Chinese products spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: daveys=spam@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 13:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9qTU-000000001fG-301r

for daveys=spam@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 13:50:52 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 13:50:52 -0600

Resent-Message-ID:

Resent-To: daveys=spam@doctor.nl2k.ab.ca

Received: from mail-io1-f68.google.com ([209.85.166.68]:42332)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <643@9pz.org>)

id 1v9pXj-00000000LaT-16ka

for root@nk.ca;

Fri, 17 Oct 2025 12:51:22 -0600

Received: by mail-io1-f68.google.com with SMTP id ca18e2360f4ac-93e7ece3025so36164939f.1

for ; Fri, 17 Oct 2025 11:50:23 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=9pz-org.20230601.gappssmtp.com; s=20230601; t=1760727017; x=1761331817; darn=nk.ca;

h=content-transfer-encoding:mime-version:date:subject:to:from

:reply-to:message-id:from:to:cc:subject:date:message-id:reply-to;

bh=tn++BawGJrYpNTI/aOkcCjhUTFBs2Fbz12uAGzqJfxI=;

b=mjrcIipaIUEaaiE2SJ7JGZc8fAxY86NvAkIOr22i/P201fhF9+5YEX+vQ+iTHKFDwy

E8fjkzXHgJnFREp2qSAN9Z1GMk8eUCgtrvV2kgRPpk4jABRZgwWk/ikchFJNvkhrI5lo

0paN2LzfILQ9hakbSqjDxVC56Kth9u9gRcI9kIIWmXjJj09Srp5GPWzQx03KETkLTZqV

xj3lOMuPx4o+xkAme8J85xNbMQwG41RxeGU2mAlF0pL+dw4rvIUHVcRIYKXpe6k+BzRc

+FyA8o8JmcEAPdSOQ1YZ/kX2wCMp7F3Qyw0rea0uYWEKRAZ65j5ytfHLaFJDgXGByndc

xbSw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1760727017; x=1761331817;

h=content-transfer-encoding:mime-version:date:subject:to:from

:reply-to:message-id:x-gm-message-state:from:to:cc:subject:date

:message-id:reply-to;

bh=tn++BawGJrYpNTI/aOkcCjhUTFBs2Fbz12uAGzqJfxI=;

b=s9V6gO3QYoKAuGl/iph2qBqUY8UQAdCiw8sYY4/tDH9kt+rG7v/98ou/gIeWtDSeuF

1r1dHovHlYbDQ2KqeJCwMwhAXJAdbb7GnuVMEyf6/yAl+HEqcOQaEuVm7HvO6lZjxPT7

QTD96Nw1zsxmAetlAsN9kkf/AdwBSs0pvGLZn8V8lm1Q10Z1iDooi3b/emZhTxHuIJvH

NYupIRW6J2VjKRW9xpL8vs/gqHtvCDIHrGQCf+4c0MzvrGLhLsYN1Qn+/aWDahTFVUIJ

S8PY9syFbrvxJB+c02ZjGDx34pvmjqbEO+Ql9e/YEiLg5Sso+kcF+rldxNIBD4DShxxh

7XKQ==

X-Gm-Message-State: AOJu0Yz983QcSjKy8UpB6+vTGIzZG0LXG22lrumBwbzQXe3f8nr9z15c

5BP6g8GfMHB/juklCoLb5M/lcpj8+fiv3X9TFFf3Kp/mrr5PIuhxCmkoqKkXgs9/ji/mMKsPOVt

Huw2HvUE=

X-Gm-Gg: ASbGncvkihnVSMdzRLQ/T0NsJLbxMG1vxIPRqZ5mf6f4TUxgvLEtvCrWXiiiViT22G5

xQA0LJ1MIY68vUE9Q9QScW4tmBc9+Z9Hf1YWJzgPAqwOWhhtpgbODAt7rF9/JCQt3/lxbiaicub

AeuqVwtIbbi8utlVHAw9wu95jMH8yhRg6NgtG0Fy+nnyamPf5m+isMdeaXlTuhprGjGrfQ8ARwS

PsqMvjE50FJtv++QVIhQLrvJVoaX9zJ4Z5tKCSM4VGrCTe/zyjAktski+haSG1wb0h/JfCGi9oR

vzrPkEiP3mRHSaSZ9/LhK76Zd0bBPjI4G4M5Si/Z0PV0yZ19wT9Fg3daV0LqAfS8fhdNronQJf6

FzSRmu2DxIer+6pJAa9u1C5QVsGHs2KsI7tS6PZnR+3IeTHktx4Fe5Znu3tAPXFbniSU4boSJE5

PUtR0FyqDzYJDRotU=

X-Google-Smtp-Source: AGHT+IHQWKuTkqD1XE13GJPD+3BKCyKEOJE4m15+YBWDVNEPKzbOh9Y61SdU0YCEHNcUKGa9lum50w==

X-Received: by 2002:a5d:8d0b:0:b0:8a9:4e94:704 with SMTP id ca18e2360f4ac-93e6a8a3ea7mr1028594339f.3.1760727017012;

Fri, 17 Oct 2025 11:50:17 -0700 (PDT)

Received: from sghq.ru ([183.227.22.176])

by smtp.gmail.com with ESMTPSA id ca18e2360f4ac-93e8663b5c2sm15199639f.7.2025.10.17.11.50.15

for

(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);

Fri, 17 Oct 2025 11:50:16 -0700 (PDT)

Message-ID: <48a5c01f9e4b8b5105091ea91e005f8b@9pz.org>

Reply-To: Bob@cnc-part-makers.top

From: Prudent <643@9pz.org>

To: root

Subject: Re: CNC PRECISION PARTS IN CHINA

Date: Sat, 18 Oct 2025 02:50:18 +0800

X-Priority: 3

X-Mailer: Fofumqi Pyrbq 47.15

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: base64

X-Spam_score: 12.0

X-Spam_score_int: 120

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: root, Dear Sir/ Madam,



Content analysis details: (12.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[183.227.22.176 listed in will-spam-for-food.eu.org]

[183.227.22.176 listed in will-spam-for-food.eu.org]

[183.227.22.176 listed in will-spam-for-food.eu.org]

[183.227.22.176 listed in will-spam-for-food.eu.org]

[183.227.22.176 listed in will-spam-for-food.eu.org]

[183.227.22.176 listed in will-spam-for-food.eu.org]

[183.227.22.176 listed in will-spam-for-food.eu.org]

[183.227.22.176 listed in will-spam-for-food.eu.org]

[209.85.166.68 listed in will-spam-for-food.eu.org]

[209.85.166.68 listed in will-spam-for-food.eu.org]

[209.85.166.68 listed in will-spam-for-food.eu.org]

[209.85.166.68 listed in will-spam-for-food.eu.org]

[209.85.166.68 listed in will-spam-for-food.eu.org]

[209.85.166.68 listed in will-spam-for-food.eu.org]

[209.85.166.68 listed in will-spam-for-food.eu.org]

[209.85.166.68 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.166.68 listed in dnsbl.ahbl.org]

[209.85.166.68 listed in dnsbl.ahbl.org]

[209.85.166.68 listed in dnsbl.ahbl.org]

[209.85.166.68 listed in dnsbl.ahbl.org]

[183.227.22.176 listed in dnsbl.ahbl.org]

[183.227.22.176 listed in dnsbl.ahbl.org]

[183.227.22.176 listed in dnsbl.ahbl.org]

[183.227.22.176 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.166.68 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.166.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.166.68 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.166.68 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.166.68 listed in list.dnswl.org]

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.166.68 listed in wl.mailspike.net]

1.6 SUBJ_ALL_CAPS Subject is all capitals

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 NO_RDNS2 Sending MTA has no reverse DNS

2.5 XM_RANDOM X-Mailer apparently random

Subject: {SPAM?} Re: CNC PRECISION PARTS IN CHINA



PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFuc2l0aW9uYWwv

L0VOIj4NCjxIVE1MIHhtbG5zOm8+PEhFQUQ+DQo8TUVUQSBjb250ZW50PSJ0ZXh0L2h0bWw7IGNo

YXJzZXQ9dXRmLTgiIGh0dHAtZXF1aXY9Q29udGVudC1UeXBlPg0KPE1FVEEgbmFtZT1HRU5FUkFU

T1IgY29udGVudD0iTVNIVE1MIDExLjAwLjEwNTcwLjEwMDEiPjwvSEVBRD4NCjxCT0RZPg0KPFA+

PEZPTlQgY29sb3I9YmxhY2sgZmFjZT1DYWxpYnJpPnJvb3QsPC9GT05UPjwvUD4NCjxQIGNsYXNz

PU1zb05vcm1hbCANCnN0eWxlPSJXSURPV1M6IDE7IE1BUkdJTjogMHB4IDBjbTsgTElORS1IRUlH

SFQ6IG5vcm1hbDsgZm9udC12YXJpYW50LW51bWVyaWM6IG5vcm1hbDsgZm9udC12YXJpYW50LWVh

c3QtYXNpYW46IG5vcm1hbDsgZm9udC1zdHJldGNoOiBub3JtYWwiPjxvOnA+PEZPTlQgDQpjb2xv

cj1ibGFjayBmYWNlPUNhbGlicmk+RGVhciBTaXIvIE1hZGFtLDwvRk9OVD48L286cD48L1A+DQo8

UCBjbGFzcz1Nc29Ob3JtYWwgDQpzdHlsZT0iV0lET1dTOiAxOyBNQVJHSU46IDBweCAwY207IExJ

TkUtSEVJR0hUOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmljOiBub3JtYWw7IGZvbnQtdmFy

aWFudC1lYXN0LWFzaWFuOiBub3JtYWw7IGZvbnQtc3RyZXRjaDogbm9ybWFsIj48bzpwPjwvbzpw

PjxGT05UIA0KY29sb3I9YmxhY2sgZmFjZT1DYWxpYnJpPiZuYnNwOzwvRk9OVD48L1A+DQo8UCBj

bGFzcz1Nc29Ob3JtYWwgDQpzdHlsZT0iV0lET1dTOiAxOyBNQVJHSU46IDBweCAwY207IExJTkUt

SEVJR0hUOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmljOiBub3JtYWw7IGZvbnQtdmFyaWFu

dC1lYXN0LWFzaWFuOiBub3JtYWw7IGZvbnQtc3RyZXRjaDogbm9ybWFsIj48Rk9OVCANCmNvbG9y

PWJsYWNrIGZhY2U9Q2FsaWJyaT5DTkMgUFJFQ0lTSU9OIFBBUlRTIElOIENISU5BPC9GT05UPjwv

UD4NCjxQIGNsYXNzPU1zb05vcm1hbCANCnN0eWxlPSJXSURPV1M6IDE7IE1BUkdJTjogMHB4IDBj

bTsgTElORS1IRUlHSFQ6IG5vcm1hbDsgZm9udC12YXJpYW50LW51bWVyaWM6IG5vcm1hbDsgZm9u

dC12YXJpYW50LWVhc3QtYXNpYW46IG5vcm1hbDsgZm9udC1zdHJldGNoOiBub3JtYWwiPjxGT05U

IA0KY29sb3I9YmxhY2sgZmFjZT1DYWxpYnJpPjwvRk9OVD4mbmJzcDs8L1A+DQo8UCANCnN0eWxl

PSJGT05ULVNJWkU6IDE2cHg7IEZPTlQtRkFNSUxZOiBDYWxpYnJpOyBCQUNLR1JPVU5EOiB3aGl0

ZTsgV0hJVEUtU1BBQ0U6IG5vcm1hbDsgV09SRC1TUEFDSU5HOiAwcHg7IFRFWFQtVFJBTlNGT1JN

OiBub25lOyBGT05ULVdFSUdIVDogNDAwOyBDT0xPUjogcmdiKDAsMCwwKTsgRk9OVC1TVFlMRTog

bm9ybWFsOyBURVhULUFMSUdOOiBsZWZ0OyBPUlBIQU5TOiAyOyBXSURPV1M6IDI7IE1BUkdJTjog

MHB4IDBjbTsgTEVUVEVSLVNQQUNJTkc6IG5vcm1hbDsgVEVYVC1JTkRFTlQ6IDBweDsgZm9udC12

YXJpYW50LWxpZ2F0dXJlczogbm9ybWFsOyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyAtd2Vi

a2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IHRleHQtZGVjb3JhdGlvbi1zdHlsZTogaW5pdGlh

bDsgdGV4dC1kZWNvcmF0aW9uLWNvbG9yOiBpbml0aWFsOyB0ZXh0LWRlY29yYXRpb24tdGhpY2tu

ZXNzOiBpbml0aWFsIiANCmFsaWduPWxlZnQ+PFNQQU4gbGFuZz1FTi1VUyANCnN0eWxlPSJGT05U

LVNJWkU6IDEycHQ7IEJPUkRFUi1UT1A6IHdpbmRvd3RleHQgMXB0OyBCT1JERVItUklHSFQ6IHdp

bmRvd3RleHQgMXB0OyBCT1JERVItQk9UVE9NOiB3aW5kb3d0ZXh0IDFwdDsgQ09MT1I6IGdyZWVu

OyBQQURESU5HLUJPVFRPTTogMGNtOyBQQURESU5HLVRPUDogMGNtOyBQQURESU5HLUxFRlQ6IDBj

bTsgQk9SREVSLUxFRlQ6IHdpbmRvd3RleHQgMXB0OyBQQURESU5HLVJJR0hUOiAwY20iPjxGT05U

IA0KY29sb3I9YmxhY2s+SWYgeW91IGhhdmUgYW55IG5lZWQgZm9yIG91ciBzZXJ2aWNlcyAsPC9G

T05UPjwvU1BBTj48L1A+PEZPTlQgDQpzdHlsZT0iRk9OVC1TSVpFOiAxNnB4OyBXSElURS1TUEFD

RTogbm9ybWFsOyBXT1JELVNQQUNJTkc6IDBweDsgVEVYVC1UUkFOU0ZPUk06IG5vbmU7IEZPTlQt

V0VJR0hUOiA0MDA7IENPTE9SOiByZ2IoMCwwLDApOyBGT05ULVNUWUxFOiBub3JtYWw7IE9SUEhB

TlM6IDI7IFdJRE9XUzogMjsgTEVUVEVSLVNQQUNJTkc6IG5vcm1hbDsgQkFDS0dST1VORC1DT0xP

UjogcmdiKDI1NSwyNTUsMjU1KTsgVEVYVC1JTkRFTlQ6IDBweDsgZm9udC12YXJpYW50LWxpZ2F0

dXJlczogbm9ybWFsOyBmb250LXZhcmlhbnQtY2Fwczogbm9ybWFsOyAtd2Via2l0LXRleHQtc3Ry

b2tlLXdpZHRoOiAwcHg7IHRleHQtZGVjb3JhdGlvbi1zdHlsZTogaW5pdGlhbDsgdGV4dC1kZWNv

cmF0aW9uLWNvbG9yOiBpbml0aWFsOyB0ZXh0LWRlY29yYXRpb24tdGhpY2tuZXNzOiBpbml0aWFs

Ij48L0ZPTlQ+DQo8UCANCnN0eWxlPSJGT05ULVNJWkU6IDE2cHg7IEZPTlQtRkFNSUxZOiBDYWxp

YnJpOyBCQUNLR1JPVU5EOiB3aGl0ZTsgV0hJVEUtU1BBQ0U6IG5vcm1hbDsgV09SRC1TUEFDSU5H

OiAwcHg7IFRFWFQtVFJBTlNGT1JNOiBub25lOyBGT05ULVdFSUdIVDogNDAwOyBDT0xPUjogcmdi

KDAsMCwwKTsgRk9OVC1TVFlMRTogbm9ybWFsOyBURVhULUFMSUdOOiBsZWZ0OyBPUlBIQU5TOiAy

OyBXSURPV1M6IDI7IE1BUkdJTjogMHB4IDBjbTsgTEVUVEVSLVNQQUNJTkc6IG5vcm1hbDsgVEVY

VC1JTkRFTlQ6IDBweDsgZm9udC12YXJpYW50LWxpZ2F0dXJlczogbm9ybWFsOyBmb250LXZhcmlh

bnQtY2Fwczogbm9ybWFsOyAtd2Via2l0LXRleHQtc3Ryb2tlLXdpZHRoOiAwcHg7IHRleHQtZGVj

b3JhdGlvbi1zdHlsZTogaW5pdGlhbDsgdGV4dC1kZWNvcmF0aW9uLWNvbG9yOiBpbml0aWFsOyB0

ZXh0LWRlY29yYXRpb24tdGhpY2tuZXNzOiBpbml0aWFsIiANCmFsaWduPWxlZnQ+PFNQQU4gbGFu

Zz1FTi1VUyANCnN0eWxlPSJGT05ULVNJWkU6IDEycHQ7IEJPUkRFUi1UT1A6IHdpbmRvd3RleHQg

MXB0OyBCT1JERVItUklHSFQ6IHdpbmRvd3RleHQgMXB0OyBCT1JERVItQk9UVE9NOiB3aW5kb3d0

ZXh0IDFwdDsgQ09MT1I6IGdyZWVuOyBQQURESU5HLUJPVFRPTTogMGNtOyBQQURESU5HLVRPUDog

MGNtOyBQQURESU5HLUxFRlQ6IDBjbTsgQk9SREVSLUxFRlQ6IHdpbmRvd3RleHQgMXB0OyBQQURE

SU5HLVJJR0hUOiAwY20iPjxGT05UIA0KY29sb3I9YmxhY2s+cGxlYXNlIHNlbmQgdXMgdGhlIGRy

YXdpbmdzLiBhbmQgd2UgY2FuIHF1b3RlIGl0IGZvciB5b3UuIA0KdGhhbmtzLjwvRk9OVD48L1NQ

QU4+PC9QPg0KPFAgY2xhc3M9TXNvTm9ybWFsIA0Kc3R5bGU9IldJRE9XUzogMTsgTUFSR0lOOiAw

cHggMGNtOyBMSU5FLUhFSUdIVDogbm9ybWFsOyBmb250LXZhcmlhbnQtbnVtZXJpYzogbm9ybWFs

OyBmb250LXZhcmlhbnQtZWFzdC1hc2lhbjogbm9ybWFsOyBmb250LXN0cmV0Y2g6IG5vcm1hbCI+

PG86cD48Rk9OVCANCmNvbG9yPWJsYWNrIGZhY2U9Q2FsaWJyaT4mbmJzcDs8L0ZPTlQ+PC9vOnA+

PC9QPg0KPFAgY2xhc3M9TXNvTm9ybWFsIA0Kc3R5bGU9IldJRE9XUzogMTsgTUFSR0lOOiAwcHgg

MGNtOyBMSU5FLUhFSUdIVDogbm9ybWFsOyBmb250LXZhcmlhbnQtbnVtZXJpYzogbm9ybWFsOyBm

b250LXZhcmlhbnQtZWFzdC1hc2lhbjogbm9ybWFsOyBmb250LXN0cmV0Y2g6IG5vcm1hbCI+PG86

cD48Rk9OVCANCmNvbG9yPWJsYWNrIGZhY2U9Q2FsaWJyaT5XaXRoIG15IGJlc3Qgd2lzaGVzLjwv

Rk9OVD48L286cD48L1A+DQo8UCBjbGFzcz1Nc29Ob3JtYWwgDQpzdHlsZT0iV0lET1dTOiAxOyBN

QVJHSU46IDBweCAwY207IExJTkUtSEVJR0hUOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmlj

