Professional Documents
Culture Documents
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <bounce2@topemail.eu>
X-Envelope-To: <linanoer888@unhas.ac.id>
X-Envelope-To-Blocked:
X-Quarantine-ID: <bR1PBCN7ZGzr>
X-Spam-Flag: YES
X-Spam-Score: 9.055
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.055 tag=2 tag2=6.31 kill=6.31
tests=[BAYES_20=-0.74, HTML_IMAGE_RATIO_02=0.383,
HTML_MESSAGE=0.001,
RCVD_IN_PBL=0.905, RCVD_IN_SBL=1.551, SPF_FAIL=5,
URIBL_BLACK=1.955]
Received: from mail.unhas.ac.id ([127.0.0.1])
by localhost (mail.unhas.ac.id [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id bR1PBCN7ZGzr for <linanoer888@unhas.ac.id>;
Thu, 19 May 2011 15:51:23 +0800 (CIT)
X-Original-Helo: mail.topemail.eu (iRedMail:
http://www.iredmail.org/)
Received: from mail.topemail.eu (m11.topemail.eu [77.90.89.61])
by mail.unhas.ac.id (ITCoNet) with ESMTP id 1A75753809C
for <linanoer888@unhas.ac.id>; Thu, 19 May 2011 15:51:21
+0800 (CIT)
Received: (qmail 20356 invoked by uid 1018); 19 May 2011 10:28:46
+0300
Received: from cs2.kli.lt (HELO x-email.eu) (77.90.88.254)
by mail.topemail.eu with SMTP; 19 May 2011 10:28:46 +0300
To: linanoer888@unhas.ac.id
Subject: www.bulkdatabases.com
Message-ID: <2107b7cacb03e8b4e19639a9270f4a09@x-email.eu>
Date: Thu, 19 May 2011 10:23:36 +0300
From: "Buy targeted Email Database" <mailer2@topemail.eu>
Reply-To: mailer2@topemail.eu
MIME-Version: 1.0
X-Mailer-LID: 64
List-Unsubscribe: <http://x-email.eu//unsubscribe.php?
M=16248762&C=3e137d42391ba1d045b335f88128f642&L=64&N=771>
X-Mailer-RecptId: 16248762
X-Mailer-SID: 771
X-Mailer-Sent-By: 1
Content-Type: multipart/alternative; charset="UTF-8";
boundary="b1_378072e5154662e243ab95e722be3b19"
Content-Transfer-Encoding: 8bit
--b1_378072e5154662e243ab95e722be3b19
Content-Type: text/plain; format=flowed; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Your email client cannot read this email.
To view it online, please go here:
http://x-email.eu//display.php?
M=16248762&C=3e137d42391ba1d045b335f88128f642&S=771&L=64&N=40
WWW.bulkdatabases.com
Business Email Lists
Country Email Lists
Domain Email Lists
General Global Email Lists
Men's Email Lists
Powerfull 2010 Email Lists
Tagerted Email Lists
Woman Email Lists
Email Sender Software
--b1_378072e5154662e243ab95e722be3b19
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: 8bit
<html><head></head><body><div align="center"><a target="_blank"
href="http://x-email.eu//display.php?
M=16248762&C=3e137d42391ba1d045b335f88128f642&S=771&L=64&N=40"><b>
<font
size="4">Look this newsletter on the web... </font></b></a><br
/><br />
<meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"
/>
</div>
<title>Welcome</title>
<style type="text/css"><!-body {
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
}
.border{
background-color:#FFFFFF;
border: 1px solid #d4d4d4;
}
.intro{
font-family:"Univers 55";
font-size:18px;
font-weight:normal;
color:#ad1515;
padding-bottom:10px;
}
.mid{
font-family:tahoma;
font-size:11px;
font-weight:normal;
color:#2e2e2e;
}
.mid2{
font-family:Arial, Helvetica, sans-serif;
font-size:11px;
color:#2a2a2a;
padding-right:15px;
padding-left: 15px;
}
.midred {
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
font-weight:bold;
color:#d50023;
padding-top: 4px;
padding-bottom: 4px;
padding-left: 10px;
}
.mid3 {
font-family:tahoma;
font-size:11px;
font-weight:normal;
color:#2e2e2e;
text-align: justify;
padding-top: 5px;
}
.border1 { background-color:#FFFFFF;
border-right-width: 1px;
border-left-width: 1px;
border-right-style: solid;
border-left-style: solid;
border-right-color: #707070;
border-left-color: #707070;
}
.mid21 {
font-family:tahoma;
font-size:11px;
color:#060201;
text-align:justify;
padding-right:10px;
padding-left: 10px;
}
.midbold1 {
font-family:Tahoma;
font-size:11px;
font-weight:bold;
color:#61504e;
padding-bottom: 5px;
padding-left: 10px;
}
.more {
font-family:tahoma;
font-size:11px;
color:#c22020;
text-align:justify;
padding-left: 10px;
text-decoration: none;
padding-top: 6px;
}
.border2 {
background-color:#FFFFFF;
border-right-width: 1px;
border-left-width: 1px;
border-right-style: solid;
border-left-style: solid;
border-right-color: #c6c6c6;
border-left-color: #c6c6c6;
}
--></style>
<table align="center" border="0" cellpadding="0" cellspacing="0"
width="580">
<tbody>
<tr>
<td class="border">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td><a target="_blank"
href="http://x-email.eu//link.php?M=16248762&N=771&L=743&F=H"><img
title="homepage_logo.jpg" alt="homepage_logo.jpg"
src="http://xemail.eu//admin/temp/newsletters/40/homepage_logo.jpg"
width="550" height="200" /></a></td>
</tr>
<tr>
<td>
<table style="background-color: #c4fcdb;" align="center"
border="0"
cellpadding="0" cellspacing="0" width="563">
<tbody>
<tr>
<td> </td>
</tr>
<tr>
<td>
<table style="background-color: #c4fcdb;" border="0"
cellpadding="0"
cellspacing="0" width="100%">
<tbody>
<tr>
<td width="220">
href="http://x-email.eu//link.php?
M=16248762&N=771&L=735&F=H">Men's Email
Lists</a></font> <br /> <font size="3"><a target="_blank"
href="http://x-email.eu//link.php?
M=16248762&N=771&L=741&F=H">Powerfull
2010 Email Lists</a></font> <br /> <font size="3"><a
target="_blank"
href="http://x-email.eu//link.php?
M=16248762&N=771&L=739&F=H">Tagerted
Email Lists</a></font> <br /><font size="3"><a target="_blank"
href="http://x-email.eu//link.php?
M=16248762&N=771&L=547&F=H">Woman Email
Lists</a><br /></font><font size="3"><a target="_blank"
href="http://x-email.eu//link.php?
M=16248762&N=771&L=736&F=H">Email Sender
Software</a></font></div>
</td>
</tr>
<tr>
<td style="background-color: #c4fcdb;" class="border1"><br /></td>
</tr>
<tr>
<td><br /></td>
</tr>
</tbody>
</table>
</td>
<td valign="top">
<table align="right" border="0" cellpadding="0" cellspacing="0"
width="314">
<tbody>
<tr>
<td class="intro"><font color="#000000"><font
color="#0000ff"><b><font
size="5">Get 15% DISCOUNT NOW</font> </b></font><br /><font
size="4">add
the discount voucher</font> </font><font color="#ff0000"><font
size="5"><b>GET15</b></font></font> <br />
<div align="center"><b><font color="#ff0000" size="4"><span
style="background-color: #ffffff;">Only 30
Vouchers</span></font><br
/></b></div>
</td>
</tr>
<tr>
<td><a target="_blank"
href="http://x-email.eu//link.php?M=16248762&N=771&L=743&F=H"><img
title="marketing.jpg" alt="marketing.jpg"
src="http://x-email.eu//admin/temp/newsletters/40/marketing.jpg"
width="234" height="162" /></a></td>
</tr>
<tr>
<td class="mid3"><font size="2"><span class="menutext"><br
/></span></font></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td>
<div align="center"><b><font color="#0000ff" size="3"><a
target="_blank"
href="http://x-email.eu//sendfriend.php?
M=16248762&C=3e137d42391ba1d045b335f88128f642&L=64&N=771&F=1&i=40"
>Send
To Friends<br /></a></font></b></div>
<b><font color="#0000ff" size="3"><br /></font></b></td>
</tr>
<tr>
<td><br /></td>
</tr>
<tr>
<td align="center"><br /></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table><br/>
<br>
<img
src="http://x-email.eu//open.php?
