File: /home/govancoz/mail/.spam/new/1700113971.M720352P3153869.zacp120.ve.host,S=6524,W=6639
Return-Path: <shaf1ali@hotmail.com>
Delivered-To: govancoz+spam@zacp120.ve.host
Received: from zacp120.ve.host
by zacp120.ve.host with LMTP
id ePGOKjOuVWXNHzAAvcbEzQ
(envelope-from <shaf1ali@hotmail.com>)
for <govancoz+spam@zacp120.ve.host>; Thu, 16 Nov 2023 07:52:51 +0200
Return-path: <shaf1ali@hotmail.com>
Envelope-to: cheryl@govan.co.za
Delivery-date: Thu, 16 Nov 2023 07:52:51 +0200
Received: from [72.252.201.215] (port=53634 helo=hotmail.com)
by zacp120.ve.host with esmtp (Exim 4.96.2)
(envelope-from <shaf1ali@hotmail.com>)
id 1r3VJ2-00DEMa-1W
for cheryl@govan.co.za;
Thu, 16 Nov 2023 07:52:51 +0200
Reply-To: rickthomasaa10@hotmail.com
From: "HEDGE FUND MANAGER" <shaf1ali@hotmail.com>
To: cheryl@govan.co.za
Date: 16 Nov 2023 00:54:11 -0400
Message-ID: <20231116005411.5E32CCFA67F0F67A@hotmail.com>
MIME-Version: 1.0
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable
X-Spam-Status: Yes, score=45.5
X-Spam-Score: 455
X-Spam-Bar: +++++++++++++++++++++++++++++++++++++++++++++
X-Spam-Report: Spam detection software, running on the system "zacp120.ve.host",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: From Rick Thomas Reply-to: rickthomasaa10@hotmail.com Subject:
Rick Thomas (A-Z Hedge Fund Organization) Hi Dear, I’m Rick Thomas and
I am an accountant. I have an over-invoiced account in the office where I
work and the amount involved is $500,000,000 USD (Five Hundred Million US
Dollars). I want to partner wi [...]
Content analysis details: (45.5 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
4.7 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[72.252.201.215 listed in zen.spamhaus.org]
3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
1.3 RCVD_IN_VALIDITY_RPBL RBL: Relay in Validity RPBL,
https://senderscore.org/blocklistlookup/
[72.252.201.215 listed in bl.score.senderscore.com]
1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see <https://www.spamcop.net/bl.shtml?72.252.201.215>]
2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
[72.252.201.215 listed in psbl.surriel.com]
1.5 NA_DOLLARS BODY: Talks about a million North American dollars
1.4 FSL_HELO_FAKE No description available.
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[rickthomasaa10[at]hotmail.com]
0.5 SUBJ_ALL_CAPS Subject is all capitals
4.0 SPF_FAIL SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=shaf1ali%40hotmail.com;ip=72.252.201.215;r=zacp120.ve.host]
4.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=helo;id=hotmail.com;ip=72.252.201.215;r=zacp120.ve.host]
0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail
provider
[shaf1ali[at]hotmail.com]
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.2 KAM_DMARC_NONE DKIM has Failed or SPF has failed on the message
and the domain has no DMARC policy
0.0 LOTS_OF_MONEY Huge... sums of money
2.0 RDNS_NONE Delivered to internal network by a host with no rDNS
2.0 PDS_HELO_SPF_FAIL High profile HELO that fails SPF
0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict
Alignment
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.8 PDS_HP_HELO_NORDNS High profile HELO with no sender rDNS
2.5 KAM_NIGERIAN Nigerian Scam and Variants
0.0 SPOOFED_FREEMAIL_NO_RDNS From SPOOFED_FREEMAIL and no rDNS
2.2 MONEY_FREEMAIL_REPTO Lots of money from someone using free
email?
1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain
different freemails
2.0 TO_NO_BRKTS_NORDNS_HTML To: lacks brackets and no rDNS and HTML
only
0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal
information
0.8 SPOOFED_FREEM_REPTO Forged freemail sender with freemail
reply-to
2.5 MONEY_FORM_SHORT Lots of money if you fill out a short form
1.6 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
0.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
2.5 FORM_FRAUD_5 Fill a form and many fraud phrases
X-Spam-Flag: YES
Subject: ***SPAM*** Re: CONTACT ME URGENTLY FOR A LIFE TIME OPPORTUNITY!
<html><head>
<meta name=3D"GENERATOR" content=3D"MSHTML 11.00.9600.19431">
<meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
</head>
<body><p>From Rick Thomas<br>Reply-to: <a href=3D"mailto:rickthomasaa10@hot=
mail.com">rickthomasaa10@hotmail.com</a><br>Subject: Rick Thomas (A-Z Hedge=
Fund Organization)</p><p>Hi Dear,</p><p>
I’m Rick Thomas and I am an accountant. I have an over-invo=
iced account in the office where I work and the amount involved is $50=
0,000,000 USD (Five Hundred Million US Dollars). I want to partne=
r with you to move this funds to any account you will provide then I will m=
eet with you after the fund is transferred so we can invest in your country=
=2E</p><p>In order to proceed I want you to send me the following details;<=
/p><p>1. YOUR NAME_________</p><p>2. AGE________</p>
<p>3. COUNTRY/NATIONALITY_________</p><p>
4. COUNTRY NOW RESIDING_________</p><p><br>NOTE: There will be no phone cal=
l during the time of transaction. This is for security reasons.</p><p>Kindl=
y get back to me quickly for this great opportunity of a lifetime. </p><p>Y=
ours Faithfully,<br>Rick Thomas<br>Hedge Fund Manager<br>A-Z Hedge Fund Org=
anization<br>Email: <a href=3D"mailto:rickthomasaa10@hotmail.com">rickthoma=
saa10@hotmail.com</a></p></body></html>