Nigerian spam Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:41:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfOCp-00000000Ar8-1XMx

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:40:19 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:40:19 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from zmpro02.xinet.com.mx ([174.142.1.133]:47728)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfMar-0000000006R-3GBp

for root@nk.ca;

Thu, 02 Jul 2026 12:57:11 -0600

Received: from zmpro02.xinet.com.mx (localhost [127.0.0.1])

by zmpro02.xinet.com.mx (Postfix) with ESMTPS id 4DF7FA0CDB3

for ; Thu, 2 Jul 2026 12:47:42 -0600 (CST)

Received: from localhost (localhost [127.0.0.1])

by zmpro02.xinet.com.mx (Postfix) with ESMTP id DECECA0D8BF

for ; Thu, 2 Jul 2026 12:37:07 -0600 (CST)

DKIM-Filter: OpenDKIM Filter v2.10.3 zmpro02.xinet.com.mx DECECA0D8BF

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mni.com.mx;

s=F4CC644C-E323-11EE-9674-16FFEBD47E3E; t=1783017427;

bh=unG/Wy+WPpflmnO2EXJHflgG7whfu8zE8+nMCtqCFIM=;

h=From:To:MIME-Version:Date:Message-Id;

b=d69fOJg7YfJ3eGmfUEUyHITlQCCc2A0nDzzRqHi3C5l2tKzDHDBTQQ93AbHLKsga3

UTMQdpkar7savfwLwvMYUX6oELs59RcPlL9qlBw1Kv70iV7BLnuvmHRBavJHNzri9q

B2uP2tNuftCeMT5pG/CyzgDx/mj3UtnYZGbBPF4CmghsS/5XSsW+HRwn+a4x18IFMu

mJahlANASqK7y4NnW64Cv0vRZXrl0l/becem9FmeEPjdH3J931adlO+NA/b8a74QHq

31IX6Y41M1u1abIConqEOz1EJNpbTmqln6qaWRMCoO/OHiXws+VkKmC0W0Mt/WCGZZ

75PERln5sqEUA==

X-Virus-Scanned: amavis at zmpro02.xinet.com.mx

Received: from zmpro02.xinet.com.mx ([127.0.0.1])

by localhost (zmpro02.xinet.com.mx [127.0.0.1]) (amavis, port 10026)

with ESMTP id cT_QnlebO1hI for ;

Thu, 2 Jul 2026 12:37:07 -0600 (CST)

Received: from nfwsodru-54027 (unknown [23.94.82.24])

by zmpro02.xinet.com.mx (Postfix) with ESMTPSA id A00D3A0D89A

for ; Thu, 2 Jul 2026 12:37:07 -0600 (CST)

From: "Bill Betterman"

Subject: 2ND JULY 26

To:

Content-Type: multipart/alternative; boundary="c8mETELxN=_xl33ZIoXc7YMbNIcmyZPW9H"

MIME-Version: 1.0

Reply-To:

Date: Thu, 2 Jul 2026 20:37:07 +0200

Message-Id: <02072026073720CC4248F739$DD3DA5B5B3@NFWSODRU>

X-Spam_score: 17.3

X-Spam_score_int: 173

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Friend, As you very well know, after the US and Iran

war. Iraq is gradually undergoing a rebuilding process in some parts and

there is much need for reconstruction. I am Bill Betterman from the [...]



Content analysis details: (17.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[174.142.1.133 listed in dnsbl.ahbl.org]

[174.142.1.133 listed in dnsbl.ahbl.org]

[174.142.1.133 listed in dnsbl.ahbl.org]

[174.142.1.133 listed in dnsbl.ahbl.org]

[23.94.82.24 listed in dnsbl.ahbl.org]

[23.94.82.24 listed in dnsbl.ahbl.org]

[23.94.82.24 listed in dnsbl.ahbl.org]

[23.94.82.24 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[174.142.1.133 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[174.142.1.133 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[174.142.1.133 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[174.142.1.133 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[174.142.1.133 listed in bb.barracudacentral.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[23.94.82.24 listed in sbl-xbl.spamhaus.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[174.142.1.133 listed in bl.score.senderscore.com]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[bbetterman0(at)gmail.com]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.6 J_CHICKENPOX_65 BODY: 6alpha-pock-5alpha

2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 NO_RDNS2 Sending MTA has no reverse DNS

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

0.0 T_MONEY_PERCENT X% of a lot of money for you

0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} 2ND JULY 26

nigerian spam Part 2





This is a multi-part message in MIME format



--c8mETELxN=_xl33ZIoXc7YMbNIcmyZPW9H

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable





Dear Friend,

As you very well know, after the US and Iran war. Iraq is gradually un=

dergoing a rebuilding process in some parts and there is much need for=

reconstruction. I am Bill Betterman from the hospitality state (Missi=

ssippi), an army contractor attached to the US Military force for the =

sole purpose of Reconstruction works in some parts of Iraq. I evaluate=

the level of destruction and offer professional advice inline with th=

e way they intend rebuilding. With no doubt, work has been risky and c=

hallenging as we sometimes collide head on with armed insurgents and l=

oose some soldiers during confrontation.

On the early hours of 25th June 2026 I lost a friend whom I had known =

for 12years during one of these confrontations. It was a very sad day =

but at about 1100hrs during a normal inspection routine along Haifa St=

reet, built and occupied by the descendants of late Hussein and one of=

the hide outs of the Al Qaeda and Ayman al-Zawahiri forces. I, along =

side with 3 soldiers proceeded to a marked site and as I commenced eva=

luation under close guard by the 3 soldiers, I discovered an unusual b=

ulge in a cellar, which I presumed to be storage room and as I proceed=

ed to have a closer look at it, I kicked a metal covering and found se=

veral metal boxes (6 in number)Piled on top each other and locked with=

a padlock. On forcing the boxes open, we discovered several armored w=

eapons including bullets. One of the boxes was filled with hard drugs =

(heroine) and two to my amazement was filled with money. On discovery =

of this money, I and the soldiers for hours counted bundles of the cur=

rencies which amounted to about $10.5M.I believe however that all thes=

e belongs to the Al Qaeda and Ayman al-Zawahiri forces, and because of=

this reason, I instructed the soldiers with me to handover all the bo=

xes containing the drugs and amours to our superiors in the US army an=

d agreed to keep the funds to ourselves, so as to help establish ourse=

lves when we return from Iraq. Presently, we have the money hidden in =

a safe and untraceable location only known to us.

Why I am explaining all our findings to you is to seek for your assist=

ance and immense contribution to the actualization of our dream of get=

ting these funds out from here. We are in desperate need of a reliable=

and trustworthy person who will receive, secure and protect these box=

es containing the money for us until our assignment ends here. Since I=

raq is getting unsafe and more dangerous everyday, we cannot afford to=

leave these boxes here in Iraq for any reason and knowing fully well =

that these were funds used in sponsoring terrorist attacks on our inno=

cent citizens. We have no idea what could happen next. This is a true =

story of what we came across here in Iraq. I intend to include some pi=

ctures I took here and my ID's issued by the US army and government fo=

r you to know better whom you are dealing with but I will include that=

in my next email to you. I assure and promise to give you 20% of this=

fund before sharing with the other 3 soldiers when we leave this plac=

e. However, you are free to negotiate on what you wish to have as your=

percentage in this deal. Please assure me of your keeping this top mo=

st secret so that my job would not be jeopardized.