M=16248762&L=64&N=771&F=H&image=.jpg"
height="1" width="10"></body></html>
--b1_378072e5154662e243ab95e722be3b19--
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <delivery@mx.sailthru.com>
X-Envelope-To: <linanoer888@unhas.ac.id>
X-Envelope-To-Blocked:
X-Quarantine-ID: <ebpwCL2NK7hl>
X-Spam-Flag: YES
X-Spam-Score: 7.301
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.301 tag=2 tag2=6.31 kill=6.31
tests=[BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=0.001,
HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=1.457,
MIME_HTML_ONLY_MULTI=0.001, MPART_ALT_DIFF=0.739,
RDNS_DYNAMIC=0.1,
SPF_FAIL=5]
Received: from mail.unhas.ac.id ([127.0.0.1])
by localhost (mail.unhas.ac.id [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id ebpwCL2NK7hl for <linanoer888@unhas.ac.id>;
Thu, 6 Jan 2011 03:06:12 +0800 (CIT)
X-Original-Helo: mx-69-28-218-148.sailthru.com (iRedMail:
http://www.iredmail.org/)
Received: from mx-69-28-218-148.sailthru.com (mx-69-28-218148.sailthru.com [69.28.218.148])
by mail.unhas.ac.id (ITCoNet) with ESMTP id 46EC653806F
for <linanoer888@unhas.ac.id>; Thu, 6 Jan 2011 03:06:11
+0800 (CIT)
Received: from mx.sailthru.com (mx-69-28-218-148.sailthru.com
[69.28.218.148])
by mx-69-28-218-148.sailthru.com (Postfix) with ESMTP id
3C416D9212B
for <linanoer888@unhas.ac.id>; Wed, 5 Jan 2011 13:58:13
-0500 (EST)
Received: from mx4.sailthru.com (mx-out.sailthru.com
[69.28.218.155])
by mx.sailthru.com (Postfix) with ESMTP id 9D0B796806B
for <linanoer888@unhas.ac.id>; Wed, 5 Jan 2011 13:58:07
-0500 (EST)
Date: Wed, 5 Jan 2011 18:58:07 +0000 (UTC)
From: The Commercial Observer <tacitelli@observer.com>
To: linanoer888@unhas.ac.id
Message-ID: <20110105185807.33770.326@sailthru.com>
Subject: The Commercial Observer NOW - Wednesday Jan. 5, 2011
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_1486143_308586252.1294253887626"
X-TM-ID: 20110105185807.33770.326
X-Info: Message sent by sailthru.com customer New York Observer
X-Info: We do not permit unsolicited commercial email
X-Info: Please report abuse by forwarding complete headers to
X-Info: abuse@sailthru.com
X-Mailer: sailthru.com
X-IADB-IP: 69.28.218.157
X-IADB-IP-REVERSE: 157.218.28.69
X-IADB-URL: http://www.isipp.com/iadb.php
X-Unsubscribe-Web: http://cb.sailthru.com/oc/q22.92/4dc609ad
List-ID: <cm.1073.69c8568123a13dec61f0d0ebf642bb12.sailthru.com>
List-Unsubscribe: http://cb.sailthru.com/oc/q22.92/4dc609ad
X-rpcampaign: stbph33770
------=_Part_1486143_308586252.1294253887626
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<title>Commercial Observer Wednesday</title>
<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3Diso-8859-=
1">
<style>
body {font-size:100%;}
h1 {font-size:2.5em;}
h2 {font-size:1.875em;}
p {font-size:0.875em;}
p{font-family:sans-serif;}=20
br{font-family:sans-serif;}=20
</style>
</head>
<body bgcolor=3D"#FFFFFF" leftmargin=3D"0" topmargin=3D"0"
marginwidth=3D"0=
" marginheight=3D"0">
<CENTER>
<table height=3D"100%" bordercolor=3D"#cccccc" cellspacing=3D"0"
cellpaddin=
g=3D"0" width=3D"850" border=3D"1">
<tbody>
<tr>
<td valign=3D"top">
<table height=3D"100%" width=3D"850" border=3D"0"
cellpadding=3D"0" cellspa=
cing=3D"0">
=09<tr>
=09=09<td colspan=3D"5">
=09=09=09<img
src=3D"http://www.observer.com/files/CO_Newsletter_03_A_Tues_=
01.gif" width=3D"850" height=3D"36" alt=3D""></td>
=09</tr>
=09
=09<tr>
=09=09<td valign=3Dtop>
=09=09=09<img
src=3D"http://www.observer.com/files/CO_Newsletter_03_A_Tues_=
02.gif" width=3D"60" height=3D"124" alt=3D""></td>
=09=09<td colspan=3D"3">
=09=09=09<img
src=3D"http://www.observer.com/files/CO_Newsletter_header.jpg=
" width=3D"730" height=3D"124" alt=3D""><P>
<font size=3D"2">Edited by Tom Acitelli | <A
HREF=3D"mailto:tacitelli@obser=
ver.com">tacitelli@observer.com</A></font><BR><BR>
</td>
=09=09<td valign=3Dtop>
=09=09=09<img
src=3D"http://www.observer.com/files/CO_Newsletter_03_A_Tues_=
04.gif" width=3D"60" height=3D"124" alt=3D""></td>
=09</tr>
=09
=09<tr>
=09=09<!--<td colspan=3D"5" WIDTH=3D"850" HEIGHT=3D"63">
=09=09=09<img border=3D"0"
src=3D"http://www.observer.com/files/spacer.gif"=
width=3D"850" height=3D"63" alt=3D""></td>-->
=09</tr>
=09
=09<tr>
=09=09<td valign=3D"top">
=09=09=09<img
src=3D"http://www.observer.com/files/CO_Newsletter_03_A_Tues_=
06_test.gif" width=3D"60" alt=3D""></td>
=09=09
=09=09<td valign=3D"top" width=3D"418">
=09=09
<table bgcolor=3D"#cccccc" border=3D"0" width=3D"100%">
<tr>
<td><div><span style=3D"font-family: arial,helvetica,sansserif;" xml=
=3D"lang"><span style=3D"color: #4379dd;"
xml=3D"lang"><strong>WEDNESDAY</s=
trong></span> <span style=3D"color: #8c8c8e;" xml=3D"lang">Jan. 5,
2011</sp=
an></div>
</td>
</tr>
</table>
=09=09=09<P>
=09=09=09<HR>
or and head of whole loans Jason Kopcak has been leading the cause
by speci=
alizing in the origination of commercial loans. Mr. Kopcak, 39,
spoke to Th=
e Commercial Observer about his outlook for 2011 and what it means
for real=
estate lending.</I>
<P>
<I>The Commercial Observer: What should we expect with regards to
commercia=
l loan originations in 2011?</I><BR>
Mr. Kopcak: On the commercial side what we're seeing already is,
from a ban=
k standpoint, you're seeing banks starting to unload their
distressed, non-=
performing commercial loans. Whether it's office, multifamily,
retail or la=
nd, you're seeing these banks selling these assets. So, banks have
gotten m=
ore realistic in their pricing, the market has rallied a bit, and
you see t=
hat banks are healthier. So they're selling. They started selling
last year=
, and 2011 should be a pretty heavy one in banks cleaning up their
balance =
sheets.
<P>
<I>Is that because of a perceived bottoming out in the market?
</I><BR>
It's a combination. It's really primarily because banks are
healthier. They=
're a lot stronger capital-wise, so you're seeing banks taking
profits now =
that they're starting to move their distressed assets out.
<P>
<I>Probably more so here in New York than elsewhere, though,
right?</I><BR>
Yeah, right. Your larger banks, your money centers, your superregional and=
regional banks=E2=80=94they're all moving assets. Your community
banks and=
tertiary banks are having a more difficult time selling their
distressed a=
ssets.
<P>
<I>How are developers securing loans besides whole mortgage loans?
</I><BR>
We're seeing people buy in on the mezzanine pieces now. So we're
seeing tha=
t market start to come back together. Slowly. But we have clients
that are =
looking to buy B pieces, or they'll invest in new mezzanine. So
the market =
is starting to come back together. It's still in the early stages,
but we'r=
e starting to see activity there.
<P>
<I>And will we continue to see banks practice a so-called "extendand-prete=
nd" strategy?</I><BR>
There will be a lot of it in 2011 still. I think it will taper off
in 2012.=
Again, the banks are just now getting proactive. There are still
a lot of =
banks just at the beginning, so with that they still have to
extend-and-pre=
tend to get through the turbulence. We're at the beginning stages.
I would =
say we're in the third or fourth inning of the crisis.
=09=09=09<P>
=09=09=09<HR>
<span style=3D"color: #4379dd;" xml=3D"lang"><strong><span
style=3D"font-fa=
mily: arial,helvetica,sans-serif;" xml=3D"lang">
EVENTS:</span></span></strong>
<HR><P>
<B>Tuesday, January 11</B><BR>
<I>New York Commercial Real Estate Women "Global Trends in the
2011 Real Es=
tate Capital Markets," offices of Crowell & Moring LLP, 590
Madison Avenue,=
20th floor, 6:30 p.m., call 212-223-4000 for more info</I>
<P>
<I>Real Estate Board of New York breakfast, the Mendik Education
Center, 57=
0 Lexington Avenue., 9:30 a.m., contact Angela Donovan at 212-5323100 or e=
mail her at adonovan@rebny.com for more info</I>
<P>
Banner photography by William Warby
<P>
</td>
=09=09<td valign=3Dtop>
=09=09=09<img
src=3D"http://www.observer.com/files/CO_Newsletter_03_A_Tues_=
08.gif" width=3D"13" alt=3D""></td>
<td valign=3D"top">
<A HREF=3D"http://cb.sailthru.com/q22.92/TSSpRcRkXSmo1EeBb8f3"><img border=
=3D"0" src=3D"http://www.observer.com/files/SLGCorpAd.jpg"
width=3D"300" he=
ight=3D"600" alt=3D""></A>
<BR><BR>
<A HREF=3D"http://cb.sailthru.com/q22.92/TSSpRcRkXSmp1EeBa5b5"><img border=
=3D0 src=3D"http://www.observer.com/files/TRI-1619-CorpAd2010300x600.jpg" =
width=3D"300" height=3D"600" alt=3D""></A>
<BR><BR>
<A HREF=3D"http://cb.sailthru.com/q22.92/TSSpRcRkXSmq1EeB7c89"><img border=
=3D"0" src=3D"http://www.observer.com/files/FlatRate300x250_A.jpg"
width=3D=
"300" height=3D"600" alt=3D""></A>
<BR><BR>
<A HREF=3D"http://cb.sailthru.com/q22.92/TSSpRcRkXSmr1EeBca1f"><img border=
=3D"0" src=3D"http://www.observer.com/files/Tower56_300x600.gif"
width=3D"3=
00" height=3D"600" alt=3D""></A>
<BR><BR>
<A HREF=3D"http://cb.sailthru.com/q22.92/TSSpRcRkXSms1EeB8be1"><img border=
=3D"0" src=3D"http://www.observer.com/files/commobs-0410300x600_01.gif" wi=
dth=3D"300" height=3D"600" alt=3D""></A>
=09=09=09</td>
=09=09
=09=09<td>
=09=09=09<img
src=3D"http://www.observer.com/files/CO_Newsletter_03_A_Tues_=
10_test.gif" width=3D"60" alt=3D""></td>
=09</tr>
=09<tr>
=09=09<td colspan=3D"5">
=09=09=09<img
src=3D"http://www.observer.com/files/CO_Newsletter_03_A_Tues_=
01.gif" width=3D"850" height=3D"36" alt=3D""></td>
=09</tr>
=09
</table>
</td>
</tr>
</table>
<!-- End ImageReady Slices -->
<a href=3D"http://sailthru.com"><img
src=3D"http://cb.sailthru.com/img/q22.=
92/1b61a420.gif" alt=3D"" border=3D"0" /></a>
</body>
</html>
<small>
<P>This email was sent to linanoer888@unhas.ac.id by The New York
Observer =
LLC, 321 W. 44th St. 6th Floor New York, NY 10036. <a
href=3D"http://cb.sai=
lthru.com/forward/q22.92/732d9f64">Forward this email</A> to a
friend.
<P> You may unsubscribe at any time by clicking <a
href=3D"http://cb.sailth=
ru.com/oc/q22.92/4dc609ad">this link</A>. You can also read our <a
href=3D"=
http://cb.sailthru.com/q22.92/TSSpRcRkXSmt1-EeB1177">Privacy
Policy</a>.</s=
mall>
</p>
------=_Part_1486143_308586252.1294253887626--
NO.
