The email was sent on 2018-12-04 17:36:20 and appeared to be from email@example.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to firstname.lastname@example.org which was the scammer's actual email address.
It was probably sent from 188.8.131.52 in Nanjing, China
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Tue, 04 Dec 2018 14:36:20 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||184.108.40.206|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||none (domain of uhmf.com does not designate permitted sender hosts)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||8UKbjRQWLDsz9duB9Xh6ZYXKxKyfvnLojmyJBxEC0gHBXzMq VnTtwbl4Xtc6hbU0pg12PM9GznxOy2aaKX4FaHwRSTb8w7qWScOitE6nMvQ2 gMUD4l7xjVJQ33caua38qawz.IuPcmapIVpaLo00UcietqADqmTivnk6a7uf ntJTmQaTHOkpLPWmkaVnWdyhSu7gAi4Ln2R1ol3jJqhfP.NzWniu77SK_5fR kL1bDxYgD285DbBTwLzaT9TDaxOIPbM1TF4OjYILXq.EgOgpkw3YWgwjq6jm WXbetrtFvE6RFXUoHFQ4Zwbg_v97QqaeQnp0cHknuWJeNIiKaeHAMK4gnvkT 2DiPNCfjT.ESNRyhj.fJUOJbL8ejVPU9gKfrxUirT8QhUHHj_jtrf_y1IwA6 b3zIfHBQ7NdHOGqAWmuBT3SMuUuxFD3fUCKrEw7hXJ3bPhZD237yI2e28pmS rEkQbfU0UORhX_U13TlM8AVNthV18eMaBqJ1eQvTOyweJ2nlV_2kHQJkqc3v XFePOZ3kDziSRa4UiqissO0JuTd0bnB4SpUv.L4yUjMwuloxtGVVfwP90hZx 3mxnOkWm8mFqqQzpYHOQXnSiPXbDQOr29TiVx9P87ZLpkxJUvorGwvVAS2CM PsGJBzjI2v9PhU8nZkuOskmohcXUq_7Baa7QwhClNSVrRbD77UDCKS2AkDkf bNiKBlS03y.iXjEFt6pRh9SBTspTS8dmX0s6j73qeAAQzpjoYHBBuNKdDokX wgd2zg0WS8PjY0myileQ10Vsvo52CqL9XERAOxsMFGlU0gpn0og6G3IFl4wd 4Pp5tmL53oEv_nEfOoJSuNWqODJIf9AF0ScpBKg2azkoSCBl.DIXsD6C.MVY 7882mVjGSUS_S9gAYGb8r50aycawXC196_E59Zft7gM.UOSeMG0VHWimlGdO X14JVlIC8hEvZDzfxqZXe8G3A6StfjzGPcReocZBsCD2pMiCEj8mlW79XEY2 e7F9LKoc.mnxZwboYA_Sx4Jchz4zc.d4v3wpsw66OvH5Sy4Nn.WD7cOTl4lW bUoOuAjdHbPSYY8y4BWS2IAtin7Cjw--|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[220.127.116.11]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4446.mail.gq1.yahoo.com from=uhmf.com; domainkeys=neutral (no sig); from=126.com; dkim=neutral (no sig)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 10.253.33.224 (EHLO bxoi.com) (18.104.22.168) by mta4446.mail.gq1.yahoo.com with SMTP; Tue, 04 Dec 2018 14:36:19 +0000|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from vps14101 ([127.0.0.1]) by localhost via TCP with ESMTPA; Tue, 04 Dec 2018 22:16:43 +0800|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|From:||This is the address the email was apparently sent from||Chris [email address removed]|
|Sender:||The official sender of the email, can be different from the 'from' (e.g. if a company wishes to maintain that the email was officially sent by them)||Chris [email address removed]|
|To:||The email address(es) the email was sent to||[email address removed]|
|Reply-To:||This is the email address any reply would be sent to by default||Chris [email address removed]|
|Date:||The date/time the email was sent||4 Dec 2018 22:16:43 +0800|
|Subject:||The subject of the email||=?utf-8?B?UmU6cGlwZSBjbGFtcC9ob3NlIGNsYW1wIHN1cHBsaWVy?=|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/html; charset=utf-8|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||base64|
|Content-Length:||The size of the email, in bytes||744|
Have a nice day.I am Chris from June Hardware Company.
1.Pipe clamp/Hose clamp;
2.Strut channel fitting;
3.Steel pipe nipple/steel pipe socket;
Products are extensively used in plumbing,construction and other industries with a wide range,good quality,reasonable prices and stylish designs.
RoSH certificated,we will be your reliable business partner.
If you want more information,please contact me.
pts rule description ---- ---------------------- -------------------------------------------------- 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5002] 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 TVD_RCVD_IP Message was received from an IP address 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (chezhiting70437[at]126.com) 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit (chezhiting70437[at]126.com) 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [22.214.171.124 listed in zen.spamhaus.org] 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL 1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL, https://senderscore.org/blacklistlookup/ [126.96.36.199 listed in bl.score.senderscore.com] 0.0 HTML_MESSAGE BODY: HTML included in message 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags 1.5 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length greater than 79 characters 0.1 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.5 MISSING_MID Missing Message-Id: header 2.5 TVD_SPACE_RATIO_MINFP Space ratio
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)