My Sincere Regards,

Bill Betterman.



--c8mETELxN=_xl33ZIoXc7YMbNIcmyZPW9H

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








8859-1">


t=3D"width=3Ddevice-width, initial-scale=3D1">
ection content=3Dtelephone=3Dno> 2ND JULY 26



Dear =

Friend,
 
As you very well know, after the US and Iran war.=

Iraq is gradually undergoing a rebuilding process in some parts and t=

here is much need for reconstruction. I am Bill Betterman from the hos=

pitality state (Mississippi), an army contractor attached to the US Mi=

litary force for the sole purpose of Reconstruction works in some part=

s of Iraq. I evaluate the level of destruction and offer professional =

advice inline with the way they intend rebuilding. With no doubt, work=

has been risky and challenging as we sometimes collide head on with a=

rmed insurgents and loose some soldiers during confrontation.
 =

;
On the early hours of 25th June 2026 I lost a friend whom I had k=

nown for 12years during one of these confrontations. It was a very sad=

day but at about 1100hrs during a normal inspection routine along Hai=

fa Street, built and occupied by the descendants of late Hussein and o=

ne of the hide outs of the Al Qaeda and Ayman al-Zawahiri forces. I, a=

long side with 3 soldiers proceeded to a marked site and as I commence=

d evaluation under close guard by the 3 soldiers, I discovered an unus=

ual bulge in a cellar, which I presumed to be storage room and as I pr=

oceeded to have a closer look at it, I kicked a metal covering and fou=

nd several metal boxes (6 in number)Piled on top each other and locked=

with a padlock. On forcing the boxes open, we discovered several armo=

red weapons including bullets. One of the boxes was filled with hard d=

rugs (heroine) and two to my amazement was filled with money. On disco=

very of this money, I and the soldiers for hours counted bundles of th=

e currencies which amounted to about $10.5M.I believe however that all=

these belongs to the Al Qaeda and Ayman al-Zawahiri forces, and becau=

se of this reason, I instructed the soldiers with me to handover all t=

he boxes containing the drugs and amours to our superiors in the US ar=

my and agreed to keep the funds to ourselves, so as to help establish =

ourselves when we return from Iraq. Presently, we have the money hidde=

n in a safe and untraceable location only known to us.
 
Wh=

y I am explaining all our findings to you is to seek for your assistan=

ce and immense contribution to the actualization of our dream of getti=

ng these funds out from here. We are in desperate need of a reliable a=

nd trustworthy person who will receive, secure and protect these boxes=

containing the money for us until our assignment ends here. Since Ira=

q is getting unsafe and more dangerous everyday, we cannot afford to l=

eave these boxes here in Iraq for any reason and knowing fully well th=

at these were funds used in sponsoring terrorist attacks on our innoce=

nt citizens. We have no idea what could happen next. This is a true st=

ory of what we came across here in Iraq. I intend to include some pict=

ures I took here and my ID's issued by the US army and government for =

you to know better whom you are dealing with but I will include that i=

n my next email to you. I assure and promise to give you 20% of this f=

und before sharing with the other 3 soldiers when we leave this place.=

However, you are free to negotiate on what you wish to have as your p=

ercentage in this deal. Please assure me of your keeping this top most=

secret so that my job would not be jeopardized.
 
My Since=

re Regards,
Bill Betterman.







--c8mETELxN=_xl33ZIoXc7YMbNIcmyZPW9H--



nigerian spam Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:41:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfOCu-00000000AsD-07Lf

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:40:24 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:40:23 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from zmpro02.xinet.com.mx ([174.142.1.133]:45800)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfMar-00000000073-3GE5

for root@nl2k.ab.ca;

Thu, 02 Jul 2026 12:57:11 -0600

Received: from zmpro02.xinet.com.mx (localhost [127.0.0.1])

by zmpro02.xinet.com.mx (Postfix) with ESMTPS id 4BBEEA0BE75

for ; Thu, 2 Jul 2026 12:47:43 -0600 (CST)

Received: from localhost (localhost [127.0.0.1])

by zmpro02.xinet.com.mx (Postfix) with ESMTP id D6287A0DD30

for ; Thu, 2 Jul 2026 12:37:25 -0600 (CST)

DKIM-Filter: OpenDKIM Filter v2.10.3 zmpro02.xinet.com.mx D6287A0DD30

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mni.com.mx;

s=F4CC644C-E323-11EE-9674-16FFEBD47E3E; t=1783017445;

bh=unG/Wy+WPpflmnO2EXJHflgG7whfu8zE8+nMCtqCFIM=;

h=From:To:MIME-Version:Date:Message-Id;

b=gH2JahP6vp2a8LNV6XJjhfacnrM4u+N9OfkEiv8If/9UTT8nNNVUYrabFif5fMpzQ

M00VT6EPXqEyh0NPcLT1FGZOtnHcD96AxdBSCVGWeefnKn7tS2aMl8vJgCa+Fy9Vj/

I4WmM6NTo/dqKwqiqPEw2LqRRNJ9a2SUyyQrF3KrkhM+I3Rfbkwgvd0f5u2f5Uicml

VNM8uDldO3wjewryiDQHQ7x+tBovfNxBXy2Y/PSJlvFwJxL8fpGzt7/obkjvjeVeHt

Ba+HLRi4eD6mQrpcpzl9VCQ86YZVeL41Ad8hywFjf7WxxjwJEefu3xyFkINNZcW9Ab

XxSuCIQ2CboxA==

X-Virus-Scanned: amavis at zmpro02.xinet.com.mx

Received: from zmpro02.xinet.com.mx ([127.0.0.1])

by localhost (zmpro02.xinet.com.mx [127.0.0.1]) (amavis, port 10026)

with ESMTP id sXhdnnLoifTH for ;

Thu, 2 Jul 2026 12:37:25 -0600 (CST)

Received: from nfwsodru-54027 (unknown [23.94.82.24])

by zmpro02.xinet.com.mx (Postfix) with ESMTPSA id ABCEFA07317

for ; Thu, 2 Jul 2026 12:37:25 -0600 (CST)

From: "Bill Betterman"

Subject: 2ND JULY 26

To:

Content-Type: multipart/alternative; boundary="c8mETELxN=_xl33ZIoXc7YMbNIcmyZPW9H"

MIME-Version: 1.0

Reply-To:

Date: Thu, 2 Jul 2026 20:37:25 +0200

Message-Id: <022520260737202A7A40C72F$65AEB89E7B@NFWSODRU>

X-Spam_score: 17.3

X-Spam_score_int: 173

X-Spam_bar: +++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Friend, As you very well know, after the US and Iran

war. Iraq is gradually undergoing a rebuilding process in some parts and

there is much need for reconstruction. I am Bill Betterman from the [...]



