UJP - 技術情報1

Life is fun and easy!
不正IP報告数

Okan Sensor
Home Information Service Tech(Free) Tech(Member) Blog FAQ
 
メイン
ログイン

ユーザー名:


パスワード:





パスワード再発行手続き  |無料会員入会手続へ...
ブログ カテゴリ一覧

Test Name Area Tested Description Of Test Score
Bayes off
RBLs off		 Score
Bayes off
RBLs on		 Score
Bayes on
RBLs off		 Score
Bayes on
RBLs on
ACCT_PHISHING_MANY meta Phishing for account information 2.997 2.999 2.997 2.999
ACT_NOW_CAPS body Talks about 'acting now' with capitals 0.100 0.100 0.100 0.100
AC_BR_BONANZA rawbody Too many newlines in a row... spammy template 0.001 0.001 0.001 0.001
AC_DIV_BONANZA rawbody Too many divs in a row... spammy template 0.001 0.001 0.001 0.001
AC_FROM_MANY_DOTS meta Multiple periods in From user name 2.996 2.999 2.996 2.999
AC_HTML_NONSENSE_TAGS rawbody Many consecutive multi-letter HTML tags, likely nonsense/spam 1.997 2.000 1.997 2.000
AC_POST_EXTRAS meta Suspicious URL 1.000 1.000 1.000 1.000
AC_SPAMMY_URI_PATTERNS1 meta link combos match highly spammy template 1.000 1.000 1.000 1.000
AC_SPAMMY_URI_PATTERNS10 meta link combos match highly spammy template 1.000 1.000 1.000 1.000
AC_SPAMMY_URI_PATTERNS11 meta link combos match highly spammy template 1.000 1.000 1.000 1.000
AC_SPAMMY_URI_PATTERNS12 meta link combos match highly spammy template 1.000 1.000 1.000 1.000
AC_SPAMMY_URI_PATTERNS2 meta link combos match highly spammy template 1.000 1.000 1.000 1.000
AC_SPAMMY_URI_PATTERNS3 meta link combos match highly spammy template 1.000 1.000 1.000 1.000
AC_SPAMMY_URI_PATTERNS4 meta link combos match highly spammy template 1.000 1.000 1.000 1.000
AC_SPAMMY_URI_PATTERNS8 meta link combos match highly spammy template 1.000 1.000 1.000 1.000
AC_SPAMMY_URI_PATTERNS9 meta link combos match highly spammy template 1.000 1.000 1.000 1.000
ADMAIL meta "admail" and variants 1.000 1.000 1.000 1.000
ADMITS_SPAM meta Admits this is an ad 2.896 0.001 2.896 0.001
ADULT_DATING_COMPANY meta No description provided 20.000 20.000 20.000 20.000
ADVANCE_FEE_2_NEW_FORM meta Advance Fee fraud and a form 1.000 1.000 1.000 1.000
ADVANCE_FEE_2_NEW_FRM_MNY meta Advance Fee fraud form and lots of money 1.687 1.000 1.687 1.000
ADVANCE_FEE_2_NEW_MONEY meta Advance Fee fraud and lots of money 1.997 1.999 1.997 1.999
ADVANCE_FEE_3_NEW meta Appears to be advance fee fraud (Nigerian 419) 3.496 3.261 3.496 3.261
ADVANCE_FEE_3_NEW_FORM meta Advance Fee fraud and a form 1.000 1.000 1.000 1.000
ADVANCE_FEE_3_NEW_FRM_MNY meta Advance Fee fraud form and lots of money 1.000 1.000 1.000 1.000
ADVANCE_FEE_3_NEW_MONEY meta Advance Fee fraud and lots of money 0.001 0.001 0.001 0.001
ADVANCE_FEE_4_NEW meta Appears to be advance fee fraud (Nigerian 419) 1.801 0.001 1.801 0.001
ADVANCE_FEE_4_NEW_FORM meta Advance Fee fraud and a form 1.000 1.000 1.000 1.000
ADVANCE_FEE_4_NEW_FRM_MNY meta Advance Fee fraud form and lots of money 0.001 0.001 0.001 0.001
ADVANCE_FEE_4_NEW_MONEY meta Advance Fee fraud and lots of money 2.401 2.499 2.401 2.499
ADVANCE_FEE_5_NEW meta Appears to be advance fee fraud (Nigerian 419) 1.002 0.001 1.002 0.001
ADVANCE_FEE_5_NEW_FORM meta Advance Fee fraud and a form 1.000 1.000 1.000 1.000
ADVANCE_FEE_5_NEW_FRM_MNY meta Advance Fee fraud form and lots of money 1.813 1.215 1.813 1.215
ADVANCE_FEE_5_NEW_MONEY meta Advance Fee fraud and lots of money 3.000 3.000 3.000 3.000
AD_PREFS body Advertising preferences 0.250 0.250 0.250 0.250
ALIBABA_IMG_NOT_RCVD_ALI meta Alibaba hosted image but message not from Alibaba 1.000 1.000 1.000 1.000
ALL_TRUSTED header Passed through trusted hosts only via SMTP -1.000 -1.000 -1.000 -1.000
AMAZON_IMG_NOT_RCVD_AMZN meta Amazon hosted image but message not from Amazon 0.001 0.001 0.001 0.001
ANY_BOUNCE_MESSAGE meta Message is some kind of bounce message 0.100 0.100 0.100 0.100
APOSTROPHE_FROM header From address contains an apostrophe 0.148 0.786 0.651 0.545
APP_DEVELOPMENT_FREEM meta App development pitch, freemail or CHN replyto 1.000 1.000 1.000 1.000
APP_DEVELOPMENT_NORDNS meta App development pitch, no rDNS 1.000 1.000 1.000 1.000
ARC_INVALID meta ARC signature exists, but is not valid 0.100 0.100 0.100 0.100
ARC_SIGNED full Message has a ARC signature 0.001 0.001 0.001 0.001
ARC_VALID full Message has a valid ARC signature 0.001 0.001 0.001 0.001
AWL header Adjusted score from AWL reputation of From: address 1.000 1.000 1.000 1.000
AXB_XMAILER_MIMEOLE_OL_024C2 meta Yet another X header trait 0.001 0.001 0.001 0.001
AXB_XM_FORGED_OL2600 meta Forged OE v. 6.2600 1.175 0.001 1.175 0.001
BAD_CREDIT body Eliminate Bad Credit 0.100 0.100 0.100 0.100
BAD_ENC_HEADER header Message has bad MIME encoding in the header 0.001 0.001 0.001 0.001
BANG_GUAR body Something is emphatically guaranteed 1.000 1.000 1.000 1.000
BANKING_LAWS body Talks about banking laws 2.399 2.004 2.157 1.099
BASE64_LENGTH_78_79 body No description provided 0.100 0.100 0.100 0.100
BASE64_LENGTH_79_INF body base64 encoded email part uses line length greater than 79 characters 1.379 2.019 0.583 1.502
BAYES_00 body Bayes spam probability is 0 to 1% -3.000 -3.000 -3.000 -3.000
BAYES_05 body Bayes spam probability is 1 to 5% -0.500 -0.500 -0.500 -0.500
BAYES_20 body Bayes spam probability is 5 to 20% -0.001 -0.001 -0.001 -0.001
BAYES_40 body Bayes spam probability is 20 to 40% -0.001 -0.001 -0.001 -0.001
BAYES_50 body Bayes spam probability is 40 to 60% 2.000 2.000 2.000 2.000
BAYES_60 body Bayes spam probability is 60 to 80% 3.000 3.000 3.000 3.000
BAYES_80 body Bayes spam probability is 80 to 95% 4.000 4.000 4.000 4.000
BAYES_95 body Bayes spam probability is 95 to 99% 5.000 5.000 5.000 5.000
BAYES_99 body Bayes spam probability is 99 to 100% 6.000 6.000 6.000 6.000
BAYES_999 body Bayes spam probability is 99.9 to 100% 7.000 7.000 7.000 7.000
BEBEE_IMG_NOT_RCVD_BB meta Bebee hosted image but message not from Bebee 1.000 1.000 1.000 1.000
BIGNUM_EMAILS_FREEM meta Lots of email addresses/leads, free email account 1.000 1.000 1.000 1.000
BIGNUM_EMAILS_MANY meta Lots of email addresses/leads, over and over 2.996 2.999 2.996 2.999
BILLION_DOLLARS body Talks about lots of money 0.001 1.451 1.229 1.638
BITCOIN_BOMB meta BitCoin + bomb 1.000 1.000 1.000 1.000
BITCOIN_DEADLINE meta BitCoin with a deadline 2.996 2.999 2.996 2.999
BITCOIN_EXTORT_01 meta Extortion spam, pay via BitCoin 4.657 4.528 4.657 4.528
BITCOIN_EXTORT_02 meta Extortion spam, pay via BitCoin 1.000 1.000 1.000 1.000
BITCOIN_IMGUR meta Bitcoin + hosted image 1.000 1.000 1.000 1.000
BITCOIN_MALF_HTML meta Bitcoin + malformed HTML 3.496 3.207 3.496 3.207
BITCOIN_MALWARE meta BitCoin + malware bragging 1.541 3.432 1.541 3.432
BITCOIN_OBFU_SUBJ meta Bitcoin + obfuscated subject 1.000 1.622 1.000 1.622
BITCOIN_ONAN meta BitCoin + [censored] 2.996 1.000 2.996 1.000
BITCOIN_PAY_ME meta Pay me via BitCoin 1.000 1.000 1.000 1.000
BITCOIN_SPAM_01 meta BitCoin spam pattern 01 1.000 1.000 1.000 1.000
BITCOIN_SPAM_02 meta BitCoin spam pattern 02 2.316 2.184 2.316 2.184
BITCOIN_SPAM_03 meta BitCoin spam pattern 03 2.497 1.000 2.497 1.000
BITCOIN_SPAM_04 meta BitCoin spam pattern 04 1.000 1.000 1.000 1.000
BITCOIN_SPAM_05 meta BitCoin spam pattern 05 0.001 0.949 0.001 0.949
BITCOIN_SPAM_06 meta BitCoin spam pattern 06 1.000 1.000 1.000 1.000
BITCOIN_SPAM_07 meta BitCoin spam pattern 07 2.099 1.718 2.099 1.718
BITCOIN_SPAM_08 meta BitCoin spam pattern 08 1.000 1.000 1.000 1.000
BITCOIN_SPAM_09 meta BitCoin spam pattern 09 1.000 1.000 1.000 1.000
BITCOIN_SPAM_10 meta BitCoin spam pattern 10 1.000 1.000 1.000 1.000
BITCOIN_SPAM_11 meta BitCoin spam pattern 11 1.000 1.000 1.000 1.000
BITCOIN_SPAM_12 meta BitCoin spam pattern 12 1.000 1.000 1.000 1.000
BITCOIN_SPF_ONLYALL meta Bitcoin from a domain specifically set to pass +all SPF 0.001 1.000 0.001 1.000
BITCOIN_WFH_01 meta Work-from-Home + bitcoin 1.000 1.000 1.000 1.000
BITCOIN_XPRIO meta Bitcoin + priority 0.734 2.164 0.734 2.164
BITCOIN_YOUR_INFO meta BitCoin with your personal info 2.966 2.999 2.966 2.999
BODY_8BITS body Body includes 8 consecutive 8-bit characters 1.500 1.500 1.500 1.500
BODY_EMAIL_419_FRAUD_GM meta Email address in body is likely advance fee fraud collector mailbox 0.001 1.000 0.001 1.000
BODY_ENHANCEMENT body Information on growing body parts 0.927 1.611 0.974 0.001
BODY_ENHANCEMENT2 body Information on getting larger body parts 0.100 0.100 0.100 0.100
BODY_SINGLE_URI meta Message body is only a URI 2.497 2.499 2.497 2.499
BODY_SINGLE_WORD meta Message body is only one word (no spaces) 1.602 0.001 1.602 0.001
BODY_URI_ONLY meta Message body is only a URI in one line of text or for an image 2.878 2.999 2.878 2.999
BOGUS_MIME_VERSION meta Mime version header is bogus 3.496 1.000 3.496 1.000
BOGUS_MSM_HDRS meta Apparently bogus Microsoft email headers 1.000 1.000 1.000 1.000
BOMB_FREEM meta Bomb + freemail 1.000 1.000 1.000 1.000
BOMB_MONEY meta Bomb + money: bomb threat? 1.000 1.000 1.000 1.000
BOUNCE_MESSAGE meta MTA bounce message 0.100 0.100 0.100 0.100
BTC_ORG meta Bitcoin wallet ID + unusual header 1.000 1.000 1.000 1.000
BULK_RE_SUSP_NTLD meta Precedence bulk and RE: from a suspicious TLD 1.000 1.000 1.000 1.000
CANT_SEE_AD meta You really want to see our spam. 1.000 1.000 1.000 1.000
CHALLENGE_RESPONSE meta Challenge-Response message for mail you sent 0.100 0.100 0.100 0.100
CHARSET_FARAWAY body Character set indicates a foreign language 3.200 3.200 3.200 3.200
CHARSET_FARAWAY_HEADER header A foreign language charset used in headers 3.200 3.200 3.200 3.200
CK_HELO_GENERIC header Relay used name indicative of a Dynamic Pool or Generic rPTR 0.248 0.249 0.248 0.249
CN_B2B_SPAMMER body Chinese company introducing itself 1.000 1.000 1.000 1.000
COMMENT_GIBBERISH meta Nonsense in long HTML comment 1.000 1.000 1.000 1.000
COMPENSATION meta "Compensation" 0.001 1.000 0.001 1.000
CONTENT_AFTER_HTML meta More content after HTML close tag + other spam signs 1.000 1.000 1.000 1.000
CONTENT_AFTER_HTML_WEAK meta More content after HTML close tag 1.000 1.000 1.000 1.000
CRBOUNCE_MESSAGE meta Challenge-Response bounce message 0.100 0.100 0.100 0.100
CTE_8BIT_MISMATCH meta Header says 7bits but body disagrees 0.999 0.001 0.999 0.001
CTYPE_001C_B header No description provided 0.001 0.001 0.001 0.001
CURR_PRICE body No description provided 0.001 0.001 0.001 0.001
DATE_IN_FUTURE_03_06 header Date: is 3 to 6 hours after Received: date 3.399 2.426 2.997 3.027
DATE_IN_FUTURE_06_12 header Date: is 6 to 12 hours after Received: date 2.899 0.001 2.222 1.947
DATE_IN_FUTURE_12_24 header Date: is 12 to 24 hours after Received: date 2.603 2.489 3.199 3.199
DATE_IN_FUTURE_24_48 header Date: is 24 to 48 hours after Received: date 2.598 1.248 0.001 2.048
DATE_IN_FUTURE_48_96 header Date: is 48 to 96 hours after Received: date 2.384 0.813 1.078 2.181
DATE_IN_PAST_03_06 header Date: is 3 to 6 hours before Received: date 2.399 1.076 1.200 1.592
DATE_IN_PAST_06_12 header Date: is 6 to 12 hours before Received: date 1.699 1.103 1.274 1.543
DATE_IN_PAST_12_24 header Date: is 12 to 24 hours before Received: date 0.001 0.804 1.190 1.049
DATE_IN_PAST_24_48 header Date: is 24 to 48 hours before Received: date 1.109 0.485 0.624 1.340
DATE_IN_PAST_96_XX header Date: is 96 hours or more before Received: date 2.600 2.070 1.233 3.405
DAY_I_EARNED meta Work-at-home spam 1.000 1.000 1.000 1.000
DCC_CHECK full Detected as bulk mail by DCC (dcc-servers.net) 0.000 1.100 0.000 1.100
DCC_REPUT_00_12 full DCC reputation between 0 and 12 % (mostly ham) 0.000 -0.800 0.000 -0.400
DCC_REPUT_13_19 full DCC reputation between 13 and 19 % 0.000 -0.100 0.000 -0.100
DCC_REPUT_70_89 full DCC reputation between 70 and 89 % 0.000 0.100 0.000 0.100
