The email was sent on 2019-07-06 14:51:45 and appeared to be from email@example.com but this address could have been spoofed.
If you replied to this email, your reply would have been sent to firstname.lastname@example.org which was the scammer's actual email address.
It was probably sent from 18.104.22.168 in Amsterdam, Netherlands - Click here to see the location on a map
Click here to leave a comment
Explains what each bit of the header means, and shows the journey the email took. Click here to show or hide it
|X-Apparently-To:||Used when there is no 'to' field in the header, does the same thing (says what email address(es) the email is sent to||[email address removed] Sat, 06 Jul 2019 11:51:45 +0000|
|Return-Path:||The address the email was sent from, or at least the one this email should be 'bounced' back to if it can not be delivered. Often spammers and scammers modify the email header to set a different return-path||[email address removed]|
|Authentication-Results:||Returns the result given in the Received-SPF field, and says spf=pass if the email passed authentication. Also uses the DKIM signature, and equally returns dkim=pass if the DKIM signature was okay. More info||mta4317.mail.ne1.yahoo.com [email address removed] header.s=20161025 dkim=pass (ok); spfDomain=gmail.com spfResult=pass; dmarc=pass(p=none sp=quarantine dis=none) header.from=gmail.com|
|X-YahooFilteredBulk:||The IP here was blacklisted by Yahoo for sending spam||22.214.171.124|
|Received-SPF:||Returns 'pass' if the email was sent legitimately, 'neutral' if the server thinks nothing is right or wrong, 'soft fail' if it's not a serious issue, 'fail' if the email was sent by an unauthorised user or IP address (often if the mail server is hacked into), 'none' if the server can't tell, 'permerror' if the mail client does not understand what the server is saying, 'temperror' if the client can't connect to the server. More info||pass (domain of gmail.com designates 126.96.36.199 as permitted sender)|
|X-YMailISG:||A unique ID added by the Yahoo Inbound Spam Guard||jg6.fRcWLDsQtviAV6agUELy02ZD94pMQOWwk4w40oJgEbG4 EVUHeceB9ZWiOAnQsQhmp76twXXeKFN7kzxQC9CinNdf3D13mdlBZy5gQHn0 8_49aMVcdDBFh5jNtnSi7rqdjkg14QmqLDHT5hWE043_3dOXjW84Q.2KwuVQ qFaBW5wBMZIR2sBY9g0tBlpKAaMo0D.pAyjnVwyj0fDpiPfxS.ezpYVOEOCB GtGAFGK5vi5WCyA1.7duwUg72efFFovACGRKsbUXbjqZC3qRaR5XyR9dct2_ xi5HaoMc3jcJ5.nwY1F1_a.rQB5yHKwCvhAgVeTy_2hT77d8zx_2cuAwPFyj Adj_A0u2odACfMDonawAPrzg7NGUlnhPI7z37fsXgPmKSW7gVKc1dP9swH4I iya_21_2v8QyGjZPAaODWSSbpyCwyec4x_DpzpNAAgfDBj3u7V0Z_Y3_QRgy EEuO1jPieOPXHSEeyet7U_BoD1bWam2zekyuYXC.hIwsbcPnSVbniLq6PPUG NAQ3sgA0HRA65DzkRRvcoAwc_dk3DyrwKNMDr8b46D2QCiW9xfbSwt2H.8sc MrWhbAVzfV0ho7y6HITGpkE2ocL4fOdL8kPcDW5Dk9ELJkj6dJTPrpbdRQVI B2.ej.6x8DJBKPrI3qYHFP4_174zo8_lL32cd1Zgb7TSHyW68En4y9s1JQaN oRPWys0yHrO4tIbPUGh1ZVUKOlvDv5KbD2rO3SUJZ1W9c9DPa_340_og.Fwq br9syzlztDid2oeteP5OlrnsJ_Uyt50xzRYFRbe0Oz_ARD_dM1b6hlPEOyyw ZIW0rkMXzc_UlBE_ikNkday.TGPuAbVurkubXGzwPIq2_aKMbJ0WD2QJbiln r7mTSdUgNIYMw4fRIynZqcWij5TQg3yj812Cy7jz3xVioePtkeLSutxW6_eW Z_HFG0umik8XrjNBHo.Lkh0Juhm2qhjv8f.7XQ5iR0IJcGW.Zfq7hAy.izn5 