mirror of
https://git.proxmox.com/git/proxmox-spamassassin
synced 2025-04-28 14:08:15 +00:00
update SpamAssassin signatures
after installing the package with version 4.0.1 Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
This commit is contained in:
Stoiko Ivanov
parent
443c24b731
commit
54c714b2bf
@ -23,7 +23,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
# predicate naming used to avoid renumbering
|
||||
# 1. assign new rules a random unique three letter sequence
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
###########################################################################
|
||||
# GTUBE test - the generic test for UBE.
|
||||
|
||||
@ -24,7 +24,7 @@
|
||||
###########################################################################
|
||||
# Header compensation tests
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
header __HAS_RCVD exists:Received
|
||||
priority __HAS_RCVD -2000 # Bug 8078
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
###########################################################################
|
||||
|
||||
@ -39,63 +39,6 @@ ifplugin Mail::SpamAssassin::Plugin::DNSEval
|
||||
# DNSBLs do not return the A type (127.0.0.x) as part of the TXT reply.
|
||||
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# SORBS
|
||||
# transfers: both axfr and ixfr available
|
||||
# URL: http://www.dnsbl.sorbs.net/
|
||||
# pay-to-use: no
|
||||
# delist: $50 fee for RCVD_IN_SORBS_SPAM, others have free retest on request
|
||||
|
||||
header __RCVD_IN_SORBS eval:check_rbl('sorbs', 'dnsbl.sorbs.net.')
|
||||
describe __RCVD_IN_SORBS SORBS: sender is listed in SORBS
|
||||
tflags __RCVD_IN_SORBS net
|
||||
reuse __RCVD_IN_SORBS
|
||||
|
||||
header RCVD_IN_SORBS_HTTP eval:check_rbl_sub('sorbs', '127.0.0.2')
|
||||
describe RCVD_IN_SORBS_HTTP SORBS: sender is open HTTP proxy server
|
||||
tflags RCVD_IN_SORBS_HTTP net
|
||||
reuse RCVD_IN_SORBS_HTTP
|
||||
|
||||
header RCVD_IN_SORBS_SOCKS eval:check_rbl_sub('sorbs', '127.0.0.3')
|
||||
describe RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server
|
||||
tflags RCVD_IN_SORBS_SOCKS net
|
||||
reuse RCVD_IN_SORBS_SOCKS
|
||||
|
||||
header RCVD_IN_SORBS_MISC eval:check_rbl_sub('sorbs', '127.0.0.4')
|
||||
describe RCVD_IN_SORBS_MISC SORBS: sender is open proxy server
|
||||
tflags RCVD_IN_SORBS_MISC net
|
||||
reuse RCVD_IN_SORBS_MISC
|
||||
|
||||
header RCVD_IN_SORBS_SMTP eval:check_rbl_sub('sorbs', '127.0.0.5')
|
||||
describe RCVD_IN_SORBS_SMTP SORBS: sender is open SMTP relay
|
||||
tflags RCVD_IN_SORBS_SMTP net
|
||||
reuse RCVD_IN_SORBS_SMTP
|
||||
|
||||
# delist: $50 fee
|
||||
#header RCVD_IN_SORBS_SPAM eval:check_rbl_sub('sorbs', '127.0.0.6')
|
||||
#describe RCVD_IN_SORBS_SPAM SORBS: sender is a spam source
|
||||
#tflags RCVD_IN_SORBS_SPAM net
|
||||
#reuse RCVD_IN_SORBS_SPAM RCVD_IN_SORBS_SPAM
|
||||
|
||||
header RCVD_IN_SORBS_WEB eval:check_rbl_sub('sorbs', '127.0.0.7')
|
||||
describe RCVD_IN_SORBS_WEB SORBS: sender is an abusable web server
|
||||
tflags RCVD_IN_SORBS_WEB net
|
||||
reuse RCVD_IN_SORBS_WEB
|
||||
|
||||
header RCVD_IN_SORBS_BLOCK eval:check_rbl_sub('sorbs', '127.0.0.8')
|
||||
describe RCVD_IN_SORBS_BLOCK SORBS: sender demands to never be tested
|
||||
tflags RCVD_IN_SORBS_BLOCK net
|
||||
reuse RCVD_IN_SORBS_BLOCK
|
||||
|
||||
header RCVD_IN_SORBS_ZOMBIE eval:check_rbl_sub('sorbs', '127.0.0.9')
|
||||
describe RCVD_IN_SORBS_ZOMBIE SORBS: sender is on a hijacked network
|
||||
tflags RCVD_IN_SORBS_ZOMBIE net
|
||||
reuse RCVD_IN_SORBS_ZOMBIE
|
||||
|
||||
header RCVD_IN_SORBS_DUL eval:check_rbl('sorbs-lastexternal', 'dnsbl.sorbs.net.', '127.0.0.10')
|
||||
describe RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address
|
||||
tflags RCVD_IN_SORBS_DUL net
|
||||
reuse RCVD_IN_SORBS_DUL
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
# Spamhaus ZEN includes SBL+CSS+XBL+PBL
|
||||
@ -208,27 +151,48 @@ reuse RCVD_IN_IADB_VOUCHED
|
||||
# Certified:
|
||||
# https://www.validity.com/resource-center/fact-sheet-certification/
|
||||
# (replaces RCVD_IN_BSP_TRUSTED, RCVD_IN_BSP_OTHER, RCVD_IN_SSC_TRUSTED_COI, RCVD_IN_RP_CERTIFIED)
|
||||
header RCVD_IN_VALIDITY_CERTIFIED eval:check_rbl_txt('ssc-firsttrusted', 'sa-trusted.bondedsender.org.')
|
||||
header RCVD_IN_VALIDITY_CERTIFIED eval:check_rbl('ssc-firsttrusted', 'sa-trusted.bondedsender.org.', '^127\.0\.0\.')
|
||||
describe RCVD_IN_VALIDITY_CERTIFIED Sender in Validity Certification - Contact certification@validity.com
|
||||
tflags RCVD_IN_VALIDITY_CERTIFIED net nice publish
|
||||
reuse RCVD_IN_VALIDITY_CERTIFIED RCVD_IN_RP_CERTIFIED
|
||||
|
||||
header RCVD_IN_VALIDITY_CERTIFIED_BLOCKED eval:check_rbl('ssc-firsttrusted', 'sa-trusted.bondedsender.org.', '127.255.255.255')
|
||||
describe RCVD_IN_VALIDITY_CERTIFIED_BLOCKED ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
|
||||
tflags RCVD_IN_VALIDITY_CERTIFIED_BLOCKED net publish
|
||||
reuse RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RCVD_IN_VALIDITY_CERTIFIED_BLOCKED
|
||||
|
||||
# Safe:
|
||||
# https://www.validity.com/resource-center/fact-sheet-certification/
|
||||
# (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED, RCVD_IN_RP_SAFE)
|
||||
header RCVD_IN_VALIDITY_SAFE eval:check_rbl_txt('ssc-firsttrusted','sa-accredit.habeas.com.')
|
||||
header RCVD_IN_VALIDITY_SAFE eval:check_rbl('ssc-firsttrusted', 'sa-accredit.habeas.com.', '^127\.0\.0\.')
|
||||
describe RCVD_IN_VALIDITY_SAFE Sender in Validity Safe - Contact certification@validity.com
|
||||
tflags RCVD_IN_VALIDITY_SAFE net nice publish
|
||||
reuse RCVD_IN_VALIDITY_SAFE RCVD_IN_RP_SAFE
|
||||
|
||||
header RCVD_IN_VALIDITY_SAFE_BLOCKED eval:check_rbl('ssc-firsttrusted', 'sa-accredit.habeas.com.', '127.255.255.255')
|
||||
describe RCVD_IN_VALIDITY_SAFE_BLOCKED ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
|
||||
tflags RCVD_IN_VALIDITY_SAFE_BLOCKED net publish
|
||||
reuse RCVD_IN_VALIDITY_SAFE_BLOCKED RCVD_IN_VALIDITY_SAFE_BLOCKED
|
||||
|
||||
# Validity RPBL (née Return Path Reputation Network Blacklist - RNBL):
|
||||
# https://www.senderscore.org/blocklistlookup/
|
||||
# (replaces RCVD_IN_RP_RNBL)
|
||||
header RCVD_IN_VALIDITY_RPBL eval:check_rbl('rnbl-lastexternal','bl.score.senderscore.com.')
|
||||
header RCVD_IN_VALIDITY_RPBL eval:check_rbl('rnbl-lastexternal', 'bl.score.senderscore.com.', '^127\.0\.0\.')
|
||||
describe RCVD_IN_VALIDITY_RPBL Relay in Validity RPBL, https://senderscore.org/blocklistlookup/
|
||||
tflags RCVD_IN_VALIDITY_RPBL net publish
|
||||
reuse RCVD_IN_VALIDITY_RPBL RCVD_IN_RP_RNBL
|
||||
|
||||
header RCVD_IN_VALIDITY_RPBL_BLOCKED eval:check_rbl('rnbl-lastexternal', 'bl.score.senderscore.com.', '127.255.255.255')
|
||||
describe RCVD_IN_VALIDITY_RPBL_BLOCKED ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information.
|
||||
tflags RCVD_IN_VALIDITY_RPBL_BLOCKED net publish
|
||||
reuse RCVD_IN_VALIDITY_RPBL_BLOCKED RCVD_IN_VALIDITY_RPBL_BLOCKED
|
||||
|
||||
if can(Mail::SpamAssassin::Conf::feature_dns_block_rule)
|
||||
dns_block_rule RCVD_IN_VALIDITY_CERTIFIED_BLOCKED sa-trusted.bondedsender.org
|
||||
dns_block_rule RCVD_IN_VALIDITY_SAFE_BLOCKED sa-accredit.habeas.com
|
||||
dns_block_rule RCVD_IN_VALIDITY_RPBL_BLOCKED bl.score.senderscore.com
|
||||
endif
|
||||
|
||||
endif
|
||||
|
||||
#These are old and useless - The zones are no longer supported by SpamHaus 2018-12-12
|
||||
|
||||
@ -31,7 +31,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
###########################################################################
|
||||
# header rules
|
||||
|
||||
@ -25,7 +25,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
# ---------------------------------------------------------------------------
|
||||
|
||||
|
||||
@ -25,7 +25,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
#---------------------------------------------------------------------------
|
||||
# Handle hosts that look like HELO_DYNAMIC hosts
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
###########################################################################
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
# HTML parser tests
|
||||
#
|
||||
|
||||
@ -29,7 +29,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
# some tests that will trigger FPs on ISO-2022-JP mails.
|
||||
|
||||
|
||||
@ -30,7 +30,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
# bug 2220. nice results
|
||||
meta DIGEST_MULTIPLE RAZOR2_CHECK + DCC_CHECK + PYZOR_CHECK > 1
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
###########################################################################
|
||||
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
###########################################################################
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
# possible IDN spoofing attack: https://web.archive.org/web/20141006091906/https://www.shmoo.com/idn/homograph.txt
|
||||
# not expecting any hits on this (yet)
|
||||
|
||||
@ -23,7 +23,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
###########################################################################
|
||||
|
||||
|
||||
@ -77,15 +77,6 @@ lang de describe EMAIL_ROT13 Eventuell ROT13-kodierte E-Mail-Adresse im Text
|
||||
lang de describe BLANK_LINES_80_90 Nachrichtentext besteht zu 80-90% aus Leerzeilen
|
||||
lang de describe LONGWORDS Eine Reihe von langen Wörtern hintereinander
|
||||
lang de describe ALL_TRUSTED Nachricht wurde nur über vertrauenswürdige Rechner weitergeleitet
|
||||
lang de describe __RCVD_IN_SORBS SORBS: Senderechner in Liste von dnsbl.sorbs.net
|
||||
lang de describe RCVD_IN_SORBS_HTTP SORBS: Senderechner als "open HTTP proxy" gemeldet
|
||||
lang de describe RCVD_IN_SORBS_MISC SORBS: Senderechner als "open proxy" gemeldet
|
||||
lang de describe RCVD_IN_SORBS_SMTP SORBS: Senderechner ist ein ungesicherter Mail-Server
|
||||
lang de describe RCVD_IN_SORBS_SOCKS SORBS: Senderechner als "open SOCKS proxy" gemeldet
|
||||
lang de describe RCVD_IN_SORBS_WEB SORBS: Senderechner ist ein ungesicherter WWW-Server
|
||||
lang de describe RCVD_IN_SORBS_BLOCK SORBS: Senderechner verweigert Tests
|
||||
lang de describe RCVD_IN_SORBS_ZOMBIE SORBS: Senderechner in Liste "entführter" Adressblöcke
|
||||
lang de describe RCVD_IN_SORBS_DUL SORBS: Senderechner nur temporär mit Internet verbunden
|
||||
lang de describe RCVD_IN_SBL Transportiert via Rechner in SBL-Liste (https://www.spamhaus.org/sbl/)
|
||||
lang de describe RCVD_IN_XBL Transportiert via Rechner in XBL-Liste (https://www.spamhaus.org/xbl/)
|
||||
lang de describe RCVD_IN_BL_SPAMCOP_NET Transportiert via Rechner in Liste von www.spamcop.net
|
||||
|
||||
@ -213,19 +213,11 @@ lang fr describe RATWARE_OE_MALFORMED En-t
|
||||
lang fr describe RCVD_AM_PM En-tête Received: falsifié (AM/PM)
|
||||
lang fr describe RCVD_FAKE_HELO_DOTCOM En-tête Received contient nom d'hôte falsifié dans le HELO
|
||||
lang fr describe RCVD_IN_BL_SPAMCOP_NET Relais listé dans http://spamcop.net/bl.shtml
|
||||
lang fr describe RCVD_IN_SORBS_DUL Envoyé directement depuis une adresse IP dynamique
|
||||
lang fr describe RCVD_IN_MAPS_DUL Relais listé dans DUL, http://www.mail-abuse.org/dul/
|
||||
lang fr describe RCVD_IN_MAPS_NML Relais listé dans NML, http://www.mail-abuse.org/nml/
|
||||
lang fr describe RCVD_IN_MAPS_RBL Relais listé dans RBL, http://www.mail-abuse.org/rbl/
|
||||
lang fr describe RCVD_IN_MAPS_RSS Relais listé dans RSS, http://www.mail-abuse.org/rss/
|
||||
lang fr describe RCVD_IN_SBL Relais listé dans https://www.spamhaus.org/sbl/
|
||||
lang fr describe RCVD_IN_SORBS_BLOCK SORBS: Relais refusant d'être testé par SORBS
|
||||
lang fr describe RCVD_IN_SORBS_HTTP SORBS: Envoyé par un proxy HTTP ouvert
|
||||
lang fr describe RCVD_IN_SORBS_MISC SORBS: Envoyé par un proxy ouvert
|
||||
lang fr describe RCVD_IN_SORBS_SMTP SORBS: Envoyé par un relais SMTP ouvert
|
||||
lang fr describe RCVD_IN_SORBS_SOCKS SORBS: Envoyé par un proxy SOCKS ouvert
|
||||
lang fr describe RCVD_IN_SORBS_WEB SORBS: Envoyé depuis un serveur web vulnérable
|
||||
lang fr describe RCVD_IN_SORBS_ZOMBIE SORBS: Envoyé depuis un réseau IP piraté
|
||||
lang fr describe REFINANCE_NOW Offre de refinancement immobilier
|
||||
lang fr describe REFINANCE_YOUR_HOME Offre de refinancement immobilier
|
||||
lang fr describe SORTED_RECIPS La liste des destinataires est triée par ordre alphabétique
|
||||
|
||||
@ -64,15 +64,6 @@ lang nl describe MPART_ALT_DIFF HTML en tekst delen zijn versch
|
||||
lang nl describe CHARSET_FARAWAY Karakterset wijst op vreemde taal
|
||||
lang nl describe EMAIL_ROT13 Body bevat een ROT13-versleuteld emailadres
|
||||
lang nl describe BLANK_LINES_80_90 Bericht bestaat voor 80-90% uit witregels
|
||||
