Email: 147 Autolearn: 0 AvgScore: 3.91 AvgScanTime: 3.41 sec Spam: 28 Autolearn: 0 AvgScore: 13.25 AvgScanTime: 3.54 sec Ham: 119 Autolearn: 0 AvgScore: 1.71 AvgScanTime: 3.38 sec Time Spent Running SA: 0.14 hours Time Spent Processing Spam: 0.03 hours Time Spent Processing Ham: 0.11 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 HTML_MESSAGE 25 79.59 89.29 77.31 2 T_SCC_BODY_TEXT_LINE 24 81.63 85.71 80.67 3 RELAYCOUNTRY_US 22 65.31 78.57 62.18 4 DKIM_SIGNED 21 65.31 75.00 63.03 5 DKIM_VALID 21 59.18 75.00 55.46 6 XM_DK_Pass 21 62.59 75.00 59.66 7 DCC_CHECK_NEGATIVE 19 91.16 67.86 96.64 8 DKIM_VALID_AU 18 45.58 64.29 41.18 9 XM_B_Unicode 17 64.63 60.71 65.55 10 XMListUnsubscribeExists 17 41.50 60.71 36.97 11 XM_B_SpammyWords 16 50.34 57.14 48.74 12 BAYES_50 16 48.30 57.14 46.22 13 XM_B_Unicode3 16 42.86 57.14 39.50 14 MIME_HTML_ONLY 13 31.29 46.43 27.73 15 FVGT_m_MULTI_ODD 12 25.17 42.86 21.01 16 HTML_FONT_LOW_CONTRAST 11 37.41 39.29 36.97 17 MPART_ALT_DIFF 11 19.05 39.29 14.29 18 XMSubLong 10 42.86 35.71 44.54 19 XM_B_SpammyWords2 10 14.29 35.71 9.24 20 DCC_CHECK 9 8.84 32.14 3.36 21 TM2_M_URI_OPT_OUT 8 18.37 28.57 15.97 22 T_KAM_HTML_FONT_INVALID 8 29.93 28.57 30.25 23 XM_Body_Dirty_Words 8 21.09 28.57 19.33 24 HTML_MIME_NO_HTML_TAG 8 6.12 28.57 0.84 25 RELAYCOUNTRY_META 8 8.84 28.57 4.20 26 RCVD_IN_MSPIKE_H2 8 23.13 28.57 21.85 27 TM2_M_VERY_LONG_WORD 8 5.44 28.57 0.00 28 XMLngstWrd_00 7 4.76 25.00 0.00 29 XMSexyCombo_05 7 17.01 25.00 15.13 30 MIME_HTML_ONLY_MULTI 7 4.76 25.00 0.00 31 XMLngstWrd_02 7 4.76 25.00 0.00 32 XMLngstWrd_01 7 4.76 25.00 0.00 33 HTML_TITLE_SUBJ_DIFF 7 4.76 25.00 0.00 34 XMLngstWrd_03 7 4.76 25.00 0.00 35 XM_GoogleGroups 7 7.48 25.00 3.36 36 XMLngstWrd_04 7 4.76 25.00 0.00 37 UPPERCASE_75_100 7 4.76 25.00 0.00 38 RCVD_IN_MSPIKE_WL 7 19.73 25.00 18.49 39 LOC_TINY_FONT_1 7 17.01 25.00 15.13 40 RCVD_IN_MSPIKE_H3 6 17.01 21.43 15.97 41 T_TM2_M_HEADER_IN_MSG 6 28.57 21.43 30.25 42 XM_DK_Undo_02 6 9.52 21.43 6.72 43 XM_UncommonTLD01 5 6.80 17.86 4.20 44 XM_B_SpammyWords3 5 4.76 17.86 1.68 45 TR_XM_DKIM_Undo 5 4.76 17.86 1.68 46 XMSubMetaSx_00 4 4.08 14.29 1.68 47 TR_XM_SpammyWords5 4 