Email: 41 Autolearn: 0 AvgScore: -4.05 AvgScanTime: 1.81 sec Spam: 9 Autolearn: 0 AvgScore: 19.22 AvgScanTime: 1.92 sec Ham: 32 Autolearn: 0 AvgScore: -10.59 AvgScanTime: 1.78 sec Time Spent Running SA: 0.02 hours Time Spent Processing Spam: 0.00 hours Time Spent Processing Ham: 0.02 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 RELAYCOUNTRY_US 9 78.05 100.00 71.88 2 HTML_MESSAGE 8 78.05 88.89 75.00 3 T_SCC_BODY_TEXT_LINE 8 82.93 88.89 81.25 4 DCC_CHECK 7 43.90 77.78 34.38 5 XM_B_SpammyWords 7 29.27 77.78 15.62 6 RELAYCOUNTRY_META 5 14.63 55.56 3.12 7 TR_XM_SpammyRelay 5 12.20 55.56 0.00 8 XM_B_Unicode 5 48.78 55.56 46.88 9 XM_B_SpammyWords2 4 12.20 44.44 3.12 10 DKIM_SIGNED 4 65.85 44.44 71.88 11 MIME_HTML_ONLY 4 14.63 44.44 6.25 12 DKIM_VALID 4 60.98 44.44 65.62 13 FSL_BULK_SIG 4 17.07 44.44 9.38 14 XM_DK_Pass 4 63.41 44.44 68.75 15 KHOP_HELO_FCRDNS 4 12.20 44.44 3.12 16 XM_SPF_SoftFail 3 7.32 33.33 0.00 17 PDS_RDNS_DYNAMIC_FP 3 7.32 33.33 0.00 18 FVGT_m_MULTI_ODD 3 34.15 33.33 34.38 19 DKIM_VALID_AU 3 48.78 33.33 53.12 20 XM_B_Investor 3 7.32 33.33 0.00 21 BAYES_80 3 7.32 33.33 0.00 22 T_TM2_M_HEADER_IN_MSG 3 21.95 33.33 18.75 23 RDNS_DYNAMIC 3 7.32 33.33 0.00 24 XM_B_Unicode3 3 31.71 33.33 31.25 25 XM_B_SpammyTLD 3 9.76 33.33 3.12 26 BOTNET_IPINHOSTNAME 3 21.95 33.33 18.75 27 RCVD_IN_MSPIKE_H2 3 9.76 33.33 3.12 28 BAYES_50 3 51.22 33.33 56.25 29 SUBJ_ALL_CAPS 2 4.88 22.22 0.00 30 TR_Sbj_FN_Bdy 2 4.88 22.22 0.00 31 UNPARSEABLE_RELAY 2 4.88 22.22 0.00 32 BOTNET 2 4.88 22.22 0.00 33 TR_Caps_n_Bayes_80 2 4.88 22.22 0.00 34 MONEY_FROM_MISSP 2 4.88 22.22 0.00 35 XM_B_Unsub 2 7.32 22.22 3.12 36 FORGED_GMAIL_RCVD 2 4.88 22.22 0.00 37 HTML_MIME_NO_HTML_TAG 2 7.32 22.22 3.12 38 FROM_MISSP_DYNIP 2 4.88 22.22 0.00 39 TO_NO_BRKTS_FROM_MSSP 2 4.88 22.22 0.00 40 HTML_FONT_LOW_CONTRAST 2 31.71 22.22 34.38 41 FSL_CTYPE_WIN1251 2 4.88 22.22 0.00 42 FORGED_OUTLOOK_TAGS 2 4.88 22.22 0.00 43 DKIM_ADSP_CUSTOM_MED 2 7.32 22.22 3.12 44 NML_ADSP_CUSTOM_MED 2 7.32 22.22 3.12 45 FSL_NEW_HELO_USER 2 4.88 22.22 0.00 46 FROM_MISSP_MSFT 2 4.88 22.22 0.00 47 RELAYCOUNTRY_RU 2 4.88 22.22 0.00 48 T_KAM_HTML_FONT_INVALID 2 26.83 22.22 28.12 49 MILLION_HUNDRED 2 4.88 22.22 0.00 50 AXB_XMAILER_MIMEOLE_OL_024C2 2 4.88 22.22 0.00 51 XMListUnsubscribeExists 2 36.59 22.22 40.62 52 XM_Body_Dirty_Words 2 14.63 22.22 12.50 53 FORGED_OUTLOOK_HTML 2 4.88 22.22 0.00 54 NSL_RCVD_FROM_USER 2 4.88 22.22 0.00 55 TR_XM_UnparsRelay 2 4.88 22.22 0.00 56 