Decipher this code
 

I received an email supposedly from USPS. It didn't look right so I right clicked the "FROM" in the header which gave me a variety of options. I chose "show complete header". This is what I get. Looks very suspicious to me.



From Standard Shipping Sun Apr 6 11:59:40 2014
X-Apparently-To: via 98.138.90.142; Sun, 06 Apr 2014 18:59:48 +0000
Return-Path: <recepcionxalostoc@migdal.com.mx>
Received-SPF: permerror (encountered permanent error during SPF processing of domain of migdal.com.mx)
ZG50IG1ha2UgdGhlIGRlbGl2ZXJ5IG9mIHBhcmNlbCB0byB5b3 UgYXQgMzF0
aCBNYXJjaC4gUHJpbnQgbGFiZWwgYW5kIHNob3cgaXQgaW4gdG hlIG5lYXJl
c3QgcG9zdCBvZmZpY2UuIFByaW50IGEgU2hpcHBpbmcgTGFiZW wgTk9XIFVT
UFMgfCBDb3B5cmlnaHQgMjAxNCBVU1BTLiBBbGwgUmlnaHRzIF Jlc2VydmVk
LiABMAEBAQEDdGV4dC9wbGFpbgMDMAIDdGV4dC9odG1sAwMz
X-YMailISG: vQWzs3MWLDsuNpCZZVMBowoS9lqAhN13raWjZ286lDom27mc
iyghSSG64rZdJkTWOyXleyJR2s8oy9OcuDORci86rSz.vtpoDY k7LBIcigaz
VokxkV.AqsG.GvxPFDG5AFgzjvgavwbGxgqupk5aB46f2ux5HT QjfrkskG1L
CRYX_RSsYMnlaofHch7ysy2XI260F4BexgQ8_bQuuKOYk7GYrC i5_XXu0Vvs
P9HL1MnElTIHjamUhlkLXo8yL5dvXlvLdSucmN9Fzck04RyMc_ e.8_mFCBMx
rqmS_0TQKCUqmxIEGaX_zibo9nrYdZq14EYRMHa9x7zoQR77A8 NSfiTkU5zu
eLUceYVxZcjfDI6aCmvp1Syua0ZMuAkaml7lPSu4D8lEWdGJNg euwiTIPDf9
DX.AHTEShbWCYCf3I_Mz_POBsx3B9_pttQbMkOUSwc3_8UXV0M OFm3T2kzRh
QS2pP31IsyWhaXftLqWhrtf2agPwF7snORCuznLDOKjKIytqne 7qcXrYv2FU
XusrWPRhvW.u_vE1u92IRd5Xf9scF8tprR2vbpa0yqoL.cpxtp 0CtuM1.zfb
i4GISWPVSilpPDyLhRtt7YiUus5yBqaXgkrm0Nia8iF8CVr5Uu ormu6DY6wT
N0jOaS1S0EeoJxL9fTAkS0m8e5spEJfi4kpQVx3aE2yNpdhjX5 rWC93J5kPt
1zQ9K1jqLTfKNTTJ0GPf7UCT85AFlmzyWFp4GI4UslfnMlzvrz 6TSPidWKJp
NRSJHTNIhci4C5yjgVnXnMn1mpHgajzOueSVXO4XtkApOYnvXL Nd5YDAPLXS
jgQ2LzbW.qZBdOetShUZIrSot_60lHzXIEXmADd78r_UC07nU1 o49D717Aa1
UNOWaRu_sn0Mg0nVsuIUuPE5ChCT_yV2dQK.IRFslVmZSSvWt5 W.hC1nolXP
B6ewppbH3uprlrG8pu0bB3kYvcrQDpAkQZZa0uABJ6RbVyjlj2 kWSvRB6EK0
wbGXzw61Pzj5yjjehd54ljRdVrF1pyuyS1gL3jdfnmGzM6Mxiv o_gfQaSO6K
jWvPYrfELTidTlVeHcs7noEThYGSM5G_zym.GGLBtP3Z.xLWJx ZgJy_f.IKL
mhsQBaB.7IRw3KVBUsW2KAtFjtJ7rLktyFcg1lJiCdeeQYdd7N _Jt5rhxDh_
J2o5_jGzWXVV0NkKm1CPGzZrCki0tm1CQyO343tqkDuN.1WcYt yGE66HWRr9
wcWDq9ZD8V0FXkuq9rRDNFpNPudENYl6C4hJJT5iJm0LkYV6Ae dCh1dIok3G
_UtQJgjMSw--
X-Originating-IP: [207.46.163.203]
Authentication-Results: mta1020.biz.mail.bf1.yahoo.com from=migdal.com.mx; domainkeys=neutral (no sig); from=migdal.com.mx; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO na01-bl2-obe.outbound.protection.outlook.com) (207.46.163.203)
by mta1020.biz.mail.bf1.yahoo.com with SMTPS; Sun, 06 Apr 2014 18:59:48 +0000
Received: from BY2PRD0610HT003.namprd06.prod.outlook.com (157.56.236.117) by
DM2PR03MB352.namprd03.prod.outlook.com (10.141.54.24) with Microsoft SMTP
Server (TLS) id 15.0.913.9; Sun, 6 Apr 2014 18:59:40 +0000
