Email: 62 Autolearn: 0 AvgScore: 2.02 AvgScanTime: 1.92 sec Spam: 20 Autolearn: 0 AvgScore: 11.25 AvgScanTime: 1.40 sec Ham: 42 Autolearn: 0 AvgScore: -2.38 AvgScanTime: 2.17 sec Time Spent Running SA: 0.03 hours Time Spent Processing Spam: 0.01 hours Time Spent Processing Ham: 0.03 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 HTML_MESSAGE 18 74.19 90.00 66.67 2 RELAYCOUNTRY_US 16 75.81 80.00 73.81 3 DKIM_VALID 14 59.68 70.00 54.76 4 XM_DK_Pass 14 61.29 70.00 57.14 5 DKIM_SIGNED 14 64.52 70.00 61.90 6 XMListUnsubscribeExists 14 45.16 70.00 33.33 7 DCC_CHECK_NEGATIVE 13 83.87 65.00 92.86 8 XM_B_Unicode 11 50.00 55.00 47.62 9 BAYES_50 11 61.29 55.00 64.29 10 RCVD_IN_MSPIKE_H2 10 33.87 50.00 26.19 11 DKIM_VALID_AU 10 45.16 50.00 42.86 12 MIME_HTML_ONLY 9 24.19 45.00 14.29 13 FVGT_m_MULTI_ODD 9 37.10 45.00 33.33 14 XM_B_SpammyWords 9 29.03 45.00 21.43 15 XM_Multi_Part_URI 7 17.74 35.00 9.52 16 XM_B_Unicode3 7 22.58 35.00 16.67 17 RELAYCOUNTRY_META 7 17.74 35.00 9.52 18 HTML_FONT_LOW_CONTRAST 7 20.97 35.00 14.29 19 DCC_CHECK 7 16.13 35.00 7.14 20 TM2_M_VERY_LONG_WORD 5 9.68 25.00 2.38 21 UNPARSEABLE_RELAY 5 12.90 25.00 7.14 22 MIME_HTML_ONLY_MULTI 5 8.06 25.00 0.00 23 XM_DK_Undo_02 5 9.68 25.00 2.38 24 HTML_TITLE_SUBJ_DIFF 5 8.06 25.00 0.00 25 UPPERCASE_75_100 5 8.06 25.00 0.00 26 XMLngstWrd_02 5 8.06 25.00 0.00 27 XM_GoogleGroups 5 9.68 25.00 2.38 28 XMLngstWrd_03 5 8.06 25.00 0.00 29 XMLngstWrd_00 5 9.68 25.00 2.38 30 XMLngstWrd_04 5 8.06 25.00 0.00 31 HTML_MIME_NO_HTML_TAG 5 11.29 25.00 4.76 32 BAYES_95 5 11.29 25.00 4.76 33 XMLngstWrd_01 5 8.06 25.00 0.00 34 XM_UncommonTLD01 5 12.90 25.00 7.14 35 MPART_ALT_DIFF 5 8.06 25.00 0.00 36 BOTNET_IPINHOSTNAME 4 17.74 20.00 16.67 37 DKIM_VALID_EF 4 33.87 20.00 40.48 38 LOC_TINY_FONT_1 4 11.29 20.00 7.14 39 XM_B_SpammyWords2 4 8.06 20.00 2.38 40 TR_XM_UnparsRelay 3 4.84 15.00 0.00 41 UNTRUSTED_Relay 3 4.84 15.00 0.00 42 TR_XM_DKIM_Undo 3 4.84 15.00 0.00 43 TooManyTo_001 3 12.90 15.00 11.90 44 XM_Evil_Numbers_Gen 3 9.68 15.00 7.14 45 RCVD_IN_MSPIKE_WL 3 24.19 15.00 28.57 46 RCVD_IN_MSPIKE_H3 3 16.13 15.00 16.67 47 RELAYCOUNTRY_CA 3 4.84 15.00 0.00 48 XM_Body_Dirty_Words 3 8.06 15.00 4.76 49 XMSubLong 3 22.58 15.00 26.19 50 LotsOfNums_01 2 8.06 10.00 