HTTP get: http://ruleqa.spamassassin.org/1-days-ago?xml=1
HTTP get: http://ruleqa.spamassassin.org/2-days-ago?xml=1
HTTP get: http://ruleqa.spamassassin.org/3-days-ago?xml=1
Bad performing rules, from the past 3 night's mass-checks.
(Note: 'net' rules will be listed as 'no hits' unless you set 'tflags net'.
This also applies for meta rules which use 'net' rules.)
rulesrc/sandbox/smf/30_smf_nontest.cf (5 rules, 2 bad):
FSL_LINK_AWS_S3_WEB: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.04
FSL_LINK_AWS_S3_WEB_FM: bad, avg S/O=0.40 avg Spam%=0.00 avg Ham%=0.00
rulesrc/sandbox/smf/20_smf.cf (56 rules, 46 bad):
FSL_ABUSED_WEB_1: bad, avg S/O=0.31 avg Spam%=0.49 avg Ham%=1.09
FSL_ABUSED_WEB_2: bad, avg S/O=0.67 avg Spam%=0.10 avg Ham%=0.05
FSL_ABUSED_WEB_3: bad, avg S/O=0.23 avg Spam%=0.45 avg Ham%=1.49
FSL_HTML_BLOCK_LOTS_1: bad, avg S/O=0.13 avg Spam%=3.30 avg Ham%=21.28
FSL_HTML_BLOCK_LOTS_2: bad, avg S/O=0.13 avg Spam%=3.30 avg Ham%=21.28
FSL_HTML_BLOCK_LOTS_3: bad, avg S/O=0.13 avg Spam%=3.30 avg Ham%=21.28
FSL_HTML_ENT_LOTS_1: bad, avg S/O=0.53 avg Spam%=73.67 avg Ham%=65.17
FSL_HTML_ENT_LOTS_2: bad, avg S/O=0.53 avg Spam%=73.67 avg Ham%=65.17
FSL_HTML_ENT_LOTS_3: bad, avg S/O=0.53 avg Spam%=73.67 avg Ham%=65.17
FSL_NOT_FROM_AOL: no hits at all
FSL_NOT_FROM_GOOGLE: no hits of target type
FSL_NOT_FROM_HOTMAIL: no hits of target type
FSL_NOT_FROM_YAHOO: no hits of target type
FSL_NO_RCVD_1: bad, avg S/O=0.03 avg Spam%=0.10 avg Ham%=3.11
FSL_RCVD_EX_0: bad, avg S/O=0.03 avg Spam%=0.11 avg Ham%=3.90
FSL_RCVD_EX_1: bad, avg S/O=0.22 avg Spam%=7.92 avg Ham%=27.49
FSL_RCVD_EX_2: bad, avg S/O=0.73 avg Spam%=70.33 avg Ham%=26.20
FSL_RCVD_EX_3: bad, avg S/O=0.12 avg Spam%=3.14 avg Ham%=22.34
FSL_RCVD_EX_4: bad, avg S/O=0.15 avg Spam%=1.86 avg Ham%=10.37
FSL_RCVD_EX_5: bad, avg S/O=0.78 avg Spam%=9.16 avg Ham%=2.63
FSL_RCVD_EX_GT_5: bad, avg S/O=0.51 avg Spam%=7.49 avg Ham%=7.07
FSL_RCVD_TR_1: bad, avg S/O=0.06 avg Spam%=2.43 avg Ham%=41.99
FSL_RCVD_TR_2: bad, avg S/O=0.61 avg Spam%=14.22 avg Ham%=9.19
FSL_RCVD_UT_1: bad, avg S/O=0.73 avg Spam%=73.12 avg Ham%=27.49
FSL_RCVD_UT_2: bad, avg S/O=0.17 avg Spam%=5.48 avg Ham%=26.20
FSL_RCVD_UT_3: bad, avg S/O=0.15 avg Spam%=3.94 avg Ham%=22.34
FSL_RCVD_UT_4: bad, avg S/O=0.47 avg Spam%=9.36 avg Ham%=10.37
FSL_RCVD_UT_5: bad, avg S/O=0.68 avg Spam%=5.64 avg Ham%=2.63
FSL_RCVD_UT_GT_5: bad, avg S/O=0.25 avg Spam%=2.34 avg Ham%=7.07
FSL_UNDISCLOSED_BULK: bad, avg S/O=0.73 avg Spam%=0.00 avg Ham%=0.00
__FSL_COUNT_EXTERN: bad, avg S/O=0.51 avg Spam%=99.89 avg Ham%=96.10
# used in: FSL_RCVD_EX_0 FSL_RCVD_EX_1 FSL_RCVD_EX_2 FSL_RCVD_EX_3
FSL_RCVD_EX_4 FSL_RCVD_EX_5 FSL_RCVD_EX_GT_5
__FSL_COUNT_TRUST: bad, avg S/O=0.66 avg Spam%=98.33 avg Ham%=51.49
# used in: FSL_NO_RCVD_1 FSL_RCVD_TR_1 FSL_RCVD_TR_2
__FSL_COUNT_UNTRUST: bad, avg S/O=0.51 avg Spam%=99.89 avg Ham%=96.10
# used in: FSL_NO_RCVD_1 FSL_RCVD_UT_1 FSL_RCVD_UT_2 FSL_RCVD_UT_3
FSL_RCVD_UT_4 FSL_RCVD_UT_5 FSL_RCVD_UT_GT_5
__FSL_ENVFROM_AOL: no hits of target type
# used in: FSL_NOT_FROM_AOL
__FSL_ENVFROM_GOOGLE: no hits of target type
# used in: FSL_NOT_FROM_GOOGLE
__FSL_ENVFROM_HOTMAIL: no hits of target type
# used in: FSL_NOT_FROM_HOTMAIL
__FSL_ENVFROM_LIVE: no hits at all
# used in: FSL_NOT_FROM_HOTMAIL
__FSL_ENVFROM_ROCKET: no hits at all
# used in: FSL_NOT_FROM_YAHOO
__FSL_ENVFROM_YAHOO: no hits of target type
# used in: FSL_NOT_FROM_YAHOO
__FSL_ENVFROM_YMAIL: no hits at all
# used in: FSL_NOT_FROM_YAHOO
__FSL_HTML_BLOCKS: bad, avg S/O=0.13 avg Spam%=3.30 avg Ham%=21.28
# used in: FSL_HTML_BLOCK_LOTS_1 FSL_HTML_BLOCK_LOTS_2
FSL_HTML_BLOCK_LOTS_3
__FSL_HTML_ENTITIES: bad, avg S/O=0.53 avg Spam%=73.67 avg Ham%=65.17
# used in: FSL_HTML_ENT_LOTS_1 FSL_HTML_ENT_LOTS_2 FSL_HTML_ENT_LOTS_3
__FSL_RELAY_AOL: bad, avg S/O=0.30 avg Spam%=0.04 avg Ham%=0.09
# used in: FSL_NOT_FROM_AOL
__FSL_RELAY_GOOGLE: bad, avg S/O=0.01 avg Spam%=0.07 avg Ham%=7.32
# used in: TO_IN_SUBJ FSL_NOT_FROM_GOOGLE
__FSL_RELAY_HOTMAIL: bad, avg S/O=0.41 avg Spam%=0.10 avg Ham%=0.15
# used in: FSL_NOT_FROM_HOTMAIL
__FSL_RELAY_YAHOO: bad, avg S/O=0.70 avg Spam%=0.24 avg Ham%=0.10
# used in: FSL_NOT_FROM_YAHOO
rulesrc/sandbox/sidney/70_other.cf (1 rules, 1 bad):
T_UPPERCASE_HTTP: bad, avg S/O=0.15 avg Spam%=0.07 avg Ham%=0.38
rulesrc/sandbox/mmartinec/20_misc.cf (16 rules, 7 bad):
CR_IN_SUBJ: no hits of target type
FROM_UNBAL1: bad, avg S/O=0.36 avg Spam%=0.00 avg Ham%=0.00
LONGLINE: bad, avg S/O=0.06 avg Spam%=0.99 avg Ham%=15.30
RP_8BIT: no hits at all
RP_LASTNAME: no hits at all
RP_MINUS: no hits at all
__LONGLINE: bad, avg S/O=0.06 avg Spam%=0.99 avg Ham%=15.30
# used in: FROM_WORDY_SHORT LONGLINE
rulesrc/sandbox/mkettler/20_drugs.cf (1 rules, 1 bad):
LFUZ_PWRMALE: no hits of target type
rulesrc/sandbox/maddoc/99_fsl_testing.cf (9 rules, 3 bad):
FSL_BOTSPAM_1: no hits at all
FSL_THIS_IS_ADV: bad, avg S/O=0.55 avg Spam%=0.01 avg Ham%=0.01
FSL_YHG_ABUSE: no hits of target type
rulesrc/sandbox/maddoc/99_doc_test.cf (16 rules, 11 bad):
FSL_FAKE_HOTMAIL_RVCD: no hits at all
FSL_FBOOK_PHISH: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.12
FSL_HAS_TINYURL: bad, avg S/O=0.23 avg Spam%=0.02 avg Ham%=0.06
FSL_HELO_DEVICE: bad, avg S/O=0.61 avg Spam%=0.00 avg Ham%=0.00
FSL_HELO_FIREWALL: no hits at all
FSL_HELO_NON_FQDN_1: bad, avg S/O=0.54 avg Spam%=0.30 avg Ham%=0.25
FSL_INTERIA_ABUSE: no hits at all
FSL_MIME_NO_TEXT: bad, avg S/O=0.69 avg Spam%=0.01 avg Ham%=0.01
FSL_STACKED_TEXT: bad, avg S/O=0.63 avg Spam%=0.00 avg Ham%=0.00
__CTYPE_MULTIPART_MIXED: bad, avg S/O=0.34 avg Spam%=2.06 avg Ham%=4.10
# used in: FSL_MIME_NO_TEXT
__TWO_WORD_LINES: bad, avg S/O=0.78 avg Spam%=1.35 avg Ham%=0.38
# used in: FSL_STACKED_TEXT
rulesrc/sandbox/kmcgrail/20_sergio_experimental.cf (15 rules, 11 bad):
SERGIO_SUBJECT_PORN002: no hits at all
SERGIO_SUBJECT_PORN003: no hits at all
SERGIO_SUBJECT_PORN004: no hits at all
SERGIO_SUBJECT_PORN005: no hits at all
SERGIO_SUBJECT_PORN006: no hits of target type
SERGIO_SUBJECT_PORN007: no hits at all
SERGIO_SUBJECT_PORN008: bad, avg S/O=0.50 avg Spam%=0.01 avg Ham%=0.01
SERGIO_SUBJECT_PORN010: no hits at all
SERGIO_SUBJECT_PORN011: no hits at all
SERGIO_SUBJECT_PORN012: no hits at all
SERGIO_SUBJECT_PORN013: no hits at all
rulesrc/sandbox/kmcgrail/20_rules_to_sandbox.cf (3 rules, 1 bad):
US_DOLLARS_3: bad, avg S/O=0.79 avg Spam%=0.27 avg Ham%=0.07
rulesrc/sandbox/kmcgrail/20_needed.cf (1 rules, 1 bad):
__KAM_LOTTO2: bad, avg S/O=0.47 avg Spam%=0.24 avg Ham%=0.27
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
rulesrc/sandbox/kmcgrail/20_mailing_list.cf (1 rules, 1 bad):
AC_HTML_NONSENSE_TAGS: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.01
rulesrc/sandbox/kmcgrail/20_html_tests.cf (1 rules, 1 bad):
KAM_HTML_FONT_INVALID: bad, avg S/O=0.13 avg Spam%=0.95 avg Ham%=6.56
rulesrc/sandbox/kmcgrail/20_freemail.cf (2 rules, 2 bad):
FREEMAIL_FORGED_FROMDOMAIN: bad, avg S/O=0.00 avg Spam%=0.01 avg Ham%=3.47
HEADER_FROM_DIFFERENT_DOMAINS: bad, avg S/O=0.00 avg Spam%=0.06 avg
Ham%=31.20
# used in: FREEMAIL_FORGED_FROMDOMAIN
rulesrc/sandbox/kmcgrail/20_dfs_experimental.cf (1 rules, 1 bad):
DSN_NO_MIMEVERSION: bad, avg S/O=0.39 avg Spam%=0.49 avg Ham%=0.77
rulesrc/sandbox/kmcgrail/20_demoted_tests.cf (1 rules, 1 bad):
MSGID_MULTIPLE_AT: bad, avg S/O=0.13 avg Spam%=0.00 avg Ham%=0.03
rulesrc/sandbox/kmcgrail/20_darxus_experimental.cf (3 rules, 3 bad):
COMPUTERS_JEWELRY: no hits at all
SPOOFED_URL_HOST: bad, avg S/O=0.39 avg Spam%=0.20 avg Ham%=0.32
__SPOOFED_URL_HOST: bad, avg S/O=0.09 avg Spam%=0.40 avg Ham%=3.95
# used in: SPOOFED_URL_HOST
rulesrc/sandbox/kmcgrail/20_bug_7068.cf (2 rules, 2 bad):
PP_TOO_MUCH_UNICODE02: no hits at all
PP_TOO_MUCH_UNICODE05: no hits at all
rulesrc/sandbox/kmcgrail/20_bug_7063.cf (1 rules, 1 bad):
PP_MIME_FAKE_ASCII_TEXT: bad, avg S/O=0.16 avg Spam%=0.17 avg Ham%=0.89
rulesrc/sandbox/kmcgrail/20_body_tests.cf (4 rules, 1 bad):
__KAM_BODY_LENGTH_LT_1024: bad, avg S/O=0.64 avg Spam%=12.38 avg Ham%=7.03
# used in: LONG_HEX_URI
rulesrc/sandbox/kmcgrail/20_ac_rules_test.cf (28 rules, 27 bad):
AC_BR_BONANZA: bad, avg S/O=0.72 avg Spam%=0.06 avg Ham%=0.03
AC_DIV_BONANZA: bad, avg S/O=0.10 avg Spam%=0.02 avg Ham%=0.20
AC_SPAMMY_URI_PATTERNS1: no hits at all
AC_SPAMMY_URI_PATTERNS10: no hits at all
AC_SPAMMY_URI_PATTERNS11: no hits at all
AC_SPAMMY_URI_PATTERNS12: no hits at all
AC_SPAMMY_URI_PATTERNS2: no hits at all
AC_SPAMMY_URI_PATTERNS3: no hits at all
AC_SPAMMY_URI_PATTERNS4: no hits at all
AC_SPAMMY_URI_PATTERNS8: no hits at all
AC_SPAMMY_URI_PATTERNS9: no hits at all
__AC_1SEQC_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS9
__AC_1SEQV_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS9
__AC_LAND_URI: no hits of target type
# used in: AC_SPAMMY_URI_PATTERNS2
__AC_LONGSEQ_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS8
__AC_MHDSEQ_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS12
__AC_NDOMLONGNASPX_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS11
__AC_NUMS_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS4
__AC_OUTI_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS1
__AC_OUTL_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS1
__AC_PHPOFFSUB_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS3
__AC_PHPOFFTOP_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS3
__AC_PUNCTNUMS_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS10
__AC_REPORT_URI: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.02
# used in: AC_SPAMMY_URI_PATTERNS2
__AC_RMOVE_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS9
__AC_UHDSEQ_URI: no hits at all
# used in: AC_SPAMMY_URI_PATTERNS12
__AC_UNSUB_URI: bad, avg S/O=0.24 avg Spam%=0.05 avg Ham%=0.17
# used in: AC_SPAMMY_URI_PATTERNS2
rulesrc/sandbox/khopesh/20_s25r.cf (12 rules, 10 bad):
KHOP_BOTNET_4: bad, avg S/O=0.66 avg Spam%=1.34 avg Ham%=0.69
KHOP_BOTNET_7: bad, avg S/O=0.67 avg Spam%=1.02 avg Ham%=0.51
KHOP_BOTNET_9: bad, avg S/O=0.67 avg Spam%=1.02 avg Ham%=0.51
KHOP_BOTNET_UNCLEAN: bad, avg S/O=0.67 avg Spam%=1.07 avg Ham%=0.54
S25R: bad, avg S/O=0.14 avg Spam%=3.24 avg Ham%=19.16
S25R_1: bad, avg S/O=0.21 avg Spam%=0.35 avg Ham%=1.27
S25R_2: bad, avg S/O=0.02 avg Spam%=0.17 avg Ham%=7.78
S25R_3: bad, avg S/O=0.60 avg Spam%=0.05 avg Ham%=0.03
S25R_4: bad, avg S/O=0.73 avg Spam%=0.03 avg Ham%=0.01
S25R_5: bad, avg S/O=0.20 avg Spam%=0.03 avg Ham%=0.11
rulesrc/sandbox/khopesh/20_neon_overload.cf (9 rules, 8 bad):
KHOP_JS_OBFUSCATION: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.01
TR_FILLER_TEXT: no hits of target type
TR_JS_FROMCHARCODE: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.04
TR_JS_REDIRECTION_0: no hits of target type
TR_JS_REDIRECTION_1: bad, avg S/O=0.40 avg Spam%=0.00 avg Ham%=0.00
TR_JS_REDIRECTION_2: bad, avg S/O=0.29 avg Spam%=0.00 avg Ham%=0.00
__TR_JS_CONCATINATED_HTTP: no hits at all
# used in: KHOP_JS_OBFUSCATION
__TR_JS_EXTRA_CONCAT: bad, avg S/O=0.14 avg Spam%=0.00 avg Ham%=0.01
# used in: KHOP_JS_OBFUSCATION
rulesrc/sandbox/khopesh/20_khop_lists.cf (17 rules, 5 bad):
KHOP_UNSUB_EMAIL: bad, avg S/O=0.63 avg Spam%=0.00 avg Ham%=0.00
KHOP_UNSUB_LINK: no hits at all
__FROM_INFO: bad, avg S/O=0.21 avg Spam%=0.05 avg Ham%=0.21
# used in: LIST_PRTL_SAME_USER TEQF_USR_MSGID_HEX
__UNSUB_MAILTO: bad, avg S/O=0.40 avg Spam%=0.04 avg Ham%=0.03
# used in: KHOP_UNSUB_EMAIL
__VACATION: bad, avg S/O=0.25 avg Spam%=0.68 avg Ham%=0.23
# used in: KHOP_UNSUB_LINK
rulesrc/sandbox/khopesh/20_khop_general.cf (8 rules, 7 bad):
DEAR_EMAIL: bad, avg S/O=0.78 avg Spam%=0.04 avg Ham%=0.01
FORGED_URL_DOM: bad, avg S/O=0.20 avg Spam%=0.06 avg Ham%=0.22
FROM_WWW: bad, avg S/O=0.44 avg Spam%=0.01 avg Ham%=0.01
MAY_BE_FORGED: bad, avg S/O=0.45 avg Spam%=0.56 avg Ham%=0.69
__FORGED_URL_DOM_1: bad, avg S/O=0.19 avg Spam%=0.02 avg Ham%=0.09
# used in: FORGED_URL_DOM
__FORGED_URL_DOM_2: bad, avg S/O=0.21 avg Spam%=0.06 avg Ham%=0.22
# used in: FORGED_URL_DOM
__MAY_BE_FORGED: bad, avg S/O=0.34 avg Spam%=0.57 avg Ham%=1.08
# used in: KHOP_BOTNET_9 KHOP_BOTNET_UNCLEAN MAY_BE_FORGED S25R
rulesrc/sandbox/khopesh/20_khop_experimental.cf (70 rules, 50 bad):
ADV_SUBJ: no hits at all
BOTNET_NOPLUGIN: no hits at all
BOTNET_OCNNEJP: no hits at all
BOTNET_SHAWCABLE: no hits at all
DKIM_INVALID: bad, avg S/O=0.12 avg Spam%=9.31 avg Ham%=69.35
FORGED_HOTMAIL_RCVD3: no hits at all
FORGED_SPF_HELO: no hits of target type
FROM_2_EMAILS: bad, avg S/O=0.70 avg Spam%=3.34 avg Ham%=1.46
HELO_NO_DOMAIN: bad, avg S/O=0.30 avg Spam%=0.11 avg Ham%=0.26
KHOP_FAKE_EBAY: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.03
KHOP_FROM_WWW: bad, avg S/O=0.18 avg Spam%=0.16 avg Ham%=0.71
KHOP_HELO_AS_VICTIM: bad, avg S/O=0.50 avg Spam%=0.00 avg Ham%=0.00
KHOP_HELO_FCRDNS: bad, avg S/O=0.39 avg Spam%=3.30 avg Ham%=5.13
MALFORMED_FREEMAIL: bad, avg S/O=0.73 avg Spam%=0.32 avg Ham%=0.12
REMOTE_IMAGE: bad, avg S/O=0.56 avg Spam%=4.17 avg Ham%=3.33
SHORTENED_URL_HREF: bad, avg S/O=0.71 avg Spam%=1.21 avg Ham%=0.49
SHORT_URL: bad, avg S/O=0.10 avg Spam%=0.06 avg Ham%=0.54
SPOOFED_URL: bad, avg S/O=0.31 avg Spam%=0.26 avg Ham%=0.57
SUBJ_ALL_CAPS2: no hits at all
SUBJ_ALL_CAPS3: no hits at all
SUBJ_LACKS_WORDS: bad, avg S/O=0.60 avg Spam%=2.90 avg Ham%=1.90
UPPERCASE_URI: bad, avg S/O=0.09 avg Spam%=0.70 avg Ham%=6.79
URI_HIDDEN: bad, avg S/O=0.30 avg Spam%=0.15 avg Ham%=0.33
URL_SHORTENER: bad, avg S/O=0.72 avg Spam%=3.48 avg Ham%=1.35
__BOTNET_CLIENT1: no hits at all
# used in: BOTNET_NOPLUGIN
__BOTNET_CLIENT2: no hits at all
# used in: BOTNET_NOPLUGIN
__BOTNET_NOTRUST: bad, avg S/O=0.03 avg Spam%=1.67 avg Ham%=48.51
# used in: BOTNET_OCNNEJP BOTNET_SHAWCABLE KHOP_HELO_AS_VICTIM
__BOTNET_OCNNEJP: no hits at all
# used in: BOTNET_OCNNEJP
__BOTNET_SERVER: no hits at all
# used in: BOTNET_NOPLUGIN
__EBAY_ADDRESS: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.03
# used in: KHOP_FAKE_EBAY
__FROM_WEB_DAEMON: bad, avg S/O=0.23 avg Spam%=0.30 avg Ham%=0.99
# used in: KHOP_FROM_WWW
__HELO_AS_VICTIM: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.13
# used in: KHOP_HELO_AS_VICTIM
__HELO_NOT_RDNS: bad, avg S/O=0.35 avg Spam%=3.79 avg Ham%=7.00
# used in: FORGED_SPF_HELO KHOP_HELO_FCRDNS
__HOTMAIL_HELO: bad, avg S/O=0.60 avg Spam%=0.02 avg Ham%=0.03
# used in: FORGED_HOTMAIL_RCVD3
__RDNS_IS_WWW: bad, avg S/O=0.09 avg Spam%=0.05 avg Ham%=0.53
# used in: KHOP_FROM_WWW
__RDNS_SHORT: bad, avg S/O=0.05 avg Spam%=1.57 avg Ham%=30.19
# used in: KHOP_HELO_FCRDNS
__RELAY_THRU_WWW: bad, avg S/O=0.18 avg Spam%=0.15 avg Ham%=0.70
# used in: KHOP_FROM_WWW
__REMOTE_IMAGE: bad, avg S/O=0.56 avg Spam%=4.17 avg Ham%=3.33
# used in: REMOTE_IMAGE URI_PHISH
__SHORT_URL: bad, avg S/O=0.77 avg Spam%=3.45 avg Ham%=1.06
# used in: SHORT_URL
__SPOOFED_URL: bad, avg S/O=0.12 avg Spam%=0.61 avg Ham%=4.53
# used in: SPOOFED_URL
__SUBJ_2UPPER: bad, avg S/O=0.48 avg Spam%=78.89 avg Ham%=84.88
# used in: SUBJ_ALL_CAPS2 SUBJ_ALL_CAPS3
__SUBJ_4LOWER: bad, avg S/O=0.49 avg Spam%=95.07 avg Ham%=98.37
# used in: SUBJ_ALL_CAPS2 SUBJ_ALL_CAPS3
__SUBJ_HAS_WORDS: bad, avg S/O=0.49 avg Spam%=95.35 avg Ham%=97.40
# used in: SUBJ_LACKS_WORDS
__SUBJ_IMPORTANT: bad, avg S/O=0.28 avg Spam%=0.05 avg Ham%=0.13
# used in: SUBJ_ALL_CAPS3
__SUBJ_NOT_SHORT: bad, avg S/O=0.47 avg Spam%=87.33 avg Ham%=96.59
# used in: SUBJ_LACKS_WORDS
__SUBJ_SHORT: bad, avg S/O=0.79 avg Spam%=2.09 avg Ham%=0.55
# used in: SUBJ_ALL_CAPS2 SUBJ_ALL_CAPS3
__TO_EQ_FROM_USR_2: bad, avg S/O=0.48 avg Spam%=0.51 avg Ham%=0.55
# used in: LIST_PRTL_SAME_USER __LIST_PRTL_SAME_USER
__TO_EQ_FROM_USR_NN_2: bad, avg S/O=0.47 avg Spam%=0.48 avg Ham%=0.55
# used in: TEQF_USR_MSGID_HEX
__TO_EQ_FROM_USR_NN_MINFP: bad, avg S/O=0.23 avg Spam%=0.00 avg Ham%=0.00
# used in: TEQF_USR_MSGID_HEX
__URL_SHORTENER: bad, avg S/O=0.72 avg Spam%=3.48 avg Ham%=1.35
# used in: SHORT_URL SPOOFED_URL SPOOFED_URL_HOST URL_SHORTENER
rulesrc/sandbox/khopesh/20_khop_dynamic.cf (13 rules, 4 bad):
