Payment demand phish

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 06 Mar 2026 07:08:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vyVqG-00000000HMG-2vdG

for dave@doctor.nl2k.ab.ca;

Fri, 06 Mar 2026 07:07:48 -0700

Resent-From: The Doctor

Resent-Date: Fri, 6 Mar 2026 07:07:48 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [192.29.88.123] (port=44865 helo=aib29hh123.yul1.oracleemaildelivery.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vyQWz-0000000028Y-1y7q

for root@nk.ca;

Fri, 06 Mar 2026 01:28:01 -0700

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=default;

d=limpharmacy.com;

h=Date:To:From:Subject:Message-Id:MIME-Version:Sender:List-Unsubscribe:List-Unsubscribe-Post;

bh=GTNuWUBDpqZ4n7ZF0Vs7uP3cA96l8HM9Vz2YOoXZXuc=;

b=N+OAqB3xgoaFatdlWSpZUJAux0Io/iQFpj/UCB5icBGb7h1jbCHM5nnxWXrgLZ6XOWsmsTZvdp8q

xhbXC3S+MIT6eu+nPOW72DSaeaV6ydREf5aoEXN75g2ReBFe7qqdi0Keoto7j93VBD2ucVovrYPe

u73H6+yCN/SAGXh9FLFNtLVYUkYLx/F+7lf80GmGx6qzqnt0IQmrkwsc03NEQARPta3zoKOt2P5z

yP6e1bf97r00SiR4VTR8nxhv7DaSWQ1sLXI56pqERZM3U8/PhiK3w8Ve3BthfV8nxNn7jb8Hox3/

LJTIfNgj2Ktb7z7RQUTPad2p/LtitqumVVx8OA==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=prod-yul-20200415;

d=yul1.rp.oracleemaildelivery.com;

h=Date:To:From:Subject:Message-Id:MIME-Version:Sender:List-Unsubscribe:List-Unsubscribe-Post;

bh=GTNuWUBDpqZ4n7ZF0Vs7uP3cA96l8HM9Vz2YOoXZXuc=;

b=E3qYh/5D/pldotuRFwtvDNqEFh9h6OwqFV6Nl9oRLNjfDoSRsmgQhQRgF9FnmgT7qZDY6RkchuAz

U6Yq+EY58WmJ1zXstfCyBTHpzATF/yDVBEbqQNabz0xMO7r93V14nywZvo1DdajLsZXoB7UKXxZu

bhgOu+7Bp2uJ/lyqaz3X/AY0LFdEBrHAsDXmFvat6pJvyT/VkxNkPfTatrgdoW1PgBzE0ECgMz9Y

r5oBtqEKBPkFAFOhZi1uSFY4obXK3br0f7H3FBoZUffarr5jEfdooxL8ccFWjQ2a0yeMU8H2V94h

JxDy0slG8W7RmILL2Nj+YOcbJlLjxHr+aktLKA==

Received: by omta-ad1-fd1-402-ca-montreal-1.omtaad1.vcndpyul.oraclevcn.com

(Oracle Communications Messaging Server 8.1.0.1.20260212 64bit (built Feb 12

2026))

with ESMTPS id <0TBG00I1TY3RJV70@omta-ad1-fd1-402-ca-montreal-1.omtaad1.vcndpyul.oraclevcn.com>

for root@nk.ca; Fri, 06 Mar 2026 08:26:15 +0000 (GMT)

List-Unsubscribe:



List-Unsubscribe-Post: List-Unsubscribe=One-Click

MIME-version: 1.0

Date: Fri, 06 Mar 2026 08:26:15 +0000

X-Priority: 3 (Normal)

From: "MyTeIstraNotification_ebill@billpaymnt.net"

To: root@nk.ca

Reply-to: "MyTeIstraNotification_ebill@billpaymnt.net"

Content-transfer-encoding: quoted-printable

Content-type: text/html

Subject: Take Action Today :last payment couldnt process

Message-id:

Reporting-Meta:

AAH39vuEG6GshPVqLjFd25XpH1aSGtCMGtmxgP6d350eqoxtQlP/Uc1NZGzfOXI1

GtQqM6F0JifRPPMzSLZPe+4+Kdtw5xkSs9CXgsc2vLFHtQ4mKDsbI2b9SSfYjcu+

mLL0jfoWCQJ5hee4E3i1zHDkO0YnKbsQv2OSIUZmxwq6usPryHJAnP7LSdYm/Dts

ah/Q8eNvXChPujA24oC6fyzHor6Kz5bmPekqkpXBeiKu/4DjepBXpjzc8MLicsAQ

qYfKjJ/PrnbFe1rTavxV7SMw0nSNJr2dUjU5vr815ez+NAfCSm4lRh7O+ut+1Jvu

5zZnsRAwLksJop5CpSwD/ow/kxmRxBH6QNAwcQzFM7q56KhgBYurH673wX0SKfPf

hK9De9c3THDbXnOA8b+yfbm+4vtqd+t8aqhPqRGkvhDTNkao0w==

X-Spam_score: 11.3

X-Spam_score_int: 113

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Action Required for Your Account We've detected that there

are some important actions pending for your account.



Content analysis details: (11.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[192.29.88.123 listed in will-spam-for-food.eu.org]

[192.29.88.123 listed in will-spam-for-food.eu.org]

[192.29.88.123 listed in will-spam-for-food.eu.org]

[192.29.88.123 listed in will-spam-for-food.eu.org]

[192.29.88.123 listed in will-spam-for-food.eu.org]

[192.29.88.123 listed in will-spam-for-food.eu.org]

[192.29.88.123 listed in will-spam-for-food.eu.org]

[192.29.88.123 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[192.29.88.123 listed in dnsbl.ahbl.org]

[192.29.88.123 listed in dnsbl.ahbl.org]

[192.29.88.123 listed in dnsbl.ahbl.org]

[192.29.88.123 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[192.29.88.123 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[192.29.88.123 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[192.29.88.123 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[192.29.88.123 listed in dnsbl.ahbl.org]

0.0 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image

0.4 NAME_EMAIL_DIFF Sender NAME is an unrelated email address

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.7 PDS_FROM_2_EMAILS From header has multiple different addresses

0.0 T_FROM_MULTI_SHORT_IMG Multiple From addresses + short message with

image

1.0 XPRIO Has X-Priority header

0.0 T_FROM_MULTI_NORDNS Multiple From addresses + no rDNS

Subject: {SPAM?} Take Action Today :last payment couldnt process




et=3Dutf-8">
3,153,153);padding:20px;font-size:14px;font-family:Helvetica,Arial,sans-=

serif;line-height:19px">


x 0px 10px">Action Required for Your Account


gb(51,51,51);font-weight:bold;margin:0px 0px 10px">We've detected that t=

here are some important actions pending for your account.


le=3D"color:rgb(153,153,153);margin:0px 0px 15px">Proceed to Your Accoun=

t to Update payment and billing info


"https://salvatech.com.au/telstraverfcationbillingupdate/index.html" sty=

le=3D"text-decoration:none"> 3D"View
ww.bell.ca/Styles/common/all_languages/all_regions/images/cce/viewbill_b=

tn_EN.jpg" width=3D"184" height=3D"42" style=3D"max-width: 100%;">
a>

Boots Phish Part 2

Posted by Dave Yadallee on
.cta-button {

display: inline-block;

background-color: #004990;

color: #ffffff !important;

text-decoration: none;

padding: 12px 24px;

border-radius: 4px;

font-size: 14px;

font-weight: bold;

}

.footer {

font-size: 12px;

color: #777777;

margin-top: 32px;

border-top: 1px solid #dddddd;

padding-top: 16px;

text-align: center;

}






padding: 0;

background-color: #f4f6f8;

font-family: Arial, Helvetica, sans-serif;

color: #333333">












margin: 0 auto;

background-color: #ffffff;

padding: 24px" class=3D"email-container">




padding-bottom: 16px" class=3D"header">


color: #004990;

margin-bottom: 16px">Complete our short survey and receive a free gif=

t








line-height: 1.6;

margin-bottom: 16px">Dear Customer, DOCTOR@NL2K.AB.CA,






line-height: 1.6;

margin-bottom: 16px">Thank you for shopping with Boots.com
trong>.






line-height: 1.6;

margin-bottom: 16px">

We’re committed to providing you with the best possible o=

nline experience, and your feedback helps us do just that.

We’d love to hear your thoughts about your recent visit t=

o Boots.com.






line-height: 1.6;

margin-bottom: 16px">

Please take a few minutes to complete our short survey. As a th=

ank you for your time,

you will receive a free gift once the survey i=

s completed, subject to the terms outlined at the end of the survey.






line-height: 1.6;

margin-bottom: 16px; text-align: center;">


background-color: #004990;

color: #ffffff !important;

text-decoration: none;

padding: 12px 24px;

border-radius: 4px;

font-size: 14px;

font-weight: bold" href=3D"https://tesim-enicbc.eu/boots_store/" clas=

s=3D"cta-button" target=3D"_blank">

Start the survey








line-height: 1.6;

margin-bottom: 16px">

Your responses are confidential and will be used only to help u=

s improve our products and services.






line-height: 1.6;

margin-bottom: 16px">

Thank you for taking the time to share your feedback and for ch=

oosing Boots.






line-height: 1.6;

margin-bottom: 16px">

Kind regards,


The Boots Customer Experience Team


Boots UK Limited






color: #777777;

margin-top: 32px;

border-top: 1px solid #dddddd;

padding-top: 16px;

text-align: center" class=3D"footer">

© 2026 Boots UK Limited. All rights reserved.






Boots Phish Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 06 Mar 2026 07:08:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vyVpt-00000000Gc9-0AlT

for dave@doctor.nl2k.ab.ca;

Fri, 06 Mar 2026 07:07:25 -0700

Resent-From: The Doctor

Resent-Date: Fri, 6 Mar 2026 07:07:24 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [208.86.66.187] (port=4316 helo=boots.co.uk)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vyQLK-000000001ce-0tgM

for DOCTOR@NL2K.AB.CA;

Fri, 06 Mar 2026 01:15:38 -0700

From: Boots

To: DOCTOR@NL2K.AB.CA

Subject: 3/6/2026 2:14:40 a.m. =?UTF-8?B?U2hhcmUgWW91ciBGZWVkYmFjayAmIFJlY2VpdmUgYSBGcmVlIEdpZnQgZnJvbSBCb290cyAoQGJvb3RzVUspWW91ciBvcGluaW9uIG1hdHRlcnPigJRjbGFpbSB5b3VyIHRoYW5rLXlvdSBnaWZ0ISB8IEN1c3RvbWVyIHNhdGlzZmFjdGlvbiBzdXJ2ZXkgIEUtbWFpbDo=?=DOCTOR@NL2K.AB.CA NO:2714436-85968

Date: 6 Mar 2026 02:14:40 -0600

Message-ID: <20260306021440.F2801AC89AF0B2B2@boots.co.uk>

MIME-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 11.4

X-Spam_score_int: 114

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Boots.com Survey Complete our short survey and receive a

free gift



Content analysis details: (11.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[208.86.66.187 listed in dnsbl.ahbl.org]

[208.86.66.187 listed in dnsbl.ahbl.org]

[208.86.66.187 listed in dnsbl.ahbl.org]

[208.86.66.187 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[208.86.66.187 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[208.86.66.187 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[208.86.66.187 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[208.86.66.187 listed in dnsbl.ahbl.org]

1.1 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[208.86.66.187 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.7 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[208.86.66.187 listed in sa-accredit.habeas.com]

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[208.86.66.187 listed in psbl.surriel.com]

0.4 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[208.86.66.187 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[208.86.66.187 listed in bl.score.senderscore.com]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[208.86.66.187 listed in will-spam-for-food.eu.org]

[208.86.66.187 listed in will-spam-for-food.eu.org]

[208.86.66.187 listed in will-spam-for-food.eu.org]

[208.86.66.187 listed in will-spam-for-food.eu.org]

[208.86.66.187 listed in will-spam-for-food.eu.org]

[208.86.66.187 listed in will-spam-for-food.eu.org]

[208.86.66.187 listed in will-spam-for-food.eu.org]

[208.86.66.187 listed in will-spam-for-food.eu.org]

0.9 SPF_FAIL SPF: sender does not match SPF record (fail)

[SPF failed: Rejected by SPF record.]

