by SherlockH
Tue Jan 25, 2011 6:31 pm
Return-path: <[email protected]>
Envelope-to: removed
Delivery-date: Sun, 23 Jan 2011 23:02:46 -0600
Received: from [217.107.186.83] (port=44519 helo=gw.belgpost.ru)
by removed with esmtp (Exim 4.69)
(envelope-from <[email protected]>)
id 1PhEZh-0005XB-39
for removed; Sun, 23 Jan 2011 23:02:46 -0600
Received: from User (unknown [195.117.61.5])
by gw.belgpost.ru (Postfix) with ESMTPA id 38B40C59180;
Mon, 24 Jan 2011 08:02:16 +0300 (MSK)
Reply-To: <[email protected]>
From: "Mega Online Promotion"<[email protected]>
Date: Mon, 24 Jan 2011 06:02:25 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam-Status: Yes, score=53.3
X-Spam-Score: 533
X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "gator255.hostgator.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: ATTENTION: Dear Email Account Holder, We are pleased to notify
you the "Star Winner" of our last Secured Mega Online Promotion result. This
is a reward program for the patronage of internet services and all email
addresses entered for this promotional draws were randomly selected from an
internet resource database of registered software and domain users. [...]
Content analysis details: (53.3 points, 6.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[195.117.61.5 listed in combined.njabl.org]
2.5 MILLION_USD BODY: Talks about millions of dollars
1.7 LOTTO_AGENT BODY: Claims Agent
3.4 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.2 NSL_RCVD_FROM_USER Received from User
0.0 FREEMAIL_FROM Sender email is freemail (infodepartment[at]aol.nl)
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?195.117.61.5>]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[217.107.186.83 listed in bl.score.senderscore.com]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[217.107.186.83 listed in psbl.surriel.com]
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
1.2 MISSING_HEADERS Missing To: header
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 T_LOTTO_URI URI: Claims Department
0.1 MISSING_MID Missing Message-Id: header
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 FROM_MISSPACED From: missing whitespace
1.9 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
0.5 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
1.9 FROM_MISSP_NO_TO From misspaced, To missing
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.8 HK_LOTTO HK_LOTTO
0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope
3.5 KAM_LOTTO1 Likely to be a e-Lotto Scam Email
3.5 FILL_THIS_FORM_LONG Fill in a form with personal information
1.5 FROM_MISSP_USER From misspaced, from "User"
2.0 MONEY_FROM_MISSP Lots of money and misspaced From
0.0 FILL_THIS_FORM Fill in a form with personal information
2.8 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
1.5 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
0.0 MONEY_LOTTERY Lots of money from a lottery
0.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
0.0 T_TO_NO_BRKTS_FREEMAIL T_TO_NO_BRKTS_FREEMAIL
2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider
0.5 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
0.9 ADVANCE_FEE_3_NEW_FORM Advance Fee fraud and a form
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
0.8 ADVANCE_FEE_2_NEW_FORM Advance Fee fraud and a form
0.0 MONEY_FORM Lots of money if you fill out a form
0.5 MONEY_FRAUD_5 Lots of money and many fraud phrases
1.0 MONEY_FRAUD_3 Lots of money and several fraud phrases
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.5 FORM_FRAUD_5 Fill a form and many fraud phrases
0.5 FORM_FRAUD_3 Fill a form and several fraud phrases
X-Spam-Flag: YES
Subject: [Norton AntiSpam][SPAM] Dear Email Account Holder
X-Brightmail-Tracker: AAAABhMvU0wRrD9lDUKR4xczSNUXM0a+FzNLMg==
ATTENTION: Dear Email Account Holder,
We are pleased to notify you the "Star Winner" of our last Secured Mega Online Promotion result. This is a reward program for the patronage of internet services and all email addresses entered for this promotional draws were randomly selected from an internet resource database of registered software and domain users.
Reference Number: NL-905/2010
E-ticket number: 9083651-AA
Category: (A)
Amount: USD2.500.000,00 (Two Million, Five Hundred Thousand, United State Dollars)
You are required to call your claims agent and also send an e-mail with the contact information presented below:
Contact: Mr. Sean Nolan
Phone: +31 61 979 8868
Email: [email protected]
In line with the governing rules of claim, you are requested to furnish
Mr. Nolan With the following information:
1. Full name:
2. Address:
3. Occupation:
4. Tel/Fax....
5. Cell/Mobile:
6. Age:
7. Winning Ref Number:
Congratulations!
Dennis Smed,
Promotions Coordinator.
NOTE: This is an Automated Message; do not respond. You should contact the assigned claims agent immediately to process the remittance of the prize sum to you.
