Jump to content

Suspicious email


Recommended Posts

There is not enough information to tell if that was a Real Email or a Scam Email.  Chances are though it is legitimate.

The way to corroborate the message is to examine the Full Headers and Body of that email.  That will indicate if it is Real or not.

Please extract the RAW Full Header and Body of the suspect email into a TXT file and attach it or extract it as an EML file and place it in a ZIP file and attach it in your reply.  Either one can help determine its legitimacy.

Link to post
Share on other sites

I don't know how to do this: "Please extract the RAW Full Header and Body of the suspect email into a TXT file"

Is there an email address I can forward it to please?

It can't be real... it's asking for payment in 30 days for something that the same email says expires in October 2022

Link to post
Share on other sites

Thank you.

That's incomplete.

Below is a redacted email header sample.  Compare the contents of your TXT file with the below and you will clearly see a big difference

Return-Path: <gmaxaf76tp-z497qy-ab4bk47103w2gkvkawb0@email.conservativenews.com>
Delivered-To: REDACTED@comcast.net
Received: from dovdir1-asa-06o.email.comcast.net ([])
	by dovback1-asa-22o.email.comcast.net with LMTP
	id CBGzH8YeRmLKegAAZIXjgg
	(envelope-from <gmaxaf76tp-z497qy-ab4bk47103w2gkvkawb0@email.conservativenews.com>)
	for <REDACTED@comcast.net>; Thu, 31 Mar 2022 21:36:06 +0000
Received: from dovpxy-hoc-08o.email.comcast.net ([])
	by dovdir1-asa-06o.email.comcast.net with LMTP
	(envelope-from <gmaxaf76tp-z497qy-ab4bk47103w2gkvkawb0@email.conservativenews.com>)
	for <REDACTED@comcast.net>; Thu, 31 Mar 2022 21:36:06 +0000
Received: from resimta-a1p-087404.sys.comcast.net ([])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	by dovpxy-hoc-08o.email.comcast.net with LMTPS
	id GCOtK8UeRmKMHwAA5hpKTg
	(envelope-from <gmaxaf76tp-z497qy-ab4bk47103w2gkvkawb0@email.conservativenews.com>)
	for <REDACTED@comcast.net>; Thu, 31 Mar 2022 21:36:05 +0000
Received: from mail050.on.mlsend.com ([])
	by resimta-a1p-087404.sys.comcast.net with ESMTP
	id a2SBnU2myQzWGa2SCnVw3t; Thu, 31 Mar 2022 21:35:41 +0000
X-CAA-SPAM: F00000
X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgedvvddrudeigedgudeivdcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihenuceurghilhhouhhtmecufedtudenucenucfjughrpefuhfhrvfffkffjtgggsegrtderredttdejnecuhfhrohhmpefluffknfgggfftpgfouffvoehonhhlihhnvggsihguughinhhgsehqnhhggihllhgrjhgtghgsthgrhhhhrdgtohhmqeenucggtffrrghtthgvrhhnpeekkeejkefgleekgeeiudduffefgfetteelteehhffhkeduteevudejueefudefhfenucfkphepvddrheekrdduvdehrddukeejnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghlohepmhgrihhltdehtddrohhnrdhmlhhsvghnugdrtghomhdpihhnvghtpedvrdehkedruddvhedrudekjedpmhgrihhlfhhrohhmpehgmhgrgigrfhejiehtphdqiiegleejqhihqdgrsgegsghkgeejuddtfeifvdhgkhhvkhgrfigstdesvghmrghilhdrtghonhhsvghrvhgrthhivhgvnhgvfihsrdgtohhmpdhnsggprhgtphhtthhopedupdhrtghpthhtohepjhhsihhlvhgvrhgpmhhsthestghomhgtrghsthdrnhgvth
X-Xfinity-VMeta: sc=0.00;st=legit
X-Xfinity-Message-Heuristics: IPv6:N;TLS=0;SPF=2;DMARC=
From: REDACTED<onlinebidding@qngxllajcgbtahh.com>
Reply-To: =?utf-8?Q?Inglis=20Online=20Bidding?= <onlinebidding@qngxllajcgbtahh.com>
To: <REDACTED@comcast.net>
Date: Thu, 31 Mar 2022 17:35:39 -0400
Message-ID: <05bxciy5dbhhwtfbyqxy3wgxt.qm1wp07fbh.20220330220005.0773210992.vd38z027@mail239.wdc02.mcdlv.net>
Feedback-ID: 23949751:23949751.304656:us3:mc
X-Accounttype: pd
List-Unsubscribe: <https://qngxllajcgbtahh.us3.list-manage.com/unsubscribe?u=05bxciy5dbhhwtfbyqxy3wgxt&id=a9878cb437&e=qm1wp07fbh&c=0773210992>, <mailto:unsubscribe-mc.us3_05bxciy5dbhhwtfbyqxy3wgxt.0773210992-qm1wp07fbh@unsubscribe.mailchimpapp.net?subject=unsubscribe>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Content-Type: multipart/alternative; boundary="_----------=_MCPart_51821476"
MIME-Version: 1.0


Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites

Thank You.

This is a Legitimate Malwarebytes' Subscription renewal notification.


I have requested your PII be redacted from this thread.

Edited by David H. Lipman
Edited for content, clarity, spelling and/or grammar
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.