AREA
TESTED
DESCRIPTION OF
TEST
TEST NAME
DEFAULT
SCORES
(local, net,
with bayes,
with
bayes+net)
1000
body
GTUBE
body
Incorporates a tracking ID
number
TRACKER_ID
body
WEIRD_QaUOTING
body
EMAIL_ROT13
body
MPART_ALT_DIFF
body
MPART_ALT_DIFF_C
OUNT
2.699 2.696
2.000 2.003
2.799 2.796
1.428 1.396
1.600 1.680
1.850 2.000
2.498 1.143
1.456 0.739
2.899 1.882
1.500 1.110
body
BLANK_LINES_80_9
0
body
eval:tvd_vertical_words('0','
10')
TVD_SPACE_RATIO
body
eval:check_ma_non_text()
MULTIPART_ALT_N
ON_TEXT
2.899 2.899
2.307 2.219
2.699 2.696
2.699 2.696
10
body
CHARSET_FARAWA
Y
3.2
11
rawbody
MIME_BASE64_BLA
NKS
12
rawbody
MIME_BASE64_TEX
T
13
body
MISSING_MIME_HB
_SEP
0.221 0.001
0.016 0.041
2.701 2.796
1.709 1.753
2.599 2.699
2.205 2.119
14
body
MIME_HTML_MOST
LY
0.001
15
body
MIME_HTML_ONLY
16
rawbody
MIME_QP_LONG_LI
NE
2.299 1.672
1.925 1.457
2.499 1.819
1.500 1.396
17
body
MIME_BAD_ISO_CH
ARSET
18
body
HTTPS_IP_MISMATC
H
3.363 2.831
2.768 0.346
2.697 2.896
2.899 2.897
19
body
URI_TRUNCATED
0.001
20
header
ALL_TRUSTED
-6.265
21
header
NO_RELAYS
-0.001
22
header
NJABL: sender is
confirmed open relay
RCVD_IN_NJABL_R
ELAY
23
header
NJABL: sender is
confirmed spam source
RCVD_IN_NJABL_SP
AM
0 1.841 0
2.696
0 3.096 0
2.072
24
header
header
RCVD_IN_NJABL_M
ULTI
RCVD_IN_NJABL_C
GI
25
26
header
RCVD_IN_NJABL_PR
OXY
27
header
RCVD_IN_SORBS_H
TTP
28
header
RCVD_IN_SORBS_S
OCKS
29
header
RCVD_IN_SORBS_M
ISC
0 1.693 0
1.643
0 0.001 0
0.001
0 0.182 0
0.801
0 0.001 0
0.353
30
header
RCVD_IN_SORBS_S
MTP
31
header
SORBS: sender is a
abuseable web server
RCVD_IN_SORBS_W
EB
0 1.117 0
0.619
32
header
header
RCVD_IN_SORBS_B
LOCK
RCVD_IN_SORBS_Z
OMBIE
33
34
header
RCVD_IN_SORBS_D
UL
35
header
RCVD_IN_SBL
36
header
RCVD_IN_XBL
37
header
RCVD_IN_PBL
38
header
DNS_FROM_RFC_DS
N
39
header
Envelope sender in
bogusmx.rfc-ignorant.org
DNS_FROM_RFC_BO
GUSMX
0 1.615 0
0.877
0 2.810 0
1.551
0 2.896 0
3.033
0 0.509 0
0.905
0 2.527 0
1.495
0 2.125 0
1.482
40
header
CompleteWhois: sender on
bogons IP block
RCVD_IN_WHOIS_B
OGONS
41
header
CompleteWhois: sender on
hijacked IP block
RCVD_IN_WHOIS_HI
JACKED
42
header
CompleteWhois: sender on
invalid IP block
RCVD_IN_WHOIS_IN
VALID
43
header
RCVD_IN_DSBL
44
header
DNS_FROM_AHBL_
RHSBL
45
header
Envelope sender in
blackholes.securitysage.com
DNS_FROM_SECURI
TYSAGE
46
header
RCVD_IN_BL_SPAM
COP_NET
47
header
RCVD_IN_MAPS_RB
L
48
header
RCVD_IN_MAPS_DU
L
49
header
RCVD_IN_MAPS_RS
S
50
header
RCVD_IN_MAPS_NM
L
51
header
header
53
header
54
header
55
header
56
header
RCVD_IN_BSP_TRUS
TED
RCVD_IN_BSP_OTH
ER
RCVD_IN_IADB_VO
UCHED
HABEAS_ACCREDIT
ED_COI
HABEAS_ACCREDIT
ED_SOI
HABEAS_CHECKED
0 -4.3 0 -4.3
52
0 1.000 0
1.000
0 1.199 0
0.400
0 0.753 0
0.961
0 2.025 0
0.692
0 0.127 0
0.001
0 2.188 0
1.960
57
header
SUBJECT_DRUG_GA
P_C
58
header
SUBJECT_DRUG_GA
P_L
0 -0.2 0 -0.2
0.001 0.001
0.508 0.003
1.047 1.831
2.407 2.515
59
header
SUBJECT_DRUG_GA
P_S
60
header
SUBJECT_DRUG_GA
P_VA
61
header
SUBJECT_DRUG_GA
P_X
1.876 2.596
1.035 1.014
1.478 2.052
2.298 1.766
0 -0.1 0 -0.1
0 -2.2 0 -2.2
0 -8.0 0 -8.0
0 -4.3 0 -4.3
62
body
DRUG_DOSAGE
63
body
DRUG_ED_CAPS
64
body
DRUG_ED_SILD
65
body
DRUG_ED_GENERIC
66
body
DRUG_ED_ONLINE
67
body
Online Pharmacy
ONLINE_PHARMAC
Y
68
body
No prescription needed
NO_PRESCRIPTION
69
body
VIA_GAP_GRA
70
body
71
header
72
header
73
header
74
header
75
header
76
header
77
header
78
header
79
header
80
header
81
header
2.514 0.128
1.621 1.623
0.329 1.540
2.417 0.322
0.001 0.001
1.026 1.185
3.286 3.314
2.001 1.558
1
2.701 1.484
0.057 0.001
2.573 2.757
2.944 2.619
2.203 1.053
2.004 0.133
DRUGS_SMEAR1
RDNS_NONE
0.1
FAKE_HELO_MAIL_
COM_DOM
3.199 3.196
2.812 3.199
HELO_DYNAMIC_IP
ADDR
4.399 2.935
2.643 2.426
HELO_DYNAMIC_D
HCP
2.298 1.520
1.536 1.398
HELO_DYNAMIC_H
CC
4.299 4.295
4.299 4.295
HELO_DYNAMIC_R
OGERS
HELO_DYNAMIC_DI
ALIN
3.999 3.995
3.999 3.384
HELO_DYNAMIC_H
EXIP
3.099 3.099
3.100 2.204
HELO_DYNAMIC_SP
LIT_IP
4.199 4.199
4.199 3.493
HELO_DYNAMIC_IP
ADDR2
4.399 4.395
4.400 4.395
3.600 3.599
3.599 3.595
HELO_DYNAMIC_C
HELLO_NL
(Chello.nl)
82
header
83
header
84
header
85
HELO_DYNAMIC_H
OME_NL
3.499 3.496
3.499 3.463
FAKE_HELO_MSN
FAKE_HELO_MAIL_
COM
1.755 0.220
2.600 1.317
header
FAKE_HELO_EMAIL
_COM
86
header
FAKE_HELO_EXCIT
E
87
header
FAKE_HELO_LYCOS
2.599 2.552
2.599 2.598
2.459 2.432
2.497 2.599
88
header
89
header
Partial message
90
header
91
header
92
header
93
header
94
header
95
header
96
header
97
header
Message-ID has
ALLCAPS@yahoo.com
98
header
Message-ID is unusually
short
99
header
Message-ID contains
multiple '@' characters
100
header
101
header
FAKE_HELO_YAHOO
_CA
FRAGMENTED_MES
SAGE
1
2.5
2.215 2.212
2.100 0.760
2.302 0.723
FROM_STARTS_WIT
H_NUMS
1.232 1.499
2.601 1.145
FROM_OFFERS
2.699 0.001
2.199 0.499
FROM_NO_USER
2.081 1.483
2.160 1.333
PLING_QUERY
1.400 1.390
4.199 4.195
MSGID_SPAM_CAPS
4.199 4.195
2.861 1.637
MSGID_SPAM_LETT
ERS
0.866 1.188
MSGID_YAHOO_CAP 1.197 0.448
S
2.921 3.107
0.200 0.232
MSGID_SHORT
0.690 1.078
1.221 1.211
MSGID_MULTIPLE_
AT
1.571 1.449
2.057 1.031
DATE_SPAMWARE_
Y2K
2.912 2.883
2.303 1.651
INVALID_DATE
1.329 1.245
FROM_BLANK_NAM
E
0.197 0.243
2.284 2.191
1.704 0.862
1.583 2.079
2.601 2.065
2.265 2.696
102
header
INVALID_DATE_TZ_
ABSURD
103
header
INVALID_TZ_CST
104
header
INVALID_TZ_EST
105
header
header
ENGLISH_UCE_SUBJ
ECT
JAPANESE_UCE_SU
BJECT
106
107
header
KOREAN_UCE_SUBJ
ECT
3.099 1.111
2.114 2.962
108
header
109
header
110
111
header
header
FORGED_TELESP_R
CVD
NONEXISTENT_CHA
RSET
MISSING_MID
MISSING_DATE
112
header
GAPPY_SUBJECT
113
header
PREVENT_NONDELI
VERY
114
header
X_IP
115
header
SUBJ_AS_SEEN
116
header
SUBJ_DOLLARS
117
header
SUBJ_YOUR_DEBT
118
header
SUBJ_YOUR_FAMIL
Y
119
header
RCVD_FAKE_HELO_
DOTCOM
120
header
SUBJECT_DIET
121
header
EXTRA_MPART_TYP
E
122
header
MIME_BOUND_DD_
DIGITS
123
header
MIME_BOUND_DIGI
TS_15
3.869 4.199
3.386 1.466
2.899 2.896
2.899 2.896
1
0.001
0.001
2.104 2.001
0.941 1.020
1.515 1.640
1.737 1.600
2.840 1.943
2.744 3.177
1
2.399 0.842
1.501 1.421
2.899 2.896
2.576 2.622
2.799 2.647
2.000 1.043
2.789 2.775
2.899 2.592
2.527 1.621
2.084 1.466
0.001 0.001
1.472 0.803
0.001 0.001
0.001 1.170
124
header
MIME_BOUND_MAN
Y_HEX
125
header
TO_MALFORMED
126
header
WITH_LC_SMTP
127
header
SUBJ_BUY
128
header
RCVD_AM_PM
129
header
FAKE_OUTBLAZE_R
CVD
130
header
UNCLOSED_BRACK
ET
131
header
FROM_DOMAIN_NO
VOWEL
132
header
FROM_LOCAL_NOV
OWEL
133
header
FROM_LOCAL_HEX
134
header
FROM_LOCAL_DIGI
TS
135
header
X_PRIORITY_CC
136
header
BAD_ENC_HEADER
137
header
CHARSET_FARAWA
Y_HEADER
3.2
138
header
SUBJ_ILLEGAL_CHA
RS
139
header
FROM_ILLEGAL_CH
ARS
140
header
HEAD_ILLEGAL_CH
ARS
141
header
FORGED_HOTMAIL_
RCVD2
142
header
FORGED_YAHOO_R
CVD
143
header
SORTED_RECIPS
1.173 1.527
1.954 1.586
2.922 3.999
3.999 3.995
3.799 3.729
3.799 3.622
1.947 1.117
1.498 1.502
2.299 1.408
1.889 2.297
2.925 1.800
1.972 1.125
1
2.702 0.900
0.999 0.001
1.529 1.688
2.833 0.545
3.499 3.496
3.304 2.271
2.687 2.083
1.580 2.206
3.000 3.099
2.999 2.592
3.199 3.196
3.199 3.196
2.602 2.733
1.432 1.399
0.001
2.599 1.492
2.599 2.596
3.499 2.870
1.947 1.810
144
header
145
header
146
header
147
header
148
header
149
header
150
header
151
header
152
header
153
header
154
header
155
header
156
header
157
header
158
header
159
header
160
header
161
header
162
header
163
header
3.199 3.196
2.299 2.912
1.899 1.581
Missing To: header
MISSING_HEADERS
1.500 1.292
Received: says mail sent
ROUND_THE_WORL 2.699 2.696
around the world (HELO)
D_LOCAL
2.700 2.696
Date: is 3 to 6 hours before
DATE_IN_PAST_03_0 2.299 1.394
Received: date
6
1.306 0.044
Date: is 6 to 12 hours before DATE_IN_PAST_06_1 2.504 1.854
Received: date
2
1.499 1.069
Date: is 12 to 24 hours
DATE_IN_PAST_12_2 2.499 1.770
before Received: date
4
1.503 0.992
Date: is 24 to 48 hours
DATE_IN_PAST_24_4 2.300 1.627
before Received: date
8
1.498 1.219
Date: is 96 hours or more
DATE_IN_PAST_96_X 2.952 2.320
before Received: date
X
1.800 1.690
Date: is 3 to 6 hours after
DATE_IN_FUTURE_0 2.303 0.416
Received: date
3_06
1.461 0.274
Date: is 6 to 12 hours after
DATE_IN_FUTURE_0 3.099 3.099
Received: date
6_12
2.136 1.897
Date: is 12 to 24 hours after DATE_IN_FUTURE_1 3.300 3.299
Received: date
2_24
3.000 2.189
Date: is 24 to 48 hours after DATE_IN_FUTURE_2 3.599 2.800
Received: date
4_48
3.599 3.196
Date: is 48 to 96 hours after DATE_IN_FUTURE_4 3.199 3.182
Received: date
8_96
3.199 3.199
Date: is 96 hours or more
DATE_IN_FUTURE_9 3.899 3.899
after Received: date
6_XX
2.598 1.439
2.801 3.325
Headers contain an
UNRESOLVED_TEM
unresolved template
PLATE
3.499 3.132
2.299 1.806
Subject is all capitals
SUBJ_ALL_CAPS
1.926 2.077
2.499 2.497
Local part of To: address
LOCALPART_IN_SU
appears in Subject
BJECT
1.641 2.020
Message-Id is fake (in
MSGID_OUTLOOK_I 2.899 2.896
Outlook Express format)
NVALID
2.899 2.899
2.699 0.671
Multiple Content-Type
HEADER_COUNT_C
headers found
TYPE
2.390 3.026
Similar addresses in
recipient list
SUSPICIOUS_RECIPS
HEAD_LONG
2.5
164
header
165
header
166
header
167
header
168
header
169
header
170
rawbody
171
body
172
body
173
body
174
body
175
body
176
body
177
body
178
body
179
body
180
MISSING_HB_SEP
2.5
UNPARSEABLE_REL
AY
0.001
2.401 2.320
2.627 2.837
2.599 2.599
Received: contains an IP
RCVD_NUMERIC_H
address used for HELO
ELO
2.272 2.067
3.199 3.196
Received: contains illegal IP
RCVD_ILLEGAL_IP
address
2.902 1.908
Host HELO'd as a big ISP,
NO_RDNS_DOTCOM 2.411 0.799
but had no rDNS
_HELO
0.000 0.001
2.499 2.213
Javascript to hide URLs in
HIDE_WIN_STATUS
browser
2.499 2.499
HTML included in message
HTML_MESSAGE
0.001
HTML comment is very
HTML_COMMENT_S 0.001 0.001
short
HORT
0.032 0.727
HTML message is a saved
HTML_COMMENT_S 1.677 1.820
web page
AVED_URL
0.492 0.114
1.083 0.440
HTML with embedded
HTML_EMBEDS
plugin object
0.001 0.056
1.041 1.089
HTML contains far too
HTML_EXTRA_CLO
many close tags
SE
2.502 2.809
HTML_FONT_SIZE_L 0.147 0.001
HTML font size is large
ARGE
0.001 0.001
0.804 0.389
HTML_FONT_SIZE_
HTML font size is huge
HUGE
0.001 0.057
0.131 0.543
HTML font color similar to
HTML_FONT_LOW_
background
CONTRAST
0.663 0.124
HTML font face is not a
HTML_FONT_FACE_ 0.923 0.606
word
BAD
0.650 0.884
Received: HELO and IP do
not match, but should
RCVD_HELO_IP_MIS
MATCH
body
HTML_FORMACTIO
N_MAILTO
181
body
HTML_IMAGE_ONL
Y_04
182
body
HTML_IMAGE_ONL
Y_08
183
body
HTML_IMAGE_ONL
Y_12
184
body
HTML_IMAGE_ONL
Y_16
2.502 1.462
1.875 2.041
2.554 2.432
2.045 1.787
2.552 2.245
2.779 2.460
2.646 2.498
2.078 1.526
2.401 1.808
1.500 1.546
2.400 2.207
1.501 1.552
2.500 1.519
2.115 1.561
2.353 1.318
2.004 1.778
1.518 0.550
0.573 0.383
1.561 0.170
0.863 0.172
0.401 0.001
0.501 0.001
0.203 0.001
0.179 0.001
0.638 0.572
0.000 0.001
2.600 3.196
2.487 2.601
3.199 2.747
3.199 3.196
2.599 2.599
2.214 1.362
185
body
HTML_IMAGE_ONL
Y_20
186
body
HTML_IMAGE_ONL
Y_24
187
body
HTML_IMAGE_ONL
Y_28
188
body
HTML_IMAGE_ONL
Y_32
189
body
HTML_IMAGE_RATI
O_02
190
body
HTML_IMAGE_RATI
O_04
191
body
HTML_IMAGE_RATI
O_06
192
body
HTML_IMAGE_RATI
O_08
193
body
Message is 5% to 10%
HTML obfuscation
HTML_OBFUSCATE_
05_10
194
body
HTML_OBFUSCATE_
10_20
195
body
HTML_OBFUSCATE_
20_30
196
body
HTML_OBFUSCATE_
30_40
197
body
body
199
body
HTML_OBFUSCATE_
50_60
HTML_OBFUSCATE_
70_80
HTML_OBFUSCATE_
90_100
198
200
body
HTML_TAG_BALAN
CE_BODY
201
body
HTML_TAG_BALAN
CE_HEAD
1.253 0.807
1.082 1.263
2.498 1.370
0.533 1.334
202
body
203
body
204
body
205
body
HTML_TAG_EXIST_
BGSOUND
HTML_BADTAG_40_
50
HTML_BADTAG_50_
60
HTML_BADTAG_60_
70
1
1
1
1
1
1
206
body
HTML_BADTAG_90_
100
207
body
HTML_NONELEMEN
T_30_40
208
body
HTML_NONELEMEN
T_40_50
1.024 1.775
0.074 0.001
0.322 0.001
1.707 0.944
209
body
210
body
HTML_NONELEMEN
T_60_70
HTML_NONELEMEN
T_80_90
211
body
HTML_IFRAME_SRC
212
header
NO_DNS_FOR_FRO
M
0.001 0.001
0.000 0.043
0 1.407 0
1.496
213
header
ROUND_THE_WORL
D
214
body
REMOVE_BEFORE_L
INK
215
body
GUARANTEED_100_
PERCENT
216
body
DEAR_FRIEND
217
body
DEAR_SOMETHING
218
body
BILLION_DOLLARS
219
body
EXCUSE_4
220
body
EXCUSE_24
221
body
EXCUSE_REMOVE
222
body
STRONG_BUY
223
body
STOCK_ALERT
0.001 0.001
0.010 0.001
0.571 0.965
0.001 0.012
2.649 2.696
2.699 2.699
2.799 2.234
1.721 1.605
2.658 0.001
1.603 1.875
1.999 1.934
0.001 1.336
2.599 2.599
2.600 2.596
2.999 1.477
2.999 0.001
3.599 2.478
2.623 2.488
2.899 2.889
2.899 2.897
224
body
NOT_ADVISOR
225
body
PREST_NON_ACCRE
DITED
226
body
Information on growing
body parts
BODY_ENHANCEME
NT
1.799 1.608
1.499 0.309
1
1
227
body
Information on getting
larger body parts
BODY_ENHANCEME
NT2
228
body
Impotence cure
IMPOTENCE
229
body
NA_DOLLARS
230
body
Mentions millions of
(dollar) ((dollar)
NN,NNN,NNN.NN)
US_DOLLARS_3
231
body
232
body
233
body
234
body
235
body
236
body
Home refinancing
237
body
Home refinancing
238
body
No Medical Exams
239
body
240
body
Freedom of a financial
nature
241
body
242
body
FORWARD_LOOKIN
G
ONE_TIME
243
body
JOIN_MILLIONS
244
body
MARKETING_PARTN
ERS
245
body
Lowest Price
LOW_PRICE
246
body
UNCLAIMED_MONE
Y
247
body
OBSCURED_EMAIL
1.659 0.714
0.122 0.001
2.608 1.678
2.862 1.886
2.385 1.129
1.506 1.329
2.342 1.165
1.046 0.630
2.391 1.777
1.501 1.528
2.384 0.667
URG_BIZ
1.511 1.585
0.939 0.001
MONEY_BACK
0.001 0.001
FREE_QUOTE_INSTA 2.500 2.499
NT
1.499 1.496
2.602 0.325
BAD_CREDIT
1.500 0.001
REFINANCE_YOUR_ 2.699 0.001
HOME
2.699 2.039
2.393 0.169
REFINANCE_NOW
1.933 0.556
NO_MEDICAL
1
2.472 0.336
DIET_1
1.442 0.083
2.599 2.599
FIN_FREE
2.599 2.596
MILLION_USD
1
1
1.398 1.807
2.912 1.777
2.599 2.355
1.614 1.295
1.903 1.159
0.743 0.001
3.099 2.985
2.943 3.096
1.899 0.012
0.000 0.001
248
body
BANG_OPRAH
249
body
ACT_NOW_CAPS
250
body
MORE_SEX
251
body
Something is emphatically
guaranteed
BANG_GUAR
252
body
Message mentions
investment advice
INVESTMENT_ADVI
CE
253
body
MALE_ENHANCE
254
body
PRICES_ARE_AFFOR
DABLE
255
body
REPLICA_WATCH
