Email: 148 Autolearn: 0 AvgScore: 3.00 AvgScanTime: 2.44 sec Spam: 55 Autolearn: 0 AvgScore: 11.67 AvgScanTime: 2.19 sec Ham: 93 Autolearn: 0 AvgScore: -2.13 AvgScanTime: 2.59 sec Time Spent Running SA: 0.10 hours Time Spent Processing Spam: 0.03 hours Time Spent Processing Ham: 0.07 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 HTML_MESSAGE 53 86.49 96.36 80.65 2 T_SCC_BODY_TEXT_LINE 49 85.14 89.09 82.80 3 XM_B_Unicode 49 70.27 89.09 59.14 4 DCC_CHECK_NEGATIVE 48 84.46 87.27 82.80 5 XM_B_Unicode3 44 45.95 80.00 25.81 6 RELAYCOUNTRY_META 42 39.86 76.36 18.28 7 XMSubNoVowel 39 33.11 70.91 10.75 8 UNTRUSTED_Relay 39 35.14 70.91 13.98 9 RELAYCOUNTRY_CN 39 33.11 70.91 10.75 10 MIME_CHARSET_FARAWAY 35 30.41 63.64 10.75 11 CHARSET_FARAWAY_HEADER 35 30.41 63.64 10.75 12 BAYES_80 34 29.05 61.82 9.68 13 XM_UB80 34 27.70 61.82 7.53 14 TR_XM_MSPIKECOMBO 32 22.97 58.18 2.15 15 RCVD_IN_MSPIKE_BL 32 22.97 58.18 2.15 16 RCVD_IN_MSPIKE_L5 23 16.89 41.82 2.15 17 FVGT_m_MULTI_ODD 20 27.70 36.36 22.58 18 LONG_JUNK_URI 16 14.19 29.09 5.38 19 BAYES_50 13 46.62 23.64 60.22 20 DKIM_VALID 13 36.49 23.64 44.09 21 XM_B_SpammyWords 13 31.76 23.64 36.56 22 RELAYCOUNTRY_US 13 40.54 23.64 50.54 23 DKIM_SIGNED 13 38.51 23.64 47.31 24 LONG_JUNK_URI3 13 11.49 23.64 4.30 25 XM_DK_Pass 13 37.16 23.64 45.16 26 DKIM_VALID_AU 10 31.76 18.18 39.78 27 RCVD_IN_MSPIKE_L4 9 6.08 16.36 0.00 28 XM_Multi_Part_URI 9 23.65 16.36 27.96 29 BOTNET_IPINHOSTNAME 8 10.14 14.55 7.53 30 XM_B_Unsub 7 7.43 12.73 4.30 31 DCC_CHECK 7 15.54 12.73 17.20 32 T_KAM_HTML_FONT_INVALID 7 6.76 12.73 3.23 33 TR_XM_BayesUnsub 6 5.41 10.91 2.15 34 RCVD_IN_MSPIKE_H2 6 8.78 10.91 7.53 35 DKIM_VALID_EF 6 25.00 10.91 33.33 36 XM_B_SpammyWords2 6 20.27 10.91 25.81 37 RCVD_IN_MSPIKE_WL 5 29.05 9.09 40.86 38 LOC_TINY_FONT_1 5 10.14 9.09 10.75 39 XMSubLong 5 15.54 9.09 19.35 40 XMListUnsubscribeExists 5 14.86 9.09 18.28 41 TR_XM_DKIM_Undo 5 3.38 9.09 0.00 42 KHOP_HELO_FCRDNS 5 4.05 9.09 1.08 43 XM_Body_Dirty_Words 5 10.14 9.09 10.75 44 XM_DK_Undo_02 5 6.08 9.09 4.30 45 UNPARSEABLE_RELAY 5 6.76 9.09 5.38 46 MIME_HTML_ONLY 4 22.30 7.27 31.18 47 BAYES_99 4 4.05 7.27 