BMW LOTTERY DEPARTMENT

Spam detection software, running on the system "email-alias-us-east4-009f-230z.us-east4-b.c.gsk-ih-backend-prod-4f82.internal",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.

Content preview: BMW LOTTERY DEPARTMENT 5070 WILSHIRE BLVD LOS ANGELES. CA
90036

Content analysis details: (41.8 points, 5.0 required)

pts rule name description
---- ---------------------- --------------------------------------------------
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was
blocked. See
http://url9945.gskinternet.com/ls/click?upn=7VFgc2Px09pD-2FvpiIJfWCyRAhhNyA7WC72WVijmclGtNq-2FzxTm2-2BwfaU6gwmEmN-2Fl8lUK3OZlAloDNCHi6jSrBE0xD9R1jTbNzDJO6Q3nw0-3DhMxn_Uq3RFSm5fOZoEROYs8jF195SMeXoKikK-2FANYYRS5jKOzUc-2BzzuVx-2FjVFf2vYv-2BRN74b-2BQku-2FYWnn9x4-2FaAdB4n-2FlhgIr8PTKc40i2vjXMS-2FIjacU1zSZc9iQfASoSvut29sNSVD4DaTHsdYeDUdhdGGxX6LEtYc3OwaxHhpAp5kdhxcJog06yqfHT51Fg7w7YU8eLQ3g0Y6J4xntdIsgN5MDjRVsR3qlIUU6gktcWNA-3D
for more information.
[URIs: bmwusa.com]
3.1 DEAR_WINNER BODY: Spam with generic salutation of "dear winner"
1.0 NSL_RCVD_FROM_USER Received from User
0.0 FSL_HELO_NON_FQDN_1 No description available.
1.0 FSL_CTYPE_WIN1251 Content-Type only seen in 419 spam
0.5 SUBJ_ALL_CAPS Subject is all capitals
1.2 MISSING_HEADERS Missing To: header
0.2 FREEMAIL_REPLYTO_END_DIGIT Reply-To freemail username ends in
digit
[bmwoffice630[at]gmail.com]
0.0 SPF_NONE SPF: sender does not publish an SPF Record
0.1 MIME_HTML_ONLY BODY: Message only has text/html MIME parts
0.0 HTML_MESSAGE BODY: HTML included in message
3.4 MSOE_MID_WRONG_CASE No description available.
0.0 LOTS_OF_MONEY Huge... sums of money
1.0 HELO_NO_DOMAIN Relay reports its domain incorrectly
1.0 HK_NAME_MR_MRS No description available.
1.0 FROM_MISSP_USER From misspaced, from "User"
1.0 HK_LOTTO No description available.
1.0 FSL_NEW_HELO_USER Spam's using Helo and User
1.0 FROM_MISSP_XPRIO Misspaced FROM + X-Priority
0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only
0.4 RDNS_DYNAMIC Delivered to internal network by host with
dynamic-looking rDNS
1.0 AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
1.9 REPLYTO_WITHOUT_TO_CC No description available.
1.0 FROM_MISSP_MSFT From misspaced + supposed Microsoft tool
0.6 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format
0.0 DYN_RDNS_SHORT_HELO_HTML Sent by dynamic rDNS, short HELO, and
HTML
1.0 FROM_MISSP_DYNIP From misspaced + dynamic rDNS
2.5 FREEMAIL_FORGED_REPLYTO Freemail in Reply-To, but not From
1.0 FROM_MISSPACED From: missing whitespace
1.0 TO_NO_BRKTS_FROM_MSSP Multiple header formatting problems
1.0 FROM_MISSP_REPLYTO From misspaced, has Reply-To
1.0 KHOP_HELO_FCRDNS Relay HELO differs from its IP's reverse DNS
1.0 MIMEOLE_DIRECT_TO_MX MIMEOLE + direct-to-MX
3.1 DOS_OE_TO_MX Delivered direct to MX with OE headers
0.0 FILL_THIS_FORM Fill in a form with personal information
1.0 FROM_MISSP_EH_MATCH From misspaced, matches envelope
1.0 TO_NO_BRKTS_MSFT To: lacks brackets and supposed Microsoft tool
0.0 T_FILL_THIS_FORM_LOAN Answer loan question(s)
2.8 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook
1.0 MONEY_FORM Lots of money if you fill out a form
1.0 ADVANCE_FEE_4_NEW_FRM_MNY Advance Fee fraud form and lots of
money
1.0 MONEY_FRAUD_5 Lots of money and many fraud phrases
1.0 FORM_FRAUD_5 Fill a form and many fraud phrases

The original message was not completely plain text, and may be unsafe to
open with some email clients; in particular, it may contain a virus,
or confirm that your address can receive spam. If you wish to view
it, it may be safer to save it to a file and open it with an editor.