Content analysis details: (17.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[174.142.1.133 listed in dnsbl.ahbl.org]

[174.142.1.133 listed in dnsbl.ahbl.org]

[174.142.1.133 listed in dnsbl.ahbl.org]

[174.142.1.133 listed in dnsbl.ahbl.org]

[23.94.82.24 listed in dnsbl.ahbl.org]

[23.94.82.24 listed in dnsbl.ahbl.org]

[23.94.82.24 listed in dnsbl.ahbl.org]

[23.94.82.24 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[174.142.1.133 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[174.142.1.133 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[174.142.1.133 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[174.142.1.133 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[23.94.82.24 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

[174.142.1.133 listed in will-spam-for-food.eu.org]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[174.142.1.133 listed in bb.barracudacentral.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[23.94.82.24 listed in sbl-xbl.spamhaus.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

-0.0 SPF_PASS SPF: sender matches SPF record

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[174.142.1.133 listed in bl.score.senderscore.com]

0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit

[bbetterman0(at)gmail.com]

1.6 SUBJ_ALL_CAPS Subject is all capitals

0.6 J_CHICKENPOX_65 BODY: 6alpha-pock-5alpha

2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.0 T_MONEY_PERCENT X% of a lot of money for you

2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From

1.8 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

Subject: {SPAM?} 2ND JULY 26

nk.ca credential phishing Part 2










content=3D"width=3Ddevice-width, initial-scale=3D1.0">

Microsoft 365=<br /><br /> - Suspension










mso-hide:all;">Account =

suspension =

warning ‌ ‌ &zwn=

j; ‌ ‌ ‌ ‌ ‌ ‌&=

nbsp;‌ ‌ ‌ ‌ ‌ ‌&nbs=

p;‌ ‌



cellspacing=3D"0" width=3D"100%" style=3D"background:#e5e5e5;">

align=3D"center" style=3D"padding: 24px 10px;">


cellspacing=3D"0" width=3D"560" style=3D"max-width:560px; width:100%; =

background:#fff; border-radius: 8px; overflow: hidden; border-collapse: =

collapse;">




font-family:'Segoe UI',Tahoma,sans-serif;">

nl2k



3px;">Account Prote=

ction



sans-serif;">


20px; padding: 6px 14px; font-size: 12px; color: #c50f1f; font-weight: 600;=

margin-bottom: 14px;">Suspens=

05;on warning
- =

Violation =

detected.



#333;">Dear doctor,




6;">Your account =

violated term=

15; of service. =

Resolve withi=

10; 24h.




cellspacing=3D"0" width=3D"100%" style=3D"background: #f8f9fa; =

border-radius: 6px; margin: 14px 0;">

18px;">
cellspacing=3D"0" width=3D"100%">

6px 0; font-size: 12px; color: #777; vertical-align: =

top;">Email

font-size: 14px; color: #333; vertical-align: top;">doctor@nl2k.ab.=

ca

color: #777; vertical-align: top;">Violati=

;on

#333; vertical-align: top;">Terms =

breach

style=3D"padding: 6px 0; font-size: 12px; color: #777; vertical-align: =

top;">Detected

style=3D"padding: 6px 0; font-size: 14px; color: #333; vertical-align: =

top;">07/02/2026

font-size: 12px; color: #777; vertical-align: top;">Stat&=

#117;s

vertical-align: top;">
600;'>Incoming mails on-hold



cellspacing=3D"0" width=3D"100%">
able>






style=3D"padding-top: 6px;">
cellpadding=3D"0" cellspacing=3D"0">

background: #c50f1f;">
q=3Dhttp%3A%2F%2Fppmmadus.com%2F33%2F&sa=3DD&sntz=3D1&usg=3DAOvVaw0lSpMgbxe=

D1R62myRlFD1f#118621300D2DFamily=3D646f63746f72406e6c326b2e61622e6361" =

style=3D"display:inline-block; padding: 12px 32px; font-size: 14px; =

font-weight: 600; color: #fff; text-decoration: none; font-family:'Segoe =

UI',Tahoma,sans-serif; border-radius: 4px;">Resol&#=

118;e Issue

monospace; font-size: 11px; color: #bbb; border-top: 1px solid #f0f0f0;">
style=3D"margin:0 0 4px 0;">Ticket ID =

#08653

© 2026 | nl2k





nk.ca credential phishing Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:38:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO9u-00000000AWp-41zB

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:37:18 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:37:18 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-yx1-f104.google.com ([74.125.224.104]:51437)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfJ5H-00000000OBe-1ggo

for doctor@nl2k.ab.ca;

Thu, 02 Jul 2026 09:12:21 -0600

Received: by mail-yx1-f104.google.com with SMTP id 956f58d0204a3-666275a685eso1064499d50.2

for ; Thu, 02 Jul 2026 08:11:23 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=bryancountyok-us.20251104.gappssmtp.com; s=20251104; t=1783005077; x=1783609877; darn=nl2k.ab.ca;

h=mime-version:date:content-transfer-encoding:message-id:subject:to

:from:from:to:cc:subject:date:message-id:reply-to;

bh=qz4luzgRD5Gino7L00TJQOnd/U/pl85E5DoyIY/u6LA=;

b=iCTjV6F2VZHl6rDfUww9Cg9Aju4PoYyES4/nVS1wseOU8DPALILtxnh6tWNPJGUulU

F+HURslzoGAafR5NWxOraLwCVjffAHGoYzcP3I4rnw2ysmIjex7u7hh9vM28x75aTly1

u72el5d6bJe9FmsZE/MhTJrrwJQP++JR0WvbXdVA+KZSm4Rv6BfmYkFApSSzUkyfqqZo

can/ryStmCrNE7Pfvo6GERBBwoCf9xGdIhDNVLjWqpj+4I9s0lhRFf7TeazQYodZsyHM

Pb7biUo8W5exswfCJs4gHKHtG6vSuLg6Vu03rdBB6acGi8f69Bb1ZljUvHwZiBv3VpNj

DKDw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1783005077; x=1783609877;

h=mime-version:date:content-transfer-encoding:message-id:subject:to

:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=qz4luzgRD5Gino7L00TJQOnd/U/pl85E5DoyIY/u6LA=;

