZbebouxXp2+0MZRaBfhg0vI9N4C11mxst1aQtcEE7+4Mb1aNm6rghexNnScwQJsOL2ap7wwpR07ZsALJdd7/DKynTkTcILXuoOA==

Received: from KL1PR0302MB5313.apcprd03.prod.outlook.com

(2603:1096:820:4f::10) by SEYPR03MB6649.apcprd03.prod.outlook.com

(2603:1096:101:83::5) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.23; Wed, 25 Feb

2026 17:03:44 +0000

Received: from KL1PR0302MB5313.apcprd03.prod.outlook.com

([fe80::e807:fb15:3c75:fb0e]) by KL1PR0302MB5313.apcprd03.prod.outlook.com

([fe80::e807:fb15:3c75:fb0e%6]) with mapi id 15.20.9654.013; Wed, 25 Feb 2026

17:03:44 +0000

From: Amjad khan

Subject: Re: Cost ......

Thread-Topic: Cost ......

Thread-Index: AQHcpniTVY+Xd19QsEC5HU5hQto1cQ==

Date: Wed, 25 Feb 2026 17:03:44 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: KL1PR0302MB5313:EE_|SEYPR03MB6649:EE_

x-ms-office365-filtering-correlation-id: f954adce-aadd-4b40-520d-08de748fd54d

x-ms-exchange-slblob-mailprops:

4VtScROZs23wjvmteUCjg8KI1zh8d/KhX6VQsxPtgtlSq2YFL6aY5V/GOKihybjRrfsYkdttkgca+Yf9my5eUEQx5KVsK4Sp9AZWwTvrdira4caiXcfEmgsDwbt9Y8FkQvRKXt0znXWHg3RYVjkhHeqNf0xObABz/6K4AUGSmbtv09w3k73tNq+D9xNRDXxCwq9FVsOGH+rjXe3eGiCa1zVL8A84p4z4/DT97QW4tcYXJ5z2gshhD0OuxTxsEd9Mv822IFXS6KmIaGtqu3qh0Khzt0/WJL1Cjvqj/ExkHRlD1fO1XKNSqp8s7itfpI//UvhnjQYUhpY4E7FlttG+FXW0HXqeHs7zz2W0/cypxgzl93PH3rgdfoXFojFtB/GvXgFeB9KC0XEXqZUGB8+h5NayhNgpUYCIWDKo/QFvF/DbWcHIKYeNHW0g5l4Hx0s5rww/uacBT2tzhCMU7Qacgw40hcH0QP22qKkdyAtV3nvDyJ37z1tWKVc8gOCPRShOQhZQNK2Sml+7YfNoU9nP6drlji+WGCACo/wHD+4ICDZP4zSgGFUpOtRPE9Z/DeS0i/sGRr2qQHaRW7ncNT1qDIs0q9WERPyF15I0nzgKilcnuNNG2nEqd/szKNoMAWD4oMM9oSWhSGpYNj1HYA7Bq0WDoXGvOvXtPinQR7CoMNBOUrkddfy6OQ==

x-microsoft-antispam:

BCL:0;ARA:14566002|39105399006|31061999003|461199028|20031999003|8060799015|19110799012|8062599012|15080799012|15030799006|40105399003|51015399003|3412199025|440099028|102099032;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?7mqb178HPT0gY0J07+6/oZ5SJtBDr81JZ3HEsqT68OqvXJA0nPr0zeW+XO?=