OiBub3JtYWw7IGZvbnQtdmFyaWFudC1lYXN0LWFzaWFuOiBub3JtYWw7IGZvbnQtc3RyZXRjaDog

bm9ybWFsIj48bzpwPjxGT05UIA0KZmFjZT1DYWxpYnJpPjwvRk9OVD48L286cD4mbmJzcDs8L1A+

DQo8UCBjbGFzcz1Nc29Ob3JtYWwgDQpzdHlsZT0iV0lET1dTOiAxOyBNQVJHSU46IDBweCAwY207

IExJTkUtSEVJR0hUOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmljOiBub3JtYWw7IGZvbnQt

dmFyaWFudC1lYXN0LWFzaWFuOiBub3JtYWw7IGZvbnQtc3RyZXRjaDogbm9ybWFsIj48bzpwPjwv

bzpwPjxGT05UIA0KY29sb3I9YmxhY2sgZmFjZT1DYWxpYnJpPiZuYnNwOzwvRk9OVD48L1A+DQo8

UCBjbGFzcz1Nc29Ob3JtYWwgDQpzdHlsZT0iV0lET1dTOiAxOyBNQVJHSU46IDBweCAwY207IExJ

TkUtSEVJR0hUOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmljOiBub3JtYWw7IGZvbnQtdmFy

aWFudC1lYXN0LWFzaWFuOiBub3JtYWw7IGZvbnQtc3RyZXRjaDogbm9ybWFsIj48bzpwPjxGT05U

IA0KY29sb3I9YmxhY2sgZmFjZT1DYWxpYnJpPlNhbGVzIE1hbmFnZXI8L0ZPTlQ+PC9vOnA+PC9Q

Pg0KPFAgY2xhc3M9TXNvTm9ybWFsIA0Kc3R5bGU9IldJRE9XUzogMTsgTUFSR0lOOiAwcHggMGNt

OyBMSU5FLUhFSUdIVDogbm9ybWFsOyBmb250LXZhcmlhbnQtbnVtZXJpYzogbm9ybWFsOyBmb250

LXZhcmlhbnQtZWFzdC1hc2lhbjogbm9ybWFsOyBmb250LXN0cmV0Y2g6IG5vcm1hbCI+PG86cD48

Rk9OVCANCmNvbG9yPWJsYWNrIGZhY2U9Q2FsaWJyaT5OYWRpYTwvRk9OVD48L286cD48L1A+DQo8

UCBjbGFzcz1Nc29Ob3JtYWwgDQpzdHlsZT0iV0lET1dTOiAxOyBNQVJHSU46IDBweCAwY207IExJ

TkUtSEVJR0hUOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmljOiBub3JtYWw7IGZvbnQtdmFy

aWFudC1lYXN0LWFzaWFuOiBub3JtYWw7IGZvbnQtc3RyZXRjaDogbm9ybWFsIj48bzpwPjwvbzpw

PjxGT05UIA0KY29sb3I9YmxhY2sgZmFjZT1DYWxpYnJpPiZuYnNwOzwvRk9OVD48L1A+DQo8UCBj

bGFzcz1Nc29Ob3JtYWwgDQpzdHlsZT0iV0lET1dTOiAxOyBNQVJHSU46IDBweCAwY207IExJTkUt

SEVJR0hUOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1lcmljOiBub3JtYWw7IGZvbnQtdmFyaWFu

dC1lYXN0LWFzaWFuOiBub3JtYWw7IGZvbnQtc3RyZXRjaDogbm9ybWFsIj48bzpwPjxGT05UIA0K

Y29sb3I9YmxhY2sgZmFjZT1DYWxpYnJpPjIwMjUtMTAtMTg8L0ZPTlQ+PC9vOnA+PC9QPg0KPFAg

Y2xhc3M9TXNvTm9ybWFsIA0Kc3R5bGU9IldJRE9XUzogMTsgTUFSR0lOOiAwcHggMGNtOyBMSU5F

LUhFSUdIVDogbm9ybWFsOyBmb250LXZhcmlhbnQtbnVtZXJpYzogbm9ybWFsOyBmb250LXZhcmlh

bnQtZWFzdC1hc2lhbjogbm9ybWFsOyBmb250LXN0cmV0Y2g6IG5vcm1hbCI+PG86cD48Rk9OVCAN

CmNvbG9yPWJsYWNrIGZhY2U9Q2FsaWJyaT4wMjo1MDoxODwvRk9OVD48L286cD48L1A+PG86cD48

Rk9OVCBmYWNlPUNhbGlicmk+DQo8UCBjbGFzcz1Nc29Ob3JtYWwgDQpzdHlsZT0iV0lET1dTOiAx

OyBNQVJHSU46IDBweCAwY207IExJTkUtSEVJR0hUOiBub3JtYWw7IGZvbnQtdmFyaWFudC1udW1l

cmljOiBub3JtYWw7IGZvbnQtdmFyaWFudC1lYXN0LWFzaWFuOiBub3JtYWw7IGZvbnQtc3RyZXRj

aDogbm9ybWFsIj48Rk9OVCANCmNvbG9yPWJsYWNrIGZhY2U9Q2FsaWJyaT48bzpwPjEydGgtM3Jk

PC9vOnA+PC9GT05UPjwvUD48L0ZPTlQ+PC9vOnA+DQo8UCBjbGFzcz1Nc29Ob3JtYWwgDQpzdHls

ZT0iV0lET1dTOiAxOyBNQVJHSU46IDBweCAwY207IExJTkUtSEVJR0hUOiBub3JtYWw7IGZvbnQt

dmFyaWFudC1udW1lcmljOiBub3JtYWw7IGZvbnQtdmFyaWFudC1lYXN0LWFzaWFuOiBub3JtYWw7

IGZvbnQtc3RyZXRjaDogbm9ybWFsIj48bzpwPjxGT05UIA0KY29sb3I9YmxhY2sgZmFjZT1DYWxp

YnJpPjwvRk9OVD48L286cD4mbmJzcDs8L1A+PC9CT0RZPjwvSFRNTD4NCg==

Chinese products spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 13:51:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9qTb-000000002Dv-3T2H

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 13:50:59 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 13:50:59 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-il1-f195.google.com ([209.85.166.195]:42121)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <1427@9pz.org>)

id 1v9pph-00000000Mnf-41zG

for doctor@nl2k.ab.ca;

Fri, 17 Oct 2025 13:09:58 -0600

Received: by mail-il1-f195.google.com with SMTP id e9e14a558f8ab-430d0d37fd7so800245ab.0

for ; Fri, 17 Oct 2025 12:08:58 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=9pz-org.20230601.gappssmtp.com; s=20230601; t=1760728132; x=1761332932; darn=nl2k.ab.ca;

h=content-transfer-encoding:mime-version:date:subject:to:from

:reply-to:message-id:from:to:cc:subject:date:message-id:reply-to;

bh=1hJawPAP8NnDQZZVjgErKE78uGPgnFT+3EushSAtX3o=;

b=vOB+STZ04NJGqusn8P9mGXWTEtKdgcqSO8Hgr1vbZBNLTjmjUikvYqaUnDrpkrDr8O

d5SXjINxLA4b6BF4Xmi+ZeQT/d75eOkSAG29gEud5R1pz98WuS0bFN8ObKobqfFtxLxh

QO6ssfJx0dC58aKhjxQF0+2yY5LwutuGBim5QXkPU94dURia3ErWJC24PLzJ6WpBD01X

5+V9K2XjXAs4am9N7ZHvqvw7z/tuWKXU1zC7UgBMLqjiOQEuTs1+Nl/FkIzCeVdl9drI

Q7v8Jok0ryaaDy4h8/wytQOhttJqZV3dFLvxk1jv/SWI4Nz0wQZcR5yL3+UdX/W/u6N4

PvQQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1760728132; x=1761332932;

h=content-transfer-encoding:mime-version:date:subject:to:from

:reply-to:message-id:x-gm-message-state:from:to:cc:subject:date

:message-id:reply-to;

bh=1hJawPAP8NnDQZZVjgErKE78uGPgnFT+3EushSAtX3o=;

b=COBjOtCxF5MIy+X9R0M3w6TYQiL4zpQXpd6ts1XE8sKZeVr7RvvCU2MOmkplNV70wN

7Rbe0iJJu+TbpLoFh8c+E32TH3589SYRxaRV8gwBwZpToUMQ0OLlaf5/L9TyWL3jgP9U

Sl/JjWbZ10xZLqt+Qz0BhortvCr7AnB8FmXBtKi+TZg1G1FXiFaCgDb7VS7fkV+fxljN

7BtWncRCCoyaiPyqhyVlbPFGFX9MgMt1DO07sMNxd4iC1WuEjgTj8jnETOME8CWFQoJa

yo3YDM3HEUmxzbObJr+f2iPHMNRCmWeOqa5d2/crM8PNcGOxYecHeNpx/vjeTw6cJqX0

gyDA==

X-Gm-Message-State: AOJu0YwBymk1ImXCX+HJuGg1RYawQgjiR1x20AXwJ5twzJZMX1IynTWz

WywhIFV1h6PH0z/TQB/VfCx2yDI29POQWBdav+fGj6ErRHbSz+lPGSFHEaYUbmBHA81+HM8sfhG

cFGOFG34=

X-Gm-Gg: ASbGncvkBbijiCqsRx1j9kC8EnqHLg2f7CE3OOEKhaxf1GI176fWaw3EDra0Igs1T+S

laYOG3TW6Q6Ju5eDwnjQzvrk6AJgwkLB6lBcEglvUiBKlNDlIQDSON1A8K/DL8bNTulI8i2fjQk

aN3D1sw1TphrcAP2lAdI0P7IBR++9ESjvWbhnwU5Rz84ndngDelj13OEF3uAOmqANv56kW2iHxS

2D0qxDG/cjIwpaw5zCebOMh2uRy5JkLezaJpkrT7IlzuzuOF5hIEu5hHvQiJLChCP6epD9ZdkIN

nHmt7WnHUXv6Ri5lbTnVJXvQ3cmsmbCFihs2IynPo8TvFFIHIE3C4Z3lbbJWwm7Ain9zy8U449D

ic5F1rH3EVRQpNmY6r4Nzjlqy8BoxMOvfGlec8Ma9AqwostMjcElFcJWI1p/Z2rV+vpxKZxb7Jj

nSvRma7w==

X-Google-Smtp-Source: AGHT+IHlq0bfBPsLQbeeVdlXCnlWqrO+mlg7yyAJqxP9jE+4OnyPVQWUDa212hQTZ8Ct58vBAsC7Rw==

X-Received: by 2002:a05:6e02:2163:b0:42f:9353:c798 with SMTP id e9e14a558f8ab-430b3ff78f2mr144901735ab.3.1760728131789;

Fri, 17 Oct 2025 12:08:51 -0700 (PDT)

Received: from urjf.it ([183.227.22.176])

by smtp.gmail.com with ESMTPSA id e9e14a558f8ab-430d07a874csm2233305ab.19.2025.10.17.12.08.49

for

(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);

Fri, 17 Oct 2025 12:08:51 -0700 (PDT)

Message-ID:

Reply-To: Antony@packing-bags.top

From: Wealthy <1427@9pz.org>

To: doctor

Subject: Re: We make packing bags in China

Date: Sat, 18 Oct 2025 03:08:52 +0800

X-Priority: 3

X-Mailer: Jxulypjcd Ikgjdbi 7.9

MIME-Version: 1.0

Content-Type: text/html;

charset="utf-8"

Content-Transfer-Encoding: quoted-printable



=0D=0A
mlns:o>=0D=0A
=3DContent-Type>=0D=0A
1001">=0D=0A=0D=0A

doctor=

,

=0D=0A


x 0cm; LINE-HEIGHT: normal; font-variant-numeric: normal; font-variant-east=

-asian: normal; font-stretch: normal">
=3DCalibri>How are you getting along these days?

=0D=0A


lass=3DMsoNormal =0D=0Astyle=3D"WIDOWS: 1; MARGIN: 0px 0cm; LINE-HEIGHT: no=

rmal; font-variant-numeric: normal; font-variant-east-asian: normal; font-s=

tretch: normal">
=0D=0Astyle=3D"FONT-SIZE: 12pt; COLOR: black; mso-bidi-font-family: =E5=AE=

=8B=E4=BD=93; mso-font-kerning: 0pt"> 

=0D=0A


lass=3DMsoNormal =0D=0Astyle=3D"BACKGROUND: white; TEXT-ALIGN: left; MARGIN=

: 0cm 0cm 0pt; mso-line-height-alt: 6.1pt; mso-pagination: widow-orphan" =

=0D=0Aalign=3Dleft>
RDER-TOP: windowtext 1pt; BORDER-RIGHT: windowtext 1pt; BORDER-BOTTOM: wind=

owtext 1pt; COLOR: black; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LE=

FT: 0cm; BORDER-LEFT: windowtext 1pt; PADDING-RIGHT: 0cm; mso-bidi-font-fam=

ily: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt; mso-border-alt: none window=

text 0cm">We =0D=0Amake packing bags in China.
=0D=0Astyle=3D"FONT-SIZE: 12pt; COLOR: black; mso-bidi-font-family: =E5=AE=

=8B=E4=BD=93; mso-font-kerning: 0pt">

=0D=0A


=3DMsoNormal =0D=0Astyle=3D"BACKGROUND: white; TEXT-ALIGN: left; MARGIN: 0c=

m 0cm 0pt; mso-line-height-alt: 6.1pt; mso-pagination: widow-orphan" =0D=0A=

align=3Dleft>
windowtext 1pt; BORDER-RIGHT: windowtext 1pt; BORDER-BOTTOM: windowtext 1p=

t; COLOR: black; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 0cm; =

BORDER-LEFT: windowtext 1pt; PADDING-RIGHT: 0cm; mso-bidi-font-family: =E5=

=AE=8B=E4=BD=93; mso-font-kerning: 0pt; mso-border-alt: none windowtext 0cm=

">Such =0D=0Aas :
COLOR: black; mso-bidi-font-family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0=

pt">

=0D=0A


UND: white; TEXT-ALIGN: left; MARGIN: 0cm 0cm 0pt; mso-line-height-alt: 6.1=

pt; mso-pagination: widow-orphan" =0D=0Aalign=3Dleft>
=0Astyle=3D"FONT-SIZE: 12pt; BORDER-TOP: windowtext 1pt; BORDER-RIGHT: wind=

owtext 1pt; BORDER-BOTTOM: windowtext 1pt; COLOR: black; PADDING-BOTTOM: 0c=

m; PADDING-TOP: 0cm; PADDING-LEFT: 0cm; BORDER-LEFT: windowtext 1pt; PADDIN=

G-RIGHT: 0cm; mso-bidi-font-family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0=

pt; mso-border-alt: none windowtext 0cm">Paper =0D=0Abag,
=3DEN-US =0D=0Astyle=3D"FONT-SIZE: 12pt; COLOR: black; mso-bidi-font-family=

: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt">

=0D=0A
class=3DMsoNormal =0D=0Astyle=3D"BACKGROUND: white; TEXT-ALIGN: left; MARG=

IN: 0cm 0cm 0pt; mso-line-height-alt: 6.1pt; mso-pagination: widow-orphan" =

=0D=0Aalign=3Dleft>
R-TOP: windowtext 1pt; BORDER-RIGHT: windowtext 1pt; BORDER-BOTTOM: windowt=

ext 1pt; COLOR: black; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT:=

0cm; BORDER-LEFT: windowtext 1pt; PADDING-RIGHT: 0cm; mso-bidi-font-family=

: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt; mso-border-alt: none windowtex=

t 0cm">Coffee =0D=0Abag,
12pt; COLOR: black; mso-bidi-font-family: =E5=AE=8B=E4=BD=93; mso-font-ker=

ning: 0pt">

=0D=0A


BACKGROUND: white; TEXT-ALIGN: left; MARGIN: 0cm 0cm 0pt; mso-line-height-a=

lt: 6.1pt; mso-pagination: widow-orphan" =0D=0Aalign=3Dleft>
-US =0D=0Astyle=3D"FONT-SIZE: 12pt; COLOR: black; mso-bidi-font-family: =E5=

=AE=8B=E4=BD=93; mso-font-kerning: 0pt">Pet =0D=0Afood bag,
N>

=0D=0A


GN: left; MARGIN: 0cm 0cm 0pt; mso-line-height-alt: 6.1pt; mso-pagination: =

widow-orphan" =0D=0Aalign=3Dleft>
E: 12pt; BORDER-TOP: windowtext 1pt; BORDER-RIGHT: windowtext 1pt; BORDER-B=

OTTOM: windowtext 1pt; COLOR: black; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm;=

PADDING-LEFT: 0cm; BORDER-LEFT: windowtext 1pt; PADDING-RIGHT: 0cm; mso-bi=

di-font-family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt; mso-border-alt: =

none windowtext 0cm">Breast =0D=0Amilk bag, 
=0D=0Astyle=3D"FONT-SIZE: 12pt; COLOR: black; mso-bidi-font-family: =E5=AE=

=8B=E4=BD=93; mso-font-kerning: 0pt">

=0D=0A


=3DMsoNormal =0D=0Astyle=3D"BACKGROUND: white; TEXT-ALIGN: left; MARGIN: 0c=

m 0cm 0pt; mso-line-height-alt: 6.1pt; mso-pagination: widow-orphan" =0D=0A=

align=3Dleft>
windowtext 1pt; BORDER-RIGHT: windowtext 1pt; BORDER-BOTTOM: windowtext 1p=

t; COLOR: black; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 0cm; =

BORDER-LEFT: windowtext 1pt; PADDING-RIGHT: 0cm; mso-bidi-font-family: =E5=

=AE=8B=E4=BD=93; mso-font-kerning: 0pt; mso-border-alt: none windowtext 0cm=

">Spout =0D=0Apouch bag, 
-SIZE: 12pt; COLOR: black; mso-bidi-font-family: =E5=AE=8B=E4=BD=93; mso-fo=

nt-kerning: 0pt">

=0D=0A


le=3D"BACKGROUND: white; TEXT-ALIGN: left; MARGIN: 0cm 0cm 0pt; mso-line-he=

ight-alt: 6.1pt; mso-pagination: widow-orphan" =0D=0Aalign=3Dleft>
g=3DEN-US =0D=0Astyle=3D"FONT-SIZE: 12pt; BORDER-TOP: windowtext 1pt; BORDE=

