From ztbjcggsjw at sina.com Sat Mar 16 05:46:48 2024 From: ztbjcggsjw at sina.com ('' Zhang Cheng '') Date: 16 Mar 2024 05:46:48 -0700 Subject: [Kgs-contact] {GM=194}...Is this your email address: kgs-contact@simtk.org ? Message-ID: <20240316054648.EBEA43EC1D8C2920@sina.com> Spam detection software, running on the system "simtk-server.stanford.edu", has identified this incoming email as possible spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: 14th of March, 2024. Good-day to you, My name is Zhang Cheng (Mr.) a wealth manager with an investment house; i am sending you this email to your email address: kgs-contact at simtk.org , as i had previously sent you a letter by post to your [...] Content analysis details: (23.8 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: simtk.org] 0.0 HK_SCAM_N2 BODY: No description available. 0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 0.0 HK_RANDOM_ENVFROM Envelope sender username looks random 1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net [Blocked - see ] 0.1 RCVD_IN_SBL RBL: Received via a relay in Spamhaus SBL [194.169.175.140 listed in zen.spamhaus.org] 0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS 2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL [194.169.175.140 listed in psbl.surriel.com] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [194.169.175.140 listed in wl.mailspike.net] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [194.169.175.140 listed in bl.score.senderscore.com] 0.0 SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=helo;id=sina.com;ip=194.169.175.140;r=simtk-server.stanford.edu] 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit (zhangcheng45[at]sina.com) 0.0 SPF_FAIL SPF: sender does not match SPF record (fail) [SPF failed: Please see http://www.openspf.org/Why?s=mfrom;id=ztbjcggsjw%40sina.com;ip=194.169.175.140;r=simtk-server.stanford.edu] 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (ztbjcggsjw[at]sina.com) 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 RCVD_IN_MSPIKE_BL Mailspike blacklisted 0.2 FREEMAIL_DISPTO Disposition-Notification-To/From or Disposition-Notification-To/body contain different freemails 0.0 RCVD_IN_MSPIKE_ZBI No description available. 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different freemails 1.0 TO_NO_BRKTS_NORDNS_HTML To: lacks brackets and no rDNS and HTML only 1.0 SPOOFED_FREEM_REPTO_CHN Forged freemail sender with Chinese freemail reply-to 2.5 SPOOFED_FREEM_REPTO Forged freemail sender with freemail reply-to 2.4 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419) The original message was not completely plain text, and may be unsafe to open with some email clients; in particular, it may contain a virus, or confirm that your address can receive spam. If you wish to view it, it may be safer to save it to a file and open it with an editor. -------------- next part -------------- An embedded message was scrubbed... From: '' Zhang Cheng '' Subject: {GM=194}...Is this your email address: kgs-contact at simtk.org ? Date: 16 Mar 2024 05:46:48 -0700 Size: 1883 URL: