Email: 202 Autolearn: 0 AvgScore: -0.97 AvgScanTime: 1.73 sec Spam: 31 Autolearn: 0 AvgScore: 11.81 AvgScanTime: 2.28 sec Ham: 171 Autolearn: 0 AvgScore: -3.28 AvgScanTime: 1.63 sec Time Spent Running SA: 0.10 hours Time Spent Processing Spam: 0.02 hours Time Spent Processing Ham: 0.08 hours TOP SPAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 HTML_MESSAGE 29 59.90 93.55 53.80 2 DKIM_SIGNED 29 58.91 93.55 52.63 3 XM_DK_Pass 29 58.42 93.55 52.05 4 DKIM_VALID 28 57.92 90.32 52.05 5 RELAYCOUNTRY_US 27 51.49 87.10 45.03 6 XM_B_Unicode 26 49.50 83.87 43.27 7 DKIM_VALID_AU 24 46.53 77.42 40.94 8 XM_B_SpammyWords 24 31.68 77.42 23.39 9 LOC_TINY_FONT_1 19 14.36 61.29 5.85 10 XM_B_Unicode3 18 32.67 58.06 28.07 11 DCC_CHECK_NEGATIVE 17 83.17 54.84 88.30 12 XMListUnsubscribeExists 16 33.66 51.61 30.41 13 DKIM_VALID_EF 15 28.71 48.39 25.15 14 DCC_CHECK 14 16.83 45.16 11.70 15 BAYES_50 13 65.84 41.94 70.18 16 XM_B_SpammyWords2 12 11.39 38.71 6.43 17 HTML_FONT_LOW_CONTRAST 11 28.22 35.48 26.90 18 XM_B_Unsub 11 10.40 35.48 5.85 19 XM_Multi_Part_URI 11 10.40 35.48 5.85 20 TR_XM_BayesUnsub 10 9.90 32.26 5.85 21 T_KAM_HTML_FONT_INVALID 9 10.40 29.03 7.02 22 MIME_HTML_ONLY 9 14.36 29.03 11.70 23 FVGT_m_MULTI_ODD 9 21.29 29.03 19.88 24 XM_DK_Undo_02 9 5.45 29.03 1.17 25 UNPARSEABLE_RELAY 9 13.37 29.03 10.53 26 BAYES_999 7 4.46 22.58 1.17 27 BAYES_99 7 4.46 22.58 1.17 28 XM_Body_Dirty_Words 6 4.95 19.35 2.34 29 XMNumbers 6 5.45 19.35 2.92 30 T_TM2_M_HEADER_IN_MSG 6 14.85 19.35 14.04 31 TR_XM_DKIM_Undo 6 2.97 19.35 0.00 32 XMSubLong 6 12.87 19.35 11.70 33 LOTS_OF_MONEY 5 5.45 16.13 3.51 34 TR_XM_UnparsRelay 5 2.97 16.13 0.58 35 HTML_IMAGE_RATIO_06 5 3.47 16.13 1.17 36 TR_XM_SpammyWords4 5 5.45 16.13 3.51 37 TR_XM_DK_Unsub 5 9.90 16.13 8.77 38 RELAYCOUNTRY_META 5 10.89 16.13 9.94 39 RCVD_IN_MSPIKE_H2 5 16.34 16.13 16.37 40 XM_UncommonTLD01 5 7.92 16.13 6.43 41 XMStrtUSub 4 7.43 12.90 6.43 42 XM_B_Investor 4 2.48 12.90 0.58 43 TR_XM_SpammyRelay 4 3.47 12.90 1.75 44 TM2_M_URI_OPT_OUT 4 1.98 12.90 0.00 45 TR_XM_SpammyWords5 