[nmglug] Spam question additional
Brian O'Keefe
okeefe at cybermesa.com
Thu Jun 2 11:03:11 PDT 2022
Hi All,
I checked the message source on one of the spam emails and got this
which seems more than suspicious. Maybe I need to change my security
preferences.
From - Thu Jun 2 11:12:43 2022
X-Account-Key: account4
X-UIDL: UID365990-1240367566
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <MAILER-DAEMON>
Delivered-To:okeefe at cybermesa.com
Received: from pmg-001.cybermesa.com (smtp-in.cybermesa.com [65.19.2.51])
by smtp-in-006.cybermesa.com (Postfix) with ESMTPS id 5BEF9C0E9E
for<okeefe at cybermesa.com>; Thu, 2 Jun 2022 05:47:28 -0600 (MDT)
Received: from pmg-001.cybermesa.com (localhost.localdomain [127.0.0.1])
by pmg-001.cybermesa.com (Proxmox) with ESMTP id 4D17C52008A
for<okeefe at cybermesa.com>; Thu, 2 Jun 2022 05:47:28 -0600 (MDT)
Received: from pilottoviaggi.com (unknown [89.32.41.152])
by pmg-001.cybermesa.com (Proxmox) with ESMTP id 90263520089
for<okeefe at cybermesa.com>; Thu, 2 Jun 2022 05:47:27 -0600 (MDT)
Received: from 10.197.36.138
by atlas108.aol.mail.bf1.yahoo.com with HTTPS; Fri, 13 May 2026 09:57:26 +0000
X-Originating-Ip: [209.85.221.42]
Received-SPF: pass (domain of gmail.com designates 209.85.221.42 as permitted sender)
Authentication-Results: atlas108.aol.mail.bf1.yahoo.com;
dkim=passheader.i=@gmail.com header.s=20210112;
spf=pass smtp.mailfrom=gmail.com;
dmarc=pass(p=NONE,sp=QUARANTINE) header.from=gmail.com;
X-Apparently-To:okeefe at cybermesa.com; Fri, 13 May 2026 09:57:26 +0000
X-YMailAVSC: 9bu5NVU3bBvL1AGHBmn.v9ZA3l5suZareI2UB07dq4E5E0Y
cUyFisabDaOIUd093svieeH7pW53fKBlYMRCu9XwPQmGBclPTiGJBl9SfNza
x4Is_E8pzLn2sQ4OjyJV6RWkOXcb0wZXWWzmt_WswlqShcUAoqyR2eE5.hYL
3716ltxpjn4fPv5IXF1LHt2XnhcFjO2gEN_dDB_RzTfhOzeSFyzAaZ.qBf6C
lI1FgLohJy2o_nZ01hrO6eeevHoTqvJVKHI8mpUQZs47V4OSNupOJuG0B6Zy
awpbS01XyGuSX_62ZNjtn7jGA8GxthxeOHmzrxzqsZXYJqweZ1D_NJSdlXg-
-
X-YMailISG: _pRhm6EWLDsyR3t72mysPSU1uMGh07G9YyHYhP2ilwQQwwl1
.hq7KnciIaR7zKl5YAHVEScFHe_EeUKoW_vnChP6kPvDrL.k.pLbefWP3OnE
0ZgdA3crqR9dLe7FUzdY6KAT_4DScFseDncv_APeRN_UDZfq5TA9QlSw5.yY
7IJctE5bGUeeDvz8DJAbnbc6FefvueRxRU55NtUIcrfvPKyAT3HFiKg7MUgq
NbCzKlV4wBZHYC4ApPneadYEQ_nrHfMm_ZaGtWDzHwiRSvp97kOn1W4eQGFw
1E5.X9t.fkIhazSjkQaEoyggQ7PQ08OIxZ._GVp0kMYVGAs3zb4vd4FAySGT
rvYfgsRYY4CjGdj59bfHF7Y5HcSas5GZg7THbFW3nf2ix9tKHf3y_sZzH8OG
BqkLp8e9aKuM0uIoh5o18GJJVqx_zpr3oR09w8xVmRaTB7MTIYc96_YOIhYF
0zErhZll1_nLCsaHmcEvyIy05cWQNvF8VvmdNt5xlkJ8rdAHSUVmhB9ji4eE
w7RJf.czDS7039kcuOtGf2vvzDzA5rdQ.4hSNiDF6WcxnpE9IHW8ydD8aH.M
zR3CZF4B6fLtl_OKosGfpXJ2vCTV5GT95q_bBocJB4OMmjPl.lRmCQ.H1.47
6ULU1Z6G7EoyL4Nx9F6pbXU764BkWVUFHkOYywDUxvbXf9HR6X8oHlOLq24j
d1sYUbgpN86D8O2V_puahid.jCnbXPyZBTHhMykDVbgP78Osh7yT68EHQoog
aWJ0.MebNgAlIgVt3Yz5dQNrqE1cnWfHEyY48fLYkJPEBk25AtAbvKPL9hOq
n0SMygVzoXFrSP3B7S3OYA6GlEQxWfVSdnKdcIcpVUgHm8beN.D8xN6NfLUj
