Email Header Report

🌐 Sender Summary

👉 From Address:melissa@vrrsc.co.za

📩 From Domain:vrrsc.co.za

👈 Reply Address:melissa@vrrsc.co.za

📩 Reply Domain:vrrsc.co.za

📅 Sent On:Mon, 10 Mar 2025 14:06:58

📅 Received Time:Mon, 10 Mar 2025 14:07:14

📅 Delivery Delay:16 seconds

📅 To:George Birch (george@riverfields.co.za)

📅 Cc:Lardus Erasmus (lardus@riverfields.co.za), Melissa Truter (melissa@riverfields.co.za), Gideon Van Der Vyver (gideon@riverfields.co.za), Melanie Birch (melanie@riverfields.co.za)

📩 Subject:URGENT (Info 📝)

📩 Interaction:The recipient has NOT previously interacted with the sender 'melissa@vrrsc.co.za'

👉 From Host Info:The (From) sender's domain (vrrsc.co.za) has been active since 10 Mar 2025, based on WHOIS registration records.

We have identified that the domain used in this email (vrrsc.co.za) was registered less than 1 days ago (based on Received Time: 10/Mar/2025 14:07:14). This is a significant red flag, as cybercriminals frequently create new domains to impersonate legitimate businesses and carry out fraudulent activities.

🚨 ALERT: The domain vrrsc.co.za no longer exists. This is a strong indicator of a disposable or fraudulent email identity.

🚀 Website:Click here to search for vrrsc.co.za (ReplyGuard was unable to locate a website)

Sender Results (click to expand)

From: Melissa Steyn <melissa@vrrsc.co.za>
To: George Birch <george@riverfields.co.za>
CC: Lardus Erasmus <lardus@riverfields.co.za>, Melissa Truter <melissa@riverfields.co.za>, Gideon Van Der Vyver <gideon@riverfields.co.za>, Melanie Birch <melanie@riverfields.co.za>
Subject: URGENT
Thread-Topic: URGENT
Thread-Index: AQHbkbT1zhgxUd+Qp0OTojEEMCUsCQ==
Date: Mon, 10 Mar 2025 12:06:58 +0000

🔍 Infrastructure Clues

(From) Mail Server Record (MX): None detected — this domain is not configured to receive email. Replies to the sender are likely to bounce.
(From) Infrastructure Hint: Missing MX records are unusual for legitimate domains and can indicate disposable or fraudulent senders.

📌 Authentication Results

✅ SPF Result:Pass - The (From) sender is authorized to send emails on behalf of vrrsc.co.za.

⚠️ DKIM Result:None - DKIM None – No DKIM signature was found for the email from vrrsc.co.za. Without DKIM, email integrity can't be verified — attackers could modify the message or impersonate the sender without detection, increasing the risk of fraud or tampering.

⚠️ DMARC Result:None - No DMARC policy is published for vrrsc.co.za. Without DMARC, there’s no protection against spoofing, and no visibility for the domain owner about misuse. Fraudulent emails may pass through to inboxes even if SPF or DKIM fail.

ℹ️ DKIMBody Result:None - No DKIM body hash found (no DKIM-Signature header present).

✅ DKIMAlignment Result:None - Not Applicable – As no DKIM signature Is present, alignment cannot be evaluated.

⚠️ ReturnPath Result:None - Return-Path is missing. This may indicate forwarding or a spoofed message.

✅ SMTPAuth Result:Pass - SPF passed, but smtp.mailfrom not found (possibly only present during SMTP transaction).

Authentication Results (click to expand)

received-spf: Pass (protection.outlook.com: domain of vrrsc.co.za designates 197.189.249.71 as permitted sender) receiver=protection.outlook.com; client-ip=197.189.249.71; helo=outgoing14.cpt4.host-h.net; pr=C

🚨 Spam & Threat Analysis

📊 SCL:5 - SCL value (5) indicates Likely spam – review before taking action.

🤖 Automated Message:No - There are no indicators that this email appears to be an automated notification.

Spam & Threat Results (click to expand)

X-MS-Exchange-Organization-SCL: 5

🚨 Spoofing / Phishing

DMARC:

❌ DMARC is None — domain is vulnerable to spoofing.
DKIM:

❌ DKIM is None — email integrity could not be validated.

