Email: 172 Autolearn: 0 AvgScore: 2.90 AvgScanTime: 2.71 sec Spam: 26 Autolearn: 0 AvgScore: 13.58 AvgScanTime: 2.98 sec Ham: 146 Autolearn: 0 AvgScore: 1.00 AvgScanTime: 2.66 sec Time Spent Running SA: 0.13 hours Time Spent Processing Spam: 0.02 hours Time Spent Processing Ham: 0.11 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 HTML_MESSAGE 25 41.86 96.15 32.19 2 DKIM_VALID 21 37.79 80.77 30.14 3 XM_DK_Pass 21 37.79 80.77 30.14 4 DKIM_SIGNED 21 40.12 80.77 32.88 5 T_SCC_BODY_TEXT_LINE 19 83.72 73.08 85.62 6 XM_B_SpammyWords 17 19.77 65.38 11.64 7 DKIM_VALID_AU 17 30.23 65.38 23.97 8 XMListUnsubscribeExists 17 22.67 65.38 15.07 9 DKIM_VALID_EF 16 23.84 61.54 17.12 10 DCC_CHECK 15 31.98 57.69 27.40 11 XM_B_Unicode 14 27.91 53.85 23.29 12 UNTRUSTED_Relay 13 8.72 50.00 1.37 13 RELAYCOUNTRY_US 13 36.05 50.00 33.56 14 LOC_TINY_FONT_1 13 15.12 50.00 8.90 15 TR_XM_DK_Unsub 12 11.05 46.15 4.79 16 XM_B_Unicode3 12 18.60 46.15 13.70 17 BAYES_50 11 50.58 42.31 52.05 18 RELAYCOUNTRY_META 11 8.72 42.31 2.74 19 DCC_CHECK_NEGATIVE 11 68.02 42.31 72.60 20 MIME_HTML_MOSTLY 9 7.56 34.62 2.74 21 MPART_ALT_DIFF 9 8.14 34.62 3.42 22 URI_NOVOWEL 9 5.23 34.62 0.00 23 RCVD_IN_MSPIKE_H2 8 11.63 30.77 8.22 24 SpammyFromTLD_01 8 4.65 30.77 0.00 25 T_KAM_HTML_FONT_INVALID 8 9.88 30.77 6.16 26 XM_B_SpammyWords2 7 9.88 26.92 6.85 27 XM_UncommonTLD01 7 8.72 26.92 5.48 28 BAYES_99 7 5.81 26.92 2.05 29 TR_XM_SpammyRelay 7 5.23 26.92 1.37 30 BAYES_999 6 4.65 23.08 1.37 31 RELAYCOUNTRY_IN 6 3.49 23.08 0.00 32 MIME_HTML_ONLY 6 9.88 23.08 7.53 33 XM_UB50 6 4.65 23.08 1.37 34 XM_DK_Undo_02 6 4.07 23.08 0.68 35 FVGT_m_MULTI_ODD 5 13.95 19.23 13.01 36 TR_XM_DKIM_Undo 5 2.91 19.23 0.00 37 XMSubLong 4 11.63 15.38 10.96 38 XMSubNoVowel 4 2.91 15.38 0.68 39 RCVD_IN_MSPIKE_WL 4 12.79 15.38 12.33 40 BAYES_80 4 4.07 15.38 2.05 41 UNPARSEABLE_RELAY 4 8.14 15.38 6.85 42 HTML_FONT_LOW_CONTRAST 3 10.47 11.54 10.27 43 RCVD_IN_MSPIKE_H4 3 2.33 11.54 0.68 44 RELAYCOUNTRY_CN 3 1.74 11.54 0.00 45 XM_UB99 3 1.74 11.54 0.00 46 BOTNET 3 1.74 11.54 0.00 47 SpammyFromTLD_02 3 2.33 11.54 0.68 48 KHOP_HELO_FCRDNS 3 1.74 11.54 0.00 49 XM_SendGrid 3 3.49 11.54 2.05 50 XM_B_SpammyTLD 3 2.91 11.54 1.37 51 T_REMOTE_IMAGE 2 4.07 7.69 3.42 52 MPART_ALT_DIFF_COUNT 2 1.16 7.69 0.00 53 LongTLD 2 1.16 7.69 0.00 54 XM_B_SpammyWords3 2 