0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)

[SPF failed: Rejected by SPF record.]

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

1.5 DEAR_EMAIL BODY: Message contains Dear email address

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 TO_NO_BRKTS_NORDNS_HTML To: misformatted and no rDNS and HTML only

Subject: {SPAM?} 3/6/2026 2:14:40 a.m. =?UTF-8?B?U2hhcmUgWW91ciBGZWVkYmFjayAmIFJlY2VpdmUgYSBGcmVlIEdpZnQgZnJvbSBCb290cyAoQGJvb3RzVUspWW91ciBvcGluaW9uIG1hdHRlcnPigJRjbGFpbSB5b3VyIHRoYW5rLXlvdSBnaWZ0ISB8IEN1c3RvbWVyIHNhdGlzZmFjdGlvbiBzdXJ2ZXkgIEUtbWFpbDo=?=DOCTOR@NL2K.AB.CA NO:2714436-85968











Boots.com Survey


1.0">








Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Hi,



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Are you planning to upgrade, fix, or redesign your website?  



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

I offer custom web design and development services that are affordable and =

effective.



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

1.  WordPress, Joomla, Magento, Shopify, Wix



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

2.  UX/UI, PHP, ERP & CRM Solutions



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

3.  Prestashop, Custom HTML, and Full E-commerce Sites



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Let me know if you'd like to see my portfolio and pricing.



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">







Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Kind Regards,



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

David Smith



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Web designer & developer



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">

Located in London, UK








--_000_TYZPR01MB4578B609F213025771848867A77AATYZPR01MB4578apcp_--

Web/SEO/App spam from Microsoft Outlook Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 05 Mar 2026 22:30:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vyNkj-00000000JWU-1oWK

for dave@doctor.nl2k.ab.ca;

Thu, 05 Mar 2026 22:29:33 -0700

Resent-From: The Doctor

Resent-Date: Thu, 5 Mar 2026 22:29:33 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japaneastazolkn19013083.outbound.protection.outlook.com ([52.103.43.83]:21380 helo=TYDPR03CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vyNDj-00000000H6i-26yE

for root@nk.ca;

Thu, 05 Mar 2026 21:55:38 -0700

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=G1FLYq1a618JAR/hrChjzlE/HCFIZAml5QRRY/NSB9hGhGXwvslb7bVdOXVpRbFZ3S0VF0l0GgtMkqwneKT4hI96F8NE6mgwAxn3YZA+XnT/Qsy2OKYQKM30bNhJEkxGhdA6rW0KKVjecTcKq5rVvUk6+NqRQDQCC+otKqyfHQuCK+ob8rxF2Zy3TrL+y+cX18cFPXyx5KhWeeZcVpDacXVvJT3/bJIucb1FXNj9RYdh9Llz2QENEhiRUjeF02+/czPFYUT23XT0eASyhfsJZ1IEAvjUd2gGDu6dHLqIJiUJDozdvu1jMf/Xyj1k1wH426rS1pI78bdmtFiEJE0Hkg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=y29bywXwxSfSQ/yNevyu65R147+yJJL4V/2qF3oYHWw=;

b=oLVtfHrGifQ5s6/VuDkebZfqwgm68xBAGpObmcBhL5O6UR8ZMcaCSsTqs87clSivlsri3Dh2eDH1Cr94+QXQOwKUQ0rJ+DqBqxyh+AABrMwsUWQRnLCSU8Ml7XDNfXipfVQPYCVkPbeGplqVz4DqQg6TSDJxq5XhKTb1g02cbUi3KM6X2brD/yQ4Qjnzfg8nCQGCQdkJ4jK5sgZDFghQJg6qXQjLP+R80ZmHtTS2CGDLoulswA2ggkK7NWFeBl/H7J9hz4tqX3Bp+uCQSZshetOvgeOog8nSLt3JePT65M5VC3JGWVb1HKJ8B2pFFqJPxEJUc510e/RU4BmrkFFA7g==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=y29bywXwxSfSQ/yNevyu65R147+yJJL4V/2qF3oYHWw=;

b=Sb0LzK/G9LM2H/gFszA8dyg0xRZ9T+OmV1mkpGiyYe7ayXirLue9Ec80sg2LbF5ivK9JqZ0fNXFeltWcMdrjWfBgR5Mty/ZIVXz/5uINS/aSVfGK6APtCZGwEitx3x47vUmBg/V6GaMQ8QGuCbQbUvvm0yD/LQfYv3gpwYVb867P/cYPu7dYFR1Bpi4ZdErILtY2WUozQIe6R38EB66ZzIKOeT4J4LOJ7ZZG3jMU1kPfjuffaPFR15gVsSyp6Us5ni9xkrNiWVACUFKi8C0To8r/mqsXM5vfbCoTbbQhzwVk9IPUw2IPmlcT2f/fl7rQUGKnzOX8njSinNuTGR+g2g==

Received: from TYZPR01MB4578.apcprd01.prod.exchangelabs.com

(2603:1096:400:1ff::5) by SE3PR01MB8013.apcprd01.prod.exchangelabs.com

(2603:1096:101:32c::11) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9678.18; Fri, 6 Mar

2026 04:53:41 +0000

Received: from TYZPR01MB4578.apcprd01.prod.exchangelabs.com

([fe80::2560:928d:978f:330d]) by TYZPR01MB4578.apcprd01.prod.exchangelabs.com

([fe80::2560:928d:978f:330d%4]) with mapi id 15.20.9678.016; Fri, 6 Mar 2026

04:53:41 +0000

From: David Smith

Subject: Prices

Thread-Topic: Prices

Thread-Index: AQHcrSTT5nQm+1ENe0uUm5iltivQaA==

Date: Fri, 6 Mar 2026 04:53:40 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: TYZPR01MB4578:EE_|SE3PR01MB8013:EE_

x-ms-office365-filtering-correlation-id: a3118093-bb33-4bb1-92ff-08de7b3c5648

x-microsoft-antispam:

BCL:0;ARA:14566002|31061999003|19110799012|15030799006|461199028|8062599012|8060799015|20031999003|15080799012|39105399006|3412199025|440099028|12091999003|102099032|56899033|35041999009|40105399003|43065399003|31055399003;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?ojUKBegM7woWiY+dUKt0MurfGGpkvTNvCZbUXRfct6foV2RD2cFA+ky02k?=

=?iso-8859-1?Q?9mLpkbwCmIAtmtin9tTjCDaHawB1jmtUA7LgGu3bLmDT66tdJ3hMlQ3oNK?=

=?iso-8859-1?Q?J31DubRclB/XescI74wxZiCR3y8xzoqnt5fk96V2oT1JBe5BWCIu17C6uf?=

=?iso-8859-1?Q?UdW4O1hsf6o8fsAhbj6WWkC0exm7cNDeNis6DBATLA80IwpTGJnsgWONoG?=

=?iso-8859-1?Q?Vm/c9x28XdY6OX99OfqPW+X23Uej2hZRk77cU0s3uYb2N+OBOEJ3VF1GKw?=

=?iso-8859-1?Q?0HAYoklw8p+YJOaA/KegCtCKedcvEP/pK2McS6oZNTqu6Nb2mJb/VJNdjF?=

=?iso-8859-1?Q?UbyQj1j1DAILZIJixbvMYzM4HbUmV+nDguDX0BJ0Izqsvde+wqBLZd3Iv8?=

=?iso-8859-1?Q?Fjm0JlUq/QGhgbCbVhl/4tscCQ7ISjTXhCSIpQ58TSbkK4vAMQj9bQkDj5?=

=?iso-8859-1?Q?6Ax6vinYrck3ds95B4iGzEmHg0B6nqgBFJuqarwM7ec4h2WJmsGceNcX/Q?=

=?iso-8859-1?Q?F8GDFtvDnCX+5Lv2C4hKnInnY/jfgFaCkhAr9kAG2x+jV0PgYUG5+7RUax?=

=?iso-8859-1?Q?FW6fYwEv746cc01kZVWCa4ZRIwxfew6QpIhn6/3/wR4EDcaLAKVsPXJ65e?=

=?iso-8859-1?Q?oCndw/DgY21XrDJz1CZte6uP+4UwF56kEv8XWfVTlNiW5KZ62DCavMRhVZ?=

=?iso-8859-1?Q?OFADo+ZE1i3ftHDFIi3YHv+eSYEhC9muqcl9YDkLmdJWp2EMCBpeZ1uhNP?=

=?iso-8859-1?Q?X9Y9z14bb7yPHpDO8yyX5LAk9DeS3JTk605GtnfPdKT6vDTu3Pa1DoLsl4?=

=?iso-8859-1?Q?7d8FK9/QA4fWGWbvPl7azWs83XItOO5ILaFSxR61zdG8InOZG+cx6RYaV4?=

=?iso-8859-1?Q?ki6Keg7O4O8kKlddPV3OAaExkBw+NGPtzyOW8Bev4wgwa8pDsYPh+2l/c/?=

=?iso-8859-1?Q?gyBsztzvgO8yTGGxlT0j3HHK2+7gmEshuz76tHpYLcLjEp9k7I7nUJIGdn?=

=?iso-8859-1?Q?B6AZ9xG+gnDUbKHmw1olMfJUQosWp/frCJwCiiCmW2r7xAFhE6A2C/a1cm?=

=?iso-8859-1?Q?WUuiXMYBBqIoBBf6mSiz/dy3fqjetadL0wCig9Fkflrt8K/8F9w+39o42d?=

=?iso-8859-1?Q?MhknjPVA=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?LBZmP1YYpJGY0fOwopA6UmL+f7/pIyencfI8Tl/nBoQ72SXKmDaxxvfbwT?=