TR_XM_SpammyWords5 2 4.88 22.22 0.00 57 XM_Multi_Part_URI 2 17.07 22.22 15.62 58 TR_XM_BayesUnsub 2 7.32 22.22 3.12 59 LOTS_OF_MONEY 2 7.32 22.22 3.12 60 ADVANCE_FEE_3_NEW_MONEY 2 4.88 22.22 0.00 61 MIME_HTML_MOSTLY 2 4.88 22.22 0.00 62 FROM_MISSP_USER 2 4.88 22.22 0.00 63 RCVD_IN_MSPIKE_WL 2 48.78 22.22 56.25 64 DCC_CHECK_NEGATIVE 2 56.10 22.22 65.62 65 TR_XM_SpammyWords4 2 7.32 22.22 3.12 66 FORGED_MUA_OUTLOOK 2 4.88 22.22 0.00 67 TVD_RCVD_IP 1 7.32 11.11 6.25 68 FROM_MISSP_XPRIO 1 2.44 11.11 0.00 69 TO_NO_BRKTS_MSFT 1 2.44 11.11 0.00 70 RCVD_IN_VALIDITY_CERTIFIED 1 4.88 11.11 3.12 71 BAYES_99 1 9.76 11.11 9.38 72 OBFU_TEXT_ATTACH 1 2.44 11.11 0.00 73 RCVD_IN_VALIDITY_SAFE 1 4.88 11.11 3.12 74 RCVD_IN_BL_SPAMCOP_NET 1 4.88 11.11 3.12 75 BAYES_60 1 17.07 11.11 18.75 76 BAYES_95 1 4.88 11.11 3.12 77 DATE_IN_PAST_03_06 1 2.44 11.11 0.00 78 MIME_CHARSET_FARAWAY 1 2.44 11.11 0.00 79 T_XMDrugObfuBody_08 1 2.44 11.11 0.00 80 BAYES_999 1 9.76 11.11 9.38 81 RCVD_IN_RP_RNBL 1 2.44 11.11 0.00 82 PP_MIME_FAKE_ASCII_TEXT 1 2.44 11.11 0.00 83 RCVD_IN_VALIDITY_RPBL 1 2.44 11.11 0.00 84 XM_DK_Undo_01 1 2.44 11.11 0.00 85 LotsOfNums_01 1 4.88 11.11 3.12 86 TR_XM_BayesRelay 1 2.44 11.11 0.00 87 XM_Evil_Numbers_Gen 1 4.88 11.11 3.12 88 LONG_JUNK_URI 1 2.44 11.11 0.00 89 RELAYCOUNTRY_IE 1 2.44 11.11 0.00 90 TR_XM_DKIM_Undo 1 7.32 11.11 6.25 91 RELAYCOUNTRY_SG 1 2.44 11.11 0.00 92 XM_DK_Undo_02 1 12.20 11.11 12.50 93 FROM_MISSP_REPLYTO 1 2.44 11.11 0.00 94 XM_Body_Obfu01 1 2.44 11.11 0.00 95 PDS_OTHER_BAD_TLD 1 2.44 11.11 0.00 96 RELAYCOUNTRY_CN 1 2.44 11.11 0.00 97 TooManyTo_004 1 2.44 11.11 0.00 98 URIBL_ABUSE_SURBL 1 2.44 11.11 0.00 99 XM_B_DNDMA 1 2.44 11.11 0.00 100 XM_DIRTYINTL 1 2.44 11.11 0.00 101 TooManyTo_001 1 4.88 11.11 3.12 102 T_REMOTE_IMAGE 1 2.44 11.11 0.00 103 XM_B_Phish_Phrases 1 2.44 11.11 0.00 104 THIS_AD 1 2.44 11.11 0.00 105 XMDiploma_00 1 4.88 11.11 3.12 106 RELAYCOUNTRY_CA 1 2.44 11.11 0.00 107 TooManyTo_002 1 2.44 11.11 0.00 108 RCVD_IN_MSPIKE_L5 1 2.44 11.11 0.00 109 RCVD_IN_MSPIKE_H4 1 7.32 11.11 6.25 110 RCVD_IN_MSPIKE_BL 1 2.44 11.11 0.00 111 TR_XM_SpammyWords2 1 2.44 11.11 0.00 112 TO_EQ_FM_DOM_HTML_ONLY 1 2.44 11.11 0.00 113 TR_XM_MSPIKECOMBO 1 2.44 11.11 0.00 114 XMGenDplmaNmb 1 2.44 11.11 0.00 115 DEAR_FRIEND 1 2.44 11.11 0.00 116 TR_XM_SpammyWords3 1 2.44 11.11 0.00 117 TooManyTo_003 1 2.44 11.11 0.00 118 T_TVD_MIME_EPI 1 2.44 11.11 0.00 119 LONG_JUNK_URI3 1 2.44 11.11 0.00 120 XM_H_Undi_Recip 1 4.88 11.11 3.12 121 