DCC_REPUT_90_94 full DCC reputation between 90 and 94 % 0.000 0.400 0.000 0.600
DCC_REPUT_95_98 full DCC reputation between 95 and 98 % (mostly spam) 0.000 0.700 0.000 1.000
DCC_REPUT_99_100 full DCC reputation between 99 % or higher (spam) 0.000 1.200 0.000 1.400
DC_GIF_UNO_LARGO meta Message contains a single large gif image 0.001 1.323 0.053 2.176
DC_IMAGE_SPAM_HTML meta Possible Image-only spam 0.100 0.100 0.100 0.100
DC_IMAGE_SPAM_TEXT meta Possible Image-only spam with little text 0.100 0.100 0.100 0.100
DC_PNG_UNO_LARGO meta Message contains a single large png image 0.001 0.001 0.001 0.001
DEAR_BENEFICIARY body Dear Beneficiary: 0.001 0.001 0.001 0.001
DEAR_FRIEND body Dear Friend? That's not very dear! 2.683 2.604 1.801 2.577
DEAR_SOMETHING body Contains 'Dear (something)' 1.999 1.731 1.787 1.973
DEAR_WINNER body Spam with generic salutation of "dear winner" 3.099 3.099 2.309 3.099
DIET_1 body Lose Weight Spam 0.714 0.000 0.399 0.001
DIGEST_MULTIPLE meta Message hits more than one network digest check 0.000 0.001 0.000 0.293
DKIMDOMAIN_IN_DWL ??? No description provided 0.000 -3.500 0.000 -3.500
DKIMDOMAIN_IN_DWL_UNKNOWN ??? No description provided 0.000 -0.010 0.000 -0.010
DKIMWL_BL meta DKIMwl.org - Blocked sender 0.001 1.000 0.001 1.000
DKIMWL_BLOCKED meta ADMINISTRATOR NOTICE: The query to DKIMWL.org was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information. 0.001 0.001 0.001 0.001
DKIMWL_WL_HIGH meta DKIMwl.org - High trust sender 0.001 -0.001 0.001 -0.001
DKIMWL_WL_MED meta DKIMwl.org - Medium trust sender 0.001 -0.001 0.001 -0.001
DKIMWL_WL_MEDHI meta DKIMwl.org - Medium-high trust sender 0.001 -0.001 0.001 -0.001
DKIM_ADSP_ALL header No valid author signature, domain signs all mail 0.000 1.100 0.000 0.800
DKIM_ADSP_CUSTOM_HIGH header No valid author signature, adsp_override is CUSTOM_HIGH 0.001 0.001 0.001 0.001
DKIM_ADSP_CUSTOM_LOW header No valid author signature, adsp_override is CUSTOM_LOW 0.001 0.001 0.001 0.001
DKIM_ADSP_CUSTOM_MED header No valid author signature, adsp_override is CUSTOM_MED 0.001 0.001 0.001 0.001
DKIM_ADSP_DISCARD header No valid author signature, domain signs all mail and suggests discarding the rest 0.000 1.800 0.000 1.800
DKIM_ADSP_NXDOMAIN header No valid author signature and domain not in DNS 0.000 0.800 0.000 0.900
DKIM_INVALID meta DKIM or DK signature exists, but is not valid 0.100 0.100 0.100 0.100
DKIM_SIGNED full Message has a DKIM or DK signature, not necessarily valid 0.100 0.100 0.100 0.100
DKIM_VALID full Message has at least one valid DKIM or DK signature -0.100 -0.100 -0.100 -0.100
DKIM_VALID_AU full Message has a valid DKIM or DK signature from author's domain -0.100 -0.100 -0.100 -0.100
DKIM_VALID_EF full Message has a valid DKIM or DK signature from envelope-from domain -0.100 -0.100 -0.100 -0.100
DMARC_MISSING header Missing DMARC policy 0.001 0.001 0.001 0.001
DMARC_NONE header DMARC none policy 0.001 0.898 0.001 0.898
DMARC_PASS header DMARC pass policy -0.001 -0.001 -0.001 -0.001
DMARC_QUAR header DMARC quarantine policy 0.001 1.198 0.001 1.198
DMARC_REJECT header DMARC reject policy 0.001 1.797 0.001 1.797
DOS_OE_TO_MX meta Delivered direct to MX with OE headers 2.602 3.086 2.265 2.523
DOS_OE_TO_MX_IMAGE meta Direct to MX with OE headers and an image 2.886 1.886 2.425 3.699
DOS_OUTLOOK_TO_MX meta Delivered direct to MX with Outlook headers 2.636 1.449 1.737 2.845
DOS_RCVD_IP_TWICE_C header Received from the same IP twice in a row (only one external relay; empty or IP helo) 2.599 2.060 3.292 0.096
DOS_STOCK_BAT meta Probable pump and dump stock spam 0.001 0.001 0.001 0.001
DOTGOV_IMAGE meta .gov URI + hosted image 1.000 1.000 1.000 1.000
DRUGS_ANXIETY meta Refers to an anxiety control drug 0.100 0.100 0.100 0.100
DRUGS_DIET meta Refers to a diet drug 2.660 0.757 1.831 0.337
DRUGS_ERECTILE meta Refers to an erectile drug 1.778 2.221 1.299 1.994
DRUGS_ERECTILE_OBFU meta Obfuscated reference to an erectile drug 1.324 1.309 2.935 1.109
DRUGS_MANYKINDS meta Refers to at least four kinds of drugs 2.001 1.473 0.841 0.342
DRUGS_MUSCLE meta Refers to a muscle relaxant 0.001 2.499 0.392 0.164
DRUGS_SMEAR1 body Two or more drugs crammed together into one word 3.300 2.051 3.148 0.235
DRUGS_STOCK_MIMEOLE ??? No description provided 2.699 1.681 2.478 1.321
DRUG_ED_CAPS body Mentions an E.D. drug 2.799 1.023 2.516 0.936
DRUG_ED_ONLINE body Fast Viagra Delivery 0.696 1.152 1.221 0.608
DRUG_ED_SILD body Talks about an E.D. drug using its chemical name 0.001 0.001 0.001 0.001
DSN_NO_MIMEVERSION meta Return-Path <> and no MIME-Version: header 1.997 1.000 1.997 1.000
DX_TEXT_02 body "change your message stat" 1.000 1.000 1.000 1.000
DX_TEXT_03 body "XXX Media Group" 0.998 1.299 0.998 1.299
DYNAMIC_IMGUR meta dynamic IP + hosted image 1.545 1.000 1.545 1.000
DYN_RDNS_AND_INLINE_IMAGE meta Contains image, and was sent by dynamic rDNS 1.345 1.344 1.434 1.168
DYN_RDNS_SHORT_HELO_HTML meta Sent by dynamic rDNS, short HELO, and HTML 0.001 0.001 0.000 0.001
DYN_RDNS_SHORT_HELO_IMAGE meta Short HELO string, dynamic rDNS, inline image 1.825 2.516 2.285 1.013
EBAY_IMG_NOT_RCVD_EBAY meta E-bay hosted image but message not from E-bay 1.000 1.000 1.000 1.000
EMPTY_MESSAGE meta Message appears to have no textual parts 2.195 2.344 1.552 2.320
EMRCP body "Excess Maximum Return Capital Profit" scam 1.000 1.000 1.000 1.000
EM_ROLEX body Message puts emphasis on the watch manufacturer 0.595 1.309 2.068 0.618
ENCRYPTED_MESSAGE meta Message is encrypted, not likely to be spam -0.998 -1.000 -0.998 -1.000
END_FUTURE_EMAILS meta Spammy unsubscribe 2.497 2.499 2.497 2.499
ENGLISH_UCE_SUBJECT header Subject contains an English UCE tag 0.953 1.542 2.569 2.899
ENVFROM_GOOG_TRIX meta From suspicious Google subdomain 1.000 1.000 1.000 1.000
ENV_AND_HDR_SPF_MATCH meta Env and Hdr From used in default SPF WL Match -0.500 -0.500 -0.500 -0.500
EXCUSE_24 body Claims you wanted this ad 1.000 1.000 1.000 1.000
EXCUSE_4 body Claims you can be removed from the list 2.399 1.687 2.399 1.325
EXCUSE_REMOVE body Talks about how to be removed from mailings 2.907 2.992 3.299 3.299
FACEBOOK_IMG_NOT_RCVD_FB meta Facebook hosted image but message not from Facebook 1.000 1.000 1.000 1.000
FAKE_REPLY_B meta No description provided 1.970 0.001 1.970 0.001
FAKE_REPLY_C meta No description provided 0.688 0.001 2.553 1.486
FBI_MONEY meta The FBI wants to give you lots of money? 1.000 1.000 1.000 1.000
FBI_SPOOF meta Claims to be FBI, but not from FBI domain 1.000 1.000 1.000 1.000
FILL_THIS_FORM meta Fill in a form with personal information 0.001 0.001 0.001 0.001
FILL_THIS_FORM_FRAUD_PHISH ??? No description provided 1.195 0.396 0.615 0.334
FILL_THIS_FORM_LOAN ??? No description provided 2.092 2.237 1.836 2.880
FILL_THIS_FORM_LONG meta Fill in a form with personal information 2.000 2.000 2.000 2.000
FIN_FREE body Freedom of a financial nature 0.100 0.100 0.100 0.100
FONT_INVIS_DIRECT meta Invisible text + direct-to-MX 0.001 0.001 0.001 0.001
FONT_INVIS_DOTGOV meta Invisible text + .gov URI 1.000 1.000 1.000 1.000
FONT_INVIS_HTML_NOHTML meta Invisible text + malformed HTML 1.000 1.000 1.000 1.000
FONT_INVIS_LONG_LINE meta Invisible text + long lines 2.996 2.999 2.996 2.999
FONT_INVIS_MSGID meta Invisible text + suspicious message ID 1.154 0.001 1.154 0.001
FONT_INVIS_NORDNS meta Invisible text + no rDNS 1.000 1.000 1.000 1.000
FONT_INVIS_POSTEXTRAS meta Invisible text + suspicious URI 2.895 3.083 2.895 3.083
FORGED_GMAIL_RCVD header 'From' gmail.com does not match 'Received' headers 1.000 1.000 1.000 1.000
FORGED_HOTMAIL_RCVD2 header hotmail.com 'From' address, but no 'Received:' 0.001 1.187 0.698 0.874
FORGED_MSGID_EXCITE meta Message-ID is forged, (excite.com) 2.399 1.899 1.649 0.528
FORGED_MSGID_YAHOO meta Message-ID is forged, (yahoo.com) 0.100 0.100 0.100 0.100
FORGED_MUA_EUDORA meta Forged mail pretending to be from Eudora 2.828 2.510 1.962 0.001
FORGED_MUA_IMS meta Forged mail pretending to be from IMS 2.399 2.399 2.399 1.943
FORGED_MUA_MOZILLA meta Forged mail pretending to be from Mozilla 2.399 1.596 2.399 2.309
FORGED_MUA_OIMO meta Forged mail pretending to be from MS Outlook IMO 2.600 2.599 2.599 2.599
FORGED_MUA_OUTLOOK meta Forged mail pretending to be from MS Outlook 3.999 2.785 2.500 1.927
FORGED_MUA_THEBAT_BOUN meta Mail pretending to be from The Bat! (boundary) 3.046 3.220 3.207 3.399
FORGED_OUTLOOK_HTML meta Outlook can't send HTML message only 0.001 0.001 0.001 0.021
FORGED_OUTLOOK_TAGS meta Outlook can't send HTML in this format 0.003 0.565 0.001 0.052
FORGED_TELESP_RCVD header Contains forged hostname for a DSL IP in Brazil 2.499 2.499 2.499 1.841
FORGED_YAHOO_RCVD header 'From' yahoo.com does not match 'Received' headers 2.397 1.022 2.599 1.630
FORM_FRAUD meta Fill a form and a fraud phrase 0.739 0.999 0.739 0.999
FORM_FRAUD_3 meta Fill a form and several fraud phrases 0.001 0.001 0.001 0.001
FORM_FRAUD_5 meta Fill a form and many fraud phrases 0.900 0.008 0.900 0.008
FOUND_YOU meta I found you... 1.000 1.000 1.000 1.000
FREEMAIL_ENVFROM_END_DIGIT header Envelope-from freemail username ends in digit 0.250 0.250 0.250 0.250
FREEMAIL_FORGED_FROMDOMAIN meta 2nd level domains in From and EnvelopeFrom freemail headers are different 0.248 0.249 0.248 0.249
FREEMAIL_FORGED_REPLYTO meta Freemail in Reply-To, but not From 1.199 2.503 1.204 2.095
FREEMAIL_FROM header Sender email is commonly abused enduser mail provider 0.001 0.001 0.001 0.001
FREEMAIL_REPLY meta From and body contain different freemails 1.000 1.000 1.000 1.000
FREEMAIL_REPLYTO meta Reply-To/From or Reply-To/body contain different freemails 1.000 1.000 1.000 1.000
FREEMAIL_REPLYTO_END_DIGIT header Reply-To freemail username ends in digit 0.250 0.250 0.250 0.250
FREEMAIL_WFH_01 meta Work-from-Home + freemail 1.000 1.000 1.000 1.000
FREEM_FRNUM_UNICD_EMPTY meta Numeric freemail From address, unicode From name and Subject, empty body 1.000 1.000 1.000 1.000
FREE_QUOTE_INSTANT body Free express or no-obligation quote 2.700 2.699 2.699 1.297
FRNAME_IN_MSG_XPRIO_NO_SUB meta From name in message + X-Priority + short or no subject 1.000 1.000 1.000 1.000
FROMSPACE header Idiosyncratic "From" header format 3.096 2.399 3.096 2.399
FROM_2_EMAILS_SHORT meta Short body and From looks like 2 different emails 2.802 0.001 2.802 0.001
FROM_ADDR_WS meta Malformed From address 2.996 2.149 2.996 2.149
FROM_BANK_NOAUTH meta From Bank domain but no SPF or DKIM 0.001 1.000 0.001 1.000
FROM_BLANK_NAME header From: contains empty name 2.099 2.099 2.099 0.723
FROM_DOMAIN_NOVOWEL header From: domain has series of non-vowel letters 0.500 0.500 0.500 0.500
FROM_EXCESS_BASE64 meta From: base64 encoded unnecessarily 0.001 0.001 0.001 0.001
FROM_FMBLA_NDBLOCKED meta ADMINISTRATOR NOTICE: The query to fresh.fmb.la was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information. 0.001 0.001 0.001 0.001
FROM_FMBLA_NEWDOM meta From domain was registered in last 7 days 0.001 0.001 0.001 0.001
FROM_FMBLA_NEWDOM14 meta From domain was registered in last 7-14 days 0.001 1.000 0.001 1.000
FROM_FMBLA_NEWDOM28 meta From domain was registered in last 14-28 days 0.001 0.799 0.001 0.799
FROM_GOV_DKIM_AU meta From Government address and DKIM signed 0.001 -0.001 0.001 -0.001
FROM_GOV_REPLYTO_FREEMAIL meta From Government domain but ReplyTo is FREEMAIL 0.001 1.000 0.001 1.000
FROM_GOV_SPOOF meta From Government domain but matches SPOOFED 0.001 1.000 0.001 1.000
FROM_ILLEGAL_CHARS meta From: has too many raw illegal characters 2.192 2.059 0.240 0.036
FROM_IN_TO_AND_SUBJ meta From address is in To and Subject 1.897 1.899 1.897 1.899
FROM_LOCAL_DIGITS header From: localpart has long digit sequence 0.001 0.001 0.001 0.001
