Email: 87 Autolearn: 0 AvgScore: 2.11 AvgScanTime: 2.68 sec Spam: 23 Autolearn: 0 AvgScore: 13.43 AvgScanTime: 3.25 sec Ham: 64 Autolearn: 0 AvgScore: -1.95 AvgScanTime: 2.47 sec Time Spent Running SA: 0.06 hours Time Spent Processing Spam: 0.02 hours Time Spent Processing Ham: 0.04 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 HTML_MESSAGE 20 75.86 86.96 71.88 2 XM_DK_Pass 18 71.26 78.26 68.75 3 DKIM_SIGNED 18 73.56 78.26 71.88 4 DKIM_VALID 18 71.26 78.26 68.75 5 DCC_CHECK_NEGATIVE 17 87.36 73.91 92.19 6 RELAYCOUNTRY_US 15 70.11 65.22 71.88 7 DKIM_VALID_AU 15 52.87 65.22 48.44 8 MIME_HTML_ONLY 13 28.74 56.52 18.75 9 BAYES_50 13 62.07 56.52 64.06 10 XMListUnsubscribeExists 12 44.83 52.17 42.19 11 RELAYCOUNTRY_META 11 19.54 47.83 9.38 12 FVGT_m_MULTI_ODD 11 35.63 47.83 31.25 13 XM_B_SpammyWords 10 33.33 43.48 29.69 14 XM_B_Unicode 9 48.28 39.13 51.56 15 TM2_M_VERY_LONG_WORD 8 17.24 34.78 10.94 16 XM_UncommonTLD01 8 18.39 34.78 12.50 17 DKIM_VALID_EF 7 29.89 30.43 29.69 18 HTML_FONT_LOW_CONTRAST 6 25.29 26.09 25.00 19 DCC_CHECK 6 12.64 26.09 7.81 20 HTML_TITLE_SUBJ_DIFF 6 12.64 26.09 7.81 21 XMLngstWrd_03 6 12.64 26.09 7.81 22 MIME_HTML_ONLY_MULTI 6 13.79 26.09 9.38 23 XMLngstWrd_04 6 12.64 26.09 7.81 24 UPPERCASE_75_100 6 12.64 26.09 7.81 25 RCVD_IN_MSPIKE_H2 6 21.84 26.09 20.31 26 XM_GoogleGroups 6 13.79 26.09 9.38 27 XMSubLong 6 27.59 26.09 28.12 28 MPART_ALT_DIFF 6 14.94 26.09 10.94 29 RCVD_IN_MSPIKE_WL 6 36.78 26.09 40.62 30 XMLngstWrd_00 6 13.79 26.09 9.38 31 HTML_MIME_NO_HTML_TAG 6 12.64 26.09 7.81 32 XMLngstWrd_01 6 12.64 26.09 7.81 33 XMLngstWrd_02 6 12.64 26.09 7.81 34 XM_B_Unicode3 5 27.59 21.74 29.69 35 T_KAM_HTML_FONT_INVALID 5 10.34 21.74 6.25 36 TR_XM_BayesUnsub 5 10.34 21.74 6.25 37 XM_B_Unsub 5 12.64 21.74 9.38 38 SpammyFromTLD_02 5 5.75 21.74 0.00 39 RCVD_IN_MSPIKE_H3 5 35.63 21.74 40.62 40 TR_XM_SpammyRelay 5 6.90 21.74 1.56 41 BAYES_99 4 5.75 17.39 1.56 42 XM_DK_Undo_02 4 8.05 17.39 4.69 43 XM_B_SpammyWords3 4 5.75 17.39 1.56 44 RELAYCOUNTRY_CA 4 6.90 17.39 3.12 45 XM_Multi_Part_URI 4 12.64 17.39 10.94 46 TR_XM_NoHeaderRelay 4 4.60 17.39 