Lamp Iran

Dua Email Yang Dikarantina Oleh SpamAssassin Pada Mailbox Server
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <bounce2@topemail.eu>
X-Envelope-To: <linanoer888@unhas.ac.id>
X-Envelope-To-Blocked:
X-Quarantine-ID: <bR1PBCN7ZGzr>
X-Spam-Flag: YES
X-Spam-Score: 9.055
X-Spam-Level: *********
X-Spam-Status: Yes, score=9.055 tag=2 tag2=6.31 kill=6.31
tests=[BAYES_20=-0.74, HTML_IMAGE_RATIO_02=0.383,
HTML_MESSAGE=0.001,
RCVD_IN_PBL=0.905, RCVD_IN_SBL=1.551, SPF_FAIL=5,
URIBL_BLACK=1.955]
Received: from mail.unhas.ac.id ([127.0.0.1])
by localhost (mail.unhas.ac.id [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id bR1PBCN7ZGzr for <linanoer888@unhas.ac.id>;
Thu, 19 May 2011 15:51:23 +0800 (CIT)
X-Original-Helo: mail.topemail.eu (iRedMail:
http://www.iredmail.org/)
Received: from mail.topemail.eu (m11.topemail.eu [77.90.89.61])
by mail.unhas.ac.id (ITCoNet) with ESMTP id 1A75753809C
for <linanoer888@unhas.ac.id>; Thu, 19 May 2011 15:51:21
+0800 (CIT)
Received: (qmail 20356 invoked by uid 1018); 19 May 2011 10:28:46
+0300
Received: from cs2.kli.lt (HELO x-email.eu) (77.90.88.254)
by mail.topemail.eu with SMTP; 19 May 2011 10:28:46 +0300
To: linanoer888@unhas.ac.id
Subject: www.bulkdatabases.com
Message-ID: <2107b7cacb03e8b4e19639a9270f4a09@x-email.eu>
Date: Thu, 19 May 2011 10:23:36 +0300
From: "Buy targeted Email Database" <mailer2@topemail.eu>
Reply-To: mailer2@topemail.eu
MIME-Version: 1.0
X-Mailer-LID: 64
List-Unsubscribe: <http://x-email.eu//unsubscribe.php?
M=16248762&C=3e137d42391ba1d045b335f88128f642&L=64&N=771>
X-Mailer-RecptId: 16248762
X-Mailer-SID: 771
X-Mailer-Sent-By: 1
Content-Type: multipart/alternative; charset="UTF-8";
boundary="b1_378072e5154662e243ab95e722be3b19"
Content-Transfer-Encoding: 8bit
--b1_378072e5154662e243ab95e722be3b19
Content-Type: text/plain; format=flowed; charset="UTF-8"
Your email client cannot read this email.
To view it online, please go here:
http://x-email.eu//display.php?
M=16248762&C=3e137d42391ba1d045b335f88128f642&S=771&L=64&N=40
WWW.bulkdatabases.com
Business Email Lists
Country Email Lists
Domain Email Lists
General Global Email Lists
Men's Email Lists
Powerfull 2010 Email Lists
Tagerted Email Lists
Woman Email Lists
Email Sender Software
--b1_378072e5154662e243ab95e722be3b19
Content-Type: text/html; charset="UTF-8"
<html><head></head><body><div align="center"><a target="_blank"
href="http://x-email.eu//display.php?
M=16248762&C=3e137d42391ba1d045b335f88128f642&S=771&L=64&N=40"><b>
<font
size="4">Look this newsletter on the web... </font></b></a><br
/><br />
<meta http-equiv="Content-Type" content="text/html; charset=iso8859-1"
/>
</div>
<title>Welcome</title>
<style type="text/css"><!-body {
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
}
.border{
background-color:#FFFFFF;
border: 1px solid #d4d4d4;
}
.intro{
font-family:"Univers 55";
font-size:18px;
font-weight:normal;
color:#ad1515;
padding-bottom:10px;
}
.mid{
font-family:tahoma;
font-size:11px;
font-weight:normal;
color:#2e2e2e;
}
.mid2{
font-family:Arial, Helvetica, sans-serif;
font-size:11px;
color:#2a2a2a;
padding-right:15px;
padding-left: 15px;
}
.midred {
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
font-weight:bold;
color:#d50023;
padding-top: 4px;
padding-bottom: 4px;
padding-left: 10px;
}
.mid3 {
font-family:tahoma;
font-size:11px;
font-weight:normal;
color:#2e2e2e;
text-align: justify;
padding-top: 5px;
}
.border1 { background-color:#FFFFFF;
border-right-width: 1px;
border-left-width: 1px;
border-right-style: solid;
border-left-style: solid;
border-right-color: #707070;
border-left-color: #707070;
}
.mid21 {
font-family:tahoma;
font-size:11px;
color:#060201;
text-align:justify;
padding-right:10px;
padding-left: 10px;
}
.midbold1 {
font-family:Tahoma;
font-size:11px;
font-weight:bold;
color:#61504e;
padding-bottom: 5px;
padding-left: 10px;
}
.more {
font-family:tahoma;
font-size:11px;
color:#c22020;
text-align:justify;
padding-left: 10px;
text-decoration: none;
padding-top: 6px;
}
.border2 {
background-color:#FFFFFF;
border-right-width: 1px;
border-left-width: 1px;
border-right-style: solid;
border-left-style: solid;
border-right-color: #c6c6c6;
border-left-color: #c6c6c6;
}
--></style>
<table align="center" border="0" cellpadding="0" cellspacing="0"
width="580">
<tbody>
<tr>
<td class="border">
<table border="0" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td><a target="_blank"
href="http://x-email.eu//link.php?M=16248762&N=771&L=743&F=H"><img
title="homepage_logo.jpg" alt="homepage_logo.jpg"
src="http://xemail.eu//admin/temp/newsletters/40/homepage_logo.jpg"
width="550" height="200" /></a></td>
</tr>
<tr>
<td>
<table style="background-color: #c4fcdb;" align="center"
border="0"
cellpadding="0" cellspacing="0" width="563">
<tbody>
<tr>
<td> </td>
</tr>
<tr>
<td>
<table style="background-color: #c4fcdb;" border="0"
cellpadding="0"
cellspacing="0" width="100%">
<tbody>
<tr>
<td width="220">
<table style="background-color: #c4fcdb; height: 100px;"

border="0"
cellpadding="0" cellspacing="0" width="220" height="100">
<tbody>
<tr>
<td class="intro">
<h4><a target="_blank"
title="logobulkdatabases.com.jpg" alt="logobulkdatabases.com.jpg"
src="http://xemail.eu//admin/temp/newsletters/40/logobulkdatabases.com.jpg"
width="197" height="45" /></a><font
size="4">Categories</font></h4>
</td>
</tr>
<tr>
<td>
<div class="block_content"><font size="3"><a target="_blank"
href="http://x-email.eu//link.php?
M=16248762&N=771&L=737&F=H">Business
Email Lists</a></font> <br /> <font size="3"><a
M=16248762&N=771&L=738&F=H">Country Email
Lists</a></font><br /> <font size="3"><a target="_blank"
M=16248762&N=771&L=740&F=H">Domain Email
Lists</a></font> <br /> <font size="3"><a target="_blank"
M=16248762&N=771&L=742&F=H">General
Global Email Lists</a></font> <br /> <font size="3"><a
target="_blank"
M=16248762&N=771&L=735&F=H">Men's Email
Lists</a></font> <br /> <font size="3"><a target="_blank"
M=16248762&N=771&L=741&F=H">Powerfull
2010 Email Lists</a></font> <br /> <font size="3"><a
target="_blank"
M=16248762&N=771&L=739&F=H">Tagerted
Email Lists</a></font> <br /><font size="3"><a target="_blank"
M=16248762&N=771&L=547&F=H">Woman Email
Lists</a><br /></font><font size="3"><a target="_blank"
M=16248762&N=771&L=736&F=H">Email Sender
Software</a></font></div>
</td>
</tr>
<tr>
<td style="background-color: #c4fcdb;" class="border1"><br /></td>
</tr>
<tr>
<td><br /></td>
</tr>
</tbody>
</table>
</td>
<td valign="top">
<table align="right" border="0" cellpadding="0" cellspacing="0"
width="314">
<tbody>
<tr>
<td class="intro"><font color="#000000"><font
color="#0000ff"><b><font
size="5">Get 15% DISCOUNT NOW</font> </b></font><br /><font
size="4">add
the discount voucher</font> </font><font color="#ff0000"><font
size="5"><b>GET15</b></font></font> <br />
<div align="center"><b><font color="#ff0000" size="4"><span
style="background-color: #ffffff;">Only 30
Vouchers</span></font><br
/></b></div>
</td>
</tr>
<tr>
<td><a target="_blank"
title="marketing.jpg" alt="marketing.jpg"
src="http://x-email.eu//admin/temp/newsletters/40/marketing.jpg"
width="234" height="162" /></a></td>
</tr>
<tr>
<td class="mid3"><font size="2"><span class="menutext"><br
/></span></font></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td>
<div align="center"><b><font color="#0000ff" size="3"><a
target="_blank"
href="http://x-email.eu//sendfriend.php?
M=16248762&C=3e137d42391ba1d045b335f88128f642&L=64&N=771&F=1&i=40"
>Send
To Friends<br /></a></font></b></div>
<b><font color="#0000ff" size="3"><br /></font></b></td>
</tr>
<tr>
<td><br /></td>
</tr>
<tr>
<td align="center"><br /></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table><br/>
<br>
<img
src="http://x-email.eu//open.php?
M=16248762&L=64&N=771&F=H&image=.jpg"
height="1" width="10"></body></html>
--b1_378072e5154662e243ab95e722be3b19--
Return-Path: <>
Delivered-To: spam-quarantine
X-Envelope-From: <delivery@mx.sailthru.com>
X-Envelope-To: <linanoer888@unhas.ac.id>
X-Envelope-To-Blocked:
X-Quarantine-ID: <ebpwCL2NK7hl>
X-Spam-Flag: YES
X-Spam-Score: 7.301
X-Spam-Level: *******
X-Spam-Status: Yes, score=7.301 tag=2 tag2=6.31 kill=6.31
tests=[BAYES_50=0.001, FH_HELO_EQ_D_D_D_D=0.001,
HTML_IMAGE_RATIO_06=0.001, HTML_MESSAGE=0.001,
MIME_HTML_ONLY=1.457,
MIME_HTML_ONLY_MULTI=0.001, MPART_ALT_DIFF=0.739,
RDNS_DYNAMIC=0.1,
SPF_FAIL=5]
Received: from mail.unhas.ac.id ([127.0.0.1])
by localhost (mail.unhas.ac.id [127.0.0.1]) (amavisd-new,
port 10024)
with ESMTP id ebpwCL2NK7hl for <linanoer888@unhas.ac.id>;
Thu, 6 Jan 2011 03:06:12 +0800 (CIT)
X-Original-Helo: mx-69-28-218-148.sailthru.com (iRedMail:
http://www.iredmail.org/)
Received: from mx-69-28-218-148.sailthru.com (mx-69-28-218148.sailthru.com [69.28.218.148])
by mail.unhas.ac.id (ITCoNet) with ESMTP id 46EC653806F
for <linanoer888@unhas.ac.id>; Thu, 6 Jan 2011 03:06:11
+0800 (CIT)
Received: from mx.sailthru.com (mx-69-28-218-148.sailthru.com
[69.28.218.148])
by mx-69-28-218-148.sailthru.com (Postfix) with ESMTP id
3C416D9212B
for <linanoer888@unhas.ac.id>; Wed, 5 Jan 2011 13:58:13
-0500 (EST)
Received: from mx4.sailthru.com (mx-out.sailthru.com
[69.28.218.155])
by mx.sailthru.com (Postfix) with ESMTP id 9D0B796806B
for <linanoer888@unhas.ac.id>; Wed, 5 Jan 2011 13:58:07
-0500 (EST)
Date: Wed, 5 Jan 2011 18:58:07 +0000 (UTC)
From: The Commercial Observer <tacitelli@observer.com>
To: linanoer888@unhas.ac.id
Message-ID: <20110105185807.33770.326@sailthru.com>
Subject: The Commercial Observer NOW - Wednesday Jan. 5, 2011
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_Part_1486143_308586252.1294253887626"
X-TM-ID: 20110105185807.33770.326
X-Info: Message sent by sailthru.com customer New York Observer
X-Info: We do not permit unsolicited commercial email
X-Info: Please report abuse by forwarding complete headers to
X-Info: abuse@sailthru.com
X-Mailer: sailthru.com
X-IADB-IP: 69.28.218.157
X-IADB-IP-REVERSE: 157.218.28.69
X-IADB-URL: http://www.isipp.com/iadb.php
X-Unsubscribe-Web: http://cb.sailthru.com/oc/q22.92/4dc609ad
List-ID: <cm.1073.69c8568123a13dec61f0d0ebf642bb12.sailthru.com>
List-Unsubscribe: http://cb.sailthru.com/oc/q22.92/4dc609ad
X-rpcampaign: stbph33770
------=_Part_1486143_308586252.1294253887626
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable
<html>
<head>
<title>Commercial Observer Wednesday</title>
<meta http-equiv=3D"Content-Type" content=3D"text/html;
charset=3Diso-8859-=
1">
<style>
body {font-size:100%;}
h1 {font-size:2.5em;}
h2 {font-size:1.875em;}
p {font-size:0.875em;}
p{font-family:sans-serif;}=20
br{font-family:sans-serif;}=20
</style>
</head>
<body bgcolor=3D"#FFFFFF" leftmargin=3D"0" topmargin=3D"0"
marginwidth=3D"0=
" marginheight=3D"0">
<CENTER>
<table height=3D"100%" bordercolor=3D"#cccccc" cellspacing=3D"0"
cellpaddin=
g=3D"0" width=3D"850" border=3D"1">
<tbody>
<tr>
<td valign=3D"top">
<table height=3D"100%" width=3D"850" border=3D"0"
cellpadding=3D"0" cellspa=
cing=3D"0">
=09<tr>
=09=09<td colspan=3D"5">
=09=09=09<img
src=3D"http://www.observer.com/files/CO_Newsletter_03_A_Tues_=
01.gif" width=3D"850" height=3D"36" alt=3D""></td>
=09</tr>
=09
=09<tr>
=09=09<td valign=3Dtop>
=09=09=09<img
=09=09=09<img
src=3D"http://www.observer.com/files/CO_Newsletter_header.jpg=
" width=3D"730" height=3D"124" alt=3D""><P>
<font size=3D"2">Edited by Tom Acitelli | <A
HREF=3D"mailto:tacitelli@obser=
ver.com">tacitelli@observer.com</A></font><BR><BR>
</td>
=09=09=09<img
=09</tr>
=09
=09<tr>
=09=09
=09</tr>
=09
=09<tr>
=09=09<td valign=3D"top">
=09=09=09<img
06_test.gif" width=3D"60" alt=3D""></td>
=09=09
=09=09<td valign=3D"top" width=3D"418">
=09=09
<table bgcolor=3D"#cccccc" border=3D"0" width=3D"100%">
<tr>
<td><div><span style=3D"font-family: arial,helvetica,sansserif;" xml=
=3D"lang"><span style=3D"color: #4379dd;"
xml=3D"lang"><strong>WEDNESDAY</s=
trong></span> <span style=3D"color: #8c8c8e;" xml=3D"lang">Jan. 5,
2011</sp=
an></div>
</td>
</tr>
</table>
=09=09=09<P>
=09=09=09<HR>
<strong><span style=3D"font-size: 12pt; font-family:

