X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 21 Jun 2026 08:42:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wbJMf-00000000MEk-48k4

for dave@doctor.nl2k.ab.ca;

Sun, 21 Jun 2026 08:41:37 -0600

Resent-From: The Doctor

Resent-Date: Sun, 21 Jun 2026 08:41:37 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from wsip-72-198-249-30.tu.ok.cox.net ([72.198.249.30]:53016)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wbITj-00000000HJY-2I1Q

for www@nl2k.ab.ca;

Sun, 21 Jun 2026 07:45:01 -0600

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;

d=covenantfamilychurchtulsa.com; s=default; h=Content-Transfer-Encoding:

Content-Type:MIME-Version:List-Unsubscribe:From:To:Reply-To:Message-Id:

Subject:Date:Sender:Cc:Content-ID:Content-Description:Resent-Date:Resent-From

:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:

List-Id:List-Help:List-Subscribe:List-Post:List-Owner:List-Archive;

bh=gVnCm19bSIvDIeo/dz6BzYKtFfjqJAd38lB80TgpQfA=; b=ptwGDsjG5OFmdvuFiaYmmCRk3t

JoC3riCBwDZhY+HxY7WZHTSRKMN6Q0DP1Vr+frYj1bCmp3IRcyGTa5W6ESaOsIDtPYO1CB5pV+ojI

mgUuXeunSkeGNORta30MhI97+ocUrJm8OMJhClmmi7Obf19zYlLK7HU4IBO0fF8URhpVkEqWJRF8d

QJyJI1wTWZdECl9ykv5OFPX0WzPXe5vjmDyZW8/MycbqNq9tyyATHjNBbC7/ts3Qwqf6U4hwuqtCc

TKfIbjEWXeU/XwYi0QtcWKjCbHcSQq2GBjRtQdqgwDPTGlGqBMhd6oes8gT9L5tQfgsGI5401yrCp

hKXBbGVg==;

Received: from ip18.ip-192-99-159.net ([192.99.159.18]:60920 helo=vps12783)

by hop.hopenetsolutions.com with esmtpsa (TLS1.3) tls TLS_AES_256_GCM_SHA384

(Exim 4.99.4)

(envelope-from )

id 1wbISr-0000000CX7D-0LJ5

for www@nl2k.ab.ca;

Sun, 21 Jun 2026 08:43:57 -0500

Date: Sun, 21 Jun 2026 06:43:55 -0700

Subject: Your Prime membership has been paused [Ref: 253AA]

Message-Id: <6YDUD595LTU4.4M3FMUBFPICF2@vps12783>

Reply-To: Prime <>

To: www@nl2k.ab.ca

From: Prime

X-Mailer: Microsoft Office Outlook 15.0

List-Unsubscribe:

MIME-Version: 1.0

Content-Type: text/html; charset=utf-8

Content-Transfer-Encoding: 8bit

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - hop.hopenetsolutions.com

X-AntiAbuse: Original Domain - nl2k.ab.ca

X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]

X-AntiAbuse: Sender Address Domain - covenantfamilychurchtulsa.com

X-Get-Message-Sender-Via: hop.hopenetsolutions.com: authenticated_id: hosting@covenantfamilychurchtulsa.com

X-Authenticated-Sender: hop.hopenetsolutions.com: hosting@covenantfamilychurchtulsa.com

X-Source:

X-Source-Args:

X-Source-Dir:

X-Spam_score: 9.0

X-Spam_score_int: 90

X-Spam_bar: +++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Prime - Membership Update prime



Content analysis details: (9.0 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[72.198.249.30 listed in dnsbl.ahbl.org]

[72.198.249.30 listed in dnsbl.ahbl.org]

[72.198.249.30 listed in dnsbl.ahbl.org]

[72.198.249.30 listed in dnsbl.ahbl.org]

[192.99.159.18 listed in dnsbl.ahbl.org]

[192.99.159.18 listed in dnsbl.ahbl.org]

[192.99.159.18 listed in dnsbl.ahbl.org]

[192.99.159.18 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[72.198.249.30 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[72.198.249.30 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[72.198.249.30 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[72.198.249.30 listed in dnsbl.ahbl.org]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[72.198.249.30 listed in bb.barracudacentral.org]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-0.0 SPF_PASS SPF: sender matches SPF record

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[192.99.159.18 listed in will-spam-for-food.eu.org]

[192.99.159.18 listed in will-spam-for-food.eu.org]

[192.99.159.18 listed in will-spam-for-food.eu.org]

[192.99.159.18 listed in will-spam-for-food.eu.org]

[192.99.159.18 listed in will-spam-for-food.eu.org]

[192.99.159.18 listed in will-spam-for-food.eu.org]

[192.99.159.18 listed in will-spam-for-food.eu.org]

[192.99.159.18 listed in will-spam-for-food.eu.org]

[72.198.249.30 listed in will-spam-for-food.eu.org]

[72.198.249.30 listed in will-spam-for-food.eu.org]

[72.198.249.30 listed in will-spam-for-food.eu.org]

[72.198.249.30 listed in will-spam-for-food.eu.org]

[72.198.249.30 listed in will-spam-for-food.eu.org]

[72.198.249.30 listed in will-spam-for-food.eu.org]

[72.198.249.30 listed in will-spam-for-food.eu.org]

[72.198.249.30 listed in will-spam-for-food.eu.org]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[72.198.249.30 listed in bl.score.senderscore.com]

1.3 URI_HEX URI: URI hostname has long hexadecimal sequence

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only

0.4 RDNS_DYNAMIC Delivered to internal network by host with

dynamic-looking rDNS

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

3.2 HELO_DYNAMIC_IPADDR Relay HELO'd using suspicious hostname (IP addr

1)

Subject: {SPAM?} Your Prime membership has been paused [Ref: 253AA]

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 21 Jun 2026 05:32:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wbGOh-00000000LNK-2tI1

for dave@doctor.nl2k.ab.ca;

Sun, 21 Jun 2026 05:31:31 -0600

Resent-From: The Doctor

Resent-Date: Sun, 21 Jun 2026 05:31:31 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from wrqvcftr.outbound-mail.sendgrid.net ([149.72.207.117]:36028)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wbE5M-000000006ii-2qAr

for sales@nk.ca;

Sun, 21 Jun 2026 03:03:33 -0600

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=p3-i.com;

h=content-type:mime-version:from:subject:date:to:cc:content-type:date:

from:subject:to;

s=s1; t=1782032551;

bh=RRkDnOi0P2tMynw2T1RybKdX/x0KHqMvT3WgsDj6c0E=;

b=SZhOxbwJyFOPxxJzRQEaiezKmDpKj4oPuMeLQuaCjtTmir8WDhD2c/TYDzq7n13uNfKz

OmR1bMeIkvgufOEbVl3QqWlrhqLKyYFRn/osKcLUosrEi6eYGeM0wVNUXlBuQBeJ8bszQi

Y2CYCdg+6aQYtxd1MqZr/jDAMuL63YtLp6PBuINHUz33pUORB8C+G+pWD0ES7wghiHs5xn

OmxJq/FqxMG+x1x5w/O9pjW+aeATcjgCVYMp4KTc+7p3I7U5w9TTrtq5RNuQODXqBLNLKH

FIYbR8Ne7FAqPJg0ptkf8onXZXgDAmAU4gLg5NACQaq2L96kaLwyHNYr8kHcYaDA==

Received: by recvd-75586bd7d8-d4kqx with SMTP id recvd-75586bd7d8-d4kqx-1-6A37A8A7-6

2026-06-21 09:02:31.046117084 +0000 UTC m=+378627.690296285

Received: from [154.38.165.235] (unknown)

by geopod-ismtpd-25 (SG)

with ESMTP id G8LNT4TtSImDJiJN_Mo1JA

for ;

Sun, 21 Jun 2026 09:02:30.914 +0000 (UTC)

Content-Type: multipart/alternative; boundary="===============7540931904844975849=="

MIME-Version: 1.0

From: Docusend

Subject: You Have a New Secured Document

Date: Sun, 21 Jun 2026 09:02:31 +0000 (UTC)

Message-ID: <178203255046.14396.4451825813358312601@vmi2857862>

X-Mailer: Mailer-4985

X-SG-EID:

=?us-ascii?Q?u001=2Es9z3FKz3theG7asXgt6ElAca8kF7UH1zSPQkdebr12z1S4ULEooo0QM4q?=

=?us-ascii?Q?+52j8OhsDOMjRDtkxywGhq+PSF4dKdsXa=2FUYXIy?=

=?us-ascii?Q?KdF+0Y95d1mrun6=2FOwUEPGooaBBRNeH1n5xiN0O?=

=?us-ascii?Q?X=2FdKvQpQHuWMXon10DFJ5AbTvU4EK+chr0eTd9r?=

=?us-ascii?Q?RezDV6O7xrqPnIf5gIxmpYK7PcUORuSp4AQw7r1?=

=?us-ascii?Q?=2F1XpXZpMbWLgAljo14XEy8=3D?=

To: sales@nk.ca

X-Entity-ID: u001.imBUo2waVNFQ1splhTmG4A==

X-Spam_score: 39.2

X-Spam_score_int: 392

X-Spam_bar: +++++++++++++++++++++++++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Shared Document Hello,



Content analysis details: (39.2 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[154.38.165.235 listed in will-spam-for-food.eu.org]

[154.38.165.235 listed in will-spam-for-food.eu.org]

[154.38.165.235 listed in will-spam-for-food.eu.org]

[154.38.165.235 listed in will-spam-for-food.eu.org]

[154.38.165.235 listed in will-spam-for-food.eu.org]

[154.38.165.235 listed in will-spam-for-food.eu.org]

[154.38.165.235 listed in will-spam-for-food.eu.org]

[154.38.165.235 listed in will-spam-for-food.eu.org]

[149.72.207.117 listed in will-spam-for-food.eu.org]

[149.72.207.117 listed in will-spam-for-food.eu.org]

[149.72.207.117 listed in will-spam-for-food.eu.org]

[149.72.207.117 listed in will-spam-for-food.eu.org]

[149.72.207.117 listed in will-spam-for-food.eu.org]

[149.72.207.117 listed in will-spam-for-food.eu.org]

[149.72.207.117 listed in will-spam-for-food.eu.org]

[149.72.207.117 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[149.72.207.117 listed in dnsbl.ahbl.org]

[149.72.207.117 listed in dnsbl.ahbl.org]

[149.72.207.117 listed in dnsbl.ahbl.org]

[149.72.207.117 listed in dnsbl.ahbl.org]

[154.38.165.235 listed in dnsbl.ahbl.org]

[154.38.165.235 listed in dnsbl.ahbl.org]

[154.38.165.235 listed in dnsbl.ahbl.org]

[154.38.165.235 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[149.72.207.117 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[149.72.207.117 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[149.72.207.117 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[149.72.207.117 listed in dnsbl.ahbl.org]

1.7 URIBL_CT_SURBL Contains an URL listed in the CT SURBL blocklist

[URI: u56462072.ct.sendgrid.net]

1.6 RCVD_IN_BRBL_LASTEXT RBL: No description available.

[149.72.207.117 listed in bb.barracudacentral.org]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

1.1 URIBL_GREY Contains an URL listed in the URIBL greylist

[URI: sendgrid.net]

-0.0 SPF_PASS SPF: sender matches SPF record

15 GR_DOMAIN_SENDGR1 Received contains spammer id (sendgr)

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[149.72.207.117 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[149.72.207.117 listed in bl.score.senderscore.com]

15 GR_DOMAIN_SENDGR6 URI: Body contains known spammer URI (sendgr)

0.7 MPART_ALT_DIFF BODY: HTML and text parts are different

1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 MIME_BASE64_TEXT RAW: Message text disguised using base64 encoding

0.0 MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 SARE_FROM_SPAM_WORD4 From address suggests this may be spam

1.8 COMBO_IMAGEONLY1 Appears to be an image only message

Subject: {SPAM?} You Have a New Secured Document







Hello,



A shared document has been made available for your review. Please use the secure access button below to open and view the file.







Shared Document for Review



Access the document securely using the link below.

Review Shared Document



Important



For security and confidentiality, please do not share or forward this access link unless authorized.





Thank you,

Docsend



This email was sent to notify you that a document has been shared for review.



© 2026. All rights reserved.

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sun, 21 Jun 2026 05:30:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wbGNB-00000000H63-1PJX

for dave@doctor.nl2k.ab.ca;

Sun, 21 Jun 2026 05:29:57 -0600

Resent-From: The Doctor

Resent-Date: Sun, 21 Jun 2026 05:29:57 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-qk1-f200.google.com ([209.85.222.200]:47565)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from <3yT43ag0JBXwrflfrfqnfsx3mlrfnq.htrxfqjxsp.hf@maestro.bounces.google.com>)

id 1wb72G-0000000065q-2gU8

for sales@nk.ca;

Sat, 20 Jun 2026 19:31:52 -0600

Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-915d1d4fc5aso589588685a.3

for ; Sat, 20 Jun 2026 18:30:56 -0700 (PDT)

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1782005450; x=1782610250; darn=nk.ca;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:from:to:cc:subject:date:message-id:reply-to;

bh=eO3Xe5Ch1grL/sk0AQP0FLJ/o+MA7iAPZeaig3dGN4Q=;

b=ZkqIs9gEb5YC7lK/0ojnxrkQDI0bo8q79sLdswHBJm+vRCmoc50GWM990qS3vjhwIk

th/l1VYLkqfSIthTBqLeQDYVD59yDA1XBbSNfZiwvbXJYCV1gj83+EW+kZUgBz4MMFMN

HlCBuTREcUXH6iOajjzvhu1kvAATR+ufyN/FgaZmP0YYm9lDKLPyNWPWrhoAnVtb6J1e

d1opBgDZf3RSD1+ryK+kzjrI6U8QAnMCLWXr1qcw1DJ+JJk6lJrciar7hJhtgX/WaCjt

vdde1z7dO+hBTr5TnkzGOlqdm+594Nu2dljmR0M9eRV5YpCnurLGGvqQ0mQmyltdehhk

fI/w==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1782005450; x=1782610250;

h=content-transfer-encoding:to:from:subject:date:message-id

:mime-version:x-gm-message-state:from:to:cc:subject:date:message-id

:reply-to;

bh=eO3Xe5Ch1grL/sk0AQP0FLJ/o+MA7iAPZeaig3dGN4Q=;

b=rsxYgrq/o5QelaDjm49KM5MLEPrsdiFuVV6UY6MS6zbQAZZqvJo85ai0zoJEc23xBm

HQBcW3CPz+nXKeEJGvJA1IG8V7+sfvcuVKNGboNvw/iSKfVqKUQt/575w4acTEZ6O3Sr

z9GosnSJfxnVJ/HMMy4vM28xdVs1KfA4ubrzwQXsKwMng2mTpH/0hHn5i5aTH3XFbSym

xCROCJdu8wRosP9kBP5GG1BN815NDpcCOyZq4/VL72Sq5FXuTk6L6tn7gLUwq1No2tyO

/3lpNJOup6CbBmIx+BsS4z0e1Aoxg6N2vryewE69WPhFYEsM3G50KRHGn3/7rdNED4dT

WjAw==

X-Gm-Message-State: AOJu0Yz6/bo2m1Fq6WTaXBrjCYqODFbUPMe7Mlwm8sr555EDfC/XQQvV

SosR4eqOJZssOH1s25z7o808/uCaHMz1+42IcCbb4kUNqkpl/SAzbMthqm3iROqLk+bbDPadGpL

krPvURw==

MIME-Version: 1.0

X-Received: by 2002:a05:620a:198b:b0:918:42b4:2c9a with SMTP id

af79cd13be357-920d40386b7mr1345255285a.29.1782005449969; Sat, 20 Jun 2026

18:30:49 -0700 (PDT)

Message-ID:

Date: Sun, 21 Jun 2026 01:30:49 +0000

Subject: daveyadallee, Get More 100,000 Instagram Followers

From: magamaliansyh@gmail.com

To: sales@nk.ca

Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes

Content-Transfer-Encoding: base64

X-Spam_score: 5.8

X-Spam_score_int: 58

X-Spam_bar: +++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Hi, daveyadallee, Get More 100,000 Instagram Followers Sorry

to interrupt your time. We offer social media services, If you're interested,

please visit our Website. If you're not interested, please skip this step.





Content analysis details: (5.8 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.222.200 listed in will-spam-for-food.eu.org]

[209.85.222.200 listed in will-spam-for-food.eu.org]

[209.85.222.200 listed in will-spam-for-food.eu.org]

[209.85.222.200 listed in will-spam-for-food.eu.org]

[209.85.222.200 listed in will-spam-for-food.eu.org]

[209.85.222.200 listed in will-spam-for-food.eu.org]

[209.85.222.200 listed in will-spam-for-food.eu.org]

[209.85.222.200 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.222.200 listed in dnsbl.ahbl.org]

[209.85.222.200 listed in dnsbl.ahbl.org]

[209.85.222.200 listed in dnsbl.ahbl.org]

[209.85.222.200 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.222.200 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.222.200 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.222.200 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.222.200 listed in dnsbl.ahbl.org]

2.5 URIBL_DBL_PHISH Contains a Phishing URL listed in the DBL blocklist

[URI: instatool.site]

-0.0 SPF_PASS SPF: sender matches SPF record

-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay

domain

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[magamaliansyh(at)gmail.com]

0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail

domains are different

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.222.200 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.222.200 listed in bl.score.senderscore.com]

0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom

freemail headers are different

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

2.0 RATWR8_MESSID Message-ID with excessive dashes and dollars

Subject: {SPAM?} daveyadallee, Get More 100,000 Instagram Followers



Hi, daveyadallee, Get More 100,000 Instagram Followers

Sorry to interrupt your time.



