marcusklaas/gist:d81999a1b1738e48387a

## gistfile1.txt
Return-Path: <mail.box04@bol.com.br>
X-Original-To: catchall@marcusklaas.nl
Delivered-To: catchall@marcusklaas.nl
Received: by marcusklaas.nl (Postfix, from userid 1005)
	id 80A981A0330; Mon, 10 Aug 2015 23:34:32 +0200 (CEST)
Received: from localhost by VBND001.cs1local
	with SpamAssassin (version 3.4.0);
	Mon, 10 Aug 2015 23:34:32 +0200
From: "MICHAEL SMITH"<mail.box04@bol.com.br>
To: undisclosed-recipients:;
Subject: [***** SPAM 63.6 *****] Re:reply
Date: Mon, 10 Aug 2015 17:34:08 -0400
Message-Id: <20150810214253.208F72EFD0C@mail.nuva.com.ar>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on VBND001.cs1local
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=63.6 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY,
	ADVANCE_FEE_3_NEW,ADVANCE_FEE_3_NEW_MONEY,ADVANCE_FEE_4_NEW,
	ADVANCE_FEE_4_NEW_MONEY,ADVANCE_FEE_5_NEW,ADVANCE_FEE_5_NEW_MONEY,
	AXB_XMAILER_MIMEOLE_OL_024C2,FAKE_REPLY_C,FORGED_MUA_OUTLOOK,
	FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FREEMAIL_FROM,FROM_MISSPACED,
	FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_TO_UNDISC,
	FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_MISSP_REPLYTO,FSL_NEW_HELO_USER,
	HTML_MESSAGE,LOTS_OF_MONEY,MILLION_USD,MIME_HTML_ONLY,MONEY_FRAUD_3,
	MONEY_FRAUD_5,MONEY_FROM_MISSP,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER,
	RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_PSBL,RCVD_IN_SORBS_HTTP,
	RCVD_IN_SORBS_SOCKS,RCVD_IN_SORBS_WEB,T_FROM_MISSP_DKIM,T_MONEY_PERCENT,
	URIBL_BLOCKED autolearn=spam autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_55C918E8.D8C23729"

This is a multi-part message in MIME format.

------------=_55C918E8.D8C23729
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit

Spam detection software, running on the system "VBND001.cs1local",
has identified this incoming email as possible spam.  The original
message has been attached to this so you can view it or label
similar future email.  If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview:  Good Day, I know that as you read this email, it will come
   to you as surprise and a lot will go through your mind because we have not
   met or seen each other before but i want you to know that this email is for
   you as i have the feeling that we are meant to do this together. Let me introduce
   myself, my name is Michael Smith and I want you to assist me to received
  my late client funds of (Ten Million Five Hundred Thousand United States Dollars)
   for Investment purpose in your country and am willing to offer you 40% of
   the total sum for your great support. You might also wonder how i got your
   contact, I got it through the internet when i was looking for a trust worthy
   person i can trust to handle this project. This offer is 100% genuine and
   risk free. kindly indicate your interest by given me your direct Cell Phone
   Number and reply me to markb@mail.kz [...]

Content analysis details:   (63.6 points, 5.0 required)