__S25R_1: bad, avg S/O=0.16 avg Spam%=2.09 avg Ham%=10.78
# used in: KHOP_BOTNET_4 KHOP_BOTNET_7 KHOP_BOTNET_9 KHOP_BOTNET_UNCLEAN
S25R S25R_1 S25R_2 S25R_3 S25R_4 S25R_5
__S25R_2: bad, avg S/O=0.03 avg Spam%=0.23 avg Ham%=7.81
# used in: KHOP_BOTNET_4 KHOP_BOTNET_7 KHOP_BOTNET_9 KHOP_BOTNET_UNCLEAN
S25R S25R_1 S25R_2 S25R_3 S25R_4 S25R_5
__S25R_3: bad, avg S/O=0.75 avg Spam%=0.91 avg Ham%=0.30
# used in: KHOP_BOTNET_4 KHOP_BOTNET_7 KHOP_BOTNET_9 KHOP_BOTNET_UNCLEAN
S25R S25R_1 S25R_2 S25R_3 S25R_4 S25R_5
__S25R_5: bad, avg S/O=0.54 avg Spam%=0.30 avg Ham%=0.26
# used in: KHOP_BOTNET_4 KHOP_BOTNET_7 KHOP_BOTNET_9 KHOP_BOTNET_UNCLEAN
S25R S25R_1 S25R_2 S25R_3 S25R_4 S25R_5
rulesrc/sandbox/kb/75_de.cf (1 rules, 1 bad):
FROM_ADDR_BCDE: no hits at all
rulesrc/sandbox/kb/70_misc.cf (22 rules, 16 bad):
KB_CTYPE_SPACE: no hits at all
KB_CTYPE_SP_MOZ: no hits at all
KB_FORGED_MOZ4: no hits at all
LIVEFILESTORE_HTML: no hits at all
OPERA_MID_NON_OP: no hits at all
OPERA_MID_NO_DIGIT: no hits at all
PQRTW_4: no hits at all
THEBAT_UNREG: no hits at all
__HAS_THREAD_INDEX: bad, avg S/O=0.79 avg Spam%=16.15 avg Ham%=4.40
# used in: STOCK_LOW_CONTRAST TO_EQ_FM_DOM_HTML_IMG
__KB_UA_MOZ: bad, avg S/O=0.62 avg Spam%=8.61 avg Ham%=5.31
# used in: KB_CTYPE_SP_MOZ
__OPERA_MID_NON_OP: bad, avg S/O=0.05 avg Spam%=0.17 avg Ham%=3.34
# used in: OPERA_MID_NON_OP
__OPERA_MID_NO_DIGIT: bad, avg S/O=0.72 avg Spam%=0.08 avg Ham%=0.03
# used in: OPERA_MID_NO_DIGIT
__OPERA_MUA: bad, avg S/O=0.49 avg Spam%=0.01 avg Ham%=0.01
# used in: OPERA_MID_NON_OP OPERA_MID_NO_DIGIT
__PQRTW_4_A: no hits at all
# used in: PQRTW_4
__PQRTW_4_SPAN: no hits at all
# used in: PQRTW_4
__THREAD_INDEX_GOOD: bad, avg S/O=0.40 avg Spam%=1.38 avg Ham%=2.08
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM TO_IN_SUBJ
rulesrc/sandbox/kb/20_header.cf (6 rules, 4 bad):
FORGED_RELAY_MUA_TO_MX: bad, avg S/O=0.09 avg Spam%=0.01 avg Ham%=0.09
KB_DATE_CONTAINS_TAB: no hits at all
KB_FAKED_THE_BAT: no hits at all
__KB_DATE_CONTAINS_TAB: no hits at all
# used in: KB_DATE_CONTAINS_TAB KB_FAKED_THE_BAT
rulesrc/sandbox/jquinn/20_misc.cf (3 rules, 3 bad):
EXCUSE_24: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.36
USING_VERP: bad, avg S/O=0.01 avg Spam%=0.13 avg Ham%=8.74
__USING_VERP1: bad, avg S/O=0.01 avg Spam%=0.14 avg Ham%=25.11
# used in: FROM_WORDY_SHORT FROM_WORDY_SHORT USING_VERP
rulesrc/sandbox/jm/70_tt_drugs.cf (12 rules, 9 bad):
TT_OBSCURED_VALIUM: no hits at all
TT_OBSCURED_VIAGRA: no hits at all
TT_OBSCURED_XANAX: no hits at all
__TT_BROKEN_VALIUM: no hits at all
# used in: TT_OBSCURED_VALIUM
__TT_BROKEN_XANAX: no hits at all
# used in: TT_OBSCURED_XANAX
__TT_OBSCURED_VALIUM: no hits at all
# used in: TT_OBSCURED_VALIUM
__TT_OBSCURED_XANAX: no hits at all
# used in: TT_OBSCURED_XANAX
__TT_VALIUM: no hits at all
# used in: TT_OBSCURED_VALIUM
__TT_XANAX: no hits at all
# used in: TT_OBSCURED_XANAX
rulesrc/sandbox/jm/20_basic.cf (94 rules, 50 bad):
BBC_RCVD_NCHAR_RAW: no hits at all
CARD_DIRECT_WWW_ADDRESS: no hits at all
CTYPE_001C_B: bad, avg S/O=0.38 avg Spam%=0.00 avg Ham%=0.01
CURR_PRICE: no hits at all
DRUGS_STOCK_MIMEOLE: no hits at all
DUH_DIKSBJ: no hits at all
DVLABS_GOZI_PDF: no hits at all
DYN_RDNS_AND_INLINE_IMAGE: bad, avg S/O=0.24 avg Spam%=0.00 avg Ham%=0.01
HDR_ORDER_FTSDMCXX_001C: no hits at all
HDR_ORDER_FTSDMCXX_BAT: no hits at all
IMG_CID_PART1: no hits at all
JM_0800_GMT: no hits at all
JM_EXIM_462: no hits at all
JM_GMT_RCVD: no hits at all
JM_HOODIA: no hits at all
JM_NICE_GIRL: no hits at all
JM_REACTOR_MAILER: no hits at all
JM_REMOVE_FROM_URL: no hits at all
LOLLY_419: no hits at all
L_SPAM_TOOL_13: no hits at all
MSNBC_HDR_ORDER: no hits at all
MSNBC_MESSAGEGUID: no hits at all
MSNBC_THREAD_INDEX: bad, avg S/O=0.38 avg Spam%=0.07 avg Ham%=0.12
PART_CID_STOCK_LESS: no hits at all
PR_TD_NOWRAP_BAT: no hits at all
RCVD_FORGED_WROTE: no hits at all
RCVD_MAIL_COM: no hits at all
SB_GIF_AND_NO_URIS: bad, avg S/O=0.77 avg Spam%=0.00 avg Ham%=0.00
STOCK_IMG_CTYPE: no hits at all
STOCK_IMG_HDR_FROM: no hits at all
STOCK_IMG_HTML: no hits at all
STOCK_IMG_OUTLOOK: no hits at all
STOX_META_5: no hits at all
STOX_UA: no hits at all
TEMPLATE_203_RCVD: no hits at all
T_CN_URL: bad, avg S/O=0.42 avg Spam%=0.10 avg Ham%=0.14
__CARD_DIRECT_WWW_ADDRESS: no hits at all
# used in: CARD_DIRECT_WWW_ADDRESS
__HAS_ANY_EMAIL: bad, avg S/O=0.17 avg Spam%=11.79 avg Ham%=56.57
# used in: SB_GIF_AND_NO_URIS
__HAS_ANY_URI: bad, avg S/O=0.50 avg Spam%=97.15 avg Ham%=96.49
# used in: SB_GIF_AND_NO_URIS URI_ONLY_LOW_CONTRAST URI_PHISH
__HELO_NO_DOMAIN: bad, avg S/O=0.54 avg Spam%=0.30 avg Ham%=0.26
# used in: HELO_NO_DOMAIN
__HS_SUBJ_RE_FW: bad, avg S/O=0.23 avg Spam%=3.54 avg Ham%=11.99
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT TO_IN_SUBJ
__JM_REACTOR_DATE: bad, avg S/O=0.25 avg Spam%=7.40 avg Ham%=21.90
# used in: JM_REACTOR_MAILER MANY_SUBDOM
__JM_REACTOR_MID: bad, avg S/O=0.68 avg Spam%=0.11 avg Ham%=0.05
# used in: JM_REACTOR_MAILER
__LEGIT_MARLO_CARD: no hits at all
# used in: CARD_DIRECT_WWW_ADDRESS
__MID_START_001C: no hits of target type
# used in: HDR_ORDER_FTSDMCXX_001C
__MSNBC_NOT_EXCH: bad, avg S/O=0.36 avg Spam%=0.04 avg Ham%=0.07
# used in: MSNBC_THREAD_INDEX
__MSNBC_THREAD_INDEX: bad, avg S/O=0.35 avg Spam%=0.07 avg Ham%=0.14
# used in: MSNBC_THREAD_INDEX
__NAKED_TO: bad, avg S/O=0.16 avg Spam%=10.51 avg Ham%=55.20
# used in: DOS_DEREK_AUG08
__PR_TD_NOWRAP: bad, avg S/O=0.08 avg Spam%=0.00 avg Ham%=0.02
# used in: PR_TD_NOWRAP_BAT
__REPLYTO_EXISTS: bad, avg S/O=0.20 avg Spam%=15.21 avg Ham%=60.94
# used in: LUCRATIVE IRS_SPOOF __IRS_SPOOF
rulesrc/sandbox/jhardin/20_uri_obfu_ws.cf (5 rules, 1 bad):
URI_OBFU_PROTO: no hits at all
rulesrc/sandbox/jhardin/20_thirdparty.cf (5 rules, 4 bad):
DX_TEXT_01: no hits at all
DX_TEXT_02: no hits at all
DX_TEXT_04: no hits at all
DX_TEXT_05: no hits at all
rulesrc/sandbox/jhardin/20_tbird_image_spam.cf (27 rules, 8 bad):
FORGED_TBIRD_IMG_ARROW: no hits of target type
FORGED_TBIRD_IMG_SIZE: no hits at all
FORGED_TBIRD_IMG_TO_MX: no hits at all
__FORGED_TBIRD_IMG: no hits of target type
# used in: FORGED_TBIRD_IMG_ARROW FORGED_TBIRD_IMG_SIZE
FORGED_TBIRD_IMG_TO_MX
__IMG_LE_300K: bad, avg S/O=0.20 avg Spam%=0.45 avg Ham%=1.73
# used in: FORGED_TBIRD_IMG_SIZE
__MUA_TBIRD: bad, avg S/O=0.63 avg Spam%=8.75 avg Ham%=5.14
# used in: FORGED_TBIRD_IMG_ARROW FORGED_TBIRD_IMG_SIZE
FORGED_TBIRD_IMG_TO_MX __FORGED_TBIRD_IMG
__ONE_IMG: bad, avg S/O=0.50 avg Spam%=0.88 avg Ham%=0.87
# used in: FORGED_TBIRD_IMG_SIZE
__TO_NO_ARROWS_R: bad, avg S/O=0.22 avg Spam%=15.64 avg Ham%=55.91
# used in: FROM_WORDY_SHORT FROM_WORDY_SHORT FORGED_TBIRD_IMG_ARROW
rulesrc/sandbox/jhardin/20_shared_subrules.cf (3 rules, 3 bad):
SPOOFED_FREEMAIL: bad, avg S/O=0.52 avg Spam%=3.14 avg Ham%=2.90
__BUGGED_IMG: bad, avg S/O=0.11 avg Spam%=7.95 avg Ham%=64.07
# used in: LIST_PRTL_SAME_USER STOCK_LOW_CONTRAST FROM_MISSP_EH_MATCH
LIST_PARTIAL TO_EQ_FM_DOM_HTML_ONLY
__SPOOFED_FREEMAIL: bad, avg S/O=0.39 avg Spam%=3.24 avg Ham%=5.05
# used in: SPOOFED_FREEMAIL
rulesrc/sandbox/jhardin/20_postcards.cf (16 rules, 12 bad):
EXECUTABLE_URI: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.06
POSTCARD_01: no hits at all
POSTCARD_02: no hits at all
POSTCARD_03: bad, avg S/O=0.67 avg Spam%=0.00 avg Ham%=0.00
POSTCARD_04: no hits at all
POSTCARD_05: no hits of target type
POSTCARD_06: no hits at all
POSTCARD_07: no hits at all
POSTCARD_08: no hits at all
POSTCARD_DQ: no hits at all
__EXECUTABLE_URI: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.06
# used in: EXECUTABLE_URI
__POSTCARD_HALLMARK_01: no hits at all
# used in: POSTCARD_DQ
rulesrc/sandbox/jhardin/20_misc_testing.cf (609 rules, 213 bad):
ACH_CANCELLED_EXE: no hits at all
AD_COMPLAINTS: no hits at all
AD_PREFS: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.00
BILL_1618: no hits at all
CALL_SKYPE: no hits at all
CAN_SPAM_HDR: no hits at all
DATE_DOTS: bad, avg S/O=0.59 avg Spam%=0.01 avg Ham%=0.01
DG_SPAMMER_EMAIL_F: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.06
DQ_URI_DOM_IN_PATH: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.06
END_FUTURE_EMAILS: bad, avg S/O=0.31 avg Spam%=0.27 avg Ham%=0.61
ES_LIC_FROM_INFO: no hits at all
FREEMAIL_DOC_PDF: bad, avg S/O=0.77 avg Spam%=0.10 avg Ham%=0.03
FROM_IN_TO_AND_SUBJ: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.22
FROM_MISSP_EH_MATCH: bad, avg S/O=0.57 avg Spam%=0.01 avg Ham%=0.01
FROM_URI: bad, avg S/O=0.43 avg Spam%=0.01 avg Ham%=0.01
FROM_WORDY_SHORT: no hits at all
FUZZY_BROWSER: no hits at all
FUZZY_CLICK_HERE: no hits at all
FUZZY_DR_OZ: no hits at all
FUZZY_IMPORTANT: no hits at all
FUZZY_PRIVACY: no hits at all
FUZZY_PROMOTION: no hits at all
FUZZY_SAVINGS: no hits at all
FUZZY_SECURITY: no hits of target type
FUZZY_UNSUBSCRIBE: no hits at all
GAPPY_GENITALIA: no hits at all
GAPPY_LOW_CONTRAST: bad, avg S/O=0.61 avg Spam%=0.01 avg Ham%=0.01
GAPPY_PHONE_NA: no hits at all
GAPPY_PILLS: no hits at all
HACKED_PHP_URI: no hits at all
HDRS_LCASE_IMGONLY: bad, avg S/O=0.69 avg Spam%=0.01 avg Ham%=0.01
HDR_CASE_REV_ENC: no hits of target type
HDR_CASE_REV_HELO_IP: no hits at all
HDR_CASE_REV_MANY: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.10
HTML_ATTACH: bad, avg S/O=0.76 avg Spam%=0.07 avg Ham%=0.02
IMAGESHACK_URI: bad, avg S/O=0.17 avg Spam%=0.00 avg Ham%=0.02
IRS_SPOOF: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.29
LARGE_PCT_AFTER_MANY: no hits at all
LAZY_LISTWASHING: bad, avg S/O=0.75 avg Spam%=0.00 avg Ham%=0.00
LH_URI_DOM_IN_PATH: bad, avg S/O=0.19 avg Spam%=0.15 avg Ham%=0.62
LIST_PARTIAL: bad, avg S/O=0.51 avg Spam%=0.20 avg Ham%=0.19
LIST_PRTL_PUMPDUMP: no hits at all
LIST_PRTL_SAME_USER: bad, avg S/O=0.06 avg Spam%=0.00 avg Ham%=0.03
LONG_HEX_URI: bad, avg S/O=0.44 avg Spam%=0.01 avg Ham%=0.01
LONG_IMG_URI: bad, avg S/O=0.16 avg Spam%=0.01 avg Ham%=0.07
MALWARE_HACKED_URI: no hits at all
MANY_APPARENTLY_TO: no hits at all
MANY_PILL_PRICE: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.00
MANY_SPAN_IN_TEXT: bad, avg S/O=0.76 avg Spam%=0.01 avg Ham%=0.00
MANY_SUBDOM: bad, avg S/O=0.74 avg Spam%=0.01 avg Ham%=0.00
MONEY_12LTRDOM: bad, avg S/O=0.32 avg Spam%=0.01 avg Ham%=0.03
NSL_TO_ENDS_COMMA: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.02
OBFU_GIF_ATTACH: bad, avg S/O=0.57 avg Spam%=0.00 avg Ham%=0.00
OBFU_HTML_ATT_MALW: no hits at all
OBFU_JVSCR_ESC: no hits at all
OBFU_PDF_ATTACH: bad, avg S/O=0.58 avg Spam%=0.13 avg Ham%=0.09
ORS: no hits at all
PHP_ORIG_SCRIPT: bad, avg S/O=0.57 avg Spam%=0.02 avg Ham%=0.01
PUMPDUMP: bad, avg S/O=0.77 avg Spam%=0.00 avg Ham%=0.00
PUMPDUMP_MULTI: no hits at all
# used in: PUMPDUMP
PUMPDUMP_TIP: no hits at all
RAND_HEADER_MANY: no hits at all
RCVD_DBL_DQ: no hits at all
RDNS_LOCALHOST: no hits at all
RPT_SPAM_HDR: no hits at all
SCANNED_EXTERNAL: bad, avg S/O=0.19 avg Spam%=0.01 avg Ham%=0.05
SCRIPT_GIBBERISH: no hits of target type
SOLICIT_BIZ: no hits at all
SPAMMY_MIME_BDRY_01: no hits at all
SPELLED_OUT_NUMBER: no hits at all
STOCK_LOW_CONTRAST: bad, avg S/O=0.73 avg Spam%=0.03 avg Ham%=0.01
STOCK_TIP: no hits at all
SUBJ_OBFU_PUNCT_FEW: bad, avg S/O=0.31 avg Spam%=0.66 avg Ham%=1.45
SUBJ_OBFU_PUNCT_MANY: bad, avg S/O=0.55 avg Spam%=0.32 avg Ham%=0.26
SUBJ_ODD_CASE: no hits at all
TEQF_USR_MSGID_HEX: no hits at all
THIS_AD: bad, avg S/O=0.68 avg Spam%=0.17 avg Ham%=0.08
TINY_FLOAT: bad, avg S/O=0.50 avg Spam%=0.00 avg Ham%=0.00
TO_EQ_FM_DOM_HTML_IMG: bad, avg S/O=0.15 avg Spam%=0.01 avg Ham%=0.03
TO_EQ_FM_DOM_HTML_ONLY: bad, avg S/O=0.51 avg Spam%=0.03 avg Ham%=0.03
TO_EQ_FM_HTML_ONLY: bad, avg S/O=0.43 avg Spam%=0.02 avg Ham%=0.03
TO_IN_SUBJ: bad, avg S/O=0.72 avg Spam%=0.13 avg Ham%=0.05
TO_JOHNZY: no hits at all
TO_SEM_SEM: no hits at all
TW_GIBBERISH_MANY: no hits at all
UNSUBSCRIBE_ES: no hits at all
UNSUBSCRIBE_PT: no hits at all
URI_1234: no hits of target type
URI_DATA: no hits at all
URI_DBL_INDIR: bad, avg S/O=0.06 avg Spam%=0.02 avg Ham%=0.36
URI_DOTDOT_LOW_CNTRST: no hits of target type
URI_HIDDEN_2: bad, avg S/O=0.54 avg Spam%=0.13 avg Ham%=0.11
URI_MALWARE_BH: bad, avg S/O=0.47 avg Spam%=0.03 avg Ham%=0.03
URI_MALWARE_CWALL: no hits at all
URI_NUMERIC_CCTLD: no hits at all
URI_OBFU_DOM: bad, avg S/O=0.10 avg Spam%=0.01 avg Ham%=0.06
URI_ONLY_LOW_CONTRAST: bad, avg S/O=0.64 avg Spam%=0.01 avg Ham%=0.00
URI_OPTOUT_3LD: bad, avg S/O=0.67 avg Spam%=0.00 avg Ham%=0.00
URI_PHISH: bad, avg S/O=0.76 avg Spam%=0.02 avg Ham%=0.01
URI_TRPL_INDIR: bad, avg S/O=0.38 avg Spam%=0.01 avg Ham%=0.01
URI_TRY_3LD: bad, avg S/O=0.09 avg Spam%=0.05 avg Ham%=0.49