4 2.48 12.90 0.58 46 BAYES_60 4 11.39 12.90 11.11 47 BOTNET_IPINHOSTNAME 4 4.46 12.90 2.92 48 URI_NOVOWEL 3 1.49 9.68 0.00 49 MIME_HTML_MOSTLY 3 2.97 9.68 1.75 50 HTML_IMAGE_RATIO_02 3 2.97 9.68 1.75 51 TR_DCC_Bayes_99 3 1.98 9.68 0.58 52 BAYES_80 3 3.47 9.68 2.34 53 HTML_IMAGE_RATIO_08 3 2.97 9.68 1.75 54 RELAYCOUNTRY_AU 2 2.97 6.45 2.34 55 XM_OfRef6 2 0.99 6.45 0.00 56 TR_XM_NoHeaderRelay 2 0.99 6.45 0.00 57 BAYES_05 2 0.99 6.45 0.00 58 XM_B_Unsub2 2 0.99 6.45 0.00 59 TR_XM_PHPDW 2 1.98 6.45 1.17 60 TR_XM_PHPForged 2 1.98 6.45 1.17 61 SpammyFromTLD_01 2 0.99 6.45 0.00 62 XMEmptyBody_01 2 0.99 6.45 0.00 63 TM2_M_VERY_LONG_WORD 2 3.47 6.45 2.92 64 MPART_ALT_DIFF 2 2.48 6.45 1.75 65 FROM_EXCESS_BASE64 2 0.99 6.45 0.00 66 BOTNET 2 0.99 6.45 0.00 67 BODY_EMPTY 2 0.99 6.45 0.00 68 XM_Evil_Numbers_Gen 2 3.96 6.45 3.51 69 FROM_MISSPACED 2 0.99 6.45 0.00 70 MIME_HEADER_CTYPE_ONLY 2 0.99 6.45 0.00 71 XM_Body_Dirty_Words_01 2 0.99 6.45 0.00 72 TM2_M_BODY_EMPTY 2 0.99 6.45 0.00 73 MIME_HTML_ONLY_MULTI 2 0.99 6.45 0.00 74 TR_XM_FormFill2 2 1.98 6.45 1.17 75 SpammyFromTLD_02 2 0.99 6.45 0.00 76 UNTRUSTED_Relay 2 7.92 6.45 8.19 77 XM_ProductURIs 2 0.99 6.45 0.00 78 XM_H_PHPOS 2 1.98 6.45 1.17 79 XM_B_SpammyTLD 2 2.48 6.45 1.75 80 XM_B_SpammyWords3 2 1.98 6.45 1.17 81 XMGappySubj_01 2 0.99 6.45 0.00 82 T_XMDrugObfuBody_08 1 1.49 3.23 1.17 83 T_XMDrugObfuBody_03 1 0.50 3.23 0.00 84 XM_Body_Obfu01 1 0.99 3.23 0.58 85 XM_SPF_SoftFail 1 1.49 3.23 1.17 86 XM_UB99 1 0.50 3.23 0.00 87 TR_Symld_Words 1 0.99 3.23 0.58 88 XMDiploma_00 1 0.50 3.23 0.00 89 DIET_1 1 0.99 3.23 0.58 90 T_TooManySym_01 1 5.94 3.23 6.43 91 TR_XM_SPAMCOP 1 0.50 3.23 0.00 92 XM_Lotto 1 0.50 3.23 0.00 93 URI_HEX 1 1.49 3.23 1.17 94 RDNS_DYNAMIC 1 0.50 3.23 0.00 95 FROM_GOV_SPOOF 1 0.99 3.23 0.58 96 XM_UB999 1 0.50 3.23 0.00 97 XM_DIRTYINTL 1 0.50 3.23 0.00 98 DKIM_INVALID 1 0.99 3.23 0.58 99 BAYES_95 1 0.50 3.23 0.00 100 TVD_RCVD_IP 1 1.98 3.23 1.75 101 RELAYCOUNTRY_PT 1 0.50 3.23 0.00 102 XM_H_Long_From01 1 1.98 3.23 1.75 103 TR_XM_SpammyWords2 