The email was sent on 2018-11-06 01:44:10 and appeared to be from Salesemail@example.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to firstname.lastname@example.org which was the scammer's actual email address.
It was probably sent from 220.127.116.11 in Shenzhen, China
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Mon, 05 Nov 2018 22:44:09 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||18.104.22.168|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||none (domain of fzlnpx.top does not designate permitted sender hosts)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||.W.ZpcYWLDtPfOpOkV4XntJEhvdO.oDQULx3Osdsd6nWNaJC OZrGGlzW9SL80mpRdSia7aJ9y.rUJ_3UIlVC6OIKyurQYY1g4IosWnXDvZ2A AsieFE53hWunYfp7rPUY7Ox03K5WFTDixROv976v_XkRbHNDpCu4SUGYCilt Y1jrwkjRNunC4TwyxZPx8LcKkUGd3KstvJQO6sPOIdtPVJ1wF53fnwA5Ficx 8O5zW5nHYAI_t4nU6K7Oa_yttpnFrMBawMHHRs5szLcGMw8oeajFYZb1qVKL TjJ_SW9mL9ZN8RNFzJvCTHbx5eAvlE5rylWP5N7xB0AabKP3pj_zTSztkIBO nS.m7kOuQWt4Zt2_y2u24HQGivy85mZYaesmEzaJwxSzAqOmWHTSfybFzHq_ BWEYoTHiMTKGq_l9cbEjenxrOizIU9e8txE24EjorV1ig5cYF1svIkZd0vcw WoREXBys.S6H0aysh53lqSOy26QNI8i_12qk2TvKppAO2iMDjXn08iXxPOXB 60VcXfwkcfOWwngjH5p5tUnpFHhnytcP8U1xr5.szbS__x5WqD3LZYXwKBDt kQQd1UaiPgWUf.x.orPOV4kKp8MHRf29vq2Wn_.90zBdE8ftosoUUw4TI.b0 h6sMvGOPU5hfjytWVHBvpwZwJksK9E7vhfnWWB1tnYEJEh7U8zBoGZYEwOdE cgWRdAetLcHGpGgEqMv99X_FnaanlMDLTKkOo_BeoSIJkZWqidZtCECgmJ1J pPr4GPml8qCgwFHq3.Kouqr00A59UvtsfJ3U86iM79.MN3g25nQWwS0TT3A7 8REJcLznkWRqg80qaKSBzYRSgsxyqLkp7yRhCt8ZB84A_XBcjP95VxhkDxAL p9p_nN_0pRUoFOITQigYXZg_0p3stvPdM1Hi1T6a0jfvS2V8_ig0HEuw36zd tWD.T1AvaueX61iCzKrFP7v6.UxqOVGzJtO_J5WD8apBZjYUMRjdOsrs9NAa jm3pE2G3I8KOr9SJFD863SP54K0McwDQPA8XmUrT5tf56RY9lRp4Zjo5bHiF cUvh7QLAzqFEDWlsNS.2zxkJLziC9dQMronD2y16ge81SxbdPcIIP7hw5cLr yAXhdL0sNvuN9A--|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[22.214.171.124]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4176.mail.bf1.yahoo.com from=fzlnpx.top; domainkeys=neutral (no sig); from=fzlnpx.top; dkim=neutral (no sig)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO fzlnpx.top) (126.96.36.199) by mta4176.mail.bf1.yahoo.com with SMTP; Mon, 05 Nov 2018 22:44:07 +0000|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from WIN-48JDSLQF1IC (unknown [188.8.131.52]) by fzlnpx.top (Postfix) with ESMTPA id C7CD4218F61 for [email address removed] Fri, 2 Nov 2018 06:34:18 -0400 (EDT)|
|Disposition-Notification-To:||A read-receipt/delivery notification was requested by the sender, and will be sent to this email address (usually the one the email was sent from). The sender was likely notified that this email was read||[email address removed]|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|From:||This is the address the email was apparently sent from||=?utf-8?B?TGkgWmhpIFlvdQ==?= [email address removed]|
|To:||The email address(es) the email was sent to||[email address removed]|
|Reply-To:||This is the email address any reply would be sent to by default||[email address removed]|
|Date:||The date/time the email was sent||2 Nov 2018 18:33:58 +0800|
|Subject:||The subject of the email||=?utf-8?B?TWFrZSB5b3VyIGxlYXRoZXIgd2F0Y2ggYmVsdCBkaWZmZXJlbnQ=?=|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/html; charset=utf-8|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||base64|
|Content-Length:||The size of the email, in bytes||512|
Hope you are doing well!
We are professional manufacturer of Apple watch band and leather watch belt production, and hope to find a way to cooperate with you.
Kindly please send us inquiry and we would offer best prices.
Li Zhi You
Hongda leather factory
pts rule description ---- ---------------------- -------------------------------------------------- 0.0 TVD_RCVD_IP Message was received from an IP address 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit (1814598820[at]qq.com) 3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS [184.108.40.206 listed in zen.spamhaus.org] 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [220.127.116.11 listed in bl.score.senderscore.com] 0.0 HTML_MESSAGE BODY: HTML included in message 2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length greater than 79 characters 0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.1 FROM_EXCESS_BASE64 From: base64 encoded unnecessarily 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.1 MISSING_MID Missing Message-Id: header 0.2 FREEMAIL_DISPTO Disposition-Notification-To/From or Disposition-Notification-To/body contain different freemails 2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)