The email was sent on 2019-01-03 19:14:40 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
Although the email apparently came from Mountain View, this is where Gmail, Yahoo and Outlook are. They probably hid the actual sender's IP address and put their own in instead.
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Thu, 03 Jan 2019 16:14:39 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||184.108.40.206|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||none (domain of ctqnxrwszbntg.com does not designate permitted sender hosts)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||MCkPbVcWLDuRiVi96NasH7EOHuFQy_yUMev6JKpqV4LOHT8U kJQODoL_z0iUv6u95hmha4mPxgLhOdqAgI2wUs6dK4Z.hDSSW7xi.C14xa72 tsTVt0_Oq9ICQiy4m_kuiC0NhK54cZsS36OiMoHVPtAyBLNlVJI8dPtsNbZB 5bb2JGjItMz5z5krNPQswy9p9_XNpufc7xOo5VXSWMku1RtSvi78ddLXj8KB 2S.x63jrk8FZl3BK1nSQB5.ws1Z8a6GWBfQvCOuGya.6nW2AXD6kGJIU62ov 0TG79gcmtJEYYbdu_J5953TeC8Q46ydo2FyCN2E6ioZcyPlz5pPEJliAct9x ymRq3FMR7hx1std.B7WpnKBtSD_bp4hjNyMV4qL4x4T04sZoHFpqmdU116mH wLpbVd9ddIf5jKXalxB7bRaaBpw9nEtuQeav88Sr5b_bqIq.jE_1sk3PwIo5 0GytIgbGvi8QTXDY9GZRhMXtXqrDlAq0kKqa2FJ.nvibiDxdsWS3KTKmz5g9 FOFnp_K2xQZSiNNMpWkPmt4tZNd44k7Y0qLvMiTRKRDFMXMNHBjoPPbwcad6 1eqEky2mFJO90auZ7oPJATLzMgf8y.MBzkHhbA0yyA3NVvTF1QHfwpNS0Bzq da5Xj7O4ZCfIOfOD3wJDNavIuMxWkfsRqdcT..bXrWp2iOS7U7lnBnePtnsQ veDKArJ3DNjPfPCuaxC5uyqvsjuCkLWhC.ruam41MQ8RvmROAPZjqXi29Woo qq4sHuh4ZsF9_mWvTzb0224eNP4EJ02Vpk1__yEgG4bE1rjijIXRarZ3wXJC Ev3VkZc4aUAb_sWD99eIn_WF829VPi3AcxUq90Ang4WUG8mRL7wbiDnRc0cp AEz5Iypgwcfm0zFmn5uXREZbLKmSCQnoJr40d0BrZXRNUd6FKvR_X6OFKPy_ LUv0ASA5fx3UrQUSruVErFH8C_hav3vOJmQcJA--|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[220.127.116.11]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4398.mail.ne1.yahoo.com from=ctqnxrwszbntg.com; dkim=neutral (no sig)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO erorwwgneo.com) (18.104.22.168) by mta4398.mail.ne1.yahoo.com with SMTPS; Thu, 03 Jan 2019 16:14:39 +0000|
|Date:||The date/time the email was sent||Thu, 3 Jan 2019 16:14:38 +0000|
|To:||The email address(es) the email was sent to||[email address removed] [email address removed]|
|From:||This is the address the email was apparently sent from||Female F#ck Buddies [email address removed]|
|Subject:||The subject of the email||46 Females Near You|
|Message-ID:||A unique ID assigned to the ID for reference purposes||[email address removed]|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/html; charset=iso-8859-1|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)|
|Content-Length:||The size of the email, in bytes||1|
pts rule description ---- ---------------------- -------------------------------------------------- 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 TVD_RCVD_IP Message was received from an IP address 0.5 FROM_DOMAIN_NOVOWEL From: domain has series of non-vowel letters 0.8 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS 1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message 0.4 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)