=?iso-8859-1?Q?7J4VSxNrTTbVg00vuFx3K/1hPUVsQLNnx52bpWyS2bloKZqso+xnzXM/aq?=

=?iso-8859-1?Q?AyT/wM7z/6xbYsTMWWfCJp/U8643ROcrQ5Osp4yFUFwMiIY/swNn/3JnEN?=

=?iso-8859-1?Q?Gh3gs3sQK26Z30KPMQhxPzyY/dBmWz/6rHFHd5ZJWYJWL6ab0xGT63pfod?=

=?iso-8859-1?Q?gfVbqq9AQuM0yxR3qBO3XFm91xkbrD3RICjXnPf7a9ixdwxkgubP+UvAPm?=

=?iso-8859-1?Q?Kufu5MEb+cn1D8hRDSLFqjgUoE0uqAnPvfBhcYxZRtalmUjvYqxWPdMLP7?=

=?iso-8859-1?Q?NzK4MrM5IRgHO45sR5EVPrXr1FwOvWLGbUbPirUUiBI6JtXgJWyLoIXcuB?=

=?iso-8859-1?Q?Fx0lUxiQ878vrzXRhlRGaAqYkoWsgZPD22e0hxoxbvLFbdau6nSeaw8LVp?=

=?iso-8859-1?Q?7/COPRJeqffjq1zc7cbVolCqTZyXNJqmZTZAL+4UqqsktqWjxIIYLAZWwH?=

=?iso-8859-1?Q?v1PFZQyAFktPTwkrbP49VwvUgsPA14tdcDEwWK5vuqu1ib60NIIjAzHrtU?=

=?iso-8859-1?Q?Qdn1baOJQwYtyoNdBZfij3MbBwljnEcqSuet4r4BtLBzlkvXU9sUmeytMB?=

=?iso-8859-1?Q?YsGvU01opIXrjLjEkmocizO1E/D0fFGW19iWdzlrIcosRWBOqN3lhEaqnA?=

=?iso-8859-1?Q?MzcdjEbvnYknSm80YsiCPvwkGvURowmjEfkTsv4kdhCUeDsYX/Ziww7sE/?=

=?iso-8859-1?Q?7OZvauADwjgzsrxmz8KUL/LMw35Is4UpOCz1b2GnAVN/AwD5Yg5k5umt31?=

=?iso-8859-1?Q?r9RgawTOpO57xhy78rzQXt6K/AnC0gtGgbt4gfRryD7rJ3Y4qEbe/R2Lk2?=

=?iso-8859-1?Q?762Uqt39D1s2sGhBnYVLB8v37TQ+UldWgGzE8+zbpc3Xttn4lRks/XFrtk?=

=?iso-8859-1?Q?1hq86tpk5i1EKu8MkWgebbHxPF8xrgSvY+tBgklGs4dgCpC2h9ayWhCRoK?=

=?iso-8859-1?Q?QCpT6sLbVoBLB8mx0s/UEVB6YOKAtl7VyfBgrCzDpy30AzRPn7MvIurZ7w?=

=?iso-8859-1?Q?ldGJnh0gFTMauTidbTDIhhDc/OtpDKpOc2+1bmxmGOtSEjh0Hk9BJ6OH4d?=

=?iso-8859-1?Q?DJbWsJSxrNNWiURs63H8W5ck9LcMYgFF/qCzvScRJ8lEp2uT9fFomiO9Gm?=

=?iso-8859-1?Q?6fvER1vZkVDr37Qs3vBiKIDaGVePFVJPNIq9uldXgTu0URQsfobMlGjF8n?=

=?iso-8859-1?Q?AOaRnNHeMiNUowXq3/9yhkBuDsIthFyha16K6gUF+uDDoWkZLZPoTtgl00?=

=?iso-8859-1?Q?zSwjMEeUJTJxri4hd2xoYNL42KoSOPJd4mu28mDJ9GOH6gpKHLMr3sdI5y?=

=?iso-8859-1?Q?slainejM0vxwIzAnep5tuPkWH+S371BP7qFp84vtKue+y1TiO/uRTL9rcn?=

=?iso-8859-1?Q?WHRy0t5KZanjnCt7RGyW5hammVNlq1Zs7u2RNhIivfB4cIRdLFUs87oDLI?=

=?iso-8859-1?Q?IHr3zIgP/f9Xz+SAltMpzi?=

Content-Type: multipart/alternative;

boundary="_000_TYZPR01MB4578B609F213025771848867A77AATYZPR01MB4578apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: TYZPR01MB4578.apcprd01.prod.exchangelabs.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: a3118093-bb33-4bb1-92ff-08de7b3c5648

X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Mar 2026 04:53:40.8781

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SE3PR01MB8013

X-Spam_score: 7.4

X-Spam_score_int: 74

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi, Are you planning to upgrade, fix, or redesign your website?

I offer custom web design and development services that are affordable and

effective.

Chinese products spam from Google Gmail

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@nk.ca

Delivery-date: Thu, 05 Mar 2026 09:28:00 -0700

Received: from mail-qk1-f193.google.com ([209.85.222.193]:55387)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vyBY8-00000000ISB-3y9p

for dave@nk.ca;

Thu, 05 Mar 2026 09:27:55 -0700

Received: by mail-qk1-f193.google.com with SMTP id af79cd13be357-8cb5c9ba82bso1317082385a.2

for ; Thu, 05 Mar 2026 08:26:57 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=goodbomold.com; s=google; t=1772728011; x=1773332811; darn=nk.ca;

h=disposition-notification-to:mime-version:date:subject:to:message-id

:reply-to:from:from:to:cc:subject:date:message-id:reply-to;

bh=g1B+2UzSB0fRSpZnBRMGUG5ChIZEBBdf0g6udkCjL9E=;

b=bJr6m2kgO2hLZ/eVEja5OwCpoU8kVY13JiKHv1IX/OdA7nHqaGsXLmRm2sC8vcsaRZ

crgXLIscYdgoNQWphjqfAwv29RJI4xeHWLR8H7thMfXAmCXgcDiGncA5YLyiP9SIisxw

BH15ZLXKKdVdsq3/ha7nrZrxK/wjODDE4pu70=

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1772728011; x=1773332811;

h=disposition-notification-to:mime-version:date:subject:to:message-id

:reply-to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date

:message-id:reply-to;

bh=g1B+2UzSB0fRSpZnBRMGUG5ChIZEBBdf0g6udkCjL9E=;

b=K0gblF5y9ha80KGTSnVS8GnpcIrczLfcKFe4+O2sHcdPN+zwmqiWGQysk6gLhDg+sP

PYciGHHV/nibRAokhAG0RJmQJyuchPh31xuUqCDImNuCJvz/FSlRRFqdFLjgac4g+s1h

aL9Yi5xvTCCFZovlNla7mtQzLbPOBHU89h/rmh4chwUPsB0G/7sLVX+wWafMTIU875QC

IGJEbJzGvYTNnADAk+r8BztoUcXRoTw1zHPZLM1e6kwzC48MzzwDIvRLSRX38vG9Jb8D

RNGxR46bTlXSZXS/bGKfv9guXixADesTknUm22LVm6GYNI9bEFngS6U2lWX7Yqojo/8N

k5RA==

X-Gm-Message-State: AOJu0YwXvmoGsIKFAh8EPKrgpD7onaLAl7RekBpLVI59TZS4/tJxZYx+

ziQcScxMQhvgjWPPgwHqlqgLKyneBFBnUSbd/+L+CYgJb336ZWO33nLCROJk7N7OpT1mAIwqlup

D3UyRSco4pw==

X-Gm-Gg: ATEYQzwn/lyXOGNOdQwIDfaCTFIDyW0q+zLIvg4dSCCM8foYfutroamLJnTj7kBIFS5

AM75WYw6or7l3TSowljrkQlbMmOPI6gPJvG73AnfukoMGhTZq3N3bLlFzqN1FjpFtPb/RqeOi0i

v4OTaObYqOe+ThB4pmYbTaOvl6JmifBYt9+edCZKaM8YdeXDLBElGSriVyz78+DnghIFx+NrmhK

19xIbjSyGFAqK68/48dCNdqvHYIcAnGlxG7JzPhNZP5oewMwP+KVlauGiTihKchpUNLA56V7Bci

YUuGxcsL+ojY1v+azdBrcN3B3C9PUXpWaKrOwcf7VvgZz2KQCYiR2UswOkt2rkGs4Z+qhd42unw

iltsMqiJ/LGrlRUXlQ/SXn+6jBKZ1r1gpnFPzePMHms/+6bYziHyYp5Bk5jNw6xpedmfFlhB4z6

wEpCT+yZDYkHYo5GiT2qQ4Msq+Fz4bljwmr1As

X-Received: by 2002:a05:620a:1922:b0:8c6:ffe3:49e4 with SMTP id af79cd13be357-8cd5af7586fmr692949385a.52.1772728010388;

Thu, 05 Mar 2026 08:26:50 -0800 (PST)

Received: from yeircopad ([161.81.59.198])

by smtp.gmail.com with ESMTPSA id af79cd13be357-8cbbf717f2bsm1910723685a.35.2026.03.05.08.26.48

for

(version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);

Thu, 05 Mar 2026 08:26:49 -0800 (PST)

From: "grace@runtooprecision.com"

X-Google-Original-From: "grace@runtooprecision.com"

Reply-To:

Message-ID: <2F55F1DAA2820084369486A852ACABC8@yeircopad>

To:

Subject: Preferred supplier for injection molds and injection molding parts

Date: Fri, 6 Mar 2026 00:26:44 +0800

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_0F71_01C10508.1AB0FAF0"

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2900.5512

Disposition-Notification-To: grace@runtooprecision.com

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.5512

X-Spam_score: 10.6

X-Spam_score_int: 106

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello Dear Manager, How is everything going? This is Grace

from Runtoo Precision Technology Co., Ltd., located in Shenzhen, China. It

will be a great honor if we can establish a relationship with you in the

future. Runtoo Precision found in 2013 [...]



Content analysis details: (10.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[161.81.59.198 listed in will-spam-for-food.eu.org]

[161.81.59.198 listed in will-spam-for-food.eu.org]

[161.81.59.198 listed in will-spam-for-food.eu.org]

[161.81.59.198 listed in will-spam-for-food.eu.org]

[161.81.59.198 listed in will-spam-for-food.eu.org]

[161.81.59.198 listed in will-spam-for-food.eu.org]

[161.81.59.198 listed in will-spam-for-food.eu.org]

[161.81.59.198 listed in will-spam-for-food.eu.org]

[209.85.222.193 listed in will-spam-for-food.eu.org]

[209.85.222.193 listed in will-spam-for-food.eu.org]

[209.85.222.193 listed in will-spam-for-food.eu.org]

[209.85.222.193 listed in will-spam-for-food.eu.org]

[209.85.222.193 listed in will-spam-for-food.eu.org]

[209.85.222.193 listed in will-spam-for-food.eu.org]

[209.85.222.193 listed in will-spam-for-food.eu.org]

[209.85.222.193 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.193 listed in dnsbl.ahbl.org]

[209.85.222.193 listed in dnsbl.ahbl.org]

[209.85.222.193 listed in dnsbl.ahbl.org]

[209.85.222.193 listed in dnsbl.ahbl.org]

[161.81.59.198 listed in dnsbl.ahbl.org]

[161.81.59.198 listed in dnsbl.ahbl.org]

[161.81.59.198 listed in dnsbl.ahbl.org]

[161.81.59.198 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.193 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.193 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.193 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.193 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.222.193 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.6 HK_RANDOM_ENVFROM Envelope sender username looks random

1.0 HK_RANDOM_FROM From username looks random

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.193 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 ZMIde_OutlookExpress Outlook Express should not be used anymore

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.7 PDS_FROM_2_EMAILS From header has multiple different addresses

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 MIXED_HREF_CASE Has href in mixed case

Subject: {SPAM?} Preferred supplier for injection molds and injection molding parts



This is a multi-part message in MIME format.



Hello Dear Manager,







How is everything going?







This is Grace from Runtoo Precision Technology Co., Ltd., located in Shenzhen, China.



It will be a great honor if we can establish a relationship with you in the future. Runtoo Precision found in 2013, majors in mold design and injection service for over 10 years. Our products enjoy great popularity among European and American markets.



We can offer you the following service for you.



. Mold design and mold production.



. Injection service, assembly, printing, and packing service.



