An
Email with the Subject "hello my dear friend" was
received in one of Scamdex's honeypot email accounts on Thu, 05 May 2011 06:58:02 -0700
and has been classified as a Advance Fee Fraud/419 Scam Email.
The sender shows as "Esther " <easther4one@rediffmail.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
Scam TagCloud
contactmaileasther4real@live.com will god(easther4real@live.com)
NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED
Scam Email Headers
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => scams@scamdex.com
[delivery-date:] => Thu, 05 May 2011 06:58:02 -0700
[received:] => Array
(
[0] => from f4mail-234-118.rediffmail.com ([202.137.234.118] helo=rediffmail.com)by chester.loopbiz.com with smtp (Exim 4.69)(envelope-from )id 1QHz45-0000s3-BYfor scams@scamdex.com; Thu, 05 May 2011 06:58:02 -0700
[1] => (qmail 15894 invoked by uid 510); 5 May 2011 12:58:40 -0000
[2] => from unknown 115.240.11.28 by rediffmail.com via HTTP; 05 May 2011 12:58:28 -0000
)
[comment:] => DomainKeys? See http://antispam.yahoo.com/domainkeys
[domainkey-signature:] => a=rsa-sha1; q=dns; c=nofws; s=redf; d=rediffmail.com; b=iyFp7DceALIBLxpD1D0+oHklOTVF/8hFNeo324+HAZyRmxnpKR1zo/Oint3hwUYTVSE8b76peJL/2tjfan4CDegnJsPfwBD2f10qklbt38Wu+M9C8IdJRvcDA5gCuPs0d4zIzuHMrpf73hmKUD8+YImJ7xtVaHqGdSQJfihvrxI= ;
[x-m-msg:] => asd54ad564ad7aa6sd5as6d5; a6da7d6asas6dasd77; 5dad65ad5sd;
[x-ctch-spam:] => Unknown
[x-ctch-vod:] => Unknown
[x-ctch-flags:] => : 0
[x-ctch-refid:] => str=0001.0A150204.4DC29F2F.011F,ss=1,fgs=0
[date:] => 5 May 2011 12:58:40 -0000
[message-id:] => <20110505125840.15873.qmail@f4mail-234-118.rediffmail.com>
[mime-version:] => 1.0
[reply-to:] => easther4one@rediffmail.com
[to:] => "easther4rea@live.com"
[sender:] => easther4one@rediffmail.com
[subject:] => =?utf-8?B?aGVsbG8gbXkgZGVhciBmcmllbmQ=?=
[from:] => "Esther "
[content-type:] => multipart/alternative;boundary="=_32f905dcaa2dd2998471eaa511c5704c"
[x-spam-subject:] => ***SPAM*** hello my dear friend
[x-spam-status:] => Yes, score=4.7
[x-spam-score:] => 47
[x-spam-bar:] => ++++
[x-spam-report:] => Spam detection software, running on the system "chester.loopbiz.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: How are you? Hope fine?I felt interested to contact you .Iwill really like to know you better. Well my name is Esther. I am 24 yrsof age, single and never been married. I pray to God I will find the kindof Friend I want in you. Here is my email address (easther4real@live.com)YoursEsther, [...] Content analysis details: (4.7 points, 4.0 required)pts rule name description---- ---------------------- ---------------------------------------------------0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, lowtrust[202.137.234.118 listed in list.dnswl.org]0.0 FREEMAIL_FROM Sender email is freemail(easther4one[at]rediffmail.com)-0.0 SPF_HELO_PASS SPF: HELO matches SPF record-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relaydomain-0.0 SPF_PASS SPF: sender matches SPF record0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines1.6 HTML_IMAGE_ONLY_12 BODY: HTML: images with 800-1200 bytes of words0.0 HTML_MESSAGE BODY: HTML included in message0.3 HTML_SHORT_LINK_IMG_2 HTML is very short with a linked image0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay2.8 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain differentfreemails0.0 T_REMOTE_IMAGE Message contains an external image
[x-spam-flag:] => YES
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
I felt interested to contact you .I will really like to know you better. Well my name is Esther. I am 24 yrs of age, single and never been married. I pray to God I will find the kind of Friend I want in you. Here is my email address (easther4real@live.com)
Yours Esther,
Treat yourself at a restaurant, spa, resort and much more with Rediff Deal ho jaye!
How are you? Hope fine?I felt interested to contact you .I will really like to know you better. Well my name is Esther. I am 24 yrs of age, single and never been married. I pray to God I will find the kind of Friend I want in you. Here is my email address (easther4real@live.com)Yours Esther,
Treat yourself at a restaurant, spa, resort and much more with