 pts rule name              description
---- ---------------------- --------------------------------------------------
 2.5 MILLION_USD            BODY: Talks about millions of dollars
 3.1 NSL_RCVD_FROM_USER     Received from User
 4.5 FSL_CTYPE_WIN1251      Content-Type only seen in 419 spam
 0.0 URIBL_BLOCKED          ADMINISTRATOR NOTICE: The query to URIBL was blocked.
                            See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [URIs: mail.kz]
 2.7 RCVD_IN_PSBL           RBL: Received via a relay in PSBL
                            [181.119.18.162 listed in psbl.surriel.com]
 1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
                 [Blocked - see <http://www.spamcop.net/bl.shtml?119.28.7.13>]
 0.6 RCVD_IN_SORBS_WEB      RBL: SORBS: sender is an abusable web server
                            [119.28.7.13 listed in dnsbl.sorbs.net]
 2.5 RCVD_IN_SORBS_HTTP     RBL: SORBS: sender is open HTTP proxy server
 2.4 RCVD_IN_SORBS_SOCKS    RBL: SORBS: sender is open SOCKS proxy server
 0.0 RCVD_IN_DNSWL_BLOCKED  RBL: ADMINISTRATOR NOTICE: The query to DNSWL
                            was blocked.  See
                            http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
                             for more information.
                            [181.119.18.162 listed in list.dnswl.org]
 0.0 FREEMAIL_FROM          Sender email is commonly abused enduser mail provider
                            (mail.box04[at]bol.com.br)
 0.0 HTML_MESSAGE           BODY: HTML included in message
 1.1 MIME_HTML_ONLY         BODY: Message only has text/html MIME parts
 2.5 FSL_MISSP_REPLYTO      Mis-spaced from and Reply-to
 0.7 FROM_MISSP_USER        From misspaced, from "User"
 2.3 FROM_MISSP_MSFT        From misspaced + supposed Microsoft tool
 0.0 LOTS_OF_MONEY          Huge... sums of money
 2.2 AXB_XMAILER_MIMEOLE_OL_024C2 No description available.
 4.5 FROM_MISSP_TO_UNDISC   From misspaced, To undisclosed
 0.8 FSL_NEW_HELO_USER      No description available.
 0.0 FORGED_OUTLOOK_HTML    Outlook can't send HTML message only
 3.4 MSOE_MID_WRONG_CASE    No description available.
 0.6 FORGED_OUTLOOK_TAGS    Outlook can't send HTML in this format
 0.0 FAKE_REPLY_C           No description available.
 1.7 MONEY_FROM_MISSP       Lots of money and misspaced From
 0.0 T_FROM_MISSP_DKIM      From misspaced, DKIM dependable
 1.3 FROM_MISSP_REPLYTO     From misspaced, has Reply-To
 1.2 FROM_MISSPACED         From: missing whitespace
 0.0 ADVANCE_FEE_5_NEW      Appears to be advance fee fraud (Nigerian 419)
 0.0 ADVANCE_FEE_4_NEW      Appears to be advance fee fraud (Nigerian 419)
 0.0 T_MONEY_PERCENT        X% of a lot of money for you
 2.8 FORGED_MUA_OUTLOOK     Forged mail pretending to be from MS Outlook
 0.0 ADVANCE_FEE_3_NEW      Appears to be advance fee fraud (Nigerian 419)
 2.2 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
 1.5 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
 4.3 MONEY_FRAUD_5          Lots of money and many fraud phrases
 4.3 FROM_MISSP_FREEMAIL    From misspaced + freemail provider
 0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
 4.4 MONEY_FRAUD_3          Lots of money and several fraud phrases
 2.3 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam.  If you wish to view
it, it may be safer to save it to a file and open it with an editor.


------------=_55C918E8.D8C23729
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: attachment
Content-Transfer-Encoding: 8bit

Received: from mail.nuva.com.ar (mail.nuva.com.ar [181.119.18.162])
	by marcusklaas.nl (Postfix) with ESMTPS id 331971A02F7
	for <mail@marcusklaas.nl>; Mon, 10 Aug 2015 23:34:29 +0200 (CEST)
Received: from localhost (unknown [127.0.0.1])
	by mail.nuva.com.ar (Postfix) with ESMTP id 208F72EFD0C;
	Mon, 10 Aug 2015 21:42:53 +0000 (UTC)
X-Virus-Scanned: amavisd-new at example.com
Received: from mail.nuva.com.ar ([127.0.0.1])
	by localhost (v0303.baehost.com.ar [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id lZZ4b-TTI57U; Mon, 10 Aug 2015 18:42:39 -0300 (ART)
Received: from User (unknown [119.28.7.13])
	(Authenticated sender: recepcion@nuva.com.ar)
	by mail.nuva.com.ar (Postfix) with ESMTPA id B8FD42EFCEC;
	Mon, 10 Aug 2015 18:41:53 -0300 (ART)
Reply-To: <markb@mail.kz>
From: "MICHAEL SMITH"<mail.box04@bol.com.br>
Subject: Re:reply
Date: Mon, 10 Aug 2015 17:34:08 -0400
MIME-Version: 1.0
Content-Type: text/html;
	charset="Windows-1251"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-Id: <20150810214253.208F72EFD0C@mail.nuva.com.ar>
To: undisclosed-recipients:;

