Dans le source de l’email :

Return-Path: <luomingxiu@jygdy.com>
...
X-Spam-Flag: YES
X-Spam-Level: ***************
X-Spam-Status: Yes, score=15.9 required=5.0 tests=COUNTRY2,
	HEADER_FROM_DIFFERENT_DOMAINS,HTML_IMAGE_ONLY_04,HTML_MESSAGE,
	LOCALPART_IN_SUBJECT,MIME_HTML_MOSTLY,MPART_ALT_DIFF,
	RCVD_IN_BL_SPAMCOP_NET,RCVD_IN_PBL,RCVD_IN_RP_RNBL,RCVD_IN_SBL_CSS,
	RCVD_IN_SORBS_WEB,TO_NAME_SUBJ_NO_RDNS,TO_NO_BRKTS_HTML_IMG,
	TVD_SPACE_RATIO autolearn=no autolearn_force=no version=3.4.2
X-Spam-Relay-Country: CN AL
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on spamd16.phpnet.org
X-Spam-Report: 
	*  3.6 RCVD_IN_PBL RBL: Received via a relay in Spamhaus PBL
	*      [111.11.180.157 listed in zen.spamhaus.org]
	*  3.6 RCVD_IN_SBL_CSS RBL: Received via a relay in Spamhaus SBL-CSS
	*      [84.20.83.21 listed in zen.spamhaus.org]
	*  1.0 COUNTRY2 No description available.
	*  0.7 LOCALPART_IN_SUBJECT Local part of To: address appears in
	*      Subject
	*  1.5 RCVD_IN_SORBS_WEB RBL: SORBS: sender is an abusable web server
	*      [84.20.83.21 listed in dnsbl.sorbs.net]
	*  1.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
	*      bl.spamcop.net
	*      [Blocked - see <https://www.spamcop.net/bl.shtml?84.20.83.21>]
	*  1.3 RCVD_IN_RP_RNBL RBL: Relay in RNBL,
	*      https://senderscore.org/blacklistlookup/
	*      [111.11.180.157 listed in bl.score.senderscore.com]
	*  0.0 HEADER_FROM_DIFFERENT_DOMAINS From and EnvelopeFrom 2nd level
	*      mail domains are different
	*  0.3 HTML_IMAGE_ONLY_04 BODY: HTML: images with 0-400 bytes of words
	*  0.0 MIME_HTML_MOSTLY BODY: Multipart message mostly text/html MIME
	*  0.7 MPART_ALT_DIFF BODY: HTML and text parts are different
	*  0.0 HTML_MESSAGE BODY: HTML included in message
	*  0.0 TVD_SPACE_RATIO No description available.
	*  0.0 TO_NAME_SUBJ_NO_RDNS Recipient username in subject + no rDNS
	*  2.0 TO_NO_BRKTS_HTML_IMG To: lacks brackets and HTML and one image
Received: from mail.jygdy.com (unknown [111.11.180.157])
...
Received: from [21.83.20.84.in-addr.arpa] ([84.20.83.21])
	(envelope-sender <luomingxiu@jygdy.com>)
...
X-WM-AuthFlag: YES
X-WM-AuthUser: luomingxiu@jygdy.com
...
X-Mailer: Sun Java(tm) System Messenger Express 6.1 HotFix 0.11 (builtJan 28
X-Complaints-To: abuse@mailer.jygdy.com
Abuse-Reports-To: <abuse@mailer.jygdy.com>
...
X-Sender: luomingxiu@jygdy.com

Et on retrouve dans Bitcoin Abuse : https://www.bitcoinabuse.com/reports/1Bo6BKUekTefV4kKPz2nhqsWCELuR6Ep1N .

Le serveur est en Chine …