Email: 112 Autolearn: 0 AvgScore: 1.12 AvgScanTime: 4.90 sec Spam: 18 Autolearn: 0 AvgScore: 11.22 AvgScanTime: 4.94 sec Ham: 94 Autolearn: 0 AvgScore: -0.81 AvgScanTime: 4.90 sec Time Spent Running SA: 0.15 hours Time Spent Processing Spam: 0.02 hours Time Spent Processing Ham: 0.13 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 HTML_MESSAGE 17 78.57 94.44 75.53 2 RELAYCOUNTRY_US 15 78.57 83.33 77.66 3 DKIM_SIGNED 15 72.32 83.33 70.21 4 XM_DK_Pass 15 70.54 83.33 68.09 5 DCC_CHECK_NEGATIVE 14 86.61 77.78 88.30 6 DKIM_VALID 14 53.57 77.78 48.94 7 XM_B_Unicode 13 65.18 72.22 63.83 8 DKIM_VALID_AU 12 42.86 66.67 38.30 9 XM_B_SpammyWords 10 32.14 55.56 27.66 10 XM_B_Unicode3 9 51.79 50.00 52.13 11 BAYES_50 9 50.89 50.00 51.06 12 XMListUnsubscribeExists 9 41.07 50.00 39.36 13 XM_B_SpammyWords2 8 17.86 44.44 12.77 14 XM_Body_Dirty_Words 7 16.96 38.89 12.77 15 BAYES_99 6 6.25 33.33 1.06 16 RCVD_IN_MSPIKE_H2 6 20.54 33.33 18.09 17 DKIM_VALID_EF 6 30.36 33.33 29.79 18 MIME_HTML_ONLY 6 22.32 33.33 20.21 19 RCVD_IN_MSPIKE_WL 5 22.32 27.78 21.28 20 XM_B_SpammyWords3 5 6.25 27.78 2.13 21 RCVD_IN_MSPIKE_H3 5 20.54 27.78 19.15 22 HTML_FONT_LOW_CONTRAST 5 33.93 27.78 35.11 23 FVGT_m_MULTI_ODD 5 17.86 27.78 15.96 24 RELAYCOUNTRY_META 5 7.14 27.78 3.19 25 BAYES_999 5 4.46 27.78 0.00 26 XM_DK_Undo_02 5 5.36 27.78 1.06 27 LotsOfNums_01 4 19.64 22.22 19.15 28 DCC_CHECK 4 13.39 22.22 11.70 29 XMSubLong 4 36.61 22.22 39.36 30 TooManyTo_001 3 4.46 16.67 2.13 31 RELAYCOUNTRY_NL 3 2.68 16.67 0.00 32 XMPhish08 3 2.68 16.67 0.00 33 LOC_TINY_FONT_1 3 30.36 16.67 32.98 34 XM_DK_Undo_01 3 5.36 16.67 3.19 35 XM_UncommonTLD01 3 9.82 16.67 8.51 36 XM_Evil_Numbers_Gen 3 5.36 16.67 3.19 37 T_TM2_M_HEADER_IN_MSG 3 18.75 16.67 19.15 38 TooManyTo_002 3 2.68 16.67 0.00 39 TR_XM_PhishingBody 3 3.57 16.67 1.06 40 TR_XM_SpammyRelay 3 4.46 16.67 2.13 41 UNPARSEABLE_RELAY 3 6.25 16.67 4.26 42 XM_DIRTYINTL 3 4.46 16.67 2.13 43 XM_B_SpammyTLD 2 2.68 11.11 1.06 44 UNTRUSTED_Relay 2 4.46 11.11 3.19 45 TR_XM_BayesUnsub 2 8.04 11.11 7.45 46 XMHTML_After_End 2 1.79 11.11 0.00 47 BAYES_60 2 8.93 11.11 8.51 48 T_KAM_HTML_FONT_INVALID 2 12.50 11.11 12.77 49 XMSexyCombo_01 2 4.46 11.11 3.19 50 XM_B_Unsub 2 8.04 11.11 7.45 51 TVD_PH_BODY_ACCOUNTS_PRE 2 1.79 11.11 