Email: 118 Autolearn: 0 AvgScore: 3.64 AvgScanTime: 3.72 sec Spam: 29 Autolearn: 0 AvgScore: 13.10 AvgScanTime: 4.38 sec Ham: 89 Autolearn: 0 AvgScore: 0.56 AvgScanTime: 3.51 sec Time Spent Running SA: 0.12 hours Time Spent Processing Spam: 0.04 hours Time Spent Processing Ham: 0.09 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 HTML_MESSAGE 25 64.41 86.21 57.30 2 DKIM_SIGNED 23 58.47 79.31 51.69 3 DKIM_VALID 23 55.93 79.31 48.31 4 XM_DK_Pass 23 55.93 79.31 48.31 5 RELAYCOUNTRY_US 23 64.41 79.31 59.55 6 DCC_CHECK_NEGATIVE 20 85.59 68.97 91.01 7 DKIM_VALID_AU 20 46.61 68.97 39.33 8 BAYES_50 20 65.25 68.97 64.04 9 XM_B_SpammyWords 17 39.83 58.62 33.71 10 XMListUnsubscribeExists 16 38.14 55.17 32.58 11 XM_B_Unicode 16 51.69 55.17 50.56 12 RCVD_IN_MSPIKE_H2 15 33.05 51.72 26.97 13 FVGT_m_MULTI_ODD 12 27.12 41.38 22.47 14 DCC_CHECK 9 14.41 31.03 8.99 15 XM_DK_Undo_02 9 10.17 31.03 3.37 16 BAYES_99 8 11.02 27.59 5.62 17 XM_B_SpammyWords2 8 14.41 27.59 10.11 18 LOC_TINY_FONT_1 7 18.64 24.14 16.85 19 TR_XM_DKIM_Undo 7 7.63 24.14 2.25 20 MIME_HTML_ONLY 7 14.41 24.14 11.24 21 XM_B_Unicode3 7 27.12 24.14 28.09 22 HTML_FONT_LOW_CONTRAST 7 26.27 24.14 26.97 23 XMSubLong 6 21.19 20.69 21.35 24 XM_Body_Dirty_Words 6 13.56 20.69 11.24 25 TR_XM_BayesUnsub 6 9.32 20.69 5.62 26 XM_UncommonTLD01 6 11.02 20.69 7.87 27 XM_B_Unsub 6 9.32 20.69 5.62 28 MPART_ALT_DIFF 6 5.93 20.69 1.12 29 HTML_MIME_NO_HTML_TAG 6 5.93 20.69 1.12 30 BOTNET_IPINHOSTNAME 6 8.47 20.69 4.49 31 XMLngstWrd_01 5 5.08 17.24 1.12 32 BOTNET 5 4.24 17.24 0.00 33 UNPARSEABLE_RELAY 5 7.63 17.24 4.49 34 XM_GoogleGroups 5 5.08 17.24 1.12 35 UPPERCASE_75_100 5 5.08 17.24 1.12 36 T_KAM_HTML_FONT_INVALID 5 15.25 17.24 14.61 37 XMLngstWrd_03 5 5.08 17.24 1.12 38 RCVD_IN_MSPIKE_WL 5 13.56 17.24 12.36 39 BAYES_999 5 5.93 17.24 2.25 40 XMLngstWrd_02 5 5.08 17.24 1.12 41 RCVD_IN_MSPIKE_H3 5 13.56 17.24 12.36 42 XMLngstWrd_04 5 5.08 17.24 1.12 43 XMLngstWrd_00 5 5.93 17.24 2.25 44 RELAYCOUNTRY_META 5 6.78 17.24 3.37 45 