NetKnow Corporate Blog

McAfee Phish from Google Gmail

Posted by Dave Yadallee on Thursday, April 2. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Apr 2026 13:49:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8O1V-00000000Kkq-0Q66

for dave@doctor.nl2k.ab.ca;

Thu, 02 Apr 2026 13:48:13 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Apr 2026 13:48:12 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-oo1-f74.google.com ([209.85.161.74]:56774)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8KeY-00000000P0a-3xgP

for doctor@nl2k.ab.ca;

Thu, 02 Apr 2026 10:12:29 -0600

Received: by mail-oo1-f74.google.com with SMTP id 006d021491bc7-67e4258e5b7so3249236eaf.1

for ; Thu, 02 Apr 2026 09:11:32 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=google.com; s=20251104; t=1775146286; x=1775751086; darn=nl2k.ab.ca;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=mM0cVmXXgoszdUsiSkuGUWjrkhs0q5kkcmsVT+WyNFU=;

b=HhBM/fDa/g03tOqae93PTJl8dcn8YwT+ZVEJeWlr2ulYCZkbC+cbgpGe8b5N95al4Q

JYWZAO/7gLrzXQHXELSOFb07/WYSkLXmmyY0E/IhZcV63Zorh5TXIQx1t9KzBUjrQ4rJ

Xvqywprld2UyrXvqh675STfs9RmMM7ACboDQW7EkNitbS/qHYl3KKjwmtgCZuXqeBHTA

3M+sJeEZWZBYfVIZLJ2GeajMSFCGmVVIwMQNezwNZgJSIoRyP8x254aYlts6VCy27f5m

GYVIRc/H1tUt4VsUmc/lp4zRqC95EvAk4IR4Rfz7Ogyg9V7RY8QnWEttHegzjEQ1NmGK

icbA==

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=invlites-com.20230601.gappssmtp.com; s=20230601; t=1775146286; x=1775751086; darn=nl2k.ab.ca;

h=to:from:subject:date:message-id:sender:reply-to:mime-version:from

:to:cc:subject:date:message-id:reply-to;

bh=mM0cVmXXgoszdUsiSkuGUWjrkhs0q5kkcmsVT+WyNFU=;

b=PITlZ3SBiCjGUq5kvHfAqoCVpTOZrG2okChwd5llbU4VpfLXtOleb0HnjOOMkePrm5

G8K+bzbmqYq7Bd2J5QSjVFTDwbmFMwpUwaRGIKXJKyF3ZImA4/1Ur23UydxksVvu+d7d

Ivfq+FCxPIjSbaHU290S2qsTVwzq3aY6vucNI/MKUlTgJEM30yXxaqUdYIF+BhWG5m9S

PM7v947wrLvcTc4re0Oq2m/uBn3SXFXTP4P2Pq6aZ3Dm0nVmD8h1Y5DHSWsLNULvNvYk

6vmdg7Obo7HmItPQYoEGB2eBT4374OapIlpAqEGrr8PGU6tFy8hohYT6qKzB0TmWV5/l

mKgA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1775146286; x=1775751086;

h=to:from:subject:date:message-id:sender:reply-to:mime-version

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=mM0cVmXXgoszdUsiSkuGUWjrkhs0q5kkcmsVT+WyNFU=;

b=MfDos1kJHqh1XKv3b0Vu5VKKfwPPo/Zg1vF9yFYYIwnw6qrXIJUZ/sfsXecKNqdxwx

8Ht0veqbf31B9H6uknoxxZOpK1Wayrpe7sWPMMwRGEIEfYwzGt4AXmcZI73N30ASkimC

2H5vduKVwOH5sCTHiUKEtz3/CEPGb7u8nQyizvf1VEGa9uX6TD+VujviK0lQt1N6vq0e

d+6o8+SJ6gbjg4coYEeL8brgqYNlx/iekg2kFZzRj46eCaHOuf0HyUT6mG3IQus/DypS

F6prM3OlEEnpDSiauf3mCCwArrqkLi6JH3R0jQ0nFaScejl4RDmMUTZyAhjYvTdLW6T0

kV8A==

X-Gm-Message-State: AOJu0YxEq3S23ycpfveJsIjG2X4GC4CngKIEiRQKudficQq/lvVtTytl

yTh6otc4Sbb4ZUGrqxXdYKBhS6c1m9FC5NxQotIUU2w4UMe0QkctfGjbDKuV4sC3aWhDXabsYVn

SPgZjXFakHaZeerX2CaHvUcSA2Q6bX5X9IVXbakjodqq5iQrkp/0eHk0F

MIME-Version: 1.0

X-Received: by 2002:a05:6820:160e:b0:67c:250c:ac4c with SMTP id

006d021491bc7-67fabcbb84amr4172367eaf.31.1775146285999; Thu, 02 Apr 2026

09:11:25 -0700 (PDT)

Reply-To: Accelerated Zuern

Sender: Google Calendar

Message-ID:

Date: Thu, 02 Apr 2026 16:11:26 +0000

Subject: Invitation: Action Needed: Check Your Plan Before Renewal @ Thu Apr

2, 2026 10:11pm (GMT-7) (doctor@nl2k.ab.ca)

From: Accelerated Zuern

To: doctor@nl2k.ab.ca

Content-Type: multipart/mixed; boundary="000000000000cd3714064e7c7377"

X-Spam_score: 10.0

X-Spam_score_int: 100

X-Spam_bar: ++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Action Needed: Check Your Plan Before Renewal Thursday Apr

2, 2026 â‹… 10:11pm Pacific Time - Los Angeles Invoice date: Friday, 03 April

2026 Membership Renewal Activity Notice

Content analysis details: (10.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.161.74 listed in list.dnswl.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

[209.85.161.74 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.161.74 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

[209.85.161.74 listed in will-spam-for-food.eu.org]

0.3 LONGWORD BODY: Uses overlong words

0.6 MEGALONGWORD BODY: Uses really overlong words

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.161.74 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

1.5 IMPRONONCABLE_2 Too much mixed numbers and lower-case letters

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

0.6 LONG_INVISIBLE_TEXT Long block of hidden text - bayes poison?

Subject: {SPAM?} Invitation: Action Needed: Check Your Plan Before Renewal @ Thu Apr

2, 2026 10:11pm (GMT-7) (doctor@nl2k.ab.ca)

Accelerated Zuern has invited you to Action Needed: Check Your Plan Before Renewal

Title: Action Needed: Check Your Plan Before Renewal

When: Thursday, April 2, 2026 at 23:11

Organizer:

Accelerated Zuern

Description: Invoice date: Friday, 03 April 2026

Membership Renewal Activity Notice

Thank you,

We would like to notify you that your membership renewal with McAfee will be processed today. The total amount of $321.21 will be billed accordingly. For support, contact 828 259 7385.

Invoice Tracking Center:

Service Provider: McAfee

Invoice receipt: ORD4623931

Add-on Service: DigitalCore Guard

Validity: Two Years

Total Payable: $321.21

For any assistance regarding your account, please contact 828 259 7385.

With sincere respect,

Genesis Medina

McAfee, Inc.

2026 Company. All Rights Reserved.

Activation Code: 4a824056-a2f3-406b-b750-3032652549e1

Attendees:

doctor@nl2k.ab.ca

Invoice date: Friday, 03 April 2026

Membership Renewal Activity Notice

Thank you,

We would like to notify you that your membership renewal with McAfee will be processed today. The total amount of $321.21 will be billed accordingly. For support, contact 828 259 7385.

Invoice Tracking Center:

Service Provider: McAfee

Invoice receipt: ORD4623931

Add-on Service: DigitalCore Guard

Validity: Two Years

Total Payable: $321.21

For any assistance regarding your account, please contact 828 259 7385.

With sincere respect,

Genesis Medina

McAfee, Inc.

2026 Company. All Rights Reserved.

Activation Code: 4a824056-a2f3-406b-b750-3032652549e1

When

Thursday Apr 2, 2026 ⋅ 10:11pm (Pacific Time - Los Angeles)

Organizer

Accelerated Zuern

acceleratedzuern@invlites.com

Guests

(Guest list has been hidden at organizer's request)

Reply for doctor@nl2k.ab.ca

Yes

No

Maybe

More options

Invitation from Google Calendar

You are receiving this email because you are an attendee on the event.