arial,helvetica,sans-s=
erif; color: #4379dd;" xml=3D"lang">
CBRE: Three Midtown Hotels Set to Sell</strong></span>
<HR><P>
Hot on the heels of an active second quarter that saw an explosion
of trans=
actions in the hospitality industry, <B>CB Richard Ellis</B>
executives tol=
d <I>The Commercial Observer</I> on Tuesday that three midtown
hotels are s=
et to sell by the end of the first quarter.=20
<P>
<B>Bradley Burwell</B>, a senior associate with CBRE Hotels New
York City, =
said three major hotel properties in midtowneach valued at
approximat=
ely $100 millionare currently under contract and expected to
sell to =
a host of REITs, private equity trusts and international investors
in the c=
oming months. With the addition of several smaller hotels farther
uptown al=
so in play, an impressive $1 billion in transactions is expected
to close b=
y the end of the quarter, he said.
<P>
"This transaction activity is the spark that's needed to
essentially reigni=
te the continuous transaction activity that we saw from 2004
through 2008,"=
said Mr. Burwell. (He declined, because the deals are still in
contract, t=
o identify the three hotels.)
<P>
The burst in activity follows a banner second-half of 2010 in
which CB Rich=
ard Ellis' Hotels Group inked 17 hospitality industry deals
totaling $300 m=
illion, including assets in New Jersey and New York as well as
elsewhere in=
the tri-state region.
<HR><strong><span style=3D"font-size: 12pt; font-family:
arial,helvetica,sa=
ns-serif; color: #4379dd;" xml=3D"lang">
Cuomo Committee Tapping Real Estate</strong></span>
<HR>
<IMG SRC=3D"http://www.observer.com/files/AndrewCuomo.jpg">
<P>
With <B>Governor Andrew Cuomo</B>'s proposal to freeze wages for
state work=
ers under scrutiny from unions like the SEIU, a coalition called
the Commit=
tee to Save New York is already under way to raise money to
deflect potenti=
al attack advertisements. And with a proposed cap on local

property taxes a=
s the linchpin to Mr. Cuomo's strategy to rein in the
state=E2=80=99s conti=
nued fiscal crises, it's hardly a surprise that the coalition has
begun tap=
ping the real estate industry for support.
<P>
Indeed, several industry veterans told <I>The Commercial
Observer</I> they'=
ve already been approached to contribute to a fund that, if
needed, could b=
e used to counter negative ads by unions should they become
hostile to a bi=
d to freeze state wages for one year.=20
<P>
"They're coming to us to combat the millions that the unions are
going to s=
pend on ads attacking the budget strategy," said the president of
one real =
estate firm who asked not to be identified.=20
<P>
<B>Massey Knakal Realty Services</B> Chairman <B>Robert Knakal</B>
said tha=
t, by and large, the real estate industry is in support of Mr.
Cuomo's init=
iative, which also includes a pledge not to introduce new taxes.
"To the ex=
tent we increase taxes to bridge the budget deficit you=E2=80=99re
making N=
ew York less competitive with other cities, and we=E2=80=99ve seen
people m=
oving out of the city," Mr. Knakal, who writes the weekly Concrete
Thoughts=
column for <I>The Commercial Observer</I>, said. "From a real
estate persp=
ective, we want him to hold the line on those pledges."=20
=09=09=09<P>
=09=09=09<HR>
<strong><span style=3D"font-size: 12pt; font-family:
arial,helvetica,sans-s=
erif; color: #4379dd;" xml=3D"lang">
Cantor's Kopcak: 'We're in the Third or Fourth Inning of the
Crisis'
</strong></span>
<HR>
<IMG SRC=3D"http://www.observer.com/files/JKopcak415x277.jpg"><P>
<I>Last year, Cantor Fitzgerald spun off to create its ambitious
commercial=
real estate practice, Cantor Commercial Real Estate. Besides
Anthony Orso,=
Michael Lehrman and Steve Kantorall of whom departed
longtime positi=
ons at Credit Suisse to help build the new firmCantor
managing direct=
or and head of whole loans Jason Kopcak has been leading the cause
by speci=
alizing in the origination of commercial loans. Mr. Kopcak, 39,
spoke to Th=
e Commercial Observer about his outlook for 2011 and what it means
for real=
estate lending.</I>
<P>
<I>The Commercial Observer: What should we expect with regards to
commercia=
l loan originations in 2011?</I><BR>
Mr. Kopcak: On the commercial side what we're seeing already is,
from a ban=
k standpoint, you're seeing banks starting to unload their
distressed, non-=
performing commercial loans. Whether it's office, multifamily,
retail or la=
nd, you're seeing these banks selling these assets. So, banks have
gotten m=
ore realistic in their pricing, the market has rallied a bit, and
you see t=
hat banks are healthier. So they're selling. They started selling
last year=
, and 2011 should be a pretty heavy one in banks cleaning up their
balance =
sheets.
<P>
<I>Is that because of a perceived bottoming out in the market?
</I><BR>
It's a combination. It's really primarily because banks are
healthier. They=
're a lot stronger capital-wise, so you're seeing banks taking
profits now =
that they're starting to move their distressed assets out.
<P>
<I>Probably more so here in New York than elsewhere, though,
right?</I><BR>
Yeah, right. Your larger banks, your money centers, your superregional and=
regional banks=E2=80=94they're all moving assets. Your community
banks and=
tertiary banks are having a more difficult time selling their
distressed a=
ssets.
<P>
<I>How are developers securing loans besides whole mortgage loans?
</I><BR>
We're seeing people buy in on the mezzanine pieces now. So we're
seeing tha=
t market start to come back together. Slowly. But we have clients
that are =
looking to buy B pieces, or they'll invest in new mezzanine. So
the market =
is starting to come back together. It's still in the early stages,
but we'r=
e starting to see activity there.
<P>
<I>And will we continue to see banks practice a so-called "extendand-prete=
nd" strategy?</I><BR>
There will be a lot of it in 2011 still. I think it will taper off
in 2012.=
Again, the banks are just now getting proactive. There are still
a lot of =
banks just at the beginning, so with that they still have to
extend-and-pre=
tend to get through the turbulence. We're at the beginning stages.
I would =
say we're in the third or fourth inning of the crisis.
=09=09=09<P>
=09=09=09<HR>
<span style=3D"color: #4379dd;" xml=3D"lang"><strong><span
style=3D"font-fa=
mily: arial,helvetica,sans-serif;" xml=3D"lang">
EVENTS:</span></span></strong>
<HR><P>
<B>Tuesday, January 11</B><BR>
<I>New York Commercial Real Estate Women "Global Trends in the
2011 Real Es=
tate Capital Markets," offices of Crowell & Moring LLP, 590
Madison Avenue,=
20th floor, 6:30 p.m., call 212-223-4000 for more info</I>
<P>
<I>Real Estate Board of New York breakfast, the Mendik Education
Center, 57=
0 Lexington Avenue., 9:30 a.m., contact Angela Donovan at 212-5323100 or e=
mail her at adonovan@rebny.com for more info</I>
<P>
Banner photography by William Warby
<P>
</td>
=09=09=09<img
08.gif" width=3D"13" alt=3D""></td>
<td valign=3D"top">
<A HREF=3D"http://cb.sailthru.com/q22.92/TSSpRcRkXSmo1EeBb8f3"><img border=
=3D"0" src=3D"http://www.observer.com/files/SLGCorpAd.jpg"
width=3D"300" he=
ight=3D"600" alt=3D""></A>
<BR><BR>
<A HREF=3D"http://cb.sailthru.com/q22.92/TSSpRcRkXSmp1EeBa5b5"><img border=
=3D0 src=3D"http://www.observer.com/files/TRI-1619-CorpAd2010300x600.jpg" =
width=3D"300" height=3D"600" alt=3D""></A>
<BR><BR>
<A HREF=3D"http://cb.sailthru.com/q22.92/TSSpRcRkXSmq1EeB7c89"><img border=
=3D"0" src=3D"http://www.observer.com/files/FlatRate300x250_A.jpg"
width=3D=
"300" height=3D"600" alt=3D""></A>
<BR><BR>
<A HREF=3D"http://cb.sailthru.com/q22.92/TSSpRcRkXSmr1EeBca1f"><img border=
=3D"0" src=3D"http://www.observer.com/files/Tower56_300x600.gif"
width=3D"3=
00" height=3D"600" alt=3D""></A>
<BR><BR>
<A HREF=3D"http://cb.sailthru.com/q22.92/TSSpRcRkXSms1EeB8be1"><img border=
=3D"0" src=3D"http://www.observer.com/files/commobs-0410300x600_01.gif" wi=
dth=3D"300" height=3D"600" alt=3D""></A>
=09=09=09</td>
=09=09
=09=09<td>
=09=09=09<img
10_test.gif" width=3D"60" alt=3D""></td>
=09</tr>
=09<tr>
=09=09=09<img
=09</tr>
=09
</table>
</td>
</tr>
</table>

<a href=3D"http://sailthru.com"><img
src=3D"http://cb.sailthru.com/img/q22.=
92/1b61a420.gif" alt=3D"" border=3D"0" /></a>
</body>
</html>
<small>
<P>This email was sent to linanoer888@unhas.ac.id by The New York
Observer =
LLC, 321 W. 44th St. 6th Floor New York, NY 10036. <a
href=3D"http://cb.sai=
lthru.com/forward/q22.92/732d9f64">Forward this email</A> to a
friend.
<P> You may unsubscribe at any time by clicking <a
href=3D"http://cb.sailth=
ru.com/oc/q22.92/4dc609ad">this link</A>. You can also read our <a
href=3D"=
http://cb.sailthru.com/q22.92/TSSpRcRkXSmt1-EeB1177">Privacy
Policy</a>.</s=
mall>
</p>
------=_Part_1486143_308586252.1294253887626--
Aturan-aturan yang dibuat oleh SpamAssassin 3.2.5
NO.
AREA
TESTED
DESCRIPTION OF
TEST
TEST NAME
DEFAULT
SCORES
(local, net,
with bayes,
with
bayes+net)
1000
body
Generic Test for Unsolicited

Bulk Email
GTUBE
body
Incorporates a tracking ID
number
TRACKER_ID
body
Weird repeated doublequotation marks
WEIRD_QaUOTING
body
Body contains a ROT13encoded email address
EMAIL_ROT13
body
HTML and text parts are

different
MPART_ALT_DIFF
body
HTML and text parts are

different
MPART_ALT_DIFF_C
OUNT
2.699 2.696
2.000 2.003
2.799 2.796
1.428 1.396
1.600 1.680
1.850 2.000
2.498 1.143
1.456 0.739
2.899 1.882
1.500 1.110
body
Message body has 80-90%

blank lines
BLANK_LINES_80_9
0
body
eval:tvd_vertical_words('0','
10')
TVD_SPACE_RATIO
body
eval:check_ma_non_text()
MULTIPART_ALT_N
ON_TEXT
2.899 2.899
2.307 2.219
2.699 2.696
2.699 2.696
10
body
Character set indicates a

foreign language
CHARSET_FARAWA
Y
3.2
11
rawbody
Extra blank lines in base64

encoding
MIME_BASE64_BLA
NKS
12
rawbody
Message text disguised

using base64 encoding
MIME_BASE64_TEX
T
13
body
Missing blank line between

MIME header and body
MISSING_MIME_HB
_SEP
0.221 0.001
0.016 0.041
2.701 2.796
1.709 1.753
2.599 2.699
2.205 2.119
14
body
Multipart message mostly

text/html MIME
MIME_HTML_MOST
LY
0.001
15
body
Message only has text/html

MIME parts
MIME_HTML_ONLY
16
rawbody
Quoted-printable line longer

than 76 chars
MIME_QP_LONG_LI
NE
2.299 1.672
1.925 1.457
2.499 1.819
1.500 1.396
17
body
MIME character set is an

unknown ISO charset
MIME_BAD_ISO_CH
ARSET
18
body
IP to HTTPS link found in

HTML
HTTPS_IP_MISMATC
H
3.363 2.831
2.768 0.346
2.697 2.896
2.899 2.897
19
body
URI_TRUNCATED
0.001
20
header
ALL_TRUSTED
-6.265
21
header
Message contained a URI

which was truncated
Passed through trusted hosts
only via SMTP
Informational: message was
not relayed via SMTP
NO_RELAYS
-0.001
22
header
NJABL: sender is
confirmed open relay
RCVD_IN_NJABL_R
ELAY
23
header
NJABL: sender is
confirmed spam source
RCVD_IN_NJABL_SP
AM
0 1.841 0
2.696
0 3.096 0
2.072
24
header
header
RCVD_IN_NJABL_M
ULTI
RCVD_IN_NJABL_C
GI
25
NJABL: sent through multistage open relay

