by buried under 419s
Wed Jun 20, 2012 10:43 am
Return-path: <[email protected]>
Envelope-to:
Delivery-date: Wed, 20 Jun 2012 03:28:30 -0700
Received: from c2bthomr13.btconnect.com ([213.123.20.131]:8328 helo=mail.btconnect.com)
by with esmtp (Exim 4.77)
(envelope-from <[email protected]>)
id 1ShI9B-0006IG-Tr
for ; Wed, 20 Jun 2012 03:28:30 -0700
Received: from ip-77-240-184-22.netdatacomm.cz (EHLO TSCDO) ([77.240.184.22])
by c2bthomr13.btconnect.com
with ESMTP id HYT71787 (AUTH [email protected]);
Wed, 20 Jun 2012 11:27:58 +0100 (BST)
Reply-To: <[email protected]>
From: "VISA MASTER CARD"<[email protected]>
Date: Wed, 20 Jun 2012 12:32:25 +0200
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1250"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <[email protected]>
X-Mirapoint-IP-Reputation: reputation=Good-1,
source=Queried,
refid=tid=0001.0A0B0303.4FE1A3CA.0026,
actions=tag
X-Junkmail-Premium-Raw: score=44/50,
refid=2.7.2:2012.6.9.195417:17:44.497,
ip=77.240.184.22,
rules=__FRAUD_WEBMAIL_REPLYTO,
__PHISH_FROM2,
__SUBJ_ALPHA_END,
__MIME_VERSION,
__CT,
__CTYPE_HTML,
__CTYPE_IS_HTML,
__CTE,
__HAS_X_PRIORITY,
__HAS_MSMAIL_PRI,
__X_MSPRI_HI,
__HAS_X_MAILER,
USER_AGENT_OE,
__OUTLOOK_MUA_1,
__USER_AGENT_MS_GENERIC,
__HAS_MSGID,
__SANE_MSGID,
MISSING_HEADERS,
__ANY_URI,
__FRAUD_BODY_WEBMAIL,
__URI_NO_WWW,
__URI_NO_PATH,
__FRAUD_PHONE_REDIR,
__FRAUD_INTRO,
ECARD_WORD,
__PHISH_SPEAR_GREETING,
__HAS_HTML,
HTML_NO_HTTP,
BODY_SIZE_600_699,
BODYTEXTH_SIZE_10000_LESS,
__MIME_HTML,
__MIME_HTML_ONLY,
__TAG_EXISTS_HTML,
RDNS_GENERIC_POOLED,
HTML_50_70,
FRAUD_X3,
BODY_SIZE_5000_LESS,
RDNS_SUSP_GENERIC,
WEBMAIL_REPLYTO_NOT_FROM,
__PHISH_FROM,
__OUTLOOK_MUA,
CTYPE_JUST_HTML,
__PHISH_SPEAR_STRUCTURE_1,
BODY_SIZE_1000_LESS,
X_MSMAIL_PRIORITY_HIGH,
RDNS_SUSP,
BODY_SIZE_2000_LESS,
__PHISH_SPEAR_STRUCTURE_2,
__FRAUD_WEBMAIL,
FORGED_MUA_OUTLOOK,
FRAUD_FOR
X-Junkmail-Status: score=44/50, host=c2bthomr13.btconnect.com
X-Junkmail-Signature-Raw: score=suspect(0),
refid=str=0001.0A0B020D.4FE1A5B0.0140,ss=2,re=0.000,fgs=0,
ip=77.240.184.22,
so=2011-07-25 19:15:43,
dmn=2011-05-27 18:58:46,
mode=multiengine
X-Junkmail-IWF: false
X-Spam-Status: Yes, score=11.3
X-Spam-Score: 113
X-Spam-Bar: +++++++++++
X-Spam-Report: Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Dear Sir/Madam, Your name and email was randomly picked by
Visa/Master Card Card Europe Inc.in our London 2012 Olympics promo. Please
contact the Coordinator for more details. Coordinator, Morelle Lucas +447045791223
[email protected] [...]
Content analysis details: (11.3 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[213.123.20.131 listed in list.dnswl.org]
2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)'
0.0 FSL_XM_419 Old OE version in X-Mailer only seen in 419 spam
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.0 MISSING_HEADERS Missing To: header
1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80%
[score: 0.6321]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 FSL_UA FSL_UA
1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 FROM_MISSP_NO_TO From misspaced, To missing
0.0 FSL_FREEMAIL_1 FSL_FREEMAIL_1
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2
2.6 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.0 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
0.0 FROM_MISSPACED From: missing whitespace
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.0 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 FROM_MISSP_URI From misspaced, has URI
0.0 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 SINGLE_HEADER_1K A single header contains 1K-2K characters
X-Spam-Flag: YES
Subject: ***SPAM*** London 2012 Olympics promo
Dear Sir/Madam,
Your name and email was randomly picked by Visa/Master Card Card Europe Inc.in our London 2012 Olympics promo. Please contact the Coordinator for more details.
