Email: 153 Autolearn: 0 AvgScore: 2.10 AvgScanTime: 0.96 sec Spam: 34 Autolearn: 0 AvgScore: 13.24 AvgScanTime: 1.55 sec Ham: 119 Autolearn: 0 AvgScore: -1.08 AvgScanTime: 0.79 sec Time Spent Running SA: 0.04 hours Time Spent Processing Spam: 0.01 hours Time Spent Processing Ham: 0.03 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 34 100.00 100.00 100.00 2 HTML_MESSAGE 33 79.08 97.06 73.95 3 DKIM_SIGNED 32 75.16 94.12 69.75 4 XM_DK_Pass 31 73.20 91.18 68.07 5 DKIM_VALID 31 73.20 91.18 68.07 6 XM_B_Unicode 30 58.82 88.24 50.42 7 XM_B_SpammyWords 28 46.41 82.35 36.13 8 XM_B_Unicode3 25 36.60 73.53 26.05 9 RELAYCOUNTRY_US 24 70.59 70.59 70.59 10 XM_DK_Undo_02 24 16.34 70.59 0.84 11 BAYES_99 23 15.69 67.65 0.84 12 TR_XM_DKIM_Undo 21 14.38 61.76 0.84 13 FVGT_m_MULTI_ODD 20 24.18 58.82 14.29 14 XM_B_SpammyWords2 20 18.30 58.82 6.72 15 T_KAM_HTML_FONT_INVALID 20 24.18 58.82 14.29 16 RCVD_IN_MSPIKE_H2 19 36.60 55.88 31.09 17 XMListUnsubscribeExists 18 33.33 52.94 27.73 18 BAYES_999 18 12.42 52.94 0.84 19 XM_B_SpammyWords3 17 13.07 50.00 2.52 20 DKIM_VALID_EF 17 43.79 50.00 42.02 21 UNPARSEABLE_RELAY 16 20.26 47.06 12.61 22 XM_Body_Dirty_Words 15 15.69 44.12 7.56 23 TR_XM_UnparsRelay 14 10.46 41.18 1.68 24 TR_XM_SpammyWords2 14 9.15 41.18 0.00 25 DKIM_VALID_AU 14 50.33 41.18 52.94 26 XM_SendGrid 13 13.07 38.24 5.88 27 FIN_FREE 12 7.84 35.29 0.00 28 TR_XM_BayesUnsub 12 14.38 35.29 8.40 29 XM_B_Unsub 12 14.38 35.29 8.40 30 HTML_TAG_BALANCE_BODY 12 8.50 35.29 0.84 31 LOC_TINY_FONT_1 11 16.99 32.35 12.61 32 HTML_FONT_LOW_CONTRAST 9 21.57 26.47 20.17 33 RELAYCOUNTRY_META 9 11.76 26.47 7.56 34 XMSubLong 8 24.84 23.53 25.21 35 T_TM2_M_HEADER_IN_MSG 7 20.26 20.59 20.17 36 BAYES_50 6 54.25 17.65 64.71 37 TR_XM_SpammyRelay 6 5.88 17.65 2.52 38 UNTRUSTED_Relay 5 5.23 14.71 2.52 39 XM_UncommonTLD01 5 13.73 14.71 13.45 40 RCVD_IN_MSPIKE_WL 5 16.99 14.71 17.65 41 XM_CamelCaseFrm001 4 9.15 11.76 8.40 42 TR_XM_PhishingBody 4 3.92 11.76 1.68 43 RCVD_IN_MSPIKE_H3 4 9.15 11.76 8.40 44 XM_B_Phish66 3 3.27 8.82 1.68 45 RCVD_IN_BL_SPAMCOP_NET 3 1.96 8.82 0.00 46 XM_UB999 3 1.96 