MIME_HTML_ONLY_MULTI 5 5.08 17.24 1.12 46 HTML_TITLE_SUBJ_DIFF 5 5.08 17.24 1.12 47 TM2_M_VERY_LONG_WORD 5 5.93 17.24 2.25 48 DKIM_VALID_EF 5 28.81 17.24 32.58 49 XM_Multi_Part_URI 5 13.56 17.24 12.36 50 XM_H_Long_From01 4 5.93 13.79 3.37 51 T_TM2_M_HEADER_IN_MSG 4 18.64 13.79 20.22 52 TR_DCC_Bayes_99 4 5.08 13.79 2.25 53 UNTRUSTED_Relay 4 5.08 13.79 2.25 54 XMSexyCombo_05 4 4.24 13.79 1.12 55 SpammyFromTLD_02 4 3.39 13.79 0.00 56 TR_XM_NoHeaderRelay 3 2.54 10.34 0.00 57 T_TooManySym_01 3 18.64 10.34 21.35 58 XM_B_SpammyWords3 3 7.63 10.34 6.74 59 TR_XM_SpammyRelay 3 4.24 10.34 2.25 60 XM_UB50 3 2.54 10.34 0.00 61 XM_H_PHPMailer 2 6.78 6.90 6.74 62 BOTNET_NORDNS 2 1.69 6.90 0.00 63 SHORT_URI_3 2 1.69 6.90 0.00 64 T_XMDrugObfuBody_14 2 2.54 6.90 1.12 65 XM_Evil_Numbers_Gen 2 4.24 6.90 3.37 66 XMStrtUSub 2 3.39 6.90 2.25 67 XMMoneyMeta_00 2 1.69 6.90 0.00 68 HELO_NODOT 2 1.69 6.90 0.00 69 XM_B_Phish_Phrases 2 1.69 6.90 0.00 70 KHOP_HELO_FCRDNS 2 1.69 6.90 0.00 71 TR_Mismatch_TLD_01 2 1.69 6.90 0.00 72 TR_XM_UnparsRelay 2 3.39 6.90 2.25 73 FSL_HELO_NON_FQDN_1 2 1.69 6.90 0.00 74 RCVD_IN_BL_SPAMCOP_NET 2 1.69 6.90 0.00 75 DRUGS_ERECTILE 2 1.69 6.90 0.00 76 XMStockSpam_06 2 2.54 6.90 1.12 77 TooManyTo_002 1 5.08 3.45 5.62 78 XMDiploma_00 1 0.85 3.45 0.00 79 TR_XM_SPAMCOP 1 0.85 3.45 0.00 80 RELAYCOUNTRY_RU 1 0.85 3.45 0.00 81 TooManyTo_004 1 3.39 3.45 3.37 82 XMBody_17 1 0.85 3.45 0.00 83 URI_NOVOWEL 1 0.85 3.45 0.00 84 XM_B_SpammyTLD 1 2.54 3.45 2.25 85 TO_NO_BRKTS_DYNIP 1 0.85 3.45 0.00 86 DATE_IN_FUTURE_06_12 1 0.85 3.45 0.00 87 HTML_IMAGE_RATIO_04 1 4.24 3.45 4.49 88 RCVD_IN_VALIDITY_RPBL 1 1.69 3.45 1.12 89 RELAYCOUNTRY_CH 1 0.85 3.45 0.00 90 IMPOTENCE 1 0.85 3.45 0.00 91 HELO_NO_DOMAIN 1 0.85 3.45 0.00 92 RCVD_IN_PSBL 1 0.85 3.45 0.00 93 RELAYCOUNTRY_FR 1 0.85 3.45 0.00 94 XM_H_PHPOS_M 1 0.85 3.45 0.00 95 MIME_HTML_MOSTLY 1 2.54 3.45 2.25 96 TR_XM_PHPDW 1 0.85 3.45 0.00 97 XM_URI_RBL 1 0.85 3.45 0.00 98 HDRS_MISSP 1 0.85 3.45 0.00 99 XM_Combo_Sbj 1 0.85 3.45 