FROM_LOCAL_HEX header From: localpart has long hexadecimal sequence 0.000 0.331 0.001 0.006
FROM_LOCAL_NOVOWEL header From: localpart has series of non-vowel letters 0.500 0.500 0.500 0.500
FROM_MISSPACED meta From: missing whitespace 1.262 0.001 1.262 0.001
FROM_MISSP_DYNIP meta From misspaced + dynamic rDNS 0.001 1.410 0.001 1.410
FROM_MISSP_EH_MATCH meta From misspaced, matches envelope 0.001 0.623 0.001 0.623
FROM_MISSP_FREEMAIL meta From misspaced + freemail provider 1.676 1.698 1.676 1.698
FROM_MISSP_MSFT meta From misspaced + supposed Microsoft tool 0.146 0.001 0.146 0.001
FROM_MISSP_REPLYTO meta From misspaced, has Reply-To 2.497 2.499 2.497 2.499
FROM_MISSP_SPF_FAIL meta No description provided 0.001 0.001 0.001 0.001
FROM_MISSP_USER meta From misspaced, from "User" 0.001 0.001 0.001 0.001
FROM_NEWDOM_BTC meta Newdomain with Bitcoin ID 0.001 1.000 0.001 1.000
FROM_NO_USER header From: has no local-part before @ sign 0.001 2.599 0.019 0.798
FROM_NTLD_LINKBAIT meta From abused NTLD with little more than a URI 0.001 1.000 0.001 1.000
FROM_NTLD_REPLY_FREEMAIL meta From abused NTLD and Reply-To is FREEMAIL 0.297 1.000 0.297 1.000
FROM_NUMBERO_NEWDOMAIN meta Fingerprint and new domain 0.001 1.000 0.001 1.000
FROM_OFFERS header From address is "at something-offers" 1.000 1.000 1.000 1.000
FROM_PAYPAL_SPOOF meta From PayPal domain but matches SPOOFED 0.001 0.657 0.001 0.657
FROM_STARTS_WITH_NUMS header From: starts with several numbers 2.801 0.553 1.201 0.738
FROM_SUSPICIOUS_NTLD meta From abused NTLD 0.498 0.499 0.498 0.499
FROM_SUSPICIOUS_NTLD_FP meta From abused NTLD 1.997 0.808 1.997 0.808
FROM_UNBAL1 header From with unbalanced angle brackets, '>' missing 2.295 0.001 2.295 0.001
FROM_UNBAL2 header From with unbalanced angle brackets, '<' missing 2.696 2.700 2.696 2.700
FROM_WSP_TRAIL header Trailing whitespace before '>' in From header field 2.696 2.499 2.696 2.499
FSL_BULK_SIG meta Bulk signature with no Unsubscribe 0.001 0.001 0.001 0.001
FSL_CTYPE_WIN1251 header Content-Type only seen in 419 spam 0.001 0.001 0.001 0.001
FSL_FAKE_HOTMAIL_RVCD header No description provided 2.631 1.816 2.011 2.365
FSL_HELO_BARE_IP_1 meta No description provided 2.598 1.426 3.099 2.347
FSL_HELO_DEVICE header No description provided 0.100 0.100 0.100 0.100
FSL_HELO_FAKE header No description provided 0.356 0.001 0.356 0.001
FSL_HELO_NON_FQDN_1 header No description provided 2.361 0.001 1.783 0.001
FSL_INTERIA_ABUSE uri No description provided 3.899 2.664 3.080 3.106
FSL_NEW_HELO_USER meta Spam's using Helo and User 0.001 0.001 0.001 0.001
FUZZY_AMAZON body Obfuscated "amazon" 0.001 0.001 0.001 0.001
FUZZY_ANDROID body Obfuscated "android" 1.000 1.000 1.000 1.000
FUZZY_APPLE body Obfuscated "apple" 1.000 1.000 1.000 1.000
FUZZY_BITCOIN body Obfuscated "Bitcoin" 1.000 1.000 1.000 1.000
FUZZY_BROWSER body Obfuscated "browser" 1.000 1.000 1.000 1.000
FUZZY_BTC_WALLET meta Heavily obfuscated "bitcoin wallet" 1.000 1.000 1.000 1.000
FUZZY_CLICK_HERE body Obfuscated "click here" 1.000 1.000 1.000 1.000
FUZZY_CPILL body Attempt to obfuscate words in spam 0.001 0.001 0.001 0.001
FUZZY_CREDIT body Attempt to obfuscate words in spam 1.699 1.413 0.601 1.678
FUZZY_DR_OZ meta Obfuscated Doctor Oz 1.000 1.000 1.000 1.000
FUZZY_FACEBOOK body Obfuscated "facebook" 1.000 1.000 1.000 1.000
FUZZY_IMPORTANT body Obfuscated "important" 1.000 1.000 1.000 1.000
FUZZY_MICROSOFT body Obfuscated "microsoft" 1.000 1.000 1.000 1.000
FUZZY_MILLION body Attempt to obfuscate words in spam 0.100 0.100 0.100 0.100
FUZZY_MONERO meta Obfuscated "Monero" 1.000 1.000 1.000 1.000
FUZZY_NORTON body Obfuscated "norton" 1.000 1.000 1.000 1.000
FUZZY_OVERSTOCK body Obfuscated "overstock" 1.000 1.000 1.000 1.000
FUZZY_PAYPAL body Obfuscated "paypal" 1.000 1.000 1.000 1.000
FUZZY_PHARMACY body Attempt to obfuscate words in spam 2.960 3.299 1.967 1.353
FUZZY_PHENT body Attempt to obfuscate words in spam 2.799 1.647 1.540 2.662
FUZZY_PORN meta Obfuscated "Pornography" or "Pornographic" 1.000 1.000 1.000 1.000
FUZZY_PRICES body Attempt to obfuscate words in spam 1.821 0.720 2.210 2.311
FUZZY_PRIVACY body Obfuscated "privacy" 1.000 1.000 1.000 1.000
FUZZY_PROMOTION body Obfuscated "promotion" 1.000 1.000 1.000 1.000
FUZZY_SAVINGS body Obfuscated "savings" 1.000 1.000 1.000 1.000
FUZZY_SECURITY body Obfuscated "security" 1.000 1.000 1.000 1.000
FUZZY_UNSUBSCRIBE body Obfuscated "unsubscribe" 1.000 1.000 1.000 1.000
FUZZY_VPILL body Attempt to obfuscate words in spam 0.001 0.494 0.796 1.014
FUZZY_WALLET body Obfuscated "Wallet" 1.897 0.001 1.897 0.001
FUZZY_XPILL body Attempt to obfuscate words in spam 0.100 0.100 0.100 0.100
GAPPY_SALES_LEADS_FREEM meta Obfuscated marketing text, freemail or CHN replyto 1.000 1.000 1.000 1.000
GAPPY_SUBJECT meta Subject: contains G.a.p.p.y-T.e.x.t 0.100 0.100 0.100 0.100
GB_CUSTOM_HTM_URI meta Custom html uri 1.498 0.304 1.498 0.304
GB_FAKE_RF_SHORT meta Fake reply or forward with url shortener 1.951 0.954 1.951 0.954
GB_FORGED_MUA_POSTFIX meta Forged Postfix mua headers 1.000 1.000 1.000 1.000
GB_FREEMAIL_DISPTO meta Disposition-Notification-To/From or Disposition-Notification-To/body contain different freemails 0.001 0.001 0.001 0.001
GB_FREEMAIL_DISPTO_NOTFREEM meta Disposition-Notification-To/From contain different freemails but mailfrom is not a freemail 0.500 0.500 0.500 0.500
GB_GOOGLE_OBFUR uri Obfuscate url through Google redirect 0.750 0.750 0.750 0.750
GB_HASHBL_BTC body Message contains BTC address found on BTCBL 0.001 0.001 0.001 0.001
GMD_PDF_EMPTY_BODY body Attached PDF with empty message body 0.250 0.250 0.250 0.250
GMD_PDF_ENCRYPTED body Attached PDF is encrypted 0.600 0.600 0.600 0.600
GMD_PDF_HORIZ body Contains pdf 100-240 (high) x 450-800 (wide) 0.250 0.250 0.250 0.250
GMD_PDF_SQUARE body Contains pdf 180-360 (high) x 180-360 (wide) 0.500 0.500 0.500 0.500
GMD_PDF_VERT body Contains pdf 450-800 (high) x 100-240 (wide) 0.900 0.900 0.900 0.900
GMD_PRODUCER_EASYPDF body PDF producer was BCL easyPDF 0.250 0.250 0.250 0.250
GMD_PRODUCER_GPL body PDF producer was GPL Ghostscript 0.250 0.250 0.250 0.250
GMD_PRODUCER_POWERPDF body PDF producer was PowerPDF 0.250 0.250 0.250 0.250
GOOGLE_DOCS_PHISH meta Possible phishing via a Google Docs form 1.000 1.000 1.000 1.000
GOOGLE_DOCS_PHISH_MANY meta Phishing via a Google Docs form 1.000 1.000 1.000 1.000
GOOGLE_DOC_SUSP meta Suspicious use of Google Docs 1.000 1.000 1.000 1.000
GOOGLE_DRIVE_REPLY_BAD_NTLD meta From Google Drive and Reply-To is from a suspicious TLD 1.000 1.000 1.000 1.000
GOOG_MALWARE_DNLD meta File download via Google - Malware? 1.000 1.000 1.000 1.000
GOOG_REDIR_DOCUSIGN uri Indirect docusign link, probable phishing 1.000 1.000 1.000 1.000
GOOG_REDIR_HTML_ONLY meta Google redirect to obscure spamvertised website + HTML only 1.997 1.999 1.997 1.999
GOOG_REDIR_NORDNS meta Google redirect to obscure spamvertised website + no rDNS 2.498 3.199 2.498 3.199
GOOG_REDIR_SHORT meta Google redirect to obscure spamvertised website + short message 1.000 1.000 1.000 1.000
GOOG_STO_EMAIL_PHISH meta Possible phishing with google hosted content URI having email address 1.000 1.000 1.000 1.000
GOOG_STO_HTML_PHISH meta Possible phishing with google content hosting to avoid URIBL 1.000 1.000 1.000 1.000
GOOG_STO_HTML_PHISH_MANY meta Phishing with google content hosting to avoid URIBL 1.000 1.000 1.000 1.000
GOOG_STO_IMG_HTML meta Apparently using google content hosting to avoid URIBL 1.000 0.745 1.000 0.745
GOOG_STO_IMG_NOHTML meta Apparently using google content hosting to avoid URIBL 1.000 1.000 1.000 1.000
GOOG_STO_NOIMG_HTML meta Apparently using google content hosting to avoid URIBL 2.996 2.999 2.996 2.999
GTUBE body Generic Test for Unsolicited Bulk Email 1000.000 1000.000 1000.000 1000.000
GUARANTEED_100_PERCENT body One hundred percent guaranteed 2.699 2.699 2.480 2.699
HAS_X_NO_RELAY meta Has spammy header 1.000 1.000 1.000 1.000
HAS_X_OUTGOING_SPAM_STAT meta Has header claiming outbound spam scan - why trust the results? 1.000 0.804 1.000 0.804
HDRS_LCASE meta Odd capitalization of message header 0.100 0.001 0.100 0.001
HDRS_MISSP meta Misspaced headers 2.453 0.738 2.453 0.738
HDR_ORDER_FTSDMCXX_DIRECT meta Header order similar to spam (FTSDMCXX/boundary variant) + direct-to-MX 0.001 0.001 0.001 0.001
HDR_ORDER_FTSDMCXX_NORDNS meta Header order similar to spam (FTSDMCXX/boundary variant) + no rDNS 0.001 0.001 0.001 0.001
HEADER_FROM_DIFFERENT_DOMAINS header From and EnvelopeFrom 2nd level mail domains are different 0.248 0.250 0.248 0.250
HEADER_SPAM header Bulk email fingerprint (header-based) found 2.499 2.499 1.994 0.585
HELO_DYNAMIC_CHELLO_NL header Relay HELO'd using suspicious hostname (Chello.nl) 2.412 1.918 2.019 2.428
HELO_DYNAMIC_DHCP meta Relay HELO'd using suspicious hostname (DHCP) 2.602 0.841 1.537 0.206
HELO_DYNAMIC_DIALIN header Relay HELO'd using suspicious hostname (T-Dialin) 2.629 3.233 2.186 1.366
HELO_DYNAMIC_HCC meta Relay HELO'd using suspicious hostname (HCC) 4.299 2.514 2.931 2.762
HELO_DYNAMIC_HEXIP header Relay HELO'd using suspicious hostname (Hex IP) 2.321 0.511 1.773 1.789
HELO_DYNAMIC_HOME_NL header Relay HELO'd using suspicious hostname (Home.nl) 2.385 1.530 1.024 1.459
HELO_DYNAMIC_IPADDR meta Relay HELO'd using suspicious hostname (IP addr 1) 2.633 3.243 3.680 1.951
HELO_DYNAMIC_IPADDR2 meta Relay HELO'd using suspicious hostname (IP addr 2) 2.815 3.888 3.728 3.607
HELO_DYNAMIC_SPLIT_IP header Relay HELO'd using suspicious hostname (Split IP) 3.031 2.893 4.225 3.482
HELO_LH_HOME ??? No description provided 0.001 2.023 0.537 1.736
HELO_LOCALHOST header No description provided 2.639 3.603 2.915 3.828
HELO_NO_DOMAIN meta Relay reports its domain incorrectly 0.001 0.001 0.001 0.001
HELO_OEM header No description provided 2.899 2.899 1.234 0.270
HELO_STATIC_HOST meta Relay HELO'd using static hostname -0.001 -0.001 -0.001 -0.001
HEXHASH_WORD meta Multiple instances of word + hexadecimal hash 1.000 1.000 1.000 1.000
HIDE_WIN_STATUS rawbody Javascript to hide URLs in browser 0.001 0.001 0.001 0.001
HK_CTE_RAW mimeheader No description provided 1.000 1.000 1.000 1.000
HK_LOTTO meta No description provided 0.998 0.068 0.998 0.068
HK_NAME_DRUGS header From name contains drugs 4.299 0.001 3.077 0.552
HK_NAME_MR_MRS meta No description provided 0.999 0.999 0.999 0.999
HK_RANDOM_ENVFROM header Envelope sender username looks random 0.001 0.001 0.001 0.001
HK_RANDOM_FROM header From username looks random 0.998 0.001 0.998 0.001
HK_RANDOM_REPLYTO header Reply-To username looks random 0.998 0.999 0.998 0.999
HK_RCVD_IP_MULTICAST header No description provided 1.000 1.000 1.000 1.000
HK_SCAM meta No description provided 1.997 1.999 1.997 1.999
HK_WIN meta No description provided 0.998 1.000 0.998 1.000
HOSTED_IMG_DIRECT_MX meta Image hosted at large ecomm, CDN or hosting site, message direct-to-mx 0.001 0.001 0.001 0.001
HOSTED_IMG_DQ_UNSUB meta Image hosted at large ecomm site, IP addr unsub link 1.000 1.000 1.000 1.000
HOSTED_IMG_FREEM meta Image hosted at large ecomm, CDN or hosting site or redirected, freemail from or reply-to 2.497 3.213 2.497 3.213
HOSTED_IMG_MULTI meta Multiple images hosted at different large ecomm, CDN or hosting sites, free image sites, or redirected 1.000 1.000 1.000 1.000
HOSTED_IMG_MULTI_PUB_01 meta Multiple hosted images at public site 2.996 1.000 2.996 1.000
HTML_CHARSET_FARAWAY meta A foreign language charset used in HTML markup 0.500 0.500 0.500 0.500
HTML_COMMENT_SAVED_URL body HTML message is a saved web page 0.198 0.357 0.899 1.391
HTML_EMBEDS body HTML with embedded plugin object 0.001 0.001 0.001 0.001
HTML_ENTITY_ASCII meta Obfuscated ASCII 2.996 2.999 2.996 2.999
