The email was sent on 2018-02-13 18:57:08 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
Although the email apparently came from Sunnyvale, this is where Gmail, Yahoo and Outlook are. They probably hid the actual sender's IP address and put their own in instead.
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Tue, 13 Feb 2018 15:57:07 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||220.127.116.11|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||pass (domain of yahoo.com designates 18.104.22.168 as permitted sender)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||4AmJDqAWLDvV59yVymn.gYcXbPdUILGeR1qF_Wz8PHubwSzf j4U1hA4z98fsRgE2IGNKj6xfVrjHIlhGdbM6Q9W7Utbcvl6z5M0zpD3Opxun ztdjT1ATQEAr_CtkdYWyiUTX1JI.nYGbwzRmD_2vtBXCiK2HFC.2Ne_QnCPY _Af3RhW8puyPXmCw7w1LUpc2p94MR1.2IN.uFEjSe2BOA7vPEwmME_HVK4Kd Td92wHMLZzgqhypfdArfSgv3URTNqPlv26x2xmq3QCs19jFryiPGs5DvfM9p 62hVot3Rd7aX2myrqRWzJ.wwEQfyi2GyChh4f9cwirb.wgnCSdATU52NKiMg 5d5bbaPK79NB1zB1znit83SrFPUDH1aNZIIsAzjeBo1YNO8pVYJDdjOoeqSN Wka_lG6myyrZBrjSeEHEVdl_cKhuHrLeO4zlvxoteGLUbJElanQJqJP6IxN2 v0cmplFuLWgRgNZ.kEjm2UqK_6FvJ.pOyrlw.c5QTFQUsZVaWeFobvyDm6PC 4WPvh6L5aPfjk04V1f69NMCIRaLpeDOHCEtZbbsJGcvVwdE7TvoOAN3dhV8p elLLfPszy80nbUVy3jiR5wLmSeEqf.alZJctzl_yph0a4hrnpYfmMeMHcC7_ .GRM3eaCZn64eQzWzyi7_8hU9z8i_6UwpFplznokwO3xhqVNyjwuR_Cwt82v DWCOeps_a6vStsByBjQABQiTcDldSW3Hd2huwOLrcyiPy7mfBFXeuNd4Layw punXCd9L_1nYHwXQTozD9x7v0o1bK2ceoyh0y6SOl_khnSa3gtIR4X1GXUur M9u03ckSTBI88fUH1VbNumiIFlvn6.HWvEluU1QZuSHcxZZZwBkVKfftkl2u OhjG.nXU6phH6FtXnLOK1UcOs1Fa1ON91YTw2d56kpqihlJ5jiX6G7LFwe6q qJrloEXVL39sLcmr_T43CIsfMxttSnmjRdcqBkN.csw6u9ngErPBWl.VLgrf uieINxUx7MU_IhnKyBDRt2wnf9s62NWCQDRW3UeWR8juYosrZ5A9FudpVTIU Whc8pPuLZA7G8saoReCojMn8bPffdnEebBdRhw9d1_ddIYN.POIT_ePCtsC7 yCiWU68jHTRDmZfsc39a._Cw5gs58EyaR0.1iYeboLku56UgxvxPKd8IF6iP 78TnaC47lpC0.9NXf0lI3vMmW4mb9QJmXVf.NmLr0Kr5HkLyQcFTe0dQt6Bl ZikNH.MXkhUFgarlZ5hHx4Hvf0Bp.fPnU_XxC573Pogq7Aej1b0TmjLcSKNB ULuKDtZoPQZN1tuWd8RSrUQHM_Zl9rnjdFE_gtNigXziuVkq|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[22.214.171.124]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4391.mail.ne1.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=pass (ok)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO sonic304-11.consmr.mail.bf2.yahoo.com) (126.96.36.199) by mta4391.mail.ne1.yahoo.com with SMTPS; Tue, 13 Feb 2018 15:57:07 +0000|
|DKIM-Signature:||Used to verify message integrity and ensure the header is not spoofed||v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1518537426; bh=GwENqpvTO1WcxDzZQ0adSKqPBwgQE27iQOfap/xVRVg=; h=Date:From:Reply-To:Subject:References:From:Subject; b=SieWGUcqzhrmBKmPMsSfGRnHw47LrfvLG/poz5NpfTRAV5JiV6DGDJPxFiTaoXH8dRvDB6F5dVP3r2ZTZVxIWxw27DTajE6Au+V3il7tjPiAsI8tqDlcYCMm78SCFwuPIngyLzXGaPBgtMgYk+WsA0QP31u/JEPCgwLOCYlQvyh+Gpd4mgsvTpQJm+sPgQCrFL/hkqCP9Z8/uVeduLdPAU4sz8mMlkLQYOb2HtVWyodteI/xdz94l1T1QDmChnj9XYZprZtUWANzQm/Exe9n9OyM8274+m6pvoYX1vSzv/SbsDJuNzw7sXrn3hEK8AKYVuTwcMU7VaM3f5cr3as/kQ==|