R-RIGHT: windowtext 1pt; BORDER-BOTTOM: windowtext 1pt; COLOR: black; PADDI=

NG-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 0cm; BORDER-LEFT: windowtex=

t 1pt; PADDING-RIGHT: 0cm; mso-bidi-font-family: =E5=AE=8B=E4=BD=93; mso-fo=

nt-kerning: 0pt; mso-border-alt: none windowtext 0cm">PP/PE/PET/ALU =0D=0Ab=

ag,
mso-bidi-font-family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt">
>

=0D=0A


XT-ALIGN: left; MARGIN: 0cm 0cm 0pt; mso-line-height-alt: 6.1pt; mso-pagina=

tion: widow-orphan" =0D=0Aalign=3Dleft>
NT-SIZE: 12pt; BORDER-TOP: windowtext 1pt; BORDER-RIGHT: windowtext 1pt; BO=

RDER-BOTTOM: windowtext 1pt; COLOR: black; PADDING-BOTTOM: 0cm; PADDING-TOP=

: 0cm; PADDING-LEFT: 0cm; BORDER-LEFT: windowtext 1pt; PADDING-RIGHT: 0cm; =

mso-bidi-font-family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt; mso-border=

-alt: none windowtext 0cm">Standup =0D=0AZipper Pouch bag, 
N lang=3DEN-US =0D=0Astyle=3D"FONT-SIZE: 12pt; COLOR: black; mso-bidi-font-=

family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt">

=

=0D=0A


ft; MARGIN: 0cm 0cm 0pt; mso-line-height-alt: 6.1pt; mso-pagination: widow-=

orphan" =0D=0Aalign=3Dleft>
t; BORDER-TOP: windowtext 1pt; BORDER-RIGHT: windowtext 1pt; BORDER-BOTTOM:=

windowtext 1pt; COLOR: black; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDI=

NG-LEFT: 0cm; BORDER-LEFT: windowtext 1pt; PADDING-RIGHT: 0cm; mso-bidi-fon=

t-family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt; mso-border-alt: none w=

indowtext 0cm">Side =0D=0AGusset bag, 
style=3D"FONT-SIZE: 12pt; COLOR: black; mso-bidi-font-family: =E5=AE=8B=E4=

=BD=93; mso-font-kerning: 0pt">

=0D=0A


rmal =0D=0Astyle=3D"BACKGROUND: white; TEXT-ALIGN: left; MARGIN: 0cm 0cm 0p=

t; mso-line-height-alt: 6.1pt; mso-pagination: widow-orphan" =0D=0Aalign=3D=

left>
ext 1pt; BORDER-RIGHT: windowtext 1pt; BORDER-BOTTOM: windowtext 1pt; COLOR=

: black; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 0cm; BORDER-L=

EFT: windowtext 1pt; PADDING-RIGHT: 0cm; mso-bidi-font-family: =E5=AE=8B=E4=

=BD=93; mso-font-kerning: 0pt; mso-border-alt: none windowtext 0cm">Rice =

=0D=0Abag,
black; mso-bidi-font-family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt">
p>

=0D=0A


ite; TEXT-ALIGN: left; MARGIN: 0cm 0cm 0pt; mso-line-height-alt: 6.1pt; mso=

-pagination: widow-orphan" =0D=0Aalign=3Dleft>
e=3D"FONT-SIZE: 12pt; BORDER-TOP: windowtext 1pt; BORDER-RIGHT: windowtext =

1pt; BORDER-BOTTOM: windowtext 1pt; COLOR: black; PADDING-BOTTOM: 0cm; PADD=

ING-TOP: 0cm; PADDING-LEFT: 0cm; BORDER-LEFT: windowtext 1pt; PADDING-RIGHT=

: 0cm; mso-bidi-font-family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt; mso=

-border-alt: none windowtext 0cm">Degradation =0D=0Abag, 
lang=3DEN-US =0D=0Astyle=3D"FONT-SIZE: 12pt; COLOR: black; mso-bidi-font-fa=

mily: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt">

=0D=

=0A


MARGIN: 0cm 0cm 0pt; mso-line-height-alt: 6.1pt; mso-pagination: widow-orp=

han" =0D=0Aalign=3Dleft>
COLOR: black; mso-bidi-font-family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0=

pt">Recyclable =0D=0Abag ,

=0D=0A


=0D=0Astyle=3D"BACKGROUND: white; TEXT-ALIGN: left; MARGIN: 0cm 0cm 0pt; ms=

o-line-height-alt: 6.1pt; mso-pagination: widow-orphan" =0D=0Aalign=3Dleft>=


ont-family: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt">Canvas =0D=0Abag, cl=

oth bag, PP woven bag, non-fabric bags etc...

=0D=0A
class=3DMsoNormal =0D=0Astyle=3D"BACKGROUND: white; TEXT-ALIGN: left; MARG=

IN: 0cm 0cm 0pt; mso-line-height-alt: 6.1pt; mso-pagination: widow-orphan" =

=0D=0Aalign=3Dleft>
R-TOP: windowtext 1pt; BORDER-RIGHT: windowtext 1pt; BORDER-BOTTOM: windowt=

ext 1pt; COLOR: black; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT:=

0cm; BORDER-LEFT: windowtext 1pt; PADDING-RIGHT: 0cm; mso-bidi-font-family=

: =E5=AE=8B=E4=BD=93; mso-font-kerning: 0pt; mso-border-alt: none windowtex=

t 0cm">


e=3D"mso-special-character: line-break">
le=3D"FONT-SIZE: 12pt; COLOR: black; mso-bidi-font-family: =E5=AE=8B=E4=BD=

=93; mso-font-kerning: 0pt">

=0D=0A


l =0D=0Astyle=3D"BACKGROUND: white; TEXT-ALIGN: left; MARGIN: 0cm 0cm 0pt; =

mso-line-height-alt: 6.1pt; mso-pagination: widow-orphan" =0D=0Aalign=3Dlef=

t>
1pt; BORDER-RIGHT: windowtext 1pt; BORDER-BOTTOM: windowtext 1pt; COLOR: b=

lack; PADDING-BOTTOM: 0cm; PADDING-TOP: 0cm; PADDING-LEFT: 0cm; BORDER-LEFT=

: windowtext 1pt; PADDING-RIGHT: 0cm; mso-bidi-font-family: =E5=AE=8B=E4=BD=

=93; mso-font-kerning: 0pt; mso-border-alt: none windowtext 0cm">If =0D=0Ay=

ou buy those bags. please contact me. thanks.
=0Astyle=3D"FONT-SIZE: 12pt; COLOR: black; mso-bidi-font-family: =E5=AE=8B=

=E4=BD=93; mso-font-kerning: 0pt">

=0D=0A


oNormal =0D=0Astyle=3D"WIDOWS: 1; MARGIN: 0px 0cm; LINE-HEIGHT: normal; fon=

t-variant-numeric: normal; font-variant-east-asian: normal; font-stretch: n=

ormal"> 

=0D=0A


; MARGIN: 0px 0cm; LINE-HEIGHT: normal; font-variant-numeric: normal; font-=

variant-east-asian: normal; font-stretch: normal">
black face=3DCalibri> 

=0D=0A


=0Astyle=3D"WIDOWS: 1; MARGIN: 0px 0cm; LINE-HEIGHT: normal; font-variant-n=

umeric: normal; font-variant-east-asian: normal; font-stretch: normal">
>thanks in advance.
P>=0D=0A


E-HEIGHT: normal; font-variant-numeric: normal; font-variant-east-asian: no=

rmal; font-stretch: normal">&n=

bsp;

=0D=0A


m; LINE-HEIGHT: normal; font-variant-numeric: normal; font-variant-east-asi=

an: normal; font-stretch: normal">
=3DCalibri> 

=0D=0A


S: 1; MARGIN: 0px 0cm; LINE-HEIGHT: normal; font-variant-numeric: normal; f=

ont-variant-east-asian: normal; font-stretch: normal">
r=3Dblack face=3DCalibri>export

=0D=0A


=0D=0Astyle=3D"WIDOWS: 1; MARGIN: 0px 0cm; LINE-HEIGHT: normal; font-varian=

t-numeric: normal; font-variant-east-asian: normal; font-stretch: normal"><=

o:p>Willette

=0D=

=0A


GHT: normal; font-variant-numeric: normal; font-variant-east-asian: normal;=

font-stretch: normal">=

 

=0D=0A


N: 0px 0cm; LINE-HEIGHT: normal; font-variant-numeric: normal; font-variant=

-east-asian: normal; font-stretch: normal">
ace=3DCalibri>2025-10-18

=0D=0A


tyle=3D"WIDOWS: 1; MARGIN: 0px 0cm; LINE-HEIGHT: normal; font-variant-numer=

ic: normal; font-variant-east-asian: normal; font-stretch: normal">
NT =0D=0Acolor=3Dblack face=3DCalibri>03:08:52

=0D=0A


ss=3DMsoNormal =0D=0Astyle=3D"WIDOWS: 1; MARGIN: 0px 0cm; LINE-HEIGHT: norm=

al; font-variant-numeric: normal; font-variant-east-asian: normal; font-str=

etch: normal">
FONT-FAMILY: "Times New Roman","serif"; COLOR: black; mso-font-kerning: 0p=

t'>TZ

=0D=0A


oNormal =0D=0Astyle=3D"WIDOWS: 1; MARGIN: 0px 0cm; LINE-HEIGHT: normal; fon=

t-variant-numeric: normal; font-variant-east-asian: normal; font-stretch: n=

ormal"> 
>=0D=0A

Virtual Assistant offer spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 10:24:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9nEX-00000000JfB-2lJA

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 10:23:13 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 10:23:13 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-io1-f71.google.com ([209.85.166.71]:61903)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <3c1zyaA8JBEQ2grqpkttolkxC69msgor.iusxuuztq.ig@maestro.bounces.google.com>)

id 1v9m7D-00000000HOE-0TBz

for root@nk.ca;

Fri, 17 Oct 2025 09:11:43 -0600

Received: by mail-io1-f71.google.com with SMTP id ca18e2360f4ac-93e6d18235fso201992939f.3

for ; Fri, 17 Oct 2025 08:10:49 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1760713843; x=1761318643; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=EA4/t/SA4MeypFx8hsTDy5glGHgtDJwnzh2DwcwLKgM=;

b=hKMdF7vV9gaeXuGPVP5Wzb97wrDeA1T25Q/9gVZTluQyR8VLHyC4TZrfh33jG22p7U

84kIdcb0NLHDo/4GbQeQq4aaIzpyhTrQ/LoFZCyEph9+lL9HfF9CPQy/awq9T47j4arb

BNlG7ScWV67bzCYVQW2NP0k1K24lWt5aUqYvkbyJOxZ06gTgNll7L9Np2vq91lFfgOu/

O4QU2IfDrC8Xxq/U3AfIQj2lh7tg9ep7XMCrLVTQQFcT3kF/jqjdeYzZkoq5tgL8WMpg

K7KCsLrew+VHMSq3oE+x7rLUTIiSdobBfGlhwO1YyBeHXXlDWPRD9bybS9WB/v/dI1Gj

q0FQ==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1760713843; x=1761318643;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=EA4/t/SA4MeypFx8hsTDy5glGHgtDJwnzh2DwcwLKgM=;

b=oiQDmygtml1toz3suy7H1LQbIlqQu765ODuR6yxSLUM0rJdQVeiFJFXQQe5a9AG7hy

Uy5xEHtBp1xgBBFW+kDX8EEByBBemf7xoXFi5wvtre5xXKlw4xuWlmHUR8SkKf0gnwY5

YRFYeP4s0NGgYAnjeTAsTudXL3qBZo2Un+1nFBH4GCqTsSMdovfCRFHQb/zQfm3mJV4Z

dxIHupjY7QhzOhaS+mMQIbK7fAl+thcWcW1rEvJ895SHzhN4+TmC9wc8xxqD2db6SYnp

a0pgn+7NUZkZYL8c7R5WvErhucy6a8V903aFNLElmj1E6JZIGOd+VrjaFkOqPLEgx9mB

gYMw==

X-Gm-Message-State: AOJu0YzF8PlF4/dinr1JGtEAugFm3xlnBJrxqPdFCj7ZRtfJ2441GCLB

xsrDJJZT89BB6MvGN7Nk7O57XPHwOEZLOC9fwqptLVIkgAm9Nm8wwPc0c5qRBoZ/eQw5SuQTptB

NEJk=

X-Google-Smtp-Source: AGHT+IHSEnWLseBKX+oGxwlAmqimRW8LiO/JXU1d114rg5Ln7+ZIzbnj7UuOoRxK8sVGW1afg9KVbUKw1g==

MIME-Version: 1.0

X-Received: by 2002:a05:6e02:1565:b0:430:b59b:5f2b with SMTP id

e9e14a558f8ab-430c5268fd7mr50430285ab.16.1760713843361; Fri, 17 Oct 2025

08:10:43 -0700 (PDT)

Message-ID:

Date: Fri, 17 Oct 2025 15:10:43 +0000

Subject: Streamline your workflow at [https://nk.ca]

From: walkjennifer603@gmail.com

To: root@nk.ca

Content-Type: multipart/alternative; boundary="0000000000002f4cde06415c23c0"



--0000000000002f4cde06415c23c0

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64



SGkgW3Jvb3RAbmsuY2FdLA0KDQpJIGNoZWNrZWQgb3V0IFtodHRwczovL25rLmNhXSDigJQgcmVh

bGx5IGltcHJlc3NpdmUhDQpNYW55IFVTIGJ1c2luZXNzZXMgbGlrZSB5b3VycyBzYXZlIGhvdXJz

IHdlZWtseSB3aXRoIG91ciBWaXJ0dWFsIEFzc2lzdGFudCAgDQp0ZWFtIGhhbmRsaW5nOg0KDQpJ

bmJveCAmIGNhbGVuZGFyIHNjaGVkdWxpbmcNCg0KU29jaWFsIG1lZGlhIG1hbmFnZW1lbnQNCg0K

QWNjb3VudGluZyAmIGJvb2trZWVwaW5nDQoNCkxlZ2FsIG9yIGFkbWluIHN1cHBvcnQNCg0KV291

bGQgeW91IGJlIG9wZW4gdG8gYSAxMC1taW51dGUgZGlzY292ZXJ5IGNhbGwgdGhpcyB3ZWVrIHRv

IHNlZSBob3cgd2UgIA0KY291bGQgaGVscCBbaHR0cHM6Ly9uay5jYV0gcnVuIHNtb290aGVyPw0K

DQpCZXN0IHJlZ2FyZHMsDQoNCkplbm5pZmVyIFdhbGsNCg==

--0000000000002f4cde06415c23c0

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hi [root@nk.ca],

I checked out [https://nk.ca] =E2=80=94 really impr=

essive!
Many U.S. businesses like yours save hours weekly with our Virtu=

al Assistant team handling:

Inbox & calendar scheduling

Socia=

l media management

Accounting & bookkeeping

Legal or admin su=

pport

Would you be open to a 10-minute discovery call this week to s=

ee how we could help [https://nk.ca] run smoother?

Best regards,
=


Jennifer Walk

--0000000000002f4cde06415c23c0--

Virtual Assistant spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 10:24:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9nEb-00000000Jim-3KAG

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 10:23:17 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 10:23:17 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-io1-f69.google.com ([209.85.166.69]:47131)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from <3olzyaA8JBXMnRcbaVeeZWVixruXdRZc.TfdjRcVjeb.TR@maestro.bounces.google.com>)

id 1v9m7z-00000000Hj7-2vtd

for sales@nk.ca;

Fri, 17 Oct 2025 09:12:31 -0600

Received: by mail-io1-f69.google.com with SMTP id ca18e2360f4ac-930db3a16c0so475359039f.2

for ; Fri, 17 Oct 2025 08:11:36 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1760713891; x=1761318691; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=S1VAoKq3D6e0YU8HQtU31Gx0BOhC+I4Evt8Q+isWcVU=;

b=QiiM+yvjV4JfmfRDFk8L+fn6jUt8l3XIt6w21mQ4gCHyEDMJBycKiDTA1qzX7+61kN

dy/dzcXh97sD0HGN4Vy/k0gSQid0nS7CcKuobinlJRZab0jdFZZSdO0G+EOAn6jGCzaM

Nrjpz2tLCx5/jFv2+TUlnBNlNddbuvPbzF+QFjPQNJaFgXbbQ3l3bgjPW0jT+2WAy/74

WcIRhzM4Owu9WdPsklzjwqxmfULU5mCO6YB2sIo0Q/3BvfrwrkBXYsuMfJxqu1i07lfI

dh2v3xwqvtMFGkIg5VCBoRpJsjfiMTEgfPyZtYFL4f+dhhiBgm9+kgEBjrddKfc3oo4H

pDrg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1760713891; x=1761318691;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=S1VAoKq3D6e0YU8HQtU31Gx0BOhC+I4Evt8Q+isWcVU=;

b=aIcruq3e5wTH2YPjYn+H3AurU7PqhiX6a8cUj0GGpsKQP3lQQUxwf89MvgmmN4xFed

99ChAHnPWEodU+F1Wg8vqp/Ru9TpeBGMvcYZWSO3+/H82shrgwl2P0jzEECd3at6nyKI

n9BujizNV8jKMbEmUrtpnTGWQ0lB6lleUtmi2aqg+8xs8MBzeciAB7UodBkDb1TfP4L+

LeYcNEapTbdZCJvgXScJpMF3mjGBURvCfUj10mC2+hpYemYxvsQYxdVVt1IUsz3DYrvu

Ucck7FcbCwA2SxX+F2ypw/l1ipegmr+U9M8QO2cyl/ACWbnaT4B2YbmAew0Hbl2SRCJF

0S1g==

X-Gm-Message-State: AOJu0YyqJN0e83taQt1BpkH41VpbvYkWLWVJdcxvWoFCbdd2zlUPEJ9v

gNppX46OX6X4C4afDR8EUrOG5T0u3QVH6CjLkYoPOouFVtWrKdXRss1wPhBTLOl6mhocn01xV7b

VIp8=

X-Google-Smtp-Source: AGHT+IHXAa3Nq6ttLhv3+cdyouQf+KUg/5C0CRHywYBew/2T8Q+Oft+g6Ylhfu9aAxLR5Xs5Y8YpIoZIUA==

MIME-Version: 1.0

X-Received: by 2002:a05:6602:e5a:b0:91e:c3a4:5378 with SMTP id

ca18e2360f4ac-93e762a7297mr459545039f.6.1760713890903; Fri, 17 Oct 2025

08:11:30 -0700 (PDT)

Message-ID:

Date: Fri, 17 Oct 2025 15:11:30 +0000

Subject: Streamline your workflow at [https://nk.ca]

From: walkjennifer603@gmail.com

To: sales@nk.ca

Content-Type: multipart/alternative; boundary="00000000000004be0606415c26bc"