🌐 Email Source & Routing:

SMTP IP:

👉

196.40.103.165

SMTP Country:

📍

South Africa

X-Originating-IP:

👉

(None)

X-Originating Country:

📍

(None)

Notes:

ℹ️

️ SMTP sender IP found: 196.40.103.165. No X-Originating-IP present.

📩 Microsoft Servers Only: No - External mail relays were involved.

📩 Mail Flow Routing:

⏱️ Initial sending delay: 1 second

Server	B/L	Received Time	Delay	IP Address	Country	Local IPv4	ISP
webmailweb1.cpt4.host-h.net	🚧	Mon, 10 Mar 2025 12:06:59	0 seconds	196.40.103.165	South Africa		xneelo-CPT
www25.cpt3.host-h.net	🚧	Mon, 10 Mar 2025 12:07:03	4 seconds	197.221.14.25	South Africa		xneelo-CPT
outgoing14.cpt4.host-h.net	🚧	Mon, 10 Mar 2025 12:07:05	2 seconds	197.189.249.71	South Africa		Xneelo (Pty) Ltd
AM8P190CA0002.EURP190.PROD.OUTLOOK.COM	🚧	Mon, 10 Mar 2025 12:07:07	2 seconds	2603:10a6:20b:219::7	United States		Microsoft Corporation
AMS0EPF000001B7.eurprd05.prod.outlook.com	🚧	Mon, 10 Mar 2025 12:07:07	0 seconds	2603:10a6:20b:219:cafe::8	United States		Microsoft Corporation
DB4PR08MB8128.eurprd08.prod.outlook.com		Mon, 10 Mar 2025 12:07:14	7 seconds	::1	(Localhost)	(0.0.0.1)

Timestamps don’t always flow correctly in reverse chronological order. Timestamp issues are likely due to processing delays or slight clock skew, a normal quirk in email routing.

Routing Source (click to expand)

Received: from DB4PR08MB8128.eurprd08.prod.outlook.com (::1) by DB9PR08MB6650.eurprd08.prod.outlook.com with HTTPS; Mon, 10 Mar 2025 12:07:14 +0000
Received: from AM8P190CA0002.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:219::7) by DB4PR08MB8128.eurprd08.prod.outlook.com (2603:10a6:10:381::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.26; Mon, 10 Mar 2025 12:07:07 +0000
Received: from AMS0EPF000001B7.eurprd05.prod.outlook.com (2603:10a6:20b:219:cafe::8) by AM8P190CA0002.outlook.office365.com (2603:10a6:20b:219::7) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8511.26 via Frontend Transport; Mon, 10 Mar 2025 12:07:07 +0000
Received: from outgoing14.cpt4.host-h.net (197.189.249.71) by AMS0EPF000001B7.mail.protection.outlook.com (10.167.16.171) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.20 via Frontend Transport; Mon, 10 Mar 2025 12:07:05 +0000
Received: from www25.cpt3.host-h.net ([197.221.14.25]) by antispam3-cpt4.host-h.net with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <melissa@vrrsc.co.za>) id 1trbuO-00GIAr-7O; Mon, 10 Mar 2025 14:07:03 +0200
Received: from webmailweb1.cpt4.host-h.net ([196.40.103.165] helo=webmailweb-cpt.konsoleh.co.za) by www25.cpt3.host-h.net with esmtpa (Exim 4.98) (envelope-from <melissa@vrrsc.co.za>) id 1trbuM-0000000Bg6k-3hTp; Mon, 10 Mar 2025 14:06:59 +0200

📉 Delivery Anomalies:

✅ No significant delivery delay was observed. (Risk: 0)
✅ No significant delivery delay to the first mail server was observed. (Risk: 0)

Delivery Source (click to expand)

Date: Mon, 10 Mar 2025 12:06:58 +0000
Received: from webmailweb1.cpt4.host-h.net ([196.40.103.165] helo=webmailweb-cpt.konsoleh.co.za) by www25.cpt3.host-h.net with esmtpa (Exim 4.98) (envelope-from <melissa@vrrsc.co.za>) id 1trbuM-0000000Bg6k-3hTp; Mon, 10 Mar 2025 14:06:59 +0200
Refer to '📩 Mail Flow Routing:' above for detailed routing information.

🔄 Forwarding & Alteration Check:

📢 Forwarded Likely: No - The headers indicate a normal routing path with no evidence of unauthorized forwarding or alteration.

📝 Altered Likely: No - The headers indicate a normal routing path with no evidence of unauthorized forwarding or alteration.