DKIM_VALID_EF 1 31.71 11.11 37.50 122 TR_XM_NoHeaderRelay 1 2.44 11.11 0.00 123 RCVD_IN_MSPIKE_H3 1 19.51 11.11 21.88 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 T_SCC_BODY_TEXT_LINE 26 82.93 88.89 81.25 2 HTML_MESSAGE 24 78.05 88.89 75.00 3 RELAYCOUNTRY_US 23 78.05 100.00 71.88 4 DKIM_SIGNED 23 65.85 44.44 71.88 5 XM_DK_Pass 22 63.41 44.44 68.75 6 DCC_CHECK_NEGATIVE 21 56.10 22.22 65.62 7 DKIM_VALID 21 60.98 44.44 65.62 8 RCVD_IN_MSPIKE_WL 18 48.78 22.22 56.25 9 BAYES_50 18 51.22 33.33 56.25 10 DKIM_VALID_AU 17 48.78 33.33 53.12 11 XM_B_Unicode 15 48.78 55.56 46.88 12 XMListUnsubscribeExists 13 36.59 22.22 40.62 13 DKIM_VALID_EF 12 31.71 11.11 37.50 14 HTML_FONT_LOW_CONTRAST 11 31.71 22.22 34.38 15 FVGT_m_MULTI_ODD 11 34.15 33.33 34.38 16 DCC_CHECK 11 43.90 77.78 34.38 17 XM_B_Unicode3 10 31.71 33.33 31.25 18 XM_DKIMWhitelistDomains 9 21.95 0.00 28.12 19 RCVD_IN_MSPIKE_H5 9 21.95 0.00 28.12 20 T_KAM_HTML_FONT_INVALID 9 26.83 22.22 28.12 21 ALL_TRUSTED 8 19.51 0.00 25.00 22 RCVD_IN_MSPIKE_H3 7 19.51 11.11 21.88 23 TR_XM_DK_Unsub 7 17.07 0.00 21.88 24 BOTNET_IPINHOSTNAME 6 21.95 33.33 18.75 25 T_TM2_M_HEADER_IN_MSG 6 21.95 33.33 18.75 26 BAYES_60 6 17.07 11.11 18.75 27 LOC_TINY_FONT_1 6 14.63 0.00 18.75 28 XM_B_SpammyWords 5 29.27 77.78 15.62 29 XMSubLong 5 12.20 0.00 15.62 30 XM_Multi_Part_URI 5 17.07 22.22 15.62 31 USER_IN_DEF_DKIM_WL 5 12.20 0.00 15.62 32 HTML_IMAGE_RATIO_04 5 12.20 0.00 15.62 33 T_TooManySym_01 4 9.76 0.00 12.50 34 XM_PDF 4 9.76 0.00 12.50 35 IN_ZIMBRA_NJ_WHITELIST 4 9.76 0.00 12.50 36 XM_Body_Dirty_Words 4 14.63 22.22 12.50 37 XM_DK_Undo_02 4 12.20 11.11 12.50 38 BOUNCE_MESSAGE 4 9.76 0.00 12.50 39 T_OBFU_PDF_ATTACH 4 9.76 0.00 12.50 40 ANY_BOUNCE_MESSAGE 4 9.76 0.00 12.50 41 T_TooManySym_02 4 9.76 0.00 12.50 42 TR_XM_SpoofStaff 3 7.32 0.00 9.38 43 TR_XM_SpoofPhishAttach 3 7.32 0.00 9.38 44 XMNumbers 3 7.32 0.00 9.38 45 FSL_BULK_SIG 3 17.07 44.44 9.38 46 XM_ZohoDesk1 3 7.32 0.00 9.38 47 INVALID_MSGID 3 7.32 0.00 9.38 48 XMSpoofStaff2 3 7.32 0.00 9.38 49 TR_XM_PSC1 3 7.32 0.00 9.38 50 BAYES_999 3 9.76 11.11 9.38 51 XM_UncommonTLD01 3 7.32 0.00 9.38 52 HTML_IMAGE_RATIO_06 3 7.32 0.00 9.38 53 XM_H_SpoofStaff4 3 7.32 0.00 9.38 54 TO_MALFORMED 3 7.32 0.00 9.38 55 BAYES_99 3 9.76 11.11 9.38 56 XM_H_Long_From01 3 7.32 0.00 9.38 57 PLING_QUERY 2 4.88 0.00 6.25 58 RCVD_IN_MSPIKE_H4 2 7.32 11.11 6.25 59 XM_B_COPY_HTML 2 4.88 0.00 6.25 60 TR_XM_PhishingBody 2 4.88 0.00 6.25 61 XM_B_Phish66 2 4.88 0.00 