Envelope-to: removed
Delivery-date: Sun, 23 Jan 2011 23:02:46 -0600
Received: from [217.107.186.83] (port=44519 helo=gw.belgpost.ru)
by removed with esmtp (Exim 4.69)
(envelope-from <[email protected]>)
id 1PhEZh-0005XB-39
for removed; Sun, 23 Jan 2011 23:02:46 -0600
Received: from User (unknown [195.117.61.5])
by gw.belgpost.ru (Postfix) with ESMTPA id 38B40C59180;
Mon, 24 Jan 2011 08:02:16 +0300 (MSK)
Reply-To: <[email protected]>
From: "Mega Online Promotion"<[email protected]>
Date: Mon, 24 Jan 2011 06:02:25 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Spam-Status: Yes, score=53.3
X-Spam-Score: 533
X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "gator255.hostgator.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: ATTENTION: Dear Email Account Holder, We are pleased to notify
you the "Star Winner" of our last Secured Mega Online Promotion result. This
is a reward program for the patronage of internet services and all email
addresses entered for this promotional draws were randomly selected from an
internet resource database of registered software and domain users. [...]
Content analysis details: (53.3 points, 6.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.2 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
[195.117.61.5 listed in combined.njabl.org]
2.5 MILLION_USD BODY: Talks about millions of dollars
1.7 LOTTO_AGENT BODY: Claims Agent
3.4 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.2 NSL_RCVD_FROM_USER Received from User
0.0 FREEMAIL_FROM Sender email is freemail (infodepartment[at]aol.nl)
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?195.117.61.5>]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[217.107.186.83 listed in bl.score.senderscore.com]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[217.107.186.83 listed in psbl.surriel.com]
0.7 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)
1.2 MISSING_HEADERS Missing To: header
2.5 US_DOLLARS_3 BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
0.0 T_LOTTO_URI URI: Claims Department
0.1 MISSING_MID Missing Message-Id: header
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 FROM_MISSPACED From: missing whitespace
1.9 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
0.5 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
1.9 FROM_MISSP_NO_TO From misspaced, To missing
1.3 RDNS_NONE Delivered to internal network by a host with no rDNS
2.8 HK_LOTTO HK_LOTTO
0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope
3.5 KAM_LOTTO1 Likely to be a e-Lotto Scam Email
3.5 FILL_THIS_FORM_LONG Fill in a form with personal information
1.5 FROM_MISSP_USER From misspaced, from "User"
2.0 MONEY_FROM_MISSP Lots of money and misspaced From
0.0 FILL_THIS_FORM Fill in a form with personal information
2.8 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
1.5 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
0.0 MONEY_LOTTERY Lots of money from a lottery
0.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
0.0 T_TO_NO_BRKTS_FREEMAIL T_TO_NO_BRKTS_FREEMAIL
2.1 FROM_MISSP_FREEMAIL From misspaced + freemail provider
0.5 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
0.9 ADVANCE_FEE_3_NEW_FORM Advance Fee fraud and a form
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
0.8 ADVANCE_FEE_2_NEW_FORM Advance Fee fraud and a form
0.0 MONEY_FORM Lots of money if you fill out a form
0.5 MONEY_FRAUD_5 Lots of money and many fraud phrases
1.0 MONEY_FRAUD_3 Lots of money and several fraud phrases
0.4 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
0.5 FORM_FRAUD_5 Fill a form and many fraud phrases
0.5 FORM_FRAUD_3 Fill a form and several fraud phrases
X-Spam-Flag: YES
Subject: [Norton AntiSpam][SPAM] Dear Email Account Holder
X-Brightmail-Tracker: AAAABhMvU0wRrD9lDUKR4xczSNUXM0a+FzNLMg==
ATTENTION: Dear Email Account Holder,
We are pleased to notify you the "Star Winner" of our last Secured Mega Online Promotion result. This is a reward program for the patronage of internet services and all email addresses entered for this promotional draws were randomly selected from an internet resource database of registered software and domain users.
Reference Number: NL-905/2010
E-ticket number: 9083651-AA
Category: (A)
Amount: USD2.500.000,00 (Two Million, Five Hundred Thousand, United State Dollars)
You are required to call your claims agent and also send an e-mail with the contact information presented below:
Contact: Mr. Sean Nolan
Phone: +31 61 979 8868
Email: [email protected]
In line with the governing rules of claim, you are requested to furnish
Mr. Nolan With the following information:
1. Full name:
2. Address:
3. Occupation:
4. Tel/Fax....
5. Cell/Mobile:
6. Age:
7. Winning Ref Number:
Congratulations!
Dennis Smed,
Promotions Coordinator.
NOTE: This is an Automated Message; do not respond. You should contact the assigned claims agent immediately to process the remittance of the prize sum to you.