0.00 52 XM_UB999 2 1.79 11.11 0.00 53 XM_Multi_Part_URI 2 31.25 11.11 35.11 54 RCVD_IN_BL_SPAMCOP_NET 2 1.79 11.11 0.00 55 XM_UB99 2 1.79 11.11 0.00 56 TR_XM_DK_Unsub 2 9.82 11.11 9.57 57 XMSubMetaSx_00 2 6.25 11.11 5.32 58 TR_XM_DKIM_Undo 2 2.68 11.11 1.06 59 TR_XM_SPAMCOP 2 1.79 11.11 0.00 60 HTML_IMAGE_RATIO_02 2 3.57 11.11 2.13 61 TR_XM_RelayPhish 2 1.79 11.11 0.00 62 XM_H_Long_From01 2 8.04 11.11 7.45 63 XM_B_Phish_Phrases 2 2.68 11.11 1.06 64 MONEY_BACK 2 1.79 11.11 0.00 65 TR_XM_SpoofStaff 1 0.89 5.56 0.00 66 TR_XM_SpammyWords2 1 0.89 5.56 0.00 67 TooManyTo_005 1 0.89 5.56 0.00 68 SORTED_RECIPS 1 0.89 5.56 0.00 69 XMSpoofStaff2 1 0.89 5.56 0.00 70 TR_XM_SB_Phish 1 3.57 5.56 3.19 71 TR_Caps_n_Bayes_99 1 0.89 5.56 0.00 72 T_XMDrugObfuBody_08 1 3.57 5.56 3.19 73 MAILING_LIST_MULTI 1 1.79 5.56 1.06 74 RELAYCOUNTRY_FR 1 0.89 5.56 0.00 75 TR_Symld_Words 1 4.46 5.56 4.26 76 FSL_BULK_SIG 1 1.79 5.56 1.06 77 PDS_OTHER_BAD_TLD 1 0.89 5.56 0.00 78 DATE_IN_PAST_12_24 1 0.89 5.56 0.00 79 T_XMHurry_00 1 0.89 5.56 0.00 80 XMNumbers 1 10.71 5.56 11.70 81 FROM_GOV_SPOOF 1 1.79 5.56 1.06 82 RCVD_IN_IADB_LISTED 1 0.89 5.56 0.00 83 TR_XM_UnparsRelay 1 1.79 5.56 1.06 84 RCVD_IN_IADB_DK 1 0.89 5.56 0.00 85 TVD_QUAL_MEDS 1 0.89 5.56 0.00 86 T_XMDrugObfuBody_14 1 6.25 5.56 6.38 87 BAYES_40 1 5.36 5.56 5.32 88 TR_XM_NoHeaderRelay 1 1.79 5.56 1.06 89 XMSexyCombo_02 1 0.89 5.56 0.00 90 TooManyTo_004 1 0.89 5.56 0.00 91 NO_DNS_FOR_FROM 1 1.79 5.56 1.06 92 RCVD_IN_IADB_SENDERID 1 0.89 5.56 0.00 93 TM2_M_VERY_LONG_WORD 1 2.68 5.56 2.13 94 TR_MetaPhish_Combo_01 1 0.89 5.56 0.00 95 RCVD_IN_RP_RNBL 1 0.89 5.56 0.00 96 XM_B_Investor 1 0.89 5.56 0.00 97 XMSubPhish11 1 3.57 5.56 3.19 98 RCVD_IN_IADB_SPF 1 0.89 5.56 0.00 99 TR_XM_BayesRelay 1 0.89 5.56 0.00 100 TooManyTo_003 1 0.89 5.56 0.00 101 XM_B_REG_HTML 1 13.39 5.56 14.89 102 FROM_SUSPICIOUS_NTLD_FP 1 0.89 5.56 0.00 103 SUBJ_ALL_CAPS 1 3.57 5.56 3.19 104 RCVD_IN_IADB_VOUCHED 1 0.89 5.56 0.00 105 RELAYCOUNTRY_AU 1 1.79 5.56 1.06 106 BOTNET 1 0.89 5.56 0.00 107 HTML_IMAGE_RATIO_04 1 3.57 5.56 3.19 108 T_TooManySym_01 1 11.61 5.56 12.77 109 TR_BOTNET_NEGATE 1 0.89 5.56 0.00 110 SpammyFromTLD_02 1 1.79 5.56 1.06 111 MIME_QP_LONG_LINE 1 3.57 5.56 3.19 112 MPART_ALT_DIFF 1 5.36 5.56 5.32 113 