Scam TagCloud

Scam Email Headers

This a (redacted) view of the raw email headers of this scam email. Personally Identifiable Information (PII) has been suppressed, but can be supplied as received to appropriate investigating or law enforcement agencies on request.

EEEEEstdClass Object ( [return-path:] => [envelope-to:] => submitted@scamdex.com [delivery-date:] => Tue, 09 Jul 2013 23:13:48 -0700 [received:] => Array ( [0] => from f5mail-224-168.rediffmail.com ([114.31.224.168]:52674 helo=rediffmail.com)by lester.newsblaze.com with smtp (Exim 4.80.1)(envelope-from )id 1Uwneq-0005MI-EWfor submitted@scamdex.com; Tue, 09 Jul 2013 23:13:48 -0700 [1] => (qmail 11459 invoked by uid 510); 10 Jul 2013 06:13:38 -0000 [2] => from unknown 115.242.71.45 by rediffmail.com via HTTP; 10 Jul 2013 06:13:37 -0000 ) [comment:] => DomainKeys? See http://antispam.yahoo.com/domainkeys [domainkey-signature:] => a=rsa-sha1; q=dns; c=nofws; s=redf; d=rediffmail.com; b=Jcc4j48MMdO2IW7/sKR3rYvGaO4WBR8RLUTjlco/fuEG1MXRuK8zwKh9fwXwMPXvaOoBj20IQWvFiSLSTzcLBc69Zixl3ejXBcIRSqm9bRV6kQE16/Z3CVbcZQEXNiduFqAnqbamqxVwpLVOn7b4evnd8OFoeNEa+RZyVDy2KSU= ; [x-m-msg:] => asd54ad564ad7aa6sd5as6d5; a6da7d6asas6dasd77; 5dad65ad5sd; [x-ctch-spam:] => Unknown [x-ctch-vod:] => Unknown [x-ctch-flags:] => : 0 [x-ctch-refid:] => str=0001.0A150203.51DCFB91.0393,ss=1,re=-15.000,vtr=str,vl=0,fgs=0 [x-redf-osen:] => tricaruk9@rediffmail.com [date:] => 10 Jul 2013 06:13:37 -0000 [message-id:] => <20130710061337.11352.qmail@f5mail-224-168.rediffmail.com> [mime-version:] => 1.0 [to:] => "toyota-redemption@hotmail.com" [sender:] => tricaruk9@rediffmail.com [subject:] => =?utf-8?B?Q09OR1JBVFVMQVRJT05T?= [from:] => "TOYOTA CARBOARD" [content-type:] => multipart/mixed;boundary="=_6093112e2f5948d21a5bcae10965cd93" [x-spam-status:] => No, score=1.6 [x-spam-score:] => 16 [x-spam-bar:] => + [x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seeroot\@localhost for details.Content preview: CONGRATULATIONS Your email address is among the Lucky winners in the TOYOTA AUTOMOBILE COMPANY PROMO 2013.UK, Kindly open the attached file to see details from TOYOTA CONGRATULATIONS [...] Content analysis details: (1.6 points, 4.0 required) pts rule name description---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: rediffmail.com] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (tricaruk9[at]rediffmail.com)-0.0 SPF_HELO_PASS SPF: HELO matches SPF record-0.0 SPF_PASS SPF: sender matches SPF record-0.3 RP_MATCHES_RCVD Envelope sender domain matches handover relay domain 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (tricaruk9[at]rediffmail.com) 1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to background-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay 0.1 HTML_SHORT_LINK_IMG_1 HTML is very short with a linked image 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines 0.0 T_REMOTE_IMAGE Message contains an external image 0.0 T_FREEMAIL_DOC_PDF MS document or PDF attachment, from freemail [x-spam-flag:] => NO )

Community Action - SPAM/non-Scam Report

Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.

Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not be in our database.
Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or SPAM, via unpublished 'Honeypot' email addresses.