The email was sent on 2017-08-03 12:26:07 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
It was probably sent from 220.127.116.11 in Yancheng, China
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Thu, 03 Aug 2017 09:26:07 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||18.104.22.168|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||softfail (transitioning domain of packaging.com does not designate 22.214.171.124 as permitted sender)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||JuNIofMWLDt8mVFs1dcFd4117sWaEFw0x1AZ3MUorkyC2UeZ CVEp78R06l0dV98i4Xu7drhBHhmgvDgqbXBiEdX9LDGkgw1q_dfIHXUbAM0F kiKglOZe..4hIVWZavRWEH_GVp.JYTwf6XQ2Ew0oxgdds2EpJv7eb.7zL1eg yPyKkCCpQ1_HMlS8wBhlPqBZvyQFUDEJHVuj1JbZoSDWl9t4upwxu29BEug9 RglY_pOMr.wJcHJzas6fxZW5xxO23zt6IbMZUz_1N7_ab3Sk_o0k6iRVAvpT uIkFXsKKmciUi6ksi3c6tHhblQdvr7ciES4H26Zl4nQYubGfLYm.3U78ZZfp iCRBMH8jfR6y521_.j.fB26YZOyCNsaKgVhoFbhQMvA_YMbicIMpsbTAXCfA p4g7Lzqwh5haIxCQPHDAKde0bSZml4YVkeFXdGvf23DpLbTO_THHAIbpKwx1 ijW0HVkdtueHg5.Gvl9SjvIfCQHTWeYSENGrJq44aw0IvfQOsvJdxbL4Ktab jcvasCcIgWnqyRszYO_In7NdXDTh9XqwLs2XHFF3z1CmgIBNfkmQwNIU9s01 f4UPVctVOMa8YxIWH3CaShjZGQPWjS6wQUVmxIxGXGNMf5PyRaVWtrcsX82F LtyEJoGXZYWrT4pZtifAly1wgn6t7d6UCN4sw6KwRyCOyXb.xUwjILRR5awF IMSo2VOLg8c1J0Xo6fINdnJ75th64dgRPmp9f4z1wyp5ie3OIltiBiKIE7mw vPBE3KdytO_aDUDztDJn5dLmtDGjhiE12CF3KOnGyUCC3rFi1SBlK6IzT3fk o_gAEMLJ66WHdMLEWj3SOVq.4gGVEMF9la7ajg2WiOoE9RraQpZ5maJPLzAc zKO3ytn6LURp1nSX9aU8CECv7J6.kruRcu9WXg8aC4.yJidLgGqGtw.g0YcD X1TtLiV8GM0MU.hegH7QjaEEAZqSmsU8d42GY9TrUqFpIyn_aNbuleYObygS dlm_j2XBm7fuzEWcHK1FKfcPLc1xi.JRM13ee9x7gpg1awz639rO.qm_oiKL wC3F.4DOkxonyEc_710ByU.Us_8KDZgPrfw2yfh3tHh083QPX_o-|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[126.96.36.199]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta1122.mail.ne1.yahoo.com from=packaging.com; domainkeys=neutral (no sig); from=aliyun.com; dkim=neutral (no sig)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (HELO packaging.com) (188.8.131.52) by mta1122.mail.ne1.yahoo.com with SMTP; Thu, 03 Aug 2017 09:26:06 +0000|
|Received:||from RMGGECVFVTUHMXG[127.0.0.1] by RMGGECVFVTUHMXG[127.0.0.1] (SMTPD32); Mon, 31 Jul 2017 11:09:11 +0800|
|From:||This is the address the email was apparently sent from||[email address removed] [email address removed]|
|Subject:||The subject of the email||Wholesale special handle paper bag|
|To:||The email address(es) the email was sent to||"sscatcher" [email address removed]|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Sender:||The official sender of the email, can be different from the 'from' (e.g. if a company wishes to maintain that the email was officially sent by them)||[email address removed]|
|Reply-To:||This is the email address any reply would be sent to by default||[email address removed]|
|Date:||The date/time the email was sent||Mon, 31 Jul 2017 11:09:11 +0800|
|X-Mailer:||The software used to send the email. Spambots, including those used by scammers, often falsify this as a version of Outlook or Outlook Express to get through some spam filters||Foxmail 6, 13, 102, 15 [cn]|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/html; charset="UTF-8"|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||8bit|
|Content-Disposition:||Email presentation style - decides if what it refers to should be displayed (email content) or available for download (attachment)||inline|
|Content-Length:||The size of the email, in bytes||4233|
It is glad to write to you with keen hope to open a business relationship with you.
Yancheng Zontai Printing and packing Co., Ltd. is a factory ,we specialize in printing and packing field for 15 years. Our products had adopted ISO9001:2000 Quality System Authorities.
Hope to hear good news from you.
pts rule name description ---- ---------------------- -------------------------------------------------- 1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)' 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 TVD_RCVD_IP Message was received from an IP address 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (ztaipacking[at]aliyun.com) 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [184.108.40.206 listed in zen.spamhaus.org] 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.9 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: aliyun.com] 0.0 HTML_MESSAGE BODY: HTML included in message 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.1 MISSING_MID Missing Message-Id: header
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)