by Faizan Docherty
Sun Dec 15, 2013 9:57 am
ipTRACKERonline.com wrote:Header Analysis Quick Report<br>Originating IP: 41.85.176.28<br>Originating ISP: Opt Benin / Benin Telecom<br> City: n/a<br>Country of Origin: Benin<br>* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.4.133 with SMTP id k5csp38659pdk;
Sun, 15 Dec 2013 05:25:59 -0800 (PST)
X-Received: by 10.50.141.133 with SMTP id ro5mr10615437igb.35.1387113959589;
Sun, 15 Dec 2013 05:25:59 -0800 (PST)
Return-Path: <[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id q19si6403513igr.67.2013.12.15.05.25.59
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Sun, 15 Dec 2013 05:25:59 -0800 (PST)
Received-SPF: neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected]
Received: from antispam2.protagonist.nl ([88.198.12.171]:41128)
by r8-chicago.webserversystems.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1VsBhm-0003JY-Dw
for <snipped>; Sun, 15 Dec 2013 07:25:58 -0600
Received: from spido.protagonist.nl ([82.150.140.30])
by antispam2.protagonist.nl with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.82)
(envelope-from <[email protected]>)
id 1VsBhP-00030O-8d; Sun, 15 Dec 2013 14:25:40 +0100
Received: by spido.protagonist.nl (Postfix, from userid 501)
id 120C32B8322B; Sun, 15 Dec 2013 14:24:58 +0100 (CET)
Received: from 41.85.176.28 ([41.85.176.28]) by webmail.marcijngen.nu (Horde
Framework) with HTTP; Sun, 15 Dec 2013 14:24:57 +0100
Date: Sun, 15 Dec 2013 14:24:57 +0100
Message-ID: <20131215142457.Horde.t01j0hHl65lN5eFqggO_0A1@webmail.marcijngen.nu>
From: MILLER AURORA <[email protected]>
Subject: SOLUTIONS
Reply-to: [email protected]
User-Agent: Internet Messaging Program (IMP) H5 (6.1.4)
Content-Type: multipart/alternative; boundary="=_OJLCoTr1EbyCESdWH1bo6w2"
MIME-Version: 1.0
To: undisclosed-recipients:;
X-Filter-ID: <snipped>
X-Originating-IP: 82.150.140.30
X-SpamExperts-Domain: spido.protagonist.nl
X-SpamExperts-Username: 82.150.140.30
Authentication-Results: protagonist.nl; auth=pass smtp.auth=82.150.140.30
X-SpamExperts-Outgoing-Class: unsure
X-SpamExperts-Outgoing-Evidence: Combined (0.88)
X-Recommended-Action: accept
X-Spam-Status: No, score=4.8
X-Spam-Score: 48
X-Spam-Bar: ++++
X-Ham-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Je suis Miller Aurora et ,compte tenu de raison de santé,
et comme je suis veuve sans enfants , je voudrais vous faire une donation
d'un montant donné à une personne non connue et particulière comme vous pour
me repentir chez le Seigneur , répondez moi si vous vous sentez capable de
m'aider et pour avoir plus de détails [...]
Content analysis details: (4.8 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(miller.aurora28[at]yahoo.com)
0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is
CUSTOM_MED
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (miller.aurora28[at]yahoo.com)
1.6 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers
0.4 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
0.0 HTML_MESSAGE BODY: HTML included in message
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
0.8 MPART_ALT_DIFF BODY: HTML and text parts are different
0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
X-Spam-Flag: NO
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - <snipped>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - yahoo.com
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: none
X-Source:
X-Source-Args:
X-Source-Dir:
This message is in MIME format.
Je suis Miller Aurora et ,compte tenu de raison de santé, et comme je suis veuve sans enfants , je voudrais vous faire une donation d'un montant donné à une personne non connue et particulière comme vous pour me repentir chez le Seigneur , répondez moi si vous vous sentez capable de m'aider et pour avoir plus de détails
Here is the Google translation:
I'm Aurora and Miller, given health reasons, and as I am a widow without children, I would get a donation given to a particular and unknown as to repent to the Lord person amount, answer me if you feel able to help me and for more details
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