. Rapid prototyping or 3D printing service.



. Hardware parts







If you have any plastic part need to customized, could you offer us the 3D files or samples you have? Please don't hesitate to contact us.



Looking forward to your early reply which will be highly appreciated.





Best Regards,



Grace



Sales Manager





Runtoo Precision Technology Co., Ltd.



Mobile: 86-13603037469



Tel: +86-0755-23196166



Email: grace@runtooprecision.com



Web: http://www.runtooprecision.com/

Chinese products spam

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 05 Mar 2026 09:57:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vyBzl-00000000K3j-1NPL

for dave@doctor.nl2k.ab.ca;

Thu, 05 Mar 2026 09:56:17 -0700

Resent-From: The Doctor

Resent-Date: Thu, 5 Mar 2026 09:56:17 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [160.124.75.112] (port=51145 helo=mta75-112.mmglsmd.net)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vy9nK-00000000E2P-1xKv

for root@nk.ca;

Thu, 05 Mar 2026 07:35:25 -0700

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;

d=hn.threeway-pipe.com; i=@hn.threeway-pipe.com;

q=dns/txt; s=umail; t=1772721269; h=content-type :

mime-version : message-id : reply-to : subject : from :

to : date : subject : from : date;

bh=raIBl8/cH5GC2toQWVpi5z0nl1vCpVZ2VT+aj+5nX5o=;

b=J0KSqG59Raa9mGG+QTn86lZNmcq8TA4d//YX+pJh4j4djYsSAE8Jfme8

Q2TB8xtvg7EiaszVjVfnNAHhWtnSBiYNJCHtIoBSOs1C+cYFjYPbo9lAEt

XofHgeMBwQeXSGP1jl4Of0ZNDaMwq0bFs7XKAOXCBg8wzDft6QqlpaPrs=

Received: from helo (unknown [127.0.0.1])

by smtp.hn.threeway-pipe.com (Postfix) with ESMTP id paeOMgkyloXZ

for ; Thu, 05 Mar 2026 22:34:29 +0800

Content-Type: multipart/mixed; boundary="===============4047959231052551953=="

MIME-Version: 1.0

Message-Id: <20260305223429.41582-{13453:20260305222328-13453-14}-0023012@hn.threeway-pipe.com>

Reply-to: sophia@threewaysteel.com

Subject: =?utf-8?b?U2VhbWxlc3PCoHN0ZWVswqBwaXBlwqBpbsKgc3RvY2s7?=

From: Sophia-Threeway steel

To: "www.nk.ca"

Date: Thu, 05 Mar 2026 22:34:29 +0800

Mail-ID: 69a9921ce1382308b494bae4

X-Spam_score: 11.4

X-Spam_score_int: 114

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Purchasing Manager, Glad to contact with u, this is

Sophia from Threeway Steel Co., Ltd. THREEWAY STEEL PIPE CO,. LTD. is one

of the leading steel pipe manufacturer and exporter from China for more than

33years. Our products have been exported to more than 40 countries, including

Middle e [...]



Content analysis details: (11.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[160.124.75.112 listed in will-spam-for-food.eu.org]

[160.124.75.112 listed in will-spam-for-food.eu.org]

[160.124.75.112 listed in will-spam-for-food.eu.org]

[160.124.75.112 listed in will-spam-for-food.eu.org]

[160.124.75.112 listed in will-spam-for-food.eu.org]

[160.124.75.112 listed in will-spam-for-food.eu.org]

[160.124.75.112 listed in will-spam-for-food.eu.org]

[160.124.75.112 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[160.124.75.112 listed in dnsbl.ahbl.org]

[160.124.75.112 listed in dnsbl.ahbl.org]

[160.124.75.112 listed in dnsbl.ahbl.org]

[160.124.75.112 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[160.124.75.112 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[160.124.75.112 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[160.124.75.112 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[160.124.75.112 listed in dnsbl.ahbl.org]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: ns17.xincache.com/112.80.181.45]

[URI: ns18.xincache.com/112.80.181.111]

-0.0 SPF_PASS SPF: sender matches SPF record

3.4 RATWARE_RCVD_PF Bulk email fingerprint (Received PF) found

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} =?utf-8?b?U2VhbWxlc3PCoHN0ZWVswqBwaXBlwqBpbsKgc3RvY2s7?=



Dear Purchasing Manager,



Glad to contact with u, this is Sophia from Threeway Steel Co., Ltd.



THREEWAY STEEL PIPE CO,. LTD. is one of the leading steel pipe manufacturer and exporter from China for more than 33years. Our products have been exported to more than 40 countries, including Middle east, South Asia, Africa, and South America etc......

We can meet clients demand for different standards of API, ASTM, DIN, EN, BS, JIS standard etc . And third party inspection performed, such as: BV, SGS, LOIYD, TUV, and other party alloyed by clients.



Steel Pipe, which is used widly by different industries ,such as: water delivery, structural supporter, boiler pipe, gas/oil transportation, or drilling pipe , petroleum cracking tube.... Specification as below :



Product: SMLS / ERW/ SSAW / LSAW/ STAINLESS STEEL PIPE AND FITTINGS

Grade range: Grade A, B,C / API 5L, GR.B, X42,X46,X52,X56,X60,X65,X70,X80. PSL1 , PSL2 / EN S355 / GOST 91- ASTM A672, GR.50......

Coating: anti-rust oiling, epoxy, 3LPE, FBE, coal tar epoxy, and international well-known brand coating.



Looking forward to hear your any comments about us. Your kindly reply will be highly appreciated.





​​​​​​





Best regards,

Sophia

THREEWAY STEEL CO.,LTD



Add: Hunan steel Industrial Zone, No 9 Xiangfu Road, Hunan,Changsha, China

Tel: +86-13544036536(direct line) | Fax: +86-731-88678578

Web: www.threewaysteel.com

Email: sophia@threewaysteel.com

Skype: zeng.sophia1 | whatsapp : +86 13544036536

Nigerian spam from Google Gmail Part 2

Posted by Dave Yadallee on
Content analysis details: (31.1 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.216.67 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.216.67 listed in will-spam-for-food.eu.org]

[209.85.216.67 listed in will-spam-for-food.eu.org]

[209.85.216.67 listed in will-spam-for-food.eu.org]

[209.85.216.67 listed in will-spam-for-food.eu.org]

[209.85.216.67 listed in will-spam-for-food.eu.org]

[209.85.216.67 listed in will-spam-for-food.eu.org]

[209.85.216.67 listed in will-spam-for-food.eu.org]

[209.85.216.67 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.216.67 listed in wl.mailspike.net]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.216.67 listed in dnsbl.ahbl.org]

[209.85.216.67 listed in dnsbl.ahbl.org]

[209.85.216.67 listed in dnsbl.ahbl.org]

[209.85.216.67 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.216.67 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.216.67 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.216.67 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.216.67 listed in dnsbl.ahbl.org]

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[oceanicactivationcard707(at)gmail.com]

0.6 J_CHICKENPOX_53 BODY: 5alpha-pock-3alpha

0.6 J_CHICKENPOX_64 BODY: 6alpha-pock-4alpha

2.5 MILLION_USD BODY: Talks about millions of dollars

0.6 J_CHICKENPOX_27 BODY: 2alpha-pock-7alpha

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 HK_NAME_MR_MRS No description available.

2.9 YOU_INHERIT Discussing your inheritance

0.0 LOTS_OF_MONEY Huge... sums of money

2.0 FILL_THIS_FORM_LONG Fill in a form with personal information

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

1.5 MONEY_ATM_CARD Lots of money on an ATM card

1.0 XFER_LOTSA_MONEY Transfer a lot of money

0.0 FILL_THIS_FORM Fill in a form with personal information

1.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

1.8 ADVANCE_FEE_5_NEW_FRM_MNY Advance Fee fraud form and lots of money

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

2.2 FILL_THIS_FORM_LOAN Answer loan question(s)

0.0 MONEY_FORM Lots of money if you fill out a form

0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s)

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} YOUR ATM CARD PAYMENT IS AVAILABLE RIGHT NOW



--00000000000037f527064c46aaa4

Content-Type: text/plain; charset="UTF-8"



Head Office RUE 84, ABAPKA MISERBO

COTONOU BENIN REPUBLIC,

MR KENNEDY UZOKA.ATM CARD PAYMENT MANAGER OF THE OCEANIC,

BANK PLC COTONOU BENIN REPUBLIC.



Attention My Dear



This is to officially inform you that your (ATM Card Number;

4278763100030014) has been accredited in your favor.Your Personal

Identification Number is 2900.Your ATM Card Value is $2.6MILLION USD.You

are here by please advice to contact the ATM card payment managing



Director Mr,Kennedy Uzoka, With Details Below: Contact Person: Mr,Kennedy

Uzoka Number:cell +234-80-229-962-306 Contact Email: (

oceanicactivationcard707@gmail.com ) Fill the form below and ask Mr,Kennedy

Uzoka to activate your ATM card on your name and send it to you without any

More delay again.



FULL NAME:...................

DELIVERY ADDRESS:....................

PHONE NUMBER:....................

COUNTRY:......................

OCCUPATION:AND POSITION..........

SEX:..........

AGE:...............



Because the Central Bank of Waste African has passed an order to release

you fund (2.6 Million) into your ATM Card Account as soon as possible right

now okay. So I hope that you are still alive to receive your inheritance

fund sum of (2.6 Million)?



Thank's

Regards,

MRS.J.ODELL



--00000000000037f527064c46aaa4

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Head Office RUE 84, ABAPKA MISERBO
COTONOU BENIN REPUBL=

IC,
MR KENNEDY UZOKA.ATM CARD PAYMENT MANAGER OF THE OCEANIC,
BANK PL=

C COTONOU BENIN REPUBLIC.

Attention My Dear

This is to offici=

ally inform you that your (ATM Card Number; 4278763100030014) has been accr=

edited in your favor.Your Personal Identification Number is 2900.Your ATM C=

ard Value is $2.6MILLION USD.You are here by please advice to contact the A=

TM card payment managing

Director Mr,Kennedy Uzoka, With Details Bel=

ow: Contact Person: Mr,Kennedy Uzoka Number:cell +234-80-229-962-306 Contac=

t Email: ( oceanicact=

ivationcard707@gmail.com ) Fill the form below and ask Mr,Kennedy Uzoka=

to activate your ATM card on your name and send it to you without any More=

delay again.

FULL NAME:...................
DELIVERY ADDRESS:....=

................
PHONE NUMBER:....................
COUNTRY:..........=

............
OCCUPATION:AND POSITION..........
SEX:..........
AGE:=

...............

Because the Central Bank of Waste African has passed=

an order to release you fund (2.6 Million) into your ATM Card Account as s=

oon as possible right now okay. So I hope that you are still alive to recei=

ve your inheritance fund sum of (2.6 Million)?