256
body
EM_ROLEX
257
body
FREE_PORN
258
body
CUM_SHOT
259
body
LIVE_PORN
260
header
SUBJECT_SEXUAL
261
header
RATWARE_EGROUP
S
262
header
RATWARE_OE_MAL
FORMED
1
2.799 2.796
2.632 2.799
1
2.900 0.116
1.499 0.001
2.673 2.379
3.181 2.001
0.581 2.095
2.624 2.927
263
header
264
header
265
rawbody
266
header
RATWARE_MOZ_MA
LFORMED
RATWARE_MPOP_W
EBMAIL
RATWARE_HASH_D
ASH
RATWARE_GECKO_
BUILD
267
header
X_MESSAGE_INFO
268
header
HEADER_SPAM
269
header
RATWARE_RCVD_PF
1
0.948 0.001
1.259 0.792
3.699 2.321
1.631 1.183
2.002 1.237
1.500 0.939
0.001 0.001
0.421 0.042
2.600 2.596
2.599 2.596
2.195 0.001
2.444 0.001
3.399 3.396
3.399 3.396
1
1
1
1
3.499 3.496
3.330 1.597
3.399 3.396
3.399 3.396
3.899 3.895
3.900 3.847
1.918 0.650
1.741 0.213
3.799 3.795
3.799 1.529
270
header
RATWARE_RCVD_AT
271
header
RATWARE_EFROM
272
uri
/^https?:\/\/
[^\/]*\&\#(?:\d{4,}|
[3456789]\d\d);/i
HIGH_CODEPAGE_U
RI
2.5
273
uri
NUMERIC_HTTP_AD
DR
274
uri
HTTP_ESCAPED_HO
ST
275
uri
HTTP_EXCESSIVE_E
SCAPES
276
uri
Dotted-decimal IP address
followed by CGI
IP_LINK_PLUS
277
uri
WEIRD_PORT
278
uri
YAHOO_RD_REDIR
279
uri
YAHOO_DRS_REDIR
280
uri
Contains an URL-encoded
hostname (HTTP77)
HTTP_77
281
uri
SPOOF_COM2OTH
282
uri
SPOOF_COM2COM
283
uri
SPOOF_NET2COM
284
uri
URI_HEX
285
uri
URI_NOVOWEL
286
uri
URI_UNSUBSCRIBE
287
uri
URI_NO_WWW_INF
O_CGI
0.919 0.001
0.312 0.001
0.001 0.001
0.071 0.134
2.701 0.964
1.500 0.001
0.000 0.001
0.001 0.001
1.599 1.499
1.089 0.001
0.001 0.000
3.000 0.000
1.007 0.313
1.189 1.103
3.199 0.001
3.199 1.414
2.840 0.848
1.996 2.044
0.001 0.341
2.051 2.272
2.899 2.896
2.037 1.586
1.777 1.316
1.395 0.368
2.899 2.543
1.764 1.620
2.794 3.092
1.538 2.737
2.720 0.601
3.138 1.043
288
uri
URI_NO_WWW_BIZ_
CGI
289
uri
Uses a dotted-decimal IP
address in URL
NORMAL_HTTP_TO_
IP
0.101 0.001
0.001 0.001
290
body
BAYES_00
291
body
BAYES_05
292
body
BAYES_20
293
body
BAYES_40
294
body
295
body
296
body
297
body
298
body
299
header
300
body
301
body
302
full
303
header
304
header
305
header
306
header
307
header
308
header
309
header
310
header
BAYES_50
0 0 -2.312
-2.599
0 0 -1.110
-1.110
0 0 -0.740
-0.740
0 0 -0.185
-0.185
0 0 0.001
0.001
BAYES_60
0 0 1.0 1.0
BAYES_80
0 0 2.0 2.0
BAYES_95
0 0 3.0 3.0
BAYES_99
0 0 3.5 3.5
ACCESSDB
MICROSOFT_EXECU
TABLE
MIME_SUSPECT_NA
ME
0.1
0.1
DCC_CHECK
0 1.37 0
2.17
DKIM_SIGNED
0.001
DKIM_VERIFIED
-0.001
DKIM_POLICY_TEST
ING
0.001
DKIM_POLICY_SIGN
SOME
0.001
DKIM_POLICY_SIGN
ALL
0.001
DK_SIGNED
0.001
DK_VERIFIED
-0.001
DK_POLICY_TESTIN
G
0.001
311
header
312
header
313
header
314
header
315
header
316
header
317
header
318
header
319
header
320
header
321
full
322
full
323
full
324
full
325
DK_POLICY_SIGNSO
ME
DK_POLICY_SIGNA
LL
0.001
HASHCASH_20
-0.5
HASHCASH_21
-0.7
HASHCASH_22
-1
HASHCASH_23
-2
HASHCASH_24
-3
HASHCASH_25
-4
HASHCASH_HIGH
-5
HASHCASH_2SPEND
0.1
PYZOR_CHECK
0 2.834 0
3.700
0.001
RAZOR2_CHECK
0 0.5 0 0.5
RAZOR2_CF_RANGE
_51_100
RAZOR2_CF_RANGE
_E4_51_100
RAZOR2_CF_RANGE
_E8_51_100
0 0.5 0 0.5
full
Listed in Pyzor
(http://pyzor.sf.net/)
Listed in Razor2
(http://razor.sf.net/)
Razor2 gives confidence
level above 50%
Razor2 gives engine 4
confidence level above 50%
Razor2 gives engine 8
confidence level above 50%
326
header
SUBJECT_FUZZY_M
EDS
3.800 2.812
3.799 3.799
327
header
SUBJECT_FUZZY_C
HEAP
328
header
SUBJECT_FUZZY_PE
NIS
329
header
SUBJECT_FUZZY_TI
ON
3.099 1.308
3.100 3.096
1.100 0.410
0.749 0.156
330
body
FUZZY_AFFORDABL
E
331
body
FUZZY_AMBIEN
1.520 0.962
0.195 1.026
332
body
FUZZY_BILLION
333
body
FUZZY_CPILL
0.001
334
body
FUZZY_CREDIT
1.696 0.522
0.740 1.238
0 1.5 0 1.5
0 1.5 0 1.5
335
body
FUZZY_ERECT
336
body
FUZZY_GUARANTE
E
337
body
FUZZY_MEDICATIO
N
338
body
FUZZY_MILLION
339
body
FUZZY_MONEY
340
body
FUZZY_MORTGAGE
341
body
FUZZY_OBLIGATIO
N
342
body
FUZZY_OFFERS
343
body
FUZZY_PHARMACY
344
body
FUZZY_PHENT
345
body
FUZZY_PRESCRIPT
346
body
FUZZY_PRICES
347
body
FUZZY_REFINANCE
348
body
349
body
350
body
351
body
352
body
353
body
354
body
FUZZY_VPILL
355
body
FUZZY_XPILL
356
header
SPF_PASS
2.529 0.708
1.736 0.804
2.496 0.962
2.899 1.252
0.307 0.001
2.637 2.717
2.173 2.325
1.797 2.529
2.799 2.796
2.799 2.799
3.299 3.296
3.036 1.880
2.799 2.796
2.799 2.469
3.299 1.032
2.199 1.246
2.999 2.999
2.090 1.704
1
2.699 2.644
1.704 1.604
2.801 2.458
1.665 1.304
2.102 0.001
0.505 0.001
FUZZY_REMOVE
FUZZY_ROLEX
FUZZY_SOFTWARE
2.797 2.860
3.169 3.471
FUZZY_THOUSAND
S
FUZZY_VLIUM
0.001
FUZZY_VIOXX
1
1.004 0.001
0.480 0.687
3.399 3.314
1.549 1.746
-0.001
record
2.199 1.210
0.756 0.686
2.600 0.992
1.669 0.693
2.301 0.654
0.698 0.596
357
header
SPF_NEUTRAL
358
header
SPF_FAIL
359
header
SPF_SOFTFAIL
360
header
SPF_HELO_PASS
-0.001
361
header
SPF_HELO_NEUTRA
L
362
header
SPF_HELO_FAIL
363
header
SPF_HELO_SOFTFAI
L
2.231 2.000
0.744 0.576
2.298 0.365
0.540 0.001
2.599 1.533
1.427 0.841
364
body
UNWANTED_LANGU
AGE_BODY
2.8
365
body
Message written in an
undesired language
Body includes 8 consecutive
8-bit characters
BODY_8BITS
1.5
366
body
URIBL_SBL
367
body
URIBL_SC_SURBL
368
body
URIBL_WS_SURBL
369
body
URIBL_PH_SURBL
370
body
URIBL_OB_SURBL
371
body
URIBL_AB_SURBL
372
body
URIBL_JP_SURBL
373
body
URIBL_BLACK
374
body
375
body
376
header
377
header
378
header
0 2.468 0
1.499
0 2.523 0
0.474
0 2.100 0
1.500
0 2.035 0
1.787
0 2.132 0
1.500
0 1.613 0
1.860
0 2.857 0
1.501
0 1.961 0
1.955
URIBL_GREY
0.25
URIBL_RED
0.001
AWL
USER_IN_BLACKLIS
T
USER_IN_WHITELIS
T
100
-100
header
USER_IN_DEF_WHIT
ELIST
USER_IN_BLACKLIS
T_TO
USER_IN_WHITELIS
T_TO
USER_IN_MORE_SP
AM_TO
USER_IN_ALL_SPAM
_TO
USER_IN_DK_WHIT
ELIST
USER_IN_DEF_DK_
WL
USER_IN_DKIM_WH
ITELIST
USER_IN_DEF_DKIM
_WL
USER_IN_SPF_WHIT
ELIST
USER_IN_DEF_SPF_
WL
SUBJECT_IN_WHITE
LIST
SUBJECT_IN_BLACK
LIST
392
header
APOSTROPHE_FRO
M
393
header
Message-Id =~ /^<[0-9]
{12}\.[0-9]{12}\@/
AXB_XMID_1212
394
header
Message-Id =~ /<[0-9A-F]
{15}\.[0-9A-F]{10}\@/
AXB_XMID_1510
395
header
396
header
397
header
398
header
399
400
379
header
380
header
381
header
382
header
383
header
384
header
385
header
386
header
387
header
388
header
389
header
390
header
391
Message-ID =~ /^<[0-9-a-f]
{12}\(dollar) [0-9-a-f]{8}\
(dollar) [0]{8}\@/
Received =~ /\([123456790]
{1,2}\.[0-9]{1,2}\.[0-9]{1}\/
[0-9]{1,2}\.[0-9]{2}\.[0-9]
{1}\)/
-15
10
-6
-20
-100
-100
-7.5
-100
-7.5
-100
-7.5
-100
100
0.002 0.001
1.597 0.001
3.899 3.899
3.899 3.496
4.299 4.295
3.893 3.015
AXB_XMID_OEGOE
SNULL
4.291 4.216
1.083 2.034
AXB_XM_SENDMAI
L_NOT
Received =~ /\(8\.12\.3 da
nor stuldap\/8\.12\.3\)/
AXB_XR_STULDAP
3.199 3.196
3.199 3.004
AXB_XTIDX_CHAIN
body
BANKING_LAWS
body
eval:check_base64_length('
78','79')
BASE64_LENGTH_78
_79
3.099 3.096
2.900 2.002
3.699 3.699
3.133 2.783
401
body
eval:check_base64_length('
79')
BASE64_LENGTH_79
_INF
402
body
/^\xEF\xBB\xBFMessageID:/
BROKEN_RATWARE
_BOM
Content-Type =~ /multipart.
{0,200}boundary=\"---=_NextPart_000_0001_01C
[0-9A-F]{5}\.[0-9A-F]
{7}0\"/
Content-Type =~ /multipart.
