Tuesday, 2 April 2019

Fw (1): lo0

Spam detection software, running on the system "cltv.tinp.net.tw", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.

Content preview: Click here! <http://helloworlds.website/aihscrxi/5ta2a9df?wbvv8-sjxhj>
Click here! [...]

Content analysis details: (13.5 points, 7.5 required)

pts rule name description
---- ---------------------- --------------------------------------------------
1.7 RATWARE_GECKO_BUILD Bulk email fingerprint (Gecko faked) found
0.1 FORGED_RCVD_HELO Received: contains a forged HELO
0.1 HTML_90_100 BODY: Message is 90% to 100% HTML
0.0 HTML_MESSAGE BODY: HTML included in message
3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
[score: 1.0000]
2.0 RCVD_IN_SORBS_DUL RBL: SORBS: sent directly from dynamic IP address
[123.24.120.241 listed in dnsbl.sorbs.net]
1.6 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
[Blocked - see https://www.spamcop.net/bl.shtml?123.24.120.241]
3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
[123.24.120.241 listed in sbl-xbl.spamhaus.org]
1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is a abuseable web server
[123.24.120.241 listed in dnsbl.sorbs.net]
0.2 DNS_FROM_AHBL_RHSBL RBL: From: sender listed in dnsbl.ahbl.org
-1.2 AWL AWL: From: address is in the auto white-list

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.