__128_HEX_URI: bad, avg S/O=0.44 avg Spam%=0.01 avg Ham%=0.01
# used in: LONG_HEX_URI
__45_ALNUM_IMG: bad, avg S/O=0.15 avg Spam%=0.01 avg Ham%=0.07
# used in: LONG_IMG_URI
__ACCESS_RESTORE: bad, avg S/O=0.69 avg Spam%=0.00 avg Ham%=0.00
# used in: URI_PHISH URI_PHISH
__ACCESS_SUSPENDED: no hits at all
# used in: URI_PHISH URI_PHISH
__ACCOUNT_ERROR: no hits at all
# used in: URI_PHISH URI_PHISH
__ACCOUNT_REACTIV: bad, avg S/O=0.62 avg Spam%=0.01 avg Ham%=0.01
# used in: URI_PHISH URI_PHISH
__ACH_CANCELLED_03: no hits at all
# used in: ACH_CANCELLED_EXE
__ACH_CANCELLED_04: no hits at all
# used in: ACH_CANCELLED_EXE
__ACH_CANCELLED_EXE: no hits at all
# used in: ACH_CANCELLED_EXE
__AMADEUSMS_MUA: no hits at all
# used in: FROM_MISSP_EH_MATCH
__BODY_TEXT_LINE: bad, avg S/O=0.50 avg Spam%=99.99 avg Ham%=100.00
# used in: URI_ONLY_LOW_CONTRAST
__BODY_XHTML: no hits at all
# used in: SCRIPT_GIBBERISH
__CAN_HELP: bad, avg S/O=0.21 avg Spam%=0.57 avg Ham%=2.17
# used in: URI_PHISH
__CLEAN_MAILBOX: no hits at all
# used in: URI_PHISH
__CR_IN_SUBJ: no hits of target type
# used in: THIS_AD
__CT_ENCRYPTED: no hits of target type
# used in: FROM_WORDY_SHORT MIME_NO_TEXT MIME_PHP_NO_TEXT
__EMAIL_PHISH: bad, avg S/O=0.45 avg Spam%=0.03 avg Ham%=0.03
# used in: URI_PHISH
__END_FUTURE_EMAILS: bad, avg S/O=0.30 avg Spam%=0.29 avg Ham%=0.68
# used in: END_FUTURE_EMAILS
__FAILED_LOGINS: no hits of target type
# used in: URI_PHISH URI_PHISH
__FB_COST: bad, avg S/O=0.19 avg Spam%=1.01 avg Ham%=4.35
# used in: URI_PHISH
__FB_S_STOCK: bad, avg S/O=0.17 avg Spam%=1.20 avg Ham%=5.70
# used in: STOCK_LOW_CONTRAST
__FREEMAIL_DOC_PDF: bad, avg S/O=0.77 avg Spam%=0.10 avg Ham%=0.03
# used in: FREEMAIL_DOC_PDF
__FROM_12LTRDOM_1: bad, avg S/O=0.50 avg Spam%=2.21 avg Ham%=2.18
# used in: MONEY_12LTRDOM
__FROM_LOWER: bad, avg S/O=0.17 avg Spam%=0.34 avg Ham%=1.69
# used in: TO_EQ_FM_DOM_HTML_ONLY TO_EQ_FM_HTML_ONLY
__FROM_MISSP_EH_MATCH: bad, avg S/O=0.56 avg Spam%=0.02 avg Ham%=0.01
# used in: FROM_MISSP_EH_MATCH
__FROM_URI_1: bad, avg S/O=0.40 avg Spam%=0.01 avg Ham%=0.01
# used in: FROM_URI
__FROM_WORDY: bad, avg S/O=0.27 avg Spam%=0.22 avg Ham%=0.61
# used in: FROM_WORDY_SHORT
__FROM_WORDY_3: bad, avg S/O=0.73 avg Spam%=0.02 avg Ham%=0.01
# used in: FROM_WORDY_SHORT
__FS_SUBJ_RE: bad, avg S/O=0.04 avg Spam%=0.43 avg Ham%=10.61
# used in: SPOOFED_FREEMAIL
__FUZZY_DR_OZ: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.00
# used in: FUZZY_DR_OZ
__GAPPY_PHONE_NA: no hits at all
# used in: GAPPY_PHONE_NA
__HACKED_PHP_URI: no hits at all
# used in: HACKED_PHP_URI
__HAS_DOMAINKEY_SIG: bad, avg S/O=0.15 avg Spam%=3.36 avg Ham%=19.03
# used in: FROM_WORDY_SHORT
__HAS_PHP_ORIG_SCRIPT: bad, avg S/O=0.23 avg Spam%=0.45 avg Ham%=1.49
# used in: PHP_ORIG_SCRIPT
__HDRS_LCASE_KNOWN: bad, avg S/O=0.07 avg Spam%=0.78 avg Ham%=10.32
# used in: STOCK_LOW_CONTRAST END_FUTURE_EMAILS HDRS_LCASE_IMGONLY
__HDR_CASE_REVERSED: bad, avg S/O=0.60 avg Spam%=0.49 avg Ham%=0.32
# used in: HDR_CASE_REV_ENC HDR_CASE_REV_HELO_IP HDR_CASE_REV_MANY
__HDR_CASE_REV_MANY: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.10
# used in: HDR_CASE_REV_MANY
__IRS_FM_NAME: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.29
# used in: IRS_SPOOF
__IRS_RCVD_DOM: no hits at all
# used in: IRS_SPOOF
__IRS_SPOOF: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.29
# used in: IRS_SPOOF
__LARGE_PERCENT_AFTER: no hits of target type
# used in: LARGE_PCT_AFTER_MANY
__LCL__ENV_AND_HDR_FROM_MATCH: bad, avg S/O=0.12 avg Spam%=1.45 avg
Ham%=10.70
# used in: FROM_WORDY_SHORT LUCRATIVE MIME_NO_TEXT MIME_PHP_NO_TEXT
TEQF_USR_MSGID_HEX TO_IN_SUBJ FROM_MISSP_EH_MATCH SUBJ_OBFU_PUNCT_FEW
SUBJ_OBFU_PUNCT_MANY __FROM_MISSP_EH_MATCH
__LCL__KAM_BODY_LENGTH_LT_1024: bad, avg S/O=0.64 avg Spam%=12.38 avg
Ham%=7.03
# used in: LONG_HEX_URI
__LIST_PARTIAL: bad, avg S/O=0.09 avg Spam%=3.52 avg Ham%=33.86
# used in: FROM_WORDY_SHORT LIST_PRTL_PUMPDUMP LIST_PRTL_SAME_USER
LIST_PARTIAL
__LIST_PRTL_PUMPDUMP: no hits at all
# used in: LIST_PRTL_PUMPDUMP
__LIST_PRTL_SAME_USER: bad, avg S/O=0.01 avg Spam%=0.01 avg Ham%=0.57
# used in: LIST_PRTL_SAME_USER
__MAILBOX_FULL_SE: no hits at all
# used in: URI_PHISH __EMAIL_PHISH
__MAIL_ACCT_ACCESS1: no hits at all
# used in: URI_PHISH __EMAIL_PHISH
__MAIL_ACCT_ACCESS2: no hits at all
# used in: URI_PHISH __EMAIL_PHISH
__MANY_SPAN_IN_TEXT: bad, avg S/O=0.70 avg Spam%=0.01 avg Ham%=0.00
# used in: MANY_SPAN_IN_TEXT
__MANY_SUBDOM: bad, avg S/O=0.07 avg Spam%=0.01 avg Ham%=0.16
# used in: MANY_SUBDOM
__MONEY_12LTRDOM: bad, avg S/O=0.32 avg Spam%=0.01 avg Ham%=0.03
# used in: MONEY_12LTRDOM
__MSGID_HEXISH: bad, avg S/O=0.59 avg Spam%=0.03 avg Ham%=0.02
# used in: STOCK_LOW_CONTRAST END_FUTURE_EMAILS HDRS_LCASE_IMGONLY
__HDRS_LCASE_KNOWN
__MSGID_HEX_UID: no hits of target type
# used in: STOCK_LOW_CONTRAST END_FUTURE_EMAILS HDRS_LCASE_IMGONLY
__HDRS_LCASE_KNOWN
__MTLANDROID_MUA: no hits at all
# used in: FROM_MISSP_EH_MATCH
__NUMBERS_IN_SUBJ: bad, avg S/O=0.23 avg Spam%=4.42 avg Ham%=14.68
# used in: URI_PHISH
__PDF_ATTACH: bad, avg S/O=0.25 avg Spam%=0.20 avg Ham%=0.60
# used in: FROM_WORDY_SHORT FREEMAIL_DOC_PDF __FREEMAIL_DOC_PDF
__PD_CNT_1: bad, avg S/O=0.77 avg Spam%=0.00 avg Ham%=0.00
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP
__PHP_ORIG_SCRIPT_SONLY: bad, avg S/O=0.62 avg Spam%=0.03 avg Ham%=0.02
# used in: PHP_ORIG_SCRIPT
__PILL_PRICE_01: bad, avg S/O=0.65 avg Spam%=0.01 avg Ham%=0.00
# used in: MANY_PILL_PRICE
__PILL_PRICE_02: bad, avg S/O=0.17 avg Spam%=0.00 avg Ham%=0.02
# used in: MANY_PILL_PRICE
__PUMPDUMP_01: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP PUMPDUMP_MULTI
PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP __PD_CNT_1
__PUMPDUMP_03: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP PUMPDUMP_MULTI
PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP __PD_CNT_1
__PUMPDUMP_04: no hits of target type
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP PUMPDUMP_MULTI
PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP __PD_CNT_1
__PUMPDUMP_05: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP PUMPDUMP_MULTI
PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP __PD_CNT_1
__PUMPDUMP_06: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP PUMPDUMP_MULTI
PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP __PD_CNT_1
__PUMPDUMP_07: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP PUMPDUMP_MULTI
PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP __PD_CNT_1
__PUMPDUMP_08: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP PUMPDUMP_MULTI
PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP __PD_CNT_1
__PUMPDUMP_09: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP PUMPDUMP_MULTI
PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP __PD_CNT_1
__PUMPDUMP_10: no hits at all
# used in: LIST_PRTL_PUMPDUMP PUMPDUMP PUMPDUMP PUMPDUMP_MULTI
PUMPDUMP_TIP __LIST_PRTL_PUMPDUMP __PD_CNT_1
__RAND_HEADER: bad, avg S/O=0.63 avg Spam%=0.01 avg Ham%=0.01
# used in: RAND_HEADER_MANY
__RCVD_ZIXMAIL: no hits at all
# used in: FROM_MISSP_EH_MATCH
__RP_MATCHES_RCVD: bad, avg S/O=0.01 avg Spam%=0.08 avg Ham%=10.62
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT FUZZY_DR_OZ
LIST_PRTL_SAME_USER STOCK_LOW_CONTRAST THIS_AD LIST_PARTIAL SUBJ_OBFU_PUNCT_FEW
SUBJ_OBFU_PUNCT_MANY TO_EQ_FM_DOM_HTML_IMG
__SCANNED: bad, avg S/O=0.19 avg Spam%=0.01 avg Ham%=0.05
# used in: SCANNED_EXTERNAL
__SCRIPT_GIBBERISH: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.06
# used in: SCRIPT_GIBBERISH
__SCRIPT_TAG_IN_BODY: no hits of target type
# used in: SCRIPT_GIBBERISH
__SECURITY_DEPT: bad, avg S/O=0.31 avg Spam%=0.01 avg Ham%=0.02
# used in: URI_PHISH URI_PHISH
__SMIME_MESSAGE: no hits at all
# used in: URI_ONLY_LOW_CONTRAST
__SPAN_BEG_TEXT: bad, avg S/O=0.39 avg Spam%=1.05 avg Ham%=1.66
# used in: MANY_SPAN_IN_TEXT __MANY_SPAN_IN_TEXT
__SPAN_END_TEXT: bad, avg S/O=0.40 avg Spam%=0.52 avg Ham%=0.78
# used in: MANY_SPAN_IN_TEXT __MANY_SPAN_IN_TEXT
__SPELLED_OUT_NUM: no hits at all
# used in: SPELLED_OUT_NUMBER
__STOCK_TIP: no hits of target type
# used in: PUMPDUMP_TIP STOCK_TIP
__SUBJ_HAS_FROM_1: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.22
# used in: FROM_IN_TO_AND_SUBJ
__SUBJ_HAS_TO_1: bad, avg S/O=0.40 avg Spam%=0.15 avg Ham%=0.23
# used in: TO_IN_SUBJ
__SUBJ_HAS_TO_2: bad, avg S/O=0.66 avg Spam%=0.18 avg Ham%=0.09
# used in: TO_IN_SUBJ
__SUBJ_HAS_TO_3: bad, avg S/O=0.20 avg Spam%=0.02 avg Ham%=0.07
# used in: TO_IN_SUBJ
__SUBJ_OBFU_PUNCT: bad, avg S/O=0.32 avg Spam%=4.84 avg Ham%=10.45
# used in: SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY
__SYSADMIN: bad, avg S/O=0.11 avg Spam%=0.11 avg Ham%=0.86
# used in: URI_PHISH __EMAIL_PHISH
__TENWORD_GIBBERISH: bad, avg S/O=0.40 avg Spam%=0.00 avg Ham%=0.00
# used in: TW_GIBBERISH_MANY
__THIS_AD: bad, avg S/O=0.50 avg Spam%=0.18 avg Ham%=0.18
# used in: THIS_AD
__TO_EQ_FM_DOM_HTML_IMG: bad, avg S/O=0.19 avg Spam%=0.10 avg Ham%=0.43
# used in: TO_EQ_FM_DOM_HTML_IMG
__TO_EQ_FM_DOM_HTML_ONLY: bad, avg S/O=0.36 avg Spam%=0.05 avg Ham%=0.09
# used in: TO_EQ_FM_DOM_HTML_ONLY
__TO_EQ_FM_HTML_ONLY: bad, avg S/O=0.51 avg Spam%=0.05 avg Ham%=0.04
# used in: TO_EQ_FM_HTML_ONLY
__TO_EQ_FROM_2: bad, avg S/O=0.54 avg Spam%=0.50 avg Ham%=0.43
# used in: FROM_IN_TO_AND_SUBJ TEQF_USR_MSGID_HEX TO_EQ_FM_HTML_ONLY
__TO_EQ_FM_HTML_ONLY
__TO_EQ_FROM_DOM_2: bad, avg S/O=0.49 avg Spam%=0.51 avg Ham%=0.52
# used in: TEQF_USR_MSGID_HEX FROM_MISSP_EH_MATCH TO_EQ_FM_DOM_HTML_IMG
TO_EQ_FM_DOM_HTML_ONLY __TO_EQ_FM_DOM_HTML_IMG __TO_EQ_FM_DOM_HTML_ONLY
__TO_IN_SUBJ: bad, avg S/O=0.36 avg Spam%=0.18 avg Ham%=0.33
# used in: TO_IN_SUBJ
__TO___LOWER: bad, avg S/O=0.21 avg Spam%=2.23 avg Ham%=8.33
# used in: END_FUTURE_EMAILS FROM_MISSP_EH_MATCH
__UA_MSOMAC: no hits of target type
# used in: STOCK_LOW_CONTRAST END_FUTURE_EMAILS HDRS_LCASE_IMGONLY
__HDRS_LCASE_KNOWN
__UNSUBSCRIBE_ES: no hits at all
# used in: ES_LIC_FROM_INFO UNSUBSCRIBE_ES
__UNSUBSCRIBE_PT: no hits at all
# used in: UNSUBSCRIBE_PT
__UPGR_MAILBOX: bad, avg S/O=0.16 avg Spam%=0.13 avg Ham%=0.70
# used in: URI_PHISH __EMAIL_PHISH
__UPPERCASE_URI: bad, avg S/O=0.09 avg Spam%=0.70 avg Ham%=6.79
# used in: MANY_SUBDOM URI_PHISH
__URI_DATA: no hits at all
# used in: URI_DATA
__URI_DBL_INDIR: bad, avg S/O=0.08 avg Spam%=0.03 avg Ham%=0.37
# used in: URI_DBL_INDIR
__URI_DOM_DOTDOT: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.07
# used in: URI_DOTDOT_LOW_CNTRST
__URI_OBFU_DOM: bad, avg S/O=0.10 avg Spam%=0.01 avg Ham%=0.06
# used in: URI_OBFU_DOM
__URI_PHISH: bad, avg S/O=0.41 avg Spam%=0.02 avg Ham%=0.03
# used in: URI_PHISH
__URI_TRPL_INDIR: bad, avg S/O=0.38 avg Spam%=0.01 avg Ham%=0.01
# used in: URI_DBL_INDIR URI_TRPL_INDIR
__VALIDATE_MBOX_SE: no hits at all
# used in: URI_PHISH __EMAIL_PHISH __URI_PHISH
__VERIFY_ACCOUNT: bad, avg S/O=0.38 avg Spam%=0.20 avg Ham%=0.32
# used in: URI_PHISH URI_PHISH __URI_PHISH __URI_PHISH
__WEBMAIL_ACCT: bad, avg S/O=0.79 avg Spam%=0.01 avg Ham%=0.00
# used in: URI_PHISH __EMAIL_PHISH __URI_PHISH
__XEROXWORKCTR_MUA: no hits at all
# used in: FROM_MISSP_EH_MATCH SCANNED_EXTERNAL
rulesrc/sandbox/jhardin/20_lotsa_money.cf (156 rules, 51 bad):
LOTS_OF_MONEY: bad, avg S/O=0.23 avg Spam%=3.10 avg Ham%=10.39
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
LOTTO_URI: bad, avg S/O=0.43 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
LUCRATIVE: no hits at all
MONEY_PERCENT: bad, avg S/O=0.33 avg Spam%=0.29 avg Ham%=0.58
XFER_LOTSA_MONEY: bad, avg S/O=0.77 avg Spam%=0.34 avg Ham%=0.10
__AFRICAN_STATE: bad, avg S/O=0.49 avg Spam%=0.31 avg Ham%=0.33
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__AFR_UNION: bad, avg S/O=0.36 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW_FORM __AFRICAN_STATE
__AUTO_ACCIDENT: bad, avg S/O=0.35 avg Spam%=0.00 avg Ham%=0.00
# used in: ADVANCE_FEE_3_NEW_FORM
__BACK_SCRATCH: bad, avg S/O=0.55 avg Spam%=0.03 avg Ham%=0.02
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__BURKINA_FASO: bad, avg S/O=0.48 avg Spam%=0.02 avg Ham%=0.03
# used in: ADVANCE_FEE_3_NEW_FORM __AFRICAN_STATE
__DEAD_PARENT: bad, avg S/O=0.79 avg Spam%=0.02 avg Ham%=0.00
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__DEAL: bad, avg S/O=0.33 avg Spam%=2.26 avg Ham%=4.64
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__DECEASED: bad, avg S/O=0.47 avg Spam%=0.33 avg Ham%=0.37
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__DESTROY_ME: bad, avg S/O=0.70 avg Spam%=0.01 avg Ham%=0.00
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__DIPLOMATIC: bad, avg S/O=0.14 avg Spam%=0.04 avg Ham%=0.27
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__FIFTY_FIFTY: bad, avg S/O=0.17 avg Spam%=0.65 avg Ham%=3.25
# used in: MONEY_PERCENT MONEY_PERCENT URI_PHISH
__GHANA: bad, avg S/O=0.51 avg Spam%=0.06 avg Ham%=0.05
# used in: ADVANCE_FEE_3_NEW_FORM __AFRICAN_STATE
__GIVE_MONEY: bad, avg S/O=0.59 avg Spam%=0.02 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM XFER_LOTSA_MONEY
__HAS_WON_01: no hits at all
# used in: ADVANCE_FEE_3_NEW_FORM
__IS_LEGAL: bad, avg S/O=0.77 avg Spam%=0.09 avg Ham%=0.03
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__IVORY_COAST: bad, avg S/O=0.49 avg Spam%=0.02 avg Ham%=0.02
# used in: ADVANCE_FEE_3_NEW_FORM __AFRICAN_STATE
__LOTSA_MONEY_00: bad, avg S/O=0.23 avg Spam%=0.43 avg Ham%=1.39
# used in: ADVANCE_FEE_3_NEW_FORM LOTS_OF_MONEY MONEY_12LTRDOM
MONEY_PERCENT XFER_LOTSA_MONEY
__LOTSA_MONEY_01: bad, avg S/O=0.17 avg Spam%=1.29 avg Ham%=6.04
# used in: ADVANCE_FEE_3_NEW_FORM LOTS_OF_MONEY MONEY_PERCENT
XFER_LOTSA_MONEY
__LOTSA_MONEY_02: bad, avg S/O=0.71 avg Spam%=0.95 avg Ham%=0.39
# used in: ADVANCE_FEE_3_NEW_FORM LOTS_OF_MONEY MONEY_PERCENT
XFER_LOTSA_MONEY
__LOTSA_MONEY_03: bad, avg S/O=0.16 avg Spam%=0.65 avg Ham%=3.50
# used in: ADVANCE_FEE_3_NEW_FORM LOTS_OF_MONEY MONEY_PERCENT
XFER_LOTSA_MONEY
__LOTSA_MONEY_04: bad, avg S/O=0.60 avg Spam%=1.07 avg Ham%=0.70
# used in: ADVANCE_FEE_3_NEW_FORM LOTS_OF_MONEY MONEY_PERCENT
XFER_LOTSA_MONEY
__LOTTO_AGENT_02: no hits at all
# used in: ADVANCE_FEE_3_NEW_FORM
__LUCKY_WINNER: bad, avg S/O=0.26 avg Spam%=0.05 avg Ham%=0.14
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__LUCRATIVE: bad, avg S/O=0.28 avg Spam%=0.25 avg Ham%=0.63
# used in: LUCRATIVE
__NIGERIA: bad, avg S/O=0.45 avg Spam%=0.19 avg Ham%=0.23
# used in: ADVANCE_FEE_3_NEW_FORM __AFRICAN_STATE
__PAY_YOU: bad, avg S/O=0.48 avg Spam%=0.03 avg Ham%=0.03
# used in: ADVANCE_FEE_3_NEW_FORM XFER_LOTSA_MONEY
__PCT_FOR_YOU: bad, avg S/O=0.58 avg Spam%=0.22 avg Ham%=0.16
# used in: MONEY_PERCENT URI_PHISH
__PCT_FOR_YOU_2: bad, avg S/O=0.41 avg Spam%=0.06 avg Ham%=0.08
# used in: MONEY_PERCENT URI_PHISH __PCT_FOR_YOU
__PCT_FOR_YOU_3: bad, avg S/O=0.46 avg Spam%=0.07 avg Ham%=0.08
# used in: MONEY_PERCENT URI_PHISH __PCT_FOR_YOU
__SCAM: bad, avg S/O=0.11 avg Spam%=0.11 avg Ham%=0.91
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__TO_YOUR_ACCT: bad, avg S/O=0.57 avg Spam%=0.00 avg Ham%=0.00
# used in: ADVANCE_FEE_3_NEW_FORM XFER_LOTSA_MONEY
__TO_YOUR_ORG: bad, avg S/O=0.15 avg Spam%=0.02 avg Ham%=0.13
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
__TRAVEL_ITINERARY: bad, avg S/O=0.08 avg Spam%=0.00 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM LOTS_OF_MONEY
MONEY_PERCENT XFER_LOTSA_MONEY
__TRUSTED_CHECK: bad, avg S/O=0.61 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW_FORM XFER_LOTSA_MONEY
__WIDOW: bad, avg S/O=0.07 avg Spam%=0.00 avg Ham%=0.03
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__WILL_LEGAL: bad, avg S/O=0.37 avg Spam%=0.03 avg Ham%=0.05
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__WIRE_XFR: bad, avg S/O=0.28 avg Spam%=0.07 avg Ham%=0.17
# used in: ADVANCE_FEE_3_NEW_FORM XFER_LOTSA_MONEY
__XFER_MONEY: bad, avg S/O=0.61 avg Spam%=0.39 avg Ham%=0.25
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM XFER_LOTSA_MONEY
__YOUR_FUND: bad, avg S/O=0.55 avg Spam%=0.68 avg Ham%=0.56
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__YOUR_PERM: bad, avg S/O=0.03 avg Spam%=0.01 avg Ham%=0.40
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__YOU_ASSIST: bad, avg S/O=0.61 avg Spam%=0.11 avg Ham%=0.07
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__YOU_WON: bad, avg S/O=0.34 avg Spam%=0.28 avg Ham%=0.55
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__YOU_WON_01: bad, avg S/O=0.32 avg Spam%=0.25 avg Ham%=0.53
# used in: ADVANCE_FEE_3_NEW_FORM __YOU_WON
__YOU_WON_02: bad, avg S/O=0.52 avg Spam%=0.04 avg Ham%=0.04
# used in: ADVANCE_FEE_3_NEW_FORM __YOU_WON
__YOU_WON_04: no hits at all
# used in: ADVANCE_FEE_3_NEW_FORM __YOU_WON
__YOU_WON_05: bad, avg S/O=0.20 avg Spam%=0.03 avg Ham%=0.13
# used in: ADVANCE_FEE_3_NEW_FORM __YOU_WON
rulesrc/sandbox/jhardin/20_fillform.cf (18 rules, 5 bad):
FILL_THIS_FORM_SHORT: bad, avg S/O=0.24 avg Spam%=0.51 avg Ham%=1.59
