Email: 160 Autolearn: 0 AvgScore: 1.14 AvgScanTime: 3.68 sec Spam: 32 Autolearn: 0 AvgScore: 13.16 AvgScanTime: 4.15 sec Ham: 128 Autolearn: 0 AvgScore: -1.87 AvgScanTime: 3.57 sec Time Spent Running SA: 0.16 hours Time Spent Processing Spam: 0.04 hours Time Spent Processing Ham: 0.13 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 HTML_MESSAGE 29 73.75 90.62 69.53 2 DCC_CHECK_NEGATIVE 27 93.12 84.38 95.31 3 XM_B_Unicode 25 57.50 78.12 52.34 4 T_SCC_BODY_TEXT_LINE 25 81.25 78.12 82.03 5 DKIM_SIGNED 25 66.25 78.12 63.28 6 DKIM_VALID 25 65.00 78.12 61.72 7 XM_DK_Pass 25 65.62 78.12 62.50 8 RELAYCOUNTRY_US 24 63.75 75.00 60.94 9 FVGT_m_MULTI_ODD 21 28.12 65.62 18.75 10 XM_B_SpammyWords 17 28.12 53.12 21.88 11 DKIM_VALID_AU 17 45.62 53.12 43.75 12 XM_DK_Undo_02 17 13.75 53.12 3.91 13 XM_B_Unicode3 16 29.38 50.00 24.22 14 BAYES_99 15 11.88 46.88 3.12 15 XM_B_Unsub 14 15.62 43.75 8.59 16 TR_XM_BayesUnsub 14 15.62 43.75 8.59 17 XM_Multi_Part_URI 13 18.75 40.62 13.28 18 BAYES_50 11 56.88 34.38 62.50 19 XMSubLong 11 12.50 34.38 7.03 20 LOTS_OF_MONEY 11 8.12 34.38 1.56 21 DKIM_VALID_EF 10 36.25 31.25 37.50 22 LOC_TINY_FONT_1 10 19.38 31.25 16.41 23 XMListUnsubscribeExists 9 30.63 28.12 31.25 24 TR_XM_DKIM_Undo 9 6.25 28.12 0.78 25 BAYES_999 8 5.62 25.00 0.78 26 XM_Body_Dirty_Words 8 11.25 25.00 7.81 27 XM_B_SpammyWords2 8 9.38 25.00 5.47 28 RELAYCOUNTRY_META 7 10.62 21.88 7.81 29 T_TM2_M_HEADER_IN_MSG 7 23.75 21.88 24.22 30 HTML_FONT_LOW_CONTRAST 7 21.25 21.88 21.09 31 RCVD_IN_MSPIKE_H2 7 16.88 21.88 15.62 32 UNPARSEABLE_RELAY 7 17.50 21.88 16.41 33 UNTRUSTED_Relay 7 5.00 21.88 0.78 34 T_KAM_HTML_FONT_INVALID 6 19.38 18.75 19.53 35 TR_XM_UnparsRelay 5 5.00 15.62 2.34 36 HTML_IMAGE_RATIO_02 5 4.38 15.62 1.56 37 DCC_CHECK 5 6.88 15.62 4.69 38 MIME_HTML_MOSTLY 5 4.38 15.62 1.56 39 RCVD_IN_BL_SPAMCOP_NET 5 3.75 15.62 0.78 40 BOTNET_IPINHOSTNAME 5 8.12 15.62 6.25 41 BOTNET 4 2.50 12.50 0.00 42 KHOP_HELO_FCRDNS 4 3.75 12.50 1.56 43 XM_ProductURIs 4 3.12 12.50 0.78 44 XM_B_SpammyTLD 4 3.12 12.50 0.78 45 BAYES_80 4 4.38 12.50 2.34 46 HTML_IMAGE_RATIO_08 4 3.75 12.50 1.56 47 TR_XM_SpammyWords4 4 3.12 12.50 0.78 