lang nl describe __RCVD_IN_SORBS SORBS: verzender is gevonden in SORBS
|
||||
lang nl describe RCVD_IN_SORBS_HTTP SORBS: verzender is een open HTTP proxy server
|
||||
lang nl describe RCVD_IN_SORBS_MISC SORBS: verzender is een open proxy server
|
||||
lang nl describe RCVD_IN_SORBS_SMTP SORBS: verzender is een open SMTP relay
|
||||
lang nl describe RCVD_IN_SORBS_SOCKS SORBS: verzender is een open SOCKS proxy server
|
||||
lang nl describe RCVD_IN_SORBS_WEB SORBS: verzender is een misbruikbare web server
|
||||
lang nl describe RCVD_IN_SORBS_BLOCK SORBS: verzender weigert getest te worden
|
||||
lang nl describe RCVD_IN_SORBS_ZOMBIE SORBS: verzender is een gekaapt netwerk
|
||||
lang nl describe RCVD_IN_SORBS_DUL SORBS: bericht is direct verstuurd vanaf een dynamisch IP adres
|
||||
lang nl describe RCVD_IN_SBL Ontvangen via een relay die gevonden is in Spamhaus SBL
|
||||
lang nl describe RCVD_IN_XBL Ontvangen via een relay die gevonden is in Spamhaus XBL
|
||||
lang nl describe RCVD_IN_BL_SPAMCOP_NET Ontvangen via een relay die gevonden is in bl.spamcop.net
|
||||
|
||||
@ -204,13 +204,6 @@ lang pl describe RCVD_IN_MAPS_NML "open relay" wed
|
||||
lang pl describe RCVD_IN_MAPS_RBL "open relay" wed³ug RBL, http://www.mail-abuse.org/rbl/
|
||||
lang pl describe RCVD_IN_MAPS_RSS "open relay" wed³ug RSS, http://www.mail-abuse.org/rss/
|
||||
lang pl describe RCVD_IN_SBL Otrzymano przez relay listowany w Spamhaus Block List
|
||||
lang pl describe RCVD_IN_SORBS_BLOCK SORBS: nadawca nie pozwala siê testowaæ
|
||||
lang pl describe RCVD_IN_SORBS_HTTP SORBS: nadawca jest otwartym serwerem HTTP
|
||||
lang pl describe RCVD_IN_SORBS_MISC SORBS: nadawca jest otwartym serwerem proxy
|
||||
lang pl describe RCVD_IN_SORBS_SMTP SORBS: nadawca posiada otwarty serwer (Open Relay)
|
||||
lang pl describe RCVD_IN_SORBS_SOCKS SORBS: nadawca jest otwartym serwerem SOCKS proxy
|
||||
lang pl describe RCVD_IN_SORBS_WEB SORBS: nadawca posiada nadu¿ywany serwer WWW
|
||||
lang pl describe RCVD_IN_SORBS_ZOMBIE SORBS: nadawca jest z sieci bez kontroli
|
||||
lang pl describe REFINANCE_NOW Refinansowanie domów
|
||||
lang pl describe REFINANCE_YOUR_HOME Refinansowanie domów
|
||||
lang pl describe SORTED_RECIPS Lista odbiorców posortowana wed³ug adresu
|
||||
|
||||
@ -97,15 +97,6 @@ lang pt_BR describe ALL_TRUSTED Mensagem passou via SMTP apenas por hosts confi
|
||||
lang pt_BR describe NO_RELAYS Informação: mensagem não foi recebida via SMTP
|
||||
|
||||
# 20_dnsbl_tests.cf
|
||||
lang pt_BR describe __RCVD_IN_SORBS Recebida por um relay listado em SORBS
|
||||
lang pt_BR describe RCVD_IN_SORBS_HTTP SORBS: remetente é um proxy HTTP aberto
|
||||
lang pt_BR describe RCVD_IN_SORBS_SOCKS SORBS: remetente é um proxy SOCKS aberto
|
||||
lang pt_BR describe RCVD_IN_SORBS_MISC SORBS: remetente é um proxy aberto
|
||||
lang pt_BR describe RCVD_IN_SORBS_SMTP SORBS: remetente é um relay SMTP aberto
|
||||
lang pt_BR describe RCVD_IN_SORBS_WEB SORBS: remetente é um servidor web explorável
|
||||
lang pt_BR describe RCVD_IN_SORBS_BLOCK SORBS: remetente requer que não seja testado
|
||||
lang pt_BR describe RCVD_IN_SORBS_ZOMBIE SORBS: remetente está em uma rede comprometida
|
||||
lang pt_BR describe RCVD_IN_SORBS_DUL SORBS: mensagem enviada a partir de um IP dinâmico