6.25 62 USER_IN_WHITELIST 2 4.88 0.00 6.25 63 SUBJ_BUY 2 4.88 0.00 6.25 64 BAYES_40 2 4.88 0.00 6.25 65 BAYES_00 2 4.88 0.00 6.25 66 MIME_HTML_ONLY 2 14.63 44.44 6.25 67 USER_IN_WELCOMELIST 2 4.88 0.00 6.25 68 TR_XM_SpoofStaff3 2 4.88 0.00 6.25 69 TR_XM_DKIM_Undo 2 7.32 11.11 6.25 70 TR_XM_DK_Bayes 2 4.88 0.00 6.25 71 TVD_RCVD_IP 2 7.32 11.11 6.25 72 DKIM_INVALID 2 4.88 0.00 6.25 73 TR_DCC_Bayes_99 2 4.88 0.00 6.25 74 TM2_M_VERY_LONG_WORD 2 4.88 0.00 6.25 75 XM_ZIP 2 4.88 0.00 6.25 76 KHOP_HELO_FCRDNS 1 12.20 44.44 3.12 77 RCVD_IN_MSPIKE_H2 1 9.76 33.33 3.12 78 TR_XM_PHPForged 1 2.44 0.00 3.12 79 XMStrtUSub 1 2.44 0.00 3.12 80 LOTS_OF_MONEY 1 7.32 22.22 3.12 81 XM_H_Undi_Recip 1 4.88 11.11 3.12 82 TR_XM_SpammyWords4 1 7.32 22.22 3.12 83 XM_H_PHPOS_M 1 2.44 0.00 3.12 84 TR_XM_PHPDW 1 2.44 0.00 3.12 85 TRACKER_ID 1 2.44 0.00 3.12 86 XMLngstWrd_00 1 2.44 0.00 3.12 87 TR_XM_FormFill2 1 2.44 0.00 3.12 88 RELAYCOUNTRY_GB 1 2.44 0.00 3.12 89 T_XMDrugObfuBody_14 1 2.44 0.00 3.12 90 RCVD_IN_IADB_LISTED 1 2.44 0.00 3.12 91 XM_B_Unsub2 1 2.44 0.00 3.12 92 TR_XM_DK_Bayes1 1 2.44 0.00 3.12 93 NML_ADSP_CUSTOM_MED 1 7.32 22.22 3.12 94 TR_XM_BayesUnsub 1 7.32 22.22 3.12 95 XM_B_SpammyTLD 1 9.76 33.33 3.12 96 XMBSHREFv2 1 2.44 0.00 3.12 97 BASE64_LENGTH_79_INF 1 2.44 0.00 3.12 98 XMDiploma_00 1 4.88 11.11 3.12 99 TooManyTo_001 1 4.88 11.11 3.12 100 XMGappySubj_01 1 2.44 0.00 3.12 101 RELAYCOUNTRY_META 1 14.63 55.56 3.12 102 RCVD_IN_IADB_VOUCHED 1 2.44 0.00 3.12 103 XM_B_SpammyWords2 1 12.20 44.44 3.12 104 XMSubMetaSxObfu_03 1 2.44 0.00 3.12 105 HTML_MIME_NO_HTML_TAG 1 7.32 22.22 3.12 106 BAYES_95 1 4.88 11.11 3.12 107 DKIM_ADSP_CUSTOM_MED 1 7.32 22.22 3.12 108 TR_XM_Undi_Recip2 1 2.44 0.00 3.12 109 TR_XM_DK_Bayes2 1 2.44 0.00 3.12 110 RCVD_IN_IADB_OPTIN 1 2.44 0.00 3.12 111 RCVD_IN_IADB_SPF 1 2.44 0.00 3.12 112 XMBody_78 1 2.44 0.00 3.12 113 XM_Evil_Numbers_Gen 1 4.88 11.11 3.12 114 TVD_SPACE_RATIO 1 2.44 0.00 3.12 115 LotsOfNums_01 1 4.88 11.11 3.12 116 RCVD_IN_VALIDITY_CERTIFIED 1 4.88 11.11 3.12 117 SCC_BODY_URI_ONLY 1 2.44 0.00 3.12 118 XM_H_Long_From02 1 2.44 0.00 3.12 119 XM_H_PHPMailer 1 2.44 0.00 3.12 120 MSGID_NOFQDN1 1 2.44 0.00 3.12 121 TR_XM_Undi_Recip17 1 2.44 0.00 3.12 122 XM_B_Unsub 1 7.32 22.22 3.12 123 RCVD_IN_BL_SPAMCOP_NET 1 4.88 11.11 3.12 124 RCVD_IN_VALIDITY_SAFE 1 4.88 11.11 3.12 125 XM_H_PHPOS 1 2.44 0.00 3.12 126 XMSubMetaSx_00 1 2.44 0.00 3.12 ----------------------------------------------------------------------