2.15 48 TooManyTo_001 4 4.73 7.27 3.23 49 XMFrmHeader_04 4 2.70 7.27 0.00 50 XM_B_SpammyTLD 4 5.41 7.27 4.30 51 XM_B_SpammyWords3 3 4.73 5.45 4.30 52 XM_Evil_Numbers_Gen 3 14.86 5.45 20.43 53 RCVD_IN_MSPIKE_H5 3 11.49 5.45 15.05 54 BOTNET 3 2.70 5.45 1.08 55 XM_UB50 3 4.05 5.45 3.23 56 BAYES_60 3 9.46 5.45 11.83 57 XM_H_Long_From01 3 6.08 5.45 6.45 58 XMStockSpam_06 3 2.70 5.45 1.08 59 XM_UncommonTLD01 3 8.11 5.45 9.68 60 TR_XM_UnparsRelay 3 2.70 5.45 1.08 61 XMDateMe_00 2 1.35 3.64 0.00 62 LOTS_OF_MONEY 2 3.38 3.64 3.23 63 XM_B_SpammyWords4 2 1.35 3.64 0.00 64 HTML_IMAGE_RATIO_06 2 1.35 3.64 0.00 65 RCVD_IN_MSPIKE_H3 2 14.19 3.64 20.43 66 TooManyTo_002 2 2.03 3.64 1.08 67 SpammyFromTLD_02 2 1.35 3.64 0.00 68 XM_B_Phish_Phrases 2 2.03 3.64 1.08 69 XM_SendGrid 2 4.05 3.64 4.30 70 T_TM2_M_HEADER_IN_MSG 2 16.89 3.64 24.73 71 TR_XM_SpammyWords4 2 2.03 3.64 1.08 72 TooManyTo_004 2 1.35 3.64 0.00 73 T_REMOTE_IMAGE 2 2.70 3.64 2.15 74 PDS_RDNS_DYNAMIC_FP 2 1.35 3.64 0.00 75 RDNS_DYNAMIC 2 2.03 3.64 1.08 76 TooManyTo_003 2 1.35 3.64 0.00 77 TM2_M_VERY_LONG_WORD 2 2.70 3.64 2.15 78 TR_Mismatch_TLD_02 2 2.03 3.64 1.08 79 XMSubMetaSx_00 2 3.38 3.64 3.23 80 TM2_M_OBFU_COMMENT 2 1.35 3.64 0.00 81 XMSubject_48 1 0.68 1.82 0.00 82 MIME_HTML_MOSTLY 1 2.70 1.82 3.23 83 TR_XM_SpammyRelay 1 1.35 1.82 1.08 84 XM_E_VN 1 0.68 1.82 0.00 85 TR_XM_MaxWHORU 1 0.68 1.82 0.00 86 XM_DK_Undo_01 1 0.68 1.82 0.00 87 TR_XM_NoHeaderRelay 1 0.68 1.82 0.00 88 TR_XM_DK_SendGrid 1 2.03 1.82 2.15 89 FUZZY_XPILL 1 0.68 1.82 0.00 90 TooManyTo_005 1 0.68 1.82 0.00 91 HTML_FONT_LOW_CONTRAST 1 11.49 1.82 17.20 92 XM_UB99 1 0.68 1.82 0.00 93 TR_XM_Undi_Recip11 1 0.68 1.82 0.00 94 FSL_BULK_SIG 1 6.76 1.82 9.68 95 XMSexyCombo_01 1 0.68 1.82 0.00 96 BAYES_999 1 2.03 1.82 2.15 97 XMSexyCombo_05 1 0.68 1.82 0.00 98 XM_H_PHPMailer 1 1.35 1.82 1.08 99 HTML_IMAGE_RATIO_02 1 0.68 1.82 0.00 100 RCVD_IN_VALIDITY_RPBL 1 0.68 1.82 0.00 101 RELAYCOUNTRY_AU 1 0.68 1.82 0.00 102 XM_DIRTYINTL 1 0.68 1.82 0.00 103 XMStrtUSub 1 4.05 1.82 5.38 104 HDRS_MISSP 1 1.35 1.82 1.08 105 XM_S_SpammyWords 1 2.03 1.82 2.15 106 HELO_DYNAMIC_SPLIT_IP 1 0.68 1.82 0.00 