0.00 100 TM2_M_A_HREF_HREF 1 0.85 3.45 0.00 101 TR_XM_PhishingBody 1 0.85 3.45 0.00 102 BODY_ENHANCEMENT 1 0.85 3.45 0.00 103 SHORTENED_URL_HREF 1 0.85 3.45 0.00 104 XMGenDplmaNmb 1 0.85 3.45 0.00 105 PDS_RDNS_DYNAMIC_FP 1 0.85 3.45 0.00 106 RCVD_IN_IADB_LISTED 1 0.85 3.45 0.00 107 XM_ProductURIs 1 2.54 3.45 2.25 108 URIBL_BLACK 1 0.85 3.45 0.00 109 XMPhish08 1 0.85 3.45 0.00 110 TR_XM_SpammyWords4 1 0.85 3.45 0.00 111 XM_UB999 1 0.85 3.45 0.00 112 T_TooManySym_02 1 16.10 3.45 20.22 113 TR_XM_PHPForged 1 0.85 3.45 0.00 114 RCVD_IN_IADB_DK 1 0.85 3.45 0.00 115 HELO_LOCALHOST 1 0.85 3.45 0.00 116 HTML_IMAGE_RATIO_02 1 2.54 3.45 2.25 117 HTML_IMAGE_RATIO_06 1 1.69 3.45 1.12 118 REPLYTO_WITHOUT_TO_CC 1 0.85 3.45 0.00 119 FROM_SUSPICIOUS_NTLD_FP 1 0.85 3.45 0.00 120 SHOPIFY_IMG_NOT_RCVD_SFY 1 0.85 3.45 0.00 121 XMMoneyMeta_01 1 0.85 3.45 0.00 122 ALL_TRUSTED 1 27.97 3.45 35.96 123 LOTS_OF_MONEY 1 0.85 3.45 0.00 124 MISSING_HEADERS 1 0.85 3.45 0.00 125 T_REMOTE_IMAGE 1 0.85 3.45 0.00 126 RCVD_IN_IADB_OPTIN 1 0.85 3.45 0.00 127 TR_XM_SEO4 1 0.85 3.45 0.00 128 TR_XM_DK_Unsub 1 14.41 3.45 17.98 129 DEAR_FRIEND 1 0.85 3.45 0.00 130 XM_H_PHPOS 1 0.85 3.45 0.00 131 XM_B_COVIDMETA 1 0.85 3.45 0.00 132 DATE_IN_PAST_24_48 1 0.85 3.45 0.00 133 RDNS_DYNAMIC 1 0.85 3.45 0.00 134 SUBJECT_DRUG_GAP_C 1 0.85 3.45 0.00 135 RELAYCOUNTRY_IE 1 0.85 3.45 0.00 136 TR_XM_RelayPhish 1 0.85 3.45 0.00 137 TooManyTo_001 1 8.47 3.45 10.11 138 RELAYCOUNTRY_GB 1 0.85 3.45 0.00 139 XM_SPF_SoftFail 1 1.69 3.45 1.12 140 RELAYCOUNTRY_ID 1 0.85 3.45 0.00 141 RCVD_IN_IADB_SPF 1 0.85 3.45 0.00 142 FSL_BULK_SIG 1 0.85 3.45 0.00 143 OBFU_TEXT_ATTACH 1 0.85 3.45 0.00 144 RELAYCOUNTRY_FI 1 0.85 3.45 0.00 145 FROM_GOV_SPOOF 1 1.69 3.45 1.12 146 FROM_SUSPICIOUS_NTLD 1 0.85 3.45 0.00 147 RCVD_IN_IADB_VOUCHED 1 0.85 3.45 0.00 148 XM_B_SEO 1 0.85 3.45 0.00 149 PDS_OTHER_BAD_TLD 1 0.85 3.45 0.00 150 TR_XM_SpammyWords2 1 0.85 3.45 0.00 151 XMCmmnCold 1 0.85 3.45 0.00 152 INVALID_MSGID 1 7.63 3.45 8.99 153 BAYES_80 