|
||||
lang pt_BR describe __RCVD_IN_ZEN Recebida por um relay listado em Spamhaus Zen
|
||||
lang pt_BR describe RCVD_IN_SBL Recebida por um relay listado em Spamhaus SBL
|
||||
lang pt_BR describe RCVD_IN_XBL Recebida por um relay listado em Spamhaus XBL
|
||||
|
||||
@ -285,6 +285,7 @@ score RCVD_FORGED_WROTE2 0 # n=0 n=1 n=2 n=3
|
||||
#score RCVD_IN_BRBL_LASTEXT 0 1.644 0 1.449 # n=0 n=2
|
||||
score RCVD_IN_PSBL 0 2.700 0 2.700 # n=0 n=2
|
||||
score RCVD_IN_VALIDITY_RPBL 0 1.284 0 1.310 # n=0 n=2
|
||||
score RCVD_IN_VALIDITY_RPBL_BLOCKED 0 0.001 0 0.001
|
||||
score RCVD_MAIL_COM 0 # n=0 n=1 n=2 n=3
|
||||
score RDNS_DYNAMIC 2.639 0.363 1.663 0.982
|
||||
score RDNS_LOCALHOST 3.700 0.969 2.345 0.001
|
||||
@ -504,15 +505,6 @@ score RCVD_IN_IADB_UT_CPEAR 0 # n=0 n=1 n=2 n=3
|
||||
score RCVD_IN_IADB_UT_CPR_30 0 # n=0 n=1 n=2 n=3
|
||||
score RCVD_IN_IADB_UT_CPR_MAT 0 -0.095 0 -0.001 # n=0 n=1 n=2
|
||||
score RCVD_IN_SBL 0 2.596 0 0.141 # n=0 n=2
|
||||
score RCVD_IN_SORBS_BLOCK 0 # n=0 n=1 n=2 n=3
|
||||
score RCVD_IN_SORBS_DUL 0 0.001 0 0.001 # n=0 n=2
|
||||
score RCVD_IN_SORBS_HTTP 0 2.499 0 0.001 # n=0 n=2
|
||||
score RCVD_IN_SORBS_MISC 0 # n=0 n=1 n=2 n=3
|
||||
score RCVD_IN_SORBS_SMTP 0 # n=0 n=1 n=2 n=3
|
||||
score RCVD_IN_SORBS_SOCKS 0 2.443 0 1.927 # n=0 n=2
|
||||
#score RCVD_IN_SORBS_SPAM 0 0.5 0 0.5
|
||||
score RCVD_IN_SORBS_WEB 0 1.5 0 1.5
|
||||
score RCVD_IN_SORBS_ZOMBIE 0 # n=0 n=1 n=2 n=3
|
||||
score RCVD_IN_XBL 0 0.724 0 0.375 # n=0 n=2
|
||||
score RCVD_IN_PBL 0 3.558 0 3.335 # n=0 n=2
|
||||
score RCVD_IN_SBL_CSS 0 3.558 0 3.335 # n=0 n=2
|
||||
@ -528,7 +520,9 @@ score RCVD_IN_ZEN_BLOCKED 0 0.001 0 0.001
|
||||
# CERTIFIED is a subset of SAFE, thus the score is cumulative.
|
||||
# -2 + -3 = -5 points for CERTIFIED
|
||||
score RCVD_IN_VALIDITY_CERTIFIED 0.0 -3.0 0.0 -3.0
|
||||
score RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0 0.001 0 0.001
|
||||
score RCVD_IN_VALIDITY_SAFE 0.0 -2.0 0.0 -2.0
|
||||
score RCVD_IN_VALIDITY_SAFE_BLOCKED 0 0.001 0 0.001
|
||||
|
||||
# DNSWL is a commercial service that requires payment for servers over 100K queries daily.
|
||||
# Unfortunately, they will return true answers for DNS servers they consider abusive so
|
||||
|
||||
@ -402,7 +402,6 @@ def_welcomelist_auth *@*.nea.org
|
||||
def_welcomelist_auth *@*.bhg.com
|
||||
def_welcomelist_auth *@*.nest.com
|
||||
def_welcomelist_auth *@*.colehaan.com
|
||||
def_welcomelist_auth *@*.microsoft.com
|
||||
def_welcomelist_auth *@*.vanheusen.com
|
||||
def_welcomelist_auth *@*.shoppbs.org
|
||||
def_welcomelist_auth *@*.roku.com
|
||||
@ -1379,7 +1378,6 @@ def_whitelist_auth *@*.nea.org
|
||||
def_whitelist_auth *@*.bhg.com