We offer social media services,

If you're interested, please visit our Website.

If you're not interested, please skip this step.



We will help you increase your social media presence to another level.

( Threads, Instagram, Twitter, Youtube, Facebook, etc. )



Are you interested in a free trial ?

Special For You Bonus Extra $2 - $5 FREE BALANCE TODAY SIGNUP NOW..!!!

GET 100K Followers Instagram NOW !!!

Order here :



[ https://instatool.site/store/free/?daveyadallee ]





Take free trial service today only...!!

10 -101K Instagram Followers



- Instant Start

- Safest Methods

- Privacy Protection

- Speed 200K Followers/day

- High Quality Followers

- Drop-Back Guarantee

- Trusted Seller testimony

- Starting get 100K Followers Instagram

- Guaranteed to be the cheapest



Thank you,

Regards,



Copyright © 2014 - 2026 instatool.site

--000000000000012f4e0654b4a67c

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Subject: Midland Financial Recovery Bureau =E2=80=93 Victim Compensation Pr=

ogram

Compensation Award: USD $1,500,000.00

Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77040, USA



Dear Recipient,



We are contacting you as a listed beneficiary in a federally supported

restitution initiative established to compensate victims of financial

fraud. This action follows the prosecution and sentencing of

individuals=E2=80=94namely Andrew Collins, Eric Mateo, and Linda Frost=E2=

=80=94who were

recently convicted of operating fraudulent schemes while posing as

representatives of financial and government institutions.



As part of the outcome, the Midland Financial Recovery Bureau, in

collaboration with U.S. regulatory authorities, has approved a compensation

payment of USD $1,500,000.00 to be issued in your name. Disbursement will

be made through a secure ATM-enabled payment card, and all standard

transaction and delivery costs will be covered by the issuing entity.



To confirm your eligibility and initiate the processing of your payment,

please provide the following information for verification and compliance

review:



Full Legal Name



Residential Mailing Address



Current Occupation



Active Contact Number



Government-Issued Photo Identification (valid)



Please be advised that a nominal Processing and Verification Fee will be

required to complete the official endorsement and release of funds. There

will be no additional fees once this has been fulfilled.



This compensation program is part of a broader effort to assist fraud

victims and reinforce public confidence in financial institutions.



Sincerely,

Mr. Thomas E. Ralston

Director, Compensation Oversight Division

Midland Financial Recovery Bureau



--000000000000012f4e0654b4a67c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 20 Jun 2026 14:07:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wb1xy-00000000OMi-3RWC

for dave@doctor.nl2k.ab.ca;

Sat, 20 Jun 2026 14:06:58 -0600

Resent-From: The Doctor

Resent-Date: Sat, 20 Jun 2026 14:06:58 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f67.google.com ([209.85.167.67]:47532)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wb1ln-00000000Mqq-3dFq

for doctor@doctor.nl2k.ab.ca;

Sat, 20 Jun 2026 13:54:33 -0600

Received: by mail-lf1-f67.google.com with SMTP id 2adb3069b0e04-5aa5edf347eso2202818e87.3

for ; Sat, 20 Jun 2026 12:53:37 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1781985211; cv=none;

d=google.com; s=arc-20240605;

b=FqFdqQ7naVc89QXMrfy25hrzOg776Sl7/1TJMuylWB72yP1z2b0moeZuLVILvOEfoo

+LElJ+VJcUN1UC4fktJPwTkfUuDt6Yf3W1SW8P0i7mbH9kFrKVu31h5RfYC/eLiXr06i

AO29SW0D5jeo8EoUtWO8rkZefLZtYONSCUDR/N6Ab2i0aihgxwDEr+nlRF3CIHNaywVI

E6+rIEdsaEnNlcm/QNkdfUPQRnDWkDLbH5rq1/xGve6gm+9saEs42H/2kEy0+3HHfBWM

PATipgAKC3WfaFll3wWHK4K/svpnBtwDJQ3MgnJ87sYpkxzwFTF6+kwwugszXGbw5F/a

S/MQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

fh=lLH90XBES8EHzIqFf9luySOCy4F32zJMq6DiT4mnFsY=;

b=WtswqaPUdmL8tOt7L0MCHvj/OLb9rPMLty6ZPh7XizRvF2ZGZ7kO5hGjB7lbUOnDuS

s+5UE+3o6zIzpDQca9tvRlAREoFys6Sc+kWH7RuWnIrp6m7YOiGEyMIQayXr3U2I/WnK

/mIvvhMJIrxg48QQjcfGnIAaVg2ejcXKfKL3evWnNpoVXRkyzuBTEX6zPKhdHaC5bhED

B4U9YOgRM0iB2tXWXwYxLV6eD9ys9kf8dfzUe+stTekjzspYzjIe/weXquxQoxpprTaB

6sTcQVbbm6dHJjzdKM1LnKbU1FPKJrPVDKH4IYZ9VD3TLjSVP3dcK9awkIKOzv5T8QsE

YaZA==;

darn=doctor.nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1781985211; x=1782590011; darn=doctor.nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

b=rCXemlQC4s2xN/0CPlJ7R/UI8lB1KNtsjtm9KIO1Xv9iZcoB0Y2qxlJxQxMcKeEVHP

xzDbgZ5MjS+fEu5D/b5F4JAft109r3RZk3Q70K0EJbzZuFhrbSgY6eMN+p0qIE7Uk5Md

6jeZcWlgUEUFRukdZEv5/gZnd7xo52jOixh/aTyWmcJ/rqBz87l7qw1NH3buWCb+m5rW

JWavy59TmbeHqRGW6A9HBX9Kj/EYALApDWYVWVKTi/o07sDYcJYr1+fMZbPN/imzXNzv

INF9WOK8YDGENshZ8nt1rV432bBybjTJpXbCPCoCQCFBpvF178r8Z3UB+7+E026cy21W

5cTw==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781985211; x=1782590011;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

b=Eequat+TJjahUhxJaHReDUIiBIHlW+Mu9z29245CyufPDhXIJTq7wc3v/p36MS/+lc

Pc/jRGXgJcEljgaiTErYkaXzDKRgzai5OxDwo4v4f+sQ8PBjYFflhkmfI3EDv8sePf0a

eZKh2OvxJOQIFlzN2zfgZnU3YX/cBf9fJgB1aLIGlzpzvl6Gnx+/5kQDsB36X1t4KZfG

tFmJCVY997ppUf3vpqCImajFC9jRLpAFZ5I5egG1ow7LlJSaLHhFcoD4ENlhFmeDN3iv

yBf6K4+4tkkX5YNrepe8gmpMcQWIg2y8HDfIre3TxaGTwWP5A0c2+TKksIrKYBYxfo78

+fxg==

X-Forwarded-Encrypted: i=1; AFNElJ/puNU8uD8Kk4McoPHwOA6VJrS6ME57hfch+Felhywf/DkzlIPrcofWBIO6dTJc6HyKJOKpYvU=@doctor.nl2k.ab.ca

X-Gm-Message-State: AOJu0YyIjuFCR0p/pOpJ1ixwpfGqhzd70WqVVx5g2Dkfv9zRBy+If5fA

LTeicDQRdcOGW3ylZGRVSXSf2TM2Ykv/jH1QTgghxTyzoY6ZxqBRrShe0C2uc0XTp+zpiI2KmII

TpPNjrXHTdYeSTpVNnrmv266rX3j9XYA=

X-Gm-Gg: AfdE7ckHe7//fV08lnn8J2vPf2vOpqfouHq3pRYMS7/Jqc66dALglW/Qg/yxmKPPA+k

ttCg7BmA5lAtCVTB3fadCoUN8xwjsK8FTXcDeNlPCm/JwkAfWX4FuUx9AUAY6oTYsfAavx8HTwH

aOWQU5KwhYAPi4vRSIDH+KWrmrlmhKBN7lFFUM3oVfXk3rIL+GFXmawtrhMSEBSxmj7TZejoD5b

ebbGQD2+FHikamQfBJmuE2OyANWWkN+Gs9NELAWX7D/oxJvRXKVnzdeNq9/fvaQvYaRfgh9ag==

X-Received: by 2002:a2e:a9a5:0:b0:396:9966:50cf with SMTP id

38308e7fff4ca-3998e4092d7mr16710201fa.9.1781984716204; Sat, 20 Jun 2026

12:45:16 -0700 (PDT)

MIME-Version: 1.0

Reply-To: citibank.co.usa@gmail.com

From: Michael Corbat

Date: Sat, 20 Jun 2026 12:44:41 -0700

X-Gm-Features: AVVi8Cee6rCzcsUfU88IFtFAIMaK7YU6-UAmDxNctI4bo92nl-eibb70H8m3-qc

Message-ID:

Subject: Compensation Award

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000012f4e0654b4a67c"

Bcc: doctor@doctor.nl2k.ab.ca

X-Spam_score: 16.4

X-Spam_score_int: 164

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Subject: Midland Financial Recovery Bureau – Victim Compensation

Program Compensation Award: USD $1,500,000.00 Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77 [...]



