An
Email with the Subject "CONGRATULATION!!!" was
received in one of Scamdex's honeypot email accounts on Tue, 26 Apr 2011 12:23:35 -0700
and has been classified as a Lotto/Lottery Scam Email.
The sender shows as "mark " <onlineclaim33@rediffmail.com>.
The email address was probably spoofed. Do not reply to or contact any persons or organizations referenced in
this email, or follow any URLs as you may expose yourself to scammers and, at the very least, you will be
added to their email address lists for spam purposes.
This a (redacted) view of the raw email headers of this scam email.
Personally Identifiable Information (PII) has been suppressed, but can be
supplied as received to appropriate investigating or law enforcement agencies on request.
EEEEEstdClass Object
(
[return-path:] =>
[envelope-to:] => scams@scamdex.com
[delivery-date:] => Tue, 26 Apr 2011 12:23:35 -0700
[received:] => Array
(
[0] => from f4mail-234-237.rediffmail.com ([202.137.234.237] helo=rediffmail.com)by chester.loopbiz.com with smtp (Exim 4.69)(envelope-from )id 1QEnrB-0000lZ-LLfor scams@scamdex.com; Tue, 26 Apr 2011 12:23:35 -0700
[1] => (qmail 11428 invoked by uid 510); 26 Apr 2011 19:05:04 -0000
[2] => from unknown 115.240.27.17 by rediffmail.com via HTTP; 26 Apr 2011 19:04:55 -0000
)
[comment:] => DomainKeys? See http://antispam.yahoo.com/domainkeys
[domainkey-signature:] => a=rsa-sha1; q=dns; c=nofws; s=redf; d=rediffmail.com; b=aA+1Foz/1SVMoDPiOo5MySvrkb5Oj7XZco7OLH8inPLoy/OaizfLtMcs5HmN4kpNU2/EIbzvEQyUHoKxdtQJDhU1/Pv0W1Ecfl12lTBNUb7pUaenqV3GGQNsPgxrWzPqjdmx026/kV8sAqWVbV6foo+oq0RAes5MaMXYWEyN3m4= ;
[x-m-msg:] => asd54ad564ad7aa6sd5as6d5; a6da7d6asas6dasd77; 5dad65ad5sd;
[x-ctch-spam:] => Suspect
[x-ctch-vod:] => Unknown
[x-ctch-flags:] => : 0
[x-ctch-refid:] => str=0001.0A150201.4DB7178A.009C,ss=2,fgs=0
[date:] => 26 Apr 2011 19:05:04 -0000
[message-id:] => <20110426190504.11419.qmail@f4mail-234-237.rediffmail.com>
[mime-version:] => 1.0
[to:] =>
[subject:] => =?utf-8?B?Q09OR1JBVFVMQVRJT04hISE=?=
[from:] => "mark "
[content-type:] => multipart/alternative;boundary="=_207d5ac61f1b40bd0462ca67504a2379"
[x-spam-status:] => No, score=2.6
[x-spam-score:] => 26
[x-spam-bar:] => ++
[x-ham-report:] => Spam detection software, running on the system "chester.loopbiz.com", hasidentified this incoming email as possible spam. The original messagehas been attached to this so you can view it (if it isn't spam) or labelsimilar future email. If you have any questions, seethe administrator of that system for details.Content preview: DEAR LUCKY WINNER, OPEN THE ATTACHMENT AND FILL THE FORM CORRECTLYAND REPLY, FOR THE SECURITY OF YOUR WINNING INFORMATION AND FOR THE PROCESSINGOF YOUR [...] Content analysis details: (2.6 points, 4.0 required)pts rule name description---- ---------------------- ---------------------------------------------------3.0 DEAR_WINNER BODY: DEAR_WINNER0.0 FREEMAIL_FROM Sender email is freemail(onlineclaim33[at]rediffmail.com)-0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, lowtrust[202.137.234.237 listed in list.dnswl.org]-0.0 SPF_HELO_PASS SPF: HELO matches SPF record-0.0 T_RP_MATCHES_RCVD Envelope sender domain matches handover relaydomain-0.0 SPF_PASS SPF: sender matches SPF record2.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends indigit (onlineclaim33[at]rediffmail.com)0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines0.0 HTML_MESSAGE BODY: HTML included in message-1.0 UPPERCASE_75_100 message body is 75-100% uppercase0.0 MSGID_FROM_MTA_HEADER Message-Id was added by a relay1.5 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)2.4 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)0.5 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
[x-spam-flag:] => NO
)
Domain Names used for collecting scam email ("Honeypot email accounts") have been obscured and replaced with the token 'HUN1P0T'
Community Action - SPAM/non-Scam Report
Occasionally, incorrectly categorized emails get into the Scamdex Scam Email Database and need to be removed. If this
email has Personally Identifiable Information (PII), or is, in your opinion, from a bona-fide entity, let us know.
Scamdex will, as soon as is practicable, take-down any emails that in our opinion should not
be in our database. Note that ALL emails in the Scamdex Scam Email Database were received as Unsolicited Commercial Email, aka UCE or
SPAM, via unpublished 'Honeypot' email addresses.
OPEN THE ATTACHMENT AND FILL THE FORM CORRECTLY AND REPLY, FOR THE
SECURITY OF YOUR WINNING INFORMATION AND FOR THE PROCESSING OF YOUR
WINNING DRAFT. CONGRATULATION FROM THE BOARD OF MANAGEMENT Coca-Coca
Company ONLINE PROMO ENGLAND,
REGARDS
Dr.ROBERTH MUELLER
DEAR LUCKY WINNER,
OPEN THE ATTACHMENT AND FILL THE FORM CORRECTLY AND REPLY, FOR THE
SECURITY OF YOUR WINNING INFORMATION AND FOR THE PROCESSING OF YOUR
WINNING DRAFT. CONGRATULATION FROM THE BOARD OF MANAGEMENT Coca-Coca
Company ONLINE PROMO ENGLAND,