8.82 0.00 47 SUBJ_BUY 3 1.96 8.82 0.00 48 BAYES_80 3 4.58 8.82 3.36 49 TR_XM_SPAMCOP 3 1.96 8.82 0.00 50 XM_Multi_Part_URI 3 11.76 8.82 12.61 51 XM_UB99 3 1.96 8.82 0.00 52 RELAYCOUNTRY_CA 3 2.61 8.82 0.84 53 HTML_COMMENT_SAVED_URL 2 1.31 5.88 0.00 54 LOTS_OF_MONEY 2 7.19 5.88 7.56 55 TR_XM_BayesRelay 2 1.31 5.88 0.00 56 T_XMDrugObfuBody_08 2 1.96 5.88 0.84 57 RELAYCOUNTRY_DE 2 1.96 5.88 0.84 58 XM_B_Phish_Phrases 2 1.96 5.88 0.84 59 MIME_QP_LONG_LINE 2 1.96 5.88 0.84 60 XM_B_SpammyTLD 2 2.61 5.88 1.68 61 XMNumbers 2 7.19 5.88 7.56 62 T_TooManySym_01 2 9.15 5.88 10.08 63 XMSlimDrugH 2 1.31 5.88 0.00 64 XM_UB50 2 3.27 5.88 2.52 65 BAYES_95 2 1.96 5.88 0.84 66 HTML_IMAGE_RATIO_06 2 3.27 5.88 2.52 67 XM_SPF_SoftFail 2 2.61 5.88 1.68 68 SpammyFromTLD_02 2 1.96 5.88 0.84 69 XM_Evil_Numbers_Gen 2 9.80 5.88 10.92 70 TR_XM_SpammyWords4 2 6.54 5.88 6.72 71 RELAYCOUNTRY_BR 2 1.31 5.88 0.00 72 LotsOfNums_01 2 3.92 5.88 3.36 73 SHOPIFY_IMG_NOT_RCVD_SFY 1 0.65 2.94 0.00 74 RCVD_IN_IADB_DK 1 1.31 2.94 0.84 75 LOADSA_MONEY_COMBO 1 0.65 2.94 0.00 76 XMSubject_48 1 0.65 2.94 0.00 77 RELAYCOUNTRY_AU 1 1.96 2.94 1.68 78 RCVD_IN_IADB_LISTED 1 1.96 2.94 1.68 79 XM_Sft_Brands_C01 1 0.65 2.94 0.00 80 HTTP_EXCESSIVE_ESCAPES 1 0.65 2.94 0.00 81 SUBJ_DOLLARS 1 0.65 2.94 0.00 82 SpammyFromTLD_01 1 1.96 2.94 1.68 83 T_REMOTE_IMAGE 1 9.15 2.94 10.92 84 XFER_LOTSA_MONEY 1 0.65 2.94 0.00 85 RCVD_IN_MSPIKE_L3 1 0.65 2.94 0.00 86 TooManyTo_001 1 7.19 2.94 8.40 87 RELAYCOUNTRY_RU 1 0.65 2.94 0.00 88 MISSING_HEADERS 1 0.65 2.94 0.00 89 URI_NOVOWEL 1 1.31 2.94 0.84 90 HTML_IMAGE_RATIO_08 1 1.96 2.94 1.68 91 TR_XM_Undi_RecipCombo3 1 0.65 2.94 0.00 92 TR_XM_Undi_Recip2 1 0.65 2.94 0.00 93 TVD_RCVD_SPACE_BRACKET 1 0.65 2.94 0.00 94 TR_XM_SpammyWords3 1 0.65 2.94 0.00 95 DKIM_INVALID 1 1.96 2.94 1.68 96 ALL_TRUSTED 1 18.95 2.94 23.53 97 XMSolicitRefs_0 1 0.65 2.94 0.00 98 TR_XM_InvalidRelay 1 0.65 2.94 0.00 99 TR_Caps_n_Bayes_80 1 1.31 2.94 0.84 100 XMSexyCombo_01 1 0.65 2.94 0.00 101 RELAYCOUNTRY_BE 1 0.65 2.94 0.00 102 XMSubMetaSx_00 1 1.31 2.94 0.84 103 TR_XM_Undi_Recip6 1 0.65 2.94 0.00 