🧭 Observations:

New Message:

✅

This is a new message. It does not contain any conversations.
Shared Hosting Server Detected:

⛔

The email was submitted from a shared hosting server (www25.cpt3.host-h.net) with a public IP (197.221.14.25). This is common for webmail and bulk senders but should be reviewed if unexpected.
Message authenticated anonymously:

⛔

The message was authenticated anonymously. This usually indicates it was accepted from an external server without prior trust validation.
From Transport method:

📍

Message was submitted via authenticated SMTP (likely Outlook, mobile app, or scan-to-email device) using ESMTP.
Mail client header:

🙋

‍ No mail client header found (X-Mailer or User-Agent).

Observations Source (click to expand)

Email Conversation count of 0, based on PR_CONVERSATION_INDEX (Binary) &H710102
Received: from www25.cpt3.host-h.net ([197.221.14.25]) by antispam3-cpt4.host-h.net with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <melissa@vrrsc.co.za>) id 1trbuO-00GIAr-7O; Mon, 10 Mar 2025 14:07:03 +0200
X-MS-Exchange-Organization-AuthSource: AMS0EPF000001B7.eurprd05.prod.outlook.com
X-MS-Exchange-Organization-AuthAs: Anonymous
Received: from webmailweb1.cpt4.host-h.net ([196.40.103.165] helo=webmailweb-cpt.konsoleh.co.za) by www25.cpt3.host-h.net with esmtpa (Exim 4.98) (envelope-from <melissa@vrrsc.co.za>) id 1trbuM-0000000Bg6k-3hTp; Mon, 10 Mar 2025 14:06:59 +0200

💼 Forensic Data

Raw Email Headers (click to expand)