=?iso-8859-1?Q?ms6I2Xc0OmvFSSyEUHE8GMFYJZGgWRHr3M4UiJf0pexxvLJ8NhqTFNWBMp?=

=?iso-8859-1?Q?6wzjUhNkk5bCC9eOwEOopJnWOMfyz9VeEmHv+W7dTEaFrM4d3oTzR5HEjQ?=

=?iso-8859-1?Q?kke0EEPvIP3yWLM4Oo9gaLYE4Of7q7Lb0iaZ1YCqFrTTMMknVaOam5rBCj?=

=?iso-8859-1?Q?TkzRzdvSTTgE/PHh7zeBKa/GqaQBZ0tBn7qJB6GrRD5Jpkqyyw5hJmzos0?=

=?iso-8859-1?Q?gx+I3JvOPCcG/Tlyo95qnGbkqmUYiUdfrfT9tdYIGNiNLplfRYtGqhRRRZ?=

=?iso-8859-1?Q?Ip8EIsHNzi5ijLH2O3WLP1P8OP/aepYDzYEE3scOXaPD4W/ZyMhipcRNJQ?=

=?iso-8859-1?Q?y2llfaqmPl50er4xao1xtqJvfM5wB6JepAQcoA0lhV+vWyXOBfN09ktCAW?=

=?iso-8859-1?Q?DaW2JC76LfUoEESD6MtdmxF4uGHSeqxnxeflGv5QyN2pPAC3bpkxQg/UW4?=

=?iso-8859-1?Q?8rNWYg1DOsJtj12wD+3wsMRpTVXjz5OgHCm5Z5I9MwtlItovd6dEOOitRC?=

=?iso-8859-1?Q?aG+2MDPBddKQr+wfHCwLoQ2KsEO5945JSVnjwAi2bfl78qgyiA20yI6u1K?=

=?iso-8859-1?Q?Rk2VB0d9+fTAMracUOiwanBKjDudMJ26Ff9AFpOExDXodwWOFNLOlRsGhs?=

=?iso-8859-1?Q?HTbnqmkGF+o+ezlnmYeY9gi3gqzLlcfiQcCEHYvxfbEPU/ZUChoVz68qkm?=

=?iso-8859-1?Q?weZ6zRR3gWUvO4O2xusDabIeEi7O6v+Jdn66VDi9fAJE2FCzxbGr8VkpAI?=

=?iso-8859-1?Q?Cn2xWWuZe4eIGmyyxcQmKQkhPsUfSO/xwzhN9LAUOHPDWjRoQCp85/NQ5Y?=

=?iso-8859-1?Q?ppr0EDvnTiomSiiWJrTOM0+Qmyezxqoxv/yxSVGis1IfGryd+0d/4ZWpeF?=

=?iso-8859-1?Q?qxFw/2oHhTPKO3lj4Gs15wpl8sXC6jXbMW0DX8ZWDnL52x7cMxws6J1r8q?=

=?iso-8859-1?Q?arRHouKVb8HENc6TT86gOho9bnf8p5jwAI6ppi?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?QzwUyG8QUv/E4fAsni1DUOMkVxfINQhj7hkKY3uAntQQZGTkBGg7EB7qGH?=