Forwarding this invitation could allow any recipient to send a response to the organizer, be added to the guest list, invite others regardless of their own invitation status, or modify your RSVP. Learn more

Chinese Products Spam

Posted by Dave Yadallee on Thursday, April 2. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Apr 2026 13:47:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8Nzf-00000000HdA-2KEe

for dave@doctor.nl2k.ab.ca;

Thu, 02 Apr 2026 13:46:19 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Apr 2026 13:46:19 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-m82213677.xmail.ntesmail.com ([8.221.36.77]:59376)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8JNY-000000003O8-2pkC

for sales@nk.ca;

Thu, 02 Apr 2026 08:50:54 -0600

Content-Type: multipart/mixed; BOUNDARY="=_Part_5041572_665977311.1775141380630"

To: Sales

Reply-To: lina@benonamed.com

Subject: =?UTF-8?B?SW5ub3ZhdGl2ZSBNZWRpY2FsIERldmljZXM6IFVubWF0Y2hlZCBCdXNpbmVzcyBQcm9zcGVjdHM=?=

X-Priority: 3

MIME-Version: 1.0

Received: from lina@benonamed.com( [10.139.1.59] ) by ajax-webmail ( [127.0.0.1] ) ; Thu, 2 Apr 2026 22:49:40 +0800 (GMT+08:00)

From: Lina-BenonaMed

Date: Thu, 2 Apr 2026 22:49:40 +0800 (GMT+08:00)

X-WM-Tid: 0a9d4eabe18a00f5kunmd577e205630dc6

DKIM-Signature: a=rsa-sha256;

b=rKnRm0vNciJvW6VMWqeWIt1bHDKuQK9U2ydDuSGokpMBR72DU/vgUMLLo5M2YJwqXYfqYyUTfu5siqcs2vdyPmN0/7YE/SKqSjQKn82fhdnH0/xpl/ZpBTYiYbhnW2IFZxH752gcw35hkgA710Y2h4lZuq5oXR1mxZBkRmzj/z/txinPUEeML22tQUVOaTE6SLMtFFKvzA7CvxJ6evuzQRezyoGbKgf/GEYRgNS8jgm0vcbXSIkLwROXH2vEGTWY9zBxPzGq+O9mW366PJcPJFwKcobheIcLGZrLt4MxkiG0Iwh2H9P2J9q1E/GkmNGCYymoqi3SsSKuNdlmoA2qfQ==; s=default; c=relaxed/relaxed; d=benonamedicalequipment.com; v=1;

bh=U6IsdytZ+1dra64k31dA6XtQIsdxntJ3vHo0SrFzNo8=;

h=date:mime-version:subject:message-id:from;

Message-ID:

X-Spam_score: 5.3

X-Spam_score_int: 53

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Welcome to Benona Medical World For Aesthetic Wonders, Physio

Recovery & Vet Care â€“ Our High - Tech Gear Leads the Way! Discover Our

Latest Product Innovations and Special Offers Benona Co., Ltd, a leading Chinese

medical equipment manufacturer with over 12 years of experience, cordially

invites you to explore purchase [...]

Content analysis details: (5.3 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[8.221.36.77 listed in dnsbl.ahbl.org]

[8.221.36.77 listed in dnsbl.ahbl.org]

[8.221.36.77 listed in dnsbl.ahbl.org]

[8.221.36.77 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[8.221.36.77 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[8.221.36.77 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[8.221.36.77 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[8.221.36.77 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[8.221.36.77 listed in will-spam-for-food.eu.org]

[8.221.36.77 listed in will-spam-for-food.eu.org]

[8.221.36.77 listed in will-spam-for-food.eu.org]

[8.221.36.77 listed in will-spam-for-food.eu.org]

[8.221.36.77 listed in will-spam-for-food.eu.org]

[8.221.36.77 listed in will-spam-for-food.eu.org]

[8.221.36.77 listed in will-spam-for-food.eu.org]

[8.221.36.77 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[8.221.36.77 listed in wl.mailspike.net]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.3 SPECIAL_OFFER BODY: Special Offer

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

Subject: {SPAM?} =?UTF-8?B?SW5ub3ZhdGl2ZSBNZWRpY2FsIERldmljZXM6IFVubWF0Y2hlZCBCdXNpbmVzcyBQcm9zcGVjdHM=?=

Welcome to Benona Medical World

For Aesthetic Wonders, Physio Recovery & Vet Care – Our High - Tech Gear Leads the Way!

Discover Our Latest Product Innovations and Special Offers

Benona Co., Ltd, a leading Chinese medical equipment manufacturer with over 12 years of experience, cordially invites you to explore purchase, consultation, or collaboration opportunities.

Our company supplies high - end medical equipment to hospitals and specialized clinics from US and Europe. Our distinction lies in our comprehensive product portfolio, which includes cutting-edge technologies such as ESWT, Tecar, EMS, Magneto therapy, PEMF, Laser, IPL, RF, Elight, OPT, Cryolipolysis, Ultrasonic Cavitation Vacuum, HIFU, and RF Slimming systems.

Skin Cooling System

Where Comfort Meets Precision in Every Treatment!

4 Wavelength Diodo Laser

Your Swift & Smooth Path to Permanent Hair - Free Skin!

Magneto + Shockwave + Laser Unleash the Power of Physiotherapy for Ultimate Body Pain Ease!

10D Rotating Green Laser Lights Newest Painless Fat Removal Choice From LuxMaster Slim

Fractional CO₂ Laser Sculpt Your Skin, Redefine Youth - Tighten with Precision!

🌐 www.benonabeauty.com

📧 Lina@benonamed.com

📧 Lina@benonabeauty.com

☎WhatsApp:+8613527652449

Hit subscribe now to receive regular updates and our product’s latest features! Subscribe

If you dont want to receive our emails, you can easily unsubscribe here.

Physiotherapy Devices catalog -Benona.jpg

Web/SEo/App spam from Google Gmail

Posted by Dave Yadallee on Thursday, April 2. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Apr 2026 13:45:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8Nxw-00000000Atx-2jBT

for dave@doctor.nl2k.ab.ca;

Thu, 02 Apr 2026 13:44:32 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Apr 2026 13:44:32 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-pj1-f66.google.com ([209.85.216.66]:51564)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8Iup-000000002R8-0fTg

for root@nk.ca;

Thu, 02 Apr 2026 08:21:09 -0600

Received: by mail-pj1-f66.google.com with SMTP id 98e67ed59e1d1-35d94f4ee36so549508a91.3

for ; Thu, 02 Apr 2026 07:20:11 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=mobwebify-com.20230601.gappssmtp.com; s=20230601; t=1775139605; x=1775744405; darn=nk.ca;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:from:to:cc:subject:date:message-id:reply-to;

bh=v9SH6IbPMhXE8mOmeYjb6epIVrSbgkKVWo6ylWjvEwI=;

b=vxR2a5NCZTRHIyTvYBgpmeq+oyfSbknr6Ol2BQ59ymbExywncWKl4d05Vmc0rNuJWD

W5dCZTrTT6LOt7jn9eMgy8uZLF8ckuwhyLOE+A2gnc4JBoAX6pR5VUMtpBBUtIp/2lXa

PkthuU7X+h3rX82qyn+9S1dFKlg0LfvLKV/3FVTDxY0XfT5PyUAs8m3RYYRM9/WyJny5

1HOTbF0pDNnzJ7ejm+/zmyHpevOJujJbTg3c/FL7yMr5vCSrB0oIOypLDNwqgLRDMbdW

6dIbB9YAu3Xqoq8O3MIcK26DhVtJfZ79yeDmSiHESCW5O7ReP5TZzueCIQ8gGct8yTfb

7sxg==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1775139605; x=1775744405;

h=content-language:thread-index:mime-version:message-id:date:subject

:to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date

:message-id:reply-to;

bh=v9SH6IbPMhXE8mOmeYjb6epIVrSbgkKVWo6ylWjvEwI=;

