#315232 by buried under 419s
Wed Dec 21, 2016 11:38 pm
Return-path: <[email protected]>
Envelope-to:
Delivery-date: Wed, 21 Dec 2016 15:33:40 -0800
Received: from z5.mailgun.us ([104.130.96.5]:52950)
by with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
(Exim 4.87)
(envelope-from <[email protected]>)
id 1cJqO8-0000FO-Pp
for ; Wed, 21 Dec 2016 15:33:40 -0800
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=llstratus.com; q=dns/txt;
s=smtp; t=1482363175; h=Content-Transfer-Encoding: Content-Type:
MIME-Version: Date: Subject: From: Reply-To: Message-Id: Sender;
bh=R5ph4eziXGOz7gWXu8OB332hpOh7bpyurVRjWM/S3zU=; b=cY8CPsUSMaS4GvsasRnPRHGasp5UmwYsojwyPWqQ4QeZJn4MVtV2y3Hz88fSBVnwCVu9HkLk
26LcP8ao4ZP9Jzvd6UxvsGH4ICVdJEN4LIyy48021QoyH6HGkOc4BeJvH7tCefLKYhR9s9tK
spetnomn4JrsxO4fFT0dlwlze78=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=llstratus.com; s=smtp;
q=dns; h=Sender: Message-Id: Reply-To: From: Subject: Date:
MIME-Version: Content-Type: Content-Transfer-Encoding;
b=I9rG4bjLDxfE8MLQh4t4Dzy9LFiyds0wV2ftyJVnxZnoH7txEK+xl3DCToeokcKBrKTuub
2ZDRK7mMOTomT5aYALT0m9LgugI1Quc7s8xVKgjBTAuKaV/uUZp/BhlC+CXccuBS4Mf86SUj
Ng/X/MAl3pKyXNaiKXoICOZCX2Fac=
Sender: [email protected]
X-Mailgun-Sending-Ip: 104.130.96.5
X-Mailgun-Sid: WyJhMTg5MyIsICJjaHVja0BjaGFybGVzcm9sbGlucy5jb20iLCAiYWY0OWU3Il0=
X-Mailgun-Batch-Id: e0770331-bf13-4a4a-83d2-5fc1bfc29847
Message-Id: <[email protected]>
Received: from User (host-173-230-60-14.inmuvil.muncie.in.us.clients.pavlovmedia.com [173.230.60.14])
by mxa.mailgun.org with ESMTP id 585b1127.7fdd20242e10-in07;
Wed, 21 Dec 2016 23:32:55 -0000 (UTC)
Reply-To: <[email protected]>
From: "Wei Zhang"<[email protected]>
Date: Thu, 22 Dec 2016 00:32:44 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
X-Spam-Status: Yes, score=19.4
X-Spam-Score: 194
X-Spam-Bar: +++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: I need assistance to quietly transfer US38.4m [...]
Content analysis details: (19.4 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.0 NSL_RCVD_FROM_USER Received from User
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[104.130.96.5 listed in list.dnswl.org]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?173.230.60.14>]
1.0 MISSING_HEADERS Missing To: header
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source
[104.130.96.5 listed in dnsbl.sorbs.net]
2.6 MSOE_MID_WRONG_CASE No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait
1.6 REPLYTO_WITHOUT_TO_CC No description available.
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 FROM_MISSP_USER From misspaced, from "User"
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.5 MSM_PRIO_REPTO MSMail priority header + Reply-to + short subject
0.0 MONEY_FROM_MISSP Lots of money and misspaced From
0.0 FROM_MISSPACED From: missing whitespace
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
X-Spam-Flag: YES
Subject: ***SPAM*** contact
I need assistance to quietly transfer US38.4m
Envelope-to:
Delivery-date: Wed, 21 Dec 2016 15:33:40 -0800
Received: from z5.mailgun.us ([104.130.96.5]:52950)
by with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
(Exim 4.87)
(envelope-from <[email protected]>)
id 1cJqO8-0000FO-Pp
for ; Wed, 21 Dec 2016 15:33:40 -0800
DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=llstratus.com; q=dns/txt;
s=smtp; t=1482363175; h=Content-Transfer-Encoding: Content-Type:
MIME-Version: Date: Subject: From: Reply-To: Message-Id: Sender;
bh=R5ph4eziXGOz7gWXu8OB332hpOh7bpyurVRjWM/S3zU=; b=cY8CPsUSMaS4GvsasRnPRHGasp5UmwYsojwyPWqQ4QeZJn4MVtV2y3Hz88fSBVnwCVu9HkLk
26LcP8ao4ZP9Jzvd6UxvsGH4ICVdJEN4LIyy48021QoyH6HGkOc4BeJvH7tCefLKYhR9s9tK
spetnomn4JrsxO4fFT0dlwlze78=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=llstratus.com; s=smtp;
q=dns; h=Sender: Message-Id: Reply-To: From: Subject: Date:
MIME-Version: Content-Type: Content-Transfer-Encoding;
b=I9rG4bjLDxfE8MLQh4t4Dzy9LFiyds0wV2ftyJVnxZnoH7txEK+xl3DCToeokcKBrKTuub
2ZDRK7mMOTomT5aYALT0m9LgugI1Quc7s8xVKgjBTAuKaV/uUZp/BhlC+CXccuBS4Mf86SUj
Ng/X/MAl3pKyXNaiKXoICOZCX2Fac=
Sender: [email protected]
X-Mailgun-Sending-Ip: 104.130.96.5
X-Mailgun-Sid: WyJhMTg5MyIsICJjaHVja0BjaGFybGVzcm9sbGlucy5jb20iLCAiYWY0OWU3Il0=
X-Mailgun-Batch-Id: e0770331-bf13-4a4a-83d2-5fc1bfc29847
Message-Id: <[email protected]>
Received: from User (host-173-230-60-14.inmuvil.muncie.in.us.clients.pavlovmedia.com [173.230.60.14])
by mxa.mailgun.org with ESMTP id 585b1127.7fdd20242e10-in07;
Wed, 21 Dec 2016 23:32:55 -0000 (UTC)
Reply-To: <[email protected]>
From: "Wei Zhang"<[email protected]>
Date: Thu, 22 Dec 2016 00:32:44 +0100
MIME-Version: 1.0
Content-Type: text/plain;
charset="utf-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1081
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1081
X-Spam-Status: Yes, score=19.4
X-Spam-Score: 194
X-Spam-Bar: +++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: I need assistance to quietly transfer US38.4m [...]
Content analysis details: (19.4 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.0 NSL_RCVD_FROM_USER Received from User
-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no
trust
[104.130.96.5 listed in list.dnswl.org]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?173.230.60.14>]
1.0 MISSING_HEADERS Missing To: header
-0.0 SPF_PASS SPF: sender matches SPF record
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's
domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source
[104.130.96.5 listed in dnsbl.sorbs.net]
2.6 MSOE_MID_WRONG_CASE No description available.
0.0 AXB_XMAILER_MIMEOLE_OL_1ECD5 Yet another X header trait
1.6 REPLYTO_WITHOUT_TO_CC No description available.
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 FROM_MISSP_USER From misspaced, from "User"
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
2.5 MSM_PRIO_REPTO MSMail priority header + Reply-to + short subject
0.0 MONEY_FROM_MISSP Lots of money and misspaced From
0.0 FROM_MISSPACED From: missing whitespace
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
X-Spam-Flag: YES
Subject: ***SPAM*** contact
I need assistance to quietly transfer US38.4m
Questions about scams? fraudatiocruor @ gmail.com to contact remove spaces