EYtcgI80e9La8xfCRQrk0UK0XOBNbcN5Y27cvt_.qEQ762BB4YIjMV7okwCc
pt_fqcbsRf3QBqeDL9B2c7OIEcs5m4Q7Ear5S6Uqwrcdx3fri0PhnpQL_iQ2
yfluF67taZZ9URGsCN6iaBcjLO_Doz.zTiB_u7Mu2qNmyv6iRtTTYCcQ3ZNY
9oTQEhi21kq4EAZ6boR_YRWRitqWhv7_Z4uLRGn8hAmTIHsgLNW.GZDb50kP
s2X62fW8Ufy0y1FvqqMTGO7tFMiHHsjn_6Payzz0HxTIqN3gBJp7GnUMYVuC
kUvucFZ1.N7xy_TACDZvybNU3oCY7v5NzGhYdcfO8RzwTmK_iqAUDHai6J7E
SUEXEQchHz.askRPwGZuKV2M4NGHbR7SFFj0yCYWsrDIRqwuTg9jdffHTzRG
TsnfzkHEITW2rCJl
Received: from 209.85.221.42 (EHLO mail-wr1-f42.google.com)
by 10.197.36.138 with SMTPs
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256);
Fri, 13 May 2026 09:57:26 +0000
Received: by mail-wr1-f42.google.com with SMTP id t6so10727479wra.4
for<okeefe at cybermesa.com>; Fri, 13 May 2026 02:57:26 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20210112;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to;
bh=hWVfw9TTlJCN5Vxd8HOhY22WAdU7pcrs5h4JmLPPJcI=;
b=Mwd4WhChvWEtyiIgFgcTSxs5upIyDgRU5DsjKdgw8ruYhjzVxRz4nbsPAzeVP3DWqx
lsVdcU4N5tvUFFohmu4GYo0n+cfJKzpjZzxJkT5LY0I906llAHt774eZUbWmUkW8F0bI
eEAWoWu6hVV0/DB58+Rha++mTxCX5IW9+FYwIsDzec5FbGf/tqqaw1NX3fhwXNEx8qV/
Iv/UAv/6wzguzMV5Y57QIN4IQXQBLP1Nm2r5b5Lnk+3LRGVXCgXlksj8BwtmS4R8I3Tg
hEsPF92/pjUYmtYKXHSk/U7mkQP+3Ppnq/LeBsipA/a7lRp8ayh5WiLlXeK7feND2Xx1
ox0A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to;
bh=hWVfw9TTlJCN5Vxd8HOhY22WAdU7pcrs5h4JmLPPJcI=;
b=5NSXhLAD3jSuFVmFR87A3M++7CHwWBbI5Z1QPj4SCN5bo7m/yb+eleOh2t11N77lIp
eaAjyP41jBTEtlBgOARjgkg7QJpLp9p0O7O7n7aCxiaWTj/+p+KFelHdLpSAIW3tYpkn
AglZ5M8odAgqcPsZjlixcGXgduLn6qoyOivKIjHnP2MkV/tswyqrLZUap5ayAcdfnPv3
cFnjjHRXk6y83WsaIv+yyW5QLhpMbPKd8xh2gRCZ5LyKEJgtJrp83Lb7JNcBHZvR3xnr
G/XeesIrCVRr/j5jkBzhNnKSN7OH7losq5FXCPzgpu7E35qQfLTo7SM/B8KGIHwUd8cn
c+tA==
X-Gm-Message-State: AOAM5310qk11pGFZpfmhIBQRE3Qp2WX4jhVibyYuQaIDtNDHUlZsxJEy
sBF9171zO6V+lxDPcMo0bcp2/bMV/CVQbilNp3HTRWRTo9fs7A==
X-Google-Smtp-Source: ABdhPJxualjsu85sMjeLXylxQd+iNskvFVaFCKlo50ZVw096E94ptHc7uRGcDe598UgMLxrBSi80mG+VRI8qQPk9yjc=
X-Received: by 2002:adf:dcc9:0:b0:20c:f517:c130 with SMTP id
x9-20020adfdcc9000000b0020cf517c130mr193277wrm.677.1652435846164; Fri, 13 May
2026 02:57:26 -0700 (PDT)
MIME-Version: 1.0
References:<2073398516.2890515.1652435792098.ref at mail.yahoo.com>
<2073398516.2890515.1652435792098 at mail.yahoo.com> <DB9P193MB1580510D8F402F5E5082C037CDCA9 at DB9P193MB1580.EURP193.PROD.OUTLOOK.COM>
From: "T-Mobile"<okeefe at cybermesa.com>
Date: Fri, 13 May 2026 02:57:15 -0700
Message-ID:<CAPrzedXupjsoVYoe8CYpNKMhBS_GxeJMoRV_xUWXcQSdLm2HmA at mail.gmail.com>
Subject: thank you for completing our survey, you can receive your reward
To: okeefe<okeefe at cybermesa.com>
Content-Type: text/html;
X-SPAM-LEVEL: Spam detection results: 20
DKIM_INVALID 0.1 DKIM or DK signature exists, but is not valid
