Community spam from Microsoft Outlook

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Oct 2025 14:24:57 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBIuB-00000000Bbo-3P0Y

for dave@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 14:24:27 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Oct 2025 14:24:27 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-japaneastazolkn19012056.outbound.protection.outlook.com ([52.103.43.56]:17773 helo=TYPPR03CU001.outbound.protection.outlook.com)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBHoM-000000004kQ-45DL

for doctor@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 13:14:31 -0600

ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;

b=PLoul6Dj89vmC6VryvFZAPSU8t+IP6yEY71kiBcRcsgsyTea/nOw/qAYkTrLTT77q9yDeCNRBm0KW3FEDTWC5MKuuu7qKLQ/KHbKNWZlwatRyNzthT5BRFr7yCUoGJRjRsH7be1v8F4H0c6kxvRLKopHSaxsO6aMonlH1ZlhnFisP0KBv2697hZpOkNTHbzCwXk5o1bSJutGeqtDORfIxbrZYk5FhTvjvDr5NiV7Pb02a1TFJaZYx9fZHFZTUUPW4+0g21pBw/oHtTw11OYZZuFTlUE3MEuRxgoww5Z/j1dc1JPcl13TTqi41ihIXJmP2JHTF4UF3sGPNrLyVbEScA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;

s=arcselector10001;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;

bh=FjHnGzGuMRpJhGWMyJp0RQY2/ChLpzHqGNpEc9tOCAs=;

b=hFTsgSTYS5egXs6v7e7HdwQ/Hoo/UYPUF0IiKtIAOVqXRzF8/F8+NstLpXaNebAgeFBK4RH7ZyCMPd7DsJ17jmqbfFG0f1ecvD9QtaGE67KyCVWXYfCJ+oIYDQ2ju0zfgFTuFVn4DUMwkgN1zyaw+ntRB3SP72pP/LCBv+l3PlYNYpSDbwImSWU4J8/jDPh/tppBdb03wEFfCDoT081jHxqBGvBh5Wec/xQbd2wz5jmRGiTFqNfKU+juc9UUptXYdTBlWIgoFqVV7ku80qFmW1pKiuOywuOVwf9BoClYe7VuUcCvup6UgOdobRb9UOHCqltvmvKy7K/tcqVjAduj3Q==

ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none;

dkim=none; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com;

s=selector1;

h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;

bh=FjHnGzGuMRpJhGWMyJp0RQY2/ChLpzHqGNpEc9tOCAs=;

b=FSWuv2OpujIqdhA0mzEKpXLwtKaQE1Fy3hP6315+fb0hoOSQ0aIV4/RilB8BHDcp2aOrZilPLb2SLcvLxLfsgFNHZcF/z2K5FFHNI1VhukA2T0JFB8I/stmhJ4uQ45sLWyp9ayNacrJBifk0i2P4qeHcMAX5JTiNRRV2Hyz1B2CL+0K1+epnetLD18lJjQ2PQjIwk1FFaFWvflPwjBJ1PzVWElTQDK9UOCVklAO8+kWI5A4IbFFIw7C+4vRDIt0F8Ls29AH0MPQgZdBCchMMCER1EAUcK7+p+YRjB7J0r19cQtdR3LFxhDLuUpNgSHM7QUa7JeXqDbdsS72ViQ9NMA==

Received: from TY0PR04MB6494.apcprd04.prod.outlook.com (2603:1096:400:273::10)

by JH0PR04MB7943.apcprd04.prod.outlook.com (2603:1096:990:99::14) with

Microsoft SMTP Server (version=TLS1_2,

cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.9228.17; Tue, 21 Oct

2025 19:12:36 +0000

Received: from TY0PR04MB6494.apcprd04.prod.outlook.com

([fe80::d48b:f5ed:c775:4cf9]) by TY0PR04MB6494.apcprd04.prod.outlook.com

([fe80::d48b:f5ed:c775:4cf9%6]) with mapi id 15.20.9228.015; Tue, 21 Oct 2025

19:12:35 +0000

To: kimberlysanchez6850@zokota.com

From: "Anna from GirlsInU."

Subject: =?UTF-8?Q?A_new_beginning_ca?=

=?UTF-8?Q?n_start_today=F0=9F=92=96?=

Reply-To: "rennaeknth@hotmail.com"

X-Mailer: Lotus Notes

Date: Tue, 21 Oct 2025 22:12:30 +0300

Message-ID:



Content-Type: multipart/alternative;

boundary="----=_NextPart_000_F4AA_9BD79DF6.997814B8"

X-ClientProxiedBy: HE1PR05CA0162.eurprd05.prod.outlook.com

(2603:10a6:7:28::49) To TY0PR04MB6494.apcprd04.prod.outlook.com

(2603:1096:400:273::10)

X-Microsoft-Original-Message-ID: <1.9044a75fcf1fc5be2039@DESKTOP-IVI1O0L>

MIME-Version: 1.0

X-MS-Exchange-MessageSentRepresentingType: 1

X-MS-PublicTrafficType: Email

X-MS-TrafficTypeDiagnostic: TY0PR04MB6494:EE_|JH0PR04MB7943:EE_

X-MS-Office365-Filtering-Correlation-Id: 7c413c27-b6db-47bf-a079-08de10d5ca89

X-MS-Exchange-SLBlob-MailProps:

a+H6FLLcF3qR2HGZMjL0lriKLF3k1Y96aPBE6Llri1bYAS4OGgyR//zbySk9Wd9QWTkxZwoegS2fljiNfWDMk/AKk0VwaMo6JqfGADgDiAeQfIxJtinTCIM+R7NimmWFa/bl2nYR3bW2pqigbpJ9PPMKAUVgmzXxOlhPwHGPrj4UWQ/LKgPDhkciFeEb8sGVsQq4Om1fPbniGQYpy+NFAscZ0KvmNV2VDdlo0q4ssru2g62Vrd585UPrNnrOaDP1/56O19GeyBZyrhMRNzxSXJ4oB4/y18o3/i0QVCA72lv6VPkSXd/FOeEmRU9im2AIvfbmu+vH/LyOKfJ4V5MTiX6tClFV5Jfe7wpY+O819oKAhG0vBZCHJ45CX6fAgBshVzFA7ZAIP9Bj4sRMJynd+OLgE6uxNptmzQWMsZbgGlYWXxWukFjvkPBdWWubGmeCR2VFGQhrL5HiVh4ai4TqgPnyTDCwURBxVhm1EQX2+6IIOgnjxd1Dgq4A9QHaR3efujJdrUxic3G/7jiaGP4u+/UBUJFPxEGFONfdag3RkzwO7N6QR/zem6SBl1Rz++OVRstVFwGLWJJJXhCOm5JkAbh0+Nqp9ttL/yqEhygk0tGg6HOZL5bMFmlvT4W1xthlRQ56utr9TQye4vNsqoy+jwjeePm5Xo1DxWKXlZP4/BaxONqeqTqIbhYYBnVqfmBDCtpB4aZK/cNtd8G019zXGfARhLcMr4/I0ODEa3oSZqUesH0XRfjxGcxBPug0xzpzIjTC8cJeZ0EqPjprvM3Pn4kjQOCccT3iZ8lc8FJybYS6HiwsnN31xNXuoBk46zRj

X-Microsoft-Antispam:

BCL:0;ARA:14566002|461199028|23021999003|5072599009|15080799012|12050799012|12121999013|19110799012|9400799040|8060799015|56899033|40105399003|41105399003|39105399003|440099028|3412199025|39145399003|10035399007;

X-Microsoft-Antispam-Message-Info:

=?utf-8?B?Mmc0djhRdjFUbnFlaGFKRXNiOTdETllaejZXWERnTm1zNFFBV2ZRQVFPNGNI?=

=?utf-8?B?ZC9EQjA2SER2U3VabWhUMlpBYndUYWZaWEpqRkxEeUJlR3hwV0R4QkkycVZk?=

=?utf-8?B?KzNnZmI4WHR3RXpNZE5LQjhCeEZ4eGVZTXNXTHVSRXlEZDRJWEZzNTFkUHEz?=

=?utf-8?B?NkNkQjZQOXVubVRINEh1bG1GTlRTaDFZQXBIcXNBOU4zQVhyVEp1SVZQd1Mv?=

=?utf-8?B?ZDAwWDhmSEVWZXFmanVMTlZpZ2ZKOW81UUhUWUJoWFQ4OGhqSVk2R1hLUEpD?=

=?utf-8?B?b2xqcGV4d0orajRBY1FTdTA1QjRHbVFyV0VSaHZLZi80TG9ldjBSOXBpNHFK?=

=?utf-8?B?b1VIQVdHemptK3pVQ0ZnNnp3bE5tNjBEaXV3SmkrQk5jSjVjbVBoSjNQdVpI?=

=?utf-8?B?cjZOamc0MzhYanlaejJ4TUpLSm5OV2ZidGo5SFFVa3VJV2djVHhDdW5HWGlh?=

=?utf-8?B?ZERyRzFEN3cybnROR1UraG1TU2RzbEtobCs0VGJuQlY4N1p6NXBLVXNlREJM?=

=?utf-8?B?NGZmOXZuK1ZnRXpIUU5UZnZuMTl6eXkvWXE1SXlVLzIvN1FZL0MrMk45emtY?=

=?utf-8?B?RU5UZzN1VFlTVlJkclI4T1VmK3ZKZG5GUWovblFkVHE5S0w5MloyTjdaTGpn?=

=?utf-8?B?ZGdSQXU5UXJrcy9oRUIxcGlxR0cwaEo4cE9RcHlYa0F1UXhsYTlrTlZSK2sv?=

=?utf-8?B?ZVhPUnJhSGx4ZVd6eTlNWUJQSTkwa3hnOFV6eUgybGhSYlhid2Q0VGVzN3Q1?=

=?utf-8?B?WGl6Uy9FMzNJK0lsaytuUjZkRjQ1bkQ5MHRrVlNwSHBwNVVNTnM4UXBxNlFh?=

=?utf-8?B?ZDhhSTcvSDFyaHpvdXl3bXBGeXFoYVJsVEluY21pcG0zWlQ5VC9haEZVMW96?=

=?utf-8?B?a1RPaDZOVWFIQk9qSk9lSmhpdEE3SjBRb2NnS3Y2WVVxRmwyT0hDbG1WWGZM?=

=?utf-8?B?bDBXblFmMElHZTJldTd0d0lKQUkybVUxV3g0R3YxK0NjWnBlQUhXY1dxSVpP?=

=?utf-8?B?ZUwzYWVUYVJPZFRrRDdUUm5ya3RMaVRnSUxpZENYRXFiamdTUUZFc2YzZ2py?=

=?utf-8?B?WXhPblZXQTBZcEtDaWxmNE56bG5TSDlSL0VnSTR6dkl6WE1HRVZtM3NNdlEv?=

=?utf-8?B?WUh3aklNeDhCYldiUGtIUUxZYVRlMVRxTTdPcklUMVh0clNERHR5RlhObGNl?=

=?utf-8?B?NWMrNTBJUmU3cVgzQmVVM0Vwb21hK0FWaFlGdGtGQVJ6d3lsOU1YN1RuOVFE?=

=?utf-8?B?QmFVVmRXdkMxdTF3cnZtWUtEQzFmeE5zUFdodFBwMVB0a2hMU1I1WUlwN1N1?=

=?utf-8?B?Mnl4SzczbkVNbDIvaVd0azhrV1NTZ2VkVGNBZS9Qa3ZHOEo1MG5PY0ZTRUxY?=

=?utf-8?B?M3l4Z3Rkd3pvUXBjUmJUT0ZVMEhUcGwvWkFEcHYxTWZmRDVXYUlTM1F6cmNT?=

=?utf-8?B?VmVRYWV6U1VjME5wc3NIV2hHbERRSWRPeWpvcTI0ekx5SDgyOEFibUIrZjVQ?=

=?utf-8?B?Z1RkaERGcGFIc2NuTEptVWFmemo0THJDUnZ5VTdaaVJuZ0VlQm02Yzk0RUh3?=

=?utf-8?B?NFFXL0xRVVdDT3JxZG5WY2VsNUg1UHdtSndnS3UyWkh6Y2RsZ0UxSmF0RTF5?=

=?utf-8?B?SHphT3pPNTFrSXBhTENzS3haVzEvbmszOSsydG5mUHZXK2hpUjFZQzFuMjZ4?=

=?utf-8?B?ZExlNER6OW1qQmdlZkRxcGlkd0VtMjRQc2NZVlN0bE5nS1NYREZZTDFSaWVq?=

=?utf-8?B?bWZudG0xS3h6QXRuNHU1VlQ4SUtjaVB4TkhZUTJzZ1Yxbzd3N2xqZWZ1dzVX?=

=?utf-8?B?c0xDS3FBRVJBRjh6NTIyUT09?=

X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1

X-MS-Exchange-AntiSpam-MessageData-0:

=?utf-8?B?ZzNHNEJJNzdlbHllV0hKa3hLbklIbSszYWFtRGJGQnhMZzNXbUdvYXFlQ1M5?=

=?utf-8?B?Uk1qb2E3eU11QlRycTJUMUl5cFJoRi9HTk1BTng3SjFlS1lFa1VMYmthUEM5?=

=?utf-8?B?OG9uY2lrTFkwN3dZL1F2RFUrMGNKQ3FSbHdocVZQUGlyai9IQXZmSVJLaU84?=

=?utf-8?B?a09zMEZuREdvTEFuczJXNjdLYzI3T3A4V2JJam5mNDdnQlQzY0RVZ3REaHd0?=

=?utf-8?B?b2N0S0x4UmhmZjJlaHN0Um5iSWNuWHBCYUMvOGN4dk1iTGwydEU0Wm1NYTBu?=

=?utf-8?B?WU1pSUpQTlR5OGc3L0psSktOUG0xMjROWXl0N1kzQUxtMGNyQUlaYTlYY2hO?=

=?utf-8?B?OHNZTUQ4MWZicXZUMitOV1VVTWtJMWpkaEZqNEp0Z0xmT1RJRXNVUFlMMU1Z?=

=?utf-8?B?Qm5Cb3JsY3ZEckNWc0ZLOWk1WDJsNC9uUFZQTXJUbUdVOEUzUnR2TGxRTXBh?=

=?utf-8?B?TDNtUTJDek1XOEJTWVh2S0dzMFFXbEFycXErZmFpUStIa0JCUXlyWm14bkFw?=

=?utf-8?B?UEladXhwVjZxYmtTZTg1Qmo3YlNERmtXTlBaN2tGU1pwUEhZMmVJVW11T3Uv?=

=?utf-8?B?MFkzRnlGQ1ErQUFNWWxvM3RHYUJKY0FaVG5HWk50UWh2Q295SWZtTkt1eGNU?=

=?utf-8?B?QjUza2JqMGlHQUxxVlptUWFuakJXcDNEeHIzaUpxdy9yYSs1SC9JdjFZUGZO?=

=?utf-8?B?eTRuRzJoT0hzSllUWndGOUNNVDYwcEM2RkRIY0FkMjZoZUMrSFFLVjZWTGhx?=

=?utf-8?B?cGMyZGU2NlpQTGVXak90aEE4ZnVPM3pzUGQralZGUW5uU0t5WTBlQnkzNDVk?=

=?utf-8?B?UEdpMUYyd1psbzh2ckVwUUZrTGxESnM3dVV6WTNGYXcyUURBUmhxeWZ3OGpL?=

=?utf-8?B?NkpOQXhpQnNUWXBTZXRTZjFCUTdlVHV3MTFVN2lzWXd0K2V3N25qL3NtVHVV?=

=?utf-8?B?dWN1SStkOHZCekxZMnl1Nkw3dEpIbWR1YUtsQWxGaWhSWTJKME9oekg0bWpj?=

=?utf-8?B?cEg5VFBwQk5lMm4zYytuTU5aaTFqQUxDVHZ4cnhJSDhFVUJ0dFpEK3NiZ00v?=

=?utf-8?B?RnY1Uy9STGFnQWFncWp4aUZyR0d0bVZ5TjFJZmFxV1ZjcFg5YU5qNEFMOTRN?=

=?utf-8?B?V1M5OUl2WUJIdmhVdGE4cFJucjFDTldBSjgrWlRLK3gwSFpjSmdvTU5peG9m?=

=?utf-8?B?NVREMnpSYkUzbXNWd21WMzBicDlWTWJ3ZDFjdzBHWXJYa1drbWJjTkVUcDhz?=

=?utf-8?B?LzUycnhhcVA2akp1VDluZDd4NXR4Y1pFNnhObnh3WTF2WTVKMnZINWZ5QVFV?=

=?utf-8?B?MkdjSG82Y3dldG9maG5vQ1dqY0pLbFd5elQ1eDhndjRxQjhzNEdQS2RRU1d4?=

=?utf-8?B?MVBlaTNLa0s2NUkwV3NOSlJSb05LdjY1ZmJ3T2lYNHE0V2R1aHEwZTQ2ZGdT?=

=?utf-8?B?STBNMkdjSW9CRmVVVGFDT28yWFlsWlFLOTltUGVDRU5rMjFFMU1pUEhjTTRT?=

=?utf-8?B?WC9HMkdiWi9qYloxQWMvR0k1OFRkakszYlRIT3pNWHJoNTBsSGpNOE9CQXB3?=

=?utf-8?B?SWJEclBTaGFuQ0ZhZ0J4Mnc4K0R6NEZ6b0hEOXR3dXVsRitVVGtwY0hjd01W?=

=?utf-8?B?cWdZYUlyTklTOTc0OFp4UmJHMUV0S05NTTF1T1lGeTgrZHRXcXlDSG04NUhy?=

=?utf-8?Q?TZSOmmEU4YpkVtlSSn6u?=

X-OriginatorOrg: sct-15-20-9052-0-msonline-outlook-38779.templateTenant

X-MS-Exchange-CrossTenant-Network-Message-Id: 7c413c27-b6db-47bf-a079-08de10d5ca89

X-MS-Exchange-CrossTenant-AuthSource: TY0PR04MB6494.apcprd04.prod.outlook.com

X-MS-Exchange-CrossTenant-AuthAs: Internal

X-MS-Exchange-CrossTenant-OriginalArrivalTime: 21 Oct 2025 19:12:35.3766

(UTC)

X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted

X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa

X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:

00000000-0000-0000-0000-000000000000

X-MS-Exchange-Transport-CrossTenantHeadersStamped: JH0PR04MB7943

X-Spam_score: 5.3

X-Spam_score_int: 53

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Tired of noise and meaningless chatter? Try something different.

A community built for real moments: thoughtful messages, genuine replies,

and connections that develop naturally. Start small — a quick “hi”

— and see how it grows.



Content analysis details: (5.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2603:1096:400:273:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:273:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:273:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:273:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:273:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:273:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:273:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[2603:1096:400:273:0:0:0:10 listed in]

[will-spam-for-food.eu.org]

[52.103.43.56 listed in will-spam-for-food.eu.org]

[52.103.43.56 listed in will-spam-for-food.eu.org]

[52.103.43.56 listed in will-spam-for-food.eu.org]

[52.103.43.56 listed in will-spam-for-food.eu.org]

[52.103.43.56 listed in will-spam-for-food.eu.org]

[52.103.43.56 listed in will-spam-for-food.eu.org]

[52.103.43.56 listed in will-spam-for-food.eu.org]

[52.103.43.56 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[52.103.43.56 listed in dnsbl.ahbl.org]

[52.103.43.56 listed in dnsbl.ahbl.org]

[52.103.43.56 listed in dnsbl.ahbl.org]

[52.103.43.56 listed in dnsbl.ahbl.org]

[2603:1096:400:273:0:0:0:10 listed in]

[dnsbl.ahbl.org]

[2603:1096:400:273:0:0:0:10 listed in]

[dnsbl.ahbl.org]

[2603:1096:400:273:0:0:0:10 listed in]

[dnsbl.ahbl.org]

[2603:1096:400:273:0:0:0:10 listed in]

[dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[52.103.43.56 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[52.103.43.56 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[52.103.43.56 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[52.103.43.56 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: loopuns.info]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[52.103.43.56 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[52.103.43.56 listed in sa-accredit.habeas.com]

1.9 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist

[URI: loopuns.info]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[52.103.43.56 listed in wl.mailspike.net]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[52.103.43.56 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[52.103.43.56 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

0.0 ARC_SIGNED Message has a ARC signature

0.0 ARC_VALID Message has a valid ARC signature

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[rennaeknth(at)hotmail.com]

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

Subject: {SPAM?} =?UTF-8?Q?A_new_beginning_ca?=

=?UTF-8?Q?n_start_today=F0=9F=92=96?=



------=_NextPart_000_F4AA_9BD79DF6.997814B8

Content-Type: text/plain;

charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Tired of noise and meaningless chatter? Try something different.

A community built for real moments: thoughtful messages, genuine replies, a=

nd connections that develop naturally.



Start small =E2=80=94 a quick =E2=80=9Chi=E2=80=9D =E2=80=94 and see how i=

t grows.





=F0=9F=91=89 GetStarted





Inside you=E2=80=99ll find:

=E2=80=A2 Authentic people, verified for trust

=E2=80=A2 Easy, secure chats that flow naturally

=E2=80=A2 Video & audio options for real interaction

=E2=80=A2 Features designed to enhance conversation

=E2=80=A2 Reliable privacy and respectful moderation















=



------=_NextPart_000_F4AA_9BD79DF6.997814B8

Content-Type: text/html;

charset="UTF-8"

Content-Transfer-Encoding: quoted-printable




data-start=3D"1418" data-end=3D"1600" align=3D"center">=0A=

Tired of noise and meaningless chatter? Try something different.

tart=3D"1482" data-end=3D"1485">=0A=

A community built for real moments: thoughtful messages, genuine replies, a=

nd connections that develop naturally.=0A=

=0A=

=0A=

Start small =E2=80=94 a quick =E2=80=9Chi=E2=80=9D =E2=80=94 and see how i=

t grows.=0A=

=0A=

=0A=


=0A=

=0A=

=0A=

=F0=9F=91=89
data-start=3D"1659" data-end=3D"1674">GetS=

tarted =0A=

=0A=

=0A=


=0A=

 =0A=

=0A=

=0A=

Inside you=E2=80=99ll find:
=0A=

=E2=80=A2 Authentic people, verified for trust

end=3D"1741">=0A=

=E2=80=A2 Easy, secure chats that flow naturally

a-end=3D"1784">=0A=

=E2=80=A2 Video & audio options for real interaction

828" data-end=3D"1831">=0A=

=E2=80=A2 Features designed to enhance conversation

data-end=3D"1877">=0A=

=E2=80=A2 Reliable privacy and respectful moderation=0A=

=0A=

=0A=


=0A=

=0A=


=0A=


=0A=


=0A=


=0A=


=



------=_NextPart_000_F4AA_9BD79DF6.997814B8--

Nigerian style phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Oct 2025 11:18:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBFz1-00000000IDy-1kTA

for dave@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 11:17:15 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Oct 2025 11:17:15 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from region.emg.fm ([109.235.208.74]:53906)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBFpK-00000000HCK-0cTz

for webmaster@nk.ca;

Tue, 21 Oct 2025 11:07:22 -0600

Received: from region.emg.fm (region.emg.fm [127.0.0.1])

by region.emg.fm (Postfix) with ESMTP id 4crdvj33fCz7kvvs

for ; Tue, 21 Oct 2025 20:05:05 +0300 (MSK)

Authentication-Results: region.emg.fm (amavis); dkim=pass

reason="pass (just generated, assumed good)" header.d=region.emg.fm

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=region.emg.fm; h=

content-transfer-encoding:content-type:message-id:user-agent

:subject:to:from:date:mime-version; s=dkim; t=1761066305; x=

1763658306; bh=BQNHZLrArQLSux4eF7/Fnk4tAp8gRlc8fC1Xlb/TdYk=; b=B

vN4NsplA/j14aETiTgW0vUht9aLCeUFGEYGTMZZEo1EzCcbPEbxdGGsY9BRNDGH3

cpskQ8sXLasXLESHWB+seuysycw7NHlPEVydrMm3BRB8O0Mrn9w8kuvcZ2wP2ZYk

R/z0D9J8u5/ZB4wOEp6sY+g5Em40Gm+lSBfJK3m9TjenLCLwhUur1Rmkq2ZZWhRL

VXJUs2kim3DeN8l7LzWBrpoQsyd5IwUhoftSl1hm7EhcsPZxEla3TENtQCL2DtwO

w5N1Ra8Av7T6HukpTcOBzLoNd4emTNa4li78QgpMVtDEtWLfd2ej7Vu0H2ntJQJj

aCGsExfOPwPsCL1VQD1Ow==

X-Virus-Scanned: amavis at region.emg.fm

X-Spam-Flag: NO

X-Spam-Score: 3.317

X-Spam-Level: **

X-Spam-Status: No, score=3.317 tagged_above=2 required=6.2

tests=[ALL_TRUSTED=-1, LOTS_OF_MONEY=0.001, MILLION_HUNDRED=0.001,

MONEY_FORM_SHORT=0.001, MONEY_NOHTML=2.499, T_FILL_THIS_FORM_SHORT=0.01,

UNDISC_MONEY=1.805] autolearn=no autolearn_force=no

Received: from region.emg.fm ([127.0.0.1])

by region.emg.fm (region.emg.fm [127.0.0.1]) (amavis, port 10026) with ESMTP

id JRX0KwndQ0fO for ; Tue, 21 Oct 2025 20:05:05 +0300 (MSK)

Received: from localhost (region.emg.fm [127.0.0.1])

by region.emg.fm (Postfix) with ESMTPSA id 4crdvZ0bqFz7ksQw;

Tue, 21 Oct 2025 20:04:58 +0300 (MSK)

MIME-Version: 1.0

Date: Tue, 21 Oct 2025 10:04:58 -0700

From: Andrea Gacki

To: undisclosed-recipients:;

Subject: FinCEN.

User-Agent: Roundcube Webmail

Message-ID:

X-Sender: info@ust-fincen.us

Content-Type: text/plain; charset=US-ASCII;

format=flowed

Content-Transfer-Encoding: 7bit

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Financial Crimes Enforcement Network (FinCEN) P.O. Box 39

Vienna, Virginia, 22183 Email: info@ust-fincen.us Date:21/10/2025 Greetings,





Content analysis details: (16.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

[109.235.208.74 listed in dnsbl.ahbl.org]

[109.235.208.74 listed in dnsbl.ahbl.org]

[109.235.208.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[109.235.208.74 listed in wl.mailspike.net]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

2.4 MILLION_HUNDRED BODY: Million "One to Nine" Hundred

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 LOTS_OF_MONEY Huge... sums of money

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.3 MONEY_NOHTML Lots of money in plain text

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} FinCEN.



Financial Crimes Enforcement Network (FinCEN)

P.O. Box 39

Vienna, Virginia, 22183

Email: info@ust-fincen.us



Date:21/10/2025



Greetings,



We hope this finds you well. Your pending transaction, intercepted by

FinCEN, has been fully reviewed and approved for release.



The sum of Ten Million Five Hundred Thousand Dollars has been confirmed

legitimate and will be paid via Online Banking Payment, accessible from

your location.



To issue your Payment Release Certificate and complete the transfer,

please provide:



 Full Name

Address

 Contact Number

* Government-issued ID (scan copy)



Send the above to (info@ust-fincen.us). After verification, we will

issue your certificate and provide instructions to access your funds.

Please note that due to impostors, we are issuing a code of conduct,

which is (6065). You must indicate this code when contacting us by using

it as your subject, good luck.

Thank you for your cooperation.



Sincerely,

Andrea Gacki

Director Financial Crimes Enforcement Network (FinCEN)

Nigerian styled phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Oct 2025 11:17:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBFxw-00000000I7B-1TKX

for dave@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 11:16:08 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Oct 2025 11:16:08 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from region.emg.fm ([109.235.208.74]:53324)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBDXd-000000001lC-0Nbs

for root@nk.ca;

Tue, 21 Oct 2025 08:40:57 -0600

Received: from region.emg.fm (region.emg.fm [127.0.0.1])

by region.emg.fm (Postfix) with ESMTP id 4crZhG4xFtz7hp0g

for ; Tue, 21 Oct 2025 17:39:58 +0300 (MSK)

Authentication-Results: region.emg.fm (amavis); dkim=pass

reason="pass (just generated, assumed good)" header.d=region.emg.fm

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=region.emg.fm; h=

content-transfer-encoding:content-type:message-id:user-agent

:subject:to:from:date:mime-version; s=dkim; t=1761057598; x=

1763649599; bh=BQNHZLrArQLSux4eF7/Fnk4tAp8gRlc8fC1Xlb/TdYk=; b=T

JY4z+DFJ2sZpowe7y/3kl2ZHXiUQkzkOEROg/jzAup2E60SJugyv3NSQonoo5s1x

fw/ptczd/pXqvaK0kELyETFS7+gx1F9cMWYSmER0Hd/O6pSd//ZBFHsPZoSHb0zQ

FCxLjrY7JTOiirPk9/X6GjdxCM8LT1lWpe8pwBsaui8jC1c/Z3kKPoPfD+pKoMrq

9RWZU1XI2HlmZ6H3nygNmjvKC45bQmoMaSV7ec8/qUUiAJXU23vxTiUFzLV0EeSN

Ow78LuG2xTjoyEmTSFyCUSV83ozzCzrP9Sz5N22rejt22KZVv7PFY5heywpgXV7m

7tTYrqnTvk+qP1kewAv6g==

X-Virus-Scanned: amavis at region.emg.fm

X-Spam-Flag: NO

X-Spam-Score: 3.317

X-Spam-Level: **

X-Spam-Status: No, score=3.317 tagged_above=2 required=6.2

tests=[ALL_TRUSTED=-1, LOTS_OF_MONEY=0.001, MILLION_HUNDRED=0.001,

MONEY_FORM_SHORT=0.001, MONEY_NOHTML=2.499, T_FILL_THIS_FORM_SHORT=0.01,

UNDISC_MONEY=1.805] autolearn=no autolearn_force=no

Received: from region.emg.fm ([127.0.0.1])

by region.emg.fm (region.emg.fm [127.0.0.1]) (amavis, port 10026) with ESMTP

id MlWUfPaQeRgr for ; Tue, 21 Oct 2025 17:39:58 +0300 (MSK)

Received: from localhost (region.emg.fm [127.0.0.1])

by region.emg.fm (Postfix) with ESMTPSA id 4crZh15kxvz7bpVW;

Tue, 21 Oct 2025 17:39:45 +0300 (MSK)

MIME-Version: 1.0

Date: Tue, 21 Oct 2025 07:39:45 -0700

From: Andrea Gacki

To: undisclosed-recipients:;

Subject: FinCEN.