|X-YMail-OSG:||A unique ID added by the Yahoo Outbound Spam Guard||K.FKXysVM1m1KwlJu2QoQsHrleDctGgfb8JMsGHBlhDuuXh5te6QP3XFVC4_0hE waJGAQIDDGNSqA7wg7yF751h3ESNX7M_FwjdtbBnLpfk4q_k.F4MeAhtkhS80vUoDQn6CPBQajCM OpHUTBwirOvQF_CYirb1QPSn1XA66c8z_wA3XNM31.ySWhaF7nZ8i8qqEXXJApVUOAISLdBeKYl1 cTcDXGeszy1YyYofogGzELPlYPKf8g074ufJVy0imrKukEUyLy1MptT.7K7SNBL8EWnYB8uJxcs_ vq_yR7MfvzOeZGDfc9Mo2cr83Ciivp_rcrdrZ7Yci0pslRUcJMNbb1WMgdhvTzP9OjxSl2ElKxVA zzLFNDE7yNGYJDQ4IdQsyNWbMvhibH2YmTB6iwsx1D0_.Qb0zKtrB.yS8C8hVCqXkD_uCrCjQ_X3 ZMtlKmfCG2MY3WsA0GUH_yzVXLBsIT86jP2b1kmxYfAo-|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from sonic.gate.mail.ne1.yahoo.com by sonic304.consmr.mail.bf2.yahoo.com with HTTP; Tue, 13 Feb 2018 15:57:06 +0000|
|Date:||The date/time the email was sent||Tue, 13 Feb 2018 15:57:04 +0000 (UTC)|
|From:||This is the address the email was apparently sent from||Samrith Meng [email address removed]|
|Reply-To:||This is the email address any reply would be sent to by default||Samrith Meng [email address removed]|
|Message-ID:||A unique ID assigned to the ID for reference purposes||[email address removed]|
|Subject:||The subject of the email||Expecting your early reply|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||multipart/alternative; boundary="----=_Part_150147_1684634125.1518537424310"|
|References:||Facilitates the threading of emails; helps the email client piece together which emails belong together in a conversation||[email address removed]|
|X-Mailer:||The software used to send the email. Spambots, including those used by scammers, often falsify this as a version of Outlook or Outlook Express to get through some spam filters||WebService/1.1.11419 YahooMailNeo Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1|
|Content-Length:||The size of the email, in bytes||4538|
pts rule description ---- ---------------------- -------------------------------------------------- 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 TVD_RCVD_IP Message was received from an IP address -0.0 SPF_PASS SPF: sender matches SPF record 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 1.2 MISSING_HEADERS Missing To: header 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (samrithmeng88[at]yahoo.com) 1.0 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (samrithmeng88[at]yahoo.com) 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit (samrithmeng198[at]yahoo.com) 2.2 HK_SCAM_N2 BODY: No description available. 0.0 PP_MIME_FAKE_ASCII_TEXT BODY: MIME text/plain claims to be ASCII but isn't 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [188.8.131.52 listed in list.dnswl.org] 1.9 REPLYTO_WITHOUT_TO_CC No description available. 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different freemails 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)