HTTP get: https://ruleqa.spamassassin.org/1-days-ago?xml=1
HTTP get: https://ruleqa.spamassassin.org/2-days-ago?xml=1
HTTP get: https://ruleqa.spamassassin.org/3-days-ago?xml=1
Bad performing rules, from the past 3 night's mass-checks.
(Note: 'net' rules will be listed as 'no hits' unless you set 'tflags net'.
This also applies for meta rules which use 'net' rules.)
rulesrc/sandbox/smf/30_smf_nontest.cf (4 rules, 1 bad):
FSL_LINK_AWS_S3_WEB: no hits of target type
rulesrc/sandbox/smf/20_smf.cf (41 rules, 33 bad):
FSL_ABUSED_WEB_1: bad, avg S/O=0.42 avg Spam%=1.57 avg Ham%=2.15
FSL_ABUSED_WEB_3: bad, avg S/O=0.79 avg Spam%=2.23 avg Ham%=0.59
FSL_NOT_FROM_AOL: bad, avg S/O=0.51 avg Spam%=0.00 avg Ham%=0.00
FSL_NOT_FROM_HOTMAIL: bad, avg S/O=0.57 avg Spam%=0.03 avg Ham%=0.04
FSL_NOT_FROM_YAHOO: bad, avg S/O=0.27 avg Spam%=0.00 avg Ham%=0.01
FSL_NO_RCVD_1: bad, avg S/O=0.14 avg Spam%=0.21 avg Ham%=1.42
FSL_RCVD_EX_0: bad, avg S/O=0.14 avg Spam%=0.21 avg Ham%=1.41
FSL_RCVD_EX_1: bad, avg S/O=0.64 avg Spam%=76.95 avg Ham%=43.62
FSL_RCVD_EX_2: bad, avg S/O=0.28 avg Spam%=12.89 avg Ham%=33.62
FSL_RCVD_EX_3: bad, avg S/O=0.25 avg Spam%=3.18 avg Ham%=9.55
FSL_RCVD_EX_4: bad, avg S/O=0.43 avg Spam%=4.37 avg Ham%=5.83
FSL_RCVD_EX_5: bad, avg S/O=0.35 avg Spam%=1.53 avg Ham%=2.90
FSL_RCVD_EX_GT_5: bad, avg S/O=0.22 avg Spam%=0.88 avg Ham%=3.07
FSL_RCVD_TR_1: bad, avg S/O=0.15 avg Spam%=2.26 avg Ham%=12.56
FSL_RCVD_TR_4: bad, avg S/O=0.02 avg Spam%=0.01 avg Ham%=0.62
FSL_RCVD_TR_5: bad, avg S/O=0.49 avg Spam%=47.02 avg Ham%=48.18
FSL_RCVD_TR_GT_5: no hits of target type
FSL_RCVD_UT_1: bad, avg S/O=0.64 avg Spam%=76.95 avg Ham%=43.40
FSL_RCVD_UT_2: bad, avg S/O=0.28 avg Spam%=12.89 avg Ham%=33.62
FSL_RCVD_UT_3: bad, avg S/O=0.25 avg Spam%=3.18 avg Ham%=9.55
FSL_RCVD_UT_4: bad, avg S/O=0.43 avg Spam%=4.37 avg Ham%=5.83
FSL_RCVD_UT_5: bad, avg S/O=0.35 avg Spam%=1.53 avg Ham%=2.90
FSL_RCVD_UT_GT_5: bad, avg S/O=0.22 avg Spam%=0.88 avg Ham%=3.07
__FSL_COUNT_EXTERN: bad, avg S/O=0.50 avg Spam%=99.79 avg Ham%=98.59
# used in: FSL_RCVD_EX_0 FSL_RCVD_EX_1 FSL_RCVD_EX_2 FSL_RCVD_EX_3
FSL_RCVD_EX_4 FSL_RCVD_EX_5 FSL_RCVD_EX_GT_5
__FSL_COUNT_TRUST: bad, avg S/O=0.56 avg Spam%=88.77 avg Ham%=69.06
# used in: FSL_NO_RCVD_1 FSL_RCVD_TR_1 FSL_RCVD_TR_4 FSL_RCVD_TR_5
FSL_RCVD_TR_GT_5
__FSL_COUNT_UNTRUST: bad, avg S/O=0.50 avg Spam%=99.79 avg Ham%=98.37
# used in: FSL_NO_RCVD_1 FSL_RCVD_UT_1 FSL_RCVD_UT_2 FSL_RCVD_UT_3
FSL_RCVD_UT_4 FSL_RCVD_UT_5 FSL_RCVD_UT_GT_5
__FSL_ENVFROM_AOL: bad, avg S/O=0.33 avg Spam%=0.00 avg Ham%=0.00
# used in: FSL_NOT_FROM_AOL
__FSL_ENVFROM_HOTMAIL: bad, avg S/O=0.55 avg Spam%=0.03 avg Ham%=0.04
# used in: FSL_NOT_FROM_HOTMAIL
__FSL_ENVFROM_YAHOO: bad, avg S/O=0.24 avg Spam%=0.00 avg Ham%=0.01
# used in: FSL_NOT_FROM_YAHOO
__FSL_RELAY_AOL: bad, avg S/O=0.41 avg Spam%=0.00 avg Ham%=0.00
# used in: FSL_NOT_FROM_AOL
__FSL_RELAY_GOOGLE: bad, avg S/O=0.22 avg Spam%=0.86 avg Ham%=3.04
# used in: TO_IN_SUBJ URI_GOOGLE_PROXY
__FSL_RELAY_HOTMAIL: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.03
# used in: FSL_NOT_FROM_HOTMAIL
__FSL_RELAY_YAHOO: bad, avg S/O=0.26 avg Spam%=0.09 avg Ham%=0.25
# used in: FSL_NOT_FROM_YAHOO
rulesrc/sandbox/sidney/70_other.cf (1 rules, 1 bad):
T_UPPERCASE_HTTP: bad, avg S/O=0.36 avg Spam%=0.02 avg Ham%=0.04
rulesrc/sandbox/pds/20_urlshort.cf (19 rules, 4 bad):
DRUGS_ERECTILE_SHORT_SHORTNER: no hits at all
TONOM_EQ_TOLOC_SHRT_PSHRTNER: no hits of target type
__PDS_SHORT_URL: bad, avg S/O=0.50 avg Spam%=0.29 avg Ham%=0.29
# used in: TONOM_EQ_TOLOC_SHRT_PSHRTNER
__PDS_URISHORTENER: bad, avg S/O=0.77 avg Spam%=5.00 avg Ham%=1.53
# used in: DRUGS_ERECTILE_SHORT_SHORTNER TONOM_EQ_TOLOC_SHRT_PSHRTNER
__PDS_SHORT_URL
rulesrc/sandbox/pds/20_ntld.cf (24 rules, 5 bad):
GOOGLE_DRIVE_REPLY_BAD_NTLD: no hits at all
SENT_TO_EMAIL_ADDR: no hits at all
VPS_NO_NTLD: no hits at all
__PDS_SENT_TO_EMAIL_ADDR: no hits at all
# used in: SENT_TO_EMAIL_ADDR
__VPSNUMBERONLY_TLD: no hits at all
# used in: VPS_NO_NTLD
rulesrc/sandbox/pds/20_gdocs.cf (6 rules, 4 bad):
__PDS_GOOGLE_DRIVE_SHARE: no hits of target type
# used in: GOOGLE_DRIVE_REPLY_BAD_NTLD
__PDS_GOOGLE_DRIVE_SHARE_1: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.01
# used in: GOOGLE_DRIVE_REPLY_BAD_NTLD __PDS_GOOGLE_DRIVE_SHARE
__PDS_GOOGLE_DRIVE_SHARE_2: no hits of target type
# used in: GOOGLE_DRIVE_REPLY_BAD_NTLD __PDS_GOOGLE_DRIVE_SHARE
__PDS_GOOGLE_DRIVE_SHARE_3: no hits at all
# used in: GOOGLE_DRIVE_REPLY_BAD_NTLD __PDS_GOOGLE_DRIVE_SHARE
rulesrc/sandbox/pds/20_btc.cf (19 rules, 4 bad):
PDS_LTC_HUSH: bad, avg S/O=0.68 avg Spam%=0.00 avg Ham%=0.00
__HAS_IMG_SRC_DATA: bad, avg S/O=0.63 avg Spam%=0.05 avg Ham%=0.03
# used in: PDS_LTC_HUSH
__LITECOIN_ID: bad, avg S/O=0.63 avg Spam%=0.29 avg Ham%=0.17
# used in: PDS_LTC_HUSH
__URL_LTC_ID: bad, avg S/O=0.08 avg Spam%=0.10 avg Ham%=1.09
# used in: PDS_LTC_HUSH
rulesrc/sandbox/pds/10_menaces.cf (29 rules, 8 bad):
BODY_QUOTE_MALF_MSGID: bad, avg S/O=0.54 avg Spam%=1.43 avg Ham%=0.75
PDS_DBL_URL_HELO_NODOM: bad, avg S/O=0.64 avg Spam%=0.07 avg Ham%=0.04
PDS_DOUBLE_URL: bad, avg S/O=0.11 avg Spam%=1.12 avg Ham%=9.54
PDS_URI_HIDDEN_HELO_NO_DOMAIN: no hits of target type
__KHOP_URI_HIDDEN: bad, avg S/O=0.74 avg Spam%=1.12 avg Ham%=0.39
# used in: PDS_URI_HIDDEN_HELO_NO_DOMAIN
__PDS_BODY_QUOTE: bad, avg S/O=0.24 avg Spam%=6.61 avg Ham%=20.40
# used in: BODY_QUOTE_MALF_MSGID
__PDS_DOUBLE_URL: bad, avg S/O=0.11 avg Spam%=1.12 avg Ham%=9.54
# used in: PDS_DBL_URL_HELO_NODOM PDS_DOUBLE_URL STY_INVIS_DIRECT
__PDS_TONAME_EQ_TOLOCAL: bad, avg S/O=0.31 avg Spam%=0.94 avg Ham%=2.10
# used in: TONOM_EQ_TOLOC_SHRT_PSHRTNER
rulesrc/sandbox/mmartinec/20_rpvalid.cf (2 rules, 1 bad):
__RP_MATCHES_RCVD: bad, avg S/O=0.14 avg Spam%=8.29 avg Ham%=51.85
# used in: ADVANCE_FEE_3_NEW GOOG_STO_IMG_NOHTML LIST_PRTL_SAME_USER
PHP_NOVER_MUA THIS_AD GAPPY_HTML LIST_PARTIAL UC_GIBBERISH_OBFU
rulesrc/sandbox/mmartinec/20_misc.cf (13 rules, 6 bad):
CR_IN_SUBJ: no hits of target type
FROM_UNBAL1: bad, avg S/O=0.70 avg Spam%=0.01 avg Ham%=0.00
LONGLINE: bad, avg S/O=0.45 avg Spam%=1.28 avg Ham%=1.59
MSGID_NOFQDN2: bad, avg S/O=0.64 avg Spam%=5.87 avg Ham%=3.35
__LONGLINE: bad, avg S/O=0.45 avg Spam%=1.28 avg Ham%=1.59
# used in: LONG_INVISIBLE_TEXT TO_NO_BRKTS_HTML_IMG LONGLINE
URI_GOOGLE_PROXY
__MSGID_NOFQDN2: bad, avg S/O=0.64 avg Spam%=5.87 avg Ham%=3.35
# used in: BODY_QUOTE_MALF_MSGID MSGID_NOFQDN2
rulesrc/sandbox/mkettler/20_drugs.cf (1 rules, 1 bad):
LFUZ_PWRMALE: no hits at all
rulesrc/sandbox/maddoc/99_fsl_testing.cf (8 rules, 1 bad):
FSL_YHG_ABUSE: no hits of target type
rulesrc/sandbox/maddoc/99_doc_test.cf (14 rules, 7 bad):
FSL_FBOOK_PHISH: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.04
FSL_HELO_BARE_IP_2: bad, avg S/O=0.76 avg Spam%=0.40 avg Ham%=0.13
FSL_HELO_DEVICE: bad, avg S/O=0.22 avg Spam%=0.00 avg Ham%=0.00
FSL_HELO_FAKE: bad, avg S/O=0.69 avg Spam%=0.19 avg Ham%=0.08
FSL_INTERIA_ABUSE: no hits at all
FSL_MIME_NO_TEXT: bad, avg S/O=0.62 avg Spam%=0.01 avg Ham%=0.00
__CTYPE_MULTIPART_MIXED: bad, avg S/O=0.17 avg Spam%=1.33 avg Ham%=6.52
# used in: FSL_MIME_NO_TEXT
rulesrc/sandbox/kmcgrail/20_utf7.cf (1 rules, 1 bad):
KAM_BLOCK_UTF7: no hits of target type
rulesrc/sandbox/kmcgrail/20_sergio_experimental.cf (6 rules, 2 bad):
SERGIO_SUBJECT_PORN008: bad, avg S/O=0.20 avg Spam%=0.00 avg Ham%=0.00
SERGIO_SUBJECT_PORN009: no hits of target type
rulesrc/sandbox/kmcgrail/20_rules_to_sandbox.cf (3 rules, 1 bad):
US_DOLLARS_3: bad, avg S/O=0.73 avg Spam%=0.46 avg Ham%=0.17
rulesrc/sandbox/kmcgrail/20_needed.cf (1 rules, 1 bad):
__KAM_LOTTO2: bad, avg S/O=0.32 avg Spam%=0.15 avg Ham%=0.31
# used in: ADVANCE_FEE_3_NEW
rulesrc/sandbox/kmcgrail/20_mailing_list.cf (1 rules, 1 bad):
AC_HTML_NONSENSE_TAGS: bad, avg S/O=0.10 avg Spam%=0.01 avg Ham%=0.05
rulesrc/sandbox/kmcgrail/20_html_tests.cf (1 rules, 1 bad):
KAM_HTML_FONT_INVALID: bad, avg S/O=0.15 avg Spam%=2.87 avg Ham%=16.03
rulesrc/sandbox/kmcgrail/20_freemail.cf (2 rules, 2 bad):
FREEMAIL_FORGED_FROMDOMAIN: bad, avg S/O=0.37 avg Spam%=0.84 avg Ham%=1.45
HEADER_FROM_DIFFERENT_DOMAINS: bad, avg S/O=0.17 avg Spam%=6.30 avg
Ham%=31.11
# used in: FREEMAIL_FORGED_FROMDOMAIN
rulesrc/sandbox/kmcgrail/20_fake_helo_tests.cf (4 rules, 1 bad):
CK_HELO_DYNAMIC_SPLIT_IP: bad, avg S/O=0.71 avg Spam%=1.64 avg Ham%=0.67
rulesrc/sandbox/kmcgrail/20_demoted_tests.cf (1 rules, 1 bad):
MSGID_MULTIPLE_AT: bad, avg S/O=0.15 avg Spam%=0.00 avg Ham%=0.02
rulesrc/sandbox/kmcgrail/20_darxus_experimental.cf (2 rules, 2 bad):
SPOOFED_URL_HOST: bad, avg S/O=0.63 avg Spam%=0.50 avg Ham%=0.30
__SPOOFED_URL_HOST: bad, avg S/O=0.20 avg Spam%=0.79 avg Ham%=3.23
# used in: SPOOFED_URL_HOST
rulesrc/sandbox/kmcgrail/20_bug_7063.cf (1 rules, 1 bad):
PP_MIME_FAKE_ASCII_TEXT: bad, avg S/O=0.63 avg Spam%=0.40 avg Ham%=0.23
rulesrc/sandbox/kmcgrail/20_ac_rules_test.cf (28 rules, 25 bad):
AC_BR_BONANZA: bad, avg S/O=0.72 avg Spam%=0.10 avg Ham%=0.06
AC_DIV_BONANZA: bad, avg S/O=0.16 avg Spam%=0.01 avg Ham%=0.05
AC_SPAMMY_URI_PATTERNS1: no hits at all
AC_SPAMMY_URI_PATTERNS10: no hits at all
AC_SPAMMY_URI_PATTERNS11: no hits at all
AC_SPAMMY_URI_PATTERNS12: no hits at all
AC_SPAMMY_URI_PATTERNS2: no hits at all
AC_SPAMMY_URI_PATTERNS3: no hits at all
AC_SPAMMY_URI_PATTERNS8: no hits at all
AC_SPAMMY_URI_PATTERNS9: no hits at all
__AC_1SEQC_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS9
__AC_1SEQV_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS9
__AC_LAND_URI: bad, avg S/O=0.13 avg Spam%=0.00 avg Ham%=0.01
# used in: AC_SPAMMY_URI_PATTERNS2
__AC_LONGSEQ_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS8
__AC_MHDSEQ_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS12
__AC_NDOMLONGNASPX_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS11
__AC_OUTI_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS1
__AC_OUTL_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS1
__AC_PHPOFFSUB_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS3
__AC_PHPOFFTOP_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS3
__AC_PUNCTNUMS_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS10
__AC_REPORT_URI: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.50
# used in: AC_SPAMMY_URI_PATTERNS2
__AC_RMOVE_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS9
__AC_UHDSEQ_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS12
__AC_UNSUB_URI: bad, avg S/O=0.11 avg Spam%=0.17 avg Ham%=1.35
# used in: AC_SPAMMY_URI_PATTERNS2 SHOPIFY_IMG_NOT_RCVD_SFY
rulesrc/sandbox/khopesh/20_s25r.cf (11 rules, 1 bad):
KHOP_BOTNET_UNCLEAN: bad, avg S/O=0.52 avg Spam%=4.29 avg Ham%=4.02
rulesrc/sandbox/khopesh/20_rcd_rdns.cf (24 rules, 2 bad):
__RCD_RDNS_SMTP: bad, avg S/O=0.21 avg Spam%=4.71 avg Ham%=1.26
# used in: UNICODE_OBFU_ZW
__RCD_RDNS_SMTP_MESSY: bad, avg S/O=0.22 avg Spam%=6.85 avg Ham%=1.97
# used in: ACCT_PHISHING
rulesrc/sandbox/khopesh/20_neon_overload.cf (6 rules, 4 bad):
KHOP_JS_OBFUSCATION: no hits of target type
TR_JS_FROMCHARCODE: bad, avg S/O=0.15 avg Spam%=0.00 avg Ham%=0.00
TR_JS_REDIRECTION_2: bad, avg S/O=0.69 avg Spam%=0.00 avg Ham%=0.00
__TR_JS_CONCATINATED_HTTP: no hits of target type
# used in: KHOP_JS_OBFUSCATION
rulesrc/sandbox/khopesh/20_khop_lists.cf (16 rules, 11 bad):
KHOP_NO_FULL_NAME: bad, avg S/O=0.68 avg Spam%=9.99 avg Ham%=4.57
NOT_A_PERSON: bad, avg S/O=0.44 avg Spam%=89.80 avg Ham%=71.11
__FROM_DNS: bad, avg S/O=0.37 avg Spam%=0.00 avg Ham%=0.00
# used in: LIST_PRTL_SAME_USER
__FROM_FULL_NAME: bad, avg S/O=0.55 avg Spam%=60.66 avg Ham%=74.99
# used in: TO_NO_BRKTS_HTML_IMG KHOP_NO_FULL_NAME
__FROM_INFO: bad, avg S/O=0.07 avg Spam%=0.14 avg Ham%=1.78
# used in: LIST_PRTL_SAME_USER
__KHOP_NO_FULL_NAME: bad, avg S/O=0.68 avg Spam%=9.99 avg Ham%=4.57
# used in: KHOP_NO_FULL_NAME
__MSGID_LIST: bad, avg S/O=0.26 avg Spam%=0.02 avg Ham%=0.01
# used in: KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__KHOP_NO_FULL_NAME
__NOT_A_PERSON: bad, avg S/O=0.44 avg Spam%=89.80 avg Ham%=71.11
# used in: KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__KHOP_NO_FULL_NAME
__SENDER_BOT: bad, avg S/O=0.49 avg Spam%=62.89 avg Ham%=59.36
# used in: DOTGOV_IMAGE LIST_PRTL_SAME_USER KHOP_NO_FULL_NAME
NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST
__DOTGOV_IMAGE __KHOP_NO_FULL_NAME __LIST_PRTL_SAME_USER __NOT_A_PERSON
__REMOTE_IMAGE
__UNSUB_LINK: bad, avg S/O=0.22 avg Spam%=27.57 avg Ham%=7.87
# used in: LONG_INVISIBLE_TEXT TO_NO_BRKTS_HTML_ONLY GAPPY_HTML
KHOP_NO_FULL_NAME NOT_A_PERSON SPOOFED_URL SPOOFED_URL_HOST STY_INVIS_DIRECT
SUBJ_OBFU_LOW_CNTRST URI_DOTEDU __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VACATION: bad, avg S/O=0.82 avg Spam%=0.72 avg Ham%=3.31
# used in: KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__KHOP_NO_FULL_NAME __NOT_A_PERSON
rulesrc/sandbox/khopesh/20_khop_general.cf (8 rules, 7 bad):
DEAR_EMAIL: bad, avg S/O=0.31 avg Spam%=0.04 avg Ham%=0.10
DEAR_NOBODY: bad, avg S/O=0.31 avg Spam%=0.05 avg Ham%=0.10
FORGED_URL_DOM: bad, avg S/O=0.51 avg Spam%=0.07 avg Ham%=0.07
FROM_WWW: bad, avg S/O=0.37 avg Spam%=0.00 avg Ham%=0.01
__FORGED_URL_DOM_1: bad, avg S/O=0.34 avg Spam%=0.03 avg Ham%=0.06
# used in: FORGED_URL_DOM
__FORGED_URL_DOM_2: bad, avg S/O=0.56 avg Spam%=0.07 avg Ham%=0.06
# used in: FORGED_URL_DOM
__MAY_BE_FORGED: bad, avg S/O=0.43 avg Spam%=0.03 avg Ham%=0.04
# used in: KHOP_BOTNET_UNCLEAN
rulesrc/sandbox/khopesh/20_khop_experimental.cf (57 rules, 29 bad):
KHOP_BIG_TO_CC: bad, avg S/O=0.04 avg Spam%=0.17 avg Ham%=3.86
KHOP_FROM_WWW: bad, avg S/O=0.37 avg Spam%=0.18 avg Ham%=0.31
NAME_EMAIL_DIFF: bad, avg S/O=0.63 avg Spam%=0.97 avg Ham%=0.58
REMOTE_IMAGE: bad, avg S/O=0.65 avg Spam%=3.06 avg Ham%=1.62
SHORT_URL: bad, avg S/O=0.60 avg Spam%=0.55 avg Ham%=0.36
SPOOFED_URL: bad, avg S/O=0.62 avg Spam%=0.58 avg Ham%=0.35
SUBJ_ALL_CAPS2: no hits of target type
SUBJ_ALL_CAPS3: no hits of target type
SUBJ_LACKS_WORDS: bad, avg S/O=0.51 avg Spam%=0.58 avg Ham%=0.57
UPPERCASE_URI: bad, avg S/O=0.07 avg Spam%=0.00 avg Ham%=0.04
URI_HIDDEN: bad, avg S/O=0.74 avg Spam%=1.12 avg Ham%=0.39
__FROM_WEB_DAEMON: bad, avg S/O=0.18 avg Spam%=0.14 avg Ham%=0.65
# used in: KHOP_FROM_WWW
__NAME_EQ_EMAIL: bad, avg S/O=0.05 avg Spam%=0.13 avg Ham%=2.47
# used in: NAME_EMAIL_DIFF
__NAME_IS_EMAIL: bad, avg S/O=0.27 avg Spam%=1.09 avg Ham%=2.88
# used in: NAME_EMAIL_DIFF
__RDNS_IS_WWW: bad, avg S/O=0.55 avg Spam%=0.02 avg Ham%=0.02
# used in: KHOP_FROM_WWW
__RDNS_LONG: bad, avg S/O=0.37 avg Spam%=10.00 avg Ham%=17.22
# used in: GOOG_STO_IMG_NOHTML HTML_TEXT_INVISIBLE_STYLE
__RDNS_NO_SUBDOM: bad, avg S/O=0.57 avg Spam%=1.88 avg Ham%=1.41
# used in: TO_NO_BRKTS_HTML_ONLY
__RDNS_SHORT: bad, avg S/O=0.42 avg Spam%=3.35 avg Ham%=4.55
# used in: URI_DOTEDU
__RELAY_THRU_WWW: bad, avg S/O=0.36 avg Spam%=0.18 avg Ham%=0.31
# used in: KHOP_FROM_WWW
__REMOTE_IMAGE: bad, avg S/O=0.65 avg Spam%=3.06 avg Ham%=1.62
# used in: DOTGOV_IMAGE REMOTE_IMAGE __DOTGOV_IMAGE
__SHORT_URL: bad, avg S/O=0.67 avg Spam%=1.37 avg Ham%=0.69
# used in: SHORT_URL TONOM_EQ_TOLOC_SHRT_PSHRTNER __PDS_SHORT_URL
__SPOOFED_URL: bad, avg S/O=0.18 avg Spam%=1.01 avg Ham%=4.57
# used in: SPOOFED_URL
__SUBJ_2UPPER: bad, avg S/O=0.48 avg Spam%=78.67 avg Ham%=86.25
# used in: SUBJ_ALL_CAPS2 SUBJ_ALL_CAPS3
__SUBJ_4LOWER: bad, avg S/O=0.49 avg Spam%=93.83 avg Ham%=98.46
# used in: SUBJ_ALL_CAPS2 SUBJ_ALL_CAPS3
__SUBJ_HAS_WORDS: bad, avg S/O=0.49 avg Spam%=96.69 avg Ham%=98.86
# used in: SUBJ_LACKS_WORDS
__SUBJ_IMPORTANT: bad, avg S/O=0.12 avg Spam%=0.17 avg Ham%=1.26
# used in: SUBJ_ALL_CAPS3
__SUBJ_NOT_SHORT: bad, avg S/O=0.49 avg Spam%=91.71 avg Ham%=96.82
# used in: SUBJ_LACKS_WORDS
__SUBJ_SHORT: bad, avg S/O=0.59 avg Spam%=0.87 avg Ham%=0.62
# used in: SUBJ_ALL_CAPS2 SUBJ_ALL_CAPS3 TONOM_EQ_TOLOC_SHRT_PSHRTNER
__TO_EQ_FROM_USR_2: bad, avg S/O=0.71 avg Spam%=1.14 avg Ham%=0.46
# used in: LIST_PRTL_SAME_USER __LIST_PRTL_SAME_USER
rulesrc/sandbox/khopesh/20_khop_dynamic.cf (13 rules, 6 bad):