{0,200}boundary=\"---=_NextPart_000_0000_01C
[0-9A-F]{5}\.[0-9A-F]
{7}0\"/
3.900 2.763
2.962 1.496
2.699 2.267
2.440 2.473
CTYPE_001C_A
2.299 2.319
1.500 1.498
CTYPE_001C_B
403
header
404
header
405
body
/\bCurrent Price:/
CURR_PRICE
406
body
/\bdear.{1,20}winner/i
DEAR_WINNER
407
full
/<DIV align=3Dcenter><A
href=3D=\n/
DIV_CENTER_A_HR
EF
408
header
DNS_FROM_DOB
409
header
DNS_FROM_OPENW
HOIS
410
body
411
body
412
body
413
uri
DOS_PROVISION4
DOS_REPORT_FIN_I
NC
DOS_STOCK_CDYV_
GENERIC
DOS_URI_ASTERISK
414
header
Subject =~ /\bhoodia\b/i
DRUGS_HDIA
415
body
FB_ADD_INCHES
416
body
FB_ALMOST_SEX
417
body
FB_ANA_TRIM
418
body
Phrase: A_U_N_I
FB_ANUI
419
body
Phrase: [BM]Illi0n
FB_BILLI0N
420
body
Phrase: C0mpany
FB_C0MPANY
4.161 2.659
1.412 1.588
3.199 3.196
3.199 3.197
3.799 3.795
3.799 2.590
0 0.341 0
0.732
0 2.431 0
1.130
1.5
0.5
2.5
1
2.529 2.501
2.483 2.697
2.999 2.999
2.620 2.131
3.099 3.096
2.841 2.110
3.999 3.995
3.797 3.764
0.431 1.618
2.634 0.823
1
2.799 2.106
2.799 2.455
421
body
FB_CAN_LONGER
422
body
FB_CIALIS_LEO3
423
body
FB_DOUBLE_0WOR
DS
424
body
FB_EMAIL_HIER
425
body
FB_EXTRA_INCHES
426
body
427
body
428
body
Phrase: Farmacy
FB_FHARMACY
429
body
FB_FORWARD_LOO
K
430
body
FB_GAPPY_ADDRES
S
431
body
FB_GET_MEDS
432
body
FB_GVR
433
body
FB_HEY_BRO_COM
MA
434
body
Phrase: HGH
FB_HG_H_CAP
435
body
FB_HOMELOAN
436
body
FB_IMPRESS_GIRL
437
body
FB_INCREASE_YOU
R
438
body
FB_INDEPEND_RWD
439
body
Phrase: L0an
FB_L0AN
440
body
FB_LETTERS_21B
441
body
FB_LOWER_PAYM
442
body
Phrase: Med1cat
FB_MED1CAT
1.403 1.309
0.474 0.442
2.628 2.815
3.001 1.441
3.599 3.595
3.599 3.533
0.342 1.203
2.941 2.189
1.234 3.096
2.081 2.442
FB_FAKE_NUMBERS
FB_FAKE_NUMS4
1
3.699 3.695
2.819 3.576
0.000 0.000
3.000 1.000
3.399 3.399
3.399 2.674
3.599 1.097
1.501 0.803
0.469 0.001
0.001 0.127
3.099 2.783
3.099 2.331
1.885 0.887
0.007 0.274
2.487 2.014
2.003 0.710
2.197 1.757
1.964 2.581
3.399 3.396
3.399 3.396
3.599 3.599
3.600 3.595
1
3.999 3.999
3.999 3.995
3.000 2.996
2.999 2.996
1
443
body
FB_MEDS_PERCENT
444
body
FB_MORE_SIZE
445
body
FB_NOT_PHONE_NU
M1
446
body
FB_NOT_PHONE_NU
M3
447
body
FB_NOT_SCHOOL
448
body
Phrase: no prescription
needed.
FB_NO_SCRIP_NEED
ED
449
body
Speaks of teenager.
FB_NUMYO
450
body
FB_NUMYO2
451
body
FB_ODD_SPACED_M
ONEY
452
body
Mis-spelled online
FB_ONIINE
453
body
Phrase: p1ll
FB_P1LL
454
body
FB_PENIS_GROWTH
455
body
FB_PIPEDOLLAR
456
body
457
body
FB_PIPE_ILLION
FB_PROLONGED_H
ARD
458
body
FB_QUALITY_REPLI
CA
3.899 3.899
3.899 2.949
459
body
FB_REF_CODE_SPAC
E
3.599
460
body
Phrase: REPLICA
461
body
462
body
Phrase: Roller is th
463
body
Phrase: rolx
464
body
Phrase: Softabs
465
body
Phrase: F R E E
466
body
1
1.166 1.422
2.013 0.397
2.600 2.599
2.599 2.596
2.599 2.596
2.599 2.599
3.099 2.312
1.868 2.961
3.088 2.458
2.403 3.228
2.400 2.397
2.399 2.397
1
2.303 2.723
2.697 1.959
1
0.467 1.088
1.552 1.814
1
2.599 2.430
2.599 2.599
1
1
4.000 3.995
3.567 3.242
2.699 2.696
FB_RE_FI
2.699 2.696
FB_ROLLER_IS_T
1
0.000 0.000
FB_ROLX
3.000 1.000
4.299 4.281
FB_SOFTTABS
4.064 3.513
FB_SPACED_FREE
1
2.899 2.896
FB_SPACED_PHN_3B
2.899 2.896
FB_REPLIC_CAP
467
body
Looks like a s p a c e d
zipcode.
FB_SPACEY_ZIP
468
body
Phrase: SPUR-M
FB_SPUR_M
469
body
Phrase: ssex
FB_SSEX
470
body
FB_STOCK_EXPLOD
E
471
472
body
body
Mis-spelled symbol.
FB_SYMBLO
FB_THIS_ADVERT
473
body
FB_THOUS_PERSON
AL
474
body
FB_TO_STOP_DISTR
O
475
body
FB_ULTRA_ALLURE
476
body
FB_UNLOCK_YOUR
_G
477
body
Pattern Replacement
PROV_D
FB_UNRESOLV_PRO
V
2.687 1.785
3.099 1.680
1
2.019 2.001
2.556 2.489
2.699 2.696
1.927 1.833
1
1
0.000 0.000
3.000 1.000
3.099 3.096
3.099 3.096
2.999 2.841
2.374 2.999
2.699 2.696
2.618 2.002
1.606 1.132
2.429 0.765
478
body
FB_WORD1_END_D
OLLAR
479
body
FB_YOURSELF_MAS
TER
480
body
FB_YOUR_REFI
481
header
FH_BAD_OEV1441
482
header
FH_DATE_IS_19XX
483
header
FH_DATE_PAST_20X
X
484
header
FH_FAKE_RCVD_LI
NE
485
header
FH_FROMEML_NOT
LD
486
header
FH_FROM_CASH
0.421 1.248
1.557 2.011
2.701 3.306
3.300 3.518
0.974 2.393
2.440 2.401
1.947 1.970
2.512 2.199
2.075 3.384
3.554 3.188
2.230 2.215
2.670 2.470
2.699 2.196
2.699 2.696
2.999 2.996
2.999 2.996
487
header
FH_FROM_GET_NA
ME
488
header
FH_FROM_GIVEAWA
Y
2.799 2.796
2.799 1.597
489
header
FH_FROM_HOODIA
490
header
FH_HAS_XAIMC
491
header
Has X-ID
FH_HAS_XID
492
header
FH_HELO_ALMOST_
IP
493
header
FH_HELO_ENDS_DO
T
494
header
FH_HELO_EQ_610HE
X
495
header
FH_HELO_EQ_CHAR
TER
496
header
Helo is d-d-d-d
FH_HELO_EQ_D_D_
D_D
2.699 2.696
2.699 2.696
2.699 2.699
2.699 2.696
2.400 2.399
2.399 2.397
3.222 3.727
3.463 3.565
3.599 3.020
1.395 2.308
4.099 4.099
4.099 4.095
0.359 1.258
1.495 1.044
2.399 0.498
0.561 0.001
497
header
FH_HELO_GMAILSM
TP
498
header
499
header
Host is dynamicip
500
header
501
header
Host is d-d-d-d
502
header
503
header
Host is pool-.+verizon.net
504
header
Special MSGID
505
header
Special MSGID
506
header
507
header
508
header
4.099 3.791
2.170 1.751
FH_HOST_EQ_DYNA 0.964 3.097
MICIP
3.103 4.058
2.599 1.992
FH_HOST_EQ_D_D_
D_D
1.692 1.212
0.102 0.095
FH_HOST_EQ_D_D_
D_DB
0.055 0.223
0.005 0.893
FH_HOST_EQ_PACB
ELL_D
1.479 1.670
FH_HOST_EQ_VERIZ 2.101 1.105
ON_P
0.001 0.001
4.399 4.299
FH_MSGID_000000
2.809 3.236
3.299 0.495
FH_MSGID_01C67
1.500 0.001
FH_MSGID_01C70XX 3.899 3.895
X
2.757 3.899
FH_MSGID_REPLAC 1.282 2.079
E
2.223 2.512
4.499 4.495
FH_MSGID_XXBLAH
4.319 3.390
FH_HOST_ALMOST_
IP
509
header
Message-Id = @xxx
510
header
511
header
512
header
513
header
514
body
ReplaceTags: Adobe
515
body
ReplaceTags: Bigger /
Larger, Penis / Member
516
body
ReplaceTags: Diploma
517
body
ReplaceTags: Discount
518
body
ReplaceTags: Dollar
519
520
body
body
521
body
522
body
ReplaceTags: Investor
523
body
ReplaceTags: Levitra
524
body
ReplaceTags: Meeting
525
body
526
body
527
body
528
body
ReplaceTags: Penis
529
body
ReplaceTags: Price
530
body
531
body
ReplaceTags: Rolex
3.200 3.196
3.200 2.682
2.251 1.209
FH_RE_NEW_DDD
1.526 2.687
FH_XMAIL_REPLAC 1.254 2.142
E
1.662 1.065
FH_XMAIL_RND_833
1
4.199 4.199
FM_XMAIL_F_OUT
2.643 1.815
FRT_ADOBE2
1
0.000 0.001
FRT_BIGGERMEM1
1.205 1.782
FRT_DIPLOMA
1
2.999 2.996
FRT_DISCOUNT
1.498 1.810
2.529 2.596
FRT_DOLLAR
2.133 2.366
FRT_ESTABLISH2
1
FRT_FUCK2
1
2.503 2.819
FRT_GUARANTEE1
2.144 1.253
FRT_INVESTOR
1
0.001 0.745
FRT_LEVITRA
1.685 1.814
2.700 2.699
FRT_MEETING
2.699 2.699
2.700 1.590
FRT_OFFER2
1.097 1.287
FRT_OPPORTUN1
1
2.699 2.699
FRT_OPPORTUN2
2.699 2.689
3.799 3.074
FRT_PENIS1
3.002 2.486
3.699 2.531
FRT_PRICE
3.072 3.491
2.799 2.727
FRT_REFINANCE1
0.994 0.921
3.099 3.096
FRT_ROLEX
3.099 3.096
FH_MSGID_XXX
532
body
ReplaceTags: Sexual
FRT_SEXUAL
533
534
body
body
ReplaceTags: Soma
FRT_SOMA
FRT_SOMA2
535
body
FRT_STRONG1
536
body
FRT_STRONG2
537
body
ReplaceTags: Symbol
FRT_SYMBOL
538
body
FRT_TODAY2
539
body
ReplaceTags: Valium
FRT_VALIUM1
540
body
FRT_VALIUM2
541
body
FRT_WEIGHT2
542
body
FRT_XANAX1
543
body
FRT_XANAX2
544
rawbody
FR_3TAG_3TAG
545
rawbody
FR_ALMOST_VIAG2
546
rawbody
Phrase class=cantseetext
FR_CANTSEETEXT
547
rawbody
FR_MIDER
548
header
FS_AT_NO_COST
549
header
FS_CHEAP_CAP
550
header
FS_DOLLAR_BONUS
551
header
Phrase: ejaculation in
subject.
