Mr. Mamuda Diallo <[email protected]>

Header Analysis Quick Report<br>Originating IP: 64.12.252.59<br>Originating ISP: America Online<br> City: n/a<br>Country of Origin: United States<br>* For a complete report on this email header goto ipTRACKERonline

Delivered-To: <snipped>
Received: by 10.70.126.40 with SMTP id mv8csp121758pdb;
Mon, 3 Feb 2014 02:20:32 -0800 (PST)
X-Received: by 10.50.77.38 with SMTP id p6mr15022257igw.1.1391422831830;
Mon, 03 Feb 2014 02:20:31 -0800 (PST)
Return-Path: <[email protected]>
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com. [184.154.1.124])
by mx.google.com with ESMTPS id l10si11431586ige.38.2014.02.03.02.20.31
for <snipped>
(version=TLSv1 cipher=RC4-SHA bits=128/128);
Mon, 03 Feb 2014 02:20:31 -0800 (PST)
Received-SPF: neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=184.154.1.124;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 184.154.1.124 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected];
dkim=fail [email protected]
Received: from oms-mc03.r1000.mx.aol.com ([64.12.81.68]:39451)
by r8-chicago.webserversystems.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1WAGdi-000BYb-LH
for <snipped>; Mon, 03 Feb 2014 04:20:31 -0600
Received: from mtaomg-maa01.mx.aol.com (mtaomg-maa01.mx.aol.com [172.26.222.143])
by oms-mc03.r1000.mx.aol.com (AOL Outbound OMS Interface) with ESMTP id 9471838000C06;
Mon, 3 Feb 2014 05:20:29 -0500 (EST)
Received: from core-mna002a.r1000.mail.aol.com (core-mna002.r1000.mail.aol.com [172.29.106.5])
by mtaomg-maa01.mx.aol.com (OMAG/Core Interface) with ESMTP id 5DFCE38000082;
Mon, 3 Feb 2014 05:20:29 -0500 (EST)
X-MB-Message-Source: WebUI
X-MB-Message-Type: User
MIME-Version: 1.0
From: Mamuda Diallo <[email protected]>
Content-Type: multipart/alternative;
boundary="--------MB_8D0EEE0B2771DDD_BD4_51A06_webmail-vm029.sysops.aol.com"
X-Mailer: Webmail 38331-STANDARD
Received: from 41.138.96.157 by webmail-vm029.sysops.aol.com (64.12.252.59) with HTTP (WebMailUI); Mon, 03 Feb 2014 05:20:29 -0500
Message-Id: <[email protected]>
X-Originating-IP: [41.138.96.157]
Date: Mon, 3 Feb 2014 05:20:29 -0500 (EST)
x-aol-global-disposition: S
X-SPAM-FLAG: YES
DKIM-Signature: <snipped>
X-AOL-REROUTE: YES
x-aol-sid: 3039ac1ade8f52ef6d6d4bcb
X-Spam-Status: Yes, score=19.5
X-Spam-Score: 195
X-Spam-Bar: +++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

Content preview: Dear Friend, I am working with one of the prime bank here
in Burkina Faso, can you help me repatriate the sun of 14.3million dollars
to your oversea account based on percentage. (1) Can you handle this project?
(2) Can I give you this trust? (3) What will be your commission? I expect
your urgent response if you can handle this project. Best Regard's, [...]


Content analysis details: (19.5 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.4 HK_SCAM_N15 BODY: HK_SCAM_N15
0.6 URG_BIZ BODY: Contains urgent matter
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mamudadiallo[at]aol.fr)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[64.12.81.68 listed in list.dnswl.org]
1.0 MISSING_HEADERS Missing To: header
2.6 DEAR_FRIEND BODY: Dear Friend? That's not very dear!
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLY From and body contain different freemails
0.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
2.0 MONEY_FROM_41 Lots of money from Africa
0.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)
0.0 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
2.2 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
0.0 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
4.2 MONEY_FRAUD_3 Lots of money and several fraud phrases
3.0 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money
0.5 CRM114_PROB_SPAM CRM114: CRM114_PROB_SPAM
X-Spam-Flag: YES
Subject: ***SPAM*** Dear Friend,
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - r8-chicago.webserversystems.com
X-AntiAbuse: Original Domain - <snipped>
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - aol.fr
X-Get-Message-Sender-Via: r8-chicago.webserversystems.com: none
X-Source:
X-Source-Args:
X-Source-Dir:

Dear Friend,

I am working with one of the prime bank here in Burkina Faso, can you help me repatriate
the sun of 14.3million dollars to your oversea account based on percentage.

(1) Can you handle this project?
(2) Can I give you this trust?
(3) What will be your commission?
I expect your urgent response if you can handle this project.
Best Regard's,

Please kindly reply to my alternative email address below([email protected])
Mr.mamuda diallo.