48 T_XMDrugObfuBody_14 4 4.38 12.50 2.34 49 XM_B_Unsub2 4 3.75 12.50 1.56 50 TR_XM_Base64_M2 3 1.88 9.38 0.00 51 XM_B_Phish_Phrases 3 3.12 9.38 1.56 52 TR_XM_SPAMCOP 3 1.88 9.38 0.00 53 T_XMDrugObfuBody_12 3 1.88 9.38 0.00 54 MIME_BASE64_TEXT 3 1.88 9.38 0.00 55 TR_XM_Base64_L1 3 1.88 9.38 0.00 56 TR_XM_Base64_M1 3 1.88 9.38 0.00 57 TR_XM_Base64_C 3 1.88 9.38 0.00 58 TR_XM_SpammyRelay 3 3.75 9.38 2.34 59 XM_UB50 3 1.88 9.38 0.00 60 MIME_HTML_ONLY 3 5.00 9.38 3.91 61 TR_DCC_Bayes_99 3 1.88 9.38 0.00 62 TR_XM_DK_Unsub 3 16.25 9.38 17.97 63 XM_UB99 3 1.88 9.38 0.00 64 MPART_ALT_DIFF 3 3.12 9.38 1.56 65 XM_UncommonTLD01 3 8.75 9.38 8.59 66 RDNS_DYNAMIC 2 1.25 6.25 0.00 67 XM_Body_Dirty_Words_01 2 1.25 6.25 0.00 68 TR_XM_SpammyWords2 2 1.25 6.25 0.00 69 TooManyTo_001 2 6.25 6.25 6.25 70 TR_XM_NoHeaderRelay 2 1.25 6.25 0.00 71 RELAYCOUNTRY_FR 2 1.88 6.25 0.78 72 XMSubNoVowel 2 1.25 6.25 0.00 73 HTML_IMAGE_RATIO_06 2 5.62 6.25 5.47 74 TR_XM_PhishingBody 2 1.88 6.25 0.78 75 CHARSET_FARAWAY_HEADER 2 1.25 6.25 0.00 76 PDS_RDNS_DYNAMIC_FP 2 1.25 6.25 0.00 77 XM_B_Phish66 2 1.88 6.25 0.78 78 HTML_IMAGE_ONLY_24 2 1.25 6.25 0.00 79 TO_NO_BRKTS_HTML_IMG 2 1.25 6.25 0.00 80 XMSubMetaSx_00 2 2.50 6.25 1.56 81 RELAYCOUNTRY_CN 2 1.25 6.25 0.00 82 RELAYCOUNTRY_AT 1 0.62 3.12 0.00 83 TR_XM_MaxWHORU 1 0.62 3.12 0.00 84 XMNumbers 1 3.75 3.12 3.91 85 XMNoVowels 1 1.88 3.12 1.56 86 RELAYCOUNTRY_UA 1 0.62 3.12 0.00 87 URI_OPTOUT_3LD 1 0.62 3.12 0.00 88 XM_Sft_Ad_L33t 1 0.62 3.12 0.00 89 TooManyTo_004 1 1.88 3.12 1.56 90 TR_LOTS_OF_MONEY3 1 0.62 3.12 0.00 91 SUBJ_OBFU_PUNCT_FEW 1 0.62 3.12 0.00 92 FROM_GOV_SPOOF 1 1.25 3.12 0.78 93 BAYES_60 1 10.62 3.12 12.50 94 XM_B_Crypto 1 0.62 3.12 0.00 95 XM_B_SexDrugs1 1 0.62 3.12 0.00 96 BOUNCE_MESSAGE 1 15.62 3.12 18.75 97 TVD_RCVD_IP 1 1.25 3.12 0.78 98 XMSexyCombo_01 1 0.62 3.12 0.00 99 RELAYCOUNTRY_KR 1 0.62 3.12 0.00 100 XM_DIRTYINTL 1 0.62 3.12 0.00 101 PDS_PRO_TLD 1 0.62 3.12 0.00 102 RCVD_IN_RP_CERTIFIED 1 0.62 3.12 0.00 103 TooManyTo_003 1 1.88 3.12 1.56 104 XMSubMetaSxObfu_03 1 1.25 3.12 0.78 105 BITCOIN_SPAM_03 1 0.62 3.12 0.00 106 MAILING_LIST_MULTI 1 1.88 3.12 1.56 107 