=?iso-8859-1?Q?TiXJ5hUM6RPr7Gkgpa1UXn7F+PTsR6wLxYBHypxtwV1J9kuwDwufIItbRP?=

=?iso-8859-1?Q?tyEmN2uD2pUiibtayGLJYVFwh2U5lNG/g8HTg+B0FRH6yxjH9hGRnyYls0?=

=?iso-8859-1?Q?4ZX1TEq7grN8mW1DbyzV/rBvzpjypJGXhHEXGuGotfHwooTX0Io56aIR3b?=

=?iso-8859-1?Q?XZThu1tjNwDtWANk3LumytrF+g8PzSG+I+r1Pdx55IOrp236c1UcHQdaMS?=

=?iso-8859-1?Q?XeGwLPmczzCfKzTOIuhlCVf/FQXH65SgEuM+PJst4yFMkFghm1TtPtTYRm?=

=?iso-8859-1?Q?TYA264GTFEzo/IcjS6pCBCKbUL3Iv7CtjOTaiMnTbsuEq9IIhiyshEsd9T?=

=?iso-8859-1?Q?JX/k31cj2BbQEep3i1N5YbRu7uLU+ATwSXOlWQfJTRoUzs9WYcBT5Oe7Sn?=

=?iso-8859-1?Q?nxQ/KNGupsbvh/efs/t96FK7PyuksVy1xZIerJYhRNLxQiw9s4xElLnMSi?=

=?iso-8859-1?Q?ShP/FbAY5b5ruHuhiAB8pnTPmL2Hn7ky3CEMT/bBZMq2x8eXhcsbSj7ShW?=

=?iso-8859-1?Q?s3+TeQ0s3NXeSg3SsJuN/4mgJ8wXlGTpdy3jSoJQB4CJOxEYJpaDH2UDGC?=

=?iso-8859-1?Q?Q+CtDnfNIwUBW5H5c6K54FSRREwHKNHHRhufULCn5S/EuhK8K2cC3EloBY?=

=?iso-8859-1?Q?3pg9h6MOoTa9YbTiTxGIh+O96oE4DnzzJeze0YDsy4f/YOCBcVO3gnRFiL?=

=?iso-8859-1?Q?eLYUg0dI8VdDj86REwyW1T7iA0GnfSQB12/wvl0Pqg0nNSmV+wimJvKqfq?=

=?iso-8859-1?Q?OAg+FdwzFFCU+AJyxJgcyTKY4QhCPLWJoruQt6EcIsIlCJ11N0JpXEysEz?=

=?iso-8859-1?Q?bvdPmZY5KS4pWJsT0i1oZA+0lovxyNXStUraxNTBL2ztNL0C25+pfdWIdE?=

=?iso-8859-1?Q?VtgnveeDPFtPbCJtMghnxOLTEhdK16zA2c1q3o2fhVf2Oj9hfAMDsw8kvU?=

=?iso-8859-1?Q?69qL4E7M3GarTwxDrEi0VU4NxeD3vdvp9OM79meEwNfMvxpHVdGFhPV8OA?=

=?iso-8859-1?Q?6bEsav10mRKibZnwg0KPgfq8rjc1f3DUqn45LArcIY+vtMsPcOOQcByU8t?=

=?iso-8859-1?Q?lN0v1IDiWYhxmGxmHrq8HBJ3p7669KKFHKy/ZUuZ6YeIxvr+g8kcr26HQK?=

=?iso-8859-1?Q?BvCso7ipDXQH7/RsL6dAEZ1uPPn4QczWgVLRsGB7VgzdtPfAwDfPYbG8Br?=

=?iso-8859-1?Q?ZYISUHmDIi/wyuvYt3V0fNpovctHEzR62b8IHOUHbiW73oj/yhybL1UBV3?=

=?iso-8859-1?Q?x7KcCrdfH1wB/ZUVArJlBDd8fjWc6S8CIBdtByT6hKv7v+ds6YXg0luhKb?=

=?iso-8859-1?Q?Bxh7cHXP4VI/wnu6uMpkBTzs5ALcBMdD/tcRzbUK+T0ne5YUCJhYdnm5pi?=

=?iso-8859-1?Q?7Uu6gveR16mi2HZbo0eHTPixpAw7e2SLUAAW6w=3D=3D?=

Content-Type: multipart/alternative;

boundary="_000_KL1PR0302MB53134CDE1B6A51EEEFBDCA37CE75AKL1PR0302MB5313_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: KL1PR0302MB5313.apcprd03.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: f954adce-aadd-4b40-520d-08de748fd54d

X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Feb 2026 17:03:44.0649

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEYPR03MB6649

X-Spam_score: 7.7

X-Spam_score_int: 77

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, I am waiting for your response. Please let me know

if you are interested.

Web/SEO/App spam from Microsoft Outlook Part 4

Posted by Dave Yadallee on
Hi,



I was looking at your website and noticed that you aren’t at the top of Google search. I can fix that for you and make your

company more profitable.



I can give you our Complete SEO Action Plan along with a customary reach and add great value to your

product/ service.



We can place your website on Google 1st page. Yahoo etc.



Should I send you an “Proposal & Package”? “Yes / Okay / if interested”



Thanks & Regards,



Waiting for quick reply.

      

Note: - I will be happy to send you our Pricing and Package details

Web/SEO/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on










































































































In-Reply-To:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-exchange-messagesentrepresentingtype: 1

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: TY4PR01MB12649:EE_|TY3PR01MB12024:EE_

x-ms-office365-filtering-correlation-id: 7c3b3eae-0c81-402f-790b-08de748d7fa5

x-microsoft-antispam:

BCL:0;ARA:14566002|7042599007|7071999006|8060799015|8062599012|41001999006|19110799012|15030799006|15080799012|39105399006|31061999003|20031999003|461199028|3412199025|440099028|26104999006|102099032|35041999009|40105399003|39145399003|41105399003|1710799026;

x-microsoft-antispam-message-info:

