The email was sent on 2019-05-26 04:57:52 and appeared to be from email@example.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to firstname.lastname@example.org which was the scammer's actual email address.
It was probably sent from 126.96.36.199 in Xuzhou, China - Click here to see the location on a map
Click here to leave a comment
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Sun, 26 May 2019 01:57:52 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||188.8.131.52|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||softfail (transitioning domain of guru.ua does not designate 184.108.40.206 as permitted sender)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||JR0UCvkWLDuFpiyF5SE30UC1ZGTJ_r9leYS3CfQ0aURIDGnd G.itnKWrUjp60X9vRNGcsEUQ22RUn35HbBBkuwQc.bLnAC4pV7BEE6YP6NGv _B.Zup3fH9JUdjcW9OshLopd0LntoshPehtvyLhN1UH0Y7LDyerVFlBDMc9H ._fMLyBfLV22YVvmIPY80KpAjd6UOY_1imrxJ8s_J48OJGi9DNu02C4ylsXD rxkix0QoJzBTE8TuhUZstIesC46eYtWIowHBY0.fi8MR8IFRaqYMsRTvQmdM 6N6104P0Z3y2omccixXz_7zsxeqBjzcwKjRGbIvFZ88XzHgd.9xafq7WcVKb 4htLCNxJE8pvM.XCYwJluajtR8FqOn5gocRsja5hDUxOSqL2r_vc9rqtX92o AJdEsrGPmTHlT4VjFuI97mZCuGqHyvI_pkTa4sFEx13VkMC0Ur_twXssuUfN 9WLE8C3tlBftTPLmO96Z4xUPsB4W4XfG08YgAkQT8y8PMGzAtHLh32dQCDb6 Sca0rcXSI0hzIaqDQKuMrljurJHA36jkhxGTqDC2ryjUODyOuzB2clf54wWU W1jnUpgb6vZPWEyHHNepSwjxhJSJm1SAVfwvGOHRpgU035WPve0ZKBiGLBml ESaBmZmVNr5GGtGp.QSUkDuwH8lEac0YM6aQG9CcCx276tBImJthilXn1O2F lqxBrPeuV2V8jXMp4EL5QoOd0AsDU4KBrPGxb.bm.emQSP9X5bBEc.xEfba0 mAxPm2kKUx7E_HS.txhO6uwGd8KCVhMXdQX8jsCYusdZSV7vOBYYdGPXOROP NJlLCQUMXsAKzDlJ1BYAKR7SBOEgwkqZ0XnuuKaqxdfPBmNJGDfNoy7DM8Di VEFqcIVWwgObQXexl0jxezUzQ_UL_QfUlrDMKfqXXW6G3_4shFc6DZrZ1CRi 3ZFoYGY5EPxFS5kJVMhhxeAmRmYShTRzkGi7ltJvdSmB1.T_ksYPYwiDZ5pc 8s3gelXmHMJh4dRKe04mew--|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[220.127.116.11]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4209.mail.bf1.yahoo.com from=126.com; dkim=neutral (no sig)|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO mail.myopra.ir) (18.104.22.168) by mta4209.mail.bf1.yahoo.com with SMTP; Sun, 26 May 2019 01:57:51 +0000|
|Date:||The date/time the email was sent||Sun, 26 May 2019 09:57:26 +0800 (CST)|
|From:||This is the address the email was apparently sent from||dengbi3658839927 [email address removed]|
|Sender:||The official sender of the email, can be different from the 'from' (e.g. if a company wishes to maintain that the email was officially sent by them)||yozhvsoer [email address removed]|
|To:||The email address(es) the email was sent to||sscatcher [email address removed]|
|Message-ID:||A unique ID assigned to the ID for reference purposes||[email address removed]|
|Subject:||The subject of the email||Re: 1-Stop Sourcing for MHE|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||text/html; charset=UTF-8|
|Content-Transfer-Encoding:||How the email has been encoded to comply with regulations (e.g. maximum characters per line)||quoted-printable|
|Content-Length:||The size of the email, in bytes||1349|
Dear Sir or Madam,
Zhejiang Aplifts Machinery Co., Ltd. offers Material Handling
Equipments, always assuring your customers? highest quality demands.
have four advanges in the Material Handling Eqipments Industry(Pallet Truck,
Stacker, Lift Table and Forklift):
5 years warranty pump brings Long Life
Time of our Equipments.
Products CE Certificated.
Professional Teams with 25 years? Rich Experience of Material
Equipment Design and Manufacture.
If customer developments
are needed, please feel free to reply the mail.
Zhejiang Aplifts Machinery Co.,
Jiangshan Town, Yinzhou District, Ningbo, Zhejiang Province 315000,
Tel: +86-574-2558 2099
If you like to removed from our
Please reply with subject "REMOVE"
We are sorry for the
pts rule description ---- ---------------------- -------------------------------------------------- 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.0 TVD_RCVD_IP Message was received from an IP address 1.0 SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) 0.2 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level mail domains are different 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (dengbi3658839927[at]126.com) 3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL [22.214.171.124 listed in zen.spamhaus.org] 1.7 DEAR_SOMETHING BODY: Contains 'Dear (something)' 0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts 0.0 HTML_MESSAGE BODY: HTML included in message 0.0 MIME_QP_LONG_LINE RAW: Quoted-printable line longer than 76 chars 0.6 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag 0.2 FREEMAIL_FORGED_FROMDOMAIN 2nd level domains in From and EnvelopeFrom freemail headers are different
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
Please do not click on links in the above email or make use of any contact details in the above email.