You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@spamassassin.apache.org by Rules Report Cron <au...@sa-vm.apache.org> on 2021/04/07 08:30:14 UTC
[auto] bad sandbox rules report
HTTP get: https://ruleqa.spamassassin.org/1-days-ago?xml=1
HTTP get: https://ruleqa.spamassassin.org/2-days-ago?xml=1
HTTP get: https://ruleqa.spamassassin.org/3-days-ago?xml=1
Bad performing rules, from the past 3 night's mass-checks.
(Note: 'net' rules will be listed as 'no hits' unless you set 'tflags net'.
This also applies for meta rules which use 'net' rules.)
rulesrc/sandbox/smf/20_smf.cf (42 rules, 26 bad):
FSL_ABUSED_WEB_1: bad, avg S/O=0.45 avg Spam%=1.76 avg Ham%=2.16
FSL_ABUSED_WEB_3: bad, avg S/O=0.77 avg Spam%=2.14 avg Ham%=0.62
FSL_NOT_FROM_YAHOO: bad, avg S/O=0.44 avg Spam%=0.00 avg Ham%=0.00
FSL_NO_RCVD_1: bad, avg S/O=0.31 avg Spam%=0.12 avg Ham%=0.27
FSL_RCVD_EX_0: bad, avg S/O=0.18 avg Spam%=0.13 avg Ham%=0.56
FSL_RCVD_EX_1: bad, avg S/O=0.58 avg Spam%=53.56 avg Ham%=39.13
FSL_RCVD_EX_2: bad, avg S/O=0.36 avg Spam%=18.67 avg Ham%=33.26
FSL_RCVD_EX_3: bad, avg S/O=0.49 avg Spam%=9.95 avg Ham%=10.14
FSL_RCVD_EX_4: bad, avg S/O=0.57 avg Spam%=12.53 avg Ham%=9.31
FSL_RCVD_EX_5: bad, avg S/O=0.50 avg Spam%=3.36 avg Ham%=3.33
FSL_RCVD_EX_GT_5: bad, avg S/O=0.30 avg Spam%=1.81 avg Ham%=4.27
FSL_RCVD_TR_1: bad, avg S/O=0.26 avg Spam%=4.04 avg Ham%=11.78
FSL_RCVD_TR_4: bad, avg S/O=0.33 avg Spam%=0.02 avg Ham%=0.05
FSL_RCVD_TR_5: bad, avg S/O=0.39 avg Spam%=27.54 avg Ham%=42.95
FSL_RCVD_TR_GT_5: no hits of target type
FSL_RCVD_UT_1: bad, avg S/O=0.58 avg Spam%=53.56 avg Ham%=39.13
FSL_RCVD_UT_2: bad, avg S/O=0.36 avg Spam%=18.67 avg Ham%=33.26
FSL_RCVD_UT_3: bad, avg S/O=0.49 avg Spam%=9.95 avg Ham%=10.14
FSL_RCVD_UT_4: bad, avg S/O=0.57 avg Spam%=12.53 avg Ham%=9.31
FSL_RCVD_UT_5: bad, avg S/O=0.50 avg Spam%=3.36 avg Ham%=3.33
FSL_RCVD_UT_GT_5: bad, avg S/O=0.30 avg Spam%=1.81 avg Ham%=4.27
__FSL_COUNT_EXTERN: bad, avg S/O=0.50 avg Spam%=99.87 avg Ham%=99.44
# used in: FSL_RCVD_EX_0 FSL_RCVD_EX_1 FSL_RCVD_EX_2 FSL_RCVD_EX_3 FSL_RCVD_EX_4 FSL_RCVD_EX_5 FSL_RCVD_EX_GT_5
__FSL_COUNT_TRUST: bad, avg S/O=0.59 avg Spam%=85.98 avg Ham%=60.71
# used in: FSL_NO_RCVD_1 FSL_RCVD_TR_1 FSL_RCVD_TR_4 FSL_RCVD_TR_5 FSL_RCVD_TR_GT_5
__FSL_COUNT_UNTRUST: bad, avg S/O=0.50 avg Spam%=99.87 avg Ham%=99.44
# used in: FSL_NO_RCVD_1 FSL_RCVD_UT_1 FSL_RCVD_UT_2 FSL_RCVD_UT_3 FSL_RCVD_UT_4 FSL_RCVD_UT_5 FSL_RCVD_UT_GT_5
__FSL_ENVFROM_YAHOO: bad, avg S/O=0.45 avg Spam%=0.01 avg Ham%=0.01
# used in: FSL_NOT_FROM_YAHOO
__FSL_RELAY_YAHOO: bad, avg S/O=0.22 avg Spam%=0.06 avg Ham%=0.22
# used in: FSL_NOT_FROM_YAHOO
rulesrc/sandbox/sidney/70_other.cf (1 rules, 1 bad):
T_UPPERCASE_HTTP: bad, avg S/O=0.48 avg Spam%=0.02 avg Ham%=0.02
rulesrc/sandbox/pds/20_urlshort.cf (27 rules, 4 bad):
DRUGS_ERECTILE_SHORT_SHORTNER: no hits at all
TONOM_EQ_TOLOC_SHRT_PSHRTNER: no hits at all
__PDS_SHORT_URL: bad, avg S/O=0.43 avg Spam%=0.28 avg Ham%=0.37
# used in: TONOM_EQ_TOLOC_SHRT_PSHRTNER
__PDS_URISHORTENER: bad, avg S/O=0.67 avg Spam%=2.67 avg Ham%=1.33
# used in: DRUGS_ERECTILE_SHORT_SHORTNER TONOM_EQ_TOLOC_SHRT_PSHRTNER __PDS_SHORT_URL
rulesrc/sandbox/pds/20_php.cf (14 rules, 2 bad):
PDS_PHPEXP_BOT: bad, avg S/O=0.80 avg Spam%=0.01 avg Ham%=0.00
__PDS_X_PHP_WPINCLUDES: bad, avg S/O=0.63 avg Spam%=0.00 avg Ham%=0.00
# used in: PDS_PHPEXP_BOT
rulesrc/sandbox/pds/20_ntld.cf (24 rules, 5 bad):
BULK_RE_SUSP_NTLD: bad, avg S/O=0.67 avg Spam%=0.01 avg Ham%=0.01
GOOGLE_DRIVE_REPLY_BAD_NTLD: no hits of target type
SENT_TO_EMAIL_ADDR: no hits at all
VPS_NO_NTLD: no hits at all
__PDS_SENT_TO_EMAIL_ADDR: no hits at all
# used in: SENT_TO_EMAIL_ADDR
rulesrc/sandbox/pds/20_html.cf (2 rules, 1 bad):
__PDS_HTML_LENGTH_1024: bad, avg S/O=0.76 avg Spam%=4.80 avg Ham%=1.55
# used in: DRUGS_ERECTILE_SHORT_SHORTNER
rulesrc/sandbox/pds/20_gdocs.cf (6 rules, 4 bad):
__PDS_GOOGLE_DRIVE_SHARE: no hits of target type
# used in: GOOGLE_DRIVE_REPLY_BAD_NTLD
__PDS_GOOGLE_DRIVE_SHARE_1: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.03
# used in: GOOGLE_DRIVE_REPLY_BAD_NTLD __PDS_GOOGLE_DRIVE_SHARE
__PDS_GOOGLE_DRIVE_SHARE_2: no hits of target type
# used in: GOOGLE_DRIVE_REPLY_BAD_NTLD __PDS_GOOGLE_DRIVE_SHARE
__PDS_GOOGLE_DRIVE_SHARE_3: no hits at all
# used in: GOOGLE_DRIVE_REPLY_BAD_NTLD __PDS_GOOGLE_DRIVE_SHARE
rulesrc/sandbox/pds/20_btc.cf (19 rules, 5 bad):
PDS_LITECOIN_ID: bad, avg S/O=0.62 avg Spam%=0.01 avg Ham%=0.01
__HAS_IMG_SRC_DATA: bad, avg S/O=0.41 avg Spam%=0.02 avg Ham%=0.03
# used in: PDS_LITECOIN_ID
__LITECOIN_ID: bad, avg S/O=0.34 avg Spam%=0.09 avg Ham%=0.17
# used in: PDS_LITECOIN_ID
__PDS_LITECOIN_ID: bad, avg S/O=0.62 avg Spam%=0.01 avg Ham%=0.01
# used in: PDS_LITECOIN_ID
__URL_LTC_ID: bad, avg S/O=0.16 avg Spam%=0.12 avg Ham%=0.64
# used in: PDS_LITECOIN_ID __PDS_LITECOIN_ID
rulesrc/sandbox/pds/10_menaces.cf (30 rules, 5 bad):
BODY_QUOTE_MALF_MSGID: bad, avg S/O=0.68 avg Spam%=1.88 avg Ham%=0.64
PDS_DOUBLE_URL: bad, avg S/O=0.36 avg Spam%=4.43 avg Ham%=7.82
__PDS_BODY_QUOTE: bad, avg S/O=0.32 avg Spam%=8.89 avg Ham%=18.29
# used in: BODY_QUOTE_MALF_MSGID
__PDS_DOUBLE_URL: bad, avg S/O=0.36 avg Spam%=4.43 avg Ham%=7.82
# used in: PDS_DOUBLE_URL STY_INVIS_DIRECT
__PDS_TONAME_EQ_TOLOCAL: bad, avg S/O=0.40 avg Spam%=1.76 avg Ham%=2.61
# used in: PDS_PHPEXP_BOT TONOM_EQ_TOLOC_SHRT_PSHRTNER
rulesrc/sandbox/mmartinec/20_rpvalid.cf (2 rules, 1 bad):
__RP_MATCHES_RCVD: bad, avg S/O=0.15 avg Spam%=9.73 avg Ham%=56.45
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY LIST_PRTL_SAME_USER PHP_NOVER_MUA THIS_AD GAPPY_HTML LIST_PARTIAL TO_NO_BRKTS_DYNIP UC_GIBBERISH_OBFU __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
rulesrc/sandbox/mmartinec/20_misc.cf (15 rules, 3 bad):
CR_IN_SUBJ: no hits of target type
LONGLINE: bad, avg S/O=0.56 avg Spam%=1.62 avg Ham%=1.25
__LONGLINE: bad, avg S/O=0.56 avg Spam%=1.62 avg Ham%=1.25
# used in: LONG_INVISIBLE_TEXT LONGLINE
rulesrc/sandbox/mkettler/20_drugs.cf (1 rules, 1 bad):
LFUZ_PWRMALE: no hits at all
rulesrc/sandbox/maddoc/99_fsl_testing.cf (7 rules, 1 bad):
FSL_YHG_ABUSE: no hits of target type
rulesrc/sandbox/maddoc/99_doc_test.cf (15 rules, 11 bad):
FSL_FBOOK_PHISH: bad, avg S/O=0.06 avg Spam%=0.00 avg Ham%=0.04
FSL_HAS_TINYURL: bad, avg S/O=0.74 avg Spam%=0.06 avg Ham%=0.02
FSL_HELO_BARE_IP_1: bad, avg S/O=0.72 avg Spam%=0.04 avg Ham%=0.01
FSL_HELO_DEVICE: no hits of target type
FSL_HELO_FAKE: bad, avg S/O=0.42 avg Spam%=0.15 avg Ham%=0.21
FSL_INTERIA_ABUSE: no hits at all
FSL_MIME_NO_TEXT: bad, avg S/O=0.42 avg Spam%=0.01 avg Ham%=0.01
FSL_STACKED_TEXT: no hits of target type
__CTYPE_MULTIPART_MIXED: bad, avg S/O=0.43 avg Spam%=3.97 avg Ham%=5.20
# used in: HEXHASH_WORD FSL_MIME_NO_TEXT
__FSL_HELO_BARE_IP_1: bad, avg S/O=0.72 avg Spam%=0.04 avg Ham%=0.01
# used in: FSL_HELO_BARE_IP_1
__TWO_WORD_LINES: bad, avg S/O=0.78 avg Spam%=0.27 avg Ham%=0.08
# used in: FSL_STACKED_TEXT
rulesrc/sandbox/kmcgrail/20_utf7.cf (1 rules, 1 bad):
KAM_BLOCK_UTF7: no hits of target type
rulesrc/sandbox/kmcgrail/20_sergio_experimental.cf (7 rules, 6 bad):
SERGIO_SUBJECT_PORN006: no hits of target type
SERGIO_SUBJECT_PORN008: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.00
SERGIO_SUBJECT_PORN009: no hits of target type
SERGIO_SUBJECT_PORN011: bad, avg S/O=0.67 avg Spam%=0.00 avg Ham%=0.00
SERGIO_SUBJECT_PORN014: bad, avg S/O=0.07 avg Spam%=0.00 avg Ham%=0.01
SERGIO_SUBJECT_PORN015: bad, avg S/O=0.58 avg Spam%=0.00 avg Ham%=0.00
rulesrc/sandbox/kmcgrail/20_rules_to_sandbox.cf (3 rules, 1 bad):
US_DOLLARS_3: bad, avg S/O=0.75 avg Spam%=0.54 avg Ham%=0.18
rulesrc/sandbox/kmcgrail/20_needed.cf (1 rules, 1 bad):
__KAM_LOTTO2: bad, avg S/O=0.24 avg Spam%=0.09 avg Ham%=0.28
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
rulesrc/sandbox/kmcgrail/20_mailing_list.cf (1 rules, 1 bad):
AC_HTML_NONSENSE_TAGS: bad, avg S/O=0.18 avg Spam%=0.01 avg Ham%=0.03
rulesrc/sandbox/kmcgrail/20_html_tests.cf (2 rules, 2 bad):
KAM_HTML_FONT_INVALID: bad, avg S/O=0.23 avg Spam%=4.60 avg Ham%=15.19
__KAM_HTML_FONT_INVALID: bad, avg S/O=0.23 avg Spam%=4.60 avg Ham%=15.19
# used in: KAM_HTML_FONT_INVALID
rulesrc/sandbox/kmcgrail/20_freemail.cf (2 rules, 2 bad):
FREEMAIL_FORGED_FROMDOMAIN: bad, avg S/O=0.18 avg Spam%=0.62 avg Ham%=2.83
HEADER_FROM_DIFFERENT_DOMAINS: bad, avg S/O=0.16 avg Spam%=6.89 avg Ham%=37.36
# used in: FREEMAIL_FORGED_FROMDOMAIN
rulesrc/sandbox/kmcgrail/20_demoted_tests.cf (1 rules, 1 bad):
MSGID_MULTIPLE_AT: bad, avg S/O=0.08 avg Spam%=0.00 avg Ham%=0.04
rulesrc/sandbox/kmcgrail/20_darxus_experimental.cf (2 rules, 2 bad):
SPOOFED_URL_HOST: bad, avg S/O=0.21 avg Spam%=0.09 avg Ham%=0.34
__SPOOFED_URL_HOST: bad, avg S/O=0.15 avg Spam%=0.46 avg Ham%=2.60
# used in: SPOOFED_URL_HOST
rulesrc/sandbox/kmcgrail/20_bug_7068.cf (2 rules, 2 bad):
PP_TOO_MUCH_UNICODE02: no hits at all
PP_TOO_MUCH_UNICODE05: no hits at all
rulesrc/sandbox/kmcgrail/20_ac_rules_test.cf (28 rules, 23 bad):
AC_DIV_BONANZA: bad, avg S/O=0.10 avg Spam%=0.01 avg Ham%=0.09
AC_SPAMMY_URI_PATTERNS1: no hits at all
AC_SPAMMY_URI_PATTERNS10: no hits at all
AC_SPAMMY_URI_PATTERNS11: no hits at all
AC_SPAMMY_URI_PATTERNS12: no hits at all
AC_SPAMMY_URI_PATTERNS2: no hits at all
AC_SPAMMY_URI_PATTERNS3: no hits at all
AC_SPAMMY_URI_PATTERNS8: no hits at all
AC_SPAMMY_URI_PATTERNS9: no hits at all
__AC_1SEQC_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS9
__AC_1SEQV_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS9
__AC_LAND_URI: bad, avg S/O=0.15 avg Spam%=0.00 avg Ham%=0.00
# used in: AC_SPAMMY_URI_PATTERNS2
__AC_LONGSEQ_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS8
__AC_NDOMLONGNASPX_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS11
__AC_OUTI_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS1
__AC_OUTL_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS1
__AC_PHPOFFSUB_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS3
__AC_PHPOFFTOP_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS3
__AC_PUNCTNUMS_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS10
__AC_REPORT_URI: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.50
# used in: AC_SPAMMY_URI_PATTERNS2
__AC_RMOVE_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS9
__AC_UHDSEQ_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS12
__AC_UNSUB_URI: bad, avg S/O=0.07 avg Spam%=0.09 avg Ham%=1.20
# used in: AC_SPAMMY_URI_PATTERNS2
rulesrc/sandbox/khopesh/20_trust.cf (3 rules, 1 bad):
__DKIM_EXISTS: bad, avg S/O=0.26 avg Spam%=83.13 avg Ham%=29.22
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER STOCK_TIP SYSADMIN LIST_PARTIAL YOUR_PERMISSION UC_GIBBERISH_OBFU __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
rulesrc/sandbox/khopesh/20_s25r.cf (11 rules, 1 bad):
KHOP_BOTNET_UNCLEAN: bad, avg S/O=0.78 avg Spam%=11.59 avg Ham%=3.25
rulesrc/sandbox/khopesh/20_rcd_rdns.cf (24 rules, 6 bad):
RCD_RDNS_SERVER: bad, avg S/O=0.27 avg Spam%=44.90 avg Ham%=16.67
RCD_RDNS_SERVER_MESSY: bad, avg S/O=0.24 avg Spam%=60.43 avg Ham%=19.10
__RCD_RDNS_SMTP: bad, avg S/O=0.25 avg Spam%=5.15 avg Ham%=1.76
# used in: RCD_RDNS_SERVER
__RCD_RDNS_SMTP_MESSY: bad, avg S/O=0.28 avg Spam%=6.91 avg Ham%=2.67
# used in: ACCT_PHISHING RCD_RDNS_SERVER_MESSY
__RCD_RDNS_STATIC: bad, avg S/O=0.99 avg Spam%=0.07 avg Ham%=8.62
# used in: RCD_RDNS_SERVER
__RCD_RDNS_STATIC_MESSY: bad, avg S/O=0.99 avg Spam%=0.07 avg Ham%=8.64
# used in: RCD_RDNS_SERVER_MESSY
rulesrc/sandbox/khopesh/20_neon_overload.cf (6 rules, 4 bad):
KHOP_JS_OBFUSCATION: no hits of target type
TR_JS_FROMCHARCODE: bad, avg S/O=0.14 avg Spam%=0.00 avg Ham%=0.00
TR_JS_REDIRECTION_2: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.01
__TR_JS_CONCATINATED_HTTP: no hits of target type
# used in: KHOP_JS_OBFUSCATION
rulesrc/sandbox/khopesh/20_khop_lists.cf (16 rules, 10 bad):
NOT_A_PERSON: bad, avg S/O=0.42 avg Spam%=92.53 avg Ham%=65.68
__FROM_FULL_NAME: bad, avg S/O=0.45 avg Spam%=64.57 avg Ham%=52.43
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_YOUR_INFO MALWARE_PASSWORD
__FROM_INFO: bad, avg S/O=0.06 avg Spam%=0.20 avg Ham%=3.03
# used in: LIST_PRTL_SAME_USER
__MAIL_LINK: bad, avg S/O=0.45 avg Spam%=10.90 avg Ham%=8.97
# used in: STY_INVIS_DIRECT URI_DOTEDU
__NOT_A_PERSON: bad, avg S/O=0.42 avg Spam%=92.53 avg Ham%=65.68
# used in: NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__SENDER_BOT: bad, avg S/O=0.43 avg Spam%=58.41 avg Ham%=44.61
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_YOUR_INFO DOTGOV_IMAGE LIST_PRTL_SAME_USER MALWARE_PASSWORD NOT_A_PERSON PDS_PHPEXP_BOT REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST __LIST_PRTL_SAME_USER __NOT_A_PERSON __REMOTE_IMAGE
__SUBSCRIPTION_INFO: bad, avg S/O=0.28 avg Spam%=63.76 avg Ham%=25.36
# used in: DOTGOV_IMAGE PHP_ORIG_SCRIPT NOT_A_PERSON REMOTE_IMAGE SUBJ_OBFU_LOW_CNTRST TO_NO_BRKTS_DYNIP URI_DOTEDU_ENTITY __NOT_A_PERSON __REMOTE_IMAGE
__UNSUB_EMAIL: bad, avg S/O=0.71 avg Spam%=1.83 avg Ham%=4.70
# used in: HTML_TEXT_INVISIBLE_STYLE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __NOT_A_PERSON
__UNSUB_LINK: bad, avg S/O=0.36 avg Spam%=24.92 avg Ham%=13.75
# used in: LONG_INVISIBLE_TEXT GAPPY_HTML NOT_A_PERSON SPOOFED_URL SPOOFED_URL_HOST STY_INVIS_DIRECT SUBJ_OBFU_LOW_CNTRST TO_NO_BRKTS_DYNIP URI_DOTEDU __NOT_A_PERSON
__VACATION: bad, avg S/O=0.81 avg Spam%=0.63 avg Ham%=2.71
# used in: NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __NOT_A_PERSON
rulesrc/sandbox/khopesh/20_khop_general.cf (8 rules, 7 bad):
DEAR_EMAIL: bad, avg S/O=0.69 avg Spam%=0.10 avg Ham%=0.04
DEAR_NOBODY: bad, avg S/O=0.64 avg Spam%=0.03 avg Ham%=0.02
FORGED_URL_DOM: bad, avg S/O=0.25 avg Spam%=0.06 avg Ham%=0.18
FROM_WWW: bad, avg S/O=0.37 avg Spam%=0.00 avg Ham%=0.01
__FORGED_URL_DOM_1: bad, avg S/O=0.22 avg Spam%=0.05 avg Ham%=0.17
# used in: FORGED_URL_DOM
__FORGED_URL_DOM_2: bad, avg S/O=0.29 avg Spam%=0.06 avg Ham%=0.15
# used in: FORGED_URL_DOM
__MAY_BE_FORGED: bad, avg S/O=0.79 avg Spam%=0.14 avg Ham%=0.04
# used in: KHOP_BOTNET_UNCLEAN
rulesrc/sandbox/khopesh/20_khop_experimental.cf (57 rules, 27 bad):
KHOP_BIG_TO_CC: bad, avg S/O=0.02 avg Spam%=0.14 avg Ham%=7.14
KHOP_FROM_WWW: bad, avg S/O=0.05 avg Spam%=0.13 avg Ham%=2.73
REMOTE_IMAGE: bad, avg S/O=0.71 avg Spam%=2.91 avg Ham%=1.21
SHORTENED_URL_HREF: bad, avg S/O=0.74 avg Spam%=0.93 avg Ham%=0.33
SHORT_URL: bad, avg S/O=0.44 avg Spam%=0.32 avg Ham%=0.40
SPOOFED_URL: bad, avg S/O=0.52 avg Spam%=0.39 avg Ham%=0.36
SUBJ_ALL_CAPS2: no hits of target type
SUBJ_ALL_CAPS3: no hits of target type
UPPERCASE_URI: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.03
URL_SHORTENER: bad, avg S/O=0.64 avg Spam%=2.56 avg Ham%=1.46