1 0.50 3.23 0.00 104 XMSubMetaSx_00 1 0.99 3.23 0.58 105 HELO_DYNAMIC_SPLIT_IP 1 0.50 3.23 0.00 106 TR_XM_Base64_L1 1 0.50 3.23 0.00 107 SUBJ_OBFU_PUNCT_FEW 1 0.50 3.23 0.00 108 XMDateMe_00 1 0.99 3.23 0.58 109 NO_DNS_FOR_FROM 1 0.50 3.23 0.00 110 XMClaimOffer 1 0.50 3.23 0.00 111 RELAYCOUNTRY_DK 1 0.50 3.23 0.00 112 TO_EQ_FM_DOM_HTML_ONLY 1 0.50 3.23 0.00 113 RCVD_IN_BL_SPAMCOP_NET 1 0.50 3.23 0.00 114 XMStockSpam_06 1 0.99 3.23 0.58 115 BAYES_40 1 1.49 3.23 1.17 116 T_TooManySym_02 1 2.97 3.23 2.92 117 TM2_M_OBFU_COMMENT 1 0.50 3.23 0.00 118 T_XMDrugObfuBody_14 1 0.50 3.23 0.00 119 TR_Mismatch_TLD_02 1 0.99 3.23 0.58 120 XM_UB50 1 1.49 3.23 1.17 121 RELAYCOUNTRY_FR 1 0.50 3.23 0.00 122 XMSexyCombo_05 1 0.50 3.23 0.00 123 TR_XM_MaxWHORU 1 0.50 3.23 0.00 ---------------------------------------------------------------------- TOP HAM RULES FIRED ---------------------------------------------------------------------- RANK RULE NAME COUNT %OFMAIL %OFSPAM %OFHAM ---------------------------------------------------------------------- 1 DCC_CHECK_NEGATIVE 151 83.17 54.84 88.30 2 BAYES_50 120 65.84 41.94 70.18 3 HTML_MESSAGE 92 59.90 93.55 53.80 4 DKIM_SIGNED 90 58.91 93.55 52.63 5 DKIM_VALID 89 57.92 90.32 52.05 6 XM_DK_Pass 89 58.42 93.55 52.05 7 RELAYCOUNTRY_US 77 51.49 87.10 45.03 8 ALL_TRUSTED 76 37.62 0.00 44.44 9 XM_B_Unicode 74 49.50 83.87 43.27 10 DKIM_VALID_AU 70 46.53 77.42 40.94 11 ANY_BOUNCE_MESSAGE 63 31.19 0.00 36.84 12 BOUNCE_MESSAGE 63 31.19 0.00 36.84 13 XMListUnsubscribeExists 52 33.66 51.61 30.41 14 XM_B_Unicode3 48 32.67 58.06 28.07 15 HTML_FONT_LOW_CONTRAST 46 28.22 35.48 26.90 16 DKIM_VALID_EF 43 28.71 48.39 25.15 17 XM_B_SpammyWords 40 31.68 77.42 23.39 18 FVGT_m_MULTI_ODD 34 21.29 29.03 19.88 19 RCVD_IN_MSPIKE_H2 28 16.34 16.13 16.37 20 T_TM2_M_HEADER_IN_MSG 24 14.85 19.35 14.04 21 BAYES_00 22 10.89 0.00 12.87 22 MIME_HTML_ONLY 20 14.36 29.03 11.70 23 TR_XM_DK_Bayes 20 9.90 0.00 11.70 24 XMSubLong 20 12.87 19.35 11.70 25 DCC_CHECK 20 16.83 45.16 11.70 26 TR_XM_DK_Bayes1 20 