The email was sent on 2018-02-13 18:10:39 and appeared to be from email@example.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to firstname.lastname@example.org which was the scammer's actual email address.
Although the email apparently came from Sunnyvale, this is where Gmail, Yahoo and Outlook are. They probably hid the actual sender's IP address and put their own in instead.
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Tue, 13 Feb 2018 15:10:39 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||18.104.22.168|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||pass (domain of yahoo.com designates 22.214.171.124 as permitted sender)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||KquruFIWLDty.j2cHW2DbUBVRZ16Q1EKyb2voLdSYf126Zx2 6DHmCLW91yFsqLxDRS5DWDds8TlU3N4Cdtna7eaNRecd2Rm4x83Fk2FoKIXd svm_HjgVMs7T6yt6wQrrAVSOna33CxopHvZZIGL6HPLZcly0ayDRMMKtyyRy c4hdcCr4SxOa7.U287I.scKsdymlpMBWglCJaQ2_yLOm5f3x2XG3KLtmeUe9 kZuByivXGvTVBpSYLD_3JJdosCfpRZoYmP_Z2iuKO.nkOy4HAst0ouJY65Ei hndn4YXSgY8JBMLla8Odrnj4YOny3.WrNH8FywXHqaQLX68aZJ3ADjXNydMT 8A5buKiBm_roHcDl1oD17AjKwm8c2aQ1fIh5q9zWIRH8ClOo5Dh2WZRHUDNk WoJo7Oz9uAl8GfQ5M98Shis1bQPQ0yDMQNZ243AawenrZccXFVJjeSqu5tIA RznSDaBFY3p4.vTuLwKO4rthUD.H8FnCyeJ06aKVfz8y4XXgXv4tB_Rcub26 Mvwz3EfWNoVieRD9P7Od9j5Iu8VGRSbMAMfwLPvfZbJMQ2V9.AJF1I1k4L8P hbjJnrSujfvE9auqKqkPKNUSAxQ9livZ9L4Dwy.FTOL_F2Vvfp4XqK5C1bJN qAylTECtmcqIwuJYFPjwBH7BSa5Da8gPaI682Oz2s7Qwb1q9ZM5hwRCtR8.1 MCOgWzJK7m7oEIW5jSNiebvfMzFUCl01QnfWZu1HUa996qN8bDSadBpbBy0O XLkFQz2C2jQ75iqnYd8jYbsAdGsf4Wk4OZz8zTG0IkEAqop7F.y3P1bdPs9P ZlSsHBBl6VfdcRpbBH657gDzwrp9CJQa0v3C4D1BWjGOAFqEpXcoTenUn_Yq 1.te.REgYtbXC7pUp5hc_D_UiIRNWZVJrHz7_cvTCZxzv.jluGprfqrDN.w6 3urppEkupBy9W.a9PJnw15.a03dIl1yNQf5awIilU0V4w2CboXExnDxvyKtg U2OPBcJwnq.s4aLX4TymELOvK.ZEacmg2PRCo6cwt1Q1X6kHa_v51UKcNC_x OP0T3eGVScKjqGc3V_KKKq1VQxie6cwlK6GLTQmB.krooixDBA_jjiqp5uyI IrD9nCSNEP2sq12YxIakDewmEVU._QYKJdu8IwuOg_.gy6dhG3W26dYlItHo YnH1l3uTMdMLKYiaKxID6HNV8GeJXJVdRUyN97h1NPsVozmMOCXMUwL0D_88 E.2H8ifc373.jvmjO.qx|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[126.96.36.199]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4369.mail.bf1.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=pass (ok)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO sonic309-13.consmr.mail.bf2.yahoo.com) (188.8.131.52) by mta4369.mail.bf1.yahoo.com with SMTPS; Tue, 13 Feb 2018 15:10:38 +0000|
|DKIM-Signature:||Used to verify message integrity and ensure the header is not spoofed||v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1518534638; bh=hfvm0q2hc5xYcBG2wlIWaCPjDkbUWDNTF+SP+QKDWxw=; h=Date:From:Reply-To:Subject:References:From:Subject; b=Y7S0YJKFf5oFaKcsmdajmocU3rGdv3b9nc9lzWyyA7AGtj2ZKzY4+uRCpZ+yEsfhYAWlVLPIoM2kTvpGuP4/yvu2XxGaaFcRFmUMmbtszkzMVSwNv6NSM+ZOer4NVHy0tkkM8dZeO2ksF8CNubmQ8h8rWzYpKMYMRdM9Ur3FZqSLUnbsdk87kwrpTbY4EQk737UNj6WoFFgM1etMeo/+GwX/hRtAFXCah+Bzf9mu6GPuyMhtTZhKisJDZiMnuicRSl6KHAc74oGalchQJBsoA+TKlhPGg9s6vv5fjFF9JjOADzWJf3HlET9b/7EFsBgROhmWOe+Pqsqv4vi8YyrVBg==|