FUZZY_MONERO 1 0.89 5.56 0.00 114 XM_Body_Dirty_Words_01 1 0.89 5.56 0.00 115 T_TooManySym_02 1 8.04 5.56 8.51 116 SpammyFromTLD_01 1 1.79 5.56 1.06 117 XMSexyCombo_05 1 1.79 5.56 1.06 118 FROM_SUSPICIOUS_NTLD 1 0.89 5.56 0.00 119 XM_GoogleGroups 1 2.68 5.56 2.13 120 XM_CamelCaseFrm001 1 2.68 5.56 2.13 121 HTML_IMAGE_RATIO_08 1 3.57 5.56 3.19 122 DKIM_INVALID 1 18.75 5.56 21.28 123 SUSPICIOUS_RECIPS 1 0.89 5.56 0.00 124 TR_XM_MaxWHORU 1 0.89 5.56 0.00 125 NOT_SPAM 1 0.89 5.56 0.00 126 TO_EQ_FM_DOM_HTML_ONLY 1 0.89 5.56 0.00 127 XM_OfRef6 1 0.89 5.56 0.00 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 83 86.61 77.78 88.30 2 RELAYCOUNTRY_US 73 78.57 83.33 77.66 3 HTML_MESSAGE 71 78.57 94.44 75.53 4 DKIM_SIGNED 66 72.32 83.33 70.21 5 XM_DK_Pass 64 70.54 83.33 68.09 6 XM_B_Unicode 60 65.18 72.22 63.83 7 XM_B_Unicode3 49 51.79 50.00 52.13 8 BAYES_50 48 50.89 50.00 51.06 9 DKIM_VALID 46 53.57 77.78 48.94 10 XMSubLong 37 36.61 22.22 39.36 11 XMListUnsubscribeExists 37 41.07 50.00 39.36 12 DKIM_VALID_AU 36 42.86 66.67 38.30 13 XM_Multi_Part_URI 33 31.25 11.11 35.11 14 HTML_FONT_LOW_CONTRAST 33 33.93 27.78 35.11 15 LOC_TINY_FONT_1 31 30.36 16.67 32.98 16 DKIM_VALID_EF 28 30.36 33.33 29.79 17 XM_B_SpammyWords 26 32.14 55.56 27.66 18 BAYES_00 24 21.43 0.00 25.53 19 RCVD_IN_MSPIKE_WL 20 22.32 27.78 21.28 20 DKIM_INVALID 20 18.75 5.56 21.28 21 MIME_HTML_ONLY 19 22.32 33.33 20.21 22 RCVD_IN_MSPIKE_H3 18 20.54 27.78 19.15 23 LotsOfNums_01 18 19.64 22.22 19.15 24 T_TM2_M_HEADER_IN_MSG 18 18.75 16.67 19.15 25 RCVD_IN_MSPIKE_H2 17 20.54 33.33 18.09 26 ALL_TRUSTED 17 15.18 0.00 18.09 27 TR_XM_DK_Bayes 17 15.18 0.00 18.09 28 FVGT_m_MULTI_ODD 15 17.86 27.78 15.96 29 XM_B_REG_HTML 14 13.39 5.56 14.89 30 T_KAM_HTML_FONT_INVALID 12 12.50 11.11 12.77 31 XM_B_SpammyWords2 12 17.86 44.44 12.77 32 XM_Body_Dirty_Words 12 16.96 38.89 12.77 33 T_TooManySym_01 12 11.61 5.56 12.77 34 XMNumbers 11 10.71 5.56 11.70 35 DCC_CHECK 11 13.39 22.22 11.70 36 TR_XM_DK_Unsub 9 9.82 11.11 9.57 37 XM_DKIMWhitelistDomains 9 8.04 0.00 9.57 38 BAYES_60 8 8.93 11.11 8.51 39 XM_UncommonTLD01 8 9.82 16.67 8.51 40 T_TooManySym_02 8 8.04 5.56 8.51 41 TR_XM_BayesUnsub 7 8.04 11.11 7.45 42 XM_B_Unsub 7 8.04 11.11 7.45 43 XM_H_Long_From01 7 8.04 11.11 7.45 44 