| Current Path : /home/ift/mails/13/ |
Linux ift1.ift-informatik.de 5.4.0-216-generic #236-Ubuntu SMP Fri Apr 11 19:53:21 UTC 2025 x86_64 |
| Current File : //home/ift/mails/13/1476356974.zrspam.133787_2016_10_13 |
From piyrfvmha@blwinsurance.com Thu Oct 13 13:09:34 2016
Return-Path: <piyrfvmha@blwinsurance.com>
X-Original-To: tjungblut@ift-informatik.de
Delivered-To: tjungblut@ift-informatik.de
Received: by ift-informatik.de (Postfix, from userid 5555)
id AA979375251A0; Thu, 13 Oct 2016 13:09:34 +0200 (CEST)
Received: from localhost by h2486555.stratoserver.net
with SpamAssassin (version 3.4.0);
Thu, 13 Oct 2016 13:09:34 +0200
From: "Janine Day" <Day_Tahlia@ameditech.com>
To: tobias.jungblut@ift-informatik.de
Subject: *****SPAM***** Waiting for a F*ckbuddy
Date: Thu, 13 Oct 2016 08:07:31 -0400
Message-Id: <14175897021-ZQQOWNEMXKMIGJMNDZOODAHVS@dns0.ameditech.com>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
h2486555.stratoserver.net
X-Spam-Flag: YES
X-Spam-Level: *******************
X-Spam-Status: Yes, score=19.7 required=5.0 tests=BAYES_99,
CK_HELO_DYNAMIC_SPLIT_IP,DIGEST_MULTIPLE,HELO_DYNAMIC_IPADDR2,HTML_MESSAGE,
HTML_MIME_NO_HTML_TAG,MIME_HTML_ONLY,PYZOR_CHECK,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E8_51_100,RAZOR2_CHECK,RCVD_IN_BL_SPAMCOP_NET,
RCVD_IN_BRBL_LASTEXT,RCVD_IN_RP_RNBL,RCVD_IN_SORBS_DUL,RCVD_IN_XBL,RDNS_NONE,
T_FRT_PROFILE1,T_FRT_PROFILE2,URIBL_BLOCKED,URIBL_JP_SURBL autolearn=spam
autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_57FF6B6E.85A7F21F"
This is a multi-part message in MIME format.
------------=_57FF6B6E.85A7F21F
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "h2486555.stratoserver.net",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: Are you h*rd r1ght now? My BF cheat3d on me and I want to
get back at him by lett1ng a lucky guy f*ck my pu$$y until it's raw. I want
you to record it, too! n0 str1ngs, just hot s*x. vis1t my pr0file to see
my new ph0tos *I hope you like my pictures* [...]
Content analysis details: (19.7 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist
[URIs: 6url.ru]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: 6url.ru]
1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
https://senderscore.org/blacklistlookup/
[172.245.197.194 listed in bl.score.senderscore.com]
0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[172.245.197.194 listed in zen.spamhaus.org]
0.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[172.245.197.194 listed in dnsbl.sorbs.net]
1.4 RCVD_IN_BRBL_LASTEXT RBL: No description available.
[172.245.197.194 listed in bb.barracudacentral.org]
3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
0.0 CK_HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname
(Split IP)
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see <http://www.spamcop.net/bl.shtml?172.245.197.194>]
0.0 T_FRT_PROFILE2 BODY: ReplaceTags: Profile (2)
0.0 T_FRT_PROFILE1 BODY: ReplaceTags: Profile (1)
0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.9 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%
[cf: 100]
1.9 RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level
above 50%
[cf: 100]
1.4 PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/)
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
0.8 RDNS_NONE Delivered to internal network by a host with no rDNS
3.6 HELO_DYNAMIC_IPADDR2 Relay HELO'd using suspicious hostname (IP addr
2)
0.3 DIGEST_MULTIPLE Message hits more than one network digest check
The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.
------------=_57FF6B6E.85A7F21F
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit
Received: from 172-245-197-204-host.colocrossing.com (unknown [172.245.197.194])
by ift-informatik.de (Postfix) with SMTP id E33EA3752519F
for <tobias.jungblut@ift-informatik.de>; Thu, 13 Oct 2016 13:09:31 +0200 (CEST)
Message-ID: <14175897021-ZQQOWNEMXKMIGJMNDZOODAHVS@dns0.ameditech.com>
From: "Janine Day" <Day_Tahlia@ameditech.com>
Subject: Waiting for a F*ckbuddy
To: tobias.jungblut@ift-informatik.de
Date: Thu, 13 Oct 2016 08:07:31 -0400
Mime-Version: 1.0
Content-Type: text/html;
Content-Transfer-Encoding: 7Bit
Are you h*rd r1ght now? My BF cheat3d on me and I want to get back at him by lett1ng a lucky guy f*ck my pu$$y until it's raw. <br>I want you to record it, too! n0 str1ngs, just hot s*x. vis1t my pr0file to see my new ph0tos <a href="http://6url.ru/jlZR">*I hope you like my pictures*</a>
------------=_57FF6B6E.85A7F21F--