HTML_ENTITY_ASCII_TINY meta Obfuscated ASCII + tiny fonts 2.937 2.999 2.937 2.999
HTML_EXTRA_CLOSE body HTML contains far too many close tags 0.001 0.001 0.001 0.001
HTML_FONT_FACE_BAD body HTML font face is not a word 0.001 0.001 0.001 0.001
HTML_FONT_LOW_CONTRAST body HTML font color similar or identical to background 0.713 0.001 0.786 0.001
HTML_FONT_SIZE_HUGE body HTML font size is huge 0.001 0.001 0.001 0.001
HTML_FONT_SIZE_LARGE body HTML font size is large 0.001 0.001 0.001 0.001
HTML_FONT_TINY_NORDNS meta Font too small to read, no rDNS 1.997 0.001 1.997 0.001
HTML_IMAGE_ONLY_04 body HTML: images with 0-400 bytes of words 1.680 0.342 1.799 1.172
HTML_IMAGE_ONLY_08 body HTML: images with 400-800 bytes of words 0.585 1.781 1.845 1.651
HTML_IMAGE_ONLY_12 body HTML: images with 800-1200 bytes of words 1.381 1.629 1.400 2.059
HTML_IMAGE_ONLY_16 body HTML: images with 1200-1600 bytes of words 1.969 1.048 1.199 1.092
HTML_IMAGE_ONLY_20 body HTML: images with 1600-2000 bytes of words 2.109 0.700 1.300 1.546
HTML_IMAGE_ONLY_24 body HTML: images with 2000-2400 bytes of words 2.799 1.282 1.328 1.618
HTML_IMAGE_ONLY_28 body HTML: images with 2400-2800 bytes of words 2.799 0.726 1.512 1.404
HTML_IMAGE_ONLY_32 body HTML: images with 2800-3200 bytes of words 2.196 0.001 1.172 0.001
HTML_IMAGE_RATIO_02 body HTML has a low ratio of text to image area 0.001 0.001 0.001 0.001
HTML_IMAGE_RATIO_04 body HTML has a low ratio of text to image area 0.001 0.001 0.001 0.001
HTML_IMAGE_RATIO_06 body HTML has a low ratio of text to image area 0.001 0.001 0.001 0.001
HTML_IMAGE_RATIO_08 body HTML has a low ratio of text to image area 0.001 0.001 0.001 0.001
HTML_MESSAGE body HTML included in message 0.001 0.001 0.001 0.001
HTML_MIME_NO_HTML_TAG meta HTML-only message, but there is no HTML tag 0.001 0.635 0.001 0.377
HTML_NONELEMENT_30_40 body 30% to 40% of HTML elements are non-standard 0.000 0.001 0.308 0.001
HTML_OBFUSCATE_05_10 body Message is 5% to 10% HTML obfuscation 0.601 0.001 0.718 0.260
HTML_OBFUSCATE_10_20 body Message is 10% to 20% HTML obfuscation 0.174 1.162 0.588 0.093
HTML_OBFUSCATE_20_30 body Message is 20% to 30% HTML obfuscation 2.499 2.441 1.449 1.999
HTML_OBFUSCATE_90_100 body Message is 90% to 100% HTML obfuscation 2.000 2.000 2.000 2.000
HTML_OFF_PAGE meta HTML element rendered well off the displayed page 0.001 0.001 0.001 0.001
HTML_SHORT_CENTER meta HTML is very short with CENTER tag 3.799 3.421 2.611 0.743
HTML_SHORT_LINK_IMG_1 meta HTML is very short with a linked image 2.215 0.139 0.480 0.001
HTML_SHORT_LINK_IMG_2 meta HTML is very short with a linked image 1.419 0.259 0.603 0.001
HTML_SHORT_LINK_IMG_3 meta HTML is very short with a linked image 0.691 0.328 0.001 0.148
HTML_SHRT_CMNT_OBFU_MANY meta Obfuscation with many short HTML comments 1.000 1.000 1.000 1.000
HTML_SINGLET_MANY meta Many single-letter HTML format blocks 2.497 2.499 2.497 2.499
HTML_TAG_BALANCE_BODY body HTML has unbalanced "body" tags 0.100 0.100 0.100 0.100
HTML_TAG_BALANCE_HEAD body HTML has unbalanced "head" tags 0.520 0.000 0.600 0.817
HTML_TEXT_INVISIBLE_FONT meta HTML hidden text - word obfuscation? 1.362 1.996 1.362 1.996
HTML_TEXT_INVISIBLE_STYLE meta HTML hidden text + other spam signs 0.855 0.887 0.855 0.887
HTML_TITLE_SUBJ_DIFF meta No description provided 1.149 2.171 1.801 2.036
HTTPS_HTTP_MISMATCH body No description provided 0.100 0.100 0.100 0.100
HTTP_ESCAPED_HOST uri Uses %-escapes inside a URL's hostname 0.100 0.100 0.100 0.100
HTTP_EXCESSIVE_ESCAPES uri Completely unnecessary %-escapes inside a URL 0.001 0.001 0.001 0.001
IMG_ONLY_FM_DOM_INFO meta HTML image-only message from .info domain 2.198 1.000 2.198 1.000
IMPOTENCE body Impotence cure 1.539 2.144 3.028 1.374
INVALID_DATE header Invalid Date: header (not RFC 2822) 1.701 0.432 1.200 1.096
INVALID_DATE_TZ_ABSURD header Invalid Date: header (timezone does not exist) 0.262 0.632 0.706 0.491
INVALID_MSGID meta Message-Id is not valid, according to RFC 2822 2.602 1.167 1.328 0.568
INVESTMENT_ADVICE body Message mentions investment advice 0.100 0.100 0.100 0.100
IP_LINK_PLUS uri Dotted-decimal IP address followed by CGI 0.001 0.001 0.246 0.012
JH_SPAMMY_HEADERS meta Has unusual message header(s) seen primarily in spam 3.496 3.499 3.496 3.499
JH_SPAMMY_PATTERN01 rawbody Unusual pattern seen in spam campaign 1.000 1.000 1.000 1.000
JH_SPAMMY_PATTERN02 rawbody Unusual pattern seen in spam campaign 1.000 1.000 1.000 1.000
JOIN_MILLIONS body Join Millions of Americans 0.100 0.100 0.100 0.100
KB_DATE_CONTAINS_TAB meta No description provided 3.800 3.799 3.799 2.751
KB_FAKED_THE_BAT meta No description provided 2.432 3.441 2.008 2.694
KB_RATWARE_MSGID meta No description provided 4.099 2.987 2.108 1.700
KB_RATWARE_OUTLOOK_MID header No description provided 4.400 4.400 2.503 1.499
KHOP_FAKE_EBAY meta Sender falsely claims to be from eBay 0.798 0.001 0.798 0.001
KHOP_HELO_FCRDNS meta Relay HELO differs from its IP's reverse DNS 0.399 0.001 0.399 0.001
LINKEDIN_IMG_NOT_RCVD_LNKN meta Linkedin hosted image but message not from Linkedin 1.000 1.000 1.000 1.000
LIST_PARTIAL_SHORT_MSG meta Incomplete mailing list headers + short message 2.497 0.001 2.497 0.001
LIST_PRTL_PUMPDUMP meta Incomplete List-* headers and stock pump-and-dump 1.000 1.000 1.000 1.000
LIST_PRTL_SAME_USER meta Incomplete List-* headers and from+to user the same 1.000 1.000 1.000 1.000
LIVEFILESTORE uri No description provided 0.100 0.100 0.100 0.100
LOCALPART_IN_SUBJECT header Local part of To: address appears in Subject 0.001 0.730 1.199 1.107
LONGLN_LOW_CONTRAST meta Excessively long line + hidden text 2.497 0.001 2.497 0.001
LONGWORDS meta Long string of long words 2.199 1.844 1.819 2.035
LONG_HEX_URI meta Very long purely hexadecimal URI 2.996 3.000 2.996 3.000
LONG_IMG_URI meta Image URI with very long path component - web bug? 0.001 0.001 0.001 0.001
LONG_INVISIBLE_TEXT meta Long block of hidden text - bayes poison? 1.461 1.898 1.461 1.898
LONG_TERM_PRICE body No description provided 0.001 0.001 0.001 0.001
LOTS_OF_MONEY meta Huge... sums of money 0.001 0.001 0.001 0.001
LOTTERY_1 meta No description provided 0.001 1.488 1.630 0.087
LOTTERY_PH_004470 meta No description provided 0.100 0.100 0.100 0.100
LOTTO_DEPT meta Claims Department 1.997 0.001 1.997 0.001
LOW_PRICE body Lowest Price 0.100 0.100 0.100 0.100
LUCRATIVE meta Make lots of money! 1.000 1.000 1.000 1.000
L_SPAM_TOOL_13 header No description provided 0.539 0.485 0.494 1.333
MAILING_LIST_MULTI meta Multiple indicators imply a widely-seen list manager 1.000 1.000 1.000 1.000
MALE_ENHANCE body Message talks about enhancing men 3.100 3.099 3.099 0.851
MALF_HTML_B64 meta Malformatted base64-encoded HTML content 1.000 1.000 1.000 1.000
MALWARE_NORDNS meta Malware bragging + no rDNS 0.001 0.001 0.001 0.001
MALWARE_PASSWORD meta Malware bragging + "password" 2.111 1.000 2.111 1.000
MALW_ATTACH meta Attachment filename suspicious, probable malware exploit 3.500 3.500 3.500 3.500
MANY_HDRS_LCASE meta Odd capitalization of multiple message headers 0.098 0.001 0.098 0.001
MANY_SPAN_IN_TEXT meta Many <SPAN> tags embedded within text 1.000 1.000 1.000 1.000
MARKETING_PARTNERS body Claims you registered with a partner 0.553 0.235 0.689 0.001
MICROSOFT_EXECUTABLE body Message includes Microsoft executable program 0.100 0.100 0.100 0.100
MILLION_HUNDRED body Million "One to Nine" Hundred 0.001 0.095 0.001 0.095
MILLION_USD body Talks about millions of dollars 1.316 1.999 1.316 1.999
MIMEOLE_DIRECT_TO_MX meta MIMEOLE + direct-to-MX 0.001 0.001 0.001 0.001
MIMEPART_LIMIT_EXCEEDED body Message has too many MIME parts 0.001 0.001 0.001 0.001
MIME_BASE64_TEXT rawbody Message text disguised using base64 encoding 0.001 0.001 0.001 1.741
MIME_BOUND_DD_DIGITS header Spam tool pattern in MIME boundary 3.016 0.349 2.417 1.373
MIME_BOUND_DIGITS_15 header Spam tool pattern in MIME boundary 0.100 0.100 0.100 0.100
MIME_CHARSET_FARAWAY meta MIME character set indicates foreign language 2.450 2.450 2.450 2.450
MIME_HEADER_CTYPE_ONLY meta 'Content-Type' found without required MIME headers 0.100 0.100 0.100 0.100
MIME_HTML_MOSTLY body Multipart message mostly text/html MIME 0.100 0.100 0.100 0.100
MIME_HTML_ONLY body Message only has text/html MIME parts 0.100 0.100 0.100 0.100
MIME_HTML_ONLY_MULTI meta Multipart message only has text/html MIME parts 0.000 0.001 0.001 0.001
MIME_NO_TEXT meta No (properly identified) text body parts 1.000 1.000 1.000 1.000
MIME_PHP_NO_TEXT meta No text body parts, X-Mailer: PHP 2.800 2.799 2.799 2.799
MIME_QP_LONG_LINE rawbody Quoted-printable line longer than 76 chars 0.001 0.001 0.001 0.001
MIME_SUSPECT_NAME body MIME filename does not match content 0.100 0.100 0.100 0.100
MISSING_DATE meta Missing Date: header 2.739 1.396 1.800 1.360
MISSING_FROM meta Missing From: header 1.000 1.000 1.000 1.000
MISSING_HEADERS header Missing To: header 0.915 1.207 1.204 1.021
MISSING_MID meta Missing Message-Id: header 0.552 0.140 1.199 0.497
MISSING_MIMEOLE meta Message has X-MSMail-Priority, but no X-MimeOLE 0.392 1.843 0.571 1.899
MISSING_MIME_HB_SEP body Missing blank line between MIME header and body 0.001 0.001 0.001 0.001
MISSING_SUBJECT meta Missing Subject: header 0.001 1.767 1.300 1.799
MIXED_AREA_CASE meta Has area tag in mixed case 1.000 1.000 1.000 1.000
MIXED_CENTER_CASE meta Has center tag in mixed case 2.497 1.000 2.497 1.000
MIXED_ES meta Too many es are not es 1.998 1.799 1.998 1.799
MIXED_FONT_CASE meta Has font tag in mixed case 1.000 1.000 1.000 1.000
MIXED_HREF_CASE meta Has href in mixed case 1.000 1.000 1.000 1.000
MIXED_IMG_CASE meta Has img tag in mixed case 1.000 1.000 1.000 1.000
MONERO_DEADLINE meta Monero cryptocurrency with a deadline 1.000 1.000 1.000 1.000
MONERO_EXTORT_01 meta Extortion spam, pay via Monero cryptocurrency 1.000 1.000 1.000 1.000
MONERO_MALWARE meta Monero cryptocurrency + malware bragging 1.000 1.000 1.000 1.000
MONERO_PAY_ME meta Pay me via Monero cryptocurrency 1.000 1.000 1.000 1.000
MONEY_ATM_CARD meta Lots of money on an ATM card 0.001 0.001 0.001 0.001
MONEY_BACK body Money back guarantee 2.910 2.486 0.601 1.232
MONEY_FORM meta Lots of money if you fill out a form 0.001 0.001 0.001 0.001
MONEY_FORM_SHORT meta Lots of money if you fill out a short form 0.001 0.001 0.001 0.001
MONEY_FRAUD_3 meta Lots of money and several fraud phrases 0.001 0.001 0.001 0.001
MONEY_FRAUD_5 meta Lots of money and many fraud phrases 0.001 2.408 0.001 2.408
MONEY_FRAUD_8 meta Lots of money and very many fraud phrases 0.001 0.015 0.001 0.015
MONEY_FREEMAIL_REPTO meta Lots of money from someone using free email? 2.996 1.473 2.996 1.473
MONEY_FROM_41 meta Lots of money from Africa 1.997 1.000 1.997 1.000
MONEY_FROM_MISSP meta Lots of money and misspaced From 0.001 0.001 0.001 0.001
MORE_SEX body Talks about a bigger drive for sex 2.799 2.765 2.568 1.413
MPART_ALT_DIFF body HTML and text parts are different 2.246 0.724 0.595 0.790
MPART_ALT_DIFF_COUNT body HTML and text parts are different 2.799 1.483 1.199 1.112
MSGID_DOLLARS_URI_IMG meta Suspicious Message-ID and image 1.000 1.000 1.000 1.000
MSGID_FROM_MTA_HEADER meta Message-Id was added by a relay 0.401 0.001 0.473 0.001
MSGID_HDR_MALF meta Has invalid message ID header 1.000 1.000 1.000 1.000
MSGID_MULTIPLE_AT header Message-ID contains multiple '@' characters 1.000 1.000 1.000 1.000
MSGID_OUTLOOK_INVALID header Message-Id is fake (in Outlook Express format) 3.899 3.899 3.899 3.899
MSGID_RANDY meta Message-Id has pattern used in spam 2.196 2.599 2.599 2.599
MSGID_SHORT header Message-ID is unusually short 0.001 0.337 0.001 0.001