XMGppyBdWords 1 0.62 3.12 0.00 108 RCVD_IN_PSBL 1 0.62 3.12 0.00 109 XM_Dr_From 1 0.62 3.12 0.00 110 BITCOIN_MALWARE 1 0.62 3.12 0.00 111 HTML_IMAGE_RATIO_04 1 11.25 3.12 13.28 112 ANY_BOUNCE_MESSAGE 1 15.62 3.12 18.75 113 PDS_BTC_ID 1 0.62 3.12 0.00 114 RCVD_IN_RP_SAFE 1 0.62 3.12 0.00 115 ALL_TRUSTED 1 26.88 3.12 32.81 116 XM_UB95 1 0.62 3.12 0.00 117 T_XMDrugObfuBody_00 1 1.25 3.12 0.78 118 T_TooManySym_01 1 3.75 3.12 3.91 119 TooManyTo_002 1 2.50 3.12 2.34 120 TR_XM_Crypto2 1 0.62 3.12 0.00 121 CK_HELO_GENERIC 1 0.62 3.12 0.00 122 XMHTML_After_End 1 0.62 3.12 0.00 123 XM_UB999 1 0.62 3.12 0.00 124 XM_SPF_SoftFail 1 5.00 3.12 5.47 125 MONEY_BACK 1 0.62 3.12 0.00 126 TR_MetaPhish_Combo_01 1 1.25 3.12 0.78 127 T_REMOTE_IMAGE 1 1.25 3.12 0.78 128 BAYES_95 1 3.12 3.12 3.12 129 XM_Evil_Numbers_Gen 1 4.38 3.12 4.69 130 XMSubject_70 1 0.62 3.12 0.00 131 FSL_BULK_SIG 1 1.88 3.12 1.56 132 XM_Body_Dirty_Words_02 1 0.62 3.12 0.00 133 SHORT_URI_2 1 2.50 3.12 2.34 134 FROM_EXCESS_BASE64 1 0.62 3.12 0.00 135 NO_DNS_FOR_FROM 1 0.62 3.12 0.00 136 XMSexyCombo_05 1 0.62 3.12 0.00 137 T_US_DOLLARS_3 1 0.62 3.12 0.00 138 T_TooManySym_02 1 3.75 3.12 3.91 139 TO_EQ_FM_DOM_HTML_ONLY 1 0.62 3.12 0.00 140 XMEmptySub 1 0.62 3.12 0.00 141 RELAYCOUNTRY_DK 1 0.62 3.12 0.00 142 OBFU_TEXT_ATTACH 1 0.62 3.12 0.00 143 TR_Symld_Words 1 2.50 3.12 2.34 144 XM_OfRef6 1 1.25 3.12 0.78 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 122 93.12 84.38 95.31 2 T_SCC_BODY_TEXT_LINE 105 81.25 78.12 82.03 3 HTML_MESSAGE 89 73.75 90.62 69.53 4 DKIM_SIGNED 81 66.25 78.12 63.28 5 BAYES_50 80 56.88 34.38 62.50 6 XM_DK_Pass 80 65.62 78.12 62.50 7 DKIM_VALID 79 65.00 78.12 61.72 8 RELAYCOUNTRY_US 78 63.75 75.00 60.94 9 XM_B_Unicode 67 57.50 78.12 52.34 10 DKIM_VALID_AU 56 45.62 53.12 43.75 11 DKIM_VALID_EF 48 36.25 31.25 37.50 12 ALL_TRUSTED 42 26.88 3.12 32.81 13 XMListUnsubscribeExists 40 30.63 28.12 31.25 14 XM_B_Unicode3 31 29.38 50.00 24.22 15 T_TM2_M_HEADER_IN_MSG 31 23.75 21.88 24.22 16 XM_B_SpammyWords 28 28.12 53.12 21.88 17 HTML_FONT_LOW_CONTRAST 27 21.25 21.88 21.09 18 T_KAM_HTML_FONT_INVALID 25 19.38 18.75 19.53 19 FVGT_m_MULTI_ODD 