Re-directs to mandrillapp.com and it looks like they took the website off-line after people reported ...
show moreRe-directs to mandrillapp.com and it looks like they took the website off-line after people reported the spam from [email protected]. Yeah, like somebody is going to trust a free Yeti from some fake Brazilian email address using the same mail server that keep spewing out tons of spam and phishing content.
show less
Received 2026-04-26 16:43:53 PDT / 23:43:53 UTC via SendGrid SMTP IP 50.31.40.93. Message body claim ...
show moreReceived 2026-04-26 16:43:53 PDT / 23:43:53 UTC via SendGrid SMTP IP 50.31.40.93. Message body claims a Robinhood login at 2026-04-26 19:43:47 EDT from source IP 67.216.245.27.
Email appears to be a Robinhood-themed account-security notice with urgent “unrecognized activity” language, claiming a pending phone-number update and urging review through a disguised external validation link that redirects to tinzio.net.
Header auth did not fail: SPF=pass, DKIM=pass for robinhood.com and sendgrid.info, DMARC=pass for robinhood.com. Possible phishing, credential theft, or account-abuse attempt; no recipient address is included.
show less
Received Apr 8, 2026 6:21:17 PM PDT. Spam/phishing email from 45.41.207.236 used a false recipient-n ...
show moreReceived Apr 8, 2026 6:21:17 PM PDT. Spam/phishing email from 45.41.207.236 used a false recipient-name reference in the subject and pushed a fake “cloud account blocked / storage full” alert claiming photos/videos would be deleted unless storage was renewed. Message used urgent loss language, fake billing/payment wording, bulk/list headers, mismatched To/Envelope-To values, and deceptive links pointing to attacker-controlled infrastructure instead of the claimed service. Header auth shows SPF pass, DKIM pass, and DMARC pass only for rwkojrj.biz, not for the brand being impersonated, so authentication does not legitimize the message. This is deceptive commercial email and spoof-style phishing intended to induce clicks and disclosure.
show less
Received 2026-03-31 00:06:11 PDT. Phishing email sent from 213.111.150.66 with false urgency claimin ...
show moreReceived 2026-03-31 00:06:11 PDT. Phishing email sent from 213.111.150.66 with false urgency claiming an account was blocked and photos/videos would be deleted unless payment info was updated. Display name falsely used the recipient’s name. Subject threatened deletion and pushed the victim to click payment/update links. Body impersonated a cloud storage/security notice, warned of expired payment, possible permanent data loss, and attempted to drive the recipient to a payment/credential capture page. Header/authentication shows SPF=pass and DKIM=pass for the sending domain; no DMARC failure/result was shown in the header, suggesting abuse of authenticated infrastructure rather than simple unauthenticated spoofing. Message also contained hidden filler/obfuscated content and deceptive mailing-list style headers/unsubscribe links consistent with phishing/spam.
show less
Received: Sun, 22 Mar 2026 16:04:44 +0000. Lottery/advance-fee fraud email titled “CONGRATULATION!” ...
show moreReceived: Sun, 22 Mar 2026 16:04:44 +0000. Lottery/advance-fee fraud email titled “CONGRATULATION!” falsely claiming the recipient won a Mercedes-Benz C300 and $1,500,000. Message asks for full personal details and warns that a “delivery fee is mandatory,” which is classic fraud/phishing behavior.
Header shows originating IP 77.83.39.102, relayed through mail server IP 150.95.216.208 (EHLO: mail.chibanippo-system.press). From address falsely used [email protected] with Reply-To [email protected]. SPF=FAIL, DKIM=UNKNOWN, DMARC=UNKNOWN. This indicates unauthorized or deceptive sending and likely sender/domain impersonation.
Likely violations: CAN-SPAM Act (deceptive header/content), wire/mail fraud attempt, identity/domain impersonation, and SMTP/RFC misuse including misleading origin/return path inconsistent with RFC 5321 and RFC 5322. Abuse contact to try: [email protected] and [email protected]. Host appears tied to mail.chibanippo-system.press.
show less
Received Wed, 25 Mar 2026 16:13:12 +0000. Spam/phishing email with subject “CloudSpace storage has b ...
show moreReceived Wed, 25 Mar 2026 16:13:12 +0000. Spam/phishing email with subject “CloudSpace storage has been restricted.” Sender used [email protected] and directed the recipient to an Amazon S3-hosted link claiming a storage issue.
Header shows sending/originating IP 209.85.214.199, hostname mail-pl1-f199.google.com, operated by Google LLC. Complaint target appears to be [email protected]. SPF=pass, DKIM=pass, DMARC=pass, indicating this likely came through a real authorized account or service rather than a simple forged spoof.