<HTML><HEAD><TITLE></TITLE>
</HEAD>
<BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5>
<FONT size=2 color=#000000 face="Arial">
<DIV>
Good Day,</DIV>
<DIV>
I know that as you read this email, it will come to you as surprise and a lot will go through your mind because we have not met or seen each other before but i want you to know that this email is for you as i have the feeling that we are meant to do this together. Let me introduce myself, my name is Michael Smith and I want you to assist me to received my late client funds of (Ten Million Five Hundred Thousand United States Dollars) for Investment purpose in your country and am willing to offer you 40% of the total sum for your great support. You might also wonder how i got your contact, I got it through the internet when i was looking for a trust worthy person i can trust to handle this project. This offer is 100% genuine and risk free. kindly indicate your interest by given me your direct Cell Phone Number and reply me to markb@mail.kz</DIV>
<DIV>
Michael Smith</DIV>
<DIV>
&nbsp;</DIV>
</FONT>
</BODY></HTML>

------------=_55C918E8.D8C23729--
	Return-Path: <mail.box04@bol.com.br>
	X-Original-To: catchall@marcusklaas.nl
	Delivered-To: catchall@marcusklaas.nl
	Received: by marcusklaas.nl (Postfix, from userid 1005)
	id 80A981A0330; Mon, 10 Aug 2015 23:34:32 +0200 (CEST)
	Received: from localhost by VBND001.cs1local
	with SpamAssassin (version 3.4.0);
	Mon, 10 Aug 2015 23:34:32 +0200
	From: "MICHAEL SMITH"<mail.box04@bol.com.br>
	To: undisclosed-recipients:;
	Subject: [*** SPAM 63.6 ***] Re:reply
	Date: Mon, 10 Aug 2015 17:34:08 -0400
	Message-Id: <20150810214253.208F72EFD0C@mail.nuva.com.ar>
	X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on VBND001.cs1local
	X-Spam-Flag: YES
	X-Spam-Level: **************************************************
	X-Spam-Status: Yes, score=63.6 required=5.0 tests=ADVANCE_FEE_2_NEW_MONEY,
	ADVANCE_FEE_3_NEW,ADVANCE_FEE_3_NEW_MONEY,ADVANCE_FEE_4_NEW,
	ADVANCE_FEE_4_NEW_MONEY,ADVANCE_FEE_5_NEW,ADVANCE_FEE_5_NEW_MONEY,
	AXB_XMAILER_MIMEOLE_OL_024C2,FAKE_REPLY_C,FORGED_MUA_OUTLOOK,
	FORGED_OUTLOOK_HTML,FORGED_OUTLOOK_TAGS,FREEMAIL_FROM,FROM_MISSPACED,
	FROM_MISSP_FREEMAIL,FROM_MISSP_MSFT,FROM_MISSP_REPLYTO,FROM_MISSP_TO_UNDISC,
	FROM_MISSP_USER,FSL_CTYPE_WIN1251,FSL_MISSP_REPLYTO,FSL_NEW_HELO_USER,
	HTML_MESSAGE,LOTS_OF_MONEY,MILLION_USD,MIME_HTML_ONLY,MONEY_FRAUD_3,
	MONEY_FRAUD_5,MONEY_FROM_MISSP,MSOE_MID_WRONG_CASE,NSL_RCVD_FROM_USER,
	RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_PSBL,RCVD_IN_SORBS_HTTP,
	RCVD_IN_SORBS_SOCKS,RCVD_IN_SORBS_WEB,T_FROM_MISSP_DKIM,T_MONEY_PERCENT,
	URIBL_BLOCKED autolearn=spam autolearn_force=no version=3.4.0
	MIME-Version: 1.0
	Content-Type: multipart/mixed; boundary="----------=_55C918E8.D8C23729"

	This is a multi-part message in MIME format.

	------------=_55C918E8.D8C23729
	Content-Type: text/plain; charset=iso-8859-1
	Content-Disposition: inline
	Content-Transfer-Encoding: 8bit

	Spam detection software, running on the system "VBND001.cs1local",
	has identified this incoming email as possible spam. The original
	message has been attached to this so you can view it or label
	similar future email. If you have any questions, see
	@@CONTACT_ADDRESS@@ for details.

	Content preview: Good Day, I know that as you read this email, it will come
	to you as surprise and a lot will go through your mind because we have not
	met or seen each other before but i want you to know that this email is for
	you as i have the feeling that we are meant to do this together. Let me introduce
	myself, my name is Michael Smith and I want you to assist me to received
	my late client funds of (Ten Million Five Hundred Thousand United States Dollars)
	for Investment purpose in your country and am willing to offer you 40% of
	the total sum for your great support. You might also wonder how i got your
	contact, I got it through the internet when i was looking for a trust worthy
	person i can trust to handle this project. This offer is 100% genuine and
	risk free. kindly indicate your interest by given me your direct Cell Phone
	Number and reply me to markb@mail.kz [...]

	Content analysis details: (63.6 points, 5.0 required)

	pts rule name description
	---- ---------------------- --------------------------------------------------
	2.5 MILLION_USD BODY: Talks about millions of dollars
	3.1 NSL_RCVD_FROM_USER Received from User
	4.5 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
	0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
	See
	http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
	for more information.
	[URIs: mail.kz]
	2.7 RCVD_IN_PSBL RBL: Received via a relay in PSBL
	[181.119.18.162 listed in psbl.surriel.com]
	1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in bl.spamcop.net
	[Blocked - see <http://www.spamcop.net/bl.shtml?119.28.7.13>]
	0.6 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
	[119.28.7.13 listed in dnsbl.sorbs.net]
	2.5 RCVD_IN_SORBS_HTTP RBL: SORBS: sender is open HTTP proxy server
	2.4 RCVD_IN_SORBS_SOCKS RBL: SORBS: sender is open SOCKS proxy server
	0.0 RCVD_IN_DNSWL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to DNSWL
	was blocked. See
	http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
	for more information.
	[181.119.18.162 listed in list.dnswl.org]
	0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider
	(mail.box04[at]bol.com.br)
	0.0 HTML_MESSAGE BODY: HTML included in message
	1.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
	2.5 FSL_MISSP_REPLYTO Mis-spaced from and Reply-to
	0.7 FROM_MISSP_USER From misspaced, from "User"
	2.3 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
	0.0 LOTS_OF_MONEY Huge... sums of money
	2.2 AXB_XMAILER_MIMEOLE_OL_024C2 No description available.
	4.5 FROM_MISSP_TO_UNDISC From misspaced, To undisclosed
	0.8 FSL_NEW_HELO_USER No description available.
	0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
	3.4 MSOE_MID_WRONG_CASE No description available.
	0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
	0.0 FAKE_REPLY_C No description available.
	1.7 MONEY_FROM_MISSP Lots of money and misspaced From
	0.0 T_FROM_MISSP_DKIM From misspaced, DKIM dependable
	1.3 FROM_MISSP_REPLYTO From misspaced, has Reply-To
	1.2 FROM_MISSPACED From: missing whitespace
	0.0 ADVANCE_FEE_5_NEW Appears to be advance fee fraud (Nigerian 419)
	0.0 ADVANCE_FEE_4_NEW Appears to be advance fee fraud (Nigerian 419)
	0.0 T_MONEY_PERCENT X% of a lot of money for you
	2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
	0.0 ADVANCE_FEE_3_NEW Appears to be advance fee fraud (Nigerian 419)
	2.2 ADVANCE_FEE_4_NEW_MONEY Advance Fee fraud and lots of money
	1.5 ADVANCE_FEE_5_NEW_MONEY Advance Fee fraud and lots of money
	4.3 MONEY_FRAUD_5 Lots of money and many fraud phrases
	4.3 FROM_MISSP_FREEMAIL From misspaced + freemail provider
	0.0 ADVANCE_FEE_3_NEW_MONEY Advance Fee fraud and lots of money
	4.4 MONEY_FRAUD_3 Lots of money and several fraud phrases
	2.3 ADVANCE_FEE_2_NEW_MONEY Advance Fee fraud and lots of money