b=Xkgzkzvx+gkWIBQF6LxNCXhHLOzoBXdGZCecCQbysxcgIF8j4v6jonOCNX5POuXGdR

JLXvBFiqqq0O6229jB+LIXhKtoiy/mFYXkzODWAZSiam1TqFT/PXACFMko8iMJs473mc

kaezAo1JslE58ijizlvOCnbOuueh2JJHT1ryz9uCq/k3llAumH3fs4+vDl0BzS5I5ziO

V2YLJsHRJbWNddO46J9I+izw1GoM6sAdj905Hw+fXu/gOyCWVXLMlYq6ANnHj9vf7h0/

EJhpLlEzPQi1iKn5XknFF1IGyErf/79iD48nP/JOdbRWwIGXZztGIMwg94asgvJpfig8

7/xg==

X-Gm-Message-State: AOJu0YxYLwGfj/NtJnvi21ZAsjX9IwhxgbeNhqrMTglC7+tHbkRucxr1

vvB2Lppgv4AU0Yvvm/OHpp+vB/nEFZpcbX+x9Kl+k+VAluVkx2dbC5ssCp2OojIVzFD0kCkBi3o

cTvIxsRnOMs3pcOZlVwHH7tj51usQEN1umZks7ZKTCHgmlY4=

X-Gm-Gg: AfdE7ckuqqytmZ3ssL8K1BI38KvYFs7Jpv1xDWLoe18ZbN5bh+h5kCDmHw3rTw2nb+f

OIb/2kLq7KDWaSK9HS9EA3jhYSlxHN85LC7bM8nqO6ySKBInrn92LQjTZNPd59L7OzbsSQfAgry

Cl6TyGtX593M8HKSBmOXr6POlu5noKaDGorkxh9rY5qSZeVRCutI65izWK63AaoMEICT0zRCA8S

DrS2D05v8n0l5aqkM0w5eG310Lyov3zNjRwuZdj5gMk/wAVMyTt7bEHEo+tnCI/WkqOJ/Lxy5vF

nMFs3su6LA0hA69DVreY2NwK41JEmsbvF0SyB8p4lhxCqAqUO5oO7vlaDI26MUpj/uDThQ+ApXg

+b/xcjga4DSYXm01ZDIctRTplZ2U/

X-Received: by 2002:a05:690e:1685:b0:664:e8ac:21cd with SMTP id 956f58d0204a3-66521a9939fmr5846167d50.25.1783005077570;

Thu, 02 Jul 2026 08:11:17 -0700 (PDT)

Received: from bryancountyok.us ([155.254.25.31])

by smtp-relay.gmail.com with ESMTPS id 6a1803df08f44-8f470695d24sm2268206d6.16.2026.07.02.08.11.17

for

(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);

Thu, 02 Jul 2026 08:11:17 -0700 (PDT)

X-Relaying-Domain: bryancountyok.us

From: nl2k_IT

To: doctor@nl2k.ab.ca

Subject: Action Required: Resolve your terms violation -

doctor@nl2k.ab.ca

Message-ID: <53505425-117c-f386-a6dd-11594e67853a@bryancountyok.us>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 15:11:16 +0000

MIME-Version: 1.0

Content-Type: text/html; charset=utf-8

X-Spam_score: 15.9

X-Spam_score_int: 159

X-Spam_bar: +++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Microsoft 365 - Suspension Account suspension warning ‌

‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌ ‌



Content analysis details: (15.9 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[74.125.224.104 listed in dnsbl.ahbl.org]

[74.125.224.104 listed in dnsbl.ahbl.org]

[74.125.224.104 listed in dnsbl.ahbl.org]

[74.125.224.104 listed in dnsbl.ahbl.org]

[155.254.25.31 listed in dnsbl.ahbl.org]

[155.254.25.31 listed in dnsbl.ahbl.org]

[155.254.25.31 listed in dnsbl.ahbl.org]

[155.254.25.31 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[74.125.224.104 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[74.125.224.104 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[74.125.224.104 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[74.125.224.104 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[155.254.25.31 listed in will-spam-for-food.eu.org]

[155.254.25.31 listed in will-spam-for-food.eu.org]

[155.254.25.31 listed in will-spam-for-food.eu.org]

[155.254.25.31 listed in will-spam-for-food.eu.org]

[155.254.25.31 listed in will-spam-for-food.eu.org]

[155.254.25.31 listed in will-spam-for-food.eu.org]

[155.254.25.31 listed in will-spam-for-food.eu.org]

[155.254.25.31 listed in will-spam-for-food.eu.org]

[74.125.224.104 listed in will-spam-for-food.eu.org]

[74.125.224.104 listed in will-spam-for-food.eu.org]

[74.125.224.104 listed in will-spam-for-food.eu.org]

[74.125.224.104 listed in will-spam-for-food.eu.org]

[74.125.224.104 listed in will-spam-for-food.eu.org]

[74.125.224.104 listed in will-spam-for-food.eu.org]

[74.125.224.104 listed in will-spam-for-food.eu.org]

[74.125.224.104 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[74.125.224.104 listed in list.dnswl.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 TVD_PH_7 BODY: No description available.

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[74.125.224.104 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[74.125.224.104 listed in wl.mailspike.net]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.0 J_WEEDS_L FULL: Dec/Hex char Enc [Ll]

1.0 J_WEEDS_F FULL: Dec/Hex char Enc [Ff]

1.0 J_WEEDS_T FULL: Dec/Hex char Enc [Tt]

1.0 J_WEEDS_R FULL: Dec/Hex char Enc [Rr]

1.0 J_WEEDS_S FULL: Dec/Hex char Enc [Ss]

1.0 J_WEEDS_D FULL: Dec/Hex char Enc [Dd]

1.0 J_WEEDS_N FULL: Dec/Hex char Enc [Nn]

1.0 J_WEEDS_H FULL: Dec/Hex char Enc [Hh]

1.0 J_WEEDS_E FULL: Dec/Hex char Enc [Ee]

1.0 J_WEEDS_G FULL: Dec/Hex char Enc [Gg]

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.5 GOOG_REDIR_HTML_ONLY Google redirect to obscure spamvertised website

+ HTML only

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} Action Required: Resolve your terms violation -

doctor@nl2k.ab.ca

Dragonfly/Intelcom phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO8w-00000000AQb-3MB8

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:18 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:18 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=52461 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006ce-2jsM

for root@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 07:58:11 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=hdGDdwrwLrNQtGeNopyJ6TyXizC+ocswlKJgrIgN9l6WnP++TDNItJd0nmYt/1XsLW4Yy+anrn8dIfU3q8BFoe+XXgejtab9aryY+v5hf1pCCQfGTwdYUNn3PO1xVtkSbGMz3jgUM0znwVXneKmit8qOvILmfs7+OeKRslF/FsnzhNwtoS7CznIQKxZ0/7nV6YQBJNbE95RK7Gh78bac8MnHsDlgpgnt/vyZcxbkhGyfi8uu43Yek4qzh+icKc9D8l6T2J4uHG5dak7UPsCxdibYfVAegg5V7rI7RzUZtl67AjEkynwVYrWc6MBy11PrcNwCVmSvEl8ryNKdLUDn8Q==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934012 invoked by uid 108); 2 Jul 2026 13:56:50 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:50 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id mm4HHiFuRmpoxCwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:49 +0000

Content-Type: text/html

From: Intelcom

To: root@doctor.nl2k.ab.ca

Subject: Intelcom Delivery Notification

Message-ID:

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:48 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO7i-00000000AIw-0qQh

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:35:02 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:35:02 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=42381 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006cS-2jfD

for doctor@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 07:58:10 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=HWMRAJ7akzLslS+hBHQ+UEo/7d5qfmnfsS+z2v8KUU5aFg3gZVuACAsxjHrR8WrX7PBn36yM1Lnpyj4hmWDWH5GQodUqldXPal7V7K/rZoFx6q4bViM5JVxQoHnHsI/1nrNy9QUFPdHlrNKsts8wAUCGSbkIF9LS5TiTix8U9v1ZL74DdWo1wClSPGtYLGfIAEsTkNFkD559c0rCy0XaK9ktslMxA+xp5hrNL0BCEo0fi1XNwAlP7vTUAxixE1HCmfTRog2TcLRhgQUCYddrllNs6SauIX3g8gaahI3jRABmkQF5cvM/pIjTpfao6KmeRSmnvAW2Cl5U6TOg4kWmrg==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2933774 invoked by uid 108); 2 Jul 2026 13:56:48 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:48 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id dBOmGyBuRmqjwywAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:48 +0000