107 MPART_ALT_DIFF_COUNT 1 1.35 1.82 1.08 108 MAILING_LIST_MULTI 1 1.35 1.82 1.08 109 LONG_JUNK_URI2 1 0.68 1.82 0.00 110 NO_DNS_FOR_FROM 1 1.35 1.82 1.08 111 XMCapTrack 1 0.68 1.82 0.00 112 XM_H_PHPOS 1 0.68 1.82 0.00 113 XM_B_Investor 1 1.35 1.82 1.08 114 XM_Body_Dirty_Words_02 1 0.68 1.82 0.00 115 URIBL_CSS_A 1 0.68 1.82 0.00 116 MSGID_FROM_MTA_HEADER 1 0.68 1.82 0.00 117 TR_XM_Spammywords 1 2.03 1.82 2.15 118 OBFU_TEXT_ATTACH 1 0.68 1.82 0.00 119 SpammyFromTLD_01 1 2.03 1.82 2.15 120 URI_TRUNCATED 1 0.68 1.82 0.00 121 HTML_IMAGE_ONLY_04 1 0.68 1.82 0.00 122 XM_UB60 1 1.35 1.82 1.08 123 MIME_QP_LONG_LINE 1 0.68 1.82 0.00 124 URI_NOVOWEL 1 0.68 1.82 0.00 125 TR_XM_PHPDW 1 0.68 1.82 0.00 126 PDS_PHP_EVAL 1 0.68 1.82 0.00 127 XMBdyGiftCard01 1 0.68 1.82 0.00 128 TR_XM_PhishingBody 1 2.03 1.82 2.15 129 RELAYCOUNTRY_GB 1 1.35 1.82 1.08 130 XM_B_SexDrugs1 1 0.68 1.82 0.00 131 XMPhish11 1 0.68 1.82 0.00 132 RELAYCOUNTRY_FI 1 0.68 1.82 0.00 133 URIBL_CSS 1 0.68 1.82 0.00 134 XM_H_Undi_Recip 1 1.35 1.82 1.08 135 URIBL_DBL_SPAM 1 0.68 1.82 0.00 136 UNSUB_GOOG_FORM 1 0.68 1.82 0.00 137 TO_MALFORMED 1 3.38 1.82 4.30 138 XM_Body_Dirty_Words_01 1 0.68 1.82 0.00 139 TR_BOTNET_NEGATE 1 0.68 1.82 0.00 140 TR_XM_FormFill2 1 0.68 1.82 0.00 141 PDS_OTHER_BAD_TLD 1 0.68 1.82 0.00 142 THIS_AD 1 0.68 1.82 0.00 143 ALL_TRUSTED 1 22.30 1.82 34.41 144 MISSING_MIME_HB_SEP 1 0.68 1.82 0.00 145 BAYES_40 1 1.35 1.82 1.08 146 XM_H_PHPOS_E 1 0.68 1.82 0.00 147 LotsOfNums_01 1 2.03 1.82 2.15 148 TVD_RCVD_IP 1 2.70 1.82 3.23 149 XMLngstWrd_01 1 0.68 1.82 0.00 150 TR_XM_PHPForged 1 0.68 1.82 0.00 151 XMLngstWrd_00 1 1.35 1.82 1.08 152 PHP_ORIG_SCRIPT_EVAL 1 0.68 1.82 0.00 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 T_SCC_BODY_TEXT_LINE 77 85.14 89.09 82.80 2 DCC_CHECK_NEGATIVE 77 84.46 87.27 82.80 3 HTML_MESSAGE 75 86.49 96.36 80.65 4 BAYES_50 56 46.62 23.64 60.22 5 XM_B_Unicode 55 70.27 89.09 59.14 6 RELAYCOUNTRY_US 47 40.54 23.64 50.54 7 DKIM_SIGNED 44 38.51 23.64 47.31 8 XM_DK_Pass 42 37.16 23.64 45.16 9 DKIM_VALID 41 36.49 23.64 44.09 10 RCVD_IN_MSPIKE_WL 38 29.05 9.09 40.86 11 DKIM_VALID_AU 37 31.76 18.18 