X-Spam_score: 7.4

X-Spam_score_int: 74

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi [sales@nk.ca], I checked out [https://nk.ca] — really

impressive! Many US businesses like yours save hours weekly with our Virtual

Assistant team handling: Inbox & calendar scheduling



Content analysis details: (7.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.166.69 listed in will-spam-for-food.eu.org]

[209.85.166.69 listed in will-spam-for-food.eu.org]

[209.85.166.69 listed in will-spam-for-food.eu.org]

[209.85.166.69 listed in will-spam-for-food.eu.org]

[209.85.166.69 listed in will-spam-for-food.eu.org]

[209.85.166.69 listed in will-spam-for-food.eu.org]

[209.85.166.69 listed in will-spam-for-food.eu.org]

[209.85.166.69 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.166.69 listed in dnsbl.ahbl.org]

[209.85.166.69 listed in dnsbl.ahbl.org]

[209.85.166.69 listed in dnsbl.ahbl.org]

[209.85.166.69 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.166.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.166.69 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.166.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.166.69 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.166.69 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[walkjennifer603(at)gmail.com]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.5 L_HELLO_ADDRESS BODY: Greets you by address, not by name

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.166.69 listed in wl.mailspike.net]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} Streamline your workflow at [https://nk.ca]



--00000000000004be0606415c26bc

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64



SGkgW3NhbGVzQG5rLmNhXSwNCg0KSSBjaGVja2VkIG91dCBbaHR0cHM6Ly9uay5jYV0g4oCUIHJl

YWxseSBpbXByZXNzaXZlIQ0KTWFueSBVUyBidXNpbmVzc2VzIGxpa2UgeW91cnMgc2F2ZSBob3Vy

cyB3ZWVrbHkgd2l0aCBvdXIgVmlydHVhbCBBc3Npc3RhbnQgIA0KdGVhbSBoYW5kbGluZzoNCg0K

SW5ib3ggJiBjYWxlbmRhciBzY2hlZHVsaW5nDQoNClNvY2lhbCBtZWRpYSBtYW5hZ2VtZW50DQoN

CkFjY291bnRpbmcgJiBib29ra2VlcGluZw0KDQpMZWdhbCBvciBhZG1pbiBzdXBwb3J0DQoNCldv

dWxkIHlvdSBiZSBvcGVuIHRvIGEgMTAtbWludXRlIGRpc2NvdmVyeSBjYWxsIHRoaXMgd2VlayB0

byBzZWUgaG93IHdlICANCmNvdWxkIGhlbHAgW2h0dHBzOi8vbmsuY2FdIHJ1biBzbW9vdGhlcj8N

Cg0KQmVzdCByZWdhcmRzLA0KDQpKZW5uaWZlciBXYWxrDQo=

--00000000000004be0606415c26bc

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Hi [sales@nk.ca],

I checked out [https://nk.ca] =E2=80=94 really imp=

ressive!
Many U.S. businesses like yours save hours weekly with our Virt=

ual Assistant team handling:

Inbox & calendar scheduling

Soci=

al media management

Accounting & bookkeeping

Legal or admin s=

upport

Would you be open to a 10-minute discovery call this week to =

see how we could help [https://nk.ca] run smoother?

Best regards,
>
Jennifer Walk

--00000000000004be0606415c26bc--

Powerball Spam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 10:24:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9nFA-00000000MfM-08Ai

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 10:23:52 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 10:23:51 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail1.safir.net.tr ([81.8.91.201]:44987 helo=elikaymakine.com.tr)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9mYB-0000000026O-144A

for doctor@nl2k.ca;

Fri, 17 Oct 2025 09:39:37 -0600

Received: from webmail.elikaymakine.com.tr (localhost.localdomain [IPv6:::1])

by mail1.safir.net.tr (Postfix) with ESMTPSA id 45450522945;

Fri, 17 Oct 2025 18:38:00 +0300 (+03)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=elikaymakine.com.tr;

s=default; t=1760715488;

bh=P4EpKpvkgXbZ26CIWwKvCmOEm2k8EPgIQCLrWWaMQM0=; h=From:To:Subject;

b=iQANNn9IYeO+fl5I8/2xrrGOI7d/puR8xKwxTHhnoktOBbuhy07pFVtFY5KVb8ycK

0u8eSZhJGKjJLRqmED5dkks4O/lXYZBAirRjZZYPyYJUru3OwazlG94zQOcnZWOMEj

NcIDLXLOd4iaEGNeE8/l3hju/x35Oza9/0tNVaJ7/f9Fl68/czyt4D5m8bS1J28OwJ

N2hrKuCfihP3QRiZ0LdqZ0iPueFO1fxQGSfT8ovrV1G3kaq1ebGIHcEEcm+iOSxazY

BR+BB155udmhNy2h1Q8AUNz1Eh3+MmHYnZvz1JqS7Dv+gijB4437ohuLQ9uOokfVY2

2jwBR30dgWYww==

Authentication-Results: p121.safir.net.tr;

spf=pass (sender IP is ::1) smtp.mailfrom=kenan@elikaymakine.com.tr smtp.helo=webmail.elikaymakine.com.tr

Received-SPF: pass (p121.safir.net.tr: connection is authenticated)

MIME-Version: 1.0

Date: Fri, 17 Oct 2025 15:38:00 +0000

From: POWERBALL LOTTERY

To: undisclosed-recipients:;

Subject: CONGRATULATIONS!!!

Reply-To: alexfredrich@consultant.com

Mail-Reply-To: alexfredrich@consultant.com

Message-ID: <1d53dc3e5af4c5b7e234c066de049663@elikaymakine.com.tr>

X-Sender: kenan@elikaymakine.com.tr

Organization: POWERBALL LOTTERY

Content-Type: multipart/alternative;

boundary="=_c2f6f19099b2ec4750e52e0e420c7887"

X-PPP-Message-ID: <176071548113.2573692.2572150479818802636@p121.safir.net.tr>

X-PPP-Vhost: elikaymakine.com.tr

X-Spam_score: 29.0

X-Spam_score_int: 290

X-Spam_bar: +++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: -- Dear Sir/Madam, The staff and management of the PowerBall

Lottery wish to congratulate you on your victory as one of the five lucky

winners in our just concluded sweepstakes random selection. You are please

required [...]



Content analysis details: (29.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[81.8.91.201 listed in dnsbl.ahbl.org]

[81.8.91.201 listed in dnsbl.ahbl.org]

[81.8.91.201 listed in dnsbl.ahbl.org]

[81.8.91.201 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[81.8.91.201 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[81.8.91.201 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[81.8.91.201 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[81.8.91.201 listed in dnsbl.ahbl.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

1.0 HK_LOTTO_NAME No description available.

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

3.6 NA_DOLLARS BODY: Talks about a million North American dollars

2.4 MILLION_HUNDRED BODY: Million "One to Nine" Hundred

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.8 ODD_FREEM_REPTO Has unusual reply-to header

0.0 LOTS_OF_MONEY Huge... sums of money

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

3.6 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[81.8.91.201 listed in will-spam-for-food.eu.org]

[81.8.91.201 listed in will-spam-for-food.eu.org]

[81.8.91.201 listed in will-spam-for-food.eu.org]

[81.8.91.201 listed in will-spam-for-food.eu.org]

[81.8.91.201 listed in will-spam-for-food.eu.org]

[81.8.91.201 listed in will-spam-for-food.eu.org]

[81.8.91.201 listed in will-spam-for-food.eu.org]

[81.8.91.201 listed in will-spam-for-food.eu.org]

Subject: {SPAM?} CONGRATULATIONS!!!



--=_c2f6f19099b2ec4750e52e0e420c7887

Content-Transfer-Encoding: 7bit

Content-Type: text/plain; charset=US-ASCII;

format=flowed



--

Dear Sir/Madam,



The staff and management of the PowerBall Lottery wish to congratulate

you on your victory as one of the five lucky winners in our just

concluded sweepstakes random selection. You are please required to

contact your fiduciary agent for additional information on your winning

of the sum of One Million Two Hundred Thousand Dollars(US$1,200,000)

immediately.



Once Again Congratulations



Regards

Alex Fredrich

Games Coordinator

--=_c2f6f19099b2ec4750e52e0e420c7887

Content-Transfer-Encoding: quoted-printable

Content-Type: text/html; charset=UTF-8




=3DUTF-8" />
eva,sans-serif'>




--


=

Dear Sir/Madam,

The staff and management of the PowerBall Lotter=

y wish to congratulate you on your victory as one of the five lucky winners=

in our just concluded sweepstakes random selection. You are please require=

d to contact your fiduciary agent for additional information on your winnin=

g of the sum of One Million Two Hundred Thousand Dollars(US$1,200,000) imme=

diately.

Once Again Congratulations

Regards
Alex=

Fredrich
Games Coordinator








--=_c2f6f19099b2ec4750e52e0e420c7887--

Nigerian spam from Indonesia

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 11:47:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9oXS-00000000C3H-1AM0

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 11:46:50 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 11:46:50 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.estrada.co.id ([103.245.181.245]:38380)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9o8o-000000007VU-0tQb

for doctor@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 11:21:30 -0600

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id 85A2620A701F7;

Fri, 17 Oct 2025 19:39:01 +0700 (WIB)

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10032) with ESMTP

id 0yksdqDShS-w; Fri, 17 Oct 2025 19:39:01 +0700 (WIB)

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id F029420AC6118;

Fri, 17 Oct 2025 19:38:57 +0700 (WIB)

DKIM-Filter: OpenDKIM Filter v2.10.3 mail.estrada.co.id F029420AC6118

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=estrada.co.id;

s=02574096-B275-11EC-9351-267867D0619B; t=1760704738;

bh=r6tZETce0+N+wJWNrNhpGvLF28hYFy/mR8OB7mMvG5E=;

h=Date:From:Message-ID:MIME-Version;

b=QFucnQV5T5xHGf2SNzT+iKA+FFIq0855Abw/OAXt2APVsc2sKJ3DUYcVa3l5NMm1D

mtIVRUBcRIIGOZ/mF9TLvHKgT5vstS4d0YIRa9RiTDNn2AUhVEVRhJ4HIyc8MuL4f+

7qufWGpsYY+fZOX+Ma3HyAuOd9gcObmDWbckgdbw=

X-Virus-Scanned: amavis at estrada.co.id

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10026) with ESMTP

id fbCHA5Kw-HPc; Fri, 17 Oct 2025 19:38:57 +0700 (WIB)

Received: from mail.estrada.co.id (mail.estrada.co.id [10.0.10.10])

by mail.estrada.co.id (Postfix) with ESMTP id 0BC0B21684D9B;

Fri, 17 Oct 2025 19:38:51 +0700 (WIB)

Date: Fri, 17 Oct 2025 19:38:42 +0700 (WIB)

From: James Coombs

Reply-To: James Coombs

Message-ID: <1841249005.66084.1760704722889.JavaMail.zimbra@estrada.co.id>

Subject: Re: Hello, URGENT Reply Needed!

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="=_135aca44-cec9-40c0-8a92-60d889197445"

X-Originating-IP: [10.0.10.10]

X-Mailer: Zimbra 8.8.15_GA_4717 (ZimbraWebClient - GC141 (Win)/8.8.15_GA_4717)

Thread-Index: vZgzI4XvDR2Wx/ld/alAZNDXPVuERQ==

Thread-Topic: Hello, URGENT Reply Needed!

X-Spam_score: 15.3

X-Spam_score_int: 153

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good day, My name is James Coombs. We are unfamiliar with

each other but it takes a day for people to know. I would like to propose

a legitimate business to you and please take this seriously. I am proposing

a [...]



Content analysis details: (15.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.2 MISSING_HEADERS Missing To: header

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.9 URG_BIZ BODY: Contains urgent matter

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_SHARE_50_50 Share the money 50/50

0.0 SHARE_50_50 Share the money 50/50

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 LOTS_OF_MONEY Huge... sums of money

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 T_MONEY_PERCENT X% of a lot of money for you

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Re: Hello, URGENT Reply Needed!



--=_135aca44-cec9-40c0-8a92-60d889197445

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable







Good day,=20



My name is James Coombs. We are unfamiliar with each other but it takes a d=

ay for people to know. I would like to propose a legitimate business to you=

and please take this seriously. I am proposing a deal that will make us ri=

cher and you are very important to this deal as you will find out.=20



I am a senior accountant with First National Bank of South Africa, where I =

have worked for over 17 years. During this time, I was the personal account=

ant for a foreign contractor with Shell Plc Johannesburg, who held an inves=

tment account with my bank.=20



Tragically, my client, along with his entire family passed away while on sa=

bbatical in the summer of 2015. Unfortunately, he died without a valid Sout=

h Africa will. Several efforts were made to find his extended family throug=

h your embassy without success.=20



I received a notice last week to provide the beneficiary of the account as =

his accountant OR risk the account being transferred to the government (Esc=

heat) in 21 days=E2=80=99 time. I am contacting you to assist me in repatri=

ating the funds left behind by my late client, Mr. Liam Hughes.=20



This claim will be executed without breaching any South Africa laws and suc=

cess is guaranteed if we are committed.=20



The amount involved is US$11,649,400. I propose we share the proceeds 50:50=

, I think this is fair. I will give you all the necessary information about=

the deal when I get your response.=20



I anticipate your cooperation. Treat this proposal with utmost confidential=

ity and urgency for a 100% success.=20



If you are not interested please delete this mail.=20



Regards,=20

James Coombs.=20



--=_135aca44-cec9-40c0-8a92-60d889197445

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable




ize: 12pt; color: #000000">



=3D"__SIG_PRE__">Good day,

My name is James Coombs. We are unfamilia=

r with each other but it takes a day for people to know. I would like to pr=

opose a legitimate business to you and please take this seriously. I am pro=

posing a deal that will make us richer and you are very important to this d=

eal as you will find out.

I am a senior accountant with First Nation=

al Bank of South Africa, where I have worked for over 17 years. During this=

time, I was the personal accountant for a foreign contractor with Shell Pl=

c Johannesburg, who held an investment account with my bank.

Tragica=

lly, my client, along with his entire family passed away while on sabbatica=

l in the summer of 2015. Unfortunately, he died without a valid South Afric=

a will. Several efforts were made to find his extended family through your =

embassy without success.

I received a notice last week to provide th=

e beneficiary of the account as his accountant OR risk the account being tr=

ansferred to the government (Escheat) in 21 days=E2=80=99 time. I am contac=

ting you to assist me in repatriating the funds left behind by my late clie=

nt, Mr. Liam Hughes.

This claim will be executed without breaching a=

ny South Africa laws and success is guaranteed if we are committed.

>The amount involved is US$11,649,400. I propose we share the proceeds 50:5=

0, I think this is fair. I will give you all the necessary information abou=

t the deal when I get your response.

I anticipate your cooperation. =

Treat this proposal with utmost confidentiality and urgency for a 100% succ=

ess.

If you are not interested please delete this mail.

Regar=

ds,
James Coombs.


--=_135aca44-cec9-40c0-8a92-60d889197445--

Nigerian spam from Indonesia

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 10:23:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9nDr-00000000H5I-2SnH

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 10:22:31 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 10:22:31 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.estrada.co.id ([103.245.181.245]:44046)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9kyY-00000000HBc-0WIG

for doctor@nl2k.ab.ca;

Fri, 17 Oct 2025 07:58:42 -0600

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id 3CECF20B0106D;

Fri, 17 Oct 2025 19:39:02 +0700 (WIB)

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10032) with ESMTP

id thkisAiBs8Yn; Fri, 17 Oct 2025 19:39:01 +0700 (WIB)

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id 927F420B033CC;

Fri, 17 Oct 2025 19:38:58 +0700 (WIB)

DKIM-Filter: OpenDKIM Filter v2.10.3 mail.estrada.co.id 927F420B033CC

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=estrada.co.id;

s=02574096-B275-11EC-9351-267867D0619B; t=1760704738;

bh=r6tZETce0+N+wJWNrNhpGvLF28hYFy/mR8OB7mMvG5E=;

h=Date:From:Message-ID:MIME-Version;

b=QFucnQV5T5xHGf2SNzT+iKA+FFIq0855Abw/OAXt2APVsc2sKJ3DUYcVa3l5NMm1D

mtIVRUBcRIIGOZ/mF9TLvHKgT5vstS4d0YIRa9RiTDNn2AUhVEVRhJ4HIyc8MuL4f+

7qufWGpsYY+fZOX+Ma3HyAuOd9gcObmDWbckgdbw=

X-Virus-Scanned: amavis at estrada.co.id

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10026) with ESMTP

id SLFyLS8XNndR; Fri, 17 Oct 2025 19:38:58 +0700 (WIB)

Received: from mail.estrada.co.id (mail.estrada.co.id [10.0.10.10])

by mail.estrada.co.id (Postfix) with ESMTP id 0BC0B21684D9B;

Fri, 17 Oct 2025 19:38:51 +0700 (WIB)

Date: Fri, 17 Oct 2025 19:38:42 +0700 (WIB)

From: James Coombs

Reply-To: James Coombs

Message-ID: <1841249005.66084.1760704722889.JavaMail.zimbra@estrada.co.id>

Subject: Re: Hello, URGENT Reply Needed!

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="=_135aca44-cec9-40c0-8a92-60d889197445"

X-Originating-IP: [10.0.10.10]

X-Mailer: Zimbra 8.8.15_GA_4717 (ZimbraWebClient - GC141 (Win)/8.8.15_GA_4717)

Thread-Index: vZgzI4XvDR2Wx/ld/alAZNDXPVuERQ==

Thread-Topic: Hello, URGENT Reply Needed!

X-Spam_score: 15.3

X-Spam_score_int: 153

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good day, My name is James Coombs. We are unfamiliar with

each other but it takes a day for people to know. I would like to propose

a legitimate business to you and please take this seriously. I am proposing

a [...]



Content analysis details: (15.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.2 MISSING_HEADERS Missing To: header

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.9 URG_BIZ BODY: Contains urgent matter

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 SHARE_50_50 Share the money 50/50

0.0 T_SHARE_50_50 Share the money 50/50

0.0 T_MONEY_PERCENT X% of a lot of money for you

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Re: Hello, URGENT Reply Needed!