0.00 47 XM_B_SpammyWords2 4 14.94 17.39 14.06 48 TR_XM_SpammyWords3 3 4.60 13.04 1.56 49 TR_XM_DK_Unsub 3 16.09 13.04 17.19 50 RCVD_IN_MSPIKE_BL 3 4.60 13.04 1.56 51 XM_Body_Dirty_Words 3 12.64 13.04 12.50 52 RCVD_IN_PSBL 3 3.45 13.04 0.00 53 BAYES_60 3 17.24 13.04 18.75 54 TR_XM_MSPIKECOMBO 3 4.60 13.04 1.56 55 RCVD_IN_MSPIKE_L4 3 3.45 13.04 0.00 56 ALL_TRUSTED 3 19.54 13.04 21.88 57 BOTNET_IPINHOSTNAME 3 9.20 13.04 7.81 58 BOTNET 3 5.75 13.04 3.12 59 BAYES_999 3 4.60 13.04 1.56 60 TR_XM_PHPForged 3 3.45 13.04 0.00 61 TR_XM_PHPDW 2 2.30 8.70 0.00 62 NO_DNS_FOR_FROM 2 2.30 8.70 0.00 63 RELAYCOUNTRY_SG 2 2.30 8.70 0.00 64 LOTS_OF_MONEY 2 5.75 8.70 4.69 65 TO_NO_BRKTS_HTML_ONLY 2 2.30 8.70 0.00 66 T_TM2_M_HEADER_IN_MSG 2 22.99 8.70 28.12 67 XM_B_Unsub2 2 3.45 8.70 1.56 68 XM_H_PHPMailer 2 3.45 8.70 1.56 69 XMSexyCombo_05 2 2.30 8.70 0.00 70 HTML_IMAGE_RATIO_06 2 8.05 8.70 7.81 71 XM_DIRTYINTL 2 3.45 8.70 1.56 72 XMStockSpam_06 2 3.45 8.70 1.56 73 SpammyFromTLD_01 2 2.30 8.70 0.00 74 RELAYCOUNTRY_TR 2 3.45 8.70 1.56 75 TR_XM_DKIM_Undo 2 4.60 8.70 3.12 76 TR_XM_FormFill2 2 2.30 8.70 0.00 77 XM_UB99 2 2.30 8.70 0.00 78 FSL_BULK_SIG 2 2.30 8.70 0.00 79 XM_B_SpammyTLD 2 3.45 8.70 1.56 80 UNTRUSTED_Relay 2 4.60 8.70 3.12 81 LotsOfNums_01 2 4.60 8.70 3.12 82 TR_XM_MaxWHORU 2 2.30 8.70 0.00 83 XM_H_PHPOS 2 2.30 8.70 0.00 84 BAYES_80 2 4.60 8.70 3.12 85 LONG_JUNK_URI 1 1.15 4.35 0.00 86 TR_XM_COVIDMETA5 1 1.15 4.35 0.00 87 FROM_SUSPICIOUS_NTLD_FP 1 1.15 4.35 0.00 88 XM_Body_Obfu01 1 1.15 4.35 0.00 89 SUSPICIOUS_RECIPS 1 1.15 4.35 0.00 90 XM_B_COVIDMETA 1 1.15 4.35 0.00 91 RELAYCOUNTRY_SA 1 1.15 4.35 0.00 92 FROM_EXCESS_BASE64 1 1.15 4.35 0.00 93 TR_Symld_Words 1 1.15 4.35 0.00 94 FROM_GOV_DKIM_AU 1 1.15 4.35 0.00 95 XM_B_SEO 1 1.15 4.35 0.00 96 TooManyTo_003 1 1.15 4.35 0.00 97 TR_XM_SpammyWords4 1 1.15 4.35 0.00 98 T_XMDrugObfuBody_08 1 1.15 4.35 0.00 99 TR_LOTS_OF_MONEY3 1 1.15 4.35 0.00 100 XM_UB999 1 1.15 4.35 0.00 101 XMFrmHeader_28 1 1.15 4.35 0.00 102 T_TooManySym_01 1 11.49 4.35 14.06 103 TooManyTo_004 1 1.15 4.35 0.00 104 XM_H_Undi_Recip 1 1.15 4.35 0.00 105 XM_H_PHPOS_M 