[Kgs-contact] Action Required: Update your payment information now

Microsoft Online Services Team maccount at microsoft.com
Tue Dec 8 06:11:27 PST 2020 

Spam detection software, running on the system "simtk-server.stanford.edu",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview:    Your payment has been declined. Please update your payment
   information now. YOUR INVOICE/PAYMENT FORM Our records indicate that the
  payment method you used to purchase Microsoft 365 Apps for busine [...] 

Content analysis details:   (14.0 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 3.3 RCVD_IN_SBL_CSS        RBL: Received via a relay in Spamhaus SBL-CSS
                            [185.160.226.154 listed in zen.spamhaus.org]
 3.3 RCVD_IN_PBL            RBL: Received via a relay in Spamhaus PBL
 0.4 RCVD_IN_XBL            RBL: Received via a relay in Spamhaus XBL
 1.2 URIBL_ABUSE_SURBL      Contains an URL listed in the ABUSE SURBL
                            blocklist
                            [URIs: justdatarecovery.com]
 1.3 RCVD_IN_RP_RNBL        RBL: Relay in RNBL,
                            https://senderscore.org/blacklistlookup/
                          [185.160.226.154 listed in bl.score.senderscore.com]
 0.0 SPF_FAIL               SPF: sender does not match SPF record (fail)
[SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=olmecbtu2%40smtpi.msn.com;ip=185.160.226.154;r=simtk-server.stanford.edu]
 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
                            mail domains are different
 0.0 HTML_FONT_SIZE_LARGE   BODY: HTML font size is large
 0.8 BAYES_50               BODY: Bayes spam probability is 40 to 60%
                            [score: 0.5000]
 0.0 HTML_MESSAGE           BODY: HTML included in message
 0.8 RDNS_NONE              Delivered to internal network by a host with no rDNS
 2.3 FORGED_MUA_MOZILLA     Forged mail pretending to be from Mozilla
 0.2 HELO_MISC_IP           Looking for more Dynamic IP Relays

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.

-------------- next part --------------
An embedded message was scrubbed...
From: Microsoft Online Services Team <maccount at microsoft.com>
Subject: Action Required: Update your payment information now
Date: Tue, 8 Dec 2020 16:11:27 +0200
Size: 9160
URL: <https://simtk.org/pipermail/kgs-contact/attachments/20201208/47fcf707/attachment.mht>

More information about the Kgs-contact mailing list