The email was sent on 2019-01-07 17:04:13 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
It was probably sent from 220.127.116.11 in Xuzhou, China
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Mon, 07 Jan 2019 14:04:12 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||18.104.22.168|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||none (domain of zoap.com does not designate permitted sender hosts)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||uXnTaL0WLDvcZCkC6hh32LbiK1LxMLTETIes52LtJYRC4jj2 wQcQdTrSTF.Q5QgLldzi4FBCO3f8M5HdJWTOG9LJfeikONp5M5vvrU9wLmG. RXgn1_DFfoOE0FQw.rxWE174Vassq7Q8xZ3OxNMR7IN5aAkGUPEzzZm82X6W LQ9Cgr0XMVfTQPKiWRelzS6yCs6eI9WQUBrpkogLCKpvlCb8JD.VMuHie9TC 7K4MLxlHbQaRyp_LyitBK_zrjT7tDx.51wLNubTR7iQCO3oaRz.volyzXCU8 EM6OZo3xrdLsfiyuxEIyfcab.rOZ73_nPqF6Afch0U7OyNfaAkrQ14myz7OV Le4IT8DPCmCWDS3meQ2gfxeBxHZugCuwzBahGm6BA0jTCrEhj_zHniQCC4Da _e4uWUWPtMI_XgE5spFCg_vyBhQqKorSRswZERXVzD6T.1r2GeLgR9rBhbk8 Iz14zBaYT6JkAKIgztoFASEirfNcZvA9WeTxnhhSJeDATd9SZw65zx9mPiF0 TkauoTEjPYFCUZmSXBfTlbMv1tXJphEkcf1SNU5QmH_xLUFI4Lg33sKokl1g DuM4b8gFh0QZ1iFFL1z9u28RnK8d4UNhfsKROFyRsiqrpIUqek_6FUHegBxP dTCuFQJwlbZSPekWw45gNOGVHt12eCm8c4ib6klHZKg16W3zxdzul2lMeyGv rjlp88qK7L672chnJlGAA7sF.d17_mX1lRMIuTdMX469PorOGkEe5dZ2.oyM xSDQh3G9IkNoVK12pfWnNZb6GbDVstyNa6OzC2ybcMR7zuzPupwbmzbsMooi GBtBQacDxD4hdl3QZtsZGdlAmcTkg_Yd278ysL_jXwqLhfEi18.IjHkzJSPY 4vBdqo_CZGcgqm98bRToDVsR4tEzUZytuDf5kGy665goajgfk7Tr3lMSVeMJ 1ypSH5yltDT383V.66Bx9d.Lb0X2E.RJdDRj3MKeNRnCj1IWiAFLpXrYyLSy dNOpzkKKhQL1fa_lZQ9hDvNts2OdkbcpXys-|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[22.214.171.124]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4087.mail.gq1.yahoo.com from=126.com; dkim=neutral (no sig)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO zoap.com) (126.96.36.199) by mta4087.mail.gq1.yahoo.com with SMTP; Mon, 07 Jan 2019 14:04:12 +0000|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from vps18251 ([127.0.0.1]) by localhost via TCP with ESMTPA; Mon, 07 Jan 2019 22:03:46 +0800|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|From:||This is the address the email was apparently sent from||"Jason Law" [email address removed]|
|Sender:||The official sender of the email, can be different from the 'from' (e.g. if a company wishes to maintain that the email was officially sent by them)||"Jason Law" [email address removed]|
|To:||The email address(es) the email was sent to||[email address removed]|
|Reply-To:||This is the email address any reply would be sent to by default||"Jason Law" [email address removed]|
|Date:||The date/time the email was sent||7 Jan 2019 22:03:46 +0800|
|Subject:||The subject of the email||=?utf-8?B?UmU6ICBNYXRlcmlhbCBIYW5kbGluZyBFcXVpcG1lbnQ=?=|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/html; charset=utf-8|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||base64|
|Content-Length:||The size of the email, in bytes||6888|
We supply Material Handling Equipments with good quality and very competitive price. Hope to be a partner of your company!
E-catalog will be provided if needed.
Email me or just call me directly. Thank you!
Ningbo Cholift Forklift Co.,Ltd.
No.97 Jiudu Road, Qiaotouhu Street, Ninghai, 315609, China
pts rule description ---- ---------------------- -------------------------------------------------- 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5678] 0.0 HK_RANDOM_ENVFROM Envelope sender username looks random 0.0 TVD_RCVD_IP Message was received from an IP address 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (fengdaidou379[at]126.com) 0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in digit (fengdaidou379[at]126.com) 0.4 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL [188.8.131.52 listed in zen.spamhaus.org] 3.3 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_EXTRA_CLOSE BODY: HTML contains far too many close tags 1.0 HTML_FONT_FACE_BAD BODY: HTML font face is not a word 0.0 HTML_MESSAGE BODY: HTML included in message 1.5 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length greater than 79 characters 0.0 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different 0.5 MISSING_MID Missing Message-Id: header 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)