KHOP_DYNAMIC: bad, avg S/O=0.71 avg Spam%=3.94 avg Ham%=1.63
__RDNS_HEX: bad, avg S/O=0.10 avg Spam%=0.18 avg Ham%=1.74
# used in: KHOP_BOTNET_UNCLEAN KHOP_DYNAMIC
__S25R_1: bad, avg S/O=0.34 avg Spam%=9.71 avg Ham%=18.72
# used in: KHOP_BOTNET_UNCLEAN
__S25R_2: bad, avg S/O=0.09 avg Spam%=0.78 avg Ham%=7.82
# used in: KHOP_BOTNET_UNCLEAN
__S25R_3: bad, avg S/O=0.69 avg Spam%=3.67 avg Ham%=1.63
# used in: KHOP_BOTNET_UNCLEAN
__S25R_5: bad, avg S/O=0.46 avg Spam%=1.29 avg Ham%=1.50
# used in: KHOP_BOTNET_UNCLEAN
rulesrc/sandbox/kb/70_misc.cf (16 rules, 5 bad):
LIVEFILESTORE: no hits of target type
THEBAT_UNREG: no hits at all
THREAD_INDEX_BAD: bad, avg S/O=0.56 avg Spam%=2.50 avg Ham%=1.98
__HAS_THREAD_INDEX: bad, avg S/O=0.45 avg Spam%=2.66 avg Ham%=3.36
# used in: GOOG_STO_IMG_NOHTML HTML_TEXT_INVISIBLE_STYLE
TO_NO_BRKTS_HTML_IMG THREAD_INDEX_BAD
__THREAD_INDEX_GOOD: bad, avg S/O=0.12 avg Spam%=0.16 avg Ham%=1.38
# used in: ADVANCE_FEE_3_NEW TO_IN_SUBJ THREAD_INDEX_BAD
rulesrc/sandbox/kb/20_header.cf (6 rules, 3 bad):
KB_DATE_CONTAINS_TAB: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.00
KB_FAKED_THE_BAT: no hits at all
__KB_DATE_CONTAINS_TAB: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.00
# used in: KB_DATE_CONTAINS_TAB KB_FAKED_THE_BAT
rulesrc/sandbox/jquinn/20_misc.cf (3 rules, 3 bad):
EXCUSE_24: no hits of target type
USING_VERP: bad, avg S/O=0.40 avg Spam%=2.09 avg Ham%=3.25
__USING_VERP1: bad, avg S/O=0.34 avg Spam%=2.37 avg Ham%=4.59
# used in: GOOG_STO_IMG_NOHTML LONG_INVISIBLE_TEXT RCVD_DOTEDU_SUSP
USING_VERP UNICODE_OBFU_ZW __RCVD_DOTEDU_SUSP
rulesrc/sandbox/jm/70_tt_drugs.cf (11 rules, 5 bad):
TT_OBSCURED_VALIUM: no hits at all
TT_OBSCURED_VIAGRA: no hits at all
__TT_BROKEN_VALIUM: no hits at all
# used in: TT_OBSCURED_VALIUM
__TT_OBSCURED_VALIUM: no hits at all
# used in: TT_OBSCURED_VALIUM
__TT_VALIUM: no hits at all
# used in: TT_OBSCURED_VALIUM
rulesrc/sandbox/jm/20_bug_6152.cf (1 rules, 1 bad):
BUG6152_INVALID_DATE_TZ_ABSURD: bad, avg S/O=0.16 avg Spam%=0.00 avg
Ham%=0.01
rulesrc/sandbox/jm/20_basic.cf (68 rules, 24 bad):
CTYPE_001C_B: bad, avg S/O=0.41 avg Spam%=0.00 avg Ham%=0.00
CURR_PRICE: no hits at all
DYN_RDNS_AND_INLINE_IMAGE: bad, avg S/O=0.58 avg Spam%=0.01 avg Ham%=0.01
HDR_ORDER_FTSDMCXX_001C: no hits at all
HDR_ORDER_FTSDMCXX_BAT: no hits at all
HELO_OEM: no hits at all
IMG_CID_PART1: no hits of target type
MSNBC_THREAD_INDEX: bad, avg S/O=0.08 avg Spam%=0.01 avg Ham%=0.12
PART_CID_STOCK: no hits at all
PART_CID_STOCK_LESS: no hits at all
RCVD_FORGED_WROTE: no hits at all
RCVD_MAIL_COM: no hits at all
SB_GIF_AND_NO_URIS: bad, avg S/O=0.72 avg Spam%=0.02 avg Ham%=0.01
SHORT_HELO_AND_INLINE_IMAGE: bad, avg S/O=0.30 avg Spam%=0.02 avg Ham%=0.18
STOCK_IMG_HDR_FROM: no hits at all
STOCK_IMG_HTML: no hits at all
STOCK_IMG_OUTLOOK: bad, avg S/O=0.34 avg Spam%=0.00 avg Ham%=0.00
TVD_PDF_FINGER01_JO: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.03
__HAS_ANY_EMAIL: bad, avg S/O=0.30 avg Spam%=26.11 avg Ham%=61.79
# used in: SB_GIF_AND_NO_URIS
__HAS_ANY_URI: bad, avg S/O=0.45 avg Spam%=73.32 avg Ham%=88.17
# used in: RCVD_DOTEDU_SHORT SB_GIF_AND_NO_URIS URI_ONLY_LOW_CONTRAST
__HS_SUBJ_RE_FW: bad, avg S/O=0.26 avg Spam%=2.85 avg Ham%=8.31
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT TO_IN_SUBJ
__MID_START_001C: no hits of target type
# used in: HDR_ORDER_FTSDMCXX_001C
__MSNBC_NOT_EXCH: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.02
# used in: MSNBC_THREAD_INDEX
__MSNBC_THREAD_INDEX: bad, avg S/O=0.07 avg Spam%=0.01 avg Ham%=0.13
# used in: MSNBC_THREAD_INDEX
rulesrc/sandbox/jhardin/40_local_419replyto.cf (15 rules, 1 bad):
REPTO_419_FRAUD_GM_LOOSE: bad, avg S/O=0.76 avg Spam%=0.01 avg Ham%=0.00
rulesrc/sandbox/jhardin/20_thirdparty.cf (3 rules, 1 bad):
DX_TEXT_03: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.29
rulesrc/sandbox/jhardin/20_tbird_image_spam.cf (26 rules, 12 bad):
FORGED_TBIRD_IMG_ARROW: no hits of target type
FORGED_TBIRD_IMG_SIZE: no hits at all
IMG_DIRECT_TO_MX: bad, avg S/O=0.77 avg Spam%=0.01 avg Ham%=0.00
TO_NO_BRKTS_HTML_IMG: bad, avg S/O=0.78 avg Spam%=0.04 avg Ham%=0.01
TO_NO_BRKTS_HTML_ONLY: bad, avg S/O=0.68 avg Spam%=0.07 avg Ham%=0.04
__FORGED_TBIRD_IMG: no hits of target type
# used in: FORGED_TBIRD_IMG_ARROW FORGED_TBIRD_IMG_SIZE
__IMG_LE_300K: bad, avg S/O=0.54 avg Spam%=0.67 avg Ham%=0.59
# used in: FORGED_TBIRD_IMG_SIZE IMG_DIRECT_TO_MX
__MUA_TBIRD: bad, avg S/O=0.39 avg Spam%=1.19 avg Ham%=1.85
# used in: FORGED_TBIRD_IMG_ARROW FORGED_TBIRD_IMG_SIZE __FORGED_TBIRD_IMG
__ONE_IMG: bad, avg S/O=0.13 avg Spam%=0.47 avg Ham%=3.03
# used in: TO_NO_BRKTS_HTML_IMG FORGED_TBIRD_IMG_SIZE IMG_DIRECT_TO_MX
__TO_NO_ARROWS_R: bad, avg S/O=0.42 avg Spam%=35.97 avg Ham%=48.65
# used in: PHP_NOVER_MUA TO_NO_BRKTS_HTML_IMG TO_NO_BRKTS_HTML_ONLY
BAT_BDRY_TO_MALF FORGED_TBIRD_IMG_ARROW
__TO_NO_BRKTS_HTML_IMG: bad, avg S/O=0.11 avg Spam%=0.27 avg Ham%=2.15
# used in: TO_NO_BRKTS_HTML_IMG
__TO_NO_BRKTS_HTML_ONLY: bad, avg S/O=0.34 avg Spam%=6.02 avg Ham%=11.94
# used in: PHP_NOVER_MUA TO_NO_BRKTS_HTML_ONLY
rulesrc/sandbox/jhardin/20_shared_subrules.cf (3 rules, 1 bad):
__BUGGED_IMG: bad, avg S/O=0.19 avg Spam%=14.73 avg Ham%=62.48
# used in: ADVANCE_FEE_3_NEW LIST_PRTL_SAME_USER TO_NO_BRKTS_HTML_ONLY
LIST_PARTIAL PDS_LTC_HUSH
rulesrc/sandbox/jhardin/20_postcards.cf (6 rules, 6 bad):
EXECUTABLE_URI: bad, avg S/O=0.34 avg Spam%=0.00 avg Ham%=0.00
POSTCARD_03: no hits of target type
POSTCARD_05: bad, avg S/O=0.08 avg Spam%=0.00 avg Ham%=0.01
POSTCARD_06: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.01
POSTCARD_09: bad, avg S/O=0.21 avg Spam%=0.00 avg Ham%=0.01
__EXECUTABLE_URI: bad, avg S/O=0.34 avg Spam%=0.00 avg Ham%=0.00
# used in: EXECUTABLE_URI
rulesrc/sandbox/jhardin/20_misc_testing.cf (902 rules, 301 bad):
ACCT_PHISHING: bad, avg S/O=0.41 avg Spam%=0.42 avg Ham%=0.59
ACH_CANCELLED_EXE: no hits at all
AC_POST_EXTRAS: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.00
AD_PREFS: bad, avg S/O=0.06 avg Spam%=0.00 avg Ham%=0.01
BAT_BDRY_TO_MALF: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.01
BIGNUM_EMAILS: bad, avg S/O=0.40 avg Spam%=0.28 avg Ham%=0.42
BIGNUM_EMAILS_MANY: bad, avg S/O=0.77 avg Spam%=0.01 avg Ham%=0.00
# used in: BIGNUM_EMAILS
BITCOIN_BOMB: bad, avg S/O=0.23 avg Spam%=0.00 avg Ham%=0.00
BITCOIN_EXTORT_01: bad, avg S/O=0.66 avg Spam%=0.02 avg Ham%=0.01
# used in: BITCOIN_BOMB
BITCOIN_PAY_ME: bad, avg S/O=0.54 avg Spam%=0.00 avg Ham%=0.00
BITCOIN_PDF: bad, avg S/O=0.39 avg Spam%=0.00 avg Ham%=0.00
BITCOIN_SPAM_01: bad, avg S/O=0.58 avg Spam%=0.00 avg Ham%=0.00
BITCOIN_SPAM_11: no hits at all
BITCOIN_SPAM_12: no hits at all
BITCOIN_WFH_01: no hits at all
DAY_I_EARNED: no hits at all
DG_SPAMMER_EMAIL_B: bad, avg S/O=0.41 avg Spam%=0.00 avg Ham%=0.00
DG_SPAMMER_EMAIL_F: bad, avg S/O=0.68 avg Spam%=0.01 avg Ham%=0.01
DOC_ATTACH_NO_EXT: no hits of target type
DOTGOV_IMAGE: no hits of target type
DQ_URI_DOM_IN_PATH: bad, avg S/O=0.72 avg Spam%=0.05 avg Ham%=0.02
DUP_SUSP_HDR: bad, avg S/O=0.70 avg Spam%=0.00 avg Ham%=0.00
ENCRYPTED_MESSAGE: bad, avg S/O=0.50 avg Spam%=0.00 avg Ham%=0.00
FONT_INVIS_POSTEXTRAS: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.00
FREEMAIL_DOC_PDF: bad, avg S/O=0.27 avg Spam%=0.04 avg Ham%=0.11
FREEMAIL_DOC_PDF_BCC: bad, avg S/O=0.73 avg Spam%=0.01 avg Ham%=0.00
FREEMAIL_MANY_TO: bad, avg S/O=0.08 avg Spam%=0.01 avg Ham%=0.07
FREEMAIL_WFH_01: no hits at all
FROM_MULTI_SHORT_IMG: bad, avg S/O=0.37 avg Spam%=0.00 avg Ham%=0.01
FROM_URI: bad, avg S/O=0.40 avg Spam%=0.01 avg Ham%=0.01
FUZZY_ANDROID: no hits at all
FUZZY_BITCOIN: bad, avg S/O=0.66 avg Spam%=0.46 avg Ham%=0.01
FUZZY_BROWSER: no hits at all
FUZZY_MONERO: no hits of target type
FUZZY_OPTOUT: no hits at all
FUZZY_PRIVACY: no hits of target type
FUZZY_SAVINGS: no hits of target type
FUZZY_SECURITY: bad, avg S/O=0.79 avg Spam%=0.00 avg Ham%=0.00
FUZZY_UNSUBSCRIBE: bad, avg S/O=0.44 avg Spam%=0.00 avg Ham%=0.01
GAPPY_HTML: no hits of target type
GAPPY_LOW_CONTRAST: bad, avg S/O=0.09 avg Spam%=0.01 avg Ham%=0.05
GOOGLE_DOCS_PHISH_MANY: no hits at all
GOOG_MALWARE_DNLD: bad, avg S/O=0.62 avg Spam%=0.00 avg Ham%=0.00
GOOG_REDIR_HTML_ONLY: bad, avg S/O=0.54 avg Spam%=0.06 avg Ham%=0.05
GOOG_STO_IMG_NOHTML: bad, avg S/O=0.66 avg Spam%=0.01 avg Ham%=0.00
HACKED_PHP_URI: bad, avg S/O=0.17 avg Spam%=0.00 avg Ham%=0.00
HDR_CASE_REV_MANY: bad, avg S/O=0.59 avg Spam%=0.09 avg Ham%=0.06
HTML_TEXT_INVISIBLE_STYLE: bad, avg S/O=0.67 avg Spam%=0.07 avg Ham%=0.03
# used in: GOOG_STO_IMG_NOHTML
IMAGESHACK_URI: bad, avg S/O=0.19 avg Spam%=0.00 avg Ham%=0.00
IRS_SPOOF: no hits of target type
LARGE_PCT_AFTER_MANY: no hits at all
LH_URI_DOM_IN_PATH: bad, avg S/O=0.14 avg Spam%=0.37 avg Ham%=2.23
LIST_PARTIAL: bad, avg S/O=0.68 avg Spam%=0.45 avg Ham%=0.21
LIST_PRTL_PUMPDUMP: no hits at all
LIST_PRTL_SAME_USER: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.15
LONG_HEX_URI: bad, avg S/O=0.26 avg Spam%=0.03 avg Ham%=0.09
LONG_IMG_URI: bad, avg S/O=0.25 avg Spam%=0.01 avg Ham%=0.04
LONG_INVISIBLE_TEXT: bad, avg S/O=0.55 avg Spam%=0.02 avg Ham%=0.02
MALF_HTML_B64: bad, avg S/O=0.32 avg Spam%=0.00 avg Ham%=0.00
MALWARE_NORDNS: no hits at all
MALWARE_PASSWORD: no hits at all
MALW_ATTACH: no hits at all
MANY_PILL_PRICE: no hits of target type
MONERO_DEADLINE: no hits at all
MONERO_EXTORT_01: no hits at all
# used in: MALWARE_NORDNS MALWARE_PASSWORD MONERO_DEADLINE
MONERO_MALWARE: no hits at all
MONERO_PAY_ME: no hits at all
MONEY_12LTRDOM: bad, avg S/O=0.27 avg Spam%=0.02 avg Ham%=0.05
NEWEGG_IMG_NOT_RCVD_NEGG: bad, avg S/O=0.28 avg Spam%=0.00 avg Ham%=0.00
NSL_TO_ENDS_COMMA: bad, avg S/O=0.69 avg Spam%=0.00 avg Ham%=0.00
OBFU_BITCOIN: bad, avg S/O=0.64 avg Spam%=0.45 avg Ham%=0.01
OBFU_GIF_ATTACH: no hits of target type
OBFU_HTML_ATTACH: bad, avg S/O=0.15 avg Spam%=0.03 avg Ham%=0.16
OBFU_HTML_ATT_MALW: no hits at all
OBFU_JPG_ATTACH: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.01
OBFU_PDF_ATTACH: bad, avg S/O=0.06 avg Spam%=0.02 avg Ham%=0.53
PHP_NOVER_MUA: no hits of target type
PHP_ORIG_SCRIPT: bad, avg S/O=0.73 avg Spam%=0.01 avg Ham%=0.01
PHP_SCRIPT_MUA: no hits at all
PUMPDUMP: bad, avg S/O=0.78 avg Spam%=0.00 avg Ham%=0.00
PUMPDUMP_MULTI: no hits at all
# used in: PUMPDUMP
PUMPDUMP_TIP: no hits at all
RCVD_DOTEDU_SHORT: bad, avg S/O=0.45 avg Spam%=0.00 avg Ham%=0.00
RCVD_DOTEDU_SUSP: bad, avg S/O=0.67 avg Spam%=0.01 avg Ham%=0.01
RCVD_DOTEDU_SUSP_URI: bad, avg S/O=0.80 avg Spam%=0.00 avg Ham%=0.00
RDNS_LOCALHOST: no hits at all
REPLYTO_EMPTY: bad, avg S/O=0.44 avg Spam%=0.00 avg Ham%=0.00
SCANNED_EXTERNAL: bad, avg S/O=0.60 avg Spam%=0.02 avg Ham%=0.01
SCRIPT_GIBBERISH: bad, avg S/O=0.75 avg Spam%=0.08 avg Ham%=0.03
SENDGRID_REDIR: bad, avg S/O=0.49 avg Spam%=0.01 avg Ham%=0.01
SHOPIFY_IMG_NOT_RCVD_SFY: bad, avg S/O=0.70 avg Spam%=0.02 avg Ham%=0.01
STOCK_TIP: no hits at all
STY_INVIS_DIRECT: bad, avg S/O=0.43 avg Spam%=0.11 avg Ham%=0.16
SUBJ_OBFU_LOW_CNTRST: bad, avg S/O=0.58 avg Spam%=0.05 avg Ham%=0.04
SUSP_UTF8_WORD_COMBO: bad, avg S/O=0.79 avg Spam%=0.08 avg Ham%=0.02
SYSADMIN: no hits at all
THIS_AD: bad, avg S/O=0.10 avg Spam%=0.04 avg Ham%=0.39
# used in: GOOG_STO_IMG_NOHTML
TONLINE_FAKE_DKIM: no hits of target type
TO_IN_SUBJ: bad, avg S/O=0.68 avg Spam%=0.15 avg Ham%=0.08
TO_TOO_MANY_WFH_01: no hits at all
TW_GIBBERISH_MANY: no hits at all
UC_GIBBERISH_OBFU: no hits of target type
UNICODE_OBFU_ZW: no hits of target type
URI_DATA: no hits at all
URI_DBL_INDIR: bad, avg S/O=0.11 avg Spam%=0.06 avg Ham%=0.48
URI_DOTEDU: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.08
URI_DOTEDU_ENTITY: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.01
URI_GOOGLE_PROXY: bad, avg S/O=0.75 avg Spam%=0.08 avg Ham%=0.03
URI_HIDDEN_2: bad, avg S/O=0.78 avg Spam%=0.69 avg Ham%=0.19
URI_IMG_WP_REDIR: bad, avg S/O=0.64 avg Spam%=0.00 avg Ham%=0.00
URI_MALWARE_BH: bad, avg S/O=0.12 avg Spam%=0.00 avg Ham%=0.02
URI_MALWARE_SCMS: no hits at all
URI_OBFU_DOM: bad, avg S/O=0.73 avg Spam%=0.01 avg Ham%=0.01
URI_ONLY_LOW_CONTRAST: bad, avg S/O=0.18 avg Spam%=0.05 avg Ham%=0.23
URI_TRPL_INDIR: bad, avg S/O=0.45 avg Spam%=0.06 avg Ham%=0.07
URI_TRY_3LD: bad, avg S/O=0.08 avg Spam%=0.09 avg Ham%=1.09
WIKI_IMG: bad, avg S/O=0.56 avg Spam%=0.04 avg Ham%=0.03
ZW_OBFU_BITCOIN: bad, avg S/O=0.24 avg Spam%=0.00 avg Ham%=0.00
ZW_OBFU_FREEM: no hits of target type
ZW_OBFU_FROMTOSUBJ: no hits at all
__128_ALNUM_URI: bad, avg S/O=0.07 avg Spam%=0.17 avg Ham%=2.38
# used in: RCVD_DOTEDU_SUSP_URI
__128_HEX_URI: bad, avg S/O=0.26 avg Spam%=0.03 avg Ham%=0.09
# used in: LONG_HEX_URI
__128_LC_URI: no hits of target type
# used in: RCVD_DOTEDU_SUSP_URI
__45_ALNUM_IMG: bad, avg S/O=0.25 avg Spam%=0.01 avg Ham%=0.04
# used in: LONG_IMG_URI
__45_ALNUM_URI: bad, avg S/O=0.50 avg Spam%=4.72 avg Ham%=4.68
# used in: RCVD_DOTEDU_SUSP_URI
__45_ALNUM_URI_O: bad, avg S/O=0.77 avg Spam%=1.94 avg Ham%=0.59
# used in: RCVD_DOTEDU_SUSP_URI
__4BYTE_UTF8_WORD: bad, avg S/O=0.76 avg Spam%=0.08 avg Ham%=0.03
# used in: SUSP_UTF8_WORD_COMBO
__64_ANY_URI: bad, avg S/O=0.38 avg Spam%=3.26 avg Ham%=5.30
# used in: RCVD_DOTEDU_SUSP_URI __45_ALNUM_URI_O
__ACCESS_RESTORE: bad, avg S/O=0.17 avg Spam%=0.01 avg Ham%=0.04
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING
__ACCESS_SUSPENDED: bad, avg S/O=0.74 avg Spam%=0.01 avg Ham%=0.00
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING
__ACCOUNT_REACTIV: bad, avg S/O=0.18 avg Spam%=0.01 avg Ham%=0.03
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING
__ACCOUNT_SECURE: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING
__ACCOUNT_UPGRADE: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING
__ACCT_PHISH: bad, avg S/O=0.71 avg Spam%=0.40 avg Ham%=0.17
# used in: ACCT_PHISHING
__ACH_CANCELLED_01: no hits at all
# used in: ACH_CANCELLED_EXE
__ACH_CANCELLED_02: no hits at all
# used in: ACH_CANCELLED_EXE
__ACH_CANCELLED_03: no hits at all
# used in: ACH_CANCELLED_EXE
__ACH_CANCELLED_04: no hits at all
# used in: ACH_CANCELLED_EXE
__ACH_CANCELLED_EXE: no hits at all
# used in: ACH_CANCELLED_EXE
__AC_HTML_ENTITY_BONANZA_SHRT_RAW: bad, avg S/O=0.09 avg Spam%=1.08 avg
Ham%=11.17
# used in: URI_DOTEDU_ENTITY
__AC_POSTHTMLEXTRAS: no hits at all
# used in: AC_POST_EXTRAS FONT_INVIS_POSTEXTRAS
__AC_POSTIMGEXTRAS: bad, avg S/O=0.13 avg Spam%=0.00 avg Ham%=0.01
# used in: AC_POST_EXTRAS FONT_INVIS_POSTEXTRAS
__AC_POST_EXTRAS: bad, avg S/O=0.13 avg Spam%=0.00 avg Ham%=0.01
# used in: AC_POST_EXTRAS FONT_INVIS_POSTEXTRAS
__ADMITS_SPAM: bad, avg S/O=0.75 avg Spam%=0.45 avg Ham%=0.15
# used in: GOOG_STO_IMG_NOHTML HTML_TEXT_INVISIBLE_STYLE
__BIGNUM_EMAILS: bad, avg S/O=0.21 avg Spam%=0.33 avg Ham%=1.35
# used in: BIGNUM_EMAILS BIGNUM_EMAILS_MANY
__BIGNUM_EMAILS_5: bad, avg S/O=0.67 avg Spam%=0.01 avg Ham%=0.00
# used in: BIGNUM_EMAILS BIGNUM_EMAILS_MANY
__BITCOIN_WFH_01: no hits at all
# used in: BITCOIN_WFH_01
__BODY_TEXT_LINE: bad, avg S/O=0.50 avg Spam%=99.99 avg Ham%=99.99
# used in: RCVD_DOTEDU_SHORT URI_ONLY_LOW_CONTRAST WON_NBDY_ATTACH
__BOGUS_MIME_HDR: no hits at all
# used in: BITCOIN_SPAM_12
__BOGUS_MIME_HDR_MANY: no hits at all
# used in: BITCOIN_SPAM_12
__BONUS_LAST_DAY: no hits at all
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01
__BITCOIN_WFH_01
__BTC_OBFU_5: no hits at all
# used in: OBFU_BITCOIN
__CLICK_HERE: bad, avg S/O=0.20 avg Spam%=5.96 avg Ham%=23.49
# used in: SUSP_UTF8_WORD_COMBO
__CR_IN_SUBJ: no hits of target type
# used in: GOOG_STO_IMG_NOHTML THIS_AD
__CT_ENCRYPTED: bad, avg S/O=0.50 avg Spam%=0.00 avg Ham%=0.00
# used in: ENCRYPTED_MESSAGE MIME_NO_TEXT MIME_PHP_NO_TEXT
__DAY_I_EARNED: no hits at all
# used in: DAY_I_EARNED
__DESTROY_YOU: bad, avg S/O=0.70 avg Spam%=0.02 avg Ham%=0.01
# used in: BITCOIN_BOMB BITCOIN_EXTORT_01 BITCOIN_PAY_ME MALWARE_NORDNS
MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__DOC_ATTACH: bad, avg S/O=0.49 avg Spam%=0.06 avg Ham%=0.07
# used in: FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC WON_NBDY_ATTACH
__DOTGOV_IMAGE: bad, avg S/O=0.66 avg Spam%=0.00 avg Ham%=0.00
# used in: DOTGOV_IMAGE
__DUP_SUSP_HDR: bad, avg S/O=0.70 avg Spam%=0.00 avg Ham%=0.00
# used in: DUP_SUSP_HDR
__EMAIL_PHISH: bad, avg S/O=0.02 avg Spam%=0.03 avg Ham%=1.27
# used in: ACCT_PHISHING
__EMPTY_BODY: bad, avg S/O=0.70 avg Spam%=0.71 avg Ham%=0.30
# used in: WON_NBDY_ATTACH
__EXPLOSIVE_DEVICE: bad, avg S/O=0.23 avg Spam%=0.02 avg Ham%=0.07
# used in: BITCOIN_BOMB BITCOIN_EXTORT_01 BITCOIN_PAY_ME MALWARE_NORDNS
MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__EXTORT_MANY: bad, avg S/O=0.60 avg Spam%=0.03 avg Ham%=0.02
# used in: BITCOIN_BOMB BITCOIN_EXTORT_01 BITCOIN_PAY_ME MALWARE_NORDNS
MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__FB_TOUR: bad, avg S/O=0.10 avg Spam%=0.30 avg Ham%=2.68
# used in: FILL_THIS_FORM
__FONT_INVIS: bad, avg S/O=0.14 avg Spam%=1.03 avg Ham%=6.39
# used in: FONT_INVIS_POSTEXTRAS
__FREEMAIL_DOC_PDF: bad, avg S/O=0.27 avg Spam%=0.04 avg Ham%=0.11
# used in: FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC
__FREEMAIL_WFH_01: no hits at all
# used in: FREEMAIL_WFH_01
__FROM_12LTRDOM_1: bad, avg S/O=0.40 avg Spam%=1.54 avg Ham%=2.31
# used in: MONEY_12LTRDOM
__FROM_ADMIN: bad, avg S/O=0.14 avg Spam%=1.72 avg Ham%=10.42
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __ACCT_PHISH __EMAIL_PHISH
__FROM_LOWER: bad, avg S/O=0.25 avg Spam%=0.70 avg Ham%=2.04
# used in: URI_GOOGLE_PROXY
__FROM_MULTI_SHORT_IMG: bad, avg S/O=0.27 avg Spam%=0.00 avg Ham%=0.01
# used in: FROM_MULTI_SHORT_IMG
__FROM_URI_1: bad, avg S/O=0.33 avg Spam%=0.00 avg Ham%=0.01
# used in: FROM_URI
__FS_SUBJ_RE: bad, avg S/O=0.04 avg Spam%=0.30 avg Ham%=7.54
# used in: RCVD_DOTEDU_SHORT
__FUZZY_MONERO: no hits of target type
# used in: FUZZY_MONERO MALWARE_NORDNS MALWARE_PASSWORD MONERO_DEADLINE
MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__GAPPY_HTML: bad, avg S/O=0.14 avg Spam%=0.00 avg Ham%=0.01
# used in: GAPPY_HTML
__GAPPY_HTML_01: bad, avg S/O=0.14 avg Spam%=0.00 avg Ham%=0.01
# used in: GAPPY_HTML __GAPPY_HTML
__GAPPY_HTML_02: no hits of target type
# used in: GAPPY_HTML __GAPPY_HTML
__GOOG_MALWARE_DNLD: bad, avg S/O=0.62 avg Spam%=0.00 avg Ham%=0.00
# used in: GOOG_MALWARE_DNLD
__GOOG_REDIR: bad, avg S/O=0.17 avg Spam%=0.32 avg Ham%=1.54
# used in: GOOG_REDIR_HTML_ONLY
__GOOG_STO_IMG_NOHTML: bad, avg S/O=0.16 avg Spam%=0.02 avg Ham%=0.10
# used in: GOOG_STO_IMG_NOHTML
__HACKED_PHP_URI: bad, avg S/O=0.17 avg Spam%=0.00 avg Ham%=0.00
# used in: HACKED_PHP_URI
__HAS_CAMPAIGNID: bad, avg S/O=0.04 avg Spam%=0.55 avg Ham%=12.88
# used in: SHOPIFY_IMG_NOT_RCVD_SFY
__HAS_CID: bad, avg S/O=0.03 avg Spam%=0.08 avg Ham%=2.56
# used in: GOOG_STO_IMG_NOHTML
__HAS_PHP_ORIG_SCRIPT: bad, avg S/O=0.79 avg Spam%=2.23 avg Ham%=0.59
# used in: PHP_ORIG_SCRIPT
__HDRS_LCASE: bad, avg S/O=0.79 avg Spam%=2.91 avg Ham%=0.78
# used in: GOOG_STO_IMG_NOHTML HTML_TEXT_INVISIBLE_STYLE
TO_NO_BRKTS_HTML_ONLY
__HDRS_LCASE_KNOWN: bad, avg S/O=0.06 avg Spam%=0.47 avg Ham%=7.04
# used in: BIGNUM_EMAILS BIGNUM_EMAILS_MANY
__HDR_CASE_REVERSED: bad, avg S/O=0.11 avg Spam%=0.16 avg Ham%=1.32
# used in: HDR_CASE_REV_MANY
__HDR_CASE_REV_MANY: bad, avg S/O=0.59 avg Spam%=0.09 avg Ham%=0.06
# used in: HDR_CASE_REV_MANY
__HDR_RCVD_AMAZON: bad, avg S/O=0.06 avg Spam%=0.15 avg Ham%=2.47
# used in: STY_INVIS_DIRECT
__HDR_RCVD_NEWEGG: no hits of target type
# used in: NEWEGG_IMG_NOT_RCVD_NEGG
__HDR_RCVD_SHOPIFY: bad, avg S/O=0.08 avg Spam%=0.00 avg Ham%=0.01
# used in: SHOPIFY_IMG_NOT_RCVD_SFY
__HDR_RCVD_TONLINEDE: bad, avg S/O=0.20 avg Spam%=0.00 avg Ham%=0.01
# used in: TONLINE_FAKE_DKIM TO_IN_SUBJ
__HTML_SINGLET: bad, avg S/O=0.43 avg Spam%=3.55 avg Ham%=4.72
# used in: SENDGRID_REDIR
__HTML_TAG_BALANCE_CENTER: bad, avg S/O=0.77 avg Spam%=0.49 avg Ham%=0.14
# used in: GOOG_STO_IMG_NOHTML HTML_TEXT_INVISIBLE_STYLE
__IRS_FM_NAME: no hits of target type
# used in: IRS_SPOOF
__IRS_SPOOF: no hits of target type
# used in: IRS_SPOOF
__LCL__ENV_AND_HDR_FROM_MATCH: bad, avg S/O=0.68 avg Spam%=50.99 avg
Ham%=23.63
# used in: SYSADMIN TO_IN_SUBJ TO_NO_BRKTS_HTML_ONLY
__LIST_PARTIAL: bad, avg S/O=0.30 avg Spam%=11.34 avg Ham%=26.90
# used in: LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER LIST_PARTIAL
SUSP_UTF8_WORD_COMBO
__LIST_PRTL_SAME_USER: bad, avg S/O=0.16 avg Spam%=0.03 avg Ham%=0.18
# used in: LIST_PRTL_SAME_USER
__LOCK_MAILBOX: bad, avg S/O=0.15 avg Spam%=0.03 avg Ham%=0.19
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __EMAIL_PHISH
__LONG_INVIS_DIV: no hits of target type
# used in: LONG_INVISIBLE_TEXT
__LONG_STY_INVIS: bad, avg S/O=0.19 avg Spam%=0.06 avg Ham%=0.27
# used in: LONG_INVISIBLE_TEXT
__MAILBOX_FULL_SE: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __EMAIL_PHISH
__MAIL_ACCT_ACCESS1: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __EMAIL_PHISH
__MAIL_ACCT_ACCESS2: bad, avg S/O=0.23 avg Spam%=0.00 avg Ham%=0.00
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __EMAIL_PHISH
__MAKE_XTRA_DOLLAR: no hits at all
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01
__BITCOIN_WFH_01 __FREEMAIL_WFH_01
__MALWARE_NORDNS: bad, avg S/O=0.72 avg Spam%=0.01 avg Ham%=0.00
# used in: MALWARE_NORDNS
__MONERO: no hits of target type
# used in: MALWARE_NORDNS MALWARE_PASSWORD MONERO_DEADLINE
MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__MONERO_CURNCY: no hits at all
# used in: MALWARE_NORDNS MALWARE_PASSWORD MONERO_DEADLINE
MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __MONERO
__MONERO_ID: no hits at all
# used in: MALWARE_NORDNS MALWARE_PASSWORD MONERO_DEADLINE
MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __MONERO
__MONEY_12LTRDOM: bad, avg S/O=0.27 avg Spam%=0.02 avg Ham%=0.05
# used in: MONEY_12LTRDOM
__MSGID_HEXISH: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.03
# used in: BIGNUM_EMAILS BIGNUM_EMAILS_MANY __HDRS_LCASE_KNOWN
__MSGID_HEX_UID: no hits of target type
# used in: BIGNUM_EMAILS BIGNUM_EMAILS_MANY __HDRS_LCASE_KNOWN
__MY_MALWARE: bad, avg S/O=0.63 avg Spam%=0.02 avg Ham%=0.01
# used in: BITCOIN_BOMB BITCOIN_EXTORT_01 BITCOIN_PAY_ME MALWARE_NORDNS
MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__EXTORT_MANY __MALWARE_NORDNS
__NEWEGG_IMG_NOT_RCVD_NEGG: bad, avg S/O=0.28 avg Spam%=0.00 avg Ham%=0.00
# used in: NEWEGG_IMG_NOT_RCVD_NEGG
__OBFU_BITCOIN: bad, avg S/O=0.64 avg Spam%=0.45 avg Ham%=0.01
# used in: OBFU_BITCOIN
__PASSWORD: bad, avg S/O=0.07 avg Spam%=0.23 avg Ham%=2.95
# used in: MALWARE_PASSWORD
__PAY_ME: bad, avg S/O=0.30 avg Spam%=0.16 avg Ham%=0.35
# used in: BITCOIN_BOMB BITCOIN_EXTORT_01 BITCOIN_PAY_ME MALWARE_NORDNS
MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__EXTORT_MANY
__PDF_ATTACH: bad, avg S/O=0.09 avg Spam%=0.13 avg Ham%=1.50
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT BITCOIN_PDF FREEMAIL_DOC_PDF
FREEMAIL_DOC_PDF_BCC WON_NBDY_ATTACH __FREEMAIL_DOC_PDF
__PDS_FROM_2_EMAILS: bad, avg S/O=0.64 avg Spam%=1.18 avg Ham%=0.66
# used in: FROM_MULTI_SHORT_IMG __FROM_MULTI_SHORT_IMG
__PD_CNT_1: bad, avg S/O=0.78 avg Spam%=0.00 avg Ham%=0.00
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP_TIP
__PENDING_MESSAGES: bad, avg S/O=0.73 avg Spam%=0.03 avg Ham%=0.01
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __EMAIL_PHISH
__PERFECT_BINARY: no hits at all
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01
__BITCOIN_WFH_01 __FREEMAIL_WFH_01
__PHPMAILER_MUA: bad, avg S/O=0.34 avg Spam%=1.45 avg Ham%=2.81
# used in: SUSP_UTF8_WORD_COMBO
__PHP_NOVER_MUA: bad, avg S/O=0.10 avg Spam%=0.00 avg Ham%=0.00
# used in: PHP_NOVER_MUA PHP_SCRIPT_MUA
__PILL_PRICE_02: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.01
# used in: MANY_PILL_PRICE
__PUMPDUMP_02: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP
__PD_CNT_1
__PUMPDUMP_03: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP
__PD_CNT_1
__PUMPDUMP_05: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP
__PD_CNT_1
__PUMPDUMP_06: bad, avg S/O=0.54 avg Spam%=0.00 avg Ham%=0.00
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP
__PD_CNT_1
__PUMPDUMP_07: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP
__PD_CNT_1
__PUMPDUMP_08: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP
__PD_CNT_1
__PUMPDUMP_09: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP
__PD_CNT_1
__PUMPDUMP_10: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP
__PD_CNT_1
__RCVD_DOTEDU_EXT: bad, avg S/O=0.06 avg Spam%=0.03 avg Ham%=0.41
# used in: RCVD_DOTEDU_SHORT RCVD_DOTEDU_SUSP_URI RCVD_DOTEDU_SUSP
URI_DOTEDU
__RCVD_DOTEDU_SHORT: bad, avg S/O=0.48 avg Spam%=0.00 avg Ham%=0.00
# used in: RCVD_DOTEDU_SHORT
__RCVD_DOTEDU_SUSP: bad, avg S/O=0.60 avg Spam%=0.01 avg Ham%=0.01
# used in: RCVD_DOTEDU_SUSP
__RCVD_DOTEDU_SUSP_URI: bad, avg S/O=0.80 avg Spam%=0.00 avg Ham%=0.00
# used in: RCVD_DOTEDU_SUSP_URI
__RECEIVE_BONUS: no hits of target type
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01
__BITCOIN_WFH_01 __FREEMAIL_WFH_01
__SCANNED: bad, avg S/O=0.64 avg Spam%=0.03 avg Ham%=0.01
# used in: SCANNED_EXTERNAL
__SCRIPT_GIBBERISH: bad, avg S/O=0.68 avg Spam%=0.10 avg Ham%=0.05
# used in: SCRIPT_GIBBERISH
__SCRIPT_TAG_IN_BODY: bad, avg S/O=0.79 avg Spam%=0.00 avg Ham%=0.00
# used in: SCRIPT_GIBBERISH
__SENDGRID_REDIR: bad, avg S/O=0.79 avg Spam%=0.11 avg Ham%=0.03
# used in: SENDGRID_REDIR
__SENDGRID_REDIR_NOPHISH: bad, avg S/O=0.40 avg Spam%=0.02 avg Ham%=0.03
# used in: SENDGRID_REDIR
__SHOPIFY_IMG_NOT_RCVD_SFY: bad, avg S/O=0.26 avg Spam%=0.08 avg Ham%=0.21
# used in: SHOPIFY_IMG_NOT_RCVD_SFY
__SINGLE_WORD_SUBJ: bad, avg S/O=0.71 avg Spam%=1.85 avg Ham%=0.75
# used in: PHP_ORIG_SCRIPT
__SMIME_MESSAGE: no hits at all
# used in: RCVD_DOTEDU_SHORT T_SCC_EMPTY_BODY URI_ONLY_LOW_CONTRAST
WON_NBDY_ATTACH __EMPTY_BODY __RCVD_DOTEDU_SHORT
__STAY_HOME: bad, avg S/O=0.26 avg Spam%=0.00 avg Ham%=0.01
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01
__BITCOIN_WFH_01 __FREEMAIL_WFH_01
__STY_INVIS: bad, avg S/O=0.10 avg Spam%=4.22 avg Ham%=39.99
# used in: BIGNUM_EMAILS BIGNUM_EMAILS_MANY FONT_INVIS_POSTEXTRAS
GOOG_STO_IMG_NOHTML HTML_TEXT_INVISIBLE_STYLE LONG_INVISIBLE_TEXT
SENDGRID_REDIR STY_INVIS_DIRECT SUSP_UTF8_WORD_COMBO __LONG_STY_INVIS
__STY_INVIS_3: bad, avg S/O=0.05 avg Spam%=0.62 avg Ham%=11.60
# used in: SUSP_UTF8_WORD_COMBO
__STY_INVIS_DIRECT: bad, avg S/O=0.11 avg Spam%=0.35 avg Ham%=2.72
# used in: STY_INVIS_DIRECT
__STY_INVIS_MANY: bad, avg S/O=0.05 avg Spam%=0.29 avg Ham%=5.18
# used in: GOOG_STO_IMG_NOHTML HTML_TEXT_INVISIBLE_STYLE SENDGRID_REDIR
__SUBJ_ADMIN: bad, avg S/O=0.11 avg Spam%=0.24 avg Ham%=1.98
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __ACCT_PHISH __EMAIL_PHISH
__SUBJ_HAS_FROM_1: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.08
# used in: ZW_OBFU_FROMTOSUBJ
__SUBJ_HAS_TO_1: bad, avg S/O=0.68 avg Spam%=0.26 avg Ham%=0.13
# used in: GOOGLE_DOCS_PHISH_MANY SENDGRID_REDIR TO_IN_SUBJ ACCT_PHISHING
__ACCT_PHISH __EMAIL_PHISH __SENDGRID_REDIR_NOPHISH
__SUBJ_HAS_TO_2: bad, avg S/O=0.67 avg Spam%=0.28 avg Ham%=0.14
# used in: GOOGLE_DOCS_PHISH_MANY SENDGRID_REDIR TO_IN_SUBJ ACCT_PHISHING
__ACCT_PHISH __EMAIL_PHISH __SENDGRID_REDIR_NOPHISH
__SUBJ_HAS_TO_3: bad, avg S/O=0.26 avg Spam%=0.02 avg Ham%=0.07
# used in: GOOGLE_DOCS_PHISH_MANY SENDGRID_REDIR TO_IN_SUBJ ACCT_PHISHING
__ACCT_PHISH __EMAIL_PHISH __SENDGRID_REDIR_NOPHISH
__SUBJ_OBFU_PUNCT: bad, avg S/O=0.22 avg Spam%=2.84 avg Ham%=10.07
# used in: SUBJ_OBFU_LOW_CNTRST
__SUSPICION_LOGIN: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __ACCT_PHISH
__SYSADMIN: bad, avg S/O=0.16 avg Spam%=0.32 avg Ham%=1.70
# used in: GOOGLE_DOCS_PHISH_MANY SYSADMIN ACCT_PHISHING __EMAIL_PHISH
__TENWORD_GIBBERISH: bad, avg S/O=0.46 avg Spam%=0.00 avg Ham%=0.00
# used in: TW_GIBBERISH_MANY
__THIS_AD: bad, avg S/O=0.07 avg Spam%=0.07 avg Ham%=0.98
# used in: GOOG_STO_IMG_NOHTML THIS_AD
__TO_ALL_NUMS: bad, avg S/O=0.38 avg Spam%=0.06 avg Ham%=0.11
# used in: TO_NO_BRKTS_HTML_IMG TO_NO_BRKTS_HTML_ONLY
__TO_EQ_FROM_2: bad, avg S/O=0.73 avg Spam%=0.91 avg Ham%=0.33
# used in: ZW_OBFU_FROMTOSUBJ
__TO_IN_SUBJ: bad, avg S/O=0.56 avg Spam%=0.30 avg Ham%=0.23
# used in: GOOGLE_DOCS_PHISH_MANY SENDGRID_REDIR TO_IN_SUBJ ACCT_PHISHING
__ACCT_PHISH __EMAIL_PHISH __SENDGRID_REDIR_NOPHISH
__TO_TOO_MANY_WFH_01: no hits at all
# used in: TO_TOO_MANY_WFH_01
__TO_WAY_TOO_MANY: bad, avg S/O=0.07 avg Spam%=0.01 avg Ham%=0.17
# used in: TO_TOO_MANY_WFH_01 FREEMAIL_MANY_TO __TO_TOO_MANY_WFH_01
__TO___LOWER: bad, avg S/O=0.20 avg Spam%=2.72 avg Ham%=12.82
# used in: STY_INVIS_DIRECT SUSP_UTF8_WORD_COMBO
__UA_MSOMAC: no hits of target type
# used in: BIGNUM_EMAILS BIGNUM_EMAILS_MANY __HDRS_LCASE_KNOWN
__UC_GIBB_OBFU: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.05
# used in: UC_GIBBERISH_OBFU
__UNICODE_OBFU_ZW: bad, avg S/O=0.05 avg Spam%=0.02 avg Ham%=0.42
# used in: ZW_OBFU_BITCOIN ZW_OBFU_FREEM ZW_OBFU_FROMTOSUBJ
UNICODE_OBFU_ZW
__UNICODE_OBFU_ZW_2: bad, avg S/O=0.05 avg Spam%=0.02 avg Ham%=0.38
# used in: UNICODE_OBFU_ZW
__UPGR_MAILBOX: bad, avg S/O=0.04 avg Spam%=0.17 avg Ham%=3.78
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __EMAIL_PHISH