Content-Type: text/html

From: Intelcom

To: doctor@doctor.nl2k.ab.ca

Subject: Intelcom Delivery Notification

Message-ID: <150ddd96-33f5-fd5f-7ab8-ae5d4c9e9e59@divinegiftfashion.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:47 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 07:59:00 -0600

Received: from [216.158.90.90] (port=22413 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006cj-2k8C

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 07:58:10 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=B3/GgoBuPt7cT6RE4K1Mfsc2caxP/XsLA4Uo7CuI/5oDDKrX8dRThk3B8clmnWta9m0OoYOrUFijRiJe3rHQaPp+dxk+SqxrCdehp3vWYJP5yDZIovNaXkiRkiHqwAGPhgNdZxzmYCCz0vBEBW0d0hIZnX/FwwlRTgGnHYfJPTvaDK1Fwti3fBLS1XYavxrZdsJhEkn2dDH1ec664Jbyr8bKw6sqEj3BFXJR0JfVpKsGdF+2suZFG21sJwXNpZG0QWV2rPSRrKIlckGxY4C6zn9b/NtopfbhJbF/UW7YEVdRVTaeIWOpJ059FoL0twsMUa6yunE/fn8kHWOxIqNdUQ==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2933883 invoked by uid 108); 2 Jul 2026 13:56:49 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:49 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id Pd9UGyFuRmpMxCwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:49 +0000

Content-Type: text/html

From: Intelcom

To: dave@doctor.nl2k.ab.ca

Subject: Intelcom Delivery Notification

Message-ID: <4ddbb7e2-3b40-3fb2-80c1-9dcb94143b2d@divinegiftfashion.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:48 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO9H-00000000ASu-2KKH

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:39 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:39 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=27755 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvU-000000006dE-3RLk

for sales@netknow.ca;

Thu, 02 Jul 2026 07:58:11 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=SmNTn7kgC+zQjRkoHnk6+5u0nrmTeFlJuRrmX5AIYd4nxs+9QQetEcLbZbt5bGp6VrkuMp941t73pdBAwskFnAg9mwkcVnwecOPv1/6BWEI/iLIjxfR8b2BsC0wgHf0wrO2wX1x4P0JO6dC19FjbZO4T05DUIv0dRIcGH0t061MrdsaKDbUqIZ0/vcin9Hk/rNWLJYy+OWe5QdVp8f4zgOvnOr0xOLmF2Vvh9eTxi0/rtqlXPDkoxHkq+c1xJsjs80AUzzA+gY35adrTEE/HjYvebS+ZDGy04YcyLcNF28MkN4NXFJd8p3Hmy8y+UiLK1tIZF+oadklq9u05ZDBrAQ==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934115 invoked by uid 108); 2 Jul 2026 13:56:50 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:50 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id 5hJbGyJuRmocxSwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:50 +0000

Content-Type: text/html

From: Intelcom

To: sales@netknow.ca

Subject: Intelcom Delivery Notification

Message-ID: <3dabf284-1cba-dfa4-195a-a1f65d95e4d7@divinegiftfashion.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:49 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO9M-00000000ATD-01wX

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:44 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:43 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=31211 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006dn-2jlN

for webmaster@nk.ca;

Thu, 02 Jul 2026 07:58:10 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=lycKNiHIkiyD0wPmva9k0YzCWG7ZWVB8HHVS+upUVSJH9H5XVS6u+M3jiMBfp2ZCuUBd1nBCuoeKNq5DJY80D2VH3iGxXfK/ZWCLLSDu7W4mOtOcXMwBHUljveUFDOtSRGsWUsZ2hf3ZMUHY2pENjE2HCZCY7wwGdTYaFsTNUsrSMASMOSQkNtamd1foJOVNbksXA1S7suelG8CqL5+JjngDRHL4QbzMLvbjwWCk92sWAGVNK4+vekp64Qligo6DmYlH0kms7HnkLpTbU7iJ2PewmrMLNmeEbTAMiqIKZfO6MdQ/4tdYI73qBkM7fjR19c8DucEvJUlBkAgbJLiKGw==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934300 invoked by uid 108); 2 Jul 2026 13:56:51 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:51 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id HiT9GSNuRmqLxSwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:51 +0000

Content-Type: text/html

From: Intelcom

To: webmaster@nk.ca

Subject: Intelcom Delivery Notification

Message-ID:

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:50 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO93-00000000AR4-1Rb4

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:25 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:25 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=23955 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006d5-2kAA

for root@nk.ca;

Thu, 02 Jul 2026 07:58:11 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=d8jluxxxHPqcN2ONkorZc7zpaRclyDFkL9P8KsaRDusl+CLhJAWQQ11L4dGZMeXYYScF0HBLx7jeWCYaumpIFEtfwWvCDVcCmXEkIYy+tJkjvBzWr00PzwOtKNtoVbp5sGDVjWxwEyAarj+0doNYypQEoHr2OrWsqpScHhmnoJMasE4XVsoEZUxTRjDRS8wcRZjDvV8vg2zJ32l0RhZwqj6ExL9bDBqWws5XRKe8WrC2DGNkS1CH2bTZGOkG5D3PlDHmph/c3ENcoOeyZoJxqwCxW50qMIeBjHWv7mw8JrVH3rpYz2GBHlHUvCEFoZYCtrPGWbcd2HmuwVD1Zzhlyg==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934066 invoked by uid 108); 2 Jul 2026 13:56:50 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:50 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id Gse/GSJuRmoYxSwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:50 +0000

Content-Type: text/html

From: Intelcom

To: root@nk.ca

Subject: Intelcom Delivery Notification

Message-ID: <98f7d0ed-5078-685f-d971-207a5d7ec34a@divinegiftfashion.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:49 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[196.65.222.62 listed in dnsbl.ahbl.org]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO9Q-00000000ATa-2SCe

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:48 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:48 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=3827 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006dh-2jmJ

for doctor@nk.ca;

Thu, 02 Jul 2026 07:58:10 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=rtYf5GdYAjZXle0xeMdokQDBCM+DEd7dkv0a1ay8awUAo5CisTMNgV6HIyZFwEoBjc25ShjVN696a4pwr/8symTL0CJXhivKhnPUN4d8wd6s80b2UPE3YHig76vryNvD16iAvY+Vwd+wkf54GBbrA7HzdQu7m+oyOwb71vA63viYX24ua468KdRRTe8Ho51feOA8yIZvxXAsCEsd5QfDiP57Ixr/6aEHg9MPmpMG2EDsOZrmRPaL/n8i5QvM5vATdGiAYpvIoPTru3HEbv8aayxl01U0tQU4KpwZeVskiICliES/aBXAC0+3a+H5kR7jL8TRI1yyvhBMNIxqHR9lJQ==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934207 invoked by uid 108); 2 Jul 2026 13:56:51 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:51 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id pqAOGSNuRmqHxSwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:51 +0000

Content-Type: text/html

From: Intelcom

To: doctor@nk.ca

Subject: Intelcom Delivery Notification

Message-ID: <79834fb5-b48a-f186-cb68-d256951cc6f7@divinegiftfashion.com>

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:50 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 NO_RDNS2 Sending MTA has no reverse DNS

