Email: 83 Autolearn: 0 AvgScore: 1.31 AvgScanTime: 4.02 sec Spam: 15 Autolearn: 0 AvgScore: 14.67 AvgScanTime: 3.89 sec Ham: 68 Autolearn: 0 AvgScore: -1.63 AvgScanTime: 4.05 sec Time Spent Running SA: 0.09 hours Time Spent Processing Spam: 0.02 hours Time Spent Processing Ham: 0.08 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 13 89.16 86.67 89.71 2 RELAYCOUNTRY_US 13 80.72 86.67 79.41 3 HTML_MESSAGE 12 81.93 80.00 82.35 4 DKIM_SIGNED 10 73.49 66.67 75.00 5 XM_DK_Pass 9 68.67 60.00 70.59 6 XMListUnsubscribeExists 9 34.94 60.00 29.41 7 BAYES_50 9 68.67 60.00 70.59 8 DKIM_VALID 8 66.27 53.33 69.12 9 XM_B_Unicode 7 61.45 46.67 64.71 10 MIME_HTML_ONLY 7 20.48 46.67 14.71 11 XM_B_SpammyWords 6 27.71 40.00 25.00 12 RELAYCOUNTRY_META 6 10.84 40.00 4.41 13 XM_B_Unicode3 6 38.55 40.00 38.24 14 DKIM_VALID_AU 5 56.63 33.33 61.76 15 HTML_FONT_LOW_CONTRAST 5 22.89 33.33 20.59 16 BOTNET 5 6.02 33.33 0.00 17 XM_B_SpammyWords2 5 15.66 33.33 11.76 18 XM_DK_Undo_02 5 6.02 33.33 0.00 19 FVGT_m_MULTI_ODD 5 24.10 33.33 22.06 20 XM_UncommonTLD01 5 10.84 33.33 5.88 21 RCVD_IN_MSPIKE_H2 4 19.28 26.67 17.65 22 TR_XM_DKIM_Undo 4 4.82 26.67 0.00 23 NO_DNS_FOR_FROM 3 3.61 20.00 0.00 24 BAYES_99 3 3.61 20.00 0.00 25 HTML_MIME_NO_HTML_TAG 3 4.82 20.00 1.47 26 LOC_TINY_FONT_1 3 22.89 20.00 23.53 27 TR_XM_MaxWHORU 3 3.61 20.00 0.00 28 BOTNET_IPINHOSTNAME 3 12.05 20.00 10.29 29 RCVD_IN_BL_SPAMCOP_NET 2 2.41 13.33 0.00 30 SpammyFromTLD_01 2 2.41 13.33 0.00 31 TooManyTo_001 2 6.02 13.33 4.41 32 XMLngstWrd_04 2 2.41 13.33 0.00 33 TR_XM_SpammyRelay 2 4.82 13.33 2.94 34 TM2_M_VERY_LONG_WORD 2 4.82 13.33 2.94 35 BOTNET_NORDNS 2 2.41 13.33 0.00 36 MIME_HTML_ONLY_MULTI 2 4.82 13.33 2.94 37 XMLngstWrd_00 2 3.61 13.33 1.47 38 XMLngstWrd_02 2 2.41 13.33 0.00 39 SpammyFromTLD_02 2 3.61 13.33 1.47 40 UPPERCASE_75_100 2 2.41 13.33 0.00 41 XMSubLong 2 27.71 13.33 30.88 42 MPART_ALT_DIFF 2 4.82 13.33 2.94 43 XM_Evil_Numbers_Gen 2 7.23 13.33 5.88 44 TR_XM_PhishingBody 2 3.61 13.33 1.47 45 XMLngstWrd_03 2 2.41 13.33 0.00 46 FROM_SUSPICIOUS_NTLD 2 2.41 13.33 0.00 47 T_KAM_HTML_FONT_INVALID 2 13.25 13.33 13.24 48 DCC_CHECK 2 10.84 13.33 10.29 49 DKIM_INVALID 2 7.23 13.33 5.88 50 HTML_TITLE_SUBJ_DIFF 