Donation spam from Microsoft
Posted by Dave Yadallee onEnvelope-to: dave@doctor.nl2k.ab.ca
Delivery-date: Mon, 18 Mar 2024 16:29:00 -0600
Received: from doctor by doctor.nl2k.ab.ca with local (Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rmLSb-0000000073c-03Zp
for dave@doctor.nl2k.ab.ca;
Mon, 18 Mar 2024 16:28:01 -0600
Resent-From: The Doctor
Resent-Date: Mon, 18 Mar 2024 16:28:00 -0600
Resent-Message-ID:
Resent-To: Dave Yadallee
Received: from mail-he1eur04on2118.outbound.protection.outlook.com ([40.107.7.118]:47950 helo=EUR04-HE1-obe.outbound.protection.outlook.com)
by doctor.nl2k.ab.ca with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
(Exim 4.97.1 (FreeBSD))
(envelope-from
id 1rmKZu-000000005QA-1Val
for root@doctor.nl2k.ab.ca;
Mon, 18 Mar 2024 15:31:36 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=Cnfkdm/GGn9XGirLYMh4GwS2hLpdeg/KFpMu9rfX7CnbTpgzTgyobaxfwvIBMTWzHw8p5oI22WRZR/0bABmPjQoP8yHWTTOind4fI29Wuz3CS4QGc1C5OxRkQr93ZMBsGz+QmTFvaBcw3jg769cne+1BpO8XYUHdaW8GdTYIMH/dUrc0oe8Fqfbzv8vKtgwoE/6N4vE8V/scp36ZYeYuIzNfVjveYtv6QRkTMA6UCvo0e6CBjABWbaSSI7dyHqovPouxVNxYkFWui+LS/DK/P+U5sfMw4KrucwOU0bPbT7jY5Tvr5c9baVWVKsaOiz3NhFsJot+tsuUd//PJ8n4GSw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=S0mCQ4NlnQK+dHM9S+u8SOUkBTBtw50bUeSmcO8P2KE=;
b=HjUWJyWecH/TzZbswEx6EdCzLx7Ou7c9a/7wkQfnIF8nUKRODkT06N1kW31diBAbpHn4oOnXKcX0kJKPu1aNJXUuTGCYx3zLqGOG3PZ2r0NwpqDbEZN9uasWkWGrmWivABQ8VY//bt5dClmLR0YwGtSPRQZiEYV3f2d6sDMdwolPGtERX7hhFFTunE4eNE1mzEbTghrcg/JWgWRze0eYWWnWv0z+tauF8D4Z6weJ+5ijOuYBVyArXDPZkhEaDZ7dQQmD+2Dn1rmq0jDUg0v//xH88w7OY94dCmVcXWvzEj0Fte7Mlrmd8JAvd9eOChoUk54ySypEXDlglCkFtWa3Dw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=temperror (sender ip
is 2001:67c:2564:a187::2:73) smtp.rcpttodomain=yahoo.com
smtp.mailfrom=alumni.itc.nl; dmarc=pass (p=quarantine sp=quarantine pct=100)
action=none header.from=alumni.itc.nl; dkim=pass (signature was verified)
header.d=alumni.itc.nl; arc=none (0)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=alumni.itc.nl;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=S0mCQ4NlnQK+dHM9S+u8SOUkBTBtw50bUeSmcO8P2KE=;
b=tXi0xZ1N2ZVzJncr7la+/RkCmxb+98I/rkNjhwQO+h1TVIcgumImZX/sVIptncYGYct3a4Imkf9MuiTAvjE8uB1U41DPoY/8DlAc+zTcatIlagLURwkX+GAgyBD9G51/mQn72/NiUX7OJKrhwFO2hLki+J37TSUStEzu3HTvOB+YjXD3SK4t3BUvqXYkk9j+wFVOz3FEN/GNZRe5fzdLtZrNVeE2/y88NdT5nJfWPanrtkp2TGNVu5F3QYa51TGmsPEWmocCYOE5/2C39xFNBfP1R5zIiM1XXCWngGyyHopyzYAldIMQ5+0j1KAEfC2rIXoQEUtG+kT7gr3RXE6eHw==
Received: from AS4P191CA0020.EURP191.PROD.OUTLOOK.COM (2603:10a6:20b:5d9::8)
by AS4P195MB1960.EURP195.PROD.OUTLOOK.COM (2603:10a6:20b:581::20) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.21; Mon, 18 Mar
2024 21:29:24 +0000
Received: from AM3PEPF00009BA0.eurprd04.prod.outlook.com
(2603:10a6:20b:5d9:cafe::87) by AS4P191CA0020.outlook.office365.com