Received: from DB4PR08MB8128.eurprd08.prod.outlook.com (::1) by DB9PR08MB6650.eurprd08.prod.outlook.com with HTTPS; Mon, 10 Mar 2025 12:07:14 +0000
Received: from AM8P190CA0002.EURP190.PROD.OUTLOOK.COM (2603:10a6:20b:219::7) by DB4PR08MB8128.eurprd08.prod.outlook.com (2603:10a6:10:381::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8511.26; Mon, 10 Mar 2025 12:07:07 +0000
Received: from AMS0EPF000001B7.eurprd05.prod.outlook.com (2603:10a6:20b:219:cafe::8) by AM8P190CA0002.outlook.office365.com (2603:10a6:20b:219::7) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8511.26 via Frontend Transport; Mon, 10 Mar 2025 12:07:07 +0000
Received: from outgoing14.cpt4.host-h.net (197.189.249.71) by AMS0EPF000001B7.mail.protection.outlook.com (10.167.16.171) with Microsoft SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8534.20 via Frontend Transport; Mon, 10 Mar 2025 12:07:05 +0000
Received: from www25.cpt3.host-h.net ([197.221.14.25]) by antispam3-cpt4.host-h.net with esmtpsa (TLSv1.3:TLS_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from <melissa@vrrsc.co.za>) id 1trbuO-00GIAr-7O; Mon, 10 Mar 2025 14:07:03 +0200
Received: from webmailweb1.cpt4.host-h.net ([196.40.103.165] helo=webmailweb-cpt.konsoleh.co.za) by www25.cpt3.host-h.net with esmtpa (Exim 4.98) (envelope-from <melissa@vrrsc.co.za>) id 1trbuM-0000000Bg6k-3hTp; Mon, 10 Mar 2025 14:06:59 +0200
From: Melissa Steyn <melissa@vrrsc.co.za>
To: George Birch <george@riverfields.co.za>
CC: Lardus Erasmus <lardus@riverfields.co.za>, Melissa Truter <melissa@riverfields.co.za>, Gideon Van Der Vyver <gideon@riverfields.co.za>, Melanie Birch <melanie@riverfields.co.za>
Subject: URGENT
Thread-Topic: URGENT
Thread-Index: AQHbkbT1zhgxUd+Qp0OTojEEMCUsCQ==
Date: Mon, 10 Mar 2025 12:06:58 +0000
Message-ID: <c383dffb602bc39332df7159db8c2dcd@vrrsc.co.za>
Content-Language: en-ZA
X-MS-Exchange-Organization-AuthAs: Anonymous
X-MS-Exchange-Organization-AuthSource: AMS0EPF000001B7.eurprd05.prod.outlook.com
X-MS-Has-Attach: yes
X-MS-Exchange-Organization-Network-Message-Id: b4b642dc-c5d3-43ac-a927-08dd5fcc1304
X-MS-Exchange-Organization-SCL: 5
X-MS-TNEF-Correlator:
received-spf: Pass (protection.outlook.com: domain of vrrsc.co.za designates 197.189.249.71 as permitted sender) receiver=protection.outlook.com; client-ip=197.189.249.71; helo=outgoing14.cpt4.host-h.net; pr=C
x-ms-publictraffictype: Email
X-Microsoft-Antispam-Mailbox-Delivery: ucf:0;jmr:0;auth:0;dest:J;OFR:SpamFilterAuthJ;ENG:(910005)(944506478)(944626604)(4710117)(4715020)(4716014)(920097)(930097)(3100021)(140003);RF:JunkEmail;
X-Microsoft-Antispam-Message-Info: =?utf-8?B?SGl6cElxUWgvQkNRQWdydTNyZ0ZoTjFwTHRsQUlOREY3R3Y5THd1VUxyUmk0?= =?utf-8?B?U3RtTDBqamRLSlpsTkROUGQwR0orcW1OdTU1UWhDZXRkYmRBTDhIcld2Z2tW?= =?utf-8?B?dGhGT0FOUjFnenNvT00zZVFhdkVoc1NnM2tVeW5ReXFpTEh2VThMaTJjekV6?= =?utf-8?B?UklVMUNieUlhdjJJZDVTTkVaM0ZtQkE0RFF2Q0ZSdWhiL01DV3F3RDNHcUNQ?= =?utf-8?B?Q1VxYUx3YlRJeEZURnVVbS93VSsxNXA1dnl3QUsrcGxLWHVRa3FjWmRqVTFn?= =?utf-8?B?RDdzcTAweHlzNVAzZUVRbnZJL2hhZ0hmbE9RVnBsTEZNWERUL3BDS2p0UlQ3?= =?utf-8?B?bnduYkVMWmVVZi9xTHFJTzBIVVVJWmpoOEFqbjUyK0xINjUyUGQxYXJWNHg5?= =?utf-8?B?SUt1dDFHNTJBbnljMmNhLzZDRUFtelloRG0ySEIySWNUMXFRbTdWeXFPbDlu?= =?utf-8?B?MUFZWTQrOWpQQTNwOGtxS1VKeDQvUmpmdXorYlFtQXRkQk9YY0pleWRuUHVY?= =?utf-8?B?RkJTUWZOM1RoeGV1Mk5iMTk3aUFCR1Z2Mkp3dkxlbzI0NUE1MXJOWHRvKytO?= =?utf-8?B?TEdOdVFSTnJvU0tGZW1FY1V2K2I1c1ZhYm1OWEFJeE9TcGowT3pEbThyWEtn?= =?utf-8?B?cFdDU2hzTjA3VWU3MlVwaGJoL1EycnpFTW1ZZWpBNWtldHo3dm90KzcyK2kx?= =?utf-8?B?MVVTN1lQV1BQMmFLMFI5OVBlbTNkRTd3azRCVUJGU3RYZGkwd0YwVnNaS3ha?