1 1.15 4.35 0.00 106 FORGED_HOTMAIL_RCVD2 1 1.15 4.35 0.00 107 TR_XM_Undi_Recip6 1 1.15 4.35 0.00 108 TR_XM_COVIDMETA1 1 2.30 4.35 1.56 109 DKIM_ADSP_NXDOMAIN 1 1.15 4.35 0.00 110 LOC_TINY_FONT_1 1 11.49 4.35 14.06 111 TO_EQ_FM_DOM_HTML_ONLY 1 1.15 4.35 0.00 112 RCVD_IN_VALIDITY_SAFE 1 1.15 4.35 0.00 113 RELAYCOUNTRY_AR 1 1.15 4.35 0.00 114 XM_B_Phish66 1 2.30 4.35 1.56 115 TR_XM_SEO4 1 1.15 4.35 0.00 116 TR_XM_SpammyWords5 1 1.15 4.35 0.00 117 XM_OfRef6 1 1.15 4.35 0.00 118 FROM_SUSPICIOUS_NTLD 1 1.15 4.35 0.00 119 LongTLD 1 1.15 4.35 0.00 120 TR_XM_Undi_Recip5 1 1.15 4.35 0.00 121 MAILING_LIST_MULTI 1 2.30 4.35 1.56 122 XM_Nigeria_01 1 1.15 4.35 0.00 123 XM_Nigeria_02 1 1.15 4.35 0.00 124 LONG_JUNK_URI3 1 1.15 4.35 0.00 125 BAYES_95 1 1.15 4.35 0.00 126 XMNumbers 1 4.60 4.35 4.69 127 XM_B_Investor 1 1.15 4.35 0.00 128 TR_XM_PhishingBody 1 2.30 4.35 1.56 129 USER_IN_DEF_DKIM_WL 1 3.45 4.35 3.12 130 TooManyTo_002 1 2.30 4.35 1.56 131 TR_Mismatch_TLD_02 1 1.15 4.35 0.00 132 TooManyTo_001 1 4.60 4.35 4.69 133 TR_LOTS_OF_MONEY2 1 1.15 4.35 0.00 134 RELAYCOUNTRY_IE 1 1.15 4.35 0.00 135 XM_B_Phish_Phrases 1 2.30 4.35 1.56 136 RCVD_IN_MSPIKE_H4 1 1.15 4.35 0.00 137 MONEY_BACK 1 1.15 4.35 0.00 138 RCVD_IN_VALIDITY_CERTIFIED 1 1.15 4.35 0.00 139 XM_BadFromFormat 1 1.15 4.35 0.00 140 XM_URI_RBL 1 1.15 4.35 0.00 141 UNDISC_MONEY 1 1.15 4.35 0.00 142 UNPARSEABLE_RELAY 1 8.05 4.35 9.38 143 IMPOTENCE 1 1.15 4.35 0.00 144 RDNS_DYNAMIC 1 1.15 4.35 0.00 145 XM_H_DatedCube 1 1.15 4.35 0.00 146 XM_Evil_Numbers_Gen 1 3.45 4.35 3.12 147 FROM_GOV_SPOOF 1 1.15 4.35 0.00 148 XM_Lotto 1 1.15 4.35 0.00 149 XM_HighProb1 1 1.15 4.35 0.00 150 HK_RANDOM_ENVFROM 1 1.15 4.35 0.00 151 RELAYCOUNTRY_ES 1 1.15 4.35 0.00 152 KHOP_HELO_FCRDNS 1 2.30 4.35 1.56 153 PDS_RDNS_DYNAMIC_FP 1 1.15 4.35 0.00 154 OBFU_TEXT_ATTACH 1 1.15 4.35 0.00 155 T_MONEY_PERCENT 1 1.15 4.35 0.00 156 MIME_HTML_MOSTLY 1 3.45 4.35 3.12 157 T_TooManySym_02 1 8.05 4.35 9.38 158 HK_RANDOM_FROM 1 1.15 4.35 0.00 159 T_XMDrugObfuBody_00 1 1.15 4.35 0.00 160 MIME_QP_LONG_LINE 1 2.30 4.35 1.56 161 HTML_IMAGE_RATIO_04 1 6.90 4.35 