24 28.12 65.62 18.75 20 ANY_BOUNCE_MESSAGE 24 15.62 3.12 18.75 21 BOUNCE_MESSAGE 24 15.62 3.12 18.75 22 TR_XM_DK_Unsub 23 16.25 9.38 17.97 23 XM_DKIMWhitelistDomains 23 14.37 0.00 17.97 24 XM_PDF 22 13.75 0.00 17.19 25 LOC_TINY_FONT_1 21 19.38 31.25 16.41 26 UNPARSEABLE_RELAY 21 17.50 21.88 16.41 27 RCVD_IN_MSPIKE_H2 20 16.88 21.88 15.62 28 HTML_IMAGE_RATIO_04 17 11.25 3.12 13.28 29 XM_Multi_Part_URI 17 18.75 40.62 13.28 30 BAYES_60 16 10.62 3.12 12.50 31 IN_ZIMBRA_NJ_WHITELIST 12 7.50 0.00 9.38 32 T_XMDrugObfuBody_08 11 6.88 0.00 8.59 33 XM_B_Unsub 11 15.62 43.75 8.59 34 XM_UncommonTLD01 11 8.75 9.38 8.59 35 TR_XM_BayesUnsub 11 15.62 43.75 8.59 36 TR_XM_SpoofPhishAttach 10 6.25 0.00 7.81 37 BAYES_20 10 6.25 0.00 7.81 38 XM_Body_Dirty_Words 10 11.25 25.00 7.81 39 RELAYCOUNTRY_META 10 10.62 21.88 7.81 40 XMSubLong 9 12.50 34.38 7.03 41 XM_H_SpoofStaff4 8 5.00 0.00 6.25 42 T_OBFU_PDF_ATTACH 8 5.00 0.00 6.25 43 XMSpoofStaff2 8 5.00 0.00 6.25 44 BOTNET_IPINHOSTNAME 8 8.12 15.62 6.25 45 SCC_BODY_URI_ONLY 8 5.00 0.00 6.25 46 TR_XM_SpoofStaff 8 5.00 0.00 6.25 47 TooManyTo_001 8 6.25 6.25 6.25 48 MIME_QP_LONG_LINE 8 5.00 0.00 6.25 49 XM_ZohoDesk1 8 5.00 0.00 6.25 50 TR_XM_PSC1 8 5.00 0.00 6.25 51 BAYES_00 7 4.38 0.00 5.47 52 TO_MALFORMED 7 4.38 0.00 5.47 53 XM_SPF_SoftFail 7 5.00 3.12 5.47 54 INVALID_MSGID 7 4.38 0.00 5.47 55 XM_B_SpammyWords2 7 9.38 25.00 5.47 56 HTML_IMAGE_RATIO_06 7 5.62 6.25 5.47 57 XM_Evil_Numbers_Gen 6 4.38 3.12 4.69 58 DCC_CHECK 6 6.88 15.62 4.69 59 LotsOfNums_01 6 3.75 0.00 4.69 60 GMD_PDF_HORIZ 6 3.75 0.00 4.69 61 TR_XM_DK_Bayes1 5 3.12 0.00 3.91 62 T_TooManySym_02 5 3.75 3.12 3.91 63 T_TooManySym_01 5 3.75 3.12 3.91 64 XM_DK_Undo_02 5 13.75 53.12 3.91 65 TR_XM_DK_Bayes 5 3.12 0.00 3.91 66 RELAYCOUNTRY_AU 5 3.12 0.00 3.91 67 MIME_HTML_ONLY 5 5.00 9.38 3.91 68 XMNumbers 5 3.75 3.12 3.91 69 SHOPIFY_IMG_NOT_RCVD_SFY 4 2.50 0.00 3.12 70 XM_H_Undi_Recip 4 2.50 0.00 3.12 71 RCVD_IN_VALIDITY_SAFE 4 2.50 0.00 3.12 72 XM_ShortIntro_01 4 2.50 0.00 3.12 73 RCVD_IN_MSPIKE_WL 4 2.50 0.00 3.12 74 BAYES_95 4 3.12 3.12 3.12 75 BAYES_99 4 11.88 46.88 3.12 76 RCVD_IN_VALIDITY_CERTIFIED 4 2.50 0.00 