HTML_FONT_FACE_BAD 7 6.25 0.00 7.45 45 TO_MALFORMED 7 6.25 0.00 7.45 46 INVALID_MSGID 6 5.36 0.00 6.38 47 T_XMDrugObfuBody_14 6 6.25 5.56 6.38 48 MIME_HTML_ONLY_MULTI 5 4.46 0.00 5.32 49 HTML_IMAGE_RATIO_06 5 4.46 0.00 5.32 50 IN_ZIMBRA_NJ_WHITELIST 5 4.46 0.00 5.32 51 BAYES_40 5 5.36 5.56 5.32 52 XMStrtUSub 5 4.46 0.00 5.32 53 MPART_ALT_DIFF 5 5.36 5.56 5.32 54 MSGID_NOFQDN1 5 4.46 0.00 5.32 55 XMSubMetaSx_00 5 6.25 11.11 5.32 56 XM_H_Trusted_IP 5 4.46 0.00 5.32 57 TR_Symld_Words 4 4.46 5.56 4.26 58 LOTS_OF_MONEY 4 3.57 0.00 4.26 59 UNPARSEABLE_RELAY 4 6.25 16.67 4.26 60 XMSexyCombo_01 3 4.46 11.11 3.19 61 T_XMDrugObfuBody_08 3 3.57 5.56 3.19 62 BAYES_20 3 2.68 0.00 3.19 63 TR_XM_SB_Phish 3 3.57 5.56 3.19 64 UNTRUSTED_Relay 3 4.46 11.11 3.19 65 XMSubPhish11 3 3.57 5.56 3.19 66 BAYES_05 3 2.68 0.00 3.19 67 BOTNET_IPINHOSTNAME 3 2.68 0.00 3.19 68 XM_DK_Undo_01 3 5.36 16.67 3.19 69 T_REMOTE_IMAGE 3 2.68 0.00 3.19 70 HTML_MIME_NO_HTML_TAG 3 2.68 0.00 3.19 71 MIME_QP_LONG_LINE 3 3.57 5.56 3.19 72 RELAYCOUNTRY_META 3 7.14 27.78 3.19 73 RCVD_IN_VALIDITY_CERTIFIED 3 2.68 0.00 3.19 74 RCVD_IN_VALIDITY_SAFE 3 2.68 0.00 3.19 75 HTML_IMAGE_RATIO_04 3 3.57 5.56 3.19 76 SUBJ_ALL_CAPS 3 3.57 5.56 3.19 77 XM_Evil_Numbers_Gen 3 5.36 16.67 3.19 78 HTML_IMAGE_RATIO_08 3 3.57 5.56 3.19 79 XM_ZIP 2 1.79 0.00 2.13 80 MIME_BASE64_TEXT 2 1.79 0.00 2.13 81 TooManyTo_001 2 4.46 16.67 2.13 82 XMSubMetaD_03 2 1.79 0.00 2.13 83 USER_IN_DEF_DKIM_WL 2 1.79 0.00 2.13 84 TM2_M_VERY_LONG_WORD 2 2.68 5.56 2.13 85 FVGT_m_MULTI_ODD_EMAIL 2 1.79 0.00 2.13 86 SHORT_URI_3 2 1.79 0.00 2.13 87 XM_B_SpammyWords3 2 6.25 27.78 2.13 88 XM_B_SEO 2 1.79 0.00 2.13 89 TR_XM_Base64_L1 2 1.79 0.00 2.13 90 XMCapTrack 2 1.79 0.00 2.13 91 HTML_IMAGE_RATIO_02 2 3.57 11.11 2.13 92 BOUNCE_MESSAGE 2 1.79 0.00 2.13 93 MIME_HTML_MOSTLY 2 1.79 0.00 2.13 94 UPGRADE_MAILBOX 2 1.79 0.00 2.13 95 ANY_BOUNCE_MESSAGE 2 1.79 0.00 2.13 96 TVD_SPACE_RATIO 2 1.79 0.00 2.13 97 ACT_NOW_CAPS 2 1.79 0.00 2.13 98 RCVD_IN_MSPIKE_H4 2 1.79 0.00 2.13 99 XMGappySubj_01 2 1.79 0.00 2.13 100 TR_XM_DK_Bayes1 2 1.79 0.00 2.13 101 XM_DIRTYINTL 2 4.46 16.67 2.13 102 TR_XM_DK_Bayes2 2 1.79 0.00 2.13 103 XM_CamelCaseFrm001 2 2.68 5.56 2.13 104 TR_XM_SpammyRelay 2 4.46 16.67 2.13 105 XM_GoogleGroups 2 2.68 