7.81 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 59 87.36 73.91 92.19 2 DKIM_SIGNED 46 73.56 78.26 71.88 3 RELAYCOUNTRY_US 46 70.11 65.22 71.88 4 HTML_MESSAGE 46 75.86 86.96 71.88 5 XM_DK_Pass 44 71.26 78.26 68.75 6 DKIM_VALID 44 71.26 78.26 68.75 7 BAYES_50 41 62.07 56.52 64.06 8 XM_B_Unicode 33 48.28 39.13 51.56 9 DKIM_VALID_AU 31 52.87 65.22 48.44 10 XMListUnsubscribeExists 27 44.83 52.17 42.19 11 RCVD_IN_MSPIKE_WL 26 36.78 26.09 40.62 12 RCVD_IN_MSPIKE_H3 26 35.63 21.74 40.62 13 FVGT_m_MULTI_ODD 20 35.63 47.83 31.25 14 XM_B_Unicode3 19 27.59 21.74 29.69 15 XM_B_SpammyWords 19 33.33 43.48 29.69 16 DKIM_VALID_EF 19 29.89 30.43 29.69 17 T_TM2_M_HEADER_IN_MSG 18 22.99 8.70 28.12 18 XMSubLong 18 27.59 26.09 28.12 19 HTML_FONT_LOW_CONTRAST 16 25.29 26.09 25.00 20 ALL_TRUSTED 14 19.54 13.04 21.88 21 RCVD_IN_MSPIKE_H2 13 21.84 26.09 20.31 22 BAYES_60 12 17.24 13.04 18.75 23 MIME_HTML_ONLY 12 28.74 56.52 18.75 24 TR_XM_DK_Unsub 11 16.09 13.04 17.19 25 XM_DKIMWhitelistDomains 9 10.34 0.00 14.06 26 LOC_TINY_FONT_1 9 11.49 4.35 14.06 27 T_TooManySym_01 9 11.49 4.35 14.06 28 XM_B_SpammyWords2 9 14.94 17.39 14.06 29 XM_Body_Dirty_Words 8 12.64 13.04 12.50 30 XM_PDF 8 9.20 0.00 12.50 31 XM_UncommonTLD01 8 18.39 34.78 12.50 32 MSGID_NOFQDN1 8 9.20 0.00 12.50 33 INVALID_MSGID 8 9.20 0.00 12.50 34 TM2_M_VERY_LONG_WORD 7 17.24 34.78 10.94 35 TO_MALFORMED 7 8.05 0.00 10.94 36 IN_ZIMBRA_NJ_WHITELIST 7 8.05 0.00 10.94 37 XM_Multi_Part_URI 7 12.64 17.39 10.94 38 MPART_ALT_DIFF 7 14.94 26.09 10.94 39 BOUNCE_MESSAGE 6 6.90 0.00 9.38 40 MIME_HTML_ONLY_MULTI 6 13.79 26.09 9.38 41 RELAYCOUNTRY_META 6 19.54 47.83 9.38 42 T_TooManySym_02 6 8.05 4.35 9.38 43 XMLngstWrd_00 6 13.79 26.09 9.38 44 ANY_BOUNCE_MESSAGE 6 6.90 0.00 9.38 45 UNPARSEABLE_RELAY 6 8.05 4.35 9.38 46 XM_B_Unsub 6 12.64 21.74 9.38 47 XM_GoogleGroups 6 13.79 26.09 9.38 48 UPPERCASE_75_100 5 12.64 26.09 7.81 49 XMLngstWrd_04 5 12.64 26.09 7.81 50 XMLngstWrd_03 5 12.64 26.09 7.81 51 HTML_TITLE_SUBJ_DIFF 5 12.64 26.09 7.81 52 DCC_CHECK 5 12.64 26.09 7.81 53 XMLngstWrd_02 5 12.64 26.09 7.81 54 XMLngstWrd_01 5 12.64 