Scam Reporting, Email Scams, Internet Fraud, ID Theft and Phishing Resource

Scam TagCloud

bank contact account internet access legal online bank nrabo bank ach

NO CHART DATA - EMAIL HAS NOT YET BEEN ANALYSED

Scam Email Headers

This a (redacted) view of the raw email headers of this scam email. Personally Identifiable Information (PII) has been suppressed, but can be supplied as received to appropriate investigating or law enforcement agencies on request.

EEEEEstdClass Object ( [return-path:] => [envelope-to:] => mxw@betheney.com [delivery-date:] => Wed, 21 Aug 2013 09:12:47 -0700 [received:] => Array ( [0] => from [37.9.172.240] (port=39919 helo=mailout-spm-1.websupport.sk)by lester.newsblaze.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256)(Exim 4.80.1)(envelope-from )id 1VCB1Z-0001se-Imfor mxw@betheney.com; Wed, 21 Aug 2013 09:12:47 -0700 [1] => from lb2.websupport.sk (localhost [127.0.0.1])by smtp-cf.websupport.sk (Postfix) with ESMTP id 64FBF100719F;Wed, 21 Aug 2013 18:11:38 +0200 (CEST) [2] => from roundcube.websupport.sk (thor.websupport.sk [195.210.28.15])(Authenticated sender: giraltovce@rimkat.sk)by mail1.websupport.sk (Postfix) with ESMTPA;Wed, 21 Aug 2013 18:11:26 +0200 (CEST) [3] => from [41.138.190.58]via [41.138.190.58]by mail.rimkat.skwith HTTP (HTTP/1.1 POST); Wed, 21 Aug 2013 18:11:26 +0200 ) [mime-version:] => 1.0 [content-type:] => multipart/alternative;boundary="=_1e33fe1175ca1ad94772cd03fd0c6bad" [date:] => Wed, 21 Aug 2013 09:11:26 -0700 [from:] => Rabobank [to:] => undisclosed-recipients:; [subject:] => Rabobank Alert - Uw Internet Bankieren op =?UTF-8?Q?slot=E2=80=8F?==?UTF-8?Q?=E2=80=8F=E2=80=8F=E2=80=8F=E2=80=8F=E2=80=8F?= [message-id:] => <27fe37343753f53abb691e812c096a4f@rimkat.sk> [x-sender:] => jenkovce@rimkat.sk [user-agent:] => RoundCube Webmail/0.5.2 [x-virus-checked:] => Checked by ClamAV on lb2.websupport.sk [dkim-signature:] => v=1; a=rsa-sha256; c=relaxed/relaxed; d=rimkat.sk; s=mail;t=1377101508; bh=ytSz6Q0EdTpS0hzlKHFJF23n1rYzRYnqoeu1afER1TE=;h=Date:From:To:Subject;b=tsXIRzQnmM2mxAPbBu7nPMQ1gvWMvkMJm38VTwqzORYcgGZ+T2KTGe7TRvgSPWfs5 dkNovRvJDn6BGHbVyldlP6KLM4AWl5IkQ5wZ1z9T+ycjgN6PVVlFfD16Weaxo/VDBi E0lpQyCEXaqVdaff41E1j8oiExjmjnr27lhOJL10= [x-spam-status:] => No, score=3.3 [x-spam-score:] => 33 [x-spam-bar:] => +++ [x-ham-report:] => Spam detection software, running on the system "lester.newsblaze.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seeroot\@localhost for details.Content preview: [1] Rabo Bank Geachte klant, Uit onze gegevens blijkt dat er recentelijk een derde partij/illegale binnenkomst op uw Online Rabobank/Account is vast gesteld. De beveiliging van uw account is onze primaire zorg, daarom hebben we besloten om de actieve toegang tot je account te beperken. Om actieve toegang tot uw Online Rabobank/Account te kunnen handhaven, meldt u zich zo snel mogelijk via de link hieronder om toegang tot uw rekening te behouden. [...] Content analysis details: (3.3 points, 5.0 required) pts rule name description---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: gstatic.com] 0.6 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist [URIs: bobrablinksenupds.co] 1.4 RCVD_IN_BRBL_LASTEXT RBL: RCVD_IN_BRBL_LASTEXT [37.9.172.240 listed in bb.barracudacentral.org] 0.8 SPF_NEUTRAL SPF: sender does not match SPF record (neutral)-1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] 1.6 HTML_IMAGE_ONLY_24 BODY: HTML: images with 2000-2400 bytes of words 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 T_KHOP_FOREIGN_CLICK T_KHOP_FOREIGN_CLICK-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.8 RDNS_NONE Delivered to internal network by a host with no rDNS 0.0 T_REMOTE_IMAGE Message contains an external image [x-spam-flag:] => NO )

Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'

Community Action - SPAM/non-Scam Report

Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.

Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not be in our database.
Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or SPAM, via unpublished 'Honeypot' email addresses.

Read about Email Copyright | Removal Policy | Privacy Policy

The Scamdex Scam Email Archive X

Scam TagCloud

Scam Email Headers

Community Action - SPAM/non-Scam Report

Scam Email Removal Request

Scamdex Scam Resources and Archive