Susan Mark <[email protected]>

Header Analysis Quick Report
Originating IP: 217.12.9.9
Originating ISP: Yahoo! Europe
City: n/a
Country of Origin:[*] United Kingdom
* For a complete report on this email header goto ipTRACKERonline

Delivered-To: <snipped>
Received: by 10.70.51.10 with SMTP id g10csp629864pdo;
Sat, 17 Jan 2015 05:28:20 -0800 (PST)
X-Received: by 10.70.131.78 with SMTP id ok14mr20408307pdb.112.1421501299968;
Sat, 17 Jan 2015 05:28:19 -0800 (PST)
Return-Path: <[email protected]>
Received: from relay.mailchannels.net (nov-007-i623.relay.mailchannels.net. [46.232.183.177])
by mx.google.com with ESMTP id nt6si9188954pbb.13.2015.01.17.05.28.17
for <snipped>;
Sat, 17 Jan 2015 05:28:19 -0800 (PST)
Received-SPF: none (google.com: [email protected] does not designate permitted sender hosts) client-ip=46.232.183.177;
Authentication-Results: mx.google.com;
spf=none (google.com: [email protected] does not designate permitted sender hosts) [email protected];
dkim=fail [email protected];
dmarc=fail (p=NONE dis=NONE) header.from=yahoo.pt
X-Sender-Id: _forwarded-from|212.82.97.65
Received: from r8-chicago.webserversystems.com (ip-10-204-4-183.us-west-2.compute.internal [10.204.4.183])
by relay.mailchannels.net (Postfix) with ESMTPA id 06824100505
for <snipped>; Sat, 17 Jan 2015 13:28:09 +0000 (UTC)
X-Sender-Id: _forwarded-from|212.82.97.65
Received: from r8-chicago.webserversystems.com (r8-chicago.webserversystems.com [10.224.7.213])
(using TLSv1 with cipher DHE-RSA-AES256-SHA)
by 0.0.0.0:2500 (trex/5.4.2);
Sat, 17 Jan 2015 13:28:10 GMT
X-MC-Relay: Junk
X-MailChannels-SenderId: _forwarded-from|212.82.97.65
X-MailChannels-Auth-Id: wwwh
X-MC-Loop-Signature: 1421501290218:680738350
X-MC-Ingress-Time: 1421501290217
Received: from nm28-vm5.bullet.mail.ir2.yahoo.com ([212.82.97.65]:52190)
by r8-chicago.webserversystems.com with esmtps (TLSv1:RC4-SHA:128)
(Exim 4.82)
(envelope-from <[email protected]>)
id 1YCTQ4-0005BP-R3
for <snipped>; Sat, 17 Jan 2015 07:28:05 -0600
DKIM-Signature: <snipped>
Received: from [212.82.98.63] by nm28.bullet.mail.ir2.yahoo.com with NNFMP; 17 Jan 2015 13:28:02 -0000
Received: from [212.82.98.65] by tm16.bullet.mail.ir2.yahoo.com with NNFMP; 17 Jan 2015 13:28:02 -0000
Received: from [127.0.0.1] by omp1002.mail.ir2.yahoo.com with NNFMP; 17 Jan 2015 13:28:02 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
X-YMail-OSG: <snipped>
Received: by 217.12.9.9; Sat, 17 Jan 2015 13:28:02 +0000
Date: Sat, 17 Jan 2015 13:28:01 +0000 (UTC)
From: SUSAN MARK <[email protected]>
Reply-To: SUSAN MARK <[email protected]>
Message-ID: <269353556.2690863.1421501281539.JavaMail.yahoo@jws11135.mail.ir2.yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_2690862_791018785.1421501281537"
X-Spam-Status: Yes, score=11.8
X-Spam-Score: 118
X-Spam-Bar: +++++++++++
X-Spam-Report: Spam detection software, running on the system "r8-chicago.webserversystems.com", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
root\@localhost for details.

Content preview: ATTENTION! Dear Sir/Madam Kindly contact the personal assistant
to the Director General Paul Brawn at [email protected] for
an urgent business notification, sir it is very important and confidential
that you must contact him immediately for more details of this transaction
that needs your assistance. Thanks for your cooperation. Susan Mark [...]


Content analysis details: (11.8 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[212.82.97.65 listed in bl.score.senderscore.com]
0.6 URG_BIZ BODY: Contains urgent matter
2.0 DEAR_SOMETHING BODY: Contains 'Dear (something)'
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(invest_option[at]yahoo.pt)
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[212.82.97.65 listed in list.dnswl.org]
1.5 SUBJ_ALL_CAPS Subject is all capitals
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit
(susan mark
<paulbrawn_baratlaw2004[at]yahoo.com>
)
1.0 MISSING_HEADERS Missing To: header
0.2 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.5 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
X-Spam-Flag: YES
Subject: ***SPAM*** VERY URGENT AND CONFIDENTIAL
X-AuthUser:

ATTENTION!
Dear Sir/Madam
Kindly contact the personal assistant to the Director General Paul Brawn at [email protected] for an urgent business notification, sir it is very important and confidential that you must contact him immediately for more details of this transaction that needs your assistance.
Thanks for your cooperation.


Susan Mark