__UPPERCASE_URI: bad, avg S/O=0.09 avg Spam%=0.26 avg Ham%=2.78
# used in: TO_NO_BRKTS_HTML_ONLY
__URI_12LTRDOM: bad, avg S/O=0.49 avg Spam%=5.25 avg Ham%=5.54
# used in: TO_NO_BRKTS_HTML_ONLY
__URI_DATA: no hits at all
# used in: URI_DATA
__URI_DBL_INDIR: bad, avg S/O=0.17 avg Spam%=0.12 avg Ham%=0.55
# used in: URI_DBL_INDIR
__URI_DOTEDU: bad, avg S/O=0.06 avg Spam%=0.04 avg Ham%=0.71
# used in: URI_DOTEDU URI_DOTEDU_ENTITY
__URI_DOTEDU_ENTITY: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.26
# used in: URI_DOTEDU_ENTITY
__URI_DOTGOV: bad, avg S/O=0.01 avg Spam%=0.04 avg Ham%=6.78
# used in: DOTGOV_IMAGE __DOTGOV_IMAGE
__URI_GOOGLE_DOC: bad, avg S/O=0.77 avg Spam%=0.52 avg Ham%=0.16
# used in: GOOGLE_DOCS_PHISH_MANY
__URI_GOOGLE_PROXY: bad, avg S/O=0.71 avg Spam%=0.10 avg Ham%=0.04
# used in: URI_GOOGLE_PROXY
__URI_GOOG_STO_IMG: bad, avg S/O=0.55 avg Spam%=0.12 avg Ham%=0.10
# used in: GOOG_STO_IMG_NOHTML __GOOG_STO_IMG_NOHTML
__URI_IMG_NEWEGG: bad, avg S/O=0.07 avg Spam%=0.00 avg Ham%=0.01
# used in: NEWEGG_IMG_NOT_RCVD_NEGG __NEWEGG_IMG_NOT_RCVD_NEGG
__URI_IMG_SHOPIFY: bad, avg S/O=0.25 avg Spam%=0.08 avg Ham%=0.23
# used in: SHOPIFY_IMG_NOT_RCVD_SFY __SHOPIFY_IMG_NOT_RCVD_SFY
__URI_IMG_WP_REDIR: bad, avg S/O=0.64 avg Spam%=0.00 avg Ham%=0.00
# used in: URI_IMG_WP_REDIR
__URI_MAILTO: bad, avg S/O=0.30 avg Spam%=26.72 avg Ham%=61.52
# used in: AC_POST_EXTRAS
__URI_MONERO: no hits at all
# used in: MALWARE_NORDNS MALWARE_PASSWORD MONERO_DEADLINE
MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __MONERO
__URI_OBFU_DOM: bad, avg S/O=0.29 avg Spam%=0.01 avg Ham%=0.03
# used in: URI_OBFU_DOM
__URI_TRPL_INDIR: bad, avg S/O=0.45 avg Spam%=0.06 avg Ham%=0.07
# used in: URI_DBL_INDIR URI_TRPL_INDIR
__VALIDATE_MAILBOX: bad, avg S/O=0.48 avg Spam%=0.01 avg Ham%=0.02
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __EMAIL_PHISH
__VALIDATE_MBOX_SE: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __EMAIL_PHISH
__VERIFY_ACCOUNT: bad, avg S/O=0.57 avg Spam%=0.45 avg Ham%=0.34
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING __ACCT_PHISH
__WFH_01: no hits at all
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01
__BITCOIN_WFH_01 __FREEMAIL_WFH_01 __TO_TOO_MANY_WFH_01
__WITHOUT_EFFORT: bad, avg S/O=0.51 avg Spam%=0.00 avg Ham%=0.00
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01
__BITCOIN_WFH_01 __FREEMAIL_WFH_01 __TO_TOO_MANY_WFH_01 __WFH_01
__XEROXWORKCTR_MUA: no hits at all
# used in: SCANNED_EXTERNAL
__YOUR_ONAN: bad, avg S/O=0.62 avg Spam%=0.01 avg Ham%=0.01
# used in: BITCOIN_BOMB BITCOIN_EXTORT_01 BITCOIN_PAY_ME MALWARE_NORDNS
MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__EXTORT_MANY
__YOUR_PASSWORD: bad, avg S/O=0.05 avg Spam%=0.12 avg Ham%=2.31
# used in: BITCOIN_BOMB BITCOIN_EXTORT_01 BITCOIN_PAY_ME MALWARE_NORDNS
MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__EXTORT_MANY
__YOUR_PERSONAL: bad, avg S/O=0.15 avg Spam%=1.93 avg Ham%=11.28
# used in: BITCOIN_BOMB BITCOIN_EXTORT_01 BITCOIN_PAY_ME MALWARE_NORDNS
MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__EXTORT_MANY
__YOUR_WEBCAM: bad, avg S/O=0.47 avg Spam%=0.01 avg Ham%=0.02
# used in: BITCOIN_BOMB BITCOIN_EXTORT_01 BITCOIN_PAY_ME MALWARE_NORDNS
MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__EXTORT_MANY
rulesrc/sandbox/jhardin/20_lotsa_money.cf (159 rules, 51 bad):
LOTS_OF_MONEY: bad, avg S/O=0.54 avg Spam%=5.40 avg Ham%=4.53
# used in: ADVANCE_FEE_3_NEW
LOTTO_URI: bad, avg S/O=0.60 avg Spam%=0.00 avg Ham%=0.00
# used in: ADVANCE_FEE_3_NEW
MONEY_PERCENT: bad, avg S/O=0.54 avg Spam%=0.30 avg Ham%=0.26
WON_NBDY_ATTACH: no hits at all
__AFRICAN_STATE: bad, avg S/O=0.78 avg Spam%=0.24 avg Ham%=0.07
# used in: ADVANCE_FEE_3_NEW
__ATM_CARD: bad, avg S/O=0.55 avg Spam%=0.10 avg Ham%=0.08
# used in: ADVANCE_FEE_3_NEW
__AUTO_ACCIDENT: bad, avg S/O=0.41 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW
__BANK_DRAFT: bad, avg S/O=0.71 avg Spam%=0.05 avg Ham%=0.02
# used in: ADVANCE_FEE_3_NEW
__BURKINA_FASO: bad, avg S/O=0.65 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW __AFRICAN_STATE
__DEAD_PARENT: bad, avg S/O=0.77 avg Spam%=0.02 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW
__DEAL: bad, avg S/O=0.76 avg Spam%=19.34 avg Ham%=6.18
# used in: ADVANCE_FEE_3_NEW
__FIFTY_FIFTY: bad, avg S/O=0.26 avg Spam%=1.12 avg Ham%=3.13
# used in: MONEY_PERCENT
__FOUND_YOU: bad, avg S/O=0.62 avg Spam%=0.05 avg Ham%=0.03
# used in: ADVANCE_FEE_3_NEW
__GHANA: bad, avg S/O=0.67 avg Spam%=0.03 avg Ham%=0.02
# used in: ADVANCE_FEE_3_NEW __AFRICAN_STATE
__GIVE_MONEY: bad, avg S/O=0.75 avg Spam%=0.04 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW WON_NBDY_ATTACH
__HAS_WON_01: no hits of target type
# used in: ADVANCE_FEE_3_NEW WON_NBDY_ATTACH
__HUSH_HUSH: bad, avg S/O=0.75 avg Spam%=20.84 avg Ham%=6.70
# used in: PDS_LTC_HUSH
__LOTSA_MONEY_00: bad, avg S/O=0.36 avg Spam%=0.62 avg Ham%=1.09
# used in: ADVANCE_FEE_3_NEW LOTS_OF_MONEY TO_NO_BRKTS_HTML_ONLY
MONEY_12LTRDOM MONEY_PERCENT
__LOTSA_MONEY_01: bad, avg S/O=0.37 avg Spam%=1.15 avg Ham%=1.95
# used in: ADVANCE_FEE_3_NEW LOTS_OF_MONEY TO_NO_BRKTS_HTML_ONLY
MONEY_PERCENT
__LOTSA_MONEY_02: bad, avg S/O=0.55 avg Spam%=0.94 avg Ham%=0.79
# used in: ADVANCE_FEE_3_NEW LOTS_OF_MONEY TO_NO_BRKTS_HTML_ONLY
MONEY_PERCENT
__LOTSA_MONEY_03: bad, avg S/O=0.66 avg Spam%=2.28 avg Ham%=1.15
# used in: ADVANCE_FEE_3_NEW LOTS_OF_MONEY TO_NO_BRKTS_HTML_ONLY
MONEY_PERCENT
__LOTSA_MONEY_05: no hits at all
# used in: ADVANCE_FEE_3_NEW LOTS_OF_MONEY TO_NO_BRKTS_HTML_ONLY
MONEY_PERCENT
__LOTTO_ADMITS: bad, avg S/O=0.17 avg Spam%=0.22 avg Ham%=1.10
# used in: GOOG_STO_IMG_NOHTML
__LOTTO_ADMITS_1: bad, avg S/O=0.16 avg Spam%=0.20 avg Ham%=1.00
# used in: GOOG_STO_IMG_NOHTML __LOTTO_ADMITS
__LOTTO_ADMITS_2: bad, avg S/O=0.39 avg Spam%=0.02 avg Ham%=0.13
# used in: GOOG_STO_IMG_NOHTML __LOTTO_ADMITS
__LOTTO_ADMITS_3: bad, avg S/O=0.26 avg Spam%=0.02 avg Ham%=0.14
# used in: GOOG_STO_IMG_NOHTML __LOTTO_ADMITS
__LOTTO_AGENT_02: no hits at all
# used in: ADVANCE_FEE_3_NEW
__LOTTO_DEPT: bad, avg S/O=0.50 avg Spam%=0.09 avg Ham%=0.15
# used in: ADVANCE_FEE_3_NEW
__LOTTO_WIN_01: bad, avg S/O=0.80 avg Spam%=0.10 avg Ham%=0.02
# used in: ADVANCE_FEE_3_NEW
__LUCKY_WINNER: bad, avg S/O=0.54 avg Spam%=0.09 avg Ham%=0.08
# used in: ADVANCE_FEE_3_NEW
__MOVE_MONEY: bad, avg S/O=0.69 avg Spam%=0.29 avg Ham%=0.13
# used in: ADVANCE_FEE_3_NEW WON_NBDY_ATTACH
__NIGERIA: bad, avg S/O=0.75 avg Spam%=0.12 avg Ham%=0.04
# used in: ADVANCE_FEE_3_NEW __AFRICAN_STATE
__NOT_DEAD_YET: bad, avg S/O=0.74 avg Spam%=0.02 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW
__PAY_YOU: bad, avg S/O=0.66 avg Spam%=0.03 avg Ham%=0.02
# used in: ADVANCE_FEE_3_NEW
__PCT_FOR_YOU_2: bad, avg S/O=0.45 avg Spam%=0.03 avg Ham%=0.04
# used in: MONEY_PERCENT
__SCAM: bad, avg S/O=0.15 avg Spam%=0.12 avg Ham%=0.66
# used in: ADVANCE_FEE_3_NEW
__TO_YOUR_ACCT: bad, avg S/O=0.60 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW
__TO_YOUR_ORG: bad, avg S/O=0.57 avg Spam%=0.06 avg Ham%=0.04
# used in: ADVANCE_FEE_3_NEW
__TRAVEL_ITINERARY: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.02
# used in: ADVANCE_FEE_3_NEW LOTS_OF_MONEY TO_NO_BRKTS_HTML_ONLY
MONEY_PERCENT
__TRUSTED_CHECK: bad, avg S/O=0.54 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW
__WIDOW: bad, avg S/O=0.27 avg Spam%=0.01 avg Ham%=0.02
# used in: ADVANCE_FEE_3_NEW
__WIRE_XFR: bad, avg S/O=0.62 avg Spam%=0.12 avg Ham%=0.07
# used in: ADVANCE_FEE_3_NEW
__XFER_MONEY: bad, avg S/O=0.65 avg Spam%=0.48 avg Ham%=0.26
# used in: ADVANCE_FEE_3_NEW
__YOUR_FUND: bad, avg S/O=0.38 avg Spam%=0.45 avg Ham%=0.75
# used in: ADVANCE_FEE_3_NEW
__YOUR_PERM: bad, avg S/O=0.15 avg Spam%=0.02 avg Ham%=0.09
# used in: ADVANCE_FEE_3_NEW
__YOU_ASSIST: bad, avg S/O=0.66 avg Spam%=0.13 avg Ham%=0.07
# used in: ADVANCE_FEE_3_NEW
__YOU_WON: bad, avg S/O=0.53 avg Spam%=0.51 avg Ham%=0.44
# used in: ADVANCE_FEE_3_NEW WON_NBDY_ATTACH
__YOU_WON_01: bad, avg S/O=0.50 avg Spam%=0.43 avg Ham%=0.43
# used in: ADVANCE_FEE_3_NEW WON_NBDY_ATTACH __YOU_WON
__YOU_WON_02: bad, avg S/O=0.44 avg Spam%=0.02 avg Ham%=0.02
# used in: ADVANCE_FEE_3_NEW WON_NBDY_ATTACH __YOU_WON
__YOU_WON_04: no hits at all
# used in: ADVANCE_FEE_3_NEW WON_NBDY_ATTACH __YOU_WON
__YOU_WON_05: bad, avg S/O=0.74 avg Spam%=0.03 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW WON_NBDY_ATTACH __YOU_WON
rulesrc/sandbox/jhardin/20_fillform.cf (18 rules, 4 bad):
FILL_THIS_FORM: bad, avg S/O=0.79 avg Spam%=0.34 avg Ham%=0.09
__FILL_THIS_FORM: bad, avg S/O=0.77 avg Spam%=0.40 avg Ham%=0.12
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM
__FILL_THIS_FORM_PARTIAL: bad, avg S/O=0.31 avg Spam%=0.46 avg Ham%=1.06
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM __FILL_THIS_FORM
__FILL_THIS_FORM_PARTIAL_RAW: bad, avg S/O=0.20 avg Spam%=0.99 avg Ham%=3.93
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM __FILL_THIS_FORM
rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf (31 rules, 1 bad):
ADVANCE_FEE_3_NEW: bad, avg S/O=0.63 avg Spam%=0.04 avg Ham%=0.03
rulesrc/sandbox/jhardin/20_MIME_no_text.cf (7 rules, 7 bad):
MIME_NO_TEXT: bad, avg S/O=0.79 avg Spam%=0.01 avg Ham%=0.00
MIME_PHP_NO_TEXT: no hits at all
__CTYPE_MULTIPART_ANY: bad, avg S/O=0.49 avg Spam%=65.34 avg Ham%=68.80
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT MIME_MALF
__MIME_NO_TEXT: bad, avg S/O=0.57 avg Spam%=0.01 avg Ham%=0.01
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT
__PHP_MUA: bad, avg S/O=0.56 avg Spam%=0.02 avg Ham%=0.01
# used in: MIME_PHP_NO_TEXT
__PHP_MUA_1: bad, avg S/O=0.56 avg Spam%=0.02 avg Ham%=0.01
# used in: MIME_PHP_NO_TEXT __PHP_MUA
__PHP_MUA_2: no hits at all
# used in: MIME_PHP_NO_TEXT __PHP_MUA
rulesrc/sandbox/jhardin/20_MIME_in_body.cf (3 rules, 3 bad):
MIME_MALF: no hits of target type
__MIME_CTYPE_IN_BODY: no hits of target type
# used in: MIME_MALF
__MIME_MALF: no hits of target type
# used in: MIME_MALF
rulesrc/sandbox/hege/20_hk.cf (51 rules, 4 bad):
HK_SPAMMY_FILENAME: bad, avg S/O=0.72 avg Spam%=0.01 avg Ham%=0.00
TAB_IN_FROM: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.00
URI_IN_URI_5: bad, avg S/O=0.30 avg Spam%=0.06 avg Ham%=0.15
__TAB_IN_FROM: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.00
# used in: TAB_IN_FROM
rulesrc/sandbox/gbechis/20_wp.cf (1 rules, 1 bad):
GB_WP_FILELINK: no hits of target type
rulesrc/sandbox/gbechis/20_misc.cf (17 rules, 2 bad):
SENDINBLUE_REDIR: bad, avg S/O=0.58 avg Spam%=0.04 avg Ham%=0.03
__SENDINBLUE_REDIR: bad, avg S/O=0.58 avg Spam%=0.04 avg Ham%=0.03
# used in: SENDINBLUE_REDIR
rulesrc/sandbox/fredt/99_zFVGT_FakeReply.cf (53 rules, 25 bad):
TEST_REPLY_B: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.22
TEST_REPLY_C: no hits of target type
__INR_AND_NO_REF: bad, avg S/O=0.46 avg Spam%=0.50 avg Ham%=0.58
# used in: TEST_REPLY_B
__MISSING_REF: bad, avg S/O=0.53 avg Spam%=99.22 avg Ham%=87.23
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM TO_NO_BRKTS_HTML_IMG
SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TEST_REPLY_B
__MISSING_REPLY: bad, avg S/O=0.53 avg Spam%=99.28 avg Ham%=87.37
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM TO_NO_BRKTS_HTML_IMG
SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TEST_REPLY_C
__SUBJ_RE: bad, avg S/O=0.24 avg Spam%=2.65 avg Ham%=8.26
# used in: TEST_REPLY_B TEST_REPLY_C
__UA_GNUS: no hits of target type
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM TO_NO_BRKTS_HTML_IMG
SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TEST_REPLY_C
__UA_IMP: bad, avg S/O=0.74 avg Spam%=0.00 avg Ham%=0.00
# used in: TEST_REPLY_B __INR_AND_NO_REF
__UA_KNODE: no hits of target type
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM TO_NO_BRKTS_HTML_IMG
SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TEST_REPLY_C
__UA_MSENTOUR: no hits of target type
# used in: TEST_REPLY_B __INR_AND_NO_REF
__UA_MSOEMAC: no hits at all
# used in: BIGNUM_EMAILS BIGNUM_EMAILS_MANY TEST_REPLY_B
__HDRS_LCASE_KNOWN __INR_AND_NO_REF
__UA_MUTT: bad, avg S/O=0.03 avg Spam%=0.02 avg Ham%=0.70
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM TO_NO_BRKTS_HTML_IMG
SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TEST_REPLY_C
__UA_PAN: no hits at all
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM TO_NO_BRKTS_HTML_IMG
SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TEST_REPLY_C
__UA_XNEWS: no hits at all
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM TO_NO_BRKTS_HTML_IMG
SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TEST_REPLY_C
__XM_APPLEMAIL: bad, avg S/O=0.05 avg Spam%=0.03 avg Ham%=0.44
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_COMMUNIG: no hits of target type
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_EXMH: no hits of target type
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_GNUS: no hits at all
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM TO_NO_BRKTS_HTML_IMG
SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TEST_REPLY_C
__XM_LOTUSN: no hits of target type
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_MIMETOOLS: bad, avg S/O=0.14 avg Spam%=0.00 avg Ham%=0.02
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_MSCDO: bad, avg S/O=0.08 avg Spam%=0.01 avg Ham%=0.10
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_MSOUT: bad, avg S/O=0.74 avg Spam%=0.01 avg Ham%=0.00
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_QUALCOM: bad, avg S/O=0.76 avg Spam%=0.00 avg Ham%=0.00
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_SKYRI: no hits at all
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM TO_NO_BRKTS_HTML_IMG
SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TEST_REPLY_C
__XM_WWWMAIL: no hits of target type
# used in: ADVANCE_FEE_3_NEW FILL_THIS_FORM TO_NO_BRKTS_HTML_IMG
SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TEST_REPLY_C
rulesrc/sandbox/felicity/70_phishing.cf (58 rules, 39 bad):
HTTPS_HTTP_MISMATCH: bad, avg S/O=0.56 avg Spam%=0.50 avg Ham%=0.40
TVD_PH_1: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.01
TVD_PH_7: bad, avg S/O=0.46 avg Spam%=0.01 avg Ham%=0.01
TVD_PH_BODY_ACCOUNTS_POST: bad, avg S/O=0.14 avg Spam%=0.07 avg Ham%=0.46
TVD_PH_BODY_ACCOUNTS_PRE: bad, avg S/O=0.12 avg Spam%=0.04 avg Ham%=0.28
TVD_PH_BODY_META_ALL: bad, avg S/O=0.24 avg Spam%=0.17 avg Ham%=0.55
TVD_PH_FR5: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.15
TVD_PH_REC: bad, avg S/O=0.76 avg Spam%=0.00 avg Ham%=0.00
TVD_PH_SEC: bad, avg S/O=0.14 avg Spam%=0.01 avg Ham%=0.06
TVD_PH_SUBJ_META: bad, avg S/O=0.61 avg Spam%=0.13 avg Ham%=0.08
TVD_PH_SUBJ_META1: bad, avg S/O=0.30 avg Spam%=0.06 avg Ham%=0.14
TVD_SUBJ_ACC_NUM: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.01
__PH_TVD_FROM2: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.41
# used in: TVD_PH_FR5
__TVD_PH_BODY_01: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_BODY_META_ALL
__EMAIL_PHISH
__TVD_PH_BODY_02: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_BODY_META_ALL
__EMAIL_PHISH
__TVD_PH_BODY_06: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_BODY_META_ALL
__EMAIL_PHISH
__TVD_PH_BODY_07: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_BODY_META_ALL
__EMAIL_PHISH
__TVD_PH_BODY_ACCOUNTS_POST: bad, avg S/O=0.14 avg Spam%=0.07 avg Ham%=0.46
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_BODY_ACCOUNTS_POST
TVD_PH_BODY_META_ALL __EMAIL_PHISH
__TVD_PH_BODY_ACCOUNTS_PRE: bad, avg S/O=0.12 avg Spam%=0.04 avg Ham%=0.28
# used in: GOOGLE_DOCS_PHISH_MANY TVD_PH_BODY_ACCOUNTS_PRE ACCT_PHISHING
TVD_PH_BODY_META_ALL __EMAIL_PHISH
