#336967 by buried under 419s
Wed Aug 16, 2017 8:39 pm
Return-Path: <[email protected]>
Delivered-To:
Received: from
by m (Dovecot) with LMTP id sctNMbXNlFkDRQAAjbubUg
for <>; Wed, 16 Aug 2017 15:56:53 -0700
Return-path: <[email protected]>
Envelope-to:
Delivery-date: Wed, 16 Aug 2017 15:56:53 -0700
Received: from ns1.marbrieletelecom.com.br ([186.233.169.6]:45802 helo=srv01.marbrieletelecom.com.br)
by with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89)
(envelope-from <[email protected]>)
id 1di7F5-0004aa-Rp
for =; Wed, 16 Aug 2017 15:56:53 -0700
Received: from [197.210.47.226] (helo=User)
by srv01.marbrieletelecom.com.br with esmtpa (Exim 4.84_2)
(envelope-from <[email protected]>)
id 1di7EG-0006XK-Gy; Wed, 16 Aug 2017 19:56:01 -0300
Reply-To: <[email protected]>
From: "Mr. Thomas Stevenson"<[email protected]>
To: [email protected]
Date: Wed, 16 Aug 2017 23:55:57 +0100
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <[email protected]>
X-Spam-Status: Yes, score=23.5
X-Spam-Score: 235
X-Spam-Bar: +++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: FROM: MR. THOMAS STEVENSON. EXECUTIVE CHAIRMAN, FIDELITY WORLDWIDE
INVESTMENT. Office Address: 350 PARK AVENUE NEW YORK NY, 10022 USA. [...]
Content analysis details: (23.5 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
0.0 HK_RANDOM_FROM From username looks random
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 HK_RANDOM_ENVFROM Envelope sender username looks random
0.0 NSL_RCVD_HELO_USER Received from HELO User
0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source
[186.233.169.6 listed in dnsbl.sorbs.net]
4.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[186.233.169.6 listed in bb.barracudacentral.org]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?197.210.47.226>]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mrthstvbbdbdfrr[at]outlook.com)
1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.5 SUBJ_ALL_CAPS Subject is all capitals
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
0.0 T_HK_NAME_FM_MR_MRS No description available.
2.6 MSOE_MID_WRONG_CASE No description available.
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 BOGUS_MSM_HDRS Apparently bogus Microsoft email headers
0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool
1.4 SPOOFED_FREEM_REPTO Forged freemail sender with freemail reply-to
X-Spam-Flag: YES
Subject: ***SPAM*** ****PAYMENT APPROVAL FROM THE FIDELITY WORLDWIDE INVESTMENT NEW YORK, NY USA.******
FROM: MR. THOMAS STEVENSON.
EXECUTIVE CHAIRMAN, FIDELITY WORLDWIDE INVESTMENT.
Office Address: 350 PARK AVENUE NEW YORK NY, 10022 USA.
Telephone +917 725 3388.
****PAYMENT APPROVAL FROM THE FIDELITY WORLDWIDE INVESTMENT NEW YORK, NY USA.******
Urgent Attention,
I am Mr.Thomas Stevenson, Executive Chairman Fidelity Worldwide Investment New York.
This organization was set up to fight against scam and Fraudulent activities
worldwide. This Group is responsible for investigating the legitimacy of unpaid
contract, inheritance and lotto winning claims by companies and individuals and
directs the paying authorities (Banks) worldwide to make immediate payment of
verified claims to the beneficiaries without further delay.
You are being legally contacted regarding the release of your long awaited fund.
After a detailed review of your file, the United Nation Monetary Unit has been
authorized to release your fund immediately. The sum of US$10,500,000.00; has been
approved in your favor via my desk. This payment will be made via Bank to Bank Wire
Transfer or by Online Banking System.
Be informed that we are working in collaborations with the New United Nations
Secretary General Antonio Guterres. who authorize the immediate payment of your long
awaited fund without any further delay. You are advised to include the followings
below:
(1). Your Full Name,
(2). Direct Telephone Numbers,
(3). Contact Address,
(4). Your Occupation,
age and Marital Status
5). Bank Name and Address.
(6). Account Numbers.
(7). Routing Numbers
(8). Swift Code.
(9). Beneficiary's Name.
Note that the above fund has been cleared from terrorist or fraud related activities.
Thanks for Your Cooperation.
Mr. Thomas Stevenson
Executive, Chairman
Fidelity Worldwide Investment.
Email: [email protected]
Telephone +917 725 3388.