__FILL_THIS_FORM_PARTIAL: bad, avg S/O=0.51 avg Spam%=1.08 avg Ham%=1.03
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT FROM_WORDY_SHORT
FILL_THIS_FORM_SHORT FILL_THIS_FORM_SHORT
__FILL_THIS_FORM_PARTIAL_RAW: bad, avg S/O=0.30 avg Spam%=1.68 avg Ham%=3.83
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT FROM_WORDY_SHORT
FILL_THIS_FORM_SHORT FILL_THIS_FORM_SHORT
__FILL_THIS_FORM_SHORT: bad, avg S/O=0.24 avg Spam%=0.54 avg Ham%=1.74
# used in: FROM_WORDY_SHORT FILL_THIS_FORM_SHORT
__FILL_THIS_FORM_SHORT2: bad, avg S/O=0.40 avg Spam%=0.98 avg Ham%=1.47
# used in: FROM_WORDY_SHORT FILL_THIS_FORM_SHORT __FILL_THIS_FORM_SHORT
rulesrc/sandbox/jhardin/20_advance_fee_reevolved.cf (32 rules, 1 bad):
ADVANCE_FEE_3_NEW_FORM: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.00
rulesrc/sandbox/jhardin/20_MIME_no_text.cf (7 rules, 6 bad):
MIME_NO_TEXT: bad, avg S/O=0.69 avg Spam%=0.02 avg Ham%=0.01
MIME_PHP_NO_TEXT: no hits at all
__CTYPE_MULTIPART_ANY: bad, avg S/O=0.53 avg Spam%=80.73 avg Ham%=72.73
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT MIME_MALF
__MIME_NO_TEXT: bad, avg S/O=0.37 avg Spam%=0.02 avg Ham%=0.04
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT
__PHP_MUA: bad, avg S/O=0.24 avg Spam%=0.01 avg Ham%=0.04
# used in: MIME_PHP_NO_TEXT FROM_MISSP_EH_MATCH
__PHP_MUA_1: bad, avg S/O=0.23 avg Spam%=0.01 avg Ham%=0.04
# used in: MIME_PHP_NO_TEXT FROM_MISSP_EH_MATCH __PHP_MUA
rulesrc/sandbox/jhardin/20_MIME_in_body.cf (3 rules, 3 bad):
MIME_MALF: no hits of target type
__MIME_CTYPE_IN_BODY: bad, avg S/O=0.04 avg Spam%=0.00 avg Ham%=0.01
# used in: MIME_MALF
__MIME_MALF: no hits of target type
# used in: MIME_MALF
rulesrc/sandbox/hege/20_hk.cf (82 rules, 39 bad):
HK_LOTTO_NAME: bad, avg S/O=0.75 avg Spam%=0.14 avg Ham%=0.05
HK_LOTTO_SUBJECT: bad, avg S/O=0.47 avg Spam%=0.03 avg Ham%=0.03
HK_MUCHMONEY: bad, avg S/O=0.15 avg Spam%=2.82 avg Ham%=15.40
HK_NAME_DR: bad, avg S/O=0.78 avg Spam%=0.06 avg Ham%=0.02
HK_NAME_FREE: bad, avg S/O=0.34 avg Spam%=0.06 avg Ham%=0.12
HK_NAME_FROM: bad, avg S/O=0.77 avg Spam%=0.00 avg Ham%=0.00
HK_PNIS: bad, avg S/O=0.25 avg Spam%=0.02 avg Ham%=0.07
HK_PNISES: no hits of target type
HK_RANDOM_ENVFROM: bad, avg S/O=0.62 avg Spam%=0.03 avg Ham%=0.02
HK_RANDOM_FROM_NAME: bad, avg S/O=0.42 avg Spam%=0.01 avg Ham%=0.01
HK_SCAM_N1: bad, avg S/O=0.76 avg Spam%=0.01 avg Ham%=0.00
HK_SCAM_N14: no hits at all
HK_SCAM_N4: bad, avg S/O=0.60 avg Spam%=0.01 avg Ham%=0.01
HK_SCAM_S12: no hits at all
HK_SCAM_S22: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.02
HK_SCAM_S23: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.00
HK_SCAM_S3: bad, avg S/O=0.14 avg Spam%=0.01 avg Ham%=0.03
HK_SPAMMY_FILENAME: bad, avg S/O=0.49 avg Spam%=0.03 avg Ham%=0.03
HK_WIN: no hits at all
TAB_IN_FROM: no hits at all
__TAB_IN_FROM: no hits at all
# used in: TAB_IN_FROM
__hk_bigmoney: bad, avg S/O=0.15 avg Spam%=1.82 avg Ham%=10.59
# used in: HK_MUCHMONEY URI_PHISH
__hk_million: bad, avg S/O=0.19 avg Spam%=1.56 avg Ham%=6.76
# used in: HK_MUCHMONEY
__hk_million2: bad, avg S/O=0.06 avg Spam%=0.00 avg Ham%=0.01
# used in: HK_MUCHMONEY
__hk_win_0: no hits at all
# used in: HK_WIN
__hk_win_1: bad, avg S/O=0.28 avg Spam%=0.08 avg Ham%=0.21
# used in: HK_WIN
__hk_win_4: bad, avg S/O=0.61 avg Spam%=0.03 avg Ham%=0.02
# used in: HK_WIN
__hk_win_6: bad, avg S/O=0.29 avg Spam%=0.29 avg Ham%=0.69
# used in: HK_WIN
__hk_win_7: no hits of target type
# used in: HK_WIN
__hk_win_9: no hits at all
# used in: HK_WIN
__hk_win_c: no hits at all
# used in: HK_WIN
__hk_win_d: no hits at all
# used in: HK_WIN
__hk_win_e: bad, avg S/O=0.23 avg Spam%=0.35 avg Ham%=1.19
# used in: HK_WIN
__hk_win_f: no hits of target type
# used in: HK_WIN
__hk_win_h: bad, avg S/O=0.56 avg Spam%=0.02 avg Ham%=0.01
# used in: HK_WIN
__hk_win_i: bad, avg S/O=0.70 avg Spam%=0.03 avg Ham%=0.01
# used in: HK_WIN
__hk_win_k: bad, avg S/O=0.41 avg Spam%=0.15 avg Ham%=0.22
# used in: HK_WIN
__hk_win_m: no hits at all
# used in: HK_WIN
__hk_win_n: no hits at all
# used in: HK_WIN
rulesrc/sandbox/hege/20_bug5804.cf (2 rules, 2 bad):
T_RCVD_INVALID_IP: bad, avg S/O=0.33 avg Spam%=0.18 avg Ham%=0.37
T_XOIP_INVALID_IP: no hits at all
rulesrc/sandbox/fredt/99_zFVGT_FakeReply.cf (71 rules, 52 bad):
FAKE_REPLY_SURE_A: bad, avg S/O=0.15 avg Spam%=1.05 avg Ham%=5.76
FAKE_REPLY_SURE_B: bad, avg S/O=0.20 avg Spam%=1.82 avg Ham%=7.27
NICE_REPLY_A: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=4.46
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B
NICE_REPLY_B: no hits of target type
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B
NICE_REPLY_C: no hits of target type
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B
TEST_REPLY_B: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.37
TEST_REPLY_C: no hits of target type
__BOTH_INR_AND_REF: bad, avg S/O=0.59 avg Spam%=8.66 avg Ham%=5.98
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B
FAKE_REPLY_SURE_B NICE_REPLY_A
__BROKE_MUAS: bad, avg S/O=0.38 avg Spam%=0.02 avg Ham%=0.04
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B
__MISSING_REF: bad, avg S/O=0.53 avg Spam%=99.60 avg Ham%=86.76
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT STOCK_LOW_CONTRAST
TEQF_USR_MSGID_HEX FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A
FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B
FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B NICE_REPLY_A NICE_REPLY_B
NICE_REPLY_C SPOOFED_URL SPOOFED_URL_HOST SUBJ_OBFU_PUNCT_FEW
SUBJ_OBFU_PUNCT_MANY TEST_REPLY_B
__MISSING_REPLY: bad, avg S/O=0.54 avg Spam%=99.64 avg Ham%=86.69
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT
FROM_WORDY_SHORT STOCK_LOW_CONTRAST STOCK_LOW_CONTRAST TEQF_USR_MSGID_HEX
TEQF_USR_MSGID_HEX FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A
FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B
FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B NICE_REPLY_A NICE_REPLY_B
NICE_REPLY_C SPOOFED_URL SPOOFED_URL SPOOFED_URL_HOST SPOOFED_URL_HOST
SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY
SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C
__MISSING_THREAD: bad, avg S/O=0.47 avg Spam%=83.85 avg Ham%=95.60
# used in: FAKE_REPLY_SURE_A
__SUBJ_RE: bad, avg S/O=0.22 avg Spam%=3.34 avg Ham%=11.83
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A
FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A
FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B
FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B FAKE_REPLY_SURE_B NICE_REPLY_A NICE_REPLY_B
NICE_REPLY_C TEST_REPLY_B TEST_REPLY_C
__UA_GNUS: no hits of target type
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT STOCK_LOW_CONTRAST
TEQF_USR_MSGID_HEX FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_C SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C
__TO_EQ_FROM_USR_NN_MINFP
__UA_KMAIL: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.09
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_A
__BOTH_INR_AND_REF
__UA_KNODE: no hits of target type
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT STOCK_LOW_CONTRAST
TEQF_USR_MSGID_HEX FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_C SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C
__TO_EQ_FROM_USR_NN_MINFP
__UA_MOZ5: bad, avg S/O=0.62 avg Spam%=8.61 avg Ham%=5.31
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_A
__BOTH_INR_AND_REF
__UA_MSENTOUR: no hits of target type
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__UA_MSOEMAC: no hits at all
# used in: STOCK_LOW_CONTRAST END_FUTURE_EMAILS FAKE_REPLY_SURE_A
FAKE_REPLY_SURE_B HDRS_LCASE_IMGONLY NICE_REPLY_B TEST_REPLY_B
__HDRS_LCASE_KNOWN
__UA_MUTT: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.45
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT STOCK_LOW_CONTRAST
TEQF_USR_MSGID_HEX FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_C SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C
__TO_EQ_FROM_USR_NN_MINFP
__UA_OPERA7: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B
FAKE_REPLY_SURE_B NICE_REPLY_A NICE_REPLY_B TEST_REPLY_B __BOTH_INR_AND_REF
__UA_PAN: no hits of target type
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT STOCK_LOW_CONTRAST
TEQF_USR_MSGID_HEX FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_C SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C
__TO_EQ_FROM_USR_NN_MINFP
__UA_XNEWS: no hits of target type
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT STOCK_LOW_CONTRAST
TEQF_USR_MSGID_HEX FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_C SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C
__TO_EQ_FROM_USR_NN_MINFP
__XM_APPLEMAIL: bad, avg S/O=0.03 avg Spam%=0.02 avg Ham%=0.58
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_CALYPSO: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_A
__BOTH_INR_AND_REF
__XM_DTMAIL: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B __BROKE_MUAS
__XM_EDMAX: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_EMUMAIL: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_EXMH: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_FORTE: no hits of target type
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_A
__BOTH_INR_AND_REF
__XM_FREEMAIL: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B __BROKE_MUAS
__XM_GNUS: no hits at all
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT STOCK_LOW_CONTRAST
TEQF_USR_MSGID_HEX FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_C SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C
__TO_EQ_FROM_USR_NN_MINFP
__XM_IMAIL: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_LOTUSN: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.01
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_LOTUSN5: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B __BROKE_MUAS
__XM_MAILCITY: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_MAILSMITH: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_MHE: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_A
__BOTH_INR_AND_REF
__XM_MIMETOOLS: bad, avg S/O=0.07 avg Spam%=0.02 avg Ham%=0.34
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_MSCDO: bad, avg S/O=0.43 avg Spam%=0.05 avg Ham%=0.07
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_MSOE4: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B __BROKE_MUAS
__XM_NETMAIL: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B __BROKE_MUAS
__XM_NETSCAPEW: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B __BROKE_MUAS
__XM_NOVELL: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.04
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B __BROKE_MUAS
__XM_OPENWEB: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B __BROKE_MUAS
__XM_OPERA6: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_B TEST_REPLY_B
__XM_POSTMAN: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B __BROKE_MUAS
__XM_SKYRI: no hits at all
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT STOCK_LOW_CONTRAST
TEQF_USR_MSGID_HEX FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_C SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C
__TO_EQ_FROM_USR_NN_MINFP
__XM_SYLPHEED: no hits of target type
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_A
__BOTH_INR_AND_REF
__XM_VM: no hits of target type
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_A
__BOTH_INR_AND_REF
__XM_WEBMAIL5: no hits at all
# used in: FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B __BROKE_MUAS
__XM_WWWMAIL: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT STOCK_LOW_CONTRAST
TEQF_USR_MSGID_HEX FAKE_REPLY_SURE_A FAKE_REPLY_SURE_B NICE_REPLY_C SPOOFED_URL
SPOOFED_URL_HOST SUBJ_OBFU_PUNCT_FEW SUBJ_OBFU_PUNCT_MANY TEST_REPLY_C
__TO_EQ_FROM_USR_NN_MINFP
rulesrc/sandbox/felicity/70_phishing.cf (58 rules, 40 bad):
HTTPS_HTTP_MISMATCH: bad, avg S/O=0.69 avg Spam%=0.19 avg Ham%=0.09
TVD_PH_1: bad, avg S/O=0.50 avg Spam%=0.00 avg Ham%=0.00
TVD_PH_7: bad, avg S/O=0.43 avg Spam%=0.01 avg Ham%=0.02
TVD_PH_BODY_ACCOUNTS_POST: bad, avg S/O=0.35 avg Spam%=0.07 avg Ham%=0.13
TVD_PH_BODY_ACCOUNTS_PRE: bad, avg S/O=0.32 avg Spam%=0.07 avg Ham%=0.14
TVD_PH_BODY_META_ALL: bad, avg S/O=0.40 avg Spam%=0.18 avg Ham%=0.27
TVD_PH_FR5: bad, avg S/O=0.14 avg Spam%=0.00 avg Ham%=0.03
TVD_PH_SEC: bad, avg S/O=0.58 avg Spam%=0.03 avg Ham%=0.02
TVD_PH_SUBJ_META: bad, avg S/O=0.30 avg Spam%=0.01 avg Ham%=0.03
TVD_PH_SUBJ_META1: bad, avg S/O=0.44 avg Spam%=0.04 avg Ham%=0.05
TVD_SUBJ_ACC_NUM: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.01
__PH_TVD_FROM2: bad, avg S/O=0.14 avg Spam%=0.01 avg Ham%=0.03
# used in: TVD_PH_FR5
__TVD_PH_BODY_01: no hits at all
# used in: TVD_PH_BODY_META_ALL URI_PHISH __EMAIL_PHISH
__TVD_PH_BODY_02: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.00
# used in: TVD_PH_BODY_META_ALL URI_PHISH __EMAIL_PHISH
__TVD_PH_BODY_06: no hits at all
# used in: TVD_PH_BODY_META_ALL URI_PHISH __EMAIL_PHISH
__TVD_PH_BODY_07: no hits at all
# used in: TVD_PH_BODY_META_ALL URI_PHISH __EMAIL_PHISH
__TVD_PH_BODY_ACCOUNTS_POST: bad, avg S/O=0.35 avg Spam%=0.07 avg Ham%=0.13
# used in: TVD_PH_BODY_ACCOUNTS_POST TVD_PH_BODY_META_ALL URI_PHISH
__EMAIL_PHISH
__TVD_PH_BODY_ACCOUNTS_PRE: bad, avg S/O=0.32 avg Spam%=0.07 avg Ham%=0.14
# used in: TVD_PH_BODY_ACCOUNTS_PRE TVD_PH_BODY_META_ALL URI_PHISH
__EMAIL_PHISH
__TVD_PH_SUBJ_00: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_02: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_04: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_15: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_17: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_18: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_29: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.00
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_31: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_36: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_37: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_39: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_52: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_54: no hits of target type
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_56: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_58: no hits of target type
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_59: no hits at all
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_ACCESS_POST: bad, avg S/O=0.13 avg Spam%=0.00 avg Ham%=0.01
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_ACCOUNTS_POST: bad, avg S/O=0.63 avg Spam%=0.02 avg Ham%=0.01
# used in: TVD_PH_SUBJ_META1
__TVD_PH_SUBJ_ACCOUNTS_PRE: bad, avg S/O=0.19 avg Spam%=0.01 avg Ham%=0.03
# used in: TVD_PH_SUBJ_META1
__TVD_PH_SUBJ_META: bad, avg S/O=0.30 avg Spam%=0.01 avg Ham%=0.03
# used in: TVD_PH_SUBJ_META URI_PHISH __EMAIL_PHISH
__TVD_PH_SUBJ_SEC_MEASURES: no hits of target type
# used in: TVD_PH_SUBJ_META1
__TVD_PH_SUBJ_UPDATE: bad, avg S/O=0.40 avg Spam%=0.00 avg Ham%=0.01
# used in: TVD_PH_SUBJ_META1
rulesrc/sandbox/felicity/70_other.cf (95 rules, 77 bad):
BASE64_LENGTH_78_79: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.07
DRUGS_HDIA: no hits at all