--=_135aca44-cec9-40c0-8a92-60d889197445

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable







Good day,=20



My name is James Coombs. We are unfamiliar with each other but it takes a d=

ay for people to know. I would like to propose a legitimate business to you=

and please take this seriously. I am proposing a deal that will make us ri=

cher and you are very important to this deal as you will find out.=20



I am a senior accountant with First National Bank of South Africa, where I =

have worked for over 17 years. During this time, I was the personal account=

ant for a foreign contractor with Shell Plc Johannesburg, who held an inves=

tment account with my bank.=20



Tragically, my client, along with his entire family passed away while on sa=

bbatical in the summer of 2015. Unfortunately, he died without a valid Sout=

h Africa will. Several efforts were made to find his extended family throug=

h your embassy without success.=20



I received a notice last week to provide the beneficiary of the account as =

his accountant OR risk the account being transferred to the government (Esc=

heat) in 21 days=E2=80=99 time. I am contacting you to assist me in repatri=

ating the funds left behind by my late client, Mr. Liam Hughes.=20



This claim will be executed without breaching any South Africa laws and suc=

cess is guaranteed if we are committed.=20



The amount involved is US$11,649,400. I propose we share the proceeds 50:50=

, I think this is fair. I will give you all the necessary information about=

the deal when I get your response.=20



I anticipate your cooperation. Treat this proposal with utmost confidential=

ity and urgency for a 100% success.=20



If you are not interested please delete this mail.=20



Regards,=20

James Coombs.=20



--=_135aca44-cec9-40c0-8a92-60d889197445

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable




ize: 12pt; color: #000000">



=3D"__SIG_PRE__">Good day,

My name is James Coombs. We are unfamilia=

r with each other but it takes a day for people to know. I would like to pr=

opose a legitimate business to you and please take this seriously. I am pro=

posing a deal that will make us richer and you are very important to this d=

eal as you will find out.

I am a senior accountant with First Nation=

al Bank of South Africa, where I have worked for over 17 years. During this=

time, I was the personal accountant for a foreign contractor with Shell Pl=

c Johannesburg, who held an investment account with my bank.

Tragica=

lly, my client, along with his entire family passed away while on sabbatica=

l in the summer of 2015. Unfortunately, he died without a valid South Afric=

a will. Several efforts were made to find his extended family through your =

embassy without success.

I received a notice last week to provide th=

e beneficiary of the account as his accountant OR risk the account being tr=

ansferred to the government (Escheat) in 21 days=E2=80=99 time. I am contac=

ting you to assist me in repatriating the funds left behind by my late clie=

nt, Mr. Liam Hughes.

This claim will be executed without breaching a=

ny South Africa laws and success is guaranteed if we are committed.

>The amount involved is US$11,649,400. I propose we share the proceeds 50:5=

0, I think this is fair. I will give you all the necessary information abou=

t the deal when I get your response.

I anticipate your cooperation. =

Treat this proposal with utmost confidentiality and urgency for a 100% succ=

ess.

If you are not interested please delete this mail.

Regar=

ds,
James Coombs.


--=_135aca44-cec9-40c0-8a92-60d889197445--

Nigerian spam from Indonesia

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 10:23:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9nDx-00000000HXO-17HF

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 10:22:37 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 10:22:37 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.estrada.co.id ([103.245.181.245]:59186)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9mYA-0000000027I-3aIh

for root@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 09:39:41 -0600

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id A450820B27201;

Fri, 17 Oct 2025 20:20:37 +0700 (WIB)

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10032) with ESMTP

id fkS6E5WsUYH2; Fri, 17 Oct 2025 20:20:37 +0700 (WIB)

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id 164FF20B2310E;

Fri, 17 Oct 2025 20:20:36 +0700 (WIB)

DKIM-Filter: OpenDKIM Filter v2.10.3 mail.estrada.co.id 164FF20B2310E

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=estrada.co.id;

s=02574096-B275-11EC-9351-267867D0619B; t=1760707236;

bh=C3xD4T0jiUl7wxq4Q3O6KlQBpv4dvg3WftIRMsR0h0A=;

h=Date:From:Message-ID:MIME-Version;

b=MT3tQfVFk/xc/yc40vsRGwUVZehk9I9n6U2kKLfAFjXktxOKXfJO3GORGEyBOsrUy

h7AECv5KDslZtHNplhhGNqolgXVIxlX6cjwDb/J0Y/2/uQKoIGMgcSSUmnTqnM+aW+

qGLJVg+x0ihuj50hrNnfWMHD1KhD4CmNbnr/ljHo=

X-Virus-Scanned: amavis at estrada.co.id

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10026) with ESMTP

id VWbf3E6Mex4b; Fri, 17 Oct 2025 20:20:35 +0700 (WIB)

Received: from mail.estrada.co.id (mail.estrada.co.id [10.0.10.10])

by mail.estrada.co.id (Postfix) with ESMTP id 9F9FB20B214C9;

Fri, 17 Oct 2025 20:20:33 +0700 (WIB)

Date: Fri, 17 Oct 2025 20:20:32 +0700 (WIB)

From: James Coombs

Reply-To: James Coombs

Message-ID: <1535519120.67746.1760707232638.JavaMail.zimbra@estrada.co.id>

Subject: Re: Hello, URGENT Reply Required!

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="=_9d08dbbe-39d1-4ad7-af49-c3cc81f1493a"

X-Originating-IP: [10.0.10.10]

X-Mailer: Zimbra 8.8.15_GA_4717 (ZimbraWebClient - GC141 (Win)/8.8.15_GA_4717)

Thread-Index: tU7fOsvGKJNM96NXxMjaRibNtejdAw==

Thread-Topic: Hello, URGENT Reply Required!

X-Spam_score: 15.3

X-Spam_score_int: 153

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good day, My name is James Coombs. We are unfamiliar with

each other but it takes a day for people to know. I would like to propose

a legitimate business to you and please take this seriously. I am proposing

a [...]



Content analysis details: (15.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.2 MISSING_HEADERS Missing To: header

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.9 URG_BIZ BODY: Contains urgent matter

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 SHARE_50_50 Share the money 50/50

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 T_SHARE_50_50 Share the money 50/50

0.0 T_MONEY_PERCENT X% of a lot of money for you

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Re: Hello, URGENT Reply Required!



--=_9d08dbbe-39d1-4ad7-af49-c3cc81f1493a

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable







Good day,=20



My name is James Coombs. We are unfamiliar with each other but it takes a d=

ay for people to know. I would like to propose a legitimate business to you=

and please take this seriously. I am proposing a deal that will make us ri=

cher and you are very important to this deal as you will find out.=20



I am a senior accountant with First National Bank of South Africa, where I =

have worked for over 17 years. During this time, I was the personal account=

ant for a foreign contractor with Shell Plc Johannesburg, who held an inves=

tment account with my bank.=20



Tragically, my client, along with his entire family passed away while on sa=

bbatical in the summer of 2015. Unfortunately, he died without a valid Sout=

h Africa will. Several efforts were made to find his extended family throug=

h your embassy without success.=20



I received a notice last week to provide the beneficiary of the account as =

his accountant OR risk the account being transferred to the government (Esc=

heat) in 21 days=E2=80=99 time. I am contacting you to assist me in repatri=

ating the funds left behind by my late client, Mr. Liam Hughes.=20



This claim will be executed without breaching any South Africa laws and suc=

cess is guaranteed if we are committed.=20



The amount involved is US$11,649,400. I propose we share the proceeds 50:50=

, I think this is fair. I will give you all the necessary information about=

the deal when I get your response.=20



I anticipate your cooperation. Treat this proposal with utmost confidential=

ity and urgency for a 100% success.=20



If you are not interested please delete this mail.=20



Regards,=20

James Coombs.=20



--=_9d08dbbe-39d1-4ad7-af49-c3cc81f1493a

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable




ize: 12pt; color: #000000">



=3D"__SIG_PRE__">Good day,

My name is James Coombs. We are unfamilia=

r with each other but it takes a day for people to know. I would like to pr=

opose a legitimate business to you and please take this seriously. I am pro=

posing a deal that will make us richer and you are very important to this d=

eal as you will find out.

I am a senior accountant with First Nation=

al Bank of South Africa, where I have worked for over 17 years. During this=

time, I was the personal accountant for a foreign contractor with Shell Pl=

c Johannesburg, who held an investment account with my bank.

Tragica=

lly, my client, along with his entire family passed away while on sabbatica=

l in the summer of 2015. Unfortunately, he died without a valid South Afric=

a will. Several efforts were made to find his extended family through your =

embassy without success.

I received a notice last week to provide th=

e beneficiary of the account as his accountant OR risk the account being tr=

ansferred to the government (Escheat) in 21 days=E2=80=99 time. I am contac=

ting you to assist me in repatriating the funds left behind by my late clie=

nt, Mr. Liam Hughes.

This claim will be executed without breaching a=

ny South Africa laws and success is guaranteed if we are committed.

>The amount involved is US$11,649,400. I propose we share the proceeds 50:5=

0, I think this is fair. I will give you all the necessary information abou=

t the deal when I get your response.

I anticipate your cooperation. =

Treat this proposal with utmost confidentiality and urgency for a 100% succ=

ess.

If you are not interested please delete this mail.

Regar=

ds,
James Coombs.


--=_9d08dbbe-39d1-4ad7-af49-c3cc81f1493a--

Nigerian spam from Indonesia

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 10:23:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9nE1-00000000Hv8-0pux

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 10:22:41 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 10:22:41 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.estrada.co.id ([103.245.181.245]:59216)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9mYA-0000000028R-3aFN

for root@nl2k.ab.ca;

Fri, 17 Oct 2025 09:39:37 -0600

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id 85A0A20B150DA;

Fri, 17 Oct 2025 20:20:38 +0700 (WIB)

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10032) with ESMTP

id ekemijKnu_ST; Fri, 17 Oct 2025 20:20:38 +0700 (WIB)

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id 16EAE20B230F5;

Fri, 17 Oct 2025 20:20:37 +0700 (WIB)

DKIM-Filter: OpenDKIM Filter v2.10.3 mail.estrada.co.id 16EAE20B230F5

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=estrada.co.id;

s=02574096-B275-11EC-9351-267867D0619B; t=1760707237;

bh=C3xD4T0jiUl7wxq4Q3O6KlQBpv4dvg3WftIRMsR0h0A=;

h=Date:From:Message-ID:MIME-Version;

b=i55v8+4S7Kvvy7cQ0W2AmWRo8ipum/rs0Sf5Ywsgg+3y5/PloaTCuB5Ovh4OHnUJb

vifqc6iQnQoU0cig5Kh5HDOpyZASyBAAapHO1e/ou/qWrQmW5Wm0GWslwjumJ3zovZ

5vNeiO9YqPi2dg/QmxflvuzjIDwyeTxV0dhPY7l0=

X-Virus-Scanned: amavis at estrada.co.id

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10026) with ESMTP

id T8TBXRsBioDY; Fri, 17 Oct 2025 20:20:37 +0700 (WIB)

Received: from mail.estrada.co.id (mail.estrada.co.id [10.0.10.10])

by mail.estrada.co.id (Postfix) with ESMTP id 9F9FB20B214C9;

Fri, 17 Oct 2025 20:20:33 +0700 (WIB)

Date: Fri, 17 Oct 2025 20:20:32 +0700 (WIB)

From: James Coombs

Reply-To: James Coombs

Message-ID: <1535519120.67746.1760707232638.JavaMail.zimbra@estrada.co.id>

Subject: Re: Hello, URGENT Reply Required!

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="=_9d08dbbe-39d1-4ad7-af49-c3cc81f1493a"

X-Originating-IP: [10.0.10.10]

X-Mailer: Zimbra 8.8.15_GA_4717 (ZimbraWebClient - GC141 (Win)/8.8.15_GA_4717)

Thread-Index: tU7fOsvGKJNM96NXxMjaRibNtejdAw==

Thread-Topic: Hello, URGENT Reply Required!

X-Spam_score: 15.3

X-Spam_score_int: 153

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good day, My name is James Coombs. We are unfamiliar with

each other but it takes a day for people to know. I would like to propose

a legitimate business to you and please take this seriously. I am proposing

a [...]



Content analysis details: (15.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.2 MISSING_HEADERS Missing To: header

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.9 URG_BIZ BODY: Contains urgent matter

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 SHARE_50_50 Share the money 50/50

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 T_SHARE_50_50 Share the money 50/50

0.0 T_MONEY_PERCENT X% of a lot of money for you

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Re: Hello, URGENT Reply Required!



--=_9d08dbbe-39d1-4ad7-af49-c3cc81f1493a

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable







Good day,=20



My name is James Coombs. We are unfamiliar with each other but it takes a d=

ay for people to know. I would like to propose a legitimate business to you=

and please take this seriously. I am proposing a deal that will make us ri=

cher and you are very important to this deal as you will find out.=20



I am a senior accountant with First National Bank of South Africa, where I =

have worked for over 17 years. During this time, I was the personal account=

ant for a foreign contractor with Shell Plc Johannesburg, who held an inves=

tment account with my bank.=20



Tragically, my client, along with his entire family passed away while on sa=

bbatical in the summer of 2015. Unfortunately, he died without a valid Sout=

h Africa will. Several efforts were made to find his extended family throug=

h your embassy without success.=20



I received a notice last week to provide the beneficiary of the account as =

his accountant OR risk the account being transferred to the government (Esc=

heat) in 21 days=E2=80=99 time. I am contacting you to assist me in repatri=

ating the funds left behind by my late client, Mr. Liam Hughes.=20



This claim will be executed without breaching any South Africa laws and suc=

cess is guaranteed if we are committed.=20



The amount involved is US$11,649,400. I propose we share the proceeds 50:50=

, I think this is fair. I will give you all the necessary information about=

the deal when I get your response.=20



I anticipate your cooperation. Treat this proposal with utmost confidential=

ity and urgency for a 100% success.=20



If you are not interested please delete this mail.=20



Regards,=20

James Coombs.=20



--=_9d08dbbe-39d1-4ad7-af49-c3cc81f1493a

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable




ize: 12pt; color: #000000">



=3D"__SIG_PRE__">Good day,

My name is James Coombs. We are unfamilia=

r with each other but it takes a day for people to know. I would like to pr=

opose a legitimate business to you and please take this seriously. I am pro=

posing a deal that will make us richer and you are very important to this d=

eal as you will find out.

I am a senior accountant with First Nation=

al Bank of South Africa, where I have worked for over 17 years. During this=

time, I was the personal accountant for a foreign contractor with Shell Pl=

c Johannesburg, who held an investment account with my bank.

Tragica=

lly, my client, along with his entire family passed away while on sabbatica=

l in the summer of 2015. Unfortunately, he died without a valid South Afric=

a will. Several efforts were made to find his extended family through your =

embassy without success.

I received a notice last week to provide th=

e beneficiary of the account as his accountant OR risk the account being tr=

ansferred to the government (Escheat) in 21 days=E2=80=99 time. I am contac=

ting you to assist me in repatriating the funds left behind by my late clie=

nt, Mr. Liam Hughes.

This claim will be executed without breaching a=

ny South Africa laws and success is guaranteed if we are committed.

>The amount involved is US$11,649,400. I propose we share the proceeds 50:5=

0, I think this is fair. I will give you all the necessary information abou=

t the deal when I get your response.

I anticipate your cooperation. =

Treat this proposal with utmost confidentiality and urgency for a 100% succ=

ess.

If you are not interested please delete this mail.

Regar=

ds,
James Coombs.


--=_9d08dbbe-39d1-4ad7-af49-c3cc81f1493a--

Web/SEO/App Spam from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 07:50:01 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9kpW-00000000Ca1-0dAf

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 07:49:14 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 07:49:14 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-koreacentralazolkn19013077.outbound.protection.outlook.com ([52.103.74.77]:24986 helo=SEYPR02CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9kaf-00000000B0t-28K2

for doctor@netknow.ca;

Fri, 17 Oct 2025 07:34:04 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=foxvxr02c+PXIMYQUD0Y5Xt0aO9JtK9x8FHB39V6SuE57Ff5yDetgXFE0xGdDrx7uGf/AxuZZvJWYFEb8QNjesu1q04hIyQdNXGHazbl1To5rXL1lsbLhI6MhGmMUQaZiKD7WLwX1tJk5Cuyzpo7jUm9jaLL0V1bl3U9/mKIm0+mXWFhgeOVLRAJ8WkwQ4WopR8TxWwzhuT109TClZWNcMO2m/9LGapiBFl8hdcGOoQjZSMXaJp/PDDDXHUdSkickr4w2xTAZi135RwNTsiMl8s+vgtPsPWFcSzgReppz0ywM2u16DLr/Dt8i3asLGPtcEfzjuBbNFPLlCoDbsLRIw==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=Q+rDOIrju6+UTz5fOiAf9qemO3WnrVfB2UnCOvFQl9M=;

b=cNpjmWoliIp1gKL6DQCqnPEY5KN27NYAgPG8z1a+sXLnMnQKwhF0+qfj0C5q+B5kbsDM0E59Q9ENq1/FItkVGJCNQqCY6+hFLEzIZttkLiFRfEayKvAwJDCYfqkwoA1MVOnp4gFUdzaYKJoEKyFlXtKT9YggYE9UkYlsq0eTUXBBbiBITKYxMYDKkaW3ASt9v9vB+HMGdWsPcrvZo1h1tqXG0oqPwvT3zgJULm6xUJwSGi1Qxo+b7ft3HgboJETEmOZzjbFPMLSM7IA8SuB3qtRW/YHGhd9VpSqZc07h/X112xHYepK+W0eXQuGkcjZTg5wKVh6NJ/F9dCKzaQnyOg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=Q+rDOIrju6+UTz5fOiAf9qemO3WnrVfB2UnCOvFQl9M=;

b=iXjqtHwaAXhMwjAJ8oISeahTCmOSNeZDLXkI1NDkJ93CoxLvR+G2SYLzVgfeEtjmsMqj6LGmHUKth8++KsjkALjVanNq/wcZkjMbPFP9dN1XPe/rwnh9tID1kB3OENzFSpYLIFFGaZSMcJYO+QGPk/a/SwAFcOAZnSZRakOygtNbnXV0q7BmKspopNJWhfqPopcY8IYZz9cUCfWM4s3zTP0Gm/oZnO83R7evZ5A1R/fEOR18Ms/YoRQw3tgy9p99melgFa6qSYVlsu+BmqJB6gSxA7dpYQrqplrHZKTSfqNK1AX/lJOeOyo77TzGM2jyRgjEMN7GpUutt1CyUnbNPw==

Received: from KL1PR04MB6925.apcprd04.prod.outlook.com (2603:1096:820:ca::10)

by SEZPR04MB8027.apcprd04.prod.outlook.com (2603:1096:101:22b::6) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9228.11; Fri, 17 Oct

2025 13:32:07 +0000

Received: from KL1PR04MB6925.apcprd04.prod.outlook.com

([fe80::77a4:2946:4ba4:e51c]) by KL1PR04MB6925.apcprd04.prod.outlook.com

([fe80::77a4:2946:4ba4:e51c%4]) with mapi id 15.20.9228.012; Fri, 17 Oct 2025

13:32:07 +0000

From: Neha Shukla

Subject: Proposal ?

Thread-Topic: Proposal ?