b=khQG/bdN2zpIRe46xqTZq5shwkRz8WM+XKizbykj9GTgcA+bSabxw7zHPwfAV44I6q

/sk4nid8sz4Vf91G3zg2zFfWPC9tLC97PcR2VwZaTePo2WloO3AbyVJ4V7xCvzmGlXwy

t9rSkoBWWTSULXSysiWyxcv/6Y9L3fh3YVkrFqnz2VQmiEa46fMQitMz/OjA5Ej866R/

f1typDQ3OK6b9zS6RMUYtmlhhBNsdJJiDxN1n20e8K9W6yfiF46WQzCv1pw7Ihq8BgdO

Ohu+PHLPB67beeOO4XGgskhT6B7hTPGdq/XxqIdZPKwdRPF5qJu0dRFAVRSeWlk9hNaR

Vn8g==

X-Gm-Message-State: AOJu0YytEhg8bhq54H2RMM+0/XSZPe5XI1uWNJT5KxpaNZZ1N6+XHmuD

d/44z/sACZZcUlDaJx7IuswFXNzoG5qns9eWbnHhfnaqv/rA3o835YrmM3Q7foxyEXdtDeZ/5Nv

V/RlyLpY=

X-Gm-Gg: AeBDietrK910gOmPQTwgFVmkBobx/RdflnjpFAjJozNvdofzWWNz6ReS5Gqc8Zd2cBC

eU/jqI4kimUXRU2UqHlyUgS7amhtxxa+NC2Z1sP53JSuMIjTCjTQUObLpM6km9s/xQ24KoISX/U

kjc7pG4MvoanoqJ0o5Ahnao0bH4ArcszFHT7Vl1mGB5EGmZGI7vUWxxGu3+9lgoTgyn6DR6ZyEZ

0YwkvOuezKE5i4BD3zHeABsLYSq0Jd0a2wuQ2MnCbrCJZBGYczbwsPITLoC0JfrDA9kuGf8vLb8

ulPsxXpN7xBbG4IY8Qb+soVF8xLKK6CZ6aUnCEjGBTpDu4yxdfYBOGc1gcKNcKdk4bUab3ln6t6

CbstQ+wxG3ueL7VLTFbeabzFK1tKpuw8FSvidzYTmFS+no1nwpteA9y+E8zp9zr0LSMYBwt1HK5

YEnMLzNKB88yzZ3DP7Pj7/as1tWI1UjhKbGbpCGH7BAmU=

X-Received: by 2002:a17:90b:4987:b0:35b:90e7:c44f with SMTP id 98e67ed59e1d1-35dc6ea4e0emr7625496a91.7.1775139604742;

Thu, 02 Apr 2026 07:20:04 -0700 (PDT)

Received: from DESKTOPSRTB37E ([2409:40d0:2a:32c1:391b:6ecd:52b3:df59])

by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-35dd367bf24sm3161180a91.9.2026.04.02.07.20.03

for

(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);

Thu, 02 Apr 2026 07:20:04 -0700 (PDT)

From: "Aiden"

To:

Subject: Need a better ERP/CRM/Mobile App Setup ?

Date: Thu, 2 Apr 2026 19:35:11 +0530

Message-ID: <6063301dcc2ab$cd47e770$67d7b650$@com>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_60634_01DCC2D9.E7002370"

X-Mailer: Microsoft Office Outlook 12.0

Thread-Index: AdzCahGA5tYkajbzQrGL6vHhRNTioQ==

Content-Language: en-us

X-Spam_score: 7.0

X-Spam_score_int: 70

X-Spam_bar: +++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hi there! I hope you're doing well. I'm reaching out to introduce

our services in custom ERP, CRM software, and mobile application development

(Android & iOS). We are based in Noida, India, and specialize in building

tailored digital so [...]

Content analysis details: (7.0 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.216.66 listed in dnsbl.ahbl.org]

[209.85.216.66 listed in dnsbl.ahbl.org]

[209.85.216.66 listed in dnsbl.ahbl.org]

[209.85.216.66 listed in dnsbl.ahbl.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[dnsbl.ahbl.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[dnsbl.ahbl.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[dnsbl.ahbl.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.216.66 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.216.66 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.216.66 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.216.66 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[will-spam-for-food.eu.org]

[2409:40d0:2a:32c1:391b:6ecd:52b3:df59 listed in]

[will-spam-for-food.eu.org]

[209.85.216.66 listed in will-spam-for-food.eu.org]

[209.85.216.66 listed in will-spam-for-food.eu.org]

[209.85.216.66 listed in will-spam-for-food.eu.org]

[209.85.216.66 listed in will-spam-for-food.eu.org]

[209.85.216.66 listed in will-spam-for-food.eu.org]

[209.85.216.66 listed in will-spam-for-food.eu.org]

[209.85.216.66 listed in will-spam-for-food.eu.org]

[209.85.216.66 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.216.66 listed in list.dnswl.org]

-0.0 RCVD_IN_MSPIKE_H3 RBL: Good reputation (+3)

[209.85.216.66 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

-0.0 RCVD_IN_MSPIKE_WL Mailspike good senders

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 END_FUTURE_EMAILS Spammy unsubscribe

0.0 T_END_FUTURE_EMAILS Spammy unsubscribe

Subject: {SPAM?} Need a better ERP/CRM/Mobile App Setup ?

This is a multi-part message in MIME format.

------=_NextPart_000_60634_01DCC2D9.E7002370

Content-Type: text/plain;

charset="us-ascii"

Content-Transfer-Encoding: 7bit

Hi there!

I hope you're doing well.

I'm reaching out to introduce our services in custom ERP, CRM software, and

mobile application development (Android & iOS). We are based in Noida,

India, and specialize in building tailored digital solutions for businesses

across industries.

We help organizations streamline operations, improve customer management,

and scale efficiently through fully customized systems aligned with their

specific workflows and goals.

Our core services include:

Custom ERP development (Inventory, HR, Finance, Operations)

CRM systems (Sales automation, lead tracking, customer lifecycle)

Mobile app development (Android & iOS)

Web-based dashboards & admin panels

API integrations with third-party platforms

Ongoing support and maintenance

Why work with us:

Fully customized solutions (no templates)

Scalable and secure architecture

Complete ownership of source code upon project completion

Dedicated project management and support

We would be glad to understand your requirements and propose a solution

tailored to your needs.

Please let me know a convenient time to connect.

Looking forward to your response

Best regards,

Aiden,

P.S. If you'd prefer not to receive further emails, simply reply with "NO"

in the subject line.

Online document Phish Part 2

Posted by Dave Yadallee on Thursday, April 2. 2026

FONT-FAMILY: Tahoma; WIDTH: 638px; WHITE-SPACE: normal; WORD-SPACING: 0px;=

TEXT-TRANSFORM: none; FONT-WEIGHT: 400; COLOR: rgb(44,54,58); PADDING-BOTT=

OM: 0px; FONT-STYLE: normal; PADDING-TOP: 24px; PADDING-LEFT: 24px; MIN-HEI=

GHT: 433px; ORPHANS: 2; WIDOWS: 2; MARGIN: 0px; LETTER-SPACING: normal; PAD=

DING-RIGHT: 24px; TEXT-INDENT: 0px; font-variant-ligatures: normal; font-va=

riant-caps: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial; background-size: initial; background-origin: initi=

al; background-clip: initial">

er; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 10px 0px 24px; PADDING-RIG=

HT: 0px">
FONT-SIZE: 20px; FONT-WEIGHT: 700; COLOR: rgb(0,0,0); PADDING-BOTTOM: 0px; =

PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 24px 0px; PADDING-RIGHT: 0px">=

Document Status update(s) over the last 2 hour(s)

sible; BORDER-LEFT-STYLE: solid; HEIGHT: 0px; BORDER-TOP-COLOR: rgb(237,235=

,233); WIDTH: 590px; BORDER-BOTTOM-STYLE: solid; BORDER-LEFT-COLOR: rgb(237=

,235,233); PADDING-BOTTOM: 0px; BORDER-BOTTOM-COLOR: rgb(237,235,233); PADD=

ING-TOP: 0px; BORDER-RIGHT-STYLE: solid; PADDING-LEFT: 0px; MARGIN: 0px 0px=

24px; BORDER-RIGHT-COLOR: rgb(237,235,233); PADDING-RIGHT: 0px; border-ima=

ge: initial">

-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px 0px 24px; PA=

DDING-RIGHT: 0px">

px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">D=

ear sales

px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">&=

nbsp;

px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">T=

he system has identified
EIGHT: bolder; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MA=

RGIN: 0px; PADDING-RIGHT: 0px">1
4,58)"> contract document that has been shared with you via OneDrive. =

You can view and download it at your convenience.

