One of the subscribers on the mailhost I run has been receiving scads of spam mail "from himself." With SPF set up and validated on the domain (wickenburg.us) this should not be happening. It is not happening on any of my other domains (though this could be more of a spammer opportunity thing than a technical thing).
The SPF record is simple and severe: v=spf1 a mx ip4:96.125.170.48 -all
Bottom line, all mail "from" wickenburg.us has to come from 96.125.170.48, period.
Examining the full headers of the offending incoming mail, I find that every one contains this line:
Received-SPF: pass (domain of gmail.com designates <spammer's IP> as permitted sender)
"envelope from" is always specified as <>
.
I'm at a loss to comprehend this. I've never delegated Google any authority whatsoever to determine what is or is not a valid email from my domain name, and my domain arrangement doesn't involve Google in any way. The fact that anyone is even asking or believing Google's take on the matter seems to violate the entire design of SPF.
What do I need to do to remedy this problem?
EDIT: Here is a sample set of full headers as requested.
Return-Path: <>
Delivered-To: [email protected]
Received: from server.wickenburg.us
by server.wickenburg.us with LMTP
id NQs7NHvUvmRPaQAAeQzYKg
(envelope-from <>)
for <[email protected]>; Mon, 24 Jul 2023 12:43:55 -0700
Return-path: <>
Envelope-to: [email protected]
Delivery-date: Mon, 24 Jul 2023 12:43:55 -0700
Received: from [195.133.32.101] (port=53352 helo=r97.email.lefebvreelderecho.com)
by server.wickenburg.us with esmtp (Exim 4.96)
id 1qO1TI-00070c-0F
for [email protected];
Mon, 24 Jul 2023 12:43:55 -0700
Received: by 2002:a54:200c:0:b0:228:543a:1f5a with SMTP id t12csp1618203ecn;
Mon, 24 Jul 2023 11:29:26 -0700 (PDT)
X-Google-Smtp-Source: APBJJlGFskBq6vD+JptCL7CTitvNTO7/IPxEzuHDPKvHvDjtELTC/rAvYUkkInNXwcGoYqFWzD6p
X-Received: by 2002:a05:6a00:18aa:b0:686:290b:91f7 with SMTP id x42-20020a056a0018aa00b00686290b91f7mr7885971pfh.22.1690223366335;
Mon, 24 Jul 2023 11:29:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1690223366; cv=none;
d=google.com; s=arc-20160816;
b=oFTBlj60DutemJU6/VIqaY5SlSLFHaF2lAoDo6mni61DWkkjOgpQ3QUvcTTMtzBOES
5VwcBZATGpcm1wlErizZ4O/gdyvOFoyB6Tev6tXx2fgISqATbtxeswCrvmQRR7kBw0KY
oUSpsot28s39ike2WDzqjroLgKH8Z+Z8V7/ETMqJZkX8met8OJ0D6dZ2NC4UVw0GGae0
U4vlblGbVfQJV+PYHsZPzkkGjNYVQW1jpJT4ytrvMl+UMCaFLFEkxnb1yWr5mviGflzk
dev+HCwBUmImeYopm6wPWpoT1+Roo9x0y2KiyJJHln6RkKl8nqELyCQbqsmUgsjmJL5H
tcGQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
h=references:mime-version:subject:message-id:to:from:date
