by buried under 419s
Fri Dec 26, 2014 1:23 am
Return-path: <[email protected]>
Envelope-to:
Delivery-date: Thu, 25 Dec 2014 17:13:16 -0800
Received: from [162.213.250.107] (port=60539 helo=server1.partsandwheels.com)
by with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1Y4JSo-00006U-BV
for ; Thu, 25 Dec 2014 17:13:16 -0800
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=partsandwheels.com; s=default;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Subject:From:Reply-To; bh=5OIWgo0jjeXXqpnlTM8PVOEtUhsZPAmWqNnRGZ/DO0I=;
b=jjQsmS5u2RWbLZ84K1ZYpSqUTdhicaArpEs1iBipgNRKBCuPDo1KxgJNc69za7l6RoIc4wvxZn1mWGoB4ToJtA80WPlk0zkA7/3NzWAQvMZpW+stQcIQg4+8+ZVxi9ya9rxxqDb+seXzdzopfx56+MEvi6vuj9KgAIRu2I4kUaE=;
Received: from 69-165-175-111.dsl.teksavvy.com ([69.165.175.111]:49547 helo=User)
by server1.partsandwheels.com with esmtpa (Exim 4.84)
(envelope-from <[email protected]>)
id 1Y4JSb-0001gR-Q5; Fri, 26 Dec 2014 01:12:58 +0000
Reply-To: <[email protected]>
From: "James Hanson"<[email protected]>
Date: Thu, 25 Dec 2014 17:13:00 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server1.partsandwheels.com
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - partsandwheels.com
X-Get-Message-Sender-Via: server1.partsandwheels.com: authenticated_id: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam-Status: Yes, score=16.5
X-Spam-Score: 165
X-Spam-Bar: ++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Good Day This is to inform you that your funds of US$15.5
Million is in your country and will be handed over to you in the next 24 hours.
The funds is in a United Nations Storage facility in your country and arrangements
have been finalized to have it driven to your designated address with a United
Nations Chauffeur car.The delivery is scheduled to be effected within the
next few hours and we have ensured that everything will be done legally.
[...]
Content analysis details: (16.5 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.9 NSL_RCVD_HELO_USER Received from HELO User
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?162.213.250.107>]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
(<drjameshanson7[at]yahoo.com.ph>
)
1.0 MISSING_HEADERS Missing To: header
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[162.213.250.107 listed in psbl.surriel.com]
0.5 MISSING_MID Missing Message-Id: header
0.0 LOTS_OF_MONEY Huge... sums of money
1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 MONEY_FROM_MISSP Lots of money and misspaced From
2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
0.4 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSPACED From: missing whitespace
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
2.2 MONEY_FORM_SHORT Lots of money if you fill out a short form
X-Spam-Flag: YES
Subject: ***SPAM*** Please Read This Important Message Carefully
Good Day
This is to inform you that your funds of US$15.5 Million is in your country and will be handed over to you in the next 24 hours.
The funds is in a United Nations Storage facility in your country and arrangements have been finalized to have it driven to your designated address with a United Nations Chauffeur car.The delivery is scheduled to be effected within the next few hours and we have ensured that everything will be done legally.
Please send the folowing information
1. Address Where you want the fund delivered
2 Telephone/Cell Phone Number
As soon as you provide the information stated above, the delivery will be concluded.
Dr James Hanson
Envelope-to:
Delivery-date: Thu, 25 Dec 2014 17:13:16 -0800
Received: from [162.213.250.107] (port=60539 helo=server1.partsandwheels.com)
by with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1Y4JSo-00006U-BV
for ; Thu, 25 Dec 2014 17:13:16 -0800
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=partsandwheels.com; s=default;
h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Subject:From:Reply-To; bh=5OIWgo0jjeXXqpnlTM8PVOEtUhsZPAmWqNnRGZ/DO0I=;
b=jjQsmS5u2RWbLZ84K1ZYpSqUTdhicaArpEs1iBipgNRKBCuPDo1KxgJNc69za7l6RoIc4wvxZn1mWGoB4ToJtA80WPlk0zkA7/3NzWAQvMZpW+stQcIQg4+8+ZVxi9ya9rxxqDb+seXzdzopfx56+MEvi6vuj9KgAIRu2I4kUaE=;
Received: from 69-165-175-111.dsl.teksavvy.com ([69.165.175.111]:49547 helo=User)
by server1.partsandwheels.com with esmtpa (Exim 4.84)
(envelope-from <[email protected]>)
id 1Y4JSb-0001gR-Q5; Fri, 26 Dec 2014 01:12:58 +0000
Reply-To: <[email protected]>
From: "James Hanson"<[email protected]>
Date: Thu, 25 Dec 2014 17:13:00 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server1.partsandwheels.com
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - partsandwheels.com
X-Get-Message-Sender-Via: server1.partsandwheels.com: authenticated_id: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam-Status: Yes, score=16.5
X-Spam-Score: 165
X-Spam-Bar: ++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Good Day This is to inform you that your funds of US$15.5
Million is in your country and will be handed over to you in the next 24 hours.
The funds is in a United Nations Storage facility in your country and arrangements
have been finalized to have it driven to your designated address with a United
Nations Chauffeur car.The delivery is scheduled to be effected within the
next few hours and we have ensured that everything will be done legally.
[...]
Content analysis details: (16.5 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.9 NSL_RCVD_HELO_USER Received from HELO User
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?162.213.250.107>]
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
(<drjameshanson7[at]yahoo.com.ph>
)
1.0 MISSING_HEADERS Missing To: header
0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60%
[score: 0.5000]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[162.213.250.107 listed in psbl.surriel.com]
0.5 MISSING_MID Missing Message-Id: header
0.0 LOTS_OF_MONEY Huge... sums of money
1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 MONEY_FROM_MISSP Lots of money and misspaced From
2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
0.4 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSPACED From: missing whitespace
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
2.2 MONEY_FORM_SHORT Lots of money if you fill out a short form
X-Spam-Flag: YES
Subject: ***SPAM*** Please Read This Important Message Carefully
Good Day
This is to inform you that your funds of US$15.5 Million is in your country and will be handed over to you in the next 24 hours.
The funds is in a United Nations Storage facility in your country and arrangements have been finalized to have it driven to your designated address with a United Nations Chauffeur car.The delivery is scheduled to be effected within the next few hours and we have ensured that everything will be done legally.
Please send the folowing information
1. Address Where you want the fund delivered
2 Telephone/Cell Phone Number
As soon as you provide the information stated above, the delivery will be concluded.
Dr James Hanson
Questions about scams? fraudatiocruor @ gmail.com to contact remove spaces