The email was sent on 2018-10-15 12:57:29 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
Although the email apparently came from Sunnyvale, this is where Gmail, Yahoo and Outlook are. They probably hid the actual sender's IP address and put their own in instead.
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Mon, 15 Oct 2018 09:57:29 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||220.127.116.11|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||softfail (transitioning domain of gmail.com does not designate 18.104.22.168 as permitted sender)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||wu3td3IWLDvyyNwoRsmB81BJKgMx.EtVXwBUgIaJu8fY0.mM CnH9IQLxcx5ILVZfs9yLe3cUMx6RGchj10w4Kskc3lMU192uEYm_HqXtGgYS bve5V2wnr6vDmqYJ3rfWA6ZoBWlnSaSW0cqXNzVzSlaqzTm4rpR6rGPB1HQX zx4ixGBrmSUiEPiV_fuI_mZHkrSfEpg2BhUL_iqhsT..Ka48S7TooMS6X3.q nSHwnOBoJB1nN8r_rI.jh8geZjgcBQXUxVqXNzatTClogDisL0UVQvvOIlpV 1f_9MoKISNBkht1uSjUR7_J1Bk.pgafZigOSkgPfkfFiVlfFO5aGWIt2MVrH 2RFrUZSat7MnpKd8nf5V1gxc9fQ1OYqjpqi.oFXTu3QqNQYYO0PU3T4P.Azn jYA7DT2KtovrS9sjih8bWjCT5pZvJ1ZU_xbp8nYi3QrAuZnG_3TlUClPAt.l .iyjxpUZMMvgbkJ7z9qEzumjLHeJkcU3djp.7ZPnGpztrqUgVlgwMRcntyWA PQefI4eiF9eZ4rhb3VLkW.Gy0ALY.EgqnPVcpcYGLUdPGQmL3N47Lb7p4vvu m68FLB_YA1Inv4q6KogxSdmW6QEzNh9K2ZGHxOljj91BAopx6uK4gSBGBRCl dUc6EtBqYAHu82ngCRMit2Doe28tU56F9T4rLZaFq0uXmo6NOAI02ZKQnJv2 c_mVePntQmTkvpEy4IoyjsvQRNu0nUeLwrAp688amDbKIExMxnZxh68bcXzY t3avJmRSkbyX9X2kp7CNMkqF7IJJ9bkDjsyX3ZTtQ67Kc3OPsdXu9cejtwCF iERJN2Je.POj0iiTgoA6q01uYpwxJl.roXS6iTtebPkMsO52e7o2S9T6qsC6 wQIMbBvZQ9YhsGWLbhGVjHQuWWhwNZrHDxpuDvgmvlnMZaeXxgXsoDeSYAaE Cb9iTbcpYlED9xMzmxeYuVf_QYWQYM6tNI6BKo_W2BCHYOHSligSu8myTKlj RErhLYmmnkpHwcxTxzs2ydqFxKjk2KUMTlqPBnGJtMRqCX0v0Lr5vtmesqae ZKGk5S4vLPEXW_VdwPevssQee10oYGvyblVrQ_3vkCPVGd31lrsj3JU1Y14z mSffP8xKPks80AILeAA7Pr6G6RJRRcWzq1JXMoyLGknkTmoNtn8G9J.K4o3n ahEvDtPUDCF6Zc96bBBBJTFlMfxlnK9wN_jgbO9tDY6Bm.Ad7VYOBCHNqto-|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[22.214.171.124]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4003.mail.bf1.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=yahoo.com; dkim=pass (ok)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO sonic301-3.consmr.mail.bf2.yahoo.com) (126.96.36.199) by mta4003.mail.bf1.yahoo.com with SMTPS; Mon, 15 Oct 2018 09:57:28 +0000|
|DKIM-Signature:||Used to verify message integrity and ensure the header is not spoofed||v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1539597448; bh=89vOeiXPsMty6TeYkKdt7fwZS3wzsaYAKvc5mqH50EU=; h=Date:From:Reply-To:Subject:References:From:Subject; b=Zq734SP/tgG9pLCPOzqa1Lb8KmR71T4See9HN1Ya75FtAntOWjiIw/QhX5Jt+6+K7E7B7h8Z6kcj60K7jk6m0k0Ec4FMEfwp44fNWh1739OevfxF65h7uDZ/w5o5EAt5ZY1k68okpGTamHXObLaBV0uRPEriFYb7Mems3Tv3KjBGtudJty+z1/sD15K1iuX5C2Y6TXttYihMZcEAaGp4nrzdqnPsJ2UWFyjIZP1Hq5N4AM7+ANXpN181FNDBcaBJUrsVKBAO6u6flOEDBuDks69IMt9EytBH4E9TeD9SzHxNxsWu4alk+3T2i+fQfsYt49q3WlafaGcXXOdhuO7k9w==|