104 RCVD_IN_MSPIKE_BL 1 1.31 2.94 0.84 105 ADVANCE_FEE_2_NEW_MONEY 1 0.65 2.94 0.00 106 XM_H_Long_From02 1 0.65 2.94 0.00 107 TR_XM_Undi_RecipCombo2 1 0.65 2.94 0.00 108 RCVD_IN_IADB_SPF 1 1.31 2.94 0.84 109 TR_XM_Undi_Recip11 1 0.65 2.94 0.00 110 NOT_SPAM 1 0.65 2.94 0.00 111 XM_B_Investor 1 1.96 2.94 1.68 112 SUBJ_ALL_CAPS 1 3.92 2.94 4.20 113 BOTNET_IPINHOSTNAME 1 5.23 2.94 5.88 114 TR_XM_SpammyWords5 1 2.61 2.94 2.52 115 XM_H_Long_From01 1 3.27 2.94 3.36 116 HTML_IMAGE_ONLY_24 1 0.65 2.94 0.00 117 XM_Attn_01 1 0.65 2.94 0.00 118 MIME_HTML_ONLY 1 24.84 2.94 31.09 119 UNDISC_MONEY 1 0.65 2.94 0.00 120 XM_Combo_Sbj 1 0.65 2.94 0.00 121 XM_H_Undi_Recip 1 0.65 2.94 0.00 122 RCVD_IN_IADB_SENDERID 1 1.31 2.94 0.84 123 XMPhish08 1 0.65 2.94 0.00 124 HTML_IMAGE_RATIO_04 1 2.61 2.94 2.52 125 TR_XM_COVIDMETA4 1 0.65 2.94 0.00 126 TVD_PH_SEC 1 0.65 2.94 0.00 127 RCVD_IN_MSPIKE_H4 1 7.19 2.94 8.40 128 TR_XM_Undi_Recip5 1 0.65 2.94 0.00 129 T_XMDrugObfuBody_14 1 2.61 2.94 2.52 130 REPLYTO_WITHOUT_TO_CC 1 0.65 2.94 0.00 131 XM_Sft_Co_L33T 1 0.65 2.94 0.00 132 TR_XM_NoHeaderRelay 1 1.31 2.94 0.84 133 TR_LOTS_OF_MONEY1 1 0.65 2.94 0.00 134 XMStrtUSub 1 5.23 2.94 5.88 135 TR_XM_MSPIKECOMBO 1 1.31 2.94 0.84 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 119 100.00 100.00 100.00 2 HTML_MESSAGE 88 79.08 97.06 73.95 3 RELAYCOUNTRY_US 84 70.59 70.59 70.59 4 DKIM_SIGNED 83 75.16 94.12 69.75 5 XM_DK_Pass 81 73.20 91.18 68.07 6 DKIM_VALID 81 73.20 91.18 68.07 7 BAYES_50 77 54.25 17.65 64.71 8 DKIM_VALID_AU 63 50.33 41.18 52.94 9 XM_B_Unicode 60 58.82 88.24 50.42 10 DKIM_VALID_EF 50 43.79 50.00 42.02 11 XM_B_SpammyWords 43 46.41 82.35 36.13 12 RCVD_IN_MSPIKE_H2 37 36.60 55.88 31.09 13 MIME_HTML_ONLY 37 24.84 2.94 31.09 14 XMListUnsubscribeExists 33 33.33 52.94 27.73 15 XM_B_Unicode3 31 36.60 73.53 26.05 16 XMSubLong 30 24.84 23.53 25.21 17 ALL_TRUSTED 28 18.95 2.94 23.53 18 T_TM2_M_HEADER_IN_MSG 24 20.26 20.59 20.17 19 HTML_FONT_LOW_CONTRAST 24 21.57 26.47 20.17 20 RCVD_IN_MSPIKE_WL 21 16.99 14.71 17.65 21 FVGT_m_MULTI_ODD 17 24.18 58.82 14.29 22 T_KAM_HTML_FONT_INVALID 