Created
August 10, 2015 22:03
-
-
Save marcusklaas/d81999a1b1738e48387a to your computer and use it in GitHub Desktop.
spam analysis by spamassassin
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Return-Path: <[email protected]> | |
X-Original-To: [email protected] | |
Delivered-To: [email protected] | |
Received: by marcusklaas.nl (Postfix, from userid 1005) | |
id 80A981A0330; Mon, 10 Aug 2015 23:34:32 +0200 (CEST) | |
Received: from localhost by VBND001.cs1local | |
with SpamAssassin (version 3.4.0); | |
Mon, 10 Aug 2015 23:34:32 +0200 | |
From: "MICHAEL SMITH"<[email protected]> | |
To: undisclosed-recipients:; | |
Subject: [***** SPAM 63.6 *****] Re:reply | |
Date: Mon, 10 Aug 2015 17:34:08 -0400 | |
Message-Id: <[email protected]> | |
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on VBND001.cs1local | |
X-Spam-Flag: YES | |
X-Spam-Level: ************************************************** | |
X-Spam-Status: Yes, score=63.6 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY, | |
ADVANCE_FEE_3_NEW,ADVANCE_FEE_3_NEW_MONEY,ADVANCE_FEE_4_NEW, | |
ADVANCE_FEE_4_NEW_MONEY,ADVANCE_FEE_5_NEW,ADVANCE_FEE_5_NEW_MONEY, | |
AXB_XMAILER_MIMEOLE_OL_024C2,FAKE_REPLY_C,FORGED_MUA_OUTLOOK, | |
FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FREEMAIL_FROM,FROM_MISSPACED, | |
FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_TO_UNDISC, | |
FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_MISSP_REPLYTO,FSL_NEW_HELO_USER, | |
HTML_MESSAGE,LOTS_OF_MONEY,MILLION_USD,MIME_HTML_ONLY,MONEY_FRAUD_3, | |
MONEY_FRAUD_5,MONEY_FROM_MISSP,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER, | |
RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_PSBL,RCVD_IN_SORBS_HTTP, | |
RCVD_IN_SORBS_SOCKS,RCVD_IN_SORBS_WEB,T_FROM_MISSP_DKIM,T_MONEY_PERCENT, | |
URIBL_BLOCKED autolearn=spam autolearn_force=no version=3.4.0 | |
MIME-Version: 1.0 | |
Content-Type: multipart/mixed; boundary="----------=_55C918E8.D8C23729" | |
This is a multi-part message in MIME format. | |
------------=_55C918E8.D8C23729 | |
Content-Type: text/plain; charset=iso-8859-1 | |
Content-Disposition: inline | |
Content-Transfer-Encoding: 8bit | |
Spam detection software, running on the system "VBND001.cs1local", | |
has identified this incoming email as possible spam. The original | |
message has been attached to this so you can view it or label | |
similar future email. If you have any questions, see | |
@@CONTACT_ADDRESS@@ for details. | |
Content preview: Good Day, I know that as you read this email, it will come | |
to you as surprise and a lot will go through your mind because we have not | |
met or seen each other before but i want you to know that this email is for | |
you as i have the feeling that we are meant to do this together. Let me introduce | |
myself, my name is Michael Smith and I want you to assist me to received | |
my late client funds of (Ten Million Five Hundred Thousand United States Dollars) | |
for Investment purpose in your country and am willing to offer you 40% of | |
the total sum for your great support. You might also wonder how i got your | |
contact, I got it through the internet when i was looking for a trust worthy | |
person i can trust to handle this project. This offer is 100% genuine and | |
risk free. kindly indicate your interest by given me your direct Cell Phone | |
Number and reply me to [email protected] [...] | |
Content analysis details: (63.6 points, 5.0 required) | |
pts rule name description | |
---- ---------------------- -------------------------------------------------- | |
2.5 MILLION_USD BODY: Talks about millions of dollars | |
3.1 NSL_RCVD_FROM_USER Received from User | |
4.5 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam | |
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. | |
See | |
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block | |
for more information. | |
[URIs: mail.kz] | |
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL | |
[181.119.18.162 listed in psbl.surriel.com] | |
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net | |
[Blocked - see <http://www.spamcop.net/bl.shtml?119.28.7.13>] | |
0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server | |
[119.28.7.13 listed in dnsbl.sorbs.net] | |
2.5 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server | |
2.4 RCVD_IN_SORBS_SOCKS RBL: SORBS: sender is open SOCKS proxy server | |
0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL | |
was blocked. See | |
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block | |
for more information. | |
[181.119.18.162 listed in list.dnswl.org] | |
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider | |
(mail.box04[at]bol.com.br) | |
0.0 HTML_MESSAGE BODY: HTML included in message | |