39.78 12 XM_B_SpammyWords 34 31.76 23.64 36.56 13 ALL_TRUSTED 32 22.30 1.82 34.41 14 DKIM_VALID_EF 31 25.00 10.91 33.33 15 MIME_HTML_ONLY 29 22.30 7.27 31.18 16 XM_Multi_Part_URI 26 23.65 16.36 27.96 17 XM_B_SpammyWords2 24 20.27 10.91 25.81 18 XM_B_Unicode3 24 45.95 80.00 25.81 19 T_TM2_M_HEADER_IN_MSG 23 16.89 3.64 24.73 20 FVGT_m_MULTI_ODD 21 27.70 36.36 22.58 21 RCVD_IN_MSPIKE_H3 19 14.19 3.64 20.43 22 XM_DKIMWhitelistDomains 19 12.84 0.00 20.43 23 XM_Evil_Numbers_Gen 19 14.86 5.45 20.43 24 HTML_MIME_NO_HTML_TAG 19 12.84 0.00 20.43 25 XMSubLong 18 15.54 9.09 19.35 26 TR_XM_Base64_M1 18 12.16 0.00 19.35 27 XMListUnsubscribeExists 17 14.86 9.09 18.28 28 BASE64_LENGTH_79_INF 17 11.49 0.00 18.28 29 RELAYCOUNTRY_META 17 39.86 76.36 18.28 30 HTML_FONT_LOW_CONTRAST 16 11.49 1.82 17.20 31 DCC_CHECK 16 15.54 12.73 17.20 32 RCVD_IN_MSPIKE_H5 14 11.49 5.45 15.05 33 UNTRUSTED_Relay 13 35.14 70.91 13.98 34 HTML_IMAGE_RATIO_04 12 8.11 0.00 12.90 35 BAYES_60 11 9.46 5.45 11.83 36 TR_XM_DK_Unsub 11 7.43 0.00 11.83 37 MIME_CHARSET_FARAWAY 10 30.41 63.64 10.75 38 CHARSET_FARAWAY_HEADER 10 30.41 63.64 10.75 39 XMSubNoVowel 10 33.11 70.91 10.75 40 BAYES_00 10 6.76 0.00 10.75 41 XM_Body_Dirty_Words 10 10.14 9.09 10.75 42 RELAYCOUNTRY_CN 10 33.11 70.91 10.75 43 LOC_TINY_FONT_1 10 10.14 9.09 10.75 44 XM_PDF 10 6.76 0.00 10.75 45 T_TooManySym_01 9 6.08 0.00 9.68 46 XM_UncommonTLD01 9 8.11 5.45 9.68 47 BAYES_80 9 29.05 61.82 9.68 48 T_TooManySym_02 9 6.08 0.00 9.68 49 FSL_BULK_SIG 9 6.76 1.82 9.68 50 BOTNET_IPINHOSTNAME 7 10.14 14.55 7.53 51 RCVD_IN_MSPIKE_H2 7 8.78 10.91 7.53 52 XM_UB80 7 27.70 61.82 7.53 53 TR_XM_DK_Bayes2 6 4.05 0.00 6.45 54 XM_H_Long_From01 6 6.08 5.45 6.45 55 TR_XM_DK_Bayes1 6 4.05 0.00 6.45 56 TR_XM_DK_Bayes 6 4.05 0.00 6.45 57 XMStrtUSub 5 4.05 1.82 5.38 58 RCVD_IN_MSPIKE_H4 5 3.38 0.00 5.38 59 TR_Symld_Words 5 3.38 0.00 5.38 60 ANY_BOUNCE_MESSAGE 5 3.38 0.00 5.38 61 USER_IN_DEF_DKIM_WL 5 3.38 0.00 5.38 62 BOUNCE_MESSAGE 5 3.38 0.00 5.38 63 LONG_JUNK_URI 5 14.19 29.09 5.38 64 UNPARSEABLE_RELAY 5 6.76 9.09 5.38 65 XM_ShortIntro_01 4 2.70 0.00 4.30 66 XM_DK_Undo_02 4 6.08 9.09 4.30 67 