Content analysis details: (16.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.167.67 listed in dnsbl.ahbl.org]

[209.85.167.67 listed in dnsbl.ahbl.org]

[209.85.167.67 listed in dnsbl.ahbl.org]

[209.85.167.67 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.167.67 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.167.67 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.167.67 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.167.67 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.167.67 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[jeegael37(at)gmail.com]

1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[jeegael37(at)gmail.com]

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.167.67 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.167.67 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

2.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs

2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Compensation Award

--000000000000012f4e0654b4a67c

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Subject: Midland Financial Recovery Bureau =E2=80=93 Victim Compensation Pr=

ogram

Compensation Award: USD $1,500,000.00

Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77040, USA



Dear Recipient,



We are contacting you as a listed beneficiary in a federally supported

restitution initiative established to compensate victims of financial

fraud. This action follows the prosecution and sentencing of

individuals=E2=80=94namely Andrew Collins, Eric Mateo, and Linda Frost=E2=

=80=94who were

recently convicted of operating fraudulent schemes while posing as

representatives of financial and government institutions.



As part of the outcome, the Midland Financial Recovery Bureau, in

collaboration with U.S. regulatory authorities, has approved a compensation

payment of USD $1,500,000.00 to be issued in your name. Disbursement will

be made through a secure ATM-enabled payment card, and all standard

transaction and delivery costs will be covered by the issuing entity.



To confirm your eligibility and initiate the processing of your payment,

please provide the following information for verification and compliance

review:



Full Legal Name



Residential Mailing Address



Current Occupation



Active Contact Number



Government-Issued Photo Identification (valid)



Please be advised that a nominal Processing and Verification Fee will be

required to complete the official endorsement and release of funds. There

will be no additional fees once this has been fulfilled.



This compensation program is part of a broader effort to assist fraud

victims and reinforce public confidence in financial institutions.



Sincerely,

Mr. Thomas E. Ralston

Director, Compensation Oversight Division

Midland Financial Recovery Bureau



--000000000000012f4e0654b4a67c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 20 Jun 2026 14:07:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wb1xv-00000000OMF-1FBX

for dave@doctor.nl2k.ab.ca;

Sat, 20 Jun 2026 14:06:55 -0600

Resent-From: The Doctor

Resent-Date: Sat, 20 Jun 2026 14:06:55 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f68.google.com ([209.85.167.68]:46082)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wb1l6-00000000MoU-2UDL

for doctor@nl2k.ab.ca;

Sat, 20 Jun 2026 13:53:49 -0600

Received: by mail-lf1-f68.google.com with SMTP id 2adb3069b0e04-5aa61e3d3f3so3199762e87.0

for ; Sat, 20 Jun 2026 12:52:53 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1781985167; cv=none;

d=google.com; s=arc-20240605;

b=O8OxZ3F1zRGk4FCVxp8fJPAMV9dz8mD2SQ0UmSHvxCrk1otvdsMH3yOPCj6gjJZkLn

JI5kG0kVGJ5HqyihWKCvR1eIMgWuELOnD+VQ0SXTGKpwuv96K+rW/eNATGWdH+tHLKm6

bx5S0c9/QFbe4tt43JXAdv/OjcK73rtVvy5Md6DflZexNLZxosHTjSX5MHDUAkgAWuNO

WljV9ybZve6RhSt4pvzs/c1OefxiLGZFYhW5hsZf9jnU1zYBoQohWT4qe77aGhsZP5fp

qTLFI5v0Gh2VP8RgMO97On8S/Ln0nSgM4B52JuzqTWemL1X+8ZyLFq9zmtniGzWfxmUm

cXkA==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

fh=orJp/q+dnqXd0NVruQJu/MGd1eiLPBDdRK99mjGHmPU=;

b=TjD3w0Gf1nNQj5txJEDu0OgVmYY+I4/SWXxcb8lO3omdkBkMWezEOxSJWSsUJLg4N2

zqoed9diUmgG7MW3XQC2opo14BetV5gQuBa0z1ntah+jql0xrjMWJaowHdUK+2CnLyFz

cBLptHdiGY1AIac9HrMHmjcrRZVVadvyKOEjH5Qt1rZs+Y6bPSWByb1e3MeGJc3fxqK4

Vt5e9bS1XVyOMIk4kmUTV/xBIo1nOPCfG3a2w29ANRO+HWWgNRIa6VbNWwmNbBCycVmY

+KaYn3Wv9oTgVooR3h/i9UXKmXy2jeOEeu07LsCTkGPDoiBFTqFlPqU/k4dwX2+e2Bwx

ONmg==;

darn=nl2k.ab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1781985167; x=1782589967; darn=nl2k.ab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

b=SIrP388Mo0eU6ugRRtSbh82EiAznjdkZG2q0EnTNk/ceBaVrp9xrPB3AD+TUIr4QYL

6qUNj648kAOwI+EEoJabQ/gAC6UlDiedQ4rAzB+MQl16TLFmHTJTPLa4cXHL3UjGEn81

CRXxErsrPtS9dIv/uHX3Q+ob60TQr/crcwW6JSagQ/zM5zOUlW9WkHg4BAIupmURwtIS

XeO0etrrT3t2MTB3TJ2V5sJKrc1+EJGejqE+VUllW5Mt8XApHSYrI1TlsyfWgVgXdPgh

TJxemyYumaRJyutgKHmpdejSQT0Vvv0pdUYg4HnITWBr3rKjFfl3WMto+8vXj37UM0+Q

KgRA==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781985167; x=1782589967;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

b=Ru2qu+qMXT81Jy/DQL61lPyWSoX/xm1uXKtflGaLOYZeBNwGnSzCLD8oNGfqlEQo0H

vABBlUE2tLaqnuD4lbLnzIEjLQWCwfQtKfQ75zw8mnphUE2sL04Hv5rUzf+TyO/3ROUD

xal5++FBDHTeTkkXyA4NvarpHv3QzteI2Cm8X1rX+lnYr3b3kSSAYHDOxr00grxdjq0G

PhBAJsDc6Jw8+cxhnmpedmnEBuAl/cjH/EUbiciMURatiZ4TubfiLX/8MTB44vLU1LfB

PSRzOPh4q8MUGgqZ3IO23Ht3jNKrkIjBTudRqCDJHpBRmAOqdLde26XDa/pb3xrmUNWW

fmIQ==

X-Forwarded-Encrypted: i=1; AFNElJ9SzlNSTSGOT7NvVtIn9rz75ViNxgz6Ho9k/3fg3KIJYFy7li4upAiMaLjnLKJIa0DoOZVmTk8=@nl2k.ab.ca

X-Gm-Message-State: AOJu0Yy6vM5NJBJaWYs0hRq7YCD/v1nmlrbWSc2GufAiL1AV8hjklCSv

4RVtPQ3RooGz6PTR1t/r95WTYFT3hN0N4W72whtuMnICmjkQw/DZqsvD6uixRmXw8P9f0kuEsWs

14TfgFxWyt4dqMEEAoZ7SKXOvzSji578=

X-Gm-Gg: AfdE7cl7GRDwcLUB6kZSzFy2W/qUNb05nh7wSRfuMVo3CRek9SM0oY1SgWfuTiTW9q8

hLRrnWTZHcnJGvFTJ26y44RFva/QrF6OfPVLm17L0U3ysnQ/3oMNHwOw93s0pBOmlBfJpk35WWE

FbnHWUN39HB7sXakFpJolvRNyy9C52WV9TaKkymJcUr9WdOBfIZUjJgwDB1OcGMUuyskpD6jiSI

m0vca4/I7jk+oJfFMOjlj2HTvG9p0/2ebViPy/yiZjYMaViOaTRHvmKyh7kN1DtfHIsD8MUf5Qc

hph+T8GT

X-Received: by 2002:a2e:a9a5:0:b0:396:9966:50cf with SMTP id

38308e7fff4ca-3998e4092d7mr16710201fa.9.1781984716204; Sat, 20 Jun 2026

12:45:16 -0700 (PDT)

MIME-Version: 1.0

Reply-To: citibank.co.usa@gmail.com

From: Michael Corbat

Date: Sat, 20 Jun 2026 12:44:41 -0700

X-Gm-Features: AVVi8Cee6rCzcsUfU88IFtFAIMaK7YU6-UAmDxNctI4bo92nl-eibb70H8m3-qc

Message-ID:

Subject: Compensation Award

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000012f4e0654b4a67c"

Bcc: doctor@nl2k.ab.ca

X-Spam_score: 16.4

X-Spam_score_int: 164

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Subject: Midland Financial Recovery Bureau – Victim Compensation

Program Compensation Award: USD $1,500,000.00 Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77 [...]