FUZZY_MERIDIA: no hits at all
FUZZY_SPRM: no hits of target type
HEADER_COUNT_SUBJECT: no hits at all
RCVD_BAD_ID: no hits at all
TVD_ACT_193: no hits at all
TVD_APPROVED: bad, avg S/O=0.73 avg Spam%=0.01 avg Ham%=0.00
TVD_APP_LOAN: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.00
TVD_COMPANY_PICK: no hits at all
TVD_DEAD_JOB: no hits at all
TVD_DEAR_HOMEOWNER: no hits at all
TVD_DOLLARS_US: bad, avg S/O=0.69 avg Spam%=0.03 avg Ham%=0.01
TVD_ENHANCE: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.00
TVD_ENVFROM_APOST: no hits at all
TVD_FINGER_01: no hits at all
TVD_FLOAT_GENERAL: no hits at all
TVD_FUZZY_DEGREE: no hits at all
TVD_FUZZY_FINANCE: no hits at all
TVD_FUZZY_FIXED_RATE: no hits at all
TVD_FUZZY_MICROCAP: no hits at all
TVD_FUZZY_PHARMACEUTICAL: no hits at all
TVD_FUZZY_SECTOR: bad, avg S/O=0.06 avg Spam%=0.04 avg Ham%=0.62
TVD_FUZZY_SECURITIES: bad, avg S/O=0.12 avg Spam%=0.00 avg Ham%=0.00
TVD_FUZZY_SYMBOL: no hits at all
TVD_FW_GRAPHIC_ID2: no hits at all
TVD_FW_GRAPHIC_ID3: bad, avg S/O=0.05 avg Spam%=0.05 avg Ham%=0.93
TVD_FW_GRAPHIC_ID3_2: bad, avg S/O=0.05 avg Spam%=0.05 avg Ham%=0.93
TVD_GOOG_LUCKY: no hits at all
TVD_HEAD_EDITION: no hits at all
TVD_HEAD_KERNEL: no hits of target type
TVD_HEAD_USR: no hits at all
TVD_INCREASE_SIZE: no hits at all
TVD_IP_HEX: no hits of target type
TVD_IP_OCT: no hits at all
TVD_IP_SING_HEX: no hits at all
TVD_LINK_SAVE: no hits at all
TVD_LONG_WORD5: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.01
TVD_NOT_SATISFIED: no hits at all
TVD_PCT_OFF: no hits at all
TVD_RATWARE_CB: no hits at all
TVD_RATWARE_CB_2: no hits at all
TVD_RATWARE_MSGID_01: bad, avg S/O=0.02 avg Spam%=0.02 avg Ham%=0.79
TVD_RATWARE_MSGID_02: no hits at all
TVD_RCVD_IP4: no hits at all
TVD_RCVD_SINGLE: no hits at all
TVD_RCVD_SPACE_BRACKET: bad, avg S/O=0.19 avg Spam%=0.04 avg Ham%=0.18
TVD_SECTION: no hits at all
TVD_SILLY_URI_OBFU: no hits at all
TVD_SINGLE_SPAN_DIV: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.01
TVD_SPACED_SUBJECT_WORD3: no hits at all
TVD_SPACED_SUBJECT_WORD5: bad, avg S/O=0.24 avg Spam%=0.01 avg Ham%=0.02
TVD_SPACED_WORDS: no hits at all
TVD_STOCK1: no hits at all
TVD_SUBJ_APPR_LOAN: no hits at all
TVD_SUBJ_END_STAR: no hits at all
TVD_SUBJ_FINGER_03: no hits at all
TVD_SUBJ_FINGER_04: bad, avg S/O=0.45 avg Spam%=0.06 avg Ham%=0.07
TVD_SUBJ_FINGER_07: no hits of target type
TVD_SUBJ_OWE: no hits at all
TVD_UA_FOSTERING: no hits at all
TVD_UNDER_VALUED: no hits of target type
TVD_VIS_HIDDEN: no hits at all
T_TVD_MIME_EPI: bad, avg S/O=0.14 avg Spam%=0.01 avg Ham%=0.07
T_TVD_PCT_OFF2: bad, avg S/O=0.15 avg Spam%=0.07 avg Ham%=0.39
T_TVD_PCT_OFF3: no hits at all
T_TVD_SUBJ_FINGER_05: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.29
T_TVD_SUBJ_FINGER_06: no hits of target type
T_TVD_SUBJ_NUM_OBFU: bad, avg S/O=0.20 avg Spam%=0.11 avg Ham%=0.44
T_TVD_SUBJ_NUM_OBFU2: bad, avg S/O=0.15 avg Spam%=0.12 avg Ham%=0.65
T_TVD_SUBJ_NUM_OBFU3: bad, avg S/O=0.15 avg Spam%=0.12 avg Ham%=0.65
__HEAD_X_KERNEL: no hits of target type
# used in: TVD_HEAD_KERNEL
__TVD_GOT_UR: no hits at all
# used in: TVD_FINGER_01
__TVD_HAPPY_WITH: no hits at all
# used in: TVD_FINGER_01
__TVD_INT_CID: bad, avg S/O=0.22 avg Spam%=1.12 avg Ham%=4.05
# used in: TVD_FW_GRAPHIC_ID3
__TVD_VISIT_SITE: no hits at all
# used in: TVD_FINGER_01
__USER_AGENT_MUTT: no hits at all
# used in: TVD_HEAD_KERNEL
rulesrc/sandbox/fanf/30_text.cf (3 rules, 3 bad):
IMG_ALT_BRACKETS: no hits at all
LONG_TERM_PRICE: no hits of target type
SHORT_TERM_PRICE: no hits of target type
rulesrc/sandbox/fanf/20_uri_tests.cf (1 rules, 1 bad):
YAHOO_RDS_REDIR: no hits at all
rulesrc/sandbox/fanf/10_headers.cf (3 rules, 3 bad):
FROM_SPACE_COMMA: no hits at all
RCVD_FORGED_WROTE3: no hits at all
RCVD_FORGED_WROTE4: no hits at all
rulesrc/sandbox/duncf/20_header.cf (3 rules, 1 bad):
STUDDLYCAPS: bad, avg S/O=0.05 avg Spam%=0.02 avg Ham%=0.42
rulesrc/sandbox/duncf/20_debt.cf (2 rules, 2 bad):
BANKING_LAWS: bad, avg S/O=0.50 avg Spam%=0.00 avg Ham%=0.00
LOOPHOLE_1: no hits at all
rulesrc/sandbox/dos/70_other.cf (116 rules, 106 bad):
BELL_MOBILITY_TXT_MSG: no hits at all
DOS_ANAL_SPAM_MAILER: no hits at all
DOS_ANAL_SPAM_MAILER2: no hits at all
DOS_BODY_HIGH_NO_MID: bad, avg S/O=0.07 avg Spam%=0.01 avg Ham%=0.14
DOS_DEREK_AUG08: no hits at all
DOS_DOM_LIST_CENTER: no hits at all
DOS_DOT_COM_AT: no hits at all
DOS_DOUBLE_SOTCK: no hits at all
DOS_FAKE_UPS_TRACK_NUM: no hits at all
DOS_FIX_MY_URI: no hits at all
DOS_FORGED_RCVD_QUADS: no hits at all
DOS_GOOGLE_LUCKY_REDIRECT: no hits at all
DOS_HC_ZIP_VIRUS: no hits at all
DOS_HIGH_BAT_TO_MX: no hits at all
DOS_LET_GO_JOB: no hits at all
DOS_MED_CAN_PHARM_NOV07: no hits at all
DOS_MORTGAGE: no hits at all
DOS_OUTLOOK_TO_MX_IMAGE: no hits at all
DOS_PHISH_WWW_COM_BIZ: no hits at all
DOS_PHISH_WWW_COM_RU: no hits at all
DOS_PLAYED_IN_HARDCORE: no hits at all
# used in: DOS_HC_ZIP_VIRUS
DOS_PORN_BOUNDARY: no hits at all
DOS_PROVISION4: no hits at all
DOS_RCVD_IP_TWICE_A: bad, avg S/O=0.55 avg Spam%=1.33 avg Ham%=1.10
DOS_RCVD_IP_TWICE_B: bad, avg S/O=0.63 avg Spam%=0.30 avg Ham%=0.18
DOS_RCVD_IP_TWICE_C: no hits at all
DOS_REMOVE_DOMAIN_DOT: no hits at all
DOS_REMOVE_DOMAIN_DOT_YAHOO: no hits at all
DOS_REPORT_FIN_INC: no hits at all
DOS_STOCK_BAT: no hits at all
DOS_STOCK_CDYV_GENERIC: no hits at all
DOS_STOCK_INCOME_STATEMENT: no hits at all
DOS_STOCK_O_PRICE: no hits at all
DOS_TO_READ_STOCK: no hits at all
DOS_TWO_MIS_STOCK: no hits at all
DOS_URI_ASTERISK: no hits at all
DOS_YOUR_PLACE: no hits at all
DOS_ZIP_HARDCORE: no hits at all
# used in: DOS_HC_ZIP_VIRUS
__BELL_MOBILITY_RELAY: no hits at all
# used in: BELL_MOBILITY_TXT_MSG
__DOS_198K_VARI: no hits at all
# used in: DOS_MORTGAGE
__DOS_248K_FIXED: no hits at all
# used in: DOS_MORTGAGE
__DOS_372K_VARI: no hits at all
# used in: DOS_MORTGAGE
__DOS_488K_FIXED: no hits at all
# used in: DOS_MORTGAGE
__DOS_492K_INT: no hits at all
# used in: DOS_MORTGAGE
__DOS_BODY_FRI: bad, avg S/O=0.14 avg Spam%=0.94 avg Ham%=5.84
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
__DOS_BODY_MON: bad, avg S/O=0.17 avg Spam%=1.26 avg Ham%=5.99
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
DOS_STOCK_BAT
__DOS_BODY_SAT: bad, avg S/O=0.42 avg Spam%=0.70 avg Ham%=0.97
# used in: DOS_STOCK_BAT
__DOS_BODY_STOCK: bad, avg S/O=0.24 avg Spam%=1.03 avg Ham%=3.36
# used in: DOS_STOCK_BAT
__DOS_BODY_SUN: bad, avg S/O=0.16 avg Spam%=0.81 avg Ham%=4.31
# used in: DOS_STOCK_BAT
__DOS_BODY_THU: bad, avg S/O=0.08 avg Spam%=0.46 avg Ham%=5.38
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
__DOS_BODY_TICKER: no hits at all
# used in: DOS_STOCK_BAT
__DOS_BODY_TUE: bad, avg S/O=0.05 avg Spam%=0.52 avg Ham%=9.63
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
DOS_STOCK_BAT
__DOS_BODY_WED: bad, avg S/O=0.10 avg Spam%=0.57 avg Ham%=5.03
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
__DOS_COMING_TO_YOUR_PLACE: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_CORRESPOND_EMAIL: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_DEAL_MAKE_MONEY: no hits at all
# used in: DOS_TO_READ_STOCK
__DOS_DIRECT_TO_MX: bad, avg S/O=0.33 avg Spam%=4.60 avg Ham%=9.27
# used in: DOS_HIGH_BAT_TO_MX DOS_OUTLOOK_TO_MX_IMAGE
FORGED_TBIRD_IMG_TO_MX
__DOS_DOM_LIST_CENTER: no hits at all
# used in: DOS_DOM_LIST_CENTER
__DOS_DROP_ME_A_LINE: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_EMAIL_DIRECTLY: no hits at all
# used in: DOS_YOUR_PLACE
__DOS_FINAL_NOTICE_DL: no hits at all
# used in: DOS_DOM_LIST_CENTER
__DOS_GREAT_DRAWN_UP: no hits at all
# used in: DOS_TO_READ_STOCK
__DOS_HAS_ANY_URI: bad, avg S/O=0.50 avg Spam%=97.15 avg Ham%=96.49
# used in: DOS_FIX_MY_URI DOS_DEREK_AUG08 DOS_MED_CAN_PHARM_NOV07
__DOS_HAS_LIST_ID: bad, avg S/O=0.04 avg Spam%=1.07 avg Ham%=27.19
# used in: DOS_HIGH_BAT_TO_MX FROM_WORDY_SHORT LIST_PRTL_PUMPDUMP
LIST_PRTL_SAME_USER DOS_OUTLOOK_TO_MX_IMAGE FORGED_TBIRD_IMG_TO_MX LIST_PARTIAL
__DOS_DIRECT_TO_MX
__DOS_HAS_LIST_UNSUB: bad, avg S/O=0.07 avg Spam%=4.57 avg Ham%=59.84
# used in: DOS_HIGH_BAT_TO_MX FROM_WORDY_SHORT LIST_PRTL_PUMPDUMP
LIST_PRTL_SAME_USER DOS_OUTLOOK_TO_MX_IMAGE FORGED_TBIRD_IMG_TO_MX
KHOP_UNSUB_LINK LIST_PARTIAL URI_DATA __DOS_DIRECT_TO_MX
__DOS_HAS_MAILING_LIST: bad, avg S/O=0.00 avg Spam%=0.03 avg Ham%=6.14
# used in: DOS_HIGH_BAT_TO_MX DOS_OUTLOOK_TO_MX_IMAGE
FORGED_TBIRD_IMG_TO_MX __DOS_DIRECT_TO_MX
__DOS_HAVE_TO_READ: no hits at all
# used in: DOS_TO_READ_STOCK
__DOS_HEADLINES: bad, avg S/O=0.01 avg Spam%=0.02 avg Ham%=1.89
# used in: DOS_STOCK_INCOME_STATEMENT
__DOS_HI: bad, avg S/O=0.25 avg Spam%=0.26 avg Ham%=0.79
# used in: DOS_FIX_MY_URI
__DOS_INCREASE_UP: no hits at all
# used in: DOS_TO_READ_STOCK
__DOS_I_AM_25: bad, avg S/O=0.73 avg Spam%=0.00 avg Ham%=0.00
# used in: DOS_YOUR_PLACE
__DOS_I_DRIVE_A: bad, avg S/O=0.77 avg Spam%=0.00 avg Ham%=0.00
# used in: DOS_LET_GO_JOB
__DOS_KEY_GET_IN_EARLY: no hits at all
# used in: DOS_TO_READ_STOCK
__DOS_LET_GO_JOB: no hits at all
# used in: DOS_LET_GO_JOB
__DOS_LINK: bad, avg S/O=0.19 avg Spam%=2.14 avg Ham%=9.00
# used in: DOS_FIX_MY_URI
__DOS_MED_CAN_WEB_PHARM: no hits at all
# used in: DOS_MED_CAN_PHARM_NOV07
__DOS_MED_MARK_DOWN: bad, avg S/O=0.03 avg Spam%=0.00 avg Ham%=0.01
# used in: DOS_MED_CAN_PHARM_NOV07
__DOS_MED_NO_DIRECTION: no hits at all
# used in: DOS_MED_CAN_PHARM_NOV07
__DOS_MED_WHAT_COULD: bad, avg S/O=0.29 avg Spam%=0.00 avg Ham%=0.00
# used in: DOS_MED_CAN_PHARM_NOV07
__DOS_MSGID_DIGITS10: bad, avg S/O=0.71 avg Spam%=0.03 avg Ham%=0.01
# used in: DOS_DEREK_AUG08
__DOS_MSGID_DIGITS9: bad, avg S/O=0.57 avg Spam%=0.01 avg Ham%=0.01
# used in: DOS_DEREK_AUG08
__DOS_MY_OLD_JOB: no hits at all
# used in: DOS_LET_GO_JOB
__DOS_NOT_A_BILL: no hits at all
# used in: DOS_DOM_LIST_CENTER
__DOS_NO_STOPPING: no hits at all
# used in: DOS_TO_READ_STOCK
__DOS_OIL_EXCEED: no hits at all
# used in: DOS_TO_READ_STOCK
__DOS_RCVD_FRI: bad, avg S/O=0.46 avg Spam%=15.61 avg Ham%=18.27
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
__DOS_RCVD_MON: bad, avg S/O=0.51 avg Spam%=18.05 avg Ham%=17.34
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
__DOS_RCVD_SAT: bad, avg S/O=0.71 avg Spam%=20.43 avg Ham%=8.22
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
__DOS_RCVD_SUN: bad, avg S/O=0.54 avg Spam%=9.60 avg Ham%=8.15
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
__DOS_RCVD_THU: bad, avg S/O=0.26 avg Spam%=7.24 avg Ham%=20.19
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
__DOS_RCVD_TUE: bad, avg S/O=0.47 avg Spam%=16.44 avg Ham%=18.33
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
__DOS_RCVD_WED: bad, avg S/O=0.54 avg Spam%=23.63 avg Ham%=19.91
# used in: DOS_STOCK_BAT DOS_STOCK_BAT DOS_STOCK_BAT
__DOS_REF_2_WK_DAYS: bad, avg S/O=0.10 avg Spam%=0.45 avg Ham%=3.84
# used in: DOS_STOCK_BAT
__DOS_REF_NEXT_WK_DAY: bad, avg S/O=0.12 avg Spam%=0.52 avg Ham%=3.96
# used in: DOS_STOCK_BAT
__DOS_REF_TODAY: bad, avg S/O=0.12 avg Spam%=2.16 avg Ham%=16.09
# used in: DOS_STOCK_BAT
__DOS_RELAYED_EXT: bad, avg S/O=0.54 avg Spam%=94.57 avg Ham%=81.48
# used in: DOS_HIGH_BAT_TO_MX DOS_OUTLOOK_TO_MX_IMAGE
FORGED_TBIRD_IMG_TO_MX S25R_1 __DOS_DIRECT_TO_MX
__DOS_REQ_TO_READ: no hits at all
# used in: DOS_TO_READ_STOCK
__DOS_SINGLE_EXT_RELAY: bad, avg S/O=0.22 avg Spam%=7.92 avg Ham%=27.49
# used in: DOS_FIX_MY_URI DOS_HIGH_BAT_TO_MX DOS_DEREK_AUG08
DOS_OUTLOOK_TO_MX_IMAGE FORGED_HOTMAIL_RCVD3 FORGED_TBIRD_IMG_TO_MX
__DOS_DIRECT_TO_MX
__DOS_STOCK_COMPANY: bad, avg S/O=0.10 avg Spam%=0.02 avg Ham%=0.14
# used in: DOS_STOCK_O_PRICE
__DOS_STOCK_O_PRICE: no hits at all
# used in: DOS_STOCK_O_PRICE
__DOS_STOCK_TICKER: bad, avg S/O=0.61 avg Spam%=0.01 avg Ham%=0.01
# used in: DOS_STOCK_O_PRICE
__DOS_SUB_SEARCH_ENGINE: no hits at all
# used in: DOS_DOM_LIST_CENTER
__DOS_SYMBOL_4: no hits at all
# used in: DOS_STOCK_INCOME_STATEMENT
__DOS_TAKING_HOME: no hits at all
# used in: DOS_LET_GO_JOB
__DOS_TOLD_DAY: no hits at all
# used in: DOS_TO_READ_STOCK
__DOS_WASTE_TIME_MISS: no hits at all
# used in: DOS_TO_READ_STOCK
rulesrc/sandbox/dos/20_uri.cf (2 rules, 2 bad):
DOS_GOOGLE_DOCS: no hits at all
DOS_LIVE_SPACES_CID: no hits at all
rulesrc/sandbox/axb/20_axb_misc.cf (7 rules, 2 bad):
AXB_XM_LORIS232: no hits at all
AXB_X_OUTLOOKPROT_ENVSDR: bad, avg S/O=0.34 avg Spam%=0.00 avg Ham%=0.01
rules/72_active.cf (37 rules, 23 bad):
CTYPE_8SPACE_GIF: no hits at all
TVD_FW_GRAPHIC_NAME_MID: bad, avg S/O=0.45 avg Spam%=0.00 avg Ham%=0.00
__ANY_IMAGE_ATTACH: bad, avg S/O=0.21 avg Spam%=1.11 avg Ham%=4.09
# used in: DYN_RDNS_AND_INLINE_IMAGE PART_CID_STOCK_LESS STOCK_IMG_CTYPE
STOCK_IMG_HDR_FROM STOCK_IMG_HTML STOCK_IMG_OUTLOOK DOS_OUTLOOK_TO_MX_IMAGE
REMOTE_IMAGE TO_EQ_FM_HTML_ONLY URI_PHISH
__ANY_TEXT_ATTACH: bad, avg S/O=0.50 avg Spam%=99.44 avg Ham%=98.94
# used in: LUCRATIVE MIME_NO_TEXT MIME_PHP_NO_TEXT
__ANY_TEXT_ATTACH_DOC: bad, avg S/O=0.50 avg Spam%=99.44 avg Ham%=98.94
# used in: FSL_MIME_NO_TEXT
__CTYPE_ONETAB_GIF: bad, avg S/O=0.18 avg Spam%=0.02 avg Ham%=0.09
# used in: STOCK_IMG_CTYPE
__DOC_ATTACH_MT: bad, avg S/O=0.29 avg Spam%=0.05 avg Ham%=0.11
# used in: FREEMAIL_DOC_PDF
__EXE_ATTACH: no hits at all
# used in: ACH_CANCELLED_EXE __ACH_CANCELLED_EXE
__GIF_ATTACH: bad, avg S/O=0.09 avg Spam%=0.11 avg Ham%=1.21
# used in: SB_GIF_AND_NO_URIS
__HK_SPAMMY_CDFN: bad, avg S/O=0.49 avg Spam%=0.03 avg Ham%=0.03
# used in: HK_SPAMMY_FILENAME
__HK_SPAMMY_CTFN: bad, avg S/O=0.46 avg Spam%=0.03 avg Ham%=0.03
# used in: HK_SPAMMY_FILENAME
__HTML_ATTACH_01: bad, avg S/O=0.44 avg Spam%=0.02 avg Ham%=0.02
# used in: HTML_ATTACH
__HTML_ATTACH_02: bad, avg S/O=0.78 avg Spam%=0.07 avg Ham%=0.02
# used in: HTML_ATTACH OBFU_HTML_ATT_MALW
__JPEG_ATTACH: bad, avg S/O=0.17 avg Spam%=0.65 avg Ham%=3.11
# used in: FORGED_TBIRD_IMG_ARROW FORGED_TBIRD_IMG_SIZE
FORGED_TBIRD_IMG_TO_MX __FORGED_TBIRD_IMG
__PART_CID_STOCK_LESS: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.00
# used in: PART_CID_STOCK_LESS
__PART_STOCK_CID: bad, avg S/O=0.69 avg Spam%=0.00 avg Ham%=0.00
# used in: STOCK_IMG_HTML
__PDF_ATTACH_FN1: bad, avg S/O=0.26 avg Spam%=0.18 avg Ham%=0.52
# used in: FROM_WORDY_SHORT FREEMAIL_DOC_PDF __FREEMAIL_DOC_PDF
__PDF_ATTACH
__PDF_ATTACH_FN2: bad, avg S/O=0.31 avg Spam%=0.20 avg Ham%=0.44
# used in: FROM_WORDY_SHORT FREEMAIL_DOC_PDF __FREEMAIL_DOC_PDF
__PDF_ATTACH
__PDF_ATTACH_MT: bad, avg S/O=0.12 avg Spam%=0.07 avg Ham%=0.51
# used in: FROM_WORDY_SHORT FREEMAIL_DOC_PDF __FREEMAIL_DOC_PDF
__PDF_ATTACH
__TVD_FW_GRAPHIC_ID1: bad, avg S/O=0.73 avg Spam%=0.01 avg Ham%=0.00
# used in: STOCK_IMG_HDR_FROM
__TVD_MIME_ATT_TP: bad, avg S/O=0.52 avg Spam%=89.59 avg Ham%=84.35
# used in: DOS_DEREK_AUG08
__TVD_OUTLOOK_IMG: bad, avg S/O=0.05 avg Spam%=0.06 avg Ham%=1.14
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__ZIP_ATTACH_NOFN: bad, avg S/O=0.77 avg Spam%=0.00 avg Ham%=0.00
# used in: OBFU_HTML_ATT_MALW
rules/25_spf.cf (14 rules, 2 bad):
SPF_HELO_NONE: no hits at all
SPF_NONE: no hits at all
rules/25_replace.cf (32 rules, 28 bad):
FUZZY_AFFORDABLE: no hits at all
FUZZY_AMBIEN: bad, avg S/O=0.07 avg Spam%=0.01 avg Ham%=0.12