User-Agent: Roundcube Webmail

Message-ID: <3bc8b7e791e3524c25adeed044dec44b@ust-fincen.us>

X-Sender: info@ust-fincen.us

Content-Type: text/plain; charset=US-ASCII;

format=flowed

Content-Transfer-Encoding: 7bit

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Financial Crimes Enforcement Network (FinCEN) P.O. Box 39

Vienna, Virginia, 22183 Email: info@ust-fincen.us Date:21/10/2025 Greetings,





Content analysis details: (16.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

[109.235.208.74 listed in dnsbl.ahbl.org]

[109.235.208.74 listed in dnsbl.ahbl.org]

[109.235.208.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[109.235.208.74 listed in wl.mailspike.net]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

2.4 MILLION_HUNDRED BODY: Million "One to Nine" Hundred

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.3 MONEY_NOHTML Lots of money in plain text

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} FinCEN.



Financial Crimes Enforcement Network (FinCEN)

P.O. Box 39

Vienna, Virginia, 22183

Email: info@ust-fincen.us



Date:21/10/2025



Greetings,



We hope this finds you well. Your pending transaction, intercepted by

FinCEN, has been fully reviewed and approved for release.



The sum of Ten Million Five Hundred Thousand Dollars has been confirmed

legitimate and will be paid via Online Banking Payment, accessible from

your location.



To issue your Payment Release Certificate and complete the transfer,

please provide:



 Full Name

Address

 Contact Number

* Government-issued ID (scan copy)



Send the above to (info@ust-fincen.us). After verification, we will

issue your certificate and provide instructions to access your funds.

Please note that due to impostors, we are issuing a code of conduct,

which is (6065). You must indicate this code when contacting us by using

it as your subject, good luck.

Thank you for your cooperation.



Sincerely,

Andrea Gacki

Director Financial Crimes Enforcement Network (FinCEN)

Nigerian styled phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Oct 2025 11:17:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBFy1-00000000I7c-3WDa

for dave@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 11:16:13 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Oct 2025 11:16:13 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from region.emg.fm ([109.235.208.74]:45570)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBDlb-000000003Es-0YFI

for sales@nk.ca;

Tue, 21 Oct 2025 08:55:22 -0600

Received: from region.emg.fm (region.emg.fm [127.0.0.1])

by region.emg.fm (Postfix) with ESMTP id 4crZzK1tYCz7bs2f

for ; Tue, 21 Oct 2025 17:53:01 +0300 (MSK)

Authentication-Results: region.emg.fm (amavis); dkim=pass

reason="pass (just generated, assumed good)" header.d=region.emg.fm

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=region.emg.fm; h=

content-transfer-encoding:content-type:message-id:user-agent

:subject:to:from:date:mime-version; s=dkim; t=1761058380; x=

1763650381; bh=BQNHZLrArQLSux4eF7/Fnk4tAp8gRlc8fC1Xlb/TdYk=; b=f

badR/QnFEOVtwmesSLsW8yztldQvIo6A3b5cabhvFpQI9azlJmt0h5LlFAlMQEgV

DfKmc+89VdjiPEw086hsKRjSonYB+JiIseaptwhSx8/ySfTpUIoAGLyON+EJZjf2

QGRROHbyUyigBObJA18ho/nX7oEMuUc/eiyd59LIjPxmibGuTkzOURPQgFr4ZeE2

oI03MWCvLok+383Ck++fapvhPm3qrq+s49CZtnU+z7Bm5v6nXASF3yKDdRC7fN2r

NpsP0WEi7MZcpqqYsdmEllY2+hXpDdmjRrjMxKfJdyLWjz1Cwtgk9lh5/7m37Biu

j5mUw55G2S01l+s0W93mw==

X-Virus-Scanned: amavis at region.emg.fm

X-Spam-Flag: NO

X-Spam-Score: 3.317

X-Spam-Level: **

X-Spam-Status: No, score=3.317 tagged_above=2 required=6.2

tests=[ALL_TRUSTED=-1, LOTS_OF_MONEY=0.001, MILLION_HUNDRED=0.001,

MONEY_FORM_SHORT=0.001, MONEY_NOHTML=2.499, T_FILL_THIS_FORM_SHORT=0.01,

UNDISC_MONEY=1.805] autolearn=no autolearn_force=no

Received: from region.emg.fm ([127.0.0.1])

by region.emg.fm (region.emg.fm [127.0.0.1]) (amavis, port 10026) with ESMTP

id trNviANQxSn2 for ; Tue, 21 Oct 2025 17:53:00 +0300 (MSK)

Received: from localhost (region.emg.fm [127.0.0.1])

by region.emg.fm (Postfix) with ESMTPSA id 4crZzF0bdzz7Z8GB;

Tue, 21 Oct 2025 17:52:57 +0300 (MSK)

MIME-Version: 1.0

Date: Tue, 21 Oct 2025 07:52:57 -0700

From: Andrea Gacki

To: undisclosed-recipients:;

Subject: FinCEN.

User-Agent: Roundcube Webmail

Message-ID: <31f4a4155a74edee49d2f71bf375ca88@ust-fincen.us>

X-Sender: info@ust-fincen.us

Content-Type: text/plain; charset=US-ASCII;

format=flowed

Content-Transfer-Encoding: 7bit

X-Spam_score: 16.2

X-Spam_score_int: 162

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Financial Crimes Enforcement Network (FinCEN) P.O. Box 39

Vienna, Virginia, 22183 Email: info@ust-fincen.us Date:21/10/2025 Greetings,





Content analysis details: (16.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

[109.235.208.74 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

[109.235.208.74 listed in dnsbl.ahbl.org]

[109.235.208.74 listed in dnsbl.ahbl.org]

[109.235.208.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[109.235.208.74 listed in dnsbl.ahbl.org]

-0.0 SPF_HELO_PASS SPF: HELO matches SPF record

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

2.4 MILLION_HUNDRED BODY: Million "One to Nine" Hundred

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[109.235.208.74 listed in wl.mailspike.net]

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

1.3 MONEY_NOHTML Lots of money in plain text

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs

Subject: {SPAM?} FinCEN.



Financial Crimes Enforcement Network (FinCEN)

P.O. Box 39

Vienna, Virginia, 22183

Email: info@ust-fincen.us



Date:21/10/2025



Greetings,



We hope this finds you well. Your pending transaction, intercepted by

FinCEN, has been fully reviewed and approved for release.



The sum of Ten Million Five Hundred Thousand Dollars has been confirmed

legitimate and will be paid via Online Banking Payment, accessible from

your location.



To issue your Payment Release Certificate and complete the transfer,

please provide:



 Full Name

Address

 Contact Number

* Government-issued ID (scan copy)



Send the above to (info@ust-fincen.us). After verification, we will

issue your certificate and provide instructions to access your funds.

Please note that due to impostors, we are issuing a code of conduct,

which is (6065). You must indicate this code when contacting us by using

it as your subject, good luck.

Thank you for your cooperation.



Sincerely,

Andrea Gacki

Director Financial Crimes Enforcement Network (FinCEN)

Shipping phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Oct 2025 11:17:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBFyB-00000000I8H-2GTT

for dave@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 11:16:23 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Oct 2025 11:16:23 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [145.249.109.143] (port=34743 helo=fluxparlor.page)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1vBDxQ-000000004y7-35d3

for root@nk.ca;

Tue, 21 Oct 2025 09:07:36 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=nk.ca;

h=Date:To:From:Subject:Content-Type:Content-Transfer-Encoding:Mime-Version; i=root@nk.ca;

bh=6Nol4uyuhWfTRItbaFwtBu8wdIE=;

b=XGcCQdJGZWvJW02RE2M3IXwFeEweYovpqG5kOJs6OCTTvuuY8XJDFtxpE7vRd9Pk/Zd8rmCcVLdM

NqD9nFl1I+K4zuWUlsabJd48PVLgpTYD3Iuygz83KoEAkLlbn1lCszChOymQtAcEXsrJBmaOMUQG

jZFDmsz/QT8vGuNFBgg=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=nk.ca;

b=aZxu9BrclCDsN9TspUZyJ65AVkMBs1upa4hzFrTX/KszTodv7joD6eCDwVkXRItbgNMyb2HpBe+l

1tslf0Bq/3i+bEL0Bg9Ef6pl+KFv3IV/t5K9ENtbEH66arIGZ0/TYKLNDxJtnU4tFG4KP6f0KdSf

NdtMTIfEzH8ccuooljk=;

Date: Tue, 21 Oct 2025 15:04:20 +0000

To: root@nk.ca

From: Harbor Freight

Subject: Stanley Set Packed & Ready to Ship

Content-Type: text/html; charset="UTF-8"



Content-Transfer-Encoding :BASE64

Mime-Version: 1.0

X-Spam_score: 10.2

X-Spam_score_int: 102

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Got a minute? Your chance to win!



Content analysis details: (10.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[145.249.109.143 listed in dnsbl.ahbl.org]

[145.249.109.143 listed in dnsbl.ahbl.org]

[145.249.109.143 listed in dnsbl.ahbl.org]

[145.249.109.143 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[145.249.109.143 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[145.249.109.143 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[145.249.109.143 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[145.249.109.143 listed in dnsbl.ahbl.org]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length

