by buried under 419s
Return-Path: <[email protected]>
Delivered-To:
Received: from
by with LMTP id sMRFNoFAz1tjEQAAjbubUg
for <>; Tue, 23 Oct 2018 08:38:41 -0700
Return-path: <[email protected]>
Envelope-to:
Delivery-date: Tue, 23 Oct 2018 08:38:41 -0700
Received: from server.sotd.us ([192.163.238.178]:34198)
by with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89)
(envelope-from <[email protected]>)
id 1gEylU-00019D-Ha
for ; Tue, 23 Oct 2018 08:38:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sotd.us;
s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Subject
:From:Reply-To:Sender:Message-ID:To:Cc:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=dSvy6BzoQpT3dWmUtducQ2JDBlXaDbRUoN1DLZ1Vk80=; b=y5P51KpSMpVCGRn/GkGEP11KCk
TFPUQRXtc1BZB9r8kmdbez9eMKT+3/kTlLJo5wMdTSbhyqttlWFl1EYF62azdqTdEkOjufD6Ib41p
Gg5xK7o3PptBJPFI4It1fBk7V;
Received: from [45.35.198.41] (port=61386 helo=User)
by server.sotd.us with esmtpa (Exim 4.91)
(envelope-from <[email protected]>)
id 1gEykh-0005Em-Kf; Tue, 23 Oct 2018 15:37:51 +0000
Reply-To: <[email protected]>
From: "Dip. Albert Morrison"<[email protected]>
Date: Tue, 23 Oct 2018 08:38:05 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.sotd.us
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - oiscepte.net
X-Get-Message-Sender-Via: server.sotd.us: authenticated_id: [email protected]
X-Authenticated-Sender: server.sotd.us: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam-Status: Yes, score=24.1
X-Spam-Score: 241
X-Spam-Bar: ++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Dear Beneficiary It is my pleasure to inform you that YOUR
funds has left today to arrival Indianapolis airport mid afternoon by the
new assigned diplomat incharge . Name: Dip. Albert Morrison [...]
Content analysis details: (24.1 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
0.0 NSL_RCVD_HELO_USER Received from HELO User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.0 MISSING_HEADERS Missing To: header
0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)
1.5 SUBJ_ALL_CAPS Subject is all capitals
0.0 DEAR_BENEFICIARY BODY: Dear Beneficiary:
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[192.163.238.178 listed in bl.score.senderscore.com]
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
1.6 MISSING_MID Missing Message-Id: header
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
1.6 REPLYTO_WITHOUT_TO_CC No description available.
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.5 FAKE_REPLY_C No description available.
0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
0.3 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
3.3 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
X-Spam-Flag: YES
Subject: ***SPAM*** Re: CONTACT THE DIPLOMAT NOW
Dear Beneficiary
It is my pleasure to inform you that YOUR funds has left today to arrival
Indianapolis airport mid afternoon by the new assigned diplomat incharge .
Name: Dip. Albert Morrison
UN Red Cross Representative Diplomatic Agent
E-mail: [email protected]
Mobile phone :+1-317-360-0143
At this point you must show seriousness by receiving this consignment Cash-Box
from the diplomat Indianapolis and I trust that you are a capable to handle this
as your own, knowing that the success of this transaction will change our lives
forever.
Meanwhile you can keep the consignment in any secure place of your choice as soon as
you received the box from the diplomat in Indianapolis and I have not informed any
other person about the content of the box, Except you & only you alone.