Delivered-To:
Received: from
by m (Dovecot) with LMTP id sctNMbXNlFkDRQAAjbubUg
for <>; Wed, 16 Aug 2017 15:56:53 -0700
Return-path: <[email protected]>
Envelope-to:
Delivery-date: Wed, 16 Aug 2017 15:56:53 -0700
Received: from ns1.marbrieletelecom.com.br ([186.233.169.6]:45802 helo=srv01.marbrieletelecom.com.br)
by with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89)
(envelope-from <[email protected]>)
id 1di7F5-0004aa-Rp
for =; Wed, 16 Aug 2017 15:56:53 -0700
Received: from [197.210.47.226] (helo=User)
by srv01.marbrieletelecom.com.br with esmtpa (Exim 4.84_2)
(envelope-from <[email protected]>)
id 1di7EG-0006XK-Gy; Wed, 16 Aug 2017 19:56:01 -0300
Reply-To: <[email protected]>
From: "Mr. Thomas Stevenson"<[email protected]>
To: [email protected]
Date: Wed, 16 Aug 2017 23:55:57 +0100
MIME-Version: 1.0
Content-Type: text/html;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 1
X-MSMail-Priority: High
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <[email protected]>
X-Spam-Status: Yes, score=23.5
X-Spam-Score: 235
X-Spam-Bar: +++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: FROM: MR. THOMAS STEVENSON. EXECUTIVE CHAIRMAN, FIDELITY WORLDWIDE
INVESTMENT. Office Address: 350 PARK AVENUE NEW YORK NY, 10022 USA. [...]
Content analysis details: (23.5 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters
0.0 HK_RANDOM_FROM From username looks random
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.0 HK_RANDOM_ENVFROM Envelope sender username looks random
0.0 NSL_RCVD_HELO_USER Received from HELO User
0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source
[186.233.169.6 listed in dnsbl.sorbs.net]
4.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[186.233.169.6 listed in bb.barracudacentral.org]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?197.210.47.226>]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
(mrthstvbbdbdfrr[at]outlook.com)
1.5 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail)
1.5 SUBJ_ALL_CAPS Subject is all capitals
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 LOTS_OF_MONEY Huge... sums of money
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
0.1 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
0.0 T_HK_NAME_FM_MR_MRS No description available.
2.6 MSOE_MID_WRONG_CASE No description available.
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
0.0 BOGUS_MSM_HDRS Apparently bogus Microsoft email headers
0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems
0.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
0.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool
1.4 SPOOFED_FREEM_REPTO Forged freemail sender with freemail reply-to
X-Spam-Flag: YES
Subject: ***SPAM*** ****PAYMENT APPROVAL FROM THE FIDELITY WORLDWIDE INVESTMENT NEW YORK, NY USA.******
FROM: MR. THOMAS STEVENSON.
EXECUTIVE CHAIRMAN, FIDELITY WORLDWIDE INVESTMENT.
Office Address: 350 PARK AVENUE NEW YORK NY, 10022 USA.
Telephone +917 725 3388.
****PAYMENT APPROVAL FROM THE FIDELITY WORLDWIDE INVESTMENT NEW YORK, NY USA.******
Urgent Attention,
I am Mr.Thomas Stevenson, Executive Chairman Fidelity Worldwide Investment New York.
This organization was set up to fight against scam and Fraudulent activities
worldwide. This Group is responsible for investigating the legitimacy of unpaid
contract, inheritance and lotto winning claims by companies and individuals and
directs the paying authorities (Banks) worldwide to make immediate payment of
verified claims to the beneficiaries without further delay.
You are being legally contacted regarding the release of your long awaited fund.
After a detailed review of your file, the United Nation Monetary Unit has been
authorized to release your fund immediately. The sum of US$10,500,000.00; has been
approved in your favor via my desk. This payment will be made via Bank to Bank Wire
Transfer or by Online Banking System.
Be informed that we are working in collaborations with the New United Nations
Secretary General Antonio Guterres. who authorize the immediate payment of your long
awaited fund without any further delay. You are advised to include the followings
below:
(1). Your Full Name,
(2). Direct Telephone Numbers,
(3). Contact Address,
(4). Your Occupation,
age and Marital Status
5). Bank Name and Address.
(6). Account Numbers.
(7). Routing Numbers
(8). Swift Code.
(9). Beneficiary's Name.
Note that the above fund has been cleared from terrorist or fraud related activities.
Thanks for Your Cooperation.
Mr. Thomas Stevenson
Executive, Chairman
Fidelity Worldwide Investment.
Email: [email protected]
Telephone +917 725 3388.
Questions about scams? fraudatiocruor @ gmail.com to contact remove spaces