Thank's
Regard=

s,
MRS.J.ODELL









--00000000000037f527064c46aaa4--

Nigerian spam from Google Gmail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 05 Mar 2026 06:51:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vy95q-00000000PP6-3U71

for dave@doctor.nl2k.ab.ca;

Thu, 05 Mar 2026 06:50:22 -0700

Resent-From: The Doctor

Resent-Date: Thu, 5 Mar 2026 06:50:22 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pj1-f67.google.com ([209.85.216.67]:59443)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vy8UP-00000000Ns2-03t5

for root@mail.nl2k.ab.ca;

Thu, 05 Mar 2026 06:11:54 -0700

Received: by mail-pj1-f67.google.com with SMTP id 98e67ed59e1d1-3598b95ad7dso3336618a91.2

for ; Thu, 05 Mar 2026 05:10:54 -0800 (PST)

ARC-Seal: i=1; a=rsa-sha256; t=1772716248; cv=none;

d=google.com; s=arc-20240605;

b=Ufe9Pch+4obKNCtzyFR0D3z25yQEXdgZKOvIX5UCBIODjOxg+ibl5jRhyzRhD9c/9a

3GtNCZw+zin8WezClts7gNYoZp/QhU6YxJmfODVuSbv1vd7LLVNV5okyN3UB0l1aBUtw

KsgzsZgRLQSXnGPbCbw2oEFTaVvCxSZhIrwzafeyfiC/jAqeB5CDOKpMAMUxD17xq/nE

sLbnEfwa+N00hm4TNUH7+AM5Ql0Y0/uZMFs3HkFwoOmgRQDOoenHcwj2z9iFTtDXmayy

RAbXyoqp7EWhYTi7B9ntvGLdRY07+Mmv/eaoZ4r01KJYPaWjn2fzhep57ZLMFnHsrx1f

VIsQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=t5Mk9FQvXhd7FhN+q8ouSltWWOnQAmpWfLUiUJxZic4=;

fh=WhMq0isAex+jI/PYg5XqwYOecBiWT3JBwCtZTrHFMM8=;

b=W6LgD6jgeXd1z1qYjZTl8E03yjn6WoRM+CfbkTbQ4VfsdAw8lIbzLqMSbFcJPCsaDr

HfoziazToOii1rn5jket4UIP4zR5tyLI98RcdP7Xu5JoKB3vHu6cgokJiFlh3TnanN1E

ns+2WW9GBJydtKzeK69JOfyiwoU70ilVUY3T/FAArJrCDOf/LnTq5PQWdU/pz0gc8gOC

orCKwj2vFRasNgErxpmvqqQSbBfxgLgc0VYru3eccajz61G6iprfjbTtaqnEThARADsV

wMmhKxyguM+KikT8DvmHkgsKeO1iBRlpCwJrcwNjaNZZ+u4VEz2e/RmnsZF0wybrSLiF

w2ug==;

darn=mail.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=jkw-ac-th.20230601.gappssmtp.com; s=20230601; t=1772716248; x=1773321048; darn=mail.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=t5Mk9FQvXhd7FhN+q8ouSltWWOnQAmpWfLUiUJxZic4=;

b=WI1DrzqU6aOm6UMO2X4MOdj8QZAJYsgON2yY5hDlwBuOBoaI/M1WYqGFxQ4ZsJm4Kz

PCtxOpiyWGGbWuW2/dFPrNwFZD9HMOVL1tLCjAoxFXyc5O4gN/4Pzyx64aqdi1Mmd5ao

wGLq+NtfgXfUnCyfUiHwMy13nHNBYAvyzrlHTxo7zDbNOpowZL2+q1C+qfSj8YIxVXyg

QsGkYQScAGeULZKE4Vqy//Sm97evGXgKuWMegWU0QZ4VUVBRKLklNpTx8vaQI/WekFsy

M57B8ikP3cDTobh/XBWnDI66buxwaMnTZvDVlKhXsazb+yZVzoOBXCA3evQuO3z5PmF6

kF/w==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1772716248; x=1773321048;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=t5Mk9FQvXhd7FhN+q8ouSltWWOnQAmpWfLUiUJxZic4=;

b=GffjtxFgXzhPgQ8eTL5SnYPKVbfmjf/SMAfw9Y923Bs0tpKEyj5mBbMBqsmpGnJI9N

E/tHlPr8P63JIhAkkXf+gYc/YZtOyLQefcgQlP0OlXOcs6SKjn4tmPtuEJCqAMTT8jD1

LuAlps7esQGARuBcseUf2iZidfD/mot4Vu63ZMGzIMFqlrUYrBZeNQml7BD2YdRvced4

xbFMJ4uAxsmrJ0SJiySR5YhPEX31+S6BTJytqbc2a/4iT5ezhgz2OtJs/k5L/3f33jGh

TTU/2yQ1RuvpJMolJt63SKJikYLEYpSIuGCEBjhPBFDCvsz9ONZED7WJ6rPYoUf08XX0

UzPA==

X-Forwarded-Encrypted: i=1; AJvYcCWeKKZaLxjK3EfNhy3y8EKtkg0f3H4Dx24vLDKt5NXdA1+QaCR6NnKWsdPvlMZe9QC0JGx+@mail.nl2k.ab.ca

X-Gm-Message-State: AOJu0YzoLwTofMJNYCPaGW9C3VZOuGhmMW0wS5DLFFLZZPK/vy8gthjM

6FdDdd2XZBrzWD6z7w3S8GFR4K6KCpTc9GdromsCAI7vqBaovh+hstOIBSMLAx2DnfxeyzEVVez

uYqZho/EnNxE606lkk90odme/TKnVoWQZj402Biwo3Q==

X-Gm-Gg: ATEYQzyRKGH8QHSYuxSCitwXA/DdBAdnCC3eNlJ5ui/fqShHc+BOhd2iLWkt9dqxYLy

rfnhY4kVUdr9TbLWgZ5Jd0H29te8fxJkrCP5f79LaUoiAVNtkODcQCo4vEsbus/ynbuK2MBgDEr

mgwIf5SLK9TlgQ2gimoTSVN0xb7d5iwnY/jnEV3vXDn45ccsJDj4oJMLcIG39SuJ5pMWDWd76l2

12r8V7McBnHoHC+YjOHyIzA5FVNYmEaqqOqjZwumTrK9mKvFuM8yCRtjri8Gf8aviSxbcruqCzw

Joce4Mkw5g==

X-Received: by 2002:a17:90b:5109:b0:359:1130:1047 with SMTP id

98e67ed59e1d1-359a6a421b3mr6759962a91.17.1772716247471; Thu, 05 Mar 2026

05:10:47 -0800 (PST)

MIME-Version: 1.0

Reply-To: oceanicactivationcard707@gmail.com

From: "MRS.J.ODELL"

Date: Thu, 5 Mar 2026 05:10:37 -0800

X-Gm-Features: AaiRm51GRJ8agCyfbotYf-Mq2oCvkvRu0VBEP-aZd5XRdWIy1pdMV1xRt9yMCnE

Message-ID:

Subject: YOUR ATM CARD PAYMENT IS AVAILABLE RIGHT NOW

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="00000000000037f527064c46aaa4"

Bcc: root@mail.nl2k.ab.ca

X-Spam_score: 31.1

X-Spam_score_int: 311

X-Spam_bar: +++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Head Office RUE 84, ABAPKA MISERBO COTONOU BENIN REPUBLIC,

MR KENNEDY UZOKA.ATM CARD PAYMENT MANAGER OF THE OCEANIC, BANK PLC COTONOU

BENIN REPUBLIC. Attention My Dear This is to officially inform you that your

(ATM Card Number; 4278763100030014) has been accredited in your favor.Your

Personal Identification Number is 2900.Your ATM Card Value is $2.6MILLION

USD.You [...]

Online training spam from Google Gmail Part 2

Posted by Dave Yadallee on
Mailing-list: list 5mar@appsthinkers.com; contact 5mar+owners@appsthinkers.com

List-ID: <5mar.appsthinkers.com>

X-Spam-Checked-In-Group: 5mar@appsthinkers.com

X-Google-Group-Id: 732452389763

List-Post: ,

List-Help: ,



List-Archive:

List-Subscribe: ,



List-Unsubscribe: ,



X-Spam_score: 5.6

X-Spam_score_int: 56

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi, We’re a tech development company offering custom solutions

across mobile, web, and enterprise platforms. From smart automation to immersive

AR/VR and scalable ERP/CRM systems, we help businesses acr [...]



Content analysis details: (5.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.220.41 listed in will-spam-for-food.eu.org]

[209.85.220.41 listed in will-spam-for-food.eu.org]

[209.85.220.41 listed in will-spam-for-food.eu.org]

[209.85.220.41 listed in will-spam-for-food.eu.org]

[209.85.220.41 listed in will-spam-for-food.eu.org]

[209.85.220.41 listed in will-spam-for-food.eu.org]

[209.85.220.41 listed in will-spam-for-food.eu.org]

[209.85.220.41 listed in will-spam-for-food.eu.org]

[209.85.208.72 listed in will-spam-for-food.eu.org]

[209.85.208.72 listed in will-spam-for-food.eu.org]

[209.85.208.72 listed in will-spam-for-food.eu.org]

[209.85.208.72 listed in will-spam-for-food.eu.org]

[209.85.208.72 listed in will-spam-for-food.eu.org]

[209.85.208.72 listed in will-spam-for-food.eu.org]

[209.85.208.72 listed in will-spam-for-food.eu.org]

[209.85.208.72 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.208.72 listed in dnsbl.ahbl.org]

[209.85.208.72 listed in dnsbl.ahbl.org]

[209.85.208.72 listed in dnsbl.ahbl.org]

[209.85.208.72 listed in dnsbl.ahbl.org]

[209.85.220.41 listed in dnsbl.ahbl.org]

[209.85.220.41 listed in dnsbl.ahbl.org]

[209.85.220.41 listed in dnsbl.ahbl.org]

[209.85.220.41 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.208.72 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.208.72 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.208.72 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.208.72 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.208.72 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[yadhavnishi8(at)gmail.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.72 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list

manager

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} AR/VR Training & Demos Solution...



--000000000000a6d88c064c46a661

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hi,



We=E2=80=99re a tech development company offering custom solutions across m=

obile,

web, and enterprise platforms. From smart automation to immersive AR/VR and

scalable ERP/CRM systems, we help businesses across industries digitize,

grow, and operate more efficiently through powerful, user-focused

applications.



We build apps for:



=E2=80=A2 AI & Automation

=E2=80=A2 AR/VR Training & Demos

=E2=80=A2 ERP & CRM Workflows

=E2=80=A2 Healthcare, Education, Real Estate

=E2=80=A2 Delivery, Restaurant, Retail

=E2=80=A2 Fitness, Events, Finance

=E2=80=A2 Inventory, POS, Chat, Booking



Let me know what you=E2=80=99re working on.





