by buried under 419s
Fri Dec 04, 2020 8:14 pm
Return-path: <3g43KXxEJBcwv69s3uCAB64w9us9wy4s03.u64uzCu2uzs93wA963305A.u64@trix.bounces.google.com>
Envelope-to:
Delivery-date: Fri, 04 Dec 2020 19:27:43 +0000
Received: from mail-io1-f71.google.com ([209.85.166.71]:33204)
by with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.93)
(envelope-from <3g43KXxEJBcwv69s3uCAB64w9us9wy4s03.u64uzCu2uzs93wA963305A.u64@trix.bounces.google.com>)
id 1klGk2-0006sY-8F
for ; Fri, 04 Dec 2020 19:27:43 +0000
Received: by mail-io1-f71.google.com with SMTP id t23so4844119ioh.0
for <>; Fri, 04 Dec 2020 11:27:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=mime-version:reply-to:message-id:date:subject:from:to;
bh=+BWTiIwL6OUU8M35WIRCl6ldFlCybOwt6m4bIDOrN6s=;
b=FNuZA1SjLjt67wp04IRhHrCzLUb+yd3N8wfQTEOMaAWpY5PEmOM7t5kkyPamTSqqSH
tUGTUJ933uvFCOtpP1KsYUiD9FqvpB8QODqgmcsmyMFv2aV6F00aI07dDircGeItH+cv
BQjxzty97lku/1fEk7kABW9QMzJpzUzXVxDIKu9KyVHNhTBmUSNyzvGctucpIac49w7X
63TfXChKRvJ2/jE6QYbuZWEoswFg75uRhwsYJV28bAC+OlGhDZIZjzJ0LTgizyWmOxJN
4rNjD8QOaisKXphl3xbdj0INuP7iGs+jz8q1O6V4s3oOs6T1kjr/tmsUxdqwvyamxEdM
6SJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:reply-to:message-id:date:subject
:from:to;
bh=+BWTiIwL6OUU8M35WIRCl6ldFlCybOwt6m4bIDOrN6s=;
b=Ms8qICaZIoLgJibwLB10IwemuTXHyZqm4ylgnuR2BpVAaC6VnODvGictu7fifBToKv
kLJP2odyWng/w0EROy/hMyOSqInUrnFkNU040u54e81jZiPXXCLUBZ4SYJp9FGN5WLMf
r7UOs7ayEiDQcJlo/6SwUZ1j//qSHfwRiZzDo5xjkGJEcnLig2AbdZSKvDR1swR3ty6I
14a525fe4JGV76hxMdLuYjeqOnrTezXtYM6iYX+oDtXqn1CUuJOsbHa65xtE1g+AR6jx
dF192z+RGsMegzMt7tiLjB7hrC2Fy/NA5qBu4Xxv8Z/fAGNG+ou+R3h7CH+MRjZIV0fw
5aVg==
X-Gm-Message-State: AOAM532+zmoOZ8+M8YO/6+DImg7clGfxm4YMXH6kzQPJi6ThUDBY9Xv4
FMyBLD2qnreiEqmu8NHzygnsIkcEjEzy6wdyICjN
MIME-Version: 1.0
X-Received: by 2002:a92:b61a:: with SMTP id s26mt8684396ili.239.1607110019555;
Fri, 04 Dec 2020 11:26:59 -0800 (PST)
Reply-To: [email protected]
X-No-Auto-Attachment: 1
Message-ID: <[email protected]>
Date: Fri, 04 Dec 2020 19:27:01 +0000
From: [email protected]
To:
Content-Type: multipart/alternative; boundary="000000000000f304c905b5a875f3"
X-Spam-Status: Yes, score=11.4
X-Spam-Score: 114
X-Spam-Bar: +++++++++++
X-Spam-Report: Spam detection software, running on the system "",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: I've invited you to fill out the following form: Party Invite
To fill it out, visit: https://docs.google.com/forms/d/e/1FAIp ... _form_link
Content analysis details: (11.4 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[doralcustomercare[at]gmail.com]
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 LOTS_OF_MONEY Huge... sums of money
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
EnvelopeFrom freemail headers are
different
2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
2.5 GOOGLE_DOC_SUSP Suspicious use of Google Docs
X-Spam-Flag: YES
Subject: ***SPAM*** Good news!
--000000000000f304c905b5a875f3
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Good news!
Precisely one year ago, your package containing a pre-funded ATM Card worth US$4.8M was intercepted and withheld at the JFK-Airport over suspicions of money laundering. The good news now is that it has been cleared of such suspicions and handed over back to be re-dispatched to you. So contact immediately, the courier service Management Head/CEO with below information to obtain your package clearance and new tracker number.