MSGID_SPAM_CAPS header Spam tool Message-Id: (caps variant) 2.366 1.997 3.099 3.099
MSGID_YAHOO_CAPS header Message-ID has ALLCAPS@yahoo.com 0.797 1.413 2.278 1.411
MSMAIL_PRI_ABNORMAL meta Email priority often abused 0.425 0.509 0.425 0.509
MSM_PRIO_REPTO meta MSMail priority header + Reply-to + short subject 0.630 1.000 0.630 1.000
MSOE_MID_WRONG_CASE meta No description provided 0.993 3.373 0.960 2.584
NA_DOLLARS body Talks about a million North American dollars 1.498 1.499 1.498 1.499
NEWEGG_IMG_NOT_RCVD_NEGG meta Newegg hosted image but message not from Newegg 1.000 1.000 1.000 1.000
NEW_PRODUCTS meta No description provided 1.000 1.000 1.000 1.000
NICE_REPLY_A meta Looks like a legit reply (A) -0.001 -0.091 -0.001 -0.091
NML_ADSP_CUSTOM_HIGH meta ADSP custom_high hit, and not from a mailing list 0.000 2.600 0.000 2.500
NML_ADSP_CUSTOM_LOW meta ADSP custom_low hit, and not from a mailing list 0.000 0.700 0.000 0.700
NML_ADSP_CUSTOM_MED meta ADSP custom_med hit, and not from a mailing list 0.000 1.200 0.000 0.900
NORMAL_HTTP_TO_IP uri URI host has a public dotted-decimal IPv4 address 0.159 0.001 0.795 0.001
NOT_SPAM body I'm not spam! Really! I'm not, I'm not, I'm not! 1.000 1.000 1.000 1.000
NO_DNS_FOR_FROM header Envelope sender has no MX or A DNS records 0.000 0.379 0.000 0.001
NO_FM_NAME_IP_HOSTN meta No From name + hostname using IP address 0.001 0.001 0.001 0.001
NO_HEADERS_MESSAGE meta Message appears to be missing most RFC-822 headers 0.001 0.001 0.001 0.001
NO_MEDICAL body No Medical Exams 2.199 1.254 2.199 1.773
NO_PRESCRIPTION body No prescription needed 1.915 1.102 2.280 2.399
NO_RDNS_DOTCOM_HELO header Host HELO'd as a big ISP, but had no rDNS 3.100 0.433 3.099 0.823
NO_RECEIVED meta Informational: message has no Received headers -0.001 -0.001 -0.001 -0.001
NO_RELAYS header Informational: message was not relayed via SMTP -0.001 -0.001 -0.001 -0.001
NSL_RCVD_FROM_USER header Received from User 0.001 0.001 0.001 0.001
NSL_RCVD_HELO_USER header Received from HELO User 0.001 0.001 0.001 0.001
NULL_IN_BODY full Message has NUL (ASCII 0) byte in message 0.511 0.498 2.056 1.596
NUMERIC_HTTP_ADDR uri Uses a numeric IP address in URL 0.000 0.001 0.001 1.242
OBFUSCATING_COMMENT meta HTML comments which obfuscate text 0.000 0.000 0.001 0.723
OBFU_BITCOIN meta Obfuscated BitCoin references 1.000 1.000 1.000 1.000
OBFU_JVSCR_ESC rawbody Injects content using obfuscated javascript 2.397 0.001 2.397 0.001
OBFU_TEXT_ATTACH mimeheader Text attachment with non-text MIME type 1.000 1.000 1.000 1.000
OBFU_UNSUB_UL meta Obfuscated unsubscribe text 1.000 1.000 1.000 1.000
ODD_FREEM_REPTO meta Has unusual reply-to header 2.996 2.927 2.996 2.927
ONE_TIME body One Time Rip Off 1.840 1.175 1.830 0.714
ONLINE_PHARMACY body Online Pharmacy 0.843 2.371 0.008 0.650
OOOBOUNCE_MESSAGE meta Out Of Office bounce message 0.100 0.100 0.100 0.100
PART_CID_STOCK meta Has a spammy image attachment (by Content-ID) 0.001 0.001 0.001 0.000
PART_CID_STOCK_LESS meta Has a spammy image attachment (by Content-ID, more specific) 0.000 0.036 0.745 0.894
PDS_BAD_THREAD_QP_64 meta Bad thread header - short QP 0.287 0.001 0.287 0.001
PDS_BTC_ID meta FP reduced Bitcoin ID 0.498 0.499 0.498 0.499
PDS_BTC_MSGID meta Bitcoin ID with T_MSGID_NOFQDN2 0.001 0.921 0.001 0.921
PDS_DBL_URL_TNB_RUNON meta Double-url and To no arrows, from runon 1.997 1.000 1.997 1.000
PDS_EMPTYSUBJ_URISHRT meta Empty subject with little more than URI shortener 1.498 0.449 1.498 0.449
PDS_FRNOM_TODOM_DBL_URL meta From Name to domain, double URL 1.208 1.499 1.208 1.499
PDS_FRNOM_TODOM_NAKED_TO meta Naked to From name equals to Domain 1.498 1.499 1.498 1.499
PDS_FROM_2_EMAILS meta From header has multiple different addresses 0.597 2.853 0.597 2.853
PDS_FROM_NAME_TO_DOMAIN meta From:name looks like To:domain 1.997 1.999 1.997 1.999
PDS_HELO_SPF_FAIL meta High profile HELO that fails SPF 0.001 1.000 0.001 1.000
PDS_HP_HELO_NORDNS meta High profile HELO with no sender rDNS 0.379 0.001 0.379 0.001
PDS_TINYSUBJ_URISHRT meta Short subject with URL shortener 1.492 0.565 1.492 0.565
PDS_TONAME_EQ_TOLOCAL_VSHORT meta Very short body and From looks like 2 different emails 0.998 1.000 0.998 1.000
PDS_TO_EQ_FROM_NAME meta From: name same as To: address 1.749 0.001 1.749 0.001
PERCENT_RANDOM meta Message has a random macro in it 2.999 2.837 2.983 1.838
PHISH_ATTACH meta Attachment filename suspicious, probable phishing 3.500 3.500 3.500 3.500
PHISH_AZURE_CLOUDAPP uri Link to known phishing web application 3.500 3.500 3.500 3.500
PHISH_FBASEAPP meta Probable phishing via hosted web app 1.000 1.000 1.000 1.000
PHP_NOVER_MUA meta Mail from PHP with no version number 1.000 1.000 1.000 1.000
PHP_ORIG_SCRIPT meta Sent by bot & other signs 2.497 0.001 2.497 0.001
PHP_SCRIPT meta Sent by PHP script 2.497 2.499 2.497 2.499
PHP_SCRIPT_MUA meta Sent by PHP script, no version number 1.000 1.000 1.000 1.000
PLING_QUERY meta Subject has exclamation mark and question mark 0.100 0.100 0.100 0.100
POSSIBLE_APPLE_PHISH_02 meta Claims to be from apple but not processed by any apple MTA 1.000 1.000 1.000 1.000
POSSIBLE_EBAY_PHISH_02 meta Claims to be from ebay but not processed by any ebay MTA 1.000 1.000 1.000 1.000
POSSIBLE_PAYPAL_PHISH_01 meta Claims to be from paypal but has non-paypal from email address 1.000 1.000 1.000 1.000
POSSIBLE_PAYPAL_PHISH_02 meta Claims to be from paypal but not processed by any paypal MTA 1.000 1.000 1.000 1.000
PP_MIME_FAKE_ASCII_TEXT body MIME text/plain claims to be ASCII but isn't 0.998 0.001 0.998 0.001
PP_TOO_MUCH_UNICODE02 body Is text/plain but has many unicode escapes 0.500 0.500 0.500 0.500
PP_TOO_MUCH_UNICODE05 body Is text/plain but has many unicode escapes 1.000 1.000 1.000 1.000
PRICES_ARE_AFFORDABLE body Message says that prices aren't too expensive 0.794 0.851 1.112 0.551
PUMPDUMP meta Pump-and-dump stock scam phrase 0.999 1.000 0.999 1.000
PUMPDUMP_MULTI meta Pump-and-dump stock scam phrases 1.000 1.000 1.000 1.000
PUMPDUMP_TIP meta Pump-and-dump stock tip 1.000 1.000 1.000 1.000
PYZOR_CHECK full Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/) 0.000 1.985 0.000 1.392
RAND_HEADER_LIST_SPOOF meta Random gibberish message header(s) + pretending to be a mailing list 1.000 1.000 1.000 1.000
RAND_HEADER_MANY meta Multiple random gibberish message headers 1.000 1.000 1.000 1.000
RAND_MKTG_HEADER meta Has partially-randomized marketing/tracking header(s) 1.997 1.497 1.997 1.497
RATWARE_EFROM header Bulk email fingerprint (envfrom) found 0.100 0.100 0.100 0.100
RATWARE_EGROUPS header Bulk email fingerprint (eGroups) found 1.898 1.258 1.406 1.621
RATWARE_MPOP_WEBMAIL header Bulk email fingerprint (mPOP Web-Mail) 1.153 1.338 1.229 1.999
RATWARE_MS_HASH meta Bulk email fingerprint (msgid ms hash) found 1.000 1.000 1.000 1.000
RATWARE_NAME_ID meta Bulk email fingerprint (msgid from) found 3.099 0.309 3.099 0.247
RATWARE_NO_RDNS meta Suspicious MsgID and MIME boundary + no rDNS 0.001 0.001 0.001 0.001
RATWARE_OUTLOOK_NONAME meta Bulk email fingerprint (Outlook no name) found 1.000 1.000 1.000 1.000
RATWARE_ZERO_TZ meta Bulk email fingerprint (+0000) found 2.392 2.535 0.265 1.781
RAZOR2_CF_RANGE_51_100 full Razor2 gives confidence level above 50% 0.000 2.430 0.000 1.886
RAZOR2_CHECK full Listed in Razor2 (http://razor.sf.net/) 0.000 1.729 0.000 0.922
RCVD_DBL_DQ header Malformatted message header 1.000 1.000 1.000 1.000
RCVD_DOTEDU_SHORT meta Via .edu MTA + short message 1.000 1.000 1.000 1.000
RCVD_DOTEDU_SUSP_URI meta Via .edu MTA + suspicious URI 1.000 1.000 1.000 1.000
RCVD_DOUBLE_IP_LOOSE meta Received: by and from look like IP addresses 1.150 0.960 1.042 1.012
RCVD_DOUBLE_IP_SPAM meta Bulk email fingerprint (double IP) found 2.411 2.777 1.912 1.808
RCVD_FAKE_HELO_DOTCOM header Received contains a faked HELO hostname 2.799 2.389 2.605 1.189
RCVD_HELO_IP_MISMATCH header Received: HELO and IP do not match, but should 1.680 1.186 2.362 2.368
RCVD_ILLEGAL_IP header Received: contains illegal IP address 1.300 1.300 1.300 1.300
RCVD_IN_BL_SPAMCOP_NET header Received via a relay in bl.spamcop.net 0.000 1.246 0.000 1.347
RCVD_IN_DNSWL_BLOCKED header ADMINISTRATOR NOTICE: The query to DNSWL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information. 0.000 0.001 0.000 0.001
RCVD_IN_DNSWL_HI header Sender listed at https://www.dnswl.org/, high trust 0.000 -5.000 0.000 -5.000
RCVD_IN_DNSWL_LOW header Sender listed at https://www.dnswl.org/, low trust 0.000 -0.700 0.000 -0.700
RCVD_IN_DNSWL_MED header Sender listed at https://www.dnswl.org/, medium trust 0.000 -2.300 0.000 -2.300
RCVD_IN_DNSWL_NONE header Sender listed at https://www.dnswl.org/, no trust 0.000 -0.000 0.000 -0.000
RCVD_IN_IADB_DK header IADB: Sender publishes Domain Keys record 0.000 -0.223 0.000 -0.095
RCVD_IN_IADB_DOPTIN header IADB: All mailing list mail is confirmed opt-in 0.000 -4.000 0.000 -4.000
RCVD_IN_IADB_DOPTIN_LT50 header IADB: Confirmed opt-in used less than 50% of the time 0.000 -0.001 0.000 -0.001
RCVD_IN_IADB_LISTED header Participates in the IADB system 0.000 -0.380 0.000 -0.001
RCVD_IN_IADB_MI_CPR_MAT header IADB: Sends no material under Michigan's CPR 0.000 -0.332 0.000 0.000
RCVD_IN_IADB_ML_DOPTIN header IADB: Mailing list email only, confirmed opt-in 0.000 -6.000 0.000 -6.000
RCVD_IN_IADB_OPTIN header IADB: All mailing list mail is opt-in 0.000 -2.057 0.000 -1.470
RCVD_IN_IADB_OPTIN_GT50 header IADB: Opt-in used more than 50% of the time 0.000 -1.208 0.000 -0.007
RCVD_IN_IADB_RDNS header IADB: Sender has reverse DNS record 0.000 -0.167 0.000 -0.235
RCVD_IN_IADB_SENDERID header IADB: Sender publishes Sender ID record 0.000 -0.001 0.000 -0.001
RCVD_IN_IADB_SPF header IADB: Sender publishes SPF record 0.000 -0.001 0.000 -0.059
RCVD_IN_IADB_UT_CPR_MAT header IADB: Sends no material under Utah's CPR 0.000 -0.095 0.000 -0.001
RCVD_IN_IADB_VOUCHED header ISIPP IADB lists as vouched-for sender 0.000 -2.200 0.000 -2.200
RCVD_IN_MSPIKE_BL meta Mailspike blocklisted 0.001 0.001 0.001 0.001
RCVD_IN_MSPIKE_H2 header Average reputation (+2) 0.001 -0.001 0.001 -0.001
RCVD_IN_MSPIKE_H3 header Good reputation (+3) 0.001 0.001 0.001 0.001
RCVD_IN_MSPIKE_H4 header Very Good reputation (+4) 0.001 0.001 0.001 0.001
RCVD_IN_MSPIKE_H5 header Excellent reputation (+5) 0.001 0.001 0.001 0.001
RCVD_IN_MSPIKE_L2 header Suspicious reputation (-2) 0.001 0.001 0.001 0.001
RCVD_IN_MSPIKE_L3 header Low reputation (-3) 0.001 0.001 0.001 0.001
RCVD_IN_MSPIKE_L4 header Bad reputation (-4) 0.001 0.001 0.001 0.001
RCVD_IN_MSPIKE_L5 header Very bad reputation (-5) 0.001 0.001 0.001 0.001
RCVD_IN_MSPIKE_WL meta Mailspike good senders 0.001 0.001 0.001 0.001
RCVD_IN_MSPIKE_ZBI meta No description provided 0.001 0.001 0.001 0.001
RCVD_IN_PBL header Received via a relay in Spamhaus PBL 0.000 3.558 0.000 3.335
RCVD_IN_PSBL header Received via a relay in PSBL 0.000 2.700 0.000 2.700
RCVD_IN_SBL header Received via a relay in Spamhaus SBL 0.000 2.596 0.000 0.141
RCVD_IN_SBL_CSS header Received via a relay in Spamhaus SBL-CSS 0.000 3.558 0.000 3.335
RCVD_IN_SORBS_DUL header SORBS: sent directly from dynamic IP address 0.000 0.001 0.000 0.001
RCVD_IN_SORBS_HTTP header SORBS: sender is open HTTP proxy server 0.000 2.499 0.000 0.001
RCVD_IN_SORBS_SOCKS header SORBS: sender is open SOCKS proxy server 0.000 2.443 0.000 1.927
RCVD_IN_SORBS_WEB header SORBS: sender is an abusable web server 0.000 1.500 0.000 1.500
RCVD_IN_VALIDITY_CERTIFIED header Sender in Validity Certification - Contact certification@validity.com 0.000 -3.000 0.000 -3.000
RCVD_IN_VALIDITY_RPBL header Relay in Validity RPBL, https://senderscore.org/blocklistlookup/ 0.000 1.284 0.000 1.310