=?utf-8?B?djFPaTY4TGJXYnVYb1diMXRPOW8zUC9YTEE2YXBSeE44SG4zZHdYNFpHVkly?=

=?utf-8?B?ZVpIYTZuZXhhbE1IUW83b2dsRWphaXpURDZIbGptTGdqY0NyMUl2dEdXeFI4?=

=?utf-8?B?YUdJUmZtNmZyUGQ4RUczZEx1UzhDVFVja0hVRTFsbmdDYW01TTBKUEE4SDBM?=

=?utf-8?B?WksyNHlGc3JyYWZXTHkvNHU2alNBWkJUMjBsQUZpSGVOVEpGTWJjZHFiVWhX?=

=?utf-8?B?cGcrZ1RiNGFQNUpoQXRYaGVHank5M1FCRnF1SGMydWF5cllERmdoK1ZFOGFD?=

=?utf-8?B?YWFNWU43dUx5cTBpakk5YTVtdmsyRDRtdFJocHcreTMwbkx2Z1VQWTM1L28y?=

=?utf-8?B?QUhvTVRnTEhEZ29oekxSSmRXakd0RHNaS21lU2NhdGlCMWxHN3JSdDBzU09X?=

=?utf-8?B?R1hUYWdPbzJSbldXS3QrM2JOalFaK0k0dnRIQUpMZ2luMVdCd01kMFNmSmZl?=

=?utf-8?B?cldYUDY4cmg1WjBUWjUrVXRRTU9PY0RJam82QU51eUhFQnl3ejNQd2dNTDZJ?=

=?utf-8?B?TDlibUVua0VSSWt5akZIeWFpckVCNTM4M2lFWjJmNEJyaU96RUcrbURUZ1cv?=

=?utf-8?B?eEJkQ1FpdmZjcE9IOHlKVWp0SFI4YVROMEhQNVl3THN6bTgvVzF4OUVGRURi?=

=?utf-8?B?VnFxWGJDbE9qZWk5VStxbGtZUW1BWG1Xb2hKb2IwU3ZhbnQzUlp3d0hRSThv?=

=?utf-8?B?OUtlSDlZbDBaL0kzd2VZdHVlTDV2a1RrM0lkWnhVZ0FJeEtDYlU5NVViTXM2?=

=?utf-8?B?V2UxbUx1QVk2NWlnVDVVTjhwYjNCcHZPZkVJcHVuSUx1andyN0NiUU5PeUNW?=

=?utf-8?B?cmJTTHNDWDFYNG9TMENjMVdtSmxHUFJxQnpheHBmSnZuZ05DNXJmTGtRcmJZ?=

=?utf-8?B?UUUrSmZDbnN6SGtuT3JsRGptdnExcURsQjU2ZmhwdmNTN1dPdlF0aDcxUWxX?=

=?utf-8?B?dGtUSTFMUHpYeUVyYzJFMUQ4V1FJWDNjNElUS1ZRUStpZVVBd3N4L2dMeng3?=

=?utf-8?B?NGFVbEZhVHN1NWMyNkl6RWZOb1UzRTZ2K1hiNDcrbGsxWk5MOFFSN3I5NlFL?=

=?utf-8?B?Vlk1TjFZSDNOSjJzQktYRTcyRnZaZitSdlhwaHVnVDNvN3dGOFAvNFoxY1VB?=

=?utf-8?B?U1lSZU1oakFZZFR2Ry91Nzl2ODFtdWQ1Z2wxaVdvb0c0U2twS1U1WHA1cExV?=

=?utf-8?B?eGJ2SFJCV1JabytQOFFRSEx3TVlsTzdMMFN5UElTaFpsNzJHdTVkTDBKV0tx?=

=?utf-8?B?MFlSNjBDRk50NlpORTNwOEZuSDJtdU0zcFhDVlZ5ODQ3WDhUazJYMTZnUDlT?=

=?utf-8?B?NldubFZDbGc0a3c2WHFiL2NtazJMeGpyd2RWQW9YdzRNY1ZCR0tVMXBrSUZP?=

=?utf-8?B?MmhHQ1pkTERLOEgwZ2pRVjFmdUMvdWc3VmM5WkRnL3FuQzdpV1RsSFE4M3RM?=

=?utf-8?B?WkU1TmtXWXJ1UFg1T2c3eWl0cDhtaTNmOXZGQWYxZEN5TDVsdHRITVZhNGUv?=

=?utf-8?B?TEgvdWdXajg2YkRBNmdZZWtLM3BicFFtZkg1dGI2b2R2cWVDSzk4bnZXS2ZJ?=

=?utf-8?B?OXFGYndOdklQcGxUdFJxUlViT3JwcEVraGpHV3JvbENMWDZhT29EUEk4R1NK?=

=?utf-8?B?UXdwd3NVdE0vSEtZT2Evb3ZtSDhTVVE9PQ==?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?utf-8?B?WURwL21UYXpTTitlblBiR0orcUNaeHRrdTZsTXZvNTdhZ21oeVJFejNpVmFu?=