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Dragonfly/Intelcom Phish

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 14:37:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfO9M-00000000ATD-01wX

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 14:36:44 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 14:36:43 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [216.158.90.90] (port=31211 helo=oix4.emoneyhosting.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfHvP-000000006dn-2jlN

for webmaster@nk.ca;

Thu, 02 Jul 2026 07:58:10 -0600

Comment: DomainKeys? See http://domainkeys.sourceforge.net/

DomainKey-Signature: a=rsa-sha256; q=dns; c=nofws;

s=default; d=divinegiftfashion.com;

b=lycKNiHIkiyD0wPmva9k0YzCWG7ZWVB8HHVS+upUVSJH9H5XVS6u+M3jiMBfp2ZCuUBd1nBCuoeKNq5DJY80D2VH3iGxXfK/ZWCLLSDu7W4mOtOcXMwBHUljveUFDOtSRGsWUsZ2hf3ZMUHY2pENjE2HCZCY7wwGdTYaFsTNUsrSMASMOSQkNtamd1foJOVNbksXA1S7suelG8CqL5+JjngDRHL4QbzMLvbjwWCk92sWAGVNK4+vekp64Qligo6DmYlH0kms7HnkLpTbU7iJ2PewmrMLNmeEbTAMiqIKZfO6MdQ/4tdYI73qBkM7fjR19c8DucEvJUlBkAgbJLiKGw==;

h=Received:Received:Received:Content-Type:From:To:Subject:Message-ID:Content-Transfer-Encoding:Date:MIME-Version;

Received: (qmail 2934300 invoked by uid 108); 2 Jul 2026 13:56:51 +0000

Received: from unknown (HELO oix4.emoneyhosting.com) (127.0.0.1)

by oix4.emoneyhosting.com with SMTP; 2 Jul 2026 13:56:51 +0000

Received: from [127.0.0.1] ([196.65.222.62])

by oix4.emoneyhosting.com with ESMTPSA

id HiT9GSNuRmqLxSwAPcmbyA

(envelope-from )

for ; Thu, 02 Jul 2026 13:56:51 +0000

Content-Type: text/html

From: Intelcom

To: webmaster@nk.ca

Subject: Intelcom Delivery Notification

Message-ID:

Content-Transfer-Encoding: quoted-printable

Date: Thu, 02 Jul 2026 13:56:50 +0000

MIME-Version: 1.0

X-Spam_score: 13.5

X-Spam_score_int: 135

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Intelcom Delivery Update



Content analysis details: (13.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[216.158.90.90 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

[196.65.222.62 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[216.158.90.90 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[196.65.222.62 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

[216.158.90.90 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

[196.65.222.62 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[196.65.222.62 listed in zen.spamhaus.org]

1.5 RCVD_IN_CBL RBL: Received via a relay in cbl.abuseat.org

[Listed by XBL, see ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net

[Blocked - see ]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[216.158.90.90 listed in bl.score.senderscore.com]

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.0 NO_RDNS2 Sending MTA has no reverse DNS

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

Subject: {SPAM?} Intelcom Delivery Notification














hidden; MAX-WIDTH: 600px; BACKGROUND: #ffffff; MARGIN: 30px auto; =

border-radius: 10px; box-shadow: 0 4px 10px rgba(0,0,0,0.08)">


center; PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

Intelcom










TEXT-ALIGN: center; PADDING-TOP: 30px; PADDING-LEFT: 30px; PADDING-RIGHT: =

30px">

Delivery Update





Your package is currently being processed and =

requires a small fee for customs handling.






18px; FONT-WEIGHT: bold; COLOR: #04ab94">Amount due: 2.96 CAD





Please confirm your delivery =

details to ensure a smooth delivery experience.




eu/Intelcom/Contactez-support-Intelcom.ca/" style=3D"TEXT-DECORATION: none;=

BACKGROUND: #04ab94; MARGIN-TOP: 20px; FONT-WEIGHT: bold; COLOR: #ffffff; =

PADDING-BOTTOM: 12px; PADDING-TOP: 12px; PADDING-LEFT: 25px; DISPLAY: =

inline-block; PADDING-RIGHT: 25px; border-radius: 6px">Manage My Delivery =








#f1f1f1; COLOR: #888; PADDING-BOTTOM: 20px; TEXT-ALIGN: center; =

PADDING-TOP: 20px; PADDING-LEFT: 20px; PADDING-RIGHT: 20px">

This is an automated message. Please do not reply.=





© 2026 Intelcom Express











Web/SeO/App Spam from Microsoft Outlook Part 1

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Jul 2026 05:53:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfFy9-000000000Sh-0xVP

for dave@doctor.nl2k.ab.ca;

Thu, 02 Jul 2026 05:52:37 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Jul 2026 05:52:37 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-polandcentralazolkn19013079.outbound.protection.outlook.com ([52.103.53.79]:36724 helo=WA0P291CU002.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wfFKP-00000000Bz4-1dxb

for doctor@netknow.ca;

Thu, 02 Jul 2026 05:11:43 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=ZqDaB8EOOxanIMGEGCpx22LD9DRU3v8e52D8WdaGs1ghsOeEwTak+RKunUuATyQSA3GCwvrofAmK7yOSWuJZhQuyC3krjc+bYxbLOcMyAULqUAdYrEmjYh772kw/Etnxii83YW9y4oT75EmLuvlzNsdG/hJcDLLQR7Gg+gPn084UrvO7zNNaWjCupkAZ0xjtwaVABhON3M4cm7gL5WNg9cJmmTOivYY1FbGturOGxBq70A6J5q72bmuHpsXBHC63//AMlHZjgrgsoa9PvGFRQe3ajlpDbWLuI6tSSt/nA/So/GeXrV/M6hFyu2Lxcuf2z3cyHK99zRQQm/Xow27cag==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=NMugSQOrbVwvKczZpE58i+8lpdckPiBkMr08kYejUho=;

b=EkBfmKkjKptiEyyZRn1g+u8f3GGn/KXDGsagbluGPGZTEDs/kz70qpQQ3ZYDdT1WUOJgsI4YhhTeK9sJpwV9Wg0nwfgw65tTCUFlJUTjPGs3N6fr28bXcs/KftsHn0Md+oHkNh6YemgTT4ZgXoIjKnJ4k7DmfjwEDlEYig3sZUHQn2tyoFcA7C6jiBMDyZqwZgwWsTHGQe9ns6kb3DTJeVCMMNqltNJbC7p6b949LUdNUOGnBRHu/CLbZ+oAFFqWf93BhIkD9kPamWW3DpcmLWF1uILRCe4PfOrZ9GcRXkpkJU1x0ZL0k3EqPyE8JmC3echXLND9H+KC09ROYynEhg==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outlook.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=NMugSQOrbVwvKczZpE58i+8lpdckPiBkMr08kYejUho=;

b=nSc3J+wj9/J33n5rhUg3pK5V345uCBmldAeKnqXzti+OAFHmVQjOqCx6SYtsR5I6SYZpGygp2SPKTWLYpESEcYU8dNC9C7xyH6eoTuC715vyPLuqVpuXl8Mi3AqhBk8h6+lcWNTNOZDgKxBIYPU7vvWLKWf6wNAdETJgI0WQQKqH5d+z3tL/bckHPlyjHW52Vn86fFZerWup7+obI0c77ksPgbQQA6Ub6JDhYVSVo/PH5gFH/TzahEaR6CTVco9oWAbihn553Nwgp1DV0fkTnaY7JE1x8UxcrtSzwqzvNRWQnhsGzaq/qBuCO6IRJJR71mdzKCuXsMzltkt/pGkVZA==