RCVD_IN_VALIDITY_SAFE header Sender in Validity Safe - Contact certification@validity.com 0.000 -2.000 0.000 -2.000
RCVD_IN_XBL header Received via a relay in Spamhaus XBL 0.000 0.724 0.000 0.375
RCVD_IN_ZEN_BLOCKED header ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/ 0.000 0.001 0.000 0.001
RCVD_IN_ZEN_BLOCKED_OPENDNS header ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ 0.000 0.001 0.000 0.001
RCVD_NUMERIC_HELO ??? No description provided 0.001 0.865 0.001 1.164
RDNS_DYNAMIC meta Delivered to internal network by host with dynamic-looking rDNS 2.639 0.363 1.663 0.982
RDNS_LOCALHOST header Sender's public rDNS is "localhost" 3.700 0.969 2.345 0.001
RDNS_NONE meta Delivered to internal network by a host with no rDNS 2.399 1.274 1.228 0.793
RDNS_NUM_TLD_ATCHNX meta Relay rDNS has numeric TLD + suspicious attachment 1.000 1.000 1.000 1.000
RDNS_NUM_TLD_XM meta Relay rDNS has numeric TLD + suspicious headers 1.000 1.000 1.000 1.000
REMOVE_BEFORE_LINK body Removal phrase right before a link 0.100 0.100 0.100 0.100
REPLICA_WATCH body Message talks about a replica watch 3.487 3.164 4.074 3.775
REPLYTO_WITHOUT_TO_CC meta No description provided 2.399 1.946 0.607 1.552
REPTO_419_FRAUD header Reply-To is known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_AOL header Reply-To is known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_AOL_LOOSE meta Ends-in-digits Reply-To is similar to known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_CNS header Reply-To is known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_GM header Reply-To is known advance fee fraud collector mailbox 2.996 1.000 2.996 1.000
REPTO_419_FRAUD_GM_LOOSE meta Ends-in-digits Reply-To is similar to known advance fee fraud collector mailbox 0.998 1.000 0.998 1.000
REPTO_419_FRAUD_HM header Reply-To is known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_OL header Reply-To is known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_PM header Reply-To is known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_QQ header Reply-To is known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_YH header Reply-To is known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_YH_LOOSE meta Ends-in-digits Reply-To is similar to known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_YJ header Reply-To is known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_419_FRAUD_YN header Reply-To is known advance fee fraud collector mailbox 1.000 1.000 1.000 1.000
REPTO_INFONUMSCOM meta No description provided 1.000 1.000 1.000 1.000
REPTO_QUOTE_YAHOO meta Yahoo! doesn't do quoting like this 0.001 0.490 0.001 0.646
RISK_FREE meta No risk! 0.195 0.001 0.195 0.001
RP_MATCHES_RCVD ??? No description provided -0.001 -0.001 -0.001 -0.001
SB_GIF_AND_NO_URIS meta No description provided 2.199 2.199 2.200 2.199
SCC_BODY_SINGLE_WORD meta No description provided 0.144 0.001 0.144 0.001
SCC_CANSPAM_2 body Interesting compliance language 3.895 2.699 3.895 2.699
SCC_CTMPP meta Uncommon Content-Type 1.000 1.000 1.000 1.000
SCC_ISEMM_LID_1 header Fingerprint of a particular spammer using an old spamware 1.000 1.000 1.000 1.000
SCC_ISEMM_LID_1A header Fingerprint of a particular spammer using an old spamware 1.000 1.000 1.000 1.000
SCC_ISEMM_LID_1B header Genericized spammer fingerprint 1.498 1.500 1.498 1.500
SCC_SPAMMER_ADDR_2 body Fingerprint of a particular spammer 1.569 0.001 1.569 0.001
SCC_SPECIAL_GUID rawbody Unique in a similar way 1.000 1.000 1.000 1.000
SENDGRID_REDIR meta Redirect URI via Sendgrid 1.498 0.345 1.498 0.345
SENDGRID_REDIR_PHISH meta Redirect URI via Sendgrid + phishing signs 1.000 1.000 1.000 1.000
SEO_SUSP_NTLD meta SEO offer from suspicious TLD 1.000 1.000 1.000 1.000
SERGIO_SUBJECT_VIAGRA01 header Viagra garbled subject 2.148 3.752 2.148 3.752
SHOPIFY_IMG_NOT_RCVD_SFY meta Shopify hosted image but message not from Shopify 2.497 1.480 2.497 1.480
SHORTENED_URL_SRC rawbody No description provided 2.297 0.001 2.297 0.001
SHORTENER_SHORT_IMG meta Short HTML + image + URL shortener 0.001 1.000 0.001 1.000
SHORT_HELO_AND_INLINE_IMAGE meta Short HELO string, with inline image 0.100 0.100 0.100 0.100
SHORT_IMG_SUSP_NTLD meta Short HTML + image + suspicious TLD 1.000 1.000 1.000 1.000
SHORT_SHORTNER meta Short body with little more than a link to a shortener 0.753 1.486 0.753 1.486
SHORT_TERM_PRICE body No description provided 0.001 0.001 0.001 0.001
SORTED_RECIPS header Recipient list is sorted by address 1.801 2.474 1.791 2.499
SPAMMY_XMAILER meta X-Mailer string is common in spam and not in ham 2.650 0.862 1.993 2.491
SPF_FAIL header SPF: sender does not match SPF record (fail) 0.000 0.919 0.000 0.001
SPF_HELO_FAIL header SPF: HELO does not match SPF record (fail) 0.000 0.001 0.000 0.001
SPF_HELO_NEUTRAL header SPF: HELO does not match SPF record (neutral) 0.000 0.001 0.000 0.112
SPF_HELO_NONE header SPF: HELO does not publish an SPF Record 0.001 0.001 0.001 0.001
SPF_HELO_PASS header SPF: HELO matches SPF record -0.001 -0.001 -0.001 -0.001
SPF_HELO_SOFTFAIL header SPF: HELO does not match SPF record (softfail) 0.000 0.896 0.000 0.732
SPF_NEUTRAL header SPF: sender does not match SPF record (neutral) 0.000 0.652 0.000 0.779
SPF_NONE header SPF: sender does not publish an SPF Record 0.001 0.001 0.001 0.001
SPF_PASS header SPF: sender matches SPF record -0.001 -0.001 -0.001 -0.001
SPF_SOFTFAIL header SPF: sender does not match SPF record (softfail) 0.000 0.972 0.000 0.665
SPOOFED_FREEMAIL meta No description provided 0.001 0.001 0.001 0.001
SPOOFED_FREEMAIL_NO_RDNS meta From SPOOFED_FREEMAIL and no rDNS 0.363 0.001 0.363 0.001
SPOOFED_FREEM_REPTO meta Forged freemail sender with freemail reply-to 0.001 0.001 0.001 0.001
SPOOFED_FREEM_REPTO_CHN meta Forged freemail sender with Chinese freemail reply-to 0.001 1.000 0.001 1.000
SPOOFED_FREEM_REPTO_RUS meta Forged freemail sender with Russian freemail reply-to 0.001 1.000 0.001 1.000
SPOOF_COM2COM meta URI contains ".com" in middle and end 0.001 0.001 0.001 0.001
SPOOF_COM2OTH uri URI contains ".com" in middle 0.001 0.001 0.001 0.001
SPOOF_GMAIL_MID meta From Gmail but it doesn't seem to be... 1.498 0.001 1.498 0.001
STATIC_XPRIO_OLE meta Static RDNS + X-Priority + MIMEOLE 0.001 0.001 0.001 0.001
STOCK_IMG_CTYPE meta Stock spam image part, with distinctive Content-Type header 0.001 0.005 0.001 0.001
STOCK_IMG_HDR_FROM meta Stock spam image part, with distinctive From line 0.001 0.001 0.001 0.021
STOCK_IMG_HTML meta Stock spam image part, with distinctive HTML 0.000 0.028 0.000 0.005
STOCK_IMG_OUTLOOK meta Stock spam image part, with Outlook-like features 0.001 0.702 0.413 0.190
STOCK_TIP meta Stock tips 1.000 1.000 1.000 1.000
STOX_BOUND_090909_B header No description provided 1.731 1.835 1.731 1.835
STOX_REPLY_TYPE header No description provided 1.898 0.212 0.141 0.439
STOX_REPLY_TYPE_WITHOUT_QUOTES meta No description provided 3.099 1.860 1.629 1.757
SUBJECT_DIET header Subject talks about losing pounds 1.927 1.563 0.817 1.466
SUBJECT_DRUG_GAP_C header Subject contains a gappy version of 'cialis' 2.108 0.989 1.348 2.140
SUBJECT_DRUG_GAP_L header Subject contains a gappy version of 'levitra' 2.799 2.304 1.402 1.561
SUBJECT_FUZZY_CHEAP header Attempt to obfuscate words in Subject: 0.641 1.831 0.833 0.001
SUBJECT_IN_BLACKLIST meta DEPRECATED: See SUBJECT_IN_BLOCKLIST 100.000 100.000 100.000 100.000
SUBJECT_IN_BLOCKLIST header Subject: contains string in the user's block-list 0.010 0.010 0.010 0.010
SUBJECT_IN_WELCOMELIST header Subject: contains string in the user's welcome-list -0.010 -0.010 -0.010 -0.010
SUBJECT_IN_WHITELIST meta DEPRECATED: See SUBJECT_IN_WELCOMELIST -100.000 -100.000 -100.000 -100.000
SUBJECT_NEEDS_ENCODING meta Subject includes non-encoded illegal characters 0.498 0.100 0.804 0.049
SUBJ_ALL_CAPS header Subject is all capitals 0.500 0.500 0.500 0.500
SUBJ_AS_SEEN header Subject contains "As Seen" 2.711 3.099 3.099 1.461
SUBJ_BRKN_WORDNUMS meta Subject contains odd word breaks and numbers 1.000 1.000 1.000 1.000
SUBJ_BROKEN_WORD meta Subject contains odd word break 0.968 0.001 0.968 0.001
SUBJ_BUY header Subject line starts with Buy or Buying 0.594 1.498 0.001 0.639
SUBJ_DOLLARS header Subject starts with dollar amount 0.100 0.100 0.100 0.100
SUBJ_ILLEGAL_CHARS meta Subject: has too many raw illegal characters 0.620 1.105 0.448 1.518
SUBJ_YOUR_FAMILY header Subject contains "Your Family" 2.910 2.999 2.999 2.999
SURBL_BLOCKED body ADMINISTRATOR NOTICE: The query to SURBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information. 0.001 0.001 0.001 0.001
SUSPICIOUS_RECIPS header Similar addresses in recipient list 2.499 2.497 2.139 2.510
SUSP_UTF8_WORD_FROM meta Word in From name using only suspicious UTF-8 characters 1.998 1.999 1.998 1.999
SYSADMIN meta Supposedly from your IT department 1.000 1.000 1.000 1.000
TAGSTAT_IMG_NOT_RCVD_TGST meta Tagstat hosted image but message not from Tagstat 1.000 1.000 1.000 1.000
TARINGANET_IMG_NOT_RCVD_TN meta media.taringa.net hosted image but message not from taringa.net 1.000 1.000 1.000 1.000
TBIRD_SUSP_MIME_BDRY meta Unlikely Thunderbird MIME boundary 2.400 2.400 2.399 2.399
TEQF_USR_IMAGE meta To and from user nearly same + image 1.000 1.000 1.000 1.000
TEQF_USR_MSGID_HEX meta To and from user nearly same + unusual message ID 1.000 1.000 1.000 1.000
TEQF_USR_MSGID_MALF meta To and from user nearly same + malformed message ID 1.000 1.000 1.000 1.000
THEBAT_UNREG header No description provided 2.599 1.843 2.324 1.524
THIS_AD meta "This ad" and variants 1.298 0.799 1.298 0.799
THIS_IS_ADV_SUSP_NTLD meta This is an advertisement from a suspicious TLD 1.000 1.000 1.000 1.000
TONLINE_FAKE_DKIM meta t-online.de doesn't do DKIM 1.000 1.000 1.000 1.000
TONOM_EQ_TOLOC_SHRT_SHRTNER meta Short email with shortener and To:name eq To:local 0.001 0.001 0.001 0.001
TO_EQ_FM_DIRECT_MX meta To == From and direct-to-MX 0.001 0.430 0.001 0.430
TO_EQ_FM_DOM_HTML_IMG meta To domain == From domain and HTML image link 3.496 0.001 3.496 0.001
TO_EQ_FM_DOM_SPF_FAIL meta To domain == From domain and external SPF failed 0.001 0.001 0.001 0.001
TO_EQ_FM_SPF_FAIL meta To == From and external SPF failed 0.001 0.001 0.001 0.001
TO_IN_SUBJ meta To address is in Subject 0.098 0.099 0.098 0.099
TO_MALFORMED header To: has a malformed address 0.100 0.100 0.100 0.100
TO_NAME_SUBJ_NO_RDNS meta Recipient username in subject + no rDNS 2.950 1.000 2.950 1.000
TO_NO_BRKTS_FROM_MSSP meta Multiple header formatting problems 2.497 2.499 2.497 2.499
TO_NO_BRKTS_HTML_IMG meta To: lacks brackets and HTML and one image 1.997 1.999 1.997 1.999
TO_NO_BRKTS_HTML_ONLY meta To: lacks brackets and HTML only 1.997 1.999 1.997 1.999
TO_NO_BRKTS_MSFT meta To: lacks brackets and supposed Microsoft tool 1.749 1.423 1.749 1.423
TO_NO_BRKTS_NORDNS_HTML meta To: lacks brackets and no rDNS and HTML only 1.519 1.999 1.519 1.999
TO_NO_BRKTS_PCNT meta To: lacks brackets + percentage 2.497 2.499 2.497 2.499
TO_TOO_MANY_WFH_01 meta Work-from-Home + many recipients 1.000 1.000 1.000 1.000
TRACKER_ID body Incorporates a tracking ID number 0.100 0.100 0.100 0.100
TT_MSGID_TRUNC header Scora: Message-Id ends after left-bracket + digits 0.748 0.023 1.434 1.448
TVD_APPROVED body Body states that the recipient has been approved 1.000 1.000 1.000 1.000
TVD_FINGER_02 header No description provided 0.001 0.001 0.001 0.001
TVD_FW_GRAPHIC_NAME_LONG mimeheader Long image attachment name 0.001 0.648 0.836 1.293
TVD_FW_GRAPHIC_NAME_MID mimeheader Medium sized image attachment name 0.600 0.001 0.389 0.095
TVD_INCREASE_SIZE body Advertising for penis enlargement 1.529 0.601 1.055 0.001
TVD_IP_HEX uri No description provided 2.715 2.306 2.715 2.306