1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts | |
2.5 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to | |
0.7 FROM_MISSP_USER From misspaced, from "User" | |
2.3 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool | |
0.0 LOTS_OF_MONEY Huge... sums of money | |
2.2 AXB_XMAILER_MIMEOLE_OL_024C2 No description available. | |
4.5 FROM_MISSP_TO_UNDISC From misspaced, To undisclosed | |
0.8 FSL_NEW_HELO_USER No description available. | |
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only | |
3.4 MSOE_MID_WRONG_CASE No description available. | |
0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format | |
0.0 FAKE_REPLY_C No description available. | |
1.7 MONEY_FROM_MISSP Lots of money and misspaced From | |
0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable | |
1.3 FROM_MISSP_REPLYTO From misspaced, has Reply-To | |
1.2 FROM_MISSPACED From: missing whitespace | |
0.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419) | |
0.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419) | |
0.0 T_MONEY_PERCENT X% of a lot of money for you | |
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook | |
0.0 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419) | |
2.2 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money | |
1.5 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money | |
4.3 MONEY_FRAUD_5 Lots of money and many fraud phrases | |
4.3 FROM_MISSP_FREEMAIL From misspaced + freemail provider | |
0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money | |
4.4 MONEY_FRAUD_3 Lots of money and several fraud phrases | |
2.3 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money | |
The original message was not completely plain text, and may be unsafe to | |
open with some email clients; in particular, it may contain a virus, | |
or confirm that your address can receive spam. If you wish to view | |
it, it may be safer to save it to a file and open it with an editor. | |
------------=_55C918E8.D8C23729 | |
Content-Type: message/rfc822; x-spam-type=original | |
Content-Description: original message before SpamAssassin | |
Content-Disposition: attachment | |
Content-Transfer-Encoding: 8bit | |
Received: from mail.nuva.com.ar (mail.nuva.com.ar [181.119.18.162]) | |
by marcusklaas.nl (Postfix) with ESMTPS id 331971A02F7 | |
for <[email protected]>; Mon, 10 Aug 2015 23:34:29 +0200 (CEST) | |
Received: from localhost (unknown [127.0.0.1]) | |
by mail.nuva.com.ar (Postfix) with ESMTP id 208F72EFD0C; | |
Mon, 10 Aug 2015 21:42:53 +0000 (UTC) | |
X-Virus-Scanned: amavisd-new at example.com | |
Received: from mail.nuva.com.ar ([127.0.0.1]) | |
by localhost (v0303.baehost.com.ar [127.0.0.1]) (amavisd-new, port 10024) | |
with ESMTP id lZZ4b-TTI57U; Mon, 10 Aug 2015 18:42:39 -0300 (ART) | |
Received: from User (unknown [119.28.7.13]) | |
(Authenticated sender: [email protected]) | |
by mail.nuva.com.ar (Postfix) with ESMTPA id B8FD42EFCEC; | |
Mon, 10 Aug 2015 18:41:53 -0300 (ART) | |
Reply-To: <[email protected]> | |
From: "MICHAEL SMITH"<[email protected]> | |
Subject: Re:reply | |
Date: Mon, 10 Aug 2015 17:34:08 -0400 | |
MIME-Version: 1.0 | |
Content-Type: text/html; | |
charset="Windows-1251" | |
Content-Transfer-Encoding: 7bit | |
X-Priority: 3 | |
X-MSMail-Priority: Normal | |
X-Mailer: Microsoft Outlook Express 6.00.2600.0000 | |
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 | |
Message-Id: <[email protected]> | |
To: undisclosed-recipients:; | |
<HTML><HEAD><TITLE></TITLE> | |
</HEAD> | |
<BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5> | |
<FONT size=2 color=#000000 face="Arial"> | |
<DIV> | |
Good Day,</DIV> | |
<DIV> | |
I know that as you read this email, it will come to you as surprise and a lot will go through your mind because we have not met or seen each other before but i want you to know that this email is for you as i have the feeling that we are meant to do this together. Let me introduce myself, my name is Michael Smith and I want you to assist me to received my late client funds of (Ten Million Five Hundred Thousand United States Dollars) for Investment purpose in your country and am willing to offer you 40% of the total sum for your great support. You might also wonder how i got your contact, I got it through the internet when i was looking for a trust worthy person i can trust to handle this project. This offer is 100% genuine and risk free. kindly indicate your interest by given me your direct Cell Phone Number and reply me to [email protected]</DIV> | |
<DIV> | |
Michael Smith</DIV> | |
<DIV> | |
</DIV> | |
</FONT> | |
</BODY></HTML> | |
------------=_55C918E8.D8C23729-- |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment