Western Union <[email protected]>

Header Analysis Quick Report
Originating IP: 209.85.217.194
Originating ISP: Google
City: Mountain View
Country of Origin: United States
* For a complete report on this email header goto ipTRACKERonline

Delivered-To: <snipped>
Received: by 10.70.50.233 with SMTP id f9csp22273pdo;
Tue, 18 Nov 2014 04:26:34 -0800 (PST)
X-Received: by 10.70.19.206 with SMTP id h14mr36853284pde.49.1416313593857;
Tue, 18 Nov 2014 04:26:33 -0800 (PST)
Return-Path: <[email protected]>
Received: from relay.mailchannels.net (si-002-i156.relay.mailchannels.net. [108.178.49.168])
by mx.google.com with ESMTP id bu4si10778731pbd.234.2014.11.18.04.26.32
for <snipped>;
Tue, 18 Nov 2014 04:26:33 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning [email protected] does not designate 108.178.49.168 as permitted sender) client-ip=108.178.49.168;
Authentication-Results: mx.google.com;
spf=softfail (google.com: domain of transitioning [email protected] does not designate 108.178.49.168 as permitted sender) [email protected];
dkim=fail [email protected];
dmarc=fail (p=NONE dis=NONE) header.from=gmail.com
X-Sender-Id: _forwarded-from|209.85.217.194
Received: from r8-chicago.webserversystems.com (ip-10-237-13-110.us-west-2.compute.internal [10.237.13.110])
by relay.mailchannels.net (Postfix) with ESMTPA id D3CAD100DA7
for <snipped>; Tue, 18 Nov 2014 12:26:30 +0000 (UTC)
X-Sender-Id: _forwarded-from|209.85.217.194
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com [10.248.72.174])
(using TLSv1 with cipher DHE-RSA-AES256-SHA)
by 0.0.0.0:2500 (trex/5.4.1);
Tue, 18 Nov 2014 12:26:31 GMT
X-MC-Relay: Forwarding
X-MailChannels-SenderId: _forwarded-from|209.85.217.194
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1416313591070:1430081722
X-MC-Ingress-Time: 1416313591070
Received: from mail-lb0-f194.google.com ([209.85.217.194]:40335)
by r8-chicago.webserversystems.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.82)
(envelope-from <[email protected]>)
id 1XqhrZ-000Ejc-2Y
for <snipped>; Tue, 18 Nov 2014 06:26:29 -0600
Received: by mail-lb0-f194.google.com with SMTP id b6so1964900lbj.1
for <snipped>; Tue, 18 Nov 2014 04:26:27 -0800 (PST)
DKIM-Signature: <snipped>
MIME-Version: 1.0
X-Received: by 10.152.203.137 with SMTP id kq9mr23434541lac.51.1416313587091;
Tue, 18 Nov 2014 04:26:27 -0800 (PST)
Received: by 10.25.144.133 with HTTP; Tue, 18 Nov 2014 04:26:27 -0800 (PST)
Reply-To: [email protected]
Date: Tue, 18 Nov 2014 12:26:27 +0000
Message-ID: <CAJUDGjO+_T_bUfe39RnGQFYVxnefmdM0Y_GCit4_Ek54C8A8nQ@mail.gmail.com>
From: Western Union Office <[email protected]>
To: undisclosed-recipients:;
Content-Type: text/plain; charset=UTF-8
X-Spam-Status: Yes, score=8.3
X-Spam-Score: 83
X-Spam-Bar: ++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

Content preview: Attn; My work partner has helped me to send the first $5000.00
to you through Western Union Money Transfer. So contact Western Union Agent
Mr. Hugo Fletcher, and ask him what you need to do before they can allow
you pick up the first $5000 payment. [...]

Content analysis details: (8.3 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at http://www.dnswl.org/, low
trust
[209.85.217.194 listed in list.dnswl.org]
3.2 MILLION_USD BODY: Talks about millions of dollars
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(saintfrankcis45[at]gmail.com)
1.5 SUBJ_ALL_CAPS Subject is all capitals
-0.0 SPF_PASS SPF: sender matches SPF record
0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in
digit (saintfrankcis45[at]gmail.com)
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 FILL_THIS_FORM Fill in a form with personal information
2.0 FILL_THIS_FORM_LONG Fill in a form with personal information
1.0 MONEY_FORM Lots of money if you fill out a form
X-Spam-Flag: YES
Subject: ***SPAM*** CONTACT HIM
X-AuthUser:

Attn;

My work partner has helped me to send the first $5000.00 to you
through Western Union Money Transfer. So contact Western Union Agent
Mr. Hugo Fletcher, and ask him what you need to do before they can
allow you pick up the first $5000 payment.

Contact person: Mr. Hugo Fletcher
Email: [email protected]

Ask him to give you the Sender's Full Name, Question and Answer, to
pick the $5000, I told him to keep sending you $5000 daily till the
payment of $1.7MILLION USD is complete. Again re-confirm to him your
Full Name, Telephone number and Address so that he will be sure. For
your information he can only transfer 3 payments to you a day which is
$15,000.00 USD.

THEN CONTACT HIM WITH YOUR FULL INFORMATION.

Full Name:--------
State:----------
City:-----------
Zip Code-------
Full Address:-------
Contact Phone:------

Please try to indicate this code when contacting Western Union
Management to avoid any mistake. Here is the code. (008xx37) also use
it as your subject. Remember without this Code they can't release any
payment to you so make sure you contact them with the Code and try to
comply with their instruction. I am currently in Australia to set up a
project.

Yours Sincerely
Phillip Pitt
Former Director of Western Union Benin Rep