2.72 14.29 0.00 48 T_TooManySym_01 4 25.17 14.29 27.73 49 BASE64_LENGTH_79_INF 4 14.29 14.29 14.29 50 DKIM_VALID_EF 4 25.17 14.29 27.73 51 BAYES_99 4 7.48 14.29 5.88 52 BOTNET 4 3.40 14.29 0.84 53 T_TooManySym_02 4 23.81 14.29 26.05 54 T_TooManySym_03 4 17.01 14.29 17.65 55 ALL_TRUSTED 4 28.57 14.29 31.93 56 TR_Symld_Words 4 15.65 14.29 15.97 57 BOUNCE_MESSAGE 3 5.44 10.71 4.20 58 BAYES_40 3 15.65 10.71 16.81 59 BAYES_999 3 6.12 10.71 5.04 60 XMSexyCombo_04 3 2.04 10.71 0.00 61 XM_B_Investor 3 2.04 10.71 0.00 62 TooManyTo_001 3 5.44 10.71 4.20 63 ANY_BOUNCE_MESSAGE 3 5.44 10.71 4.20 64 XMNumbers 3 4.76 10.71 3.36 65 XMSexyCombo_01 3 2.04 10.71 0.00 66 XM_Multi_Part_URI 3 12.93 10.71 13.45 67 RELAYCOUNTRY_CA 3 2.04 10.71 0.00 68 RCVD_IN_BL_SPAMCOP_NET 2 1.36 7.14 0.00 69 XMDiploma_00 2 3.40 7.14 2.52 70 TO_MALFORMED 2 5.44 7.14 5.04 71 XM_H_Long_From01 2 6.80 7.14 6.72 72 TR_XM_SpammyWords4 2 2.04 7.14 0.84 73 UNTRUSTED_Relay 2 4.76 7.14 4.20 74 XMStrtUSub 2 2.04 7.14 0.84 75 T_TooManySym_04 2 6.12 7.14 5.88 76 XM_B_Unsub 2 2.04 7.14 0.84 77 XM_DIRTYINTL 2 2.72 7.14 1.68 78 BOTNET_NORDNS 2 1.36 7.14 0.00 79 LOTS_OF_MONEY 2 3.40 7.14 2.52 80 SpammyFromTLD_02 2 2.04 7.14 0.84 81 HTML_IMAGE_RATIO_08 2 2.04 7.14 0.84 82 BAYES_95 2 3.40 7.14 2.52 83 SUBJ_DOLLARS 2 1.36 7.14 0.00 84 XM_Evil_Numbers_Gen 2 6.12 7.14 5.88 85 XMGenDplmaNmb 2 3.40 7.14 2.52 86 BOTNET_IPINHOSTNAME 2 7.48 7.14 7.56 87 XM_B_SpammyTLD 1 1.36 3.57 0.84 88 SHORT_URI 1 0.68 3.57 0.00 89 MIME_QP_LONG_LINE 1 2.04 3.57 1.68 90 TR_XM_SEO4 1 1.36 3.57 0.84 91 XM_H_PHPMailer 1 4.76 3.57 5.04 92 SUBJ_ALL_CAPS 1 0.68 3.57 0.00 93 TR_XM_SPAMCOP 1 0.68 3.57 0.00 94 XM_ShortIntro_01 1 2.04 3.57 1.68 95 TR_XM_MSPIKECOMBO2 1 0.68 3.57 0.00 96 UNPARSEABLE_RELAY 1 6.80 3.57 7.56 97 RCVD_IN_MSPIKE_BL 1 0.68 3.57 0.00 98 TR_XM_BayesUnsub 1 0.68 3.57 0.00 99 RCVD_IN_MSPIKE_H5 1 1.36 3.57 0.84 100 MONEY_NOHTML 1 0.68 3.57 0.00 101 XM_BadFromFormat 1 1.36 3.57 0.84 102 T_XMDrugObfuBody_14 1 2.04 3.57 1.68 103 URI_NOVOWEL 1 1.36 3.57 0.84 104 BAYES_60 1 7.48 3.57 8.40 105 TR_Mismatch_TLD_02 1 0.68 3.57 0.00 106 INVALID_MSGID 1 3.40 3.57 3.36 107 XM_B_DynamicLink 1 0.68 