Body content is deceptive and mismatched: visible “CloudSpace” warning, hidden tracking elements, and large blocks of unrelated Dutch lease/marketing text consistent with spam obfuscation. Likely violations: CAN-SPAM deceptive header/content practices, possible phishing/fraud, and misuse of email standards/RFC 5322 and RFC 5321 for misleading message purpose and origin presentation.
show less
Email spam received 14 Mar 2026 at 11:50:23 PDT promoting a fraudulent “Donation of 2.5 Million euro ...
show moreEmail spam received 14 Mar 2026 at 11:50:23 PDT promoting a fraudulent “Donation of 2.5 Million euros.” Message claims the recipient was randomly selected to receive funds from liquidation of a €25M asset and instructs contact through a Gmail reply address. This is a classic advance-fee or donation scam designed to lure victims into further communication and potential financial fraud. Sending IP: 185.59.109.28 using mail server zimbra.pktgdynia.pl. The message appears to impersonate organizational branding and includes misleading corporate signature information.
Authentication analysis shows DKIM failure (permerror – no valid key for signature) while SPF technically passes for the sending domain. The DKIM failure strongly suggests misconfigured or forged signing and reduces trust in the authenticity of the sender. DMARC alignment therefore fails due to invalid DKIM and mismatched reply-to domain. These inconsistencies strongly indicate the message is unauthorized bulk spam or phishing.
show less
Received 2026-03-12 13:47:20 PDT from 185.56.87.107. Unsolicited bulk marketing email promoting a bu ...
show moreReceived 2026-03-12 13:47:20 PDT from 185.56.87.107. Unsolicited bulk marketing email promoting a business expo/event in Fort Lauderdale, with commercial calls to action to “Read More” and “Register.” Message uses mass-mail infrastructure, tracking/open pixel, multiple marketing redirect links, and list-management headers consistent with bulk advertising. Authentication passed for sender infrastructure: SPF pass, DKIM pass, DMARC pass. This appears to be authenticated commercial spam rather than a forged sender. Header shows marketing platform delivery via emsnd.net / mailtools.emsnd.net. Please review for unsolicited email abuse, mailing-list consent practices, and spam policy violations.
show less
Received 2026-03-12 16:50:27 PDT. Phishing/spam from 45.74.244.119 using deceptive cloud-storage/acc ...
show moreReceived 2026-03-12 16:50:27 PDT. Phishing/spam from 45.74.244.119 using deceptive cloud-storage/account-blocked lures claiming photos/videos will be deleted and storage is full, pushing a fraudulent “get more storage/renew” click. Header/content show mismatched addressing (To: [email protected] while delivered elsewhere), forged-looking Google-branded headers, duplicate Content-Length, hidden/obfuscated HTML, tracking pixels, and bulk-mail traits. Auth technically passed for sender infrastructure: SPF pass, DKIM pass, DMARC pass, so this is authenticated abuse, not a legit notice. Subject is deceptive and the message appears designed to impersonate a storage/provider billing alert to steal clicks or credentials. Likely CAN-SPAM issues: misleading header/routing info and deceptive subject content; apparent RFC 5322 formatting/header irregularities.
show less
Received Tue, 10 Mar 2026 11:52:12 UTC. Unsolicited bulk commercial email delivered via Amazon SES. ...
show moreReceived Tue, 10 Mar 2026 11:52:12 UTC. Unsolicited bulk commercial email delivered via Amazon SES. Sending IP: 69.169.224.57. Mail server: b224-57.smtp-out.eu-central-1.amazonses.com.
The message promoted TikTok-style car stunt, gaming, and exotic car videos with multiple tracking links, thumbnails, engagement bait, and one-click unsubscribe language. It appears to be list-based marketing sent without consent and is unrelated to the recipient.
Auth results in header: SPF pass, DKIM pass for tokivo.site and amazonses.com, no DMARC result shown in the header provided. Likely CAN-SPAM concerns include unsolicited commercial email and potentially deceptive marketing practices. Relevant standards concerns: RFC 5322 header use and bulk mail abuse review recommended.
show less
CAN-SPAM Act: false or misleading header information and deceptive subject lines are prohibited. RFC ...
show moreCAN-SPAM Act: false or misleading header information and deceptive subject lines are prohibited. RFC / mail-auth context: SPF is defined in RFC 7208, DKIM in RFC 6376, and DMARC is intended to help stop spoofed/phishing mail that abuses the visible From identity. In this specific header, SPF passed, DKIM passed, and no DMARC result is shown in the Authentication-Results lines you provided, so I would not say SPF/DKIM failed. DMARC may have been absent, not evaluated, or simply not recorded in the visible header block. Network / host owner: OVH SAS / OVHcloud for IP range 51.38.0.0/16.
Abuse complaint email: [email protected]
Phone: 1-855-684-5463 (OVHcloud customer service).
show less
Email received Sat, 7 Mar 2026 at 05:15:46 +0000 claiming to be from “Mr. Adnan Anwar”, allegedly th ...
show moreEmail received Sat, 7 Mar 2026 at 05:15:46 +0000 claiming to be from “Mr. Adnan Anwar”, allegedly the Chief Executive Officer of a bank in Dubai, requesting the recipient to reply to a separate address to discuss a “significant business transaction that will benefit our families.” The message is a classic advance-fee style solicitation attempting to lure the recipient into private contact. The From address uses the domain eba.am while the reply address is a different domain, indicating deceptive intent. The message content attempts to establish false authority and financial opportunity to initiate a scam conversation.
Technical analysis shows the originating IP 197.221.80.100 sending through mail server scpmg.sarpongcapital.com. SPF validation resulted in softfail because the sending IP is not authorized for the domain. DKIM validation produced a permanent failure. DMARC policy status is unknown but alignment is inconsistent. These authentication failures strongly indicate spoofed.
show less
Unsolicited fraudulent email received Thu, 05 Mar 2026 03:58:04 +0000 claiming to be from “Mr. Adnan ...
show moreUnsolicited fraudulent email received Thu, 05 Mar 2026 03:58:04 +0000 claiming to be from “Mr. Adnan Anwar” regarding a “significant business transaction” intended to benefit both families. Message attempts to solicit direct contact through an external Gmail address, a common advance-fee scam tactic. The email originated from IP 197.221.80.100 using mail host scpmg.sarpongcapital.com. Content indicates social-engineering fraud attempting to establish trust by impersonating a financial executive and proposing a vague financial deal.
Email authentication failures strongly indicate abuse of the sending infrastructure. SPF returned softfail because domain eba.am does not authorize IP 197.221.80.100 to send mail. DKIM verification resulted in perm_fail indicating an invalid or broken signature. DMARC authentication is not properly aligned and is reported as unknown. These authentication problems combined with deceptive content strongly suggest spoofed identity and misuse of the mail server scpmg.sarpongcapital
show less
Email spam received Wed, 04 Mar 2026 14:42:13 +0000 advertising “Weight loss delivered to your home” ...
show moreEmail spam received Wed, 04 Mar 2026 14:42:13 +0000 advertising “Weight loss delivered to your home” and linking to external tracking and redirect domains. The message was sent from IP 192.119.111.124 with mail host lynk8f9.amurt.org.uk and includes embedded tracking pixels and unsubscribe bait links commonly used in bulk unsolicited advertising campaigns. The Reply-To header was altered to impersonate the recipient’s own name, indicating identity spoofing and deceptive email practices designed to manipulate responses.
Authentication failures indicate a high likelihood of abusive or unauthorized sending infrastructure. SPF returned softfail because the domain amurt.org.uk does not authorize IP 192.119.111.124 to send email. DKIM signature is missing or unknown, and DMARC authentication failed for the domain listed in the From header. These failures strongly indicate spoofed sender identity and violation of modern email authentication standards intended to prevent spam and phishing.
show less
This email appears fraudulent as it claims legitimacy from United Healthcare but attempts to lure re ...
show moreThis email appears fraudulent as it claims legitimacy from United Healthcare but attempts to lure recipients into clicking a suspicious link. The From field uses my name in an attempt to deceive me, indicating clear signs of spoofing. Additionally, there are SPF, DKIM, and DMARC validation issues present, reinforcing the illegitimate nature of this message.
Violations:
• SPF: None detected.
• DMARC: Failure to align properly with sender policy and domain verification protocols.
• RCF Compliance Violation: This spam email misrepresents the United Healthcare brand by incorporating their trademark in the content without authorization. The sender's IP, 69.164.242.219, should be reported for spamming activities.
show less
Received 03 Mar 2026 at 02:19:35 -0800 (PST). Email claims a $2,500,000 donation from “Warren Edward ...
show moreReceived 03 Mar 2026 at 02:19:35 -0800 (PST). Email claims a $2,500,000 donation from “Warren Edward Buffett,” instructing reply to a Gmail address and external foundation email. Classic advance-fee/phishing scam impersonating a public figure. Header shows SPF=pass, DKIM=pass, DMARC=pass for portosdegalicia.com, indicating a likely compromised legitimate mail account/server rather than spoofing. Sent from 94.130.24.203 via authenticated Postfix. Content solicits contact for fraudulent financial gain and uses undisclosed recipients.
