by buried under 419s
Tue Jan 27, 2015 5:42 am
Return-path: <[email protected]>
Envelope-to:
Delivery-date: Mon, 26 Jan 2015 21:44:03 -0800
Received: from jaffrey.unh.edu ([132.177.137.62]:58328 helo=epping.unh.edu)
by with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1YFywT-0006pz-Lc
for ; Mon, 26 Jan 2015 21:44:03 -0800
Received: from newton.unh.edu (IDENT:U2FsdGVkX1/Iqo1Ne+iaV8F8TxGn5pK6glL/[email protected] [132.177.137.6])
by epping.unh.edu (8.14.4/8.14.4) with ESMTP id t0R5hrmn004815
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
Tue, 27 Jan 2015 00:43:54 -0500
Received: from User (rcc-dhcp-243-242.sr.unh.edu [132.177.243.242])
by newton.unh.edu (8.14.4/8.14.4) with SMTP id t0R5hkU9029324;
Tue, 27 Jan 2015 00:43:47 -0500
Message-Id: <[email protected]>
Reply-To: <[email protected]>
From: "Ban Ki Moon"<[email protected]>
Date: Mon, 26 Jan 2015 23:43:53 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0028_01C2A9A6.1399807E"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Greylist: inspected by milter-greylist-4.5.7 (epping.unh.edu [132.177.137.62]); Tue, 27 Jan 2015 00:43:55 -0500 (EST) for IP:'132.177.137.6' DOMAIN:'mail.unh.edu' HELO:'newton.unh.edu' FROM:'[email protected]' RCPT:''
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.7 (epping.unh.edu [132.177.137.62]); Tue, 27 Jan 2015 00:43:55 -0500 (EST)
X-cisunix-MailScanner-Information: http://pubpages.unh.edu/notes/mailfiltering.html
X-cisunix-MailScanner-ID: t0R5hrmn004815
X-cisunix-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=34.606,
required 5, autolearn=spam, ADVANCE_FEE_3_NEW 2.53,
AXB_XMAILER_MIMEOLE_OL_024C2 1.39, BAYES_99 3.50, BAYES_999 0.20,
DEAR_BENEFICIARY 2.15, FORGED_MUA_OUTLOOK 1.93, FREEMAIL_FROM 0.00,
FREEMAIL_REPLYTO 1.00, FROM_MISSPACED 0.00, FROM_MISSP_EH_MATCH 0.66,
FROM_MISSP_FREEMAIL 0.00, FROM_MISSP_MSFT 0.00,
FROM_MISSP_REPLYTO 3.74, FROM_MISSP_USER 0.00, FROM_MISSP_XPRIO 0.00,
FSL_NEW_HELO_USER 1.24, KHOP_DNSBL_BUMP 2.00, KHOP_RCVD_UNTRUST 0.50,
MALFORMED_FREEMAIL 2.80, MISSING_HEADERS 1.02,
MSOE_MID_WRONG_CASE 2.58, NSL_RCVD_FROM_USER 0.00, PYZOR_CHECK 1.39,
RCVD_IN_DNSWL_MED -2.30, RCVD_IN_HOSTKARMA_BL 1.70,
REPLYTO_WITHOUT_TO_CC 1.55, TO_NO_BRKTS_FROM_MSSP 2.50,
TO_NO_BRKTS_MSFT 2.50, T_FREEMAIL_DOC_PDF 0.01,
T_OBFU_ATTACH_MISSP 0.01, T_OBFU_PDF_ATTACH 0.01)
X-MailScanner-SpamScore: ssssssssssssssssssssssssssssssssss
X-MailScanner-From: [email protected]
X-cisunix-MailScanner-Watermark: 1422942235.40011@/FG0y9ncMGtDRLlTnkD/kw
X-Spam-Status: Yes, score=19.4
X-Spam-Score: 194
X-Spam-Bar: +++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Dear Beneficiary, It is my pleasure to inform you that I have
your payment file on my desk. I am also sorry for any inconvenience or delay
I have conducted towards your unpaid overdue funds. For more details, read
the official attached letter. [...]
Content analysis details: (19.4 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(un.info[at]usa.com)
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[132.177.137.62 listed in list.dnswl.org]
0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=u ... roject.com]
1.0 MISSING_HEADERS Missing To: header
3.2 DEAR_BENEFICIARY BODY: Dear Beneficiary:
2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95%
[score: 0.8916]
0.0 T_OBFU_PDF_ATTACH BODY: PDF attachment with generic MIME type
1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 T_OBFU_ATTACH_MISSP Obfuscated attachment type and misspaced From
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
2.6 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE
1.0 FROM_MISSP_SPF_FAIL FROM_MISSP_SPF_FAIL
0.0 FROM_MISSP_USER From misspaced, from "User"
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.4 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSPACED From: missing whitespace
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 T_FREEMAIL_DOC_PDF MS document or PDF attachment, from freemail
3.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
X-Spam-Flag: YES
Subject: ***SPAM*** HAPPY NEW YEARun,
This is a multi-part message in MIME format.