__FROM_WEB_DAEMON: bad, avg S/O=0.55 avg Spam%=0.22 avg Ham%=0.18
# used in: KHOP_FROM_WWW
__MSGID_JAVAMAIL: bad, avg S/O=0.24 avg Spam%=4.12 avg Ham%=1.30
# used in: FILL_THIS_FORM_SHORT KHOP_FROM_WWW XM_UC_ONLY __HDRS_LCASE_KNOWN
__RDNS_IS_WWW: bad, avg S/O=0.73 avg Spam%=0.02 avg Ham%=0.01
# used in: KHOP_FROM_WWW
__RDNS_LONG: bad, avg S/O=0.53 avg Spam%=16.79 avg Ham%=14.97
# used in: HTML_TEXT_INVISIBLE_STYLE
__RDNS_SHORT: bad, avg S/O=0.42 avg Spam%=2.44 avg Ham%=3.40
# used in: HEXHASH_WORD URI_DOTEDU
__RELAY_THRU_WWW: bad, avg S/O=0.04 avg Spam%=0.12 avg Ham%=2.73
# used in: KHOP_FROM_WWW
__REMOTE_IMAGE: bad, avg S/O=0.71 avg Spam%=2.91 avg Ham%=1.21
# used in: DOTGOV_IMAGE REMOTE_IMAGE
__SHORT_URL: bad, avg S/O=0.74 avg Spam%=1.97 avg Ham%=0.69
# used in: SHORT_URL TONOM_EQ_TOLOC_SHRT_PSHRTNER __PDS_SHORT_URL
__SPOOFED_URL: bad, avg S/O=0.19 avg Spam%=0.82 avg Ham%=3.51
# used in: FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL
__SUBJ_2UPPER: bad, avg S/O=0.49 avg Spam%=83.58 avg Ham%=88.64
# used in: SUBJ_ALL_CAPS2 SUBJ_ALL_CAPS3
__SUBJ_4LOWER: bad, avg S/O=0.49 avg Spam%=93.95 avg Ham%=99.14
# used in: SUBJ_ALL_CAPS2 SUBJ_ALL_CAPS3
__SUBJ_IMPORTANT: bad, avg S/O=0.28 avg Spam%=0.11 avg Ham%=0.29
# used in: SUBJ_ALL_CAPS3
__SUBJ_SHORT: bad, avg S/O=0.78 avg Spam%=1.34 avg Ham%=0.37
# used in: SUBJ_ALL_CAPS2 SUBJ_ALL_CAPS3 TONOM_EQ_TOLOC_SHRT_PSHRTNER
__TO_EQ_FROM_USR: bad, avg S/O=0.55 avg Spam%=1.17 avg Ham%=0.97
# used in: LIST_PRTL_SAME_USER __LIST_PRTL_SAME_USER
__TO_EQ_FROM_USR_1: bad, avg S/O=0.33 avg Spam%=0.54 avg Ham%=1.12
# used in: LIST_PRTL_SAME_USER __LIST_PRTL_SAME_USER __TO_EQ_FROM_USR
__TO_EQ_FROM_USR_2: bad, avg S/O=0.77 avg Spam%=1.60 avg Ham%=0.47
# used in: LIST_PRTL_SAME_USER __LIST_PRTL_SAME_USER __TO_EQ_FROM_USR
__URL_SHORTENER: bad, avg S/O=0.64 avg Spam%=2.56 avg Ham%=1.46
# used in: DRUGS_ERECTILE_SHORT_SHORTNER SHORT_URL SPOOFED_URL SPOOFED_URL_HOST TONOM_EQ_TOLOC_SHRT_PSHRTNER URL_SHORTENER __PDS_SHORT_URL
rulesrc/sandbox/khopesh/20_khop_dynamic.cf (13 rules, 4 bad):
__RDNS_HEX: bad, avg S/O=0.18 avg Spam%=0.26 avg Ham%=1.23
# used in: KHOP_BOTNET_UNCLEAN
__S25R_1: bad, avg S/O=0.37 avg Spam%=9.29 avg Ham%=16.03
# used in: KHOP_BOTNET_UNCLEAN
__S25R_2: bad, avg S/O=0.24 avg Spam%=2.11 avg Ham%=6.83
# used in: KHOP_BOTNET_UNCLEAN
__S25R_5: bad, avg S/O=0.43 avg Spam%=1.05 avg Ham%=1.39
# used in: KHOP_BOTNET_UNCLEAN
rulesrc/sandbox/kb/70_misc.cf (16 rules, 6 bad):
KB_RATWARE_OUTLOOK_MID: no hits at all
LIVEFILESTORE: no hits at all
THEBAT_UNREG: no hits at all
THREAD_INDEX_BAD: bad, avg S/O=0.77 avg Spam%=6.98 avg Ham%=2.02
__HAS_THREAD_INDEX: bad, avg S/O=0.71 avg Spam%=7.48 avg Ham%=3.04
# used in: HTML_TEXT_INVISIBLE_STYLE THREAD_INDEX_BAD TO_NO_BRKTS_DYNIP XM_UC_ONLY
__THREAD_INDEX_GOOD: bad, avg S/O=0.33 avg Spam%=0.50 avg Ham%=1.02
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY THREAD_INDEX_BAD __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
rulesrc/sandbox/kb/20_header.cf (6 rules, 2 bad):
FORGED_RELAY_MUA_TO_MX: bad, avg S/O=0.19 avg Spam%=0.00 avg Ham%=0.02
# used in: SENDGRID_REDIR
KB_FAKED_THE_BAT: no hits at all
rulesrc/sandbox/jquinn/20_misc.cf (3 rules, 3 bad):
EXCUSE_24: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.03
USING_VERP: bad, avg S/O=0.29 avg Spam%=2.42 avg Ham%=6.03
__USING_VERP1: bad, avg S/O=0.27 avg Spam%=2.73 avg Ham%=7.33
# used in: LONG_INVISIBLE_TEXT RCVD_DOTEDU_SUSP USING_VERP __RCVD_DOTEDU_SUSP
rulesrc/sandbox/jm/70_tt_drugs.cf (11 rules, 2 bad):
TT_OBSCURED_VALIUM: no hits at all
TT_OBSCURED_VIAGRA: no hits at all
rulesrc/sandbox/jm/20_bug_6152.cf (1 rules, 1 bad):
BUG6152_INVALID_DATE_TZ_ABSURD: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.01
rulesrc/sandbox/jm/20_basic.cf (70 rules, 24 bad):
CTYPE_001C_B: bad, avg S/O=0.36 avg Spam%=0.00 avg Ham%=0.00
CURR_PRICE: no hits at all
DYN_RDNS_AND_INLINE_IMAGE: bad, avg S/O=0.61 avg Spam%=0.02 avg Ham%=0.01
HDR_ORDER_FTSDMCXX_001C: no hits at all
HDR_ORDER_FTSDMCXX_BAT: no hits at all
IMG_CID_PART1: no hits of target type
MSNBC_THREAD_INDEX: bad, avg S/O=0.21 avg Spam%=0.03 avg Ham%=0.12
PART_CID_STOCK: no hits at all
PART_CID_STOCK_LESS: no hits at all
RCVD_FORGED_WROTE: no hits at all
RCVD_MAIL_COM: no hits at all
SB_GIF_AND_NO_URIS: bad, avg S/O=0.49 avg Spam%=0.00 avg Ham%=0.00
STOCK_IMG_HDR_FROM: no hits at all
STOCK_IMG_HTML: no hits at all
STOCK_IMG_OUTLOOK: bad, avg S/O=0.51 avg Spam%=0.00 avg Ham%=0.00
STOX_REPLY_TYPE: bad, avg S/O=0.79 avg Spam%=0.02 avg Ham%=0.00
TVD_PDF_FINGER01_JO: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.01
__HAS_ANY_EMAIL: bad, avg S/O=0.25 avg Spam%=21.74 avg Ham%=64.79
# used in: SB_GIF_AND_NO_URIS
__HAS_ANY_URI: bad, avg S/O=0.53 avg Spam%=91.72 avg Ham%=82.88
# used in: RCVD_DOTEDU_SHORT SB_GIF_AND_NO_URIS URI_ONLY_LOW_CONTRAST
__HS_SUBJ_RE_FW: bad, avg S/O=0.66 avg Spam%=24.73 avg Ham%=12.82
# used in: MIME_PHP_NO_TEXT
__MID_START_001C: no hits of target type
# used in: HDR_ORDER_FTSDMCXX_001C
__MSNBC_NOT_EXCH: no hits of target type
# used in: MSNBC_THREAD_INDEX
__MSNBC_THREAD_INDEX: bad, avg S/O=0.21 avg Spam%=0.03 avg Ham%=0.12
# used in: MSNBC_THREAD_INDEX
__NAKED_TO: bad, avg S/O=0.30 avg Spam%=19.36 avg Ham%=45.25
# used in: PDS_PHPEXP_BOT
rulesrc/sandbox/jhardin/40_local_azurephish.cf (1 rules, 1 bad):
PHISH_AZURE_CLOUDAPP: no hits at all
rulesrc/sandbox/jhardin/20_uri_obfu_ws.cf (4 rules, 2 bad):
URI_DEOBFU_INSTR: no hits of target type
__URI_DEOBFU_INSTR: bad, avg S/O=0.21 avg Spam%=0.00 avg Ham%=0.01
# used in: URI_DEOBFU_INSTR
rulesrc/sandbox/jhardin/20_thirdparty.cf (3 rules, 2 bad):
DX_TEXT_01: bad, avg S/O=0.41 avg Spam%=0.00 avg Ham%=0.00
DX_TEXT_03: bad, avg S/O=0.47 avg Spam%=0.00 avg Ham%=0.00
rulesrc/sandbox/jhardin/20_tbird_image_spam.cf (26 rules, 10 bad):
FORGED_TBIRD_IMG_ARROW: no hits of target type
FORGED_TBIRD_IMG_SIZE: no hits at all
TO_NO_BRKTS_DYNIP: bad, avg S/O=0.36 avg Spam%=0.15 avg Ham%=0.26
__FORGED_TBIRD_IMG: no hits of target type
# used in: FORGED_TBIRD_IMG_ARROW FORGED_TBIRD_IMG_SIZE
__MIME_BDRY_0D0D: bad, avg S/O=0.76 avg Spam%=0.14 avg Ham%=0.03
# used in: FORGED_TBIRD_IMG_ARROW FORGED_TBIRD_IMG_SIZE __FORGED_TBIRD_IMG
__MUA_TBIRD: bad, avg S/O=0.53 avg Spam%=3.27 avg Ham%=2.86
# used in: FORGED_TBIRD_IMG_ARROW FORGED_TBIRD_IMG_SIZE TO_NO_BRKTS_DYNIP __FORGED_TBIRD_IMG
__ONE_IMG: bad, avg S/O=0.62 avg Spam%=3.94 avg Ham%=2.45
# used in: FORGED_TBIRD_IMG_SIZE
__TO_NO_ARROWS_R: bad, avg S/O=0.35 avg Spam%=26.27 avg Ham%=49.03
# used in: PHP_NOVER_MUA FORGED_TBIRD_IMG_ARROW TO_NO_BRKTS_DYNIP
__TO_NO_BRKTS_DYNIP: bad, avg S/O=0.25 avg Spam%=0.25 avg Ham%=0.74
# used in: TO_NO_BRKTS_DYNIP
__TO_NO_BRKTS_HTML_ONLY: bad, avg S/O=0.42 avg Spam%=7.22 avg Ham%=9.77
# used in: PHP_NOVER_MUA
rulesrc/sandbox/jhardin/20_shared_subrules.cf (3 rules, 1 bad):
__BUGGED_IMG: bad, avg S/O=0.29 avg Spam%=23.58 avg Ham%=57.85
# used in: LIST_PRTL_SAME_USER LIST_PARTIAL PDS_LITECOIN_ID YOUR_PERMISSION
rulesrc/sandbox/jhardin/20_postcards.cf (6 rules, 5 bad):
EXECUTABLE_URI: bad, avg S/O=0.19 avg Spam%=0.00 avg Ham%=0.01
POSTCARD_03: no hits of target type
POSTCARD_05: no hits of target type
POSTCARD_09: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.01
__EXECUTABLE_URI: bad, avg S/O=0.19 avg Spam%=0.00 avg Ham%=0.01
# used in: EXECUTABLE_URI
rulesrc/sandbox/jhardin/20_misc_testing.cf (1043 rules, 294 bad):
ACCT_PHISHING: bad, avg S/O=0.34 avg Spam%=0.13 avg Ham%=0.27
ACH_CANCELLED_EXE: no hits at all
AC_POST_EXTRAS: no hits of target type
AD_PREFS: bad, avg S/O=0.08 avg Spam%=0.00 avg Ham%=0.01
BITCOIN_BOMB: no hits at all
BITCOIN_DEADLINE: bad, avg S/O=0.74 avg Spam%=0.01 avg Ham%=0.00
BITCOIN_EXTORT_01: bad, avg S/O=0.63 avg Spam%=0.02 avg Ham%=0.01
# used in: BITCOIN_BOMB BITCOIN_DEADLINE
BITCOIN_EXTORT_02: no hits at all
BITCOIN_OBFU_SUBJ: bad, avg S/O=0.41 avg Spam%=0.00 avg Ham%=0.01
BITCOIN_PDF: no hits of target type
BITCOIN_SPAM_06: no hits at all
BITCOIN_SPAM_10: no hits at all
BITCOIN_SPAM_11: no hits at all
BITCOIN_SPAM_12: no hits at all
BITCOIN_WFH_01: no hits at all
BITCOIN_YOUR_INFO: bad, avg S/O=0.48 avg Spam%=0.01 avg Ham%=0.01
BOMB_MONEY: bad, avg S/O=0.74 avg Spam%=0.01 avg Ham%=0.00
DAY_I_EARNED: no hits at all
DG_SPAMMER_EMAIL_B: bad, avg S/O=0.61 avg Spam%=0.00 avg Ham%=0.00
DG_SPAMMER_EMAIL_F: bad, avg S/O=0.44 avg Spam%=0.01 avg Ham%=0.01
DOC_ATTACH_NO_EXT: bad, avg S/O=0.13 avg Spam%=0.00 avg Ham%=0.00
DOTGOV_IMAGE: bad, avg S/O=0.41 avg Spam%=0.00 avg Ham%=0.00
DQ_URI_DOM_IN_PATH: bad, avg S/O=0.72 avg Spam%=0.05 avg Ham%=0.02
ENCRYPTED_MESSAGE: bad, avg S/O=0.76 avg Spam%=0.00 avg Ham%=0.00
FONT_INVIS_POSTEXTRAS: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.02
FREEMAIL_DOC_PDF: bad, avg S/O=0.33 avg Spam%=0.03 avg Ham%=0.06
FREEMAIL_DOC_PDF_BCC: bad, avg S/O=0.43 avg Spam%=0.00 avg Ham%=0.00
FREEMAIL_MANY_TO: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.04
FREEMAIL_RVW_ATTCH: bad, avg S/O=0.80 avg Spam%=0.00 avg Ham%=0.00
FREEMAIL_WFH_01: no hits at all
FROM_MISSP_XPRIO: bad, avg S/O=0.44 avg Spam%=0.49 avg Ham%=0.63
FROM_MULTI_SHORT_IMG: bad, avg S/O=0.43 avg Spam%=0.00 avg Ham%=0.01
FROM_URI: bad, avg S/O=0.73 avg Spam%=0.02 avg Ham%=0.01
FUZZY_ANDROID: no hits at all
FUZZY_BITCOIN: bad, avg S/O=0.65 avg Spam%=0.03 avg Ham%=0.01
# used in: BITCOIN_EXTORT_02
FUZZY_BROWSER: no hits at all
FUZZY_DR_OZ: no hits at all
FUZZY_NORTON: no hits at all
FUZZY_OPTOUT: no hits at all
FUZZY_SAVINGS: no hits of target type
FUZZY_WALLET: bad, avg S/O=0.28 avg Spam%=0.01 avg Ham%=0.02
GAPPY_HTML: no hits of target type
GAPPY_LOW_CONTRAST: bad, avg S/O=0.35 avg Spam%=0.00 avg Ham%=0.01
GAPPY_PILLS: no hits of target type
GOOGLE_DOCS_PHISH_MANY: no hits at all
GOOG_REDIR_HTML_ONLY: bad, avg S/O=0.76 avg Spam%=0.09 avg Ham%=0.03
HACKED_PHP_URI: bad, avg S/O=0.17 avg Spam%=0.00 avg Ham%=0.00
HDR_CASE_REV_ENC: bad, avg S/O=0.50 avg Spam%=0.01 avg Ham%=0.01
HDR_CASE_REV_MANY: bad, avg S/O=0.09 avg Spam%=0.01 avg Ham%=0.13
HEXHASH_WORD: bad, avg S/O=0.57 avg Spam%=0.01 avg Ham%=0.00
HTML_ATTACH: bad, avg S/O=0.49 avg Spam%=0.03 avg Ham%=0.04
HTML_TEXT_INVISIBLE_STYLE: bad, avg S/O=0.68 avg Spam%=0.09 avg Ham%=0.04
IMAGESHACK_URI: bad, avg S/O=0.19 avg Spam%=0.00 avg Ham%=0.00
IRS_SPOOF: no hits of target type
JH_SPAMMY_PATTERN01: no hits at all
LARGE_PCT_AFTER_MANY: no hits of target type
LH_URI_DOM_IN_PATH: bad, avg S/O=0.21 avg Spam%=0.54 avg Ham%=2.05
LIST_PARTIAL: bad, avg S/O=0.79 avg Spam%=0.80 avg Ham%=0.21
LIST_PRTL_PUMPDUMP: no hits at all
LIST_PRTL_SAME_USER: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.14
LONG_HEX_URI: bad, avg S/O=0.17 avg Spam%=0.01 avg Ham%=0.06
LONG_IMG_URI: bad, avg S/O=0.18 avg Spam%=0.01 avg Ham%=0.07
LONG_INVISIBLE_TEXT: bad, avg S/O=0.43 avg Spam%=0.06 avg Ham%=0.08
MALF_HTML_B64: bad, avg S/O=0.76 avg Spam%=0.00 avg Ham%=0.00
MALWARE_PASSWORD: no hits at all
MANY_PILL_PRICE: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.01
MONERO_DEADLINE: no hits at all
MONERO_EXTORT_01: no hits at all
# used in: MALWARE_PASSWORD MONERO_DEADLINE
MONERO_MALWARE: no hits at all
MONERO_PAY_ME: no hits at all
MONEY_12LTRDOM: bad, avg S/O=0.65 avg Spam%=0.03 avg Ham%=0.02
NEWEGG_IMG_NOT_RCVD_NEGG: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.00
OBFU_BITCOIN: bad, avg S/O=0.38 avg Spam%=0.01 avg Ham%=0.01
OBFU_DOC_ATTACH: bad, avg S/O=0.77 avg Spam%=0.00 avg Ham%=0.00
OBFU_GIF_ATTACH: no hits of target type
OBFU_HTML_ATTACH: bad, avg S/O=0.05 avg Spam%=0.01 avg Ham%=0.14
OBFU_HTML_ATT_MALW: no hits at all
OBFU_JPG_ATTACH: bad, avg S/O=0.10 avg Spam%=0.00 avg Ham%=0.01
OBFU_PDF_ATTACH: bad, avg S/O=0.08 avg Spam%=0.02 avg Ham%=0.22
PHP_NOVER_MUA: no hits of target type
PHP_ORIG_SCRIPT: bad, avg S/O=0.58 avg Spam%=0.02 avg Ham%=0.02
PHP_SCRIPT_MUA: no hits of target type
PUMPDUMP_MULTI: no hits at all
PUMPDUMP_TIP: no hits at all
RCVD_DOTEDU_SHORT: bad, avg S/O=0.58 avg Spam%=0.00 avg Ham%=0.00
RCVD_DOTEDU_SUSP: bad, avg S/O=0.76 avg Spam%=0.02 avg Ham%=0.01
RDNS_LOCALHOST: no hits at all
RUNON_SHY: bad, avg S/O=0.27 avg Spam%=0.00 avg Ham%=0.00
SCANNED_EXTERNAL: bad, avg S/O=0.47 avg Spam%=0.02 avg Ham%=0.03
SCRIPT_GIBBERISH: bad, avg S/O=0.71 avg Spam%=0.07 avg Ham%=0.03
SENDGRID_REDIR: bad, avg S/O=0.69 avg Spam%=0.04 avg Ham%=0.02
STOCK_TIP: no hits at all
STY_INVIS_DIRECT: bad, avg S/O=0.68 avg Spam%=0.16 avg Ham%=0.07
SUBJ_OBFU_LOW_CNTRST: bad, avg S/O=0.65 avg Spam%=0.02 avg Ham%=0.01
SUBJ_OBFU_PUNCT_FEW: bad, avg S/O=0.22 avg Spam%=0.05 avg Ham%=0.17
SUBJ_OBFU_PUNCT_MANY: bad, avg S/O=0.49 avg Spam%=0.01 avg Ham%=0.01
# used in: SUBJ_OBFU_PUNCT_FEW
SUSP_UTF8_WORD_COMBO: bad, avg S/O=0.42 avg Spam%=0.01 avg Ham%=0.01
SUSP_UTF8_WORD_MANY: bad, avg S/O=0.06 avg Spam%=0.00 avg Ham%=0.01
SYSADMIN: no hits at all
THIS_AD: bad, avg S/O=0.22 avg Spam%=0.06 avg Ham%=0.21
TINY_FLOAT: bad, avg S/O=0.73 avg Spam%=0.00 avg Ham%=0.00
TO_TOO_MANY_WFH_01: no hits at all
TW_GIBBERISH_MANY: no hits at all
UC_GIBBERISH_OBFU: no hits of target type
URI_ADOBESPARK: no hits at all
URI_DBL_INDIR: bad, avg S/O=0.05 avg Spam%=0.03 avg Ham%=0.46
URI_DOTEDU: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.08
URI_DOTEDU_ENTITY: bad, avg S/O=0.61 avg Spam%=0.00 avg Ham%=0.00
URI_MALWARE_BH: bad, avg S/O=0.17 avg Spam%=0.00 avg Ham%=0.02
URI_MALWARE_SCMS: no hits at all
URI_ONLY_LOW_CONTRAST: bad, avg S/O=0.15 avg Spam%=0.03 avg Ham%=0.19
URI_TRPL_INDIR: bad, avg S/O=0.57 avg Spam%=0.05 avg Ham%=0.03
URI_TRY_3LD: bad, avg S/O=0.21 avg Spam%=0.09 avg Ham%=0.37
WORD_INVIS: bad, avg S/O=0.79 avg Spam%=0.01 avg Ham%=0.00
XM_ONE_WORD: bad, avg S/O=0.69 avg Spam%=0.30 avg Ham%=0.13
XM_UC_ONLY: bad, avg S/O=0.79 avg Spam%=0.17 avg Ham%=0.04
ZW_OBFU_FREEM: no hits of target type
ZW_OBFU_FROMTOSUBJ: no hits at all
__128_ALNUM_URI: bad, avg S/O=0.14 avg Spam%=0.34 avg Ham%=2.08
# used in: BITCOIN_OBFU_SUBJ
__128_HEX_URI: bad, avg S/O=0.17 avg Spam%=0.01 avg Ham%=0.06
# used in: LONG_HEX_URI
__45_ALNUM_IMG: bad, avg S/O=0.18 avg Spam%=0.01 avg Ham%=0.07
# used in: LONG_IMG_URI
__4BYTE_UTF8_WORD: bad, avg S/O=0.33 avg Spam%=0.01 avg Ham%=0.02
# used in: SUSP_UTF8_WORD_COMBO SUSP_UTF8_WORD_MANY
__4BYTE_UTF8_WORD_9: bad, avg S/O=0.06 avg Spam%=0.00 avg Ham%=0.01
# used in: SUSP_UTF8_WORD_MANY
__ACCESS_RESTORE: bad, avg S/O=0.18 avg Spam%=0.01 avg Ham%=0.05
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH
__ACCESS_REVOKE: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH
__ACCOUNT_REACTIV: bad, avg S/O=0.38 avg Spam%=0.01 avg Ham%=0.02
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH
__ACCOUNT_SECURE: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH
__ACCOUNT_UPGRADE: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH
__ACCT_PHISH: bad, avg S/O=0.27 avg Spam%=0.08 avg Ham%=0.22
# used in: ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH
__ACH_CANCELLED_01: no hits at all
# used in: ACH_CANCELLED_EXE
__ACH_CANCELLED_02: no hits at all
# used in: ACH_CANCELLED_EXE
__ACH_CANCELLED_03: no hits at all
# used in: ACH_CANCELLED_EXE
__ACH_CANCELLED_04: no hits at all
# used in: ACH_CANCELLED_EXE
__ACH_CANCELLED_EXE: no hits at all
# used in: ACH_CANCELLED_EXE
__AC_HTML_ENTITY_BONANZA_SHRT_RAW: bad, avg S/O=0.18 avg Spam%=1.97 avg Ham%=8.85
# used in: URI_DOTEDU_ENTITY
__AC_POSTHTMLEXTRAS: no hits at all
# used in: AC_POST_EXTRAS FONT_INVIS_POSTEXTRAS
__AC_POSTIMGEXTRAS: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.02
# used in: AC_POST_EXTRAS FONT_INVIS_POSTEXTRAS
__AC_POST_EXTRAS: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.02
# used in: AC_POST_EXTRAS FONT_INVIS_POSTEXTRAS
__BITCOIN_OBFU_SUBJ: bad, avg S/O=0.39 avg Spam%=0.00 avg Ham%=0.01
# used in: BITCOIN_OBFU_SUBJ
__BITCOIN_WFH_01: no hits at all
# used in: BITCOIN_WFH_01
__BODY_TEXT_LINE: bad, avg S/O=0.50 avg Spam%=99.99 avg Ham%=99.99
# used in: RCVD_DOTEDU_SHORT URI_ONLY_LOW_CONTRAST WON_NBDY_ATTACH
__BOGUS_MIME_HDR: no hits at all
# used in: BITCOIN_SPAM_12
__BOGUS_MIME_HDR_MANY: no hits at all
# used in: BITCOIN_SPAM_12
__BONUS_LAST_DAY: no hits at all
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01 __BITCOIN_WFH_01