7.14 51 XMSexyCombo_05 2 3.23 10.00 0.00 52 BAYES_99 2 4.84 10.00 2.38 53 XM_B_Unsub 2 4.84 10.00 2.38 54 XM_B_SpammyWords3 2 3.23 10.00 0.00 55 RELAYCOUNTRY_FR 2 4.84 10.00 2.38 56 XMSubPhish11 2 9.68 10.00 9.52 57 SpammyFromTLD_02 2 4.84 10.00 2.38 58 XM_UB95 2 3.23 10.00 0.00 59 TR_XM_SPAMCOP 2 3.23 10.00 0.00 60 NUMERIC_HTTP_ADDR 2 3.23 10.00 0.00 61 TR_XM_SpammyRelay 2 3.23 10.00 0.00 62 TR_XM_BayesUnsub 2 4.84 10.00 2.38 63 TR_XM_SB_Phish 2 9.68 10.00 9.52 64 BAYES_999 2 4.84 10.00 2.38 65 T_KAM_HTML_FONT_INVALID 2 11.29 10.00 11.90 66 BOTNET 2 3.23 10.00 0.00 67 RCVD_IN_BL_SPAMCOP_NET 2 3.23 10.00 0.00 68 TR_XM_DK_Unsub 2 12.90 10.00 14.29 69 T_TM2_M_HEADER_IN_MSG 2 30.65 10.00 40.48 70 FROM_SUSPICIOUS_NTLD 1 1.61 5.00 0.00 71 SHOPIFY_IMG_NOT_RCVD_SFY 1 1.61 5.00 0.00 72 SUBJ_ALL_CAPS 1 1.61 5.00 0.00 73 KHOP_HELO_FCRDNS 1 3.23 5.00 2.38 74 LONG_JUNK_URI3 1 1.61 5.00 0.00 75 LOTS_OF_MONEY 1 3.23 5.00 2.38 76 XMSubMetaSSxObfu_00 1 1.61 5.00 0.00 77 XM_B_SpammyTLD 1 3.23 5.00 2.38 78 NOT_SPAM 1 1.61 5.00 0.00 79 BAYES_60 1 8.06 5.00 9.52 80 HTML_IMAGE_RATIO_04 1 4.84 5.00 4.76 81 RELAYCOUNTRY_UA 1 1.61 5.00 0.00 82 TooManyTo_004 1 3.23 5.00 2.38 83 PDS_OTHER_BAD_TLD 1 1.61 5.00 0.00 84 TR_XM_SpammyWords4 1 1.61 5.00 0.00 85 DIET_1 1 1.61 5.00 0.00 86 HTML_IMAGE_ONLY_20 1 3.23 5.00 2.38 87 FORGED_RELAY_MUA_TO_MX 1 1.61 5.00 0.00 88 RDNS_DYNAMIC 1 1.61 5.00 0.00 89 XM_SendGrid 1 4.84 5.00 4.76 90 OBFU_TEXT_ATTACH 1 1.61 5.00 0.00 91 TooManyTo_003 1 3.23 5.00 2.38 92 XM_Sft_Co_L33T 1 1.61 5.00 0.00 93 TR_Caps_n_Bayes_95 1 1.61 5.00 0.00 94 RELAYCOUNTRY_AT 1 1.61 5.00 0.00 95 FSL_BULK_SIG 1 3.23 5.00 2.38 96 TR_XM_DK_SendGrid 1 3.23 5.00 2.38 97 TooManyTo_002 1 3.23 5.00 2.38 98 XMPhish08 1 1.61 5.00 0.00 99 XM_UB50 1 1.61 5.00 0.00 100 BAYES_80 1 1.61 5.00 0.00 101 XMDateMe_00 1 1.61 5.00 0.00 102 TR_XM_PhishingBody 1 3.23 5.00 2.38 103 T_DOC_ATTACH_NO_EXT 1 1.61 5.00 0.00 104 PDS_RDNS_DYNAMIC_FP 1 1.61 5.00 0.00 105 TR_BOTNET_NEGATE 1 1.61 5.00 0.00 106 GMD_PDF_SQUARE 1 1.61 5.00 0.00 107 XM_DIRTYINTL 1 1.61 5.00 0.00 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 39 83.87 65.00 92.86 2 RELAYCOUNTRY_US 31 75.81 80.00 73.81 3 HTML_MESSAGE 28 74.19 90.00 66.67 4 BAYES_50 27 61.29 55.00 64.29 