3.57 0.00 108 XMBrknScrpt_02 1 0.68 3.57 0.00 109 TR_MetaPhish_Combo_01 1 0.68 3.57 0.00 110 RELAYCOUNTRY_NG 1 0.68 3.57 0.00 111 FILL_THIS_FORM_LOAN 1 0.68 3.57 0.00 112 TR_XM_MaxSPIKE 1 0.68 3.57 0.00 113 LotsOfNums_01 1 5.44 3.57 5.88 114 XMReplyNow 1 0.68 3.57 0.00 115 MIME_HTML_MOSTLY 1 2.04 3.57 1.68 116 XMSubMetaSxObfu_01 1 0.68 3.57 0.00 117 XMkickup 1 0.68 3.57 0.00 118 TR_DCC_Bayes_99 1 0.68 3.57 0.00 119 XM_B_SEO 1 1.36 3.57 0.84 120 MSGID_NOFQDN1 1 3.40 3.57 3.36 121 XM_OfRef7 1 0.68 3.57 0.00 122 TR_XM_SpammyWords3 1 0.68 3.57 0.00 123 TR_XM_UnparsRelay 1 2.72 3.57 2.52 124 TR_XM_MSPIKECOMBO 1 0.68 3.57 0.00 125 TO_NO_BRKTS_HTML_ONLY 1 0.68 3.57 0.00 126 RELAYCOUNTRY_VN 1 0.68 3.57 0.00 127 RELAYCOUNTRY_TW 1 0.68 3.57 0.00 128 TR_XM_PhishingBody 1 2.72 3.57 2.52 129 XMPhish08 1 0.68 3.57 0.00 130 RELAYCOUNTRY_GB 1 0.68 3.57 0.00 131 FSL_BULK_SIG 1 0.68 3.57 0.00 132 URI_OPTOUT_3LD 1 0.68 3.57 0.00 133 URIBL_DBL_SPAM 1 0.68 3.57 0.00 134 XM_URI_RBL 1 0.68 3.57 0.00 135 MONEY_FORM 1 0.68 3.57 0.00 136 RELAYCOUNTRY_TR 1 0.68 3.57 0.00 137 LongTLD 1 0.68 3.57 0.00 138 XMCapTrack 1 0.68 3.57 0.00 139 RCVD_IN_RP_RNBL 1 0.68 3.57 0.00 140 XM_OfRef8 1 0.68 3.57 0.00 141 TR_XM_DK_Unsub 1 12.24 3.57 14.29 142 PLING_QUERY 1 0.68 3.57 0.00 143 TR_XM_NoHeaderRelay 1 0.68 3.57 0.00 144 SCC_BODY_URI_ONLY 1 4.76 3.57 5.04 145 XMSubMetaSSx_00 1 0.68 3.57 0.00 146 XM_NONUS_MSG 1 0.68 3.57 0.00 147 XM_B_SpammyWords4 1 0.68 3.57 0.00 148 ADVANCE_FEE_4_NEW_FRM_MNY 1 0.68 3.57 0.00 149 SpammyFromTLD_01 1 0.68 3.57 0.00 150 TR_XM_SpammyRelay 1 4.08 3.57 4.20 151 FROM_NO_USER 1 0.68 3.57 0.00 152 RCVD_IN_MSPIKE_L3 1 0.68 3.57 0.00 153 XM_E_VN 1 0.68 3.57 0.00 154 MIME_CHARSET_FARAWAY 1 1.36 3.57 0.84 155 XM_OfRef6 1 0.68 3.57 0.00 156 BAYES_20 1 4.76 3.57 5.04 157 HTML_IMAGE_RATIO_06 1 0.68 3.57 0.00 158 RELAYCOUNTRY_IE 1 2.72 3.57 2.52 159 TR_XM_PhishingBody2 1 0.68 3.57 0.00 160 MILLION_USD 1 0.68 3.57 0.00 161 BAYES_05 1 3.40 3.57 3.36 162 DEAR_BENEFICIARY 1 0.68 3.57 0.00 163 CHARSET_FARAWAY_HEADER 1 0.68 3.57 0.00 164 XM_HighProb1 1 0.68 3.57 0.00 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 115 91.16 67.86 