__BTC_OBFU_3: bad, avg S/O=0.62 avg Spam%=0.01 avg Ham%=0.00
# used in: BITCOIN_EXTORT_02 OBFU_BITCOIN
__BTC_OBFU_5: no hits at all
# used in: BITCOIN_EXTORT_02 OBFU_BITCOIN
__CLICK_HERE: bad, avg S/O=0.29 avg Spam%=7.84 avg Ham%=19.25
# used in: SUSP_UTF8_WORD_COMBO
__CR_IN_SUBJ: no hits of target type
# used in: THIS_AD
__CT_ENCRYPTED: bad, avg S/O=0.76 avg Spam%=0.00 avg Ham%=0.00
# used in: ENCRYPTED_MESSAGE MIME_PHP_NO_TEXT
__DAY_I_EARNED: no hits at all
# used in: DAY_I_EARNED
__DESTROY_YOU: bad, avg S/O=0.62 avg Spam%=0.03 avg Ham%=0.02
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__DOC_ATTACH: bad, avg S/O=0.10 avg Spam%=0.03 avg Ham%=0.27
# used in: FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH WON_NBDY_ATTACH
__EMAIL_PHISH: bad, avg S/O=0.08 avg Spam%=0.09 avg Ham%=0.96
# used in: ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH
__EMPTY_BODY: bad, avg S/O=0.59 avg Spam%=0.22 avg Ham%=0.15
# used in: WON_NBDY_ATTACH
__EXPLOSIVE_DEVICE: bad, avg S/O=0.13 avg Spam%=0.02 avg Ham%=0.12
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO BOMB_MONEY MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__EXTORT_MANY: bad, avg S/O=0.62 avg Spam%=0.02 avg Ham%=0.01
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__FB_TOUR: bad, avg S/O=0.12 avg Spam%=0.36 avg Ham%=2.60
# used in: FILL_THIS_FORM WORD_INVIS
__FONT_INVIS: bad, avg S/O=0.23 avg Spam%=1.22 avg Ham%=4.22
# used in: FONT_INVIS_POSTEXTRAS
__FREEMAIL_DOC_PDF: bad, avg S/O=0.33 avg Spam%=0.03 avg Ham%=0.06
# used in: FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH
__FREEMAIL_WFH_01: no hits at all
# used in: FREEMAIL_WFH_01
__FROM_12LTRDOM_1: bad, avg S/O=0.67 avg Spam%=3.26 avg Ham%=1.61
# used in: MONEY_12LTRDOM
__FROM_ADMIN: bad, avg S/O=0.20 avg Spam%=1.79 avg Ham%=6.95
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __ACCT_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__FROM_LOWER: bad, avg S/O=0.03 avg Spam%=0.08 avg Ham%=2.39
# used in: ADVANCE_FEE_2_NEW_FORM
__FROM_MISSPACED: bad, avg S/O=0.38 avg Spam%=0.64 avg Ham%=1.03
# used in: FROM_MISSP_XPRIO
__FROM_MULTI_SHORT_IMG: bad, avg S/O=0.33 avg Spam%=0.00 avg Ham%=0.01
# used in: FROM_MULTI_SHORT_IMG
__FROM_RUNON: bad, avg S/O=0.57 avg Spam%=1.43 avg Ham%=1.08
# used in: RCVD_DOTEDU_SUSP
__FROM_URI_1: bad, avg S/O=0.39 avg Spam%=0.01 avg Ham%=0.01
# used in: FROM_URI
__FS_SUBJ_RE: bad, avg S/O=0.04 avg Spam%=0.45 avg Ham%=12.05
# used in: RCVD_DOTEDU_SHORT
__FUZZY_DR_OZ: no hits at all
# used in: FUZZY_DR_OZ
__GAPPY_HTML: bad, avg S/O=0.10 avg Spam%=0.00 avg Ham%=0.01
# used in: GAPPY_HTML
__GAPPY_HTML_01: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.01
# used in: GAPPY_HTML __GAPPY_HTML
__GAPPY_HTML_02: no hits of target type
# used in: GAPPY_HTML __GAPPY_HTML
__GOOG_REDIR: bad, avg S/O=0.62 avg Spam%=0.71 avg Ham%=0.44
# used in: GOOG_REDIR_HTML_ONLY
__HACKED_PHP_URI: bad, avg S/O=0.17 avg Spam%=0.00 avg Ham%=0.00
# used in: HACKED_PHP_URI
__HAS_PHP_ORIG_SCRIPT: bad, avg S/O=0.77 avg Spam%=2.14 avg Ham%=0.62
# used in: PHP_ORIG_SCRIPT
__HDRS_LCASE_KNOWN: bad, avg S/O=0.24 avg Spam%=1.52 avg Ham%=4.88
# used in: XM_UC_ONLY
__HDR_CASE_REVERSED: bad, avg S/O=0.56 avg Spam%=2.92 avg Ham%=2.28
# used in: HDR_CASE_REV_ENC HDR_CASE_REV_MANY URI_TRY_3LD
__HDR_CASE_REV_MANY: bad, avg S/O=0.09 avg Spam%=0.01 avg Ham%=0.13
# used in: HDR_CASE_REV_MANY
__HDR_RCVD_ALIBABA: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.03
# used in: URI_TRY_3LD
__HDR_RCVD_AMAZON: bad, avg S/O=0.12 avg Spam%=0.30 avg Ham%=2.16
# used in: STY_INVIS_DIRECT
__HDR_RCVD_NEWEGG: no hits of target type
# used in: NEWEGG_IMG_NOT_RCVD_NEGG
__HDR_RCVD_SHOPIFY: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.01
# used in: FILL_THIS_FORM_FRAUD_PHISH
__HEXHASHWORD_S2EU: bad, avg S/O=0.18 avg Spam%=0.11 avg Ham%=0.53
# used in: HEXHASH_WORD
__HOURS_DEADLINE: bad, avg S/O=0.32 avg Spam%=0.62 avg Ham%=1.32
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __EXTORT_MANY
__HTML_SINGLET: bad, avg S/O=0.53 avg Spam%=4.17 avg Ham%=3.73
# used in: SENDGRID_REDIR
__HTML_SINGLET_10: bad, avg S/O=0.74 avg Spam%=2.34 avg Ham%=0.81
# used in: SENDGRID_REDIR
__IRS_FM_NAME: no hits of target type
# used in: IRS_SPOOF
__IRS_SPOOF: no hits of target type
# used in: IRS_SPOOF
__LARGE_PERCENT_AFTER: bad, avg S/O=0.36 avg Spam%=0.00 avg Ham%=0.00
# used in: LARGE_PCT_AFTER_MANY
__LCL__ENV_AND_HDR_FROM_MATCH: bad, avg S/O=0.65 avg Spam%=35.52 avg Ham%=19.27
# used in: SYSADMIN
__LIST_PARTIAL: bad, avg S/O=0.40 avg Spam%=17.13 avg Ham%=25.49
# used in: LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER LIST_PARTIAL SUSP_UTF8_WORD_COMBO
__LIST_PRTL_PUMPDUMP: no hits of target type
# used in: LIST_PRTL_PUMPDUMP
__LIST_PRTL_SAME_USER: bad, avg S/O=0.42 avg Spam%=0.11 avg Ham%=0.15
# used in: LIST_PRTL_SAME_USER
__LOCK_MAILBOX: bad, avg S/O=0.23 avg Spam%=0.03 avg Ham%=0.11
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__LONG_INVIS_DIV: no hits at all
# used in: LONG_INVISIBLE_TEXT
__LONG_STY_INVIS: bad, avg S/O=0.29 avg Spam%=0.13 avg Ham%=0.31
# used in: LONG_INVISIBLE_TEXT
__MAILBOX_FULL_SE: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__MAIL_ACCT_ACCESS1: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__MAIL_ACCT_ACCESS2: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.00
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__MAKE_XTRA_DOLLAR: no hits at all
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01 __BITCOIN_WFH_01 __FREEMAIL_WFH_01
__MONERO_CURNCY: no hits at all
# used in: MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__MONERO_ID: no hits at all
# used in: MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__MONEY_12LTRDOM: bad, avg S/O=0.65 avg Spam%=0.03 avg Ham%=0.02
# used in: MONEY_12LTRDOM
__MSGID_GUID: bad, avg S/O=0.08 avg Spam%=0.79 avg Ham%=9.47
# used in: WORD_INVIS
__MSGID_HEXISH: bad, avg S/O=0.23 avg Spam%=0.01 avg Ham%=0.02
# used in: HEXHASH_WORD XM_UC_ONLY __HDRS_LCASE_KNOWN
__MSGID_HEX_UID: no hits of target type
# used in: XM_UC_ONLY __HDRS_LCASE_KNOWN
__MY_VICTIM: no hits of target type
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __EXTORT_MANY
__NEWEGG_IMG_NOT_RCVD_NEGG: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.00
# used in: NEWEGG_IMG_NOT_RCVD_NEGG
__OBFU_BITCOIN: bad, avg S/O=0.38 avg Spam%=0.01 avg Ham%=0.01
# used in: OBFU_BITCOIN
__PASSWORD: bad, avg S/O=0.08 avg Spam%=0.24 avg Ham%=2.65
# used in: MALWARE_PASSWORD
__PASSWORD_UPGRADE: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__PAXFUL: bad, avg S/O=0.36 avg Spam%=0.01 avg Ham%=0.01
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __EXTORT_MANY
__PAY_ME: bad, avg S/O=0.36 avg Spam%=0.19 avg Ham%=0.33
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __EXTORT_MANY
__PDF_ATTACH: bad, avg S/O=0.18 avg Spam%=0.14 avg Ham%=0.64
# used in: MIME_PHP_NO_TEXT BITCOIN_PDF FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH WON_NBDY_ATTACH __FREEMAIL_DOC_PDF
__PERFECT_BINARY: no hits at all
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01 __BITCOIN_WFH_01 __FREEMAIL_WFH_01
__PHPMAILER_MUA: bad, avg S/O=0.39 avg Spam%=1.47 avg Ham%=2.27
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_YOUR_INFO MALWARE_PASSWORD SUSP_UTF8_WORD_COMBO
__PHP_NOVER_MUA: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.01
# used in: PHP_NOVER_MUA PHP_SCRIPT_MUA
__PILL_PRICE_02: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.05
# used in: MANY_PILL_PRICE
__PLS_REVIEW: bad, avg S/O=0.04 avg Spam%=0.01 avg Ham%=0.24
# used in: FREEMAIL_RVW_ATTCH
__PUMPDUMP_01: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP
__PUMPDUMP_02: no hits of target type
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP
__PUMPDUMP_05: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP
__PUMPDUMP_07: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP
__PUMPDUMP_08: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP
__PUMPDUMP_09: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP
__PUMPDUMP_10: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP_MULTI PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP
__RCVD_DOTEDU_EXT: bad, avg S/O=0.12 avg Spam%=0.05 avg Ham%=0.38
# used in: RCVD_DOTEDU_SHORT RCVD_DOTEDU_SUSP URI_DOTEDU
__RCVD_DOTEDU_SHORT: bad, avg S/O=0.55 avg Spam%=0.00 avg Ham%=0.00
# used in: RCVD_DOTEDU_SHORT
__RCVD_DOTEDU_SUSP: bad, avg S/O=0.62 avg Spam%=0.02 avg Ham%=0.01
# used in: RCVD_DOTEDU_SUSP
__RCVD_DOTGOV_EXT: bad, avg S/O=0.01 avg Spam%=0.01 avg Ham%=0.46
# used in: XM_UC_ONLY
__RECEIVE_BONUS: no hits at all
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01 __BITCOIN_WFH_01 __FREEMAIL_WFH_01
__SCANNED: bad, avg S/O=0.52 avg Spam%=0.03 avg Ham%=0.03
# used in: SCANNED_EXTERNAL
__SCRIPT_GIBBERISH: bad, avg S/O=0.71 avg Spam%=0.07 avg Ham%=0.03
# used in: SCRIPT_GIBBERISH
__SCRIPT_TAG_IN_BODY: bad, avg S/O=0.52 avg Spam%=0.00 avg Ham%=0.00
# used in: SCRIPT_GIBBERISH
__SECURITY_DEPT: bad, avg S/O=0.63 avg Spam%=0.00 avg Ham%=0.00
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __ACCT_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__SENDGRID_REDIR: bad, avg S/O=0.47 avg Spam%=0.04 avg Ham%=0.05
# used in: SENDGRID_REDIR
__SENDGRID_REDIR_NOPHISH: bad, avg S/O=0.46 avg Spam%=0.04 avg Ham%=0.05
# used in: SENDGRID_REDIR
__SINGLE_WORD_LINE: bad, avg S/O=0.54 avg Spam%=59.96 avg Ham%=50.49
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_YOUR_INFO MALWARE_PASSWORD
__SMIME_MESSAGE: no hits at all
# used in: RCVD_DOTEDU_SHORT T_SCC_EMPTY_BODY URI_ONLY_LOW_CONTRAST WON_NBDY_ATTACH __EMPTY_BODY __RCVD_DOTEDU_SHORT
__STAY_HOME: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.07
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01 __BITCOIN_WFH_01 __FREEMAIL_WFH_01
__STOCK_TIP: no hits of target type
# used in: PUMPDUMP_TIP STOCK_TIP
__STY_INVIS: bad, avg S/O=0.19 avg Spam%=7.86 avg Ham%=34.46
# used in: FONT_INVIS_POSTEXTRAS HTML_TEXT_INVISIBLE_STYLE LONG_INVISIBLE_TEXT SENDGRID_REDIR ACCT_PHISHING STY_INVIS_DIRECT SUSP_UTF8_WORD_COMBO XM_UC_ONLY __LONG_STY_INVIS
__STY_INVIS_3: bad, avg S/O=0.09 avg Spam%=1.04 avg Ham%=10.53
# used in: SUSP_UTF8_WORD_COMBO
__STY_INVIS_DIRECT: bad, avg S/O=0.19 avg Spam%=0.53 avg Ham%=2.29
# used in: STY_INVIS_DIRECT
__STY_INVIS_MANY: bad, avg S/O=0.07 avg Spam%=0.35 avg Ham%=4.54
# used in: HTML_TEXT_INVISIBLE_STYLE SENDGRID_REDIR ACCT_PHISHING XM_UC_ONLY
__SUBJ_ADMIN: bad, avg S/O=0.14 avg Spam%=0.50 avg Ham%=2.99
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __ACCT_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__SUBJ_HAS_ANY_EMAIL: bad, avg S/O=0.58 avg Spam%=0.44 avg Ham%=0.32
# used in: SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY
__SUBJ_HAS_FROM_1: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.09
# used in: ZW_OBFU_FROMTOSUBJ
__SUBJ_HAS_TOUSR_1: bad, avg S/O=0.42 avg Spam%=0.57 avg Ham%=0.79
# used in: SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY
__SUBJ_HAS_TOUSR_2: bad, avg S/O=0.46 avg Spam%=1.01 avg Ham%=1.17
# used in: SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY
__SUBJ_HAS_TO_1: bad, avg S/O=0.71 avg Spam%=0.28 avg Ham%=0.11
# used in: GOOGLE_DOCS_PHISH_MANY SENDGRID_REDIR ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY __ACCT_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH __SENDGRID_REDIR_NOPHISH
__SUBJ_HAS_TO_3: bad, avg S/O=0.44 avg Spam%=0.03 avg Ham%=0.04
# used in: GOOGLE_DOCS_PHISH_MANY SENDGRID_REDIR ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY __ACCT_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH __SENDGRID_REDIR_NOPHISH
__SUBJ_OBFU_PUNCT: bad, avg S/O=0.12 avg Spam%=0.37 avg Ham%=2.86
# used in: BITCOIN_OBFU_SUBJ SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY __BITCOIN_OBFU_SUBJ
__SURVEY: bad, avg S/O=0.21 avg Spam%=0.40 avg Ham%=1.49
# used in: WORD_INVIS
__SUSPICION_LOGIN: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __ACCT_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__SYSADMIN: bad, avg S/O=0.23 avg Spam%=0.43 avg Ham%=1.46
# used in: GOOGLE_DOCS_PHISH_MANY SYSADMIN ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__THIS_AD: bad, avg S/O=0.09 avg Spam%=0.08 avg Ham%=0.74
# used in: THIS_AD
__TOUSR_IN_SUBJ: bad, avg S/O=0.32 avg Spam%=0.65 avg Ham%=1.38
# used in: SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY
__TO_EQ_FROM: bad, avg S/O=0.53 avg Spam%=1.60 avg Ham%=1.44
# used in: ZW_OBFU_FROMTOSUBJ
__TO_EQ_FROM_1: bad, avg S/O=0.24 avg Spam%=0.33 avg Ham%=1.03
# used in: ZW_OBFU_FROMTOSUBJ __TO_EQ_FROM
__TO_EQ_FROM_2: bad, avg S/O=0.76 avg Spam%=1.27 avg Ham%=0.40
# used in: ZW_OBFU_FROMTOSUBJ __TO_EQ_FROM
__TO_IN_SUBJ: bad, avg S/O=0.70 avg Spam%=0.42 avg Ham%=0.18
# used in: GOOGLE_DOCS_PHISH_MANY SENDGRID_REDIR ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY __ACCT_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH __SENDGRID_REDIR_NOPHISH __TOUSR_IN_SUBJ
__TO_TOO_MANY_WFH_01: no hits at all
# used in: TO_TOO_MANY_WFH_01
__TO_WAY_TOO_MANY: bad, avg S/O=0.07 avg Spam%=0.01 avg Ham%=0.15
# used in: TO_TOO_MANY_WFH_01 FREEMAIL_MANY_TO __TO_TOO_MANY_WFH_01
__TO___LOWER: bad, avg S/O=0.33 avg Spam%=2.65 avg Ham%=5.48
# used in: STY_INVIS_DIRECT SUSP_UTF8_WORD_COMBO
__TRANSFORM_LIFE: bad, avg S/O=0.80 avg Spam%=0.04 avg Ham%=0.01
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01 __BITCOIN_WFH_01 __FREEMAIL_WFH_01 __TO_TOO_MANY_WFH_01
__UA_MSOMAC: no hits of target type
# used in: XM_UC_ONLY __HDRS_LCASE_KNOWN
__UC_GIBB_OBFU: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.05
# used in: UC_GIBBERISH_OBFU
__UNICODE_OBFU_ZW: bad, avg S/O=0.07 avg Spam%=0.03 avg Ham%=0.36
# used in: ZW_OBFU_FREEM ZW_OBFU_FROMTOSUBJ
__UPGR_MAILBOX: bad, avg S/O=0.06 avg Spam%=0.22 avg Ham%=3.20
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__URI_ADOBESPARK: no hits at all
# used in: URI_ADOBESPARK
__URI_DBL_INDIR: bad, avg S/O=0.12 avg Spam%=0.07 avg Ham%=0.50
# used in: URI_DBL_INDIR
__URI_DOTEDU: bad, avg S/O=0.04 avg Spam%=0.03 avg Ham%=0.73
# used in: URI_DOTEDU URI_DOTEDU_ENTITY URI_TRY_3LD
__URI_DOTEDU_ENTITY: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.20
# used in: URI_DOTEDU_ENTITY
__URI_DOTGOV: bad, avg S/O=0.01 avg Spam%=0.09 avg Ham%=6.24
# used in: DOTGOV_IMAGE
__URI_GOOGLE_DOC: bad, avg S/O=0.59 avg Spam%=0.37 avg Ham%=0.26
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING
__URI_IMG_NEWEGG: bad, avg S/O=0.12 avg Spam%=0.00 avg Ham%=0.00
# used in: NEWEGG_IMG_NOT_RCVD_NEGG __NEWEGG_IMG_NOT_RCVD_NEGG
__URI_MAILTO: bad, avg S/O=0.25 avg Spam%=21.84 avg Ham%=64.26
# used in: AC_POST_EXTRAS
__URI_MONERO: no hits at all
# used in: MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME
__URI_TRPL_INDIR: bad, avg S/O=0.57 avg Spam%=0.05 avg Ham%=0.03
# used in: URI_DBL_INDIR URI_TRPL_INDIR
__URI_TRY_3LD: bad, avg S/O=0.13 avg Spam%=0.09 avg Ham%=0.60
# used in: URI_TRY_3LD
__VALIDATE_MAILBOX: bad, avg S/O=0.54 avg Spam%=0.02 avg Ham%=0.01
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__VALIDATE_MBOX_SE: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__VERIFY_ACCOUNT: bad, avg S/O=0.31 avg Spam%=0.15 avg Ham%=0.33
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH __ACCT_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__WFH_01: no hits at all
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01 __BITCOIN_WFH_01 __FREEMAIL_WFH_01 __TO_TOO_MANY_WFH_01
__WITHOUT_EFFORT: bad, avg S/O=0.43 avg Spam%=0.00 avg Ham%=0.00
# used in: BITCOIN_WFH_01 FREEMAIL_WFH_01 TO_TOO_MANY_WFH_01 __BITCOIN_WFH_01 __FREEMAIL_WFH_01 __TO_TOO_MANY_WFH_01 __WFH_01
__WORD_INVIS: bad, avg S/O=0.78 avg Spam%=0.03 avg Ham%=0.01
# used in: WORD_INVIS
__XEROXWORKCTR_MUA: no hits at all
# used in: SCANNED_EXTERNAL
__XM_EC_MESSENGER: bad, avg S/O=0.04 avg Spam%=0.01 avg Ham%=0.21
# used in: URI_TRY_3LD
__XM_ONE_WORD_UNKNOWN: bad, avg S/O=0.68 avg Spam%=0.30 avg Ham%=0.14
# used in: XM_ONE_WORD
__XM_UC_ONLY_UNKNOWN: bad, avg S/O=0.74 avg Spam%=0.17 avg Ham%=0.06
# used in: XM_UC_ONLY
__YOUR_PASSWORD: bad, avg S/O=0.19 avg Spam%=0.46 avg Ham%=2.00
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __EXTORT_MANY
__YOUR_PERSONAL: bad, avg S/O=0.05 avg Spam%=0.49 avg Ham%=9.81
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __EXTORT_MANY
__YOUR_WEBCAM: bad, avg S/O=0.44 avg Spam%=0.02 avg Ham%=0.02
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __EXTORT_MANY
rulesrc/sandbox/jhardin/20_lotsa_money.cf (160 rules, 55 bad):
LOTS_OF_MONEY: bad, avg S/O=0.48 avg Spam%=3.69 avg Ham%=4.06
# used in: ADVANCE_FEE_2_NEW_FORM
LOTTO_AGENT_RPLY: bad, avg S/O=0.61 avg Spam%=0.00 avg Ham%=0.00
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY
LOTTO_URI: bad, avg S/O=0.51 avg Spam%=0.00 avg Ham%=0.00
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY
MONEY_PERCENT: bad, avg S/O=0.54 avg Spam%=0.27 avg Ham%=0.23
WON_NBDY_ATTACH: no hits at all
YOUR_PERMISSION: bad, avg S/O=0.73 avg Spam%=0.00 avg Ham%=0.00
__AFRICAN_STATE: bad, avg S/O=0.63 avg Spam%=0.27 avg Ham%=0.16
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__ATM_CARD: bad, avg S/O=0.58 avg Spam%=0.09 avg Ham%=0.06
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__AUTO_ACCIDENT: bad, avg S/O=0.78 avg Spam%=0.01 avg Ham%=0.00
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__BANK_DRAFT: bad, avg S/O=0.65 avg Spam%=0.03 avg Ham%=0.02
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__BURKINA_FASO: bad, avg S/O=0.48 avg Spam%=0.01 avg Ham%=0.02
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM __AFRICAN_STATE
__CHARITY: bad, avg S/O=0.34 avg Spam%=0.45 avg Ham%=0.86
# used in: URI_TRY_3LD
__DEAD_PARENT: bad, avg S/O=0.73 avg Spam%=0.02 avg Ham%=0.01
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__DEAL: bad, avg S/O=0.20 avg Spam%=1.45 avg Ham%=5.63
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__DECEASED: bad, avg S/O=0.41 avg Spam%=0.27 avg Ham%=0.39
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__DESTROY_ME: bad, avg S/O=0.48 avg Spam%=0.00 avg Ham%=0.00
# used in: ADVANCE_FEE_2_NEW_FORM BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO BOMB_MONEY MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__DIPLOMATIC: bad, avg S/O=0.53 avg Spam%=0.05 avg Ham%=0.04
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__EARLY_DEMISE: bad, avg S/O=0.56 avg Spam%=0.00 avg Ham%=0.00
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__FIFTY_FIFTY: bad, avg S/O=0.23 avg Spam%=1.28 avg Ham%=4.16
# used in: MONEY_PERCENT
__FOUND_YOU: bad, avg S/O=0.79 avg Spam%=0.11 avg Ham%=0.03
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__HAS_WON_01: no hits at all
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY WON_NBDY_ATTACH __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__HUSH_HUSH: bad, avg S/O=0.36 avg Spam%=3.37 avg Ham%=5.87
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_EXTORT_02 BITCOIN_YOUR_INFO MALWARE_PASSWORD MONERO_DEADLINE MONERO_EXTORT_01 MONERO_MALWARE MONERO_PAY_ME __EXTORT_MANY
__IS_LEGAL: bad, avg S/O=0.44 avg Spam%=0.03 avg Ham%=0.04
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__I_INHERIT: bad, avg S/O=0.46 avg Spam%=0.02 avg Ham%=0.03
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__LOTSA_MONEY_00: bad, avg S/O=0.43 avg Spam%=0.80 avg Ham%=1.04
# used in: ADVANCE_FEE_2_NEW_FORM LOTS_OF_MONEY MONEY_12LTRDOM MONEY_PERCENT __ADVANCE_FEE_2_NEW_FORM
__LOTSA_MONEY_01: bad, avg S/O=0.47 avg Spam%=1.56 avg Ham%=1.73
# used in: ADVANCE_FEE_2_NEW_FORM LOTS_OF_MONEY MONEY_PERCENT __ADVANCE_FEE_2_NEW_FORM
__LOTSA_MONEY_02: bad, avg S/O=0.48 avg Spam%=0.59 avg Ham%=0.64
# used in: ADVANCE_FEE_2_NEW_FORM LOTS_OF_MONEY MONEY_PERCENT __ADVANCE_FEE_2_NEW_FORM
__LOTSA_MONEY_03: bad, avg S/O=0.50 avg Spam%=1.00 avg Ham%=1.00
# used in: ADVANCE_FEE_2_NEW_FORM LOTS_OF_MONEY MONEY_PERCENT __ADVANCE_FEE_2_NEW_FORM
__LOTSA_MONEY_04: bad, avg S/O=0.76 avg Spam%=1.07 avg Ham%=0.33
# used in: ADVANCE_FEE_2_NEW_FORM LOTS_OF_MONEY MONEY_PERCENT __ADVANCE_FEE_2_NEW_FORM
__LOTSA_MONEY_05: no hits at all
# used in: ADVANCE_FEE_2_NEW_FORM LOTS_OF_MONEY MONEY_PERCENT __ADVANCE_FEE_2_NEW_FORM
__LOTTO_AGENT_02: no hits at all
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__LOTTO_AGENT_RPLY: bad, avg S/O=0.61 avg Spam%=0.00 avg Ham%=0.00
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY LOTTO_AGENT_RPLY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__LOTTO_WIN_01: bad, avg S/O=0.77 avg Spam%=0.05 avg Ham%=0.01
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__LUCKY_WINNER: bad, avg S/O=0.64 avg Spam%=0.05 avg Ham%=0.03
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__MOVE_MONEY: bad, avg S/O=0.74 avg Spam%=0.66 avg Ham%=0.23
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY WON_NBDY_ATTACH __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__NIGERIA: bad, avg S/O=0.61 avg Spam%=0.19 avg Ham%=0.12
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM __AFRICAN_STATE
__NOT_DEAD_YET: bad, avg S/O=0.61 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__PAY_YOU: bad, avg S/O=0.55 avg Spam%=0.03 avg Ham%=0.02
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__PCT_FOR_YOU: bad, avg S/O=0.70 avg Spam%=0.23 avg Ham%=0.10
# used in: MONEY_PERCENT
__PCT_FOR_YOU_2: bad, avg S/O=0.43 avg Spam%=0.03 avg Ham%=0.04
# used in: MONEY_PERCENT __PCT_FOR_YOU
__PCT_FOR_YOU_3: bad, avg S/O=0.74 avg Spam%=0.16 avg Ham%=0.06
# used in: MONEY_PERCENT __PCT_FOR_YOU
__SCAM: bad, avg S/O=0.19 avg Spam%=0.14 avg Ham%=0.61
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__TO_YOUR_ORG: bad, avg S/O=0.53 avg Spam%=0.04 avg Ham%=0.03
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY LOTTO_AGENT_RPLY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__TRAVEL_ITINERARY: bad, avg S/O=0.07 avg Spam%=0.00 avg Ham%=0.01
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY LOTS_OF_MONEY MONEY_PERCENT __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__TRUSTED_CHECK: bad, avg S/O=0.73 avg Spam%=0.02 avg Ham%=0.01
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__WIDOW: bad, avg S/O=0.25 avg Spam%=0.01 avg Ham%=0.02
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__WILL_LEGAL: bad, avg S/O=0.06 avg Spam%=0.01 avg Ham%=0.20
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__XFER_MONEY: bad, avg S/O=0.76 avg Spam%=1.04 avg Ham%=0.33
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__YOUR_FUND: bad, avg S/O=0.37 avg Spam%=0.39 avg Ham%=0.68
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__YOUR_PERM: bad, avg S/O=0.24 avg Spam%=0.02 avg Ham%=0.06
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY YOUR_PERMISSION __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__YOU_ASSIST: bad, avg S/O=0.56 avg Spam%=0.09 avg Ham%=0.07
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__YOU_WON: bad, avg S/O=0.48 avg Spam%=0.39 avg Ham%=0.42
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY WON_NBDY_ATTACH __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__YOU_WON_01: bad, avg S/O=0.44 avg Spam%=0.32 avg Ham%=0.40
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY WON_NBDY_ATTACH __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM __YOU_WON
__YOU_WON_02: bad, avg S/O=0.61 avg Spam%=0.03 avg Ham%=0.02
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY WON_NBDY_ATTACH __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM __YOU_WON
__YOU_WON_04: no hits at all
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY WON_NBDY_ATTACH __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM __YOU_WON
rulesrc/sandbox/jhardin/20_fillform.cf (18 rules, 10 bad):
FILL_THIS_FORM: bad, avg S/O=0.69 avg Spam%=0.35 avg Ham%=0.16
FILL_THIS_FORM_FRAUD_PHISH: bad, avg S/O=0.75 avg Spam%=0.07 avg Ham%=0.02
FILL_THIS_FORM_SHORT: bad, avg S/O=0.23 avg Spam%=0.40 avg Ham%=1.35
__FILL_THIS_FORM: bad, avg S/O=0.64 avg Spam%=0.37 avg Ham%=0.21
# used in: ADVANCE_FEE_2_NEW_FORM FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT __ADVANCE_FEE_2_NEW_FORM
__FILL_THIS_FORM_FRAUD_PHISH: bad, avg S/O=0.47 avg Spam%=0.08 avg Ham%=0.09
# used in: FILL_THIS_FORM_FRAUD_PHISH
__FILL_THIS_FORM_FRAUD_PHISH1: bad, avg S/O=0.17 avg Spam%=0.45 avg Ham%=2.22
# used in: FILL_THIS_FORM_FRAUD_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__FILL_THIS_FORM_PARTIAL: bad, avg S/O=0.42 avg Spam%=0.69 avg Ham%=0.94
# used in: ADVANCE_FEE_2_NEW_FORM FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT __ADVANCE_FEE_2_NEW_FORM __FILL_THIS_FORM __FILL_THIS_FORM_FRAUD_PHISH
__FILL_THIS_FORM_PARTIAL_RAW: bad, avg S/O=0.26 avg Spam%=1.22 avg Ham%=3.44
# used in: ADVANCE_FEE_2_NEW_FORM FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT __ADVANCE_FEE_2_NEW_FORM __FILL_THIS_FORM __FILL_THIS_FORM_FRAUD_PHISH
__FILL_THIS_FORM_SHORT: bad, avg S/O=0.22 avg Spam%=0.46 avg Ham%=1.59
# used in: FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT __FILL_THIS_FORM_FRAUD_PHISH
__FILL_THIS_FORM_SHORT2: bad, avg S/O=0.31 avg Spam%=0.62 avg Ham%=1.39
# used in: FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT __FILL_THIS_FORM_FRAUD_PHISH __FILL_THIS_FORM_SHORT
rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf (31 rules, 3 bad):
ADVANCE_FEE_2_NEW_FORM: bad, avg S/O=0.70 avg Spam%=0.00 avg Ham%=0.00
__ADVANCE_FEE_2_NEW: bad, avg S/O=0.66 avg Spam%=1.27 avg Ham%=0.66
# used in: ADVANCE_FEE_2_NEW_FORM
__ADVANCE_FEE_2_NEW_FORM: bad, avg S/O=0.78 avg Spam%=0.01 avg Ham%=0.00
# used in: ADVANCE_FEE_2_NEW_FORM
rulesrc/sandbox/jhardin/20_MIME_no_text.cf (7 rules, 4 bad):
MIME_PHP_NO_TEXT: no hits at all
__CTYPE_MULTIPART_ANY: bad, avg S/O=0.49 avg Spam%=61.41 avg Ham%=63.18
# used in: MIME_PHP_NO_TEXT MIME_MALF
__MIME_NO_TEXT: bad, avg S/O=0.71 avg Spam%=0.02 avg Ham%=0.01
# used in: MIME_PHP_NO_TEXT
__PHP_MUA_2: no hits at all
# used in: MIME_PHP_NO_TEXT
rulesrc/sandbox/jhardin/20_MIME_in_body.cf (3 rules, 3 bad):
MIME_MALF: no hits of target type
__MIME_CTYPE_IN_BODY: no hits of target type
# used in: MIME_MALF
__MIME_MALF: no hits of target type
# used in: MIME_MALF
rulesrc/sandbox/hege/20_hk.cf (52 rules, 4 bad):
HK_NAME_FROM: bad, avg S/O=0.76 avg Spam%=0.01 avg Ham%=0.00
URI_IN_URI_10: bad, avg S/O=0.71 avg Spam%=0.00 avg Ham%=0.00
URI_IN_URI_5: bad, avg S/O=0.33 avg Spam%=0.05 avg Ham%=0.10
__HK_NAME_FROM: bad, avg S/O=0.80 avg Spam%=0.01 avg Ham%=0.00
# used in: HK_NAME_FROM
rulesrc/sandbox/gbechis/20_misc.cf (9 rules, 2 bad):
SENDINBLUE_REDIR: bad, avg S/O=0.61 avg Spam%=0.06 avg Ham%=0.04
__SENDINBLUE_REDIR: bad, avg S/O=0.61 avg Spam%=0.06 avg Ham%=0.04
# used in: SENDINBLUE_REDIR
rulesrc/sandbox/fredt/99_zFVGT_FakeReply.cf (59 rules, 29 bad):
TEST_REPLY_B: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.21
TEST_REPLY_C: no hits of target type
__INR_AND_NO_REF: bad, avg S/O=0.77 avg Spam%=1.62 avg Ham%=0.49
# used in: TEST_REPLY_B
__MISSING_REF: bad, avg S/O=0.56 avg Spam%=99.47 avg Ham%=79.09
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_B TO_NO_BRKTS_DYNIP __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__MISSING_REPLY: bad, avg S/O=0.56 avg Spam%=99.50 avg Ham%=79.50
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C TO_NO_BRKTS_DYNIP __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__SUBJ_RE: bad, avg S/O=0.66 avg Spam%=24.64 avg Ham%=12.78
# used in: BULK_RE_SUSP_NTLD TEST_REPLY_B TEST_REPLY_C
__UA_GNUS: no hits of target type
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C TO_NO_BRKTS_DYNIP __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__UA_IMP: bad, avg S/O=0.76 avg Spam%=0.00 avg Ham%=0.00
# used in: TEST_REPLY_B __INR_AND_NO_REF
__UA_KNODE: no hits of target type
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C TO_NO_BRKTS_DYNIP __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__UA_MSENTOUR: no hits of target type
# used in: TEST_REPLY_B __INR_AND_NO_REF
__UA_MSOEMAC: no hits at all
# used in: TEST_REPLY_B XM_UC_ONLY __HDRS_LCASE_KNOWN __INR_AND_NO_REF
__UA_MUTT: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=1.24
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C TO_NO_BRKTS_DYNIP __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__UA_OPERA7: no hits at all
# used in: TEST_REPLY_B __INR_AND_NO_REF
__UA_PAN: no hits at all
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C TO_NO_BRKTS_DYNIP __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__UA_XNEWS: no hits at all
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C TO_NO_BRKTS_DYNIP __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__XM_APPLEMAIL: bad, avg S/O=0.05 avg Spam%=0.02 avg Ham%=0.34
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_COMMUNIG: bad, avg S/O=0.49 avg Spam%=0.00 avg Ham%=0.00
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_EDMAX: no hits at all
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_EMUMAIL: no hits at all
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_EXMH: no hits of target type
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_GNUS: no hits at all
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C TO_NO_BRKTS_DYNIP __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__XM_IMAIL: no hits at all
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_LOTUSN: no hits of target type
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_MAILCITY: no hits at all
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_MAILSMITH: no hits at all
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_MIMETOOLS: bad, avg S/O=0.27 avg Spam%=0.01 avg Ham%=0.02
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_MSCDO: bad, avg S/O=0.23 avg Spam%=0.04 avg Ham%=0.11
# used in: TEST_REPLY_B __INR_AND_NO_REF
__XM_SKYRI: no hits at all
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C TO_NO_BRKTS_DYNIP __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__XM_WWWMAIL: no hits of target type