|
||||
def_whitelist_auth *@*.nest.com
|
||||
def_whitelist_auth *@*.colehaan.com
|
||||
def_whitelist_auth *@*.microsoft.com
|
||||
def_whitelist_auth *@*.vanheusen.com
|
||||
def_whitelist_auth *@*.shoppbs.org
|
||||
def_whitelist_auth *@*.roku.com
|
||||
|
||||
File diff suppressed because one or more lines are too long
@ -1,9 +1,9 @@
|
||||
score ACCT_PHISHING_MANY 2.561 2.999 2.561 2.999
|
||||
score ACCT_PHISHING_MANY 2.999 2.999 2.999 2.999
|
||||
score AC_BR_BONANZA 0.001 0.001 0.001 0.001
|
||||
score AC_DIV_BONANZA 0.001 0.001 0.001 0.001
|
||||
score AC_FROM_MANY_DOTS 2.499 2.499 2.499 2.499
|
||||
score AC_FROM_MANY_DOTS 0.717 2.499 0.717 2.499
|
||||
score AC_HTML_NONSENSE_TAGS 1.999 1.999 1.999 1.999
|
||||
score AC_POST_EXTRAS 0.001 1.417 0.001 1.417
|
||||
score AC_POST_EXTRAS 0.001 0.429 0.001 0.429
|
||||
score AC_SPAMMY_URI_PATTERNS1 1.000 1.000 1.000 1.000
|
||||
score AC_SPAMMY_URI_PATTERNS10 1.000 1.000 1.000 1.000
|
||||
score AC_SPAMMY_URI_PATTERNS11 1.000 1.000 1.000 1.000
|
||||
@ -11,289 +11,285 @@ score AC_SPAMMY_URI_PATTERNS12 1.000 1.000 1.000 1.000
|
||||
score AC_SPAMMY_URI_PATTERNS2 1.000 1.000 1.000 1.000
|
||||
score AC_SPAMMY_URI_PATTERNS3 1.000 1.000 1.000 1.000
|
||||
score AC_SPAMMY_URI_PATTERNS4 1.000 1.000 1.000 1.000
|
||||
score AC_SPAMMY_URI_PATTERNS8 1.000 1.000 1.000 1.000
|
||||
score AC_SPAMMY_URI_PATTERNS8 1.000 3.999 1.000 3.999
|
||||
score AC_SPAMMY_URI_PATTERNS9 1.000 1.000 1.000 1.000
|
||||
score ADMITS_SPAM 3.199 3.099 3.199 3.099
|
||||
score ADMITS_SPAM 2.096 0.184 2.096 0.184
|
||||
score ADULT_DATING_COMPANY 10.000 10.000 10.000 10.000
|
||||
score ADVANCE_FEE_2_NEW_FORM 1.000 1.000 1.000 1.000
|
||||
score ADVANCE_FEE_2_NEW_FRM_MNY 1.000 2.063 1.000 2.063
|
||||
score ADVANCE_FEE_2_NEW_MONEY 1.999 1.999 1.999 1.999
|
||||
score ADVANCE_FEE_3_NEW 3.499 3.266 3.499 3.266
|
||||
score ADVANCE_FEE_2_NEW_FRM_MNY 1.623 1.083 1.623 1.083
|
||||
score ADVANCE_FEE_2_NEW_MONEY 2.000 1.999 2.000 1.999
|
||||
score ADVANCE_FEE_3_NEW 3.043 2.527 3.043 2.527
|
||||
score ADVANCE_FEE_3_NEW_FRM_MNY 1.013 0.085 1.013 0.085
|
||||
score ADVANCE_FEE_3_NEW_MONEY 0.001 0.001 0.001 0.001
|
||||
score ADVANCE_FEE_4_NEW 0.803 0.001 0.803 0.001
|
||||
score ADVANCE_FEE_4_NEW_FRM_MNY 0.674 1.242 0.674 1.242
|
||||
score ADVANCE_FEE_4_NEW 0.001 0.001 0.001 0.001
|
||||
score ADVANCE_FEE_4_NEW_FRM_MNY 0.001 0.001 0.001 0.001
|
||||
score ADVANCE_FEE_4_NEW_MONEY 0.001 0.001 0.001 0.001
|
||||
score ADVANCE_FEE_5_NEW 2.399 1.823 2.399 1.823
|
||||
score ADVANCE_FEE_5_NEW_FRM_MNY 0.001 0.001 0.001 0.001
|
||||
score ADVANCE_FEE_5_NEW_MONEY 0.001 0.662 0.001 0.662
|
||||
score AD_PREFS 0.001 0.001 0.001 0.001
