The email was sent on 2018-02-13 20:35:29 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
Although the email apparently came from Sunnyvale, this is where Gmail, Yahoo and Outlook are. They probably hid the actual sender's IP address and put their own in instead.
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Tue, 13 Feb 2018 17:35:29 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||184.108.40.206|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||pass (domain of yahoo.com designates 220.127.116.11 as permitted sender)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||d0p.YfQWLDtV_2Q4C48bO8PdXyXr7jHB0oHJCetUF18gBjAy LSN9m1klxUbXL40WflTPE.uQ0y8EXW8iCCP4V4tfwqRi_SPymXGDj3Uwlgu. jDDb_5DL5O573iSSjTg4Fyo3AAJPx7.j3mZYVcd1De8s1oaROpk7fmLyo5TP 67Um9ZB.j1yZ3mK8lhALfgPakh1jOyLdHKfFA0tFzPsRqo5F7WYAzGM2om1G xyQQLqPxmhBNBE7FJ38yl6hS_EeArbmYQcXpOw6Yrq2hNmJMwjH7gLJi.Gpw gLZGtUshR7rPNbsORAnok55_ywUifwG2SuMZLENbH3REt7xTSHHAvaM59Cy. 9sJJQ1X3JACpEU7FC8RyHNFmrTnrdKtCDYDNS0vS3001eBvISB18O3T4_dgX trrXg_ii5MEyWP0w1nINNM1ukkeglcYt8LqrNH.qgUPxt1PUg76vQ.s7b6kG Sw7YgNGurb9BU.A2BEh6ib5tqLwLux1ylJqwjs71jiS4tMnQlSe_t3y3lGIJ rLP3_TqBrma10GlDxXxAV7p3bUDtvMEweKZoWXyt6JJOBXJJjDey7UZMyPtE qAl9RsfF5DXyq7Oe1aAtJm03n.Cvuj4NQ9ijtqdqLeW0ihA9XLhCycGlLDF3 CwWd0QHRL7A9PzRLtfFEAgHtWVrF7O4y3.GnCz5fkZ8PD2RIQ249cLq5JhFz eE5ya7PThgV_si_KkWAvu3OHC_fCO3glOdduiJNzUg9YCqx0QvG.oZhJ2mB. QrJ.5jXP.EJYKwZkEdL693vgFXSGdT1CFO5Ab1kVLzfs9DXCGwqOSgEdIPVn w7YhjAJ2EiNLs94dLfK5vtVolgOovx0G8.eP9bZN.lxJ8_Z.Yn_PAJmCu64t aOKPc0TkupepUdjAGsEfioJSZRr7SpvrRJTKvp.1DbXzEMOKHeipeS.fCbLh .3zEvJwEy6Bd7NGG5m19gVLprDHtvcJwzYXq_l.9Dj31NJ9i13Tq0LwHmNIP m0CIWRByI.96yNFexNY7lvIna75nbNDEJq3_ppsEqHzZ6tCf2DEMCHUBwSYB zNbRVMQQ7lUeO70GRjDSmb1YuuUgL1nP41SdbdohBJXWt59Pmg_lEbnVX2.Q 7Wbu.IR9.GpjFuTKuAAitMihrrjF0wRNynXFAmP9eSbnG5yhgSe5cVtj69b. yYToiHuBVqL3mOTDyBhbkkv9lG6jw6QmOt3_xlg0clZY57AIXLbTEp5rMfjj I_1LckkD6R2W9zKUBdAyhjWcGX1tDgxd|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[18.104.22.168]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4299.mail.ne1.yahoo.com from=yahoo.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=pass (ok)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO sonic313-38.consmr.mail.ne1.yahoo.com) (22.214.171.124) by mta4299.mail.ne1.yahoo.com with SMTPS; Tue, 13 Feb 2018 17:35:28 +0000|
|DKIM-Signature:||Used to verify message integrity and ensure the header is not spoofed||v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1518543328; bh=+8Cgxg3SAf1XcHE6wl3fhs+q3ndgMdEieLB+qwZ3kOE=; h=Date:From:Subject:References:From:Subject; b=CSTbOeD0cBhXa0hzJVDZLCAINnpl7ob5nz3YAZ/HdI1SvOwV9+EEHSWTSmhqlH2dmmD2sDurYr5LAXTdTlSY7L3oVVB3PlazItOxDLCZtQw0irIfsFuvE4RXV0oMXWx0SGAc7lHfpb82+KzaM88nh5Ol1tx/rhGmd33Hr6E5AOiebAjcD3u11ii107SFX/AjRDG4azabZ3x3HYJi1Fy/Pa+4YfTOV2cJRHG7rnLt3s2cnQpl7Y7tyyk4nEA12PchzFGw9nyJcuwdOIoUTcmyuq5xugLkMH83JH9izet0mZAjdvEPW281LqrxREKfQQJJamHZXpOtBM38/hZSAmMMDA==|