0px; WIDTH: 590px; BACKGROUND: rgb(245,248,251); COLOR: ; PADDING-BOTTOM: 0=

px; PADDING-TOP: 24px; PADDING-LEFT: 0px; MARGIN: 0px 0px 24px; PADDING-RIG=

HT: 0px">

; HEIGHT: 32px; WIDTH: 157px; BACKGROUND: rgb(66,113,153); COLOR: rgb(255,=

255,255); PADDING-BOTTOM: 0px; TEXT-ALIGN: center; PADDING-TOP: 0px; PADDIN=

G-LEFT: 0px; MARGIN: auto; DISPLAY: block; LINE-HEIGHT: 32px; PADDING-RIGHT=

: 0px; box-shadow: rgba(0, 0, 0, 0.1) 0px 0.6px 1.8px, rgba(0, 0, 0, 0.13) =

0px 3.2px 7.2px; border-radius: 2px"=20

href=3D"https://shoutout.wix.com/so/f2PqbEUr-/c?w=3DZ2A3HFPRqGe5cKeaDL-vQ36=

I63VEWCAiD7dPiKBSNsE.eyJ1IjoiaHR0cHM6Ly9hdGFua3Bha28ubmVrb3dlYi5vcmcvZnIvY2=

RxLmh0bWwiLCJyIjoiYjIwYTBlMzItMDNmYS00MzEyLWI5NGMtOGJiODBjMjhmZmQ3IiwibSI6I=

mxwIn0#sales@nk.ca" rel=3Dnoreferrer target=3D_blank>View Documents
V>

OTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px 0px 24px; PADD=

ING-RIGHT: 0px">

16px; FONT-WEIGHT: 700; COLOR: rgb(63,81,97); PADDING-BOTTOM: 0px; PADDING=

-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px 0px 24px; PADDING-RIGHT: 0px">Cou=

nt of Status Updates*

hidden; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0=

px 0px 24px; PADDING-RIGHT: 0px">

DTH: 289px; FLOAT: left; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEF=

T: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">

T: 700; COLOR: rgb(96,94,92); PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDIN=

G-LEFT: 0px; MARGIN: 0px 0px 18px; PADDING-RIGHT: 0px">Received Documents:&=

nbsp;

: content-box; OVERFLOW: visible; BORDER-LEFT-STYLE: solid; HEIGHT: 0px; BO=

RDER-TOP-COLOR: rgb(237,235,233); WIDTH: 289px; BORDER-BOTTOM-STYLE: solid;=

BORDER-LEFT-COLOR: rgb(237,235,233); PADDING-BOTTOM: 0px; BORDER-BOTTOM-CO=

LOR: rgb(237,235,233); PADDING-TOP: 0px; BORDER-RIGHT-STYLE: solid; PADDING=

-LEFT: 0px; MARGIN: 0px 0px 10px; BORDER-RIGHT-COLOR: rgb(237,235,233); PAD=

DING-RIGHT: 0px; border-image: initial">

dden; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px=

0px 10px; PADDING-RIGHT: 0px">

44px; FLOAT: left; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px=

; MARGIN: 0px; PADDING-RIGHT: 0px">
=3D"BOX-SIZING: border-box; FONT-SIZE: larger; COLOR: rgb(16,124,16); PADDI=

NG-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; DISPLAY: =

inline-block; TOP: 5px; PADDING-RIGHT: 0px">Valid

44px; FLOAT: left; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px=

; MARGIN: 0px; PADDING-RIGHT: 0px">1

: content-box; OVERFLOW: visible; BORDER-LEFT-STYLE: solid; HEIGHT: 0px; BO=

RDER-TOP-COLOR: rgb(237,235,233); WIDTH: 289px; BORDER-BOTTOM-STYLE: solid;=

BORDER-LEFT-COLOR: rgb(237,235,233); PADDING-BOTTOM: 0px; BORDER-BOTTOM-CO=

LOR: rgb(237,235,233); PADDING-TOP: 0px; BORDER-RIGHT-STYLE: solid; PADDING=

-LEFT: 0px; MARGIN: 0px 0px 10px; BORDER-RIGHT-COLOR: rgb(237,235,233); PAD=

DING-RIGHT: 0px; border-image: initial">

0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px 0px 24px; PADDING-RI=

GHT: 0px">

px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">*=

This is an aggregate of all notifications that you received, there could be=

multiple notifications for the same document.

590px; PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0=

px; PADDING-RIGHT: 0px">

px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">

To manage your notification preferences please visit your
ZING: border-box; COLOR: rgb(0,172,255); PADDING-BOTTOM: 0px; PADDING-TOP: =

0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px; BACKGROUND-COLOR: =

transparent; text-decoration-line: none"=20

href=3D"https://shoutout.wix.com/so/f2PqbEUr-/c?w=3DZ2A3HFPRqGe5cKeaDL-vQ36=

I63VEWCAiD7dPiKBSNsE.eyJ1IjoiaHR0cHM6Ly9hdGFua3Bha28ubmVrb3dlYi5vcmcvZnIvY2=

RxLmh0bWwiLCJyIjoiYjIwYTBlMzItMDNmYS00MzEyLWI5NGMtOGJiODBjMjhmZmQ3IiwibSI6I=

mxwIn0#sales@nk.ca" rel=3Dnoreferrer target=3D_blank> pro=

file page.

=20

PADDING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADD=

ING-RIGHT: 0px">This email was automatically generated by nk.ca Porta=

l .

WIDTH: 638px; WHITE-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none=

; FONT-WEIGHT: 400; COLOR: rgb(44,54,58); PADDING-BOTTOM: 0px; FONT-STYLE: =

normal; PADDING-TOP: 0px; PADDING-LEFT: 0px; ORPHANS: 2; WIDOWS: 2; MARGIN:=

0px; LETTER-SPACING: normal; PADDING-RIGHT: 0px; BACKGROUND-COLOR: rgb(36,=

36,36); TEXT-INDENT: 0px; font-variant-ligatures: normal; font-variant-caps=

: normal; -webkit-text-stroke-width: 0px;=20

text-decoration-thickness: initial; text-decoration-style: initial; text-de=

coration-color: initial">

ING-BOTTOM: 0px; PADDING-TOP: 0px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-=

RIGHT: 0px">

px; PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">

PADDING-LEFT: 0px; MARGIN: 0px; PADDING-RIGHT: 0px">

apse; COLOR: rgb(255,255,255); PADDING-BOTTOM: 1em; TEXT-ALIGN: center; PAD=

DING-TOP: 1em; PADDING-LEFT: 5em; MARGIN: 0px; PADDING-RIGHT: 5em">© 2=

026 Copyrights

Online document Phish Part 1

Posted by Dave Yadallee on Thursday, April 2. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Apr 2026 13:45:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8Nxq-00000000AJU-0uZ5

for dave@doctor.nl2k.ab.ca;

Thu, 02 Apr 2026 13:44:26 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Apr 2026 13:44:26 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from eve.registeredhosting.ca ([170.39.114.46]:46623)

by doctor.nl2k.ab.ca with esmtp (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8Ifq-000000001mX-2ij1

for sales@nk.ca;

Thu, 02 Apr 2026 08:05:38 -0600

Received: from eve.registeredhosting.ca (localhost.localdomain [127.0.0.1])

by eve.registeredhosting.ca (Postfix) with ESMTP id 904696E7D6

for ; Thu, 2 Apr 2026 08:04:34 -0600 (MDT)

Received: from spind.co.jp (unknown [45.148.103.121])

by eve.registeredhosting.ca (Postfix) with ESMTPA id 4F5636E7D8

for ; Thu, 2 Apr 2026 08:04:34 -0600 (MDT)

From: "Nicola Fairbrother"

To: sales@nk.ca

Subject: 1 Document Status pending review over the last 2 hour(s)

Date: 02 Apr 2026 07:04:38 -0700

Message-ID: <20260402070436.DBF8E4D474F53C68@spind.co.jp>

MIME-Version: 1.0

Content-Type: text/html;

charset="iso-8859-1"

Content-Transfer-Encoding: quoted-printable

X-Spam_score: 8.1

X-Spam_score_int: 81

X-Spam_bar: ++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Document Status update(s) over the last 2 hour(s) Dear sales

Content analysis details: (8.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[170.39.114.46 listed in dnsbl.ahbl.org]

[170.39.114.46 listed in dnsbl.ahbl.org]