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY FILL_THIS_FORM FILL_THIS_FORM_FRAUD_PHISH SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C TO_NO_BRKTS_DYNIP __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
rulesrc/sandbox/felicity/70_phishing.cf (58 rules, 41 bad):
HTTPS_HTTP_MISMATCH: bad, avg S/O=0.47 avg Spam%=0.23 avg Ham%=0.25
TVD_PH_1: no hits of target type
TVD_PH_7: bad, avg S/O=0.76 avg Spam%=0.01 avg Ham%=0.00
TVD_PH_BODY_ACCOUNTS_POST: bad, avg S/O=0.35 avg Spam%=0.12 avg Ham%=0.23
TVD_PH_BODY_ACCOUNTS_PRE: bad, avg S/O=0.62 avg Spam%=0.09 avg Ham%=0.05
TVD_PH_BODY_META_ALL: bad, avg S/O=0.52 avg Spam%=0.30 avg Ham%=0.28
TVD_PH_FR5: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.13
TVD_PH_REC: bad, avg S/O=0.60 avg Spam%=0.00 avg Ham%=0.00
TVD_PH_SEC: bad, avg S/O=0.22 avg Spam%=0.01 avg Ham%=0.04
TVD_PH_SUBJ_META: bad, avg S/O=0.28 avg Spam%=0.03 avg Ham%=0.08
TVD_PH_SUBJ_META1: bad, avg S/O=0.55 avg Spam%=0.07 avg Ham%=0.06
TVD_SUBJ_ACC_NUM: bad, avg S/O=0.37 avg Spam%=0.00 avg Ham%=0.00
__PH_TVD_FROM2: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.45
# used in: TVD_PH_FR5
__TVD_PH_BODY_01: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_BODY_META_ALL __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_BODY_02: bad, avg S/O=0.06 avg Spam%=0.00 avg Ham%=0.00
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_BODY_META_ALL __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_BODY_06: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_BODY_META_ALL __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_BODY_07: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_BODY_META_ALL __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_BODY_ACCOUNTS_POST: bad, avg S/O=0.35 avg Spam%=0.12 avg Ham%=0.23
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_BODY_ACCOUNTS_POST TVD_PH_BODY_META_ALL __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_BODY_ACCOUNTS_PRE: bad, avg S/O=0.62 avg Spam%=0.09 avg Ham%=0.05
# used in: GOOGLE_DOCS_PHISH_MANY TVD_PH_BODY_ACCOUNTS_PRE ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_BODY_META_ALL __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_00: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_02: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_04: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_15: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_17: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_18: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_19: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_31: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_36: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_37: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_38: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.02
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_39: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_52: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_54: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_58: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_59: no hits at all
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_ACCESS_POST: no hits of target type
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_ACCOUNTS_POST: bad, avg S/O=0.38 avg Spam%=0.01 avg Ham%=0.02
# used in: TVD_PH_SUBJ_META1
__TVD_PH_SUBJ_ACCOUNTS_PRE: bad, avg S/O=0.51 avg Spam%=0.02 avg Ham%=0.02
# used in: TVD_PH_SUBJ_META1
__TVD_PH_SUBJ_META: bad, avg S/O=0.28 avg Spam%=0.03 avg Ham%=0.08
# used in: GOOGLE_DOCS_PHISH_MANY ACCT_PHISHING FILL_THIS_FORM_FRAUD_PHISH TVD_PH_SUBJ_META __EMAIL_PHISH __FILL_THIS_FORM_FRAUD_PHISH
__TVD_PH_SUBJ_SEC_MEASURES: no hits of target type
# used in: TVD_PH_SUBJ_META1
__TVD_PH_SUBJ_UPDATE: bad, avg S/O=0.27 avg Spam%=0.01 avg Ham%=0.02
# used in: TVD_PH_SUBJ_META1
rulesrc/sandbox/felicity/70_other.cf (77 rules, 60 bad):
BASE64_LENGTH_78_79: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.04
BASE64_LENGTH_79_INF: bad, avg S/O=0.18 avg Spam%=0.01 avg Ham%=0.03
DRUGS_HDIA: no hits at all
FUZZY_MERIDIA: no hits at all
FUZZY_SPRM: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.00
HEADER_COUNT_SUBJECT: no hits at all
NULL_IN_BODY: no hits of target type
RCVD_BAD_ID: no hits at all
TVD_ACT_193: no hits at all
TVD_APPROVED: bad, avg S/O=0.18 avg Spam%=0.01 avg Ham%=0.06
TVD_APP_LOAN: bad, avg S/O=0.61 avg Spam%=0.01 avg Ham%=0.01
TVD_DEAR_HOMEOWNER: no hits at all
TVD_DOLLARS_US: bad, avg S/O=0.46 avg Spam%=0.02 avg Ham%=0.02
TVD_ENVFROM_APOST: no hits at all
TVD_FINGER_02: no hits at all
TVD_FLOAT_GENERAL: no hits at all
TVD_FROM_1: bad, avg S/O=0.80 avg Spam%=0.15 avg Ham%=0.04
TVD_FUZZY_DEGREE: no hits at all
TVD_FUZZY_FINANCE: no hits at all
TVD_FUZZY_FIXED_RATE: no hits at all
TVD_FUZZY_MICROCAP: no hits at all
TVD_FUZZY_PHARMACEUTICAL: no hits at all
TVD_FUZZY_SECTOR: bad, avg S/O=0.22 avg Spam%=0.02 avg Ham%=0.08
TVD_FUZZY_SECURITIES: no hits of target type
TVD_FUZZY_SYMBOL: no hits at all
TVD_FW_GRAPHIC_ID2: no hits at all
TVD_FW_GRAPHIC_ID3: bad, avg S/O=0.05 avg Spam%=0.02 avg Ham%=0.46
TVD_FW_GRAPHIC_ID3_2: bad, avg S/O=0.05 avg Spam%=0.03 avg Ham%=0.47
TVD_LINK_SAVE: no hits at all
TVD_LONG_WORD5: bad, avg S/O=0.37 avg Spam%=0.00 avg Ham%=0.00
TVD_NOT_SATISFIED: no hits of target type
TVD_PDF_FINGER01: bad, avg S/O=0.12 avg Spam%=0.00 avg Ham%=0.01
TVD_RATWARE_CB: no hits at all
TVD_RATWARE_CB_2: no hits at all
TVD_RATWARE_MSGID_01: bad, avg S/O=0.02 avg Spam%=0.03 avg Ham%=1.42
TVD_RATWARE_MSGID_02: no hits at all
TVD_RCVD_IP4: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.01
TVD_RCVD_SINGLE: no hits of target type
TVD_SECTION: no hits at all
TVD_SILLY_URI_OBFU: no hits at all
TVD_SINGLE_SPAN_DIV: bad, avg S/O=0.45 avg Spam%=0.00 avg Ham%=0.00
TVD_SPACED_SUBJECT_WORD3: no hits at all
TVD_SPACED_SUBJECT_WORD5: bad, avg S/O=0.62 avg Spam%=0.09 avg Ham%=0.05
TVD_STOCK1: no hits at all
TVD_SUBJ_APPR_LOAN: bad, avg S/O=0.70 avg Spam%=0.00 avg Ham%=0.00
TVD_SUBJ_FINGER_03: no hits at all
TVD_SUBJ_OWE: no hits at all
TVD_SUBJ_WIPE_DEBT: bad, avg S/O=0.23 avg Spam%=0.00 avg Ham%=0.01
TVD_UNDER_VALUED: no hits of target type
TVD_VIS_HIDDEN: no hits at all
T_TVD_MIME_NO_HEADERS: bad, avg S/O=0.33 avg Spam%=0.02 avg Ham%=0.04
T_TVD_PCT_OFF2: bad, avg S/O=0.54 avg Spam%=0.37 avg Ham%=0.32
T_TVD_SUBJ_FINGER_05: bad, avg S/O=0.23 avg Spam%=0.00 avg Ham%=0.01
T_TVD_SUBJ_NUM_OBFU: bad, avg S/O=0.29 avg Spam%=0.30 avg Ham%=0.73
T_TVD_SUBJ_NUM_OBFU2: bad, avg S/O=0.24 avg Spam%=0.33 avg Ham%=1.03
T_TVD_SUBJ_NUM_OBFU3: bad, avg S/O=0.24 avg Spam%=0.33 avg Ham%=1.03
__TVD_BODY: bad, avg S/O=0.50 avg Spam%=99.96 avg Ham%=99.93
# used in: TVD_PDF_FINGER01 TVD_PDF_FINGER01_JO
__TVD_INT_CID: bad, avg S/O=0.60 avg Spam%=5.02 avg Ham%=3.36
# used in: TVD_FW_GRAPHIC_ID3
__TVD_MIME_ATT: bad, avg S/O=0.11 avg Spam%=0.09 avg Ham%=0.69
# used in: SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TVD_PDF_FINGER01 TVD_PDF_FINGER01_JO
__TVD_MIME_CT_MM: bad, avg S/O=0.43 avg Spam%=3.97 avg Ham%=5.20
# used in: TVD_PDF_FINGER01 TVD_PDF_FINGER01_JO
rulesrc/sandbox/fanf/30_text.cf (2 rules, 1 bad):
LONG_TERM_PRICE: no hits of target type
rulesrc/sandbox/duncf/20_header.cf (3 rules, 1 bad):
STUDDLYCAPS: bad, avg S/O=0.37 avg Spam%=0.11 avg Ham%=0.19
rulesrc/sandbox/duncf/20_debt.cf (2 rules, 1 bad):
LOOPHOLE_1: no hits at all
rulesrc/sandbox/dos/70_other.cf (73 rules, 49 bad):
DOS_ANAL_SPAM_MAILER: no hits at all
DOS_FIX_MY_URI: no hits at all
DOS_HIGH_BAT_TO_MX: no hits at all
DOS_LET_GO_JOB: no hits at all
DOS_RCVD_IP_TWICE_A: bad, avg S/O=0.18 avg Spam%=0.82 avg Ham%=3.86
DOS_RCVD_IP_TWICE_B: bad, avg S/O=0.71 avg Spam%=0.33 avg Ham%=0.14
DOS_RCVD_IP_TWICE_C: no hits at all
DOS_STOCK_BAT: no hits at all
DOS_URI_ASTERISK: no hits at all
DOS_YOUR_PLACE: no hits at all
DOS_ZIP_HARDCORE: no hits at all
X_MAILER_CME_6543_MSN: no hits at all
__DOS_BODY_FRI: bad, avg S/O=0.10 avg Spam%=0.90 avg Ham%=7.80
# used in: DOS_STOCK_BAT
__DOS_BODY_MON: bad, avg S/O=0.47 avg Spam%=7.19 avg Ham%=7.89
# used in: DOS_STOCK_BAT
__DOS_BODY_SAT: bad, avg S/O=0.17 avg Spam%=0.30 avg Ham%=1.41
# used in: DOS_STOCK_BAT
__DOS_BODY_STOCK: bad, avg S/O=0.20 avg Spam%=0.60 avg Ham%=2.36
# used in: DOS_STOCK_BAT
__DOS_BODY_SUN: bad, avg S/O=0.14 avg Spam%=0.65 avg Ham%=4.03
# used in: DOS_STOCK_BAT
__DOS_BODY_THU: bad, avg S/O=0.08 avg Spam%=0.47 avg Ham%=5.67
# used in: DOS_STOCK_BAT
__DOS_BODY_TICKER: no hits at all
# used in: DOS_STOCK_BAT
__DOS_BODY_TUE: bad, avg S/O=0.11 avg Spam%=0.65 avg Ham%=5.05
# used in: DOS_STOCK_BAT
__DOS_BODY_WED: bad, avg S/O=0.11 avg Spam%=0.64 avg Ham%=5.39
# used in: DOS_STOCK_BAT
__DOS_COMING_TO_YOUR_PLACE: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_CORRESPOND_EMAIL: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_DROP_ME_A_LINE: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_EMAIL_DIRECTLY: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_HAS_ANY_URI: bad, avg S/O=0.53 avg Spam%=91.72 avg Ham%=82.88
# used in: DOS_FIX_MY_URI
__DOS_HAS_LIST_ID: bad, avg S/O=0.11 avg Spam%=5.08 avg Ham%=43.24
# used in: DOS_HIGH_BAT_TO_MX LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER LIST_PARTIAL STY_INVIS_DIRECT SUSP_UTF8_WORD_COMBO
__DOS_HAS_LIST_UNSUB: bad, avg S/O=0.31 avg Spam%=21.39 avg Ham%=48.26
# used in: DOS_HIGH_BAT_TO_MX LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER LIST_PARTIAL NOT_A_PERSON STY_INVIS_DIRECT SUBJ_OBFU_LOW_CNTRST SUSP_UTF8_WORD_COMBO YOUR_PERMISSION URI_DOTEDU
__DOS_HAS_MAILING_LIST: bad, avg S/O=0.10 avg Spam%=0.25 avg Ham%=2.27
# used in: DOS_HIGH_BAT_TO_MX STY_INVIS_DIRECT
__DOS_HI: bad, avg S/O=0.39 avg Spam%=0.44 avg Ham%=0.68
# used in: DOS_FIX_MY_URI
__DOS_I_AM_25: bad, avg S/O=0.15 avg Spam%=0.00 avg Ham%=0.00
# used in: DOS_YOUR_PLACE
__DOS_I_DRIVE_A: no hits of target type
# used in: DOS_LET_GO_JOB
__DOS_LET_GO_JOB: no hits at all
# used in: DOS_LET_GO_JOB
__DOS_LINK: bad, avg S/O=0.55 avg Spam%=19.27 avg Ham%=15.97
# used in: DOS_FIX_MY_URI
__DOS_MEET_EACH_OTHER: bad, avg S/O=0.32 avg Spam%=0.00 avg Ham%=0.00
# used in: DOS_YOUR_PLACE
__DOS_MY_OLD_JOB: no hits of target type
# used in: DOS_LET_GO_JOB
__DOS_RCVD_FRI: bad, avg S/O=0.45 avg Spam%=12.38 avg Ham%=15.07
# used in: DOS_STOCK_BAT
__DOS_RCVD_MON: bad, avg S/O=0.54 avg Spam%=22.89 avg Ham%=19.16
# used in: DOS_STOCK_BAT
__DOS_RCVD_SAT: bad, avg S/O=0.65 avg Spam%=15.58 avg Ham%=8.59
# used in: DOS_STOCK_BAT
__DOS_RCVD_SUN: bad, avg S/O=0.67 avg Spam%=18.86 avg Ham%=9.24
# used in: DOS_STOCK_BAT
__DOS_RCVD_THU: bad, avg S/O=0.35 avg Spam%=11.69 avg Ham%=21.49
# used in: DOS_STOCK_BAT
__DOS_RCVD_TUE: bad, avg S/O=0.41 avg Spam%=14.68 avg Ham%=21.48
# used in: DOS_STOCK_BAT
__DOS_RCVD_WED: bad, avg S/O=0.44 avg Spam%=15.15 avg Ham%=19.41
# used in: DOS_STOCK_BAT
__DOS_REF_2_WK_DAYS: bad, avg S/O=0.12 avg Spam%=0.57 avg Ham%=4.26
# used in: DOS_STOCK_BAT
__DOS_REF_NEXT_WK_DAY: bad, avg S/O=0.43 avg Spam%=3.58 avg Ham%=4.71
# used in: DOS_STOCK_BAT
__DOS_REF_TODAY: bad, avg S/O=0.14 avg Spam%=2.06 avg Ham%=12.69
# used in: DOS_STOCK_BAT
__DOS_RELAYED_EXT: bad, avg S/O=0.40 avg Spam%=53.54 avg Ham%=80.69
# used in: DOS_HIGH_BAT_TO_MX STY_INVIS_DIRECT
__DOS_SINGLE_EXT_RELAY: bad, avg S/O=0.58 avg Spam%=53.56 avg Ham%=39.13
# used in: DOS_FIX_MY_URI DOS_HIGH_BAT_TO_MX STY_INVIS_DIRECT
__DOS_TAKING_HOME: no hits at all
# used in: DOS_LET_GO_JOB
rulesrc/sandbox/davej/20_non_ascii.cf (4 rules, 3 bad):
CTE_8BIT_MISMATCH: bad, avg S/O=0.76 avg Spam%=0.40 avg Ham%=0.12
__L_BODY_8BITS: bad, avg S/O=0.32 avg Spam%=27.82 avg Ham%=58.30
# used in: CTE_8BIT_MISMATCH STY_INVIS_DIRECT
__L_CTE_7BIT: bad, avg S/O=0.76 avg Spam%=27.41 avg Ham%=8.57
# used in: CTE_8BIT_MISMATCH XM_ONE_WORD
rulesrc/sandbox/davej/20_bug_7550.cf (1 rules, 1 bad):
VULN_PHPMAILER: bad, avg S/O=0.06 avg Spam%=0.11 avg Ham%=1.72
rulesrc/sandbox/billcole/80_test.cf (12 rules, 7 bad):
T_MIXED_TAG_CASE: bad, avg S/O=0.73 avg Spam%=0.52 avg Ham%=0.19
T_SCC_THREE_WORD_MONTY: bad, avg S/O=0.23 avg Spam%=0.00 avg Ham%=0.01
__HAS_HREF: bad, avg S/O=0.33 avg Spam%=33.03 avg Ham%=67.04
# used in: T_MIXED_TAG_CASE
__HAS_HREF_ONECASE: bad, avg S/O=0.31 avg Spam%=30.01 avg Ham%=66.83
# used in: T_MIXED_TAG_CASE
__HAS_IMG_SRC: bad, avg S/O=0.29 avg Spam%=21.95 avg Ham%=53.74
# used in: T_MIXED_TAG_CASE
__HAS_IMG_SRC_ONECASE: bad, avg S/O=0.29 avg Spam%=21.31 avg Ham%=50.99
# used in: HEXHASH_WORD T_MIXED_TAG_CASE
__MIXED_IMG_CASE: bad, avg S/O=0.16 avg Spam%=0.64 avg Ham%=3.47
# used in: T_MIXED_TAG_CASE
rulesrc/sandbox/billcole/23_bug_6780.cf (4 rules, 3 bad):
T_EMPTY_FROM_OR_TO_OR_CC: bad, avg S/O=0.22 avg Spam%=0.04 avg Ham%=0.16
__EMPTY_CC: bad, avg S/O=0.56 avg Spam%=99.85 avg Ham%=79.38
# used in: T_EMPTY_FROM_OR_TO_OR_CC
__EMPTY_FROM: bad, avg S/O=0.65 avg Spam%=0.00 avg Ham%=0.00
# used in: T_EMPTY_FROM_OR_TO_OR_CC
rulesrc/sandbox/billcole/21_bug_7219.cf (6 rules, 4 bad):
T_SCC_BODY_TEXT_LINE: bad, avg S/O=0.50 avg Spam%=99.91 avg Ham%=99.87
T_SCC_EMPTY_BODY: bad, avg S/O=0.57 avg Spam%=0.13 avg Ham%=0.09
__SCC_BODY_TEXT_LINE_FULL: bad, avg S/O=0.50 avg Spam%=99.99 avg Ham%=99.99
# used in: T_SCC_BODY_TEXT_LINE T_SCC_EMPTY_BODY
__SCC_SUBJECT_HAS_NON_SPACE: bad, avg S/O=0.50 avg Spam%=99.49 avg Ham%=99.89
# used in: T_SCC_BODY_TEXT_LINE T_SCC_EMPTY_BODY
rulesrc/sandbox/axb/20_axb_misc.cf (6 rules, 2 bad):
AXB_X_AOL_SEZ_S: bad, avg S/O=0.51 avg Spam%=0.00 avg Ham%=0.00
AXB_X_FF_SEZ_S: bad, avg S/O=0.33 avg Spam%=0.03 avg Ham%=0.07
rules/72_active.cf (47 rules, 28 bad):
CTYPE_8SPACE_GIF: no hits at all
HK_CTE_RAW: no hits at all
OBFU_TEXT_ATTACH: bad, avg S/O=0.63 avg Spam%=0.00 avg Ham%=0.00
TVD_FW_GRAPHIC_NAME_LONG: bad, avg S/O=0.78 avg Spam%=0.00 avg Ham%=0.00
TVD_FW_GRAPHIC_NAME_MID: bad, avg S/O=0.76 avg Spam%=0.02 avg Ham%=0.01