|X-YMail-OSG:||A unique ID added by the Yahoo Outbound Spam Guard||UjSzgqsVM1kSoQME8RwJhPdthCrn9hRuJhnxK_XXHERJdEeto.ZjGLnlKh8jbnH 4HpgIKlaqknTJ6Oa8gdD6jGjshb1UwhhS.taoEgiFqVoCOu_od.YeECvfNWxs5HV0UyzV0vm6bSM iZVFKgMEQCexLLeJ7zkvwrTPkJq0OiyhhZaMdFItiPanx7KQ8kSYx_1qoaD5NzPntmswAT9CqWpX BU3DKe2S8Lg3hDlK.Qd0U981FohuBBQqbFiqOCV1oSGN64vcMoYXje08sHqUmaAZitpUV8qcJqxw TVRd1Q9zpcgRghqWua8Zjco0S8mWRAwbdOrnAYe..xdSZxr0k2Pks5CcO67YbB4UUdcnZHhc8wKh cgbOJukyv.6RdGlcKDOByfLjiwg55A1xxlkQ_p3WhDci.RZd_7sTjCROJBL4c4xbAwbqaEUhTGqe FMElDqtNzzz2M2x2dj5cFu66u9M_jvgyK5Ta7no75AdieLBr_5LfCuq9uxlTE7v__fdykTudvrk4 -|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.ne1.yahoo.com with HTTP; Tue, 13 Feb 2018 17:35:28 +0000|
|Date:||The date/time the email was sent||Tue, 13 Feb 2018 17:31:27 +0000 (UTC)|
|From:||This is the address the email was apparently sent from||francisco Lopez [email address removed]|
|Message-ID:||A unique ID assigned to the ID for reference purposes||[email address removed]|
|Subject:||The subject of the email||Hallo,|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||multipart/alternative; boundary="----=_Part_199948_1704091625.1518543087868"|
|References:||Facilitates the threading of emails; helps the email client piece together which emails belong together in a conversation||[email address removed]|
|X-Mailer:||The software used to send the email. Spambots, including those used by scammers, often falsify this as a version of Outlook or Outlook Express to get through some spam filters||WebService/1.1.11419 YMailNorrin Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36|
|Content-Length:||The size of the email, in bytes||2535|
pts rule description ---- ---------------------- -------------------------------------------------- 0.0 TVD_RCVD_IP Message was received from an IP address 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (lopezf932[at]yahoo.com) 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (lopezf932[at]yahoo.com) 1.2 MISSING_HEADERS Missing To: header 1.0 FORGED_YAHOO_RCVD 'From' yahoo.com does not match 'Received' headers 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED -0.0 SPF_PASS SPF: sender matches SPF record 0.6 PP_MIME_FAKE_ASCII_TEXT BODY: MIME text/plain claims to be ASCII but isn't 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [126.96.36.199 listed in list.dnswl.org] 0.0 T_DKIM_INVALID DKIM-Signature header exists but is not valid 0.0 LOTS_OF_MONEY Huge... sums of money 1.0 FREEMAIL_REPLY From and body contain different freemails 1.2 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)