9.90 0.00 11.70 27 BAYES_60 19 11.39 12.90 11.11 28 XM_DKIMWhitelistDomains 19 9.41 0.00 11.11 29 UNPARSEABLE_RELAY 18 13.37 29.03 10.53 30 RELAYCOUNTRY_META 17 10.89 16.13 9.94 31 TR_XM_DK_Bayes2 16 7.92 0.00 9.36 32 TR_XM_DK_Unsub 15 9.90 16.13 8.77 33 UNTRUSTED_Relay 14 7.92 6.45 8.19 34 IN_ZIMBRA_NJ_WHITELIST 14 6.93 0.00 8.19 35 T_KAM_HTML_FONT_INVALID 12 10.40 29.03 7.02 36 XM_B_SpammyWords2 11 11.39 38.71 6.43 37 XM_UncommonTLD01 11 7.92 16.13 6.43 38 XMStrtUSub 11 7.43 12.90 6.43 39 T_TooManySym_01 11 5.94 3.23 6.43 40 LOC_TINY_FONT_1 10 14.36 61.29 5.85 41 XM_Multi_Part_URI 10 10.40 35.48 5.85 42 RELAYCOUNTRY_AT 10 4.95 0.00 5.85 43 XM_B_Unsub 10 10.40 35.48 5.85 44 TR_XM_BayesUnsub 10 9.90 32.26 5.85 45 TO_MALFORMED 9 4.46 0.00 5.26 46 MIME_QP_LONG_LINE 9 4.46 0.00 5.26 47 LotsOfNums_01 8 3.96 0.00 4.68 48 INVALID_MSGID 7 3.47 0.00 4.09 49 RCVD_IN_MSPIKE_WL 7 3.47 0.00 4.09 50 RCVD_IN_MSPIKE_H3 7 3.47 0.00 4.09 51 LOTS_OF_MONEY 6 5.45 16.13 3.51 52 TR_XM_PhishingBody 6 2.97 0.00 3.51 53 TR_XM_SpammyWords4 6 5.45 16.13 3.51 54 XM_Evil_Numbers_Gen 6 3.96 6.45 3.51 55 MSGID_NOFQDN1 5 2.48 0.00 2.92 56 T_MONEY_PERCENT 5 2.48 0.00 2.92 57 HTML_IMAGE_RATIO_04 5 2.48 0.00 2.92 58 TM2_M_VERY_LONG_WORD 5 3.47 6.45 2.92 59 XMNumbers 5 5.45 19.35 2.92 60 TR_LOTS_OF_MONEY2 5 2.48 0.00 2.92 61 HTML_TAG_BALANCE_BODY 5 2.48 0.00 2.92 62 T_REMOTE_IMAGE 5 2.48 0.00 2.92 63 T_TooManySym_02 5 2.97 3.23 2.92 64 BOTNET_IPINHOSTNAME 5 4.46 12.90 2.92 65 USER_IN_DEF_DKIM_WL 5 2.48 0.00 2.92 66 BAYES_80 4 3.47 9.68 2.34 67 RCVD_IN_IADB_SENDERID 4 1.98 0.00 2.34 68 XM_Body_Dirty_Words 4 4.95 19.35 2.34 69 XM_ZIP 4 1.98 0.00 2.34 70 RCVD_IN_IADB_DK 4 1.98 0.00 2.34 71 XM_B_Phish66 4 1.98 0.00 2.34 72 RCVD_IN_IADB_SPF 4 1.98 0.00 2.34 73 RELAYCOUNTRY_AU 4 2.97 6.45 2.34 74 RCVD_IN_IADB_LISTED 4 1.98 0.00 2.34 75 XM_DK_Undo_01 4 1.98 0.00 2.34 76 USER_IN_WHITELIST 3 1.49 0.00 1.75 77 HTML_IMAGE_RATIO_08 3 2.97 9.68 1.75 78 XM_PDF 3 1.49 0.00 1.75 79 MIME_HTML_MOSTLY 3 2.97 9.68 1.75 80 TR_XM_SpammyRelay 3 3.47 12.90 