__ANY_IMAGE_ATTACH: bad, avg S/O=0.61 avg Spam%=5.06 avg Ham%=3.22
# used in: DOTGOV_IMAGE DYN_RDNS_AND_INLINE_IMAGE PART_CID_STOCK PART_CID_STOCK_LESS STOCK_IMG_HDR_FROM STOCK_IMG_HTML STOCK_IMG_OUTLOOK REMOTE_IMAGE
__ANY_TEXT_ATTACH: bad, avg S/O=0.51 avg Spam%=99.92 avg Ham%=94.86
# used in: MIME_PHP_NO_TEXT SYSADMIN
__ANY_TEXT_ATTACH_DOC: bad, avg S/O=0.51 avg Spam%=99.92 avg Ham%=94.86
# used in: FSL_MIME_NO_TEXT
__DOC_ATTACH_FN1: bad, avg S/O=0.08 avg Spam%=0.02 avg Ham%=0.26
# used in: FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH WON_NBDY_ATTACH __DOC_ATTACH
__DOC_ATTACH_FN2: bad, avg S/O=0.09 avg Spam%=0.03 avg Ham%=0.27
# used in: FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH WON_NBDY_ATTACH __DOC_ATTACH
__DOC_ATTACH_MT: bad, avg S/O=0.06 avg Spam%=0.02 avg Ham%=0.27
# used in: DOC_ATTACH_NO_EXT FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH WON_NBDY_ATTACH __DOC_ATTACH
__HTML_ATTACH_01: bad, avg S/O=0.40 avg Spam%=0.02 avg Ham%=0.03
# used in: HTML_ATTACH
__HTML_ATTACH_02: bad, avg S/O=0.51 avg Spam%=0.03 avg Ham%=0.03
# used in: HTML_ATTACH OBFU_HTML_ATT_MALW
__JPEG_ATTACH: bad, avg S/O=0.69 avg Spam%=1.80 avg Ham%=0.79
# used in: FORGED_TBIRD_IMG_ARROW FORGED_TBIRD_IMG_SIZE WON_NBDY_ATTACH __FORGED_TBIRD_IMG
__KAM_BLOCK_UTF7_2: no hits of target type
# used in: KAM_BLOCK_UTF7
__PART_CID_STOCK_LESS: no hits of target type
# used in: PART_CID_STOCK_LESS
__PART_STOCK_CD_F: bad, avg S/O=0.47 avg Spam%=3.86 avg Ham%=4.42
# used in: PART_CID_STOCK
__PART_STOCK_CID: no hits of target type
# used in: PART_CID_STOCK STOCK_IMG_HTML
__PART_STOCK_CL: bad, avg S/O=0.05 avg Spam%=0.01 avg Ham%=0.21
# used in: PART_CID_STOCK
__PDF_ATTACH_FN1: bad, avg S/O=0.11 avg Spam%=0.06 avg Ham%=0.49
# used in: MIME_PHP_NO_TEXT BITCOIN_PDF FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH WON_NBDY_ATTACH __FREEMAIL_DOC_PDF __PDF_ATTACH
__PDF_ATTACH_FN2: bad, avg S/O=0.24 avg Spam%=0.13 avg Ham%=0.41
# used in: MIME_PHP_NO_TEXT BITCOIN_PDF FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH WON_NBDY_ATTACH __FREEMAIL_DOC_PDF __PDF_ATTACH
__PDF_ATTACH_MT: bad, avg S/O=0.12 avg Spam%=0.07 avg Ham%=0.48
# used in: MIME_PHP_NO_TEXT BITCOIN_PDF DOC_ATTACH_NO_EXT FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH WON_NBDY_ATTACH __FREEMAIL_DOC_PDF __PDF_ATTACH
__TVD_FW_GRAPHIC_ID1: no hits of target type
# used in: STOCK_IMG_HDR_FROM
__TVD_MIME_ATT_AOPDF: bad, avg S/O=0.08 avg Spam%=0.02 avg Ham%=0.22
# used in: SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TVD_PDF_FINGER01 TVD_PDF_FINGER01_JO __TVD_MIME_ATT
__TVD_MIME_ATT_AP: bad, avg S/O=0.12 avg Spam%=0.07 avg Ham%=0.48
# used in: SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TVD_PDF_FINGER01 TVD_PDF_FINGER01_JO __TVD_MIME_ATT
__TVD_MIME_ATT_TP: bad, avg S/O=0.53 avg Spam%=89.32 avg Ham%=79.19
# used in: TVD_PDF_FINGER01
__TVD_OUTLOOK_IMG: bad, avg S/O=0.05 avg Spam%=0.03 avg Ham%=0.52
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__ZIP_ATTACH_NOFN: bad, avg S/O=0.43 avg Spam%=0.00 avg Ham%=0.00
# used in: OBFU_HTML_ATT_MALW
rules/25_replace.cf (29 rules, 23 bad):
FUZZY_AFFORDABLE: no hits at all
FUZZY_BILLION: no hits at all
FUZZY_CPILL: bad, avg S/O=0.61 avg Spam%=0.01 avg Ham%=0.00
FUZZY_GUARANTEE: no hits at all
FUZZY_MEDICATION: no hits at all
FUZZY_MONEY: no hits at all
FUZZY_MORTGAGE: no hits at all
FUZZY_OBLIGATION: no hits at all
FUZZY_OFFERS: no hits at all
FUZZY_PHENT: no hits at all
FUZZY_PRESCRIPT: no hits at all
FUZZY_PRICES: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.00
FUZZY_REFINANCE: no hits at all
FUZZY_REMOVE: no hits at all
FUZZY_SOFTWARE: no hits at all
FUZZY_THOUSANDS: no hits at all
FUZZY_VIOXX: no hits at all
FUZZY_VLIUM: no hits at all
SUBJECT_FUZZY_CHEAP: no hits at all
SUBJECT_FUZZY_MEDS: no hits at all
SUBJECT_FUZZY_PENIS: no hits at all
SUBJECT_FUZZY_TION: no hits at all
SUBJECT_FUZZY_VPILL: no hits at all
rules/25_dkim.cf (18 rules, 1 bad):
__DKIM_DEPENDABLE: no hits at all
# used in: PHP_NOVER_MUA
rules/20_vbounce.cf (176 rules, 165 bad):
ANY_BOUNCE_MESSAGE: no hits at all
BOUNCE_MESSAGE: no hits at all
# used in: ANY_BOUNCE_MESSAGE
CHALLENGE_RESPONSE: no hits at all
CRBOUNCE_MESSAGE: no hits of target type
# used in: ANY_BOUNCE_MESSAGE
OOOBOUNCE_MESSAGE: bad, avg S/O=0.08 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE
VBOUNCE_MESSAGE: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTOREPLY_ASU: bad, avg S/O=0.74 avg Spam%=2.87 avg Ham%=1.02
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTOREPLY_PRE: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTOREPLY_XAR: bad, avg S/O=0.10 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTOREPLY_XPR: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_3: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_4: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_BBTL: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_CM: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_MS: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_PREC: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__AUTO_GEN_XXSP: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_ADDR_ERR: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_AUTO_RESPOND: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_AUTO_RESPONSE: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_COULD_NOT: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_CTYPE: bad, avg S/O=0.30 avg Spam%=0.02 avg Ham%=0.04
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE MIME_PHP_NO_TEXT NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_DATA_FORMAT: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_ESMTP: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_ETRUST: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_FROM_DAEMON: bad, avg S/O=0.78 avg Spam%=0.15 avg Ham%=0.04
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_INTERSCAN: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_MAIL_DEL_FAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_MSGDELFAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NEVER_SEE: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NONWORKING: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NOTDEL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NOTIF: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NO_RESEND: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_NO_VAL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_ARHDR: bad, avg S/O=0.74 avg Spam%=2.87 avg Ham%=1.02
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_B1: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_B2: bad, avg S/O=0.41 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_BODY: bad, avg S/O=0.41 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_CB1: bad, avg S/O=0.14 avg Spam%=0.01 avg Ham%=0.06
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_CB2: bad, avg S/O=0.19 avg Spam%=0.02 avg Ham%=0.09
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_CB3: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_CB4: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_CS1: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_S1: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_S2: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_S3: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_SUBJBODY: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_OOO_SUBJECT: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE OOOBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_READ_NOTIFICATION: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_RETURNED: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_RET_MAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_RPATH_ERRMAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_STAT_FAIL: bad, avg S/O=0.13 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_UNDELIVERABLE: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_UNDELIVERABLE_ML: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.03
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_UNDEL_MSG: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_X_ERR_STAT: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__BOUNCE_Y_AUTOGEN: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__CHALLENGE_RESPONSE: no hits of target type
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__CRBOUNCE_0SPAM: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_0SPAM1: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE __CRBOUNCE_0SPAM
__CRBOUNCE_0SPAM2: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE __CRBOUNCE_0SPAM
__CRBOUNCE_ASK: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_BLOCKED: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_EXI: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_GETRESP: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_MIB: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_PREC_SPAM: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_QURB: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_RP: no hits of target type
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_RP_2: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_SI: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_SI1: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE __CRBOUNCE_SI
__CRBOUNCE_SI2: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE __CRBOUNCE_SI
__CRBOUNCE_SPAMARREST: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_SPAMLION: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_SZ: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_TMDA: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_UNVERIF: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_UOL: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_VANQ: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__CRBOUNCE_VERIF: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __CHALLENGE_RESPONSE
__HAVE_BOUNCE_RELAYS: bad, avg S/O=0.35 avg Spam%=39.05 avg Ham%=71.30
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE DOTGOV_IMAGE SENDGRID_REDIR NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__MAJORDOMO_HELP_BODY: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE
__MAJORDOMO_HELP_BODY2: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE
__MAJORDOMO_SUBJ: no hits of target type
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE
__MY_SERVERS_FOUND: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE
__NONBOUNCE_READ_RECEIPT: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST
__NONBOUNCE_READ_RECEIPT_CTYPE: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __NONBOUNCE_READ_RECEIPT
__VBOUNCE_ALERT: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_AMAVISD: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_AMAVISD2: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_ANTIGEN: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_AOL: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_ATTACHMENT0: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_ATT_QUAR: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_AVREPORT0: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_AV_RESULTS: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_BANNED_MAT: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_BITDEFENDER: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_CISCO: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_CLICKBANK: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_CONT_VIOL: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_DEL_WARN: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_DETECTED: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_DISALLOWED: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_DOMINO1: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_DOMINO2: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_DUTCH: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_EMAIL_REJ: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_EMANAGER: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_EMVD: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_EXIM: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_FORBIDDEN: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_FROMPT: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_GSHIELD: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_GUIN: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_GWAVA: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_GWAVA2: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_INFLEX: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_INF_ATTACH: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_INTERSCAN: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_INTERSCAN2: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_INTERSCAN3: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_JMAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_LUTHER: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_MAILMARSHAL: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_MAILMARSHAL2: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_MAILSWEEP: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_MAILSWEEP2: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_MAILSWEEP3: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_MAJORDOMO_HELP: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_MELDING: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_MIME_INFO: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_MMS: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_MSGLABS: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_NAV: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_NAV2: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_NAV3: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_NAVFAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_NAV_DETECT: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_PROBLEME: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_PT_BLOCKED: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_QUOTED_EXE: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_RAV: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_REJECTED: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_REJ_FILT: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_SCANMAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_SCREENSAVER: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_SECURIQ: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_SENDER: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_SMTP: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_STRIP_ATTACH: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_SYM_AVF: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_SYM_EMP: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_UNDELIV: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_VALERT: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_VIOLATION: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_VIR_FOUND: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_WARNING: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__VBOUNCE_YOUSENT: no hits at all
# used in: ANY_BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST VBOUNCE_MESSAGE __NOT_A_PERSON
__XM_VBULLETIN: bad, avg S/O=0.32 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __NOT_A_PERSON
__X_CRON_ENV: bad, avg S/O=0.04 avg Spam%=0.01 avg Ham%=0.18
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __NOT_A_PERSON
__YESBOUNCE_AUTO_REPLIED_REJ: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE NOT_A_PERSON SUBJ_OBFU_LOW_CNTRST __NONBOUNCE_READ_RECEIPT __NOT_A_PERSON
rules/20_uri_tests.cf (18 rules, 12 bad):
HTTP_77: no hits at all
HTTP_ESCAPED_HOST: bad, avg S/O=0.33 avg Spam%=0.02 avg Ham%=0.04
NUMERIC_HTTP_ADDR: no hits at all
SPOOF_COM2COM: bad, avg S/O=0.16 avg Spam%=0.00 avg Ham%=0.00
SPOOF_COM2OTH: bad, avg S/O=0.15 avg Spam%=0.00 avg Ham%=0.01
# used in: SPOOF_COM2COM
SPOOF_NET2COM: no hits at all
URI_HEX: bad, avg S/O=0.33 avg Spam%=0.21 avg Ham%=0.43
URI_NO_WWW_INFO_CGI: bad, avg S/O=0.45 avg Spam%=0.01 avg Ham%=0.02
URI_UNSUBSCRIBE: no hits at all
YAHOO_DRS_REDIR: no hits at all
YAHOO_RD_REDIR: no hits at all
__SPOOF_COM2COM: bad, avg S/O=0.27 avg Spam%=0.00 avg Ham%=0.00
# used in: SPOOF_COM2COM
rules/20_ratware.cf (99 rules, 59 bad):
FORGED_IMS_HTML: no hits at all
FORGED_IMS_TAGS: no hits at all
FORGED_MUA_THEBAT_CS: no hits at all