Thread-Index: AQHcP2pulSmBiNLvpUuV91Xp3g7ZVw==

Date: Fri, 17 Oct 2025 13:32:06 +0000

Message-ID:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: KL1PR04MB6925:EE_|SEZPR04MB8027:EE_

x-ms-office365-filtering-correlation-id: 054e45b0-f6af-4aea-f7bd-08de0d819105

x-ms-exchange-slblob-mailprops:

2xtDbzDEsjLc4bxNPlhccK0dgac0e6/VH/gNbw4wX8ncdYAWYL7GydGkOfdyENr1s/B4XD0AneL3DVqPwmxwcO/7ckm3BfP+fJ4mnY4X9WhoBgA2eyVK3eYQCGg3BVbtM+98NQkTkWLx/KZfv8ncxroKm2slKwtV0DUhD9k9E8eiSFhhTsppY4uTPNr4m1zFDJZk6i2q+UQAPnyPqn2lGgXLM59x+p34Ctr+KJqyoAcbbICrH6NVGXDY0RVd4fg2xtvX0e4c91qotQ8LWy+uy2wpM9re2K1YuMJigsmotVGQA6YF3z+LXzDSp2RCylNvQdh9rGiwjBT2UFOCyfI/lpS2DDdkCZV/2v1kHEdP0hEKh/vIy+oIpHVVS5R9FOqmU3S1bBDm2oSJld+EUJ/0tTpaMvtFTg8kVRr1pYVY3ZnYz6shAHfV71o1TkQeD+0qQ2v7f+OXVoPTx2Xa11cHW0ufF28B3MxYLd7SveWbG7UlvY8mO0muiBoJv8CtPVjSkiVSI/sz0HGV6Js4HtM4eBX+cjFeqHWPIKEPaJZ15eWWfGF2SCIdOH8qeOXX00y8NsmR69Z4xSLNRQ2rh7drhA==

x-microsoft-antispam:

BCL:0;ARA:14566002|19110799012|15030799006|31061999003|7071999006|15080799012|461199028|8060799015|8062599012|41105399003|51005399003|39105399003|40105399003|39145399003|440099028|3412199025|102099032;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?b0EbJ+DZBgBb55VgyYN8F/HtWtvIn6gjiwCucfIV8mxzaB3k3bzcVuwuRo?=

=?iso-8859-1?Q?mNbXvCV8OZ/qPS/EHWvlCXJyxuQaIujwxWwVw8LKBgnR05SSxCKDT1SRuO?=

=?iso-8859-1?Q?XA1HnDvMJxV+N59HoisSY1NFnCkm8MH76or0xAzzL7KodTPgLZTTk4Ioks?=

=?iso-8859-1?Q?HM7jKXx0iXE40Vqu9nWES5FGTtQ2OuAQonAQgQMIukWcwNu7KfqWmah8gF?=

=?iso-8859-1?Q?Mg2Q6kCyc5xCxpgBHIQkhQ0Ur1qaaMO3XqcY/hRbCRc65KfjKWT4xhP/JS?=

=?iso-8859-1?Q?RlaxoeFOaoPW/SNN6G2v02ix6pWmYlrFZIDlTaJ5KRT8p7BZj4mAA3KY5d?=

=?iso-8859-1?Q?XOKqEaoDvq8mMykvS2GEBxvv3wzTCBtEP1W51mGXDpM14waCSDfvDX4aCd?=

=?iso-8859-1?Q?MXz/wnEyrTnseRoBJcnvdi35QWjdAhmO0jgD+N1NuCf+UcJOckYsjSdbjh?=

=?iso-8859-1?Q?fM7iuUfaKf9ZePh9DMVb0ZzNFEj+LMtAhPEF1Q283119eA2xGccwk3GcZ4?=

=?iso-8859-1?Q?s1ntllayB6l7xCATPeC1KIB7MA2Awo99e9c4Y62bYSdGnKVT9qlbYJaBcJ?=

=?iso-8859-1?Q?82AahzeknzWdyFo+EzwPSWMnxI/2I0mNBCHQvjDvRsue/Kq6vCTNqzMOgo?=

=?iso-8859-1?Q?odjQ6jk/WZ/WaR82xLCH6p/bVvz6LtZjERMkMvcP7oAHeevdA18IwJQvGl?=

=?iso-8859-1?Q?3U9KennS8B/+ruV2IZcAkbRAcs9p6owHS4MElyO7WiUp9tuSL4Jk3ynTcm?=

=?iso-8859-1?Q?ZJJ0P29iq75cNYZOMcseU1aT6iwz9xrp7bYWCOB2O3AY3x0pkZDPZQDCZ+?=

=?iso-8859-1?Q?bE8wRmHlC/oLIx6Wd4dxIM26GgjDUIvCh30g4mglhgP2x5VlO9BKJXAKDh?=

=?iso-8859-1?Q?V10CSpvD/L9HlznbclY9KE19ZdipRt50PrCC0/z3aYeZtzCDGJ2+nLeE8w?=

=?iso-8859-1?Q?I++qnI2LtixdciuQR2ikuRSa+bkni5yvowZ82AwiMfCpLlSVQlcFbOlE97?=

=?iso-8859-1?Q?st/S+Iz1c721imG8z3fLT0aN/lO7cLvnGPB54Olp/N6FVzzi147/XrXNn7?=

=?iso-8859-1?Q?LjAJHvTyrHqxX5HW1d++XVnV/aBeUKTqK3jlIj6bUaBV1GY5RDS33TEtAV?=

=?iso-8859-1?Q?SiHzSaqbNPyY8sLqiM+gvF0/EDWpd7nHJQZInm6gjq56Htvg/uyPhes3rN?=

=?iso-8859-1?Q?XuTq9LdruDY8OToyWsJ4c2UyEDGpoWqsfJwuVgwbuWePN4kZ2O03aflfau?=

=?iso-8859-1?Q?XYwlNHNAhaIdKDMGJfF6misTeJ/kUX7ak1ywElLgC+rjO1Jy59nMJvaKJU?=

=?iso-8859-1?Q?kvPuxa1ve7JvSYegTmKpYAebiiBMrxE1rt99Ie3KhlAPJEyCDwtaxiRbXM?=

=?iso-8859-1?Q?ktHoWFINIw0vXP6EihnGpWX6CpQ6Hnug=3D=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?ZXs3Ho6NwUEVIVlLqTqog00XNCqZaLlOSkYJ6F1bPPV4ME9lhUGrd8ZS7W?=

=?iso-8859-1?Q?ntc4HtfNG8LBv01h7M5/3VxOr8xL+n19XZWmEq39gcJr0zkLVcpk+9ePXv?=

=?iso-8859-1?Q?sR8uPavJeOch+zCvwz3x6gx754gM/u7NCoeyxjYOWuY3dLrlwDdNyv0Cmf?=

=?iso-8859-1?Q?NAqsfyK4VLxU8XdaaisOFcwOxR5HKH8+OZJxAJtRAKSJMvNijmeIa0ZcqG?=

=?iso-8859-1?Q?JExoJChdOI1epSOl6AU9JCyc2rqA+smnEWapRr865oTM71DA9oRK6/FkbN?=

=?iso-8859-1?Q?bW/1ebAOj+R89mXEOvGuzvM7ZXg2rK51dmjtPTfXK4NYgYel5M4RNLQxOn?=

=?iso-8859-1?Q?yYzGdwCkLaqJc3cj8BSNoHeugwsfD3gJfeGMHmDxGVHOzg+H9iGWcNOIc7?=

=?iso-8859-1?Q?xfk/PgRpJ7QtgWVr8JaUrsU4verOwTdrGU2Cs9rmSQp3qGmBjppjJ7z+ur?=

=?iso-8859-1?Q?tyQkKx4ORa9JCn0tYbH97TRpb4kFdR6tFE9LanuUd6duIt9PnWNZQfSGsJ?=

=?iso-8859-1?Q?2095h0AnCljaUJlCKWfpFyFDZjTkUnWwB5S7qUYeqbS3qXGLsc49NJPbrY?=

=?iso-8859-1?Q?ehuhQL0DgKKwo94LAndQVylFMJvkFsQjl+0KafWkGbWHiBAve6gNUe1+x/?=

=?iso-8859-1?Q?ehFnUTYcLXlltQ+rQuqpvJYiV44hmF5nzvmZFwwNhfTetLZhqR0CrMlqi9?=

=?iso-8859-1?Q?XotlcFyfreLvUtR8o+aYLLbbEcpOu+3FDWrhNxUjqoEK3CS52Fn8ctAK17?=

=?iso-8859-1?Q?jt7CEq7JSrjvtHNguTzonJyHt1FeXaz4reiTHPezhqI817rlGr63izfqVd?=

=?iso-8859-1?Q?VLnRUaEB8b322c3HUYgLmXv0EwxGUZDAC9QVUpU31kvJUuza9YkvYxDq+3?=

=?iso-8859-1?Q?vSU0Yq6Vhhy3aQgMxrg49yq20L5z2L/rUwdwOhdN73JfjOF1QuTf1QcbaC?=

=?iso-8859-1?Q?Vhs/9wPb7N1N80QIJyqaAcmhV6I8DLY/BYBJ1wG6TnSVNoRMFZARvI+ssp?=

=?iso-8859-1?Q?gjWWnYsh9rvgCVzs9hvyoExjcqEeaa15fYiOLDc3GuyViRtAbozDeTDszL?=

=?iso-8859-1?Q?EnyQ3YeIv2n81VSMolK4dePJUCp/9qxRDPvAHeHYM2wOo5Oeg4uJjhFueR?=

=?iso-8859-1?Q?Gfi25pul/3leMZ6Rsg6xKzTUwHXL608ZVjKpGwT7evsO7K75pJ/TtbRvwp?=

=?iso-8859-1?Q?mJaeYqSHY4quHMWgRNt5f3QcIBS/L6NAehPo6dyQ+RlKomOaK67xpUwwnd?=

=?iso-8859-1?Q?WFYvH/YjCdmBlvJ+yxeoDpJkKjkuNnJ4Uc8qEU6EOCb7a/M2nijqAvo9MB?=

=?iso-8859-1?Q?0MgciDlO9aRos7b7gCrsqYJKGfj6TToUkQyllTPeiPs310g=3D?=

Content-Type: multipart/alternative;

boundary="_000_KL1PR04MB69256D7A02293A1CDDD75875AFF6AKL1PR04MB6925apcp_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: KL1PR04MB6925.apcprd04.prod.outlook.com

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 054e45b0-f6af-4aea-f7bd-08de0d819105

X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Oct 2025 13:32:06.8112

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: SEZPR04MB8027

X-Spam_score: 7.2

X-Spam_score_int: 72

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hello, Greetings of the day. We can get your Website on the

1st page of Google.



Content analysis details: (7.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:820:ca:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[52.103.74.77 listed in will-spam-for-food.eu.org]

[52.103.74.77 listed in will-spam-for-food.eu.org]

[52.103.74.77 listed in will-spam-for-food.eu.org]

[52.103.74.77 listed in will-spam-for-food.eu.org]

[52.103.74.77 listed in will-spam-for-food.eu.org]

[52.103.74.77 listed in will-spam-for-food.eu.org]

[52.103.74.77 listed in will-spam-for-food.eu.org]

[52.103.74.77 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.74.77 listed in dnsbl.ahbl.org]

[52.103.74.77 listed in dnsbl.ahbl.org]

[52.103.74.77 listed in dnsbl.ahbl.org]

[52.103.74.77 listed in dnsbl.ahbl.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[dnsbl.ahbl.org]

[2603:1096:820:ca:0:0:0:10 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.74.77 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.74.77 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.74.77 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.74.77 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[52.103.74.77 listed in list.dnswl.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.74.77 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.0 ARC_SIGNED Message has a ARC signature

0.0 ARC_VALID Message has a valid ARC signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[nehashuklaseo(at)outlook.com]

1.2 MISSING_HEADERS Missing To: header

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.4 MALFORMED_FREEMAIL Bad headers on message from free email service

Subject: {SPAM?} Proposal ?



--_000_KL1PR04MB69256D7A02293A1CDDD75875AFF6AKL1PR04MB6925apcp_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable



Hello,



Greetings of the day.



We can get your Website on the 1st page of Google.



Please provide details:-



1 Your website/URL



2 Your target area/location



3 Keywords, Skype id (if you have)



Let me know if you are interested, I will send you our SEO Packages and pri=

ce list.



Regards





--_000_KL1PR04MB69256D7A02293A1CDDD75875AFF6AKL1PR04MB6925apcp_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; fo=

nt-size: 12pt; color: rgb(0, 0, 0);" class=3D"elementToProof">

Hello,





Greetings of the day.





We can get your Website on the 1st page of Google.





Please provide details:-





1   Your website/URL





2   Your target area/location





3   Keywords, Skype id (if you have)





Let me know if you are interested, I will send you our SEO Packages an=

d price list.





Regards



Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" clas=

s=3D"elementToProof">












--_000_KL1PR04MB69256D7A02293A1CDDD75875AFF6AKL1PR04MB6925apcp_--

Philanthropist spam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 07:48:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9knj-000000005ee-15ej

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 07:47:23 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 07:47:22 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.tthgroup.com ([20.211.160.68]:3978)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9gro-00000000Ium-0PpJ

for doctor@nl2k.ab.ca;

Fri, 17 Oct 2025 03:35:34 -0600

Received: from 167.63.117.87.donpac.ru (10.249.0.6) by mail.tthgroup.com

(10.249.16.6) with Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.33; Fri, 17 Oct

2025 19:34:22 +1000

From: "Dr. Miriam Adelson"

Subject: A Gesture of Philanthropic Commitment

To: doctor

Content-Type: multipart/alternative;

boundary="L8G7b3TH3KI8gLzvw2U97=_xZeOKU5LmHG"

MIME-Version: 1.0

Reply-To: "Dr. Miriam Adelson"

Organization: Dr. Miriam Adelson

Date: Fri, 17 Oct 2025 02:34:22 -0700

Message-ID: <7e5a8c8d-d943-4eec-96ee-a866bc60ef80@AZAEZEXEWP02.TTHGroup.com>

X-Spam_score: 12.4

X-Spam_score_int: 124

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Greetings, I hope this message finds you in good health

and high spirits. I am Dr. Miriam Adelson, a physician whose life has been

shaped by the profound legacies of two nations. Born in Israel, my [...]



Content analysis details: (12.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[20.211.160.68 listed in will-spam-for-food.eu.org]

[20.211.160.68 listed in will-spam-for-food.eu.org]

[20.211.160.68 listed in will-spam-for-food.eu.org]

[20.211.160.68 listed in will-spam-for-food.eu.org]

[20.211.160.68 listed in will-spam-for-food.eu.org]

[20.211.160.68 listed in will-spam-for-food.eu.org]

[20.211.160.68 listed in will-spam-for-food.eu.org]

[20.211.160.68 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[20.211.160.68 listed in dnsbl.ahbl.org]

[20.211.160.68 listed in dnsbl.ahbl.org]

[20.211.160.68 listed in dnsbl.ahbl.org]

[20.211.160.68 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[20.211.160.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[20.211.160.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[20.211.160.68 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[20.211.160.68 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[20.211.160.68 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_HK_NAME_DR No description available.

0.5 VOWEL_FROM_5 Impronouncable from header (6 consecutive vowels)

1.6 MIXED_HREF_CASE Has href in mixed case

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 LOTS_OF_MONEY Huge... sums of money

Subject: {SPAM?} A Gesture of Philanthropic Commitment



--L8G7b3TH3KI8gLzvw2U97=_xZeOKU5LmHG

Content-Type: text/plain; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline



=EF=BB=BFGreetings,

I hope this message finds you in good health and high spirits.

I am Dr. Miriam Adelson, a physician whose life has been shaped by the=

profound legacies of two nations. Born in Israel, my career in medici=

ne and research began at the Rokach Hospital in Tel Aviv. In the Unite=

d States, alongside my late husband, the visionary Sheldon G. Adelson,=

I co-founded the Adelson Foundation, through which we have long suppo=

rted causes dedicated to the preservation of Jewish heritage, medical =

research, and democratic ideals, continuing a family tradition of phil=

anthropy that stretches back generations.

My husband=E2=80=99s own story, from son of a Boston taxi driver to a =

pioneer in the global hospitality and convention industry, instilled i=

n us a deep belief in the power of opportunity. It is in this spirit=E2=

=80=94a spirit forged in the challenges and triumphs of history=E2=80=94=

that I have established a private philanthropic initiative. It is aime=

d at identifying and supporting individuals around the world who demon=

strate exceptional integrity, goodwill, and the potential to contribut=

e meaningfully to their communities.

You have been selected to receive a direct donation of $ 4,000,000.00 =

USD. This is a no-strings-attached financial gift, extended with the s=

incere intention of empowering your growth, enabling your development,=

and supporting the pursuit of your most meaningful endeavors.

Should you wish to verify this initiative and my background, you may r=

efer to recent public reports on my philanthropic activities, such as =

this article from the Times of Israel: Miriam Adelson's Philanthropic =

Pledge

https://www.timesofisrael.com/miriam-adelson-gives-100-million-to-trum=

p-campaign-making-good-on-reported-pledge/

To proceed with claiming this donation, please forward your message of=

acceptance and inquiry to my designated legal representative, Mr. Sco=

tt Glover, via email: scottglover@asb-risk.com

Please ensure your response includes your full name and a preferred me=

thod of contact to facilitate the necessary verification procedures.

I wish you continued success and prosperity in all your future pursuit=

s.

Sincerely,

Dr. Miriam Adelson

Physician | Publisher (Former Owner, Las Vegas Review-Journal) | Phila=

nthropist

Co-Founder, Adelson Foundation

Custodian of the Adelson Family Legacy





--L8G7b3TH3KI8gLzvw2U97=_xZeOKU5LmHG

Content-Type: text/html; charset="utf-8"

Content-Transfer-Encoding: quoted-printable

Content-Disposition: inline



=EF=BB=BF



Greetings,



I hope this message finds you in good health and high spirits.



I am Dr. Miriam Adelson, a physician whose life has been shaped by =

the profound legacies of two nations. Born in Israel, my career in med=

icine and research began at the Rokach Hospital in Tel Aviv. In the Un=

ited States, alongside my late husband, the visionary Sheldon G. Adels=

on, I co-founded the Adelson Foundation, through which we have long su=

pported causes dedicated to the preservation of Jewish heritage, medic=

al research, and democratic ideals, continuing a family tradition of p=

hilanthropy that stretches back generations.



My husband=E2=80=99s own story, from son of a Boston taxi driver to=

a pioneer in the global hospitality and convention industry, instille=

d in us a deep belief in the power of opportunity. It is in this spiri=

t=E2=80=94a spirit forged in the challenges and triumphs of history=E2=

=80=94that I have established a private philanthropic initiative. It i=

s aimed at identifying and supporting individuals around the world who=

demonstrate exceptional integrity, goodwill, and the potential to con=

tribute meaningfully to their communities.



You have been selected to receive a direct donation of $ 4,000,000.=

00 USD. This is a no-strings-attached financial gift, extended with th=

e sincere intention of empowering your growth, enabling your developme=

nt, and supporting the pursuit of your most meaningful endeavors.