17 24.18 58.82 14.29 23 XM_UncommonTLD01 16 13.73 14.71 13.45 24 UNPARSEABLE_RELAY 15 20.26 47.06 12.61 25 XM_Multi_Part_URI 15 11.76 8.82 12.61 26 LOC_TINY_FONT_1 15 16.99 32.35 12.61 27 BAYES_00 14 9.15 0.00 11.76 28 XM_Evil_Numbers_Gen 13 9.80 5.88 10.92 29 T_REMOTE_IMAGE 13 9.15 2.94 10.92 30 BAYES_60 13 8.50 0.00 10.92 31 T_TooManySym_02 12 7.84 0.00 10.08 32 T_TooManySym_01 12 9.15 5.88 10.08 33 TR_XM_DK_Bayes 11 7.19 0.00 9.24 34 TR_XM_DK_Bayes2 11 7.19 0.00 9.24 35 TR_XM_DK_Bayes1 11 7.19 0.00 9.24 36 XM_CamelCaseFrm001 10 9.15 11.76 8.40 37 TooManyTo_001 10 7.19 2.94 8.40 38 IN_ZIMBRA_NJ_WHITELIST 10 6.54 0.00 8.40 39 TR_XM_BayesUnsub 10 14.38 35.29 8.40 40 XM_B_Unsub 10 14.38 35.29 8.40 41 RCVD_IN_MSPIKE_H3 10 9.15 11.76 8.40 42 RCVD_IN_MSPIKE_H4 10 7.19 2.94 8.40 43 XMNumbers 9 7.19 5.88 7.56 44 LOTS_OF_MONEY 9 7.19 5.88 7.56 45 XM_Body_Dirty_Words 9 15.69 44.12 7.56 46 RELAYCOUNTRY_META 9 11.76 26.47 7.56 47 INVALID_MSGID 8 5.23 0.00 6.72 48 XM_B_SpammyWords2 8 18.30 58.82 6.72 49 MSGID_NOFQDN1 8 5.23 0.00 6.72 50 TR_XM_SpammyWords4 8 6.54 5.88 6.72 51 TO_MALFORMED 8 5.23 0.00 6.72 52 XM_SendGrid 7 13.07 38.24 5.88 53 BOTNET_IPINHOSTNAME 7 5.23 2.94 5.88 54 XMStrtUSub 7 5.23 2.94 5.88 55 XMDiploma_00 7 4.58 0.00 5.88 56 BAYES_40 6 3.92 0.00 5.04 57 HTML_MIME_NO_HTML_TAG 6 3.92 0.00 5.04 58 TM2_M_HAS_BSLASH_URI 5 3.27 0.00 4.20 59 ANY_BOUNCE_MESSAGE 5 3.27 0.00 4.20 60 SUBJ_ALL_CAPS 5 3.92 2.94 4.20 61 T_TooManySym_03 5 3.27 0.00 4.20 62 BOUNCE_MESSAGE 5 3.27 0.00 4.20 63 HTML_IMAGE_ONLY_28 5 3.27 0.00 4.20 64 MIME_HTML_MOSTLY 5 3.27 0.00 4.20 65 USER_IN_DEF_DKIM_WL 4 2.61 0.00 3.36 66 HTML_IMAGE_ONLY_32 4 2.61 0.00 3.36 67 XM_DKIMWhitelistDomains 4 2.61 0.00 3.36 68 BAYES_80 4 4.58 8.82 3.36 69 XM_H_Long_From01 4 3.27 2.94 3.36 70 HTML_IMAGE_RATIO_02 4 2.61 0.00 3.36 71 HTML_FONT_FACE_BAD 4 2.61 0.00 3.36 72 LotsOfNums_01 4 3.92 5.88 3.36 73 CK_HELO_GENERIC 3 1.96 0.00 2.52 74 UNTRUSTED_Relay 3 5.23 14.71 2.52 75 HTML_IMAGE_RATIO_04 3 2.61 2.94 2.52 76 TR_XM_SpammyRelay 3 5.88 17.65 2.52 77 TooManyTo_002 3 1.96 0.00 2.52 78 TVD_SPACE_RATIO 3 