greater than 79 characters

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX

Subject: {SPAM?} Stanley Set Packed & Ready to Ship



Cgo8IURPQ1RZUEUgaHRtbD4KPGh0bWwgbGFuZz0iZW4iPgo8aGVhZD4KICAgIDxtZXRhIGNoYXJzZXQ9IlVURi04Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDxzdHlsZT4KICAgICAgICBib2R5IHsKICAgICAgICAgICAgbWFyZ2luOiAwOwogICAgICAgICAgICBwYWRkaW5nOiAwOwogICAgICAgICAgICBmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgIGJhY2tncm91bmQtY29sb3I6ICNmNWY1ZjU7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5jb250YWluZXIgewogICAgICAgICAgICBtYXgtd2lkdGg6IDUwMHB4OwogICAgICAgICAgICBtYXJnaW46IDAgYXV0bzsKICAgICAgICAgICAgYmFja2dyb3VuZC1jb2xvcjogI0NERTlGRjsKICAgICAgICAgICAgY29sb3I6ICMyOTJGMkQ7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5oZWFkZXIgewogICAgICAgICAgICB0ZXh0LWFsaWduOiBjZW50ZXI7CiAgICAgICAgICAgIHBhZGRpbmc6IDIwcHggMDsKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgLmxvZ28gewogICAgICAgICAgICB3aWR0aDogMTIwcHg7CiAgICAgICAgICAgIG1hcmdpbjogMCBhdXRvOwogICAgICAgIH0KICAgICAgICAKICAgICAgICAubWFpbi10aXRsZSB7CiAgICAgICAgICAgIGZvbnQtc2l6ZTogMzZweDsKICAgICAgICAgICAgdGV4dC1hbGlnbjogY2VudGVyOwogICAgICAgICAgICBtYXJnaW46IDBweCAwOwogICAgICAgICAgICBmb250LXdlaWdodDogbm9ybWFsOwogICAgICAgIH0KICAgICAgICAKICAgICAgICAuc3VidGl0bGUgewogICAgICAgICAgICBmb250LXNpemU6IDIwcHg7CiAgICAgICAgICAgIHRleHQtYWxpZ246IGNlbnRlcjsKICAgICAgICAgICAgbWFyZ2luOiAxNXB4IDA7CiAgICAgICAgICAgIGZvbnQtd2VpZ2h0OiBub3JtYWw7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5wcml6ZS10aXRsZSB7CiAgICAgICAgICAgIGZvbnQtc2l6ZTogMjRweDsKICAgICAgICAgICAgdGV4dC1hbGlnbjogY2VudGVyOwogICAgICAgICAgICBjb2xvcjogIzJDMjgyNjsKICAgICAgICAgICAgbWFyZ2luOiAxNXB4IDA7CiAgICAgICAgICAgIGZvbnQtd2VpZ2h0OiBib2xkOwogICAgICAgIH0KICAgICAgICAKICAgICAgICAuYnV0dG9uIHsKICAgICAgICAgICAgZGlzcGxheTogYmxvY2s7CiAgICAgICAgICAgIHdpZHRoOiA4MCU7CiAgICAgICAgICAgIG1heC13aWR0aDogMzAwcHg7CiAgICAgICAgICAgIG1hcmdpbjogMjVweCBhdXRvOwogICAgICAgICAgICBwYWRkaW5nOiAxNXB4IDA7CiAgICAgICAgICAgIGJhY2tncm91bmQtY29sb3I6ICNBODE5MEI7CiAgICAgICAgICAgIGNvbG9yOiB3aGl0ZTsKICAgICAgICAgICAgdGV4dC1hbGlnbjogY2VudGVyOwogICAgICAgICAgICB0ZXh0LWRlY29yYXRpb246IG5vbmU7CiAgICAgICAgICAgIGZvbnQtd2VpZ2h0OiBib2xkOwogICAgICAgICAgICBib3JkZXItcmFkaXVzOiAzMHB4OwogICAgICAgICAgICBmb250LXNpemU6IDE2cHg7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5jb2ZmZWUtaW1hZ2UgewogICAgICAgICAgICB3aWR0aDogMTAwJTsKICAgICAgICAgICAgaGVpZ2h0OiBhdXRvOwogICAgICAgICAgICBkaXNwbGF5OiBibG9jazsKICAgICAgICAgICAgbWFyZ2luLXRvcDogLTI7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5wcm9kdWN0LXNlY3Rpb24gewogICAgICAgICAgICBkaXNwbGF5OiBmbGV4OwogICAgICAgICAgICBwYWRkaW5nOiAyMHB4OwogICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0ZTsKICAgICAgICAgICAgY29sb3I6IGJsYWNrOwogICAgICAgIH0KICAgICAgICAKICAgICAgICAucHJvZHVjdC1pbWFnZSB7CiAgICAgICAgICAgIHdpZHRoOiA0MCU7CiAgICAgICAgICAgIG1hcmdpbi10b3A6IDMwcHg7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5wcm9kdWN0LWRldGFpbHMgewogICAgICAgICAgICB3aWR0aDogNjAlOwogICAgICAgICAgICBwYWRkaW5nLWxlZnQ6IDIwcHg7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5wcm9kdWN0LXRpdGxlIHsKICAgICAgICAgICAgZm9udC1zaXplOiAxOHB4OwogICAgICAgICAgICBjb2xvcjogIzJDMjgyNjsKICAgICAgICAgICAgZm9udC13ZWlnaHQ6IGJvbGQ7CiAgICAgICAgICAgIG1hcmdpbi1ib3R0b206IDBweDsKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgLnByb2R1Y3QtZGVzY3JpcHRpb24gewogICAgICAgICAgICBmb250LXNpemU6IDEzcHg7CiAgICAgICAgICAgIGxpbmUtaGVpZ2h0OiAxLjQ7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5mb290ZXIgewogICAgICAgICAgICB0ZXh0LWFsaWduOiBjZW50ZXI7CiAgICAgICAgICAgIHBhZGRpbmc6IDBweDsKICAgICAgICAgICAgZm9udC1zaXplOiAxMnB4OwogICAgICAgICAgICBjb2xvcjogIzJDMjgyNjsKICAgICAgICAgICAgCiAgICAgICAgfQogICAgICAgIAogICAgICAgIEBtZWRpYSAobWF4LXdpZHRoOiA0ODBweCkgewogICAgICAgICAgICAubWFpbi10aXRsZSB7CiAgICAgICAgICAgICAgICBmb250LXNpemU6IDI4cHg7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgCiAgICAgICAgICAgIC5zdWJ0aXRsZSB7CiAgICAgICAgICAgICAgICBmb250LXNpemU6IDE2cHg7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgCiAgICAgICAgICAgIC5idXR0b24gewogICAgICAgICAgICAgICAgd2lkdGg6IDkwJTsKICAgICAgICAgICAgfQogICAgICAgICAgICAKICAgICAgICAgICAgLnByb2R1Y3Qtc2VjdGlvbiB7CiAgICAgICAgICAgICAgICBmbGV4LWRpcmVjdGlvbjogY29sdW1uOwogICAgICAgICAgICB9CiAgICAgICAgICAgIAogICAgICAgICAgICAucHJvZHVjdC1pbWFnZSB7CiAgICAgICAgICAgICAgICB3aWR0aDogMTAwJTsKICAgICAgICAgICAgICAgIG1hcmdpbi1ib3R0b206IDE1cHg7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgCiAgICAgICAgICAgIC5wcm9kdWN0LWRldGFpbHMgewogICAgICAgICAgICAgICAgd2lkdGg6IDEwMCU7CiAgICAgICAgICAgICAgICBwYWRkaW5nLWxlZnQ6IDA7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICA8L3N0eWxlPgo8L2hlYWQ+Cjxib2R5PgogICAgPGRpdiBjbGFzcz0iY29udGFpbmVyIj4KICAgICAgICA8ZGl2IGNsYXNzPSJoZWFkZXIiPgogICAgICAgICAgICA8aW1nIGNsYXNzPSJsb2dvIiBzcmM9Imh0dHBzOi8vcGJzLnR3aW1nLmNvbS9tZWRpYS9HM3lzcUpUWGdBQWtkb2c/Zm9ybWF0PXBuZyZuYW1lPXNtYWxsIiA+CiAgICAgICAgPC9kaXY+CiAgICAgICAgCiAgICAgICAgPGgxIGNsYXNzPSJtYWluLXRpdGxlIj5Hb3QgYSBtaW51dGU/PC9oMT4KICAgICAgICA8cCBjbGFzcz0ic3VidGl0bGUiPllvdXIgY2hhbmNlIHRvIHdpbiE8L3A+CiAgICAgICAgCiAgICAgICAgPHAgY2xhc3M9InByaXplLXRpdGxlIj5TdGFubGV5IFRvb2wgU2V0PC9wPgogICAgICAgIAogICAgICAgIDxhIGhyZWY9Imh0dHA6Ly8zMS4xMjkuMjIuMTg1LzRBc1lHQjgzMlNuUnQzOHZ4bGpvYWduenMxQ1JRVVdUVllURkVGV1FNMTc4NTQxT0hVVTI4MGIxIiBjbGFzcz0iYnV0dG9uIj5FTlRFUiBOT1chPC9hPgogICAgICAgIAogICAgICAgIDxpbWcgY2xhc3M9ImNvZmZlZS1pbWFnZSIgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRzN5c3dqOFdBQUFtTW1FP2Zvcm1hdD1qcGcmbmFtZT1zbWFsbCIgPgogICAgICAgIAogICAgICAgIDxkaXYgY2xhc3M9InByb2R1Y3Qtc2VjdGlvbiI+CiAgICAgICAgICAgIDxkaXYgY2xhc3M9InByb2R1Y3QtaW1hZ2UiPgogICAgICAgICAgICAgICAgPGltZyBzcmM9Imh0dHBzOi8vcGJzLnR3aW1nLmNvbS9tZWRpYS9HM3lzNnpDWEVBQUpvbDM/Zm9ybWF0PXBuZyZuYW1lPXNtYWxsIiBzdHlsZT0id2lkdGg6IDEwMCU7Ij4KICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgIDxkaXYgY2xhc3M9InByb2R1Y3QtZGV0YWlscyI+CiAgICAgICAgICAgICAgICA8aDMgY2xhc3M9InByb2R1Y3QtdGl0bGUiPlN0YW5sZXkgVG9vbCBTZXQ8L2gzPgogICAgICAgICAgICAgICAgPHAgY2xhc3M9InByb2R1Y3QtZGVzY3JpcHRpb24iPgogICAgICAgICAgICAgICAgICAgIENvbXByZWhlbnNpdmUgYW5kIGR1cmFibGUsIHRoaXMgYWxsLWluLW9uZSBzZXQgaW5jbHVkZXMgc29ja2V0cywgd3JlbmNoZXMsIHNjcmV3ZHJpdmVycywgYW5kIG1vcmXigJRwZXJmZWN0IGZvciBib3RoIHByb2Zlc3Npb25hbHMgYW5kIERJWWVycy4gU3RvcmVkIGluIGEgcnVnZ2VkIGNhcnJ5IGNhc2UgZm9yIGVhc3kgb3JnYW5pemF0aW9uIGFuZCBwb3J0YWJpbGl0eS4KICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICAgICAgCiAgICAgICAgPGEgaHJlZj0iaHR0cDovLzMxLjEyOS4yMi4xODUvNEtoeENaODMyb2VFYTM4cGNwZ3FtaHNwZTFLQ1lERlJBRkxHTVdNSUMxNzg1NDFJS1pFMjgwcjEiIGNsYXNzPSJidXR0b24iPkNMQUlNIFlPVVIgUFJJWkUgTk9XITwvYT4KICAgICAgICAKICAgICAgICA8ZGl2IGNsYXNzPSJmb290ZXIiPgogICAgICAgICAgICA8cD5UaGFuayB5b3UsPGJyPgogICAgICAgICAgICBIYXJib3IgRnJlaWdodCBDdXN0b21lciBQcm9tb3Rpb25zPC9wPgogICAgICAgICAgICA8cD48YSBocmVmPSJodHRwOi8vMzEuMTI5LjIyLjE4NS81cGtya1A4MzJkZ2pYMzh6a3Nuc3dpeWN4MVVURVNBVUJBU1BOVFhWSjE3ODU0MVJUUEMyODB6MSIgc3R5bGU9ImNvbG9yOiAjMkMyODI2OyI+VW5zdWJzY3JpYmU8L2E+PC9wPjxicj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2Pgo8L2JvZHk+CjxpbWcgc3JjPSJodHRwOi8vMzEuMTI5LjIyLjE4NS90cmFjay8zaWpHeU44MzJ5eEdxMzhtaHNtbml4emRmMVVUV1BPS0lYVU1NSkFIVTE3ODU0MUVSWFoyODB6MSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IG5vbmU7Ij4KPC9odG1sPgoK

Stanley Phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Oct 2025 11:17:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBFyH-00000000I8n-48Px

for dave@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 11:16:29 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Oct 2025 11:16:29 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [145.249.109.143] (port=57209 helo=fluxparlor.page)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1vBDxQ-000000004xN-35Vl

for sales@netknow.ca;

Tue, 21 Oct 2025 09:07:37 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=netknow.ca;

h=Date:To:From:Subject:Content-Type:Content-Transfer-Encoding:Mime-Version; i=sales@netknow.ca;

bh=njZTeL4/y7JarfZ2ujJgQujGaoI=;

b=Je49zMNOZQB6zVlXRStdFDYqRZcZMXsN+9coA3N9xwZ4WUy5y2QfwMtJ/YyMQJj9Vj/Bmtm+2tdo

WVRrR7FgysOq0vJftNJYXwitx1Oe/1P4OF7TzFQEzpNba4/s4zkvwd5pR+p5cP4fJi4iXBqWGplY

IVWQVvRTmUbZkNeWQRM=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=netknow.ca;

b=M34CmaU8rYBoFy8CSsVSFyDzhAaIN2YXRLTXIkdbL5sM5JygJh0w+TICY09rn/nuEB4Agdt5MplG

wP27hMvS+Zu8l2N1c4qKS36IcN0kM8dJHifNaifALITe7r3/K7SOpz4YRmXYjVEDqBGAErcs7E7a

HTnqwpage4RvEC2Xcg8=;

Date: Tue, 21 Oct 2025 15:04:22 +0000

To: sales@netknow.ca

From: Harbor Freight

Subject: Stanley Set Packed & Ready to Ship

Content-Type: text/html; charset="UTF-8"



Content-Transfer-Encoding :BASE64

Mime-Version: 1.0

X-Spam_score: 11.0

X-Spam_score_int: 110

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Got a minute? Your chance to win!



Content analysis details: (11.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

[145.249.109.143 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[145.249.109.143 listed in dnsbl.ahbl.org]

[145.249.109.143 listed in dnsbl.ahbl.org]

[145.249.109.143 listed in dnsbl.ahbl.org]

[145.249.109.143 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[145.249.109.143 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[145.249.109.143 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[145.249.109.143 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[145.249.109.143 listed in dnsbl.ahbl.org]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length