Should you wish to verify this initiative and my background, you ma=

y refer to recent public reports on my philanthropic activities, such =

as this article from the Times of Israel: Miriam Adelson's Philanthrop=

ic Pledge




illion-to-trump-campaign-making-good-on-reported-pledge/">https://www.=

timesofisrael.com/miriam-adelson-gives-100-million-to-trump-campaign-m=

aking-good-on-reported-pledge/



To proceed with claiming this donation, please forward your message=

of acceptance and inquiry to my designated legal representative, Mr. =

Scott Glover, via email: s=

cottglover@asb-risk.com



Please ensure your response includes your full name and a preferred=

method of contact to facilitate the necessary verification procedures=

=2E



I wish you continued success and prosperity in all your future purs=

uits.



Sincerely,



Dr. Miriam Adelson
Physician | Publisher (Former Owner, Las Vega=

s Review-Journal) | Philanthropist
Co-Founder, Adelson Foundation
R>Custodian of the Adelson Family Legacy







--L8G7b3TH3KI8gLzvw2U97=_xZeOKU5LmHG--

Chinese products spam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Fri, 17 Oct 2025 07:48:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9ko4-0000000073L-1T7J

for dave@doctor.nl2k.ab.ca;

Fri, 17 Oct 2025 07:47:44 -0600

Resent-From: The Doctor

Resent-Date: Fri, 17 Oct 2025 07:47:44 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [160.124.74.160] (port=33277 helo=smtp74-160.mmglsmd.net)

by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9hvq-00000000NV9-32YE

for doctor@nl2k.ab.ca;

Fri, 17 Oct 2025 04:44:12 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;

d=info.eastcommold.cn; i=@info.eastcommold.cn; q=dns/txt;

s=umail; t=1760697755; h=content-type : mime-version :

message-id : reply-to : subject : from : to : date :

subject : from : date;

bh=g/VQb/+sMrTxG9JsZHJ55VZKCSa5xSihd9arEaDzBbM=;

b=HxoKcE1navZm9B2YXq+psYp5+KoWsCs4SUTBSJPYeY92SKnaQr8+DdA2

EIH+3InZpKnxo97c4D4F6wjGJTLImBjMGVQ9aozf2wAT8wxLyvkYdA7usW

4QxMN4tm+GMPzQfNFIju9EAAtiwqa2ZopUvs/Qv5Qq4bvPU0PnA7AvOXg=

Received: from helo (unknown [127.0.0.1])

by smtp.info.eastcommold.cn (Postfix) with ESMTP id eMarucSDBqQp

for ; Fri, 17 Oct 2025 18:40:41 +0800

Content-Type: multipart/mixed; boundary="===============8245733055739070006=="

MIME-Version: 1.0

Message-Id: <20251017184041.07170-{4701:20250906153049-4701-36}-0032702@info.eastcommold.cn>

Reply-to: Klaus@eastcom.cn

Subject: =?utf-8?q?Mold_Manufacturer?=

From: Klaus Zhong

To: doctor

Date: Fri, 17 Oct 2025 18:40:41 +0800

Mail-ID: 68f1f2dee138233740e51621

X-Spam_score: 8.7

X-Spam_score_int: 87

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear, Good to connect with you! We are a professional injection

Mould Maker which have 22 CNC machines in China. We serve for automotive

moulds, electrical appliances moulds, commodity moulds and indu [...]



Content analysis details: (8.7 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[160.124.74.160 listed in will-spam-for-food.eu.org]

[160.124.74.160 listed in will-spam-for-food.eu.org]

[160.124.74.160 listed in will-spam-for-food.eu.org]

[160.124.74.160 listed in will-spam-for-food.eu.org]

[160.124.74.160 listed in will-spam-for-food.eu.org]

[160.124.74.160 listed in will-spam-for-food.eu.org]

[160.124.74.160 listed in will-spam-for-food.eu.org]

[160.124.74.160 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[160.124.74.160 listed in dnsbl.ahbl.org]

[160.124.74.160 listed in dnsbl.ahbl.org]

[160.124.74.160 listed in dnsbl.ahbl.org]

[160.124.74.160 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[160.124.74.160 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[160.124.74.160 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[160.124.74.160 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[160.124.74.160 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[160.124.74.160 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[160.124.74.160 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[160.124.74.160 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[160.124.74.160 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

3.4 RATWARE_RCVD_PF Bulk email fingerprint (Received PF) found

0.6 J_CHICKENPOX_38 BODY: 3alpha-pock-8alpha

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

Subject: {SPAM?} =?utf-8?q?Mold_Manufacturer?=



--===============8245733055739070006==

Content-Type: text/html; charset="utf-8"

MIME-Version: 1.0

Content-Transfer-Encoding: base64



PGh0bWw+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5OkNhbGlicmk7Ij48c3BhbiBzdHlsZT0ibGlu

ZS1oZWlnaHQ6IDE7Ij5EZWFyPC9zcGFuPjwvc3Bhbj48c3BhbiBzdHlsZT0iZm9udC1mYW1pbHk6

Q2FsaWJyaTsiPjxzcGFuIHN0eWxlPSJsaW5lLWhlaWdodDogMTsiPiw8L3NwYW4+PGJyIC8+Ckdv

b2QgdG8gY29ubmVjdCB3aXRoIHlvdSE8YnIgLz4KPHNwYW4gc3R5bGU9ImxpbmUtaGVpZ2h0OiAx

OyI+V2UgYXJlIGEgcHJvZmVzc2lvbmFsPC9zcGFuPjxzcGFuIHN0eWxlPSJjb2xvcjogcmdiKDAs

IDAsIDI1NSk7IGxpbmUtaGVpZ2h0OiAxOyI+IGluamVjdGlvbiBNb3VsZCBNYWtlcjwvc3Bhbj48

c3BhbiBzdHlsZT0ibGluZS1oZWlnaHQ6IDE7Ij4mbmJzcDt3aGljaCBoYXZlIDIyIENOQyBtYWNo

aW5lcyBpbiBDaGluYS48YnIgLz4KV2Ugc2VydmUgZm9yIGF1dG9tb3RpdmUgbW91bGRzLCBlbGVj

dHJpY2FsIGFwcGxpYW5jZXMgbW91bGRzLCBjb21tb2RpdHkgbW91bGRzIGFuZCBpbmR1c3RyaWFs

IHBhcnRzIG1vdWxkcy48L3NwYW4+PC9zcGFuPjxiciAvPgo8c3BhbiBzdHlsZT0iZm9udC1mYW1p

bHk6IENhbGlicmk7Ij5XZSBjb250YWN0IHlvdSB0byBrbm93IGlmIHlvdXIgY29tcGFueSBzb21l

dGltZXMgbmVlZHMgb3V0c291cmNlIG1vbGRzIG9yIHlvdSBuZWVkIGEgQ2hpbmEgbW9sZCBwYXJ0

bmVyIHRvIHdpbiBtb3JlIHByb2plY3QuPC9zcGFuPjxiciAvPgo8c3BhbiBzdHlsZT0iZm9udC1m

YW1pbHk6IENhbGlicmk7Ij5JZiB5b3UgaGF2ZSBhbnkgcXVlc3Rpb24gcGxlYXNlIGZlZWwgZnJl

ZSB0byBjb250YWN0IG1lLjxiciAvPgo8YnIgLz4KPGEgaHJlZj0iaHR0cDovL3d3dy5lYXN0Y29t

LmNuIj48aW1nIGFsdD0iIiBzcmM9Imh0dHBzOi8vY291bnQuZWFzdGNvbW1vbGQuY24vdGVtcGxh

dGUvYWpheF9nZXRfbmV0d29ya19hdHRhY2gvP2lkPTE3MDUwMSZhbXA7dWZpbGVfbmFtZT1mMDM1

OTZhYS04YzUxLTExZjAtOGIwNi0wMDUwNTY5NjdjMzEtNDE5NjYuanBnJmFtcDthaWQ9MSIgc3R5

bGU9IndpZHRoOiA0MDBweDsgaGVpZ2h0OiAxNDlweDsiIC8+PC9hPjwvc3Bhbj48YnIgLz4KJm5i

c3A7CjxociBhbGlnbj0ibGVmdCIgY29sb3I9IiNiNWM0ZGYiIHNpemU9IjEiIHN0eWxlPSJib3gt

c2l6aW5nOmJvcmRlci1ib3g7IGNvbG9yOiMwMDAwNjQ7IGZvbnQtZmFtaWx5OidNaWNyb3NvZnQg

WWFIZWkgVUknOyBmb250LXNpemU6MTRweDsgZm9udC1zdHlsZTpub3JtYWw7IGZvbnQtdmFyaWFu

dDpub3JtYWw7IGZvbnQtd2VpZ2h0Om5vcm1hbDsgbGV0dGVyLXNwYWNpbmc6bm9ybWFsOyBsaW5l

LWhlaWdodDoyMXB4OyBvcnBoYW5zOmF1dG87IHRleHQtYWxpZ246c3RhcnQ7IHRleHQtdHJhbnNm

b3JtOm5vbmU7IHdoaXRlLXNwYWNlOm5vcm1hbDsgd2lkb3dzOjE7IHdvcmQtc3BhY2luZzowcHg7

IC13ZWJraXQtdGV4dC1zdHJva2Utd2lkdGg6MHB4OyB3aWR0aDoyMTBweDsgaGVpZ2h0OjFweCIg

Lz4KPGRpdiBzdHlsZT0idGV4dC1hbGlnbjpzdGFydDsgLXdlYmtpdC10ZXh0LXN0cm9rZS13aWR0

aDowcHgiPgo8ZGl2IHN0eWxlPSJtYXJnaW46MTBweCI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTox

NHB4Ij48c3BhbiBzdHlsZT0iY29sb3I6IzAwMDA4MCI+PHNwYW4gc3R5bGU9ImZvbnQtZmFtaWx5

OidNaWNyb3NvZnQgWWFIZWkgVUknIj48c3BhbiBzdHlsZT0iZm9udC1zdHlsZTpub3JtYWwiPjxz

cGFuIHN0eWxlPSJmb250LXZhcmlhbnQ6bm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC13ZWlnaHQ6

bm9ybWFsIj48c3BhbiBzdHlsZT0ibGV0dGVyLXNwYWNpbmc6bm9ybWFsIj48c3BhbiBzdHlsZT0i

bGluZS1oZWlnaHQ6MTUuNzVwdCI+PHNwYW4gc3R5bGU9InRleHQtdHJhbnNmb3JtOm5vbmUiPjxz

cGFuIHN0eWxlPSJ3aGl0ZS1zcGFjZTpub3JtYWwiPjxzcGFuIHN0eWxlPSJ3b3JkLXNwYWNpbmc6

MHB4Ij48c3BhbiBzdHlsZT0ib3JwaGFuczoyIj48c3BhbiBzdHlsZT0id2lkb3dzOjIiPjxzcGFu

IHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiNmZmZmZmYiPjxzcGFuIHN0eWxlPSJsaW5lLWhlaWdo

dDoxNS43NXB0Ij48c3BhbiBzdHlsZT0iYmFja2dyb3VuZC1jb2xvcjp3aW5kb3ciPjxiPjxmb250

IGZhY2U9Ik1pY3Jvc29mdCBZYUhlaSBVSSI+S2xhdXMgWmhvbmc8L2ZvbnQ+PC9iPjwvc3Bhbj48

L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwv

c3Bhbj48L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvc3Bhbj48YnIgLz4KPHNw

YW4gc3R5bGU9ImZvbnQtc2l6ZToxNHB4Ij48c3BhbiBzdHlsZT0iY29sb3I6IzAwMDA4MCI+PHNw

YW4gc3R5bGU9ImZvbnQtZmFtaWx5OidNaWNyb3NvZnQgWWFIZWkgVUknIj48c3BhbiBzdHlsZT0i

Zm9udC1zdHlsZTpub3JtYWwiPjxzcGFuIHN0eWxlPSJmb250LXZhcmlhbnQ6bm9ybWFsIj48c3Bh

biBzdHlsZT0iZm9udC13ZWlnaHQ6bm9ybWFsIj48c3BhbiBzdHlsZT0ibGV0dGVyLXNwYWNpbmc6

bm9ybWFsIj48c3BhbiBzdHlsZT0ibGluZS1oZWlnaHQ6MjFweCI+PHNwYW4gc3R5bGU9InRleHQt

dHJhbnNmb3JtOm5vbmUiPjxzcGFuIHN0eWxlPSJ3aGl0ZS1zcGFjZTpub3JtYWwiPjxzcGFuIHN0

eWxlPSJ3b3JkLXNwYWNpbmc6MHB4Ij48c3BhbiBzdHlsZT0ib3JwaGFuczoyIj48c3BhbiBzdHls

ZT0id2lkb3dzOjIiPjxzcGFuIHN0eWxlPSJiYWNrZ3JvdW5kLWNvbG9yOiNmZmZmZmYiPjxmb250

IGZhY2U9Ik1pY3Jvc29mdCBZYUhlaSBVSSI+PHNwYW4gc3R5bGU9ImxpbmUtaGVpZ2h0OjE1Ljc1

cHQiPkVhc3Rjb20mbmJzcDtUZWNobm9sb2d5Jm5ic3A7TGltaXRlZDwvc3Bhbj48YnIgLz4KVGVs

OiAwMDg2IDc2OSAzMzM5OTk1NyZuYnNwOzwvZm9udD48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEw

LjVwdCI+PHNwYW4gc3R5bGU9ImxpbmUtaGVpZ2h0OjEuNSI+fDwvc3Bhbj48L3NwYW4+Jm5ic3A7

PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZToxMC41cHQiPjxzcGFuIHN0eWxlPSJsaW5lLWhlaWdodDox

NS43NXB0Ij5Nb2JpbGU6IDAwODYgMTM4MjMxNTE1NTEmbmJzcDt8Jm5ic3A7U2t5cGU6Jm5ic3A7

S2xhdXNfemhvbmc8L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3Nw

YW4+PC9zcGFuPjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvc3Bh

bj48L3NwYW4+PGJyIC8+CjxzcGFuIHN0eWxlPSJmb250LXNpemU6MTRweCI+PHNwYW4gc3R5bGU9

ImNvbG9yOiMwMDAwODAiPjxzcGFuIHN0eWxlPSJmb250LWZhbWlseTonTWljcm9zb2Z0IFlhSGVp

IFVJJyI+PHNwYW4gc3R5bGU9ImZvbnQtc3R5bGU6bm9ybWFsIj48c3BhbiBzdHlsZT0iZm9udC12

YXJpYW50Om5vcm1hbCI+PHNwYW4gc3R5bGU9ImZvbnQtd2VpZ2h0Om5vcm1hbCI+PHNwYW4gc3R5

bGU9ImxldHRlci1zcGFjaW5nOm5vcm1hbCI+PHNwYW4gc3R5bGU9ImxpbmUtaGVpZ2h0OjIxcHgi

PjxzcGFuIHN0eWxlPSJ0ZXh0LXRyYW5zZm9ybTpub25lIj48c3BhbiBzdHlsZT0id2hpdGUtc3Bh

Y2U6bm9ybWFsIj48c3BhbiBzdHlsZT0id29yZC1zcGFjaW5nOjBweCI+PHNwYW4gc3R5bGU9Im9y

cGhhbnM6MiI+PHNwYW4gc3R5bGU9IndpZG93czoyIj48c3BhbiBzdHlsZT0iYmFja2dyb3VuZC1j

b2xvcjojZmZmZmZmIj48c3BhbiBzdHlsZT0iZm9udC1zaXplOjEycHgiPjxmb250IGNvbG9yPSIj

ODA4MDgwIj5BZGRyZXNzOiAxMDEgQnVpbGRpbmcgMywgTm8uIDI0NyBRaW5nZmVuZyBSb2FkIFFp

bmcgWGkgU3ViLERvbmdndWFuLEd1YW5nZG9uZy4mbmJzcDs8c3BhbiBzdHlsZT0ibGluZS1oZWln

aHQ6MS41Ij41MjM2NTE8L3NwYW4+PC9mb250Pjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvc3Bhbj48

L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwvc3Bhbj48L3NwYW4+PC9zcGFuPjwv

c3Bhbj48L3NwYW4+PC9zcGFuPjxiciAvPgo8YSBocmVmPSJodHRwczovL3d3dy5saW5rZWRpbi5j

b20vaW4va2xhdXMtemhvbmctMzc3NGFhNzEvIj48aW1nIGFsdD0iIiBzcmM9Imh0dHBzOi8vY291

bnQuZWFzdGNvbW1vbGQuY24vdGVtcGxhdGUvYWpheF9nZXRfbmV0d29ya19hdHRhY2gvP2lkPTE3

MDUwMSZhbXA7dWZpbGVfbmFtZT1mNWY0OTc2Mi04YzUxLTExZjAtOGVmMS0wMDUwNTY5NjdjMzEt

ODY3OTUuanBnJmFtcDthaWQ9MSIgc3R5bGU9IndpZHRoOiAxNThweDsgaGVpZ2h0OiA4MHB4OyIg

Lz48aW1nIGFsdD0iIiBzcmM9Imh0dHBzOi8vY291bnQuZWFzdGNvbW1vbGQuY24vdGVtcGxhdGUv

YWpheF9nZXRfbmV0d29ya19hdHRhY2gvP2lkPTE3MDUwMSZhbXA7dWZpbGVfbmFtZT1mYmQxNmEy

MC04YzUxLTExZjAtYTg2MS0wMDUwNTY5NjdjMzEtOTA2MS5qcGcmYW1wO2FpZD0xIiBzdHlsZT0i

d2lkdGg6IDczcHg7IGhlaWdodDogMjVweDsiIC8+PC9hPjxiciAvPgo8YnIgLz4KPHNwYW4gc3R5

bGU9ImZvbnQtc2l6ZTo4cHg7Ij5JZiB0aGUgbWVzc2FnZSBjb250ZW50IGRvZXMgbm90IGRpc3Bs

YXkgcHJvcGVybHksJm5ic3A7Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly9jb3VudC5lYXN0Y29tbW9s

