The email was sent on 2017-08-13 16:27:30 and appeared to be from email@example.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to firstname.lastname@example.org which was the scammer's actual email address.
Although the email apparently came from Sunnyvale, this is where Gmail, Yahoo and Outlook are. They probably hid the actual sender's IP address and put their own in instead.
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Sun, 13 Aug 2017 13:27:30 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||220.127.116.11|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||pass (domain of yahoo.com designates 18.104.22.168 as permitted sender)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||d0_Y15AWLDu5RJT.eTS6pHwX7hWFecm5o7jNYtL7z9E6QBBE tE16y8lPtE9nriK_LuWC8h3vgOxMQ.wKmNC_.aFiJNNByU1IKcWtKnRutLFY 1BDYGB6t0YErKp5K62GIXwt_vrAxRhd3LNgIp5HPkN9vXco0rGrfntLwyW3. bOHwQovW8GGc_ECkjDMwpkgNwKBPcWtCQWp1N7czHs67jJYNrxrfCIwYMq3p M1g4auRoO3Hn9Mw7eVHs4IIi6lA3SAMoswhVsnfOFI83zN3rWhpbib7UQFPh jWXFjYGraNIorOWjm0eGYPF5Zw77IToR89HiBvYOIjX0ByaNWq2kAV9O7c39 kE9DeyWCAFxQMFQzBBQ65rPZUTnJPsO_g8d02gIpRFUpCoNOYsGk7EJCxWWY 2nIK2jd0VByYY3JMZFrQbb154aUsaDpO01D2niH5rzt2rLKiCfGiAo4.akZZ CdNTs0J6PUG7tHK21mChWiEKAw1gI.40setoSWh9Mj8mbuwNwW5TUYuRFdRT jHrRLbVjF3up4Wk2k_VeUaI47U7Obc.QIh.1YP_hTteK7dL.EhKSoWY1TpC5 AuwmXq1AYBqgHJbCQcWfH.0ZX57OAtn2h7zqwuZ7_5WP2Q5J7a7eP1j6GluS 9B9M.7IzXo138S_vVRRIcHdCIjvrH6AUee9lLViA19.2Haeo3jwW51FJKz6G N2rSmCZW.GrS2LayJ7nY7y4x8j5wcMbDPM5b6gN6hVJEhMFZvfecTKSwdGgf FRiUxMKqy.JdB68CTpiGwlHDDglguOwmqlNchtu4Kil_S8i.KZxJWW.XsSxo MNbV.Im1JRmgWa2FfAi1uYID1qQRFBpIKISH1M7HQ6oITTllIy6kjgIF8gO_ DuqdZ5YwiUC9tWs.litvMJGXQ1QjS5j..MCA8Blsk42SxAb4UffbIc.Ro9nf D2Jn1Sp.NFo0uUdzxQvMWy7Gsc6fT6bW4UL8HO.K98IzgO3KJCZx2fENMOAw UgWhE0pdPuuaBczaHasqr7bNO3VozNfulQnuo0irvwSIzke2sGbR3xlLAhtA jffBNXDyts0qzqrG9INYPFW_DC0nixeyeS0nJSIOjA3Z_9sCwnenQ82II8HF I.FNHRcqVZwXjWb51hEIimDczG8u_SoHGPLuU_PBZK.IKSAYIb1S.YMgiYFW XPqGA91Q4TU3nrKXMSvvxBJ1xrDSb3tyAYcECPjmUA5qfLVDHIx.2W4G9fNj S2RqFor1bY7kGPcJK2swyMnIAFJXLuAW4N4NuDrfu7kY.pXHUqqQMVpKEyIu 9g0-|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[22.214.171.124]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta1008.mail.ne1.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=pass (ok)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO sonic314-21.consmr.mail.gq1.yahoo.com) (126.96.36.199) by mta1008.mail.ne1.yahoo.com with SMTPS; Sun, 13 Aug 2017 13:27:29 +0000|
|DKIM-Signature:||Used to verify message integrity and ensure the header is not spoofed||v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1502630849; bh=h7XrDdsHpWoQQZltGwdCrNCIa976NRzt/J9Pi3KPaaU=; h=Date:From:Reply-To:Subject:References:From:Subject; b=dg+8knktlBeCEytPounLbj7egdYL9dya18nLNbHuTo+Vqg0BCDh28hZZ+vWI3Q6mFoxeh1W/VvQM1rP2ZcoKsLwilzwHRuNvBXpDG6efvpRvmRhit3lHkiMaKAnmcbsUaCc5Hx6pLwKrNkX7cZUM0GeLy7VzaCpahV6vgcB9ECu1x/8qi6KS3xnW/M5rjT4kmGucBI6SxCXwX4uq/TIRQIj0nRHj1LulBNCGDZD/IWkQQGw/01NHZgEnzGGPBJzA34XsspchsDExLtWZn2HsDolg9dHqtsiO4pjYRi5cocP2hAEVRTP72DceoAGXL4W3F1V6MKHeHpRf40ABcnZ77g==|