__TVD_PH_SUBJ_00: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_02: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_04: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_15: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_17: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_18: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_19: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_36: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_37: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_38: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.04
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_39: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_52: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_58: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_59: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_ACCESS_POST: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.04
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_ACCOUNTS_POST: bad, avg S/O=0.43 avg Spam%=0.02 avg Ham%=0.03
# used in: TVD_PH_SUBJ_META1
__TVD_PH_SUBJ_ACCOUNTS_PRE: bad, avg S/O=0.38 avg Spam%=0.02 avg Ham%=0.03
# used in: TVD_PH_SUBJ_META1
__TVD_PH_SUBJ_META: bad, avg S/O=0.61 avg Spam%=0.13 avg Ham%=0.08
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING TVD_PH_SUBJ_META
__EMAIL_PHISH
__TVD_PH_SUBJ_SEC_MEASURES: no hits of target type
# used in: TVD_PH_SUBJ_META1
__TVD_PH_SUBJ_UPDATE: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.08
# used in: TVD_PH_SUBJ_META1
rulesrc/sandbox/felicity/70_other.cf (74 rules, 58 bad):
BASE64_LENGTH_78_79: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.04
BASE64_LENGTH_79_INF: bad, avg S/O=0.20 avg Spam%=0.01 avg Ham%=0.04
DRUGS_HDIA: no hits at all
FUZZY_MERIDIA: no hits at all
FUZZY_SPRM: no hits of target type
HEADER_COUNT_SUBJECT: no hits at all
NULL_IN_BODY: no hits of target type
RCVD_BAD_ID: no hits at all
SUBJECT_NEEDS_ENCODING: bad, avg S/O=0.70 avg Spam%=0.03 avg Ham%=0.01
TVD_ACT_193: no hits at all
TVD_APP_LOAN: bad, avg S/O=0.57 avg Spam%=0.00 avg Ham%=0.00
TVD_DEAR_HOMEOWNER: no hits at all
TVD_ENVFROM_APOST: no hits at all
TVD_FINGER_02: no hits at all
TVD_FLOAT_GENERAL: no hits at all
TVD_FROM_1: bad, avg S/O=0.77 avg Spam%=0.15 avg Ham%=0.05
TVD_FUZZY_DEGREE: no hits at all
TVD_FUZZY_FINANCE: no hits at all
TVD_FUZZY_FIXED_RATE: no hits at all
TVD_FUZZY_MICROCAP: no hits at all
TVD_FUZZY_PHARMACEUTICAL: no hits at all
TVD_FUZZY_SECTOR: bad, avg S/O=0.15 avg Spam%=0.01 avg Ham%=0.08
TVD_FUZZY_SECURITIES: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.00
TVD_FUZZY_SYMBOL: no hits at all
TVD_FW_GRAPHIC_ID2: no hits at all
TVD_FW_GRAPHIC_ID3: bad, avg S/O=0.03 avg Spam%=0.02 avg Ham%=0.78
TVD_FW_GRAPHIC_ID3_2: bad, avg S/O=0.03 avg Spam%=0.02 avg Ham%=0.79
TVD_LINK_SAVE: no hits at all
TVD_PDF_FINGER01: bad, avg S/O=0.10 avg Spam%=0.00 avg Ham%=0.03
TVD_RATWARE_CB: no hits at all
TVD_RATWARE_CB_2: no hits at all
TVD_RATWARE_MSGID_01: bad, avg S/O=0.01 avg Spam%=0.01 avg Ham%=1.54
TVD_RATWARE_MSGID_02: no hits at all
TVD_RCVD_IP: bad, avg S/O=0.60 avg Spam%=0.05 avg Ham%=0.03
TVD_RCVD_IP4: no hits of target type
TVD_RCVD_SINGLE: no hits of target type
TVD_SECTION: no hits at all
TVD_SILLY_URI_OBFU: no hits at all
TVD_SINGLE_SPAN_DIV: bad, avg S/O=0.31 avg Spam%=0.01 avg Ham%=0.01
TVD_SPACED_SUBJECT_WORD3: no hits at all
TVD_SPACED_SUBJECT_WORD5: bad, avg S/O=0.41 avg Spam%=0.01 avg Ham%=0.01
TVD_STOCK1: no hits at all
TVD_SUBJ_FINGER_03: no hits at all
TVD_SUBJ_FINGER_04: bad, avg S/O=0.49 avg Spam%=0.04 avg Ham%=0.05
TVD_SUBJ_OWE: no hits at all
TVD_SUBJ_WIPE_DEBT: bad, avg S/O=0.35 avg Spam%=0.00 avg Ham%=0.00
TVD_UNDER_VALUED: no hits of target type
TVD_VIS_HIDDEN: no hits at all
T_TVD_MIME_NO_HEADERS: bad, avg S/O=0.09 avg Spam%=0.01 avg Ham%=0.09
T_TVD_PCT_OFF2: bad, avg S/O=0.34 avg Spam%=0.32 avg Ham%=0.60
T_TVD_SUBJ_FINGER_05: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.02
T_TVD_SUBJ_NUM_OBFU: bad, avg S/O=0.55 avg Spam%=0.42 avg Ham%=0.34
T_TVD_SUBJ_NUM_OBFU2: bad, avg S/O=0.44 avg Spam%=0.46 avg Ham%=0.59
T_TVD_SUBJ_NUM_OBFU3: bad, avg S/O=0.44 avg Spam%=0.46 avg Ham%=0.59
__TVD_BODY: bad, avg S/O=0.50 avg Spam%=99.93 avg Ham%=99.87
# used in: TVD_PDF_FINGER01 TVD_PDF_FINGER01_JO
__TVD_INT_CID: bad, avg S/O=0.28 avg Spam%=1.62 avg Ham%=4.19
# used in: TVD_FW_GRAPHIC_ID3
__TVD_MIME_ATT: bad, avg S/O=0.06 avg Spam%=0.08 avg Ham%=1.61
# used in: TVD_PDF_FINGER01 TVD_PDF_FINGER01_JO
__TVD_MIME_CT_MM: bad, avg S/O=0.17 avg Spam%=1.33 avg Ham%=6.52
# used in: TVD_PDF_FINGER01 TVD_PDF_FINGER01_JO
rulesrc/sandbox/fanf/30_text.cf (2 rules, 2 bad):
LONG_TERM_PRICE: no hits of target type
SHORT_TERM_PRICE: no hits of target type
rulesrc/sandbox/duncf/20_header.cf (3 rules, 2 bad):
APOSTROPHE_TOCC: bad, avg S/O=0.78 avg Spam%=0.01 avg Ham%=0.00
STUDDLYCAPS: bad, avg S/O=0.25 avg Spam%=0.06 avg Ham%=0.19
rulesrc/sandbox/duncf/20_debt.cf (2 rules, 1 bad):
LOOPHOLE_1: no hits at all
rulesrc/sandbox/dos/70_other.cf (73 rules, 49 bad):
DOS_ANAL_SPAM_MAILER: no hits at all
DOS_BODY_HIGH_NO_MID: bad, avg S/O=0.76 avg Spam%=0.29 avg Ham%=0.09
DOS_FIX_MY_URI: no hits at all
DOS_HIGH_BAT_TO_MX: no hits at all
DOS_LET_GO_JOB: no hits at all
DOS_RCVD_IP_TWICE_A: bad, avg S/O=0.56 avg Spam%=4.65 avg Ham%=3.58
DOS_RCVD_IP_TWICE_C: no hits at all
DOS_STOCK_BAT: no hits at all
DOS_URI_ASTERISK: no hits at all
DOS_YOUR_PLACE: no hits at all
DOS_ZIP_HARDCORE: no hits at all
X_MAILER_CME_6543_MSN: no hits at all
__DOS_BODY_FRI: bad, avg S/O=0.14 avg Spam%=0.80 avg Ham%=5.01
# used in: DOS_STOCK_BAT
__DOS_BODY_MON: bad, avg S/O=0.30 avg Spam%=2.41 avg Ham%=5.65
# used in: DOS_STOCK_BAT
__DOS_BODY_SAT: bad, avg S/O=0.20 avg Spam%=0.30 avg Ham%=1.16
# used in: DOS_STOCK_BAT
__DOS_BODY_STOCK: bad, avg S/O=0.13 avg Spam%=0.42 avg Ham%=2.80
# used in: DOS_STOCK_BAT
__DOS_BODY_SUN: bad, avg S/O=0.12 avg Spam%=0.51 avg Ham%=3.67
# used in: DOS_STOCK_BAT
__DOS_BODY_THU: bad, avg S/O=0.08 avg Spam%=0.34 avg Ham%=3.95
# used in: DOS_STOCK_BAT
__DOS_BODY_TICKER: no hits at all
# used in: DOS_STOCK_BAT
__DOS_BODY_TUE: bad, avg S/O=0.06 avg Spam%=0.45 avg Ham%=6.55
# used in: DOS_STOCK_BAT
__DOS_BODY_WED: bad, avg S/O=0.15 avg Spam%=0.73 avg Ham%=4.17
# used in: DOS_STOCK_BAT
__DOS_COMING_TO_YOUR_PLACE: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_CORRESPOND_EMAIL: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_DROP_ME_A_LINE: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_EMAIL_DIRECTLY: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_HAS_ANY_URI: bad, avg S/O=0.45 avg Spam%=73.32 avg Ham%=88.17
# used in: DOS_FIX_MY_URI
__DOS_HAS_LIST_ID: bad, avg S/O=0.08 avg Spam%=3.30 avg Ham%=36.98
# used in: DOS_HIGH_BAT_TO_MX LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER
IMG_DIRECT_TO_MX LIST_PARTIAL STY_INVIS_DIRECT SUSP_UTF8_WORD_COMBO
UNICODE_OBFU_ZW
__DOS_HAS_LIST_UNSUB: bad, avg S/O=0.21 avg Spam%=14.14 avg Ham%=53.18
# used in: DOS_HIGH_BAT_TO_MX LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER
IMG_DIRECT_TO_MX KHOP_NO_FULL_NAME LIST_PARTIAL NOT_A_PERSON STY_INVIS_DIRECT
SUBJ_OBFU_LOW_CNTRST SUSP_UTF8_WORD_COMBO UNICODE_OBFU_ZW URI_DATA URI_DOTEDU
__DOS_HAS_MAILING_LIST: bad, avg S/O=0.17 avg Spam%=0.21 avg Ham%=1.04
# used in: DOS_HIGH_BAT_TO_MX IMG_DIRECT_TO_MX STY_INVIS_DIRECT
__DOS_HI: bad, avg S/O=0.42 avg Spam%=0.36 avg Ham%=0.50
# used in: DOS_FIX_MY_URI
__DOS_I_AM_25: bad, avg S/O=0.56 avg Spam%=0.00 avg Ham%=0.00
# used in: DOS_YOUR_PLACE
__DOS_I_DRIVE_A: bad, avg S/O=0.65 avg Spam%=0.00 avg Ham%=0.00
# used in: DOS_LET_GO_JOB
__DOS_LET_GO_JOB: no hits at all
# used in: DOS_LET_GO_JOB
__DOS_LINK: bad, avg S/O=0.62 avg Spam%=28.17 avg Ham%=17.25
# used in: DOS_FIX_MY_URI SHOPIFY_IMG_NOT_RCVD_SFY
__DOS_MEET_EACH_OTHER: bad, avg S/O=0.26 avg Spam%=0.00 avg Ham%=0.01
# used in: DOS_YOUR_PLACE
__DOS_MY_OLD_JOB: no hits of target type
# used in: DOS_LET_GO_JOB
__DOS_RCVD_FRI: bad, avg S/O=0.47 avg Spam%=13.77 avg Ham%=15.79
# used in: DOS_STOCK_BAT
__DOS_RCVD_MON: bad, avg S/O=0.46 avg Spam%=17.66 avg Ham%=20.73
# used in: DOS_STOCK_BAT
__DOS_RCVD_SAT: bad, avg S/O=0.70 avg Spam%=21.25 avg Ham%=8.87
# used in: DOS_STOCK_BAT
__DOS_RCVD_SUN: bad, avg S/O=0.53 avg Spam%=11.39 avg Ham%=9.95
# used in: DOS_STOCK_BAT
__DOS_RCVD_THU: bad, avg S/O=0.36 avg Spam%=13.45 avg Ham%=23.79
# used in: DOS_STOCK_BAT
__DOS_RCVD_TUE: bad, avg S/O=0.54 avg Spam%=19.79 avg Ham%=17.10
# used in: DOS_STOCK_BAT
__DOS_RCVD_WED: bad, avg S/O=0.53 avg Spam%=20.77 avg Ham%=18.13
# used in: DOS_STOCK_BAT
__DOS_REF_2_WK_DAYS: bad, avg S/O=0.15 avg Spam%=0.64 avg Ham%=3.50
# used in: DOS_STOCK_BAT
__DOS_REF_NEXT_WK_DAY: bad, avg S/O=0.09 avg Spam%=0.52 avg Ham%=5.31
# used in: DOS_STOCK_BAT
__DOS_REF_TODAY: bad, avg S/O=0.07 avg Spam%=0.82 avg Ham%=10.55
# used in: DOS_STOCK_BAT
__DOS_RELAYED_EXT: bad, avg S/O=0.25 avg Spam%=25.94 avg Ham%=75.94
# used in: DOS_HIGH_BAT_TO_MX IMG_DIRECT_TO_MX STY_INVIS_DIRECT
__DOS_SINGLE_EXT_RELAY: bad, avg S/O=0.64 avg Spam%=76.95 avg Ham%=43.62
# used in: DOS_FIX_MY_URI DOS_HIGH_BAT_TO_MX IMG_DIRECT_TO_MX
STY_INVIS_DIRECT
__DOS_TAKING_HOME: no hits at all
# used in: DOS_LET_GO_JOB
rulesrc/sandbox/davej/20_non_ascii.cf (4 rules, 3 bad):
CTE_8BIT_MISMATCH: bad, avg S/O=0.79 avg Spam%=0.67 avg Ham%=0.18
__L_BODY_8BITS: bad, avg S/O=0.22 avg Spam%=18.08 avg Ham%=64.85
# used in: CTE_8BIT_MISMATCH STY_INVIS_DIRECT
__L_CTE_7BIT: bad, avg S/O=0.70 avg Spam%=20.29 avg Ham%=8.41
# used in: CTE_8BIT_MISMATCH
rulesrc/sandbox/davej/20_bug_7550.cf (1 rules, 1 bad):
VULN_PHPMAILER: bad, avg S/O=0.03 avg Spam%=0.07 avg Ham%=2.10
rulesrc/sandbox/billcole/80_test.cf (12 rules, 8 bad):
T_MIXED_TAG_CASE: bad, avg S/O=0.77 avg Spam%=0.73 avg Ham%=0.22
T_SCC_THREE_WORD_MONTY: bad, avg S/O=0.34 avg Spam%=0.00 avg Ham%=0.00
__HAS_HREF: bad, avg S/O=0.23 avg Spam%=22.13 avg Ham%=73.28
# used in: T_MIXED_TAG_CASE
__HAS_HREF_ONECASE: bad, avg S/O=0.22 avg Spam%=20.35 avg Ham%=73.05
# used in: T_MIXED_TAG_CASE
__HAS_IMG_SRC: bad, avg S/O=0.20 avg Spam%=14.87 avg Ham%=61.04
# used in: T_MIXED_TAG_CASE
__HAS_IMG_SRC_ONECASE: bad, avg S/O=0.19 avg Spam%=14.11 avg Ham%=60.55
# used in: T_MIXED_TAG_CASE
__MIXED_HREF_CASE: bad, avg S/O=0.73 avg Spam%=2.07 avg Ham%=0.77
# used in: T_MIXED_TAG_CASE
__MIXED_IMG_CASE: bad, avg S/O=0.49 avg Spam%=0.77 avg Ham%=0.80
# used in: T_MIXED_TAG_CASE
rulesrc/sandbox/billcole/23_bug_6780.cf (4 rules, 3 bad):
T_EMPTY_FROM_OR_TO_OR_CC: bad, avg S/O=0.32 avg Spam%=0.07 avg Ham%=0.16
__EMPTY_CC: bad, avg S/O=0.53 avg Spam%=99.78 avg Ham%=88.56
# used in: T_EMPTY_FROM_OR_TO_OR_CC
__EMPTY_FROM: bad, avg S/O=0.68 avg Spam%=0.00 avg Ham%=0.00
# used in: T_EMPTY_FROM_OR_TO_OR_CC
rulesrc/sandbox/billcole/21_bug_7219.cf (6 rules, 4 bad):
T_SCC_BODY_TEXT_LINE: bad, avg S/O=0.50 avg Spam%=99.74 avg Ham%=99.35
T_SCC_EMPTY_BODY: bad, avg S/O=0.72 avg Spam%=0.65 avg Ham%=0.26
__SCC_BODY_TEXT_LINE_FULL: bad, avg S/O=0.50 avg Spam%=99.99 avg Ham%=99.99
# used in: T_SCC_BODY_TEXT_LINE T_SCC_EMPTY_BODY
__SCC_SUBJECT_HAS_NON_SPACE: bad, avg S/O=0.50 avg Spam%=99.64 avg Ham%=99.89
# used in: T_SCC_BODY_TEXT_LINE T_SCC_EMPTY_BODY
rulesrc/sandbox/axb/20_axb_misc.cf (6 rules, 2 bad):
AXB_X_AOL_SEZ_S: bad, avg S/O=0.47 avg Spam%=0.00 avg Ham%=0.00
AXB_X_FF_SEZ_S: bad, avg S/O=0.55 avg Spam%=0.02 avg Ham%=0.02
rules/72_active.cf (43 rules, 31 bad):
CTYPE_8SPACE_GIF: no hits at all
HK_CTE_RAW: no hits at all
OBFU_TEXT_ATTACH: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.07
TVD_FW_GRAPHIC_NAME_LONG: bad, avg S/O=0.46 avg Spam%=0.00 avg Ham%=0.00
TVD_FW_GRAPHIC_NAME_MID: bad, avg S/O=0.56 avg Spam%=0.01 avg Ham%=0.01
__ANY_IMAGE_ATTACH: bad, avg S/O=0.27 avg Spam%=1.56 avg Ham%=4.32
# used in: DOTGOV_IMAGE DYN_RDNS_AND_INLINE_IMAGE PART_CID_STOCK
PART_CID_STOCK_LESS SHORT_HELO_AND_INLINE_IMAGE STOCK_IMG_HDR_FROM
STOCK_IMG_HTML STOCK_IMG_OUTLOOK REMOTE_IMAGE
__ANY_TEXT_ATTACH: bad, avg S/O=0.51 avg Spam%=99.91 avg Ham%=97.43
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT SYSADMIN
__ANY_TEXT_ATTACH_DOC: bad, avg S/O=0.51 avg Spam%=99.91 avg Ham%=97.43
# used in: FSL_MIME_NO_TEXT
__DOC_ATTACH_FN1: bad, avg S/O=0.50 avg Spam%=0.06 avg Ham%=0.06
# used in: FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC WON_NBDY_ATTACH
__DOC_ATTACH
__DOC_ATTACH_FN2: bad, avg S/O=0.50 avg Spam%=0.06 avg Ham%=0.07
# used in: FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC WON_NBDY_ATTACH
__DOC_ATTACH
__DOC_ATTACH_MT: bad, avg S/O=0.47 avg Spam%=0.05 avg Ham%=0.06
# used in: DOC_ATTACH_NO_EXT FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC
WON_NBDY_ATTACH __DOC_ATTACH
__GIF_ATTACH: bad, avg S/O=0.60 avg Spam%=0.82 avg Ham%=0.58
# used in: PHP_NOVER_MUA SB_GIF_AND_NO_URIS WON_NBDY_ATTACH
__HK_SPAMMY_CDFN: bad, avg S/O=0.74 avg Spam%=0.01 avg Ham%=0.00
# used in: HK_SPAMMY_FILENAME
__HK_SPAMMY_CTFN: bad, avg S/O=0.70 avg Spam%=0.01 avg Ham%=0.00
# used in: HK_SPAMMY_FILENAME
__JPEG_ATTACH: bad, avg S/O=0.54 avg Spam%=1.14 avg Ham%=1.00
# used in: FORGED_TBIRD_IMG_ARROW FORGED_TBIRD_IMG_SIZE IMG_DIRECT_TO_MX
WON_NBDY_ATTACH __FORGED_TBIRD_IMG
__KAM_BLOCK_UTF7_2: no hits of target type
# used in: KAM_BLOCK_UTF7
__MALW_ATTACH_01_01: no hits at all
# used in: MALW_ATTACH
__MALW_ATTACH_01_02: no hits at all
# used in: MALW_ATTACH
__PART_CID_STOCK_LESS: no hits of target type
# used in: PART_CID_STOCK_LESS
__PART_STOCK_CD_F: bad, avg S/O=0.17 avg Spam%=1.14 avg Ham%=5.61
# used in: PART_CID_STOCK
__PART_STOCK_CID: no hits of target type
# used in: PART_CID_STOCK STOCK_IMG_HTML
__PART_STOCK_CL: bad, avg S/O=0.06 avg Spam%=0.01 avg Ham%=0.14
# used in: PART_CID_STOCK
__PDF_ATTACH_FN1: bad, avg S/O=0.07 avg Spam%=0.07 avg Ham%=1.28
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT BITCOIN_PDF FREEMAIL_DOC_PDF
FREEMAIL_DOC_PDF_BCC WON_NBDY_ATTACH __FREEMAIL_DOC_PDF __PDF_ATTACH
__PDF_ATTACH_FN2: bad, avg S/O=0.12 avg Spam%=0.12 avg Ham%=0.97
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT BITCOIN_PDF FREEMAIL_DOC_PDF
FREEMAIL_DOC_PDF_BCC WON_NBDY_ATTACH __FREEMAIL_DOC_PDF __PDF_ATTACH
__PDF_ATTACH_MT: bad, avg S/O=0.05 avg Spam%=0.05 avg Ham%=1.08
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT BITCOIN_PDF DOC_ATTACH_NO_EXT
FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC WON_NBDY_ATTACH __FREEMAIL_DOC_PDF
__PDF_ATTACH
__TVD_FW_GRAPHIC_ID1: no hits of target type
# used in: STOCK_IMG_HDR_FROM
__TVD_MIME_ATT_AOPDF: bad, avg S/O=0.06 avg Spam%=0.02 avg Ham%=0.53
# used in: TVD_PDF_FINGER01 TVD_PDF_FINGER01_JO __TVD_MIME_ATT
__TVD_MIME_ATT_AP: bad, avg S/O=0.05 avg Spam%=0.05 avg Ham%=1.08
# used in: TVD_PDF_FINGER01 TVD_PDF_FINGER01_JO __TVD_MIME_ATT
__TVD_MIME_ATT_TP: bad, avg S/O=0.53 avg Spam%=88.12 avg Ham%=78.44
# used in: TVD_PDF_FINGER01
__TVD_OUTLOOK_IMG: bad, avg S/O=0.03 avg Spam%=0.02 avg Ham%=0.84
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__ZIP_ATTACH_NOFN: bad, avg S/O=0.37 avg Spam%=0.00 avg Ham%=0.00
# used in: OBFU_HTML_ATT_MALW
rules/25_replace.cf (29 rules, 24 bad):
FUZZY_AFFORDABLE: no hits at all
FUZZY_BILLION: no hits at all
FUZZY_CPILL: bad, avg S/O=0.58 avg Spam%=0.00 avg Ham%=0.00
FUZZY_GUARANTEE: no hits at all
FUZZY_MEDICATION: no hits at all
FUZZY_MONEY: no hits at all
FUZZY_MORTGAGE: no hits at all
FUZZY_OBLIGATION: no hits at all
FUZZY_OFFERS: no hits at all
FUZZY_PHENT: no hits at all