[170.39.114.46 listed in dnsbl.ahbl.org]

[170.39.114.46 listed in dnsbl.ahbl.org]

[45.148.103.121 listed in dnsbl.ahbl.org]

[45.148.103.121 listed in dnsbl.ahbl.org]

[45.148.103.121 listed in dnsbl.ahbl.org]

[45.148.103.121 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[170.39.114.46 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[170.39.114.46 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[170.39.114.46 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[170.39.114.46 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[45.148.103.121 listed in will-spam-for-food.eu.org]

[45.148.103.121 listed in will-spam-for-food.eu.org]

[45.148.103.121 listed in will-spam-for-food.eu.org]

[45.148.103.121 listed in will-spam-for-food.eu.org]

[45.148.103.121 listed in will-spam-for-food.eu.org]

[45.148.103.121 listed in will-spam-for-food.eu.org]

[45.148.103.121 listed in will-spam-for-food.eu.org]

[45.148.103.121 listed in will-spam-for-food.eu.org]

[170.39.114.46 listed in will-spam-for-food.eu.org]

[170.39.114.46 listed in will-spam-for-food.eu.org]

[170.39.114.46 listed in will-spam-for-food.eu.org]

[170.39.114.46 listed in will-spam-for-food.eu.org]

[170.39.114.46 listed in will-spam-for-food.eu.org]

[170.39.114.46 listed in will-spam-for-food.eu.org]

[170.39.114.46 listed in will-spam-for-food.eu.org]

[170.39.114.46 listed in will-spam-for-food.eu.org]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[170.39.114.46 listed in sa-trusted.bondedsender.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[45.148.103.121 listed in sbl-xbl.spamhaus.org]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[170.39.114.46 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

2.6 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL

[45.148.103.121 listed in zen.spamhaus.org]

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[170.39.114.46 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[170.39.114.46 listed in bl.score.senderscore.com]

1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)

0.5 NO_RDNS Sending MTA has no reverse DNS (Postfix variant)

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.1 MXG_EMAIL_FRAG BODY: URI with email in fragment

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted

Colors in HTML

Subject: {SPAM?} 1 Document Status pending review over the last 2 hour(s)

Web/SEO/App spam from Google Gmail

Posted by Dave Yadallee on Thursday, April 2. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Apr 2026 07:00:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8HeI-00000000L8S-1bVh

for dave@doctor.nl2k.ab.ca;

Thu, 02 Apr 2026 06:59:50 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Apr 2026 06:59:50 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-ed1-f65.google.com ([209.85.208.65]:52648)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8GlI-00000000BW3-2sUT

for sales@nk.ca;

Thu, 02 Apr 2026 06:03:09 -0600

Received: by mail-ed1-f65.google.com with SMTP id 4fb4d7f45d1cf-66c5b2e41c1so1250216a12.1

for ; Thu, 02 Apr 2026 05:02:12 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1775131325; cv=none;

d=google.com; s=arc-20240605;

b=apbdCXlRvjrVOtGNgU1AcZ16edX6y0Lz0NNswzn/O7Hjhuw9TuZDBcljLvLTtl5ZFj

pPXnM2sBIYJnQQerUyZygafrfeqA9iy6bWC103w8MUb5JhleLlT30xUkO8aPp7BChPx8

1XsO0BZwJADl5AqnLBIIZBVqT2BQsMO5KHmFhfJ5MlV9WzQadp0KNjCC5JHfBlpIQ2WP

zpUpFjX2Fo4SLDNJ4FkQucAIpUY9huRCRu1lk2wgtHMoh1C1t3PTWJHAKbAIIa5O1KfL

f3nmkJPCHE7sBvdhN7c6muYLyV3NAdFpr/nn0urLH4v5N5Xb0I7PMM9kueh87M1qIUaX

lEyg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:sender:mime-version:dkim-signature;

bh=hmxl9leenauIAkUz/VNEpuOxFYLC8u1hyN4BD7BZl8s=;

fh=K4YXDlBzh75jp+umpiVSGKtavKLbAmcgNobJ9O4QpWc=;

b=fBxgU8YFdehufdPwUAMS0igz8f15NAtBsr4OGzxXoT1w2RYKI5wFH+egp2Z3Bu/vvK

PA5Cj9rHOyV1D8Aw2Xh4xdoiSak20clX9oo/EOqzOjeL9fmhMCIJMnyWMPAzpmaadIb5

0BpJr6Ewh/x+6eDtEnIFD5ZIIs6kraiXw5HsYD/qraeuYKb0nrddlh8u24ORetQYuZEK

v3iCUl3KyPK/pnZdGED1ctCIQ5rJwsA8B2//TwPB51jGjn7em3XTJZUxz8I+2jteu414

CxBR8uSrl6XvULhW3wXvKiyGWAyUWq53VbGu7UW1OAycgovPKViKKrNMRdMc3zV5NHJ3

KBfw==;

darn=nk.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=advancedigitalweb-com.20230601.gappssmtp.com; s=20230601; t=1775131325; x=1775736125; darn=nk.ca;

h=to:subject:message-id:date:from:sender:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=hmxl9leenauIAkUz/VNEpuOxFYLC8u1hyN4BD7BZl8s=;

b=XZEz4Ub3u8HTuOBAvxsbo0tUwq/7fIipc80Z3hAMB4g1ko9Qmwuz1pFBUHMQHWbmjW

1pHpbAByrcRPqDDcQB1WoKAcE8c2HQPbu/ccBm/wh7YxYRTlv7iSO5LiHtyWT7oKWunz

g1dwHImVt0lD3k7Ek96mlyuQx3adErhFe/EzJZmsyJqRYOJk8jvmPV1THYGNJfxkrrqa

l4/Wm+u4Q/YHZH7g+7YVIuwppQ1uoHqEl6Uv8kFo0lFWe8MXJGEav7kzjosAxxWZDRw2

YxBOS+ydyVaFYDm5RJs0uVgFx9dwmaeNDIE67lJB5LPqJFGFv2PFUj4vWFWPJ75g9vwQ

Co3w==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1775131325; x=1775736125;

h=to:subject:message-id:date:from:sender:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=hmxl9leenauIAkUz/VNEpuOxFYLC8u1hyN4BD7BZl8s=;

b=IHFYsDMw32xLXiNvwC7fTXjzw/HlwJkiegTx74kFI5fVARUQeX4wKjs/QDG5ocSXug

lMTJIIsjiKSnM/nVGElixkBonOWeTpabYCesDGwFPdAX3V9hS6glrISUlBUqYQriY0vF

vkQ9rJRixfD1lvhCr/uOi+XQfs0JkIHE50IeDLL6grqvJ4qbh65QvNnoG6wfeLYYvhdU

pRyCDjHtZDVMvWEmopWhSRQlkKA07u+FHz7VBhGc3H/rfkVz8QN3D3BbEl5k/wVS6+0c

tWOYadvu098h1PL1WC5tfcpdZeKotoFeDIqfbZ4bOUBIRWQzFNDWFaR1Yr2SL+DCCBqI

JX8g==

X-Gm-Message-State: AOJu0YyjAiMDOCIsFXivlfQw8Hp5/MdsN+evHcIEos+FkIYE+8z3iZ9r

9RlaqtXEKPBLSSir1dRBTlqOGbf7DhDNYNwTx3ayROyIgxTqJYqqsQEn1XGBCyx6oXDVhGJZXd0

YkEYohubxWltsSON0QGir+Dez/yflzJgPT+krK17yxuRIBv9wdM1BVqoY2KI=

X-Gm-Gg: ATEYQzyQ0zx4sbz7Jy4r5rx3W2PnPoxWsdybl8V1t5uR3MkunnSrfvAXK2kEAi32Sbe

OCCmeGWLbicGaSoK0pv+nZCavkMGwtrXINetsy6fMlfsXC9yR9Tm9cEeQia7GrXriao3ijR4iMv

5By+UCShmx9vCU25MCyzXUG71EQ1vS0B0CCH7MAqJ6rWAgNfYFRcgv/RNkfxwBxz5pxD73a2MK9

CkyN6UQ3ud1jW0k5TlkzchpuOOo7L2O2Plf4j6jZLjHka96nBKJSE8islF1v/M3opNgpLwWu+zz

z4WhXSlT4nTeohsywGt0lHJ2LePYNBp2CpZTTqPvgQ==

X-Received: by 2002:a05:6402:3485:b0:66b:d34:9218 with SMTP id

4fb4d7f45d1cf-66db0ae57a1mr4797666a12.18.1775131315575; Thu, 02 Apr 2026

05:01:55 -0700 (PDT)

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Thu, 2 Apr 2026 08:01:54 -0400

Received: from 52669349336 named unknown by gmailapi.google.com with HTTPREST;

Thu, 2 Apr 2026 08:01:53 -0400

MIME-Version: 1.0

Sender: Branson Kihn

From: Branson Kihn

Date: Thu, 2 Apr 2026 08:01:54 -0400

X-Google-Sender-Auth: -9knXVXte8-4VDXY7syUBeDP9vQ

X-Gm-Features: AQROBzBQdn4ieoMSZacPVtY1WOLpoSobFvrXF60Akij7aUhtfa01TEo18nVD8wE

Message-ID:

Subject: Quick question about : nk.ca

To: Sales

Content-Type: multipart/alternative; boundary="0000000000007ec9de064e78f754"

--0000000000007ec9de064e78f754

Content-Type: text/plain; charset="UTF-8"

Hi Team,

I have a digital marketing plan that could benefit your *"nk.ca

"*.