Consignment description info:
Consignment (1 box)
Receiver name =
Receiver address=
Contact Phone :
Consignment receiving code: =Un46q8pw0g
Length: =52cm
Height: = 82cm
Breathe: = 52cm
This time I only keep my finger across to you and will not sleep until I receive a
confirmation massage from you that you that you have receive the consignment box
from the diplomat in Indianapolis for our celebration,
The box is registered as your Family Treasure,
Thanks
Mr John Brethren
E-MAIL: [email protected]
Delivered-To:
Received: from
by with LMTP id sMRFNoFAz1tjEQAAjbubUg
for <>; Tue, 23 Oct 2018 08:38:41 -0700
Return-path: <[email protected]>
Envelope-to:
Delivery-date: Tue, 23 Oct 2018 08:38:41 -0700
Received: from server.sotd.us ([192.163.238.178]:34198)
by with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
(Exim 4.89)
(envelope-from <[email protected]>)
id 1gEylU-00019D-Ha
for ; Tue, 23 Oct 2018 08:38:41 -0700
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sotd.us;
s=default; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Date:Subject
:From:Reply-To:Sender:Message-ID:To:Cc:Content-ID:Content-Description:
Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:
In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=dSvy6BzoQpT3dWmUtducQ2JDBlXaDbRUoN1DLZ1Vk80=; b=y5P51KpSMpVCGRn/GkGEP11KCk
TFPUQRXtc1BZB9r8kmdbez9eMKT+3/kTlLJo5wMdTSbhyqttlWFl1EYF62azdqTdEkOjufD6Ib41p
Gg5xK7o3PptBJPFI4It1fBk7V;
Received: from [45.35.198.41] (port=61386 helo=User)
by server.sotd.us with esmtpa (Exim 4.91)
(envelope-from <[email protected]>)
id 1gEykh-0005Em-Kf; Tue, 23 Oct 2018 15:37:51 +0000
Reply-To: <[email protected]>
From: "Dip. Albert Morrison"<[email protected]>
Date: Tue, 23 Oct 2018 08:38:05 -0700
MIME-Version: 1.0
Content-Type: text/plain;
charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - server.sotd.us
X-AntiAbuse: Original Domain -
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - oiscepte.net
X-Get-Message-Sender-Via: server.sotd.us: authenticated_id: [email protected]
X-Authenticated-Sender: server.sotd.us: [email protected]
X-Source:
X-Source-Args:
X-Source-Dir:
X-Spam-Status: Yes, score=24.1
X-Spam-Score: 241
X-Spam-Bar: ++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Dear Beneficiary It is my pleasure to inform you that YOUR
funds has left today to arrival Indianapolis airport mid afternoon by the
new assigned diplomat incharge . Name: Dip. Albert Morrison [...]
Content analysis details: (24.1 points, 7.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
0.0 NSL_RCVD_HELO_USER Received from HELO User
0.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
1.0 MISSING_HEADERS Missing To: header
0.0 T_SPF_PERMERROR SPF: test of record failed (permerror)
1.5 SUBJ_ALL_CAPS Subject is all capitals
0.0 DEAR_BENEFICIARY BODY: Dear Beneficiary:
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[192.163.238.178 listed in bl.score.senderscore.com]
0.0 FSL_NEW_HELO_USER Spam's using Helo and User
1.6 MISSING_MID Missing Message-Id: header
0.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
0.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
1.6 REPLYTO_WITHOUT_TO_CC No description available.
0.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different
freemails
2.1 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.5 FAKE_REPLY_C No description available.
0.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems
1.9 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.0 FROM_MISSP_FREEMAIL From misspaced + freemail provider
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information
0.3 FILL_THIS_FORM_FRAUD_PHISH Answer suspicious question(s)
3.3 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
X-Spam-Flag: YES
Subject: ***SPAM*** Re: CONTACT THE DIPLOMAT NOW
Dear Beneficiary
It is my pleasure to inform you that YOUR funds has left today to arrival
Indianapolis airport mid afternoon by the new assigned diplomat incharge .
Name: Dip. Albert Morrison
UN Red Cross Representative Diplomatic Agent
E-mail: [email protected]
Mobile phone :+1-317-360-0143
At this point you must show seriousness by receiving this consignment Cash-Box
from the diplomat Indianapolis and I trust that you are a capable to handle this
as your own, knowing that the success of this transaction will change our lives
forever.
Meanwhile you can keep the consignment in any secure place of your choice as soon as
you received the box from the diplomat in Indianapolis and I have not informed any
other person about the content of the box, Except you & only you alone.
Consignment description info:
Consignment (1 box)
Receiver name =
Receiver address=
Contact Phone :
Consignment receiving code: =Un46q8pw0g
Length: =52cm
Height: = 82cm
Breathe: = 52cm
This time I only keep my finger across to you and will not sleep until I receive a
confirmation massage from you that you that you have receive the consignment box
from the diplomat in Indianapolis for our celebration,
The box is registered as your Family Treasure,
Thanks
Mr John Brethren
E-MAIL: [email protected]
Questions about scams? fraudatiocruor @ gmail.com to contact remove spaces