3.12 77 USER_IN_DEF_DKIM_WL 4 2.50 0.00 3.12 78 MSGID_NOFQDN1 3 1.88 0.00 2.34 79 XMStrtUSub 3 1.88 0.00 2.34 80 TR_Symld_Words 3 2.50 3.12 2.34 81 T_XMDrugObfuBody_14 3 4.38 12.50 2.34 82 TR_XM_SB_Phish 3 1.88 0.00 2.34 83 TooManyTo_002 3 2.50 3.12 2.34 84 BAYES_80 3 4.38 12.50 2.34 85 TR_XM_SpammyRelay 3 3.75 9.38 2.34 86 DKIM_ADSP_CUSTOM_MED 3 1.88 0.00 2.34 87 TR_XM_UnparsRelay 3 5.00 15.62 2.34 88 XMSubPhish11 3 1.88 0.00 2.34 89 SHORT_URI_2 3 2.50 3.12 2.34 90 NML_ADSP_CUSTOM_MED 3 1.88 0.00 2.34 91 BASE64_LENGTH_79_INF 3 1.88 0.00 2.34 92 XM_DK_Undo_01 3 1.88 0.00 2.34 93 TVD_SPACE_RATIO 3 1.88 0.00 2.34 94 XM_H_Long_From01 3 1.88 0.00 2.34 95 MIME_HTML_MOSTLY 2 4.38 15.62 1.56 96 XM_B_Unsub2 2 3.75 12.50 1.56 97 LOTS_OF_MONEY 2 8.12 34.38 1.56 98 FSL_BULK_SIG 2 1.88 3.12 1.56 99 BAYES_05 2 1.25 0.00 1.56 100 BAYES_40 2 1.25 0.00 1.56 101 TM2_M_VERY_LONG_WORD 2 1.25 0.00 1.56 102 MPART_ALT_DIFF 2 3.12 9.38 1.56 103 HTML_IMAGE_RATIO_08 2 3.75 12.50 1.56 104 DKIM_INVALID 2 1.25 0.00 1.56 105 XM_H_PHPMailer 2 1.25 0.00 1.56 106 TR_XM_SpammyWords5 2 1.25 0.00 1.56 107 RCVD_IN_IADB_DK 2 1.25 0.00 1.56 108 RCVD_IN_MSPIKE_H3 2 1.25 0.00 1.56 109 TooManyTo_004 2 1.88 3.12 1.56 110 RCVD_IN_MSPIKE_H4 2 1.25 0.00 1.56 111 XMSubMetaSx_00 2 2.50 6.25 1.56 112 FORGED_GMAIL_RCVD 2 1.25 0.00 1.56 113 RCVD_IN_IADB_SPF 2 1.25 0.00 1.56 114 HTML_IMAGE_RATIO_02 2 4.38 15.62 1.56 115 XM_ZIP 2 1.25 0.00 1.56 116 XMCapTrack 2 1.25 0.00 1.56 117 MAILING_LIST_MULTI 2 1.88 3.12 1.56 118 SUBJ_ALL_CAPS 2 1.25 0.00 1.56 119 TooManyTo_003 2 1.88 3.12 1.56 120 KHOP_HELO_FCRDNS 2 3.75 12.50 1.56 121 XMLngstWrd_00 2 1.25 0.00 1.56 122 XM_B_Phish_Phrases 2 3.12 9.38 1.56 123 RCVD_IN_IADB_LISTED 2 1.25 0.00 1.56 124 XMNoVowels 2 1.88 3.12 1.56 125 RELAYCOUNTRY_GB 2 1.25 0.00 1.56 126 RCVD_IN_IADB_SENDERID 2 1.25 0.00 1.56 127 RCVD_IN_BL_SPAMCOP_NET 1 3.75 15.62 0.78 128 IN_HORDE_ADDRESS_BOOK 1 0.62 0.00 0.78 129 TR_XM_DK_SendGrid 1 0.62 0.00 0.78 130 XM_Combo_Fr 1 0.62 0.00 0.78 131 T_DOC_ATTACH_NO_EXT 1 0.62 0.00 0.78 132 DATE_IN_PAST_12_24 1 0.62 0.00 0.78 133 LongTLD 1 0.62 0.00 0.78 134 UNTRUSTED_Relay 1 5.00 21.88 0.78 