Tier · dangerous
Verdict

Confirmed scam — delete it

Our AI analyst read the message body and judged it likely to be phishing.

support@deluxeforbusiness.com
At a glance
AI · 92% phishingDNSBL · 1 list
Risk score
98
/ 100
malicious
AI analyst

MalwareTips analyst · message material

credential_theft

This email uses a fake fax delivery notification to trick you into opening a potentially malicious attachment.

Phishing likelihood92%
Spam likelihood85%
Red flags identified
  • The sender domain is listed on the URIBL DNSBL, indicating it is associated with known spam or malicious activity.
  • The email contains a suspicious URL that uses an '@' symbol trick to potentially mask the true destination of the link.
  • The message uses a generic 'Dear Customer' greeting rather than addressing the recipient by name.
  • The SPF record for the sender domain resulted in a soft-fail, suggesting the email may not have originated from an authorized server.
  • The visual layout contains broken image placeholders and an external sender warning, which are common traits of automated phishing templates.
What to do

Do not open any attachments or click any links within this email. Delete the message immediately and do not call the phone numbers provided.

Why this verdict

Every scoring adjustment, in dominance order. Shows exactly how we got from 100 to the final trust number.

Why this verdict

1002

The scorer starts every address at 100 trust and applies each signal below in turn. Negative deltas are penalties (red), positive deltas are bonuses (emerald). Final clamped trust: 2.

  • AI analyst flagged 92% phishing likelihood (credential_theft).
    ai_phishing_detected
    -46
  • Screenshot OCR + visual pass flagged 85/100 phishing risk: The email uses a common fax delivery lure with broken image assets and a generic 'Dear Customer' greeting. The presence of a PDF attachment combined with an external sender warning suggests a high risk of malware delivery via the attachment.
    screenshot_phishing_visual
    -26
  • Listed on 1 DNSBL: URIBL.
    dnsbl_listed
    -15
  • AI analyst flagged 85% spam likelihood.
    ai_spam_detected
    -13
  • Domain publishes strong authentication policy: DMARC p=none · SPF soft-fail.
    auth_dns_published
    +5
Sender identity

Display name, domain reputation, and authentication checks for the From address.

Display-name impersonation

NO BRAND CLAIM

The display name doesn't resemble any of the top phished brands we track — this isn't a brand-impersonation attempt.

Brand-lookalike radar

ok

No typosquat or homoglyph match against the top 50 phished brands.

Domain age

timeout

RDAP check did not run.

Content evidence

Signals extracted from the message body, embedded URLs, and uploaded screenshot.

Phishing-pattern signals

1 signal

Rule-based pattern matches we ran across the message body and OCR text BEFORE the AI analyst. Each is a hint, not a verdict.

  • Uses a generic, impersonal greetinglow
    l-Free Fax Number 8882801168 Dear Customer, From: 980 224-6995 Pages: 1

Links extracted from this email

1 shown

Each link was scored against a host-level suspicion heuristic. Click Scan link to run our full URL scanner on the destination — it'll show our verdict alongside Google Safe Browsing, VirusTotal, URLhaus, and the others.

  • deluxeforbusiness.com
    Link uses plain HTTP, not HTTPSURL uses a user-info `@` trick that hides the real destination
    Suspicion
    30

Screenshot vision analysis

VISUAL · 85/100

The email uses a common fax delivery lure with broken image assets and a generic 'Dear Customer' greeting. The presence of a PDF attachment combined with an external sender warning suggests a high risk of malware delivery via the attachment.

Displayed From
EXTERNAL Email from: <support@deluxeforbusiness.com>
Visual red flags
  • Broken image placeholders
  • Generic greeting
  • External sender warning banner
  • Unexpected PDF attachment
  • Fax delivery lure
Visible URLs in screenshot
  • http://support@deluxeforbusiness.com
Infrastructure

MX records, deliverability probe, provider classification, and DNS blocklists.

Deliverability

ok
  • RFC 5322 syntax valid
  • 3 MX records published
    mx1c40.carrierzone.commx2c40.carrierzone.commx3c40.carrierzone.com
  • SMTP probe · unknownSMTP probe disabled (set SMTP_PROBE_ENABLED=true to enable)

Provider classification

ok

Not on our disposable-provider list and not a recognised consumer freemail (Gmail / Outlook / Yahoo etc.) — likely a custom domain.

DNS blocklists

ok

Listed by 1 of 3 blocklists:

URIBL
Reputation

Breach history for this address and the structural identity of the sending domain.

Breach exposure (HIBP)

ok

HIBP_API_KEY not configured

Sender infrastructure

Domain
deluxeforbusiness.com
Domain age
Unknown
Provider
custom domain
MX hosts
mx1c40.carrierzone.commx2c40.carrierzone.commx3c40.carrierzone.com
MalwareTips never stores the raw address. Every input is SHA-256 hashed before persistence — the URL above IS that hash. We keep the local part, domain, and display name separately so the report can render them; the original raw input is dropped after the scan. If you received this email and are worried, do not click any links and do not reply — verify the sender through a known-good channel.