This constitutes phishing and wire fraud under 18 U.S.C. §1343 and deceptive commercial email under CAN-SPAM Act 15 U.S.C. §7701 et seq. The message attempts impersonation and financial deception. The originating IP 94.130.24.203 appears hosted by Hetzner; please investigate for abuse or compromised host activity.
show less
Received 02 Mar 2026 10:13:27 PST (18:13:27 UTC). Subject: “[Coinbase] Here's your requested code - ...
show moreReceived 02 Mar 2026 10:13:27 PST (18:13:27 UTC). Subject: “[Coinbase] Here's your requested code - 315672”. From “Coinbase®” via mg.msgsndr.biz/Mailgun, server v5123.v5bf14cd7.use4.send.mailgun.net; sending IP 159.112.252.123. Message claims a withdrawal request and provides a 6-digit code plus a phone number, attempting to drive urgent action.
Auth results show no failures: SPF PASS, DKIM PASS (mg.msgsndr.biz and mailgun.org signatures), DMARC PASS for header.from mg.msgsndr.biz. Despite passing authentication, the content appears to impersonate Coinbase and functions as a phishing/credential or social-engineering lure.
IP owner/host: Mailgun Technologies Inc (AS396479). Abuse contact: [email protected]. Potential legal issues: phishing/impersonation and deceptive communications (CAN-SPAM/FTC Act and related state UDAP), and possible wire-fraud solicitation depending on the follow-up. No clear RFC 5321/5322 format violations observed in the headers.
show less
Received Sun, 1 Mar 2026 11:44:06 +0000. Reported sending IP: 41.33.58.242 (X-Originating-Ip / SPF p ...
show moreReceived Sun, 1 Mar 2026 11:44:06 +0000. Reported sending IP: 41.33.58.242 (X-Originating-Ip / SPF pass for ten.tv). SMTP submission/upstream seen: 77.83.39.236 (authenticated ESMTPSA into email.ten.tv). Message claims “U.S. Department of Homeland Security / Secret Service” and impersonates a government official name in the From display.
Email content is an advance-fee/phishing style scam: claims a US$2,750,000 “compensation/payment” was approved and urges the recipient to reply for “directives,” likely to extract bank/wire/debit-card details. Reply-To is an unrelated external mailbox, a common red-flag for account takeover or spoofed identity routing.
Auth results: SPF=pass, DMARC=pass (p=QUARANTINE), DKIM=unknown. This violates anti-spam/anti-fraud laws (e.g., CAN-SPAM and fraud/impersonation statutes) and Internet mail best practices (misleading From/Reply-To, deceptive pretext).
show less
This unsolicited email was received on Feb 28, 2026 at 20:31:37 PST. The message originated from IP ...
show moreThis unsolicited email was received on Feb 28, 2026 at 20:31:37 PST. The message originated from IP 185.218.192.21 (mail server posti.web1.fi) with an originating IP of 188.126.89.71. The email used vague solicitation language claiming an “urgent opportunity” and urged immediate response, a common pattern in spam and advance-fee or phishing campaigns. The Reply-To address differs from the sending domain, indicating possible deceptive intent.
Authentication checks show SPF=PASS and DMARC=PASS; however, these validations do not confirm legitimacy as spammers often use compromised or misused domains. The mismatch between the From domain (uplakers.fi) and Reply-To domain (montevideo.com.uy) strongly suggests spoofing or unauthorized relay activity. No legitimate business context or opt-in relationship exists, indicating unsolicited bulk messaging behavior.
This activity violates the CAN-SPAM Act (15 U.S.C. §7701)
show less
Received Thu, 26 Feb 2026 18:31:48 +0000. Source IP: 72.167.218.207 (EHLO osplsmtpa01-18.prod.phx3.s ...
show moreReceived Thu, 26 Feb 2026 18:31:48 +0000. Source IP: 72.167.218.207 (EHLO osplsmtpa01-18.prod.phx3.secureserver.net / secureserver.net). Auth submitter: 74.222.7.114. Message impersonates DocuSign and uses the recipient’s name in the From display (“<recipient> Via DocuSign”) as a false identity to lure the user into reviewing/signing a document.
Content is high-pressure social engineering with a “REVIEW DOCUMENT” call-to-action leading to an external site, consistent with credential-harvest and/or malware delivery. This is unsolicited bulk email and phishing, not a legitimate transactional notice.