:dkim-signature;
bh=wO2NmQIfIA1TETnGAB3LAbdcIcFxJYvNim6ZNUQ7fAQ=;
fh=jiXLAKdjm0XSnS+zteR+sipnHmR6ae2WQlH3Cpp0Kls=;
b=nUOq8UzXt9MqhWFF/gfA3ZgRzEC3zOcfx86XAyi+JrsLSSclJpOPsRmWqUNb+3FU5j
naiZPQabYnOu+Xr1XUrZLWuxZvZQjN6uyQAQ8rkbAGhCgR9WtYUM87GaAu09NwFG9WNV
cT9JuUzhD76PMvatK24eXP8dsE10XJFgOVjL9bKjxIcq3sFtZ7IFmh9+soZAtDyoFjRq
MiDvrDS1kaTzlnrJcGXAuIfOGR0aQj1ko7hapKvjwmxYS+P3zmUdaECGGUGTtArfdFyP
TL/OhFZpWXwwKnIqnbNA4qO3c++YOMPNvCqTO4N5BihZ+7/cfB/UJ61AIt/uj1m2tSLx
EsSg==
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=a2048 header.b=gHShi1Su;
spf=pass (google.com: domain of [email protected] designates 98.137.65.83 as permitted sender) [email protected];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com
Received: from sonic313-20.consmr.mail.gq1.yahoo.com (sonic313-20.consmr.mail.gq1.yahoo.com. [98.137.65.83])
by mx.google.com with ESMTPS id j17-20020a056a00235100b0067ea76a7c59si10056277pfj.50.2023.07.24.11.29.26
for <[email protected]>
(version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
Mon, 24 Jul 2023 11:29:26 -0700 (PDT)
Received-SPF: pass (google.com: domain of [email protected] designates 98.137.65.83 as permitted sender) client-ip=98.137.65.83;
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=a2048 header.b=gHShi1Su;
spf=pass (google.com: domain of [email protected] designates 98.137.65.83 as permitted sender) [email protected];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=aol.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aol.com; s=a2048; t=1690223365; bh=wO2NmQIfIA1TETnGAB3LAbdcIcFxJYvNim6ZNUQ7fAQ=; h=Date:From:To:Subject:References:From:Subject:Reply-To; b=gHShi1SuWLTUbadusZH0I3/pF9Zov75eYIkvrEzC07efzFmOsjNZFLzppRKVCoQxnbBr1tK+aXBcBlf8xaYme6dhmr0UqvW3WWW6aKMHeVzvqGkjvbEwlStG+NClJr8UEonNTDT1FipCG96FLDHcnBoLn3a6t7o71ExU3KNK329DgZsJIDtwP+wTCjp9KnG0E7YlE7HrUIQz1f+Z6Hw01Hkxc1RC5Wc6DjdAsbFn9b26XRYRdLgcQ9/dpqhO3/sFD5Y5g7xovpVCQ0EqxYv08JAzIXW/K76f88HRVii6uXCw0PfRR5kzuIUGLGutZGc8MYX+/eCAvAyiSEBDYaLUMA==
X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1690223365; bh=w4zS8DeoeACKhNY4awKRnv6pKMGcrBajz8nL7G9ZiKU=; h=X-Sonic-MF:Date:From:To:Subject:From:Subject; b=rF2pfIyVoSWtHaVXNnmlmDfUUwAGkUeSxtzbwcvyRsJyERPaLz4eg6sXxttV6gTc88cdhbh8HKGkkQpsyv59hh16znm14b7gK0ruYUXvL7eqQl7bSexTfEMQpJ7AYl13N5RixcgxC3gPpp6WXdPgZeoXMEsAmT28WOTub9JvPwPJfAsIEq1KW0bON9FfluQI8BoLW7I91t2VB/FQH7FozPJp30kSDDGCkOQHZo5E62G53NVeOjH59B9XBjcrL+yExFV12wL2/LiSud7WYfCn2sce9C0QTN7qT8DAGMGBz9rbeIsh4zz0o+SGKgmD/WEknHWJriOHJF2/awkEHJDR7A==