TVD_IP_SING_HEX uri No description provided 1.500 0.001 1.500 0.001
TVD_PH_BODY_ACCOUNTS_PRE meta The body matches phrases such as "accounts suspended", "account credited", "account verification" 0.001 0.001 0.001 0.001
TVD_PH_REC body Message includes a phrase commonly used in phishing mails 0.100 0.100 0.100 0.100
TVD_PH_SEC body Message includes a phrase commonly used in phishing mails 0.100 0.100 0.100 0.100
TVD_QUAL_MEDS body The body matches phrases such as "quality meds" or "quality medication" 2.697 2.397 2.799 2.483
TVD_RCVD_IP header Message was received from an IP address 0.001 0.001 0.001 0.001
TVD_RCVD_IP4 header Message was received from an IPv4 address 0.001 0.001 0.001 0.001
TVD_SPACE_ENCODED meta Space ratio & encoded subject 1.500 1.500 1.500 1.500
TVD_SPACE_RATIO meta No description provided 0.001 0.001 0.001 0.001
TVD_SPACE_RATIO_MINFP meta Space ratio (vertical text obfuscation?) 1.500 1.500 1.500 1.500
TVD_SUBJ_ACC_NUM header Subject has spammy looking monetary reference 0.100 0.100 0.100 0.100
TVD_SUBJ_WIPE_DEBT header Spam advertising a way to eliminate debt 2.599 2.291 2.599 1.004
TVD_VISIT_PHARMA body Body mentions online pharmacy 1.957 1.196 0.417 1.406
TW_GIBBERISH_MANY meta Lots of gibberish text to spoof pattern matching filters 1.000 1.000 1.000 1.000
TXREP header Score normalizing based on sender's reputation 1.000 1.000 1.000 1.000
T_ACH_CANCELLED_EXE meta "ACH cancelled" probable malware 0.100 0.100 0.100 0.100
T_ANY_PILL_PRICE meta Prices for pills 0.100 0.100 0.100 0.100
T_CDISP_SZ_MANY mimeheader Suspicious MIME header 0.100 0.100 0.100 0.100
T_CTYPE_NULL meta Malformed Content-Type header 0.100 0.100 0.100 0.100
T_DATE_IN_FUTURE_96_Q header Date: is 4 days to 4 months after Received: date 0.100 0.100 0.100 0.100
T_DATE_IN_FUTURE_Q_PLUS header Date: is over 4 months after Received: date 0.100 0.100 0.100 0.100
T_DOC_ATTACH_NO_EXT meta Document attachment with suspicious name 0.100 0.100 0.100 0.100
T_DOS_OUTLOOK_TO_MX_IMAGE meta Direct to MX with Outlook headers and an image 0.100 0.100 0.100 0.100
T_DOS_ZIP_HARDCORE mimeheader hardcore.zip file attached; quite certainly a virus 0.100 0.100 0.100 0.100
T_DRUGS_ERECTILE_SHORT_SHORTNER meta Short erectile drugs advert with T_URL_SHORTENER 0.100 0.100 0.100 0.100
T_FILL_THIS_FORM_FRAUD_PHISH meta Answer suspicious question(s) 0.100 0.100 0.100 0.100
T_FILL_THIS_FORM_LOAN meta Answer loan question(s) 0.100 0.100 0.100 0.100
T_FILL_THIS_FORM_SHORT meta Fill in a short form with personal information 0.100 0.100 0.100 0.100
T_FORGED_TBIRD_IMG_SIZE meta Likely forged Thunderbird image spam 0.100 0.100 0.100 0.100
T_FREEMAIL_DOC_PDF meta MS document or PDF attachment, from freemail 0.100 0.100 0.100 0.100
T_FREEMAIL_DOC_PDF_BCC meta MS document or PDF attachment, from freemail, all recipients hidden 0.100 0.100 0.100 0.100
T_FREEMAIL_RVW_ATTCH meta Please review attached document, from freemail 0.100 0.100 0.100 0.100
T_FROMNAME_EQUALS_TO meta From:name matches To: 0.100 0.100 0.100 0.100
T_FROMNAME_SPOOFED_EMAIL meta From:name looks like a spoofed email 0.100 0.100 0.100 0.100
T_FROM_MULTI_NORDNS meta Multiple From addresses + no rDNS 0.100 0.100 0.100 0.100
T_FROM_MULTI_SHORT_IMG meta Multiple From addresses + short message with image 0.100 0.100 0.100 0.100
T_FUZZY_OPTOUT body Obfuscated opt-out text 0.100 0.100 0.100 0.100
T_FUZZY_WELLSFARGO meta Obfuscated "Wells Fargo" 0.100 0.100 0.100 0.100
T_GB_FREEM_FROM_NOT_REPLY meta From: and Reply-To: have different freemail domains 0.100 0.100 0.100 0.100
T_GB_FROMNAME_SPOOFED_EMAIL_IP meta From:name looks like a spoofed email from a spoofed ip 0.100 0.100 0.100 0.100
T_GB_STORAGE_GOOGLE_EMAIL uri Google storage cloud abuse 0.100 0.100 0.100 0.100
T_GB_WEBFORM meta Webform with url shortener 0.100 0.100 0.100 0.100
T_GB_YOUTUBE_EMAIL uri Youtube attribution links abuse 0.100 0.100 0.100 0.100
T_HTML_ATTACH meta HTML attachment to bypass scanning? 0.100 0.100 0.100 0.100
T_HTML_TAG_BALANCE_CENTER meta Malformatted HTML 0.100 0.100 0.100 0.100
T_ISO_ATTACH meta ISO attachment - possible malware delivery 0.100 0.100 0.100 0.100
T_KAM_HTML_FONT_INVALID meta Test for Invalidly Named or Formatted Colors in HTML 0.100 0.100 0.100 0.100
T_LARGE_PCT_AFTER_MANY meta Many large percentages after... 0.100 0.100 0.100 0.100
T_LOTTO_AGENT meta Claims Agent 0.100 0.100 0.100 0.100
T_LOTTO_AGENT_FM header Claims Agent 0.100 0.100 0.100 0.100
T_LOTTO_AGENT_RPLY meta Claims Agent 0.100 0.100 0.100 0.100
T_LOTTO_URI uri Claims Department URL 0.100 0.100 0.100 0.100
T_MANY_PILL_PRICE meta Prices for many pills 0.100 0.100 0.100 0.100
T_MIME_MALF meta Malformed MIME: headers in body 0.100 0.100 0.100 0.100
T_MONEY_PERCENT meta X% of a lot of money for you 0.100 0.100 0.100 0.100
T_OBFU_ATTACH_MISSP meta Obfuscated attachment type and misspaced From 0.100 0.100 0.100 0.100
T_OBFU_DOC_ATTACH mimeheader MS Document attachment with generic MIME type 0.100 0.100 0.100 0.100
T_OBFU_GIF_ATTACH mimeheader GIF attachment with generic MIME type 0.100 0.100 0.100 0.100
T_OBFU_HTML_ATTACH mimeheader HTML attachment with non-text MIME type 0.100 0.100 0.100 0.100
T_OBFU_HTML_ATT_MALW meta HTML attachment with incorrect MIME type - possible malware 0.100 0.100 0.100 0.100
T_OBFU_JPG_ATTACH mimeheader JPG attachment with generic MIME type 0.100 0.100 0.100 0.100
T_OBFU_PDF_ATTACH mimeheader PDF attachment with generic MIME type 0.100 0.100 0.100 0.100
T_OFFER_ONLY_AMERICA meta Offer only available to US 0.100 0.100 0.100 0.100
T_PDS_BTC_AHACKER meta Bitcoin Hacker 0.100 0.100 0.100 0.100
T_PDS_BTC_HACKER meta Bitcoin Hacker 0.100 0.100 0.100 0.100
T_PDS_BTC_NTLD meta Bitcoin suspect NTLD 0.100 0.100 0.100 0.100
T_PDS_FREEMAIL_REPLYTO_URISHRT meta Freemail replyto with URI shortener 0.100 0.100 0.100 0.100
T_PDS_FROM_2_EMAILS_SHRTNER meta From 2 emails short email with little more than a URI shortener 0.100 0.100 0.100 0.100
T_PDS_LTC_AHACKER meta Litecoin Hacker 0.100 0.100 0.100 0.100
T_PDS_LTC_HACKER meta Litecoin Hacker 0.100 0.100 0.100 0.100
T_PDS_NO_FULL_NAME_SPOOFED_URL meta HTML message short, T_SPOOFED_URL and T_KHOP_NO_FULL_NAME 0.100 0.100 0.100 0.100
T_PDS_OTHER_BAD_TLD header Untrustworthy TLDs 0.100 0.100 0.100 0.100
T_PDS_PRO_TLD header .pro TLD 0.100 0.100 0.100 0.100
T_PDS_SHORTFWD_URISHRT meta Threaded email with URI shortener 0.100 0.100 0.100 0.100
T_PDS_SHORTFWD_URISHRT_FP meta Apparently a short fwd/re with URI shortener 0.100 0.100 0.100 0.100
T_PDS_SHORTFWD_URISHRT_QP meta Apparently a short fwd/re with URI shortener 0.100 0.100 0.100 0.100
T_PDS_SHORT_SPOOFED_URL meta HTML message short and T_SPOOFED_URL (S_U_FP) 0.100 0.100 0.100 0.100
T_PDS_URISHRT_LOCALPART_SUBJ meta Localpart of To in subject 0.100 0.100 0.100 0.100
T_PHOTO_EDITING_DIRECT meta Image editing service, direct to MX 0.100 0.100 0.100 0.100
T_PHOTO_EDITING_FREEM meta Image editing service, freemail or CHN replyto 0.100 0.100 0.100 0.100
T_REMOTE_IMAGE meta Message contains an external image 0.100 0.100 0.100 0.100
T_SCC_BOGUS_CTE_1 meta Bogus Content-Transfer-Encoding header 0.100 0.100 0.100 0.100
T_SENT_TO_EMAIL_ADDR meta Email was sent to email address 0.100 0.100 0.100 0.100
T_SHARE_50_50 meta Share the money 50/50 0.100 0.100 0.100 0.100
T_SPF_HELO_PERMERROR header SPF: test of HELO record failed (permerror) 0.100 0.100 0.100 0.100
T_SPF_HELO_TEMPERROR header SPF: test of HELO record failed (temperror) 0.100 0.100 0.100 0.100
T_SPF_PERMERROR header SPF: test of record failed (permerror) 0.100 0.100 0.100 0.100
T_SPF_TEMPERROR header SPF: test of record failed (temperror) 0.100 0.100 0.100 0.100
T_STY_INVIS_DIRECT meta HTML hidden text + direct-to-MX 0.100 0.100 0.100 0.100
T_SUSPNTLD_EXPIRATION_EXTORT meta Susp NTLD with an expiration notice and lotsa money 0.100 0.100 0.100 0.100
T_TONOM_EQ_TOLOC_SHRT_PSHRTNER meta Short subject with potential shortener and To:name eq To:local 0.100 0.100 0.100 0.100
T_WON_MONEY_ATTACH meta You won lots of money! See attachment. 0.100 0.100 0.100 0.100
T_WON_NBDY_ATTACH meta You won lots of money! See attachment. 0.100 0.100 0.100 0.100
T_XPRIO_URL_SHORTNER meta X-Priority header and short URL 0.100 0.100 0.100 0.100
T_ZW_OBFU_BITCOIN meta Obfuscated text + bitcoin ID - possible extortion 0.100 0.100 0.100 0.100
T_ZW_OBFU_FREEM meta Obfuscated text + freemail 0.100 0.100 0.100 0.100
T_ZW_OBFU_FROMTOSUBJ meta Obfuscated text + from in to and subject 0.100 0.100 0.100 0.100
UC_GIBBERISH_OBFU meta Multiple instances of "word VERYLONGGIBBERISH word" 1.000 1.000 1.000 1.000
UNCLAIMED_MONEY body People just leave money laying around 2.699 2.699 2.699 2.427
UNCLOSED_BRACKET header Headers contain an unclosed bracket 2.699 1.329 1.425 1.496
UNDISC_FREEM meta Undisclosed recipients + freemail reply-to 3.096 2.699 3.096 2.699
UNDISC_MONEY meta Undisclosed recipients + money/fraud signs 3.196 3.200 3.196 3.200
UNICODE_OBFU_ASC meta Obfuscating text with unicode 2.497 2.499 2.497 2.499
UNICODE_OBFU_ZW meta Obfuscating text with hidden characters 3.316 1.000 3.316 1.000
UNPARSEABLE_RELAY meta Informational: message has unparseable relay lines 0.001 0.001 0.001 0.001
UNRESOLVED_TEMPLATE header Headers contain an unresolved template 3.035 0.716 2.424 1.252
UNSUB_GOOG_FORM meta Unsubscribe via Google Docs form 1.000 1.000 1.000 1.000
UNWANTED_LANGUAGE_BODY body Message written in an undesired language 2.800 2.800 2.800 2.800
UPPERCASE_50_75 meta message body is 50-75% uppercase 0.001 0.791 0.001 0.008
UPPERCASE_75_100 meta message body is 75-100% uppercase 1.480 1.189 0.001 0.001
URG_BIZ meta Contains urgent matter 1.750 0.941 0.568 0.573
URIBL_ABUSE_SURBL body Contains an URL listed in the ABUSE SURBL blocklist 0.000 1.948 0.000 1.250
URIBL_CR_SURBL body Contains an URL listed in the CR SURBL blocklist 0.000 1.263 0.000 1.263
URIBL_CSS body Contains an URL's NS IP listed in the Spamhaus CSS blocklist 0.000 0.100 0.000 0.100
URIBL_CSS_A body Contains URL's A record listed in the Spamhaus CSS blocklist 0.000 0.100 0.000 0.100
URIBL_DBL_ABUSE_BOTCC body Contains an abused botnet C&C URL listed in the Spamhaus DBL blocklist 0.000 2.500 0.000 2.500
URIBL_DBL_ABUSE_MALW body Contains an abused malware URL listed in the Spamhaus DBL blocklist 0.000 2.500 0.000 2.500
URIBL_DBL_ABUSE_PHISH body Contains an abused phishing URL listed in the Spamhaus DBL blocklist 0.000 2.500 0.000 2.500
URIBL_DBL_ABUSE_REDIR body Contains an abused redirector URL listed in the Spamhaus DBL blocklist 0.000 0.001 0.000 0.001
URIBL_DBL_ABUSE_SPAM body Contains an abused spamvertized URL listed in the Spamhaus DBL blocklist 0.000 2.000 0.000 2.000
URIBL_DBL_BLOCKED body ADMINISTRATOR NOTICE: The query to dbl.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/ 0.000 0.001 0.000 0.001
URIBL_DBL_BLOCKED_OPENDNS body ADMINISTRATOR NOTICE: The query to dbl.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ 0.000 0.001 0.000 0.001
URIBL_DBL_BOTNETCC body Contains a botned C&C URL listed in the Spamhaus DBL blocklist 0.000 2.500 0.000 2.500
URIBL_DBL_ERROR body Error: queried the Spamhaus DBL blocklist for an IP 0.000 0.001 0.000 0.001
URIBL_DBL_MALWARE body Contains a malware URL listed in the Spamhaus DBL blocklist 0.000 2.500 0.000 2.500
URIBL_DBL_PHISH body Contains a Phishing URL listed in the Spamhaus DBL blocklist 0.000 2.500 0.000 2.500
URIBL_DBL_SPAM body Contains a spam URL listed in the Spamhaus DBL blocklist 0.000 2.500 0.000 2.500
URIBL_MW_SURBL body Contains a URL listed in the MW SURBL blocklist 0.000 1.263 0.000 1.263
URIBL_PH_SURBL body Contains an URL listed in the PH SURBL blocklist 0.000 0.001 0.000 0.610