5.56 2.13 106 URI_HEX 2 1.79 0.00 2.13 107 PLING_QUERY 2 1.79 0.00 2.13 108 BAYES_80 2 1.79 0.00 2.13 109 T_TooManySym_03 2 1.79 0.00 2.13 110 XM_SendGrid 1 0.89 0.00 1.06 111 FSL_BULK_SIG 1 1.79 5.56 1.06 112 RCVD_IN_MSPIKE_BL 1 0.89 0.00 1.06 113 MIME_CHARSET_FARAWAY 1 0.89 0.00 1.06 114 MAILING_LIST_MULTI 1 1.79 5.56 1.06 115 BAYES_99 1 6.25 33.33 1.06 116 DKIM_ADSP_CUSTOM_MED 1 0.89 0.00 1.06 117 XM_Dr_From 1 0.89 0.00 1.06 118 XM_B_SpammyTLD 1 2.68 11.11 1.06 119 XMGppyBdWords 1 0.89 0.00 1.06 120 XM_SPF_SoftFail 1 0.89 0.00 1.06 121 RELAYCOUNTRY_TW 1 0.89 0.00 1.06 122 NO_DNS_FOR_FROM 1 1.79 5.56 1.06 123 TR_XM_NoHeaderRelay 1 1.79 5.56 1.06 124 TR_XM_UnparsRelay 1 1.79 5.56 1.06 125 FROM_GOV_SPOOF 1 1.79 5.56 1.06 126 XMSubject_78 1 0.89 0.00 1.06 127 T_XMDrugObfuBody_00 1 0.89 0.00 1.06 128 BASE64_LENGTH_79_INF 1 0.89 0.00 1.06 129 XMSubMetaSxObfu_04 1 0.89 0.00 1.06 130 TR_XM_DKIM_Undo 1 2.68 11.11 1.06 131 SpammyFromTLD_02 1 1.79 5.56 1.06 132 NML_ADSP_CUSTOM_MED 1 0.89 0.00 1.06 133 XM_H_Long_From02 1 0.89 0.00 1.06 134 TR_XM_PhishingBody 1 3.57 16.67 1.06 135 KHOP_HELO_FCRDNS 1 0.89 0.00 1.06 136 RCVD_IN_MSPIKE_L5 1 0.89 0.00 1.06 137 MPART_ALT_DIFF_COUNT 1 0.89 0.00 1.06 138 RELAYCOUNTRY_AU 1 1.79 5.56 1.06 139 URI_NO_WWW_INFO_CGI 1 0.89 0.00 1.06 140 HDRS_MISSP 1 0.89 0.00 1.06 141 XMSubMetaSxObfu_03 1 0.89 0.00 1.06 142 GMD_PDF_SQUARE 1 0.89 0.00 1.06 143 CHARSET_FARAWAY_HEADER 1 0.89 0.00 1.06 144 HELO_DYNAMIC_DHCP 1 0.89 0.00 1.06 145 TR_XM_DK_SendGrid 1 0.89 0.00 1.06 146 XMMoneyMeta_00 1 0.89 0.00 1.06 147 TM2_M_A_HREF_HREF 1 0.89 0.00 1.06 148 HTML_SHORT_CENTER 1 0.89 0.00 1.06 149 HTML_EXTRA_CLOSE 1 0.89 0.00 1.06 150 XM_DK_Undo_02 1 5.36 27.78 1.06 151 RCVD_IN_VALIDITY_RPBL 1 0.89 0.00 1.06 152 DKIM_ADSP_NXDOMAIN 1 0.89 0.00 1.06 153 XMLngstWrd_00 1 0.89 0.00 1.06 154 T_DOC_ATTACH_NO_EXT 1 0.89 0.00 1.06 155 XM_B_Phish_Phrases 1 2.68 11.11 1.06 156 XMSexyCombo_05 1 1.79 5.56 1.06 157 SpammyFromTLD_01 1 1.79 5.56 1.06 158 WEIRD_PORT 1 0.89 0.00 1.06 159 XMBody_95 1 0.89 0.00 1.06 160 TR_XM_MSPIKECOMBO 1 0.89 0.00 1.06 161 XM_B_Phish66 1 0.89 0.00 1.06 162 TR_XM_SpammyWords5 1 0.89 0.00 1.06 163 RELAYCOUNTRY_IE 1 0.89 0.00 1.06 ----------------------------------------------------------------------