Content analysis details: (16.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.167.68 listed in will-spam-for-food.eu.org]

[209.85.167.68 listed in will-spam-for-food.eu.org]

[209.85.167.68 listed in will-spam-for-food.eu.org]

[209.85.167.68 listed in will-spam-for-food.eu.org]

[209.85.167.68 listed in will-spam-for-food.eu.org]

[209.85.167.68 listed in will-spam-for-food.eu.org]

[209.85.167.68 listed in will-spam-for-food.eu.org]

[209.85.167.68 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.167.68 listed in dnsbl.ahbl.org]

[209.85.167.68 listed in dnsbl.ahbl.org]

[209.85.167.68 listed in dnsbl.ahbl.org]

[209.85.167.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.167.68 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.167.68 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.167.68 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.167.68 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.167.68 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[jeegael37(at)gmail.com]

1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[jeegael37(at)gmail.com]

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.167.68 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.167.68 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

2.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

Subject: {SPAM?} Compensation Award

--000000000000012f4e0654b4a67c

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Subject: Midland Financial Recovery Bureau =E2=80=93 Victim Compensation Pr=

ogram

Compensation Award: USD $1,500,000.00

Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77040, USA



Dear Recipient,



We are contacting you as a listed beneficiary in a federally supported

restitution initiative established to compensate victims of financial

fraud. This action follows the prosecution and sentencing of

individuals=E2=80=94namely Andrew Collins, Eric Mateo, and Linda Frost=E2=

=80=94who were

recently convicted of operating fraudulent schemes while posing as

representatives of financial and government institutions.



As part of the outcome, the Midland Financial Recovery Bureau, in

collaboration with U.S. regulatory authorities, has approved a compensation

payment of USD $1,500,000.00 to be issued in your name. Disbursement will

be made through a secure ATM-enabled payment card, and all standard

transaction and delivery costs will be covered by the issuing entity.



To confirm your eligibility and initiate the processing of your payment,

please provide the following information for verification and compliance

review:



Full Legal Name



Residential Mailing Address



Current Occupation



Active Contact Number



Government-Issued Photo Identification (valid)



Please be advised that a nominal Processing and Verification Fee will be

required to complete the official endorsement and release of funds. There

will be no additional fees once this has been fulfilled.



This compensation program is part of a broader effort to assist fraud

victims and reinforce public confidence in financial institutions.



Sincerely,

Mr. Thomas E. Ralston

Director, Compensation Oversight Division

Midland Financial Recovery Bureau



--000000000000012f4e0654b4a67c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 20 Jun 2026 14:07:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wb1xn-00000000OKs-0H9n

for dave@doctor.nl2k.ab.ca;

Sat, 20 Jun 2026 14:06:47 -0600

Resent-From: The Doctor

Resent-Date: Sat, 20 Jun 2026 14:06:46 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f67.google.com ([209.85.167.67]:46510)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wb1k6-00000000Mgj-2Z3k

for doctor@nl2k.ca;

Sat, 20 Jun 2026 13:52:47 -0600

Received: by mail-lf1-f67.google.com with SMTP id 2adb3069b0e04-5aa7a7ad475so3538427e87.1

for ; Sat, 20 Jun 2026 12:51:51 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1781985104; cv=none;

d=google.com; s=arc-20240605;

b=OMZEP8OkxeJCecAdXhyNiNUCJ8oxNVhPhmlEEqOhaiy9KdZ8jZxIffJx1L1mhO0zlS

kW3b9MP3zUgY+DuJH/fCIWh/hQUD9dkax8qDs1ceD6MHBYEPxymbZNIsL20q1qkcpXhV

fBjd4fxf+Ap588EsD0MeZ7K1WMKTjBmLCgpsI2zzJPsQGWeCnZlJg39AxGP4+QZEoja4

TvQMmsJ/jVORy8lkNOdeRKugnMpTQiwcRga3gnSeX4YW/6570zJtZafceDyzdNwDM63z

eBkuK9NwtG8JN6XWDKNGJ1T/EW3QFkIwJKW/OcDbyuhL+s7Fs8CvpmXd7HS6IixUk7lI

c0aQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

fh=RW2ZSSgvfk59hEzSy6zADBunmMvzuXd8ZQ4mh1Sqbj4=;

b=fYnrnrNtZ2gbh61njLuX1awm/SWeSkNhfil8b8vJkEYGf3yBR6ZSMHcnMn89ZJLlRM

OLd8lfeL+LVRXcOy2Z80AiZJF1GMp9SOOtGARnOXSz9ybPligcRB9iuhFKVSKyOfyf7B

CQOz8WCrDSdE/f6a9v9wIyKaRLmtUChPx1mGJNJRmrBers5a/y//4BDUYj1dK0b4OrRb

eLoHRQP4UmTnINqfcKrKGmzhRcrL4YvwIplbh7uEht62zuOUIqFZzx2CKvE34nfYXuP5

Zf9yvBDHjRhnolA/DSLSMx6N9jAxW6xVJgjoZhQwPK9RK3YXw5wwvjuyVIpuh2C6s5Og

6w3Q==;

darn=nl2k.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1781985104; x=1782589904; darn=nl2k.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

b=ipBDa0NQBtQN6Xnt7DAj+foldjz5IXWQYPpzfP6oYLu7BTYqAY8Y8GIXm7i7tuB66L

sPhedzeAvv+xRppl/i/SLeqCihY+0LIRgYGDEujPop9JUZSSRyKyjgTv4uSb2bCbss7p

jp8L50HBIIgAZ/6itu/a/xuL1nr4MjHONXkzlyGu8rC+mIiHoLgl0+eoDRGGcPMcwlG2

jV4qZSYTQgxtm/wrMWSzYZ6JjuBYVl4cwRTR4QG1hW5EvdtUgpp2e58UJj7MgUiyQO0/

FrGBmeuLeJFtrGjE5tuf8oNp6T8lGNDGjz2YH5QoEOGbysG97wAu7mrcXTclUcY+InqU

UZ3w==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781985104; x=1782589904;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

b=pR2nm4iX5ClHGUD4nh+IEyKih2qQPBNu5BYHm4LA7z4yQOcFJPNjlAlgJ9mN5e6h6a

HcmF7UY1qLKV3Fm31XChckeEMjnpsNN8ancRl0RmSERo7gJuNcgt/D5Mmaz5BUbuyffw

5G4GjGeOKt8BTo3rzT19X7ha8+I87wv4PkI2/gG8uAaB1FbDNqVf4J5NoZqNGtj+FW1B

ombA8E2T0PV+B+ONqLisni3pgRGW11ZHbVwjgkgR9sws+Rp763ftwQx3aYbNl8JcKeWN

b6gExfAYmR1rM8IqOKvTlaArs1drDEufm9AxC0lEPzWPbqjcJrP51LV+TLt0MKyIxDsE

s3KQ==

X-Forwarded-Encrypted: i=1; AFNElJ8lgkB0TuiIJ8u1CKvA58VFhS1D3weSvyxtGCnr70nqkGyeNdAcnsbXfD4I5OJhQsqHTlQxzf4=@nl2k.ca

X-Gm-Message-State: AOJu0YyGtEsalk3zD4CTqiun6vx9CxEuQUX7UX2s4AQr2TUZJdCH1rdW

RfoEv2WyW/75jdBBCzxwJdAksV4UH9kRFjNWSd8FMCnophrkJjC4bbYzjM9VcwfjQpqX3rtz3Qm

b/6ReKWT97pHr7N+69V/AlcD3V/IecIc=

X-Gm-Gg: AfdE7cnyJbD2BBOgstlmlLCckHAvXqMhU34ClvEuBKv9r8IbTBKyVPncDzKNl/wfJkp

iKsStlZeIDVIbbwG3MOI5e59sGxN4pW0WAhjoYoae8UO4wYSO0brGVATRsLE56rWuFFurn1bL+D

S3BKNnxc4z9Yqve81Fir81FgwfAMtD+TIfu/HyHBXX8gwbk7DMvKvKdEz1uDrmrYjTnpzYuX6em

fs2Hd7yPRnsGsdFLHwk4y5WOzZjl/GXootdNPJ66ZZvzvY9XiQQ9zCq//UcOVciBmMslUffwA==

X-Received: by 2002:a2e:a9a5:0:b0:396:9966:50cf with SMTP id

38308e7fff4ca-3998e4092d7mr16710201fa.9.1781984716204; Sat, 20 Jun 2026

12:45:16 -0700 (PDT)