5 DKIM_SIGNED 26 64.52 70.00 61.90 6 XM_DK_Pass 24 61.29 70.00 57.14 7 DKIM_VALID 23 59.68 70.00 54.76 8 XM_B_Unicode 20 50.00 55.00 47.62 9 DKIM_VALID_AU 18 45.16 50.00 42.86 10 DKIM_VALID_EF 17 33.87 20.00 40.48 11 T_TM2_M_HEADER_IN_MSG 17 30.65 10.00 40.48 12 FVGT_m_MULTI_ODD 14 37.10 45.00 33.33 13 XMListUnsubscribeExists 14 45.16 70.00 33.33 14 RCVD_IN_MSPIKE_WL 12 24.19 15.00 28.57 15 RCVD_IN_MSPIKE_H2 11 33.87 50.00 26.19 16 XMSubLong 11 22.58 15.00 26.19 17 ALL_TRUSTED 9 14.52 0.00 21.43 18 XM_B_SpammyWords 9 29.03 45.00 21.43 19 BOTNET_IPINHOSTNAME 7 17.74 20.00 16.67 20 XM_B_Unicode3 7 22.58 35.00 16.67 21 T_TooManySym_01 7 11.29 0.00 16.67 22 RCVD_IN_MSPIKE_H3 7 16.13 15.00 16.67 23 T_TooManySym_02 6 9.68 0.00 14.29 24 MIME_HTML_ONLY 6 24.19 45.00 14.29 25 BAYES_00 6 9.68 0.00 14.29 26 HTML_FONT_LOW_CONTRAST 6 20.97 35.00 14.29 27 TR_XM_DK_Unsub 6 12.90 10.00 14.29 28 IN_ZIMBRA_NJ_WHITELIST 6 9.68 0.00 14.29 29 XM_DKIMWhitelistDomains 6 9.68 0.00 14.29 30 TooManyTo_001 5 12.90 15.00 11.90 31 T_XMDrugObfuBody_08 5 8.06 0.00 11.90 32 TR_XM_DK_Bayes 5 8.06 0.00 11.90 33 TR_XM_DK_Bayes1 5 8.06 0.00 11.90 34 T_KAM_HTML_FONT_INVALID 5 11.29 10.00 11.90 35 TR_XM_DK_Bayes2 5 8.06 0.00 11.90 36 XMNumbers 4 6.45 0.00 9.52 37 XM_Multi_Part_URI 4 17.74 35.00 9.52 38 BAYES_60 4 8.06 5.00 9.52 39 XMSubPhish11 4 9.68 10.00 9.52 40 RELAYCOUNTRY_META 4 17.74 35.00 9.52 41 TR_XM_SB_Phish 4 9.68 10.00 9.52 42 RCVD_IN_MSPIKE_H4 4 6.45 0.00 9.52 43 LotsOfNums_01 3 8.06 10.00 7.14 44 UNPARSEABLE_RELAY 3 12.90 25.00 7.14 45 XMCapTrack 3 4.84 0.00 7.14 46 TVD_SPACE_RATIO 3 4.84 0.00 7.14 47 DKIM_INVALID 3 4.84 0.00 7.14 48 DCC_CHECK 3 16.13 35.00 7.14 49 XM_Evil_Numbers_Gen 3 9.68 15.00 7.14 50 XM_UncommonTLD01 3 12.90 25.00 7.14 51 LOC_TINY_FONT_1 3 11.29 20.00 7.14 52 HTML_IMAGE_RATIO_06 2 3.23 0.00 4.76 53 XMBSHREFv2 2 3.23 0.00 4.76 54 XM_S_SketchInvoice 2 3.23 0.00 4.76 55 BAYES_40 2 3.23 0.00 4.76 56 T_TooManySym_03 2 3.23 0.00 4.76 57 HTML_IMAGE_RATIO_04 2 4.84 5.00 4.76 58 TR_XM_SpammyWords7 2 3.23 0.00 4.76 59 XM_SendGrid 2 4.84 5.00 4.76 60 MSGID_NOFQDN1 2 3.23 0.00 4.76 61 INVALID_MSGID 2 3.23 0.00 4.76 62 TO_MALFORMED 2 3.23 0.00 4.76 63 XM_H_Long_From01 2 3.23 0.00 4.76 64 URI_HEX 2 3.23 0.00 