2.91 7.69 2.05 55 TO_EQ_FM_DOM_HTML_ONLY 2 1.16 7.69 0.00 56 TO_NO_BRKTS_HTML_IMG 2 1.16 7.69 0.00 57 TR_XM_SpammyWords2 2 1.16 7.69 0.00 58 XM_UB999 2 1.16 7.69 0.00 59 TR_XM_UnparsRelay 2 1.74 7.69 0.68 60 SUBJ_ALL_CAPS 2 1.74 7.69 0.68 61 TooManyTo_001 2 2.91 7.69 2.05 62 RCVD_IN_MSPIKE_BL 2 1.16 7.69 0.00 63 TR_XM_BayesUnsub 2 3.49 7.69 2.74 64 BAYES_95 2 2.33 7.69 1.37 65 BOTNET_IPINHOSTNAME 2 1.74 7.69 0.68 66 XM_Body_Obfu01 2 1.16 7.69 0.00 67 RCVD_IN_MSPIKE_L5 2 1.16 7.69 0.00 68 BAYES_60 2 7.56 7.69 7.53 69 XM_Multi_Part_URI 2 30.23 7.69 34.25 70 TR_DCC_Bayes_99 2 1.16 7.69 0.00 71 TR_XM_SpammyWords5 2 1.16 7.69 0.00 72 BOTNET_NORDNS 2 1.16 7.69 0.00 73 CHARSET_FARAWAY_HEADER 2 1.16 7.69 0.00 74 XM_UB95 2 1.16 7.69 0.00 75 TR_XM_MSPIKECOMBO 2 1.16 7.69 0.00 76 T_TM2_M_HEADER_IN_MSG 2 10.47 7.69 10.96 77 XM_B_Unsub 2 3.49 7.69 2.74 78 XM_UB80 2 1.16 7.69 0.00 79 TM2_M_A_HREF_HREF 2 1.16 7.69 0.00 80 XM_DIRTYINTL 2 1.16 7.69 0.00 81 XM_Body_Dirty_Words 2 2.33 7.69 1.37 82 TR_Caps_n_Bayes_95 1 0.58 3.85 0.00 83 TM2_M_URI_OPT_OUT 1 47.09 3.85 54.79 84 RELAYCOUNTRY_TH 1 0.58 3.85 0.00 85 XM_B_SpammyTLD2 1 0.58 3.85 0.00 86 T_TooManySym_01 1 5.81 3.85 6.16 87 XM_SPF_SoftFail 1 1.16 3.85 0.68 88 FSL_BULK_SIG 1 19.77 3.85 22.60 89 XMSpoofStaff 1 0.58 3.85 0.00 90 XMDateMe_00 1 0.58 3.85 0.00 91 T_TooManySym_02 1 4.07 3.85 4.11 92 TR_XM_InvalidRelay 1 0.58 3.85 0.00 93 RCVD_IN_MSPIKE_H3 1 4.65 3.85 4.79 94 T_PDS_PRO_TLD 1 0.58 3.85 0.00 95 RCVD_IN_BL_SPAMCOP_NET 1 0.58 3.85 0.00 96 XMSubject_78 1 1.16 3.85 0.68 97 TR_Symld_Words 1 0.58 3.85 0.00 98 HTML_IMAGE_RATIO_06 1 1.74 3.85 1.37 99 TR_MetaPhish_Combo_01a 1 0.58 3.85 0.00 100 XM_B_Investor 1 0.58 3.85 0.00 101 XM_B_COPY_HTML 1 0.58 3.85 0.00 102 RELAYCOUNTRY_RU 1 0.58 3.85 0.00 103 LONG_JUNK_URI 1 0.58 3.85 0.00 104 TR_MetaPhish_Combo_01b 1 0.58 3.85 0.00 105 TooManyTo_004 1 0.58 3.85 0.00 106 FROM_GOV_SPOOF 1 0.58 3.85 0.00 107 URIBL_DBL_SPAM 1 0.58 3.85 0.00 108 TooManyTo_002 1 0.58 3.85 0.00 109 OBFU_TEXT_ATTACH 1 0.58 3.85 0.00 110 XM_S_GiftBonus 1 0.58 3.85 0.00 111 HTML_IMAGE_RATIO_02 1 4.65 3.85 4.79 112 TVD_PH_SEC 1 0.58 3.85 0.00 113 XM_Evil_Numbers_Gen 1 2.91 3.85 2.74 114 TR_XM_SpoofStaff 1 0.58 3.85 0.00 115 TR_XM_SPAMCOP 1 0.58 3.85 0.00 116 NO_DNS_FOR_FROM 1 0.58 3.85 0.00 117 TO_NO_BRKTS_DYNIP 1 0.58 