2 2.41 13.33 0.00 51 FROM_SUSPICIOUS_NTLD_FP 2 2.41 13.33 0.00 52 XM_GoogleGroups 2 2.41 13.33 0.00 53 PDS_OTHER_BAD_TLD 2 2.41 13.33 0.00 54 RELAYCOUNTRY_AU 2 3.61 13.33 1.47 55 XM_B_SpammyWords3 2 3.61 13.33 1.47 56 XMLngstWrd_01 2 2.41 13.33 0.00 57 RCVD_IN_VALIDITY_CERTIFIED 1 1.20 6.67 0.00 58 XMSexyCombo_05 1 2.41 6.67 1.47 59 XM_OfRef6 1 1.20 6.67 0.00 60 TO_EQ_FM_DOM_HTML_ONLY 1 1.20 6.67 0.00 61 NOT_SPAM 1 1.20 6.67 0.00 62 XMSubNoVowel 1 1.20 6.67 0.00 63 UNPARSEABLE_RELAY 1 4.82 6.67 4.41 64 TR_Symld_Words 1 2.41 6.67 1.47 65 MIME_HTML_MOSTLY 1 9.64 6.67 10.29 66 GOOG_REDIR_HTML_ONLY 1 1.20 6.67 0.00 67 BOUNCE_MESSAGE 1 3.61 6.67 2.94 68 RCVD_IN_SORBS_DUL 1 1.20 6.67 0.00 69 OBFU_TEXT_ATTACH 1 1.20 6.67 0.00 70 T_TM2_M_HEADER_IN_MSG 1 28.92 6.67 33.82 71 XMHTML_After_End 1 1.20 6.67 0.00 72 XM_SPF_SoftFail 1 1.20 6.67 0.00 73 DKIM_ADSP_NXDOMAIN 1 1.20 6.67 0.00 74 XM_CamelCaseFrm001 1 3.61 6.67 2.94 75 BAYES_999 1 1.20 6.67 0.00 76 RELAYCOUNTRY_CN 1 1.20 6.67 0.00 77 XMFunnyHTTP 1 1.20 6.67 0.00 78 PDS_RDNS_DYNAMIC_FP 1 1.20 6.67 0.00 79 RELAYCOUNTRY_GR 1 1.20 6.67 0.00 80 XMSubMetaSx_00 1 2.41 6.67 1.47 81 BAYES_80 1 4.82 6.67 4.41 82 TR_DCC_Bayes_99 1 1.20 6.67 0.00 83 URIBL_DBL_SPAM 1 1.20 6.67 0.00 84 RCVD_IN_VALIDITY_RPBL 1 1.20 6.67 0.00 85 TR_XM_SPAMCOP 1 1.20 6.67 0.00 86 XM_H_PHPOS 1 1.20 6.67 0.00 87 RDNS_DYNAMIC 1 1.20 6.67 0.00 88 TR_XM_FormFill2 1 1.20 6.67 0.00 89 RELAYCOUNTRY_CA 1 1.20 6.67 0.00 90 URI_HEX 1 1.20 6.67 0.00 91 XMSubMetaSxObfu_03 1 2.41 6.67 1.47 92 TR_XM_PHPForged 1 1.20 6.67 0.00 93 XM_Body_Dirty_Words 1 22.89 6.67 26.47 94 HTML_IMAGE_RATIO_06 1 3.61 6.67 2.94 95 XM_H_TOP 1 1.20 6.67 0.00 96 RCVD_IN_MSPIKE_H3 1 26.51 6.67 30.88 97 TooManyTo_003 1 1.20 6.67 0.00 98 DKIM_VALID_EF 1 43.37 6.67 51.47 99 XMPhish08 1 1.20 6.67 0.00 100 TR_XM_PHPDW 1 2.41 6.67 1.47 101 RCVD_IN_RP_RNBL 1 1.20 6.67 0.00 102 T_FILL_THIS_FORM_SHORT 1 1.20 6.67 0.00 103 UNTRUSTED_Relay 1 2.41 6.67 1.47 104 TR_XM_InvalidRelay 1 1.20 6.67 0.00 105 DATE_IN_PAST_03_06 1 1.20 6.67 0.00 106 RCVD_IN_MSPIKE_L5 1 1.20 6.67 0.00 107 TooManyTo_002 1 1.20 6.67 0.00 108 TR_XM_SpammyWords2 1 1.20 6.67 0.00 109 TR_XM_DK_Unsub 1 14.46 6.67 16.18 110 