26.09 7.81 55 HTML_IMAGE_RATIO_04 5 6.90 4.35 7.81 56 HTML_MIME_NO_HTML_TAG 5 12.64 26.09 7.81 57 BOTNET_IPINHOSTNAME 5 9.20 13.04 7.81 58 HTML_IMAGE_RATIO_06 5 8.05 8.70 7.81 59 T_KAM_HTML_FONT_INVALID 4 10.34 21.74 6.25 60 XMSubMetaSx_00 4 4.60 0.00 6.25 61 XMSpoofStaff2 4 4.60 0.00 6.25 62 RCVD_IN_IADB_VOUCHED 4 4.60 0.00 6.25 63 TR_XM_SpoofPhishAttach 4 4.60 0.00 6.25 64 RCVD_IN_IADB_OPTIN 4 4.60 0.00 6.25 65 TR_XM_SpoofStaff 4 4.60 0.00 6.25 66 RCVD_IN_IADB_SENDERID 4 4.60 0.00 6.25 67 XM_ZohoDesk1 4 4.60 0.00 6.25 68 T_OBFU_PDF_ATTACH 4 4.60 0.00 6.25 69 RCVD_IN_IADB_SPF 4 4.60 0.00 6.25 70 GMD_PDF_HORIZ 4 4.60 0.00 6.25 71 XM_H_SpoofStaff4 4 4.60 0.00 6.25 72 TR_XM_PSC1 4 4.60 0.00 6.25 73 TR_XM_BayesUnsub 4 10.34 21.74 6.25 74 RCVD_IN_IADB_LISTED 4 4.60 0.00 6.25 75 XM_DK_Undo_02 3 8.05 17.39 4.69 76 LOTS_OF_MONEY 3 5.75 8.70 4.69 77 RCVD_IN_IADB_DK 3 3.45 0.00 4.69 78 BAYES_20 3 3.45 0.00 4.69 79 URI_NOVOWEL 3 3.45 0.00 4.69 80 TooManyTo_001 3 4.60 4.35 4.69 81 XMNumbers 3 4.60 4.35 4.69 82 BAYES_00 2 2.30 0.00 3.12 83 TR_XM_UnparsRelay 2 2.30 0.00 3.12 84 HTML_IMAGE_RATIO_08 2 2.30 0.00 3.12 85 BAYES_05 2 2.30 0.00 3.12 86 XMSubject_78 2 2.30 0.00 3.12 87 XM_DK_Undo_01 2 2.30 0.00 3.12 88 XM_SendGrid 2 2.30 0.00 3.12 89 TVD_SPACE_RATIO 2 2.30 0.00 3.12 90 FVGT_m_MULTI_ODD_EMAIL 2 2.30 0.00 3.12 91 T_REMOTE_IMAGE 2 2.30 0.00 3.12 92 T_TooManySym_03 2 2.30 0.00 3.12 93 TM2_M_URI_OPT_OUT 2 2.30 0.00 3.12 94 TR_XM_DK_SendGrid 2 2.30 0.00 3.12 95 XMStrtUSub 2 2.30 0.00 3.12 96 SUBJ_ALL_CAPS 2 2.30 0.00 3.12 97 BAYES_80 2 4.60 8.70 3.12 98 T_XMDrugObfuBody_14 2 2.30 0.00 3.12 99 TR_Mismatch_TLD_01 2 2.30 0.00 3.12 100 BOTNET 2 5.75 13.04 3.12 101 XMGappySubj_01 2 2.30 0.00 3.12 102 LotsOfNums_01 2 4.60 8.70 3.12 103 MIME_HTML_MOSTLY 2 3.45 4.35 3.12 104 UNTRUSTED_Relay 2 4.60 8.70 3.12 105 XM_H_Trusted_IP 2 2.30 0.00 3.12 106 XM_Evil_Numbers_Gen 2 3.45 4.35 3.12 107 RELAYCOUNTRY_CA 2 6.90 17.39 3.12 108 DKIM_INVALID 2 2.30 0.00 3.12 109 TR_XM_DKIM_Undo 2 4.60 8.70 3.12 110 USER_IN_DEF_DKIM_WL 2 3.45 4.35 3.12 111 TR_XM_MSPIKECOMBO 1 4.60 13.04 1.56 112 RELAYCOUNTRY_FR 