96.64 2 T_SCC_BODY_TEXT_LINE 96 81.63 85.71 80.67 3 HTML_MESSAGE 92 79.59 89.29 77.31 4 XM_B_Unicode 78 64.63 60.71 65.55 5 DKIM_SIGNED 75 65.31 75.00 63.03 6 RELAYCOUNTRY_US 74 65.31 78.57 62.18 7 XM_DK_Pass 71 62.59 75.00 59.66 8 DKIM_VALID 66 59.18 75.00 55.46 9 XM_B_SpammyWords 58 50.34 57.14 48.74 10 BAYES_50 55 48.30 57.14 46.22 11 XMSubLong 53 42.86 35.71 44.54 12 DKIM_VALID_AU 49 45.58 64.29 41.18 13 XM_B_Unicode3 47 42.86 57.14 39.50 14 XMListUnsubscribeExists 44 41.50 60.71 36.97 15 HTML_FONT_LOW_CONTRAST 44 37.41 39.29 36.97 16 ALL_TRUSTED 38 28.57 14.29 31.93 17 T_KAM_HTML_FONT_INVALID 36 29.93 28.57 30.25 18 T_TM2_M_HEADER_IN_MSG 36 28.57 21.43 30.25 19 DKIM_VALID_EF 33 25.17 14.29 27.73 20 MIME_HTML_ONLY 33 31.29 46.43 27.73 21 T_TooManySym_01 33 25.17 14.29 27.73 22 T_TooManySym_02 31 23.81 14.29 26.05 23 RCVD_IN_MSPIKE_H2 26 23.13 28.57 21.85 24 FVGT_m_MULTI_ODD 25 25.17 42.86 21.01 25 XM_Body_Dirty_Words 23 21.09 28.57 19.33 26 RCVD_IN_MSPIKE_WL 22 19.73 25.00 18.49 27 T_TooManySym_03 21 17.01 14.29 17.65 28 BAYES_40 20 15.65 10.71 16.81 29 TR_Symld_Words 19 15.65 14.29 15.97 30 TM2_M_URI_OPT_OUT 19 18.37 28.57 15.97 31 RCVD_IN_MSPIKE_H3 19 17.01 21.43 15.97 32 LOC_TINY_FONT_1 18 17.01 25.00 15.13 33 XMSexyCombo_05 18 17.01 25.00 15.13 34 MPART_ALT_DIFF 17 19.05 39.29 14.29 35 TR_XM_DK_Unsub 17 12.24 3.57 14.29 36 BASE64_LENGTH_79_INF 17 14.29 14.29 14.29 37 XM_Multi_Part_URI 16 12.93 10.71 13.45 38 DKIM_ADSP_CUSTOM_MED 13 8.84 0.00 10.92 39 NML_ADSP_CUSTOM_MED 13 8.84 0.00 10.92 40 XM_B_SpammyWords2 11 14.29 35.71 9.24 41 FORGED_GMAIL_RCVD 10 6.80 0.00 8.40 42 BAYES_60 10 7.48 3.57 8.40 43 T_XMHurry_00 10 6.80 0.00 8.40 44 BOTNET_IPINHOSTNAME 9 7.48 7.14 7.56 45 UNPARSEABLE_RELAY 9 6.80 3.57 7.56 46 DKIM_INVALID 9 6.12 0.00 7.56 47 XM_DK_Undo_02 8 9.52 21.43 6.72 48 XM_H_Long_From01 8 6.80 7.14 6.72 49 RCVD_IN_IADB_VOUCHED 7 4.76 0.00 5.88 50 XM_Evil_Numbers_Gen 7 6.12 7.14 5.88 51 T_TooManySym_04 7 6.12 7.14 5.88 52 RCVD_IN_IADB_LISTED 7 4.76 0.00 5.88 53 LotsOfNums_01 7 5.44 3.57 5.88 54 BAYES_80 7 4.76 0.00 5.88 55 BAYES_99 7 7.48 14.29 5.88 56 XM_DKIMWhitelistDomains 7 4.76 0.00 5.88 57 BAYES_00 