Can I send over the *proposal*?

Best Regards,

Branson Kihn !

[image: beacon]

--0000000000007ec9de064e78f754

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

s=3D"MsoNormal" style=3D"margin:0cm 0cm 8pt;line-height:13.8pt;background-i=

mage:initial;background-position:initial;background-size:initial;background=

-repeat:initial;background-origin:initial;background-clip:initial;font-size=

:11pt;font-family:Calibri,"sans-serif"">
12pt">Hi Team,

I have a digital marketing plan that could benefit yo=

ur=C2=A0"
t.com/2lW47ArDWj5toU51bLP8d67a3crULEMyNFElueKo8wRllRRJOnQFrsPlPRP360D-qxWUi=

-k0Y_ZOmhgGmkN4nzSqk8sAkl9kD4dvfY0-NGgh-Gy51fXrgqDrrYNR7QLS6UyN1yAbuc2_HmqE=

hiPi2m7pepSE1TCiHz9XugJ9_PqCi-gtV" rel=3D"nofollow">nk.ca". Ca=

n I send over the=C2=A0proposal?

yle=3D"margin:0cm 0cm 8pt;line-height:13.8pt;background-image:initial;backg=

round-position:initial;background-size:initial;background-repeat:initial;ba=

ckground-origin:initial;background-clip:initial;font-size:11pt;font-family:=

Calibri,"sans-serif"">=C2=A0
Be=

st Regards,
Branson Kihn !<=

/p>

ckground-image:initial;background-position:initial;background-size:initial;=

background-repeat:initial;background-origin:initial;background-clip:initial=

;font-size:11pt;font-family:Calibri,"sans-serif"">
font-size:12pt">=C2=A0

0cm 8pt;line-height:15.6933px;font-size:11pt;font-family:Calibri,"san=

s-serif"">=C2=A0
pan>

52jyyulAKLP46SXldrO25Ci5_7XKdli14daRRJOnQG95GsuI7Z1KSMBwEsIuX1PkaGt6wfhiQFj=

kFNbOVQcXg8frSZ7hK8gZNPMPwHiwZKbFzVC8baR2a-HkCUlZTHfCgniJceMPTZB9YGYtTAyuVg=

0cUcswlGO" width=3D"1" height=3D"1" alt=3D"beacon" style=3D"display:none; d=

isplay:none!important;">

--0000000000007ec9de064e78f754--

Chinese Productus spam Part 2

Posted by Dave Yadallee on Thursday, April 2. 2026

Hi,

We are Shanghai HG Apparel Co. Ltd., a garment Manufacturer, established in 2005, and we are not a trader. We operate

our own factory.

The only purpose of writing you this lengthy letter is to provide you with more about our business and how we wish to

collaborate with you. Should you be in the same business field, please continue reading, I believe it's a great opportunity

for us to become acquainted. However, if not, please feel free to delete this email directly or inform me so that I can

remove your email from our mailing list.

The products we manufacture include:

T-shirts/Polos, Dress shirts, Hoodies, Sweat shirts, Pants/ Trousers, Coats & Jackets, Blazers, Dresses, Skirts,

Uniforms, Nurse Scrubs, Work wear, Safety wear, etc.

We also supply fabrics, scarves, beanies, women's bags, sweaters, etc., but these are outsourced.

Regarding myself: I am Mr. Lee, the sales manager. I am known for my quick temper. I anticipate prompt responses from

my customers and, in turn, I ensure that I never keep them waiting. I understand that when you email me for any matter,

you would also desire a swift response. I will not let you wait; I always respond to my customers' emails promptly. Even when

I am very busy, I will send a brief message to confirm receipt of your email and inform you of when I will reply. That is the way

I communicate with my customers and everyone else.

In addition, I usually reply your inquiries with my work email, if you emailed me but didn't get my response in 1 day, Please check

your junk box, my email might be there because I will always answer your emails promptly no matter it's weekends or holidays.

However, it's best to reply to my work email HGapparel@163.com directly because I can see the incoming emails in real time and

answer the first time. just in case the sending emails expire and are not timely renewed then I would not be able to read your email

and respond in a fast manner.

We are quite different from other Chinese suppliers. After much interaction with me. you will realize how I treat my customers,

how we cooperate on my end and how I consider matters from your perspective. I know clearly what my customers expect from

us. I don't think other suppliers can do the same as I do. I prefer a long-term business partnership even if the profit is not

substantial. We aspire to be not only your supplier but also a reliable partner. Are you interested in collaborating with someone

like me ?

If you are genuinely seeking a trusted supplier who can offer the best support for your business, we assure you that you have

found the right one you can rely on. It is us. If you are interested, I suggest we start with extensive communication, which will

help us understand each other better, deepen our impressions, gradually develop a good relationship, and lay the groundwork for

our future collaboration. It is too late to find a reliable supplier when you truly need one. Therefore, upon receiving my email, I

would be very grateful for a response. Keeping silence will block the way to knowing each other, does that make sense ?

I understand you may hesitate considering moving to a new factory. it's not an easy decision, with so many uncertainties,

especially before you know the new suppliers quite well. I understand this very much. If you are now satisfied with your current

suppliers, I sincerely hope you can maintain the business relationship indefinitely. ONLY WHEN you are dissatisfied with them

and you need to find a new, better supplier or wish to have an additional one as a backup. Please feel free to contact us for more

info. I firmly believe you'll enjoy doing business with us, I am very confident.

We eagerly look forward to the opportunity to work with you. If possible, we welcome you to visit our factory in person.

What we most want is just a long-term business relationship not a quick order or big orders.

Your early response would be highly appreciated.

Our work email is HGapparel@163.com, it's mainly used for handling all business-related correspondences. It's likely to be

useful to you, so please keep it.

May God bless you!

Mr. lee

chinese products spam part 1

Posted by Dave Yadallee on Thursday, April 2. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Thu, 02 Apr 2026 04:36:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8FOM-00000000FRr-1pIM

for dave@doctor.nl2k.ab.ca;

Thu, 02 Apr 2026 04:35:14 -0600

Resent-From: The Doctor

Resent-Date: Thu, 2 Apr 2026 04:35:14 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-8160.188.com ([60.191.81.60]:13783)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w8DmU-00000000LQY-0Sl2

for doctor@nl2k.ab.ca;

Thu, 02 Apr 2026 02:52:12 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=163.com;

s=s110527; h=Date:From:To:Subject:Content-Type:MIME-Version:

Message-ID; bh=bcjAYOmEZi5kdpPHtsKv1PwzYgnlvQADhIZAo72xjRg=; b=B

HYr67b2B0ev4M0TBBO4rIoXz6ChJVq8KtZ7lHBNUkLgxsi4O1dprx2ZgsA2TEwyq

zp6yplnW18YVZWG8lu1OuFnURVncG4SZoKo0y7bkpfOp8xtfJOl4W5DFNXguFWHm

tjmjgutZ9BSx98IK+W3sTzq5ThizcFCylf+P+/tcFo=

Received: from bagsandclothesetc$163.com ( [101.228.5.221] ) by

ajax-webmail-wmsvr-40-115 (Coremail) ; Thu, 2 Apr 2026 16:21:03 +0800 (CST)

X-Originating-IP: [101.228.5.221]

Date: Thu, 2 Apr 2026 16:21:03 +0800 (CST)

From: bagsandclothesetc

To: doctor@nl2k.ab.ca

Subject: We are a clothing manufacturer, not big but might be just right for

you.