NJABL: sender is an open
formmail
26
header
NJABL: sender is an open

proxy
RCVD_IN_NJABL_PR
OXY
27
header
SORBS: sender is open

HTTP proxy server
RCVD_IN_SORBS_H
TTP
28
header

SOCKS proxy server
RCVD_IN_SORBS_S
OCKS
29
header

proxy server
RCVD_IN_SORBS_M
ISC
0 1.693 0
1.643
0 0.001 0
0.001
0 0.182 0
0.801
0 0.001 0
0.353
30
header

SMTP relay
RCVD_IN_SORBS_S
MTP
31
header
SORBS: sender is a
abuseable web server
RCVD_IN_SORBS_W
EB
0 1.117 0
0.619
32
header
header
RCVD_IN_SORBS_B
LOCK
RCVD_IN_SORBS_Z
OMBIE
33
SORBS: sender demands to

never be tested
SORBS: sender is on a
hijacked network
34
header
SORBS: sent directly from

dynamic IP address
RCVD_IN_SORBS_D
UL
35
header
Received via a relay in

Spamhaus SBL
RCVD_IN_SBL
36
header

Spamhaus XBL
RCVD_IN_XBL
37
header

Spamhaus PBL
RCVD_IN_PBL
38
header
Envelope sender in dsn.rfcignorant.org
DNS_FROM_RFC_DS
N
39
header
Envelope sender in
bogusmx.rfc-ignorant.org
DNS_FROM_RFC_BO
GUSMX
0 1.615 0
0.877
0 2.810 0
1.551
0 2.896 0
3.033
0 0.509 0
0.905
0 2.527 0
1.495
0 2.125 0
1.482
40
header
CompleteWhois: sender on
bogons IP block
RCVD_IN_WHOIS_B
OGONS
41
header
hijacked IP block
RCVD_IN_WHOIS_HI
JACKED
42
header
invalid IP block
RCVD_IN_WHOIS_IN
VALID
43
header

list.dsbl.org
RCVD_IN_DSBL
44
header
Envelope sender listed in

dnsbl.ahbl.org
DNS_FROM_AHBL_
RHSBL
45
header
Envelope sender in
blackholes.securitysage.com
DNS_FROM_SECURI
TYSAGE
46
header
RCVD_IN_BL_SPAM
COP_NET
47
header
RCVD_IN_MAPS_RB
L
48
header
RCVD_IN_MAPS_DU
L
49
header
RCVD_IN_MAPS_RS
S
50
header
RCVD_IN_MAPS_NM
L
51
header
header
53
header
54
header
55
header
56
header
RCVD_IN_BSP_TRUS
TED
RCVD_IN_BSP_OTH
ER
RCVD_IN_IADB_VO
UCHED
HABEAS_ACCREDIT
ED_COI
HABEAS_ACCREDIT
ED_SOI
HABEAS_CHECKED
0 -4.3 0 -4.3
52

bl.spamcop.net
Relay in RBL,
http://www.mailabuse.org/rbl/
Relay in DUL,
http://www.mailabuse.org/dul/
Relay in RSS,
http://www.mailabuse.org/rss/
Relay in NML,
http://www.mailabuse.org/nml/
Sender is in Bonded Sender
Program (trusted relay)
Sender is in Bonded Sender
Program (other relay)
ISIPP IADB lists as
vouched-for sender
Habeas Accredited
Confirmed Opt-In or Better
Habeas Accredited Opt-In
or Better
Habeas Checked
0 1.000 0
1.000
0 1.199 0
0.400
0 0.753 0
0.961
0 2.025 0
0.692
0 0.127 0
0.001
0 2.188 0
1.960
57
header
Subject contains a gappy

version of 'cialis'
SUBJECT_DRUG_GA
P_C
58
header

version of 'levitra'
SUBJECT_DRUG_GA
P_L
0 -0.2 0 -0.2
0.001 0.001
0.508 0.003
1.047 1.831
2.407 2.515
59
header

version of 'soma'
SUBJECT_DRUG_GA
P_S
60
header

version of 'valium'
SUBJECT_DRUG_GA
P_VA
61
header

version of 'xanax'
SUBJECT_DRUG_GA
P_X
1.876 2.596
1.035 1.014
1.478 2.052
2.298 1.766
0 -0.1 0 -0.1
0 -2.2 0 -2.2
0 -8.0 0 -8.0
0 -4.3 0 -4.3
62
body
Talks about price per dose
DRUG_DOSAGE
63
body
Mentions an E.D. drug
DRUG_ED_CAPS
64
body
Talks about an E.D. drug

using its chemical name
DRUG_ED_SILD
65
body
Mentions Generic Viagra
DRUG_ED_GENERIC
66
body
Fast Viagra Delivery
DRUG_ED_ONLINE
67
body
Online Pharmacy
ONLINE_PHARMAC
Y
68
body
No prescription needed
NO_PRESCRIPTION
69
body
Attempts to disguise the

word 'viagra'
VIA_GAP_GRA
70
body
71
header
72
header
73
header
74
header
75
header
76
header
77
header
78
header
79
header
80
header
81
header
Two or more drugs

crammed together into one
word
Delivered to trusted network
by a host with no rDNS
Relay HELO'd with
suspicious hostname
(mail.com)
Relay HELO'd using
suspicious hostname (IP
addr 1)
Relay HELO'd using
suspicious hostname
(DHCP)
Relay HELO'd using
suspicious hostname (HCC)
Relay HELO'd using
suspicious hostname
(Rogers)
Relay HELO'd using
suspicious hostname (TDialin)
Relay HELO'd using
suspicious hostname (Hex
IP)
Relay HELO'd using
suspicious hostname (Split
IP)
Relay HELO'd using
suspicious hostname (IP
addr 2)
Relay HELO'd using
suspicious hostname
2.514 0.128
1.621 1.623
0.329 1.540
2.417 0.322
0.001 0.001
1.026 1.185
3.286 3.314
2.001 1.558
1
2.701 1.484
0.057 0.001
2.573 2.757
2.944 2.619
2.203 1.053
2.004 0.133
DRUGS_SMEAR1
RDNS_NONE
0.1
FAKE_HELO_MAIL_
COM_DOM
3.199 3.196
2.812 3.199
HELO_DYNAMIC_IP
ADDR
4.399 2.935
2.643 2.426
HELO_DYNAMIC_D
HCP
2.298 1.520
1.536 1.398
HELO_DYNAMIC_H
CC
4.299 4.295
4.299 4.295
HELO_DYNAMIC_R
OGERS
HELO_DYNAMIC_DI
ALIN
3.999 3.995
3.999 3.384
HELO_DYNAMIC_H
EXIP
3.099 3.099
3.100 2.204
HELO_DYNAMIC_SP
LIT_IP
4.199 4.199
4.199 3.493
HELO_DYNAMIC_IP
ADDR2
4.399 4.395
4.400 4.395
3.600 3.599
3.599 3.595
HELO_DYNAMIC_C
HELLO_NL
(Chello.nl)
82
header
83
header
Relay HELO'd using

suspicious hostname
(Home.nl)
Host HELO did not match
rDNS: msn.com
84
header
85
HELO_DYNAMIC_H
OME_NL
3.499 3.496
3.499 3.463
FAKE_HELO_MSN

rDNS: mail.com
FAKE_HELO_MAIL_
COM
1.755 0.220
2.600 1.317
header

rDNS: email.com
FAKE_HELO_EMAIL
_COM
86
header

rDNS: excite.com
FAKE_HELO_EXCIT
E
87
header

rDNS: lycos.com
FAKE_HELO_LYCOS
2.599 2.552
2.599 2.598
2.459 2.432
2.497 2.599
88
header

rDNS: yahoo.ca
89
header
Partial message
90
header
From: contains empty name
91
header
From: starts with many

numbers
92
header
From address is "at

something-offers"
93
header
From: has no local-part

before @ sign
94
header
Subject has exclamation

mark and question mark
95
header
Spam tool Message-Id:

(caps variant)
96
header
Spam tool Message-Id:

(letters variant)
97
header
Message-ID has
ALLCAPS@yahoo.com
98
header
Message-ID is unusually
short
99
header
Message-ID contains
multiple '@' characters
100
header
Date header uses unusual

Y2K formatting
101
header
Invalid Date: header (not

RFC 2822)
FAKE_HELO_YAHOO
_CA
FRAGMENTED_MES
SAGE
1
2.5
2.215 2.212
2.100 0.760
2.302 0.723
FROM_STARTS_WIT
H_NUMS
1.232 1.499
2.601 1.145
FROM_OFFERS
2.699 0.001
2.199 0.499
FROM_NO_USER
2.081 1.483
2.160 1.333
PLING_QUERY
1.400 1.390
4.199 4.195
MSGID_SPAM_CAPS
4.199 4.195
2.861 1.637
MSGID_SPAM_LETT
ERS
0.866 1.188
MSGID_YAHOO_CAP 1.197 0.448
S
2.921 3.107
0.200 0.232
MSGID_SHORT
0.690 1.078
1.221 1.211
MSGID_MULTIPLE_
AT
1.571 1.449
2.057 1.031
DATE_SPAMWARE_
Y2K
2.912 2.883
2.303 1.651
INVALID_DATE
1.329 1.245
FROM_BLANK_NAM
E
0.197 0.243
2.284 2.191
1.704 0.862
1.583 2.079
2.601 2.065
2.265 2.696
102
header
Invalid Date: header

(timezone does not exist)
INVALID_DATE_TZ_
ABSURD
103
header
Invalid date in header

(wrong CST timezone)
INVALID_TZ_CST
104
header
Invalid date in header

(wrong EST timezone)
INVALID_TZ_EST
105
header
header
ENGLISH_UCE_SUBJ
ECT
JAPANESE_UCE_SU
BJECT
106
Subject contains an English

UCE tag
Subject contains a Japanese
UCE tag
107
header
Subject: contains Korean

unsolicited email tag
KOREAN_UCE_SUBJ
ECT
3.099 1.111
2.114 2.962
108
header
Contains forged hostname

for a DSL IP in Brazil
109
header
Character set doesn't exist
110
111
header
header
Missing Message-Id: header
FORGED_TELESP_R
CVD
NONEXISTENT_CHA
RSET
MISSING_MID
Missing Date: header
MISSING_DATE
112
header
Subject: contains G.a.p.p.yT.e.x.t
GAPPY_SUBJECT
113
header
Message has PreventNonDelivery-Report header
PREVENT_NONDELI
VERY
114
header
Message has X-IP header
X_IP
115
header
Subject contains "As Seen"
SUBJ_AS_SEEN
116
header
Subject starts with dollar

amount
SUBJ_DOLLARS
117
header
Subject contains "Your

Bills" or similar
SUBJ_YOUR_DEBT
118
header
Subject contains "Your

Family"
SUBJ_YOUR_FAMIL
Y
119
header
Received contains a faked

HELO hostname
RCVD_FAKE_HELO_
DOTCOM
120
header
Subject talks about losing

pounds
SUBJECT_DIET
121
header
Header has extraneous

Content-type:...type= entry
EXTRA_MPART_TYP
E
122
header
Spam tool pattern in MIME

boundary
MIME_BOUND_DD_
DIGITS
123
header

boundary
MIME_BOUND_DIGI
TS_15
3.869 4.199
3.386 1.466
2.899 2.896
2.899 2.896
1
0.001
0.001
2.104 2.001
0.941 1.020
1.515 1.640
1.737 1.600
2.840 1.943
2.744 3.177
1
2.399 0.842
1.501 1.421
2.899 2.896
2.576 2.622
2.799 2.647
2.000 1.043
2.789 2.775
2.899 2.592
2.527 1.621
2.084 1.466
0.001 0.001
1.472 0.803
0.001 0.001
0.001 1.170
124
header

boundary
MIME_BOUND_MAN
Y_HEX
125
header
To: has a malformed address
TO_MALFORMED
126
header
Received line contains

spam-sign (lowercase smtp)
WITH_LC_SMTP
127
header
Subject line starts with Buy

or Buying
SUBJ_BUY
128
header
Received headers forged

(AM/PM)
RCVD_AM_PM
129
header
Received header contains

faked 'mr.outblaze.com'
FAKE_OUTBLAZE_R
CVD
130
header
Headers contain an unclosed

bracket
UNCLOSED_BRACK
ET
131
header
From: domain has series of

non-vowel letters
FROM_DOMAIN_NO
VOWEL
132
header
From: localpart has series of

non-vowel letters
FROM_LOCAL_NOV
OWEL
133
header
From: localpart has long

hexadecimal sequence
FROM_LOCAL_HEX
134
header
From: localpart has long

digit sequence
FROM_LOCAL_DIGI
TS
135
header
Cc: after X-Priority: (bulk

email fingerprint)
X_PRIORITY_CC
136
header
Message has bad MIME

encoding in the header
BAD_ENC_HEADER
137
header
A foreign language charset

used in headers
CHARSET_FARAWA
Y_HEADER
3.2
138
header
Subject: has too many raw

illegal characters
SUBJ_ILLEGAL_CHA
RS
139
header
From: has too many raw

illegal characters
FROM_ILLEGAL_CH
ARS
140
header
Headers have too many raw

illegal characters
HEAD_ILLEGAL_CH
ARS
141
header
hotmail.com 'From' address,

but no 'Received:'
FORGED_HOTMAIL_
RCVD2
142
header
'From' yahoo.com does not

match 'Received' headers
FORGED_YAHOO_R
CVD
143
header
Recipient list is sorted by