Thanks & Regards Nishi



--000000000000a6d88c064c46a661

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




eight:115%;font-size:11pt;font-family:Calibri,"sans-serif"">Hi,
p>




ize:11pt;font-family:Calibri,"sans-serif"">We=E2=80=99re a tech d=

evelopment company offering custom solutions

across mobile, web, and enterprise platforms. From smart automation to

immersive AR/VR and scalable ERP/CRM systems, we help businesses across

industries digitize, grow, and operate more efficiently through powerful,

user-focused applications.






ize:11pt;font-family:Calibri,"sans-serif"">We build apps for:<=

/b>





=E2=80=A2 AI & Automation


=E2=80=A2 AR/VR Training & Demos


=E2=80=A2 ERP & CRM Workflows


=E2=80=A2 Healthcare, Education, Real Estate


=E2=80=A2 Delivery, Restaurant, Retail


=E2=80=A2 Fitness, Events, Finance


=E2=80=A2 Inventory, POS, Chat, Booking






ize:11pt;font-family:Calibri,"sans-serif"">Let me know what you=

=E2=80=99re working on.






ize:11pt;font-family:Calibri,"sans-serif"">Thanks

&=C2=A0Regards


Nishi






ize:11pt;font-family:Calibri,"sans-serif"">=C2=A0





--000000000000a6d88c064c46a661--

Online training spam from Google Gmail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path: <5mar+bncBCOY3AFKVEFRBHUBU3GQMGQEY7HUL2Y@appsthinkers.com>

Envelope-to: dave@nk.ca

Delivery-date: Thu, 05 Mar 2026 06:13:40 -0700

Received: from mail-ed1-f72.google.com ([209.85.208.72]:52269)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <5mar+bncBCOY3AFKVEFRBHUBU3GQMGQEY7HUL2Y@appsthinkers.com>)

id 1vy8VX-00000000NxE-0Xfg

for dave@nk.ca;

Thu, 05 Mar 2026 06:13:01 -0700

Received: by mail-ed1-f72.google.com with SMTP id 4fb4d7f45d1cf-660a2f72cccsf2929383a12.0

for ; Thu, 05 Mar 2026 05:12:04 -0800 (PST)

ARC-Seal: i=3; a=rsa-sha256; t=1772716317; cv=pass;

d=google.com; s=arc-20240605;

b=OXFS96j2kGvSvPY4LLtt8fgDm2aIVIA33nrjP5TDinp56hAlvBsMG0gC22+hs0zm89

+g08XIInQ7+tpBw5WGTHQiWlXhs/bVtEfW7hLiumAhJhxMki4Z4vbU75pHNdS+Xrrc4Y

nKJfdaPD5nj2WjCC7MorqOJJiFWKLF4pFQY0Zi9kc1E8EUFLCFTHPi7XL/p9Hqaa17qv

A7KxgpHAOWJhEDHrbth2+Qw4FlBE3m7OSA7Za9IixDxS19aX7H8ueCg5NffD2/UrCP3T

7ZOn12hA91ha/mQMMnD8v5hm6dLOhmGaRR1Ary2lYNLMP7PEH9pjwcCQ3E3st2SNOYtp

WYaw==

ARC-Message-Signature: i=3; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post

:list-id:mailing-list:precedence:to:subject:message-id:date:from

:mime-version:dkim-signature;

bh=w1XdZMl4Y2vQo00eThf15iUo7GEwxhedpiYae9uy5dQ=;

fh=t4cCJdl+QxiXKc10U/RaNL9H/o4AURbyN492ZUZvsrk=;

b=Z33vY3vD+Cw8RyeNOXuIXIzDNv5H2MNx0PBRdsCWbAXiunosnJQVv3ZjsE5r3X/SgI

mSrbt7KcSX4s9XzmrUoMZYXbHO0DVulaJrEqYFXRVyZvtBwzF5M1TpOCVn6+Mh8pLSGM

q/poPvCisLaPI85XQn3+bwSDKlj9ZexQoQGhKckS0/XHROBv73tqsvwaLypHTYklyyh9

qBtYiOlZHEvxchSIXupy25d2fDddC8lDFB8ZCZVdFYwDs2cN/8qLf5M6HJLY4r9gEFK0

Lrv2b/SOgFUxjd2FU0IdwXxXDMqp6IkhMLF44WSnr1cGCEoZpGFOgiQphW70FKiD0ILk

ktmg==;

darn=nk.ca

ARC-Authentication-Results: i=3; mx.google.com;

dkim=pass header.i=@gmail.com header.s=20230601 header.b=Erzkzs4W;

arc=pass (i=1);

spf=pass (google.com: domain of yadhavnishi8@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=yadhavnishi8@gmail.com;

dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;

dara=neutral header.i=@appsthinkers.com

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=appsthinkers-com.20230601.gappssmtp.com; s=20230601; t=1772716317; x=1773321117; darn=nk.ca;

h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post

:list-id:mailing-list:precedence:x-original-authentication-results

:x-original-sender:to:subject:message-id:date:from:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=w1XdZMl4Y2vQo00eThf15iUo7GEwxhedpiYae9uy5dQ=;

b=GJ+tz0iSGA1yV2RydhmIhMp4IqWMeXuJxAjS/Ln9mrKt6Q3VOOsO4zPWDawNqQFTLu

dvMxNbaxbsVC2CZnB6PYKGVMXyi7AMLetfOpXgVWkikCGB63Hllhja0jsCvbwlrA460N

/04PgL3iGy4LCIKFvdIQSXQnoTLUU9eDiAikAfcxntrW4bzNLBrF3HhJ/cct8fRZWSCw

jlaEt+wl+B/fu1OCYbbmrsZ86C2AGGzkRyjPWPjucfgSpIPyw/NXK1BndneTsXxkuJTT

ILwI45EqYCAPzn0pDMuB6OEYnXMTGF4m4QDi+tZk121S7CJVlrqPG1IPwBhVkG5sIF6W

RBlg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1772716317; x=1773321117;

h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post

:x-spam-checked-in-group:list-id:mailing-list:precedence

:x-original-authentication-results:x-original-sender:to:subject

:message-id:date:from:mime-version:x-gm-gg:x-beenthere

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=w1XdZMl4Y2vQo00eThf15iUo7GEwxhedpiYae9uy5dQ=;

b=veyeBivWRcF4AJT94x/jhbKbedvk09SPCyplvazDHMhT88R7nm06WcnRQ/CZIT33Zm

N70oSLucUam9UsfkUTlnTcgOha40XZ/QLQ78t4Rez17Rc8jqH4vFPA8oPtS0Sy48abuY

aAxsxIbwbo6wdnfAK+FNXFxl8pHOBVHePPzbLbEDkrtpB+n7cg9Jqg6FvqDnLiwQ61GY

II+eY7YkC4ctpD4l+w73wJd1cvMJdIqFG44k4WETJ3sCZeCgTU4YiCWqdLyBV3xNBPvH

ZXtLmI6882sUyZtmXp33Ssc6NluU58/l9pmSr8rRttJzZnWlZumYFGFhipoYrKfYVdzb

vEKg==

X-Forwarded-Encrypted: i=3; AJvYcCWbP/emVNHb2z0fmVREsZh46LPOTUFw0SaYOICVInV05SbbiUKodjiT7QqJF2TKQinAtoef@nk.ca

X-Gm-Message-State: AOJu0Yyx2WyuZkF4zrvn08jE2THrPuprMAwAbtqIb5prj28Liz6CwNKR

+0zZlwXSDmlzkFvEBKrB5H+QUWqv7tEGSbkYS4RAk5HncosZH2pBmSMoD1+NT12N1gs=

X-Received: by 2002:a05:6402:4304:b0:660:d586:c2f7 with SMTP id 4fb4d7f45d1cf-660ef786876mr3270489a12.4.1772716316857;

Thu, 05 Mar 2026 05:11:56 -0800 (PST)

X-BeenThere: 5mar@appsthinkers.com; h="AV1CL+G7BkdbOVsg+FhN1pkfKOWrxsbnsgdWiKCIEVEUEe72JA=="

Received: by 2002:a05:6402:3889:b0:65a:41f6:7002 with SMTP id

4fb4d7f45d1cf-6612fc8a89als917841a12.2.-pod-prod-05-eu; Thu, 05 Mar 2026

05:09:49 -0800 (PST)

X-Forwarded-Encrypted: i=3; AJvYcCXjjH2LmlVeQPOzTF9ahX4lrPGdJR8ejHhVHPhXFKkrrzkTxGsLNHZGY2wEDcbPcGNENU3n@appsthinkers.com

X-Received: by 2002:a17:907:5cb:b0:b8a:f225:edde with SMTP id a640c23a62f3a-b93f14101d4mr343396366b.45.1772716188678;

Thu, 05 Mar 2026 05:09:48 -0800 (PST)

ARC-Seal: i=2; a=rsa-sha256; t=1772716188; cv=pass;

d=google.com; s=arc-20240605;

b=SRpM4mi2Nvkqp5zHtdCaNmJo0TprrqrFdtvnaxBPYt/d3Un7Q8jWurCQwuxXiqvbSn

dfyHGRIfluka3G/96/TaMv8ZYUwm7oMaJZAft3WGuoHyrakwL8dJ08tUAvuns6JUAjlj

83qLMg0WGMkg4EOXiWj+4/PtlvQWQ8J/Q1x81LhbZ2kUel+bg0bE38mKxpGfoVJRwacM

iHSxJyCMlv2zyt5uU0JVmpq+S5PVya+/EaPesMJkI2kKfGNJHLpbi5po7uQkmU3ACsEh

R12GOgUOqJQlTCetpmMseDvZgLrkNwHaEdaM8WqPwW8jEQWuG7z+yehbS7atO0z6PRwp

X8ew==

ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=w1XdZMl4Y2vQo00eThf15iUo7GEwxhedpiYae9uy5dQ=;

fh=IJk5bYzSO5t0ULnCztC0ulYCF5VeB9hizDGiiOZ/nuo=;

b=WPDZRb391ldzSZY07Jnoej03AJg9ozDKrMXETNf6lt60kTESbH2gNKYoR+6uyrm6wP

hoRwXxgYUB0U6miPekmfP60zKrs1+EZ1VlXoTpRzfsIgPvDTG7aImsTCgsmi3N3LAk9y

m4qDG/cG/gSv6GC3yQVeJyifKSq+V7fQueDagVBskclQov8Q8VMB1x8n2AbXveIJ+YE5

jXTJrP0pA8kFSTodNL2vThkpK8xXt3ooU5tjsc+jpdGtrY/+OqAr7ZPJL61RCsf04jLw

BvYu6KqTze/IYNp3h/jpU+diT/XMc67Kg8TQvBlFUPXKcZvxfqXdAJpE0bIUD+qlmLlb

Izig==;

dara=google.com

ARC-Authentication-Results: i=2; mx.google.com;

dkim=pass header.i=@gmail.com header.s=20230601 header.b=Erzkzs4W;

arc=pass (i=1);

spf=pass (google.com: domain of yadhavnishi8@gmail.com designates 209.85.220.41 as permitted sender) smtp.mailfrom=yadhavnishi8@gmail.com;

dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;

dara=neutral header.i=@appsthinkers.com

Received: from mail-sor-f41.google.com (mail-sor-f41.google.com. [209.85.220.41])

by mx.google.com with SMTPS id a640c23a62f3a-b935a91f0e8sor474529666b.7.2026.03.05.05.09.48

for <5mar@appsthinkers.com>

(Google Transport Security);

Thu, 05 Mar 2026 05:09:48 -0800 (PST)

Received-SPF: pass (google.com: domain of yadhavnishi8@gmail.com designates 209.85.220.41 as permitted sender) client-ip=209.85.220.41;