MIME_CHARSET_FARAWAY 1 1.20 6.67 0.00 111 TR_XM_MSPIKECOMBO 1 1.20 6.67 0.00 112 T_TooManySym_02 1 10.84 6.67 11.76 113 ANY_BOUNCE_MESSAGE 1 3.61 6.67 2.94 114 RCVD_IN_MSPIKE_WL 1 38.55 6.67 45.59 115 KHOP_HELO_FCRDNS 1 2.41 6.67 1.47 116 FROM_GOV_SPOOF 1 1.20 6.67 0.00 117 T_TooManySym_01 1 12.05 6.67 13.24 118 RCVD_IN_MSPIKE_BL 1 1.20 6.67 0.00 119 DEAR_SOMETHING 1 1.20 6.67 0.00 120 BAYES_60 1 6.02 6.67 5.88 121 XM_UB50 1 2.41 6.67 1.47 122 XM_DIRTYINTL 1 2.41 6.67 1.47 123 TR_Mismatch_TLD_02 1 1.20 6.67 0.00 124 RELAYCOUNTRY_CL 1 1.20 6.67 0.00 125 XM_B_SpammyTLD 1 2.41 6.67 1.47 126 CHARSET_FARAWAY_HEADER 1 1.20 6.67 0.00 127 DATE_IN_PAST_12_24 1 1.20 6.67 0.00 128 XMBrknScrpt_02 1 1.20 6.67 0.00 129 RCVD_IN_PSBL 1 1.20 6.67 0.00 130 BAYES_95 1 1.20 6.67 0.00 131 URI_NO_WWW_INFO_CGI 1 1.20 6.67 0.00 132 XMSubLongNoVowel 1 1.20 6.67 0.00 133 RCVD_IN_VALIDITY_SAFE 1 1.20 6.67 0.00 134 TooManyTo_004 1 1.20 6.67 0.00 135 NORDNS_LOW_CONTRAST 1 1.20 6.67 0.00 136 URI_OPTOUT_3LD 1 1.20 6.67 0.00 137 XMPhish30 1 1.20 6.67 0.00 138 XM_H_Long_From01 1 3.61 6.67 2.94 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 61 89.16 86.67 89.71 2 HTML_MESSAGE 56 81.93 80.00 82.35 3 RELAYCOUNTRY_US 54 80.72 86.67 79.41 4 DKIM_SIGNED 51 73.49 66.67 75.00 5 XM_DK_Pass 48 68.67 60.00 70.59 6 BAYES_50 48 68.67 60.00 70.59 7 DKIM_VALID 47 66.27 53.33 69.12 8 XM_B_Unicode 44 61.45 46.67 64.71 9 DKIM_VALID_AU 42 56.63 33.33 61.76 10 DKIM_VALID_EF 35 43.37 6.67 51.47 11 RCVD_IN_MSPIKE_WL 31 38.55 6.67 45.59 12 XM_B_Unicode3 26 38.55 40.00 38.24 13 T_TM2_M_HEADER_IN_MSG 23 28.92 6.67 33.82 14 XMSubLong 21 27.71 13.33 30.88 15 RCVD_IN_MSPIKE_H3 21 26.51 6.67 30.88 16 XMListUnsubscribeExists 20 34.94 60.00 29.41 17 XM_Body_Dirty_Words 18 22.89 6.67 26.47 18 XM_B_SpammyWords 17 27.71 40.00 25.00 19 LOC_TINY_FONT_1 16 22.89 20.00 23.53 20 FVGT_m_MULTI_ODD 15 24.10 33.33 22.06 21 HTML_FONT_LOW_CONTRAST 14 22.89 33.33 20.59 22 XM_Multi_Part_URI 13 15.66 0.00 19.12 23 RCVD_IN_MSPIKE_H2 12 19.28 26.67 17.65 24 XM_DKIMWhitelistDomains 11 13.25 0.00 16.18 25 ALL_TRUSTED 11 13.25 0.00 16.18 26 TR_XM_DK_Unsub 11 14.46 6.67 16.18 27 LotsOfNums_01 10 12.05 0.00 14.71 28 MIME_HTML_ONLY 10 20.48 