|X-YMail-OSG:||A unique ID added by the Yahoo Outbound Spam Guard||mRDCF4IVM1ngSgoPwIXAsEWoaljE_iji9J.pBRDquyTps4Qr23Q5V3u_dLum88f xqojvC9wiajmWpxHR3chAePYPco7snlfj2c6LXgPE.7QFoMqV6MatDUwnUlAOrfkmg2Afo2Xq8rc xnQnJunZtBMzK8A7vUMOPXZRvdfHtRZsNgs1fLG_qFPzxV3qHu_phJ2NXiDIGE_Q.yL8L.YSTFyh .hrYQvGWIJZPr5qsbGZt6ElyX3CpKjhlSo2M1WzvHbm657z.8tBtjK9icu2Ww_Rw3.BQZIG4pE9z X3R_RBsLaoAMSccoXzAHluIAwPNQl82zS8n0q.8Fg2O1gMUihMFsYu34W.FMQaDELIeW.vtMvpJJ OxF68gMZzYt9YipDkB4LjCINGA4b5sWxAP44VWc1zKyA8IaFOR0jNGV_ei_5xaRWcz0Qodkc1YWW zw7EpPi9PxKDCndlklpgDWZyyxDEHUTQEQjMNx1TrFncqSI0Sk_M53VNUmUMc.YaZq_4siA--|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from sonic.gate.mail.ne1.yahoo.com by sonic314.consmr.mail.gq1.yahoo.com with HTTP; Sun, 13 Aug 2017 13:27:29 +0000|
|Date:||The date/time the email was sent||Sun, 13 Aug 2017 13:27:24 +0000 (UTC)|
|From:||This is the address the email was apparently sent from||"MR. KEN BEN" [email address removed]|
|Reply-To:||This is the email address any reply would be sent to by default||"MR. KEN BEN" [email address removed]|
|Message-ID:||A unique ID assigned to the ID for reference purposes||[email address removed]|
|Subject:||The subject of the email||FROM DIAMOND BANK|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/plain; charset=UTF-8|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||quoted-printable|
|References:||Facilitates the threading of emails; helps the email client piece together which emails belong together in a conversation||[email address removed]|
|X-Mailer:||The software used to send the email. Spambots, including those used by scammers, often falsify this as a version of Outlook or Outlook Express to get through some spam filters||WebService/1.1.10343 YahooMailBasic Mozilla/5.0 (Windows NT 6.1; rv:54.0) Gecko/20100101 Firefox/54.0|
|Content-Length:||The size of the email, in bytes||4311|
pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 TVD_RCVD_IP Message was received from an IP address 0.5 FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (offcsflll[at]yahoo.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [188.8.131.52 listed in list.dnswl.org] 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 1.6 SUBJ_ALL_CAPS Subject is all capitals -0.0 SPF_PASS SPF: sender matches SPF record 1.0 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers 1.2 MISSING_HEADERS Missing To: header 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.5 REPTO_QUOTE_YAHOO Yahoo! doesn't do quoting like this 1.9 REPLYTO_WITHOUT_TO_CC REPLYTO_WITHOUT_TO_CC 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 1.6 FORGED_MUA_MOZILLA Forged mail pretending to be from Mozilla 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)