DKIM_SIGNED 0.1 Message has a DKIM or DK signature, not necessarily valid
HTML_FONT_SIZE_LARGE 0.001 HTML font size is large
HTML_IMAGE_RATIO_02 0.001 HTML has a low ratio of text to image area
HTML_MESSAGE 0.001 HTML included in message
HTML_MIME_NO_HTML_TAG 0.635 HTML-only message, but there is no HTML tag
KAM_DMARC_NONE 0.25 DKIM has Failed or SPF has failed on the message and the domain has no DMARC policy
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
KAM_SHORT 0.001 Use of a URL Shortener for very short URL
KAM_STORAGE_GOOGLE 2.25 Google Storage API being abused by spammers
MIME_HTML_ONLY 1 Message only has text/html MIME parts
PDM_URI_GOOGLEAPIS 3 Rule to look for spammy Google API usage
RCVD_IN_BL_SPAMCOP_NET 1.246 Received via a relay in bl.spamcop.net
RCVD_IN_HOSTKARMA_BL 1.5 Sender listed in HOSTKARMA-BLACK
RCVD_IN_MSPIKE_H2 -0.001 Average reputation (+2)
RCVD_IN_PBL 3.558 Received via a relay in Spamhaus PBL
RCVD_IN_SBL_CSS 3.558 Received via a relay in Spamhaus SBL-CSS
RDNS_NONE 1.274 Delivered to internal network by a host with no rDNS
SPF_HELO_PASS -0.001 SPF: HELO matches SPF record
T_SCC_BODY_TEXT_LINE -0.01 -
URIBL_ABUSE_SURBL 1.948 Contains an URL listed in the ABUSE SURBL blocklist [iili.io]
URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. Seehttp://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [iili.io,storage.googleapis.com]
<p align="center"><br>
</p>
<p align="center"><a moz-do-not-send="true"
href="https://storage.googleapis.com/92052e935fcd9d8cebcd08c576d53d/b9cf10b58f90d4c019eedb9f4bf83d#cl/38389_md/8/50267/5704/1551/951155"><font
color="#ff0000"><u><font size="6" face="Times New Roman"><font
color="#ff0080"><b>**</b></font></font></u></font><font
color="#ff0000"><u><font size="6" face="Times New Roman"><font
color="#ff0080"><b>Congratulations! **</b></font><br>
</font></u></font></a></p>
<p align="center"><a moz-do-not-send="true"
href="https://storage.googleapis.com/92052e935fcd9d8cebcd08c576d53d/b9cf10b58f90d4c019eedb9f4bf83d#cl/38389_md/8/50267/5704/1551/951155"><font
color="#ff0000"><u><font size="6" face="Times New Roman"><font
color="#8000ff">*</font></font></u></font><font
color="#ff0000"><u><font size="6" face="Times New Roman"><font
color="#8000ff"> okeefe *</font></font></u></font></a></p>
<p align="center"><a moz-do-not-send="true"
href="https://storage.googleapis.com/92052e935fcd9d8cebcd08c576d53d/b9cf10b58f90d4c019eedb9f4bf83d#cl/38389_md/8/50267/5704/1551/951155"><font
color="#ff0000"><u><font size="6" face="Times New Roman"><a><font
size="4" color="#008040">✓ Successfully redeemed coupon
code SECRETSHOP2022</font></a></font></u></font></a><br>
</p>
<div align="center"><a
href="https://storage.googleapis.com/92052e935fcd9d8cebcd08c576d53d/b9cf10b58f90d4c019eedb9f4bf83d#cl/38389_md/8/50267/5704/1551/951155"><img