135 XM_B_Phish66 1 1.88 6.25 0.78 136 XM_UB60 1 0.62 0.00 0.78 137 TooManyTo_005 1 0.62 0.00 0.78 138 TR_XM_PhishingBody 1 1.88 6.25 0.78 139 XMLngstWrd_03 1 0.62 0.00 0.78 140 T_REMOTE_IMAGE 1 1.25 3.12 0.78 141 XM_S_SubURI 1 0.62 0.00 0.78 142 TR_XM_Undi_Recip2 1 0.62 0.00 0.78 143 TR_MRelay_UG 1 0.62 0.00 0.78 144 BAYES_999 1 5.62 25.00 0.78 145 XM_Sft_Co_L33T 1 0.62 0.00 0.78 146 TR_XM_DK_Bayes2 1 0.62 0.00 0.78 147 RELAYCOUNTRY_FR 1 1.88 6.25 0.78 148 TR_XM_SpammyWords4 1 3.12 12.50 0.78 149 HTML_IMAGE_ONLY_32 1 0.62 0.00 0.78 150 XM_Body_Obfu01 1 0.62 0.00 0.78 151 XM_ProductURIs 1 3.12 12.50 0.78 152 SpammyFromTLD_02 1 0.62 0.00 0.78 153 XMLngstWrd_01 1 0.62 0.00 0.78 154 NUMERIC_HTTP_ADDR 1 0.62 0.00 0.78 155 XM_B_SpammyWords3 1 0.62 0.00 0.78 156 TVD_RCVD_IP 1 1.25 3.12 0.78 157 MPART_ALT_DIFF_COUNT 1 0.62 0.00 0.78 158 TRACKER_ID 1 0.62 0.00 0.78 159 XM_B_Investor 1 0.62 0.00 0.78 160 T_XMHurry_00 1 0.62 0.00 0.78 161 URI_HEX 1 0.62 0.00 0.78 162 TR_XM_Undi_Recip14 1 0.62 0.00 0.78 163 RELAYCOUNTRY_PK 1 0.62 0.00 0.78 164 HTML_OBFUSCATE_05_10 1 0.62 0.00 0.78 165 GMD_PDF_SQUARE 1 0.62 0.00 0.78 166 XM_URI_RBL 1 0.62 0.00 0.78 167 XM_OfRef6 1 1.25 3.12 0.78 168 TR_XM_DKIM_Undo 1 6.25 28.12 0.78 169 XMLngstWrd_04 1 0.62 0.00 0.78 170 TR_Sbj_FN_Bdy 1 0.62 0.00 0.78 171 T_TooManySym_03 1 0.62 0.00 0.78 172 XMDateMe_00 1 0.62 0.00 0.78 173 RELAYCOUNTRY_IE 1 0.62 0.00 0.78 174 WEIRD_PORT 1 0.62 0.00 0.78 175 PDS_OTHER_BAD_TLD 1 0.62 0.00 0.78 176 TR_MetaPhish_Combo_01 1 1.25 3.12 0.78 177 XM_B_SpammyTLD 1 3.12 12.50 0.78 178 XMQckEasyMeta_00 1 0.62 0.00 0.78 179 XM_GoogleGroups 1 0.62 0.00 0.78 180 T_XMDrugObfuBody_00 1 1.25 3.12 0.78 181 XMSubMetaSxObfu_03 1 1.25 3.12 0.78 182 XMBody_95 1 0.62 0.00 0.78 183 MIME_HTML_ONLY_MULTI 1 0.62 0.00 0.78 184 CTE_8BIT_MISMATCH 1 0.62 0.00 0.78 185 XMLngstWrd_02 1 0.62 0.00 0.78 186 XM_SendGrid 1 0.62 0.00 0.78 187 RELAYCOUNTRY_MX 1 0.62 0.00 0.78 188 FROM_GOV_SPOOF 1 1.25 3.12 0.78 189 XMBSHREFv2 1 0.62 0.00 0.78 190 XM_H_Long_From02 1 0.62 0.00 0.78 191 LONG_IMG_URI 1 0.62 0.00 0.78 ----------------------------------------------------------------------