by Faizan Docherty
Mon Oct 20, 2014 2:34 pm
ipTRACKERonline.com wrote:Header Analysis Quick Report
Originating IP: 65.54.190.163
Originating ISP: Microsoft Hosting
City: Redmond
Country of Origin: United States
* For a complete report on this email header goto ipTRACKERonline
Delivered-To: <snipped>
Received: by 10.70.125.234 with SMTP id mt10csp196009pdb;
Fri, 17 Oct 2014 16:54:46 -0700 (PDT)
X-Received: by 10.68.220.233 with SMTP id pz9mr11548408pbc.5.1413590086629;
Fri, 17 Oct 2014 16:54:46 -0700 (PDT)
Return-Path: <[email protected]>
Received: from relay.mailchannels.net (nov-007-i629.relay.mailchannels.net. [46.232.183.183])
by mx.google.com with ESMTP id ou10si870591pdb.104.2014.10.17.16.54.42
for <snipped>;
Fri, 17 Oct 2014 16:54:46 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 46.232.183.183 as permitted sender) client-ip=46.232.183.183;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email protected] does not designate 46.232.183.183 as permitted sender) [email protected]
X-Sender-Id: _forwarded-from|65.54.190.187
Received: from r8-chicago.webserversystems.com (ip-10-236-1-24.us-west-2.compute.internal [10.236.1.24])
by relay.mailchannels.net (Postfix) with ESMTPA id 3465B60422
for <snipped>; Fri, 17 Oct 2014 23:54:35 +0000 (UTC)
X-Sender-Id: _forwarded-from|65.54.190.187
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com [10.245.50.19])
(using TLSv1 with cipher DHE-RSA-AES256-SHA)
by 0.0.0.0:2500 (trex/5.3.1);
Fri, 17 Oct 2014 23:54:39 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|65.54.190.187
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1413590078004:491407028
X-MC-Ingress-Time: 1413590077435
Received: from bay004-omc3s25.hotmail.com ([65.54.190.163]:61740)
by r8-chicago.webserversystems.com with esmtps (TLSv1:AES256-SHA:256)
(Exim 4.82)
(envelope-from <[email protected]>)
id 1XfHLs-0003ed-Rq
for <snipped>; Fri, 17 Oct 2014 18:54:35 -0500
Received: from BAY172-W40 ([65.54.190.187]) by BAY004-OMC3S25.hotmail.com over TLS secured channel with Microsoft SMTPSVC(7.5.7601.22751);
Fri, 17 Oct 2014 16:54:32 -0700
X-TMN: [RSCqfWdTa6BUHfPVy1nHPUOpG4OkGJZW]
X-Originating-Email: [[email protected]]
Message-ID: <[email protected]>
Content-Type: multipart/alternative;
boundary="_281caefb-39ad-4279-85d4-7dab23af2a47_"
Reply-To: <[email protected]>
From: adoh koffi <[email protected]>
Date: Fri, 17 Oct 2014 23:54:31 +0000
Importance: Normal
MIME-Version: 1.0
X-OriginalArrivalTime: 17 Oct 2014 23:54:32.0258 (UTC) FILETIME=[B264CA20:01CFEA65]
X-Spam-Status: Yes, score=8.6
X-Spam-Score: 86
X-Spam-Bar: ++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Can you confirm if you are still using this email address?
There is information I think might interest you. I am Mr. ADOH KOFFI. First
of all, I do not know if I am talking to the right person, but I will like
you to confirm if you are the owner of this email ID. Already I have your
name and details in my file in the office, but I want to be sure if I am
communicating with the right owner of this email. [...]
Content analysis details: (8.6 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[65.54.190.163 listed in list.dnswl.org]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(adohkoffi2017[at]hotmail.com)
-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relay
domain
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
(<adohkoffi1[at]yahoo.com>
)
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (adohkoffi2017[at]hotmail.com)
1.0 MISSING_HEADERS Missing To: header
0.0 HTML_MESSAGE BODY: HTML included in message
2.0 DCC_CHECK Detected as bulk mail by DCC (dcc-servers.net)
2.5 MALFORMED_FREEMAIL Bad headers on message from free email service
1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
X-Spam-Flag: YES
Subject: ***SPAM*** attention please
X-MC-Forward: <snipped>
X-AuthUser:
Can you confirm if you are still using this email address?
There is information I think might interest you. I am Mr. ADOH KOFFI. First of all, I do not know if I am talking to the right person, but I will like you to confirm if you are the owner of this email ID. Already I have your name and details in my file in the office, but I want to be sure if I am communicating with the right owner of this email.
If you can prove that you are the owner of this email ID, I will like you to furnish me with your information to enable me cross-check it with the one I have so that I can be convince that I am talking to the right person. I am taking this preventive measure because I do not want to talk to the wrong person because of the sensitivity of the information regarding the issue. Other details will be forwarded to you as soon.
I am convinced that I am communicating with the right person.
Regards,
Mr.ADOH KOFFI
Please DO NOT tell a scammer that he has been posted here!
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
If you wish you can email me at
faizandocherty @ scamwarners [dot] com
How do I find email headers???
How to analyze an email header.