FUZZY_PRESCRIPT: no hits at all
FUZZY_PRICES: no hits of target type
FUZZY_REFINANCE: no hits at all
FUZZY_REMOVE: no hits at all
FUZZY_SOFTWARE: no hits at all
FUZZY_THOUSANDS: no hits at all
FUZZY_VIOXX: no hits at all
FUZZY_VLIUM: no hits at all
SUBJECT_FUZZY_CHEAP: no hits at all
SUBJECT_FUZZY_MEDS: no hits at all
SUBJECT_FUZZY_PENIS: no hits at all
SUBJECT_FUZZY_TION: no hits at all
SUBJECT_FUZZY_VPILL: no hits at all
__SUBJECT_FUZZY_VPILL: bad, avg S/O=0.60 avg Spam%=0.00 avg Ham%=0.00
# used in: SUBJECT_FUZZY_VPILL
rules/25_dkim.cf (18 rules, 1 bad):
__DKIM_DEPENDABLE: no hits at all
# used in: PHP_NOVER_MUA
rules/20_vbounce.cf (176 rules, 169 bad):
ANY_BOUNCE_MESSAGE: no hits at all
BOUNCE_MESSAGE: no hits at all
# used in: ANY_BOUNCE_MESSAGE
CHALLENGE_RESPONSE: no hits at all
CRBOUNCE_MESSAGE: no hits of target type
# used in: ANY_BOUNCE_MESSAGE
OOOBOUNCE_MESSAGE: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE
VBOUNCE_MESSAGE: no hits of target type
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST
__AUTOREPLY_ASU: bad, avg S/O=0.05 avg Spam%=0.06 avg Ham%=1.15
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTOREPLY_PRE: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.08
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTOREPLY_XAR: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.09
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTOREPLY_XPR: bad, avg S/O=0.14 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_3: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_4: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_BBTL: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_CM: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_MS: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_PREC: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.08
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_XXSP: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_ADDR_ERR: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_AUTO_GENERATED: bad, avg S/O=0.09 avg Spam%=0.01 avg Ham%=0.08
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_AUTO_REPLY: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_AUTO_RESPOND: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_AUTO_RESPONSE: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_COULD_NOT: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_CTYPE: bad, avg S/O=0.17 avg Spam%=0.02 avg Ham%=0.22
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE MIME_NO_TEXT
MIME_PHP_NO_TEXT KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_DATA_FORMAT: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_ESMTP: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_ETRUST: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_FROM_DAEMON: bad, avg S/O=0.66 avg Spam%=0.10 avg Ham%=0.05
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_INTERSCAN: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_MAIL_DEL_FAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_MSGDELFAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NEVER_SEE: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NONWORKING: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NOTDEL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NOTIF: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NO_RESEND: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NO_VAL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_ARHDR: bad, avg S/O=0.05 avg Spam%=0.06 avg Ham%=1.16
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_B1: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_B2: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_BODY: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_CB1: bad, avg S/O=0.54 avg Spam%=0.05 avg Ham%=0.04
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_CB2: bad, avg S/O=0.05 avg Spam%=0.01 avg Ham%=0.30
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_CB3: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_CB4: bad, avg S/O=0.19 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_CS1: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.02
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_S1: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_S2: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_S3: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_SUBJBODY: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_SUBJECT: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_READ_NOTIFICATION: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_RETURNED: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_RET_MAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_RPATH_ERRMAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_RPATH_NULL: bad, avg S/O=0.75 avg Spam%=31.84 avg Ham%=10.48
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_STAT_FAIL: bad, avg S/O=0.14 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_SYMANTEC: bad, avg S/O=0.79 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_UNDELIVERABLE: bad, avg S/O=0.07 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_UNDELIVERABLE_ML: bad, avg S/O=0.10 avg Spam%=0.00 avg Ham%=0.03
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_UNDEL_MSG: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_X_ERR_STAT: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_Y_AUTOGEN: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__CHALLENGE_RESPONSE: no hits of target type
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__CRBOUNCE_0SPAM: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_0SPAM1: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_0SPAM
__CRBOUNCE_0SPAM2: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_0SPAM
__CRBOUNCE_ASK: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_BLOCKED: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_EXI: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_GETRESP: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_MIB: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_PREC_SPAM: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_QURB: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_RP: no hits of target type
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_RP_2: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_SI: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_SI1: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_SI
__CRBOUNCE_SI2: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_SI
__CRBOUNCE_SPAMARREST: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_SPAMLION: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_SZ: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_TMDA: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_UNVERIF: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_UOL: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_VANQ: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_VERIF: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__HAVE_BOUNCE_RELAYS: bad, avg S/O=0.44 avg Spam%=57.55 avg Ham%=72.72
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE DOTGOV_IMAGE SENDGRID_REDIR
KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__MAJORDOMO_HELP_BODY: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME
__MAJORDOMO_HELP_BODY2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME
__MAJORDOMO_SUBJ: no hits of target type
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME
__MY_SERVERS_FOUND: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE CHALLENGE_RESPONSE
CRBOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME
__NONBOUNCE_READ_RECEIPT: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __KHOP_NO_FULL_NAME
__NONBOUNCE_READ_RECEIPT_CTYPE: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __KHOP_NO_FULL_NAME __NONBOUNCE_READ_RECEIPT
__VBOUNCE_ALERT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_AMAVISD: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_AMAVISD2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_ANTIGEN: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_AOL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_ATTACHMENT0: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_ATT_QUAR: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_AVREPORT0: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_AV_RESULTS: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_BANNED_MAT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_BITDEFENDER: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_CISCO: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_CLICKBANK: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_CONT_VIOL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_DEL_WARN: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_DETECTED: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_DISALLOWED: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_DOMINO1: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_DOMINO2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_DUTCH: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_EMAIL_REJ: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_EMANAGER: no hits of target type
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_EMVD: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_EXIM: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_FORBIDDEN: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_FROMPT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_GSHIELD: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_GUIN: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_GWAVA: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_GWAVA2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_INFLEX: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_INF_ATTACH: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_INTERSCAN: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_INTERSCAN2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_INTERSCAN3: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_JMAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_LUTHER: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_MAILMARSHAL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_MAILMARSHAL2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_MAILSWEEP: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_MAILSWEEP2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_MAILSWEEP3: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_MAJORDOMO_HELP: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_MELDING: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_MIME_INFO: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_MMS: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_MSGLABS: no hits of target type
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_NAV: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_NAV2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_NAV3: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_NAVFAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_NAV_DETECT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_PROBLEME: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_PT_BLOCKED: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_QUOTED_EXE: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_RAV: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_REJECTED: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_REJ_FILT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_SCANMAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_SCREENSAVER: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_SECURIQ: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_SENDER: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_SMTP: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_STRIP_ATTACH: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_SYM_AVF: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_SYM_EMP: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_UNDELIV: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_VALERT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_VIOLATION: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_VIR_FOUND: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_WARNING: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__VBOUNCE_YOUSENT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_NO_FULL_NAME NOT_A_PERSON
SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON
__XM_VBULLETIN: bad, avg S/O=0.07 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __BOUNCE_AUTO_GENERATED __KHOP_NO_FULL_NAME
__NOT_A_PERSON
__X_CRON_ENV: bad, avg S/O=0.04 avg Spam%=0.02 avg Ham%=0.58
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __BOUNCE_AUTO_GENERATED __KHOP_NO_FULL_NAME
__NOT_A_PERSON
__YESBOUNCE_AUTO_REPLIED_REJ: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_NO_FULL_NAME
NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __KHOP_NO_FULL_NAME __NONBOUNCE_READ_RECEIPT
__NOT_A_PERSON
rules/20_uri_tests.cf (17 rules, 12 bad):
HTTP_77: no hits at all
HTTP_ESCAPED_HOST: bad, avg S/O=0.44 avg Spam%=0.03 avg Ham%=0.04
HTTP_EXCESSIVE_ESCAPES: bad, avg S/O=0.52 avg Spam%=0.00 avg Ham%=0.00
NUMERIC_HTTP_ADDR: no hits at all
SPOOF_COM2COM: bad, avg S/O=0.47 avg Spam%=0.00 avg Ham%=0.00
SPOOF_COM2OTH: bad, avg S/O=0.21 avg Spam%=0.00 avg Ham%=0.01
SPOOF_NET2COM: no hits at all
URI_HEX: bad, avg S/O=0.18 avg Spam%=0.10 avg Ham%=0.45
URI_NO_WWW_INFO_CGI: bad, avg S/O=0.65 avg Spam%=0.04 avg Ham%=0.02
URI_UNSUBSCRIBE: no hits at all
YAHOO_DRS_REDIR: no hits at all
YAHOO_RD_REDIR: no hits at all
rules/20_ratware.cf (99 rules, 61 bad):
FORGED_IMS_HTML: no hits at all
FORGED_IMS_TAGS: no hits at all
FORGED_MUA_THEBAT_CS: no hits at all
FORGED_QUALCOMM_TAGS: no hits at all
FORGED_THEBAT_HTML: no hits at all
RATWARE_EFROM: no hits of target type
RATWARE_HASH_DASH: no hits at all
RATWARE_MOZ_MALFORMED: no hits at all
RATWARE_MPOP_WEBMAIL: no hits at all
RATWARE_MS_HASH: no hits of target type
RATWARE_NAME_ID: no hits at all
RATWARE_OE_MALFORMED: no hits at all
RATWARE_OUTLOOK_NONAME: no hits at all
RATWARE_RCVD_AT: no hits at all
RATWARE_RCVD_PF: no hits at all
RATWARE_ZERO_TZ: no hits at all
REPTO_QUOTE_AOL: no hits at all
REPTO_QUOTE_IMS: no hits at all
REPTO_QUOTE_MSN: no hits at all
REPTO_QUOTE_QUALCOMM: no hits at all
REPTO_QUOTE_YAHOO: bad, avg S/O=0.59 avg Spam%=0.01 avg Ham%=0.01
X_MESSAGE_INFO: no hits at all
__0_TZ_1: bad, avg S/O=0.45 avg Spam%=0.00 avg Ham%=0.00
# used in: RATWARE_ZERO_TZ
__0_TZ_4: no hits at all
# used in: RATWARE_ZERO_TZ
__0_TZ_5: no hits at all
# used in: RATWARE_ZERO_TZ
__0_TZ_6: no hits of target type
# used in: RATWARE_ZERO_TZ
__0_TZ_7: no hits at all
# used in: RATWARE_ZERO_TZ
__ANY_QUALCOMM_MUA: bad, avg S/O=0.76 avg Spam%=0.00 avg Ham%=0.00
# used in: FORGED_QUALCOMM_TAGS REPTO_QUOTE_QUALCOMM
__AOL_MUA: bad, avg S/O=0.60 avg Spam%=0.00 avg Ham%=0.00
# used in: REPTO_QUOTE_AOL
__CTYPE_CHARSET_QUOTED: bad, avg S/O=0.70 avg Spam%=27.14 avg Ham%=11.34
# used in: FORGED_MUA_THEBAT_CS TO_NO_BRKTS_HTML_ONLY
__CTYPE_HTML: bad, avg S/O=0.44 avg Spam%=10.83 avg Ham%=13.98
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT RATWARE_ZERO_TZ