3.85 0.00 118 TR_Caps_n_Bayes_99 1 0.58 3.85 0.00 119 DATE_IN_PAST_03_06 1 0.58 3.85 0.00 120 TR_XM_PhishingBody 1 1.74 3.85 1.37 121 USER_IN_DEF_DKIM_WL 1 2.33 3.85 2.05 122 TVD_SPACE_RATIO 1 2.33 3.85 2.05 123 TooManyTo_003 1 0.58 3.85 0.00 124 XMSubEmpty 1 0.58 3.85 0.00 125 TR_MetaPhish_Combo_01 1 0.58 3.85 0.00 126 URI_TRUNCATED 1 1.16 3.85 0.68 127 TR_XM_NoHeaderRelay 1 0.58 3.85 0.00 128 TR_XM_MaxWHORU 1 0.58 3.85 0.00 129 FUZZY_XPILL 1 0.58 3.85 0.00 130 FORGED_HOTMAIL_RCVD2 1 0.58 3.85 0.00 131 PDS_RDNS_DYNAMIC_FP 1 0.58 3.85 0.00 132 DATE_IN_PAST_12_24 1 0.58 3.85 0.00 133 RDNS_DYNAMIC 1 0.58 3.85 0.00 134 XMSexyCombo_05 1 0.58 3.85 0.00 135 URI_GOOGLE_PROXY 1 0.58 3.85 0.00 136 XMPhish30 1 1.16 3.85 0.68 137 TR_XM_PhishingBody3 1 0.58 3.85 0.00 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 T_SCC_BODY_TEXT_LINE 125 83.72 73.08 85.62 2 DCC_CHECK_NEGATIVE 106 68.02 42.31 72.60 3 ALL_TRUSTED 94 54.65 0.00 64.38 4 BOUNCE_MESSAGE 82 47.67 0.00 56.16 5 ANY_BOUNCE_MESSAGE 82 47.67 0.00 56.16 6 TM2_M_URI_OPT_OUT 80 47.09 3.85 54.79 7 BAYES_50 76 50.58 42.31 52.05 8 XM_Multi_Part_URI 50 30.23 7.69 34.25 9 RELAYCOUNTRY_US 49 36.05 50.00 33.56 10 DKIM_SIGNED 48 40.12 80.77 32.88 11 HTML_MESSAGE 47 41.86 96.15 32.19 12 DKIM_VALID 44 37.79 80.77 30.14 13 XM_DK_Pass 44 37.79 80.77 30.14 14 DCC_CHECK 40 31.98 57.69 27.40 15 BAYES_05 37 21.51 0.00 25.34 16 DKIM_VALID_AU 35 30.23 65.38 23.97 17 XM_B_Unicode 34 27.91 53.85 23.29 18 FSL_BULK_SIG 33 19.77 3.85 22.60 19 DKIM_VALID_EF 25 23.84 61.54 17.12 20 XMListUnsubscribeExists 22 22.67 65.38 15.07 21 XM_B_Unicode3 20 18.60 46.15 13.70 22 FVGT_m_MULTI_ODD 19 13.95 19.23 13.01 23 RCVD_IN_MSPIKE_WL 18 12.79 15.38 12.33 24 XM_B_SpammyWords 17 19.77 65.38 11.64 25 XMSubLong 16 11.63 15.38 10.96 26 T_TM2_M_HEADER_IN_MSG 16 10.47 7.69 10.96 27 HTML_FONT_LOW_CONTRAST 15 10.47 11.54 10.27 28 LOC_TINY_FONT_1 13 15.12 50.00 8.90 29 RCVD_IN_MSPIKE_H2 12 11.63 30.77 8.22 30 MIME_HTML_ONLY 11 9.88 23.08 7.53 31 BAYES_60 11 7.56 7.69 7.53 32 XM_B_SpammyWords2 10 9.88 26.92 6.85 33 RCVD_IN_MSPIKE_H5 10 5.81 0.00 6.85 34 UNPARSEABLE_RELAY 10 8.14 15.38 6.85 35 T_TooManySym_01 9 5.81 3.85 6.16 36 T_KAM_HTML_FONT_INVALID 9 9.88 30.77 6.16 37 XM_UncommonTLD01 8 8.72 26.92 5.48 38 RCVD_IN_MSPIKE_H3 7 4.65 3.85 4.79 39 TR_XM_DK_Unsub 7 