X-Priority: 3

X-Mailer: Coremail Webmail Server Version 2023.4-cmXT build

20251222(83accb85) Copyright (c) 2002-2026 www.mailtech.cn 163com

Disposition-Notification-To: bagsandclothesetc@163.com

X-CM-CTRLMSGS: MUsn9HBsdXM9MTc3NTExODA2MTY2N19hMjI1NzQyYWZjMDI4YjMzMDk4ODg2N

DNjNDYyY2JjNg==

X-NTES-SC: AL_Qu2cB/2at0gt5SSebekfmUYSjuk6UMKxv/Un3IJVPZx+jDzp5SEkZH5vIHzI0vKwLiWSqBWbTgpp8M18YKp/XbIXulqQDwJuKmyQBLu+FUJaPg==

Content-Type: multipart/alternative;

boundary="----=_Part_123500_582435890.1775118063479"

MIME-Version: 1.0

Message-ID: <6ea6319e.8065.19d4d481777.Coremail.bagsandclothesetc@163.com>

X-Coremail-Locale: zh_CN

X-CM-TRANSID:cygvCgDHqbbvJs5pkw6HAA--.2205W

X-CM-SenderInfo: 5edj2txqgfz05wkh2vlwf6il2tof0z/xtbC5w-SlmnOJu-jsgAA3T

X-Coremail-Antispam: 1U5529EdanIXcx71UUUUU7vcSsGvfC2KfnxnUU==

X-Spam_score: 11.6

X-Spam_score_int: 116

X-Spam_bar: +++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Hi, We are Shanghai HG Apparel Co. Ltd., a garment Manufacturer,

established in 2005, and we are not a trader. We operate our own factory.

The only purpose of writing you this lengthy letter is to provide you with

more about our business and how we wish to collaborate with you. Should you

be in the same business field, please continue re [...]

Content analysis details: (11.6 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[60.191.81.60 listed in dnsbl.ahbl.org]

[60.191.81.60 listed in dnsbl.ahbl.org]

[60.191.81.60 listed in dnsbl.ahbl.org]

[60.191.81.60 listed in dnsbl.ahbl.org]

[101.228.5.221 listed in dnsbl.ahbl.org]

[101.228.5.221 listed in dnsbl.ahbl.org]

[101.228.5.221 listed in dnsbl.ahbl.org]

[101.228.5.221 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[60.191.81.60 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[60.191.81.60 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[60.191.81.60 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[60.191.81.60 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[101.228.5.221 listed in will-spam-for-food.eu.org]

[101.228.5.221 listed in will-spam-for-food.eu.org]

[101.228.5.221 listed in will-spam-for-food.eu.org]

[101.228.5.221 listed in will-spam-for-food.eu.org]

[101.228.5.221 listed in will-spam-for-food.eu.org]

[101.228.5.221 listed in will-spam-for-food.eu.org]

[101.228.5.221 listed in will-spam-for-food.eu.org]

[101.228.5.221 listed in will-spam-for-food.eu.org]

[60.191.81.60 listed in will-spam-for-food.eu.org]

[60.191.81.60 listed in will-spam-for-food.eu.org]

[60.191.81.60 listed in will-spam-for-food.eu.org]

[60.191.81.60 listed in will-spam-for-food.eu.org]

[60.191.81.60 listed in will-spam-for-food.eu.org]

[60.191.81.60 listed in will-spam-for-food.eu.org]

[60.191.81.60 listed in will-spam-for-food.eu.org]

[60.191.81.60 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_SBL_XBL RBL: Received via a relay in Spamhaus SBL+XBL

[101.228.5.221 listed in sbl-xbl.spamhaus.org]

3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS

[101.228.5.221 listed in zen.spamhaus.org]

0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[60.191.81.60 listed in sa-accredit.habeas.com]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The

query to Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[60.191.81.60 listed in sa-trusted.bondedsender.org]

-0.0 SPF_PASS SPF: sender matches SPF record

0.2 MR_NOT_ATTRIBUTED_IP Beta rule: an non-attributed IPv4 found in

headers

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[bagsandclothesetc(at)163.com]

1.0 MONOTONE_WORDS_15_2 BODY: Many lowercase words (15+ words, 2+

letters)

0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to

Validity was blocked. See

https://knowledge.validity.com/hc/en-us/articles/20961730681243

for more information.

[60.191.81.60 listed in bl.score.senderscore.com]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[60.191.81.60 listed in bl.score.senderscore.com]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[60.191.81.60 listed in list.dnswl.org]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.0 FREEMAIL_REPLY From and body contain different freemails

0.5 GB_FREEMAIL_DISPTO Disposition-Notification-To/From or

Disposition-Notification-To/body contain

different freemails

2.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)

Subject: {SPAM?} We are a clothing manufacturer, not big but might be just right for

you.

Validation spam from Google Gmail Part 2

Posted by Dave Yadallee on Wednesday, April 1. 2026

--0000000000001b507d064e6b020b

Content-Type: text/plain; charset="UTF-8"

Dear Sir,

This is to bring to your notice that your name has reappeared in the

transfer reference funding which has reflected in the cash remittance

survey voucher.

You are by this memo required to kindly respond for the revalidation and

financial schedule to be raised and indicate your interest.

We shall not want this to reflect in the 2027 financial year again still

standing unclaimed.

We look forward to your reply.

Kind Regards,

The Financial Audit Team.

Financial Services Compensation Scheme

Fin Conduct Authority.

--0000000000001b507d064e6b020b

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

=3D"gmail_signature" data-smartmail=3D"gmail_signature">

iv style=3D"color:rgb(34,34,34)">
rif;font-size:16pt">Dear Sir,

">

=

yle=3D"font-size:12pt">
nt-family:Calibri,sans-serif">
"line-height:24.5333px">This is to bring to your notice that your name has =

reappeared in the transfer reference funding which has reflected in the cas=

h remittance survey voucher.

=3D"font-family:Verdana;font-size:12px;margin-bottom:11px">
ont-size:12pt">
y:Calibri,sans-serif">
ight:24.5333px">You are by this memo required to kindly respond for the rev=

alidation and financial schedule to be raised and indicate your interest.
span>

ize:12px;margin-bottom:11px">
line-height:18.4px">
yle=3D"font-size:16pt">We shall not w=

ant this to reflect in the 2027 financial year again still standing unclaim=

ed.

ont-size:12px;margin-bottom:11px">
e=3D"line-height:18.4px">
an style=3D"font-size:16pt">We look f=

orward to your reply.

t-family:Verdana;font-size:12px;margin-bottom:11px">
e:12pt">
ri,sans-serif">
.5333px">

:Verdana;font-size:12px;margin-bottom:11px">=

serif">
>Kind Regards,

y:Verdana;font-size:12px;margin-bottom:11px">
>
-serif">
">The Financial Audit Team.