= =?utf-8?B?OGt2UzJ2N1JjdGlrL2hOcHQxYlU5VmVucEgvMUhEQUp2bE5pdXZ3QXozTzdT?= =?utf-8?B?OEN2MGFhRkdtOW5CZVl5YnR2ZDErYkhuZ2hFNnB4N1RvUmViNzdKZ2FYdXlm?= =?utf-8?B?NWxRYVprNnFuWCtUM3JSQVc4MUdJT0ZWaGgxSFdpTFVqUjU3TWowR0R2ZzFR?= =?utf-8?B?SCtKS2lETVVQQTRrdTJvQUphMmd0dXoxbUFzdWtBR2pOam1ST2FGcUtqSFZy?= =?utf-8?B?ODB6enAzMTdrUUlmK0Q4N2xFYWlUMFRxVHhhNXltazJnNVFxanQ3V1pxM2w4?= =?utf-8?B?b1NDQXNHVDc5elhKaElHdndEMXVVeEtlc0JGMmRmdm9NeDRURVpBUnRSUDRJ?= =?utf-8?B?K2U1d0YrME9GRTUwcWdXa2x5MVZRUEw2ZTgzemNUWmM5NnRrSUpaVXhxYmJx?= =?utf-8?B?ZngrOHVBUERoSlZGaTFMcGhVQlhIdEdyVDdTMXI0SGdYZ3QvNGY5RUdFc0Zs?= =?utf-8?B?VkltNFg5YlFhYzVDWloydTRyN1c0ZzlGeDNGcTY0QytaN2JZK05peVdXUXZa?= =?utf-8?B?NFFsdDdQOUo2QnZWYzNwZGhxOFVzL1k0UEc0bTFVYjlLSG5FNFlwbmlvY1NV?= =?utf-8?B?dHBwZVhkY0o1U2N1a2JHS0g4ZGZVMjQzSk9WRDVCUUcyemx6dWovMDZIdnAr?= =?utf-8?B?YUR4aitrajF4b09lOVFHOEhEU002RHB0VVdqVTZSWTdQMVJhMGZ5eldXRm9Y?= =?utf-8?B?OEFMV1BoWUNDa2VIRFF0TGtYL0oyeDEyN0pMN3NpMGV5a0x0ZFY1Q2R2RUpP?= =?utf-8?B?eHlXS25SWkgwbURhZi9NbzRRdDhpdUJWcVk3U2loVHhNdVh0M2hXV2d2aUhr?= =?utf-8?B?a2dhaDdLL1JVWWZrRE9xRnNyQ2FZYmVvckNKazJCYVlqN1hlRkZ3a3orNGF2?= =?utf-8?B?SHRVSGhWQmFHTWJtNmFCb3grVThLc2prSnZ5WTF1YU5iakdvQ09WVFJweThZ?= =?utf-8?B?V3NRdVNZOGs5V1ZtT3BRblNycU9rWjlOd2Y0UTZSUzZHK2NaSmxrRDhYNlBH?= =?utf-8?B?alQraU5KbEs3SXlTY1JFQjRON29PNDUwdVo0REFhbW9xc2hZbEtEVVJNUjVM?= =?utf-8?B?S2ZseU5NUHZhTEJpb3NEUVJTNllFcmVMVlUwSGJlZlZBbzVFUlBVa0g1dUtE?= =?utf-8?B?TUE2eG1CRWtyN3dJbG9hQk0wQTF5aG5jb1d1MlNOYVllbk5WRFhGaGUxMkxR?= =?utf-8?B?YlRrbmZEMkZMUkMwaDJHWE9idEsxaHJIUk5xZDF5M1BJTmdrSUsyVVVvamNp?= =?utf-8?B?bXRwRFNrZjNNM2NHbzZWNTlhdldRYmdHUWRFM1E3NDlXajJhTG0xQWxjOWZJ?= =?utf-8?B?NE94YS9CMnBDUjRtNGRaaGlsOTFQOHlnZVZLNXpPVTQzR2lkVUEwT1dGMTlG?= =?utf-8?B?OTJVa1puVmMwR2V0bUhUdHJmUVNNWXlLUlorTU9YWityTUxNSWhtc0Fvc3M2?= =?utf-8?B?SnVuSDhybll4WWJhY21Teko5NVpmMnVTSXhKSWlRRWJ2QXFvWHpCdElxaCs2?= =?utf-8?B?VUpEaDhoUXZ2WXo2Mmw2SkdYQzZLTzVkbVBqUlp6ZTFveldJUzBvREtIZTVE?= =?utf-8?B?NTFlR0RhRzhOYldVbXBvd3JWL0pEczFvSGJObVgwYlZtR2xqNHF3MER4a08x?= =?utf-8?B?WHcvUkczR2ZtR2s5eS9vR1cxd1lLMkplclRYUG0rdDlZUm1WM2piZHRvdkFQ?= =?utf-8?B?NUhUSTg1eEJOeWdGM20wSmFTeEpweXRnNUY5aW1Fb0tNYnkwd0w2a0h0aVRX?= =?utf-8?B?b2pTMEFwaEpUWmdxWWVpa0xLWXZrTWtpYWozbmxpc1dwN3pFVHhJcW5Ic2ZK?= =?utf-8?B?SkRXenRrNnJLZE5WcjQ4QWVrK1FZR0xnMzV1MmJPVitiSHpFK0svZjZqV0Ny?= =?utf-8?B?eTh0NWJxakRxTEd6emwyT0lHS0w5N2VyQjdFOFUrSnJDSWUycGpGZHlIU2RO?= =?utf-8?B?eEUzSld5TVYwMUlsZHpXaGw2ekRXSG80Mm9OTEpVTXlSTUtzenJXZnM0Slkz?= =?utf-8?B?c0ZJVDNJN1J3Wi9FQitWUmp4ekFDWVcrSTNuZUltdzNUaENQUERrOFhiMUdU?= =?utf-8?B?K3J0NGtrRHp0cEIvTGROZlVBMzBWWHFWcGFZaU1jb2tuYWgxMFgzV1ZVTm0x?= =?utf-8?B?dVhhYXJwSTN2MDNRSmM0RklyOWUrSm80TkhPamtxL3VBajllUDRRTkdXdEIr?= =?utf-8?B?dENrU0xwVGg0UGxHS0pGNUJmQnFjWGprdVdMeUtYaFpNbUFhQXRyVUtSMHRY?= =?utf-8?B?YTNvT1YwaUlqdTV1cFdmZFBDclhkQXY1QkdLL2d6d1pySlA3Q0NQV2pWUTBH?= =?utf-8?B?NkpwNWVPUjNBR3hWZm16Qm5PeEMxNEVzK3o2a1hrOEQxTGc0VXpxWXNaa1h5?= =?utf-8?B?M09NcVdiMG9QbUFweWFwcUNQVGxmS0xEcHpDTWhBam5pTk1lNEhnQUd0VHlm?= =?utf-8?B?aG1nMkRKUXJNc1lHcmdscTVzRFhZZzF5N0ZzTkhTWWFnb0NsNFByekNScDFY?= =?utf-8?B?MWNmdmhlblhjK1pOZGZQNm9yem5Qc1BtYWswcS9SUTJCRVdzZTduanJGVDMv?= =?utf-8?B?aklGUzN3VUZJUmhwMkVNK2diNlBFUTNzRkRwTTllSG1IeEFQY1RsdlJIOGQv?= =?utf-8?B?aFZDMnRqWHFobXRWNy9rMW4yZk5rUUNVcUVSZVI5dHlSbVVBRFBaWTZlelZT?= =?utf-8?B?anhWUExhMTdGNWFhWmxacDZmSUY2Y1RodlRVWEZib2laN3gzVi9SVThjcnd6?= =?utf-8?B?YVBZQlZUd0trbTRuR1pyS2NMZk5xa1FCU1g0WTE5UlFPQTBmTHZvTnIwQXpa?= =?utf-8?Q?MqAj+TwGBAuIpCCyVM2u7+nt+4UDaInhf?=
Content-Type: multipart/related; boundary="_006_c383dffb602bc39332df7159db8c2dcdvrrsccoza_"; type="multipart/alternative"
MIME-Version: 1.0