Content-Type: multipart/alternative;
boundary="===============7963665269992628516=="
MIME-Version: 1.0
Subject: Ship Notification
From: Standard Shipping <recepcionxalostoc@migdal.com.mx>
To: <>
Message-ID:
<84b9b4e0-05bf-47ce-98a6-97e02cd46122@DM2PR03MB352.namprd03.prod.outlook.co m>
Return-Path: recepcionxalostoc@migdal.com.mx
Date: Sun, 6 Apr 2014 18:59:40 +0000
X-Originating-IP: [157.56.236.117]
X-ClientProxiedBy: CH1PR03CA007.namprd03.prod.outlook.com (10.255.156.152)
To DM2PR03MB352.namprd03.prod.outlook.com (10.141.54.24)
X-Forefront-PRVS: 0173C6D4D5
X-Forefront-Antispam-Report:
=?us-ascii?Q?SFV:NSPM;SFS:(10009001)(428001)(199002)(18 9002)(77096001)(76?=
=?us-ascii?Q?176001)(31696002)(85852003)(15188155005)(9 8676001)(56816005)?=
=?us-ascii?Q?(83072002)(85306002)(90146001)(46102001)(9 9396002)(54356001)?=
=?us-ascii?Q?(54316002)(42186004)(95416001)(33646001)(9 5666003)(74502001)?=
=?us-ascii?Q?(47736001)(49866001)(47446002)(94946001)(7 4482001)(83322001)?=
=?us-ascii?Q?(4396001)(92566001)(50986001)(19580395003) (84326002)(9431600?=
=?us-ascii?Q?2)(74662001)(31966008)(93136001)(76796001) (53806001)(1520234?=
=?us-ascii?Q?5003)(56776001)(81816001)(87976001)(692260 01)(66066001)(2077?=
=?us-ascii?Q?6003)(80022001)(79102001)(81542001)(748760 01)(63696002)(1597?=
=?us-ascii?Q?5445006)(74706001)(80976001)(97336001)(816 86001)(97186001)(7?=
=?us-ascii?Q?6786001)(51856001)(76482001)(47976001)(813 42001)(221733001)(?=
=?us-ascii?Q?93516002)(87266001)(65816001)(76576001)(86 362001)(77982001)(?=
=?us-ascii?Q?59766001)(71186001)(74366001)(74316001)(92 726001)(1679995500?=
=?us-ascii?Q?2)(512954002)(42262001)(24616003)(89386001 )(19623215001);DIR?=
=?us-ascii?Q?:OUT;SFP:1101;SCL:1;SRVR:DM2PR03MB352;H:BY 2PRD0610HT003.namp?=
=?us-ascii?Q?rd06.prod.outlook.com;FPR:3848E51D.9B9D9D0 B.B6E91C5.58E97977?=
=?us-ascii?Q?.200AB;MLV:nov;PTR:InfoNoRecords;A:1;MX:1; LANG:en;?=
Received-SPF: None (: migdal.com.mx does not designate permitted sender
hosts)
X-OriginatorOrg: migdal.com.mx
Content-Length: 3074

I would be suspicious also, no reason I could think if that a USPS mail would originate from a Mexican domain.

Those shipment notifications are one of the more popular recent spams/phishing emails.

Unless USPS is outsourcing their work to Mexico it's not legit.

The "code" in that block is a digital signature, not inherently suspicious.
The sending host is migdal.com.mx, info here.

Also, you should remove your email address from your post -- might get spammed.

Most shipment notices are spam.

If they have an attached zip, generally referred to as the docs they need you to review, that is a virus.

Needless to say, don't open it.

I would. But I don't have my ASCII table handy right now.

Good idea. Thanks