(2603:10a6:20b:5d9::8) with Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7386.26 via Frontend
Transport; Mon, 18 Mar 2024 21:29:24 +0000
X-MS-Exchange-Authentication-Results: spf=temperror (sender IP is
2001:67c:2564:a187::2:73) smtp.mailfrom=alumni.itc.nl; dkim=pass (signature
was verified) header.d=alumni.itc.nl;dmarc=pass action=none
header.from=alumni.itc.nl;
Received-SPF: TempError (protection.outlook.com: error in processing during
lookup of alumni.itc.nl: DNS Timeout)
Received: from mail.ad.utwente.nl (130.89.9.13) by
AM3PEPF00009BA0.mail.protection.outlook.com (10.167.16.25) with Microsoft
SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.20.7409.10 via Frontend Transport; Mon, 18 Mar 2024 21:29:23 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
s=s2048; d=alumni.itc.nl;
h=from:subject:date:message-id:content-type:mime-version:to;
bh=S0mCQ4NlnQK+dHM9S+u8SOUkBTBtw50bUeSmcO8P2KE=;
b=RYjM3/ZQRhz2osaLlY6aVg2BtmJKrqgjbCtWjzjR+OKRPO/typ5t3rIIEkW4L5
RZis99mCTIot/ym1fOS/dZtO1qjPSU/Mq1VxsuT+tvuAcivtDmBdL5MOfJep/j
dv4OyoMSZCi9aFtkGG91s6BFzTsGiROYtcTGX7HEwXiJbB2n1JelDOsQNPcLHT
um4oqdJO3Sm3aX9SgMeCqmlSgBmdbacTBAOI9BYlR5dA6sojDGK6PjX1uKNxyh
9aCJFExsCRrKSGDegdaf7c6recjoyzM+TjmwjAFzMdGhgGIMXjkC1Vv0hxbAeP
Zw6XeS6N/uFczPL5lpktkpR72rrkNGlA==
Received: from exmrs73.ad.utwente.nl (2001:67c:2564:a187::2:73) by
mail.ad.utwente.nl (2001:67c:2564:a187::2:162) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1544.9; Mon, 18 Mar 2024 22:29:23 +0100
Received: from exmrs72.ad.utwente.nl (2001:67c:2564:a187::2:72) by
exmrs73.ad.utwente.nl (2001:67c:2564:a187::2:73) with Microsoft SMTP Server
(version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
15.2.1544.9; Mon, 18 Mar 2024 22:29:23 +0100
Received: from exmrs72.ad.utwente.nl ([fe80::dcd:fa20:abf1:7a3d]) by
exmrs72.ad.utwente.nl ([fe80::dcd:fa20:abf1:7a3d%16]) with mapi id
15.02.1544.009; Mon, 18 Mar 2024 22:29:22 +0100
From: Yaseen Taha Mustafa
Subject: Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
Thread-Topic: Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
Thread-Index: AQHaeXtXJTpmo7r2X0aLaMT92xtmAw==
Date: Mon, 18 Mar 2024 21:29:22 +0000
Message-ID: <0d36fb9e715f4aec8f9b77402923a126@alumni.itc.nl>
Accept-Language: en-US, en-GB
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.89.9.62]
Content-Type: multipart/alternative;
boundary="_000_0d36fb9e715f4aec8f9b77402923a126alumniitcnl_"
MIME-Version: 1.0
To: Undisclosed recipients:;
X-EOPAttributedMessage: 0
X-MS-Exchange-SkipListedInternetSender:
ip=[2001:67c:2564:a187::2:73];domain=exmrs73.ad.utwente.nl
X-MS-Exchange-ExternalOriginalInternetSender:
ip=[2001:67c:2564:a187::2:73];domain=exmrs73.ad.utwente.nl
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: AM3PEPF00009BA0:EE_|AS4P195MB1960:EE_
X-MS-Office365-Filtering-Correlation-Id: d6d386ae-a40e-4a58-efd9-08dc47927b42
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
21d3fv1TKUBorJG/aL3Vb4SJ8b0Px102VTOyyqTphmHvrJpXmx9BrsPS/f0kbeRz2Zw+xEiNY7cnghPlSczaz3Yn4X9rM6A/kJymxc2QFlRKRsDhqZlf6LxZil80/8Tvjrfb/i05dHBz9sCmRr6dBT31jUmEKx3r9oVWIQsnsfQgwuezy5hlQAfbb2AMjaOWeAN7DWbNDSO3J2VMrJWggf6evfl6MXtaoQ6imaEhK87flgMZwmkQIyvkfqndK3JuaxcEmHu3kOKG9AG/zIElwTS2zt+DsWm2BwT9FuXL+JUOjAtxZ6i/wCefmp2uxX4lbZIAZcCcpUKJW+hDZUTBXTL9wcyUuIKvcNfnfsUxY140iRvJL9ql/5ZYSv1+dk/soo3jV2IY71TzMV2HWkoyfyDcBuGcJiPPXhrmrbLblaATRcXRgU5ztt0UydGMTAMmysV09uMa92i8/DCKlv0eBBt9EaRtlp+KTBGq7Z48oifR92V0E+Dgz8mlvyzlFNgnwaQeHz92iEzWVOQK29Dr864kk9QV3YyFqgKbu0WoqPBU/Ww09EKuvCAIW/Uk51bh
X-Forefront-Antispam-Report:
CIP:130.89.9.13;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:exmrs73.ad.utwente.nl;PTR:exmrs73.ad.utwente.nl;CAT:NONE;SFS:(13230031)(7416005)(1800799015)(82310400014)(376005)(36860700004)(32650700005);DIR:OUT;SFP:1102;
X-OriginatorOrg: alumni.itc.nl
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Mar 2024 21:29:23.6518
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: d6d386ae-a40e-4a58-efd9-08dc47927b42
X-MS-Exchange-CrossTenant-Id: 723246a1-c3f5-43c5-acdc-43adb404ac4d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=723246a1-c3f5-43c5-acdc-43adb404ac4d;Ip=[130.89.9.13];Helo=[mail.ad.utwente.nl]
X-MS-Exchange-CrossTenant-AuthSource:
AM3PEPF00009BA0.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS4P195MB1960
X-Spam_score: 10.2
X-Spam_score_int: 102
X-Spam_bar: ++++++++++
X-Spam_report: Spam detection software, running on the system "doctor.nl2k.ab.ca",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview:
Content analysis details: (10.2 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.3 EMPTY_MESSAGE Message appears to have no textual parts and no
Subject: text
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[40.107.7.118 listed in list.dnswl.org]
-0.2 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2)
[40.107.7.118 listed in wl.mailspike.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 ARC_VALID Message has a valid ARC signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
0.0 ARC_SIGNED Message has a ARC signature
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
2.7 SCC_BODY_URI_ONLY Very short body with something maybe clickable
3.0 UNDISC_MONEY Undisclosed recipients + money/fraud signs
Subject: {SPAM?} Mr.Bernard has donation $ 3,500,000.00 to you for the purpose of
Charity project. Kindly respond to bernardarnault928@gmail.com for more
information.
--_000_0d36fb9e715f4aec8f9b77402923a126alumniitcnl_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
--_000_0d36fb9e715f4aec8f9b77402923a126alumniitcnl_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
1">
-family:Calibri,Helvetica,sans-serif;" dir=3D"ltr">
--_000_0d36fb9e715f4aec8f9b77402923a126alumniitcnl_--