📊 Risk Summary

📠 Total Risk Score: 62

📢 Risk Level: High Risk

Risk Breakdown:

+14 Risk Points:

The From domain 'vrrsc.co.za' no longer exists. This is a strong indicator of a disposable or fraudulent email identity.
+14 Risk Points:

The Reply-To domain 'vrrsc.co.za' no longer exists. This is a strong indicator of a disposable or fraudulent email identity.
+4 Risk Points:

Subject Emotionally Charged Phrase
+1 Risk Points:

The email was submitted from a shared hosting server (www25.cpt3.host-h.net) with a public IP (197.221.14.25). This is common for webmail and bulk senders but should be reviewed if unexpected.
+2 Risk Points:

The message was authenticated anonymously. This usually indicates it was accepted from an external server without prior trust validation.
+3 Risk Points:

Return-Path is missing. This may indicate forwarding or a spoofed message.
+2 Risk Points:

DKIM None – No DKIM signature was found for the email from vrrsc.co.za. Without DKIM, email integrity can't be verified — attackers could modify the message or impersonate the sender without detection, increasing the risk of fraud or tampering.
+3 Risk Points:

DMARC None – No DMARC policy is published for vrrsc.co.za. Without DMARC, there’s no protection against spoofing, and no visibility for the domain owner about misuse. Fraudulent emails may pass through to inboxes even if SPF or DKIM fail.
+5 Risk Points:

SCL value (5) indicates Likely spam – review before taking action.
+14 Risk Points:

The From domain vrrsc.co.za is only 1 days old

ℹ️ ReplyGuard Email Header Analysis Report