MIME-Version: 1.0

Reply-To: citibank.co.usa@gmail.com

From: Michael Corbat

Date: Sat, 20 Jun 2026 12:44:41 -0700

X-Gm-Features: AVVi8Cee6rCzcsUfU88IFtFAIMaK7YU6-UAmDxNctI4bo92nl-eibb70H8m3-qc

Message-ID:

Subject: Compensation Award

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000012f4e0654b4a67c"

Bcc: doctor@nl2k.ca

X-Spam_score: 16.4

X-Spam_score_int: 164

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Subject: Midland Financial Recovery Bureau – Victim Compensation

Program Compensation Award: USD $1,500,000.00 Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77 [...]



Content analysis details: (16.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

[209.85.167.67 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.167.67 listed in dnsbl.ahbl.org]

[209.85.167.67 listed in dnsbl.ahbl.org]

[209.85.167.67 listed in dnsbl.ahbl.org]

[209.85.167.67 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.167.67 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.167.67 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.167.67 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.167.67 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.167.67 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[jeegael37(at)gmail.com]

1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[jeegael37(at)gmail.com]

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.167.67 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.167.67 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 LOTS_OF_MONEY Huge... sums of money

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

2.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

Subject: {SPAM?} Compensation Award

--000000000000012f4e0654b4a67c

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Subject: Midland Financial Recovery Bureau =E2=80=93 Victim Compensation Pr=

ogram

Compensation Award: USD $1,500,000.00

Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77040, USA



Dear Recipient,



We are contacting you as a listed beneficiary in a federally supported

restitution initiative established to compensate victims of financial

fraud. This action follows the prosecution and sentencing of

individuals=E2=80=94namely Andrew Collins, Eric Mateo, and Linda Frost=E2=

=80=94who were

recently convicted of operating fraudulent schemes while posing as

representatives of financial and government institutions.



As part of the outcome, the Midland Financial Recovery Bureau, in

collaboration with U.S. regulatory authorities, has approved a compensation

payment of USD $1,500,000.00 to be issued in your name. Disbursement will

be made through a secure ATM-enabled payment card, and all standard

transaction and delivery costs will be covered by the issuing entity.



To confirm your eligibility and initiate the processing of your payment,

please provide the following information for verification and compliance

review:



Full Legal Name



Residential Mailing Address



Current Occupation



Active Contact Number



Government-Issued Photo Identification (valid)



Please be advised that a nominal Processing and Verification Fee will be

required to complete the official endorsement and release of funds. There

will be no additional fees once this has been fulfilled.



This compensation program is part of a broader effort to assist fraud

victims and reinforce public confidence in financial institutions.



Sincerely,

Mr. Thomas E. Ralston

Director, Compensation Oversight Division

Midland Financial Recovery Bureau



--000000000000012f4e0654b4a67c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 20 Jun 2026 14:07:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wb1xc-00000000OJ6-0WQo

for dave@doctor.nl2k.ab.ca;

Sat, 20 Jun 2026 14:06:36 -0600

Resent-From: The Doctor

Resent-Date: Sat, 20 Jun 2026 14:06:36 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lj1-f195.google.com ([209.85.208.195]:46192)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wb1ix-00000000Map-03E9

for doctor@edmontonab.ca;

Sat, 20 Jun 2026 13:51:36 -0600

Received: by mail-lj1-f195.google.com with SMTP id 38308e7fff4ca-396771119c4so28881631fa.0

for ; Sat, 20 Jun 2026 12:50:40 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1781985033; cv=none;

d=google.com; s=arc-20240605;

b=Ux0tWqOGC5td5mYee2uicQc12Zpqk8t8lTG09qpOMQglILStzhKc/eWRt6CpdvoDCy

VHPGZB+EpaZznoadHGKCex4DxG1C4ddoHjeZuHVkrkCJ0WWLwgZ4GVXuzhkwmxxMGAMe

E7AH61wZ7yY/DazgPtnnpQMU2vDj//dETvqQv6wvi2apmE8YntRLlzEj5B11q58HudrL

NPXOQK40W6gHCySeSvzLD46il7uHgVwFE6XadN27M/6YERiTLNqsPzo14FShM3qefebN

MZCMOdnYBbe+NcaBKfGseBDrY09AA4ynmg2PASiuoDLNt3rBy78z1iGDbxkGpdyVnR33

AgDg==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

fh=hg6vW4OQ1KsWA5Su3uSbgN8Gu/vDhZetGdObmkbyWc0=;

b=S3RZqUZR3G5nzY3FBmEXRLtatutcSv+94PkGXgiSAcI3E21YR6CRq9ulJf/uMPXlAN

ztm8//H1tyFGOLLxHeu8Ro0gCg4XrFHylt7e36MMp6MO1LqfIdTs9Yt2Jlnook1v3H2j

UBUCWR0PACmBWcINGzJupDiKG4jK5HaCa4DXVLly9qzhRi8D8Oj8caAR7mNDEzT3g/Ru

4Pz8VcvKloQNavJfQnxOg0OvXW5zjbYNb7qPOykDkaMbLjcRXqpvno9+YsImBvysFYYP

ypIKDqWOwkImUiCSYNp/iwZwzF15Hf660XHfr1XTTTljozMcKpe4RJzoDVrG0xBHx/d6

nR6A==;

darn=edmontonab.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1781985033; x=1782589833; darn=edmontonab.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

b=MP2GqJVDzm//cduCh1YWSTsY5Wstz6+BYYKaKV2IMZAqxDMm1PN/A4r78GNxqTmWXF

ETkSDw09soZYwpSJAr1h93p+hyaYX5siKQlPpZqtVGHSA26ddL2OvF71ZE1FfAuCzA1c

pu7H+0ovIJ9AvRZDirLzl4DXmuXzSWCla5ljk+qh3Fm1F25lpN5W4ELxem2zJhWrlGLA

v7hylwo6LTgzDjccI2LQJlMkVrl0fyq45olenJ0mGkHMJClb8FDEHkxzx8PS0ATgt4is

RkoCpewHCLrZu16qFP22vYQvnvha2BT80J2weDNb9FFtVJbfCAX87RUFrW+2CNNu4i5W

Nj4Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781985033; x=1782589833;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

b=p0kWtEknbyn+e77W6qy0vJ13Ai/BBx0+gLaWoGQz3HsgNmS/TrAC314YwG3UtvlT9o

ohvluNNrSmlIO8FiUhx0TktQlCK+BQtv4LtP9Bv0v3C/nUsN7iuBForWtnoUpqwbCTgi

wrMLQ913C5HuSC/jbt7VUnB4HImLUQEe7AxSRr6SktxBVcPyoFesulMCDbRPu5dC1sZe

u6ql0aWr1zChiS8zHFZ/i2x8GVAQvJEM/WQBnUAOWYDFV9Nz+uQbt7+zoXjOOy0DAe1w

RD+fWmmMtv5Uara1dfdRLYO5kCeTWUXAPnAoaMYWYV9zYmRL4R6S/T/Cxp4ouVWeBc92

WpsA==

X-Forwarded-Encrypted: i=1; AFNElJ/cMdigm3f8a+GezgVJrHvvBra3tolLQy5FWUiRRG0BCo1Wf83yGoy5F384LRWH6hPalg1koHw=@edmontonab.ca

X-Gm-Message-State: AOJu0YwcNZA5POg+YXcs9X9uksM8oct2Jaa4JxrKxaZkVgQstYHGm8yi

lnd5SII5DX1byotiFw2PtCL7e7LGASGJ6QQX3KN28gPgN6qo3+wZvKcrYa244SpMFYVfKZrDe5O

cR7JeCJL5BaW+bd/xhUlySvO0N49wXl0q+pxg5Rxlrg==

X-Gm-Gg: AfdE7cmI+Agbse1og4LSHmUC655lVcFPYNnVeXsRGvQhCsSsohQodRD39vkMW2LMZjz

c+9hzkKd9EFUP15OisgoDfnyn5664YkycOLnBmLRZSqMUG1Q6JtlcJ+ow0kyh4YhdC/08kf1dul

aOoDjLDV1/QR73/FZmkk/4umRtyd0DYsctb8XkP1sTUa/ADP3QYvLW+OzhzlsamMPIBZV3VokV8

81wQYD2auDWT+i9ER14dg8bK3WCmWkxMVqgnJVM+X8K9BBj5cOqPZTrqWCvK37DqhKdVnfEOA==

X-Received: by 2002:a2e:a9a5:0:b0:396:9966:50cf with SMTP id

38308e7fff4ca-3998e4092d7mr16710201fa.9.1781984716204; Sat, 20 Jun 2026

12:45:16 -0700 (PDT)