FUZZY_BILLION: no hits at all
FUZZY_CPILL: bad, avg S/O=0.71 avg Spam%=0.01 avg Ham%=0.00
FUZZY_ERECT: bad, avg S/O=0.71 avg Spam%=0.01 avg Ham%=0.00
FUZZY_GUARANTEE: no hits at all
FUZZY_MEDICATION: no hits at all
FUZZY_MONEY: no hits at all
FUZZY_MORTGAGE: no hits at all
FUZZY_OBLIGATION: no hits at all
FUZZY_OFFERS: no hits at all
FUZZY_PHENT: no hits at all
FUZZY_PRESCRIPT: no hits at all
FUZZY_PRICES: no hits of target type
FUZZY_REFINANCE: no hits at all
FUZZY_REMOVE: no hits at all
FUZZY_ROLEX: no hits at all
FUZZY_SOFTWARE: no hits at all
FUZZY_THOUSANDS: no hits at all
FUZZY_VIOXX: no hits at all
FUZZY_VLIUM: no hits at all
FUZZY_VPILL: bad, avg S/O=0.77 avg Spam%=0.01 avg Ham%=0.00
FUZZY_XPILL: bad, avg S/O=0.64 avg Spam%=0.07 avg Ham%=0.04
SUBJECT_FUZZY_CHEAP: no hits at all
SUBJECT_FUZZY_MEDS: no hits at all
SUBJECT_FUZZY_PENIS: no hits at all
SUBJECT_FUZZY_TION: no hits at all
SUBJECT_FUZZY_VPILL: no hits at all
rules/25_dkim.cf (16 rules, 5 bad):
NML_ADSP_CUSTOM_HIGH: no hits at all
NML_ADSP_CUSTOM_LOW: no hits at all
NML_ADSP_CUSTOM_MED: no hits at all
__DKIM_DEPENDABLE: no hits at all
# used in: END_FUTURE_EMAILS
__VIA_RESIGNER: no hits at all
# used in: NML_ADSP_CUSTOM_HIGH NML_ADSP_CUSTOM_LOW NML_ADSP_CUSTOM_MED
rules/20_vbounce.cf (162 rules, 149 bad):
ANY_BOUNCE_MESSAGE: bad, avg S/O=0.28 avg Spam%=0.17 avg Ham%=0.45
BOUNCE_MESSAGE: bad, avg S/O=0.28 avg Spam%=0.17 avg Ham%=0.45
# used in: ANY_BOUNCE_MESSAGE
CHALLENGE_RESPONSE: no hits at all
CRBOUNCE_MESSAGE: bad, avg S/O=0.67 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE
VBOUNCE_MESSAGE: bad, avg S/O=0.67 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK
__AUTO_GEN_3: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__AUTO_GEN_4: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__AUTO_GEN_BBTL: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK
__AUTO_GEN_CM: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__AUTO_GEN_MS: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__AUTO_GEN_PREC: bad, avg S/O=0.69 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__AUTO_GEN_XBT: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK
__AUTO_GEN_XXSP: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_ADDR_ERR: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_AUTO_GENERATED: bad, avg S/O=0.76 avg Spam%=0.01 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_AUTO_REPLY: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_AUTO_RESPOND: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_COULD_NOT: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_CTYPE: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.65
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE MIME_NO_TEXT
MIME_PHP_NO_TEXT KHOP_UNSUB_LINK
__BOUNCE_DATA_FORMAT: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_DEL_FAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE
BOUNCE_MESSAGE KHOP_UNSUB_LINK KHOP_UNSUB_LINK
__BOUNCE_ESMTP: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_ETRUST: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_FROM_DAEMON: bad, avg S/O=0.64 avg Spam%=0.09 avg Ham%=0.05
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_INTERSCAN: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_MAILDELFAIL: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_MAIL_DEL_FAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_MSGDELFAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_NEVER_SEE: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_NONWORKING: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_NOTDEL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_NOTIF: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_NO_RESEND: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_NO_VAL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_OOO_2: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_OOO_3: bad, avg S/O=0.47 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_OOO_H1: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_OOO_H2: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_OOO_H3: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_READ_NOTIFICATION: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_RETURNED: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_RET_MAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_RPATH_ERRMAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_STAT_FAIL: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_SYMANTEC: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.01
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_UNDELIVERABLE: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_UNDELIVERABLE_ML: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.03
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_UNDEL_MSG: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_X_ERR_STAT: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_Y_AUTOGEN: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__CHALLENGE_RESPONSE: bad, avg S/O=0.67 avg Spam%=0.00 avg Ham%=0.00
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK KHOP_UNSUB_LINK
__CRBOUNCE_0SPAM: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_0SPAM1: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE __CRBOUNCE_0SPAM
__CRBOUNCE_0SPAM2: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE __CRBOUNCE_0SPAM
__CRBOUNCE_BLOCKED: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_EXI: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_GETRESP: no hits of target type
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_HEADER: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_MIB: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_PREC_SPAM: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_QURB: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_RP: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_RP_2: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_SI: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_SI1: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE __CRBOUNCE_SI
__CRBOUNCE_SI2: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE __CRBOUNCE_SI
__CRBOUNCE_SPAMARREST: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_SPAMLION: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_TMDA: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_UNVERIF: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_UOL: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_VANQ: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__CRBOUNCE_VERIF: no hits at all
# used in: ANY_BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE
KHOP_UNSUB_LINK __CHALLENGE_RESPONSE
__HAVE_BOUNCE_RELAYS: bad, avg S/O=0.51 avg Spam%=90.05 avg Ham%=94.14
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__MY_SERVERS_FOUND: no hits at all
# used in: ANY_BOUNCE_MESSAGE ANY_BOUNCE_MESSAGE ANY_BOUNCE_MESSAGE
BOUNCE_MESSAGE CHALLENGE_RESPONSE CRBOUNCE_MESSAGE KHOP_UNSUB_LINK
KHOP_UNSUB_LINK KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__NONBOUNCE_READ_RECEIPT: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__NONBOUNCE_READ_RECEIPT_CTYPE: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__NONBOUNCE_READ_RECEIPT
__VBOUNCE_ALERT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_AMAVISD: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_AMAVISD2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_ANTIGEN: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_AOL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_ATT_QUAR: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_AVREPORT0: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_AV_RESULTS: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_BANNED_MAT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_BITDEFENDER: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_CISCO: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_CLICKBANK: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_CONT_VIOL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_DETECTED: no hits of target type
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_DISALLOWED: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_DOMINO1: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_DOMINO2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_DUTCH: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_EMAIL_REJ: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_EMANAGER: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_EMVD: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_EXIM: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_FORBIDDEN: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_FROMPT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_GSHIELD: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_GUIN: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_GWAVA: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_GWAVA2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_INFLEX: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_INF_ATTACH: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_INTERSCAN: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_INTERSCAN2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_INTERSCAN3: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_JMAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_LUTHER: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_MAILMARSHAL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_MAILMARSHAL2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_MAILSWEEP: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_MAILSWEEP2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_MAILSWEEP3: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_MELDING: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_MIME_INFO: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_MMS: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_MSGLABS: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_NAV: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_NAV2: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_NAV3: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_NAVFAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_NAV_DETECT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_PROBLEME: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_PT_BLOCKED: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_QUOTED_EXE: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_RAV: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_REJECTED: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_REJ_FILT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_SCANMAIL: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_SCREENSAVER: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_SECURIQ: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_SENDER: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_SMTP: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_STRIP_ATTACH: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_SYM_AVF: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_SYM_EMP: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_UNDELIV: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_VALERT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_VIOLATION: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_VIR_FOUND: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_WARNING: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__VBOUNCE_YOUSENT: no hits at all
# used in: ANY_BOUNCE_MESSAGE KHOP_UNSUB_LINK VBOUNCE_MESSAGE
__XM_VBULLETIN: bad, avg S/O=0.01 avg Spam%=0.01 avg Ham%=0.40
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE FROM_WORDY_SHORT
KHOP_UNSUB_LINK __BOUNCE_AUTO_GENERATED
__X_CRON_ENV: no hits of target type
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__BOUNCE_AUTO_GENERATED
__YESBOUNCE_AUTO_REPLIED_REJ: no hits at all
# used in: ANY_BOUNCE_MESSAGE BOUNCE_MESSAGE KHOP_UNSUB_LINK
__NONBOUNCE_READ_RECEIPT
rules/20_uri_tests.cf (17 rules, 15 bad):
HTTP_77: no hits at all
HTTP_ESCAPED_HOST: bad, avg S/O=0.27 avg Spam%=0.04 avg Ham%=0.10
HTTP_EXCESSIVE_ESCAPES: bad, avg S/O=0.67 avg Spam%=0.00 avg Ham%=0.00
IP_LINK_PLUS: bad, avg S/O=0.40 avg Spam%=0.01 avg Ham%=0.01
NORMAL_HTTP_TO_IP: bad, avg S/O=0.42 avg Spam%=0.32 avg Ham%=0.44
NUMERIC_HTTP_ADDR: no hits at all
SPOOF_COM2COM: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.00
SPOOF_COM2OTH: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.00
SPOOF_NET2COM: no hits at all
URI_HEX: bad, avg S/O=0.09 avg Spam%=0.09 avg Ham%=0.84
URI_NO_WWW_INFO_CGI: bad, avg S/O=0.29 avg Spam%=0.01 avg Ham%=0.03
URI_UNSUBSCRIBE: no hits at all
WEIRD_PORT: bad, avg S/O=0.03 avg Spam%=0.02 avg Ham%=0.66
YAHOO_DRS_REDIR: no hits at all
YAHOO_RD_REDIR: no hits at all
rules/20_ratware.cf (94 rules, 48 bad):
FORGED_IMS_HTML: no hits at all
FORGED_IMS_TAGS: no hits at all
FORGED_MUA_THEBAT_CS: no hits at all
FORGED_QUALCOMM_TAGS: no hits at all
FORGED_THEBAT_HTML: no hits at all
RATWARE_EFROM: no hits at all
RATWARE_HASH_DASH: no hits at all
RATWARE_MOZ_MALFORMED: no hits at all
RATWARE_MPOP_WEBMAIL: bad, avg S/O=0.40 avg Spam%=0.00 avg Ham%=0.00
RATWARE_MS_HASH: bad, avg S/O=0.61 avg Spam%=0.00 avg Ham%=0.00
RATWARE_NAME_ID: no hits at all
RATWARE_OE_MALFORMED: no hits at all
RATWARE_RCVD_AT: no hits at all
RATWARE_RCVD_PF: no hits at all
REPTO_QUOTE_AOL: no hits at all
REPTO_QUOTE_IMS: no hits at all
REPTO_QUOTE_MSN: no hits at all
REPTO_QUOTE_QUALCOMM: no hits at all
X_MESSAGE_INFO: no hits at all
__CTYPE_CHARSET_QUOTED: bad, avg S/O=0.62 avg Spam%=12.30 avg Ham%=7.66
# used in: FORGED_MUA_THEBAT_CS
__CTYPE_HTML: bad, avg S/O=0.39 avg Spam%=9.09 avg Ham%=14.21
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT
__GATED_THROUGH_RCVD_REMOVER: bad, avg S/O=0.10 avg Spam%=0.00 avg Ham%=0.01
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__HAS_X_LOOP: bad, avg S/O=0.04 avg Spam%=0.02 avg Ham%=0.51
# used in: ADVANCE_FEE_3_NEW_FORM
__HAS_X_MAILING_LIST: bad, avg S/O=0.00 avg Spam%=0.00 avg Ham%=0.25
# used in: FREEMAIL_REPLY FROM_WORDY_SHORT FREEMAIL_DOC_PDF
KHOP_HELO_FCRDNS __FREEMAIL_DOC_PDF
__HAS_X_MAILMAN_VERSION: bad, avg S/O=0.02 avg Spam%=0.11 avg Ham%=4.67
# used in: FREEMAIL_REPLY FROM_WORDY_SHORT FREEMAIL_DOC_PDF
KHOP_HELO_FCRDNS __FREEMAIL_DOC_PDF
__HOTMAIL_BAYDAV_MSGID: bad, avg S/O=0.65 avg Spam%=0.01 avg Ham%=0.00
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__IMS_HTML_BUILDS: no hits at all
# used in: FORGED_IMS_HTML
__IMS_HTML_RCVD: no hits at all
# used in: FORGED_IMS_HTML
__IMS_MSGID: bad, avg S/O=0.42 avg Spam%=0.61 avg Ham%=0.85
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__LYRIS_EZLM_REMAILER: bad, avg S/O=0.07 avg Spam%=0.67 avg Ham%=9.63
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__MAILMAN_21: bad, avg S/O=0.02 avg Spam%=0.11 avg Ham%=4.67
# used in: FORGED_MUA_THEBAT_CS
__MIME_HTML: bad, avg S/O=0.51 avg Spam%=85.98 avg Ham%=82.86
# used in: FORGED_IMS_TAGS FORGED_QUALCOMM_TAGS HTML_MISSING_CTYPE
__MIME_VERSION_APPLEMAIL: no hits of target type
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT
__MSGID_APPLEMAIL: bad, avg S/O=0.06 avg Spam%=0.07 avg Ham%=1.17
# used in: MIME_NO_TEXT MIME_NO_TEXT MIME_PHP_NO_TEXT MIME_PHP_NO_TEXT
STOCK_LOW_CONTRAST END_FUTURE_EMAILS HDRS_LCASE_IMGONLY __HDRS_LCASE_KNOWN
__RATWARE_0_TZ_DATE: bad, avg S/O=0.25 avg Spam%=7.40 avg Ham%=21.90
# used in: RATWARE_NAME_ID
__RATWARE_NAME_ID: no hits at all
# used in: RATWARE_NAME_ID
__RCVD_WITH_EXCHANGE: no hits at all
# used in: RATWARE_MS_HASH
__REPTO_QUOTE: bad, avg S/O=0.23 avg Spam%=3.22 avg Ham%=10.59
# used in: REPTO_QUOTE_AOL REPTO_QUOTE_IMS REPTO_QUOTE_MSN
REPTO_QUOTE_QUALCOMM
__SYMPATICO_MSGID: no hits at all
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__TAG_EXISTS_BODY: bad, avg S/O=0.52 avg Spam%=84.38 avg Ham%=77.04
# used in: FORGED_IMS_TAGS
__TAG_EXISTS_HEAD: bad, avg S/O=0.53 avg Spam%=83.63 avg Ham%=75.53
# used in: FORGED_IMS_TAGS
__TAG_EXISTS_HTML: bad, avg S/O=0.52 avg Spam%=84.29 avg Ham%=76.63
# used in: FORGED_IMS_TAGS FORGED_QUALCOMM_TAGS HTML_MIME_NO_HTML_TAG
TO_EQ_FM_DOM_HTML_ONLY
__TAG_EXISTS_META: bad, avg S/O=0.54 avg Spam%=73.29 avg Ham%=62.34
# used in: FORGED_IMS_TAGS SCRIPT_GIBBERISH
__UNUSABLE_MSGID: bad, avg S/O=0.07 avg Spam%=0.68 avg Ham%=9.65
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2
__USER_AGENT_APPLEMAIL: bad, avg S/O=0.02 avg Spam%=0.01 avg Ham%=0.56
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT
__WACKY_SENDMAIL_VERSION: no hits at all
# used in: TVD_FW_GRAPHIC_ID3 TVD_FW_GRAPHIC_ID3_2 __UNUSABLE_MSGID
__X_MAILER_APPLEMAIL: bad, avg S/O=0.03 avg Spam%=0.02 avg Ham%=0.58
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT __USER_AGENT_APPLEMAIL
__YAHOO_BULK: no hits at all
# used in: FORGED_IMS_HTML FORGED_IMS_TAGS SPOOFED_URL SPOOFED_URL_HOST
rules/20_porn.cf (4 rules, 4 bad):
CUM_SHOT: no hits at all
FREE_PORN: no hits at all
LIVE_PORN: no hits at all
SUBJECT_SEXUAL: no hits at all
rules/20_phrases.cf (44 rules, 34 bad):
ACT_NOW_CAPS: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.03
BAD_CREDIT: bad, avg S/O=0.78 avg Spam%=0.36 avg Ham%=0.10
BANG_GUAR: bad, avg S/O=0.47 avg Spam%=0.02 avg Ham%=0.03
BANG_OPRAH: no hits at all
BODY_ENHANCEMENT: no hits of target type
BODY_ENHANCEMENT2: bad, avg S/O=0.41 avg Spam%=0.01 avg Ham%=0.02
DEAR_SOMETHING: bad, avg S/O=0.67 avg Spam%=0.20 avg Ham%=0.10
DIET_1: bad, avg S/O=0.33 avg Spam%=0.15 avg Ham%=0.31
EM_ROLEX: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.00
FIN_FREE: bad, avg S/O=0.51 avg Spam%=0.01 avg Ham%=0.01
FORWARD_LOOKING: no hits at all
FREE_QUOTE_INSTANT: bad, avg S/O=0.71 avg Spam%=0.01 avg Ham%=0.00
IMPOTENCE: bad, avg S/O=0.36 avg Spam%=0.02 avg Ham%=0.03
INVESTMENT_ADVICE: bad, avg S/O=0.30 avg Spam%=0.01 avg Ham%=0.02
JOIN_MILLIONS: bad, avg S/O=0.08 avg Spam%=0.00 avg Ham%=0.04
LOW_PRICE: bad, avg S/O=0.23 avg Spam%=0.03 avg Ham%=0.10
MARKETING_PARTNERS: bad, avg S/O=0.17 avg Spam%=0.00 avg Ham%=0.02
MONEY_BACK: bad, avg S/O=0.75 avg Spam%=0.02 avg Ham%=0.01
MORE_SEX: bad, avg S/O=0.46 avg Spam%=0.00 avg Ham%=0.01
NOT_ADVISOR: no hits at all
OBSCURED_EMAIL: no hits at all
ONE_TIME: bad, avg S/O=0.23 avg Spam%=0.00 avg Ham%=0.01
PREST_NON_ACCREDITED: no hits at all
REFINANCE_NOW: no hits at all
REFINANCE_YOUR_HOME: no hits at all
REMOVE_BEFORE_LINK: bad, avg S/O=0.33 avg Spam%=0.06 avg Ham%=0.12
RUDE_HTML: no hits at all
STOCK_ALERT: no hits at all
STRONG_BUY: no hits at all
URG_BIZ: bad, avg S/O=0.66 avg Spam%=0.18 avg Ham%=0.09
__RUDE_HTML_1: no hits at all
# used in: RUDE_HTML
__RUDE_HTML_2: no hits at all
# used in: RUDE_HTML
__RUDE_HTML_3: no hits at all
# used in: RUDE_HTML
__RUDE_HTML_4: no hits at all
# used in: RUDE_HTML
rules/20_meta_tests.cf (19 rules, 11 bad):
INVALID_MSGID: bad, avg S/O=0.76 avg Spam%=0.35 avg Ham%=0.11
NO_HEADERS_MESSAGE: no hits at all
UPPERCASE_50_75: bad, avg S/O=0.08 avg Spam%=0.03 avg Ham%=0.31
UPPERCASE_75_100: bad, avg S/O=0.77 avg Spam%=0.02 avg Ham%=0.01
__HAS_MSGID: bad, avg S/O=0.51 avg Spam%=99.92 avg Ham%=97.53
# used in: INVALID_MSGID
__ISO_2022_JP_DELIM: bad, avg S/O=0.57 avg Spam%=0.01 avg Ham%=0.01
# used in: GAPPY_SUBJECT JAPANESE_UCE_BODY OBFUSCATING_COMMENT
PLING_QUERY TVD_SPACE_RATIO UPPERCASE_50_75 UPPERCASE_75_100
__MOZILLA_MSGID: bad, avg S/O=0.42 avg Spam%=8.47 avg Ham%=11.48
# used in: THIS_AD URI_PHISH
__NONEMPTY_BODY: bad, avg S/O=0.50 avg Spam%=99.99 avg Ham%=100.00
# used in: STOX_META_5
__SANE_MSGID: bad, avg S/O=0.51 avg Spam%=99.39 avg Ham%=97.42
# used in: INVALID_MSGID
__UPPERCASE_50_75: bad, avg S/O=0.08 avg Spam%=0.03 avg Ham%=0.31
# used in: UPPERCASE_50_75
__UPPERCASE_75_100: bad, avg S/O=0.77 avg Spam%=0.02 avg Ham%=0.01
# used in: UPPERCASE_75_100
rules/20_imageinfo.cf (17 rules, 13 bad):
DC_GIF_UNO_LARGO: bad, avg S/O=0.43 avg Spam%=0.01 avg Ham%=0.01
DC_IMAGE_SPAM_HTML: bad, avg S/O=0.40 avg Spam%=0.00 avg Ham%=0.00
DC_IMAGE_SPAM_TEXT: bad, avg S/O=0.40 avg Spam%=0.00 avg Ham%=0.00
__DC_GIF_MULTI_LARGO: bad, avg S/O=0.11 avg Spam%=0.00 avg Ham%=0.01
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__DC_IMG_TEXT_RATIO: bad, avg S/O=0.73 avg Spam%=0.78 avg Ham%=0.29
# used in: DC_IMAGE_SPAM_TEXT
__DC_PNG_MULTI_LARGO: bad, avg S/O=0.15 avg Spam%=0.01 avg Ham%=0.08
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__GIF_AREA_180K: bad, avg S/O=0.29 avg Spam%=0.01 avg Ham%=0.01
# used in: DC_GIF_UNO_LARGO DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_HTML
DC_IMAGE_SPAM_TEXT DC_IMAGE_SPAM_TEXT __DC_GIF_MULTI_LARGO
__GIF_ATTACH_1: bad, avg S/O=0.13 avg Spam%=0.07 avg Ham%=0.49
# used in: DC_GIF_UNO_LARGO DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__GIF_ATTACH_2P: bad, avg S/O=0.05 avg Spam%=0.04 avg Ham%=0.73
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT __DC_GIF_MULTI_LARGO
__HTML_IMG_ONLY: bad, avg S/O=0.49 avg Spam%=1.78 avg Ham%=1.86
# used in: DC_IMAGE_SPAM_HTML STOCK_IMG_CTYPE STOCK_IMG_HDR_FROM
STOCK_IMG_HTML HDRS_LCASE_IMGONLY REMOTE_IMAGE URI_PHISH
__PNG_AREA_180K: bad, avg S/O=0.70 avg Spam%=0.30 avg Ham%=0.13
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
DC_IMAGE_SPAM_TEXT __DC_PNG_MULTI_LARGO
__PNG_ATTACH_1: bad, avg S/O=0.39 avg Spam%=0.41 avg Ham%=0.64
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__PNG_ATTACH_2P: bad, avg S/O=0.05 avg Spam%=0.05 avg Ham%=1.05
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT __DC_PNG_MULTI_LARGO
rules/20_html_tests.cf (69 rules, 54 bad):
HIDE_WIN_STATUS: no hits of target type
HTML_BADTAG_40_50: no hits at all
HTML_BADTAG_50_60: no hits at all
HTML_BADTAG_60_70: no hits at all
HTML_BADTAG_90_100: no hits at all
HTML_COMMENT_SAVED_URL: bad, avg S/O=0.57 avg Spam%=0.04 avg Ham%=0.03
HTML_COMMENT_SHORT: no hits at all
HTML_EMBEDS: bad, avg S/O=0.31 avg Spam%=0.00 avg Ham%=0.01
HTML_FONT_FACE_BAD: bad, avg S/O=0.16 avg Spam%=0.11 avg Ham%=0.59
HTML_FONT_LOW_CONTRAST: bad, avg S/O=0.15 avg Spam%=3.30 avg Ham%=18.66
HTML_FONT_SIZE_HUGE: bad, avg S/O=0.32 avg Spam%=0.15 avg Ham%=0.32
HTML_FONT_SIZE_LARGE: bad, avg S/O=0.24 avg Spam%=0.34 avg Ham%=1.06
HTML_FORMACTION_MAILTO: no hits at all
HTML_IFRAME_SRC: no hits at all
HTML_IMAGE_ONLY_16: bad, avg S/O=0.35 avg Spam%=0.22 avg Ham%=0.39
# used in: DC_IMAGE_SPAM_HTML
HTML_IMAGE_ONLY_20: bad, avg S/O=0.62 avg Spam%=0.14 avg Ham%=0.08
# used in: DC_IMAGE_SPAM_HTML
HTML_IMAGE_ONLY_24: bad, avg S/O=0.69 avg Spam%=0.24 avg Ham%=0.11
# used in: DC_IMAGE_SPAM_HTML
HTML_IMAGE_ONLY_28: bad, avg S/O=0.13 avg Spam%=0.18 avg Ham%=1.20
# used in: DC_IMAGE_SPAM_HTML
HTML_IMAGE_ONLY_32: bad, avg S/O=0.58 avg Spam%=0.35 avg Ham%=0.25
HTML_IMAGE_RATIO_02: bad, avg S/O=0.29 avg Spam%=2.02 avg Ham%=4.86
HTML_IMAGE_RATIO_04: bad, avg S/O=0.10 avg Spam%=0.68 avg Ham%=5.81
HTML_IMAGE_RATIO_06: bad, avg S/O=0.08 avg Spam%=0.49 avg Ham%=5.50
HTML_IMAGE_RATIO_08: bad, avg S/O=0.10 avg Spam%=0.47 avg Ham%=4.07
HTML_MESSAGE: bad, avg S/O=0.51 avg Spam%=85.99 avg Ham%=82.86
HTML_MIME_NO_HTML_TAG: bad, avg S/O=0.52 avg Spam%=0.87 avg Ham%=0.79
HTML_MISSING_CTYPE: no hits at all
HTML_NONELEMENT_30_40: no hits at all
HTML_NONELEMENT_40_50: no hits at all
HTML_NONELEMENT_60_70: no hits at all
HTML_NONELEMENT_80_90: no hits at all
HTML_OBFUSCATE_05_10: bad, avg S/O=0.35 avg Spam%=0.04 avg Ham%=0.07
HTML_OBFUSCATE_20_30: bad, avg S/O=0.72 avg Spam%=0.01 avg Ham%=0.00
HTML_OBFUSCATE_30_40: no hits at all
HTML_OBFUSCATE_50_60: no hits at all
HTML_OBFUSCATE_70_80: no hits at all
HTML_OBFUSCATE_90_100: no hits at all
HTML_SHORT_LINK_IMG_2: bad, avg S/O=0.41 avg Spam%=0.23 avg Ham%=0.34
HTML_SHORT_LINK_IMG_3: bad, avg S/O=0.58 avg Spam%=0.08 avg Ham%=0.06
HTML_TAG_BALANCE_BODY: bad, avg S/O=0.22 avg Spam%=0.12 avg Ham%=0.43
HTML_TAG_BALANCE_HEAD: bad, avg S/O=0.26 avg Spam%=0.06 avg Ham%=0.17
HTML_TAG_EXIST_BGSOUND: no hits at all
JS_FROMCHARCODE: no hits at all
OBFUSCATING_COMMENT: no hits at all
__COMMENT_EXISTS: bad, avg S/O=0.24 avg Spam%=16.56 avg Ham%=52.49
# used in: FROM_MISSP_EH_MATCH TO_EQ_FM_DOM_HTML_IMG
__HIGHBITS: bad, avg S/O=0.14 avg Spam%=7.08 avg Ham%=42.52
# used in: DOS_HIGH_BAT_TO_MX TVD_SPACE_RATIO DOS_BODY_HIGH_NO_MID
__HTML_LENGTH_1024_1536: bad, avg S/O=0.79 avg Spam%=4.24 avg Ham%=1.10
# used in: HTML_SHORT_LINK_IMG_2
__HTML_LENGTH_1536_2048: bad, avg S/O=0.40 avg Spam%=0.64 avg Ham%=0.96
# used in: HTML_SHORT_LINK_IMG_3 STOCK_IMG_OUTLOOK
__HTML_LINK_IMAGE: bad, avg S/O=0.15 avg Spam%=12.03 avg Ham%=68.46
# used in: ADVANCE_FEE_3_NEW_FORM HTML_SHORT_LINK_IMG_2
HTML_SHORT_LINK_IMG_3 REMOTE_IMAGE TO_EQ_FM_DOM_HTML_IMG URI_PHISH
__JS_DOCWRITE: bad, avg S/O=0.10 avg Spam%=0.03 avg Ham%=0.23
# used in: JS_FROMCHARCODE
__JS_FROMCHARCODE: no hits at all
# used in: JS_FROMCHARCODE
__MIME_ATTACHMENT: bad, avg S/O=0.38 avg Spam%=1.61 avg Ham%=2.66
# used in: STOX_META_5
__OBFUSCATING_COMMENT_A: bad, avg S/O=0.53 avg Spam%=0.01 avg Ham%=0.01
# used in: OBFUSCATING_COMMENT
__OBFUSCATING_COMMENT_B: bad, avg S/O=0.50 avg Spam%=0.22 avg Ham%=0.22
# used in: OBFUSCATING_COMMENT PHP_ORIG_SCRIPT
__TAG_EXISTS_CENTER: bad, avg S/O=0.22 avg Spam%=4.37 avg Ham%=15.45
# used in: TO_EQ_FM_HTML_ONLY URI_PHISH
rules/20_head_tests.cf (157 rules, 86 bad):
BAD_ENC_HEADER: bad, avg S/O=0.29 avg Spam%=0.07 avg Ham%=0.16
CONFIRMED_FORGED: no hits at all
DATE_IN_FUTURE_96_XX: no hits at all
DATE_SPAMWARE_Y2K: no hits at all
ENGLISH_UCE_SUBJECT: no hits at all
FAKE_OUTBLAZE_RCVD: no hits at all
FORGED_HOTMAIL_RCVD2: bad, avg S/O=0.73 avg Spam%=0.10 avg Ham%=0.04
FORGED_MSGID_AOL: no hits at all
FORGED_MSGID_EXCITE: no hits at all
FORGED_MSGID_HOTMAIL: no hits at all
FORGED_MSGID_MSN: no hits at all
FROM_BLANK_NAME: bad, avg S/O=0.40 avg Spam%=0.00 avg Ham%=0.00
FROM_EXCESS_BASE64: no hits at all
FROM_LOCAL_DIGITS: bad, avg S/O=0.43 avg Spam%=0.02 avg Ham%=0.02
FROM_LOCAL_HEX: no hits at all
FROM_NO_USER: bad, avg S/O=0.59 avg Spam%=0.02 avg Ham%=0.01
FROM_STARTS_WITH_NUMS: bad, avg S/O=0.68 avg Spam%=0.03 avg Ham%=0.02
GAPPY_SUBJECT: bad, avg S/O=0.10 avg Spam%=0.02 avg Ham%=0.17
HEADER_COUNT_CTYPE: no hits at all
HEAD_ILLEGAL_CHARS: no hits at all
INVALID_TZ_CST: no hits at all
INVALID_TZ_EST: no hits at all
JAPANESE_UCE_BODY: no hits at all
JAPANESE_UCE_SUBJECT: no hits at all
KOREAN_UCE_SUBJECT: no hits at all
LOCALPART_IN_SUBJECT: bad, avg S/O=0.27 avg Spam%=0.00 avg Ham%=0.01
MIME_BOUND_DIGITS_15: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.04
MIME_BOUND_MANY_HEX: no hits at all
MIME_HEADER_CTYPE_ONLY: bad, avg S/O=0.15 avg Spam%=0.09 avg Ham%=0.49
MISSING_DATE: bad, avg S/O=0.30 avg Spam%=0.02 avg Ham%=0.05
MISSING_FROM: bad, avg S/O=0.79 avg Spam%=0.02 avg Ham%=0.00
MISSING_MID: bad, avg S/O=0.03 avg Spam%=0.07 avg Ham%=2.47
MISSING_MIMEOLE: bad, avg S/O=0.69 avg Spam%=0.37 avg Ham%=0.16
MISSING_SUBJECT: bad, avg S/O=0.77 avg Spam%=0.04 avg Ham%=0.01
MSGID_FROM_MTA_HEADER: bad, avg S/O=0.49 avg Spam%=0.34 avg Ham%=0.35
MSGID_SHORT: bad, avg S/O=0.75 avg Spam%=0.05 avg Ham%=0.02
MSGID_SPAM_LETTERS: no hits at all
MULTI_FORGED: no hits at all
NONEXISTENT_CHARSET: no hits at all
NO_RDNS_DOTCOM_HELO: bad, avg S/O=0.40 avg Spam%=0.01 avg Ham%=0.01
PLING_QUERY: bad, avg S/O=0.29 avg Spam%=0.13 avg Ham%=0.32
PREVENT_NONDELIVERY: no hits at all
RCVD_AM_PM: no hits at all
SUBJ_ALL_CAPS: bad, avg S/O=0.63 avg Spam%=1.00 avg Ham%=0.58
SUBJ_BUY: bad, avg S/O=0.43 avg Spam%=0.01 avg Ham%=0.02
SUBJ_DOLLARS: bad, avg S/O=0.14 avg Spam%=0.03 avg Ham%=0.17
TO_MALFORMED: bad, avg S/O=0.10 avg Spam%=0.05 avg Ham%=0.44
WITH_LC_SMTP: no hits at all
X_PRIORITY_CC: no hits at all
__AT_AOL_MSGID: bad, avg S/O=0.01 avg Spam%=0.00 avg Ham%=0.06
# used in: FORGED_MSGID_AOL
__AT_EXCITE_MSGID: no hits at all
# used in: FORGED_MSGID_EXCITE
__CD: bad, avg S/O=0.37 avg Spam%=0.74 avg Ham%=1.25
# used in: MIME_HEADER_CTYPE_ONLY
__CT: bad, avg S/O=0.50 avg Spam%=99.47 avg Ham%=98.98
# used in: MIME_HEADER_CTYPE_ONLY
__CTE: bad, avg S/O=0.36 avg Spam%=19.69 avg Ham%=34.66
# used in: MIME_HEADER_CTYPE_ONLY
__CT_TEXT_PLAIN: bad, avg S/O=0.42 avg Spam%=9.66 avg Ham%=13.20
# used in: MIME_HEADER_CTYPE_ONLY DOS_DEREK_AUG08
__ENV_AND_HDR_FROM_MATCH: bad, avg S/O=0.12 avg Spam%=1.45 avg Ham%=10.70
# used in: FROM_WORDY_SHORT LUCRATIVE MIME_NO_TEXT MIME_PHP_NO_TEXT
STOCK_IMG_CTYPE STOCK_IMG_HDR_FROM STOCK_IMG_HTML STOCK_IMG_OUTLOOK
TEQF_USR_MSGID_HEX TO_IN_SUBJ FROM_MISSP_EH_MATCH SUBJ_OBFU_PUNCT_FEW
SUBJ_OBFU_PUNCT_MANY TVD_PH_FR5 URI_DATA
__FORGED_AOL_RCVD: no hits at all
# used in: CONFIRMED_FORGED MULTI_FORGED
__FORGED_HOTMAIL_RCVD: bad, avg S/O=0.57 avg Spam%=0.28 avg Ham%=0.21
# used in: CONFIRMED_FORGED MULTI_FORGED
__FORGED_JUNO_RCVD: no hits at all
# used in: CONFIRMED_FORGED MULTI_FORGED
__FORGED_RCVD_TRAIL: bad, avg S/O=0.24 avg Spam%=0.80 avg Ham%=2.51
# used in: CONFIRMED_FORGED
__FROM_AOL_COM: bad, avg S/O=0.57 avg Spam%=0.12 avg Ham%=0.09
# used in: FORGED_MSGID_AOL
__FROM_ENCODED_B64: bad, avg S/O=0.47 avg Spam%=0.79 avg Ham%=0.87
# used in: FROM_EXCESS_BASE64 HDR_CASE_REV_ENC
__FROM_ENCODED_QP: bad, avg S/O=0.04 avg Spam%=0.89 avg Ham%=21.10
# used in: THIS_AD TO_EQ_FM_DOM_HTML_ONLY
__FROM_HOTMAIL_COM: bad, avg S/O=0.63 avg Spam%=0.19 avg Ham%=0.11
# used in: FORGED_MSGID_HOTMAIL FORGED_MSGID_MSN MSGID_FROM_MTA_HEADER
__FROM_NEEDS_MIME: bad, avg S/O=0.26 avg Spam%=1.13 avg Ham%=3.19
# used in: FROM_EXCESS_BASE64
__FROM_YAHOO_COM: bad, avg S/O=0.80 avg Spam%=0.56 avg Ham%=0.14
# used in: FORGED_MSGID_HOTMAIL FORGED_MSGID_MSN
__GAPPY_SUBJECT: bad, avg S/O=0.10 avg Spam%=0.02 avg Ham%=0.17
# used in: GAPPY_SUBJECT GAPPY_LOW_CONTRAST
__HAS_DATE: bad, avg S/O=0.50 avg Spam%=99.98 avg Ham%=99.95
# used in: MISSING_DATE NO_HEADERS_MESSAGE
__HAS_FROM: bad, avg S/O=0.50 avg Spam%=99.98 avg Ham%=100.00
# used in: MISSING_FROM
__HAS_MESSAGE_ID: bad, avg S/O=0.51 avg Spam%=99.93 avg Ham%=97.53
# used in: MISSING_MID NO_HEADERS_MESSAGE DOS_BODY_HIGH_NO_MID
__HAS_SUBJECT: bad, avg S/O=0.50 avg Spam%=99.96 avg Ham%=99.99
# used in: MISSING_SUBJECT BELL_MOBILITY_TXT_MSG
__IS_EXCH: bad, avg S/O=0.36 avg Spam%=0.04 avg Ham%=0.07
# used in: TO_EQ_FM_DOM_HTML_IMG TO_EQ_FM_DOM_HTML_ONLY
__JAPANESE_UCE_BODY: no hits at all
# used in: JAPANESE_UCE_BODY
__MIME_VERSION: bad, avg S/O=0.51 avg Spam%=99.41 avg Ham%=95.70
# used in: MIME_HEADER_CTYPE_ONLY DSN_NO_MIMEVERSION
__ML1: bad, avg S/O=0.03 avg Spam%=0.80 avg Ham%=25.75
# used in: FUZZY_DR_OZ MANY_SPAN_IN_TEXT NML_ADSP_CUSTOM_HIGH
NML_ADSP_CUSTOM_LOW NML_ADSP_CUSTOM_MED STOCK_LOW_CONTRAST TO_IN_SUBJ