moz-do-not-send="true" src="https://iili.io/Wkht9a.png" alt=""
width="895" height="410" border="0"></a></div>
<p align="center"><span style="color: rgb(0, 0, 0); font-family:
"Times New Roman"; font-size: medium; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; letter-spacing: normal; orphans: 2; text-align:
center; text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-thickness: initial; text-decoration-style: initial;
text-decoration-color: initial; display: inline !important; float:
none;">If you no longer wish to receive these emails, you may
unsubscribe by </span><a
href="https://storage.googleapis.com/92052e935fcd9d8cebcd08c576d53d/b9cf10b58f90d4c019eedb9f4bf83d#un/38389_md/8/50267/5704/1551/951155"
style="font-family: "Times New Roman"; font-size: medium;
font-style: normal; font-variant-ligatures: normal;
font-variant-caps: normal; font-weight: 400; letter-spacing: normal;
orphans: 2; text-align: center; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
-webkit-text-stroke-width: 0px;" moz-do-not-send="true">clicking
here</a></p>
<p align="center"><span style="color: rgb(136, 136, 136); font-family:
verdana; font-size: 11px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; letter-spacing: normal; orphans: 2; text-align:
center; text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-thickness: initial; text-decoration-style: initial;
text-decoration-color: initial; display: inline !important; float:
none;">click<span> </span></span><a
href="https://storage.googleapis.com/92052e935fcd9d8cebcd08c576d53d/b9cf10b58f90d4c019eedb9f4bf83d#oop/38389_md/8/50267/5704/1551/951155"
style="font-family: verdana; font-size: 11px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; letter-spacing: normal; orphans: 2; text-align:
center; text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;"
moz-do-not-send="true">here</a><span style="color: rgb(136, 136,
136); font-family: verdana; font-size: 11px; font-style: normal;
font-variant-ligatures: normal; font-variant-caps: normal;
font-weight: 400; letter-spacing: normal; orphans: 2; text-align:
center; text-indent: 0px; text-transform: none; white-space: normal;
widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px;
text-decoration-thickness: initial; text-decoration-style: initial;
text-decoration-color: initial; display: inline !important; float:
none;"><span> </span>to remove yourself from our emails list</span></p>
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.nmglug.org/pipermail/nmglug-nmglug.org/attachments/20220602/b3e31f5a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.png
Type: image/png
Size: 3913 bytes
Desc: not available
URL: <http://lists.nmglug.org/pipermail/nmglug-nmglug.org/attachments/20220602/b3e31f5a/attachment.png>
More information about the nmglug
mailing list