1.96 0.00 2.52 79 XM_B_SpammyWords3 3 13.07 50.00 2.52 80 DEAR_FRIEND 3 1.96 0.00 2.52 81 TR_XM_SpammyWords5 3 2.61 2.94 2.52 82 XM_UB50 3 3.27 5.88 2.52 83 TR_XM_DK_SendGrid 3 1.96 0.00 2.52 84 T_XMDrugObfuBody_14 3 2.61 2.94 2.52 85 HTML_IMAGE_RATIO_06 3 3.27 5.88 2.52 86 XMBody_95 2 1.31 0.00 1.68 87 RCVD_IN_IADB_LISTED 2 1.96 2.94 1.68 88 XM_B_Phish66 2 3.27 8.82 1.68 89 FVGT_m_MULTI_ODD_EMAIL 2 1.31 0.00 1.68 90 T_STY_INVIS_DIRECT 2 1.31 0.00 1.68 91 SpammyFromTLD_01 2 1.96 2.94 1.68 92 DKIM_INVALID 2 1.96 2.94 1.68 93 T_HTML_ATTACH 2 1.31 0.00 1.68 94 HTML_EXTRA_CLOSE 2 1.31 0.00 1.68 95 FROM_GOV_SPOOF 2 1.31 0.00 1.68 96 XM_B_Investor 2 1.96 2.94 1.68 97 XM_B_SpammyTLD 2 2.61 5.88 1.68 98 TR_XM_PhishingBody 2 3.92 11.76 1.68 99 XM_SPF_SoftFail 2 2.61 5.88 1.68 100 MAILING_LIST_MULTI 2 1.31 0.00 1.68 101 RCVD_IN_VALIDITY_SAFE 2 1.31 0.00 1.68 102 XMSubPhish11 2 1.31 0.00 1.68 103 RELAYCOUNTRY_AU 2 1.96 2.94 1.68 104 RCVD_IN_IADB_VOUCHED 2 1.31 0.00 1.68 105 TR_XM_UnparsRelay 2 10.46 41.18 1.68 106 XM_ZIP 2 1.31 0.00 1.68 107 RCVD_IN_VALIDITY_CERTIFIED 2 1.31 0.00 1.68 108 XMGappySubj_01 2 1.31 0.00 1.68 109 TR_Symld_Words 2 1.31 0.00 1.68 110 XM_B_Unsub2 2 1.31 0.00 1.68 111 SCRIPT_GIBBERISH 2 1.31 0.00 1.68 112 BAYES_05 2 1.31 0.00 1.68 113 HTML_IMAGE_RATIO_08 2 1.96 2.94 1.68 114 XMSubMetaI_00 2 1.31 0.00 1.68 115 XMGppyBdWords 2 1.31 0.00 1.68 116 MPART_ALT_DIFF 2 1.31 0.00 1.68 117 RELAYCOUNTRY_GB 2 1.31 0.00 1.68 118 TR_XM_SB_Phish 2 1.31 0.00 1.68 119 T_FILL_THIS_FORM_SHORT 2 1.31 0.00 1.68 120 BAYES_20 1 0.65 0.00 0.84 121 RELAYCOUNTRY_DE 1 1.96 5.88 0.84 122 XMSexyCombo_05 1 0.65 0.00 0.84 123 RCVD_IN_IADB_OPTIN 1 0.65 0.00 0.84 124 URI_HEX 1 0.65 0.00 0.84 125 LONG_JUNK_URI 1 0.65 0.00 0.84 126 T_XMDrugObfuBody_08 1 1.96 5.88 0.84 127 TR_MSPIKEBAYES00 1 0.65 0.00 0.84 128 TR_XM_DKIM_Undo 1 14.38 61.76 0.84 129 XM_DK_Undo_02 1 16.34 70.59 0.84 130 XM_GoogleGroups 1 0.65 0.00 0.84 131 USER_IN_WHITELIST 1 0.65 0.00 0.84 132 URI_NOVOWEL 1 1.31 2.94 0.84 133 GMD_PDF_ENCRYPTED 1 0.65 0.00 0.84 134 BAYES_999 1 12.42 52.94 0.84 135 XM_DIRTYINTL 1 