The email was sent on 2019-05-06 04:29:46 and appeared to be from firstname.lastname@example.org but this address could have been spoofed.
If you replied to this email, your reply would have been sent to email@example.com which was the scammer's actual email address.
It was probably sent from 184.108.40.206 in Unknown, United States
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Mon, 06 May 2019 01:29:46 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||220.127.116.11|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||none (domain of lfulqawfijcnlb.com does not designate permitted sender hosts)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||26_4s_sWLDt_EWrDNs7QU7rS.dSSnSr_Rp4Opt0Zh13Xtm.q 1qlRSHNnlN91J2_j03prQPBKnrFC.64wc3n0cH5uKg3x.VRaWSbasM6yXU31 vC8QJ606wo0bRHTp5ZoTlOQYeSgU5WiiXrnqm6b7rHb6tQtwi3aG0wcc6Zpm hJyW8O8ynW6XUX5DCIL0P9DO1G6sLkqrKfv7dbHCGfoKjlMn_qCVqmgkrQO0 rC4_NxxKSjBQPG6Chuls1krFNPAy6E6qv0zA5BnuH.AKZzS0mVr06KYD2rC6 gx7hvPw9Ru3Vh_8iY59mVB18fiQMq7DKKAme0MVM0jFGoxURZKfxvedKPXll 6E1J6LVM.dZMbT3X0jneFW4aHSvypfliw1wuf2uihwSZUVPv_BpzgEzzaWLK JzlEHK1xoctoKjcP6j.uIQZbhl4TmJOnAOO4ysxnV58mSVZOjjxgBoBbxnc_ MJeDIegQwtTUoD.TCpUVxNn38vvvwIZNssLi_HSOAES_jKzFQ12Ih5KF2V36 u5i3xjxIQ3UbqC3sTfMbgPuk29hLOdGJihjbngEAIL0n5OGwvjnsbaEjhIHI MmIMQQ1Jhxy46aEXF8yuBR31mIsMyRGiL7SMtGvKMk3xxs7iSxuSNOlMXNzt C5Zx56soMGjozAeYVq4NxAXLOfJkRqtgBdvWWZoMGTksoiq359DAouzOO0zW 87iQurfZefVFdOPDP6RXQVnKo7yEaaA1NydG4QYJfcj62uMuXK92uZmy05Ge ve.4FPZaVhbE_27Y43na9yqfiKxyWg9ia7fn8Y8sdJuRP2..aN2Wvk_7rpCK qE2cb4FV95canurSRlNSNLphazUlAXzo6khr3CoxdDvyVTqXDjCA5nXQyEqS sy01xZwn6SPWVuYSgqZRxOytgONW8gI.cVm9HskNkVgulrvF_FxtHKIWsZST MLFo6tH8z5hnnaP7iit4eoAcDbvJ.pbPqpsGBn4zk2ne1Wzyqcj4AvTMaGTB mDl72E6JGfv47AO2.I_L.xKXGV5GoMoNs79wBG3m3rEWBfSJEWWQl5VMGCE_ cVJb1SQnz_PAlfcZnWSgmPPObs24aTeov.O6_PhlOt0dGX07ty1L1s9iFw4w CaRmzU731Wbd0vnK9Dn8wPpLh4yoosB0|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[18.104.22.168]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4111.mail.bf1.yahoo.com from=lfulqawfijcnlb.com; dkim=neutral (no sig)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO gxotwmfvlv.com) (22.214.171.124) by mta4111.mail.bf1.yahoo.com with SMTPS; Mon, 06 May 2019 01:29:46 +0000|
|Date:||The date/time the email was sent||Mon, 6 May 2019 01:29:45 +0000|
|To:||The email address(es) the email was sent to||[email address removed] [email address removed]|
|From:||This is the address the email was apparently sent from||Lilian [email address removed]|
|Subject:||The subject of the email||Something naughty must happen soon :)|
|Message-ID:||A unique ID assigned to the ID for reference purposes||[email address removed]|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/html; charset=iso-8859-1|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||base64|
|Content-Length:||The size of the email, in bytes||8970|
|This message was sent automatically. If you do not want to receive these emails from us, please unsubscribe here|
Is this unwanted or inappropriate contact? Report to the ESP directly by calling or texting 305-857-5930.
pts rule description ---- ---------------------- -------------------------------------------------- 3.5 BAYES_99 BODY: Bayes spam probability is 99 to 100% [score: 0.9960] 0.0 HK_RANDOM_ENVFROM Envelope sender username looks random 0.0 TVD_RCVD_IP Message was received from an IP address 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.9 DKIM_ADSP_NXDOMAIN No valid author signature and domain not in DNS 0.0 NO_DNS_FOR_FROM DNS: Envelope sender has no MX or A DNS records 3.3 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS [126.96.36.199 listed in zen.spamhaus.org] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists… #dnsbl-block for more information. [URIs: redlglitchesatwinku.bid] 0.7 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_FONT_LOW_CONTRAST BODY: HTML font color similar or identical to background 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 T_KAM_HTML_FONT_INVALID BODY: Test for Invalidly Named or Formatted Colors in HTML 1.5 BASE64_LENGTH_79_INF BODY: base64 encoded email part uses line length greater than 79 characters 3.1 MIXED_ES Too many es are not es 0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag
Please be careful with the links in the above email - Scammed.by strongly suggests that you do not click on any links in the above message
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
You can contact ScamSearch at help at scammed.by for any information, help, or if you have spotted a legitimate email. Please link to the email you think is legitimate.
ScamSearch does not accept any responsibility for visitors enduring any issues as a result of following links in the above email and/or contacting the sender
Please do not contact the sender unless you know what you are doing (i.e. experienced scambaiters)