1 2.54 3.45 2.25 154 XM_UB99 1 0.85 3.45 0.00 155 XM_DIRTYINTL 1 2.54 3.45 2.25 156 TR_XM_FormFill2 1 0.85 3.45 0.00 157 NOT_SPAM 1 0.85 3.45 0.00 158 XM_SendGrid 1 3.39 3.45 3.37 159 XMSubMetaD_00 1 0.85 3.45 0.00 160 TooManyTo_003 1 4.24 3.45 4.49 161 XMSubMetaSx_00 1 1.69 3.45 1.12 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 81 85.59 68.97 91.01 2 BAYES_50 57 65.25 68.97 64.04 3 RELAYCOUNTRY_US 53 64.41 79.31 59.55 4 HTML_MESSAGE 51 64.41 86.21 57.30 5 DKIM_SIGNED 46 58.47 79.31 51.69 6 XM_B_Unicode 45 51.69 55.17 50.56 7 XM_DK_Pass 43 55.93 79.31 48.31 8 DKIM_VALID 43 55.93 79.31 48.31 9 DKIM_VALID_AU 35 46.61 68.97 39.33 10 ALL_TRUSTED 32 27.97 3.45 35.96 11 XM_B_SpammyWords 30 39.83 58.62 33.71 12 DKIM_VALID_EF 29 28.81 17.24 32.58 13 XMListUnsubscribeExists 29 38.14 55.17 32.58 14 XM_B_Unicode3 25 27.12 24.14 28.09 15 HTML_FONT_LOW_CONTRAST 24 26.27 24.14 26.97 16 RCVD_IN_MSPIKE_H2 24 33.05 51.72 26.97 17 FVGT_m_MULTI_ODD 20 27.12 41.38 22.47 18 T_TooManySym_01 19 18.64 10.34 21.35 19 XMSubLong 19 21.19 20.69 21.35 20 T_TooManySym_02 18 16.10 3.45 20.22 21 T_TM2_M_HEADER_IN_MSG 18 18.64 13.79 20.22 22 TR_XM_DK_Unsub 16 14.41 3.45 17.98 23 LOC_TINY_FONT_1 15 18.64 24.14 16.85 24 BAYES_60 13 11.02 0.00 14.61 25 T_KAM_HTML_FONT_INVALID 13 15.25 17.24 14.61 26 XM_Multi_Part_URI 11 13.56 17.24 12.36 27 RCVD_IN_MSPIKE_H3 11 13.56 17.24 12.36 28 RCVD_IN_MSPIKE_WL 11 13.56 17.24 12.36 29 MIME_HTML_ONLY 10 14.41 24.14 11.24 30 XM_Body_Dirty_Words 10 13.56 20.69 11.24 31 TooManyTo_001 9 8.47 3.45 10.11 32 XM_B_SpammyWords2 9 14.41 27.59 10.11 33 INVALID_MSGID 8 7.63 3.45 8.99 34 TO_MALFORMED 8 6.78 0.00 8.99 35 XMNumbers 8 6.78 0.00 8.99 36 DCC_CHECK 8 14.41 31.03 8.99 37 BAYES_00 7 5.93 0.00 7.87 38 XM_UncommonTLD01 7 11.02 20.69 7.87 39 MSGID_NOFQDN1 6 5.08 0.00 6.74 40 XM_B_SpammyWords3 6 7.63 10.34 6.74 41 SHORT_SHORTNER 6 5.08 0.00 6.74 42 XM_DKIMWhitelistDomains 6 5.08 0.00 6.74 43 XM_H_PHPMailer 6 6.78 6.90 6.74 44 LotsOfNums_01 5 4.24 0.00 5.62 