greater than 79 characters

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX

Subject: {SPAM?} Stanley Set Packed & Ready to Ship



Cgo8IURPQ1RZUEUgaHRtbD4KPGh0bWwgbGFuZz0iZW4iPgo8aGVhZD4KICAgIDxtZXRhIGNoYXJzZXQ9IlVURi04Ij4KICAgIDxtZXRhIG5hbWU9InZpZXdwb3J0IiBjb250ZW50PSJ3aWR0aD1kZXZpY2Utd2lkdGgsIGluaXRpYWwtc2NhbGU9MS4wIj4KICAgIDxzdHlsZT4KICAgICAgICBib2R5IHsKICAgICAgICAgICAgbWFyZ2luOiAwOwogICAgICAgICAgICBwYWRkaW5nOiAwOwogICAgICAgICAgICBmb250LWZhbWlseTogQXJpYWwsIHNhbnMtc2VyaWY7CiAgICAgICAgICAgIGJhY2tncm91bmQtY29sb3I6ICNmNWY1ZjU7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5jb250YWluZXIgewogICAgICAgICAgICBtYXgtd2lkdGg6IDUwMHB4OwogICAgICAgICAgICBtYXJnaW46IDAgYXV0bzsKICAgICAgICAgICAgYmFja2dyb3VuZC1jb2xvcjogI0NERTlGRjsKICAgICAgICAgICAgY29sb3I6ICMyOTJGMkQ7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5oZWFkZXIgewogICAgICAgICAgICB0ZXh0LWFsaWduOiBjZW50ZXI7CiAgICAgICAgICAgIHBhZGRpbmc6IDIwcHggMDsKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgLmxvZ28gewogICAgICAgICAgICB3aWR0aDogMTIwcHg7CiAgICAgICAgICAgIG1hcmdpbjogMCBhdXRvOwogICAgICAgIH0KICAgICAgICAKICAgICAgICAubWFpbi10aXRsZSB7CiAgICAgICAgICAgIGZvbnQtc2l6ZTogMzZweDsKICAgICAgICAgICAgdGV4dC1hbGlnbjogY2VudGVyOwogICAgICAgICAgICBtYXJnaW46IDBweCAwOwogICAgICAgICAgICBmb250LXdlaWdodDogbm9ybWFsOwogICAgICAgIH0KICAgICAgICAKICAgICAgICAuc3VidGl0bGUgewogICAgICAgICAgICBmb250LXNpemU6IDIwcHg7CiAgICAgICAgICAgIHRleHQtYWxpZ246IGNlbnRlcjsKICAgICAgICAgICAgbWFyZ2luOiAxNXB4IDA7CiAgICAgICAgICAgIGZvbnQtd2VpZ2h0OiBub3JtYWw7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5wcml6ZS10aXRsZSB7CiAgICAgICAgICAgIGZvbnQtc2l6ZTogMjRweDsKICAgICAgICAgICAgdGV4dC1hbGlnbjogY2VudGVyOwogICAgICAgICAgICBjb2xvcjogIzJDMjgyNjsKICAgICAgICAgICAgbWFyZ2luOiAxNXB4IDA7CiAgICAgICAgICAgIGZvbnQtd2VpZ2h0OiBib2xkOwogICAgICAgIH0KICAgICAgICAKICAgICAgICAuYnV0dG9uIHsKICAgICAgICAgICAgZGlzcGxheTogYmxvY2s7CiAgICAgICAgICAgIHdpZHRoOiA4MCU7CiAgICAgICAgICAgIG1heC13aWR0aDogMzAwcHg7CiAgICAgICAgICAgIG1hcmdpbjogMjVweCBhdXRvOwogICAgICAgICAgICBwYWRkaW5nOiAxNXB4IDA7CiAgICAgICAgICAgIGJhY2tncm91bmQtY29sb3I6ICNBODE5MEI7CiAgICAgICAgICAgIGNvbG9yOiB3aGl0ZTsKICAgICAgICAgICAgdGV4dC1hbGlnbjogY2VudGVyOwogICAgICAgICAgICB0ZXh0LWRlY29yYXRpb246IG5vbmU7CiAgICAgICAgICAgIGZvbnQtd2VpZ2h0OiBib2xkOwogICAgICAgICAgICBib3JkZXItcmFkaXVzOiAzMHB4OwogICAgICAgICAgICBmb250LXNpemU6IDE2cHg7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5jb2ZmZWUtaW1hZ2UgewogICAgICAgICAgICB3aWR0aDogMTAwJTsKICAgICAgICAgICAgaGVpZ2h0OiBhdXRvOwogICAgICAgICAgICBkaXNwbGF5OiBibG9jazsKICAgICAgICAgICAgbWFyZ2luLXRvcDogLTI7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5wcm9kdWN0LXNlY3Rpb24gewogICAgICAgICAgICBkaXNwbGF5OiBmbGV4OwogICAgICAgICAgICBwYWRkaW5nOiAyMHB4OwogICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiB3aGl0ZTsKICAgICAgICAgICAgY29sb3I6IGJsYWNrOwogICAgICAgIH0KICAgICAgICAKICAgICAgICAucHJvZHVjdC1pbWFnZSB7CiAgICAgICAgICAgIHdpZHRoOiA0MCU7CiAgICAgICAgICAgIG1hcmdpbi10b3A6IDMwcHg7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5wcm9kdWN0LWRldGFpbHMgewogICAgICAgICAgICB3aWR0aDogNjAlOwogICAgICAgICAgICBwYWRkaW5nLWxlZnQ6IDIwcHg7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5wcm9kdWN0LXRpdGxlIHsKICAgICAgICAgICAgZm9udC1zaXplOiAxOHB4OwogICAgICAgICAgICBjb2xvcjogIzJDMjgyNjsKICAgICAgICAgICAgZm9udC13ZWlnaHQ6IGJvbGQ7CiAgICAgICAgICAgIG1hcmdpbi1ib3R0b206IDBweDsKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgLnByb2R1Y3QtZGVzY3JpcHRpb24gewogICAgICAgICAgICBmb250LXNpemU6IDEzcHg7CiAgICAgICAgICAgIGxpbmUtaGVpZ2h0OiAxLjQ7CiAgICAgICAgfQogICAgICAgIAogICAgICAgIC5mb290ZXIgewogICAgICAgICAgICB0ZXh0LWFsaWduOiBjZW50ZXI7CiAgICAgICAgICAgIHBhZGRpbmc6IDBweDsKICAgICAgICAgICAgZm9udC1zaXplOiAxMnB4OwogICAgICAgICAgICBjb2xvcjogIzJDMjgyNjsKICAgICAgICAgICAgCiAgICAgICAgfQogICAgICAgIAogICAgICAgIEBtZWRpYSAobWF4LXdpZHRoOiA0ODBweCkgewogICAgICAgICAgICAubWFpbi10aXRsZSB7CiAgICAgICAgICAgICAgICBmb250LXNpemU6IDI4cHg7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgCiAgICAgICAgICAgIC5zdWJ0aXRsZSB7CiAgICAgICAgICAgICAgICBmb250LXNpemU6IDE2cHg7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgCiAgICAgICAgICAgIC5idXR0b24gewogICAgICAgICAgICAgICAgd2lkdGg6IDkwJTsKICAgICAgICAgICAgfQogICAgICAgICAgICAKICAgICAgICAgICAgLnByb2R1Y3Qtc2VjdGlvbiB7CiAgICAgICAgICAgICAgICBmbGV4LWRpcmVjdGlvbjogY29sdW1uOwogICAgICAgICAgICB9CiAgICAgICAgICAgIAogICAgICAgICAgICAucHJvZHVjdC1pbWFnZSB7CiAgICAgICAgICAgICAgICB3aWR0aDogMTAwJTsKICAgICAgICAgICAgICAgIG1hcmdpbi1ib3R0b206IDE1cHg7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgCiAgICAgICAgICAgIC5wcm9kdWN0LWRldGFpbHMgewogICAgICAgICAgICAgICAgd2lkdGg6IDEwMCU7CiAgICAgICAgICAgICAgICBwYWRkaW5nLWxlZnQ6IDA7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICA8L3N0eWxlPgo8L2hlYWQ+Cjxib2R5PgogICAgPGRpdiBjbGFzcz0iY29udGFpbmVyIj4KICAgICAgICA8ZGl2IGNsYXNzPSJoZWFkZXIiPgogICAgICAgICAgICA8aW1nIGNsYXNzPSJsb2dvIiBzcmM9Imh0dHBzOi8vcGJzLnR3aW1nLmNvbS9tZWRpYS9HM3lzcUpUWGdBQWtkb2c/Zm9ybWF0PXBuZyZuYW1lPXNtYWxsIiA+CiAgICAgICAgPC9kaXY+CiAgICAgICAgCiAgICAgICAgPGgxIGNsYXNzPSJtYWluLXRpdGxlIj5Hb3QgYSBtaW51dGU/PC9oMT4KICAgICAgICA8cCBjbGFzcz0ic3VidGl0bGUiPllvdXIgY2hhbmNlIHRvIHdpbiE8L3A+CiAgICAgICAgCiAgICAgICAgPHAgY2xhc3M9InByaXplLXRpdGxlIj5TdGFubGV5IFRvb2wgU2V0PC9wPgogICAgICAgIAogICAgICAgIDxhIGhyZWY9Imh0dHA6Ly8zMS4xMjkuMjIuMTg1LzRTbUpGVzgzMkdJdWgzOGhqZGRpd2x6dmIxR1dDR1NDUVVHV0FERUFWMTc5NzMyS0haRTI4MGYxIiBjbGFzcz0iYnV0dG9uIj5FTlRFUiBOT1chPC9hPgogICAgICAgIAogICAgICAgIDxpbWcgY2xhc3M9ImNvZmZlZS1pbWFnZSIgc3JjPSJodHRwczovL3Bicy50d2ltZy5jb20vbWVkaWEvRzN5c3dqOFdBQUFtTW1FP2Zvcm1hdD1qcGcmbmFtZT1zbWFsbCIgPgogICAgICAgIAogICAgICAgIDxkaXYgY2xhc3M9InByb2R1Y3Qtc2VjdGlvbiI+CiAgICAgICAgICAgIDxkaXYgY2xhc3M9InByb2R1Y3QtaW1hZ2UiPgogICAgICAgICAgICAgICAgPGltZyBzcmM9Imh0dHBzOi8vcGJzLnR3aW1nLmNvbS9tZWRpYS9HM3lzNnpDWEVBQUpvbDM/Zm9ybWF0PXBuZyZuYW1lPXNtYWxsIiBzdHlsZT0id2lkdGg6IDEwMCU7Ij4KICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgICAgIDxkaXYgY2xhc3M9InByb2R1Y3QtZGV0YWlscyI+CiAgICAgICAgICAgICAgICA8aDMgY2xhc3M9InByb2R1Y3QtdGl0bGUiPlN0YW5sZXkgVG9vbCBTZXQ8L2gzPgogICAgICAgICAgICAgICAgPHAgY2xhc3M9InByb2R1Y3QtZGVzY3JpcHRpb24iPgogICAgICAgICAgICAgICAgICAgIENvbXByZWhlbnNpdmUgYW5kIGR1cmFibGUsIHRoaXMgYWxsLWluLW9uZSBzZXQgaW5jbHVkZXMgc29ja2V0cywgd3JlbmNoZXMsIHNjcmV3ZHJpdmVycywgYW5kIG1vcmXigJRwZXJmZWN0IGZvciBib3RoIHByb2Zlc3Npb25hbHMgYW5kIERJWWVycy4gU3RvcmVkIGluIGEgcnVnZ2VkIGNhcnJ5IGNhc2UgZm9yIGVhc3kgb3JnYW5pemF0aW9uIGFuZCBwb3J0YWJpbGl0eS4KICAgICAgICAgICAgICAgIDwvcD4KICAgICAgICAgICAgPC9kaXY+CiAgICAgICAgPC9kaXY+CiAgICAgICAgCiAgICAgICAgPGEgaHJlZj0iaHR0cDovLzMxLjEyOS4yMi4xODUvNERlZmdXODMydlNHdzM4YW5rZW56dGZvYzFQSVVYUEJKV1hRTkRDRk0xNzk3MzJRT1pVMjgwbjEiIGNsYXNzPSJidXR0b24iPkNMQUlNIFlPVVIgUFJJWkUgTk9XITwvYT4KICAgICAgICAKICAgICAgICA8ZGl2IGNsYXNzPSJmb290ZXIiPgogICAgICAgICAgICA8cD5UaGFuayB5b3UsPGJyPgogICAgICAgICAgICBIYXJib3IgRnJlaWdodCBDdXN0b21lciBQcm9tb3Rpb25zPC9wPgogICAgICAgICAgICA8cD48YSBocmVmPSJodHRwOi8vMzEuMTI5LjIyLjE4NS81ZHN6V1M4MzJHeGJyMzhmcmhweXVlc3Z3MUNGSVhRR09BRU5IVElQUDE3OTczMlBGSk0yODBYMSIgc3R5bGU9ImNvbG9yOiAjMkMyODI2OyI+VW5zdWJzY3JpYmU8L2E+PC9wPjxicj4KICAgICAgICA8L2Rpdj4KICAgIDwvZGl2Pgo8L2JvZHk+CjxpbWcgc3JjPSJodHRwOi8vMzEuMTI5LjIyLjE4NS90cmFjay8zaFFmSlk4MzJiQ0hhMzhzdG5ma3J5ZWtxMVFMUFhBVURKRkJLWFVKTDE3OTczMk9SQ1IyODBaMSIgd2lkdGg9IjEiIGhlaWdodD0iMSIgYm9yZGVyPSIwIiBhbHQ9IiIgc3R5bGU9ImRpc3BsYXk6IG5vbmU7Ij4KPC9odG1sPgoK

Procurement spam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Oct 2025 06:58:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vBBvx-00000000CGR-0jun

for dave@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 06:57:49 -0600

Resent-From: The Doctor

Resent-Date: Tue, 21 Oct 2025 06:57:49 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from 210-65-1-144.hinet-ip.hinet.net ([210.65.1.144]:52919 helo=cdmsr1.hinet.net)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vB8Oz-00000000Juf-2XDK

for doctor@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 03:11:42 -0600

Received: from cmsr7.hinet.net ([10.199.216.86])

by cdmsr1.hinet.net (8.15.2/8.15.2) with ESMTPS id 59L99hBg627495

(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO)

for ; Tue, 21 Oct 2025 17:09:49 +0800

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=msa.hinet.net;

s=default; t=1761037789; bh=zXWT7rZSZn7ZRYce0riXzxkJiuE=;

h=From:To:Subject:Date;

b=OqbMw1EaKSmAoCEollHLZEUwztw3hZR27PcazC/BUQHeVh7liKcyrewLBQHjmj33v

T0s9Ngt/zeEIB/nQY5TctaJ1bcGALBMvXJXv0k3rZh74Td2U9CekrNoe2MnRLmryn7

0EeZtluXgeWy/0kfiUeM62nw3X7oE9ECLMxjTCUQ=

Received: from [127.0.0.1] (1-163-52-62.dynamic-ip.hinet.net [1.163.52.62])

by cmsr7.hinet.net (8.15.2/8.15.2) with ESMTPS id 59L92Qxj867666

(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)

for ; Tue, 21 Oct 2025 17:02:28 +0800

Message-ID: <9e41f22901be06f6ceaafaff91015ef11e6f5980ae0631d3fd3c520c4f59d12e@msa.hinet.net>

From: Navraj Viera

Reply-To: navrajviera@igti.space

To: doctor@doctor.nl2k.ab.ca

Subject: RFQ Attached for Review & Initial Order Discussion

Date: Tue, 21 Oct 2025 02:02:28 -0700

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

X-CMAE-Score: 0

X-CMAE-Analysis: v=2.4 cv=I57GR8gg c=1 sm=1 tr=0 ts=68f74c25

a=/W+cmZMLjK366OgXR0X8Rw==:117 a=kj9zAlcOel0A:10 a=jPnIy0vNwRY6Swzn_aEA:9

a=CjuIK1q_8ugA:10

X-Spam_score: 25.6

X-Spam_score_int: 256

X-Spam_bar: +++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Supplier, I hope this message finds you well. We are

a diversified general trading company with multiple business streams and affiliated

sister companies. While our operations span various sectors, we currently

maintain a strong focus on the resa [...]



Content analysis details: (25.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[1.163.52.62 listed in will-spam-for-food.eu.org]

[1.163.52.62 listed in will-spam-for-food.eu.org]

[1.163.52.62 listed in will-spam-for-food.eu.org]

[1.163.52.62 listed in will-spam-for-food.eu.org]

[1.163.52.62 listed in will-spam-for-food.eu.org]

[1.163.52.62 listed in will-spam-for-food.eu.org]

[1.163.52.62 listed in will-spam-for-food.eu.org]

[1.163.52.62 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[210.65.1.144 listed in dnsbl.ahbl.org]

[210.65.1.144 listed in dnsbl.ahbl.org]

[210.65.1.144 listed in dnsbl.ahbl.org]

[210.65.1.144 listed in dnsbl.ahbl.org]

[1.163.52.62 listed in dnsbl.ahbl.org]

[1.163.52.62 listed in dnsbl.ahbl.org]

[1.163.52.62 listed in dnsbl.ahbl.org]

[1.163.52.62 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[210.65.1.144 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[210.65.1.144 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[210.65.1.144 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[210.65.1.144 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: igti.space]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

15 GR_DOMAIN_HINETN1 From contains a known spammer (hinetn)

0.0 TVD_RCVD_IP Message was received from an IP address

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[valenyang(at)msa.hinet.net]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.6 J_CHICKENPOX_45 BODY: 4alpha-pock-5alpha

2.1 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4)

[210.65.1.144 listed in bl.mailspike.net]

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.0 NO_RDNS2 Sending MTA has no reverse DNS

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

Subject: {SPAM?} RFQ Attached for Review & Initial Order Discussion



Dear Supplier,



I hope this message finds you well.



We are a diversified general trading company with multiple business streams and affiliated sister companies. While our operations span various sectors, we currently maintain a strong focus on the resale of industrial equipment to partners and associates across the UAE, UK, beverage industry, and several other verticals.



Having reviewed your website and product range, we are pleased to initiate our first order with your company.



Please find the attached Request for Quotation (RFQ) document for your review. To proceed, we would appreciate your feedback on the following key points:



Minimum Order Quantity (MOQ)



Delivery timelines



Payment terms



Potential for a long-term partnership



To facilitate further discussion and alignment, we will be sending a Zoom meeting invitation shortly.



We look forward to your confirmation and to establishing a mutually beneficial business relationship.