FILL_THIS_FORM_SHORT KHOP_HELO_FCRDNS KHOP_UNSUB_LINK MANY_SUBDOM MAY_BE_FORGED
REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST URI_OBFU_DOM URI_DATA URI_PHISH
__ML2: bad, avg S/O=0.04 avg Spam%=1.07 avg Ham%=27.19
# used in: FREEMAIL_REPLY FROM_WORDY_SHORT FUZZY_DR_OZ MANY_SPAN_IN_TEXT
NML_ADSP_CUSTOM_HIGH NML_ADSP_CUSTOM_LOW NML_ADSP_CUSTOM_MED STOCK_LOW_CONTRAST
TO_IN_SUBJ FILL_THIS_FORM_SHORT FREEMAIL_DOC_PDF KHOP_HELO_FCRDNS
KHOP_HELO_FCRDNS KHOP_UNSUB_LINK MANY_SUBDOM MAY_BE_FORGED REMOTE_IMAGE
SPOOFED_URL SPOOFED_URL_HOST URI_OBFU_DOM URI_DATA URI_PHISH __FREEMAIL_DOC_PDF
__ML3: bad, avg S/O=0.01 avg Spam%=0.15 avg Ham%=10.96
# used in: FUZZY_DR_OZ MANY_SPAN_IN_TEXT NML_ADSP_CUSTOM_HIGH
NML_ADSP_CUSTOM_LOW NML_ADSP_CUSTOM_MED STOCK_LOW_CONTRAST TO_IN_SUBJ
FILL_THIS_FORM_SHORT KHOP_HELO_FCRDNS KHOP_UNSUB_LINK MANY_SUBDOM MAY_BE_FORGED
REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST URI_OBFU_DOM URI_DATA URI_PHISH
__ML4: bad, avg S/O=0.00 avg Spam%=0.03 avg Ham%=6.14
# used in: FREEMAIL_REPLY FROM_WORDY_SHORT FUZZY_DR_OZ MANY_SPAN_IN_TEXT
NML_ADSP_CUSTOM_HIGH NML_ADSP_CUSTOM_LOW NML_ADSP_CUSTOM_MED STOCK_LOW_CONTRAST
TO_IN_SUBJ FILL_THIS_FORM_SHORT FREEMAIL_DOC_PDF KHOP_HELO_FCRDNS
KHOP_HELO_FCRDNS KHOP_UNSUB_LINK MANY_SUBDOM MAY_BE_FORGED REMOTE_IMAGE
SPOOFED_URL SPOOFED_URL_HOST URI_OBFU_DOM URI_DATA URI_PHISH __FREEMAIL_DOC_PDF
__ML5: bad, avg S/O=0.05 avg Spam%=0.12 avg Ham%=2.62
# used in: FUZZY_DR_OZ MANY_SPAN_IN_TEXT NML_ADSP_CUSTOM_HIGH
NML_ADSP_CUSTOM_LOW NML_ADSP_CUSTOM_MED STOCK_LOW_CONTRAST TO_IN_SUBJ
FILL_THIS_FORM_SHORT KHOP_HELO_FCRDNS KHOP_UNSUB_LINK MANY_SUBDOM MAY_BE_FORGED
REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST URI_OBFU_DOM URI_DATA URI_PHISH
__MSGID_BEFORE_OKAY: bad, avg S/O=0.63 avg Spam%=0.25 avg Ham%=0.15
# used in: MSGID_FROM_MTA_HEADER
__MSGID_BEFORE_RECEIVED: bad, avg S/O=0.55 avg Spam%=0.46 avg Ham%=0.38
# used in: MSGID_FROM_MTA_HEADER TO_EQ_FM_DOM_HTML_ONLY
__MSGID_OK_HEX: bad, avg S/O=0.53 avg Spam%=29.28 avg Ham%=26.38
# used in: TEQF_USR_MSGID_HEX TO_EQ_FM_DOM_HTML_ONLY
__MY_RCVD_EXCITE: no hits at all
# used in: FORGED_MSGID_EXCITE
__PLING_QUERY: bad, avg S/O=0.29 avg Spam%=0.13 avg Ham%=0.32
# used in: PLING_QUERY
__SUBJECT_ENCODED_B64: bad, avg S/O=0.78 avg Spam%=14.53 avg Ham%=4.06
# used in: END_FUTURE_EMAILS HDR_CASE_REV_ENC SUBJ_LACKS_WORDS
__VIA_ML: bad, avg S/O=0.04 avg Spam%=1.60 avg Ham%=40.24
# used in: FUZZY_DR_OZ MANY_SPAN_IN_TEXT NML_ADSP_CUSTOM_HIGH
NML_ADSP_CUSTOM_LOW NML_ADSP_CUSTOM_MED STOCK_LOW_CONTRAST TO_IN_SUBJ
FILL_THIS_FORM_SHORT KHOP_HELO_FCRDNS KHOP_UNSUB_LINK MANY_SUBDOM MAY_BE_FORGED
REMOTE_IMAGE SPOOFED_URL SPOOFED_URL_HOST URI_OBFU_DOM URI_DATA URI_PHISH
URI_PHISH __REMOTE_IMAGE
rules/20_freemail.cf (12 rules, 6 bad):
FREEMAIL_ENVFROM_END_DIGIT: bad, avg S/O=0.51 avg Spam%=0.02 avg Ham%=0.02
FREEMAIL_FROM: bad, avg S/O=0.39 avg Spam%=3.24 avg Ham%=5.06
# used in: FREEMAIL_FORGED_FROMDOMAIN
FREEMAIL_REPLY: bad, avg S/O=0.72 avg Spam%=0.08 avg Ham%=0.03
__freemail_safe: bad, avg S/O=0.04 avg Spam%=1.08 avg Ham%=27.95
# used in: FREEMAIL_REPLY FROM_WORDY_SHORT FREEMAIL_DOC_PDF
KHOP_HELO_FCRDNS __FREEMAIL_DOC_PDF
__freemail_safe_fwd: bad, avg S/O=0.01 avg Spam%=0.01 avg Ham%=0.99
# used in: FREEMAIL_REPLY FROM_WORDY_SHORT FREEMAIL_DOC_PDF
KHOP_HELO_FCRDNS __FREEMAIL_DOC_PDF __freemail_safe
__freemail_safe_rls: no hits of target type
# used in: FREEMAIL_REPLY FROM_WORDY_SHORT FREEMAIL_DOC_PDF
KHOP_HELO_FCRDNS __FREEMAIL_DOC_PDF __freemail_safe
rules/20_fake_helo_tests.cf (16 rules, 6 bad):
HELO_DYNAMIC_DIALIN: no hits at all
HELO_DYNAMIC_HEXIP: no hits at all
HELO_DYNAMIC_HOME_NL: no hits at all
HELO_DYNAMIC_ROGERS: no hits at all
HELO_STATIC_HOST: no hits at all
__HELO_STATIC_ROGERS: no hits at all
# used in: HELO_STATIC_HOST
rules/20_dynrdns.cf (37 rules, 21 bad):
RDNS_DYNAMIC: bad, avg S/O=0.72 avg Spam%=1.02 avg Ham%=0.39
# used in: DYN_RDNS_AND_INLINE_IMAGE
__LAST_EXTERNAL_RELAY_NO_AUTH: bad, avg S/O=0.51 avg Spam%=99.89 avg
Ham%=96.10
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC STOCK_LOW_CONTRAST
TEQF_USR_MSGID_HEX KHOP_BOTNET_4 KHOP_BOTNET_4 KHOP_BOTNET_4 KHOP_BOTNET_7
KHOP_BOTNET_9 KHOP_BOTNET_UNCLEAN KHOP_FAKE_EBAY KHOP_HELO_FCRDNS MAY_BE_FORGED
S25R S25R_1 S25R_2 S25R_3 S25R_4 S25R_5 SPOOFED_FREEMAIL SUBJ_OBFU_PUNCT_FEW
SUBJ_OBFU_PUNCT_MANY TO_EQ_FM_DOM_HTML_IMG TO_EQ_FM_DOM_HTML_ONLY
TO_EQ_FM_HTML_ONLY
__LAST_UNTRUSTED_RELAY_NO_AUTH: bad, avg S/O=0.51 avg Spam%=99.89 avg
Ham%=96.10
# used in: DOS_HIGH_BAT_TO_MX DOS_DEREK_AUG08
__RDNS_DYNAMIC_ADELPHIA: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_ATTBI: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_CHELLO_NO: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_COMCAST: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_DIALIN: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_HOME_NL: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_NTL: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_OOL: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_ROGERS: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_RR2: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_SPACELAN: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.11
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_TDS: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_TELIA: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_VELOX: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_VIRTUA: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_VTR: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_DYNAMIC_YAHOOBB: no hits at all
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
__RDNS_STATIC: bad, avg S/O=0.69 avg Spam%=0.32 avg Ham%=0.14
# used in: DYN_RDNS_AND_INLINE_IMAGE RDNS_DYNAMIC KHOP_BOTNET_4
rules/20_drugs.cf (86 rules, 71 bad):
DRUGS_ANXIETY: bad, avg S/O=0.02 avg Spam%=0.00 avg Ham%=0.02
DRUGS_ANXIETY_EREC: no hits at all
DRUGS_ANXIETY_OBFU: no hits at all
DRUGS_DIET: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.01
DRUGS_DIET_OBFU: no hits at all
DRUGS_ERECTILE_OBFU: bad, avg S/O=0.61 avg Spam%=0.02 avg Ham%=0.01
DRUGS_MANYKINDS: no hits at all
DRUGS_MUSCLE: bad, avg S/O=0.16 avg Spam%=0.01 avg Ham%=0.04
# used in: DRUGS_MANYKINDS
DRUGS_SLEEP_EREC: no hits at all
DRUGS_SMEAR1: no hits at all
DRUG_DOSAGE: no hits at all
DRUG_ED_CAPS: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.00
DRUG_ED_GENERIC: no hits at all
DRUG_ED_ONLINE: no hits at all
DRUG_ED_SILD: bad, avg S/O=0.05 avg Spam%=0.00 avg Ham%=0.02
SUBJECT_DRUG_GAP_S: no hits at all
SUBJECT_DRUG_GAP_VA: no hits at all
SUBJECT_DRUG_GAP_X: no hits at all
VIA_GAP_GRA: no hits at all
__DRUGS_ANXIETY1: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_ANXIETY_OBFU
DRUGS_MANYKINDS
__DRUGS_ANXIETY2: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY3: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_ANXIETY_OBFU
DRUGS_MANYKINDS
__DRUGS_ANXIETY4: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY5: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY6: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY7: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY8: no hits of target type
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY9: no hits at all
# used in: DRUGS_ANXIETY DRUGS_ANXIETY_EREC DRUGS_MANYKINDS
__DRUGS_ANXIETY_VAL: no hits of target type
# used in: DRUGS_ANXIETY_OBFU
__DRUGS_ANXIETY_XAN: bad, avg S/O=0.09 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_ANXIETY_OBFU
__DRUGS_DIET1: no hits of target type
# used in: DRUGS_DIET DRUGS_DIET_OBFU DRUGS_MANYKINDS
__DRUGS_DIET10: bad, avg S/O=0.47 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET2: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET3: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET4: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET5: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET6: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET7: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET8: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET9: no hits at all
# used in: DRUGS_DIET DRUGS_MANYKINDS
__DRUGS_DIET_PHEN: no hits of target type
# used in: DRUGS_DIET_OBFU
__DRUGS_ERECTILE10: bad, avg S/O=0.50 avg Spam%=0.05 avg Ham%=0.05
# used in: DRUGS_ANXIETY_EREC DRUGS_ERECTILE_OBFU DRUGS_MANYKINDS
DRUGS_SLEEP_EREC
__DRUGS_ERECTILE11: no hits at all
# used in: DRUGS_ANXIETY_EREC DRUGS_MANYKINDS DRUGS_SLEEP_EREC
__DRUGS_ERECTILE2: no hits of target type
# used in: DRUGS_ANXIETY_EREC DRUGS_ERECTILE_OBFU DRUGS_MANYKINDS
DRUGS_SLEEP_EREC
__DRUGS_ERECTILE4: no hits of target type
# used in: DRUGS_ANXIETY_EREC DRUGS_MANYKINDS DRUGS_SLEEP_EREC
__DRUGS_ERECTILE5: bad, avg S/O=0.06 avg Spam%=0.00 avg Ham%=0.01
# used in: DRUGS_ANXIETY_EREC DRUGS_MANYKINDS DRUGS_SLEEP_EREC
__DRUGS_ERECTILE8: no hits of target type
# used in: DRUGS_ANXIETY_EREC DRUGS_MANYKINDS DRUGS_SLEEP_EREC
__DRUGS_MUSCLE1: bad, avg S/O=0.18 avg Spam%=0.01 avg Ham%=0.03
# used in: DRUGS_MANYKINDS DRUGS_MUSCLE
__DRUGS_MUSCLE2: no hits of target type
# used in: DRUGS_MANYKINDS DRUGS_MUSCLE
__DRUGS_MUSCLE3: no hits at all
# used in: DRUGS_MANYKINDS DRUGS_MUSCLE
__DRUGS_MUSCLE4: no hits of target type
# used in: DRUGS_MANYKINDS DRUGS_MUSCLE
__DRUGS_MUSCLE5: no hits of target type
# used in: DRUGS_MANYKINDS DRUGS_MUSCLE
__DRUGS_PAIN: bad, avg S/O=0.09 avg Spam%=0.01 avg Ham%=0.05
# used in: DRUGS_MANYKINDS
__DRUGS_PAIN1: no hits of target type
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN10: bad, avg S/O=0.40 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN11: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN12: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN13: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN14: no hits of target type
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN2: no hits of target type
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN4: bad, avg S/O=0.18 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN5: no hits of target type
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN6: no hits at all
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN7: no hits of target type
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN8: bad, avg S/O=0.45 avg Spam%=0.00 avg Ham%=0.00
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_PAIN9: no hits of target type
# used in: DRUGS_MANYKINDS __DRUGS_PAIN
__DRUGS_SLEEP: bad, avg S/O=0.13 avg Spam%=0.00 avg Ham%=0.03
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC
__DRUGS_SLEEP1: bad, avg S/O=0.25 avg Spam%=0.00 avg Ham%=0.01
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
__DRUGS_SLEEP2: bad, avg S/O=0.10 avg Spam%=0.00 avg Ham%=0.02
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
__DRUGS_SLEEP3: no hits at all
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
__DRUGS_SLEEP4: no hits of target type
# used in: DRUGS_MANYKINDS DRUGS_SLEEP_EREC __DRUGS_SLEEP
rules/20_compensate.cf (4 rules, 1 bad):
__HAS_RCVD: bad, avg S/O=0.50 avg Spam%=100.00 avg Ham%=99.99
# used in: NO_HEADERS_MESSAGE
rules/20_body_tests.cf (30 rules, 24 bad):
BLANK_LINES_80_90: no hits at all
EMAIL_ROT13: no hits at all
HTTPS_IP_MISMATCH: no hits at all
LONGWORDS: bad, avg S/O=0.27 avg Spam%=0.03 avg Ham%=0.08
MIME_BAD_ISO_CHARSET: no hits at all
MIME_BASE64_BLANKS: no hits at all
MIME_BASE64_TEXT: bad, avg S/O=0.37 avg Spam%=0.01 avg Ham%=0.02
MIME_HTML_MOSTLY: bad, avg S/O=0.08 avg Spam%=0.57 avg Ham%=6.38
MIME_HTML_ONLY: bad, avg S/O=0.40 avg Spam%=9.85 avg Ham%=14.59
# used in: FORGED_IMS_HTML FORGED_THEBAT_HTML HTML_MIME_NO_HTML_TAG
MIME_HTML_ONLY_MULTI: no hits at all
MIME_QP_LONG_LINE: bad, avg S/O=0.09 avg Spam%=0.60 avg Ham%=6.11
MPART_ALT_DIFF: bad, avg S/O=0.20 avg Spam%=1.39 avg Ham%=5.39
MPART_ALT_DIFF_COUNT: bad, avg S/O=0.17 avg Spam%=0.06 avg Ham%=0.28
TRACKER_ID: bad, avg S/O=0.07 avg Spam%=0.05 avg Ham%=0.64
TVD_SPACE_RATIO: bad, avg S/O=0.52 avg Spam%=0.47 avg Ham%=0.44
URI_TRUNCATED: bad, avg S/O=0.57 avg Spam%=0.01 avg Ham%=0.01
WEIRD_QUOTING: bad, avg S/O=0.62 avg Spam%=0.10 avg Ham%=0.06
__CTYPE_MULTIPART_ALT: bad, avg S/O=0.55 avg Spam%=77.99 avg Ham%=63.23
# used in: MIME_HTML_ONLY_MULTI TO_EQ_FM_DOM_HTML_IMG
TO_EQ_FM_DOM_HTML_ONLY
__LONGWORDS_A: bad, avg S/O=0.04 avg Spam%=0.03 avg Ham%=0.66
# used in: LONGWORDS
__LONGWORDS_B: bad, avg S/O=0.14 avg Spam%=0.03 avg Ham%=0.18
# used in: LONGWORDS
__LONGWORDS_C: bad, avg S/O=0.22 avg Spam%=0.06 avg Ham%=0.19
# used in: LONGWORDS
__MIME_QP: bad, avg S/O=0.34 avg Spam%=14.86 avg Ham%=28.81
# used in: FROM_MISSP_EH_MATCH MANY_SUBDOM
__SUBJECT_UTF8_B_ENCODED: bad, avg S/O=0.78 avg Spam%=13.89 avg Ham%=3.85
# used in: TVD_SPACE_RATIO HDR_CASE_REV_ENC
__TVD_SPACE_RATIO: bad, avg S/O=0.73 avg Spam%=1.55 avg Ham%=0.56
# used in: PHP_ORIG_SCRIPT TVD_SPACE_RATIO HDR_CASE_REV_ENC
__PHP_ORIG_SCRIPT_SONLY
rules/20_advance_fee.cf (53 rules, 9 bad):
__FRAUD_AON: bad, avg S/O=0.57 avg Spam%=0.16 avg Ham%=0.12
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__FRAUD_AXF: no hits of target type
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__FRAUD_BEP: bad, avg S/O=0.63 avg Spam%=0.05 avg Ham%=0.03
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__FRAUD_MLY: bad, avg S/O=0.58 avg Spam%=0.14 avg Ham%=0.10
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__FRAUD_MQO: bad, avg S/O=0.73 avg Spam%=0.01 avg Ham%=0.00
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__FRAUD_QFY: bad, avg S/O=0.60 avg Spam%=0.01 avg Ham%=0.01
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__FRAUD_ULK: bad, avg S/O=0.21 avg Spam%=0.01 avg Ham%=0.02
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__FRAUD_WDR: no hits of target type
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
__FRAUD_WFC: bad, avg S/O=0.72 avg Spam%=0.01 avg Ham%=0.00
# used in: ADVANCE_FEE_3_NEW_FORM ADVANCE_FEE_3_NEW_FORM
ADVANCE_FEE_3_NEW_FORM
rules/10_hasbase.cf (21 rules, 8 bad):
__HAS_CC: bad, avg S/O=0.06 avg Spam%=0.26 avg Ham%=3.95
# used in: URI_PHISH
__HAS_ERRORS_TO: bad, avg S/O=0.02 avg Spam%=0.35 avg Ham%=15.36
# used in: ADVANCE_FEE_3_NEW_FORM FROM_WORDY_SHORT LIST_PRTL_SAME_USER
LONG_IMG_URI LIST_PARTIAL URI_DATA
__HAS_IN_REPLY_TO: bad, avg S/O=0.03 avg Spam%=0.36 avg Ham%=13.31
# used in: ADVANCE_FEE_3_NEW_FORM MIME_NO_TEXT MIME_PHP_NO_TEXT
TO_EQ_FM_DOM_HTML_ONLY
__HAS_LIST_ID: bad, avg S/O=0.04 avg Spam%=1.07 avg Ham%=27.19
# used in: USING_VERP
__HAS_SENDER: bad, avg S/O=0.06 avg Spam%=1.05 avg Ham%=15.71
# used in: ADVANCE_FEE_3_NEW_FORM STOCK_LOW_CONTRAST LIST_PARTIAL
URI_PHISH
__HAS_TNEF: bad, avg S/O=0.21 avg Spam%=0.60 avg Ham%=2.20
# used in: FROM_WORDY_SHORT
__HAS_URI: bad, avg S/O=0.50 avg Spam%=97.15 avg Ham%=96.49
# used in: DC_IMAGE_SPAM_HTML DC_IMAGE_SPAM_TEXT
__HAS_X_REF: bad, avg S/O=0.03 avg Spam%=0.40 avg Ham%=13.24
# used in: MIME_NO_TEXT MIME_PHP_NO_TEXT
