DR PATRICK ONYEZE <[email protected]>

Header Analysis Quick Report<br>Originating IP: 41.85.161.126<br>Originating ISP: Opt Benin / Benin Telecom<br> City: Cotonou<br>Country of Origin: Benin<br>* For a complete report on this email header goto ipTRACKERonline

Delivered-To: <snipped>
Received: by 10.70.58.38 with SMTP id n6csp34782pdq;
Fri, 17 Jan 2014 09:06:40 -0800 (PST)
X-Received: by 10.43.103.5 with SMTP id dg5mr2658425icc.50.1389978399994;
Fri, 17 Jan 2014 09:06:39 -0800 (PST)
Return-Path: <[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id ai4si3962060igd.31.2014.01.17.09.06.39
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Fri, 17 Jan 2014 09:06:39 -0800 (PST)
Received-SPF: fail (google.com: domain of [email protected] does not designate 184.154.1.124 as permitted sender) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=hardfail (google.com: domain of [email protected] does not designate 184.154.1.124 as permitted sender) [email protected]
Received: from 10ibl21ser04.datacenter.cha.cantv.net ([200.11.173.10]:33781)
by r8-chicago.webserversystems.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1W4CsQ-00080h-9O
for <snipped>; Fri, 17 Jan 2014 11:06:38 -0600
X-Virus-Scanned: amavisd-new at cantv.net
Received: from webmail-06.datacenter.cha.cantv.net (webmail-06.datacenter.cha.cantv.net [200.11.153.89])
(authenticated bits=0)
by 10ibl21ser04.datacenter.cha.cantv.net (8.14.3/8.14.3/3.0) with ESMTP id s0HH6U1P021881;
Fri, 17 Jan 2014 12:36:31 -0430
X-Matched-Lists: []
Received: from 41.85.161.126 ([41.85.161.126]) by webmail-06.datacenter.cha.cantv.net (Cantv Webmail) with HTTP; Fri, 17 Jan 2014 12:36:30 -0430 (VET)
Date: Fri, 17 Jan 2014 12:36:30 -0430 (VET)
From: Mr Kevin Ezeudo <[email protected]>
Reply-To: [email protected]
To: <snipped>
Message-ID: <469547359.2779756.1389978390920.JavaMail.gess@webmail-06.datacenter.cha.cantv.net>
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Mailer: Cantv Webmail
X-Originating-IP: [41.85.161.126]
X-Spam-Status: Yes, score=10.0
X-Spam-Score: 100
X-Spam-Bar: ++++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

Content preview: Attention Please!!! I have registered your ATM CARD of $1.7
with DHL COURIER AND SECURITY COMPANY with registration code of ( Shipment
Code awb 33xzs.) Atm Card Registered Code No xgt442. Security Code sctc/2001dhx/567/;
Transaction Code 233/cstc/101/33028/; Certificate Deposit code; sctc/bun/xxiv/-78/01).
[...]

Content analysis details: (10.0 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[200.11.173.10 listed in psbl.surriel.com]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?41.85.161.126>]
0.8 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
[41.85.161.126 listed in dnsbl.sorbs.net]
-0.0 SPF_PASS SPF: sender matches SPF record
-0.4 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain
0.0 HTML_MESSAGE BODY: HTML included in message
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
X-Spam-Flag: YES
Subject: ***SPAM*** I have registered your ATM CARD
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - <snipped>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - cantv.net
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: none
X-Source:
X-Source-Args:
X-Source-Dir:

Attention Please!!!

I have registered your ATM CARD of $1.7 with DHL COURIER AND SECURITY COMPANY with registration code of ( Shipment Code awb 33xzs.)

Atm Card Registered Code No xgt442.
Security Code sctc/2001dhx/567/;
Transaction Code 233/cstc/101/33028/;
Certificate Deposit code; sctc/bun/xxiv/-78/01).

please Contact with your delivery information such as, Your Name, Your Address and Your Telephone Number:

DHL COURIER AND SECURITY COMPANY:
Contact Person: DR PATRICK ONYEZE
Email Address: ([email protected])
Tel/FAX: +229 98 083 754

Best Regards,
Mr Kevin Ezeudo