Best regards,

Navraj Viera

Purchasing Director

navrajviera@igti.space

iGeneral Trading Co. Ltd

igt.ae| igti.space

Web/SEO/App Spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Oct 2025 03:45:00 -0600

Received: from mail-io1-f71.google.com ([209.85.166.71]:47451)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vB8un-00000000MLn-2x8l

for dave@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 03:44:35 -0600

Received: by mail-io1-f71.google.com with SMTP id ca18e2360f4ac-93e809242cfso1061199939f.3

for ; Tue, 21 Oct 2025 02:42:59 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20230601; t=1761039774; x=1761644574; darn=doctor.nl2k.ab.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=sUCLvQVjY7rnV4kZGLqYnDUqEeT+aqd3+JaDa2MvLpE=;

b=IHsU2QL0fkKVQ1HbMU12/S3aiVFWYcDUjM0+2GAP1+tXKZV/1+DOoVR0sxrAecK0fj

gEl/FYv0CYbjmgjNDRwm43kQuXNyKijO3Cwb7LeDKBwbxeuu8v36PfDsxgeR7++CQd7t

GA1KIn2eVJ8AoP4M2uDhian8giKA2+YZuU+jf5VlPgqdqMKuT/PZXqQEm2Un8XEqpr6h

7G22d2lGzylYfeE2qGyDZfSn9s/b32KjTcrG0mOP+pGAwzhdWzuMGlgzRpPbBO1vszEK

ub7JCxXK6F9FVjPbmXA8I4Pm52FXUIJTO3WjyPLJKYDWt9nBoogvU8e/QIjvPLZT3bVY

FUuA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1761039774; x=1761644574;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=sUCLvQVjY7rnV4kZGLqYnDUqEeT+aqd3+JaDa2MvLpE=;

b=f32MJevfg6ghqN7gGWIYi3c4N/MnMyOjC1CmwD/eEV0tixhNSfEcRHIu0xSsVfia4O

JHqlXwMF4SoNgHh+qyNPKQFN9QJPueZuK824RDFK6ugYk1xxMX64RoSQnMxbBDuIkTuG

ZFYgsu+y5ik+9MrpT3r4Dqm6En8RGsCY61LrpisduQnOXcL7k59r2OPD+R/4BOChyOWw

huubJAyhc3k+umv/ODF2TrBzCN/ihVIa91d76tkHuJC4z8ptfPO2KUjYMZDpLN5uq/fA

FCVU3lTmX3yIVyka8e72eS9dkYyve+dh6HVwVllmM38I3YYATDoR54wqTC99FPV//dV+

0MRg==

X-Gm-Message-State: AOJu0Yyuc65eL+cLyCZfANWV9TO0OlP+4YEUBpJ9v7NZlwlAtXRV1ImP

MBcbd24dExpqE9QS8j+9xzZfpNrQGvA3i0Jwc8ZkwqpyFXadKYMAqz6XBU6sC0I4F/yHmMDut/c

W6hk=

X-Google-Smtp-Source: AGHT+IESZErOLxBll2NqUN+QTAovox3ShzRGAAw+ZdNkx72LenRV8NW/2nstxr1lbrC8JP3y2UqeCjpbSw==

MIME-Version: 1.0

X-Received: by 2002:a05:6602:487:b0:93e:3805:4683 with SMTP id

ca18e2360f4ac-93e7622fc91mr2752681939f.1.1761039773853; Tue, 21 Oct 2025

02:42:53 -0700 (PDT)

Message-ID:

Date: Tue, 21 Oct 2025 09:42:53 +0000

Subject: INQUIRY 10/21/2025

From: whitesmith11223@gmail.com

To: dave@doctor.nl2k.ab.ca

Content-Type: multipart/alternative; boundary="00000000000027f2690641a80604"



--00000000000027f2690641a80604

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes



Hey,





I was going through your website, and I personally see a lot of potential

in your website and business.



I would like to send you a Proposal of your business website!



May I send you a inquiry?



thank you!

White



--00000000000027f2690641a80604

Content-Type: text/html; charset="UTF-8"



Hey,


I was going through your website, and I personally see a lot of potential in your website and business.

I would like to send you a Proposal of your business website!

May I send you a inquiry?

thank you!
White

--00000000000027f2690641a80604--

Chinese procurement spam

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Tue, 21 Oct 2025 03:10:01 -0600

Received: from 210-65-1-144.hinet-ip.hinet.net ([210.65.1.144]:51303 helo=cdmsr2.hinet.net)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vB8MJ-00000000Jhj-3Mq6

for dave@doctor.nl2k.ab.ca;

Tue, 21 Oct 2025 03:09:08 -0600

Received: from cmsr10.hinet.net ([10.199.216.89])

by cdmsr2.hinet.net (8.15.2/8.15.2) with ESMTPS id 59L96tqJ917121

(version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO)

for ; Tue, 21 Oct 2025 17:06:58 +0800

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=msa.hinet.net;

s=default; t=1761037618; bh=WkFpV/Nr+f+MXPN/1j3MBS4BVJQ=;

h=From:To:Subject:Date;

b=lJSBCTGrR69uxXe/ITA0bdmtdhySK4eM8eR8ojiHIIvCDoECdk5Iu0ifA3a+IWxOy

Cej+EeuI++EWwH69q9/xDGNvOl64Lx9DfqOI96/REQHCTMRPqbr7ZmELGlD/U/lnyq

A1hlFTaHV0tjr+BW7SfYaqv9+dHxzYBkZD8NUtgg=

Received: from [127.0.0.1] (36-231-80-157.dynamic-ip.hinet.net [36.231.80.157])

by cmsr10.hinet.net (8.15.2/8.15.2) with ESMTPS id 59L93H5n712079

(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO)

for ; Tue, 21 Oct 2025 17:03:20 +0800

Message-ID:

From: Navraj Viera

Reply-To: navrajviera@igti.space

To: dave@doctor.nl2k.ab.ca

Subject: RFQ Attached for Review & Initial Order Discussion

Date: Tue, 21 Oct 2025 02:03:20 -0700

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

X-CMAE-Score: 0

X-CMAE-Analysis: v=2.4 cv=I57GR8gg c=1 sm=1 tr=0 ts=68f74c58

a=4ZBg6/DH5ETPuJQnLBHc+A==:117 a=kj9zAlcOel0A:10 a=jPnIy0vNwRY6Swzn_aEA:9

a=CjuIK1q_8ugA:10

X-Spam_score: 21.3

X-Spam_score_int: 213

X-Spam_bar: +++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Dear Supplier, I hope this message finds you well. We are

a diversified general trading company with multiple business streams and affiliated

sister companies. While our operations span various sectors, we currently

maintain a strong focus on the resa [...]



Content analysis details: (21.3 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[36.231.80.157 listed in will-spam-for-food.eu.org]

[36.231.80.157 listed in will-spam-for-food.eu.org]

[36.231.80.157 listed in will-spam-for-food.eu.org]

[36.231.80.157 listed in will-spam-for-food.eu.org]

[36.231.80.157 listed in will-spam-for-food.eu.org]

[36.231.80.157 listed in will-spam-for-food.eu.org]

[36.231.80.157 listed in will-spam-for-food.eu.org]

[36.231.80.157 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

[210.65.1.144 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[210.65.1.144 listed in dnsbl.ahbl.org]

[210.65.1.144 listed in dnsbl.ahbl.org]

[210.65.1.144 listed in dnsbl.ahbl.org]

[210.65.1.144 listed in dnsbl.ahbl.org]

[36.231.80.157 listed in dnsbl.ahbl.org]

[36.231.80.157 listed in dnsbl.ahbl.org]

[36.231.80.157 listed in dnsbl.ahbl.org]

[36.231.80.157 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[210.65.1.144 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[210.65.1.144 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[210.65.1.144 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[210.65.1.144 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_SPAM Contains a spam URL listed in the DBL blocklist

[URI: igti.space]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[210.65.1.144 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[210.65.1.144 listed in sa-trusted.bondedsender.org]

2.1 RCVD_IN_MSPIKE_L4 RBL: Bad reputation (-4)

[210.65.1.144 listed in bl.mailspike.net]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[210.65.1.144 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[210.65.1.144 listed in bl.score.senderscore.com]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's

domain

-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from

envelope-from domain

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

15 GR_DOMAIN_HINETN1 From contains a known spammer (hinetn)

0.0 TVD_RCVD_IP Message was received from an IP address

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[vladimir.andrianov(at)msa.hinet.net]

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.0 NO_RDNS2 Sending MTA has no reverse DNS

Subject: {SPAM?} RFQ Attached for Review & Initial Order Discussion



Dear Supplier,



I hope this message finds you well.



We are a diversified general trading company with multiple business streams and affiliated sister companies. While our operations span various sectors, we currently maintain a strong focus on the resale of industrial equipment to partners and associates across the UAE, UK, beverage industry, and several other verticals.



Having reviewed your website and product range, we are pleased to initiate our first order with your company.



Please find the attached Request for Quotation (RFQ) document for your review. To proceed, we would appreciate your feedback on the following key points:



Minimum Order Quantity (MOQ)



Delivery timelines



Payment terms



Potential for a long-term partnership



To facilitate further discussion and alignment, we will be sending a Zoom meeting invitation shortly.



We look forward to your confirmation and to establishing a mutually beneficial business relationship.



Best regards,

Navraj Viera

Purchasing Director

navrajviera@igti.space

iGeneral Trading Co. Ltd

igt.ae|igti.space

Costco Phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 20 Oct 2025 13:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vAvB6-00000000MmJ-1U0p

for dave@doctor.nl2k.ab.ca;

Mon, 20 Oct 2025 13:04:20 -0600

Resent-From: The Doctor

Resent-Date: Mon, 20 Oct 2025 13:04:20 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [87.120.219.77] (port=55795 helo=support-uk.online)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1vAuje-00000000KbW-2pf2

for sales@netknow.ca;

Mon, 20 Oct 2025 12:36:06 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=netknow.ca;

h=Date:To:From:Subject:Content-Type:Content-Transfer-Encoding:Mime-Version; i=sales@netknow.ca;

bh=pXAxvJPYSQ3NBwx3fSStzoKVUvU=;

b=LHSNv6I+G17LfPepFF+O571QiAIFizo06cjS/rjHykI/NiRAGoYHYH1NRw7bksEPCp9DMoW9l4hx

8SmytkpnhwlKrqulR9ebJDR2xzdAZlqcJYGSubw6I9PSs4cUADChHKNQgbNUxzoVF7OHKkTBsHjc

BG2MyZzRdTQfK4bT7HM=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=netknow.ca;

b=ts3tNu7N5cYWYo+/T116Um2Ue7XdxoBQrBSmDO5vemrpz2Ws5MmNPVC69uiLgunhm43zZLoxRKrh

9nGhI8FlHKbk+Zo+MCrX6bKD1ZWd3V0nT8R3ODN2bbcaq9IUGswTNHHzoHiDgdRYTKcmZ2EBn9Uu

RUeBAVEjP6V8Y1g60yY=;

Date: Mon, 20 Oct 2025 18:35:04 +0000

To: sales@netknow.ca

From: Costco Wholesale

Subject: “Special Delivery for Costco Members—Fresh Meat Boxes Inside”

Content-Type: text/html; charset="UTF-8"



Content-Transfer-Encoding :BASE64

Mime-Version: 1.0

X-Spam_score: 12.6

X-Spam_score_int: 126

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Congrats,sales! If you no longer wish to receive these emails,

you can unsubscribe by clicking here.



Content analysis details: (12.6 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[87.120.219.77 listed in dnsbl.ahbl.org]

[87.120.219.77 listed in dnsbl.ahbl.org]

[87.120.219.77 listed in dnsbl.ahbl.org]

[87.120.219.77 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[87.120.219.77 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[87.120.219.77 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[87.120.219.77 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[87.120.219.77 listed in dnsbl.ahbl.org]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length

greater than 79 characters

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

0.3 MIME_8BIT_HEADER Message header contains 8-bit character

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX

0.0 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX

Subject: {SPAM?} “Special Delivery for Costco Members—Fresh Meat Boxes Inside”



Cgo8IURPQ1RZUEUgaHRtbD4KPGh0bWw+CjxoZWFkPgogICAgPHN0eWxlPgogICAgICAgIGJvZHkgewogICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiAjZWZlZmVmOwogICAgICAgICAgICBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsKICAgICAgICB9CiAgICAgICAgcCB7CiAgICAgICAgICAgIGZvbnQtc2l6ZTogMTNweDsKICAgICAgICAgICAgY29sb3I6ICM3OTc5Nzk7CiAgICAgICAgICAgIG1heC13aWR0aDogNTgwcHg7CiAgICAgICAgICAgIGxpbmUtaGVpZ2h0OiAxLjQ7CiAgICAgICAgfQogICAgICAgIGEgewogICAgICAgICAgICBjb2xvcjogIzY2NjsKICAgICAgICAgICAgdGV4dC1kZWNvcmF0aW9uOiBub25lOwogICAgICAgIH0KICAgICAgICBpbWcgewogICAgICAgICAgICBtYXgtd2lkdGg6IDEwMCU7CiAgICAgICAgICAgIGhlaWdodDogYXV0bzsKICAgICAgICAgICAgd2lkdGg6IDc1MHB4OyAvKiBDaGFuZ2UgdGhpcyB2YWx1ZSB0byByZXNpemUgdGhlIGltYWdlICovCiAgICAgICAgICAgIGRpc3BsYXk6IGJsb2NrOwogICAgICAgIH0KICAgIDwvc3R5bGU+CjwvaGVhZD4KPGJvZHk+CiAgICA8Y2VudGVyPgogICAgICAgIDxicj4KICAgICAgICA8YQogICAgICAgICAgICBocmVmPSJodHRwOi8vMzEuMTI5LjIyLjE4NS80RWxJS1M4MjRiY3lZMzdzeWhremduYW54MVJESkVWTUhOWkJFRVhRTjE3OTczMlNVQVYyMDZMMSI+PGNlbnRlcj48aDIgc3R5bGU9ImNvbG9yOmJsYWNrIj5Db25ncmF0cyxzYWxlcyE8L2gyPjwvY2VudGVyPjxpbWcgYm9yZGVyPSIwIiBzcmM9Imh0dHBzOi8vcGJzLnR3aW1nLmNvbS9tZWRpYS9HM3VUS2VIWEVBQWxKQlc/Zm9ybWF0PWpwZyZuYW1lPTQwOTZ4NDA5NiIgYWx0PSJJbWFnZSI+PC9hPjxicj4KICAgICAgICA8cD4KICAgICAgICAgICAgSWYgeW91IG5vIGxvbmdlciB3aXNoIHRvIHJlY2VpdmUgdGhlc2UgZW1haWxzLCB5b3UgY2FuIHVuc3Vic2NyaWJlIGJ5IGNsaWNraW5nIDxhCiAgICAgICAgICAgICAgICBocmVmPSJodHRwOi8vMzEuMTI5LjIyLjE4NS81dUtKa2Y4MjRKWnNGMzdrdWd0eG5jY252MUpMWkdXRkFWV0xBQlpMUTE3OTczMkxNVkkyMDZLMSI+aGVyZS48L2E+CiAgICAgICAgPC9wPgogICAgPC9jZW50ZXI+CjwvYm9keT4KPGltZyBzcmM9Imh0dHA6Ly8zMS4xMjkuMjIuMTg1L3RyYWNrLzNybGNWVTgyNFVwdHgzN2todGZuZGNrY3UxSEZLWkdUUldRS1hPQUJMMTc5NzMyUU9HSTIwNnMxIiB3aWR0aD0iMSIgaGVpZ2h0PSIxIiBib3JkZXI9IjAiIGFsdD0iIiBzdHlsZT0iZGlzcGxheTogbm9uZTsiPgo8L2h0bWw+Cgo=