|X-YMail-OSG:||A unique ID added by the Yahoo Outbound Spam Guard||DqZF2XgVM1krsjrnCOlV.Ee4J4FWar4wtAS7fn6bagGRTb_LL8mpwpkVtspwYR3 v_iU_WkIkQB_w2Whyt9ht1a.WdB._nZgATI7xmwdF5EXWJRONVwKsr7IG9GH8aToMr_jpDWDVynM 6yHORpi2bDeRF49iufdX.zxigSBqDiZvHWsuRJa4wVR3wquRmH_LGjbdAypE6gc2YpBXwXttkW5f GTiZhOsgTQaBwf2d_OwbduiMYCcX5nDpXsiqAnpqMNRysbyc5hE3suo1nQV_QxlIvS9j17sNexeX 0dUj4KKas45uCF7pAi_IZnYEHl5lf5kw_pTvFSIS27AcJCD8j5af9u4qwmXnckqrOENSmfGAIs._ k1Hkw0Elfy_MkHgeOwRoDhCZVtdhMVOwYl9wdplSvUy0lZMpThn8a2USbgluOE9043FyyHfS_1d_ jLoTAFpqy9ddmPhuPdCyQzqmQRZCDZy5iEnChVWj37eBPeaotfQRTn2FcvW6PQUnnA78ypx6bPOv AJFKVqV8FVkmloMZcz.8G1CXxdT1H_v3drh4W2I8qdpoSpCbOBe.SmnOoc1Oj86yCThDB244EtQm l4JXH_49kZ.E0apnW.wf3i3nWej4W73HoQlt4Dbwy2rzmQeyq6ZgG6XYHFRx7PE_PSCbOfkuRMl5 0UetJR8lpEmbYjRnb1ECZ9WCorB6ebdFcq8ZuJ9uoKQWC0EFaSYMr.cQm0joIpXM0LcW79mBvb1Z zzBNiBl2685CAUQBc5ilvG6nBg41GhRbxwwJ.lU9Bv42CfHUFWt75W0J2zVqOxPC.JJnEEEMVFtx Zlky6qgd8ogPdir4loNfNqoOItaSM_MC.C6aza6T7P7I.SDWpNGg1G3gEvAYpOusfU.rPUy1lygr Er.HQ04t0NMGC5sl7u_mEQ1AwgnP7gGUfCd2gNmx0RGHIEbSWhXuMa1iRqtq6WesZHOSBmb43wzB KHbgHjEjdFsbSTsNqUynL6HhViFe1PLJhd38ODqQW5q8TpymoqlrOUt1Dw_tHV7fenqlSORT_hYE MD6C.LMQH2ADEQt1PCI1Ouw--|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from sonic.gate.mail.ne1.yahoo.com by sonic301.consmr.mail.bf2.yahoo.com with HTTP; Mon, 15 Oct 2018 09:57:28 +0000|
|Date:||The date/time the email was sent||Mon, 15 Oct 2018 09:57:24 +0000 (UTC)|
|From:||This is the address the email was apparently sent from||BOB LUGARD [email address removed]|
|Reply-To:||This is the email address any reply would be sent to by default||BOB LUGARD [email address removed]|
|Message-ID:||A unique ID assigned to the ID for reference purposes||[email address removed]|
|Subject:||The subject of the email||RE: SHIPMENT|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/plain; charset=UTF-8|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||7bit|
|References:||Facilitates the threading of emails; helps the email client piece together which emails belong together in a conversation||[email address removed]|
|X-Mailer:||The software used to send the email. Spambots, including those used by scammers, often falsify this as a version of Outlook or Outlook Express to get through some spam filters||WebService/1.1.12512 YahooMailBasic Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.100 Safari/537.36|
|Content-Length:||The size of the email, in bytes||725|
pts rule description ---- ---------------------- -------------------------------------------------- 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.4763] 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 TVD_RCVD_IP Message was received from an IP address 1.0 MISSING_HEADERS Missing To: header 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.7 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (lovelyheart1966[at]gmail.com) 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (lovelyheart1966[at]gmail.com) -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [188.8.131.52 listed in list.dnswl.org] 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 1.6 REPLYTO_WITHOUT_TO_CC No description available. 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid 0.0 LOTS_OF_MONEY Huge... sums of money 1.0 FREEMAIL_REPLYTO Reply-To/From or Reply-To/body contain different freemails 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)