eQGFM8mhbh2y3Fd0JBYyYOBdDypAcTN.h4hwxynC3m3oJ650MKbRtvVyRnpV MvwUprTi9kR_iCe6dNkmkyHJmMWEl9QhTEeldRYdRnX19Y9qWcCrMbq.8Th8 dxYzfB0Fz2SAS61lil_S0A9kqX12v5Oyj_MOvogCCOaLZOqZZ2Ea14wHRAFK .RooVZ.H9E5Qc6ihsFQMRc46KKGrWy.JGaE6mBqDy3.0Y5eg3J0ZJj9SqQiU SRzPHaCaMV3mAW9x0vpMck3E_ChbHTYQi.rGiTYbMkJ1PLGl31rN1jQKGziz ubSbgXeOD0Z.w9BY.ZV09J95SQhoJggcGJQY3A47hJAHwNP7CK05Mjj.ixDm pVFz7xcpq9n0P05tL1q8n1rLNeikrH.YnXmmqQBpGzULzlZ2_ukvEjPK1wVe ODzQKKIMnZVsNQHbSzvgcSrl4Q8EbqDQTg4CysMsmD.cyX0_wCDnmtJnWmTf 39jNX8grarQxA_f6SAXLVjEf.1s-|
|X-Originating-IP:||The IP address the email was originally sent from, sometimes wrong - the bottom 'Received' field in the email header is the most reliable indicator of what IP the email came from||[188.8.131.52]|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||from 127.0.0.1 (EHLO mail-lf1-f67.google.com) (184.108.40.206) by mta4317.mail.ne1.yahoo.com with SMTPS; Sat, 06 Jul 2019 11:51:44 +0000|
|Received:||Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||by mail-lf1-f67.google.com with SMTP id h28so3569043lfj.5 for [email address removed] Sat, 06 Jul 2019 04:51:43 -0700 (PDT)|
|DKIM-Signature:||Used to verify message integrity and ensure the header is not spoofed||v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=yB6OL/q9RModmMycoEA7kSEgmgR1EeCm0bujCRkdVEw=; b=XX2EOb2t2DghgXBa5+W7/e1t3SPIaaKbUl1FXJWQl+Db3k6UocaS4LUHsRCuCOw01/ FSk0oMvpFzaleEW3pCnNDjuI7fFmTYJ2rr2YRAppj0VWyvT0yuHOEzDKkTeBoyD7prmv TpHvUvX6pwTQd/ujklZ1ghA5CvzYzO+kPLf7QC7M+x0zlrivYtlz9pkpLBbr6KMrc0Tj B7+rdRrLkoxYWh60bkSwyVilEvy9Da3mBB7gLbBFDVcp9A5dTxdAajI+3CZ7sgdj0V4S dKook//EH/pFylLdXomXQWMX6a2xUj2RV+Ck32u7ok1TpvFnoT/0K/bAIj5k2ScRmRn6 2eSw==|
|X-Google-DKIM-Signature:||Google Mail adds this to all their headers, it is used to verify message integrity and ensure the header is not spoofed||v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=yB6OL/q9RModmMycoEA7kSEgmgR1EeCm0bujCRkdVEw=; b=ZPuFmLc3j9205mny90eVk771BziQE7RHikV9lvc9rgV1Ctzl58+rFEai5Ux82GPr5N SQf5Z+aSAPfWXVqtDPOvC1jpVyes9pJP2yS13U22uMPjgBLwS6DHUCj2fAeAiWfE/Cpi eFIdIX+CoLna0oWLSArIMSN/MwsvQHpsezvkmnpZdKXvECwXpcW573+8ze1Q9seiyrk7 TxYGq72Hk6NW0NC2iiuUsF4sMBWuFk0sxiGCT888azDnr5HUP6nzoWLcLhyc6xHeWCwx QcxFFX3w0/IU3wvlbjCEss+Z03Eotue026MOCfxojKtBjW4njcU+Lo/yDTaeH0g6PAy0 sUMA== X-Gm-Message-State: APjAAAUNvXoch1yTePB0FV9mcI/6TDqHAdocl6BFfYU3PKfjwhx0v0jF ax3Aid/yPL2y9wU0k7GTJKRnckIjuc0+N+cKaFI= X-Google-Smtp-Source: APXvYqwQyNicVTN8RwfYYNaOu8S9bqsVgIvSOGFavy27ZHpuiNzaiQrf6N9gXJVQZtepkj/Vix3FyMrtKXwQC5wy/BE=|
|X-Received:||Just like 'Received'. Part of the journey the email took to reach us/you, these tend to be in the order bottom-to-top so the first 'Received' is the last step the email took and the last 'Received' is the first step the email took||by 2002:a19:5f46:: with SMTP id a6mr4309826lfj.142.1562413902691; Sat, 06 Jul 2019 04:51:42 -0700 (PDT)|
|MIME-Version:||Included, usually 1.0, if the email or header contains any non-ASCII characters or non-text attachments, or if the email is multi-part (contains a plain text version plus an HTML one, lets the user's email client or webmail decide which version to display)||1.0|
