Scam TagCloud

Scam Email Headers

EEEEEstdClass Object ( [return-path:] => [envelope-to:] => scams@scamdex.com [delivery-date:] => Tue, 12 Apr 2011 16:41:16 -0700 [received:] => Array ( [0] => from f4mail-235-143.rediffmail.com ([202.137.235.143] helo=rediffmail.com)by chester.loopbiz.com with smtp (Exim 4.69)(envelope-from )id 1Q9nCt-00056e-1Gfor scams@scamdex.com; Tue, 12 Apr 2011 16:41:16 -0700 [1] => (qmail 6434 invoked by uid 510); 12 Apr 2011 21:35:18 -0000 [2] => from unknown 82.128.80.17 by rediffmail.com via HTTP; 12 Apr 2011 21:35:13 -0000 ) [comment:] => DomainKeys? See http://antispam.yahoo.com/domainkeys [domainkey-signature:] => a=rsa-sha1; q=dns; c=nofws; s=redf; d=rediffmail.com; b=vZ8HABKB7ECXSCFJwfPL+DulCbBbfdf5kezi3H5YrOsRcYIq/hhGga0SdYfmWmlRebrk387zB3Ucpkt+1tPteJS7a48JOHSpmEYTeyoO4ClmdKwXapUVPuk3y3tyhpGGEi2iXvxRum6Sh9wN85T2WNsn2U2CtpfFZ+e5qNTBYp4= ; [x-ctch-spam:] => Unknown [x-ctch-vod:] => Unknown [x-ctch-flags:] => : 0 [x-ctch-refid:] => str=0001.0A150204.4DA4C5B5.002F,ss=1,pt=DBB_66871,fgs=0 [date:] => 12 Apr 2011 21:35:17 -0000 [message-id:] => <20110412213517.6427.qmail@f4mail-235-143.rediffmail.com> [mime-version:] => 1.0 [reply-to:] => thomasallen4@rediffmail.com [to:] => "thomasallen4@rediffmail.com" [sender:] => thomasallen4@rediffmail.com [subject:] => =?utf-8?B?Q2FuIEkgdHJ1c3QgeW91Pw==?= [from:] => "Thomas Allen" [content-type:] => multipart/alternative;boundary="=_8de245f10674e8501ad5ff0615d2195d" [x-spam-status:] => No, score=3.5 [x-spam-score:] => 35 [x-spam-bar:] => +++ [x-ham-report:] => Spam detection software, running on the system "chester.loopbiz.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: Dear Friend,My name is Sergent Thomas Allen. I am an Americansoldier presently on active service with Squadron battalion here in Afghanistan.I served with the Third Infantry Division in Iraq since 2003, before thousandof my lucky colleagues were pulled out in August last year, leaving my superiorand myself among the unlucky ones redeployed to Afghanistan where I am servingpresently. During my call to duty in Iraq, my superior and I moved US$25million(Twenty five million US dollars) being part of funds recovered from lateSaddam Hussein during a search in one of his palaces in 2003. Through theassistance of a Senior Red Cross Delegate to Iraq, this fund has been safelymoved out of Iraq to a secured locationBasically, since my superior and Iare still on active service, we can not continue to keep these funds in thesecured location due to a classified information we received from our "ContactPerson" where the funds are deposited. Hence my Superior Officer has authorisedme to look for a reliable and trustworthy person that could assist us toretrieve the funds immediately for investment placements. This is why I amsending this mail to you, seeking your urgent intervention and assistance.Onceyou retrieve the funds, you shall take 30% of it which from our calculationis US$7.5million, 5% of it set aside for expenses while my superior and Ishall require your candid assistance to place the remaining 65% in a goodinvestment platform in your country on our behalf. Due to my call of dutyhere coupled with the secret nature of this transaction, I prefer you communicatewith me through email at the moment.If you know you could keep this transactionvery secret, please get back to meRespectfully submitted,Sergent Thomas Allen[...] Content analysis details: (3.5 points, 4.0 required)pts rule name description---- ---------------------- ---------------------------------------------------2.0 NA_DOLLARS BODY: Talks about a million North American dollars0.0 FREEMAIL_FROM Sender email is freemail(thomasallen4[at]rediffmail.com)-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, lowtrust[202.137.235.143 listed in list.dnswl.org]-0.0 SPF_HELO_PASS SPF: HELO matches SPF record-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relaydomain-0.0 SPF_PASS SPF: sender matches SPF record2.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends indigit (thomasallen4[at]rediffmail.com)0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines-3.0 DEAR_FRIEND BODY: Dear Friend? That's not very dear!1.3 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words0.0 HTML_MESSAGE BODY: HTML included in message0.0 LOTS_OF_MONEY Huge... sums of money0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay0.0 T_REMOTE_IMAGE Message contains an external image1.5 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)0.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)0.0 T_MONEY_PERCENT X% of a lot of money for you0.5 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money1.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money0.5 MONEY_FRAUD_5 Lots of money and many fraud phrases1.0 MONEY_FRAUD_3 Lots of money and several fraud phrases [x-spam-flag:] => NO )

Community Action - SPAM/non-Scam Report

Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.

Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not be in our database.
Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or SPAM, via unpublished 'Honeypot' email addresses.