1.75 81 XM_B_Phish_Phrases 3 1.49 0.00 1.75 82 MAILING_LIST_MULTI 3 1.49 0.00 1.75 83 XM_B_SpammyTLD 3 2.48 6.45 1.75 84 TooManyTo_001 3 1.49 0.00 1.75 85 USER_IN_WELCOMELIST 3 1.49 0.00 1.75 86 XMBSHREFv2 3 1.49 0.00 1.75 87 HTML_IMAGE_RATIO_02 3 2.97 9.68 1.75 88 MPART_ALT_DIFF 3 2.48 6.45 1.75 89 TVD_RCVD_IP 3 1.98 3.23 1.75 90 XM_H_Long_From01 3 1.98 3.23 1.75 91 TR_XM_FormFill2 2 1.98 6.45 1.17 92 XM_DK_Undo_02 2 5.45 29.03 1.17 93 XM_GoogleGroups 2 0.99 0.00 1.17 94 BAYES_40 2 1.49 3.23 1.17 95 FSL_BULK_SIG 2 0.99 0.00 1.17 96 HK_RANDOM_ENVFROM 2 0.99 0.00 1.17 97 RCVD_IN_IADB_VOUCHED 2 0.99 0.00 1.17 98 XM_H_PHPOS 2 1.98 6.45 1.17 99 HTML_MIME_NO_HTML_TAG 2 0.99 0.00 1.17 100 UPPERCASE_50_75 2 0.99 0.00 1.17 101 XM_UB50 2 1.49 3.23 1.17 102 TR_XM_SpoofPhishAttach 2 0.99 0.00 1.17 103 BAYES_99 2 4.46 22.58 1.17 104 XM_B_SpammyWords3 2 1.98 6.45 1.17 105 XMSolicitRefs_0 2 0.99 0.00 1.17 106 XM_CamelCaseFrm001 2 0.99 0.00 1.17 107 BAYES_20 2 0.99 0.00 1.17 108 XM_SPF_SoftFail 2 1.49 3.23 1.17 109 TR_XM_PHPDW 2 1.98 6.45 1.17 110 XM_H_Undi_Recip 2 0.99 0.00 1.17 111 XM_Dr_From 2 0.99 0.00 1.17 112 XM_H_SpoofStaff4 2 0.99 0.00 1.17 113 FROM_GOV_DKIM_AU 2 0.99 0.00 1.17 114 KHOP_HELO_FCRDNS 2 0.99 0.00 1.17 115 XM_ZohoDesk1 2 0.99 0.00 1.17 116 TR_XM_PHPForged 2 1.98 6.45 1.17 117 URI_HEX 2 1.49 3.23 1.17 118 XMHTML_After_End 2 0.99 0.00 1.17 119 HTML_IMAGE_RATIO_06 2 3.47 16.13 1.17 120 TR_XM_SpoofStaff 2 0.99 0.00 1.17 121 XMLngstWrd_00 2 0.99 0.00 1.17 122 TR_XM_PSC1 2 0.99 0.00 1.17 123 XMPhish14 2 0.99 0.00 1.17 124 XMLngstWrd_01 2 0.99 0.00 1.17 125 DKIM_ADSP_CUSTOM_MED 2 0.99 0.00 1.17 126 T_XMDrugObfuBody_08 2 1.49 3.23 1.17 127 T_OBFU_PDF_ATTACH 2 0.99 0.00 1.17 128 BAYES_999 2 4.46 22.58 1.17 129 GMD_PDF_SQUARE 2 0.99 0.00 1.17 130 TVD_SPACE_RATIO 2 0.99 0.00 1.17 131 FORGED_GMAIL_RCVD 2 0.99 0.00 1.17 132 T_XMHurry_00 2 0.99 0.00 1.17 133 XMSpoofStaff2 2 0.99 0.00 1.17 134 HK_RANDOM_FROM 1 0.50 0.00 0.58 135 XM_ShortIntro_01 1 0.50 0.00 0.58 136 TR_XM_SpammyWords5 1 2.48 12.90 0.58 137 