address
SORTED_RECIPS
1.173 1.527
1.954 1.586
2.922 3.999
3.999 3.995
3.799 3.729
3.799 3.622
1.947 1.117
1.498 1.502
2.299 1.408
1.889 2.297
2.925 1.800
1.972 1.125
1
2.702 0.900
0.999 0.001
1.529 1.688
2.833 0.545
3.499 3.496
3.304 2.271
2.687 2.083
1.580 2.206
3.000 3.099
2.999 2.592
3.199 3.196
3.199 3.196
2.602 2.733
1.432 1.399
0.001
2.599 1.492
2.599 2.596
3.499 2.870
1.947 1.810
144
header
145
header
146
header
147
header
148
header
149
header
150
header
151
header
152
header
153
header
154
header
155
header
156
header
157
header
158
header
159
header
160
header
161
header
162
header
163
header
3.199 3.196
2.299 2.912
1.899 1.581
Missing To: header
MISSING_HEADERS
1.500 1.292
Received: says mail sent
ROUND_THE_WORL 2.699 2.696
around the world (HELO)
D_LOCAL
2.700 2.696
Date: is 3 to 6 hours before
DATE_IN_PAST_03_0 2.299 1.394
Received: date
6
1.306 0.044
Date: is 6 to 12 hours before DATE_IN_PAST_06_1 2.504 1.854
Received: date
2
1.499 1.069
Date: is 12 to 24 hours
DATE_IN_PAST_12_2 2.499 1.770
before Received: date
4
1.503 0.992
Date: is 24 to 48 hours
DATE_IN_PAST_24_4 2.300 1.627
8
1.498 1.219
Date: is 96 hours or more
DATE_IN_PAST_96_X 2.952 2.320
X
1.800 1.690
Date: is 3 to 6 hours after
DATE_IN_FUTURE_0 2.303 0.416
Received: date
3_06
1.461 0.274
Date: is 6 to 12 hours after
Received: date
6_12
2.136 1.897
Date: is 12 to 24 hours after DATE_IN_FUTURE_1 3.300 3.299
Received: date
2_24
3.000 2.189
Received: date
4_48
3.599 3.196
Received: date
8_96
3.199 3.199
Date: is 96 hours or more
after Received: date
6_XX
2.598 1.439
2.801 3.325
Headers contain an
UNRESOLVED_TEM
unresolved template
PLATE
3.499 3.132
2.299 1.806
Subject is all capitals
SUBJ_ALL_CAPS
1.926 2.077
2.499 2.497
Local part of To: address
LOCALPART_IN_SU
appears in Subject
BJECT
1.641 2.020
Message-Id is fake (in
MSGID_OUTLOOK_I 2.899 2.896
Outlook Express format)
NVALID
2.899 2.899
2.699 0.671
Multiple Content-Type
HEADER_COUNT_C
headers found
TYPE
2.390 3.026
Similar addresses in
recipient list
SUSPICIOUS_RECIPS
Message headers are very

long
HEAD_LONG
2.5
164
header
165
header
166
header
167
header
168
header
169
header
170
rawbody
171
body
172
body
173
body
174
body
175
body
176
body
177
body
178
body
179
body
180
Missing blank line between

message header and body
Informational: message has
unparseable relay lines
MISSING_HB_SEP
2.5
UNPARSEABLE_REL
AY
0.001
2.401 2.320
2.627 2.837
2.599 2.599
Received: contains an IP
RCVD_NUMERIC_H
address used for HELO
ELO
2.272 2.067
3.199 3.196
Received: contains illegal IP
RCVD_ILLEGAL_IP
address
2.902 1.908
Host HELO'd as a big ISP,
NO_RDNS_DOTCOM 2.411 0.799
but had no rDNS
_HELO
0.000 0.001
2.499 2.213
Javascript to hide URLs in
HIDE_WIN_STATUS
browser
2.499 2.499
HTML included in message
HTML_MESSAGE
0.001
HTML comment is very
HTML_COMMENT_S 0.001 0.001
short
HORT
0.032 0.727
HTML message is a saved
HTML_COMMENT_S 1.677 1.820
web page
AVED_URL
0.492 0.114
1.083 0.440
HTML with embedded
HTML_EMBEDS
plugin object
0.001 0.056
1.041 1.089
HTML contains far too
HTML_EXTRA_CLO
many close tags
SE
2.502 2.809
HTML_FONT_SIZE_L 0.147 0.001
HTML font size is large
ARGE
0.001 0.001
0.804 0.389
HTML_FONT_SIZE_
HTML font size is huge
HUGE
0.001 0.057
0.131 0.543
HTML font color similar to
HTML_FONT_LOW_
background
CONTRAST
0.663 0.124
HTML font face is not a
HTML_FONT_FACE_ 0.923 0.606
word
BAD
0.650 0.884
Received: HELO and IP do
not match, but should
RCVD_HELO_IP_MIS
MATCH
body
HTML includes a form

which sends mail
HTML_FORMACTIO
N_MAILTO
181
body
HTML: images with 0-400

bytes of words
HTML_IMAGE_ONL
Y_04
182
body
HTML: images with 400800 bytes of words
HTML_IMAGE_ONL
Y_08
183
body
HTML_IMAGE_ONL
Y_12
184
body
HTML_IMAGE_ONL
Y_16
2.502 1.462
1.875 2.041
2.554 2.432
2.045 1.787
2.552 2.245
2.779 2.460
2.646 2.498
2.078 1.526
2.401 1.808
1.500 1.546
2.400 2.207
1.501 1.552
2.500 1.519
2.115 1.561
2.353 1.318
2.004 1.778
1.518 0.550
0.573 0.383
1.561 0.170
0.863 0.172
0.401 0.001
0.501 0.001
0.203 0.001
0.179 0.001
0.638 0.572
0.000 0.001
2.600 3.196
2.487 2.601
3.199 2.747
3.199 3.196
2.599 2.599
2.214 1.362
185
body
HTML_IMAGE_ONL
Y_20
186
body
HTML_IMAGE_ONL
Y_24
187
body
HTML_IMAGE_ONL
Y_28
188
body
HTML_IMAGE_ONL
Y_32
189
body
HTML has a low ratio of

text to image area
HTML_IMAGE_RATI
O_02
190
body

text to image area
HTML_IMAGE_RATI
O_04
191
body

text to image area
HTML_IMAGE_RATI
O_06
192
body

text to image area
HTML_IMAGE_RATI
O_08
193
body
Message is 5% to 10%
HTML obfuscation
HTML_OBFUSCATE_
05_10
194
body

HTML obfuscation
HTML_OBFUSCATE_
10_20
195
body

HTML obfuscation
HTML_OBFUSCATE_
20_30
196
body

HTML obfuscation
HTML_OBFUSCATE_
30_40
197
body
body
199
body
HTML_OBFUSCATE_
50_60
HTML_OBFUSCATE_
70_80
HTML_OBFUSCATE_
90_100
198

HTML obfuscation
HTML obfuscation
HTML obfuscation
200
body
HTML has unbalanced

"body" tags
HTML_TAG_BALAN
CE_BODY
201
body
HTML has unbalanced

"head" tags
HTML_TAG_BALAN
CE_HEAD
1.253 0.807
1.082 1.263
2.498 1.370
0.533 1.334
202
body
HTML has "bgsound" tag
203
body
204
body
205
body
HTML message is 40% to

50% bad tags
60% bad tags
70% bad tags
HTML_TAG_EXIST_
BGSOUND
HTML_BADTAG_40_
50
HTML_BADTAG_50_
60
HTML_BADTAG_60_
70
1
1
1
1
1
1
206
body

100% bad tags
HTML_BADTAG_90_
100
207
body
30% to 40% of HTML

elements are non-standard
HTML_NONELEMEN
T_30_40
208
body
40% to 50% of HTML

HTML_NONELEMEN
T_40_50
1.024 1.775
0.074 0.001
0.322 0.001
1.707 0.944
209
body
210
body
60% to 70% of HTML

80% to 90% of HTML
HTML_NONELEMEN
T_60_70
HTML_NONELEMEN
T_80_90
211
body
Message has HTML

IFRAME tag with SRC URI
HTML_IFRAME_SRC
212
header
Envelope sender has no MX

or A DNS records
NO_DNS_FOR_FRO
M
0.001 0.001
0.000 0.043
0 1.407 0
1.496
213
header
Received: says mail sent

around the world (DNS)
ROUND_THE_WORL
D
214
body
Removal phrase right before

a link
REMOVE_BEFORE_L
INK
215
body
One hundred percent

guaranteed
GUARANTEED_100_
PERCENT
216
body
Dear Friend? That's not very

dear!
DEAR_FRIEND
217
body
Contains 'Dear (something)'
DEAR_SOMETHING
218
body
Talks about lots of money
BILLION_DOLLARS
219
body
Claims you can be removed

from the list
EXCUSE_4
220
body
Claims you wanted this ad
EXCUSE_24
221
body
Talks about how to be

removed from mailings
EXCUSE_REMOVE
222
body
Tells you about a strong buy
STRONG_BUY
223
body
Offers a alert about a stock
STOCK_ALERT
0.001 0.001
0.010 0.001
0.571 0.965
0.001 0.012
2.649 2.696
2.699 2.699
2.799 2.234
1.721 1.605
2.658 0.001
1.603 1.875
1.999 1.934
0.001 1.336
2.599 2.599
2.600 2.596
2.999 1.477
2.999 0.001
3.599 2.478
2.623 2.488
2.899 2.889
2.899 2.897
224
body
NOT_ADVISOR
225
body
Not registered investment

advisor
'Prestigious Non-Accredited
Universities'
PREST_NON_ACCRE
DITED
226
body
Information on growing
body parts
BODY_ENHANCEME
NT
1.799 1.608
1.499 0.309
1
1
227
body
Information on getting
larger body parts
BODY_ENHANCEME
NT2
228
body
Impotence cure
IMPOTENCE
229
body
Talks about a million North

American dollars
NA_DOLLARS
230
body
Mentions millions of
(dollar) ((dollar)
NN,NNN,NNN.NN)
US_DOLLARS_3
231
body
Talks about millions of

dollars
232
body
Contains urgent matter
233
body
Money back guarantee
234
body
Free express or noobligation quote
235
body
Eliminate Bad Credit
236
body
Home refinancing
237
body
Home refinancing
238
body
No Medical Exams
239
body
Lose Weight Spam
240
body
Freedom of a financial
nature
241
body
Stock Disclaimer Statement
242
body
One Time Rip Off
FORWARD_LOOKIN
G
ONE_TIME
243
body
Join Millions of Americans
JOIN_MILLIONS
244
body
Claims you registered with a

partner
MARKETING_PARTN
ERS
245
body
Lowest Price
LOW_PRICE
246
body
People just leave money

laying around
UNCLAIMED_MONE
Y
247
body
Message seems to contain

rot13ed address
OBSCURED_EMAIL
1.659 0.714
0.122 0.001
2.608 1.678
2.862 1.886
2.385 1.129
1.506 1.329
2.342 1.165
1.046 0.630
2.391 1.777
1.501 1.528
2.384 0.667
URG_BIZ
1.511 1.585
0.939 0.001
MONEY_BACK
0.001 0.001
FREE_QUOTE_INSTA 2.500 2.499
NT
1.499 1.496
2.602 0.325
BAD_CREDIT
1.500 0.001
REFINANCE_YOUR_ 2.699 0.001
HOME
2.699 2.039
2.393 0.169
REFINANCE_NOW
1.933 0.556
NO_MEDICAL
1
2.472 0.336
DIET_1
1.442 0.083
2.599 2.599
FIN_FREE
2.599 2.596
MILLION_USD
1
1
1.398 1.807
2.912 1.777
2.599 2.355
1.614 1.295
1.903 1.159
0.743 0.001
3.099 2.985
2.943 3.096
1.899 0.012
0.000 0.001
248
body
Talks about Oprah with an

exclamation!
BANG_OPRAH
249
body
Talks about 'acting now'

with capitals
ACT_NOW_CAPS
250
body
Talks about a bigger drive

for sex
MORE_SEX
251
body
Something is emphatically
guaranteed
BANG_GUAR
252
body
Message mentions
investment advice
INVESTMENT_ADVI
CE
253
body
Message talks about

enhancing men
MALE_ENHANCE
254
body
Message says that prices

aren't too expensive
PRICES_ARE_AFFOR
DABLE
255
body
Message talks about a

replica watch
REPLICA_WATCH
256
body
EM_ROLEX
257
body
Message puts emphasis on

the watch manufacturer
Possible porn - Free Porn
FREE_PORN
258
body
Possible porn - Cum Shot
CUM_SHOT
259
body
Possible porn - Live Porn
LIVE_PORN
260
header
Subject indicates sexuallyexplicit content
SUBJECT_SEXUAL
261
header
Bulk email fingerprint

(eGroups) found
RATWARE_EGROUP
S
262
header
X-Mailer has malformed

Outlook Express version
RATWARE_OE_MAL
FORMED
1
2.799 2.796
2.632 2.799
1
2.900 0.116
1.499 0.001
2.673 2.379
3.181 2.001
0.581 2.095
2.624 2.927
263
header
264
header
265
rawbody
266
header

(Mozilla malformed) found
(mPOP Web-Mail)
Contains a hashbuster in
Send-Safe format
(Gecko faked) found
RATWARE_MOZ_MA
LFORMED
RATWARE_MPOP_W
EBMAIL
RATWARE_HASH_D
ASH
RATWARE_GECKO_
BUILD
267
header
Bulk email fingerprint (XMessage-Info) found
X_MESSAGE_INFO
268
header

(header-based) found
HEADER_SPAM
269
header

(Received PF) found
RATWARE_RCVD_PF
1
0.948 0.001
1.259 0.792
3.699 2.321
1.631 1.183
2.002 1.237
1.500 0.939
0.001 0.001
0.421 0.042
2.600 2.596
2.599 2.596
2.195 0.001
2.444 0.001
3.399 3.396
3.399 3.396
1
1
1
1
3.499 3.496
3.330 1.597
3.399 3.396
3.399 3.396
3.899 3.895
3.900 3.847
1.918 0.650
1.741 0.213
3.799 3.795
3.799 1.529
270
header