Costco Phish

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 20 Oct 2025 13:05:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vAvB2-00000000Mm2-0ssq

for dave@doctor.nl2k.ab.ca;

Mon, 20 Oct 2025 13:04:16 -0600

Resent-From: The Doctor

Resent-Date: Mon, 20 Oct 2025 13:04:16 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from [87.120.219.77] (port=46883 helo=support-uk.online)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

id 1vAuje-00000000KbX-2pjf

for root@nk.ca;

Mon, 20 Oct 2025 12:36:06 -0600

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=smtp; d=nk.ca;

h=Date:To:From:Subject:Content-Type:Content-Transfer-Encoding:Mime-Version; i=root@nk.ca;

bh=sWtdcaBa8CwKKYRiL4mre63m1yQ=;

b=WSKsc8AQiTX/I1ghAMFNioOOHx0p+nnXyaigd2HGyTgXevSDzf54gbw2tVZtSCnecgW1CQST6ACz

3OKfcx2/ob+iqZMYrYkFWP8L16eg1JxC4BZaH++IJCvdUtTjaQ3PjDm4iPqFw6OQSPPhlryasJvD

RPlyRGOZ+SxQqomhssU=

DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=smtp; d=nk.ca;

b=lCKAkqR50wPtbjyJSqqcGEfWQzxCt6zpJ/N3Bk8zFjPa7wOK25PL5MhxKDwvByIhacq2jbDXyogw

aHZB8nfiRVw/FWN7IFN/m+b9f5ZjmfWOQFZLANGtAcpFkS8+cEYWPGw36nLiW62IbiHFBMX60WBY

bJUunEKY6RdEjWO1yKM=;

Date: Mon, 20 Oct 2025 18:35:02 +0000

To: root@nk.ca

From: Costco Wholesale

Subject: “Special Delivery for Costco Members—Fresh Meat Boxes Inside”

Content-Type: text/html; charset="UTF-8"



Content-Transfer-Encoding :BASE64

Mime-Version: 1.0

X-Spam_score: 13.2

X-Spam_score_int: 132

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Congrats,root! If you no longer wish to receive these emails,

you can unsubscribe by clicking here.



Content analysis details: (13.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

0.1 MISSING_MID Missing Message-Id: header

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

[87.120.219.77 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[87.120.219.77 listed in dnsbl.ahbl.org]

[87.120.219.77 listed in dnsbl.ahbl.org]

[87.120.219.77 listed in dnsbl.ahbl.org]

[87.120.219.77 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[87.120.219.77 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[87.120.219.77 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[87.120.219.77 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[87.120.219.77 listed in dnsbl.ahbl.org]

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid

0.6 J_CHICKENPOX_84 BODY: 8alpha-pock-4alpha

0.0 NORMAL_HTTP_TO_IP URI: URI host has a public dotted-decimal IPv4

address

0.0 HTML_MESSAGE BODY: HTML included in message

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

1.0 HTML_IMAGE_ONLY_16 BODY: HTML: images with 1200-1600 bytes of words

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length

greater than 79 characters

1.3 RDNS_NONE Delivered to internal network by a host with no rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image

0.3 MIME_8BIT_HEADER Message header contains 8-bit character

0.8 SARE_FROM_SPAM_WORD3 I don't know people named this!

0.4 TO_EQ_FM_DIRECT_MX To == From and direct-to-MX

0.0 T_STY_INVIS_DIRECT HTML hidden text + direct-to-MX

0.0 TO_EQ_FM_HTML_DIRECT To == From and HTML only, direct-to-MX

Subject: {SPAM?} “Special Delivery for Costco Members—Fresh Meat Boxes Inside”



Cgo8IURPQ1RZUEUgaHRtbD4KPGh0bWw+CjxoZWFkPgogICAgPHN0eWxlPgogICAgICAgIGJvZHkgewogICAgICAgICAgICBiYWNrZ3JvdW5kLWNvbG9yOiAjZWZlZmVmOwogICAgICAgICAgICBmb250LWZhbWlseTogQ2FsaWJyaSwgc2Fucy1zZXJpZjsKICAgICAgICB9CiAgICAgICAgcCB7CiAgICAgICAgICAgIGZvbnQtc2l6ZTogMTNweDsKICAgICAgICAgICAgY29sb3I6ICM3OTc5Nzk7CiAgICAgICAgICAgIG1heC13aWR0aDogNTgwcHg7CiAgICAgICAgICAgIGxpbmUtaGVpZ2h0OiAxLjQ7CiAgICAgICAgfQogICAgICAgIGEgewogICAgICAgICAgICBjb2xvcjogIzY2NjsKICAgICAgICAgICAgdGV4dC1kZWNvcmF0aW9uOiBub25lOwogICAgICAgIH0KICAgICAgICBpbWcgewogICAgICAgICAgICBtYXgtd2lkdGg6IDEwMCU7CiAgICAgICAgICAgIGhlaWdodDogYXV0bzsKICAgICAgICAgICAgd2lkdGg6IDc1MHB4OyAvKiBDaGFuZ2UgdGhpcyB2YWx1ZSB0byByZXNpemUgdGhlIGltYWdlICovCiAgICAgICAgICAgIGRpc3BsYXk6IGJsb2NrOwogICAgICAgIH0KICAgIDwvc3R5bGU+CjwvaGVhZD4KPGJvZHk+CiAgICA8Y2VudGVyPgogICAgICAgIDxicj4KICAgICAgICA8YQogICAgICAgICAgICBocmVmPSJodHRwOi8vMzEuMTI5LjIyLjE4NS80eXpLT084MjRadm9iMzd6c2lzbmlxZXh3MU5KTldPTkxOUE9TVVRMWTE3ODU0MVNNTFgyMDZBMSI+PGNlbnRlcj48aDIgc3R5bGU9ImNvbG9yOmJsYWNrIj5Db25ncmF0cyxyb290ITwvaDI+PC9jZW50ZXI+PGltZyBib3JkZXI9IjAiIHNyYz0iaHR0cHM6Ly9wYnMudHdpbWcuY29tL21lZGlhL0czdVRLZUhYRUFBbEpCVz9mb3JtYXQ9anBnJm5hbWU9NDA5Nng0MDk2IiBhbHQ9IkltYWdlIj48L2E+PGJyPgogICAgICAgIDxwPgogICAgICAgICAgICBJZiB5b3Ugbm8gbG9uZ2VyIHdpc2ggdG8gcmVjZWl2ZSB0aGVzZSBlbWFpbHMsIHlvdSBjYW4gdW5zdWJzY3JpYmUgYnkgY2xpY2tpbmcgPGEKICAgICAgICAgICAgICAgIGhyZWY9Imh0dHA6Ly8zMS4xMjkuMjIuMTg1LzVIS09HWTgyNHF2cWszN2RyZHB2c2lwZGExT1dXSExQSVFXV1VXT0VKMTc4NTQxRk9SVjIwNncxIj5oZXJlLjwvYT4KICAgICAgICA8L3A+CiAgICA8L2NlbnRlcj4KPC9ib2R5Pgo8aW1nIHNyYz0iaHR0cDovLzMxLjEyOS4yMi4xODUvdHJhY2svM3hWdmRJODI0WEVVZjM3dWlmaW93b3NvZjFJWklYRlNOTkZDTUxPS0QxNzg1NDFYTVlNMjA2TzEiIHdpZHRoPSIxIiBoZWlnaHQ9IjEiIGJvcmRlcj0iMCIgYWx0PSIiIHN0eWxlPSJkaXNwbGF5OiBub25lOyI+CjwvaHRtbD4KCg==

Anti Snoring Health spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dve@doctor.nl2k.ab.ca

Delivery-date: Mon, 20 Oct 2025 11:02:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vAtGC-00000000DAe-3R8V

for dve@doctor.nl2k.ab.ca;

Mon, 20 Oct 2025 11:01:28 -0600

Resent-From: The Doctor

Resent-Date: Mon, 20 Oct 2025 11:01:28 -0600

Resent-Message-ID:

Resent-To: dve@doctor.nl2k.ab.ca

Received: from mail-vs1-f69.google.com ([209.85.217.69]:57788)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vAsNe-00000000K7h-38jW

for sales@nk.ca;

Mon, 20 Oct 2025 10:05:13 -0600

Received: by mail-vs1-f69.google.com with SMTP id ada2fe7eead31-5d6162e0605so9308482137.3

for ; Mon, 20 Oct 2025 09:04:20 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1760976254; x=1761581054; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=+lKbG9NxLug9tpbTExvADER/4NXxIUge+fwaTajMZ0k=;

b=YprshrggKlcnEIxfik5ZL/uKwg+P6UAa+hA1X4Ni5J6GPPQom351BgAA3K5MiMmdAt

ZkfcTTw8uu1dm7D23RIx/VD3bzgenT3E8MQynxplivD+a18hs4/hma/3cwAIudFwC/DC

xQ1/kF0LFDKEEeLDtCiydqDl958HkHWh9XGXbozWwZh4+ER3jJUeMtPJSRsAdXYut5ao

wcdlrs8xOcftyoyPeTZlCRoKlZNfdsu4xe3J5HWvz4SN+kR/Ry9Du+79rJcKTorX3J/l

MAaWEIYkIPhivWtZR05eSgoiG4mc0tdpe1tMIYK8AIruAHNEpyqUNDDf/Ox8KCE9FThY

0Euw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1760976254; x=1761581054;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=+lKbG9NxLug9tpbTExvADER/4NXxIUge+fwaTajMZ0k=;

b=Yh1TVWerRXKvuBHLpOXubAR0YfRuekAcbvxfPMxLE6d3eccrPQvkPjg4KPAYXxegbA

7PDYEk9yNryiiF71GrKpuC55MBlRMfVkPZ6tINi6RwV60Xy7a7uunhmjwSnv4Drsa/xH

HZ86a7c2wlwFnDfcqjF7Db2L9nAE76pETKZZag9muStdSYRXurDQMhGDx5zTOFG03H7U

fIzv/HOGk/VRAJa8UCzXJHnUaD/wsfwnSxTl0Tbn0wpgslc5NvR6NNJwfrcKxQDX5Evr

gmLUfFN/jdrw2iVYrbdys8l6oYhJal4rhy/rGV4jKfZ0x2hN/bLbppr1nTDi81q7WQSR

VUDg==

X-Gm-Message-State: AOJu0YyKid6zZuxOgcKC16RDgxk8eBfBNVom1nTfQgDlOXQavCPg0Gxz

DFObA84Ayp43+S7BtknVbR1vuKdcgvjuoeRa5o+H7lD7HaqJePKXZ4F9puDGfsQl3lkIFe8GqKW

6XiCdZHq9VA==

X-Google-Smtp-Source: AGHT+IEeHgN/Dj0b1C04H6exn666gxUNGgnW48ajzV8onAhD5f8b4TVCQGBf99cVUnvjMLm9BN2vO0Z9Ey6TP08=

MIME-Version: 1.0

X-Received: by 2002:a05:6102:4421:b0:5d6:254f:4e24 with SMTP id

ada2fe7eead31-5d7dd5ea5f5mr5006435137.32.1760976254360; Mon, 20 Oct 2025

09:04:14 -0700 (PDT)

Message-ID: <000000000000195b1d0641993c2a@google.com>

Date: Mon, 20 Oct 2025 16:04:14 +0000

Subject: =?UTF-8?Q?He_Snored_for_20_Years=E2=80=A6_Then_One_Night=2C_It_Just_St?=

=?UTF-8?Q?opped?=

From: SleepZee Support

To: sales@nk.ca

Content-Type: multipart/alternative; boundary="000000000000195b120641993c27"

X-Spam_score: 10.5

X-Spam_score_int: 105

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Image 1 Image 2 Device Width Images



Content analysis details: (10.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.217.69 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

[209.85.217.69 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.217.69 listed in dnsbl.ahbl.org]

[209.85.217.69 listed in dnsbl.ahbl.org]

[209.85.217.69 listed in dnsbl.ahbl.org]

[209.85.217.69 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.217.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.217.69 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.217.69 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.217.69 listed in dnsbl.ahbl.org]

1.9 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: gefeliciteerdexclusievecoted.s3.amazonaws.com]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: gefeliciteerdexclusievecoted.s3.amazonaws.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: click.convertkit-mail2.com/3.18.56.123]

[URI: click.convertkit-mail2.com/3.141.222.179]

[URI: click.convertkit-mail2.com/18.220.225.51]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.217.69 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?Q?He_Snored_for_20_Years=E2=80=A6_Then_One_Night=2C_It_Just_St?=

=?UTF-8?Q?opped?=



--000000000000195b120641993c27

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes



Image 1 Image 2







--000000000000195b120641993c27

Content-Type: text/html; charset="UTF-8"













Device Width Images

















--000000000000195b120641993c27--

Anti Snoring Health spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 20 Oct 2025 11:02:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vAtGI-00000000DBQ-00Vu

for dave@doctor.nl2k.ab.ca;

Mon, 20 Oct 2025 11:01:34 -0600

Resent-From: The Doctor

Resent-Date: Mon, 20 Oct 2025 11:01:33 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ua1-f71.google.com ([209.85.222.71]:42242)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vAsWq-00000000L1Y-0UW8

for doctor@netknow.ca;