TO_MALFORMED 4 3.38 1.82 4.30 68 INVALID_MSGID 4 2.70 0.00 4.30 69 BAYES_20 4 2.70 0.00 4.30 70 XM_B_SpammyWords3 4 4.73 5.45 4.30 71 XM_B_Unsub 4 7.43 12.73 4.30 72 XM_B_SpammyTLD 4 5.41 7.27 4.30 73 T_TooManySym_03 4 2.70 0.00 4.30 74 XMNumbers 4 2.70 0.00 4.30 75 XM_SendGrid 4 4.05 3.64 4.30 76 LONG_JUNK_URI3 4 11.49 23.64 4.30 77 XM_UB50 3 4.05 5.45 3.23 78 IN_ZIMBRA_NJ_WHITELIST 3 2.03 0.00 3.23 79 MIME_HTML_MOSTLY 3 2.70 1.82 3.23 80 RELAYCOUNTRY_DE 3 2.03 0.00 3.23 81 TVD_RCVD_IP 3 2.70 1.82 3.23 82 XM_CamelCaseFrm001 3 2.03 0.00 3.23 83 TooManyTo_001 3 4.73 7.27 3.23 84 GMD_PDF_HORIZ 3 2.03 0.00 3.23 85 DKIM_INVALID 3 2.03 0.00 3.23 86 LOTS_OF_MONEY 3 3.38 3.64 3.23 87 XMSubMetaSx_00 3 3.38 3.64 3.23 88 T_KAM_HTML_FONT_INVALID 3 6.76 12.73 3.23 89 TVD_SPACE_RATIO 3 2.03 0.00 3.23 90 FROM_GOV_SPOOF 2 1.35 0.00 2.15 91 USER_IN_WELCOMELIST 2 1.35 0.00 2.15 92 XMBSHREFv2 2 1.35 0.00 2.15 93 TR_XM_DK_SendGrid 2 2.03 1.82 2.15 94 TR_XM_SB_Phish 2 1.35 0.00 2.15 95 SCC_BODY_URI_ONLY 2 1.35 0.00 2.15 96 BAYES_999 2 2.03 1.82 2.15 97 RCVD_IN_MSPIKE_BL 2 22.97 58.18 2.15 98 XMBounce_01 2 1.35 0.00 2.15 99 LotsOfNums_01 2 2.03 1.82 2.15 100 TM2_M_VERY_LONG_WORD 2 2.70 3.64 2.15 101 SpammyFromTLD_01 2 2.03 1.82 2.15 102 TR_XM_Spammywords 2 2.03 1.82 2.15 103 XMBounce_02 2 1.35 0.00 2.15 104 TR_XM_SpoofPhishAttach 2 1.35 0.00 2.15 105 XM_B_Phish66 2 1.35 0.00 2.15 106 BAYES_99 2 4.05 7.27 2.15 107 XM_S_SpammyWords 2 2.03 1.82 2.15 108 TR_XM_MSPIKECOMBO 2 22.97 58.18 2.15 109 FVGT_m_MULTI_ODD_EMAIL 2 1.35 0.00 2.15 110 RCVD_IN_MSPIKE_L5 2 16.89 41.82 2.15 111 TR_XM_BayesUnsub 2 5.41 10.91 2.15 112 TR_DCC_Bayes_99 2 1.35 0.00 2.15 113 USER_IN_WHITELIST 2 1.35 0.00 2.15 114 MPART_ALT_DIFF 2 1.35 0.00 2.15 115 T_XMDrugObfuBody_08 2 1.35 0.00 2.15 116 XMSubPhish11 2 1.35 0.00 2.15 117 XM_ZIP 2 1.35 0.00 2.15 118 T_TooManySym_04 2 1.35 0.00 2.15 119 T_REMOTE_IMAGE 2 2.70 3.64 2.15 120 XMHTML_After_End 2 1.35 0.00 2.15 121 TR_XM_PhishingBody 2 2.03 1.82 2.15 122 RELAYCOUNTRY_CH 1 0.68 0.00 1.08 123 XMSubMetaSxObfu_02 1 0.68 0.00 1.08 124 XMGappySubj_01 1 0.68 0.00 1.08 125 NO_DNS_FOR_FROM 1 1.35 1.82 1.08 126 