(Received @) found
RATWARE_RCVD_AT
271
header

(envfrom) found
RATWARE_EFROM
272
uri
/^https?:\/\/
[^\/]*\&\#(?:\d{4,}|
[3456789]\d\d);/i
HIGH_CODEPAGE_U
RI
2.5
273
uri
Uses a numeric IP address

in URL
NUMERIC_HTTP_AD
DR
274
uri
Uses %-escapes inside a

URL's hostname
HTTP_ESCAPED_HO
ST
275
uri
Completely unnecessary %escapes inside a URL
HTTP_EXCESSIVE_E
SCAPES
276
uri
Dotted-decimal IP address
followed by CGI
IP_LINK_PLUS
277
uri
Uses non-standard port

number for HTTP
WEIRD_PORT
278
uri
Has Yahoo Redirect URI
YAHOO_RD_REDIR
279
uri
Has Yahoo Redirect URI
YAHOO_DRS_REDIR
280
uri
Contains an URL-encoded
hostname (HTTP77)
HTTP_77
281
uri
URI contains ".com" in

middle
SPOOF_COM2OTH
282
uri
URI contains ".com" in

middle and end
SPOOF_COM2COM
283
uri
URI contains ".net" or

".org", then ".com"
SPOOF_NET2COM
284
uri
URI hostname has long

hexadecimal sequence
URI_HEX
285
uri
URI hostname has long nonvowel sequence
URI_NOVOWEL
286
uri
URI contains suspicious

unsubscribe link
URI_UNSUBSCRIBE
287
uri
CGI in .info TLD other than

third-level "www"
URI_NO_WWW_INF
O_CGI
0.919 0.001
0.312 0.001
0.001 0.001
0.071 0.134
2.701 0.964
1.500 0.001
0.000 0.001
0.001 0.001
1.599 1.499
1.089 0.001
0.001 0.000
3.000 0.000
1.007 0.313
1.189 1.103
3.199 0.001
3.199 1.414
2.840 0.848
1.996 2.044
0.001 0.341
2.051 2.272
2.899 2.896
2.037 1.586
1.777 1.316
1.395 0.368
2.899 2.543
1.764 1.620
2.794 3.092
1.538 2.737
2.720 0.601
3.138 1.043
288
uri
CGI in .biz TLD other than

third-level "www"
URI_NO_WWW_BIZ_
CGI
289
uri
Uses a dotted-decimal IP
address in URL
NORMAL_HTTP_TO_
IP
0.101 0.001
0.001 0.001
290
body
Bayesian spam probability

is 0 to 1%
BAYES_00
291
body

is 1 to 5%
BAYES_05
292
body

is 5 to 20%
BAYES_20
293
body

is 20 to 40%
BAYES_40
294
body
295
body
296
body
297
body
298
body
299
header
300
body
301
body
302
full
303
header
304
header
305
header
306
header
307
header
308
header
309
header
310
header

is 40 to 60%
is 60 to 80%
is 80 to 95%
is 95 to 99%
is 99 to 100%
Message would have been
caught by accessdb
Message includes Microsoft
executable program
MIME filename does not
match content
Listed in DCC
(http://rhyolite.com/antispam/dcc/)
Domain Keys Identified
Mail: message has a
signature
Mail: signature passes
verification
Mail: policy says domain is
testing DK
Mail: policy says domain
signs some mails
Mail: policy says domain
signs all mails
Domain Keys: message has
a signature
Domain Keys: signature
passes verification
Domain Keys: policy says
domain is testing DK
BAYES_50
0 0 -2.312
-2.599
0 0 -1.110
-1.110
0 0 -0.740
-0.740
0 0 -0.185
-0.185
0 0 0.001
0.001
BAYES_60
0 0 1.0 1.0
BAYES_80
0 0 2.0 2.0
BAYES_95
0 0 3.0 3.0
BAYES_99
0 0 3.5 3.5
ACCESSDB
MICROSOFT_EXECU
TABLE
MIME_SUSPECT_NA
ME
0.1
0.1
DCC_CHECK
0 1.37 0
2.17
DKIM_SIGNED
0.001
DKIM_VERIFIED
-0.001
DKIM_POLICY_TEST
ING
0.001
DKIM_POLICY_SIGN
SOME
0.001
DKIM_POLICY_SIGN
ALL
0.001
DK_SIGNED
0.001
DK_VERIFIED
-0.001
DK_POLICY_TESTIN
G
0.001
311
header
312
header
313
header
314
header
315
header
316
header
317
header
318
header
319
header
320
header
321
full
322
full
323
full
324
full
325

domain signs some mails
domain signs all mails
Contains valid Hashcash
token (20 bits)
token (21 bits)
token (22 bits)
token (23 bits)
token (24 bits)
token (25 bits)
token (>25 bits)
Hashcash token already
spent in another mail
DK_POLICY_SIGNSO
ME
DK_POLICY_SIGNA
LL
0.001
HASHCASH_20
-0.5
HASHCASH_21
-0.7
HASHCASH_22
-1
HASHCASH_23
-2
HASHCASH_24
-3
HASHCASH_25
-4
HASHCASH_HIGH
-5
HASHCASH_2SPEND
0.1
PYZOR_CHECK
0 2.834 0
3.700
0.001
RAZOR2_CHECK
0 0.5 0 0.5
RAZOR2_CF_RANGE
_51_100
RAZOR2_CF_RANGE
_E4_51_100
RAZOR2_CF_RANGE
_E8_51_100
0 0.5 0 0.5
full
Listed in Pyzor
(http://pyzor.sf.net/)
Listed in Razor2
(http://razor.sf.net/)
Razor2 gives confidence
level above 50%
Razor2 gives engine 4
confidence level above 50%
Razor2 gives engine 8
confidence level above 50%
326
header
Attempt to obfuscate words

in Subject:
SUBJECT_FUZZY_M
EDS
3.800 2.812
3.799 3.799
327
header

in Subject:
SUBJECT_FUZZY_C
HEAP
328
header

in Subject:
SUBJECT_FUZZY_PE
NIS
329
header

in Subject:
SUBJECT_FUZZY_TI
ON
3.099 1.308
3.100 3.096
1.100 0.410
0.749 0.156
330
body

in spam
FUZZY_AFFORDABL
E
331
body

in spam
FUZZY_AMBIEN
1.520 0.962
0.195 1.026
332
body
FUZZY_BILLION
333
body

in spam
in spam
FUZZY_CPILL
0.001
334
body

in spam
FUZZY_CREDIT
1.696 0.522
0.740 1.238
0 1.5 0 1.5
0 1.5 0 1.5
335
body

in spam
FUZZY_ERECT
336
body

in spam
FUZZY_GUARANTE
E
337
body

in spam
FUZZY_MEDICATIO
N
338
body

in spam
FUZZY_MILLION
339
body

in spam
FUZZY_MONEY
340
body

in spam
FUZZY_MORTGAGE
341
body

in spam
FUZZY_OBLIGATIO
N
342
body

in spam
FUZZY_OFFERS
343
body

in spam
FUZZY_PHARMACY
344
body

in spam
FUZZY_PHENT
345
body

in spam
FUZZY_PRESCRIPT
346
body

in spam
FUZZY_PRICES
347
body

in spam
FUZZY_REFINANCE
348
body
349
body

in spam
in spam
350
body

in spam
351
body
352
body
353
body

in spam
in spam
in spam
354
body

in spam
FUZZY_VPILL
355
body

in spam
FUZZY_XPILL
356
header
SPF: sender matches SPF
SPF_PASS
2.529 0.708
1.736 0.804
2.496 0.962
2.899 1.252
0.307 0.001
2.637 2.717
2.173 2.325
1.797 2.529
2.799 2.796
2.799 2.799
3.299 3.296
3.036 1.880
2.799 2.796
2.799 2.469
3.299 1.032
2.199 1.246
2.999 2.999
2.090 1.704
1
2.699 2.644
1.704 1.604
2.801 2.458
1.665 1.304
2.102 0.001
0.505 0.001
FUZZY_REMOVE
FUZZY_ROLEX
FUZZY_SOFTWARE
2.797 2.860
3.169 3.471
FUZZY_THOUSAND
S
FUZZY_VLIUM
0.001
FUZZY_VIOXX
1
1.004 0.001
0.480 0.687
3.399 3.314
1.549 1.746
-0.001
record
2.199 1.210
0.756 0.686
2.600 0.992
1.669 0.693
2.301 0.654
0.698 0.596
357
header
SPF: sender does not match

SPF record (neutral)
SPF_NEUTRAL
358
header

SPF record (fail)
SPF_FAIL
359
header

SPF record (softfail)
SPF_SOFTFAIL
360
header
SPF: HELO matches SPF

record
SPF_HELO_PASS
-0.001
361
header
SPF: HELO does not match

SPF record (neutral)
SPF_HELO_NEUTRA
L
362
header

SPF record (fail)
SPF_HELO_FAIL
363
header

SPF record (softfail)
SPF_HELO_SOFTFAI
L
2.231 2.000
0.744 0.576
2.298 0.365
0.540 0.001
2.599 1.533
1.427 0.841
364
body
UNWANTED_LANGU
AGE_BODY
2.8
365
body
Message written in an
undesired language
Body includes 8 consecutive
8-bit characters
BODY_8BITS
1.5
366
body
Contains an URL listed in

the SBL blocklist
URIBL_SBL
367
body

the SC SURBL blocklist
URIBL_SC_SURBL
368
body

the WS SURBL blocklist
URIBL_WS_SURBL
369
body

the PH SURBL blocklist
URIBL_PH_SURBL
370
body

the OB SURBL blocklist
URIBL_OB_SURBL
371
body

the AB SURBL blocklist
URIBL_AB_SURBL
372
body

the JP SURBL blocklist
URIBL_JP_SURBL
373
body

the URIBL blacklist
URIBL_BLACK
374
body
375
body
376
header
377
header
378
header

the URIBL greylist
the URIBL redlist
From: address is in the auto
white-list
From: address is in the
user's black-list
user's white-list
0 2.468 0
1.499
0 2.523 0
0.474
0 2.100 0
1.500
0 2.035 0
1.787
0 2.132 0
1.500
0 1.613 0
1.860
0 2.857 0
1.501
0 1.961 0
1.955
URIBL_GREY
0.25
URIBL_RED
0.001
AWL
USER_IN_BLACKLIS
T
USER_IN_WHITELIS
T
100
-100
header

default white-list
User is listed in
'blacklist_to'
User is listed in
'whitelist_to'
User is listed in
'more_spam_to'
User is listed in
'all_spam_to'
user's DK whitelist
default DK white-list
user's DKIM whitelist
default DKIM white-list
user's SPF whitelist
default SPF white-list
Subject: contains string in
the user's white-list
Subject: contains string in
the user's black-list
USER_IN_DEF_WHIT
ELIST
USER_IN_BLACKLIS
T_TO
USER_IN_WHITELIS
T_TO
USER_IN_MORE_SP
AM_TO
USER_IN_ALL_SPAM
_TO
USER_IN_DK_WHIT
ELIST
USER_IN_DEF_DK_
WL
USER_IN_DKIM_WH
ITELIST
USER_IN_DEF_DKIM
_WL
USER_IN_SPF_WHIT
ELIST
USER_IN_DEF_SPF_
WL
SUBJECT_IN_WHITE
LIST
SUBJECT_IN_BLACK
LIST
392
header
From address contains an

apostrophe
APOSTROPHE_FRO
M
393
header
Message-Id =~ /^<[0-9]
{12}\.[0-9]{12}\@/
AXB_XMID_1212
394
header
Message-Id =~ /<[0-9A-F]
{15}\.[0-9A-F]{10}\@/
AXB_XMID_1510
395
header
396
header
397
header
398
header
399
400
379
header
380
header
381
header
382
header
383
header
384
header
385
header
386
header
387
header
388
header
389
header
390
header
391
Message-ID =~ /^<[0-9-a-f]
{12}$dollar) [0-9-a-f]{8}\
(dollar) [0]{8}\@/
Received =~ /\([123456790]
{1,2}\.[0-9]{1,2}\.[0-9]{1}\/
[0-9]{1,2}\.[0-9]{2}\.[0-9]
{1}$/
-15
10
-6
-20
-100
-100
-7.5
-100
-7.5
-100
-7.5
-100
100
0.002 0.001
1.597 0.001
3.899 3.899
3.899 3.496
4.299 4.295
3.893 3.015
AXB_XMID_OEGOE
SNULL
4.291 4.216
1.083 2.034
AXB_XM_SENDMAI
L_NOT
Received =~ /$8\.12\.3 da
nor stuldap\/8\.12\.3$/
AXB_XR_STULDAP
3.199 3.196
3.199 3.004
Thread-Index =~ /(?:\*| \<\>|

\)| \()/
AXB_XTIDX_CHAIN
body
Talks about banking laws
BANKING_LAWS
body
eval:check_base64_length('
78','79')
BASE64_LENGTH_78
_79
3.099 3.096
2.900 2.002
3.699 3.699
3.133 2.783
401
body
eval:check_base64_length('
79')
BASE64_LENGTH_79
_INF
402
body
/^\xEF\xBB\xBFMessageID:/
BROKEN_RATWARE
_BOM
Content-Type =~ /multipart.
{0,200}boundary=\"---=_NextPart_000_0001_01C
[0-9A-F]{5}\.[0-9A-F]
{7}0\"/
Content-Type =~ /multipart.
{0,200}boundary=\"---=_NextPart_000_0000_01C
[0-9A-F]{5}\.[0-9A-F]
{7}0\"/
3.900 2.763
2.962 1.496
2.699 2.267
2.440 2.473
CTYPE_001C_A
2.299 2.319
1.500 1.498
CTYPE_001C_B
403
header
404
header
405
body
/\bCurrent Price:/
CURR_PRICE
406
body
/\bdear.{1,20}winner/i
DEAR_WINNER
407
full
/<DIV align=3Dcenter><A
href=3D=\n/
DIV_CENTER_A_HR
EF
408
header
Sender from new domain