	The original message was not completely plain text, and may be unsafe to
	open with some email clients; in particular, it may contain a virus,
	or confirm that your address can receive spam. If you wish to view
	it, it may be safer to save it to a file and open it with an editor.


	------------=_55C918E8.D8C23729
	Content-Type: message/rfc822; x-spam-type=original
	Content-Description: original message before SpamAssassin
	Content-Disposition: attachment
	Content-Transfer-Encoding: 8bit

	Received: from mail.nuva.com.ar (mail.nuva.com.ar [181.119.18.162])
	by marcusklaas.nl (Postfix) with ESMTPS id 331971A02F7
	for <mail@marcusklaas.nl>; Mon, 10 Aug 2015 23:34:29 +0200 (CEST)
	Received: from localhost (unknown [127.0.0.1])
	by mail.nuva.com.ar (Postfix) with ESMTP id 208F72EFD0C;
	Mon, 10 Aug 2015 21:42:53 +0000 (UTC)
	X-Virus-Scanned: amavisd-new at example.com
	Received: from mail.nuva.com.ar ([127.0.0.1])
	by localhost (v0303.baehost.com.ar [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id lZZ4b-TTI57U; Mon, 10 Aug 2015 18:42:39 -0300 (ART)
	Received: from User (unknown [119.28.7.13])
	(Authenticated sender: recepcion@nuva.com.ar)
	by mail.nuva.com.ar (Postfix) with ESMTPA id B8FD42EFCEC;
	Mon, 10 Aug 2015 18:41:53 -0300 (ART)
	Reply-To: <markb@mail.kz>
	From: "MICHAEL SMITH"<mail.box04@bol.com.br>
	Subject: Re:reply
	Date: Mon, 10 Aug 2015 17:34:08 -0400
	MIME-Version: 1.0
	Content-Type: text/html;
	charset="Windows-1251"
	Content-Transfer-Encoding: 7bit
	X-Priority: 3
	X-MSMail-Priority: Normal
	X-Mailer: Microsoft Outlook Express 6.00.2600.0000
	X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
	Message-Id: <20150810214253.208F72EFD0C@mail.nuva.com.ar>
	To: undisclosed-recipients:;

	<HTML><HEAD><TITLE></TITLE>
	</HEAD>
	<BODY bgcolor=#FFFFFF leftmargin=5 topmargin=5 rightmargin=5 bottommargin=5>
	<FONT size=2 color=#000000 face="Arial">
	<DIV>
	Good Day,</DIV>
	<DIV>
	I know that as you read this email, it will come to you as surprise and a lot will go through your mind because we have not met or seen each other before but i want you to know that this email is for you as i have the feeling that we are meant to do this together. Let me introduce myself, my name is Michael Smith and I want you to assist me to received my late client funds of (Ten Million Five Hundred Thousand United States Dollars) for Investment purpose in your country and am willing to offer you 40% of the total sum for your great support. You might also wonder how i got your contact, I got it through the internet when i was looking for a trust worthy person i can trust to handle this project. This offer is 100% genuine and risk free. kindly indicate your interest by given me your direct Cell Phone Number and reply me to markb@mail.kz</DIV>
	<DIV>
	Michael Smith</DIV>
	<DIV>
	</DIV>
	</FONT>
	</BODY></HTML>

	------------=_55C918E8.D8C23729--