7 4.76 0.00 5.88 58 TR_XM_DK_Bayes 6 4.08 0.00 5.04 59 BAYES_20 6 4.76 3.57 5.04 60 USER_IN_DEF_DKIM_WL 6 4.08 0.00 5.04 61 SCC_BODY_URI_ONLY 6 4.76 3.57 5.04 62 BAYES_999 6 6.12 10.71 5.04 63 TO_MALFORMED 6 5.44 7.14 5.04 64 MAILING_LIST_MULTI 6 4.08 0.00 5.04 65 XMBSHREFv2 6 4.08 0.00 5.04 66 XM_H_PHPMailer 6 4.76 3.57 5.04 67 TR_XM_DK_Bayes1 6 4.08 0.00 5.04 68 RELAYCOUNTRY_META 5 8.84 28.57 4.20 69 XM_SendGrid 5 3.40 0.00 4.20 70 TR_XM_SpammyRelay 5 4.08 3.57 4.20 71 TooManyTo_001 5 5.44 10.71 4.20 72 TR_XM_DK_Bayes2 5 3.40 0.00 4.20 73 UNTRUSTED_Relay 5 4.76 7.14 4.20 74 IN_ZIMBRA_NJ_WHITELIST 5 3.40 0.00 4.20 75 ANY_BOUNCE_MESSAGE 5 5.44 10.71 4.20 76 XM_UncommonTLD01 5 6.80 17.86 4.20 77 XM_CamelCaseFrm001 5 3.40 0.00 4.20 78 TVD_RCVD_IP 5 3.40 0.00 4.20 79 BOUNCE_MESSAGE 5 5.44 10.71 4.20 80 XM_PDF 4 2.72 0.00 3.36 81 BAYES_05 4 3.40 3.57 3.36 82 DCC_CHECK 4 8.84 32.14 3.36 83 XM_DK_Undo_01 4 2.72 0.00 3.36 84 XM_GoogleGroups 4 7.48 25.00 3.36 85 XMNumbers 4 4.76 10.71 3.36 86 SHORT_SHORTNER 4 2.72 0.00 3.36 87 MSGID_NOFQDN1 4 3.40 3.57 3.36 88 FVGT_m_MULTI_ODD_EMAIL 4 2.72 0.00 3.36 89 INVALID_MSGID 4 3.40 3.57 3.36 90 TVD_SPACE_RATIO 4 2.72 0.00 3.36 91 SHORT_URI_2 4 2.72 0.00 3.36 92 BAYES_95 3 3.40 7.14 2.52 93 RELAYCOUNTRY_IE 3 2.72 3.57 2.52 94 XM_SPF_SoftFail 3 2.04 0.00 2.52 95 RCVD_IN_IADB_OPTIN 3 2.04 0.00 2.52 96 XM_B_Phish66 3 2.04 0.00 2.52 97 XMGenDplmaNmb 3 3.40 7.14 2.52 98 T_REMOTE_IMAGE 3 2.04 0.00 2.52 99 LOTS_OF_MONEY 3 3.40 7.14 2.52 100 TooManyTo_002 3 2.04 0.00 2.52 101 RCVD_IN_IADB_SPF 3 2.04 0.00 2.52 102 RCVD_IN_IADB_DK 3 2.04 0.00 2.52 103 RCVD_IN_IADB_SENDERID 3 2.04 0.00 2.52 104 TR_XM_PhishingBody 3 2.72 3.57 2.52 105 TR_XM_UnparsRelay 3 2.72 3.57 2.52 106 XMDiploma_00 3 3.40 7.14 2.52 107 XM_H_PHPOS_M 2 1.36 0.00 1.68 108 XM_H_Undi_Recip 2 1.36 0.00 1.68 109 XM_UB50 2 1.36 0.00 1.68 110 XM_Body_Obfu01 2 1.36 0.00 1.68 111 RCVD_IN_MSPIKE_H4 2 1.36 0.00 1.68 112 FROM_STARTS_WITH_NUMS 2 1.36 0.00 1.68 113 HTML_IMAGE_ONLY_28 2 1.36 0.00 1.68 114 TR_XM_DKIM_Undo 2 4.76 17.86 1.68 115 KHOP_HELO_FCRDNS 2 1.36 0.00 1.68 116 XM_DIRTYINTL 2 2.72 7.14 1.68 117 TR_XM_FormFill2 2 