=?utf-8?B?T2N0TElZV1RNV3Q0V0F2VUxYZEV0MUNTdUNwL2JpcUZMM0lpVTE2RzBjdXZI?=

=?utf-8?B?aWZvVlJuNktTTUhYK0hNM0FuazdHdjVjcnpLZ3FtNDMvNkFvQmFoQko0eFlh?=

=?utf-8?B?UEVhOXkxOFYxeWRQalNPOWwrWHRia0Q5MlY4SkRHNzVmbWFNclJRNVZCTUpF?=

Web/SEO/App spam from Microsoft Outlook Part 3

Posted by Dave Yadallee on


=?utf-8?B?WDBrUmw5Ym04Qm1iTkdGZVM1Vm1DdFJySFhSRS8wdFdaanBLckRhRUdtUzhr?=

=?utf-8?B?ZERxK2taT3NYNGlNVHpJZjdUS2NOMHBSYllRZjBmUDh2aGpkeXVMZXRlU2hi?=

=?utf-8?B?OFlzdVhsb1VtUi80YXp3TmdPU08zR2Z5c2ozelRVWEpyWGFJbC8rZ2RIblFR?=

=?utf-8?B?Z2k3dzRaVy9oTjdGeHFkZ2FJaEFIcXRCRzl6M3hjOUtJVFFTWUpqdXRaQndj?=

=?utf-8?B?dDZzUFdLUmZ5V2hCVlZqRndlUU55M1dwMUQyWlNuWUduNXRBbzZnVFEyS3ha?=

=?utf-8?B?MHRUTXRJR0MxcVNaOXJ0REc3ZUJDc3h4V24rdjNmcDBPYUtuSFp5a3RLWTZw?=

=?utf-8?B?VFg1RzBvOEhsOWJxU2ljSHBZZEFPbE91RkgwN2NKNWFHbkhhN2s4UG9GUGxv?=

=?utf-8?B?Vyt0UFh1U3IxYzNrN0VESDBsZUlEUW5zczFiNWN6UnlWU0VDaXJMd1BrTFBz?=

=?utf-8?B?U3FCQVdFMGtDYXdybW1MM0hjN282QVo4SkJ0bGNBc1VTVitwUFFmS1psb003?=

=?utf-8?B?UU52SFZRVXdyQ1JvdjYzMGpMUExVNmdYYVpVVWJaMmxSaXdZbnVaNmhlZG40?=

=?utf-8?B?VEQ3VjYrVzdFdlFuMjc3N3ZtaXVVNVB3eGdlSkZUOHIwMXJVai84NXdLb2JL?=

=?utf-8?B?SHdYOFNlakdQblRjek5URHYyZ3AySjRpdzlQWi9JYWY4dFJ1QjdoZ2NnWmhK?=

=?utf-8?B?UG05Sk0xMWhoQUFOYnZFd0JPa25tN3Zlb0lhZittZmd1S21tckFNNlZoYXMw?=

=?utf-8?B?TzlqOXNCNWpTeXlrMkZ6TXB6VUpJV3B1NEM5MUhIcHBkbFdJaWxrYktTY2ht?=

=?utf-8?B?c256UHgwWSs1K1d4aVpORVFvSEJUZDh0QzBEUXV4VGtEQjBmSis4dnRHdFpr?=

=?utf-8?B?SWJUMG5SNU1yMmhTMUR4S25rQ0wzaUs3c2VpZjlPVmpGSVpMSDM5Q3h6VkEy?=

=?utf-8?B?MkV6ZTdnNWR0WTBDbEVraVlKMmU3dmdzV09DYnl1Y0Y1dEthWEpyV1dibmla?=

=?utf-8?B?MW40eXViOEY3K1lJMkF3dkFncTRLcHhxOFFjUkVHM3ZHeWRBazZaTEVBc3A1?=

=?utf-8?B?R2V1d0oyNldEaG10MVRaUzRKY0gzNlJrMStEd2JqV3lkSHZ1YmpqTDJKZ1JQ?=

=?utf-8?B?dzlEQ253NVVoVGpkNkZaMlM2ZnUyZTN2cWZFSWpvVmNMRHpndTJOL3pSUWJ6?=

=?utf-8?B?VnVGd3AxSjFSUGc0TTA2VmJWN09aQnRRdHVoODhVRkpWUFF2S1prc3ZPVmxT?=

=?utf-8?B?cmNXeG9sdU9KSVpua2owbHpCRU5RMkN6VEhXRi9yczg1ZERicStqMEFEeXE5?=

=?utf-8?B?OGZBWHpnWGdFNGs5TWFEL3FINWRVMGdDOG14TDYxMFIzSEM5cG9QcHVwbWk4?=

=?utf-8?B?ZkZBQ2RuSzVhcVNTV1RCL284ZEk1RVhNL2R5V2VpS3B3RVNmT1I0ZWJLN3c2?=

=?utf-8?B?RkhCWUtzeGhDblJlT0xBa2hpUWZOSjhsL2h0RnJwZ2Fyelhac2JaRFZkYnlS?=

=?utf-8?B?ZDdMU0hrYmtuMThmRmZvS2NCK1VvZU4zR0VqRVdOdTc0VTdOb3VWV2dubkZS?=

=?utf-8?B?bjllY2krNlNEaDFOOG1tSGtOQXU2RTVZWEhoeWlUTFV1NHdZdUtsV2s4M3g0?=

=?utf-8?B?Uy8vQTk1OVNubUdPYnFZTk1RUElHQ0xqdVVvL3ExWC9xR1I4T1Rldk5ZZzF2?=

=?utf-8?Q?1sX9C6Ro7EN8pHhvn7ppR2CJe0vfs7xL?=

Content-Type: multipart/alternative;

boundary="_000_TY4PR01MB126498264058197CFF1FDFBA5D775ATY4PR01MB12649jp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: TY4PR01MB12649.jpnprd01.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 7c3b3eae-0c81-402f-790b-08de748d7fa5

X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Feb 2026 16:47:01.3396

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: TY3PR01MB12024

X-Spam_score: 6.0