FORGED_QUALCOMM_TAGS: no hits at all
FORGED_THEBAT_HTML: no hits at all
RATWARE_EFROM: no hits of target type
RATWARE_HASH_DASH: no hits at all
RATWARE_MOZ_MALFORMED: no hits at all
RATWARE_MPOP_WEBMAIL: no hits at all
RATWARE_NAME_ID: no hits at all
RATWARE_OE_MALFORMED: no hits at all
RATWARE_OUTLOOK_NONAME: no hits at all
RATWARE_RCVD_AT: no hits at all
RATWARE_RCVD_PF: no hits at all
RATWARE_ZERO_TZ: no hits at all
REPTO_QUOTE_AOL: no hits at all
REPTO_QUOTE_IMS: no hits at all
REPTO_QUOTE_MSN: no hits at all
REPTO_QUOTE_QUALCOMM: no hits at all
REPTO_QUOTE_YAHOO: bad, avg S/O=0.44 avg Spam%=0.01 avg Ham%=0.01
X_MESSAGE_INFO: no hits at all
__0_TZ_1: no hits of target type
# used in: RATWARE_ZERO_TZ
__0_TZ_2: no hits at all
# used in: RATWARE_ZERO_TZ
__0_TZ_4: no hits at all
# used in: RATWARE_ZERO_TZ
__0_TZ_5: no hits at all
# used in: RATWARE_ZERO_TZ
__0_TZ_6: no hits of target type
# used in: RATWARE_ZERO_TZ
__0_TZ_7: no hits at all
# used in: RATWARE_ZERO_TZ
__CTYPE_CHARSET_QUOTED: bad, avg S/O=0.73 avg Spam%=30.91 avg Ham%=11.61
# used in: FORGED_MUA_THEBAT_CS
__CTYPE_HAS_BOUNDARY: bad, avg S/O=0.49 avg Spam%=61.41 avg Ham%=63.18
# used in: YOUR_PERMISSION
__CTYPE_HTML: bad, avg S/O=0.46 avg Spam%=9.53 avg Ham%=11.25
# used in: MIME_PHP_NO_TEXT RATWARE_ZERO_TZ
__GATED_THROUGH_RCVD_REMOVER: bad, avg S/O=0.14 avg Spam%=0.00 avg Ham%=0.01
# used in: FORGED_MUA_MOZILLA TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__GROUPSIO_GATED: no hits at all
# used in: FORGED_MUA_MOZILLA TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__GROUPSIO_MSGID: no hits of target type
# used in: FORGED_MUA_MOZILLA TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2 __GROUPSIO_GATED
__HAS_XORIGMSGID: no hits at all
# used in: FORGED_MUA_MOZILLA TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2 __GROUPSIO_GATED
__HAS_X_LOOP: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.57
# used in: ADVANCE_FEE_2_NEW_FORM RCVD_DOTEDU_SUSP XM_UC_ONLY
__HAS_X_MAILING_LIST: bad, avg S/O=0.00 avg Spam%=0.02 avg Ham%=20.06
# used in: FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLYTO FREEMAIL_WFH_01 FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY XM_ONE_WORD __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__HAS_X_MAILMAN_VERSION: bad, avg S/O=0.01 avg Spam%=0.01 avg Ham%=1.15
# used in: FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLYTO FREEMAIL_WFH_01 SENDGRID_REDIR FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH SENDINBLUE_REDIR __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__HOTMAIL_BAYDAV_MSGID: no hits of target type
# used in: FORGED_MUA_MOZILLA TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__IMS_HTML_BUILDS: no hits at all
# used in: FORGED_IMS_HTML
__IMS_HTML_RCVD: no hits at all
# used in: FORGED_IMS_HTML
__IPLANET_MESSAGING_SERVER: no hits at all
# used in: FORGED_MUA_MOZILLA TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__LYRIS_EZLM_REMAILER: bad, avg S/O=0.04 avg Spam%=0.22 avg Ham%=5.25
# used in: FORGED_MUA_MOZILLA HEXHASH_WORD FROM_MISSP_XPRIO TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__MAILMAN_21: bad, avg S/O=0.01 avg Spam%=0.01 avg Ham%=1.15
# used in: FORGED_MUA_THEBAT_CS
__MIME_HTML: bad, avg S/O=0.41 avg Spam%=49.88 avg Ham%=71.93
# used in: BITCOIN_BOMB BITCOIN_DEADLINE BITCOIN_EXTORT_01 BITCOIN_YOUR_INFO FORGED_IMS_TAGS FORGED_QUALCOMM_TAGS HTML_MISSING_CTYPE MALWARE_PASSWORD GAPPY_HTML __GAPPY_HTML
__MIME_VERSION_APPLEMAIL: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.01
# used in: MIME_PHP_NO_TEXT
__MSGID_APPLEMAIL: bad, avg S/O=0.22 avg Spam%=0.21 avg Ham%=0.74
# used in: MIME_PHP_NO_TEXT XM_UC_ONLY __HDRS_LCASE_KNOWN
__RATWARE_0_TZ_DATE: bad, avg S/O=0.32 avg Spam%=11.82 avg Ham%=25.46
# used in: RATWARE_NAME_ID RATWARE_ZERO_TZ
__RCVD_WITH_EXCHANGE: no hits at all
# used in: RATWARE_OUTLOOK_NONAME
__REPTO_QUOTE: bad, avg S/O=0.68 avg Spam%=24.05 avg Ham%=11.47
# used in: LONG_INVISIBLE_TEXT REPTO_QUOTE_AOL REPTO_QUOTE_IMS REPTO_QUOTE_MSN REPTO_QUOTE_QUALCOMM REPTO_QUOTE_YAHOO
__SYMPATICO_MSGID: no hits at all
# used in: FORGED_MUA_MOZILLA TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__TAG_EXISTS_BODY: bad, avg S/O=0.39 avg Spam%=42.23 avg Ham%=66.42
# used in: FORGED_IMS_TAGS
__TAG_EXISTS_HEAD: bad, avg S/O=0.39 avg Spam%=41.53 avg Ham%=65.34
# used in: FORGED_IMS_TAGS
__TAG_EXISTS_HTML: bad, avg S/O=0.39 avg Spam%=42.15 avg Ham%=67.32
# used in: FORGED_IMS_TAGS FORGED_QUALCOMM_TAGS HTML_MIME_NO_HTML_TAG MALF_HTML_B64
__TAG_EXISTS_META: bad, avg S/O=0.36 avg Spam%=33.08 avg Ham%=58.58
# used in: FORGED_IMS_TAGS SCRIPT_GIBBERISH
__UNUSABLE_MSGID: bad, avg S/O=0.04 avg Spam%=0.23 avg Ham%=5.26
# used in: FORGED_MUA_MOZILLA TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__USER_AGENT_APPLEMAIL: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.08
# used in: MIME_PHP_NO_TEXT
__WACKY_SENDMAIL_VERSION: no hits at all
# used in: FORGED_MUA_MOZILLA TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2 __UNUSABLE_MSGID
__X_MAILER_APPLEMAIL: bad, avg S/O=0.07 avg Spam%=0.01 avg Ham%=0.08
# used in: MIME_PHP_NO_TEXT __USER_AGENT_APPLEMAIL
__YAHOO_BULK: no hits at all
# used in: FORGED_IMS_HTML FORGED_IMS_TAGS SPOOFED_URL SPOOFED_URL_HOST
rules/20_porn.cf (4 rules, 4 bad):
CUM_SHOT: no hits at all
FREE_PORN: no hits at all
LIVE_PORN: no hits at all
SUBJECT_SEXUAL: no hits at all
rules/20_phrases.cf (45 rules, 36 bad):
ACT_NOW_CAPS: bad, avg S/O=0.70 avg Spam%=0.05 avg Ham%=0.02
BAD_CREDIT: bad, avg S/O=0.76 avg Spam%=0.02 avg Ham%=0.01
BANG_GUAR: bad, avg S/O=0.79 avg Spam%=0.04 avg Ham%=0.01
BANG_OPRAH: no hits at all
BODY_ENHANCEMENT: bad, avg S/O=0.07 avg Spam%=0.00 avg Ham%=0.07
BODY_ENHANCEMENT2: bad, avg S/O=0.22 avg Spam%=0.01 avg Ham%=0.02
DEAR_FRIEND: bad, avg S/O=0.68 avg Spam%=0.12 avg Ham%=0.05
DEAR_SOMETHING: bad, avg S/O=0.77 avg Spam%=0.22 avg Ham%=0.06
DIET_1: bad, avg S/O=0.27 avg Spam%=0.63 avg Ham%=1.70
EM_ROLEX: bad, avg S/O=0.32 avg Spam%=0.00 avg Ham%=0.00
EXCUSE_REMOVE: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.01
FIN_FREE: bad, avg S/O=0.55 avg Spam%=0.01 avg Ham%=0.01
FORWARD_LOOKING: no hits at all
FREE_QUOTE_INSTANT: bad, avg S/O=0.24 avg Spam%=0.01 avg Ham%=0.02
IMPOTENCE: bad, avg S/O=0.66 avg Spam%=0.02 avg Ham%=0.01
INVESTMENT_ADVICE: bad, avg S/O=0.14 avg Spam%=0.01 avg Ham%=0.04
JOIN_MILLIONS: bad, avg S/O=0.31 avg Spam%=0.01 avg Ham%=0.02
LOW_PRICE: bad, avg S/O=0.30 avg Spam%=0.08 avg Ham%=0.18
MARKETING_PARTNERS: bad, avg S/O=0.26 avg Spam%=0.01 avg Ham%=0.03
MONEY_BACK: bad, avg S/O=0.46 avg Spam%=0.03 avg Ham%=0.04
NOT_ADVISOR: no hits at all
OBSCURED_EMAIL: no hits at all
ONE_TIME: bad, avg S/O=0.62 avg Spam%=0.00 avg Ham%=0.00
PREST_NON_ACCREDITED: no hits at all
REFINANCE_NOW: no hits at all
REFINANCE_YOUR_HOME: no hits at all
REMOVE_BEFORE_LINK: bad, avg S/O=0.09 avg Spam%=0.10 avg Ham%=1.05
RUDE_HTML: no hits at all
STOCK_ALERT: no hits at all
STRONG_BUY: no hits at all
URG_BIZ: bad, avg S/O=0.51 avg Spam%=0.15 avg Ham%=0.14
__RUDE_HTML_1: no hits at all
# used in: RUDE_HTML
__RUDE_HTML_2: no hits at all
# used in: RUDE_HTML
__RUDE_HTML_3: no hits at all
# used in: RUDE_HTML
__RUDE_HTML_4: no hits at all
# used in: RUDE_HTML
__URG_BIZ: bad, avg S/O=0.51 avg Spam%=0.15 avg Ham%=0.14
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY URG_BIZ __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
rules/20_meta_tests.cf (19 rules, 11 bad):
EMPTY_MESSAGE: bad, avg S/O=0.71 avg Spam%=0.01 avg Ham%=0.00
FORGED_MUA_MOZILLA: bad, avg S/O=0.76 avg Spam%=0.03 avg Ham%=0.01
INVALID_MSGID: bad, avg S/O=0.76 avg Spam%=0.58 avg Ham%=0.18
UPPERCASE_50_75: bad, avg S/O=0.40 avg Spam%=0.09 avg Ham%=0.14
__HAS_MSGID: bad, avg S/O=0.50 avg Spam%=99.36 avg Ham%=99.91
# used in: INVALID_MSGID
__MOZILLA_MSGID: bad, avg S/O=0.28 avg Spam%=4.33 avg Ham%=11.34
# used in: FORGED_MUA_MOZILLA THIS_AD
__MOZILLA_MUA: bad, avg S/O=0.53 avg Spam%=3.28 avg Ham%=2.89
# used in: FORGED_MUA_MOZILLA
__NONEMPTY_BODY: bad, avg S/O=0.50 avg Spam%=99.99 avg Ham%=99.99
# used in: EMPTY_MESSAGE
__SANE_MSGID: bad, avg S/O=0.50 avg Spam%=98.77 avg Ham%=99.73
# used in: INVALID_MSGID
__UPPERCASE_25_50: bad, avg S/O=0.20 avg Spam%=1.12 avg Ham%=4.55
# used in: PHP_NOVER_MUA
__UPPERCASE_50_75: bad, avg S/O=0.40 avg Spam%=0.09 avg Ham%=0.14
# used in: UPPERCASE_50_75
rules/20_imageinfo.cf (17 rules, 9 bad):
DC_IMAGE_SPAM_HTML: no hits of target type
DC_IMAGE_SPAM_TEXT: no hits of target type
DC_PNG_UNO_LARGO: bad, avg S/O=0.39 avg Spam%=0.03 avg Ham%=0.04
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__DC_IMG_HTML_RATIO: bad, avg S/O=0.79 avg Spam%=0.93 avg Ham%=0.25
# used in: DC_IMAGE_SPAM_HTML
__DC_IMG_TEXT_RATIO: bad, avg S/O=0.79 avg Spam%=1.33 avg Ham%=0.36
# used in: DC_IMAGE_SPAM_TEXT
__HTML_IMG_ONLY: bad, avg S/O=0.76 avg Spam%=5.03 avg Ham%=1.56
# used in: DC_IMAGE_SPAM_HTML DOTGOV_IMAGE RCVD_DOTEDU_SHORT STOCK_IMG_HDR_FROM STOCK_IMG_HTML FROM_MULTI_SHORT_IMG REMOTE_IMAGE SUSP_UTF8_WORD_COMBO __FROM_MULTI_SHORT_IMG
__PNG_AREA_180K: bad, avg S/O=0.73 avg Spam%=0.18 avg Ham%=0.07
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT DC_PNG_UNO_LARGO
__PNG_ATTACH_1: bad, avg S/O=0.59 avg Spam%=3.08 avg Ham%=2.13
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT DC_PNG_UNO_LARGO
__PNG_ATTACH_2P: bad, avg S/O=0.43 avg Spam%=0.37 avg Ham%=0.48
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
rules/20_html_tests.cf (69 rules, 49 bad):
HIDE_WIN_STATUS: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.01
HTML_BADTAG_40_50: no hits at all
HTML_BADTAG_50_60: no hits at all
HTML_BADTAG_60_70: no hits at all
HTML_BADTAG_90_100: no hits at all
HTML_COMMENT_SAVED_URL: bad, avg S/O=0.76 avg Spam%=0.04 avg Ham%=0.01
HTML_COMMENT_SHORT: no hits at all
HTML_EMBEDS: bad, avg S/O=0.15 avg Spam%=0.00 avg Ham%=0.00
HTML_FONT_FACE_BAD: bad, avg S/O=0.50 avg Spam%=0.16 avg Ham%=0.16
HTML_FONT_LOW_CONTRAST: bad, avg S/O=0.41 avg Spam%=13.89 avg Ham%=20.35
HTML_FORMACTION_MAILTO: no hits at all
HTML_IFRAME_SRC: no hits at all
HTML_IMAGE_ONLY_12: bad, avg S/O=0.55 avg Spam%=0.45 avg Ham%=0.38
# used in: DC_IMAGE_SPAM_HTML DOTGOV_IMAGE
HTML_IMAGE_ONLY_20: bad, avg S/O=0.67 avg Spam%=1.13 avg Ham%=0.57
# used in: DC_IMAGE_SPAM_HTML DOTGOV_IMAGE
HTML_IMAGE_ONLY_24: bad, avg S/O=0.79 avg Spam%=0.98 avg Ham%=0.25
# used in: DC_IMAGE_SPAM_HTML DOTGOV_IMAGE
HTML_IMAGE_RATIO_02: bad, avg S/O=0.53 avg Spam%=5.82 avg Ham%=5.18
HTML_IMAGE_RATIO_04: bad, avg S/O=0.33 avg Spam%=1.80 avg Ham%=3.71
HTML_IMAGE_RATIO_06: bad, avg S/O=0.23 avg Spam%=1.06 avg Ham%=3.56
HTML_IMAGE_RATIO_08: bad, avg S/O=0.77 avg Spam%=7.28 avg Ham%=2.18
HTML_MESSAGE: bad, avg S/O=0.41 avg Spam%=49.87 avg Ham%=71.93
# used in: BITCOIN_SPAM_11
HTML_MIME_NO_HTML_TAG: bad, avg S/O=0.79 avg Spam%=3.80 avg Ham%=1.01
HTML_MISSING_CTYPE: no hits at all
HTML_NONELEMENT_30_40: no hits at all
HTML_NONELEMENT_40_50: no hits at all
HTML_NONELEMENT_60_70: no hits at all
HTML_NONELEMENT_80_90: no hits at all
HTML_OBFUSCATE_10_20: bad, avg S/O=0.56 avg Spam%=0.04 avg Ham%=0.03
HTML_OBFUSCATE_30_40: no hits at all
HTML_OBFUSCATE_50_60: no hits at all
HTML_OBFUSCATE_70_80: no hits at all
HTML_SHORT_LINK_IMG_1: bad, avg S/O=0.67 avg Spam%=0.49 avg Ham%=0.24
HTML_SHORT_LINK_IMG_3: bad, avg S/O=0.73 avg Spam%=1.11 avg Ham%=0.42
HTML_TAG_BALANCE_BODY: bad, avg S/O=0.63 avg Spam%=0.38 avg Ham%=0.22
HTML_TAG_BALANCE_HEAD: bad, avg S/O=0.46 avg Spam%=0.09 avg Ham%=0.10
HTML_TAG_EXIST_BGSOUND: no hits at all
HTML_TITLE_SUBJ_DIFF: bad, avg S/O=0.44 avg Spam%=0.01 avg Ham%=0.02
JS_FROMCHARCODE: no hits at all
OBFUSCATING_COMMENT: no hits at all
__COMMENT_EXISTS: bad, avg S/O=0.30 avg Spam%=20.77 avg Ham%=49.09
# used in: TO_NO_BRKTS_DYNIP YOUR_PERMISSION
__HIGHBITS: bad, avg S/O=0.43 avg Spam%=19.64 avg Ham%=25.88
# used in: DOS_HIGH_BAT_TO_MX
__HTML_LENGTH_0000_1024: bad, avg S/O=0.76 avg Spam%=4.80 avg Ham%=1.55
# used in: HTML_SHORT_LINK_IMG_1 DRUGS_ERECTILE_SHORT_SHORTNER
__HTML_LENGTH_1024_1536: bad, avg S/O=0.61 avg Spam%=1.46 avg Ham%=0.95
# used in: RCVD_DOTEDU_SHORT FROM_MULTI_SHORT_IMG __FROM_MULTI_SHORT_IMG
__HTML_LENGTH_1536_2048: bad, avg S/O=0.61 avg Spam%=1.83 avg Ham%=1.15
# used in: HTML_SHORT_LINK_IMG_3 STOCK_IMG_OUTLOOK
__HTML_LINK_IMAGE: bad, avg S/O=0.34 avg Spam%=29.07 avg Ham%=57.29
# used in: DOTGOV_IMAGE HTML_SHORT_LINK_IMG_1 HTML_SHORT_LINK_IMG_3 FROM_MULTI_SHORT_IMG REMOTE_IMAGE __FROM_MULTI_SHORT_IMG
__HTML_TITLE_SUBJ_DIFF: bad, avg S/O=0.43 avg Spam%=0.01 avg Ham%=0.02
# used in: HTML_TITLE_SUBJ_DIFF
__JS_DOCWRITE: bad, avg S/O=0.21 avg Spam%=0.02 avg Ham%=0.06
# used in: JS_FROMCHARCODE
__JS_FROMCHARCODE: no hits at all
# used in: JS_FROMCHARCODE
__MIME_ATTACHMENT: bad, avg S/O=0.22 avg Spam%=0.53 avg Ham%=1.83
# used in: EMPTY_MESSAGE HTML_TITLE_SUBJ_DIFF
__OBFUSCATING_COMMENT_B: bad, avg S/O=0.22 avg Spam%=0.11 avg Ham%=0.39
# used in: OBFUSCATING_COMMENT PHP_ORIG_SCRIPT
rules/20_head_tests.cf (160 rules, 80 bad):
BAD_ENC_HEADER: bad, avg S/O=0.80 avg Spam%=0.07 avg Ham%=0.02
CONFIRMED_FORGED: no hits at all
DATE_IN_FUTURE_96_XX: no hits at all
DATE_IN_PAST_24_48: bad, avg S/O=0.75 avg Spam%=0.18 avg Ham%=0.06
DATE_SPAMWARE_Y2K: no hits at all
FAKE_OUTBLAZE_RCVD: no hits at all
FORGED_MSGID_AOL: no hits at all
FORGED_MSGID_HOTMAIL: no hits at all
FORGED_MSGID_MSN: no hits at all
FORGED_MSGID_YAHOO: bad, avg S/O=0.80 avg Spam%=0.00 avg Ham%=0.00
FORGED_TELESP_RCVD: no hits at all
FROM_EXCESS_BASE64: bad, avg S/O=0.33 avg Spam%=0.61 avg Ham%=1.25
FROM_LOCAL_HEX: no hits at all
FROM_OFFERS: bad, avg S/O=0.57 avg Spam%=0.09 avg Ham%=0.07
FROM_STARTS_WITH_NUMS: bad, avg S/O=0.62 avg Spam%=0.07 avg Ham%=0.05
GAPPY_SUBJECT: bad, avg S/O=0.18 avg Spam%=0.02 avg Ham%=0.11
HEADER_COUNT_CTYPE: no hits at all
HEAD_ILLEGAL_CHARS: no hits at all
INVALID_DATE_TZ_ABSURD: bad, avg S/O=0.63 avg Spam%=0.00 avg Ham%=0.00
INVALID_TZ_CST: no hits at all
INVALID_TZ_EST: no hits at all
JAPANESE_UCE_BODY: no hits at all
JAPANESE_UCE_SUBJECT: no hits at all
KOREAN_UCE_SUBJECT: no hits at all
MIME_BOUND_DIGITS_15: bad, avg S/O=0.73 avg Spam%=0.00 avg Ham%=0.00
MIME_BOUND_MANY_HEX: no hits at all
MISSING_FROM: bad, avg S/O=0.63 avg Spam%=0.00 avg Ham%=0.00
MISSING_SUBJECT: bad, avg S/O=0.57 avg Spam%=0.03 avg Ham%=0.03
MSGID_FROM_MTA_HEADER: bad, avg S/O=0.74 avg Spam%=3.12 avg Ham%=1.09
MSGID_SHORT: bad, avg S/O=0.62 avg Spam%=0.01 avg Ham%=0.01
MSGID_SPAM_LETTERS: no hits at all
MULTI_FORGED: no hits at all
NONEXISTENT_CHARSET: no hits at all
PREVENT_NONDELIVERY: no hits at all
RCVD_AM_PM: no hits at all
SORTED_RECIPS: bad, avg S/O=0.25 avg Spam%=0.03 avg Ham%=0.08
SUBJECT_DIET: bad, avg S/O=0.07 avg Spam%=0.05 avg Ham%=0.68
SUBJ_ALL_CAPS: bad, avg S/O=0.78 avg Spam%=1.94 avg Ham%=0.55
SUBJ_BUY: bad, avg S/O=0.41 avg Spam%=0.07 avg Ham%=0.11
SUBJ_DOLLARS: bad, avg S/O=0.32 avg Spam%=0.12 avg Ham%=0.24
SUSPICIOUS_RECIPS: bad, avg S/O=0.12 avg Spam%=0.03 avg Ham%=0.20
TO_MALFORMED: bad, avg S/O=0.70 avg Spam%=0.06 avg Ham%=0.03
WITH_LC_SMTP: no hits at all
X_PRIORITY_CC: no hits at all