__GATED_THROUGH_RCVD_REMOVER: bad, avg S/O=0.10 avg Spam%=0.00 avg Ham%=0.01
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__GROUPSIO_GATED: no hits at all
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__GROUPSIO_MSGID: no hits of target type
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2 __GROUPSIO_GATED
__HAS_XORIGMSGID: no hits at all
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2 __GROUPSIO_GATED
__HAS_X_LOOP: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.26
# used in: ADVANCE_FEE_3_NEW RCVD_DOTEDU_SUSP
__HAS_X_MAILING_LIST: bad, avg S/O=0.00 avg Spam%=0.01 avg Ham%=10.18
# used in: FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLY FREEMAIL_WFH_01
FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__HAS_X_MAILMAN_VERSION: bad, avg S/O=0.13 avg Spam%=0.16 avg Ham%=1.05
# used in: FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLY FREEMAIL_WFH_01
SENDGRID_REDIR FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC SENDINBLUE_REDIR
__FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__HOTMAIL_BAYDAV_MSGID: no hits of target type
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__IMS_HTML_BUILDS: no hits at all
# used in: FORGED_IMS_HTML
__IMS_HTML_RCVD: no hits at all
# used in: FORGED_IMS_HTML
__IPLANET_MESSAGING_SERVER: no hits at all
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__LYRIS_EZLM_REMAILER: bad, avg S/O=0.03 avg Spam%=0.17 avg Ham%=6.69
# used in: GOOG_STO_IMG_NOHTML TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__MAILMAN_21: bad, avg S/O=0.13 avg Spam%=0.16 avg Ham%=1.05
# used in: FORGED_MUA_THEBAT_CS
__MIME_HTML: bad, avg S/O=0.34 avg Spam%=41.13 avg Ham%=80.58
# used in: FORGED_IMS_TAGS FORGED_QUALCOMM_TAGS HTML_MISSING_CTYPE
GAPPY_HTML __GAPPY_HTML
__MIME_VERSION_APPLEMAIL: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.01
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT
__MSGID_APPLEMAIL: bad, avg S/O=0.06 avg Spam%=0.08 avg Ham%=1.11
# used in: BIGNUM_EMAILS BIGNUM_EMAILS_MANY MIME_NO_TEXT MIME_PHP_NO_TEXT
__HDRS_LCASE_KNOWN
__RATWARE_0_TZ_DATE: bad, avg S/O=0.30 avg Spam%=12.04 avg Ham%=28.50
# used in: RATWARE_NAME_ID RATWARE_ZERO_TZ
__RCVD_WITH_EXCHANGE: no hits at all
# used in: RATWARE_MS_HASH RATWARE_OUTLOOK_NONAME
__REPTO_QUOTE: bad, avg S/O=0.71 avg Spam%=37.79 avg Ham%=15.54
# used in: GOOG_STO_IMG_NOHTML LONG_INVISIBLE_TEXT REPTO_QUOTE_AOL
REPTO_QUOTE_IMS REPTO_QUOTE_MSN REPTO_QUOTE_QUALCOMM REPTO_QUOTE_YAHOO
__SYMPATICO_MSGID: no hits at all
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__TAG_EXISTS_BODY: bad, avg S/O=0.31 avg Spam%=33.57 avg Ham%=74.21
# used in: FORGED_IMS_TAGS
__TAG_EXISTS_HEAD: bad, avg S/O=0.28 avg Spam%=29.20 avg Ham%=73.32
# used in: FORGED_IMS_TAGS
__TAG_EXISTS_HTML: bad, avg S/O=0.31 avg Spam%=33.93 avg Ham%=75.52
# used in: BITCOIN_SPAM_01 FORGED_IMS_TAGS FORGED_QUALCOMM_TAGS
HTML_MIME_NO_HTML_TAG MALF_HTML_B64
__TAG_EXISTS_META: bad, avg S/O=0.25 avg Spam%=22.55 avg Ham%=67.89
# used in: FORGED_IMS_TAGS SCRIPT_GIBBERISH
__THEBAT_MUA: bad, avg S/O=0.78 avg Spam%=0.00 avg Ham%=0.00
# used in: DOS_HIGH_BAT_TO_MX DOS_STOCK_BAT FORGED_MUA_THEBAT_CS
KB_FAKED_THE_BAT
__UNUSABLE_MSGID: bad, avg S/O=0.03 avg Spam%=0.17 avg Ham%=6.69
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__USER_AGENT_APPLEMAIL: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.09
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT
__WACKY_SENDMAIL_VERSION: no hits at all
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2 __UNUSABLE_MSGID
__X_MAILER_APPLEMAIL: bad, avg S/O=0.11 avg Spam%=0.01 avg Ham%=0.09
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT __USER_AGENT_APPLEMAIL
__YAHOO_BULK: no hits at all
# used in: FORGED_IMS_HTML FORGED_IMS_TAGS SPOOFED_URL SPOOFED_URL_HOST
rules/20_porn.cf (4 rules, 4 bad):
CUM_SHOT: no hits at all
FREE_PORN: no hits at all
LIVE_PORN: no hits at all
SUBJECT_SEXUAL: no hits at all
rules/20_phrases.cf (45 rules, 33 bad):
ACT_NOW_CAPS: bad, avg S/O=0.49 avg Spam%=0.02 avg Ham%=0.03
BAD_CREDIT: bad, avg S/O=0.69 avg Spam%=0.02 avg Ham%=0.01
BANG_GUAR: bad, avg S/O=0.39 avg Spam%=0.02 avg Ham%=0.04
BANG_OPRAH: no hits at all
BODY_ENHANCEMENT: bad, avg S/O=0.20 avg Spam%=0.03 avg Ham%=0.11
DEAR_FRIEND: bad, avg S/O=0.80 avg Spam%=0.22 avg Ham%=0.06
DEAR_SOMETHING: bad, avg S/O=0.62 avg Spam%=0.18 avg Ham%=0.11
DIET_1: bad, avg S/O=0.76 avg Spam%=0.41 avg Ham%=0.13
EM_ROLEX: no hits of target type
EXCUSE_REMOVE: bad, avg S/O=0.54 avg Spam%=0.00 avg Ham%=0.00
FIN_FREE: bad, avg S/O=0.67 avg Spam%=0.02 avg Ham%=0.01
FORWARD_LOOKING: no hits at all
FREE_QUOTE_INSTANT: bad, avg S/O=0.36 avg Spam%=0.00 avg Ham%=0.00
GUARANTEED_100_PERCENT: bad, avg S/O=0.42 avg Spam%=0.00 avg Ham%=0.01
JOIN_MILLIONS: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.06
LOW_PRICE: bad, avg S/O=0.08 avg Spam%=0.01 avg Ham%=0.14
MARKETING_PARTNERS: bad, avg S/O=0.69 avg Spam%=0.01 avg Ham%=0.00
MONEY_BACK: bad, avg S/O=0.43 avg Spam%=0.03 avg Ham%=0.04
NOT_ADVISOR: no hits at all
OBSCURED_EMAIL: no hits at all
ONE_TIME: bad, avg S/O=0.80 avg Spam%=0.01 avg Ham%=0.00
PREST_NON_ACCREDITED: no hits at all
REFINANCE_NOW: no hits at all
REFINANCE_YOUR_HOME: no hits at all
REMOVE_BEFORE_LINK: bad, avg S/O=0.12 avg Spam%=0.09 avg Ham%=0.63
REPLICA_WATCH: no hits at all
RUDE_HTML: no hits at all
STOCK_ALERT: no hits at all
STRONG_BUY: no hits at all
__RUDE_HTML_1: no hits at all
# used in: RUDE_HTML
__RUDE_HTML_2: no hits at all
# used in: RUDE_HTML
__RUDE_HTML_3: no hits at all
# used in: RUDE_HTML
__RUDE_HTML_4: no hits at all
# used in: RUDE_HTML
rules/20_meta_tests.cf (19 rules, 12 bad):
EMPTY_MESSAGE: bad, avg S/O=0.69 avg Spam%=0.00 avg Ham%=0.00
INVALID_MSGID: bad, avg S/O=0.64 avg Spam%=0.40 avg Ham%=0.22
UPPERCASE_50_75: bad, avg S/O=0.28 avg Spam%=0.06 avg Ham%=0.17
UPPERCASE_75_100: bad, avg S/O=0.74 avg Spam%=0.04 avg Ham%=0.02
__HAS_MSGID: bad, avg S/O=0.50 avg Spam%=99.42 avg Ham%=99.78
# used in: INVALID_MSGID
__MOZILLA_MSGID: bad, avg S/O=0.14 avg Spam%=2.17 avg Ham%=12.87
# used in: GOOG_STO_IMG_NOHTML THIS_AD
__MSGID_COMMENT: bad, avg S/O=0.49 avg Spam%=0.00 avg Ham%=0.00
# used in: INVALID_MSGID
__NONEMPTY_BODY: bad, avg S/O=0.50 avg Spam%=99.99 avg Ham%=99.99
# used in: EMPTY_MESSAGE
__SANE_MSGID: bad, avg S/O=0.50 avg Spam%=99.01 avg Ham%=99.55
# used in: INVALID_MSGID
__UPPERCASE_25_50: bad, avg S/O=0.22 avg Spam%=0.86 avg Ham%=2.98
# used in: PHP_NOVER_MUA
__UPPERCASE_50_75: bad, avg S/O=0.28 avg Spam%=0.06 avg Ham%=0.17
# used in: UPPERCASE_50_75
__UPPERCASE_75_100: bad, avg S/O=0.74 avg Spam%=0.04 avg Ham%=0.02
# used in: UPPERCASE_75_100
rules/20_imageinfo.cf (17 rules, 11 bad):
DC_IMAGE_SPAM_HTML: no hits of target type
DC_IMAGE_SPAM_TEXT: no hits of target type
DC_PNG_UNO_LARGO: bad, avg S/O=0.46 avg Spam%=0.04 avg Ham%=0.05
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__DC_IMG_HTML_RATIO: bad, avg S/O=0.73 avg Spam%=0.65 avg Ham%=0.25
# used in: DC_IMAGE_SPAM_HTML
__DC_IMG_TEXT_RATIO: bad, avg S/O=0.73 avg Spam%=1.02 avg Ham%=0.38
# used in: DC_IMAGE_SPAM_TEXT
__GIF_ATTACH_1: bad, avg S/O=0.68 avg Spam%=0.45 avg Ham%=0.21
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__GIF_ATTACH_2P: bad, avg S/O=0.54 avg Spam%=0.37 avg Ham%=0.38
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__HTML_IMG_ONLY: bad, avg S/O=0.78 avg Spam%=5.75 avg Ham%=1.59
# used in: DC_IMAGE_SPAM_HTML DOTGOV_IMAGE RCVD_DOTEDU_SHORT
STOCK_IMG_HDR_FROM STOCK_IMG_HTML FROM_MULTI_SHORT_IMG REMOTE_IMAGE
SUSP_UTF8_WORD_COMBO __DOTGOV_IMAGE __FROM_MULTI_SHORT_IMG
__PNG_AREA_180K: bad, avg S/O=0.71 avg Spam%=0.19 avg Ham%=0.08
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT DC_PNG_UNO_LARGO
__PNG_ATTACH_1: bad, avg S/O=0.07 avg Spam%=0.23 avg Ham%=2.91
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT DC_PNG_UNO_LARGO
__PNG_ATTACH_2P: bad, avg S/O=0.38 avg Spam%=0.36 avg Ham%=0.59
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
rules/20_html_tests.cf (69 rules, 50 bad):
HIDE_WIN_STATUS: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.00
HTML_BADTAG_40_50: no hits at all
HTML_BADTAG_50_60: no hits at all
HTML_BADTAG_60_70: no hits at all
HTML_BADTAG_90_100: no hits at all
HTML_COMMENT_SAVED_URL: bad, avg S/O=0.35 avg Spam%=0.01 avg Ham%=0.03
HTML_COMMENT_SHORT: no hits at all
HTML_EMBEDS: bad, avg S/O=0.51 avg Spam%=0.00 avg Ham%=0.00
HTML_FONT_FACE_BAD: bad, avg S/O=0.50 avg Spam%=0.15 avg Ham%=0.15
HTML_FONT_LOW_CONTRAST: bad, avg S/O=0.27 avg Spam%=8.50 avg Ham%=23.35
HTML_FONT_SIZE_HUGE: bad, avg S/O=0.70 avg Spam%=0.12 avg Ham%=0.05
HTML_FONT_SIZE_LARGE: bad, avg S/O=0.68 avg Spam%=0.59 avg Ham%=0.28
HTML_FORMACTION_MAILTO: no hits at all
HTML_IFRAME_SRC: no hits at all
HTML_IMAGE_ONLY_12: bad, avg S/O=0.65 avg Spam%=0.66 avg Ham%=0.35
# used in: DC_IMAGE_SPAM_HTML DOTGOV_IMAGE
HTML_IMAGE_ONLY_16: bad, avg S/O=0.65 avg Spam%=0.46 avg Ham%=0.25
# used in: DC_IMAGE_SPAM_HTML DOTGOV_IMAGE
HTML_IMAGE_ONLY_24: bad, avg S/O=0.72 avg Spam%=0.76 avg Ham%=0.30
# used in: DC_IMAGE_SPAM_HTML DOTGOV_IMAGE
HTML_IMAGE_ONLY_28: bad, avg S/O=0.60 avg Spam%=0.67 avg Ham%=0.44
# used in: DC_IMAGE_SPAM_HTML DOTGOV_IMAGE
HTML_IMAGE_ONLY_32: bad, avg S/O=0.57 avg Spam%=0.59 avg Ham%=0.46
HTML_IMAGE_RATIO_02: bad, avg S/O=0.36 avg Spam%=3.89 avg Ham%=6.83
HTML_IMAGE_RATIO_04: bad, avg S/O=0.20 avg Spam%=1.49 avg Ham%=6.11
HTML_IMAGE_RATIO_06: bad, avg S/O=0.17 avg Spam%=0.74 avg Ham%=3.64
HTML_IMAGE_RATIO_08: bad, avg S/O=0.17 avg Spam%=0.46 avg Ham%=2.29
HTML_MESSAGE: bad, avg S/O=0.34 avg Spam%=41.09 avg Ham%=80.58
# used in: BITCOIN_SPAM_11
HTML_MIME_NO_HTML_TAG: bad, avg S/O=0.71 avg Spam%=3.32 avg Ham%=1.35
# used in: BITCOIN_SPAM_01
HTML_MISSING_CTYPE: no hits at all
HTML_NONELEMENT_30_40: no hits at all
HTML_NONELEMENT_40_50: no hits at all
HTML_NONELEMENT_60_70: no hits at all
HTML_NONELEMENT_80_90: no hits at all
HTML_OBFUSCATE_10_20: bad, avg S/O=0.55 avg Spam%=0.05 avg Ham%=0.04
HTML_OBFUSCATE_30_40: no hits at all
HTML_OBFUSCATE_50_60: no hits at all
HTML_OBFUSCATE_70_80: no hits at all
HTML_TAG_BALANCE_BODY: bad, avg S/O=0.42 avg Spam%=0.19 avg Ham%=0.26
HTML_TAG_BALANCE_HEAD: bad, avg S/O=0.31 avg Spam%=0.06 avg Ham%=0.13
HTML_TAG_EXIST_BGSOUND: no hits at all
JS_FROMCHARCODE: no hits at all
OBFUSCATING_COMMENT: no hits at all
__COMMENT_EXISTS: bad, avg S/O=0.17 avg Spam%=11.17 avg Ham%=56.36
# used in: ADVANCE_FEE_3_NEW TO_NO_BRKTS_HTML_ONLY
__HIGHBITS: bad, avg S/O=0.32 avg Spam%=13.73 avg Ham%=28.98
# used in: DOS_HIGH_BAT_TO_MX TVD_SPACE_RATIO DOS_BODY_HIGH_NO_MID
__HTML_LENGTH_1024_1536: bad, avg S/O=0.43 avg Spam%=1.04 avg Ham%=1.41
# used in: RCVD_DOTEDU_SHORT FROM_MULTI_SHORT_IMG __FROM_MULTI_SHORT_IMG
__HTML_LENGTH_1536_2048: bad, avg S/O=0.61 avg Spam%=1.44 avg Ham%=0.90
# used in: STOCK_IMG_OUTLOOK
__HTML_LINK_IMAGE: bad, avg S/O=0.24 avg Spam%=19.51 avg Ham%=63.03
# used in: ADVANCE_FEE_3_NEW DOTGOV_IMAGE FROM_MULTI_SHORT_IMG
REMOTE_IMAGE __DOTGOV_IMAGE __FROM_MULTI_SHORT_IMG
__JS_DOCWRITE: bad, avg S/O=0.15 avg Spam%=0.01 avg Ham%=0.05
# used in: JS_FROMCHARCODE
__JS_FROMCHARCODE: no hits at all
# used in: JS_FROMCHARCODE
__MIME_ATTACHMENT: bad, avg S/O=0.21 avg Spam%=0.60 avg Ham%=2.41
# used in: EMPTY_MESSAGE
__OBFUSCATING_COMMENT_A: bad, avg S/O=0.46 avg Spam%=0.01 avg Ham%=0.01
# used in: OBFUSCATING_COMMENT
__OBFUSCATING_COMMENT_B: bad, avg S/O=0.61 avg Spam%=0.99 avg Ham%=0.64
# used in: OBFUSCATING_COMMENT PHP_ORIG_SCRIPT
__TAG_EXISTS_CENTER: bad, avg S/O=0.31 avg Spam%=10.91 avg Ham%=24.37
# used in: BIGNUM_EMAILS BIGNUM_EMAILS_MANY TO_NO_BRKTS_HTML_ONLY
rules/20_head_tests.cf (160 rules, 96 bad):
BAD_ENC_HEADER: bad, avg S/O=0.60 avg Spam%=0.11 avg Ham%=0.08
CONFIRMED_FORGED: no hits at all
DATE_IN_FUTURE_24_48: bad, avg S/O=0.57 avg Spam%=0.01 avg Ham%=0.01
DATE_IN_FUTURE_96_XX: no hits at all
DATE_IN_PAST_12_24: bad, avg S/O=0.79 avg Spam%=0.36 avg Ham%=0.10
DATE_IN_PAST_24_48: bad, avg S/O=0.56 avg Spam%=0.15 avg Ham%=0.12
DATE_SPAMWARE_Y2K: no hits at all
FAKE_OUTBLAZE_RCVD: no hits at all
FORGED_MSGID_AOL: no hits at all
FORGED_MSGID_EXCITE: no hits at all
FORGED_MSGID_HOTMAIL: no hits at all
FORGED_MSGID_MSN: no hits at all
FORGED_MSGID_YAHOO: bad, avg S/O=0.12 avg Spam%=0.00 avg Ham%=0.00
FROM_EXCESS_BASE64: bad, avg S/O=0.32 avg Spam%=0.78 avg Ham%=1.68
FROM_LOCAL_HEX: no hits at all
FROM_OFFERS: bad, avg S/O=0.57 avg Spam%=0.06 avg Ham%=0.04
FROM_STARTS_WITH_NUMS: bad, avg S/O=0.53 avg Spam%=0.16 avg Ham%=0.13
GAPPY_SUBJECT: bad, avg S/O=0.49 avg Spam%=0.21 avg Ham%=0.22
HEADER_COUNT_CTYPE: no hits at all
HEAD_ILLEGAL_CHARS: no hits at all
INVALID_DATE_TZ_ABSURD: bad, avg S/O=0.38 avg Spam%=0.00 avg Ham%=0.00
INVALID_TZ_CST: no hits at all
INVALID_TZ_EST: no hits at all
JAPANESE_UCE_BODY: no hits at all
JAPANESE_UCE_SUBJECT: no hits at all
KOREAN_UCE_SUBJECT: no hits at all
LOCALPART_IN_SUBJECT: bad, avg S/O=0.80 avg Spam%=0.17 avg Ham%=0.04
# used in: BITCOIN_BOMB BITCOIN_EXTORT_01 BITCOIN_PAY_ME
MIME_BOUND_DIGITS_15: bad, avg S/O=0.61 avg Spam%=0.00 avg Ham%=0.01
MIME_BOUND_MANY_HEX: no hits at all
MIME_HEADER_CTYPE_ONLY: bad, avg S/O=0.58 avg Spam%=0.34 avg Ham%=0.33
MISSING_DATE: bad, avg S/O=0.72 avg Spam%=0.05 avg Ham%=0.02
MISSING_FROM: bad, avg S/O=0.63 avg Spam%=0.00 avg Ham%=0.00
MISSING_MID: bad, avg S/O=0.72 avg Spam%=0.58 avg Ham%=0.22
MISSING_SUBJECT: bad, avg S/O=0.49 avg Spam%=0.02 avg Ham%=0.03
MSGID_FROM_MTA_HEADER: bad, avg S/O=0.34 avg Spam%=0.31 avg Ham%=0.61
MSGID_SHORT: bad, avg S/O=0.53 avg Spam%=0.01 avg Ham%=0.01
MSGID_SPAM_LETTERS: no hits at all
MULTI_FORGED: no hits at all
NONEXISTENT_CHARSET: no hits at all
PLING_QUERY: bad, avg S/O=0.44 avg Spam%=0.32 avg Ham%=0.40
PREVENT_NONDELIVERY: no hits at all
RCVD_AM_PM: no hits at all
RCVD_ILLEGAL_IP: bad, avg S/O=0.71 avg Spam%=0.01 avg Ham%=0.00
SORTED_RECIPS: bad, avg S/O=0.41 avg Spam%=0.05 avg Ham%=0.07
SUBJ_ALL_CAPS: bad, avg S/O=0.77 avg Spam%=2.47 avg Ham%=0.76
SUBJ_AS_SEEN: bad, avg S/O=0.68 avg Spam%=0.00 avg Ham%=0.00
SUBJ_DOLLARS: bad, avg S/O=0.29 avg Spam%=0.12 avg Ham%=0.29
SUBJ_ILLEGAL_CHARS: bad, avg S/O=0.70 avg Spam%=0.03 avg Ham%=0.01
SUSPICIOUS_RECIPS: bad, avg S/O=0.23 avg Spam%=0.02 avg Ham%=0.08
TO_MALFORMED: bad, avg S/O=0.38 avg Spam%=0.04 avg Ham%=0.06
WITH_LC_SMTP: no hits at all
X_PRIORITY_CC: no hits at all
__AT_AOL_MSGID: bad, avg S/O=0.26 avg Spam%=0.00 avg Ham%=0.01
# used in: FORGED_MSGID_AOL
__AT_EXCITE_MSGID: no hits at all
# used in: FORGED_MSGID_EXCITE
__AT_YAHOO_MSGID: bad, avg S/O=0.27 avg Spam%=0.01 avg Ham%=0.02
# used in: FORGED_MSGID_YAHOO REPTO_QUOTE_YAHOO
__CD: bad, avg S/O=0.25 avg Spam%=0.86 avg Ham%=2.57
# used in: MIME_HEADER_CTYPE_ONLY
__CT: bad, avg S/O=0.51 avg Spam%=99.92 avg Ham%=97.51
# used in: MIME_HEADER_CTYPE_ONLY
__CTE: bad, avg S/O=0.55 avg Spam%=37.96 avg Ham%=31.52
# used in: CTE_8BIT_MISMATCH MIME_HEADER_CTYPE_ONLY
__CT_TEXT_PLAIN: bad, avg S/O=0.61 avg Spam%=23.78 avg Ham%=14.81
# used in: CTE_8BIT_MISMATCH MIME_HEADER_CTYPE_ONLY
__ENV_AND_HDR_FROM_MATCH: bad, avg S/O=0.68 avg Spam%=50.99 avg Ham%=23.63
# used in: STOCK_IMG_HDR_FROM STOCK_IMG_HTML STOCK_IMG_OUTLOOK SYSADMIN
TO_IN_SUBJ TO_NO_BRKTS_HTML_ONLY TVD_PH_FR5 URI_DATA