4.76 65 USER_IN_DEF_DKIM_WL 2 3.23 0.00 4.76 66 FVGT_m_MULTI_ODD_EMAIL 2 3.23 0.00 4.76 67 HTML_MIME_NO_HTML_TAG 2 11.29 25.00 4.76 68 BAYES_95 2 11.29 25.00 4.76 69 TR_MetaPhish_Gmail 2 3.23 0.00 4.76 70 XM_Body_Dirty_Words 2 8.06 15.00 4.76 71 MIME_HTML_MOSTLY 2 3.23 0.00 4.76 72 TVD_RCVD_IP 2 3.23 0.00 4.76 73 ANY_BOUNCE_MESSAGE 1 1.61 0.00 2.38 74 XM_DK_Undo_02 1 9.68 25.00 2.38 75 KHOP_HELO_FCRDNS 1 3.23 5.00 2.38 76 XM_B_Unsub 1 4.84 10.00 2.38 77 HDRS_MISSP 1 1.61 0.00 2.38 78 FROM_GOV_SPOOF 1 1.61 0.00 2.38 79 LOTS_OF_MONEY 1 3.23 5.00 2.38 80 BOUNCE_MESSAGE 1 1.61 0.00 2.38 81 TM2_M_VERY_LONG_WORD 1 9.68 25.00 2.38 82 XM_ZIP 1 1.61 0.00 2.38 83 T_XMDrugObfuBody_14 1 1.61 0.00 2.38 84 BAYES_99 1 4.84 10.00 2.38 85 T_XMDrugObfuBody_06 1 1.61 0.00 2.38 86 MIME_QP_LONG_LINE 1 1.61 0.00 2.38 87 RCVD_IN_MSPIKE_H5 1 1.61 0.00 2.38 88 TooManyTo_005 1 1.61 0.00 2.38 89 RELAYCOUNTRY_FR 1 4.84 10.00 2.38 90 XM_B_SpammyTLD 1 3.23 5.00 2.38 91 XMStrtUSub 1 1.61 0.00 2.38 92 TR_XM_COVIDMETA4 1 1.61 0.00 2.38 93 XM_B_DNDMA 1 1.61 0.00 2.38 94 TooManyTo_004 1 3.23 5.00 2.38 95 SpammyFromTLD_02 1 4.84 10.00 2.38 96 XM_SPF_SoftFail 1 1.61 0.00 2.38 97 HTML_IMAGE_ONLY_20 1 3.23 5.00 2.38 98 XMBody_95 1 1.61 0.00 2.38 99 LONG_JUNK_URI 1 1.61 0.00 2.38 100 XMBrknScrpt_02 1 1.61 0.00 2.38 101 MAILING_LIST_MULTI 1 1.61 0.00 2.38 102 XMGappySubj_01 1 1.61 0.00 2.38 103 XMLngstWrd_00 1 9.68 25.00 2.38 104 RELAYCOUNTRY_BG 1 1.61 0.00 2.38 105 XMSubMetaSxObfu_03 1 1.61 0.00 2.38 106 XM_GoogleGroups 1 9.68 25.00 2.38 107 BAYES_999 1 4.84 10.00 2.38 108 FSL_BULK_SIG 1 3.23 5.00 2.38 109 TR_XM_DK_SendGrid 1 3.23 5.00 2.38 110 LONG_IMG_URI 1 1.61 0.00 2.38 111 TR_XM_BayesUnsub 1 4.84 10.00 2.38 112 TooManyTo_003 1 3.23 5.00 2.38 113 XM_DK_Undo_01 1 1.61 0.00 2.38 114 XM_B_SEO 1 1.61 0.00 2.38 115 TooManyTo_002 1 3.23 5.00 2.38 116 RELAYCOUNTRY_GB 1 1.61 0.00 2.38 117 XMSubMetaSx_00 1 1.61 0.00 2.38 118 XM_B_SpammyWords2 1 8.06 20.00 2.38 119 TR_XM_PhishingBody 1 3.23 5.00 2.38 120 HTML_IMAGE_RATIO_02 1 1.61 0.00 2.38 121 XMSubject_78 1 1.61 0.00 2.38 122 SHORT_URI_3 1 1.61 0.00 2.38 123 RELAYCOUNTRY_ZA 1 1.61 0.00 2.38 124 XM_B_Phish66 1 1.61 0.00 2.38 ----------------------------------------------------------------------