45 XM_B_Unsub 5 9.32 20.69 5.62 46 TR_XM_BayesUnsub 5 9.32 20.69 5.62 47 TooManyTo_002 5 5.08 3.45 5.62 48 TVD_SPACE_RATIO 5 4.24 0.00 5.62 49 BAYES_99 5 11.02 27.59 5.62 50 TooManyTo_003 4 4.24 3.45 4.49 51 T_TooManySym_03 4 3.39 0.00 4.49 52 BOTNET_IPINHOSTNAME 4 8.47 20.69 4.49 53 BOUNCE_MESSAGE 4 3.39 0.00 4.49 54 IN_ZIMBRA_NJ_WHITELIST 4 3.39 0.00 4.49 55 UNPARSEABLE_RELAY 4 7.63 17.24 4.49 56 ANY_BOUNCE_MESSAGE 4 3.39 0.00 4.49 57 HTML_IMAGE_RATIO_04 4 4.24 3.45 4.49 58 FROM_EXCESS_BASE64 3 2.54 0.00 3.37 59 XM_SendGrid 3 3.39 3.45 3.37 60 RELAYCOUNTRY_META 3 6.78 17.24 3.37 61 NO_DNS_FOR_FROM 3 2.54 0.00 3.37 62 XM_DK_Undo_02 3 10.17 31.03 3.37 63 XM_Evil_Numbers_Gen 3 4.24 6.90 3.37 64 IN_HORDE_ADDRESS_BOOK 3 2.54 0.00 3.37 65 XMGappySubj_01 3 2.54 0.00 3.37 66 XMNoVowels 3 2.54 0.00 3.37 67 DKIM_INVALID 3 2.54 0.00 3.37 68 TooManyTo_004 3 3.39 3.45 3.37 69 XM_H_Long_From01 3 5.93 13.79 3.37 70 BAYES_80 2 2.54 3.45 2.25 71 DKIM_ADSP_NXDOMAIN 2 1.69 0.00 2.25 72 MIME_QP_LONG_LINE 2 1.69 0.00 2.25 73 XM_CamelCaseFrm001 2 1.69 0.00 2.25 74 XM_ZIP 2 1.69 0.00 2.25 75 TR_XM_DK_Bayes 2 1.69 0.00 2.25 76 XM_DIRTYINTL 2 2.54 3.45 2.25 77 TR_XM_DK_Bayes1 2 1.69 0.00 2.25 78 TR_XM_UnparsRelay 2 3.39 6.90 2.25 79 XMSubject_78 2 1.69 0.00 2.25 80 USER_IN_DEF_DKIM_WL 2 1.69 0.00 2.25 81 TR_XM_SpammyRelay 2 4.24 10.34 2.25 82 TM2_M_VERY_LONG_WORD 2 5.93 17.24 2.25 83 TVD_RCVD_IP 2 1.69 0.00 2.25 84 XMLngstWrd_00 2 5.93 17.24 2.25 85 TR_Symld_Words 2 1.69 0.00 2.25 86 SHORT_URI_2 2 1.69 0.00 2.25 87 TR_XM_DKIM_Undo 2 7.63 24.14 2.25 88 FVGT_m_MULTI_ODD_EMAIL 2 1.69 0.00 2.25 89 UNTRUSTED_Relay 2 5.08 13.79 2.25 90 HTML_IMAGE_RATIO_02 2 2.54 3.45 2.25 91 BAYES_999 2 5.93 17.24 2.25 92 BAYES_20 2 1.69 0.00 2.25 93 XMStrtUSub 2 3.39 6.90 2.25 94 TooManyTo_005 2 1.69 0.00 2.25 95 TR_DCC_Bayes_99 2 5.08 13.79 2.25 96 XM_ProductURIs 2 2.54 3.45 2.25 97 WEIRD_PORT 2 1.69 0.00 2.25 98 HTML_IMAGE_RATIO_08 2 1.69 0.00 2.25 99 MIME_HTML_MOSTLY 2 2.54 3.45 2.25 100 XM_B_SpammyTLD 