FS_EJACULA
552
header
FS_ERECTION
553
header
FS_HUGECOCK
3.199 3.196
3.199 3.142
1
1
3.699 2.919
2.712 2.976
1.302 0.001
2.745 3.096
1.902 3.561
2.587 2.943
2.523 2.460
3.246 2.382
3.096 3.049
0.664 1.590
1.903 1.933
1.328 1.301
2.529 2.930
3.099 2.121
3.799 3.799
2.265 2.423
0.001
2.405 0.998
2.599 1.053
2.402 2.376
2.051 1.990
1
1.233 1.706
0.792 2.068
2.600 2.596
2.599 1.561
0.001 0.001
0.005 0.001
2.699 2.696
2.699 2.673
2.999 2.996
2.999 1.803
2.699 2.020
2.042 2.643
1
2.999 1.037
2.363 0.412
1
2.799 1.763
1.849 2.001
1.177 1.154
3.476 1.790
0.009 0.616
0.125 1.100
1.432 2.422
1.384 1.577
1.681 0.722
3.191 1.460
554
header
FS_LARGE_PERCEN
T2
555
header
FS_LOWER_YOUR
556
header
FS_LOW_RATES
557
header
FS_NEW_SOFT_UPL
OAD
558
header
FS_NEW_XXX
559
header
FS_NO_SCRIP
560
header
FS_OBFU_PRMCY
561
header
Subject mis-spelled
prescription
FS_PERSCRIPTION
562
header
FS_PHARMASUB2
563
header
FS_RAMROD
564
header
FS_REPLICA
565
header
FS_REPLICAWATCH
566
header
Phrase: re approved
FS_RE_APPROV
567
header
FS_START_DOYOU2
568
header
FS_START_LOSE
569
header
FS_TEEN_BAD
570
header
FS_TIP_DDD
571
header
FS_WEIGHT_LOSS
572
header
FS_WILL_HELP
573
header
FS_WITH_SMALL
574
body
FUZZY_MERIDIA
0.001 0.778
1.936 2.374
575
uri
FU_COMMON_SUBS
2
2.403 2.057
2.136 1.498
1
3.899 3.895
3.899 3.896
1.076 2.820
2.317 2.777
2.800 1.179
1.403 1.041
3.524 3.799
2.094 2.502
1
3.099 3.099
3.099 3.097
2.599 2.596
2.034 2.167
2.501 2.596
2.441 2.549
0.001 0.021
1.726 0.101
1
3.299 3.299
3.299 3.296
1
576
uri
FU_ENDS_NUMS_D
OTS_CLK
577
uri
ET Phone Home?
FU_END_ET
578
uri
FU_HOODIA
579
uri
FU_LONG_QUERY3
580
uri
FU_MIDER
581
uri
FU_UKGEOCITIES
582
uri
FU_URI_TRACKER_
T
3.200 3.196
3.199 3.196
3.599 3.599
3.599 3.500
1.177 1.484
0.751 1.652
1.662 0.001
1.649 0.001
3.767 2.024
1.458 1.110
3.299 3.296
3.299 3.296
3.899 3.895
2.400 3.193
583
uri
/^http:\/\/(?:\w{2,4}\.)?
geocities\.com(?::\d*)?\/.
+?\/\?/i
GEO_QUERY_STRIN
G
2.699 2.696
2.699 2.696
584
header
HEADER_COUNT_S
UBJECT
3.099 3.099
3.100 3.096
585
header
HELO_FRIEND
0.001
586
header
HELO_LH_HOME
2.602 3.169
2.689 3.714
587
header
X-Spam-Relays-Untrusted
=~ /^[^\]]+ helo=friend /i
X-Spam-Relays-Untrusted
=~ /^[^\]]+ helo=\S+\.
(?:home| lan) /i
X-Spam-Relays-Untrusted
=~ /^[^\]]+
helo=localhost\.localdomain
/i
HELO_LH_LD
0.800 0.792
1.184 1.215
588
header
X-Spam-Relays-Untrusted
=~ /^[^\]]+ helo=localhost /i
HELO_LOCALHOST
4.499 4.499
3.998 3.941
589
header
X-Spam-Relays-Untrusted
=~ /^[^\]]+ helo=(?:pc|
oem\S*) /i
HELO_OEM
3.299 3.296
3.043 2.195
590
body
591
body
592
body
593
body
594
uri
Links to common
unsubscribe script:
'getmeoff.php'
0.043 1.992
2.046 2.658
HS_DRUG_DOLLAR_ 1.033 1.350
1
1.929 0.090
HS_DRUG_DOLLAR_ 0.304 1.119
2
2.748 1.617
HS_DRUG_DOLLAR_ 2.349 1.901
3
1.317 1.378
HS_BODY_UPLOAD
ED_SOFTWARE
HS_GETMEOFF
0.000 0.000
3.000 1.000
HS_INDEX_PARAM
0.001
HS_MEETUP_FOR_S
EX
header
HS_SUBJ_NEW_SOF
TWARE
598
header
HS_SUBJ_ONLINE_P
HARMACEUTICAL
0.000 0.000
3.000 1.000
1.118 0.253
2.395 3.599
0 0 0.001
0.001
599
body
eval:check_https_http_mism
atch('1','10')
HTTPS_HTTP_MISM
ATCH
600
header
JM_RCVD_QMAILV1
601
body
KAM_STOCKOTC
602
body
603
body
604
body
605
body
606
body
607
body
/(?:Conforce International|
CFRI)/is
/(?:Nano Superlattice
Technology| NSLT)/is
/(?:PREMIER
INFORMATION| (^|
\b)PIFR((dollar) | \b))/is
/(?:Harbin Pingchuan| P G C
N| PGCN)/is
/(?:Remington Ventures|
RMVN)/is
/(?:China World Trade
Corporation| CWTD)/is
608
body
/long\W+term\W+(target|
projected)(\W+price)?/i
LONG_TERM_PRICE
609
body
LOOPHOLE_1
610
header
611
header
612
header
613
full
614
header
615
header
595
uri
596
body
597
Date =~ /\s[+-]\d(?!
[2358]45)\d[1249]\d(dollar) /
Message-ID =~ /^<\d{14}\.
[A-F0-9]{10}\@[A-Z09]+>(dollar) /
Content-Type =~
/boundary="===========
==========_\d+==\.REL"
/s
Message has NUL (ASCII
0) byte in message
Claims to be sent by an
unusual build of Outlook
(3416)
Received =~ /\bid\s+[a-zAZ0-9_+\/\\,-]+(?:[!"\#\
3.999 3.995
3.999 3.996
3.999 2.328
3.947 3.964
KAM_STOCKTIP14
KAM_STOCKTIP15
0.001
KAM_STOCKTIP20
KAM_STOCKTIP21
KAM_STOCKTIP4
KAM_STOCKTIP6
1
0.001 0.212
0.001 0.001
2.188 2.474
2.623 2.210
L_SPAM_TOOL_13
4.499 4.499
4.499 4.495
MID_DEGREES
4.199 4.195
4.057 3.700
MIME_BOUND_EQ_
REL
0.123 0.845
2.457 2.832
NULL_IN_BODY
2.802 1.489
3.699 2.425
OUTLOOK_3416
RCVD_BAD_ID
1.702 1.695
1.821 1.744
2.100 2.088
3.266 2.837
(dollar) \%&'()*:<=>?\@\
[\]^\`{| }~]| ;\S)/
616
header
RCVD_FORGED_WR
OTE
4.365 4.479
4.499 2.523
RCVD_FORGED_WR
OTE2
2.052 2.736
1.391 4.325
RCVD_IN_DNSWL_H
I
0 -8 0 -8
RCVD_IN_DNSWL_L
OW
0 -1 0 -1
RCVD_IN_DNSWL_
MED
0 -4 0 -4
RCVD_IN_DOB
0 0.835 0
1.103
RCVD_IN_IADB_DK
RCVD_IN_IADB_DO
PTIN
0 -4 0 -4
RCVD_IN_IADB_DO
PTIN_GT50
RCVD_IN_IADB_DO
PTIN_LT50
617
header
618
header
619
header
620
header
621
header
622
header
623
header
624
header
625
header
626
header
RCVD_IN_IADB_ED
DB
627
header
RCVD_IN_IADB_EPI
A
628
header
RCVD_IN_IADB_GO
ODMAIL
629
header
RCVD_IN_IADB_LIS
TED
630
header
RCVD_IN_IADB_LO
OSE
631
header
RCVD_IN_IADB_MI_
CPEAR
0 -0.001 0
-0.293
0 -0.135 0
-0.001
0 -0.001 0
-0.001
0 -0.001 0
-0.001
0 -0.001 0
-0.001
0 -0.001 0
-0.001
632
header
RCVD_IN_IADB_MI_
CPR_30
0 -0.001 0
-0.001
633
header
RCVD_IN_IADB_MI_
CPR_MAT
634
header
RCVD_IN_IADB_ML
_DOPTIN
0 -6 0 -6
635
header
RCVD_IN_IADB_NO
CONTROL
0 -0.001 0
-0.001
636
header
header
RCVD_IN_IADB_OO
O
RCVD_IN_IADB_OPT
IN
637
638
header
RCVD_IN_IADB_OPT
IN_GT50
0 -0.499 0
-0.245
639
header
RCVD_IN_IADB_OPT
IN_LT50
640
header
RCVD_IN_IADB_OPT
OUTONLY
0 -0.001 0
-0.001
641
header
RCVD_IN_IADB_RD
NS
642
header
RCVD_IN_IADB_SEN
DERID
643
header
RCVD_IN_IADB_SPF
644
header
RCVD_IN_IADB_UN
VERIFIED_1
0 -0.001 0
-0.001
0 -0.001 0
-0.078
0 -0.001 0
-0.001
645
header
RCVD_IN_IADB_UN
VERIFIED_2
0 -0.001 0
-0.001
646
header
RCVD_IN_IADB_UT_
CPEAR
647
header
RCVD_IN_IADB_UT_
CPR_30
0 -0.001 0
-0.001
0 -0.001 0
-0.001
648
header
RCVD_IN_IADB_UT_
CPR_MAT
649
header
RCVD_MAIL_COM
1.082 1.452
2.532 0.930
650
body
/short\W+term\W+(target|
projected)(\W+price)?/i
SHORT_TERM_PRIC
E
0.540 1.950
0.655 0.676
STOX_RCVD_N_NN_
N
STOX_REPLY_TYPE
0.001
TEMPLATE_203_RCV
D
651
header
652
header
653
header
Received =~ / by
\d+\.\d+\.\d+\.\d+ \
(\d\.\d\d\.\d\/\d\.\d\d\.\d\)
with SMTP id [\dA-Za-z]
+\;/
Content-Type =~
/text\/plain; .* replytype=original/
Received =~ /from
192.168.0.\d+ \(203-219-/
654
header
TT_MSGID_TRUNC
655
body
TVD_ACT_193
656
body
/you.{1,2}re .