X-YMail-OSG: 7puKTTQVM1lPe8geVVKv5FKML0FkhsO7xFWqSAvwfjvN7UPm9.30zmsM3Cu3ev_ 3xrsfN_yQsXxdMpPv9gO6t2hLtjFDAjOIhooeRqB24K0daosHkB.ZOOHvoOZ4livS2jtO9JgRkFg y6rrztrGmlg84rf3ratkrsRog14ChShf5QD.ZbLahW9xZ8.X5Xf5nOsM2nYrBMnGCIYO4a.3KKo_ JhorKQBc4usw47v014qlU1YenVUCWTtPueu7Hq1gTbq3_ow8lJBS6uIttw3zmGgQ5G8JlfHxjG.S H2fq59J0zy9rwOPRRh2SRiYa4ChtUsgZXjwS_.2gcgjEKOR1GZJp8ZyGEkYfPyyf5k_DUW4L6ChQ vp35TzHa_YX1LYRBtq.F9GHyjj48T13HDgqEr64zS7pG3K.VYUpjmh9YY5PKAlJzcdXQKw92_Uoe zJm6Y4z7lIpvk57hb.m4xpOWyTz3CSnu4Vuwc9E8K4Own16ay0RVn5NSoOTzDpfSrJeQLeyNIqjT cgbAfM7oJE8yzD9zTT2lB5czc67gFThvpO233fq_d2J8Upn00XhDHehjq3tyY8DcAC_gDQN6Snr9 ezJq3_Ltc_CXWpuake0s21xMM_bzziXTAW0OLDkktGrRbXNf2St6dhTVfb5h_LEUyHIm2tI5vwD8 J6Vlgaw.yDVf3hmgc434fILSmAoBF6YsL_JEzjNUqGArr6duKbA0C6mJUBDhOAtwJmQmpX2qnM2t U5QGi90V4e6icCHW99A5b.Cd8xhVsrkTAjHFjH.FpouEy_YXaL7qqLcwofoOSxKIF6MN1R3vYpHe UblGjGvlP43wVTeobWZyrJIRwu1JHjDQCAKqP50No4l5pAq42tMDvlk.xXHZMpNOYyitVbnr0h4z 6tKrAxwCg5PC3k7Uu1rbJQYUJ8G.AmN0gGEwIcwx3GJK9UN19Y.7hmjOgBYkW2vbOOAkkCZmQRxF LtO8I7749mnf8XuhQepnVkJEMADJM4ehCiNXNKe8PjKwsEJdECCs8TbBmKpl7PLFfbm2x0i93m7f LSJVyiRPsdNU8T1o1iYtsVILPcmc4l38Q4W4UelrlVlaM5QF8qjpV2RnSt3we0beVoAK_OCbWwBQ At2BbtXAAlZs39tUfghWGlffNJRN5SqvQ1Mj_1wmQUgVPjnPw5hQB2WiaEpiA2.TImTPKahE5QPv H2Qm9VnAvYapI1LIIU8XtRduh4GuuhoO0I3uzuVbrlHsY3_1LXQ6TDsACudfHQ7wd0rkUSagIfc8 WOGYk0koei37nXoCoQynpzF3vZqmYqdXt2JQtWxiQn.eYPIOVphBVXt.38b0Vg13TVDyTswTyni5 MlFxmylTmUZ_z2pjM.J6c0uJTuPTPngLfKq1t_oYwBOPK_vJvAuMs2igGEiphUKpAYrlDTltjcCB giW65zX6ptzH9XHPDhMYmERihn8Eb9xBBEq9gULIqUxtXPGD_5Bo74nxuUe.hJErsFoX1f1ha86h n9A5KlNBHv.WdGtnGvD7POFcuQvua1V.9DjDNRvE4Bb5OuHjfeyxnJ1ptRdmpcuAOQyqSfDkaTjl NPXHNUcIa_yrd7qo9_UDJ0YZggeDa8ZLlwcsxpmdSJJNFzuBMq4ReS1lUFXaMAbsqtBt2SsqJ_qy ptd39hUt0O0eUt0bzcOIpRCz3tpHAMeV6pZTHP9MFIff3wylfw0CqsQOMb72AH0IBhapQVQondul tDsQeVZ0MONMsg2Ht5ZZFXo4ZMPTNgbavAIBEHwiCEpMxQi158gBHl29QMkNQoHXpf7GQk_zvL_r EHrXSMYpCLEf6C4Dzx7DtLZNLEUxrD22Bv5rjRfJ_eAyG0eieagEElpJw9vOzCmR1HWibbHcCwJZ 7cLimvB7m1M08bfnRCsDHDRNqKvPW85M7ArkIn_z.0uY9TTRsQJP4RoY9ZHORXpUOs5_gw9C_zF4 NnwNhSzNZTUZExMw6Fv9drwb7M4374d0CNEVvc3beA.9GOsvCAdEHc.ZeYAjtIrWg2l3kEytNTXr 99_2s0DPsdh2yTxQNn.hjZV.OPJXOu.YslCU10bXhda6SXmkksxiflWX.Je6uMOympV75O95V9yx 8pPt0LB4JOZksmWX2eqagURWZyWoo4UePK3WOEOEjXXIYcn4-
X-Sonic-MF: <[email protected]>
X-Sonic-ID: 456c4d8d-0730-4054-accf-2cbd298fff0b
Received: from sonic.gate.mail.ne1.yahoo.com by sonic313.consmr.mail.gq1.yahoo.com with HTTP; Mon, 24 Jul 2023 18:29:25 +0000
Date: [email_date]
From: DEWALT GENERATOR Rewards <[email protected]>
To: DEWALT GENERATOR Rewards <[email protected]>
Message-ID: <[email protected]>
Subject: You have won an Portable Power Station
MIME-Version: 1.0
Content-Type: text/html;