1 1.15 0.00 1.56 113 XM_B_Unsub2 1 3.45 8.70 1.56 114 RELAYCOUNTRY_GB 1 1.15 0.00 1.56 115 MAILING_LIST_MULTI 1 2.30 4.35 1.56 116 HTML_FONT_FACE_BAD 1 1.15 0.00 1.56 117 XM_H_PHPMailer 1 3.45 8.70 1.56 118 RCVD_IN_VALIDITY_RPBL 1 1.15 0.00 1.56 119 DKIM_ADSP_CUSTOM_MED 1 1.15 0.00 1.56 120 XM_ProductURIs 1 1.15 0.00 1.56 121 BAYES_40 1 1.15 0.00 1.56 122 TR_BOTNET_NEGATE 1 1.15 0.00 1.56 123 XM_B_Phish66 1 2.30 4.35 1.56 124 XM_H_ReservationHelp 1 1.15 0.00 1.56 125 XM_B_SpammyWords3 1 5.75 17.39 1.56 126 XM_UB50 1 1.15 0.00 1.56 127 TR_XM_COVIDMETA1 1 2.30 4.35 1.56 128 RCVD_IN_MSPIKE_BL 1 4.60 13.04 1.56 129 TR_XM_SpammyWords3 1 4.60 13.04 1.56 130 XM_RXBody 1 1.15 0.00 1.56 131 BAYES_99 1 5.75 17.39 1.56 132 T_Symld_Words_02 1 1.15 0.00 1.56 133 XMSubMetaSxObfu_03 1 1.15 0.00 1.56 134 MIME_QP_LONG_LINE 1 2.30 4.35 1.56 135 TR_XM_DK_Bayes1 1 1.15 0.00 1.56 136 MPART_ALT_DIFF_COUNT 1 1.15 0.00 1.56 137 TR_XM_SpammyRelay 1 6.90 21.74 1.56 138 XM_UCStrings02 1 1.15 0.00 1.56 139 IN_HORDE_ADDRESS_BOOK 1 1.15 0.00 1.56 140 RCVD_IN_MSPIKE_L3 1 1.15 0.00 1.56 141 KHOP_HELO_FCRDNS 1 2.30 4.35 1.56 142 XM_B_SpammyTLD 1 3.45 8.70 1.56 143 XM_ShortIntro_01 1 1.15 0.00 1.56 144 DATE_IN_PAST_24_48 1 1.15 0.00 1.56 145 BAYES_999 1 4.60 13.04 1.56 146 XM_CamelCaseFrm001 1 1.15 0.00 1.56 147 XMSubPhish11 1 1.15 0.00 1.56 148 XMNoVowels 1 1.15 0.00 1.56 149 RELAYCOUNTRY_AU 1 1.15 0.00 1.56 150 WEIRD_QUOTING 1 1.15 0.00 1.56 151 HTTPS_HTTP_MISMATCH 1 1.15 0.00 1.56 152 TR_XM_SpoofStaff3 1 1.15 0.00 1.56 153 T_XMHurry_00 1 1.15 0.00 1.56 154 TR_XM_SB_Phish 1 1.15 0.00 1.56 155 FORGED_GMAIL_RCVD 1 1.15 0.00 1.56 156 XM_B_Phish_Phrases 1 2.30 4.35 1.56 157 RELAYCOUNTRY_TR 1 3.45 8.70 1.56 158 TR_XM_PhishingBody 1 2.30 4.35 1.56 159 XM_DIRTYINTL 1 3.45 8.70 1.56 160 TooManyTo_002 1 2.30 4.35 1.56 161 ACT_NOW_CAPS 1 1.15 0.00 1.56 162 XM_H_Long_From01 1 1.15 0.00 1.56 163 TR_XM_DK_Bayes 1 1.15 0.00 1.56 164 XMStockSpam_06 1 3.45 8.70 1.56 165 HELO_DYNAMIC_IPADDR 1 1.15 0.00 1.56 166 XM_UB60 1 1.15 0.00 1.56 ----------------------------------------------------------------------