MIME-Version: 1.0

Reply-To: citibank.co.usa@gmail.com

From: Michael Corbat

Date: Sat, 20 Jun 2026 12:44:41 -0700

X-Gm-Features: AVVi8Cee6rCzcsUfU88IFtFAIMaK7YU6-UAmDxNctI4bo92nl-eibb70H8m3-qc

Message-ID:

Subject: Compensation Award

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000012f4e0654b4a67c"

Bcc: doctor@edmontonab.ca

X-Spam_score: 16.4

X-Spam_score_int: 164

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Subject: Midland Financial Recovery Bureau – Victim Compensation

Program Compensation Award: USD $1,500,000.00 Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77 [...]



Content analysis details: (16.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.208.195 listed in will-spam-for-food.eu.org]

[209.85.208.195 listed in will-spam-for-food.eu.org]

[209.85.208.195 listed in will-spam-for-food.eu.org]

[209.85.208.195 listed in will-spam-for-food.eu.org]

[209.85.208.195 listed in will-spam-for-food.eu.org]

[209.85.208.195 listed in will-spam-for-food.eu.org]

[209.85.208.195 listed in will-spam-for-food.eu.org]

[209.85.208.195 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.208.195 listed in dnsbl.ahbl.org]

[209.85.208.195 listed in dnsbl.ahbl.org]

[209.85.208.195 listed in dnsbl.ahbl.org]

[209.85.208.195 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.208.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.208.195 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.208.195 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.208.195 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.208.195 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[jeegael37(at)gmail.com]

1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[jeegael37(at)gmail.com]

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.208.195 listed in bl.score.senderscore.com]

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.208.195 listed in wl.mailspike.net]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 LOTS_OF_MONEY Huge... sums of money

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

2.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

Subject: {SPAM?} Compensation Award

X-Mozilla-Status: 0001

X-Mozilla-Status2: 00000000

Return-path:

Envelope-to: dave@doctor.nl2k.ab.ca

Delivery-date: Sat, 20 Jun 2026 14:07:00 -0600

Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wb1xi-00000000OK8-0GSa

for dave@doctor.nl2k.ab.ca;

Sat, 20 Jun 2026 14:06:42 -0600

Resent-From: The Doctor

Resent-Date: Sat, 20 Jun 2026 14:06:41 -0600

Resent-Message-ID:

Resent-To: Dave Yadallee

Received: from mail-lf1-f65.google.com ([209.85.167.65]:47506)

by doctor.nl2k.ab.ca with esmtps (TLS1.3) tls TLS_AES_128_GCM_SHA256

(Exim 4.99.3 (FreeBSD))

(envelope-from )

id 1wb1ir-00000000MaZ-3oHl

for doctor@netknow.ca;

Sat, 20 Jun 2026 13:51:31 -0600

Received: by mail-lf1-f65.google.com with SMTP id 2adb3069b0e04-5aa5edf347eso2202149e87.3

for ; Sat, 20 Jun 2026 12:50:31 -0700 (PDT)

ARC-Seal: i=1; a=rsa-sha256; t=1781985024; cv=none;

d=google.com; s=arc-20240605;

b=CgHgOdMkIAfWGrKET1xguDXzjLcRuiZeFjmntm9GdFnSf7gAdKjj+rO2wqSjy4JfLM

8fMJdv24ijIVlVVbpDVw5hFA9+d+60MqBr4OW+R21dOH21HHRvf6nvJHdhp/wHks8+Vo

JwvPFP3jVn0wjgUrxlq4gRQuKo/4ajTZrJTfH18d0U8Zf4j8VtTvtGyKW9aFTROQyYC1

ST+KZTYHDBHyghSdw3YstNR8lGbd3Cjs2vZEM/VyurkJ5NesRH/VE5xVPjafpU8g+IsE

vUsbsgyl7e79zNxFHI8bZmTO/naA6lvbZ+J9hvf75vMxfYI+CaERGh4QyctjzlXZxy1M

g1zQ==

ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605;

h=to:subject:message-id:date:from:reply-to:mime-version

:dkim-signature;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

fh=eLgWUN41aUnp69WnMTguA4LkmrRBey2PdCsLZfURz9w=;

b=MztDUIYPZ7CbkrIBMm20edXWfrirv+ikoaH5FyNaDjGBrCzsH3m+LByapt0P0zVpOx

RVRDKWv/Nk1J67BlEEKEyBWPv10dY/NPVjAbHpaAbNHeIw7ZhGX6Fdmc7LphZFMW3bQg

ickHFNYUkBn3KktfS8R6H5CtLnRb4Tn1bF+hdhK4Me30Bwa7oaNyAeRYXvDIIRnmqKWJ

v1aKOyBZxfWe7kqucjR4yfGXC+EFYd6Q0/fNMCO8UFXcL4388BNdhBTYOpbqvSXlx+Ab

zF+LhZuzhDm4upnDYRKkSl1NqR6noVs3WubZeTW+FPUYWelrO9JldWqXykBfnX2sNqGn

G6uA==;

darn=netknow.ca

ARC-Authentication-Results: i=1; mx.google.com; arc=none

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=gmail.com; s=20251104; t=1781985024; x=1782589824; darn=netknow.ca;

h=to:subject:message-id:date:from:reply-to:mime-version:from:to:cc

:subject:date:message-id:reply-to;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

b=O9FcDF/fGN3YJm1tj4wKgLsQE7ixrduU9lCWYOTX6dwhvYZUOu0ITGpAy6SZNS3Syy

GqbU7y+OOu6+3P1zSlIdvo2muObs75pH2TydS0C64nDxC0N+E7qa0IbzoeaajxOWm1Rr

1bljKii4z+YHPIGV/8wULSpIR0/NI68+LhCxg+HOuK+MtCbYtffTYkqaviLESxQevfUg

N0APOL6YOG/pScBlLfXYrE+8LHpRUfFol3JDDrMM2WqbAKIpYZAo7NC2Ep/C8cfdtINx

9m671so4dxKbBwm6s86/uScprxKk6dDKyQn5lU8IssrwIsU2rGoJa99/XW8Plg6Q3YUs

1N2Q==

X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;

d=1e100.net; s=20251104; t=1781985024; x=1782589824;

h=to:subject:message-id:date:from:reply-to:mime-version:x-gm-gg

:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to;

bh=em15lI1mKGVSJdQKVfxc2yi8Xza15rcXvqiJNGJzY8s=;

b=fJ4yIfO0JNN5lIiflUr71uq58SU5CTNVWM+EDo9Tv1ViueRIVI9L3K/n2hijy0xUWh

XxXEV0Byk8gVSHKmKMbW+qe2ftl4BIoJsqGC1Icm4p2N7+sw4NA7QYYVKUvETSDH8d5D

/UNv5iPfzcV0gzfZfoKP744G0QFCvidMmNC3AF/ctVzPFtg0poUKJ8uGvtXJjMOIE5/L

nUkKppylCDl5l8b2LMIpshf1OBMSSfE20CjK4hP8avt8OptX3r1U9nunBty6zofJG6tg

+gNm2LkLSH4s69RQSmIh0IFMdR44CYOQm2SBWhJfoB9YmsVHQdPwzqQfk89O/pckWOqg

6XqQ==

X-Forwarded-Encrypted: i=1; AFNElJ9fMhwbuiUHBcl7JMpZ6RKKF2eccoQLGRdITecPp/qTJK99pcrLXcUTF1vrtGV9YcWrqjVi0SU=@netknow.ca