__AT_AOL_MSGID: bad, avg S/O=0.21 avg Spam%=0.01 avg Ham%=0.02
# used in: FORGED_MSGID_AOL
__AT_HOTMAIL_MSGID: bad, avg S/O=0.78 avg Spam%=0.01 avg Ham%=0.00
# used in: FORGED_MSGID_HOTMAIL
__AT_YAHOO_MSGID: bad, avg S/O=0.50 avg Spam%=0.02 avg Ham%=0.02
# used in: FORGED_MSGID_YAHOO REPTO_QUOTE_YAHOO
__CD: bad, avg S/O=0.20 avg Spam%=1.11 avg Ham%=4.53
# used in: TO_NO_BRKTS_DYNIP
__CTE: bad, avg S/O=0.56 avg Spam%=41.94 avg Ham%=33.28
# used in: CTE_8BIT_MISMATCH
__CT_TEXT_PLAIN: bad, avg S/O=0.58 avg Spam%=29.07 avg Ham%=20.76
# used in: CTE_8BIT_MISMATCH YOUR_PERMISSION
__ENV_AND_HDR_FROM_MATCH: bad, avg S/O=0.65 avg Spam%=35.52 avg Ham%=19.27
# used in: STOCK_IMG_HDR_FROM STOCK_IMG_HTML STOCK_IMG_OUTLOOK SYSADMIN TVD_PH_FR5
__FORGED_AOL_RCVD: no hits at all
# used in: CONFIRMED_FORGED MULTI_FORGED
__FORGED_EUDORAMAIL_RCVD: no hits at all
# used in: CONFIRMED_FORGED MULTI_FORGED
__FORGED_JUNO_RCVD: bad, avg S/O=0.32 avg Spam%=0.00 avg Ham%=0.01
# used in: CONFIRMED_FORGED MULTI_FORGED
__FROM_AOL_COM: bad, avg S/O=0.35 avg Spam%=0.02 avg Ham%=0.04
# used in: FORGED_MSGID_AOL
__FROM_ENCODED_B64: bad, avg S/O=0.55 avg Spam%=2.05 avg Ham%=1.69
# used in: FROM_EXCESS_BASE64 HDR_CASE_REV_ENC
__FROM_ENCODED_QP: bad, avg S/O=0.11 avg Spam%=1.67 avg Ham%=14.02
# used in: HTML_TEXT_INVISIBLE_STYLE THIS_AD
__FROM_HOTMAIL_COM: bad, avg S/O=0.63 avg Spam%=0.20 avg Ham%=0.12
# used in: FORGED_MSGID_HOTMAIL FORGED_MSGID_MSN MSGID_FROM_MTA_HEADER PHP_ORIG_SCRIPT
__FROM_MSN_COM: bad, avg S/O=0.60 avg Spam%=0.01 avg Ham%=0.01
# used in: FORGED_MSGID_HOTMAIL FORGED_MSGID_MSN REPTO_QUOTE_MSN
__FROM_NEEDS_MIME2: bad, avg S/O=0.60 avg Spam%=2.53 avg Ham%=1.68
# used in: FROM_EXCESS_BASE64
__FROM_YAHOO_COM: bad, avg S/O=0.37 avg Spam%=0.06 avg Ham%=0.11
# used in: FORGED_MSGID_HOTMAIL FORGED_MSGID_MSN FORGED_MSGID_YAHOO REPTO_QUOTE_YAHOO
__GAPPY_SUBJECT: bad, avg S/O=0.18 avg Spam%=0.02 avg Ham%=0.11
# used in: GAPPY_SUBJECT GAPPY_LOW_CONTRAST
__HAS_FROM: bad, avg S/O=0.50 avg Spam%=100.00 avg Ham%=100.00
# used in: MISSING_FROM T_EMPTY_FROM_OR_TO_OR_CC
__HAS_SUBJECT: bad, avg S/O=0.50 avg Spam%=99.97 avg Ham%=99.97
# used in: MISSING_SUBJECT
__HAS_X_MAILER: bad, avg S/O=0.53 avg Spam%=38.20 avg Ham%=33.58
# used in: LONG_INVISIBLE_TEXT RATWARE_OUTLOOK_NONAME URI_DOTEDU
__IS_EXCH: no hits of target type
# used in: TO_NO_BRKTS_DYNIP
__JAPANESE_UCE_BODY: no hits at all
# used in: JAPANESE_UCE_BODY
__ML1: bad, avg S/O=0.26 avg Spam%=10.65 avg Ham%=30.90
# used in: BULK_RE_SUSP_NTLD DOTGOV_IMAGE FILL_THIS_FORM FUZZY_DR_OZ HEXHASH_WORD FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST TO_NO_BRKTS_DYNIP UC_GIBBERISH_OBFU URI_DOTEDU
__ML2: bad, avg S/O=0.11 avg Spam%=5.08 avg Ham%=43.24
# used in: DOTGOV_IMAGE FILL_THIS_FORM FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLYTO FREEMAIL_WFH_01 FUZZY_DR_OZ HEXHASH_WORD FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST UC_GIBBERISH_OBFU URI_DOTEDU __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__ML3: bad, avg S/O=0.12 avg Spam%=0.50 avg Ham%=3.65
# used in: DOTGOV_IMAGE FILL_THIS_FORM FUZZY_DR_OZ HEXHASH_WORD FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST UC_GIBBERISH_OBFU URI_DOTEDU
__ML4: bad, avg S/O=0.10 avg Spam%=0.25 avg Ham%=2.27
# used in: DOTGOV_IMAGE FILL_THIS_FORM FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLYTO FREEMAIL_WFH_01 FUZZY_DR_OZ HEXHASH_WORD FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST UC_GIBBERISH_OBFU URI_DOTEDU __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__ML5: bad, avg S/O=0.00 avg Spam%=0.03 avg Ham%=21.08
# used in: DOTGOV_IMAGE FILL_THIS_FORM FUZZY_DR_OZ HEXHASH_WORD FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST UC_GIBBERISH_OBFU URI_DOTEDU
__ML_TURNS_SP_TO_TAB: bad, avg S/O=0.00 avg Spam%=0.02 avg Ham%=19.91
# used in: KB_FAKED_THE_BAT
__MSGID_BEFORE_OKAY: bad, avg S/O=0.19 avg Spam%=0.06 avg Ham%=0.25
# used in: MSGID_FROM_MTA_HEADER PHP_ORIG_SCRIPT
__MSGID_BEFORE_RECEIVED: bad, avg S/O=0.74 avg Spam%=3.15 avg Ham%=1.09
# used in: MSGID_FROM_MTA_HEADER PHP_ORIG_SCRIPT
__MSGID_OK_DIGITS: bad, avg S/O=0.34 avg Spam%=26.35 avg Ham%=51.28
# used in: PHP_NOVER_MUA SYSADMIN SUSP_UTF8_WORD_COMBO
__MSGID_OK_HEX: bad, avg S/O=0.30 avg Spam%=13.12 avg Ham%=30.40
# used in: TO_NO_BRKTS_DYNIP
__MSGID_OK_HOST: bad, avg S/O=0.55 avg Spam%=71.13 avg Ham%=58.89
# used in: URI_DEOBFU_INSTR
__SUBJECT_ENCODED_B64: bad, avg S/O=0.56 avg Spam%=6.40 avg Ham%=4.94
# used in: HDR_CASE_REV_ENC
__VIA_ML: bad, avg S/O=0.20 avg Spam%=12.56 avg Ham%=49.89
# used in: DOTGOV_IMAGE FILL_THIS_FORM FUZZY_DR_OZ HEXHASH_WORD FILL_THIS_FORM_FRAUD_PHISH FILL_THIS_FORM_SHORT NOT_A_PERSON REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_LOW_CNTRST UC_GIBBERISH_OBFU URI_DOTEDU __NOT_A_PERSON __REMOTE_IMAGE
rules/20_freemail.cf (12 rules, 9 bad):
FREEMAIL_ENVFROM_END_DIGIT: bad, avg S/O=0.77 avg Spam%=0.78 avg Ham%=0.24
FREEMAIL_FORGED_REPLYTO: bad, avg S/O=0.74 avg Spam%=4.49 avg Ham%=1.58
FREEMAIL_FROM: bad, avg S/O=0.61 avg Spam%=6.35 avg Ham%=4.06
# used in: FREEMAIL_FORGED_FROMDOMAIN FREEMAIL_FORGED_REPLYTO
FREEMAIL_REPLYTO: bad, avg S/O=0.67 avg Spam%=1.99 avg Ham%=0.96
__freemail_hdr_replyto: bad, avg S/O=0.80 avg Spam%=8.03 avg Ham%=2.01
# used in: FREEMAIL_FORGED_REPLYTO ZW_OBFU_FREEM
__freemail_replyto: bad, avg S/O=0.67 avg Spam%=1.99 avg Ham%=0.97
# used in: FREEMAIL_REPLYTO FREEMAIL_WFH_01 FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__freemail_safe: bad, avg S/O=0.11 avg Spam%=5.27 avg Ham%=44.53
# used in: FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLYTO FREEMAIL_WFH_01 FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01
__freemail_safe_fwd: bad, avg S/O=0.03 avg Spam%=0.02 avg Ham%=0.61
# used in: FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLYTO FREEMAIL_WFH_01 FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01 __freemail_safe
__freemail_safe_rls: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.43
# used in: FREEMAIL_FORGED_REPLYTO FREEMAIL_REPLYTO FREEMAIL_WFH_01 FREEMAIL_DOC_PDF FREEMAIL_DOC_PDF_BCC FREEMAIL_RVW_ATTCH __FREEMAIL_DOC_PDF __FREEMAIL_WFH_01 __freemail_safe
rules/20_fake_helo_tests.cf (18 rules, 6 bad):
HELO_DYNAMIC_DIALIN: no hits at all
HELO_DYNAMIC_HOME_NL: no hits at all
HELO_DYNAMIC_ROGERS: no hits at all
HELO_STATIC_HOST: bad, avg S/O=0.32 avg Spam%=0.00 avg Ham%=0.00
__HELO_STATIC_ROGERS: no hits at all
# used in: HELO_STATIC_HOST
__HELO_STATIC_SENDGRID: bad, avg S/O=0.27 avg Spam%=0.00 avg Ham%=0.00
# used in: HELO_STATIC_HOST
rules/20_dynrdns.cf (36 rules, 20 bad):
__CGATE_RCVD: bad, avg S/O=0.41 avg Spam%=0.03 avg Ham%=0.05
# used in: GOOG_REDIR_HTML_ONLY
__DOMINO_RCVD: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.00
# used in: GOOG_REDIR_HTML_ONLY
__LAST_EXTERNAL_RELAY_NO_AUTH: bad, avg S/O=0.50 avg Spam%=99.87 avg Ham%=99.44
# used in: DYN_RDNS_AND_INLINE_IMAGE KHOP_BOTNET_UNCLEAN TO_NO_BRKTS_DYNIP
__LAST_UNTRUSTED_RELAY_NO_AUTH: bad, avg S/O=0.50 avg Spam%=99.87 avg Ham%=99.44
# used in: DOS_HIGH_BAT_TO_MX
__RDNS_DYNAMIC_ADELPHIA: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_ATTBI: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_CHELLO_NO: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_COMCAST: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_DIALIN: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_NTL: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_ROGERS: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_RR2: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_SPACELAN: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.42
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_TDS: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_TELIA: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_VELOX: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_VIRTUA: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_VTR: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_DYNAMIC_YAHOOBB: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
__RDNS_STATIC: bad, avg S/O=0.74 avg Spam%=8.78 avg Ham%=2.98
# used in: DYN_RDNS_AND_INLINE_IMAGE TO_NO_BRKTS_DYNIP
rules/20_drugs.cf (84 rules, 54 bad):
DRUGS_ANXIETY: bad, avg S/O=0.49 avg Spam%=0.00 avg Ham%=0.00
DRUGS_ANXIETY_EREC: no hits at all
DRUGS_ANXIETY_OBFU: no hits at all
DRUGS_DIET_OBFU: no hits at all
DRUGS_MANYKINDS: no hits at all
DRUGS_MUSCLE: no hits at all
# used in: DRUGS_MANYKINDS
DRUGS_SLEEP_EREC: no hits at all
DRUG_DOSAGE: no hits at all
DRUG_ED_GENERIC: no hits at all
DRUG_ED_SILD: bad, avg S/O=0.71 avg Spam%=0.03 avg Ham%=0.01
SUBJECT_DRUG_GAP_S: no hits at all
SUBJECT_DRUG_GAP_X: no hits at all
VIA_GAP_GRA: no hits at all
__DRUGS_ANXIETY1: bad, avg S/O=0.71 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_ANXIETY_OBFU DRUGS_MANYKINDS
__DRUGS_ANXIETY2: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY4: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY5: no hits at all
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY7: no hits at all
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY8: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY9: no hits at all
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY_VAL: bad, avg S/O=0.48 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_ANXIETY_OBFU
__DRUGS_ANXIETY_XAN: bad, avg S/O=0.50 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_ANXIETY_OBFU
__DRUGS_DIET1: no hits at all
# used in: DRUGS_DIET_OBFU DRUGS_MANYKINDS
__DRUGS_DIET2: no hits at all
# used in: DRUGS_MANYKINDS
__DRUGS_DIET3: no hits at all
# used in: DRUGS_MANYKINDS
__DRUGS_DIET4: no hits at all
# used in: DRUGS_MANYKINDS
__DRUGS_DIET5: no hits at all
# used in: DRUGS_MANYKINDS
__DRUGS_DIET7: no hits at all
# used in: DRUGS_MANYKINDS
__DRUGS_DIET8: no hits at all
# used in: DRUGS_MANYKINDS
__DRUGS_DIET_PHEN: no hits at all
# used in: DRUGS_DIET_OBFU
__DRUGS_ERECTILE11: no hits at all
# used in: DRUGS_ANXIETY_EREC DRUGS_MANYKINDS DRUGS_SLEEP_EREC DRUGS_ERECTILE_SHORT_SHORTNER
__DRUGS_ERECTILE8: bad, avg S/O=0.76 avg Spam%=0.03 avg Ham%=0.01
# used in: DRUGS_ANXIETY_EREC DRUGS_MANYKINDS DRUGS_SLEEP_EREC DRUGS_ERECTILE_SHORT_SHORTNER
__DRUGS_MUSCLE2: no hits at all
# used in: DRUGS_MANYKINDS DRUGS_MUSCLE
__DRUGS_MUSCLE3: no hits at all
# used in: DRUGS_MANYKINDS DRUGS_MUSCLE
__DRUGS_MUSCLE4: no hits at all
# used in: DRUGS_MANYKINDS DRUGS_MUSCLE
__DRUGS_MUSCLE5: no hits at all
# used in: DRUGS_MANYKINDS DRUGS_MUSCLE
__DRUGS_PAIN: bad, avg S/O=0.75 avg Spam%=0.01 avg Ham%=0.00
# used in: DRUGS_MANYKINDS
__DRUGS_PAIN10: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN11: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN12: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN13: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN14: bad, avg S/O=0.65 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN2: bad, avg S/O=0.64 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN3: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN4: bad, avg S/O=0.34 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN5: bad, avg S/O=0.66 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN6: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN7: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN9: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_SLEEP: bad, avg S/O=0.15 avg Spam%=0.00 avg Ham%=0.02
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC
__DRUGS_SLEEP1: bad, avg S/O=0.65 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
__DRUGS_SLEEP2: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.02
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
__DRUGS_SLEEP3: no hits at all
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
__DRUGS_SLEEP4: no hits at all
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
rules/20_body_tests.cf (30 rules, 18 bad):
BLANK_LINES_80_90: no hits at all
EMAIL_ROT13: no hits at all
HTTPS_IP_MISMATCH: no hits at all
MIMEPART_LIMIT_EXCEEDED: no hits at all
MIME_BAD_ISO_CHARSET: no hits at all
MIME_BASE64_TEXT: bad, avg S/O=0.72 avg Spam%=0.21 avg Ham%=0.08
# used in: MALF_HTML_B64
MIME_HTML_MOSTLY: bad, avg S/O=0.52 avg Spam%=1.90 avg Ham%=1.73
MIME_HTML_ONLY: bad, avg S/O=0.40 avg Spam%=10.59 avg Ham%=15.67
# used in: FORGED_IMS_HTML FORGED_THEBAT_HTML HTML_MIME_NO_HTML_TAG MALF_HTML_B64
MIME_HTML_ONLY_MULTI: no hits at all
MIME_QP_LONG_LINE: bad, avg S/O=0.20 avg Spam%=3.19 avg Ham%=12.65
MPART_ALT_DIFF: bad, avg S/O=0.45 avg Spam%=2.96 avg Ham%=3.60
MPART_ALT_DIFF_COUNT: bad, avg S/O=0.63 avg Spam%=0.46 avg Ham%=0.27
TRACKER_ID: bad, avg S/O=0.18 avg Spam%=0.08 avg Ham%=0.36
URI_TRUNCATED: bad, avg S/O=0.52 avg Spam%=0.03 avg Ham%=0.02
WEIRD_QUOTING: bad, avg S/O=0.63 avg Spam%=0.02 avg Ham%=0.01
__CTYPE_MULTIPART_ALT: bad, avg S/O=0.50 avg Spam%=56.70 avg Ham%=56.39
# used in: MIME_HTML_ONLY_MULTI
__MIME_QP: bad, avg S/O=0.32 avg Spam%=12.04 avg Ham%=25.50
# used in: LONG_INVISIBLE_TEXT
__SUBJECT_UTF8_B_ENCODED: bad, avg S/O=0.55 avg Spam%=5.89 avg Ham%=4.88
# used in: HDR_CASE_REV_ENC
rules/20_advance_fee.cf (53 rules, 7 bad):
__FRAUD_AXF: no hits of target type
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__FRAUD_IRT: bad, avg S/O=0.76 avg Spam%=0.41 avg Ham%=0.13
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__FRAUD_JYG: bad, avg S/O=0.78 avg Spam%=0.03 avg Ham%=0.01
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__FRAUD_MLY: bad, avg S/O=0.27 avg Spam%=0.14 avg Ham%=0.38
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__FRAUD_ULK: bad, avg S/O=0.28 avg Spam%=0.01 avg Ham%=0.03
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__FRAUD_WDR: no hits of target type
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__FRAUD_YQV: bad, avg S/O=0.68 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
rules/10_hasbase.cf (21 rules, 10 bad):
__HAS_CC: bad, avg S/O=0.01 avg Spam%=0.17 avg Ham%=20.77
# used in: T_EMPTY_FROM_OR_TO_OR_CC
__HAS_ERRORS_TO: bad, avg S/O=0.11 avg Spam%=0.64 avg Ham%=4.94
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY LIST_PRTL_SAME_USER LONG_IMG_URI SENDGRID_REDIR FILL_THIS_FORM_FRAUD_PHISH LIST_PARTIAL SENDINBLUE_REDIR URI_TRY_3LD __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__HAS_IN_REPLY_TO: bad, avg S/O=0.02 avg Spam%=0.50 avg Ham%=20.50
# used in: ADVANCE_FEE_2_NEW_FORM BOMB_MONEY MIME_PHP_NO_TEXT FILL_THIS_FORM_FRAUD_PHISH __ADVANCE_FEE_2_NEW __ADVANCE_FEE_2_NEW_FORM
__HAS_LIST_ID: bad, avg S/O=0.11 avg Spam%=5.08 avg Ham%=43.24
# used in: AC_POST_EXTRAS RCVD_DOTEDU_SHORT USING_VERP ZW_OBFU_FROMTOSUBJ
__HAS_REPLY_TO: bad, avg S/O=0.51 avg Spam%=53.02 avg Ham%=51.54
# used in: IRS_SPOOF
__HAS_SENDER: bad, avg S/O=0.44 avg Spam%=3.32 avg Ham%=4.27
# used in: HEXHASH_WORD LIST_PARTIAL
__HAS_TO: bad, avg S/O=0.50 avg Spam%=99.05 avg Ham%=99.87
# used in: T_EMPTY_FROM_OR_TO_OR_CC
__HAS_URI: bad, avg S/O=0.50 avg Spam%=96.58 avg Ham%=95.40
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__HAS_X_BEEN_THERE: bad, avg S/O=0.03 avg Spam%=0.06 avg Ham%=1.96
# used in: SENDGRID_REDIR SENDINBLUE_REDIR
__HAS_X_REF: bad, avg S/O=0.02 avg Spam%=0.53 avg Ham%=20.91
# used in: HEXHASH_WORD MIME_PHP_NO_TEXT RCVD_DOTEDU_SUSP XM_UC_ONLY