1.36 0.00 1.68 118 TR_XM_PHPForged 2 1.36 0.00 1.68 119 MIME_HTML_MOSTLY 2 2.04 3.57 1.68 120 XMGappySubj_01 2 1.36 0.00 1.68 121 HTML_IMAGE_RATIO_04 2 1.36 0.00 1.68 122 TR_XM_DK_SendGrid 2 1.36 0.00 1.68 123 XMDateMe_00 2 1.36 0.00 1.68 124 XM_B_SpammyWords3 2 4.76 17.86 1.68 125 XM_H_Long_From02 2 1.36 0.00 1.68 126 RELAYCOUNTRY_AU 2 1.36 0.00 1.68 127 XM_ShortIntro_01 2 2.04 3.57 1.68 128 MIME_QP_LONG_LINE 2 2.04 3.57 1.68 129 T_XMDrugObfuBody_14 2 2.04 3.57 1.68 130 TR_XM_PHPDW 2 1.36 0.00 1.68 131 XM_H_PHPOS 2 1.36 0.00 1.68 132 XMSubMetaSx_00 2 4.08 14.29 1.68 133 SCC_BODY_SINGLE_WORD 1 0.68 0.00 0.84 134 FROM_DOMAIN_NOVOWEL 1 0.68 0.00 0.84 135 SpammyFromTLD_02 1 2.04 7.14 0.84 136 HTML_IMAGE_RATIO_08 1 2.04 7.14 0.84 137 MIME_CHARSET_FARAWAY 1 1.36 3.57 0.84 138 TO_EQ_FM_DOM_HTML_IMG 1 0.68 0.00 0.84 139 XMSubMetaSxObfu_03 1 0.68 0.00 0.84 140 TO_EQ_FM_DOM_HTML_ONLY 1 0.68 0.00 0.84 141 CK_HELO_GENERIC 1 0.68 0.00 0.84 142 XM_Combo_Sbj 1 0.68 0.00 0.84 143 XM_B_Unsub 1 2.04 7.14 0.84 144 XMStrtUSub 1 2.04 7.14 0.84 145 TR_XM_SpammyWords4 1 2.04 7.14 0.84 146 XM_B_Phish_Phrases 1 0.68 0.00 0.84 147 HTML_MIME_NO_HTML_TAG 1 6.12 28.57 0.84 148 CTE_8BIT_MISMATCH 1 0.68 0.00 0.84 149 T_XMDrugObfuBody_00 1 0.68 0.00 0.84 150 NO_DNS_FOR_FROM 1 0.68 0.00 0.84 151 XMStockSpam_06 1 0.68 0.00 0.84 152 BOTNET 1 3.40 14.29 0.84 153 TO_NO_BRKTS_FROM_MSSP 1 0.68 0.00 0.84 154 FROM_LOCAL_NOVOWEL 1 0.68 0.00 0.84 155 HTML_IMAGE_RATIO_02 1 0.68 0.00 0.84 156 XM_B_SEO 1 1.36 3.57 0.84 157 TR_MetaPhish_Combo_01b 1 0.68 0.00 0.84 158 XMWhlSbjSex 1 0.68 0.00 0.84 159 GAPPY_SUBJECT 1 0.68 0.00 0.84 160 TR_XM_SEO4 1 1.36 3.57 0.84 161 XM_B_SpammyTLD 1 1.36 3.57 0.84 162 FROM_GOV_SPOOF 1 0.68 0.00 0.84 163 XM_S_SubURI 1 0.68 0.00 0.84 164 XM_B_Unsub2 1 0.68 0.00 0.84 165 TVD_PH_BODY_ACCOUNTS_PRE 1 0.68 0.00 0.84 166 URI_NOVOWEL 1 1.36 3.57 0.84 167 XM_TLDProd2 1 0.68 0.00 0.84 168 T_XMDrugObfuBody_06 1 0.68 0.00 0.84 169 XM_BadFromFormat 1 1.36 3.57 0.84 170 TR_XM_COVIDMETA1 1 0.68 0.00 0.84 171 XMNoVowels 1 0.68 0.00 0.84 172 RCVD_IN_MSPIKE_H5 1 1.36 3.57 0.84 ----------------------------------------------------------------------