|From:||This is the address the email was apparently sent from||Executive Governor CBN [email address removed]|
|Date:||The date/time the email was sent||Sat, 6 Jul 2019 13:51:31 +0200|
|Message-ID:||A unique ID assigned to the ID for reference purposes||[email address removed]|
|Subject:||The subject of the email||INTEREST RATE OF $900.00 DRAFT CHECK PAYMENT .|
|To:||The email address(es) the email was sent to||undisclosed-recipients:;|
|Content-Type:||What type of content the email usually is, usually text/html, and what character set is used||multipart/alternative; boundary="000000000000a9839d058d01d5ad"|
|Bcc:||Email addresses the email was secretly copied into, this field is usually blanked so even by viewing the email header you can't see who was secretly copied into the email||[email address removed]|
|Content-Length:||The size of the email, in bytes||20413|
pts rule description ---- ---------------------- -------------------------------------------------- 000.00 2018 Interest Rate .
The only thing this draft will cost you is Courier fees [...] 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists… #dnsbl-block for more information. [URIs: theeagleonline.com] 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% [score: 0.5000] 0.0 TVD_RCVD_IP Message was received from an IP address 0.0 TVD_RCVD_IP4 Message was received from an IPv4 address 0.2 FREEMAIL_ENVFROM_END_DIGIT Envelope-from freemail username ends in digit (godwinemefiele101010[at]gmail.com) 0.5 SUBJ_ALL_CAPS Subject is all capitals -0.0 SPF_PASS SPF: sender matches SPF record 0.0 DKIM_ADSP_CUSTOM_MED No valid author signature, adsp_override is CUSTOM_MED 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (godwinemefiele101010[at]gmail.com) -0.1 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [220.127.116.11 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [18.104.22.168 listed in list.dnswl.org] 0.3 PP_MIME_FAKE_ASCII_TEXT BODY: MIME text/plain claims to be ASCII but isn't 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 0.0 LOTS_OF_MONEY Huge... sums of money 0.0 PDS_NO_HELO_DNS High profile HELO but no A record 0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid 0.9 NML_ADSP_CUSTOM_MED ADSP custom_med hit, and not from a mailing list 2.0 MIME_NO_TEXT No (properly identified) text body parts 2.6 MONEY_ATM_CARD Lots of money on an ATM card 0.0 T_FILL_THIS_FORM_SHORT Fill in a short form with personal information 2.9 MONEY_FRAUD_8 Lots of money and very many fraud phrases 2.5 MONEY_FORM_SHORT Lots of money if you fill out a short form 0.5 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money 2.9 FORM_FRAUD_5 Fill a form and many fraud phrases
The email above is most likely a scam but every now and then legitimate emails do come through, as do spam emails which are not attempting to defraud, so please use your judgement
Please do not click on links in the above email or make use of any contact details in the above email.