2 2.54 3.45 2.25 101 TR_XM_DK_Bayes2 2 1.69 0.00 2.25 102 XMSubMetaD_03 2 1.69 0.00 2.25 103 TM2_M_URI_OPT_OUT 1 0.85 0.00 1.12 104 XMStockSpam_06 1 2.54 6.90 1.12 105 XMSubMetaSx_00 1 1.69 3.45 1.12 106 XMBSHREFv2 1 0.85 0.00 1.12 107 CTE_8BIT_MISMATCH 1 0.85 0.00 1.12 108 FROM_GOV_SPOOF 1 1.69 3.45 1.12 109 HTML_IMAGE_ONLY_24 1 0.85 0.00 1.12 110 XMSubject_40 1 0.85 0.00 1.12 111 MIME_HTML_ONLY_MULTI 1 5.08 17.24 1.12 112 XM_B_Unsub2 1 0.85 0.00 1.12 113 HTML_TITLE_SUBJ_DIFF 1 5.08 17.24 1.12 114 RELAYCOUNTRY_DE 1 0.85 0.00 1.12 115 MAILING_LIST_MULTI 1 0.85 0.00 1.12 116 XM_H_Long_From02 1 0.85 0.00 1.12 117 T_TooManySym_04 1 0.85 0.00 1.12 118 XMLngstWrd_04 1 5.08 17.24 1.12 119 XMLngstWrd_02 1 5.08 17.24 1.12 120 XMSexyCombo_05 1 4.24 13.79 1.12 121 XM_SPF_SoftFail 1 1.69 3.45 1.12 122 XM_Dr_From 1 0.85 0.00 1.12 123 TO_EQ_FM_DOM_HTML_ONLY 1 0.85 0.00 1.12 124 XM_Attn_01 1 0.85 0.00 1.12 125 XM_Body_Obfu01 1 0.85 0.00 1.12 126 XMGppyBdWords 1 0.85 0.00 1.12 127 HTML_MIME_NO_HTML_TAG 1 5.93 20.69 1.12 128 MPART_ALT_DIFF 1 5.93 20.69 1.12 129 BAYES_95 1 0.85 0.00 1.12 130 XMSubMetaSxObfu_03 1 0.85 0.00 1.12 131 HTML_IMAGE_RATIO_06 1 1.69 3.45 1.12 132 SpammyFromTLD_01 1 0.85 0.00 1.12 133 HTML_FONT_FACE_BAD 1 0.85 0.00 1.12 134 HTTPS_HTTP_MISMATCH 1 0.85 0.00 1.12 135 XMSolicitRefs_0 1 0.85 0.00 1.12 136 XMLngstWrd_03 1 5.08 17.24 1.12 137 BAYES_40 1 0.85 0.00 1.12 138 T_XMDrugObfuBody_14 1 2.54 6.90 1.12 139 NUMERIC_HTTP_ADDR 1 0.85 0.00 1.12 140 RELAYCOUNTRY_AU 1 0.85 0.00 1.12 141 XM_B_Investor 1 0.85 0.00 1.12 142 XM_GoogleGroups 1 5.08 17.24 1.12 143 TO_EQ_FM_DOM_HTML_IMG 1 0.85 0.00 1.12 144 MPART_ALT_DIFF_COUNT 1 0.85 0.00 1.12 145 UPPERCASE_75_100 1 5.08 17.24 1.12 146 XM_Sft_Ad_L33t 1 0.85 0.00 1.12 147 RELAYCOUNTRY_CA 1 0.85 0.00 1.12 148 RCVD_IN_VALIDITY_RPBL 1 1.69 3.45 1.12 149 XMLngstWrd_01 1 5.08 17.24 1.12 150 XM_S_SubURI 1 0.85 0.00 1.12 151 BAYES_05 1 0.85 0.00 1.12 ----------------------------------------------------------------------