X-Mailer: WebService/1.1.21647 AolMailNorrin
Content-Length: 518
X-Spam-Status: No, score=-83.3
X-Spam-Score: -832
X-Spam-Bar: ---------------------------------------------------
X-Ham-Report: Spam detection software, running on the system "server.wickenburg.us",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Portable Power Station View in a web browser ANSWER & WIN
Content analysis details: (-83.3 points, 8.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see <https://www.spamcop.net/bl.shtml?195.133.32.101>]
-0.0 USER_IN_WELCOMELIST User is listed in 'welcomelist_from'
-100 USER_IN_WHITELIST DEPRECATED: See USER_IN_WELCOMELIST
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
1.1 INVALID_DATE Invalid Date: header (not RFC 2822)
2.2 KAM_STORAGE_GOOGLE URI: Google Storage API being abused by
spammers
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
valid
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.8 KAM_INFOUSMEBIZ Prevalent use of
.info|.us|.me|.me.uk|.biz|xyz|id|rocks|life
domains in spam/malware
3.0 KAM_DMARC_REJECT DKIM has Failed or SPF has failed on the
message and the domain has a DMARC reject
policy
0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict
Alignment
0.1 DKIM_INVALID DKIM or DK signature exists, but is not valid
2.0 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Flag: NO
EDIT 23-07-29: After enabling "Allow DKIM verification for incoming messages" and "Reject DKIM failures" in EXIM, this spam is still slipping through. Another sample from today:
Return-Path: <>
Delivered-To: [email protected]
Received: from server.wickenburg.us
by server.wickenburg.us with LMTP
id aP37DDdixWQvYwAAeQzYKg
(envelope-from <>)
for <[email protected]>; Sat, 29 Jul 2023 12:02:15 -0700
Return-path: <>
Envelope-to: [email protected]
Delivery-date: Sat, 29 Jul 2023 12:02:15 -0700
Received: from [194.169.163.37] (port=48087 helo=judithwilliams.com)
by server.wickenburg.us with esmtp (Exim 4.96)
id 1qPpCi-0006ap-2c
for [email protected];
Sat, 29 Jul 2023 12:02:15 -0700
Received: from njmta-20.sailthru.com (173.228.155.20) by theskimm-d.sailthru.com id h568ie30nt87 for <[email protected]>; Sun, 2 Apr 2023 10:23:40 -0400 (envelope-from <[email protected]>)
Received: from nj1-farmelon.flt (172.18.20.31) by njmta-20.sailthru.com id h567uo1qqbs5 for <[email protected]>; Sun, 2 Apr 2023 10:21:46 -0400 (envelope-from <[email protected]>)
Date: Sat, 29 Jul 2023 20:55:21 +0200
From: Ninja Foodi Dual Air Fryer Shipment <[email protected]>
To:jones<[email protected]>
Message-ID: <[email protected]>