DATE_IN_PAST_12_24 1 0.68 0.00 1.08 127 MSGID_NOFQDN1 1 0.68 0.00 1.08 128 RCVD_IN_BL_SPAMCOP_NET 1 0.68 0.00 1.08 129 RCVD_IN_PSBL 1 0.68 0.00 1.08 130 XMNoVowels 1 0.68 0.00 1.08 131 RELAYCOUNTRY_BR 1 0.68 0.00 1.08 132 XMLngstWrd_00 1 1.35 1.82 1.08 133 HTML_IMAGE_ONLY_16 1 0.68 0.00 1.08 134 RCVD_IN_IADB_DK 1 0.68 0.00 1.08 135 T_XMDrugObfuBody_14 1 0.68 0.00 1.08 136 RCVD_IN_IADB_LISTED 1 0.68 0.00 1.08 137 XM_UB60 1 1.35 1.82 1.08 138 FROM_EXCESS_BASE64 1 0.68 0.00 1.08 139 XM_B_Investor 1 1.35 1.82 1.08 140 RCVD_IN_IADB_SENDERID 1 0.68 0.00 1.08 141 HTML_SHORT_LINK_IMG_3 1 0.68 0.00 1.08 142 HTML_NONELEMENT_30_40 1 0.68 0.00 1.08 143 T_FILL_THIS_FORM_SHORT 1 0.68 0.00 1.08 144 WEIRD_PORT 1 0.68 0.00 1.08 145 RCVD_IN_IADB_OPTIN 1 0.68 0.00 1.08 146 BOTNET 1 2.70 5.45 1.08 147 TooManyTo_002 1 2.03 3.64 1.08 148 XMSubMetaSxObfu_03 1 0.68 0.00 1.08 149 XM_B_Phish_Phrases 1 2.03 3.64 1.08 150 MPART_ALT_DIFF_COUNT 1 1.35 1.82 1.08 151 MAILING_LIST_MULTI 1 1.35 1.82 1.08 152 HDRS_MISSP 1 1.35 1.82 1.08 153 RCVD_IN_IADB_VOUCHED 1 0.68 0.00 1.08 154 MIME_BASE64_TEXT 1 0.68 0.00 1.08 155 LongTLD 1 0.68 0.00 1.08 156 XM_Body_Obfu01 1 0.68 0.00 1.08 157 TR_XM_SpammyRelay 1 1.35 1.82 1.08 158 TVD_PH_BODY_ACCOUNTS_PRE 1 0.68 0.00 1.08 159 XM_H_PHPMailer 1 1.35 1.82 1.08 160 TR_XM_UnparsRelay 1 2.70 5.45 1.08 161 XM_RXBody 1 0.68 0.00 1.08 162 RDNS_DYNAMIC 1 2.03 3.64 1.08 163 IN_HORDE_ADDRESS_BOOK 1 0.68 0.00 1.08 164 XM_H_Undi_Recip 1 1.35 1.82 1.08 165 XMBody_95 1 0.68 0.00 1.08 166 NUMERIC_HTTP_ADDR 1 0.68 0.00 1.08 167 TR_Mismatch_TLD_02 1 2.03 3.64 1.08 168 XMMoneyMeta_00 1 0.68 0.00 1.08 169 BAYES_40 1 1.35 1.82 1.08 170 RCVD_IN_IADB_SPF 1 0.68 0.00 1.08 171 XMStockSpam_06 1 2.70 5.45 1.08 172 XM_B_Unsub2 1 0.68 0.00 1.08 173 URI_TRY_3LD 1 0.68 0.00 1.08 174 RELAYCOUNTRY_GB 1 1.35 1.82 1.08 175 TR_Mismatch_TLD_01 1 0.68 0.00 1.08 176 KHOP_HELO_FCRDNS 1 4.05 9.09 1.08 177 TM2_M_A_HREF_HREF 1 0.68 0.00 1.08 178 TR_MetaPhish_Combo_01 1 0.68 0.00 1.08 179 TR_XM_SpammyWords4 1 2.03 3.64 1.08 180 RELAYCOUNTRY_BG 1 0.68 0.00 1.08 ----------------------------------------------------------------------