Auth results: SPF FAIL (igl.net does not permit 72.167.218.207), DKIM unknown, DMARC FAIL (p=NONE). Likely violations: CAN-SPAM (deceptive/forged header identity, misleading content) and anti-phishing/unauthorized-access laws where applicable; also violates email standards (SMTP/message format and DMARC). Abuse contact/owner: GoDaddy (secureserver.net). Report to: [email protected].
show less
Received Thu, 26 Feb 2026 12:26:07 -0800 (PST). SMTP source/server IP: 167.17.184.100 (store.bss0006 ...
show moreReceived Thu, 26 Feb 2026 12:26:07 -0800 (PST). SMTP source/server IP: 167.17.184.100 (store.bss0006.onixforge.biz.ua), seen as mg “X-Mailgun-Sending-Ip”. The From field used the recipient’s name falsely and attempted to impersonate a cloud-service security alert.
Subject claims the account is “blocked” and threatens deletion of photos/videos unless the user “updates payment” via embedded links (phishing/social-engineering). Message uses obfuscated/encoded HTML and list-unsubscribe artifacts consistent with bulk abuse.
Auth results: SPF=pass, DKIM=pass; no DMARC result shown in the header (unknown). Likely violations include CAN-SPAM (deceptive header/subject), FTC deceptive practices; and RFC 5322/5321 header misuse plus deprecated DKIM SHA-1 usage (RFC 8301). Please investigate/take down and preserve logs. Abuse contact for IP owner (Baxet Group Inc / AS26383): [email protected].
Spamcop finds no abuse email to send to. Host is UNACCOUNTABLE! SHUT IT DOWN!!!
show less
This report concerns a fraudulent investment solicitation email received on Thu, 26 Feb 2026 11:38:3 ...
show moreThis report concerns a fraudulent investment solicitation email received on Thu, 26 Feb 2026 11:38:36 +0000. The message claims to originate from a foreign political associate offering access to approximately $1.579 billion for trust management, promising large commissions and requesting engagement. This narrative is consistent with advance-fee fraud schemes designed to deceive recipients into providing financial or personal information under false pretenses.
Header analysis shows sending IP 185.169.4.16 authenticated through mail server dealerfeeds.io, with originating IP 103.235.118.147. SPF=none, DKIM=unknown, and DMARC=unknown, indicating lack of authentication and high likelihood of spoofing. The reply-to address differs from the sender domain, reinforcing fraudulent intent. The content uses social engineering tactics, impersonation, and financial inducement to exploit victims.
This activity violates the CAN-SPAM Act (15 U.S.C. §7704) for deceptive headers and misleading content
show less
Received 2026-02-25 13:17:57 -0800. Suspected phishing/phone-scam email sent via mail-southcentralus ...
show moreReceived 2026-02-25 13:17:57 -0800. Suspected phishing/phone-scam email sent via mail-southcentralusazlp170120001.outbound.protection.outlook.com (2a01:111:f403:c10d::1, Microsoft). Subject claims a PayPal alert: $349.00 “being processed for McAfee” and urges calling 804-710-3302 if not authorized; message includes an “email verification code” (800324) and references an onmicrosoft.com account, likely to trick recipient into calling scammers and/or confirming account details. Authentication: SPF=pass, DKIM=pass, DMARC=pass (header.from microsoftonline.com) so likely abuse of Microsoft/O365 infrastructure or compromised tenant, not a direct spoof failure. Potential violations: CAN-SPAM (deceptive content), FTC Act/deceptive practices, and fraud/wire-fraud statutes. Provider abuse contact: Microsoft Corp, Tel 425-882-8080;
Spamcop says: ISP does not wish to receive reports regarding https://www.microsoft.com/en-US/servicesagreement/ - no date available. NOT ACCOUNTABLE!!! WHAT GARBAGE!
show less
Received Mon, 23 Feb 2026 07:20:36 -0800. Suspected phishing/invoice spam claiming “Review billing d ...
show moreReceived Mon, 23 Feb 2026 07:20:36 -0800. Suspected phishing/invoice spam claiming “Review billing document / receipt” for a purchase, referencing 23 Feb 2026 and a “Service Team” phone number, aiming to trick the recipient into calling or treating it as real.
Origin IP: 43.157.24.162 (authenticated submission to smtp.gmail.com); outbound mail server IP: 209.85.220.65 (mail-sor-f65.google.com). Header auth shows SPF=pass, DKIM=pass, DMARC=pass (no failures seen), suggesting a compromised account or abused infrastructure vs simple spoof failure.
Likely violates U.S. CAN-SPAM (deceptive content; missing required identification/opt-out) and anti-fraud/phishing laws, and abusive use of email standards (RFC 5321/5322). Network owner for 43.157.24.162 appears to be Tencent Cloud / Aceville PTE LTD (AS132203). Abuse: [email protected]show less