I've got a friend who had someone set them up with a Drupal site with a contact form that seems to be a source for a regular supply of a pretty specific spam message, following the format below, I'm not really following this subject these days, are they just hoping to get a reply to a compromised address?



Delivered-To: [REDACTED]
Received: by 2002:ab0:132:0:0:0:0:0 with SMTP id 47csp1410696uak;
        Sat, 3 Oct 2020 13:35:12 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJyDS5zn1x1U8jQ3MaYbgUaKiu7tinH4f8YX5e8+gEU486en/ubXkbgnyHFzoiUkzXxL94Fa+Ka75aE=
X-Received: by 2002:ab0:768:: with SMTP id h95mr4126067uah.23.1601757309795;
        Sat, 03 Oct 2020 13:35:09 -0700 (PDT)
Authentication-Results: mx.google.com;
       spf=pass (google.com: found no external ips, assuming domain of [REDACTED]@gmail.com as permitted sender) smtp.mailfrom=[REDACTED]@gmail.com
Received-SPF: pass (google.com: found no external ips, assuming domain of [REDACTED]@gmail.com as permitted sender)
Received: by 2002:ab0:7354:: with POP3 id k20mf978119uap.3;
        Sat, 03 Oct 2020 13:35:09 -0700 (PDT)
X-Gmail-Fetch-Info: [REDACTED] 1 [REDACTED]z 110 [REDACTED]
Return-Path: <[REDACTED]@gmail.com>
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on [REDACTED].com
X-Spam-Level: *
X-Spam-Status: No, score=1.6 required=7.0 tests=FORGED_GMAIL_RCVD, FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,FREEMAIL_REPLYTO_END_DIGIT, HTML_MESSAGE,MIME_HTML_ONLY,NO_RELAYS autolearn=no autolearn_force=no version=3.4.2
X-Original-To: [REDACTED]
Delivered-To: [REDACTED]
Received: by [REDACTED].com (Postfix, from userid 10049) id 0909E2FB33; Sat,
  3 Oct 2020 20:22:27 +0000 (UTC)
Subject: tqeHkBFDSQh
MIME-Version: 1.0
Content-Type: text/html; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8Bit
X-Mailer: Drupal
Sender: [REDACTED]@gmail.com
From: LvCXPmykHRznjBc <[REDACTED]@gmail.com>
Reply-to: LvCXPmykHRznjBc <[REDACTED]@gmail.com>
Message-Id: <20201003202227.0909E2FB33@[REDACTED].com>
Date: Sat,
  3 Oct 2020 20:22:27 +0000 (UTC)