46.67 14.71 29 HTML_IMAGE_RATIO_04 9 10.84 0.00 13.24 30 T_KAM_HTML_FONT_INVALID 9 13.25 13.33 13.24 31 T_TooManySym_01 9 12.05 6.67 13.24 32 HTML_IMAGE_RATIO_02 8 9.64 0.00 11.76 33 XM_B_SpammyWords2 8 15.66 33.33 11.76 34 T_TooManySym_02 8 10.84 6.67 11.76 35 MIME_HTML_MOSTLY 7 9.64 6.67 10.29 36 RCVD_IN_MSPIKE_H4 7 8.43 0.00 10.29 37 XM_PDF 7 8.43 0.00 10.29 38 DCC_CHECK 7 10.84 13.33 10.29 39 XM_B_Unsub 7 8.43 0.00 10.29 40 BOTNET_IPINHOSTNAME 7 12.05 20.00 10.29 41 TR_XM_BayesUnsub 7 8.43 0.00 10.29 42 BAYES_20 5 6.02 0.00 7.35 43 LOTS_OF_MONEY 5 6.02 0.00 7.35 44 USER_IN_DEF_DKIM_WL 4 4.82 0.00 5.88 45 XM_Evil_Numbers_Gen 4 7.23 13.33 5.88 46 TR_XM_SpammyWords4 4 4.82 0.00 5.88 47 BAYES_00 4 4.82 0.00 5.88 48 DKIM_INVALID 4 7.23 13.33 5.88 49 XMNumbers 4 4.82 0.00 5.88 50 BAYES_60 4 6.02 6.67 5.88 51 XM_UncommonTLD01 4 10.84 33.33 5.88 52 RCVD_IN_MSPIKE_H5 3 3.61 0.00 4.41 53 UNPARSEABLE_RELAY 3 4.82 6.67 4.41 54 TooManyTo_001 3 6.02 13.33 4.41 55 XMStrtUSub 3 3.61 0.00 4.41 56 BAYES_80 3 4.82 6.67 4.41 57 RELAYCOUNTRY_META 3 10.84 40.00 4.41 58 IN_ZIMBRA_NJ_WHITELIST 3 3.61 0.00 4.41 59 TVD_SPACE_RATIO 3 3.61 0.00 4.41 60 XMSubPhish11 2 2.41 0.00 2.94 61 TO_MALFORMED 2 2.41 0.00 2.94 62 TR_XM_SpammyRelay 2 4.82 13.33 2.94 63 TM2_M_VERY_LONG_WORD 2 4.82 13.33 2.94 64 MIME_HTML_ONLY_MULTI 2 4.82 13.33 2.94 65 BOUNCE_MESSAGE 2 3.61 6.67 2.94 66 XM_B_Phish_Phrases 2 2.41 0.00 2.94 67 HTML_IMAGE_RATIO_06 2 3.61 6.67 2.94 68 RCVD_IN_IADB_SPF 2 2.41 0.00 2.94 69 MPART_ALT_DIFF 2 4.82 13.33 2.94 70 BAYES_40 2 2.41 0.00 2.94 71 XM_CamelCaseFrm001 2 3.61 6.67 2.94 72 HTML_FONT_FACE_BAD 2 2.41 0.00 2.94 73 BAYES_05 2 2.41 0.00 2.94 74 ANY_BOUNCE_MESSAGE 2 3.61 6.67 2.94 75 TM2_M_HAS_BSLASH_URI 2 2.41 0.00 2.94 76 TR_XM_SpoofPhishAttach 2 2.41 0.00 2.94 77 XMGappySubj_01 2 2.41 0.00 2.94 78 TO_EQ_FM_DOM_HTML_IMG 2 2.41 0.00 2.94 79 INVALID_MSGID 2 2.41 0.00 2.94 80 RCVD_IN_IADB_VOUCHED 2 2.41 0.00 2.94 81 TR_XM_DK_Bayes1 2 2.41 0.00 2.94 82 TR_XM_SB_Phish 2 2.41 0.00 2.94 83 XM_SendGrid 2 2.41 0.00 2.94 84 T_TooManySym_03 2 2.41 0.00 2.94 85 RCVD_IN_IADB_LISTED 2 2.41 0.00 2.94 86 RCVD_IN_IADB_SENDERID 2 2.41 0.00 2.94 87 XM_H_Trusted_IP 2 2.41 0.00 2.94 88 