X-Gm-Message-State: AOJu0YxP5W145a3lO30vLW7PNMpjIjhxX6CE8OHl8UFE15yOZr48O2Kb

neNBNLy2n8x0k+Y1YXX2vIP9qKPufLr8HVSvhKFsjDRXcoxIqg6RQUqqxaceaJzhV0qyk8sIENq

XVuCPD+hDj1x1xMCEYMXD4utg/YbJz3X6uLI5Pxv5ag==

X-Gm-Gg: AfdE7cl0lRwjoiRYHf6igIocFieHyMl9MmIT9Mcmv/HblQMVQsEmvbsIBVIqGBUhY9f

5vPQDelT5EAXH8HBqXol7d9bvpiN6amfDTr6rtxx6Iic/jCgrKL2FXmK0sYhM5bi5YIhjltn+t/

XipsPIqTcQ+ASsmXk8/Pfpsrv5RPnsfmap7V6IxGzWAUR3TqgWhV3zCuOKnMFM2vEqcrA/6aPJ+

D52/DqFNXNbMoKDUnV+aM8ESq5w6TFRjc08kSTJDdiSc71kB/8qXb3CQETQfVqAKvXGyP8Stg==

X-Received: by 2002:a2e:a9a5:0:b0:396:9966:50cf with SMTP id

38308e7fff4ca-3998e4092d7mr16710201fa.9.1781984716204; Sat, 20 Jun 2026

12:45:16 -0700 (PDT)

MIME-Version: 1.0

Reply-To: citibank.co.usa@gmail.com

From: Michael Corbat

Date: Sat, 20 Jun 2026 12:44:41 -0700

X-Gm-Features: AVVi8Cee6rCzcsUfU88IFtFAIMaK7YU6-UAmDxNctI4bo92nl-eibb70H8m3-qc

Message-ID:

Subject: Compensation Award

To: undisclosed-recipients:;

Content-Type: multipart/alternative; boundary="000000000000012f4e0654b4a67c"

Bcc: doctor@netknow.ca

X-Spam_score: 16.4

X-Spam_score_int: 164

X-Spam_bar: ++++++++++++++++

X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",

has identified this incoming email as possible spam. The original

message has been attached to this so you can view it or label

similar future email. If you have any questions, see

@@CONTACT_ADDRESS@@ for details.



Content preview: Subject: Midland Financial Recovery Bureau – Victim Compensation

Program Compensation Award: USD $1,500,000.00 Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77 [...]



Content analysis details: (16.4 points, 5.0 required)



pts rule name description

---- ---------------------- --------------------------------------------------

1.0 RCVD_IN_WSFF RBL: Received via a relay in will-spam-for-food.eu.org

[209.85.167.65 listed in will-spam-for-food.eu.org]

[209.85.167.65 listed in will-spam-for-food.eu.org]

[209.85.167.65 listed in will-spam-for-food.eu.org]

[209.85.167.65 listed in will-spam-for-food.eu.org]

[209.85.167.65 listed in will-spam-for-food.eu.org]

[209.85.167.65 listed in will-spam-for-food.eu.org]

[209.85.167.65 listed in will-spam-for-food.eu.org]

[209.85.167.65 listed in will-spam-for-food.eu.org]

1.5 RCVD_IN_AHBL RBL: AHBL: sender is listed in dnsbl.ahbl.org

[209.85.167.65 listed in dnsbl.ahbl.org]

[209.85.167.65 listed in dnsbl.ahbl.org]

[209.85.167.65 listed in dnsbl.ahbl.org]

[209.85.167.65 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_SMTP RBL: AHBL: Open SMTP relay in dnsbl.ahbl.org

[209.85.167.65 listed in dnsbl.ahbl.org]

1.5 RCVD_IN_AHBL_SPAM RBL: AHBL: Spam Source in dnsbl.ahbl.org

[209.85.167.65 listed in dnsbl.ahbl.org]

0.0 RCVD_IN_AHBL_RTB RBL: AHBL: Real-Time Blocked in dnsbl.ahbl.org

[209.85.167.65 listed in dnsbl.ahbl.org]

0.5 RCVD_IN_AHBL_PROXY RBL: AHBL: Open Proxy server in dnsbl.ahbl.org

[209.85.167.65 listed in dnsbl.ahbl.org]

-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no

trust

[209.85.167.65 listed in list.dnswl.org]

-0.0 SPF_PASS SPF: sender matches SPF record

1.5 GR_DOMAIN_UNDISC1 To contains undisclosed recipient (undisc)

0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider

[jeegael37(at)gmail.com]

1.0 FORGED_GMAIL_RCVD 'From' gmail.com does not match 'Received' headers

0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in

digit

[jeegael37(at)gmail.com]

-3.0 RCVD_IN_RP_CERTIFIED RBL: Sender in ReturnPath Certified - Contact

cert-sa@returnpath.net

[Excessive Number of Queries | ]

-2.0 RCVD_IN_RP_SAFE RBL: Sender in ReturnPath Safe - Contact

safe-sa@returnpath.net

[Excessive Number of Queries | ]

2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)

-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)

[209.85.167.65 listed in wl.mailspike.net]

1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,

https://senderscore.org/blacklistlookup/

[209.85.167.65 listed in bl.score.senderscore.com]

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

2.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs

2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

Subject: {SPAM?} Compensation Award



--000000000000012f4e0654b4a67c

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Subject: Midland Financial Recovery Bureau =E2=80=93 Victim Compensation Pr=

ogram

Compensation Award: USD $1,500,000.00

Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77040, USA



Dear Recipient,



We are contacting you as a listed beneficiary in a federally supported

restitution initiative established to compensate victims of financial

fraud. This action follows the prosecution and sentencing of

individuals=E2=80=94namely Andrew Collins, Eric Mateo, and Linda Frost=E2=

=80=94who were

recently convicted of operating fraudulent schemes while posing as

representatives of financial and government institutions.



As part of the outcome, the Midland Financial Recovery Bureau, in

collaboration with U.S. regulatory authorities, has approved a compensation

payment of USD $1,500,000.00 to be issued in your name. Disbursement will

be made through a secure ATM-enabled payment card, and all standard

transaction and delivery costs will be covered by the issuing entity.



To confirm your eligibility and initiate the processing of your payment,

please provide the following information for verification and compliance

review:



Full Legal Name



Residential Mailing Address



Current Occupation



Active Contact Number



Government-Issued Photo Identification (valid)



Please be advised that a nominal Processing and Verification Fee will be

required to complete the official endorsement and release of funds. There

will be no additional fees once this has been fulfilled.



This compensation program is part of a broader effort to assist fraud

victims and reinforce public confidence in financial institutions.



Sincerely,

Mr. Thomas E. Ralston

Director, Compensation Oversight Division

Midland Financial Recovery Bureau



--000000000000012f4e0654b4a67c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable

0.0 HTML_FONT_SIZE_HUGE BODY: HTML font size is huge

0.0 HTML_MESSAGE BODY: HTML included in message

0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid

0.0 LOTS_OF_MONEY Huge... sums of money

0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information

1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different

freemails

0.0 T_FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

1.3 MONEY_FORM_SHORT Lots of money if you fill out a short form

2.8 UNDISC_FREEM Undisclosed recipients + freemail reply-to

0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)

0.0 MONEY_FREEMAIL_REPTO Lots of money from someone using free email?

0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases

2.6 UNDISC_MONEY Undisclosed recipients + money/fraud signs

2.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

0.0 FORM_FRAUD_5 Fill a form and many fraud phrases

Subject: {SPAM?} Compensation Award



--000000000000012f4e0654b4a67c

Content-Type: text/plain; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable



Subject: Midland Financial Recovery Bureau =E2=80=93 Victim Compensation Pr=

ogram

Compensation Award: USD $1,500,000.00

Reference ID: MF1122-CRX00491

Address: 8600 Westfield Avenue, Suite 210, Houston, TX 77040, USA



Dear Recipient,



We are contacting you as a listed beneficiary in a federally supported

restitution initiative established to compensate victims of financial

fraud. This action follows the prosecution and sentencing of

individuals=E2=80=94namely Andrew Collins, Eric Mateo, and Linda Frost=E2=

=80=94who were

recently convicted of operating fraudulent schemes while posing as

representatives of financial and government institutions.



As part of the outcome, the Midland Financial Recovery Bureau, in

collaboration with U.S. regulatory authorities, has approved a compensation

payment of USD $1,500,000.00 to be issued in your name. Disbursement will

be made through a secure ATM-enabled payment card, and all standard

transaction and delivery costs will be covered by the issuing entity.



To confirm your eligibility and initiate the processing of your payment,

please provide the following information for verification and compliance

review:



Full Legal Name



Residential Mailing Address



Current Occupation



Active Contact Number



Government-Issued Photo Identification (valid)



Please be advised that a nominal Processing and Verification Fee will be

required to complete the official endorsement and release of funds. There

will be no additional fees once this has been fulfilled.



This compensation program is part of a broader effort to assist fraud

victims and reinforce public confidence in financial institutions.



Sincerely,

Mr. Thomas E. Ralston

Director, Compensation Oversight Division

Midland Financial Recovery Bureau



--000000000000012f4e0654b4a67c

Content-Type: text/html; charset="UTF-8"

Content-Transfer-Encoding: quoted-printable