URIBL_RHS_DOB body Contains an URI of a new domain (Day Old Bread) 0.000 0.276 0.000 1.514
URIBL_SBL body Contains an URL's NS IP listed in the Spamhaus SBL blocklist 0.000 0.644 0.000 1.623
URIBL_SBL_A body Contains URL's A record listed in the Spamhaus SBL blocklist 0.000 0.100 0.000 0.100
URIBL_ZEN_BLOCKED body ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/ 0.000 0.001 0.000 0.001
URIBL_ZEN_BLOCKED_OPENDNS body ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/ 0.000 0.001 0.000 0.001
URI_ADOBESPARK meta No description provided 1.000 1.000 1.000 1.000
URI_AZURE_CLOUDAPP meta Link to hosted azure web application, possible phishing 2.996 1.000 2.996 1.000
URI_DASHGOVEDU meta Suspicious domain name 1.000 1.000 1.000 1.000
URI_DATA meta "data:" URI - possible malware or phish 1.000 1.000 1.000 1.000
URI_DOTEDU meta Has .edu URI 1.997 1.999 1.997 1.999
URI_DOTEDU_ENTITY meta Via .edu MTA + suspicious HTML content 1.000 1.000 1.000 1.000
URI_DOTTY_HEX meta Suspicious URI format 1.000 1.000 1.000 1.000
URI_DQ_UNSUB meta IP-address unsubscribe URI 1.000 1.000 1.000 1.000
URI_FIREBASEAPP meta Link to hosted firebase web application, possible phishing 1.000 1.000 1.000 1.000
URI_GOOGLE_PROXY meta Accessing a blacklisted URI or obscuring source of phish via Google proxy? 2.596 2.799 2.596 2.799
URI_GOOG_STO_SPAMMY uri Link to spammy content hosted by google storage 3.500 3.500 3.500 3.500
URI_HEX uri URI hostname has long hexadecimal sequence 0.100 0.100 0.100 0.100
URI_HEX_IP meta URI with hex-encoded IP-address host 1.294 1.000 1.294 1.000
URI_HOST_IN_BLACKLIST meta DEPRECATED: See URI_HOST_IN_BLOCKLIST 100.000 100.000 100.000 100.000
URI_HOST_IN_BLOCKLIST body Host or Domain is listed in the user's URI block-list 0.010 0.010 0.010 0.010
URI_HOST_IN_WELCOMELIST body Host or Domain is listed in the user's URI welcome-list -0.010 -0.010 -0.010 -0.010
URI_HOST_IN_WHITELIST meta DEPRECATED: See URI_HOST_IN_WELCOMELIST -100.000 -100.000 -100.000 -100.000
URI_IMG_WP_REDIR meta Image via WordPress "accelerator" proxy 1.000 1.000 1.000 1.000
URI_LONG_REPEAT meta Long identical host+domain 1.000 1.000 1.000 1.000
URI_MALWARE_SCMS uri Link to malware exploit download (.SettingContent-ms file) 1.000 1.000 1.000 1.000
URI_NOVOWEL uri URI hostname has long non-vowel sequence 0.500 0.500 0.500 0.500
URI_NO_WWW_BIZ_CGI uri CGI in .biz TLD other than third-level "www" 1.000 1.000 1.000 1.000
URI_NO_WWW_INFO_CGI uri CGI in .info TLD other than third-level "www" 1.000 1.000 1.000 1.000
URI_ONLY_MSGID_MALF meta URI only + malformed message ID 0.170 0.733 0.170 0.733
URI_OPTOUT_3LD uri Opt-out URI, suspicious hostname 1.000 1.000 1.000 1.000
URI_OPTOUT_USME uri Opt-out URI, unusual TLD 1.000 1.000 1.000 1.000
URI_PHISH meta Phishing using web form 3.995 4.000 3.995 4.000
URI_PHP_REDIR meta PHP redirect to different URL (link obfuscation) 3.496 1.000 3.496 1.000
URI_TRUNCATED body Message contained a URI which was truncated 0.001 0.001 0.001 0.001
URI_TRY_3LD meta "Try it" URI, suspicious hostname 1.997 1.999 1.997 1.999
URI_TRY_USME meta "Try it" URI, unusual TLD 1.000 1.000 1.000 1.000
URI_WPADMIN meta WordPress login/admin URI, possible phishing 2.297 2.299 2.297 2.299
URI_WP_DIRINDEX meta URI for compromised WordPress site, possible malware 1.000 1.000 1.000 1.000
URI_WP_HACKED meta URI for compromised WordPress site, possible malware 1.674 2.193 1.674 2.193
URI_WP_HACKED_2 meta URI for compromised WordPress site, possible malware 2.497 2.500 2.497 2.500
URL_SHORTENER_CHAINED body Message contains shortened URL chained to other shorteners 0.010 0.010 0.010 0.010
URL_SHORTENER_DISABLED uri Message contains shortened URL that has been disabled due to abuse 2.000 2.000 2.000 2.000
USB_DRIVES meta Trying to sell custom USB flash drives 1.000 1.000 1.000 1.000
USER_IN_ALL_SPAM_TO header User is listed in 'all_spam_to' -100.000 -100.000 -100.000 -100.000
USER_IN_BLACKLIST meta DEPRECATED: See USER_IN_BLOCKLIST 100.000 100.000 100.000 100.000
USER_IN_BLACKLIST_TO meta DEPRECATED: See USER_IN_BLOCKLIST_TO 10.000 10.000 10.000 10.000
USER_IN_BLOCKLIST header From: user is listed in the block-list 0.010 0.010 0.010 0.010
USER_IN_BLOCKLIST_TO header User is listed in 'blocklist_to' 0.010 0.010 0.010 0.010
USER_IN_DEF_DKIM_WL header From: address is in the default DKIM welcome-list -7.500 -7.500 -7.500 -7.500
USER_IN_DEF_SPF_WL header From: address is in the default SPF welcome-list -7.500 -7.500 -7.500 -7.500
USER_IN_DEF_WELCOMELIST header From: user is listed in the default welcome-list -0.010 -0.010 -0.010 -0.010
USER_IN_DEF_WHITELIST meta DEPRECATED: See USER_IN_DEF_WELCOMELIST -15.000 -15.000 -15.000 -15.000
USER_IN_DKIM_WELCOMELIST header From: address is in the user's DKIM welcomelist -0.010 -0.010 -0.010 -0.010
USER_IN_DKIM_WHITELIST meta DEPRECATED: See USER_IN_DKIM_WELCOMELIST -100.000 -100.000 -100.000 -100.000
USER_IN_MORE_SPAM_TO header User is listed in 'more_spam_to' -20.000 -20.000 -20.000 -20.000
USER_IN_SPF_WELCOMELIST header From: address is in the user's SPF welcomelist -0.010 -0.010 -0.010 -0.010
USER_IN_SPF_WHITELIST meta DEPRECATED: See USER_IN_SPF_WELCOMELIST -100.000 -100.000 -100.000 -100.000
USER_IN_WELCOMELIST header User is listed in 'welcomelist_from' -0.010 -0.010 -0.010 -0.010
USER_IN_WELCOMELIST_TO header User is listed in 'welcomelist_to' -0.010 -0.010 -0.010 -0.010
USER_IN_WHITELIST meta DEPRECATED: See USER_IN_WELCOMELIST -100.000 -100.000 -100.000 -100.000
USER_IN_WHITELIST_TO meta DEPRECATED: See USER_IN_WELCOMELIST_TO -6.000 -6.000 -6.000 -6.000
VBOUNCE_MESSAGE meta Virus-scanner bounce message 0.100 0.100 0.100 0.100
VFY_ACCT_NORDNS meta Verify your account to a poorly-configured MTA - probable phishing 2.847 2.999 2.847 2.999
VPS_NO_NTLD meta vps[0-9] domain at a suspiscious TLD 1.000 1.000 1.000 1.000
WALMART_IMG_NOT_RCVD_WAL meta Walmart hosted image but message not from Walmart 1.000 1.000 1.000 1.000
WEIRD_PORT uri Uses non-standard port number for HTTP 0.001 0.001 0.097 0.001
WEIRD_QUOTING body Weird repeated double-quotation marks 0.001 0.001 0.001 0.001
WORD_INVIS meta A hidden word 1.581 1.985 1.581 1.985
WORD_INVIS_MANY meta Multiple individual hidden words 2.996 2.999 2.996 2.999
XM_DIGITS_ONLY meta X-Mailer malformed 1.000 1.000 1.000 1.000
XM_PHPMAILER_FORGED meta Apparently forged header 1.000 1.000 1.000 1.000
XM_RANDOM meta X-Mailer apparently random 0.251 0.001 0.251 0.001
XM_RECPTID meta Has spammy message header 2.996 2.999 2.996 2.999
XPRIO meta Has X-Priority header 2.120 1.165 2.120 1.165
XPRIO_SHORT_SUBJ meta Has X Priority header + short subject 1.000 1.000 1.000 1.000
X_IP header Message has X-IP header 0.001 0.001 0.001 0.001
X_MAILER_CME_6543_MSN header No description provided 2.886 2.004 3.002 3.348
YOUR_PERMISSION meta With your permission... 2.423 0.001 2.423 0.001
__DC_GIF_MULTI_LARGO meta Message has 2+ inline gif covering lots of area 1.000 1.000 1.000 1.000
__DC_IMG_HTML_RATIO rawbody Low rawbody to pixel area ratio 1.000 1.000 1.000 1.000
__DC_IMG_TEXT_RATIO body Low body to pixel area ratio 1.000 1.000 1.000 1.000
__DC_PNG_MULTI_LARGO meta Message has 2+ png images covering lots of area 1.000 1.000 1.000 1.000
__DKIM_DEPENDABLE full A validation failure not attributable to truncation 1.000 1.000 1.000 1.000
__FORGED_TBIRD_IMG meta Possibly forged Thunderbird image spam 1.000 1.000 1.000 1.000
__FROM_41_FREEMAIL meta Sent from Africa + freemail provider 1.000 1.000 1.000 1.000
__HAS_HREF rawbody Has an anchor tag with a href attribute in non-quoted line 1.000 1.000 1.000 1.000
__HAS_HREF_ONECASE rawbody Has an anchor tag with a href attribute in non-quoted line with consistent case 1.000 1.000 1.000 1.000
__HAS_IMG_SRC rawbody Has an img tag on a non-quoted line 1.000 1.000 1.000 1.000
__HAS_IMG_SRC_ONECASE rawbody Has an img tag on a non-quoted line with consistent case 1.000 1.000 1.000 1.000
__KAM_BODY_LENGTH_LT_1024 body The length of the body of the email is less than 1024 bytes. 1.000 1.000 1.000 1.000
__KAM_BODY_LENGTH_LT_128 body The length of the body of the email is less than 128 bytes. 1.000 1.000 1.000 1.000
__KAM_BODY_LENGTH_LT_256 body The length of the body of the email is less than 256 bytes. 1.000 1.000 1.000 1.000
__KAM_BODY_LENGTH_LT_512 body The length of the body of the email is less than 512 bytes. 1.000 1.000 1.000 1.000
__MIME_BASE64 rawbody Includes a base64 attachment 1.000 1.000 1.000 1.000
__MIME_QP rawbody Includes a quoted-printable attachment 1.000 1.000 1.000 1.000
__ML_TURNS_SP_TO_TAB header A mailing list changing a space to a TAB 1.000 1.000 1.000 1.000
__NSL_ORIG_FROM_41 header Originates from 41.0.0.0/8 1.000 1.000 1.000 1.000
__NSL_RCVD_FROM_41 header Received from 41.0.0.0/8 1.000 1.000 1.000 1.000
__RCVD_IN_MSPIKE_Z header Spam wave participant 1.000 1.000 1.000 1.000
__RCVD_IN_SORBS header SORBS: sender is listed in SORBS 1.000 1.000 1.000 1.000
__RCVD_IN_ZEN header Received via a relay in Spamhaus Zen 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_ADELPHIA header Relay HELO'd using suspicious hostname (Adelphia) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_ATTBI header Relay HELO'd using suspicious hostname (ATTBI.com) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_CHELLO_NL header Relay HELO'd using suspicious hostname (Chello.nl) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_CHELLO_NO header Relay HELO'd using suspicious hostname (Chello.no) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_COMCAST header Relay HELO'd using suspicious hostname (Comcast) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_DHCP header Relay HELO'd using suspicious hostname (DHCP) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_DIALIN header Relay HELO'd using suspicious hostname (T-Dialin) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_HCC header Relay HELO'd using suspicious hostname (HCC) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_HEXIP header Relay HELO'd using suspicious hostname (Hex IP) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_IPADDR header Relay HELO'd using suspicious hostname (IP addr 1) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_NTL header Relay HELO'd using suspicious hostname (NTL) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_OOL header Relay HELO'd using suspicious hostname (OptOnline) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_ROGERS header Relay HELO'd using suspicious hostname (Rogers) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_RR2 header Relay HELO'd using suspicious hostname (RR 2) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_SPLIT_IP header Relay HELO'd using suspicious hostname (Split IP) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_TELIA header Relay HELO'd using suspicious hostname (Telia) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_VELOX header Relay HELO'd using suspicious hostname (Veloxzone) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_VTR header Relay HELO'd using suspicious hostname (VTR) 1.000 1.000 1.000 1.000
__RDNS_DYNAMIC_YAHOOBB header Relay HELO'd using suspicious hostname (YahooBB) 1.000 1.000 1.000 1.000
__TO_EQ_FROM meta To: same as From: 1.000 1.000 1.000 1.000
__TO_EQ_FROM_DOM meta To: domain same as From: domain 1.000 1.000 1.000 1.000
__TO_EQ_FROM_USR meta To: username same as From: username 1.000 1.000 1.000 1.000
__TO_EQ_FROM_USR_NN meta To: username same as From: username sans trailing nums 1.000 1.000 1.000 1.000
__VIA_ML meta Mail from a mailing list 1.000 1.000 1.000 1.000
__VIA_RESIGNER meta Mail through a popular signing remailer 1.000 1.000 1.000 1.000







広告スペース
Google