------=_NextPart_000_0028_01C2A9A6.1399807E
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
Dear Beneficiary,
It is my pleasure to inform you that I have your payment file on my desk. I am also sorry for any inconvenience or delay I have conducted towards your unpaid overdue funds. For more details, read the official attached letter.
I am looking forward to hearing from you soonest for further questions and information before releasing your fund to your bank account or any payment mode of your choice.
Yours Faithfully,
Ban Ki Moon
UN Secretary General
[ Letter.pdf ]
Attn: Beneficiary
It is my pleasure to inform you that I have your
inconvenience or delay I have conducted towards your unpaid overdue funds
Firstly, we have introduced this commission, INTERNATIONAL FINANCIAL CRIME COMMISS
(IFCC) that fight cyber crime, Internet fraud, scam and money laundering in any part of the world, Our
commission has been in existence since 2002 and the goal is to stop internet fraud. We have over 7,500 of
them in our jails around Africa and we are
lot of foreigners have been deceived and huge amount of money has also been lost to these fraudsters after
promising you percentages in their letters for you to help them move funds and th
for money from you and in return you will get nothing.
bank account through our accreditted
hear from you with your full name, address and direct phone number.
INTERNATIONAL FINANCIAL CRIME COMMISSION (IFCC) has come together to inform the world
what is going on concerning the global fradulent activities. Furthermore, I wish to inform that you that
some of the fraudsters have been caught after our proper investigation. And we have recovered over 300
million U.S. Dollars only from the people we have apprehended. They are in our detention room right now.
In this case our aim is to refund all lost funds to its legitim
I am looking forward to hearing from you soonest for further questions and information before releasing
your overdue funds worth 15.5m USD only
mails. [email protected] and [email protected].
Regards,
Ban Ki Moon
Envelope-to:
Delivery-date: Mon, 26 Jan 2015 21:44:03 -0800
Received: from jaffrey.unh.edu ([132.177.137.62]:58328 helo=epping.unh.edu)
by with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)
(Exim 4.80)
(envelope-from <[email protected]>)
id 1YFywT-0006pz-Lc
for ; Mon, 26 Jan 2015 21:44:03 -0800
Received: from newton.unh.edu (IDENT:U2FsdGVkX1/Iqo1Ne+iaV8F8TxGn5pK6glL/[email protected] [132.177.137.6])
by epping.unh.edu (8.14.4/8.14.4) with ESMTP id t0R5hrmn004815
(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
Tue, 27 Jan 2015 00:43:54 -0500
Received: from User (rcc-dhcp-243-242.sr.unh.edu [132.177.243.242])
by newton.unh.edu (8.14.4/8.14.4) with SMTP id t0R5hkU9029324;
Tue, 27 Jan 2015 00:43:47 -0500
Message-Id: <[email protected]>
Reply-To: <[email protected]>
From: "Ban Ki Moon"<[email protected]>
Date: Mon, 26 Jan 2015 23:43:53 -0600
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0028_01C2A9A6.1399807E"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Greylist: inspected by milter-greylist-4.5.7 (epping.unh.edu [132.177.137.62]); Tue, 27 Jan 2015 00:43:55 -0500 (EST) for IP:'132.177.137.6' DOMAIN:'mail.unh.edu' HELO:'newton.unh.edu' FROM:'[email protected]' RCPT:''
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.7 (epping.unh.edu [132.177.137.62]); Tue, 27 Jan 2015 00:43:55 -0500 (EST)
X-cisunix-MailScanner-Information: http://pubpages.unh.edu/notes/mailfiltering.html
X-cisunix-MailScanner-ID: t0R5hrmn004815
X-cisunix-MailScanner: Found to be clean
X-MailScanner-SpamCheck: spam, SpamAssassin (not cached, score=34.606,
required 5, autolearn=spam, ADVANCE_FEE_3_NEW 2.53,
AXB_XMAILER_MIMEOLE_OL_024C2 1.39, BAYES_99 3.50, BAYES_999 0.20,
DEAR_BENEFICIARY 2.15, FORGED_MUA_OUTLOOK 1.93, FREEMAIL_FROM 0.00,
FREEMAIL_REPLYTO 1.00, FROM_MISSPACED 0.00, FROM_MISSP_EH_MATCH 0.66,
FROM_MISSP_FREEMAIL 0.00, FROM_MISSP_MSFT 0.00,
FROM_MISSP_REPLYTO 3.74, FROM_MISSP_USER 0.00, FROM_MISSP_XPRIO 0.00,
FSL_NEW_HELO_USER 1.24, KHOP_DNSBL_BUMP 2.00, KHOP_RCVD_UNTRUST 0.50,
MALFORMED_FREEMAIL 2.80, MISSING_HEADERS 1.02,
MSOE_MID_WRONG_CASE 2.58, NSL_RCVD_FROM_USER 0.00, PYZOR_CHECK 1.39,
RCVD_IN_DNSWL_MED -2.30, RCVD_IN_HOSTKARMA_BL 1.70,
REPLYTO_WITHOUT_TO_CC 1.55, TO_NO_BRKTS_FROM_MSSP 2.50,
TO_NO_BRKTS_MSFT 2.50, T_FREEMAIL_DOC_PDF 0.01,
T_OBFU_ATTACH_MISSP 0.01, T_OBFU_PDF_ATTACH 0.01)
X-MailScanner-SpamScore: ssssssssssssssssssssssssssssssssss
X-MailScanner-From: [email protected]
X-cisunix-MailScanner-Watermark: 1422942235.40011@/FG0y9ncMGtDRLlTnkD/kw
X-Spam-Status: Yes, score=19.4
X-Spam-Score: 194
X-Spam-Bar: +++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Dear Beneficiary, It is my pleasure to inform you that I have
your payment file on my desk. I am also sorry for any inconvenience or delay
I have conducted towards your unpaid overdue funds. For more details, read
the official attached letter. [...]