11.05 46.15 4.79 40 HTML_IMAGE_RATIO_02 7 4.65 3.85 4.79 41 T_TooManySym_02 6 4.07 3.85 4.11 42 TO_MALFORMED 6 3.49 0.00 4.11 43 IN_ZIMBRA_NJ_WHITELIST 6 3.49 0.00 4.11 44 MSGID_NOFQDN1 6 3.49 0.00 4.11 45 INVALID_MSGID 6 3.49 0.00 4.11 46 BAYES_00 6 3.49 0.00 4.11 47 T_REMOTE_IMAGE 5 4.07 7.69 3.42 48 MPART_ALT_DIFF 5 8.14 34.62 3.42 49 MIME_HTML_MOSTLY 4 7.56 34.62 2.74 50 DKIM_INVALID 4 2.33 0.00 2.74 51 XMStrtUSub 4 2.33 0.00 2.74 52 BAYES_20 4 2.33 0.00 2.74 53 TR_XM_DK_Bayes1 4 2.33 0.00 2.74 54 TR_XM_DK_Bayes2 4 2.33 0.00 2.74 55 TR_XM_BayesUnsub 4 3.49 7.69 2.74 56 RELAYCOUNTRY_META 4 8.72 42.31 2.74 57 XM_Evil_Numbers_Gen 4 2.91 3.85 2.74 58 TR_XM_DK_Bayes 4 2.33 0.00 2.74 59 BAYES_40 4 2.33 0.00 2.74 60 XM_DKIMWhitelistDomains 4 2.33 0.00 2.74 61 XM_B_Unsub 4 3.49 7.69 2.74 62 LOTS_OF_MONEY 4 2.33 0.00 2.74 63 MAILING_LIST_MULTI 3 1.74 0.00 2.05 64 XM_B_SpammyWords3 3 2.91 7.69 2.05 65 SCC_BODY_URI_ONLY 3 1.74 0.00 2.05 66 HTML_FONT_FACE_BAD 3 1.74 0.00 2.05 67 HTML_MIME_NO_HTML_TAG 3 1.74 0.00 2.05 68 XMNumbers 3 1.74 0.00 2.05 69 XM_PDF 3 1.74 0.00 2.05 70 TooManyTo_001 3 2.91 7.69 2.05 71 USER_IN_DEF_DKIM_WL 3 2.33 3.85 2.05 72 TVD_SPACE_RATIO 3 2.33 3.85 2.05 73 BAYES_99 3 5.81 26.92 2.05 74 SHOPIFY_IMG_NOT_RCVD_SFY 3 1.74 0.00 2.05 75 BAYES_80 3 4.07 15.38 2.05 76 XM_SendGrid 3 3.49 11.54 2.05 77 XM_GoogleGroups 2 1.16 0.00 1.37 78 XMSubMetaSx_00 2 1.16 0.00 1.37 79 FVGT_m_MULTI_ODD_EMAIL 2 1.16 0.00 1.37 80 BAYES_999 2 4.65 23.08 1.37 81 XM_H_Long_From02 2 1.16 0.00 1.37 82 T_XMDrugObfuBody_14 2 1.16 0.00 1.37 83 UNTRUSTED_Relay 2 8.72 50.00 1.37 84 XM_Dr_From 2 1.16 0.00 1.37 85 BAYES_95 2 2.33 7.69 1.37 86 T_TooManySym_03 2 1.16 0.00 1.37 87 TR_XM_DK_SendGrid 2 1.16 0.00 1.37 88 HTML_IMAGE_RATIO_06 2 1.74 3.85 1.37 89 TR_XM_PhishingBody 2 1.74 3.85 1.37 90 LotsOfNums_01 2 1.16 0.00 1.37 91 HTML_IMAGE_ONLY_28 2 1.16 0.00 1.37 92 XM_UB50 2 4.65 23.08 1.37 93 NICE_REPLY_A 2 1.16 0.00 1.37 94 XM_Body_Dirty_Words 2 2.33 7.69 1.37 95 XM_B_SpammyTLD 2 2.91 11.54 1.37 96 TR_XM_SpammyRelay 2 5.23 26.92 1.37 97 XM_DK_Undo_01 2 1.16 0.00 1.37 98 XM_ZIP 1 0.58 0.00 0.68 99 TR_XM_UnparsRelay 1 1.74 7.69 0.68 100 XM_ShortIntro_01 1 0.58 0.00 0.68 101 XMSubject_78 1 1.16 3.85 0.68 102 RCVD_IN_MSPIKE_H4 1 2.33 11.54 0.68 103 RCVD_IN_IADB_OPTIN 1 0.58 0.00 0.68 104 