0.65 0.00 0.84 136 RCVD_IN_MSPIKE_L5 1 0.65 0.00 0.84 137 HTML_IMAGE_ONLY_08 1 0.65 0.00 0.84 138 XM_H_Trusted_IP 1 0.65 0.00 0.84 139 XMSubject_60 1 0.65 0.00 0.84 140 TR_Caps_n_Bayes_80 1 1.31 2.94 0.84 141 RCVD_IN_MSPIKE_BL 1 1.31 2.94 0.84 142 MIME_QP_LONG_LINE 1 1.96 5.88 0.84 143 IN_HORDE_ADDRESS_BOOK 1 0.65 0.00 0.84 144 T_XMDrugObfuBody_12 1 0.65 0.00 0.84 145 TVD_RCVD_IP 1 0.65 0.00 0.84 146 AC_FROM_MANY_DOTS 1 0.65 0.00 0.84 147 RCVD_IN_IADB_SPF 1 1.31 2.94 0.84 148 AC_DIV_BONANZA 1 0.65 0.00 0.84 149 KHOP_HELO_FCRDNS 1 0.65 0.00 0.84 150 TM2_M_A_HREF_HREF 1 0.65 0.00 0.84 151 LONG_JUNK_URI3 1 0.65 0.00 0.84 152 TR_XM_NoHeaderRelay 1 1.31 2.94 0.84 153 DATE_IN_PAST_06_12 1 0.65 0.00 0.84 154 TM2_M_VERY_LONG_WORD 1 0.65 0.00 0.84 155 TR_XM_MSPIKECOMBO 1 1.31 2.94 0.84 156 THIS_AD 1 0.65 0.00 0.84 157 T_OBFU_PDF_ATTACH 1 0.65 0.00 0.84 158 HTML_TAG_BALANCE_BODY 1 8.50 35.29 0.84 159 XM_S_SubURI 1 0.65 0.00 0.84 160 RELAYCOUNTRY_IE 1 0.65 0.00 0.84 161 RCVD_IN_IADB_DK 1 1.31 2.94 0.84 162 RCVD_IN_VALIDITY_RPBL 1 0.65 0.00 0.84 163 XM_B_Phish_Phrases 1 1.96 5.88 0.84 164 RELAYCOUNTRY_NL 1 0.65 0.00 0.84 165 NO_DNS_FOR_FROM 1 0.65 0.00 0.84 166 CTE_8BIT_MISMATCH 1 0.65 0.00 0.84 167 USER_IN_WELCOMELIST 1 0.65 0.00 0.84 168 FROM_EXCESS_BASE64 1 0.65 0.00 0.84 169 XM_DK_Undo_01 1 0.65 0.00 0.84 170 XMSubMetaSx_00 1 1.31 2.94 0.84 171 T_TooManySym_04 1 0.65 0.00 0.84 172 RELAYCOUNTRY_BG 1 0.65 0.00 0.84 173 XMLngstWrd_00 1 0.65 0.00 0.84 174 LongTLD 1 0.65 0.00 0.84 175 RCVD_IN_IADB_SENDERID 1 1.31 2.94 0.84 176 XM_PDF 1 0.65 0.00 0.84 177 TR_XM_MaxWHORU 1 0.65 0.00 0.84 178 XM_OfRef6 1 0.65 0.00 0.84 179 TR_XM_Base64_M1 1 0.65 0.00 0.84 180 BAYES_95 1 1.96 5.88 0.84 181 XM_E_Blogspot 1 0.65 0.00 0.84 182 WEIRD_PORT 1 0.65 0.00 0.84 183 XMNoVowels 1 0.65 0.00 0.84 184 RELAYCOUNTRY_CA 1 2.61 8.82 0.84 185 HTTPS_HTTP_MISMATCH 1 0.65 0.00 0.84 186 RCVD_IN_MSPIKE_H5 1 0.65 0.00 0.84 187 SpammyFromTLD_02 1 1.96 5.88 0.84 188 XMGenDplmaNmb 1 0.65 0.00 0.84 189 BAYES_99 1 15.69 67.65 0.84 ----------------------------------------------------------------------