(Day Old Bread)
DNS_FROM_DOB
409
header
Envelope sender listed in

bl.open-whois.org.
DNS_FROM_OPENW
HOIS
410
body
Provision for income taxes
411
body
Report of financial income
412
body
Pump and dump stock spam
413
uri
Found an asterisk in a URI
DOS_PROVISION4
DOS_REPORT_FIN_I
NC
DOS_STOCK_CDYV_
GENERIC
DOS_URI_ASTERISK
414
header
Subject =~ /\bhoodia\b/i
DRUGS_HDIA
415
body
Add / Gain inches
FB_ADD_INCHES
416
body
It's almost sex, but not!
FB_ALMOST_SEX
417
body
Broken AnaTrim phrase.
FB_ANA_TRIM
418
body
Phrase: A_U_N_I
FB_ANUI
419
body
Phrase: [BM]Illi0n
FB_BILLI0N
420
body
Phrase: C0mpany
FB_C0MPANY
4.161 2.659
1.412 1.588
3.199 3.196
3.199 3.197
3.799 3.795
3.799 2.590
0 0.341 0
0.732
0 2.431 0
1.130
1.5
0.5
2.5
1
2.529 2.501
2.483 2.697
2.999 2.999
2.620 2.131
3.099 3.096
2.841 2.110
3.999 3.995
3.797 3.764
0.431 1.618
2.634 0.823
1
2.799 2.106
2.799 2.455
421
body
Phrase: can last longer
FB_CAN_LONGER
422
body
Uses a mis-spelled version

of cialis.
FB_CIALIS_LEO3
423
body
Looks like double 0 words
FB_DOUBLE_0WOR
DS
424
body
Phrase: email hier
FB_EMAIL_HIER
425
body
Phrase: extra inches
FB_EXTRA_INCHES
426
body
427
body
Looks like numbers with O's

insted of 0's
Looks like fake numbers (4)
428
body
Phrase: Farmacy
FB_FHARMACY
429
body
Phrase: forward look with

0's
FB_FORWARD_LOO
K
430
body
Too much spacing in

Address
FB_GAPPY_ADDRES
S
431
body
Looks like trying to sell

meds
FB_GET_MEDS
432
body
Looks like generic viagra
FB_GVR
433
body
Phrase hey bro,
FB_HEY_BRO_COM
MA
434
body
Phrase: HGH
FB_HG_H_CAP
435
body
Phrase (dollar) x home loan
FB_HOMELOAN
436
body
Phrase: impress ... girl
FB_IMPRESS_GIRL
437
body
Phrase: Increase your

energy
FB_INCREASE_YOU
R
438
body
Phrase: independent reward
FB_INDEPEND_RWD
439
body
Phrase: L0an
FB_L0AN
440
body
Special people leave special

signs!
FB_LETTERS_21B
441
body
Phrase: lower your monthly

payments
FB_LOWER_PAYM
442
body
Phrase: Med1cat
FB_MED1CAT
1.403 1.309
0.474 0.442
2.628 2.815
3.001 1.441
3.599 3.595
3.599 3.533
0.342 1.203
2.941 2.189
1.234 3.096
2.081 2.442
FB_FAKE_NUMBERS
FB_FAKE_NUMS4
1
3.699 3.695
2.819 3.576
0.000 0.000
3.000 1.000
3.399 3.399
3.399 2.674
3.599 1.097
1.501 0.803
0.469 0.001
0.001 0.127
3.099 2.783
3.099 2.331
1.885 0.887
0.007 0.274
2.487 2.014
2.003 0.710
2.197 1.757
1.964 2.581
3.399 3.396
3.399 3.396
3.599 3.599
3.600 3.595
1
3.999 3.999
3.999 3.995
3.000 2.996
2.999 2.996
1
443
body
Talks about meds and %
FB_MEDS_PERCENT
444
body
Phrase: more size
FB_MORE_SIZE
445
body
Looks like a fake phone

number (1)
FB_NOT_PHONE_NU
M1
446
body
Looks like a fake phone

number (3)
FB_NOT_PHONE_NU
M3
447
body
Looks like school but it's

not!
FB_NOT_SCHOOL
448
body
Phrase: no prescription
needed.
FB_NO_SCRIP_NEED
ED
449
body
Speaks of teenager.
FB_NUMYO
450
body
Speaks of 20+ year old.
FB_NUMYO2
451
body
Looks like money but has

odd spacing.
FB_ODD_SPACED_M
ONEY
452
body
Mis-spelled online
FB_ONIINE
453
body
Phrase: p1ll
FB_P1LL
454
body
Phrase: penis growth
FB_PENIS_GROWTH
455
body
Phrase: Dollar, with pipes or

0's.
FB_PIPEDOLLAR
456
body
457
body
Looks like illion, but it's not

Talks about prolonged
hardness
FB_PIPE_ILLION
FB_PROLONGED_H
ARD
458
body
Phrase: quality replica
FB_QUALITY_REPLI
CA
3.899 3.899
3.899 2.949
459
body
Refcode with spacing
FB_REF_CODE_SPAC
E
3.599
460
body
Phrase: REPLICA
461
body
Looks like refi.
462
body
Phrase: Roller is th
463
body
Phrase: rolx
464
body
Phrase: Softabs
465
body
Phrase: F R E E
466
body
Phone number with -spacing. (B)
1
1.166 1.422
2.013 0.397
2.600 2.599
2.599 2.596
2.599 2.596
2.599 2.599
3.099 2.312
1.868 2.961
3.088 2.458
2.403 3.228
2.400 2.397
2.399 2.397
1
2.303 2.723
2.697 1.959
1
0.467 1.088
1.552 1.814
1
2.599 2.430
2.599 2.599
1
1
4.000 3.995
3.567 3.242
2.699 2.696
FB_RE_FI
2.699 2.696
FB_ROLLER_IS_T
1
0.000 0.000
FB_ROLX
3.000 1.000
4.299 4.281
FB_SOFTTABS
4.064 3.513
FB_SPACED_FREE
1
2.899 2.896
FB_SPACED_PHN_3B
2.899 2.896
FB_REPLIC_CAP
467
body
Looks like a s p a c e d
zipcode.
FB_SPACEY_ZIP
468
body
Phrase: SPUR-M
FB_SPUR_M
469
body
Phrase: ssex
FB_SSEX
470
body
Looks like stocks exploding.
FB_STOCK_EXPLOD
E
471
472
body
body
Mis-spelled symbol.
FB_SYMBLO
Phrase: this advertiser
FB_THIS_ADVERT
473
body
Phrase: thousand personal
FB_THOUS_PERSON
AL
474
body
Phrase: to stop further

distribution
FB_TO_STOP_DISTR
O
475
body
Phrase: Ultra Allure
FB_ULTRA_ALLURE
476
body
Phrase: lock to your

girlfriend
FB_UNLOCK_YOUR
_G
477
body
Pattern Replacement
PROV_D
FB_UNRESOLV_PRO
V
2.687 1.785
3.099 1.680
1
2.019 2.001
2.556 2.489
2.699 2.696
1.927 1.833
1
1
0.000 0.000
3.000 1.000
3.099 3.096
3.099 3.096
2.999 2.841
2.374 2.999
2.699 2.696
2.618 2.002
1.606 1.132
2.429 0.765
478
body
Looks like a word ending

with a (dollar)
FB_WORD1_END_D
OLLAR
479
body
Phrase: yourself master
FB_YOURSELF_MAS
TER
480
body
Phrase: Your refi
FB_YOUR_REFI
481
header
Bad X-Mailer version
FH_BAD_OEV1441
482
header
The date is not 19xx.
FH_DATE_IS_19XX
483
header
The date is grossly in the

future.
FH_DATE_PAST_20X
X
484
header
RCVD line looks faked (A)
FH_FAKE_RCVD_LI
NE
485
header
E-mail address doesn't have

TLD (.com, etc.)
FH_FROMEML_NOT
LD
486
header
From name has "cash"
FH_FROM_CASH
0.421 1.248
1.557 2.011
2.701 3.306
3.300 3.518
0.974 2.393
2.440 2.401
1.947 1.970
2.512 2.199
2.075 3.384
3.554 3.188
2.230 2.215
2.670 2.470
2.699 2.196
2.699 2.696
2.999 2.996
2.999 2.996
487
header
From name says Get
FH_FROM_GET_NA
ME
488
header
From name is giveaway.
FH_FROM_GIVEAWA
Y
2.799 2.796
2.799 1.597
489
header
From has Hoodia!!?
FH_FROM_HOODIA
490
header
Has X-AIMC-AUTH header
FH_HAS_XAIMC
491
header
Has X-ID
FH_HAS_XID
492
header
Helo is almost an IP addr.
FH_HELO_ALMOST_
IP
493
header
Helo ends with a dot.
FH_HELO_ENDS_DO
T
494
header
Helo is 6-10 hex chr's.
FH_HELO_EQ_610HE
X
495
header
Helo is d-d-d-d charter.com
FH_HELO_EQ_CHAR
TER
496
header
Helo is d-d-d-d
FH_HELO_EQ_D_D_
D_D
2.699 2.696
2.699 2.696
2.699 2.699
2.699 2.696
2.400 2.399
2.399 2.397
3.222 3.727
3.463 3.565
3.599 3.020
1.395 2.308
4.099 4.099
4.099 4.095
0.359 1.258
1.495 1.044
2.399 0.498
0.561 0.001
497
header
Faked helo of gmail-smtp-in
FH_HELO_GMAILSM
TP
498
header
The host almost looks like

an IP addr.
499
header
Host is dynamicip
500
header
Host starts with d-d-d-d
501
header
Host is d-d-d-d
502
header
Host is pacbell.net dsl
503
header
Host is pool-.+verizon.net
504
header
Special MSGID
505
header
Special MSGID
506
header
MESSAGE ID seen often!!!
507
header
Broken Replace Template
508
header
Common sign in msg-id's

12/21/2006
4.099 3.791
2.170 1.751
FH_HOST_EQ_DYNA 0.964 3.097
MICIP
3.103 4.058
2.599 1.992
FH_HOST_EQ_D_D_
D_D
1.692 1.212
0.102 0.095
FH_HOST_EQ_D_D_
D_DB
0.055 0.223
0.005 0.893
FH_HOST_EQ_PACB
ELL_D
1.479 1.670
FH_HOST_EQ_VERIZ 2.101 1.105
ON_P
0.001 0.001
4.399 4.299
FH_MSGID_000000
2.809 3.236
3.299 0.495
FH_MSGID_01C67
1.500 0.001
FH_MSGID_01C70XX 3.899 3.895
X
2.757 3.899
FH_MSGID_REPLAC 1.282 2.079
E
2.223 2.512
4.499 4.495
FH_MSGID_XXBLAH
4.319 3.390
FH_HOST_ALMOST_
IP
509
header
Message-Id = @xxx
510
header
Subject is Re: new \d\d\d
511
header
Broken Replace Template
512
header
Special X-Mailer Version
513
header
Looks like Fake Outlook?
514
body
ReplaceTags: Adobe
515
body
ReplaceTags: Bigger /
Larger, Penis / Member
516
body
ReplaceTags: Diploma
517
body
ReplaceTags: Discount
518
body
ReplaceTags: Dollar
519
520
body
body
ReplaceTags: Establish (2)
521
body
ReplaceTags: Guarantee (1)
522
body
ReplaceTags: Investor
523
body
ReplaceTags: Levitra
524
body
ReplaceTags: Meeting
525
body
ReplaceTags: Offer (2)
526
body
ReplaceTags: Oppertun (1)
527
body
ReplaceTags: Oppertun (2)
528
body
ReplaceTags: Penis
529
body
ReplaceTags: Price
530
body
ReplaceTags: Refinance (1)
531
body
ReplaceTags: Rolex
ReplaceTags: Fuck (2)
3.200 3.196
3.200 2.682
2.251 1.209
FH_RE_NEW_DDD
1.526 2.687
FH_XMAIL_REPLAC 1.254 2.142
E
1.662 1.065
FH_XMAIL_RND_833
1
4.199 4.199
FM_XMAIL_F_OUT
2.643 1.815
FRT_ADOBE2
1
0.000 0.001
FRT_BIGGERMEM1
1.205 1.782
FRT_DIPLOMA
1
2.999 2.996
FRT_DISCOUNT
1.498 1.810
2.529 2.596
FRT_DOLLAR
2.133 2.366
FRT_ESTABLISH2
1
FRT_FUCK2
1
2.503 2.819
FRT_GUARANTEE1
2.144 1.253
FRT_INVESTOR
1
0.001 0.745
FRT_LEVITRA
1.685 1.814
2.700 2.699
FRT_MEETING
2.699 2.699
2.700 1.590
FRT_OFFER2
1.097 1.287
FRT_OPPORTUN1
1
2.699 2.699
FRT_OPPORTUN2
2.699 2.689
3.799 3.074
FRT_PENIS1
3.002 2.486
3.699 2.531
FRT_PRICE
3.072 3.491
2.799 2.727
FRT_REFINANCE1
0.994 0.921
3.099 3.096
FRT_ROLEX
3.099 3.096
FH_MSGID_XXX
532
body
ReplaceTags: Sexual
FRT_SEXUAL
533
534
body
body
ReplaceTags: Soma
FRT_SOMA
ReplaceTags: Soma (2)
FRT_SOMA2
535
body
ReplaceTags: Strong (1)
FRT_STRONG1
536
body
ReplaceTags: Strong (2)
FRT_STRONG2
537
body
ReplaceTags: Symbol
FRT_SYMBOL
538
body
ReplaceTags: Today (2)
FRT_TODAY2
539
body
ReplaceTags: Valium
FRT_VALIUM1
540
body
ReplaceTags: Valium (2)
FRT_VALIUM2
541
body
ReplaceTags: Weight (2)
FRT_WEIGHT2
542
body
ReplaceTags: Xanax (1)
FRT_XANAX1
543
body
ReplaceTags: Xanax (2)
FRT_XANAX2
544
rawbody
Looks like 3 <e> small tags.
FR_3TAG_3TAG
545
rawbody
Almost looks like viagra.
FR_ALMOST_VIAG2
546
rawbody
Phrase class=cantseetext
FR_CANTSEETEXT
547
rawbody
Sign often seen in spams
FR_MIDER
548
header
Subject says "At No Cost"
FS_AT_NO_COST
549
header
Phrase: Cheap in Caps in