Coordinator,
Morelle Lucas
+447045791223
[email protected]
Envelope-to:
Delivery-date: Wed, 20 Jun 2012 03:28:30 -0700
Received: from c2bthomr13.btconnect.com ([213.123.20.131]:8328 helo=mail.btconnect.com)
by with esmtp (Exim 4.77)
(envelope-from <[email protected]>)
id 1ShI9B-0006IG-Tr
for ; Wed, 20 Jun 2012 03:28:30 -0700
Received: from ip-77-240-184-22.netdatacomm.cz (EHLO TSCDO) ([77.240.184.22])
by c2bthomr13.btconnect.com
with ESMTP id HYT71787 (AUTH [email protected]);
Wed, 20 Jun 2012 11:27:58 +0100 (BST)
Reply-To: <[email protected]>
From: "VISA MASTER CARD"<[email protected]>
Date: Wed, 20 Jun 2012 12:32:25 +0200
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1250"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <[email protected]>
X-Mirapoint-IP-Reputation: reputation=Good-1,
source=Queried,
refid=tid=0001.0A0B0303.4FE1A3CA.0026,
actions=tag
X-Junkmail-Premium-Raw: score=44/50,
refid=2.7.2:2012.6.9.195417:17:44.497,
ip=77.240.184.22,
rules=__FRAUD_WEBMAIL_REPLYTO,
__PHISH_FROM2,
__SUBJ_ALPHA_END,
__MIME_VERSION,
__CT,
__CTYPE_HTML,
__CTYPE_IS_HTML,
__CTE,
__HAS_X_PRIORITY,
__HAS_MSMAIL_PRI,
__X_MSPRI_HI,
__HAS_X_MAILER,
USER_AGENT_OE,
__OUTLOOK_MUA_1,
__USER_AGENT_MS_GENERIC,
__HAS_MSGID,
__SANE_MSGID,
MISSING_HEADERS,
__ANY_URI,
__FRAUD_BODY_WEBMAIL,
__URI_NO_WWW,
__URI_NO_PATH,
__FRAUD_PHONE_REDIR,
__FRAUD_INTRO,
ECARD_WORD,
__PHISH_SPEAR_GREETING,
__HAS_HTML,
HTML_NO_HTTP,
BODY_SIZE_600_699,
BODYTEXTH_SIZE_10000_LESS,
__MIME_HTML,
__MIME_HTML_ONLY,
__TAG_EXISTS_HTML,
RDNS_GENERIC_POOLED,
HTML_50_70,
FRAUD_X3,
BODY_SIZE_5000_LESS,
RDNS_SUSP_GENERIC,
WEBMAIL_REPLYTO_NOT_FROM,
__PHISH_FROM,
__OUTLOOK_MUA,
CTYPE_JUST_HTML,
__PHISH_SPEAR_STRUCTURE_1,
BODY_SIZE_1000_LESS,
X_MSMAIL_PRIORITY_HIGH,
RDNS_SUSP,
BODY_SIZE_2000_LESS,
__PHISH_SPEAR_STRUCTURE_2,
__FRAUD_WEBMAIL,
FORGED_MUA_OUTLOOK,
FRAUD_FOR
X-Junkmail-Status: score=44/50, host=c2bthomr13.btconnect.com
X-Junkmail-Signature-Raw: score=suspect(0),
refid=str=0001.0A0B020D.4FE1A5B0.0140,ss=2,re=0.000,fgs=0,
ip=77.240.184.22,
so=2011-07-25 19:15:43,
dmn=2011-05-27 18:58:46,
mode=multiengine
X-Junkmail-IWF: false
X-Spam-Status: Yes, score=11.3
X-Spam-Score: 113
X-Spam-Bar: +++++++++++
X-Spam-Report: Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Dear Sir/Madam, Your name and email was randomly picked by
Visa/Master Card Card Europe Inc.in our London 2012 Olympics promo. Please
contact the Coordinator for more details. Coordinator, Morelle Lucas +447045791223
[email protected] [...]
Content analysis details: (11.3 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[213.123.20.131 listed in list.dnswl.org]
2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)'
0.0 FSL_XM_419 Old OE version in X-Mailer only seen in 419 spam
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
1.0 MISSING_HEADERS Missing To: header
1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80%
[score: 0.6321]
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 FSL_UA FSL_UA
1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 FROM_MISSP_NO_TO From misspaced, To missing
0.0 FSL_FREEMAIL_1 FSL_FREEMAIL_1
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 AXB_XMAILER_MIMEOLE_OL_024C2
2.6 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.0 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
0.0 FROM_MISSPACED From: missing whitespace
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.0 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope
0.0 FROM_MISSP_URI From misspaced, has URI
0.0 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 SINGLE_HEADER_1K A single header contains 1K-2K characters
X-Spam-Flag: YES
Subject: ***SPAM*** London 2012 Olympics promo
Dear Sir/Madam,
Your name and email was randomly picked by Visa/Master Card Card Europe Inc.in our London 2012 Olympics promo. Please contact the Coordinator for more details.
Coordinator,
Morelle Lucas
+447045791223
[email protected]
Questions about scams? fraudatiocruor @ gmail.com to contact remove spaces