ARC-Seal: i=1; a=rsa-sha256; t=1772716188; cv=none;

d=google.com; s=arc-20240605;

b=LTz+QfvBxvsZbuwdSYzHzjsoR0zRPbFW42DBla+jF+LfGDcql7ZU7omYndf1iUZxNI

nz15iXgyFzB+9Tb2oZPJUgu3/T6Za9U+OaiJLqG0xUDI66WfMA12HbrFYMNJ7RBxC/u8

mCt+YuH9yUhLYw5pwJJ3DTnUawtF8tmKdyd53iVfuwNPLUPPvp3spuMm6N76ZWkEiuMe

QVqoxXcCANlbcInlVPan66AGv0PAje2a4DOHyoHiYhih4NgsX924RtMN+mG3xl7brAj6

P+7fo7MpxwYHApxMvRbIn2aWKSnOABzas0W3+eW8p10CgCThbRFzM0zmR7pwwPz7/R7o

6T0Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:mime-version:dkim-signature;

bh=w1XdZMl4Y2vQo00eThf15iUo7GEwxhedpiYae9uy5dQ=;

fh=IJk5bYzSO5t0ULnCztC0ulYCF5VeB9hizDGiiOZ/nuo=;

b=CfsU/elniEOBr6QLFiPjwA12BY08NFxsy8Zl+wbaYtRyXlGy9wnhItPCJf1C416SUR

xZXai5cnWTuozaPxR+j8SCsltxNuPQzWB4B3AreSIr2hxX8mmlBg+02gwd9nMU/WWx9H

wkeBbMx6+p8//0UKa6LU4E+E0dOuksYtphqM6UF+IlwLIq2OfeXcMOkuRpEujO+SOfsy

wbxLVc3BKhuKmidf7uSINURxwSjYcjfUWLjF649Rojj+GdLp7W2bFtPirDPYaVpddSyw

Z2DqaVng2r7vM+xfA2AHrmSgruOlnwtlxRCRnKsUyNdvf+d5xQEQLcw0XKiXkN7pvGO/

iXFA==;

darn=appsthinkers.com

ARC-Authentication-Results: i=1; mx.google.com; arc=none

X-Forwarded-Encrypted: i=1; AJvYcCWY9JMSpGjAe/YFIyXi9/zOqxSC/UEuHoF6eyIPQzn6V6NROoONqfj11/0Vd+FpM4Iqzd8s@appsthinkers.com

X-Gm-Gg: ATEYQzxWplriCDk2V+UgB7KSgKNh78eSW0HQIzD9iezlL7Vdz4waNO2f6bPikngMiQT

FlJ2skGDfZ2SR4osFZI8MHRhuJEbDL0BXQK2tgtxMtTSR3T6A7zPDjBtst1apvX7izq/Ws0cQQG

PdEAz2d9dDp6AubYlBucQRjIXnE9nBTDVfwAAFXm3fg6ncCvVMuNaeEfKFYW2QpLcMQ8ptIxmvC

3A1R61GDYEEW/4L1mQ/qFyBuTXMxM8AYVxWuTZ1r7DppxOnycWIvKcqP0u9U+FYaz3lrlqdgyg0

GvbekXfQSgLY3Mt0PUvAHKD5PWKVdMmsxxTzytw=

X-Received: by 2002:a17:907:94c2:b0:b87:2bd6:6bc3 with SMTP id

a640c23a62f3a-b93f156d7c0mr371665466b.61.1772716187636; Thu, 05 Mar 2026

05:09:47 -0800 (PST)

MIME-Version: 1.0

From: nishi yadav

Date: Thu, 5 Mar 2026 18:39:36 +0530

X-Gm-Features: AaiRm50MkKuIdF-dWdCRTrm_Mh3dhhTgw6dlFHwSfg8x3CIBkoxqnq1LH6xaJeU

Message-ID:

Subject: AR/VR Training & Demos Solution...

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000a6d88c064c46a661"

Bcc: 5mar@appsthinkers.com

X-Original-Sender: yadhavnishi8@gmail.com

X-Original-Authentication-Results: mx.google.com; dkim=pass

header.i=@gmail.com header.s=20230601 header.b=Erzkzs4W; arc=pass

(i=1); spf=pass (google.com: domain of yadhavnishi8@gmail.com

designates 209.85.220.41 as permitted sender) smtp.mailfrom=yadhavnishi8@gmail.com;

dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com;

dara=neutral header.i=@appsthinkers.com

Precedence: list

Scotiabank Phish Part 2

Posted by Dave Yadallee on
--1ea0096474420215216603ae4b210a2e5

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: quoted-printable







=09





=C2=A0








style=3D"font-style: inherit; font-variant-ligatures: inherit; font-varian=

t-position: inherit; font-variant-caps: inherit; font-variant-numeric: inhe=

rit; font-variant-alternates: inherit; font-variant-east-asian: inherit; fo=

nt-weight: inherit; font-stretch: inherit; font-size: inherit; line-height:=

inherit; font-family: Arial, sans-serif; font-optical-sizing: inherit; -we=

bkit-font-kerning: inherit; font-feature-settings: inherit; font-variation-=

settings: inherit; margin: 40px auto; border-top-left-radius: 10px; border-=

top-right-radius: 10px; border-bottom-right-radius: 10px; border-bottom-lef=

t-radius: 10px; box-shadow: rgba(0, 0, 0, 0.1) 0px 8px 20px; overflow: hidd=

en; transform: scale(0.751667, 0.751667); transform-origin: left top; backg=

round-position: initial initial; background-repeat: initial initial;" width=

=3D"600">

=09
just: auto;">

=09=09

=09=09=09

=09=09

=09


.6;">

=09=09=09

3D""
"External" data-olk-copy-source=3D"MessageBody" src=3D"https://logos-world.=

net/wp-content/uploads/2021/03/Scotiabank-Emblem.png" style=3D"border: 0px;=

font-family: inherit; font-size: inherit; font-style: inherit; font-varian=

t-caps: inherit; font-weight: inherit; font-stretch: inherit; line-height: =

inherit; margin: 0px; padding: 0px; vertical-align: baseline; color: inheri=

t; width: 150px; height: 84px;" />





=09=09=09

=C2=A0





=09=09=09

Date:=C2=A005 =

mars=C2=A02026





=09=09=09

Reference ID:=

=C2=A0SCB-9472-SEC-2026CA





=09=09=09

Dear Customer,





=09=09=09

We would like to inform you that a secure message containing im=

portant updates regarding your account has been sent to you.





=09=09=09

For your protection, we use secure messaging to promptly notify=

you of any changes or activities related to your account security.





=09=09=09


-linkindex=3D"0" href=3D"https://www.askanadventistfriend.com/wp-includes/c=

a/a/" rel=3D"noopener noreferrer" style=3D"border: 0px; font-style: inherit=

; font-variant-ligatures: inherit; font-variant-position: inherit; font-var=

iant-caps: inherit; font-variant-numeric: inherit; font-variant-alternates:=

inherit; font-variant-east-asian: inherit; font-weight: bold; font-stretch=

: inherit; font-size: inherit; line-height: inherit; font-family: inherit; =

font-optical-sizing: inherit; -webkit-font-kerning: inherit; font-feature-s=

ettings: inherit; font-variation-settings: inherit; margin: 0px; padding: 1=

4px 35px; vertical-align: baseline; background-color: rgb(215, 25, 32); col=

or: rgb(255, 255, 255); text-decoration-line: none; border-top-left-radius:=

6px; border-top-right-radius: 6px; border-bottom-right-radius: 6px; border=

-bottom-left-radius: 6px; display: inline-block;" target=3D"_blank" title=

=3D"https://shorturl.at/pk5M1">View Secure Message





=09=09=09

This secure message contains sensitive information regarding yo=

ur banking account. Please sign in to your online banking portal to review =

the complete details.





=09=09=09

Thank you for choosing our banking =

services.





=09=09=09

=C2=A0



=09=09=09












--1ea0096474420215216603ae4b210a2e5--

Scotiabank Phish Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 05 Mar 2026 06:51:00 -0700

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vy95f-00000000POa-1QTf

for dave@doctor.nl2k.ab.ca;

Thu, 05 Mar 2026 06:50:11 -0700

Resent-From: The Doctor

Resent-Date: Thu, 5 Mar 2026 06:50:11 -0700

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [91.212.52.120] (port=42562 helo=mybeautyshop.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vy8M5-00000000NW0-1Lj0

for sales@nk.ca;

Thu, 05 Mar 2026 06:03:13 -0700

Received: by mybeautyshop.com (Postfix, from userid 1000)

id F06538560635; Thu, 5 Mar 2026 14:00:26 +0100 (CET)

Date: Thu, 5 Mar 2026 14:00:14 +0100

To: sales@nk.ca

From: =?UTF-8?B?U2NvdGlhQmFuay4=?=

Subject: =?UTF-8?B?SW1wb3J0YW50OiBTZWN1cmUgTWVzc2FnZSBSZWdhcmRpbmcgWW91ciBBY2NvdW50ICE=?=

Message-ID: <42554eee45ec228d1ba7264757341471@mybeautyshop.com>

List-Unsubscribe: mailto:bounce851-uq8lba1iDfqT28r@mybeautyshop.com?subject=list-unsubscribe

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="1ea0096474420215216603ae4b210a2e5"

Content-Transfer-Encoding: 8bit

X-Spam_score: 14.4

X-Spam_score_int: 144

X-Spam_bar: ++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Date: 05 mars 2026 Reference ID: SCB-9472-SEC-2026CA



Content analysis details: (14.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[91.212.52.120 listed in will-spam-for-food.eu.org]

[91.212.52.120 listed in will-spam-for-food.eu.org]

[91.212.52.120 listed in will-spam-for-food.eu.org]

[91.212.52.120 listed in will-spam-for-food.eu.org]

[91.212.52.120 listed in will-spam-for-food.eu.org]

[91.212.52.120 listed in will-spam-for-food.eu.org]

[91.212.52.120 listed in will-spam-for-food.eu.org]

[91.212.52.120 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[91.212.52.120 listed in dnsbl.ahbl.org]

[91.212.52.120 listed in dnsbl.ahbl.org]

[91.212.52.120 listed in dnsbl.ahbl.org]

[91.212.52.120 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[91.212.52.120 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[91.212.52.120 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[91.212.52.120 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[91.212.52.120 listed in dnsbl.ahbl.org]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 TVD_PH_SEC BODY: Message includes a phrase commonly used in phishing

mails

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

3.0 URI_WP_DIRINDEX URI for compromised WordPress site, possible malware

0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

1.2 TVD_PH_SUBJ_META1 Email has a Phishy looking subject line

2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible malware

Subject: {SPAM?} =?UTF-8?B?SW1wb3J0YW50OiBTZWN1cmUgTWVzc2FnZSBSZWdhcmRpbmcgWW91ciBBY2NvdW50ICE=?=



This is a multi-part message in MIME format.



--1ea0096474420215216603ae4b210a2e5

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit













Â

















Â



Date: 05 mars 2026



Reference ID:Â SCB-9472-SEC-2026CA



Dear Customer,



We would like to inform you that a secure message containing important updates regarding your account has been sent to you.



For your protection, we use secure messaging to promptly notify you of any changes or activities related to your account security.



View Secure Message



This secure message contains sensitive information regarding your banking account. Please sign in to your online banking portal to review the complete details.



Thank you for choosing our banking services.



Â













Teradata spam from Google Gmail Part 2

Posted by Dave Yadallee on


This is a multipart message in MIME format.



------=_NextPart_000_06B2_01DCACB4.CAD10920

Content-Type: text/plain;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable



Hi,



=EF=BF=BD



Hope you=E2=80=99re doing well.



=EF=BF=BD



Just wanted to check and see if you have received my email and have =

update for me?



=EF=BF=BD



Awaiting for your response.



=EF=BF=BD



Regards,=20



Melissa



=EF=BF=BD



From: melissa.mertz@targetexelist.com =20

Sent: Wednesday, February 25, 2026 4:26 PM

To: 'dave@doctor.nl2k.ab.ca'

Subject: Targeted Teradata Users Info



=EF=BF=BD



Hi,



=EF=BF=BD



Are you interested in the contact information of Teradata Users across =

UK and Europe?



=EF=BF=BD



If interested, let me know your target geography: ___? so that I can get =

back to you with Counts, Pricing and more information.



=EF=BF=BD



Note: We can also provide contacts based on your specific requirements =

from any industry.



=EF=BF=BD



Look forward for your response.



=EF=BF=BD



Regards



Melissa Mertz



Database Coordinator



=EF=BF=BD



"You would prefer not to receive further emails from us, please reply =

with "Leave Out" in the subject line.





------=_NextPart_000_06B2_01DCACB4.CAD10920

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable




xmlns:o=3D"urn:schemas-microsoft-com:office:office" =

xmlns:w=3D"urn:schemas-microsoft-com:office:word" =

xmlns:m=3D"http://schemas.microsoft.com/office/2004/12/omml" =

xmlns=3D"http://www.w3.org/TR/REC-html40">
http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8">
name=3DGenerator content=3D"Microsoft Word 15 (filtered =

medium)">
link=3D"#0563C1" vlink=3D"#954F72">


class=3DMsoNormal>
style=3D'font-size:10.5pt'>Hi,


class=3DMsoNormal>
style=3D'font-size:10.5pt'> 


class=3DMsoNormal>Hope you=E2=80=99re =

doing well.


style=3D'font-size:10.5pt'> 


class=3DMsoNormal>Just wanted to check =

and see if you have received my email and have update for =

me?


style=3D'font-size:10.5pt'> 


class=3DMsoNormal>Awaiting for your =

response.


style=3D'font-size:10.5pt'> 


class=3DMsoNormal>Regards, =


style=3D'font-size:10.5pt'>Melissa


class=3DMsoNormal>
style=3D'font-size:11.0pt'> 


style=3D'border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in =

0in 0in'>


style=3D'font-size:11.0pt;mso-ligatures:none'>From:
style=3D'font-size:11.0pt;mso-ligatures:none'> =

melissa.mertz@targetexelist.com <melissa.mertz@targetexelist.com> =


Sent: Wednesday, February 25, 2026 4:26 PM
To: =

'dave@doctor.nl2k.ab.ca' =

<dave@doctor.nl2k.ab.ca>
Subject: Targeted Teradata =

Users Info


class=3DMsoNormal> 


style=3D'font-size:10.5pt;color:#002060'>Hi,


class=3DMsoNoSpacing>
style=3D'font-size:10.5pt;color:#002060'> 


class=3DMsoNoSpacing>Are =

you interested in the contact information of Teradata Users =

across UK and Europe?


class=3DMsoNoSpacing> 


style=3D'font-size:10.5pt;color:#002060'>If interested, let me know your =

target geography: ___? so that I can get back to you with Counts, =

Pricing and more information.


class=3DMsoNoSpacing> 


class=3DMsoNoSpacing>
style=3D'font-size:10.5pt;color:#002060'>Note:
style=3D'font-size:10.5pt;color:#002060'> We can also provide contacts =

based on your specific requirements from any =

industry.


class=3DMsoNoSpacing> 


style=3D'font-size:10.5pt;color:#002060'>Look forward for your =

response.


class=3DMsoNoSpacing> 


style=3D'font-size:10.5pt;color:#002060'>Regards


class=3Dxmsonormal =

style=3D'margin:0in;margin-bottom:.0001pt;background:white'>
style=3D'font-size:10.5pt;font-family:"MV =

Boli";color:#242424;border:none windowtext 1.0pt;padding:0in'>Melissa =

Mertz
style=3D'font-size:10.5pt;font-family:"Calibri",sans-serif;color:#242424'=

>


style=3D'font-size:10.5pt;color:#ED7D31'>Database =

Coordinator


style=3D'font-size:10.5pt;color:#002060'> 


class=3DMsoNoSpacing>
style=3D'font-size:9.0pt;color:#B4C6E7'>"You would prefer not to =

receive further emails from us, please reply with "Leave Out" =

in the subject line.



------=_NextPart_000_06B2_01DCACB4.CAD10920--



Teradata spam from Google Gmail Part 1

Posted by Dave Yadallee on
X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 05 Mar 2026 03:05:00 -0700

Received: from mail-wr1-f42.google.com ([209.85.221.42]:51572)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vy5ZX-000000007Mq-1Dng

for dave@doctor.nl2k.ab.ca;

Thu, 05 Mar 2026 03:04:57 -0700

Received: by mail-wr1-f42.google.com with SMTP id ffacd0b85a97d-439bcec8613so2929364f8f.3

for ; Thu, 05 Mar 2026 02:04:00 -0800 (PST)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=targetexelist.com; s=google; t=1772705033; x=1773309833; darn=doctor.nl2k.ab.ca;

h=disposition-notification-to:content-language:thread-index

:mime-version:message-id:date:subject:in-reply-to:references:to:from

:return-receipt-to:from:to:cc:subject:date:message-id:reply-to;

bh=o1k3RHbVDp/gYKH652Fll3Sbl9zLjz6QWd8v4w15q3w=;

b=WXR4IncE6ywuXBIC5A9rIgIDuSA1fSPNLRz8rLl8xf2zw7UmZR6/WLBLA1k4DE6XOu

sBuAQXK2gsn8+6A7PoBGbcoK5bIChLYmXV2tDYlWuriMat/75kShqUkC3anJyC0F/1PD

ptk06xGSpkxAq1eATdFuLWtZLunfdnBa4ayjGotz3Z0KDRQeutAmAMs6EM3+irwBrF91

BLx4M9iqI0jEzfGXywz9oSpfm8ZRYBiyHxJBQf6jMWCgZ9+aNf+Fuynn6vkn1rpnxMld

5L8oYWxsTvXS8lG05mtyR+9LLVCU3m7PLRJBAyqxCkAbDWJGBgxASBy2zLesH79gvbhH

nZKg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1772705033; x=1773309833;

h=disposition-notification-to:content-language:thread-index

:mime-version:message-id:date:subject:in-reply-to:references:to:from

:return-receipt-to:x-gm-gg:x-gm-message-state:from:to:cc:subject

:date:message-id:reply-to;

bh=o1k3RHbVDp/gYKH652Fll3Sbl9zLjz6QWd8v4w15q3w=;

b=CioWu6v8xzQqzlTExL87d5h87oa4+M1dSe0/fA/mVNoJwhhxzLg2tKsKo8J7+J2oQz

1Q4z6lCV5YcNq3O1JcgipBrV7R/cV0frc06jRGSdLDtKKH+VQWRV70cZ7VOoSiIp9il3

YlF5XEVOlhVCoMrQ+6xAb1MbPQCSyULmB22MVrPPribD7Kt7xyG754O//jOmkYWNzzkv

ZJ4ZOsEz7tSiY7Ua/lzoyfEQ4AIrOokqBJW/gFtgcF2sn4en9nOSPc9RfoG7TlwjQvBk

X31yupHhaC51caPLQGG8AZxiOQ1aEr1gwUia+i+rRL+ua65V97r2+acnUzoLLWZb4siw

W8qA==

X-Gm-Message-State: AOJu0Yz72AhKTj7dXcyW2Oh8J+g4jA47Z0D2tzfutlFdBzATVW+3RpTh

MyvUHvg1Ii932N/e7/RrVuoq9GXpL5N49Mqv/LMzeX6Mkb+5LfJmLPbt104Rp3cdEzsNf+0VcFB

ECXl1zLTU0g==

X-Gm-Gg: ATEYQzxQfu6uiRKjpenrcitpyXIY8a80LARiyofSGuFxVklB251GhOMh/pT/AVKYpa/

r7ZWHlN0cU5xcM+NF0A/nnNchEG2qcGQ+sx0E424NleV6/9VddY7PlkqDNqrRbveuwiQ4af/iSM

kzHlZW6KcWqsJjUH2p9ruCaR1YLYPJ3ILxXh317dyetlyHzWdRPbYfCvUxteYQdn3hA8C8PWhVv

jgQjrZgjVPj+pIlZZMFtg1JnKIlmELQQndXL1QUULHK8IIkquXaI8IKHhnwbP+TH/vhC3V8Pgk6

YAw2Qlgq5UytrxaePSYMZH61U06TB0Y8TCVMzuv31igzr/PWDNbkis1TQ4LWhieVn9qkbPFONTL

UUwISHxMja9AWwrByd1ap4U9rICI/dF+QpMQZEQoV9bSmo9g+L/bsIZns6073ZGEkqHbQBtgJyx

Ol+D8EmeNdMW9R9CvUXN17ngQXaGt7rbu6SNemIqIn

X-Received: by 2002:a05:6000:4383:b0:439:c2ce:1208 with SMTP id ffacd0b85a97d-439c7f93ba3mr10219233f8f.5.1772705032701;

Thu, 05 Mar 2026 02:03:52 -0800 (PST)

Received: from DESKTOPK42Q2LS ([159.26.112.85])

by smtp.googlemail.com with ESMTPSA id ffacd0b85a97d-439af926c53sm42573877f8f.8.2026.03.05.02.03.51

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Thu, 05 Mar 2026 02:03:52 -0800 (PST)

Return-Receipt-To:

From:

To:

References:

In-Reply-To:

Subject: RE: Targeted Teradata Users Info

Date: Thu, 5 Mar 2026 15:29:00 +0530

Message-ID:

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_06B2_01DCACB4.CAD10920"

X-Mailer: Microsoft Outlook 16.0

Thread-Index: AdymRRdBgtUkBrhBT4av6PXP7fCtbgAAAVxQAAAADcAAAADfwAAAAA3gAAAAEeAAAAANEAAAABCgAAAAEAAAAAAOMAGQY3cQ

Content-Language: en-us

Disposition-Notification-To:

X-Spam_score: 8.8

X-Spam_score_int: 88

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi, � Hope you’re doing well.



Content analysis details: (8.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[159.26.112.85 listed in will-spam-for-food.eu.org]

[159.26.112.85 listed in will-spam-for-food.eu.org]

[159.26.112.85 listed in will-spam-for-food.eu.org]

[159.26.112.85 listed in will-spam-for-food.eu.org]

[159.26.112.85 listed in will-spam-for-food.eu.org]

[159.26.112.85 listed in will-spam-for-food.eu.org]

[159.26.112.85 listed in will-spam-for-food.eu.org]

[159.26.112.85 listed in will-spam-for-food.eu.org]

[209.85.221.42 listed in will-spam-for-food.eu.org]

[209.85.221.42 listed in will-spam-for-food.eu.org]

[209.85.221.42 listed in will-spam-for-food.eu.org]

[209.85.221.42 listed in will-spam-for-food.eu.org]

[209.85.221.42 listed in will-spam-for-food.eu.org]

[209.85.221.42 listed in will-spam-for-food.eu.org]

[209.85.221.42 listed in will-spam-for-food.eu.org]

[209.85.221.42 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.221.42 listed in dnsbl.ahbl.org]

[209.85.221.42 listed in dnsbl.ahbl.org]

[209.85.221.42 listed in dnsbl.ahbl.org]

[209.85.221.42 listed in dnsbl.ahbl.org]

[159.26.112.85 listed in dnsbl.ahbl.org]

[159.26.112.85 listed in dnsbl.ahbl.org]

[159.26.112.85 listed in dnsbl.ahbl.org]

[159.26.112.85 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.221.42 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.221.42 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.221.42 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.221.42 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.221.42 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.42 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.0 MR_DIFF_MID No description available.

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 END_FUTURE_EMAILS Spammy unsubscribe

1.0 REPLYTO_BOGUS In-Reply-To header seems not to be valid

0.0 T_END_FUTURE_EMAILS Spammy unsubscribe

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} RE: Targeted Teradata Users Info