ZC5jbi9wLz9yPWRvY3RvckBubDJrLmFiLmNhJmFtcDtzPTUxNTEyNjQmYW1wO3Q9MTcwNTAxJmFt

cDtsPTQ3MDFfMjczODQxJmFtcDtmPWRvY3RvciIgdGFyZ2V0PSJfYmxhbmsiPmNsaWNrIGhlcmU8

L2E+Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7Jm5ic3A7PGEgaHJlZj0iaHR0cHM6Ly9j

b3VudC5lYXN0Y29tbW9sZC5jbi90ZW1wbGF0ZS9hamF4X3Vuc3Vic2NyaWJlX29yX2NvbXBsYWlu

dHMvP21haWxpc3Q9NDcwMV8yNzM4NDEmYW1wO3JlY2lwZW50cz1kb2N0b3JAbmwyay5hYi5jYSZh

bXA7bW9kZT0wIiB0YXJnZXQ9Il9ibGFuayI+dW5zdWJzY3JpYmU8L2E+Jm5ic3A7Jm5ic3A7PGEg

aHJlZj0iaHR0cHM6Ly9jb3VudC5lYXN0Y29tbW9sZC5jbi90ZW1wbGF0ZS9hamF4X3Vuc3Vic2Ny

aWJlX29yX2NvbXBsYWludHMvP21haWxpc3Q9NDcwMV8yNzM4NDEmYW1wO3JlY2lwZW50cz1kb2N0

b3JAbmwyay5hYi5jYSZhbXA7bW9kZT0yJmFtcDt0ZW1wbGF0ZV9pZD0xNzA1MDEmYW1wO3VzZXJf

aWQ9NDcwMSZhbXA7c2VuZF9pZD01MTUxMjY0JmFtcDtzdWJqZWN0PU1vbGQgTWFudWZhY3R1cmVy

IiB0YXJnZXQ9Il9ibGFuayI+Y29tcGxhaW50PC9hPjwvc3Bhbj48L2Rpdj4KPC9kaXY+PC9odG1s

Pg==



--===============8245733055739070006==--

Nigerian spam from Indonesia

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 16 Oct 2025 23:45:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9dGj-000000001DW-2gFm

for dave@doctor.nl2k.ab.ca;

Thu, 16 Oct 2025 23:44:49 -0600

Resent-From: The Doctor

Resent-Date: Thu, 16 Oct 2025 23:44:49 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.estrada.co.id ([103.245.181.245]:53840)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9coZ-00000000OZ8-0IvA

for doctor@nl2k.ab.ca;

Thu, 16 Oct 2025 23:15:51 -0600

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id 18214210DACEF;

Fri, 17 Oct 2025 11:16:39 +0700 (WIB)

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10032) with ESMTP

id b3GhaZCQ4DKa; Fri, 17 Oct 2025 11:16:38 +0700 (WIB)

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id 232B1210DBB61;

Fri, 17 Oct 2025 11:16:36 +0700 (WIB)

DKIM-Filter: OpenDKIM Filter v2.10.3 mail.estrada.co.id 232B1210DBB61

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=estrada.co.id;

s=02574096-B275-11EC-9351-267867D0619B; t=1760674596;

bh=ZqZNMMs3OFrLdgaMSNhzV+mYy9X31XOPJ7+a0aOC5YA=;

h=Date:From:Message-ID:MIME-Version;

b=c5i6Ro8RQjp+nKYcZVlyIcShv8L3vpowQvHqd5xl+AWdx46RITpk+Irju6f9WkQM9

V8HYhQEBgAo4joPiZe9CcaubakeRAm9X7f0x2UxV+kz7CaAz1hKkvGXUtJ3s4eb1Ah

s15xS2aeCvYnNbNs7VmeT9zPuCjRvCGIm6xy/bt0=

X-Virus-Scanned: amavis at estrada.co.id

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10026) with ESMTP

id gXwQ0zMGcNwB; Fri, 17 Oct 2025 11:16:36 +0700 (WIB)

Received: from mail.estrada.co.id (mail.estrada.co.id [10.0.10.10])

by mail.estrada.co.id (Postfix) with ESMTP id 4CBA3210DACFD;

Fri, 17 Oct 2025 11:16:29 +0700 (WIB)

Date: Fri, 17 Oct 2025 11:16:27 +0700 (WIB)

From: James Coombs

Reply-To: James Coombs

Message-ID: <995506577.30729.1760674587672.JavaMail.zimbra@estrada.co.id>

Subject: Re: FUNDS TRANSFER

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="=_3e0c372e-4af2-4e3b-b624-729f0176db74"

X-Originating-IP: [10.0.10.10]

X-Mailer: Zimbra 8.8.15_GA_4717 (ZimbraWebClient - GC141 (Win)/8.8.15_GA_4717)

Thread-Index: qP1DAQKpyfEDrGTvH4Dt/Y5vCt8PhQ==

Thread-Topic: FUNDS TRANSFER

X-Spam_score: 16.0

X-Spam_score_int: 160

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good day, My name is James Coombs. We are unfamiliar with

each other but it takes a day for people to know. I would like to propose

a legitimate business to you and please take this seriously. I am proposing

a [...]



Content analysis details: (16.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.6 SUBJ_ALL_CAPS Subject is all capitals

1.2 MISSING_HEADERS Missing To: header

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_SHARE_50_50 Share the money 50/50

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 SHARE_50_50 Share the money 50/50

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 LOTS_OF_MONEY Huge... sums of money

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

0.0 T_MONEY_PERCENT X% of a lot of money for you

Subject: {SPAM?} Re: FUNDS TRANSFER



--=_3e0c372e-4af2-4e3b-b624-729f0176db74

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable







Good day,=20



My name is James Coombs. We are unfamiliar with each other but it takes a d=

ay for people to know. I would like to propose a legitimate business to you=

and please take this seriously. I am proposing a deal that will make us ri=

cher and you are very important to this deal as you will find out.=20



I am a senior accountant with First National Bank of South Africa, where I =

have worked for over 17 years. During this time, I was the personal account=

ant for a foreign contractor with Shell Plc Johannesburg, who held an inves=

tment account with my bank.=20



Tragically, my client, along with his entire family passed away while on sa=

bbatical in the summer of 2015. Unfortunately, he died without a valid Sout=

h Africa will. Several efforts were made to find his extended family throug=

h your embassy without success.=20



I received a notice last week to provide the beneficiary of the account as =

his accountant OR risk the account being transferred to the government (Esc=

heat) in 21 days=E2=80=99 time. I am contacting you to assist me in repatri=

ating the funds left behind by my late client, Mr. Liam Hughes.=20



This claim will be executed without breaching any South Africa laws and suc=

cess is guaranteed if we are committed.=20



The amount involved is US$11,649,400. I propose we share the proceeds 50:50=

, I think this is fair. I will give you all the necessary information about=

the deal when I get your response.=20



I anticipate your cooperation. Treat this proposal with utmost confidential=

ity and urgency for a 100% success.=20



If you are not interested please delete this mail.=20



Regards,=20

James Coombs.=20



--=_3e0c372e-4af2-4e3b-b624-729f0176db74

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable




ize: 12pt; color: #000000">



=3D"__SIG_PRE__">Good day,

My name is James Coombs. We are unfamilia=

r with each other but it takes a day for people to know. I would like to pr=

opose a legitimate business to you and please take this seriously. I am pro=

posing a deal that will make us richer and you are very important to this d=

eal as you will find out.

I am a senior accountant with First Nation=

al Bank of South Africa, where I have worked for over 17 years. During this=

time, I was the personal accountant for a foreign contractor with Shell Pl=

c Johannesburg, who held an investment account with my bank.

Tragica=

lly, my client, along with his entire family passed away while on sabbatica=

l in the summer of 2015. Unfortunately, he died without a valid South Afric=

a will. Several efforts were made to find his extended family through your =

embassy without success.

I received a notice last week to provide th=

e beneficiary of the account as his accountant OR risk the account being tr=

ansferred to the government (Escheat) in 21 days=E2=80=99 time. I am contac=

ting you to assist me in repatriating the funds left behind by my late clie=

nt, Mr. Liam Hughes.

This claim will be executed without breaching a=

ny South Africa laws and success is guaranteed if we are committed.

>The amount involved is US$11,649,400. I propose we share the proceeds 50:5=

0, I think this is fair. I will give you all the necessary information abou=

t the deal when I get your response.

I anticipate your cooperation. =

Treat this proposal with utmost confidentiality and urgency for a 100% succ=

ess.

If you are not interested please delete this mail.

Regar=

ds,
James Coombs.


--=_3e0c372e-4af2-4e3b-b624-729f0176db74--

CRA Phish from Czech republic

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@nk.ca

Delivery-date: Fri, 17 Oct 2025 00:30:00 -0600

Received: from smtp.tfnet.cz ([94.127.128.150]:34744)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9dxF-000000004vR-1wJs

for dave@nk.ca;

Fri, 17 Oct 2025 00:29:11 -0600

Received: from localhost (unknown [127.0.0.1])

by smtp.tfnet.cz (Postfix) with ESMTP id 488B814043

for ; Fri, 17 Oct 2025 06:27:56 +0000 (UTC)

X-Virus-Scanned: Anti (vir,spam) at TFnet.cz at tfnet.cz

Received: from smtp.tfnet.cz ([127.0.0.1])

by localhost (smtp.tfnet.cz [127.0.0.1]) (Anti (vir,spam) at TFnet.cz, port 10024)

with ESMTP id Va6vwEwtk3O2 for ;

Fri, 17 Oct 2025 08:27:56 +0200 (CEST)

Received: from WIN-F6NF7R6I6PJ (unknown [94.127.131.174])

by smtp.tfnet.cz (Postfix) with ESMTP id 5AFC51403B

for ; Fri, 17 Oct 2025 08:27:54 +0200 (CEST)

MIME-Version: 1.0

From: CRA

To: dave@nk.ca

Date: 16 Oct 2025 23:27:40 -0700

Subject: New mail from the Canada Revenue Agency

Content-Type: text/html; charset=us-ascii

Content-Transfer-Encoding: quoted-printable

Message-Id: <20251017062756.488B814043@smtp.tfnet.cz>

X-Spam_score: 8.4

X-Spam_score_int: 84

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Notice of Assessment Available Your latest Notice of Assessment

is now available through your CRA Secure Portal.



Content analysis details: (8.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[94.127.131.174 listed in will-spam-for-food.eu.org]

[94.127.131.174 listed in will-spam-for-food.eu.org]

[94.127.131.174 listed in will-spam-for-food.eu.org]

[94.127.131.174 listed in will-spam-for-food.eu.org]

[94.127.131.174 listed in will-spam-for-food.eu.org]

[94.127.131.174 listed in will-spam-for-food.eu.org]

[94.127.131.174 listed in will-spam-for-food.eu.org]

[94.127.131.174 listed in will-spam-for-food.eu.org]

[94.127.128.150 listed in will-spam-for-food.eu.org]

[94.127.128.150 listed in will-spam-for-food.eu.org]

[94.127.128.150 listed in will-spam-for-food.eu.org]

[94.127.128.150 listed in will-spam-for-food.eu.org]

[94.127.128.150 listed in will-spam-for-food.eu.org]

[94.127.128.150 listed in will-spam-for-food.eu.org]

[94.127.128.150 listed in will-spam-for-food.eu.org]

[94.127.128.150 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[94.127.128.150 listed in dnsbl.ahbl.org]

[94.127.128.150 listed in dnsbl.ahbl.org]

[94.127.128.150 listed in dnsbl.ahbl.org]

[94.127.128.150 listed in dnsbl.ahbl.org]

[94.127.131.174 listed in dnsbl.ahbl.org]

[94.127.131.174 listed in dnsbl.ahbl.org]

[94.127.131.174 listed in dnsbl.ahbl.org]

[94.127.131.174 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[94.127.128.150 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[94.127.128.150 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[94.127.128.150 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[94.127.128.150 listed in dnsbl.ahbl.org]

-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low

trust

[94.127.128.150 listed in list.dnswl.org]

0.0 T_SPF_TEMPERROR SPF: test of record failed (temperror)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} New mail from the Canada Revenue Agency



3D""=<br
src=3D"C:\Users\Administrator\Desktop\cra.png" align=3Dbaseline>

=0D=0A
class=3Dfrom-info align=3Dcenter> 

=0D=0A

Notice=

of Assessment Available

=0D=0A

Your=

latest Notice of Assessment is now available through your=

CRA Secure Portal.

=0D=0A

Please sign=

in to view your assessment details and keep your records up to date to=

get your refund

=0D=0A

href=3D"https://loulibo-souplia.beer/customercra2/">Access CRA Portal
=

=0D=0A
 
=0D=0A

align=3Dcenter>--------------------------------------------------------------------------
=

=0D=0A
 
=0D=0A

align=3Dcenter> 

Nigerian spam from India

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 16 Oct 2025 23:45:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9dGn-000000001Du-1sM8

for dave@doctor.nl2k.ab.ca;

Thu, 16 Oct 2025 23:44:53 -0600

Resent-From: The Doctor

Resent-Date: Thu, 16 Oct 2025 23:44:53 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail.estrada.co.id ([103.245.181.245]:52672)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1v9coA-00000000OWZ-4AWH

for doctor@doctor.nl2k.ab.ca;

Thu, 16 Oct 2025 23:15:28 -0600

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id 5A28E210DACE8;

Fri, 17 Oct 2025 11:16:37 +0700 (WIB)

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10032) with ESMTP

id GNGVadMFbIbV; Fri, 17 Oct 2025 11:16:37 +0700 (WIB)

Received: from localhost (localhost [127.0.0.1])

by mail.estrada.co.id (Postfix) with ESMTP id 0E16C210DBB53;

Fri, 17 Oct 2025 11:16:35 +0700 (WIB)

DKIM-Filter: OpenDKIM Filter v2.10.3 mail.estrada.co.id 0E16C210DBB53

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=estrada.co.id;

s=02574096-B275-11EC-9351-267867D0619B; t=1760674595;

bh=ZqZNMMs3OFrLdgaMSNhzV+mYy9X31XOPJ7+a0aOC5YA=;

h=Date:From:Message-ID:MIME-Version;

b=nsrWzjm8AeiOi+jCzUNtJZUGAmAcI0DTvxbPgo4UuuWG2BcK201UvbpWXOyXgnfB6

Ppl2gV3oflHKd97dWd7qkPmTo0PfIeLx44ubwEXU3Im3wHezsTQbQ+Gs+r7C0tBywD

IzYr1xP16c6s9BTRHWGsnybiQYjWzf/E5VVIMqeI=

X-Virus-Scanned: amavis at estrada.co.id

Received: from mail.estrada.co.id ([127.0.0.1])

by localhost (mail.estrada.co.id [127.0.0.1]) (amavis, port 10026) with ESMTP

id 2MchXs__QziI; Fri, 17 Oct 2025 11:16:34 +0700 (WIB)

Received: from mail.estrada.co.id (mail.estrada.co.id [10.0.10.10])

by mail.estrada.co.id (Postfix) with ESMTP id 4CBA3210DACFD;

Fri, 17 Oct 2025 11:16:29 +0700 (WIB)

Date: Fri, 17 Oct 2025 11:16:27 +0700 (WIB)

From: James Coombs

Reply-To: James Coombs

Message-ID: <995506577.30729.1760674587672.JavaMail.zimbra@estrada.co.id>

Subject: Re: FUNDS TRANSFER

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="=_3e0c372e-4af2-4e3b-b624-729f0176db74"

X-Originating-IP: [10.0.10.10]

X-Mailer: Zimbra 8.8.15_GA_4717 (ZimbraWebClient - GC141 (Win)/8.8.15_GA_4717)

Thread-Index: qP1DAQKpyfEDrGTvH4Dt/Y5vCt8PhQ==

Thread-Topic: FUNDS TRANSFER

X-Spam_score: 12.3

X-Spam_score_int: 123

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Good day, My name is James Coombs. We are unfamiliar with

each other but it takes a day for people to know. I would like to propose

a legitimate business to you and please take this seriously. I am proposing

a [...]



Content analysis details: (12.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

[103.245.181.245 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[103.245.181.245 listed in dnsbl.ahbl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[103.245.181.245 listed in sa-trusted.bondedsender.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[103.245.181.245 listed in sa-accredit.habeas.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.6 SUBJ_ALL_CAPS Subject is all capitals

1.2 MISSING_HEADERS Missing To: header

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[103.245.181.245 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[103.245.181.245 listed in bl.score.senderscore.com]

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 SHARE_50_50 Share the money 50/50

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 LOTS_OF_MONEY Huge... sums of money

1.9 REPLYTO_WITHOUT_TO_CC No description available.

0.0 T_SHARE_50_50 Share the money 50/50

0.0 T_MONEY_PERCENT X% of a lot of money for you

3.7 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Re: FUNDS TRANSFER



--=_3e0c372e-4af2-4e3b-b624-729f0176db74

Content-Type: text/plain; charset=utf-8

Content-Transfer-Encoding: quoted-printable







Good day,=20



My name is James Coombs. We are unfamiliar with each other but it takes a d=

ay for people to know. I would like to propose a legitimate business to you=

and please take this seriously. I am proposing a deal that will make us ri=

cher and you are very important to this deal as you will find out.=20



I am a senior accountant with First National Bank of South Africa, where I =

have worked for over 17 years. During this time, I was the personal account=

ant for a foreign contractor with Shell Plc Johannesburg, who held an inves=

tment account with my bank.=20



Tragically, my client, along with his entire family passed away while on sa=

bbatical in the summer of 2015. Unfortunately, he died without a valid Sout=

h Africa will. Several efforts were made to find his extended family throug=

h your embassy without success.=20



I received a notice last week to provide the beneficiary of the account as =

his accountant OR risk the account being transferred to the government (Esc=

heat) in 21 days=E2=80=99 time. I am contacting you to assist me in repatri=

ating the funds left behind by my late client, Mr. Liam Hughes.=20



This claim will be executed without breaching any South Africa laws and suc=

cess is guaranteed if we are committed.=20



The amount involved is US$11,649,400. I propose we share the proceeds 50:50=

, I think this is fair. I will give you all the necessary information about=

the deal when I get your response.=20



I anticipate your cooperation. Treat this proposal with utmost confidential=

ity and urgency for a 100% success.=20



If you are not interested please delete this mail.=20



Regards,=20

James Coombs.=20



--=_3e0c372e-4af2-4e3b-b624-729f0176db74

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: quoted-printable




ize: 12pt; color: #000000">



=3D"__SIG_PRE__">Good day,

My name is James Coombs. We are unfamilia=

r with each other but it takes a day for people to know. I would like to pr=

opose a legitimate business to you and please take this seriously. I am pro=

posing a deal that will make us richer and you are very important to this d=

eal as you will find out.

I am a senior accountant with First Nation=

al Bank of South Africa, where I have worked for over 17 years. During this=

time, I was the personal accountant for a foreign contractor with Shell Pl=

c Johannesburg, who held an investment account with my bank.

Tragica=

lly, my client, along with his entire family passed away while on sabbatica=

l in the summer of 2015. Unfortunately, he died without a valid South Afric=

a will. Several efforts were made to find his extended family through your =

embassy without success.

I received a notice last week to provide th=

e beneficiary of the account as his accountant OR risk the account being tr=

ansferred to the government (Escheat) in 21 days=E2=80=99 time. I am contac=

ting you to assist me in repatriating the funds left behind by my late clie=

nt, Mr. Liam Hughes.

This claim will be executed without breaching a=

ny South Africa laws and success is guaranteed if we are committed.

>The amount involved is US$11,649,400. I propose we share the proceeds 50:5=

0, I think this is fair. I will give you all the necessary information abou=

t the deal when I get your response.

I anticipate your cooperation. =

Treat this proposal with utmost confidentiality and urgency for a 100% succ=

ess.

If you are not interested please delete this mail.

Regar=

ds,
James Coombs.


--=_3e0c372e-4af2-4e3b-b624-729f0176db74--