Jump to content

I think I got suckered


Recommended Posts

There is not enough information to tell if that was a Real Email or a Scam Email.

The way to corroborate is to examine the Full Headers and Body of that email.  That will indicate if it is Real or not.

Please extract the RAW Full Header and Body of the suspect email into a TXT file and attach it or extract it as an EML file and place it in a ZIP file and attach it in your reply.  Either one can help determine a path going forward.

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
  • Thanks 1
Link to post
Share on other sites

No.  TXT files can be directly attached to a post while EML files can not and thus placing them in an Archive (ZIP, RAR or 7zip) and then attaching the Archive will allow that file extension file format to be attached.

However, that is not a RAW email message containing the Full Header and Body and thus can not not be used to authenticate the email.

Below is a redacted email header sample.  Compare the contents of your TXT file with the below and you will clearly see a big difference

Return-Path: <gmaxaf76tp-z497qy-ab4bk47103w2gkvkawb0@email.conservativenews.com>
Delivered-To: REDACTED@comcast.net
Received: from dovdir1-asa-06o.email.comcast.net ([])
	by dovback1-asa-22o.email.comcast.net with LMTP
	id CBGzH8YeRmLKegAAZIXjgg
	(envelope-from <gmaxaf76tp-z497qy-ab4bk47103w2gkvkawb0@email.conservativenews.com>)
	for <REDACTED@comcast.net>; Thu, 31 Mar 2022 21:36:06 +0000
Received: from dovpxy-hoc-08o.email.comcast.net ([])
	by dovdir1-asa-06o.email.comcast.net with LMTP
	(envelope-from <gmaxaf76tp-z497qy-ab4bk47103w2gkvkawb0@email.conservativenews.com>)
	for <REDACTED@comcast.net>; Thu, 31 Mar 2022 21:36:06 +0000
Received: from resimta-a1p-087404.sys.comcast.net ([])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by dovpxy-hoc-08o.email.comcast.net with LMTPS
	id GCOtK8UeRmKMHwAA5hpKTg
	(envelope-from <gmaxaf76tp-z497qy-ab4bk47103w2gkvkawb0@email.conservativenews.com>)
	for <REDACTED@comcast.net>; Thu, 31 Mar 2022 21:36:05 +0000
Received: from mail050.on.mlsend.com ([])
	by resimta-a1p-087404.sys.comcast.net with ESMTP
	id a2SBnU2myQzWGa2SCnVw3t; Thu, 31 Mar 2022 21:35:41 +0000
X-CAA-SPAM: F00000
X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedvvddrudeigedgudeivdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihenuceurghilhhouhhtmecufedtudenucenucfjughrpefuhfhrvfffkffjtgggsegrtderredttdejnecuhfhrohhmpefluffknfgggfftpgfouffvoehonhhlihhnvggsihguughinhhgsehqnhhggihllhgrjhgtghgsthgrhhhhrdgtohhmqeenucggtffrrghtthgvrhhnpeekkeejkefgleekgeeiudduffefgfetteelteehhffhkeduteevudejueefudefhfenucfkphepvddrheekrdduvdehrddukeejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghlohepmhgrihhltdehtddrohhnrdhmlhhsvghnugdrtghomhdpihhnvghtpedvrdehkedruddvhedrudekjedpmhgrihhlfhhrohhmpehgmhgrgigrfhejiehtphdqiiegleejqhihqdgrsgegsghkgeejuddtfeifvdhgkhhvkhgrfigstdesvghmrghilhdrtghonhhsvghrvhgrthhivhgvnhgvfihsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepjhhsihhlvhgvrhgpmhhsthestghomhgtrghsthdrnhgvth
X-Xfinity-VMeta: sc=0.00;st=legit
X-Xfinity-Message-Heuristics: IPv6:N;TLS=0;SPF=2;DMARC=
From: REDACTED<onlinebidding@qngxllajcgbtahh.com>
Reply-To: =?utf-8?Q?Inglis=20Online=20Bidding?= <onlinebidding@qngxllajcgbtahh.com>
To: <REDACTED@comcast.net>
Date: Thu, 31 Mar 2022 17:35:39 -0400
Message-ID: <05bxciy5dbhhwtfbyqxy3wgxt.qm1wp07fbh.20220330220005.0773210992.vd38z027@mail239.wdc02.mcdlv.net>
Feedback-ID: 23949751:23949751.304656:us3:mc
X-Accounttype: pd
List-Unsubscribe: <https://qngxllajcgbtahh.us3.list-manage.com/unsubscribe?u=05bxciy5dbhhwtfbyqxy3wgxt&id=a9878cb437&e=qm1wp07fbh&c=0773210992>, <mailto:unsubscribe-mc.us3_05bxciy5dbhhwtfbyqxy3wgxt.0773210992-qm1wp07fbh@unsubscribe.mailchimpapp.net?subject=unsubscribe>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Content-Type: multipart/alternative; boundary="_----------=_MCPart_51821476"
MIME-Version: 1.0


Хай Бог благословить Україну.  Although I am a US citizen, I have mixed Eastern European blood flowing in my veins.


Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites

Thank you.

The email is legitimate.

Received: from [] ([] helo=r192.e.siriusxm.com) by momentum04.or1.cpt.adobe.net (envelope-from <bounce@e.siriusxm.com>) (ecelerity r(Core: with ESMTP id 19/D6-20418-B75A5426; Thu, 31 Mar 2022 05:58:35 -0700


  • Like 2
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.