Mon, 20 Oct 2025 10:14:43 -0600

Received: by mail-ua1-f71.google.com with SMTP id a1e0cc1a2514c-932ccaf3577so3820947241.1

for ; Mon, 20 Oct 2025 09:13:49 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1760976823; x=1761581623; darn=netknow.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=8/gKMX8jYzlsxXrtTDrR+I/Py6UDOiWAF2gu7JgeFlM=;

b=JNNmH7ElVyfofA6lz2XIL5BBf2PkCTPmZ/zzUb2vwJFThLguP9F/2KkgdLWD4xrBoM

OBW5XKLyAY28tgll0/mpuuxlONSBfDiykfz7Uq7B9Ej6Czm9QsIahWOmniWGoSIPm2N3

aUjG31ZgDA8a/9slQ1ClfF1dX1Oky/XXfIE4/vy6JUEuNDuXyuFWT72b4mW/9QhktbvD

ThW1uWT+SATzcw40wXY4ngBtxkodWCNiSoWlZyuIuBzkQApID3ZBBdzpSfliRti3vOcF

C2cSjwjWyyqD1s5nHQwe6GcrAtvRFeFDqJVBEMfFkQ2IYrfCQtwZ1c+8vENcvCVNChMI

+tpw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1760976823; x=1761581623;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=8/gKMX8jYzlsxXrtTDrR+I/Py6UDOiWAF2gu7JgeFlM=;

b=MlVyi4HRlE6nf9hUvWvTbYIMES5dYsNcNv10FCGGJqIzJysmWTW9kAWJBSMK3gN80z

USfCQ4M2Owb6hQ6QP4hoQcllZuWVaU2hi7RjdmL69bHGqszfcswjEJH2keBUzzc3Yi4J

2FIK/2bWDcd4/I76h4klyWijOwocRJe5Mn2V24CskoK8Od4oQ4TkPh2NPpkR7IKEQQSq

1HB1PJV/G03REH+ccFSD+mu3L9tTOUopYBYyiauV+IlppFQwSp6IWsj6YNWgjeCLRIDU

asjMmXLQH/kB4P9Pzc3W/6gIEpsGdo3AI9owVEnAYaklFFhvluzCDqLNmNnvFEaBKr3t

+iag==

X-Gm-Message-State: AOJu0YySy8lK9NjQUXz6j7FFMlxbySwyQYbJhtXUGcgKiV0aSJdXhrv9

bHkAiU5Gt/COLVYshHgkQM8N/olLUV+EGZb6VKJkH63bL3NJiOr+eaUd7YoUC7ngJwFFyxJws5R

vblHp4GFsfA==

X-Google-Smtp-Source: AGHT+IGTwPZ7niT4fQBX47wPma4LZcJrqqhCM8twr3+s+QnsH0P7X1mHDjZL5Dr4iCv+QvLI19CWumJsjXG8z24=

MIME-Version: 1.0

X-Received: by 2002:a05:6102:510c:b0:5d6:12fa:b4ec with SMTP id

ada2fe7eead31-5d7dd507b67mr4562510137.4.1760976823351; Mon, 20 Oct 2025

09:13:43 -0700 (PDT)

Message-ID: <0000000000000379360641995e6c@google.com>

Date: Mon, 20 Oct 2025 16:13:43 +0000

Subject: =?UTF-8?Q?He_Snored_for_20_Years=E2=80=A6_Then_One_Night=2C_It_Just_St?=

=?UTF-8?Q?opped?=

From: SleepZee Support

To: doctor@netknow.ca

Content-Type: multipart/alternative; boundary="0000000000000379280641995e69"

X-Spam_score: 13.2

X-Spam_score_int: 132

X-Spam_bar: +++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Image 1 Image 2 Device Width Images



Content analysis details: (13.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.222.71 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

[209.85.222.71 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

[209.85.222.71 listed in dnsbl.ahbl.org]

[209.85.222.71 listed in dnsbl.ahbl.org]

[209.85.222.71 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.71 listed in dnsbl.ahbl.org]

1.9 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: gefeliciteerdexclusievecoted.s3.amazonaws.com]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: gefeliciteerdexclusievecoted.s3.amazonaws.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: click.convertkit-mail2.com/18.220.225.51]

[URI: click.convertkit-mail2.com/3.141.222.179]

[URI: click.convertkit-mail2.com/3.18.56.123]

2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL

[209.85.222.71 listed in psbl.surriel.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.71 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?Q?He_Snored_for_20_Years=E2=80=A6_Then_One_Night=2C_It_Just_St?=

=?UTF-8?Q?opped?=



--0000000000000379280641995e69

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes



Image 1 Image 2







--0000000000000379280641995e69

Content-Type: text/html; charset="UTF-8"













Device Width Images

















--0000000000000379280641995e69--

Anti Snoring Health spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 20 Oct 2025 11:02:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vAtGQ-00000000DCp-3kYm

for dave@doctor.nl2k.ab.ca;

Mon, 20 Oct 2025 11:01:42 -0600

Resent-From: The Doctor

Resent-Date: Mon, 20 Oct 2025 11:01:42 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vk1-f197.google.com ([209.85.221.197]:43433)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vAsZL-00000000LHp-43vh

for support@nk.ca;

Mon, 20 Oct 2025 10:17:18 -0600

Received: by mail-vk1-f197.google.com with SMTP id 71dfb90a1353d-54bbdfb584eso12705956e0c.1

for ; Mon, 20 Oct 2025 09:16:25 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1760976979; x=1761581779; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=xwkKn/ggUQ3XBknWLj6ssccjFTXXAvmDLo3mfpSRK90=;

b=OEKAxmjWwgx3BmY6dCHuu8mzu8I7ycUlH00qD4Y+iVN+mQv8yaXV0/ALQxFMha4QHq

+DvSCytupKzDn3PwkGQ4qgzFpAhNM+0h51gizHYP0FIGhWe0QLXmT+vMcI2A8ftehKzV

LKTy9MXmaRpDTwxClB9x+QNe2lxFF2BRdCOTyCTdmVph/IWgyL7/ICX8u3SU1lOgOFcX

kS1cIgCaFBI7gJEQSL1asQ0bFIYrf32BiBJPsKjjitWXor080RhyZlj1+V+TvciWH/Oi

Brl3mDMzFmas3hTpI1JeAaQPex8cv/+60PJG0m5D9H04HyguutaPGqO3otLt4j9XRSKr

YWDA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1760976979; x=1761581779;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=xwkKn/ggUQ3XBknWLj6ssccjFTXXAvmDLo3mfpSRK90=;

b=Z6JThyfUmW4WkEr/mduiwAcMm0WU9vlDJMqimd54z6AU8X2A6+C5+zM+R24Jb7Twvd

KLUa58Ha1gOvxaIcdsCmW0c00mto5Nj7fq6FHpzqBh9Cug1p8HZLJubO13UiePRM4khV

aRgsmQvjGxrGNrPBHNkwYGj6pwg1Mzw2ESDSlvUK07NTdMfjQzE1Qh2Dd31UbcE9tRJr

jPISQptPgdw6Cj7+/cvj9XfNmaHkPvpfy3pAicXIog4crdpKWBHZL7wljcN9CBdCGnvY

hXvxiiWK6Oh/UX60FRcUL2rn+8iMrmzIdRPKvNeu4IsvLSAv15Diz1QubmgIAfJ+o9re

ReUg==

X-Gm-Message-State: AOJu0YwEOryeRsDjaLDjubZyIFWIaysRqkzt8Vbxfsrsg9Zp7NsmycRO

la2FyR0A14lyagPqcno38mF86Z9Yz28vEJpc6C9fdfsJtcaQtTwb9KIREVmGO/BBfrNTN10aFjp

jIBGi21jeIw==

X-Google-Smtp-Source: AGHT+IGaThTwu1z87uDu/rbA9xOEF4wDNK15raYeLxrVnUfhykFjdj77fgL+4iUlWXg/8JPdtK3LTqcR07tdl5A=

MIME-Version: 1.0

X-Received: by 2002:a05:6122:d95:b0:54a:8690:7193 with SMTP id

71dfb90a1353d-5564ee82868mr4108001e0c.4.1760976979645; Mon, 20 Oct 2025

09:16:19 -0700 (PDT)

Message-ID: <0000000000005453c2064199679c@google.com>

Date: Mon, 20 Oct 2025 16:16:19 +0000

Subject: =?UTF-8?Q?He_Snored_for_20_Years=E2=80=A6_Then_One_Night=2C_It_Just_St?=

=?UTF-8?Q?opped?=

From: SleepZee Support

To: support@nk.ca

Content-Type: multipart/alternative; boundary="0000000000005453a50641996799"

X-Spam_score: 10.5

X-Spam_score_int: 105

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Image 1 Image 2 Device Width Images



Content analysis details: (10.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.221.197 listed in list.dnswl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

[209.85.221.197 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.221.197 listed in dnsbl.ahbl.org]

[209.85.221.197 listed in dnsbl.ahbl.org]

[209.85.221.197 listed in dnsbl.ahbl.org]

[209.85.221.197 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.221.197 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.221.197 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.221.197 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.221.197 listed in dnsbl.ahbl.org]

1.9 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: gefeliciteerdexclusievecoted.s3.amazonaws.com]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: gefeliciteerdexclusievecoted.s3.amazonaws.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: click.convertkit-mail2.com/3.141.222.179]

[URI: click.convertkit-mail2.com/3.18.56.123]

[URI: click.convertkit-mail2.com/18.220.225.51]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.197 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?Q?He_Snored_for_20_Years=E2=80=A6_Then_One_Night=2C_It_Just_St?=

=?UTF-8?Q?opped?=



--0000000000005453a50641996799

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes



Image 1 Image 2







--0000000000005453a50641996799

Content-Type: text/html; charset="UTF-8"













Device Width Images

















--0000000000005453a50641996799--

Anti Snoring Health spam from Google Gmail

Posted by Dave Yadallee on
Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Mon, 20 Oct 2025 11:01:03 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vAtFW-00000000Cxx-0i4o

for dave@doctor.nl2k.ab.ca;

Mon, 20 Oct 2025 11:00:46 -0600

Resent-From: The Doctor

Resent-Date: Mon, 20 Oct 2025 11:00:46 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-vk1-f199.google.com ([209.85.221.199]:58381)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1vArxB-00000000Hp9-2uZh

for doctor@nk.ca;

Mon, 20 Oct 2025 09:37:52 -0600

Received: by mail-vk1-f199.google.com with SMTP id 71dfb90a1353d-54bcbbc35d1so343664e0c.0

for ; Mon, 20 Oct 2025 08:36:58 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=firebaseapp.com; s=20230601; t=1760974612; x=1761579412; darn=nk.ca;

h=to:from:subject:date:message-id:mime-version:from:to:cc:subject

:date:message-id:reply-to;

bh=8qpJDS5LbbdZKLQOgItOgHZGWXFpaztTlXj3UzVbc88=;

b=He1UspGngy5vzQ54ZD49Q1Eu+mXVG1uLM6Gku/undCUAIHgsEgJOkrfE3lWHa34CGZ

r9UN7vpvmRMwKFs858+CJGLC/sKuRJwER8klXvQ/IFAfzyjPKXKHitLJMRZP71xFFwsd

G/AiJGtO27NSq2BCPKlI+vE8bksnCLvke/6qSA5DW/3+inJKp5KM6IO/XI5p9t4qrPwY

YkkyzHX/7jsJPomsYtK/sLkL7ej2mJILNhEITaptxfwAVS9ZiHBaAIgec2RtDx80kWDE

pG4EJdrABglWwQWpxEhjAfV1qfb4PB0Rg7SEQapB2HSTN2DmyUD8+v/IudxOBRw/GZ5S

8otw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20230601; t=1760974612; x=1761579412;

h=to:from:subject:date:message-id:mime-version:x-gm-message-state

:from:to:cc:subject:date:message-id:reply-to;

bh=8qpJDS5LbbdZKLQOgItOgHZGWXFpaztTlXj3UzVbc88=;

b=GsR9fctRUZ6iSYovAa1wdM/deAy/W2N2260FygDFS3K7j3kL9GusYBwFZBerVNueVp

xqNW3zJ+1PBOQJKdCqTaSlciuKQSg2EdgpDM3mujgpM3l8XhkBQnUHy0lzT930TVC4CY

7r2mp6GQockkzw+wka+i0ti5VkOHKpSzwXlxW11Mxcgfxyt/Db13cVO0kz5iRfYCFnrT

si25+httmoISeXg5dfZlk0CXNDSpoTXwD3vpJ64K7BDsLmXcUpAllcdt6zIrH40U/G3l

WnN3S/+BnohN6rddpoMhi2T7Qf6MM3/Obop2uHBXMA5tEOhNBOREc3htybhU3VxdKbNi

tOlw==

X-Gm-Message-State: AOJu0YyAW9eDwJ5uwGWR2iLRDLvfcjhoY1B7PzD4jVb+IWlN6SnAsK2/

vPaFzjxicHZWFt/fTXEPG17+sACGrQyls5wCKkMIsQPrKM6SPRYW7fPf6OsNUN1PVl+GmuLK7wZ

wXNJFENM9bA==

X-Google-Smtp-Source: AGHT+IG35ewLbNKXNAjiHkOTLzdvA3kE4zoVB1tEfpI5QVjTamEuWYgNwK+N1jVZoVAkv/KpC9zr5V9Os0o3bCQ=

MIME-Version: 1.0

X-Received: by 2002:a05:6122:d8e:b0:554:afee:9a83 with SMTP id

71dfb90a1353d-5564ee607c4mr3604512e0c.4.1760974612702; Mon, 20 Oct 2025

08:36:52 -0700 (PDT)

Message-ID: <0000000000003fa7fa064198da6f@google.com>

Date: Mon, 20 Oct 2025 15:36:52 +0000

Subject: =?UTF-8?Q?He_Snored_for_20_Years=E2=80=A6_Then_One_Night=2C_It_Just_St?=

=?UTF-8?Q?opped?=

From: SleepZee Support

To: doctor@nk.ca

Content-Type: multipart/alternative; boundary="0000000000003fa7e5064198da6c"

X-Spam_score: 10.5

X-Spam_score_int: 105

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Image 1 Image 2 Device Width Images



Content analysis details: (10.5 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

[209.85.221.199 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.221.199 listed in dnsbl.ahbl.org]

[209.85.221.199 listed in dnsbl.ahbl.org]

[209.85.221.199 listed in dnsbl.ahbl.org]

[209.85.221.199 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.221.199 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.221.199 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.221.199 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.221.199 listed in dnsbl.ahbl.org]

1.9 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: gefeliciteerdexclusievecoted.s3.amazonaws.com]

1.9 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist

[URI: gefeliciteerdexclusievecoted.s3.amazonaws.com]

0.1 URIBL_SBL_A Contains URL's A record listed in the SBL blocklist

[URI: click.convertkit-mail2.com/3.18.56.123]

[URI: click.convertkit-mail2.com/3.141.222.179]

[URI: click.convertkit-mail2.com/18.220.225.51]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.221.199 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature

0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid

0.7 HTML_IMAGE_ONLY_20 BODY: HTML: images with 1600-2000 bytes of words

0.0 HTML_MESSAGE BODY: HTML included in message

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.3 HTML_SHORT_LINK_IMG_3 HTML is very short with a linked image

0.0 T_REMOTE_IMAGE Message contains an external image

Subject: {SPAM?} =?UTF-8?Q?He_Snored_for_20_Years=E2=80=A6_Then_One_Night=2C_It_Just_St?=

=?UTF-8?Q?opped?=



--0000000000003fa7e5064198da6c

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes



Image 1 Image 2







--0000000000003fa7e5064198da6c

Content-Type: text/html; charset="UTF-8"













Device Width Images

















--0000000000003fa7e5064198da6c--