=3D"font-family:Verdana;font-size:12px;margin-bottom:11px">
ont-size:12pt">
y:Calibri,sans-serif">
ight:24.5333px">Financial Services Compensation Scheme=

tom:11px">
>
pt">Fin Conduct Authority.
an>

>

--0000000000001b507d064e6b020b--

Validation spam from Google Gmail Part 1

Posted by Dave Yadallee on Wednesday, April 1. 2026

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Wed, 01 Apr 2026 13:41:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w81Qp-00000000OEc-2xH9

for dave@doctor.nl2k.ab.ca;

Wed, 01 Apr 2026 13:40:51 -0600

Resent-From: The Doctor

Resent-Date: Wed, 1 Apr 2026 13:40:51 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lj1-f173.google.com ([209.85.208.173]:46264)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.98.2 (FreeBSD))

(envelope-from )

id 1w81A9-00000000NVf-43hK

for root@nl2k.ab.ca;

Wed, 01 Apr 2026 13:23:47 -0600

Received: by mail-lj1-f173.google.com with SMTP id 38308e7fff4ca-38a01c80c34so1050121fa.0

for ; Wed, 01 Apr 2026 12:22:51 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1775071364; cv=none;

d=google.com; s=arc-20240605;

b=SKqnbyzLN89jQhBXDH6k5dWOPgErjLIPKYh7ZrsXGD3BpruS9gQKVQXU2ZKD9nnPld

Wyv+y53KyhHrk8oZeF2IWY9ahFvdVBRZxPc+uwwS4TZuhlQlI/Oyr0srhLr/Idm9t2ZO

4rcQOehVDxussgTfXgZYeIe3BfWfD0/2qhea2b8df2cD79rJnKsMiKd2D10E7C79eFS1

w+LAbZF49CNnY5QPMfHq1hu16fLkPtA100T/CATa7SYyuMmbdB44FDEMrlNsT3zX+4XE

xn4sYbSb5QNUAl7b5jOBmK8r2adzCSxbZMvI1SkDmebS9YGsVz6GUiQPynwCPEQyRU6V

pV0Q==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=kJKbslO2LH1qcJIrS9PdqZI3m2hEW2ecoNm4oDsIYe8=;

fh=cX/VpJIBmmqrk7RzZVKAFIbqKFqNdx8vBzqNSNtJ/YA=;

b=b7o/JT/7C5zx71YluwSl0F2AdwfqULh0svvR5l3lcpesKMlKpqOopra702ZGQZRSoW

QhhlNa1tYtVugJxy1aGj2BN2NSL5MNONkMJoiyQETCrPcbyTW6z6ozXVHisvrAl27oIQ

V7wgM1cuOd+o8WroYq30JVTNyZWpalChCb1WqZlpwrK4npxoNqylBsFzRoOuebrank5f

th2cVC7JZSt2w5fGTFeERMM1Sl7FhZUT8CuYEVINuIuhjglaiN09XYQDEKNePQOZLr4k

/dBHetFeomfFxK+xssQTiU0YsYpKop9uD6xFNdxRbVoma0zNIrZKFQMF5IF6THoU4Wgs

VrGQ==;

darn=nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1775071364; x=1775676164; darn=nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=kJKbslO2LH1qcJIrS9PdqZI3m2hEW2ecoNm4oDsIYe8=;

b=fysxwd3qDLeZ+yVn33BOf3Ed5kI4r5RM0ExRbED0YpOjM0Z9JybVE+sJxIA+WRbPjR

MuOAPnvh9Mc2w1fLL03LbCtE4EASQVCNPbxtNOsO6auE90Nq1MM3r3+1zrYB3gJqQRrL

k9/ivOaV6xavmg6VW2Mxxcenf3YaEsC/mfs+NCCl9VCykcmSGPYOgc8CRB/7u/zuIoNV

fj8C6IiI8vWuw1O7Y5AaUgA4G1PE5+aDNaoOTheEiw1jGTu8ChGFoLYAslrgm7Mry1Y7

zqjSzvJyU5tgXXUdlQ7x6ALcEMaZlkXTg6RaDIWlpIrQzqXpzZCe+kbtgIC1YSor5xfD

is3A==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1775071364; x=1775676164;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=kJKbslO2LH1qcJIrS9PdqZI3m2hEW2ecoNm4oDsIYe8=;

b=pxJ4N4lmBbAukSbgD5eTsiElqWQTYInM6/XmEA6R6+wqxzdqOk61c7Ja2wSkpJMDCP

KEoIxcXL7lKVBW2zU5qzd/5Gmx50ihkP4tYH7MxdmUN4noFJkEf0RMU+032ig9oQh3zz

2F5Lf0MrOyAG3+8S7BG7sRNSIcDK5cSpYeVhCx87YBAB2G/psy4VISreB70yeQEVErcP

AVV7xa9m0Je1CPoG6PDjCwA/e3NCzsm1bWdLy0yU3u5PI8gREDIt2NVI3NydDqu2QwKb

xfb5hk2xkcdwzFn68Xra25JN3ieCClDr9yrMiBLt6OjMIjaSQ044SzKg+L13eBdo/eif

VqaA==

X-Forwarded-Encrypted: i=1; AJvYcCVmH8vvbapKud+Cd6/YnlZ/FhQToXuwjYZJljbnP+Caj8Vd1a4Oe6nfl12jwY2e4Lq0m/GS@nl2k.ab.ca

X-Gm-Message-State: AOJu0YzjhVJO1xyWjTdZPFqXWaXbvgp4KrDI63n8oY1Y9wyMfGMJUGkF

/jTAIYQLHwTGySf2cXVHBr9TCMSI/V7v7+VS2a8T1gfiqXJ1zL0HkDGYwvD4uEtJ8f2YbjlaaIj

0GMVw68Iw/ZBTu+Ifctp3+lPdUC3NOfY=

X-Gm-Gg: ATEYQzxvMGQhoKtFSPD7bRCQqqmJzLHo/uHCSfHysDknGbuJOsCl47Rx0HN8TPdI8hX

3fwMUutYwT1+P05szoWdFVZMv6l4pdUrL9Bl8vWAyy6EmbEPC+uQTTP6NWolU6TTSUPeYSIAN+W

AhUvVfKzPKuxMlDUi3bTahCUYdQWcOBr8vhvzNuij5Zymiz/MgURKsdUGr6CUdfkvsgqOvwExKh

AxhwVv8DOGYbkyI+NDOk1tXmqZw6lg/Wzd/7VHLXS25jqXBITcpqpqHaTgGChkOEGKM3875wb8N

o+Msr2AMJ5KQLHQj5VIezganKO/IxIHZD6bi3X4TtI797QAqAPutgFtdO4uZbAlikUDfVg==

X-Received: by 2002:a05:651c:a09:b0:38b:fd3e:c41a with SMTP id

38308e7fff4ca-38cd38cc3ffmr1657751fa.35.1775071364074; Wed, 01 Apr 2026

12:22:44 -0700 (PDT)

MIME-Version: 1.0

Reply-To: cfc.consultancy@aol.com

From: Cfc

Date: Thu, 2 Apr 2026 02:22:33 +0700

X-Gm-Features: AQROBzAY7aPSc3YucIZk4V7_jTcdlRlSiaivwDN7YNk5KAi_TBU2cX22mr5pK5s

Message-ID:

Subject: REVALIDATION

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="0000000000001b507d064e6b020b"

Bcc: root@nl2k.ab.ca

X-Spam_score: 12.1

X-Spam_score_int: 121

X-Spam_bar: ++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.

Content preview: Dear Sir, This is to bring to your notice that your name has

reappeared in the transfer reference funding which has reflected in the cash

remittance survey voucher. You are by this memo required to kindly respond

for the revalidation and financial schedule to be raised and indicate your

interest.

Content analysis details: (12.1 points, 5.0 required)

pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.208.173 listed in dnsbl.ahbl.org]

[209.85.208.173 listed in dnsbl.ahbl.org]

[209.85.208.173 listed in dnsbl.ahbl.org]

[209.85.208.173 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.208.173 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.208.173 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.208.173 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.208.173 listed in dnsbl.ahbl.org]

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.208.173 listed in will-spam-for-food.eu.org]

[209.85.208.173 listed in will-spam-for-food.eu.org]

[209.85.208.173 listed in will-spam-for-food.eu.org]

[209.85.208.173 listed in will-spam-for-food.eu.org]

[209.85.208.173 listed in will-spam-for-food.eu.org]

[209.85.208.173 listed in will-spam-for-food.eu.org]

[209.85.208.173 listed in will-spam-for-food.eu.org]

[209.85.208.173 listed in will-spam-for-food.eu.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.208.173 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[macdeemaris74(at)gmail.com]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[macdeemaris74(at)gmail.com]

1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)'

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.173 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

Subject: {SPAM?} REVALIDATION

Validation spam from Google Gmail Part 2

Posted by Dave Yadallee on Wednesday, April 1. 2026

--00000000000076538c064e6b016d

Content-Type: text/plain; charset="UTF-8"

Dear Sir,

This is to bring to your notice that your name has reappeared in the

transfer reference funding which has reflected in the cash remittance

survey voucher.

You are by this memo required to kindly respond for the revalidation and

financial schedule to be raised and indicate your interest.

We shall not want this to reflect in the 2027 financial year again still

standing unclaimed.

We look forward to your reply.

Kind Regards,

The Financial Audit Team.

Financial Services Compensation Scheme

Fin Conduct Authority.

--00000000000076538c064e6b016d

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable