by buried under 419s
Wed Nov 09, 2011 6:09 pm
Return-path: <[email protected]>
Envelope-to: Delivery-date: Wed, 09 Nov 2011 13:54:57 -0800
Received: from [110.138.78.148] (helo=148.subnet110-138-78.speedy.telkom.net.id)
by with esmtp (Exim 4.69)
(envelope-from <[email protected]>)
id 1ROG6i-0001vL-02
for ; Wed, 09 Nov 2011 13:54:57 -0800
Received: from [66.234.239.88] (helo=adexec.com) by 148.subnet110-138-78.speedy.telkom.net.id with esmtpa (Exim 4.73 (FreeBSD)) (envelope-from <[email protected]>) id 18UCB6-3217pu-VP for ; Thu, 10 Nov 2011 12:54:58 +0700
Message-ID: <BBB48DAF21534F215AF2153BB4F0C70C@MELBAupcZ>
From: "MELBA Conner" <[email protected]>
To:
Subject: Wire Transfer (9032CK939)
Date: Thu, 10 Nov 2011 12:54:58 +0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_03B4_01CC9F64.E58F9500"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
X-Spam-Subject: ***SPAM*** Wire Transfer (9032CK939)
X-Spam-Status: Yes, score=19.3
X-Spam-Score: 193
X-Spam-Bar: +++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Good morning,Your Account: Business Account XXXWire Amount:
$ 20,935.00Transfer Report: View The wire transfer will be processed within
2 hours. Please make sure that everything is as you requested. MELBA Conner,Federal
Reserve Wire Network Good morning, [...]
Content analysis details: (19.3 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
IP)
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[110.138.78.148 listed in psbl.surriel.com]
0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[110.138.78.148 listed in zen.spamhaus.org]
3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?110.138.78.148>]
1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[110.138.78.148 listed in bb.barracudacentral.org]
0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: gestorval.com]
1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80%
[score: 0.6856]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Flag: YES
This is a multi-part message in MIME format.
------=_NextPart_000_03B4_01CC9F64.E58F9500
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Good morning,Your Account: Business Account XXXWire Amount: $ 20,935.00Transfer Report: View The wire transfer will be processed within 2 hours. Please make sure that everything is as you requested. MELBA Conner,Federal Reserve Wire Network
Envelope-to: Delivery-date: Wed, 09 Nov 2011 13:54:57 -0800
Received: from [110.138.78.148] (helo=148.subnet110-138-78.speedy.telkom.net.id)
by with esmtp (Exim 4.69)
(envelope-from <[email protected]>)
id 1ROG6i-0001vL-02
for ; Wed, 09 Nov 2011 13:54:57 -0800
Received: from [66.234.239.88] (helo=adexec.com) by 148.subnet110-138-78.speedy.telkom.net.id with esmtpa (Exim 4.73 (FreeBSD)) (envelope-from <[email protected]>) id 18UCB6-3217pu-VP for ; Thu, 10 Nov 2011 12:54:58 +0700
Message-ID: <BBB48DAF21534F215AF2153BB4F0C70C@MELBAupcZ>
From: "MELBA Conner" <[email protected]>
To:
Subject: Wire Transfer (9032CK939)
Date: Thu, 10 Nov 2011 12:54:58 +0700
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_03B4_01CC9F64.E58F9500"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4807.1700
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700
X-Spam-Subject: ***SPAM*** Wire Transfer (9032CK939)
X-Spam-Status: Yes, score=19.3
X-Spam-Score: 193
X-Spam-Bar: +++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Good morning,Your Account: Business Account XXXWire Amount:
$ 20,935.00Transfer Report: View The wire transfer will be processed within
2 hours. Please make sure that everything is as you requested. MELBA Conner,Federal
Reserve Wire Network Good morning, [...]
Content analysis details: (19.3 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
IP)
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[110.138.78.148 listed in psbl.surriel.com]
0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[110.138.78.148 listed in zen.spamhaus.org]
3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?110.138.78.148>]
1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT
[110.138.78.148 listed in bb.barracudacentral.org]
0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.9 DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date
1.7 URIBL_BLACK Contains an URL listed in the URIBL blacklist
[URIs: gestorval.com]
1.5 BAYES_60 BODY: Bayes spam probability is 60 to 80%
[score: 0.6856]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Flag: YES
This is a multi-part message in MIME format.
------=_NextPart_000_03B4_01CC9F64.E58F9500
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Good morning,Your Account: Business Account XXXWire Amount: $ 20,935.00Transfer Report: View The wire transfer will be processed within 2 hours. Please make sure that everything is as you requested. MELBA Conner,Federal Reserve Wire Network
Questions about scams? fraudatiocruor @ gmail.com to contact remove spaces