{0,20}approved/i
TVD_APPROVED
657
body
/approved .{0,20}loan/i
TVD_APP_LOAN
658
body
/^dear homeowner/i
TVD_DEAR_HOMEO
WNER
659
header
EnvelopeFrom =~ /\'/
TVD_ENVFROM_AP
OST
660
header
661
rawbody
662
body
663
body
664
body
665
body
666
body
667
body
668
body
669
body
670
body
Content-Type =~
/^text\/plain(?:;
(?:format=flowed|
charset="Windows-1252"|
reply-type=original)){3}/i
/\bstyle\s*=\s*"[^"]*\bfloat\
s*:\s*[a-z]+\s*">\s*[a-zAZ]+\s*</i
/<inter W1><post P1>\b(?!
degree)<D><E><G><R><E
><E>\b/i
/(?!
finance)<F><I><N><A><N
><C><E>/i
/<inter W2><post P2>(?!
fixed
rate)<F><I><X><E><D>\s
+<R><A><T><E>/i
/<inter W2><post P2>(?!
microcap)(?!microcap)<M><I><C><R><O>-?
<C><A><P>/i
/<inter W2><post P2>(?!
pharmaceutical)<P><H><A
><R><M><A><C><E><U
><T><I><C><A><L>/i
/<inter W2><post P2>(?!
symbol)<S><Y><M><B><
O><L>/i
/\bsize of .{1,20}(?:penis|
dick| manhood)/i
/\blink to save\b/i
/\baccounts? (?:[a-z_,-]+ )+?
(?:record[a-z]*| suspen[a-z]
+| notif(?:y| ication)|
updated| verifications?|
credited)\b/i
0.001 1.874
1.924 1.364
2.273 3.420
3.499 2.622
2.999 2.558
1.550 1.731
1
2.599 2.599
2.599 2.596
4.199 3.307
0.465 0.088
TVD_FINGER_02
2.796 2.720
3.199 2.134
TVD_FLOAT_GENER
AL
3.599 1.114
0.591 0.001
TVD_FUZZY_DEGRE
E
TVD_FUZZY_FINAN
CE
TVD_FUZZY_FIXED
_RATE
TVD_FUZZY_MICRO
CAP
TVD_FUZZY_PHAR
MACEUTICAL
TVD_FUZZY_SYMB
OL
3.099 1.435
2.086 1.699
TVD_INCREASE_SIZ
E
TVD_LINK_SAVE
TVD_PH_BODY_AC
COUNTS_PRE
TVD_PH_REC
2.702 2.996
2.996 2.996
TVD_PH_SEC
TVD_PH_SUBJ_ACC
OUNTS_POST
2.999 2.996
2.999 2.996
Subject =~ /^urgent(?:
[\s\W]*(dollar) | .{1,40}
(?:alert| response| assistance|
proposal| reply| warning|
noti(?:ce| fication)| greeting|
matter))/i
TVD_PH_SUBJ_URG
ENT
2.616 2.102
2.799 2.797
/\bquality med(?:ication)?
s\b/i
TVD_QUAL_MEDS
2.626 4.123
2.647 3.568
TVD_RATWARE_CB
2.839 2.914
2.465 2.645
TVD_RATWARE_CB_
2
671
body
672
body
673
header
674
header
675
body
Content-Type =~
/\bboundary\b.
{1,40}qzsoft_directmail_se
perator/i
Content-Type =~
/\bboundary\s*=\s*"?+\d+=+\.MRA/
676
header
677
header
678
header
Message-ID =~ /^[^<]*<[az]+\@/
TVD_RATWARE_MS
GID_02
2.139 1.688
1.557 0.581
679
header
Received =~ /^from\s+
(?:\d+[^0-9a-zA-Z\s])
{3}\d+[.\s]/
TVD_RCVD_IP
0.502 1.617
2.270 1.931
680
header
Received =~ /^from\s+
(?:\d+\.){3}\d+\s/
TVD_RCVD_IP4
681
header
Received =~ /^from\s+(?!
localhost)[^\s.a-z0-9-]+\s/
TVD_RCVD_SINGLE
682
header
Received =~ /\(\[(?!UNIX:)
[^\[\]]*\s/
TVD_RCVD_SPACE_
BRACKET
683
body
TVD_SECTION
2.956 3.317
1.541 3.499
TVD_SILLY_URI_OB
FU
TVD_SPACED_SUBJ
ECT_WORD3
2.802 3.599
2.276 2.412
TVD_STOCK1
4.199 3.792
4.199 3.753
684
body
685
header
686
body
m!https?://[a-z0-9-]+\.[a-z09-]*\.?[^a-z09.:/\s"'\@?\)>-]+[a-z09.-]*[a-z]{3}(?:\s| (dollar) )!
i
Subject =~ /^(?:(?:Re| Fw)
[^:]{0,5}: )?[A-Z]+[a-z]+
[A-Z]+(dollar) /
eval:check_stock_info('2')
4.099 3.344
2.901 3.183
2.999 0.303
2.999 1.351
687
header
TVD_SUBJ_ACC_NU
M
688
header
Subject =~ /^\s*\*\s+
(?:\w+\W+)+\*\s*(dollar) /
TVD_SUBJ_FINGER_
03
header
Subject =~ /^\s*(?:\w+\s+)
+you\s+(?:\w+\s+)*(?:owe|
indebted)\s+(?:\w+\s+)
+an\s*other/i
TVD_SUBJ_OWE
3.199 3.196
3.199 3.196
690
header
TVD_SUBJ_WIPE_DE
BT
2.899 2.896
2.899 2.663
691
body
/Online Ph.rmacy/i
TVD_VISIT_PHARM
A
2.297 0.001
0.001 0.001
692
rawbody
TVD_VIS_HIDDEN
2.600 1.908
2.368 0.839
693
body
URIBL_COMPLETE
WHOIS
694
body
URIBL_RHS_ABUSE
695
body
URIBL_RHS_AHBL
696
body
/<TEXTAREA[^>]
+style\s*=\s*"visibility:\s*h
idden\b/i
URI in combinedHIB.dnsiplists.completewho
is.com
Contains an URI listed in
abuse.rfc-ignorant.org
Contains an URI listed in
rhsbl.ahbl.org.
Contains an URI listed in
bogusmx.rfc-ignorant.org
URIBL_RHS_BOGUS
MX
697
body
URIBL_RHS_DOB
0 0.901 0
1.083
698
body
URIBL_RHS_DSN
699
body
URIBL_RHS_POST
700
body
body
702
body
URIBL_RHS_TLD_W
HOIS
URIBL_RHS_URIBL_
BLACK
URIBL_RHS_URIBL_
GREY
701
703
body
URIBL_RHS_WHOIS
704
body
URIBL_XS_SURBL
705
uri
/\/l\.php\?\d/
URI_L_PHP
3.099 3.096
3.099 2.905
706
body
WHOIS_1AND1PR
707
body
WHOIS_AITPRIV
0 3.995 0
3.510
689
1
1
708
body
URL registered to
contactprivacy.com
WHOIS_CONTACTPR
IV
709
body
WHOIS_DMNBYPRO
XY
710
body
WHOIS_DOMESCRO
W
711
body
WHOIS_DOMPRIVC
ORP
712
body
WHOIS_DREAMPRIV
713
body
URL registered to
DomainPrivacyCorp.com
URL registered as a
DreamHost Private
Registration
URL registered as an DROA
Private Registration
714
body
WHOIS_DYNADOT
715
body
716
body
717
body
718
body
719
body
720
body
721
body
722
body
723
body
724
body
URL registered to
myprivateregistration.com
WHOIS_MYPRIVREG
725
body
URL registered to
NameKing
WHOIS_NAMEKING
726
body
WHOIS_NAMESECU
RE
727
body
URL registered to
NetIdentity
WHOIS_NETID
728
body
729
body
730
body
WHOIS_DROA
WHOIS_FINEXE
0 2.696 0
2.696
0 0.260 0
0.478
0 0.000 0
1.000
0 0.000 0
1.000
0 0.000 0
1.000
1
0 0.000 0
1.000
0 0.000 0
1.000
WHOIS_GKGPROXY
WHOIS_IDSHIELD
WHOIS_IDTHEFTPR
OT
WHOIS_KATZ
WHOIS_LISTINGAG
WHOIS_LNOA
WHOIS_MAPNAME
WHOIS_MONIKER_P
RIV
0 2.596 0
2.596
0 0.156 0
1.499
0 1.477 0
1.409
WHOIS_NETSOLPR
1
0 0.000 0
1.000
0 0.001 0
0.001
WHOIS_NOLDC
WHOIS_NOMINET
0 0.000 0
1.000
WHOIS_SAFENAME
S
0 0.647 0
0.001
0 0.000 0
1.000
0 2.801 0
1.501
0 0.000 0
1.000
0 3.196 0
1.645
0 0.000 0
1.000
0 0.000 0
1.000
WHOIS_SECINFOSE
RV
WHOIS_SECUREWH
OIS
0 2.696 0
2.696
WHOIS_SPAMFREE
WHOIS_SRSPLUS
731
body
WHOIS_PRIVACYPO
ST
732
body
WHOIS_PRIVDOMAI
N
733
body
WHOIS_PRIVPROT
734
body
WHOIS_REGISTER4L
ESS
735
body
WHOIS_REGISTERFL
Y
736
body
WHOIS_REGTEK
737
body
738
body
739
body
740
body
741
body
742
body
URL registered to
SpamFreeReg.com
URL registered as an
SRSPlus Private
Registration
Contains URL registered to
Unlisted-Whois.com
743
body
URL registered to
WhoisGuard
WHOIS_WHOISGUA
RD
744
body
URL registered to
WhoisProtector
WHOIS_WHOISPROT
745
header
X-Library =~ /^Indy/
X_LIBRARY
746
body
YOUR_CRD_RATING
WHOIS_UNLISTED
0 2.170 0
2.839
0 3.399 0
2.025
0 0.000 0
1.000
2.700 2.696
2.899 2.752
3.099 3.096
3.099 2.848