|X-YMail-OSG:||A unique ID added by the Yahoo Outbound Spam Guard||UAfocIMVM1mpmph5FSC9QfFUdbBuoO0j8FmIyse90TYr9fX8ekf2a1BCPVk86rX ATBJ.emPBRAgttYQo_ITn4XABMsEK80mNAvfauCmaaCXS880DoyfPubUfhlPa_rN4otn7DE8bLz0 ATxanRhYr4krhkba8ykDx2CapVh85Tn_ia99qP.JE_tYL6Uq42exgiau9unfERyOwJVDJYK4NY0i uHQgyXFM_PLJ12KtTpagy41gKIEHPEtxIbEjl0Osgyp1pgQseseNnOzJcIEJQh14orP7HrjI2iRy FJVFr_oh3zjj6QV_KcLyWNYKg2lfKSRt9AAvwB0T3uuAJrH5KMupGanG29VxbQkHJ1Zl2AweqDUJ gEckYcSJMJxyEHZ5.iFb8QxPy1HFlmNRZLJ6nZeQeJqMzllSGzH7aU.yekOf1JUhMA35ggYyRzzi bbLdOJo0tj8O3Oi8ISZqxrSdALYDW491MjZiz3CG7WMaaW7kknjs-|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from sonic.gate.mail.ne1.yahoo.com by sonic309.consmr.mail.bf2.yahoo.com with HTTP; Tue, 13 Feb 2018 15:10:38 +0000|
|Date:||The date/time the email was sent||Tue, 13 Feb 2018 15:10:24 +0000 (UTC)|
|From:||This is the address the email was apparently sent from||"MR. OLIVER SENO L" [email address removed]|
|Reply-To:||This is the email address any reply would be sent to by default||"MR. OLIVER SENO L" [email address removed]|
|Message-ID:||A unique ID assigned to the ID for reference purposes||[email address removed]|
|Subject:||The subject of the email||THE CHIEF AUDITOR (LIOYDS TSB,LONDON).Your Reply Await.|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/plain; charset=UTF-8|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||7bit|
|References:||Facilitates the threading of emails; helps the email client piece together which emails belong together in a conversation||[email address removed]|
|X-Mailer:||The software used to send the email. Spambots, including those used by scammers, often falsify this as a version of Outlook or Outlook Express to get through some spam filters||WebService/1.1.11419 YahooMailBasic Mozilla/5.0 (Windows NT 6.1; rv:58.0) Gecko/20100101 Firefox/58.0|
|Content-Length:||The size of the email, in bytes||2878|
pts rule description ---- ---------------------- -------------------------------------------------- 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 TVD_RCVD_IP Message was received from an IP address 1.0 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers -0.0 SPF_PASS SPF: sender matches SPF record 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (mr.oslim[at]yahoo.com) 1.2 MISSING_HEADERS Missing To: header 2.2 HK_SCAM_N2 BODY: No description available. 1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)' -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [184.108.40.206 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [220.127.116.11 listed in wl.mailspike.net] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 0.0 LOTS_OF_MONEY Huge... sums of money 0.0 T_HK_NAME_FM_MR_MRS No description available. 1.9 REPLYTO_WITHOUT_TO_CC No description available. 0.5 REPTO_QUOTE_YAHOO Yahoo! doesn't do quoting like this 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list 0.0 T_MONEY_PERCENT X% of a lot of money for you 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information 0.0 MONEY_FRAUD_8 Lots of money and very many fraud phrases 0.1 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)