Subject.
FS_CHEAP_CAP
550
header
Subject talks about money

bonus!
FS_DOLLAR_BONUS
551
header
Phrase: ejaculation in
subject.
FS_EJACULA
552
header
Phrase: erection in subject.
FS_ERECTION
553
header
Phrase: Huge Cock
FS_HUGECOCK
3.199 3.196
3.199 3.142
1
1
3.699 2.919
2.712 2.976
1.302 0.001
2.745 3.096
1.902 3.561
2.587 2.943
2.523 2.460
3.246 2.382
3.096 3.049
0.664 1.590
1.903 1.933
1.328 1.301
2.529 2.930
3.099 2.121
3.799 3.799
2.265 2.423
0.001
2.405 0.998
2.599 1.053
2.402 2.376
2.051 1.990
1
1.233 1.706
0.792 2.068
2.600 2.596
2.599 1.561
0.001 0.001
0.005 0.001
2.699 2.696
2.699 2.673
2.999 2.996
2.999 1.803
2.699 2.020
2.042 2.643
1
2.999 1.037
2.363 0.412
1
2.799 1.763
1.849 2.001
1.177 1.154
3.476 1.790
0.009 0.616
0.125 1.100
1.432 2.422
1.384 1.577
1.681 0.722
3.191 1.460
554
header
Larger than 100% in subj.
FS_LARGE_PERCEN
T2
555
header
Phrase: lower your
FS_LOWER_YOUR
556
header
Subject says low rates
FS_LOW_RATES
557
header
Subj starts with New

software uploaded
FS_NEW_SOFT_UPL
OAD
558
header
Subject looks like Fharmacy

spams.
FS_NEW_XXX
559
header
Subject almost says No

prescription
FS_NO_SCRIP
560
header
what could this word be?
FS_OBFU_PRMCY
561
header
Subject mis-spelled
prescription
FS_PERSCRIPTION
562
header
Looks like Phramacy

subject.
FS_PHARMASUB2
563
header
Subject says Ramrod
FS_RAMROD
564
header
Subject says "replica"
FS_REPLICA
565
header
Subject says Replica watch
FS_REPLICAWATCH
566
header
Phrase: re approved
FS_RE_APPROV
567
header
Subject starts with Do you

dream,have,want,love, etc.
FS_START_DOYOU2
568
header
Subject starts with Lose
FS_START_LOSE
569
header
Subject says something bad

about teens
FS_TEEN_BAD
570
header
Phrase: subject = tip ddd
FS_TIP_DDD
571
header
Subject says Weight Loss
FS_WEIGHT_LOSS
572
header
Subject says will help
FS_WILL_HELP
573
header
FS_WITH_SMALL
574
body
Subject says With ... small

/<inter W3><post P2>\b(?!
meridia)<M><E><R><I><
D><I><A>\b/i
FUZZY_MERIDIA
0.001 0.778
1.936 2.374
575
uri
Sub-dir seen often in spam

(2).
FU_COMMON_SUBS
2
2.403 2.057
2.136 1.498
1
3.899 3.895
3.899 3.896
1.076 2.820
2.317 2.777
2.800 1.179
1.403 1.041
3.524 3.799
2.094 2.502
1
3.099 3.099
3.099 3.097
2.599 2.596
2.034 2.167
2.501 2.596
2.441 2.549
0.001 0.021
1.726 0.101
1
3.299 3.299
3.299 3.296
1
576
uri
Ends with clk/d+.d+.d+
FU_ENDS_NUMS_D
OTS_CLK
577
uri
ET Phone Home?
FU_END_ET
578
uri
URL has hoodia in it.
FU_HOODIA
579
uri
URL has a long file name

with .aspx extension.
FU_LONG_QUERY3
580
uri
URL has /gal/
FU_MIDER
581
uri
URL with [a-z]

{2}.geocities.com
FU_UKGEOCITIES
582
uri
URI style tracker (T)
FU_URI_TRACKER_
T
3.200 3.196
3.199 3.196
3.599 3.599
3.599 3.500
1.177 1.484
0.751 1.652
1.662 0.001
1.649 0.001
3.767 2.024
1.458 1.110
3.299 3.296
3.299 3.296
3.899 3.895
2.400 3.193
583
uri
/^http:\/\/(?:\w{2,4}\.)?
geocities\.com(?::\d*)?\/.
+?\/\?/i
GEO_QUERY_STRIN
G
2.699 2.696
2.699 2.696
584
header
Multiple Subject headers

found
HEADER_COUNT_S
UBJECT
3.099 3.099
3.100 3.096
585
header
HELO_FRIEND
0.001
586
header
HELO_LH_HOME
2.602 3.169
2.689 3.714
587
header
X-Spam-Relays-Untrusted
=~ /^[^\]]+ helo=friend /i
=~ /^[^\]]+ helo=\S+\.
(?:home| lan) /i
=~ /^[^\]]+
helo=localhost\.localdomain
/i
HELO_LH_LD
0.800 0.792
1.184 1.215
588
header
=~ /^[^\]]+ helo=localhost /i
HELO_LOCALHOST
4.499 4.499
3.998 3.941
589
header
=~ /^[^\]]+ helo=(?:pc|
oem\S*) /i
HELO_OEM
3.299 3.296
3.043 2.195
590
body
Somebody has uploaded

some new software for you
591
body
Contains a drug and pricelike pattern.
592
body
593
body
594
uri
Links to common
unsubscribe script:
'getmeoff.php'
0.043 1.992
2.046 2.658
HS_DRUG_DOLLAR_ 1.033 1.350
1
1.929 0.090
2
2.748 1.617
3
1.317 1.378
HS_BODY_UPLOAD
ED_SOFTWARE
HS_GETMEOFF
0.000 0.000
3.000 1.000
Link contains a common

tracker pattern.
HS_INDEX_PARAM
0.001
Talks about meeting up for

sex.
HS_MEETUP_FOR_S
EX
header
Subject starts with 'New

software uploaded by'
HS_SUBJ_NEW_SOF
TWARE
598
header
Subject contains the phrase

'Online pharmaceutical'
HS_SUBJ_ONLINE_P
HARMACEUTICAL
0.000 0.000
3.000 1.000
1.118 0.253
2.395 3.599
0 0 0.001
0.001
599
body
eval:check_https_http_mism
atch('1','10')
HTTPS_HTTP_MISM
ATCH
600
header
Received =~ /by \S+ \

(Qmailv1\) with ESMTP/
JM_RCVD_QMAILV1
601
body
/(?:OTC| OTCBB| OTC

Pink Sheets):/is
KAM_STOCKOTC
602
body
603
body
604
body
605
body
606
body
607
body
/(?:Conforce International|
CFRI)/is
/(?:Nano Superlattice
Technology| NSLT)/is
/(?:PREMIER
INFORMATION| (^|
\b)PIFR((dollar) | \b))/is
/(?:Harbin Pingchuan| P G C
N| PGCN)/is
/(?:Remington Ventures|
RMVN)/is
/(?:China World Trade
Corporation| CWTD)/is
608
body
/long\W+term\W+(target|
projected)(\W+price)?/i
LONG_TERM_PRICE
609
body
A loop hole in the banking

laws?
LOOPHOLE_1
610
header
611
header
612
header
613
full
614
header
615
header
595
uri
596
body
597
Date =~ /\s[+-]\d(?!
[2358]45)\d[1249]\d(dollar) /
Message-ID =~ /^<\d{14}\.
[A-F0-9]{10}\@[A-Z09]+>(dollar) /
Content-Type =~
/boundary="===========
==========_\d+==\.REL"
/s
Message has NUL (ASCII
0) byte in message
Claims to be sent by an
unusual build of Outlook
(3416)
Received =~ /\bid\s+[a-zAZ0-9_+\/\\,-]+(?:[!"\#\
3.999 3.995
3.999 3.996
3.999 2.328
3.947 3.964
KAM_STOCKTIP14
KAM_STOCKTIP15
0.001
KAM_STOCKTIP20
KAM_STOCKTIP21
KAM_STOCKTIP4
KAM_STOCKTIP6
1
0.001 0.212
0.001 0.001
2.188 2.474
2.623 2.210
L_SPAM_TOOL_13
4.499 4.499
4.499 4.495
MID_DEGREES
4.199 4.195
4.057 3.700
MIME_BOUND_EQ_
REL
0.123 0.845
2.457 2.832
NULL_IN_BODY
2.802 1.489
3.699 2.425
OUTLOOK_3416
RCVD_BAD_ID
1.702 1.695
1.821 1.744
2.100 2.088
3.266 2.837
(dollar) \%&'()*:<=>?\@\
[\]^\`{| }~]| ;\S)/
616
header
Forged 'Received' header

found ('wrote:' spam)
RCVD_FORGED_WR
OTE
4.365 4.479
4.499 2.523
Received =~ /from [0-9.]+ \

(HELO \S+[A-Za-z]+\) by
(\S+) with esmtp \
(\S+\s\S+\) id
\S{6}-\S{6}-\S\S for
\S+@\1;/s
Sender listed at
http://www.dnswl.org/, high
trust
Sender listed at
http://www.dnswl.org/, low
trust
Sender listed at
http://www.dnswl.org/,
medium trust
RCVD_FORGED_WR
OTE2
2.052 2.736
1.391 4.325
RCVD_IN_DNSWL_H
I
0 -8 0 -8
RCVD_IN_DNSWL_L
OW
0 -1 0 -1
RCVD_IN_DNSWL_
MED
0 -4 0 -4
RCVD_IN_DOB
0 0.835 0
1.103
RCVD_IN_IADB_DK
RCVD_IN_IADB_DO
PTIN
0 -4 0 -4
RCVD_IN_IADB_DO
PTIN_GT50
RCVD_IN_IADB_DO
PTIN_LT50
617
header
618
header
619
header
620
header
621
header
Received via relay in new

domain (Day Old Bread)
622
header
623
header
624
header
625
header
IADB: Sender publishes

Domain Keys record
IADB: All mailing list mail
is confirmed opt-in
IADB: Confirmed opt-in
used more than 50% of the
time
IADB: Confirmed opt-in
used less than 50% of the
time
626
header
IADB: Participates in Email

Deliverability Database
RCVD_IN_IADB_ED
DB
627
header
IADB: Member of Email

Processing Industry Alliance
RCVD_IN_IADB_EPI
A
628
header
IADB: Sender has been

certified by GoodMail
RCVD_IN_IADB_GO
ODMAIL
629
header
Participates in the IADB

system
RCVD_IN_IADB_LIS
TED
630
header
IADB: Adds relationship

addrs w/out opt-in
RCVD_IN_IADB_LO
OSE
631
header
IADB: Complies with

Michigan's CPEAR law
RCVD_IN_IADB_MI_
CPEAR
0 -0.001 0
-0.293
0 -0.135 0
-0.001
0 -0.001 0
-0.001
0 -0.001 0
-0.001
0 -0.001 0
-0.001
0 -0.001 0
-0.001
632
header
RCVD_IN_IADB_MI_
CPR_30
0 -0.001 0
-0.001
633
header
RCVD_IN_IADB_MI_
CPR_MAT
IADB: Checked lists against

Michigan's CPR within 30
days
IADB: Sends no material
under Michigan's CPR
634
header
IADB: Mailing list email

only, confirmed opt-in
RCVD_IN_IADB_ML
_DOPTIN
0 -6 0 -6
635
header
IADB: Has absolutely no

mailing controls in place
RCVD_IN_IADB_NO
CONTROL
0 -0.001 0
-0.001
636
header
header
RCVD_IN_IADB_OO
O
RCVD_IN_IADB_OPT
IN
637
IADB: One-toone/transactional email only

IADB: All mailing list mail
is opt-in
638
header
IADB: Opt-in used more

than 50% of the time
RCVD_IN_IADB_OPT
IN_GT50
0 -0.499 0
-0.245
639
header
IADB: Opt-in used less than

50% of the time
RCVD_IN_IADB_OPT
IN_LT50
640
header
IADB: Scrapes addresses,

pure opt-out only
RCVD_IN_IADB_OPT
OUTONLY
0 -0.001 0
-0.001
641
header
IADB: Sender has reverse

DNS record
RCVD_IN_IADB_RD
NS
642
header

Sender ID record
RCVD_IN_IADB_SEN
DERID
643
header

SPF record
RCVD_IN_IADB_SPF
644
header
IADB: Accepts unverified

sign-ups
RCVD_IN_IADB_UN
VERIFIED_1
0 -0.001 0
-0.001
0 -0.001 0
-0.078
0 -0.001 0
-0.001
645
header
IADB: Accepts unverified

sign-ups, gives chance to
opt out
RCVD_IN_IADB_UN
VERIFIED_2
0 -0.001 0
-0.001
646
header
IADB: Complies with