__FORGED_AOL_RCVD: no hits at all
# used in: CONFIRMED_FORGED MULTI_FORGED
__FORGED_EUDORAMAIL_RCVD: no hits at all
# used in: CONFIRMED_FORGED MULTI_FORGED
__FORGED_HOTMAIL_RCVD: bad, avg S/O=0.61 avg Spam%=0.10 avg Ham%=0.07
# used in: CONFIRMED_FORGED MULTI_FORGED
__FORGED_RCVD_TRAIL: bad, avg S/O=0.30 avg Spam%=0.20 avg Ham%=0.47
# used in: CONFIRMED_FORGED
__FROM_AOL_COM: bad, avg S/O=0.40 avg Spam%=0.02 avg Ham%=0.02
# used in: FORGED_MSGID_AOL
__FROM_ENCODED_B64: bad, avg S/O=0.47 avg Spam%=1.91 avg Ham%=2.19
# used in: FROM_EXCESS_BASE64
__FROM_ENCODED_QP: bad, avg S/O=0.07 avg Spam%=1.22 avg Ham%=15.97
# used in: GOOG_STO_IMG_NOHTML HTML_TEXT_INVISIBLE_STYLE THIS_AD
KHOP_NO_FULL_NAME
__FROM_HOTMAIL_COM: bad, avg S/O=0.54 avg Spam%=0.20 avg Ham%=0.17
# used in: FORGED_MSGID_HOTMAIL FORGED_MSGID_MSN MSGID_FROM_MTA_HEADER
PHP_ORIG_SCRIPT
__FROM_MSN_COM: bad, avg S/O=0.49 avg Spam%=0.01 avg Ham%=0.01
# used in: FORGED_MSGID_HOTMAIL FORGED_MSGID_MSN REPTO_QUOTE_MSN
__FROM_NEEDS_MIME2: bad, avg S/O=0.56 avg Spam%=2.19 avg Ham%=1.71
# used in: FROM_EXCESS_BASE64
__GAPPY_SUBJECT: bad, avg S/O=0.49 avg Spam%=0.21 avg Ham%=0.22
# used in: GAPPY_SUBJECT GAPPY_LOW_CONTRAST
__HAS_CGP_MAPI_IN_MAILER: no hits of target type
# used in: TO_IN_SUBJ
__HAS_DATE: bad, avg S/O=0.50 avg Spam%=99.95 avg Ham%=99.98
# used in: MISSING_DATE
__HAS_FROM: bad, avg S/O=0.50 avg Spam%=100.00 avg Ham%=100.00
# used in: MISSING_FROM T_EMPTY_FROM_OR_TO_OR_CC
__HAS_MESSAGE_ID: bad, avg S/O=0.50 avg Spam%=99.42 avg Ham%=99.78
# used in: MISSING_MID DOS_BODY_HIGH_NO_MID
__HAS_OFFICE1214_IN_MAILER: bad, avg S/O=0.77 avg Spam%=1.87 avg Ham%=0.55
# used in: TO_IN_SUBJ
__HAS_SUBJECT: bad, avg S/O=0.50 avg Spam%=99.98 avg Ham%=99.97
# used in: MISSING_SUBJECT
__HAS_X_MAILER: bad, avg S/O=0.48 avg Spam%=30.54 avg Ham%=33.29
# used in: LONG_INVISIBLE_TEXT RATWARE_OUTLOOK_NONAME URI_DOTEDU
__JAPANESE_UCE_BODY: no hits at all
# used in: JAPANESE_UCE_BODY
__MIME_VERSION: bad, avg S/O=0.50 avg Spam%=98.99 avg Ham%=98.36
# used in: MIME_HEADER_CTYPE_ONLY
__ML1: bad, avg S/O=0.22 avg Spam%=5.56 avg Ham%=20.17
# used in: DOTGOV_IMAGE FILL_THIS_FORM TO_IN_SUBJ TO_NO_BRKTS_HTML_ONLY
FSL_HELO_BARE_IP_2 KHOP_NO_FULL_NAME NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST URI_OBFU_DOM UC_GIBBERISH_OBFU URI_DATA
URI_DOTEDU URI_GOOGLE_PROXY __DOTGOV_IMAGE __KHOP_NO_FULL_NAME
__ML2: bad, avg S/O=0.08 avg Spam%=3.30 avg Ham%=36.98
# used in: DOTGOV_IMAGE FILL_THIS_FORM FREEMAIL_FORGED_REPLYTO
FREEMAIL_REPLY FREEMAIL_WFH_01 TO_IN_SUBJ TO_NO_BRKTS_HTML_ONLY
FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FSL_HELO_BARE_IP_2 KHOP_NO_FULL_NAME
NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST
URI_OBFU_DOM UC_GIBBERISH_OBFU URI_DATA URI_DOTEDU __DOTGOV_IMAGE
__FREEMAIL_DOC_PDF __FREEMAIL_WFH_01 __KHOP_NO_FULL_NAME
__ML3: bad, avg S/O=0.11 avg Spam%=0.35 avg Ham%=2.97
# used in: DOTGOV_IMAGE FILL_THIS_FORM TO_IN_SUBJ TO_NO_BRKTS_HTML_ONLY
FSL_HELO_BARE_IP_2 KHOP_NO_FULL_NAME NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST URI_OBFU_DOM UC_GIBBERISH_OBFU URI_DATA
URI_DOTEDU __DOTGOV_IMAGE __KHOP_NO_FULL_NAME
__ML4: bad, avg S/O=0.17 avg Spam%=0.21 avg Ham%=1.04
# used in: DOTGOV_IMAGE FILL_THIS_FORM FREEMAIL_FORGED_REPLYTO
FREEMAIL_REPLY FREEMAIL_WFH_01 TO_IN_SUBJ TO_NO_BRKTS_HTML_ONLY
FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FSL_HELO_BARE_IP_2 KHOP_NO_FULL_NAME
NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST
URI_OBFU_DOM UC_GIBBERISH_OBFU URI_DATA URI_DOTEDU __DOTGOV_IMAGE
__FREEMAIL_DOC_PDF __FREEMAIL_WFH_01 __KHOP_NO_FULL_NAME
__ML5: bad, avg S/O=0.00 avg Spam%=0.01 avg Ham%=11.07
# used in: DOTGOV_IMAGE FILL_THIS_FORM TO_IN_SUBJ TO_NO_BRKTS_HTML_ONLY
FSL_HELO_BARE_IP_2 KHOP_NO_FULL_NAME NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST URI_OBFU_DOM UC_GIBBERISH_OBFU URI_DATA
URI_DOTEDU __DOTGOV_IMAGE __KHOP_NO_FULL_NAME
__ML_TURNS_SP_TO_TAB: bad, avg S/O=0.00 avg Spam%=0.01 avg Ham%=10.00
# used in: KB_DATE_CONTAINS_TAB KB_FAKED_THE_BAT TAB_IN_FROM
__MSGID_BEFORE_OKAY: bad, avg S/O=0.27 avg Spam%=0.08 avg Ham%=0.22
# used in: MSGID_FROM_MTA_HEADER PHP_ORIG_SCRIPT
__MSGID_BEFORE_RECEIVED: bad, avg S/O=0.35 avg Spam%=0.33 avg Ham%=0.62
# used in: MSGID_FROM_MTA_HEADER PHP_ORIG_SCRIPT TO_NO_BRKTS_HTML_ONLY
__MSGID_OK_DIGITS: bad, avg S/O=0.40 avg Spam%=33.80 avg Ham%=50.81
# used in: PHP_NOVER_MUA SYSADMIN SUSP_UTF8_WORD_COMBO
__MSGID_RANDY: bad, avg S/O=0.63 avg Spam%=2.02 avg Ham%=1.15
# used in: GOOG_STO_IMG_NOHTML HTML_TEXT_INVISIBLE_STYLE
__PLING_QUERY: bad, avg S/O=0.45 avg Spam%=0.32 avg Ham%=0.40
# used in: PLING_QUERY
__SUBJECT_ENCODED_B64: bad, avg S/O=0.50 avg Spam%=6.07 avg Ham%=6.16
# used in: GOOG_STO_IMG_NOHTML SUBJECT_NEEDS_ENCODING
TO_NO_BRKTS_HTML_ONLY SUBJ_LACKS_WORDS
__SUBJECT_ENCODED_QP: bad, avg S/O=0.16 avg Spam%=4.17 avg Ham%=22.00
# used in: SUBJECT_NEEDS_ENCODING
__SUBJECT_NEEDS_MIME: bad, avg S/O=0.70 avg Spam%=0.03 avg Ham%=0.01
# used in: SUBJECT_NEEDS_ENCODING
__SUBJ_ILLEGAL_CHARS: bad, avg S/O=0.70 avg Spam%=0.03 avg Ham%=0.01
# used in: HEAD_ILLEGAL_CHARS SUBJECT_NEEDS_ENCODING SUBJ_ILLEGAL_CHARS
__SUBJECT_NEEDS_MIME
__VIA_ML: bad, avg S/O=0.14 avg Spam%=7.03 avg Ham%=43.83
# used in: DOTGOV_IMAGE FILL_THIS_FORM TO_IN_SUBJ TO_NO_BRKTS_HTML_ONLY
FSL_HELO_BARE_IP_2 KHOP_NO_FULL_NAME NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST URI_OBFU_DOM UC_GIBBERISH_OBFU URI_DATA
URI_DOTEDU __DOTGOV_IMAGE __KHOP_NO_FULL_NAME __NOT_A_PERSON __REMOTE_IMAGE
rules/20_freemail.cf (12 rules, 6 bad):
FREEMAIL_ENVFROM_END_DIGIT: bad, avg S/O=0.56 avg Spam%=0.37 avg Ham%=0.29
FREEMAIL_FORGED_REPLYTO: bad, avg S/O=0.66 avg Spam%=3.15 avg Ham%=1.62
FREEMAIL_REPLY: bad, avg S/O=0.50 avg Spam%=0.07 avg Ham%=0.07
__freemail_safe: bad, avg S/O=0.08 avg Spam%=3.51 avg Ham%=38.13
# used in: FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLY FREEMAIL_WFH_01
FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__freemail_safe_fwd: bad, avg S/O=0.04 avg Spam%=0.02 avg Ham%=0.49
# used in: FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLY FREEMAIL_WFH_01
FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__freemail_safe
__freemail_safe_rls: no hits of target type
# used in: FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLY FREEMAIL_WFH_01
FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__freemail_safe
rules/20_fake_helo_tests.cf (18 rules, 6 bad):
HELO_DYNAMIC_DIALIN: no hits at all
HELO_DYNAMIC_HOME_NL: no hits at all
HELO_DYNAMIC_ROGERS: no hits at all
HELO_STATIC_HOST: bad, avg S/O=0.70 avg Spam%=0.01 avg Ham%=0.00
__HELO_STATIC_ROGERS: no hits at all
# used in: HELO_STATIC_HOST
__HELO_STATIC_SENDGRID: bad, avg S/O=0.35 avg Spam%=0.00 avg Ham%=0.00
# used in: HELO_STATIC_HOST
rules/20_dynrdns.cf (36 rules, 20 bad):
__CGATE_RCVD: bad, avg S/O=0.20 avg Spam%=0.01 avg Ham%=0.05
# used in: TO_NO_BRKTS_HTML_ONLY GOOG_REDIR_HTML_ONLY
__DOMINO_RCVD: bad, avg S/O=0.14 avg Spam%=0.00 avg Ham%=0.00
# used in: TO_NO_BRKTS_HTML_ONLY GOOG_REDIR_HTML_ONLY
__LAST_EXTERNAL_RELAY_NO_AUTH: bad, avg S/O=0.50 avg Spam%=99.79 avg
Ham%=98.59
# used in: DYN_RDNS_AND_INLINE_IMAGE KHOP_BOTNET_UNCLEAN KHOP_DYNAMIC
__LAST_UNTRUSTED_RELAY_NO_AUTH: bad, avg S/O=0.50 avg Spam%=99.79 avg
Ham%=98.37
# used in: DOS_HIGH_BAT_TO_MX
__RDNS_DYNAMIC_ADELPHIA: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_ATTBI: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_CHELLO_NO: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_COMCAST: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_DIALIN: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_NTL: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_ROGERS: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_RR2: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_SPACELAN: bad, avg S/O=0.38 avg Spam%=0.00 avg Ham%=0.00
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_TDS: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_TELIA: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_VELOX: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_VIRTUA: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_VTR: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_DYNAMIC_YAHOOBB: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE
__RDNS_STATIC: bad, avg S/O=0.47 avg Spam%=0.78 avg Ham%=0.87
# used in: DYN_RDNS_AND_INLINE_IMAGE
rules/20_drugs.cf (84 rules, 50 bad):
DRUGS_ANXIETY: bad, avg S/O=0.22 avg Spam%=0.00 avg Ham%=0.01
DRUGS_ANXIETY_EREC: no hits at all
DRUGS_ANXIETY_OBFU: no hits at all
DRUGS_DIET: bad, avg S/O=0.60 avg Spam%=0.00 avg Ham%=0.00
DRUGS_DIET_OBFU: no hits at all
DRUGS_MANYKINDS: no hits at all
DRUGS_SLEEP_EREC: no hits at all
DRUGS_SMEAR1: no hits at all
DRUG_DOSAGE: no hits at all
DRUG_ED_GENERIC: no hits at all
DRUG_ED_SILD: bad, avg S/O=0.79 avg Spam%=0.03 avg Ham%=0.01
SUBJECT_DRUG_GAP_S: no hits at all
SUBJECT_DRUG_GAP_X: no hits at all
VIA_GAP_GRA: no hits at all
__DRUGS_ANXIETY1: bad, avg S/O=0.28 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_ANXIETY_OBFU
DRUGS_MANYKINDS
__DRUGS_ANXIETY2: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY3: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_ANXIETY_OBFU
DRUGS_MANYKINDS
__DRUGS_ANXIETY4: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY5: no hits at all
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY7: no hits at all
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY8: no hits at all
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY9: no hits at all
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY_VAL: no hits of target type
# used in: DRUGS_ANXIETY_OBFU
__DRUGS_ANXIETY_XAN: bad, avg S/O=0.13 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_ANXIETY_OBFU
__DRUGS_DIET1: no hits at all
# used in: DRUGS_DIET DRUGS_DIET_OBFU DRUGS_MANYKINDS
__DRUGS_DIET2: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET3: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET4: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET5: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET6: bad, avg S/O=0.37 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET7: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET8: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET_PHEN: no hits at all
# used in: DRUGS_DIET_OBFU
__DRUGS_PAIN: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.01
# used in: DRUGS_MANYKINDS
__DRUGS_PAIN1: bad, avg S/O=0.75 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN10: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN11: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN12: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN13: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN14: no hits of target type
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN2: bad, avg S/O=0.36 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN3: no hits of target type
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN4: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN5: no hits of target type
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN6: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN7: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_SLEEP: bad, avg S/O=0.06 avg Spam%=0.00 avg Ham%=0.02
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC
__DRUGS_SLEEP2: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.02
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
__DRUGS_SLEEP3: no hits at all
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
__DRUGS_SLEEP4: no hits at all
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
rules/20_body_tests.cf (30 rules, 21 bad):
BLANK_LINES_80_90: no hits at all
EMAIL_ROT13: no hits at all
HTTPS_IP_MISMATCH: no hits at all
MIMEPART_LIMIT_EXCEEDED: no hits at all
MIME_BAD_ISO_CHARSET: no hits at all
MIME_BASE64_TEXT: bad, avg S/O=0.58 avg Spam%=0.22 avg Ham%=0.16
# used in: MALF_HTML_B64
MIME_HTML_MOSTLY: bad, avg S/O=0.53 avg Spam%=1.79 avg Ham%=1.61
MIME_HTML_ONLY: bad, avg S/O=0.38 avg Spam%=11.78 avg Ham%=18.97
# used in: BITCOIN_SPAM_01 FORGED_IMS_HTML FORGED_THEBAT_HTML
HTML_MIME_NO_HTML_TAG MALF_HTML_B64
MIME_HTML_ONLY_MULTI: no hits at all
MIME_QP_LONG_LINE: bad, avg S/O=0.15 avg Spam%=1.83 avg Ham%=10.67
MISSING_MIME_HB_SEP: bad, avg S/O=0.77 avg Spam%=0.01 avg Ham%=0.00
MPART_ALT_DIFF: bad, avg S/O=0.54 avg Spam%=4.25 avg Ham%=3.69
MPART_ALT_DIFF_COUNT: bad, avg S/O=0.27 avg Spam%=0.18 avg Ham%=0.48
TRACKER_ID: bad, avg S/O=0.52 avg Spam%=0.17 avg Ham%=0.15
TVD_SPACE_RATIO: bad, avg S/O=0.67 avg Spam%=0.94 avg Ham%=0.49
URI_TRUNCATED: bad, avg S/O=0.54 avg Spam%=0.03 avg Ham%=0.03
WEIRD_QUOTING: bad, avg S/O=0.54 avg Spam%=0.02 avg Ham%=0.01
__CTYPE_MULTIPART_ALT: bad, avg S/O=0.51 avg Spam%=63.63 avg Ham%=60.76
# used in: MIME_HTML_ONLY_MULTI
__MIME_BASE64: bad, avg S/O=0.24 avg Spam%=4.52 avg Ham%=14.70
# used in: TO_IN_SUBJ TO_NO_BRKTS_HTML_ONLY
__MIME_QP: bad, avg S/O=0.16 avg Spam%=6.58 avg Ham%=35.20
# used in: LONG_INVISIBLE_TEXT TO_NO_BRKTS_HTML_ONLY
__SUBJECT_UTF8_B_ENCODED: bad, avg S/O=0.48 avg Spam%=5.59 avg Ham%=6.11
# used in: TVD_SPACE_RATIO
rules/20_advance_fee.cf (53 rules, 6 bad):
__FRAUD_AUM: bad, avg S/O=0.70 avg Spam%=0.03 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW
__FRAUD_IRT: bad, avg S/O=0.72 avg Spam%=0.54 avg Ham%=0.21
# used in: ADVANCE_FEE_3_NEW
__FRAUD_JYG: bad, avg S/O=0.79 avg Spam%=0.03 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW
__FRAUD_MLY: bad, avg S/O=0.26 avg Spam%=0.16 avg Ham%=0.47
# used in: ADVANCE_FEE_3_NEW
__FRAUD_ULK: bad, avg S/O=0.54 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW
__FRAUD_WDR: bad, avg S/O=0.32 avg Spam%=0.00 avg Ham%=0.00
# used in: ADVANCE_FEE_3_NEW
rules/10_hasbase.cf (21 rules, 12 bad):
__HAS_CC: bad, avg S/O=0.02 avg Spam%=0.24 avg Ham%=11.60
# used in: T_EMPTY_FROM_OR_TO_OR_CC
__HAS_ERRORS_TO: bad, avg S/O=0.07 avg Spam%=0.50 avg Ham%=6.19
# used in: ADVANCE_FEE_3_NEW GOOG_STO_IMG_NOHTML LIST_PRTL_SAME_USER
LONG_IMG_URI SENDGRID_REDIR FSL_HELO_BARE_IP_2 LIST_PARTIAL SENDINBLUE_REDIR
URI_DATA
__HAS_IN_REPLY_TO: bad, avg S/O=0.05 avg Spam%=0.72 avg Ham%=12.63
# used in: ADVANCE_FEE_3_NEW MIME_NO_TEXT MIME_PHP_NO_TEXT
__HAS_LIST_ID: bad, avg S/O=0.08 avg Spam%=3.30 avg Ham%=36.98
# used in: AC_POST_EXTRAS RCVD_DOTEDU_SHORT USING_VERP ZW_OBFU_FROMTOSUBJ
__HAS_ORGANIZATION: bad, avg S/O=0.67 avg Spam%=1.52 avg Ham%=0.73
# used in: SHOPIFY_IMG_NOT_RCVD_SFY
__HAS_REPLY_TO: bad, avg S/O=0.55 avg Spam%=72.72 avg Ham%=58.83
# used in: IRS_SPOOF
__HAS_SENDER: bad, avg S/O=0.28 avg Spam%=1.68 avg Ham%=4.29
# used in: ADVANCE_FEE_3_NEW SHOPIFY_IMG_NOT_RCVD_SFY
TO_NO_BRKTS_HTML_IMG LIST_PARTIAL
__HAS_TNEF: bad, avg S/O=0.04 avg Spam%=0.11 avg Ham%=2.53
# used in: BIGNUM_EMAILS
__HAS_TO: bad, avg S/O=0.45 avg Spam%=83.17 avg Ham%=99.80
# used in: T_EMPTY_FROM_OR_TO_OR_CC
__HAS_URI: bad, avg S/O=0.49 avg Spam%=91.17 avg Ham%=95.35
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__HAS_X_BEEN_THERE: bad, avg S/O=0.17 avg Spam%=0.17 avg Ham%=0.82
# used in: SENDGRID_REDIR SENDINBLUE_REDIR
__HAS_X_REF: bad, avg S/O=0.06 avg Spam%=0.78 avg Ham%=12.77
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT RCVD_DOTEDU_SUSP