Jewel Shaw,
Management Head/CEO
Email: [email protected]
Regards,
Mr. Mike Solsman
Manager
Envelope-to:
Delivery-date: Fri, 04 Dec 2020 19:27:43 +0000
Received: from mail-io1-f71.google.com ([209.85.166.71]:33204)
by with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
(Exim 4.93)
(envelope-from <3g43KXxEJBcwv69s3uCAB64w9us9wy4s03.u64uzCu2uzs93wA963305A.u64@trix.bounces.google.com>)
id 1klGk2-0006sY-8F
for ; Fri, 04 Dec 2020 19:27:43 +0000
Received: by mail-io1-f71.google.com with SMTP id t23so4844119ioh.0
for <>; Fri, 04 Dec 2020 11:27:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20161025;
h=mime-version:reply-to:message-id:date:subject:from:to;
bh=+BWTiIwL6OUU8M35WIRCl6ldFlCybOwt6m4bIDOrN6s=;
b=FNuZA1SjLjt67wp04IRhHrCzLUb+yd3N8wfQTEOMaAWpY5PEmOM7t5kkyPamTSqqSH
tUGTUJ933uvFCOtpP1KsYUiD9FqvpB8QODqgmcsmyMFv2aV6F00aI07dDircGeItH+cv
BQjxzty97lku/1fEk7kABW9QMzJpzUzXVxDIKu9KyVHNhTBmUSNyzvGctucpIac49w7X
63TfXChKRvJ2/jE6QYbuZWEoswFg75uRhwsYJV28bAC+OlGhDZIZjzJ0LTgizyWmOxJN
4rNjD8QOaisKXphl3xbdj0INuP7iGs+jz8q1O6V4s3oOs6T1kjr/tmsUxdqwvyamxEdM
6SJA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:reply-to:message-id:date:subject
:from:to;
bh=+BWTiIwL6OUU8M35WIRCl6ldFlCybOwt6m4bIDOrN6s=;
b=Ms8qICaZIoLgJibwLB10IwemuTXHyZqm4ylgnuR2BpVAaC6VnODvGictu7fifBToKv
kLJP2odyWng/w0EROy/hMyOSqInUrnFkNU040u54e81jZiPXXCLUBZ4SYJp9FGN5WLMf
r7UOs7ayEiDQcJlo/6SwUZ1j//qSHfwRiZzDo5xjkGJEcnLig2AbdZSKvDR1swR3ty6I
14a525fe4JGV76hxMdLuYjeqOnrTezXtYM6iYX+oDtXqn1CUuJOsbHa65xtE1g+AR6jx
dF192z+RGsMegzMt7tiLjB7hrC2Fy/NA5qBu4Xxv8Z/fAGNG+ou+R3h7CH+MRjZIV0fw
5aVg==
X-Gm-Message-State: AOAM532+zmoOZ8+M8YO/6+DImg7clGfxm4YMXH6kzQPJi6ThUDBY9Xv4
FMyBLD2qnreiEqmu8NHzygnsIkcEjEzy6wdyICjN
MIME-Version: 1.0
X-Received: by 2002:a92:b61a:: with SMTP id s26mt8684396ili.239.1607110019555;
Fri, 04 Dec 2020 11:26:59 -0800 (PST)
Reply-To: [email protected]
X-No-Auto-Attachment: 1
Message-ID: <[email protected]>
Date: Fri, 04 Dec 2020 19:27:01 +0000
From: [email protected]
To:
Content-Type: multipart/alternative; boundary="000000000000f304c905b5a875f3"
X-Spam-Status: Yes, score=11.4
X-Spam-Score: 114
X-Spam-Bar: +++++++++++
X-Spam-Report: Spam detection software, running on the system "",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: I've invited you to fill out the following form: Party Invite
To fill it out, visit: https://docs.google.com/forms/d/e/1FAIp ... _form_link
Content analysis details: (11.4 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[doralcustomercare[at]gmail.com]
0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
mail domains are different
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.0 LOTS_OF_MONEY Huge... sums of money
0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and
EnvelopeFrom freemail headers are
different
2.5 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
2.5 GOOGLE_DOC_SUSP Suspicious use of Google Docs
X-Spam-Flag: YES
Subject: ***SPAM*** Good news!
--000000000000f304c905b5a875f3
Content-Type: text/plain; charset="UTF-8"; format=flowed; delsp=yes
Good news!
Precisely one year ago, your package containing a pre-funded ATM Card worth US$4.8M was intercepted and withheld at the JFK-Airport over suspicions of money laundering. The good news now is that it has been cleared of such suspicions and handed over back to be re-dispatched to you. So contact immediately, the courier service Management Head/CEO with below information to obtain your package clearance and new tracker number.
Jewel Shaw,
Management Head/CEO
Email: [email protected]
Regards,
Mr. Mike Solsman
Manager
Questions about scams? fraudatiocruor @ gmail.com to contact remove spaces