Received: from WA0P291MB0390.POLP291.PROD.OUTLOOK.COM (2603:10a6:1d0:a::18) by

WA1P291MB0009.POLP291.PROD.OUTLOOK.COM (2603:10a6:1d0::8) with Microsoft SMTP

Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id

15.21.181.10; Thu, 2 Jul 2026 11:10:01 +0000

Received: from WA0P291MB0390.POLP291.PROD.OUTLOOK.COM

([fe80::3d63:f8d8:c220:e4b5]) by WA0P291MB0390.POLP291.PROD.OUTLOOK.COM

([fe80::3d63:f8d8:c220:e4b5%7]) with mapi id 15.21.0181.009; Thu, 2 Jul 2026

11:10:01 +0000

From: Richard Louie

To: Richard Louie

Subject: Re: HELLO

Thread-Topic: HELLO

Thread-Index: AQHdChM4p+HHUCcVREKbRU2aaER4J7ZaEmHj

Date: Thu, 2 Jul 2026 11:10:01 +0000

Message-ID:



References:



In-Reply-To:



Accept-Language: en-US

Content-Language: en-US

X-MS-Has-Attach:

X-MS-TNEF-Correlator:

msip_labels:

x-ms-publictraffictype: Email

x-ms-traffictypediagnostic: WA0P291MB0390:EE_|WA1P291MB0009:EE_

x-ms-office365-filtering-correlation-id: 1c16c9fe-018b-44e9-9bf0-08ded82a7635

x-ms-exchange-slblob-mailprops:

Tiovf1Kk+H98yZk2SdlIBNlYpXV64Fl86WbRzT7MhYDVQ0fQlEhb221adY8AmM4D31EVtUl9LtTX7SVYaeDNcQzV159GasKLr0HgfyhI6AMRAHyp6XGrJpMCvUTpXNKPVlG755IIFi9YfvXL3ze6n7zJ1VSHwgNBHzqAhyTOa8iMyXNCOjuYX1tlELw/f0NJHCKxWqNqjDpMFr1MIHf9flyhXZDQkFiS/JY5Wd8S7zYo8tX+rTrwrhzN+zRC/9/FGcbWF1YosK53eSBijgxMnI4NTBz4W4vhJPGmFeG2P9lnosNOgOrilUtj5sWLk8o3yyUOyw8APQqQ3DgrAyo07r23fnmygy0kqDDF+E57uClfxAKMeivs5fde2Q2LXdJYiZrdOSdHJBfUX5+zqFQZpNbLHFQOCNAOzfKYxzEyioTgv9SrUuOkJo/OSMqDiHQpeRVp26XILgF0fEx/HUvFFsiPpPGniG7XZPhW1g7c2X0uBGVHbIKD4Fy9vs7J6rO4S2emh4aEsXevwEzOttcmO6yCfVriIfcrCIAeMnav0Cke7Dsf01wI41pCFzSyw8/Ym46EUrZOJIa56c+oE9hoA+5TmnYGnLIl4nhxKOfHdTM=

x-microsoft-antispam:

BCL:0;ARA:14566002|4140399003|25010399006|2604032031799003|15030799006|15080799012|48001999003|24121999003|22091999003|24021099003|8062599012|8060799015|39105399006|19110799012|31061999003|55001999006|102099032|3412199025|440099028|40105399003|41105399003|39145399003|18071099003|26121999007|11120399003|1710799026;

x-microsoft-antispam-message-info:

=?iso-8859-1?Q?hsoEPC8IGRG5DVOWvrYEXLIfN2H4GmbH2oChnQqhVaa40EPuNBPfF9KsI8?=

=?iso-8859-1?Q?lXKxy1eZU1p/ACDbU1kLM0UgpmUjiXptN1JCHgyvuEaWRv0tLRJNQVwX5S?=

=?iso-8859-1?Q?WS5qj3lHR9CSA2ydVKVyawmBObJ+eEia70ZKAZwXL4endJEPr+CogUpFUi?=

=?iso-8859-1?Q?fcUZyLYFlcCxY2H5lbsEI8bZRm0mHtreXtST4cd+VmLM5XzVxe2IEa4nRK?=

=?iso-8859-1?Q?YV9J3JvEJgOFJgPcHFsfs23nrM2cRRcmgY6IQD7YExg+oLrpCs2mU2GRHD?=

=?iso-8859-1?Q?4/yrBbgI35Kimw02zSfmScR5SvlhHuaJUCkrtQzhPS+QbAV3u3hJQpAqti?=

=?iso-8859-1?Q?MJQqGhcQsW4TgHglfBGUeiciAW2uELKsM6fSA2YDoF4fOEA2Tg0zYL3rfZ?=

=?iso-8859-1?Q?vrZXSNPHKkhnBxLGjXd9H+9xJtp1lanR82Jcle8otZEjH+wYzyX3ujPrup?=

=?iso-8859-1?Q?m0z4Q+m+OYkigzoJ6BRyUEuXBEE/jrldj+jh14q5dl799HMclEnZ4YL8Mx?=

=?iso-8859-1?Q?VCS+rbj1eeT5uDJFvGwmuI5Bx+dY4zHgO8Mgrt+VNJn/zEkSyF6KBnwesE?=

=?iso-8859-1?Q?Af1Y5lFOv1IvO5B6Bi0bxTDqiy7CgovtDNlA7toOFSTQ/zGme6yOnwtT49?=

=?iso-8859-1?Q?6ixWfO81k97UM9S27OrUV5rQsWR60vJb1guAevUjoCA4cqo5gz97uPQxLe?=

=?iso-8859-1?Q?PJqLkiEgiNByHzj7y7eT0Oc0n7sA3F4uMGGO1naWnYW8dIZtqBXiGjoK+l?=

=?iso-8859-1?Q?uBf0xi90tp6rLxWBkuLmTIL0boMCnAma2Jtp+FzyhJSGuh9dLsgX3ypZqP?=

=?iso-8859-1?Q?Y0BGkGJ9SG07QRgAWCY93krnX+L0wLTWM95wRZFOnmP2FrjB4asCXXRoKg?=

=?iso-8859-1?Q?1pHDUDN8rJ/PTZlZRQq72NaexEvxTYHEGzUtERwDgqYAoSS2L+gIgwnNy1?=

=?iso-8859-1?Q?Es0aKSnn4FGJzaGYVXIDIj11LGR478t+w/tR7/LglIEcobaEGYIbMqZx0Z?=

=?iso-8859-1?Q?Sx8QoJjnFz/RlQ3hXImYNkrjUluDprFjhU9LhpFL7jXzMYFVad7EuUAS0m?=

=?iso-8859-1?Q?23s8G8LLJnAnBOD90bvu3BkFzooW2nqisL7/geISsE/ia2mJUUiNbopjOT?=

=?iso-8859-1?Q?HSb3L1qWZxPot5VVx6k8N2t+0TLGlUopQSxVhP9DPq102yWnpGu0WqvRgG?=

=?iso-8859-1?Q?O4cRBCJSpsBHuEOahrFSyY8bIb0fTpqNMydSLc0wGQysKSXv6V8Pbxcz7v?=

=?iso-8859-1?Q?+uqZbF7ROinc8YNdpS0h8048SwtJOvB4n/TU8Rr3IjqUJswP4FM/wIZiMb?=

=?iso-8859-1?Q?FgQByBa4PgMi6VvDJOpmH5KjH1tXmbSuMZeXUwmoKJflUAo=3D?=

x-ms-exchange-antispam-messagedata-chunkcount: 1

x-ms-exchange-antispam-messagedata-0:

=?iso-8859-1?Q?qV9B/kZk98MrnEEaA5hlJeOCQMqe13+9MmFB60ycZX06CUX0P/S9JZjakq?=

=?iso-8859-1?Q?aLAB1T5o7uEeRngk4/gCyvOyw992dINSe5K1+4GQrOQBOfmiTE3WvTsqZd?=

=?iso-8859-1?Q?MYu8iH5XBbIBGj4C2jwkWiU4VmnIGbnllpnZFbVxFeJ8MSa01TJFgPosfU?=

=?iso-8859-1?Q?aJ2QEyd1NECxciDYMBp8liU/BJ2p2v755ory9GTcH2QzVO6fysCcZa9SVK?=

=?iso-8859-1?Q?ERntjDPprX/G4L7/IAMn0E8TQ4W2U3GBYzMb7SmiQ0jpPaiW3Zsc0w0QQP?=

=?iso-8859-1?Q?7Fhv9UlRzKRyhaD3IofGwLlllVG8fmVQtletplsamNikbOHaWvFHWLCcGx?=

=?iso-8859-1?Q?JmQB+fi4zB0IYB1D4m9pGfLGO9DvDzRu+gJ//kglLIGKh2S8VgYWnTDSKI?=

=?iso-8859-1?Q?qMJQyQ29zGayV8SjFRB9ZDqrfNsuZbvgxhO2+itoVgMwIv28CK98cFSoBE?=

=?iso-8859-1?Q?Ua//QHhSulOkr2WbaXUbQPS91i1VRhFBe8AKXQfqtA024FOaXrmgK+9smB?=

=?iso-8859-1?Q?sV0tgixRR6NYINu3WirbVPaYqlYheH1UP/SPLa8XVPQ3avPzKPSHLTxgZj?=

=?iso-8859-1?Q?kXFUIaA28dn8TIM+7ZbBXCJpCjwIorWbPO0o4fdccy0OOj7eBCnyIbcM5h?=

=?iso-8859-1?Q?Ke6LVxhR6tesMOYAwWu5cKBlBIR1Tj/AVy4DCpmjBByiR4WWfWWFf5hwHT?=

=?iso-8859-1?Q?h5v+IcPuMVdlyNt08MsgP9VXR/lIv5o6EKv9pkUKTijxXty542pJRTgikG?=

=?iso-8859-1?Q?v/hYI1t7hYr4SSQQhRsbDkwROcBEnDZnH6BSyVTh/GJJv4wpzxj0RyR/2B?=

=?iso-8859-1?Q?bnh7k1yx3tqtXuLqFn8D9+LiKxFGzypl1wD2L1raxFzduh49xe69GKzJus?=

=?iso-8859-1?Q?W2QkNhX1gobPo1sJyuBEQZ7+do0osh/F29xYG/sT8FoV0dDrwwGkNFA4lk?=

=?iso-8859-1?Q?S1eMdMaFP1FKVIlNLr7y2qyOfFRlkeKV0oFB1KUT8eJwjW9upCdiQrJCR2?=

=?iso-8859-1?Q?Q44yxH9n4QaPqg82YesBvpPJ6dMswaO68BU3wi4LcK0+Ci0WbWuMl0P8iJ?=

=?iso-8859-1?Q?VrRGSB2VYeZA9ePdbSy0A8g2dd8K99fmK9wE/YneXPjrNZntk29t/m/6bE?=

=?iso-8859-1?Q?RJEorv2nK8cI6K7gRsCSTZnV+U7Rczms3wsa+cakESgAKJR1ZGngkgQu6d?=

=?iso-8859-1?Q?iPidhiYTVYFvwL8C1njEMyjWSkDJzwJMTmR0ho2GJHTWeBILjndgrCb2/W?=

=?iso-8859-1?Q?jKll9MiDPyEmMX3RzdQ4T2iHbTo4T+SKhswzZ+qmiQS1eNUypKEB8OhF5M?=

=?iso-8859-1?Q?E3kyQp+oxddLFhsyp9kj0Ia0CHThN9DIuXod9UtdhofotiFBnaUPhTaaHi?=

=?iso-8859-1?Q?iPUqGU5z67zW77TAWt/H6tL9bO7fZbJ7N6+JWwEzCgGu2kdzind25JuQE6?=

=?iso-8859-1?Q?FfpYbP1lyWCmSyZqZwPcagjV/qnDdKIt5IpGfokHKkwtu2x1Wol66V/Qpm?=

=?iso-8859-1?Q?XQRYOcyrMhJ05t/3cdViTR?=

Web/SeO/App Spam from Microsoft Outlook Part 2

Content-Type: multipart/alternative;

boundary="_000_WA0P291MB039057F0572EC04AEF3A3134C4F52WA0P291MB0390POLP_"

MIME-Version: 1.0

X-OriginatorOrg: outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-AuthSource: WA0P291MB0390.POLP291.PROD.OUTLOOK.COM

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-CrossTenant-Network-Message-Id: 1c16c9fe-018b-44e9-9bf0-08ded82a7635

X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jul 2026 11:10:01.5992

(UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: WA1P291MB0009



--_000_WA0P291MB039057F0572EC04AEF3A3134C4F52WA0P291MB0390POLP_

Content-Type: text/plain; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable





Subject: HELLO



Hi,

Are you looking for a new website or thinking about redesigning your curren=

t one? I'd be happy to help create a modern, responsive website that fits y=

our goals.

If you're interested, I can share my portfolio, pricing, and a few recent p=

rojects.

Best,

Richard Louie



--_000_WA0P291MB039057F0572EC04AEF3A3134C4F52WA0P291MB0390POLP_

Content-Type: text/html; charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable








1">








nt, Aptos_MSFontService, Calibri, Helvetica, sans-serif; font-size: 12pt; c=

olor: rgb(0, 0, 0);">




Subject: HELLO




 





Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);">

Hi,



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);">

Are you looking for a new website or thinking about redesigning your curren=

t one? I'd be happy to help create a modern, responsive website that fits y=

our goals.



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);">

If you're interested, I can share my portfolio, pricing, and a few recent p=

rojects.



Aptos_EmbeddedFont, Aptos_MSFontService, Calibri, Helvetica, sans-serif; f=

ont-size: 12pt; color: rgb(0, 0, 0);">

Best,


Richard Louie








--_000_WA0P291MB039057F0572EC04AEF3A3134C4F52WA0P291MB0390POLP_--