X-Spam_score_int: 60

X-Spam_bar: ++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi, I was looking at your website and noticed that you aren’t

at the top of Google search. I can fix that for you and make your company

more profitable. I can give you our Complete SEO Action Plan along with a

customary reach and add great value to your product/ service.



Content analysis details: (6.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:405:1e7:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[will-spam-for-food.eu.org]

[52.103.66.22 listed in will-spam-for-food.eu.org]

[52.103.66.22 listed in will-spam-for-food.eu.org]

[52.103.66.22 listed in will-spam-for-food.eu.org]

[52.103.66.22 listed in will-spam-for-food.eu.org]

[52.103.66.22 listed in will-spam-for-food.eu.org]

[52.103.66.22 listed in will-spam-for-food.eu.org]

[52.103.66.22 listed in will-spam-for-food.eu.org]

[52.103.66.22 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.66.22 listed in dnsbl.ahbl.org]

[52.103.66.22 listed in dnsbl.ahbl.org]

[52.103.66.22 listed in dnsbl.ahbl.org]

[52.103.66.22 listed in dnsbl.ahbl.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[dnsbl.ahbl.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[dnsbl.ahbl.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[dnsbl.ahbl.org]

[2603:1096:405:1e7:0:0:0:14 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.66.22 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.66.22 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.66.22 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.66.22 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.66.22 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[loki263148(at)outlook.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[loki263148(at)outlook.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.66.22 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 MR_DIFF_MID No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} Re: Yes, please send a quote

Web/SEO/App spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 25 Feb 2026 09:49:00 -0700

Received: from mail-japanwestazolkn19010022.outbound.protection.outlook.com ([52.103.66.22]:55281 helo=OS0P286CU011.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vvI3h-00000000CqX-3z7Z

for dave@doctor.nl2k.ab.ca;

Wed, 25 Feb 2026 09:48:33 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=Db5hI9aniPjpJcdWZdJw3YkulV7effjFvCaA03WldkrUtUzF4dd9Kir7OslPGcAr8rBRcInQz7Ni80JAcjgATtAjveZUZPM6GvbFfVe8RcV5f1vbVyYXieJBAXdI5xEjLQKIxChjJAVd7A6XoQ9Uil+46C7q+M5iAQLb8Z5A2o9e3HoagtT6AQi00IgQIh4gcSgmCncAHCiJ7dbw6qI96dzhS7ozwX/e6Ab9I4/uFm1irtN/CMHW4lPhj6O61rBUCCqbvMKP6JEcFfIO4LTe7Hbw5dIjmROLe3FxfnIihDmtWCBuD+uagoWFJSVsNpW+xnGct1Dt9FjOSy1p/AgrqQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=uKOCfDZOkdUupxuzLAA40mBt00GikVwp+5An8vxE1P0=;

b=j6XxfSYQHMl+aOC6LfYZmglCyEpj+2m9Nezy0q+PTTz5/bSDnTtUhJvNHzR7xWIBKg+1FroQ4TYCBs2NTqALE1Oxq8GW1j3pTzuIGCdRiBuRnQHvlz2NP7PKO1/UbE5HcszRPgAg2r3QCLy712BJzs2RyW1covm7lqM4x2komWnBmRrzlI4oB5Ewfesv6US1K5/rVr/cZTk8W3qqY0YqjeOA/nrAsjOxQGFqLsd8uZCfDPArhTC6PnRIdxX6pB9VYGmrrKLicJ6nze1Zzj3HWdN8vJkCFdOm0XVaUPaK+UAhp7yz4gPIdhjzieANaWmW1rrNWqD7Xkj5iGhR766xpw==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=uKOCfDZOkdUupxuzLAA40mBt00GikVwp+5An8vxE1P0=;

b=Hlzr2De1oTHkr2tgqDtPesb2c3L1L6Xerh7dcu23J+vEzYiVqC91TTT92tdiKVvGhtSp1L2LxVioVkcaCz2t8xAoyEHyDZul3cUx0NQaUhzEeJkk1A5mBSkp+6lmbVbYaOtxwtezhhVDj02+Ki26GHEi5VVFU0c+ECPbM+XrnWlD+QTXI8vJh6I5dwElFMhXagGkHUDfojIfxj09UCFJIuizceIBmH++uajb02xL1jSwuyCVm7pzGSFwMzCxmBXI+7M/jbjyIOwwNf3oyVk8tC0BJw2jhoXuUNCuHTFq+yaiCI2onB4aqMZZEJuLLwvFrAPzGX1IAJ0Lz2/esE4efA==

Received: from TY4PR01MB12649.jpnprd01.prod.outlook.com

(2603:1096:405:1e7::14) by TY3PR01MB12024.jpnprd01.prod.outlook.com

(2603:1096:400:3dc::12) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9632.23; Wed, 25 Feb

2026 16:47:02 +0000

Received: from TY4PR01MB12649.jpnprd01.prod.outlook.com

([fe80::52a2:251f:6311:8672]) by TY4PR01MB12649.jpnprd01.prod.outlook.com

([fe80::52a2:251f:6311:8672%6]) with mapi id 15.20.9654.007; Wed, 25 Feb 2026

16:47:02 +0000

From: Loki 263148

To: Loki 263148

Subject: Re: Yes, please send a quote

Thread-Topic: Yes, please send a quote

Thread-Index:

AQHcoRDJ3vQ637o0ME64CXgHrejg8bWI33rzgAFETd6AAAByVYABz5uKgAFixmaAAamJjYAAAGgHgAGZ232AAXgj+YAAAFQCgAGXkM+AAAAhOg==

Date: Wed, 25 Feb 2026 16:47:01 +0000

Message-ID:



References:













































































































Web/SEO/App spam from Microsoft Outlook Part 2

Posted by Dave Yadallee on
Content analysis details: (7.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:820:d4:0:0:0:11 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

[52.103.74.78 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.74.78 listed in dnsbl.ahbl.org]

[52.103.74.78 listed in dnsbl.ahbl.org]

[52.103.74.78 listed in dnsbl.ahbl.org]

[52.103.74.78 listed in dnsbl.ahbl.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:d4:0:0:0:11 listed in]

[dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.74.78 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.74.78 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.74.78 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.74.78 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.74.78 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.2 MISSING_HEADERS Missing To: header

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[sonukumar.app(at)outlook.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.74.78 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} "Yes"



--_000_KL1PR06MB61363C1D3FD64D7FAD3F9B6EF475AKL1PR06MB6136apcp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hi,



Your website has some errors slowing it down.



I can fix them.



Can I share the problems screenshot with you along with pricing?



Regards.

Sonu



--_000_KL1PR06MB61363C1D3FD64D7FAD3F9B6EF475AKL1PR06MB6136apcp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Hi,



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Your website has some errors slowing it down.



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

I can fix them.



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Can I share the problems screenshot with you along with pricing?



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Regards.



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Sonu








--_000_KL1PR06MB61363C1D3FD64D7FAD3F9B6EF475AKL1PR06MB6136apcp_--