Utah's CPEAR law
RCVD_IN_IADB_UT_
CPEAR
647
header
IADB: Checked lists against

Utah's CPR within 30 days
RCVD_IN_IADB_UT_
CPR_30
0 -0.001 0
-0.001
0 -0.001 0
-0.001
648
header
RCVD_IN_IADB_UT_
CPR_MAT
649
header
IADB: Sends no material

under Utah's CPR
Forged Received header
(contains post.com or
mail.com)
RCVD_MAIL_COM
1.082 1.452
2.532 0.930
650
body
/short\W+term\W+(target|
projected)(\W+price)?/i
SHORT_TERM_PRIC
E
0.540 1.950
0.655 0.676
STOX_RCVD_N_NN_
N
STOX_REPLY_TYPE
0.001
TEMPLATE_203_RCV
D
651
header
652
header
653
header
Received =~ / by
\d+\.\d+\.\d+\.\d+ \
(\d\.\d\d\.\d\/\d\.\d\d\.\d\)
with SMTP id [\dA-Za-z]
+\;/
Content-Type =~
/text\/plain; .* replytype=original/
Received =~ /from
192.168.0.\d+ \(203-219-/
654
header
Scora: Message-Id ends

after left-bracket + digits
TT_MSGID_TRUNC
655
body
/\bact of (?:193| nineteen

thirty)/i
TVD_ACT_193
656
body
/you.{1,2}re .
{0,20}approved/i
TVD_APPROVED
657
body
/approved .{0,20}loan/i
TVD_APP_LOAN
658
body
/^dear homeowner/i
TVD_DEAR_HOMEO
WNER
659
header
EnvelopeFrom =~ /\'/
TVD_ENVFROM_AP
OST
660
header
661
rawbody
662
body
663
body
664
body
665
body
666
body
667
body
668
body
669
body
670
body
Content-Type =~
/^text\/plain(?:;
(?:format=flowed|
charset="Windows-1252"|
reply-type=original)){3}/i
/\bstyle\s*=\s*"[^"]*\bfloat\
s*:\s*[a-z]+\s*">\s*[a-zAZ]+\s*</i
/<inter W1><post P1>\b(?!
degree)<D><E><G><R><E
><E>\b/i
/(?!
finance)<F><I><N><A><N
><C><E>/i
/<inter W2><post P2>(?!
fixed
rate)<F><I><X><E><D>\s
+<R><A><T><E>/i
microcap)(?!microcap)<M><I><C><R><O>-?
<C><A><P>/i
pharmaceutical)<P><H><A
><R><M><A><C><E><U
><T><I><C><A><L>/i
symbol)<S><Y><M><B><
O><L>/i
/\bsize of .{1,20}(?:penis|
dick| manhood)/i
/\blink to save\b/i
/\baccounts? (?:[a-z_,-]+ )+?
(?:record[a-z]*| suspen[a-z]
+| notif(?:y| ication)|
updated| verifications?|
credited)\b/i
0.001 1.874
1.924 1.364
2.273 3.420
3.499 2.622
2.999 2.558
1.550 1.731
1
2.599 2.599
2.599 2.596
4.199 3.307
0.465 0.088
TVD_FINGER_02
2.796 2.720
3.199 2.134
TVD_FLOAT_GENER
AL
3.599 1.114
0.591 0.001
TVD_FUZZY_DEGRE
E
TVD_FUZZY_FINAN
CE
TVD_FUZZY_FIXED
_RATE
TVD_FUZZY_MICRO
CAP
TVD_FUZZY_PHAR
MACEUTICAL
TVD_FUZZY_SYMB
OL
3.099 1.435
2.086 1.699
TVD_INCREASE_SIZ
E
TVD_LINK_SAVE
TVD_PH_BODY_AC
COUNTS_PRE
TVD_PH_REC
2.702 2.996
2.996 2.996
TVD_PH_SEC
TVD_PH_SUBJ_ACC
OUNTS_POST
2.999 2.996
2.999 2.996
Subject =~ /ûrgent(?:
[\s\W]*(dollar) | .{1,40}
(?:alert| response| assistance|
proposal| reply| warning|
noti(?:ce| fication)| greeting|
matter))/i
TVD_PH_SUBJ_URG
ENT
2.616 2.102
2.799 2.797
/\bquality med(?:ication)?
s\b/i
TVD_QUAL_MEDS
2.626 4.123
2.647 3.568
TVD_RATWARE_CB
2.839 2.914
2.465 2.645
TVD_RATWARE_CB_
2
671
body
Message has a phrase

standard for phishing mails
672
body
673
header
Message has a phrase

standard for phishing mails
Subject =~ /\b(?:(?:re-?)?
activat[a-z]*| secure| verify|
restore| flagged| limited|
unusual| report| notif(?:y|
ication)| suspen(?:d| ded|
sion)| confirm[a-z]*) (?:[az_,-]+ )*?accounts?\b/i
674
header
675
body
Content-Type =~
/\bboundary\b.
{1,40}qzsoft_directmail_se
perator/i
Content-Type =~
/\bboundary\s*=\s*"?+\d+=+\.MRA/
676
header
677
header
678
header
Message-ID =~ /^[^<]*<[az]+\@/
TVD_RATWARE_MS
GID_02
2.139 1.688
1.557 0.581
679
header
Received =~ /^from\s+
(?:\d+[^0-9a-zA-Z\s])
{3}\d+[.\s]/
TVD_RCVD_IP
0.502 1.617
2.270 1.931
680
header
Received =~ /^from\s+
(?:\d+\.){3}\d+\s/
TVD_RCVD_IP4
681
header
Received =~ /^from\s+(?!
localhost)[^\s.a-z0-9-]+\s/
TVD_RCVD_SINGLE
682
header
Received =~ /$\[(?!UNIX:)
[^\[\]]*\s/
TVD_RCVD_SPACE_
BRACKET
683
body
/\bSection (?:27A| 21B)/i
TVD_SECTION
2.956 3.317
1.541 3.499
TVD_SILLY_URI_OB
FU
TVD_SPACED_SUBJ
ECT_WORD3
2.802 3.599
2.276 2.412
TVD_STOCK1
4.199 3.792
4.199 3.753
684
body
685
header
686
body
m!https?://[a-z0-9-]+\.[a-z09-]*\.?[â-z09.:/\s"'\@?$>-]+[a-z09.-]*[a-z]{3}(?:\s| (dollar) )!
i
Subject =~ /^(?:(?:Re| Fw)
[^:]{0,5}: )?[A-Z]+[a-z]+
[A-Z]+(dollar) /
eval:check_stock_info('2')
4.099 3.344
2.901 3.183
2.999 0.303
2.999 1.351
687
header
Subject has spammy

looking monetary reference
TVD_SUBJ_ACC_NU
M
688
header
Subject =~ /^\s*\*\s+
(?:\w+\W+)+\*\s*(dollar) /
TVD_SUBJ_FINGER_
03
header
Subject =~ /^\s*(?:\w+\s+)
+you\s+(?:\w+\s+)*(?:owe|
indebted)\s+(?:\w+\s+)
+an\s*other/i
TVD_SUBJ_OWE
3.199 3.196
3.199 3.196
690
header
Subject =~ /(?:wipe out|

remove| get (?:rid| out) of|
eradicate) .{0,20}(?:owe|
debt| obligation)/i
TVD_SUBJ_WIPE_DE
BT
2.899 2.896
2.899 2.663
691
body
/Online Ph.rmacy/i
TVD_VISIT_PHARM
A
2.297 0.001
0.001 0.001
692
rawbody
TVD_VIS_HIDDEN
2.600 1.908
2.368 0.839
693
body
URIBL_COMPLETE
WHOIS
694
body
URIBL_RHS_ABUSE
695
body
URIBL_RHS_AHBL
696
body
/<TEXTAREA[^>]
+style\s*=\s*"visibility:\s*h
idden\b/i
URI in combinedHIB.dnsiplists.completewho
is.com
Contains an URI listed in
abuse.rfc-ignorant.org
rhsbl.ahbl.org.
bogusmx.rfc-ignorant.org
URIBL_RHS_BOGUS
MX
697
body
Contains an URI of a new

domain (Day Old Bread)
URIBL_RHS_DOB
0 0.901 0
1.083
698
body
URIBL_RHS_DSN
699
body
URIBL_RHS_POST
700
body
body
702
body
URIBL_RHS_TLD_W
HOIS
URIBL_RHS_URIBL_
BLACK
URIBL_RHS_URIBL_
GREY
701
703
body
URIBL_RHS_WHOIS
704
body

dsn.rfc-ignorant.org
Contains an URI in
postmaster.rfc-ignorant.org
Contains an URI TLD in
whois.rfc-ignorant.org
[black] uribl.com
[grey] uribl.com
whois.rfc-ignorant.org
URL listed in XS SURBL TEsting
URIBL_XS_SURBL
705
uri
/\/l\.php\?\d/
URI_L_PHP
3.099 3.096
3.099 2.905
706
body
URL registered to 1&1

Private Registration
WHOIS_1AND1PR
707
body
URL registered as an AIT

WHOIS_AITPRIV
0 3.995 0
3.510
689
1
1
708
body
URL registered to
contactprivacy.com
WHOIS_CONTACTPR
IV
709
body
Contains URL registered to

Domains by Proxy
WHOIS_DMNBYPRO
XY
710
body
URL registered to Domain

Escrow Services
WHOIS_DOMESCRO
W
711
body
WHOIS_DOMPRIVC
ORP
712
body
WHOIS_DREAMPRIV
713
body
URL registered to
DomainPrivacyCorp.com
URL registered as a
DreamHost Private
Registration
URL registered as an DROA
714
body
URL registered to Dynadot

Privacy
WHOIS_DYNADOT
715
body
716
body
717
body
718
body
719
body
720
body
721
body
722
body
723
body
URL registered to Finexe

Domain Proxy Service
URL registered to
GKG.NET Domain Proxy
Service
WHOIS ID Shield
URL registered to Whois ID
Theft Protection
URL registered to Katz
Global Domain Name Trust
URL registered to Domain
Listing Agent
URL registered to LNOA
WHOIS Privacy
URL registered to
MapName
URL registered to Moniker
Privacy Protection
724
body
URL registered to
myprivateregistration.com
WHOIS_MYPRIVREG
725
body
URL registered to
NameKing
WHOIS_NAMEKING
726
body

NameSecure
WHOIS_NAMESECU
RE
727
body
URL registered to
NetIdentity
WHOIS_NETID
728
body
729
body
730
body
URL registered as a NetSol

URL registered to NOLDC,
Inc.
URL registered to Nominet
Private Registrant
WHOIS_DROA
WHOIS_FINEXE
0 2.696 0
2.696
0 0.260 0
0.478
0 0.000 0
1.000
0 0.000 0
1.000
0 0.000 0
1.000
1
0 0.000 0
1.000
0 0.000 0
1.000
WHOIS_GKGPROXY
WHOIS_IDSHIELD
WHOIS_IDTHEFTPR
OT
WHOIS_KATZ
WHOIS_LISTINGAG
WHOIS_LNOA
WHOIS_MAPNAME
WHOIS_MONIKER_P
RIV
0 2.596 0
2.596
0 0.156 0
1.499
0 1.477 0
1.409
WHOIS_NETSOLPR
1
0 0.000 0
1.000
0 0.001 0
0.001
WHOIS_NOLDC
WHOIS_NOMINET
0 0.000 0
1.000
WHOIS_SAFENAME
S
0 0.647 0
0.001
0 0.000 0
1.000
0 2.801 0
1.501
0 0.000 0
1.000
0 3.196 0
1.645
0 0.000 0
1.000
0 0.000 0
1.000
WHOIS_SECINFOSE
RV
WHOIS_SECUREWH
OIS
0 2.696 0
2.696
WHOIS_SPAMFREE
WHOIS_SRSPLUS
731
body

PrivacyPost
WHOIS_PRIVACYPO
ST
732
body
URL registered to privacydomain.com
WHOIS_PRIVDOMAI
N
733
body
URL registered to WHOIS

Privacy Protection
WHOIS_PRIVPROT
734
body
URL registered to R4L

Privacy
WHOIS_REGISTER4L
ESS
735
body

RegisterFly
WHOIS_REGISTERFL
Y
736
body
URL registered to RegTek

Whois Envoy
WHOIS_REGTEK
737
body
738
body
739
body

SafeNames
URL registered to Secure
WHOIS Information
Services
SecureWhois
740
body
741
body
742
body
URL registered to
SpamFreeReg.com
URL registered as an
SRSPlus Private
Registration
Unlisted-Whois.com
743
body
URL registered to
WhoisGuard
WHOIS_WHOISGUA
RD
744
body
URL registered to
WhoisProtector
WHOIS_WHOISPROT
745
header
X-Library =~ /Îndy/
X_LIBRARY
746
body
/Your cr[d\.]* (?:scor|

rat)ing doesn.t matter/
YOUR_CRD_RATING
WHOIS_UNLISTED
0 2.170 0
2.839
0 3.399 0
2.025
0 0.000 0
1.000
2.700 2.696
2.899 2.752
3.099 3.096
3.099 2.848

Lamp Iran

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lamp Iran

Uploaded by

Copyright:

Available Formats

Dua Email Yang Dikarantina Oleh SpamAssassin Pada Mailbox Server

<table style="background-color: #c4fcdb; height: 100px;"

<strong><span style=3D"font-size: 12pt; font-family:

al attack advertisements. And with a proposed cap on local

Aturan-aturan yang dibuat oleh SpamAssassin 3.2.5

Generic Test for Unsolicited

Weird repeated doublequotation marks

Body contains a ROT13encoded email address

HTML and text parts are

HTML and text parts are

Message body has 80-90%

Character set indicates a

Extra blank lines in base64

Message text disguised

Missing blank line between

Multipart message mostly

Message only has text/html

Quoted-printable line longer

MIME character set is an

IP to HTTPS link found in

Message contained a URI

NJABL: sent through multistage open relay

NJABL: sender is an open

SORBS: sender is open

SORBS: sender is open

SORBS: sender is open

SORBS: sender is open

SORBS: sender demands to

SORBS: sent directly from

Received via a relay in

Received via a relay in

Received via a relay in

Envelope sender in dsn.rfcignorant.org

Received via a relay in

Envelope sender listed in

Received via a relay in

Subject contains a gappy

Subject contains a gappy

Subject contains a gappy

Subject contains a gappy

Subject contains a gappy

Talks about price per dose

Mentions an E.D. drug

Talks about an E.D. drug

Mentions Generic Viagra

Fast Viagra Delivery

Attempts to disguise the

Two or more drugs

Relay HELO'd using

Host HELO did not match

Host HELO did not match

Host HELO did not match

Host HELO did not match

Host HELO did not match

From: contains empty name

From: starts with many

From address is "at

From: has no local-part

Subject has exclamation

Spam tool Message-Id:

Spam tool Message-Id:

Date header uses unusual

Invalid Date: header (not

Invalid Date: header