The email was sent on 2018-12-18 10:14:06 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
It was probably sent from 18.104.22.168 in Xuzhou, China
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Tue, 18 Dec 2018 07:14:06 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||22.214.171.124|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||none (domain of vtft.com does not designate permitted sender hosts)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||1U...Q8WLDt5u8f1BnTkJFWLRSFPacqc5D4EWZbllBVuvPM0 kDEdnUE1w5sSvNh6f9aqPv5fnrkogsAcL_CEmqFvTIdqNaauOOIHfjCQirVv xguF17LZUHoz86LP8f7JKQnSw3BiS6Oe_f.0hcl_PzwuShyJlbSwgKolLcMg r_lqeMap8JrR_NP8wq1ahUl4Z_baTBbxcFTU5Kc5wUaCDNi77kloN1o8U4ol K_s76cf2uh2Z7CCNOpIU4EUFggsDYyNL7T8pQIlp5aG85pRMDl3RJzvgMk4I cOaGPSuSZFAwN.PeCaTLmC7Gu.GSsoIQqEbXI6t24.Gt_zrMY5WZvNrJqscJ uk.JhmAtUFHQkur1_zzHDngA8D9E56gdqTHH3W4IcvqzOrnltp_KrFZHwW7t ByyogPop_KRIa1Bru9m8IEhH6V4fvksZnA_e7YUP6t84g3gvVGjUID6qSXw6 QWCofAPHkzW2PfecLQ9NIyDmPFDkQYE2tnOMIpdXrOVcFb4I4d5ej_YEzSU1 uccVSPgXczAsr3C2K9KKL4Q6m_B7oF0z0YgaYpxE.hgMnWffZyrByTHOnlGY i3vefdosH5tnTuVa_8SmXi8JMOm3MGpnm_.7VXntSDMvEBWYhiCtGt5KAmH_ zlGsvu2mbE45_BWNNs1Y1OWGfytsuM..D9pCj1IDoJDXl04eyv6hVejbKFqm 9gB4W.E_Fqj6E_4a9icS3tdxnVwigL6_cjvGXjfeVQej97nZ9DbewYEb25D. 5jLKisFwgjTCLtsIVPD6xvlumeMcqG7VjghT_QKZNNSYiYCGFqIH4np.Ia9j 1Ewd4kKn1e_izzmO8f9xjadtxhqyeRUCsNSm29IjJ5wMwLjhUXHx7beyiWZS WnghpM.dokHqkdZCNbIixsdc5ffXYqnJwVloaO5CnaVFxbKeVNnM4DZ6ICvf Uj.wmtNLa8Va7KY7_1Y6jfBOSWFZuiRGHdAZh_yDVvH9QuuagbZJ7HVpUO99 m22F06pl3S3EdHG1DCEo4fOhokI.D0O2byzx|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[126.96.36.199]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4249.mail.bf1.yahoo.com from=126.com; dkim=neutral (no sig)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO vtft.com) (188.8.131.52) by mta4249.mail.bf1.yahoo.com with SMTP; Tue, 18 Dec 2018 07:14:05 +0000|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from vps18251 ([127.0.0.1]) by localhost via TCP with ESMTPA; Tue, 18 Dec 2018 15:11:22 +0800|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|From:||This is the address the email was apparently sent from||"Jason Law" [email address removed]|
|Sender:||The official sender of the email, can be different from the 'from' (e.g. if a company wishes to maintain that the email was officially sent by them)||"Jason Law" [email address removed]|
|To:||The email address(es) the email was sent to||[email address removed]|
|Reply-To:||This is the email address any reply would be sent to by default||"Jason Law" [email address removed]|
|Date:||The date/time the email was sent||18 Dec 2018 15:11:22 +0800|
|Subject:||The subject of the email||=?utf-8?B?UmU6ICBNYXRlcmlhbCBIYW5kbGluZyBFcXVpcG1lbnQ=?=|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/html; charset=utf-8|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||base64|
|Content-Length:||The size of the email, in bytes||6888|
We supply Material Handling Equipments with good quality and very competitive price. Hope to be a partner of your company!
E-catalog will be provided if needed.
Email me or just call me directly. Thank you!
Ningbo Cholift Forklift Co.,Ltd.
No.97 Jiudu Road, Qiaotouhu Street, Ninghai, 315609, China
pts rule description ---- ---------------------- -------------------------------------------------- 0.0 TVD_RCVD_IP Message was received from an IP address 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (fengdaidou379[at]126.com) 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit (fengdaidou379[at]126.com) 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [184.108.40.206 listed in zen.spamhaus.org] 2.0 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length greater than 79 characters 0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags 0.0 HTML_MESSAGE BODY: HTML included in message 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.3 HTML_FONT_FACE_BAD BODY: HTML font face is not a word 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.1 MISSING_MID Missing Message-Id: header
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)