Subject: Celebrating KOHL'S anniversary with an Ninja Foodi Dual Air Fryer
Content-Type: text/html;
X-Feedback-ID: 7595:31029321:campaign:sailthru
X-TM-ID: 20230402102146.31029321.5494280
X-Info: Message sent by sailthru.com customer theSkimm, Inc
X-Info: We do not permit unsolicited commercial email
X-Info: Please report abuse by forwarding complete headers to
X-Info: [email protected]
X-Mailer: sailthru.com
X-JMailer: nj1-farmelon.flt
X-Unsubscribe-Web: https://link.theskimm.com/oc/6425b794e3ea9af00b0a1cabih2dl.39rew/65c2f250
List-Unsubscribe: <https://link.theskimm.com/oc/6425b794e3ea9af00b0a1cabih2dl.39rew/65c2f250>, <mailto:[email protected]>
X-rpcampaign: stlgd31029321
X-IncomingHeaderCount: 23
X-MS-Exchange-Organization-ExpirationStartTime: 02 Apr 2023 14:28:55.6663
(UTC)
X-MS-Exchange-Organization-ExpirationStartTimeReason: OriginalSubmit
X-MS-Exchange-Organization-ExpirationInterval: 1:00:00:00.0000000
X-MS-Exchange-Organization-ExpirationIntervalReason: OriginalSubmit
X-MS-Exchange-Organization-Network-Message-Id:
288d6423-ae50-4862-9ac8-08db33869718
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa:0
X-MS-Exchange-Organization-MessageDirectionality: Incoming
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic:
CO1PEPF00001A5F:EE_|DM4PR15MB5994:EE_|PH0PR15MB4479:EE_
X-MS-Exchange-Organization-AuthSource:
CO1PEPF00001A5F.namprd05.prod.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-UserLastLogonTime: 4/1/2023 10:53:49 PM
X-MS-Office365-Filtering-Correlation-Id: 288d6423-ae50-4862-9ac8-08db33869718
X-MS-Exchange-EOPDirect: true
X-Sender-IP: 192.64.237.81
X-SID-PRA: [email protected]
X-SID-Result: PASS
X-MS-Exchange-Organization-SCL: 2
X-Microsoft-Antispam: BCL:1;
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 02 Apr 2023 14:28:55.4163
(UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 288d6423-ae50-4862-9ac8-08db33869718
X-MS-Exchange-CrossTenant-Id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-AuthSource:
CO1PEPF00001A5F.namprd05.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg:
00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR15MB5994
X-MS-Exchange-Transport-EndToEndLatency: 00:00:03.1967716
X-MS-Exchange-Processed-By-BccFoldering: 15.20.6254.030
X-Microsoft-Antispam-Mailbox-Delivery:
abwl:0;wl:0;pcwl:0;kl:0;dwl:0;dkl:0;rwl:0;ucf:0;jmr:0;ex:0;auth:1;dest:I;ENG:(5062000305)(90000117)(90010023)(91010020)(91040095)(9050020)(9100338)(4810010)(4910033)(8820095)(9910022)(9545005)(10170022)(9320005);
X-Message-Info:
qZelhIiYnPkx84CNH6AeQs2r1mfbx475RiI5K0+Xb2fvrntBfTJ10N2zNIvcvtf7VgXmo/rIiDQIXO6S3rtSdn/H4xrzDv+I2RFpBW+pxB4yhwf8VqBxAb2oTJ+jKAPjknpLKx0rGhWF/Oowozp6RA==
X-Message-Delivery: Vj0xLjE7dXM9MDtsPTA7YT0wO0Q9MTtHRD0xO1NDTD0tMQ==
X-Microsoft-Antispam-Message-Info:
=?utf-8?B?Mnl1bmdsSDZzUmVmV3BTMVk4SHdPZEtHK3IrZzd3OTZhMFNUQW5kd2ZuSjZl?=
=?utf-8?B?dVFNSThmd3V4S3RBMTMzamVYLzBBK2FhT2VlKzllNXBuTnZpU2lHektDY0s0?=
=?utf-8?B?c244d1FLM2diZjF4YS9TRnFEZ1Q3OUUyWXVzRzkxY21IMlgreGJhWmx0a0tq?=
=?utf-8?B?T3NGK1YvRUV1V3ZPeHNON3FlUjhQcVpNM2VXNFhnaEFMQ3hxODlORkNUMkVk?=
=?utf-8?B?WU1Yc1lSRno0NTZuMmhNdVlNQXB6ZDAvSFRJVGtnUVNrekJkcnQ5SGJvektM?=
=?utf-8?B?Rk1wZ2xsWHg0ZnlVOS9GNjYweW90clFDOHR5QlpDMFpEVlZOMHMzNjFGREFF?=
=?utf-8?B?cmpYV3A5NVdHTFF4Z1FYbFIzY2ZtNk9jTGx2cGgvb3RCTmx3ZFFyZ3pPMHoy?=
=?utf-8?B?ajEyVFlQaGw2cEU4WGJBUUthbTdPd28xakEwWnpUUE80M2lPUE5ueHVGMlhX?=
=?utf-8?B?TlZhMHZPeHNNMjVDSEdVRDc4VzI3NHhJZTd1YktVL0JiTVk3eXZ6UXRucHQy?=
=?utf-8?B?UFdWaWI2dEMrdSsvWWZ2UGJXMktKWEJwNkN6MTMvOUEycDl0aDROa2cxdSs4?=
=?utf-8?B?Szk1T3ZZd3NrR3NQYjJOYlNNTittN0lCRCtzNVBiZllDNnlXMXVJVVZPYnQr?=
=?utf-8?B?eTRHZEthVkZJUmJJL1VRTm4rL2pkOFQyWGJldkdoajBsQ1BLWjkybjNoeGRl?=
=?utf-8?B?T09Kc3NXL3NWNFptbXNBWmxNalVFN2dSUEU1cnJ6RlJBc3N5SHl6cjI4cm5Y?=
=?utf-8?B?U04rNFVXQXRTeDVlV1VYS01EdlhITnZGQ2V4MHk3Tlc3UUFvNFVON3poNjhF?=
=?utf-8?B?aGQweVB4cUZMbVJjbGp3RkpIRy9lb3VsSG9xV0lzRE1ReHJDN1NuMVJlNHFT?=
=?utf-8?B?ZDZIWHBKYmVvbnVWMDZNM1FIdTV2VXVRTFdVVnlBYWhXdDJnK0t1R2xGUmhO?=
=?utf-8?B?ckxacDlpc3FSdFB2QnBvL1c4QWdIZHZqTTAvMVZwWCtoWFdKNHZkbGQvZHNV?=
=?utf-8?B?Mm4xVTdIcGxrUjYyR1RkSFAxUzRkdDJaa2R5cUdDNmZGYXdjT245VzZtTmVO?=
=?utf-8?B?ajJmMEIzWW1wd0NoaVMvMXdvZG4rYitCSkJjSXF5N0pMVUtZRTlBYnQ4blJW?=
=?utf-8?B?VERyN2JYQnRTc0d3a2VmQk9lSlRNYitmc3hqWXZXRlZieTVubHlidk44Vi9N?=
=?utf-8?B?T1JEdFUvdXdKV28vVGNXZS8vNk1Ield4QXVDK2pWV2hlMGpUYmVIdE9LbWZs?=
=?utf-8?B?dGh2K1dtTGJYNVlNUXR2dlFQUU1DVDAyYng2d2dVcVZHRFVVRXhsOW9uSzlT?=
=?utf-8?B?Nk1RaXo4NXppdkdYVkUwSzl6MTBDU0NpdERWcUJSbndTb2VPbGpyRkw4Witu?=
=?utf-8?B?U3pDaDA5N1RtVU51Q1FuMXR0K1BkUDRJVVhib1hkNFBmT3BXS0pESnV6enNZ?=
=?utf-8?B?YkxYYi9sMTVNTk1zNUtyWlhqZS9ncWRBZ3JZT1JsalpWYko4QlBRUDlBSVVV?=
=?utf-8?B?MExjbDRkbnNwOTdkVHRQSkJPcEl5RFk0VDFJcHpNTlljeGhpcTQreFIycVhZ?=
=?utf-8?B?WmFsWVQ0NWZjbFUwejZsc2ZSR3piSEhENHEyRFhWc0p1YWdXYnE3ZkQzZUVH?=
=?utf-8?B?bStzVEpya3FmR3hlMytCV1J2bEJFczBibGdFb0FXZVI5UnMrVUsrb3MxSm1Y?=
=?utf-8?B?cDEwYkZWQmxDa0p6VlpyTklLcFRvbEZvbjg2ekZkOExFMzF5aHFGdFhTdkMr?=
=?utf-8?B?MTlyNVJCMk5RSnBHakI5Z2RpK3RQeXFZWnFuM2tKL01WanRLOExjbG0yOU9j?=
=?utf-8?B?WEU2MDBZVUp0M0RrNm9GQTdQYS90cmgrQk82amkzNW1hWUQ1RFJiam1ZdnNB?=
=?utf-8?B?RnpqNTlSVEJDWjMvWHFBN1pON1NHQ0N0SytBaTBRdk5lc2J3RHlIQTIvKzk5?=
=?utf-8?B?Ukl2eXhuQ2RrWlEzSW56dmpXcE1RR1lpbzNLc3FLOGROSEtNdjZNSC84cEFq?=
=?utf-8?B?TytxQXJZM1c5Q0oydTlqQm9WZU9EWit4cTFROWlQU1NXWGpTclVwRHBTanZ2?=
=?utf-8?B?MXhidTJsV2lpQzlMMjBsMlY2RWY5OFg4MDNHRHlqU2t5L2JaVnljWDdGL2cz?=
=?utf-8?B?SklNbGkvQTFjNDFRTXBpdG5qTDJ2VUJ5T1NNNG5UMjJnZkZqaUMyNE5XZXZM?=
=?utf-8?B?eEpOQXNudDZ1OXBoZ0ZpSElhMmp1REhXWXc3M2ZtQUsyMzR5UlNIc3ZKN3l6?=
=?utf-8?Q?qcKDW4HCjVPrHtn4gWjXVkbSpDYXPioQL4WfHFfG6w=3D?=
MIME-Version: 1.0
X-Spam-Status: No, score=-77.6
X-Spam-Score: -775
X-Spam-Bar: ---------------------------------------------------
X-Ham-Report: Spam detection software, running on the system "server.wickenburg.us",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
root\@localhost for details.
Content preview: Celebrating KOHL'S anniversary with an Ninja Foodi Dual Air
Fryer If you no longer wish to receive these emails, you may unsubscribe
by clicking here click here to remove yourself from our emails list
Content analysis details: (-77.6 points, 8.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: baxarfnar.bond]
0.6 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
[URIs: baxarfnar.bond]
1.3 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
[Blocked - see <https://www.spamcop.net/bl.shtml?194.169.163.37>]
-0.0 USER_IN_WELCOMELIST User is listed in 'welcomelist_from'
-100 USER_IN_WHITELIST DEPRECATED: See USER_IN_WELCOMELIST
1.0 BAYES_999 BODY: Bayes spam probability is 99.9 to 100%
[score: 1.0000]
5.0 BAYES_99 BODY: Bayes spam probability is 99 to 100%
[score: 1.0000]
1.5 SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail)
2.2 KAM_STORAGE_GOOGLE URI: Google Storage API being abused by
spammers
0.0 HTML_IMAGE_RATIO_02 BODY: HTML has a low ratio of text to image
area
0.0 HTML_MESSAGE BODY: HTML included in message
0.0 HTML_FONT_SIZE_LARGE BODY: HTML font size is large
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
1.8 PYZOR_CHECK Listed in Pyzor
(https://pyzor.readthedocs.io/en/latest/)
-0.0 T_SCC_BODY_TEXT_LINE No description available.
0.8 KAM_INFOUSMEBIZ Prevalent use of
.info|.us|.me|.me.uk|.biz|xyz|id|rocks|life
domains in spam/malware
0.4 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag
0.0 KAM_DMARC_STATUS Test Rule for DKIM or SPF Failure with Strict
Alignment
2.0 RDNS_NONE Delivered to internal network by a host with no rDNS
3.0 KAM_DMARC_REJECT DKIM has Failed or SPF has failed on the
message and the domain has a DMARC reject
policy
2.7 GOOG_STO_NOIMG_HTML Apparently using google content hosting to
avoid URIBL
X-Spam-Flag: NO
aol.com
's ARC signature, but confuses theDKIM-Signature
withd=aol.com
as an ARC signature.