XM_H_PHPOS_M 1 0.50 0.00 0.58 138 XMStockSpam_06 1 0.99 3.23 0.58 139 TR_MetaPhish_Combo_01 1 0.50 0.00 0.58 140 HTML_IMAGE_ONLY_08 1 0.50 0.00 0.58 141 XM_H_Long_From02 1 0.50 0.00 0.58 142 IN_HORDE_ADDRESS_BOOK 1 0.50 0.00 0.58 143 XM_B_COPY_HTML 1 0.50 0.00 0.58 144 RELAYCOUNTRY_BE 1 0.50 0.00 0.58 145 T_PDS_SHORTFWD_URISHRT_QP 1 0.50 0.00 0.58 146 T_DOC_ATTACH_NO_EXT 1 0.50 0.00 0.58 147 URI_TRY_3LD 1 0.50 0.00 0.58 148 TooManyTo_003 1 0.50 0.00 0.58 149 TooManyTo_002 1 0.50 0.00 0.58 150 XMLngstWrd_02 1 0.50 0.00 0.58 151 NUMERIC_HTTP_ADDR 1 0.50 0.00 0.58 152 XM_Body_Obfu01 1 0.99 3.23 0.58 153 XMLngstWrd_03 1 0.50 0.00 0.58 154 XM_S_SubURI 1 0.50 0.00 0.58 155 DIET_1 1 0.99 3.23 0.58 156 RELAYCOUNTRY_RU 1 0.50 0.00 0.58 157 RELAYCOUNTRY_IT 1 0.50 0.00 0.58 158 T_TooManySym_03 1 0.50 0.00 0.58 159 XM_B_Investor 1 2.48 12.90 0.58 160 MIME_BOUND_DIGITS_15 1 0.50 0.00 0.58 161 TR_DCC_Bayes_99 1 1.98 9.68 0.58 162 XMDateMe_00 1 0.99 3.23 0.58 163 PRESENTAMOS_ES 1 0.50 0.00 0.58 164 LongTLD 1 0.50 0.00 0.58 165 SHORT_URI_3 1 0.50 0.00 0.58 166 TR_XM_SB_Phish 1 0.50 0.00 0.58 167 CTE_8BIT_MISMATCH 1 0.50 0.00 0.58 168 XMCapTrack 1 0.50 0.00 0.58 169 RCVD_IN_RP_SAFE 1 0.50 0.00 0.58 170 TR_Mismatch_TLD_02 1 0.99 3.23 0.58 171 SHOPIFY_IMG_NOT_RCVD_SFY 1 0.50 0.00 0.58 172 XMHTMLBadTable_001 1 0.50 0.00 0.58 173 XMSubMetaSxObfu_02 1 0.50 0.00 0.58 174 XMWhlSbjSex 1 0.50 0.00 0.58 175 XMLngstWrd_04 1 0.50 0.00 0.58 176 MSGID_FROM_MTA_HEADER 1 0.50 0.00 0.58 177 TR_Symld_Words 1 0.99 3.23 0.58 178 XM_GoogleGroups2 1 0.50 0.00 0.58 179 MIME_BASE64_TEXT 1 0.50 0.00 0.58 180 XM_Ancestry_Forge 1 0.50 0.00 0.58 181 HTML_IMAGE_ONLY_20 1 0.50 0.00 0.58 182 XM_H_PHPMailer 1 0.50 0.00 0.58 183 TR_XM_UnparsRelay 1 2.97 16.13 0.58 184 RCVD_IN_RP_CERTIFIED 1 0.50 0.00 0.58 185 DKIM_INVALID 1 0.99 3.23 0.58 186 FROM_GOV_SPOOF 1 0.99 3.23 0.58 187 XMSubPhish11 1 0.50 0.00 0.58 188 XMBrknScrpt_02 1 0.50 0.00 0.58 189 XMSubMetaSx_00 1 0.99 3.23 0.58 ----------------------------------------------------------------------