Content analysis details: (19.4 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 NSL_RCVD_FROM_USER Received from User
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(un.info[at]usa.com)
-2.3 RCVD_IN_DNSWL_MED RBL: Sender listed at http://www.dnswl.org/, medium
trust
[132.177.137.62 listed in list.dnswl.org]
0.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=u ... roject.com]
1.0 MISSING_HEADERS Missing To: header
3.2 DEAR_BENEFICIARY BODY: Dear Beneficiary:
2.0 BAYES_80 BODY: Bayes spam probability is 80 to 95%
[score: 0.8916]
0.0 T_OBFU_PDF_ATTACH BODY: PDF attachment with generic MIME type
1.6 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 T_OBFU_ATTACH_MISSP Obfuscated attachment type and misspaced From
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
2.6 MSOE_MID_WRONG_CASE MSOE_MID_WRONG_CASE
1.0 FROM_MISSP_SPF_FAIL FROM_MISSP_SPF_FAIL
0.0 FROM_MISSP_USER From misspaced, from "User"
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
0.4 TO_NO_BRKTS_FROM_MSSP Multiple formatting errors
0.0 FROM_MISSPACED From: missing whitespace
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 T_FREEMAIL_DOC_PDF MS document or PDF attachment, from freemail
3.5 TO_NO_BRKTS_MSFT To: misformatted and supposed Microsoft tool
0.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
3.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
X-Spam-Flag: YES
Subject: ***SPAM*** HAPPY NEW YEARun,
This is a multi-part message in MIME format.
------=_NextPart_000_0028_01C2A9A6.1399807E
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
Dear Beneficiary,
It is my pleasure to inform you that I have your payment file on my desk. I am also sorry for any inconvenience or delay I have conducted towards your unpaid overdue funds. For more details, read the official attached letter.
I am looking forward to hearing from you soonest for further questions and information before releasing your fund to your bank account or any payment mode of your choice.
Yours Faithfully,
Ban Ki Moon
UN Secretary General
[ Letter.pdf ]
Attn: Beneficiary
It is my pleasure to inform you that I have your
inconvenience or delay I have conducted towards your unpaid overdue funds
Firstly, we have introduced this commission, INTERNATIONAL FINANCIAL CRIME COMMISS
(IFCC) that fight cyber crime, Internet fraud, scam and money laundering in any part of the world, Our
commission has been in existence since 2002 and the goal is to stop internet fraud. We have over 7,500 of
them in our jails around Africa and we are
lot of foreigners have been deceived and huge amount of money has also been lost to these fraudsters after
promising you percentages in their letters for you to help them move funds and th
for money from you and in return you will get nothing.
bank account through our accreditted
hear from you with your full name, address and direct phone number.
INTERNATIONAL FINANCIAL CRIME COMMISSION (IFCC) has come together to inform the world
what is going on concerning the global fradulent activities. Furthermore, I wish to inform that you that
some of the fraudsters have been caught after our proper investigation. And we have recovered over 300
million U.S. Dollars only from the people we have apprehended. They are in our detention room right now.
In this case our aim is to refund all lost funds to its legitim
I am looking forward to hearing from you soonest for further questions and information before releasing
your overdue funds worth 15.5m USD only
mails. [email protected] and [email protected].
Regards,
Ban Ki Moon
Questions about scams? fraudatiocruor @ gmail.com to contact remove spaces