XM_H_Long_From01 2 3.61 6.67 2.94 89 FVGT_m_MULTI_ODD_EMAIL 2 2.41 0.00 2.94 90 FROM_EXCESS_BASE64 2 2.41 0.00 2.94 91 TR_XM_DK_Bayes 2 2.41 0.00 2.94 92 MSGID_NOFQDN1 2 2.41 0.00 2.94 93 HELO_NODOT 1 1.20 0.00 1.47 94 T_XMDrugObfuBody_14 1 1.20 0.00 1.47 95 XMLngstWrd_00 1 3.61 13.33 1.47 96 FILL_THIS_FORM 1 1.20 0.00 1.47 97 TR_Symld_Words 1 2.41 6.67 1.47 98 XMGenDplmaNmb 1 1.20 0.00 1.47 99 TO_NO_BRKTS_HTML_ONLY 1 1.20 0.00 1.47 100 XMDiploma_00 1 1.20 0.00 1.47 101 TR_MetaPhish_Combo_01 1 1.20 0.00 1.47 102 HTML_IMAGE_RATIO_08 1 1.20 0.00 1.47 103 XMSexyCombo_05 1 2.41 6.67 1.47 104 XM_ProductURIs 1 1.20 0.00 1.47 105 TR_MSPIKEBAYES00 1 1.20 0.00 1.47 106 TR_XM_PhishingBody 1 3.61 13.33 1.47 107 XMSubMetaSxObfu_03 1 2.41 6.67 1.47 108 AC_FROM_MANY_DOTS 1 1.20 0.00 1.47 109 XMSubject_78 1 1.20 0.00 1.47 110 SUBJ_ALL_CAPS 1 1.20 0.00 1.47 111 HTML_MIME_NO_HTML_TAG 1 4.82 20.00 1.47 112 TR_XM_RelayPhish 1 1.20 0.00 1.47 113 IN_HORDE_ADDRESS_BOOK 1 1.20 0.00 1.47 114 XM_B_Phish66 1 1.20 0.00 1.47 115 XMSubMetaSx_00 1 2.41 6.67 1.47 116 SpammyFromTLD_02 1 3.61 13.33 1.47 117 XM_ZIP 1 1.20 0.00 1.47 118 MAILING_LIST_MULTI 1 1.20 0.00 1.47 119 HTML_IMAGE_ONLY_32 1 1.20 0.00 1.47 120 RELAYCOUNTRY_GB 1 1.20 0.00 1.47 121 TR_XM_PHPDW 1 2.41 6.67 1.47 122 MPART_ALT_DIFF_COUNT 1 1.20 0.00 1.47 123 UNTRUSTED_Relay 1 2.41 6.67 1.47 124 RELAYCOUNTRY_FR 1 1.20 0.00 1.47 125 MIME_QP_LONG_LINE 1 1.20 0.00 1.47 126 XM_URI_RBL 1 1.20 0.00 1.47 127 NORMAL_HTTP_TO_IP 1 1.20 0.00 1.47 128 T_REMOTE_IMAGE 1 1.20 0.00 1.47 129 NUMERIC_HTTP_ADDR 1 1.20 0.00 1.47 130 TR_XM_DK_Bayes2 1 1.20 0.00 1.47 131 TR_MetaPhish_Combo_01b 1 1.20 0.00 1.47 132 XM_Body_Obfu01 1 1.20 0.00 1.47 133 TR_Mismatch_TLD_01 1 1.20 0.00 1.47 134 FSL_BULK_SIG 1 1.20 0.00 1.47 135 XM_B_SpammyTLD 1 2.41 6.67 1.47 136 GMD_PDF_HORIZ 1 1.20 0.00 1.47 137 T_XMDrugObfuBody_00 1 1.20 0.00 1.47 138 KHOP_HELO_FCRDNS 1 2.41 6.67 1.47 139 RELAYCOUNTRY_AU 1 3.61 13.33 1.47 140 XM_DIRTYINTL 1 2.41 6.67 1.47 141 XM_UB50 1 2.41 6.67 1.47 142 HELO_NO_DOMAIN 1 1.20 0.00 1.47 143 XM_H_PHPMailer 1 1.20 0.00 1.47 144 XM_B_SpammyWords3 1 3.61 13.33 1.47 ----------------------------------------------------------------------