TR_XM_Spammywords 1 0.58 0.00 0.68 105 MIME_HTML_ONLY_MULTI 1 0.58 0.00 0.68 106 RELAYCOUNTRY_TW 1 0.58 0.00 0.68 107 NUMERIC_HTTP_ADDR 1 0.58 0.00 0.68 108 RCVD_IN_IADB_SENDERID 1 0.58 0.00 0.68 109 RELAYCOUNTRY_GB 1 0.58 0.00 0.68 110 RELAYCOUNTRY_FR 1 0.58 0.00 0.68 111 XM_SPF_SoftFail 1 1.16 3.85 0.68 112 XM_B_Phish_Phrases 1 0.58 0.00 0.68 113 TR_XM_SpammyWords4 1 0.58 0.00 0.68 114 PDS_OTHER_BAD_TLD 1 0.58 0.00 0.68 115 XM_H_Undi_Recip 1 0.58 0.00 0.68 116 RCVD_IN_IADB_SPF 1 0.58 0.00 0.68 117 XM_H_PHPOS_M 1 0.58 0.00 0.68 118 LONG_JUNK_URI2 1 0.58 0.00 0.68 119 TR_Mismatch_TLD_01 1 0.58 0.00 0.68 120 RCVD_IN_IADB_DK 1 0.58 0.00 0.68 121 SpammyFromTLD_02 1 2.33 11.54 0.68 122 XMGappySubj_01 1 0.58 0.00 0.68 123 T_DOC_ATTACH_NO_EXT 1 0.58 0.00 0.68 124 BOTNET_IPINHOSTNAME 1 1.74 7.69 0.68 125 RCVD_IN_IADB_OPTIN_GT50 1 0.58 0.00 0.68 126 TR_XM_FormFill2 1 0.58 0.00 0.68 127 XMReplyNow 1 0.58 0.00 0.68 128 XM_B_Phish66 1 0.58 0.00 0.68 129 SUBJ_ALL_CAPS 1 1.74 7.69 0.68 130 XM_H_Trusted_IP 1 0.58 0.00 0.68 131 XMBSHREFv2 1 0.58 0.00 0.68 132 TR_XM_Undi_Recip2 1 0.58 0.00 0.68 133 FROM_SUSPICIOUS_NTLD_FP 1 0.58 0.00 0.68 134 TR_XM_PHPDW 1 0.58 0.00 0.68 135 XM_H_PHPOS 1 0.58 0.00 0.68 136 URI_TRUNCATED 1 1.16 3.85 0.68 137 XM_URI_RBL 1 0.58 0.00 0.68 138 XM_CamelCaseFrm001 1 0.58 0.00 0.68 139 TVD_RCVD_IP 1 0.58 0.00 0.68 140 TR_XM_PHPForged 1 0.58 0.00 0.68 141 RELAYCOUNTRY_NL 1 0.58 0.00 0.68 142 LONG_JUNK_URI3 1 0.58 0.00 0.68 143 FROM_SUSPICIOUS_NTLD 1 0.58 0.00 0.68 144 HTML_IMAGE_RATIO_04 1 0.58 0.00 0.68 145 RCVD_IN_IADB_LISTED 1 0.58 0.00 0.68 146 XMGenDplmaNmb 1 0.58 0.00 0.68 147 XMPhish30 1 1.16 3.85 0.68 148 XMDiploma_00 1 0.58 0.00 0.68 149 XMSubMetaSxObfu_03 1 0.58 0.00 0.68 150 RCVD_IN_IADB_VOUCHED 1 0.58 0.00 0.68 151 TM2_M_VERY_LONG_WORD 1 0.58 0.00 0.68 152 XM_OfRef6 1 0.58 0.00 0.68 153 XMSubPhish11 1 0.58 0.00 0.68 154 XM_DK_Undo_02 1 4.07 23.08 0.68 155 GMD_PDF_SQUARE 1 0.58 0.00 0.68 156 MY_SERVERS_FOUND 1 0.58 0.00 0.68 157 XMLngstWrd_00 1 0.58 0.00 0.68 158 XM_S_SpammyWords 1 0.58 0.00 0.68 159 HTML_IMAGE_RATIO_08 1 0.58 0.00 0.68 160 TR_XM_SB_Phish 1 0.58 0.00 0.68 161 XMSubNoVowel 1 2.91 15.38 0.68 162 HTML_IMAGE_ONLY_08 1 0.58 0.00 0.68 163 TM2_M_HAS_BSLASH_URI 1 0.58 0.00 0.68 ----------------------------------------------------------------------