|
||||
score ADVANCE_FEE_5_NEW_MONEY 0.001 0.001 0.001 0.001
|
||||
score AD_PREFS 0.250 0.499 0.250 0.499
|
||||
score ALIBABA_IMG_NOT_RCVD_ALI 1.000 1.000 1.000 1.000
|
||||
score AMAZON_IMG_NOT_RCVD_AMZN 2.499 2.499 2.499 2.499
|
||||
score APP_DEVELOPMENT_FREEM 1.000 1.000 1.000 1.000
|
||||
score APP_DEVELOPMENT_NORDNS 1.000 1.000 1.000 1.000
|
||||
score APP_DEVELOPMENT_NORDNS 0.365 1.999 0.365 1.999
|
||||
score ARC_SIGNED 0.001 0.001 0.001 0.001
|
||||
score ARC_VALID 0.001 0.001 0.001 0.001
|
||||
score AXB_XMAILER_MIMEOLE_OL_024C2 0.001 0.001 0.001 0.001
|
||||
score AXB_X_FF_SEZ_S 3.499 3.399 3.499 3.399
|
||||
score BEBEE_IMG_NOT_RCVD_BB 1.000 1.000 1.000 1.000
|
||||
score BIGNUM_EMAILS_FREEM 1.000 1.000 1.000 1.000
|
||||
score BIGNUM_EMAILS_FREEM 0.001 0.001 0.001 0.001
|
||||
score BIGNUM_EMAILS_MANY 1.000 1.000 1.000 1.000
|
||||
score BILLION_OVERLAP -0.999 -0.317 -0.999 -0.317
|
||||
score BITCOIN_BOMB 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_DEADLINE 1.586 2.999 1.586 2.999
|
||||
score BITCOIN_EXTORT_01 2.103 0.001 2.103 0.001
|
||||
score BITCOIN_DEADLINE 1.401 2.602 1.401 2.602
|
||||
score BITCOIN_EXTORT_01 2.104 1.734 2.104 1.734
|
||||
score BITCOIN_EXTORT_02 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_IMGUR 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_MALWARE 3.406 0.986 3.406 0.986
|
||||
score BITCOIN_MALWARE 0.001 0.001 0.001 0.001
|
||||
score BITCOIN_OBFU_SUBJ 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_ONAN 1.642 1.116 1.642 1.116
|
||||
score BITCOIN_ONAN 1.873 0.218 1.873 0.218
|
||||
score BITCOIN_PAY_ME 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_SPAM_01 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_SPAM_02 2.499 2.321 2.499 2.321
|
||||
score BITCOIN_SPAM_03 2.499 1.683 2.499 1.683
|
||||
score BITCOIN_SPAM_02 1.551 2.499 1.551 2.499
|
||||
score BITCOIN_SPAM_03 2.499 2.499 2.499 2.499
|
||||
score BITCOIN_SPAM_04 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_SPAM_05 0.001 1.000 0.001 1.000
|
||||
score BITCOIN_SPAM_06 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_SPAM_07 2.903 0.001 2.903 0.001
|
||||
score BITCOIN_SPAM_07 0.602 0.001 0.602 0.001
|
||||
score BITCOIN_SPAM_08 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_SPAM_09 1.499 1.499 1.499 1.499
|
||||
score BITCOIN_SPAM_10 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_SPAM_11 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_SPAM_12 1.000 1.000 1.000 1.000
|
||||
score BITCOIN_SPF_ONLYALL 0.001 1.000 0.001 1.000
|
||||
score BITCOIN_TOEQFM 1.597 1.539 1.597 1.539
|
||||
score BITCOIN_VISTA 0.001 3.016 0.001 3.016
|
||||
score BITCOIN_XPRIO 2.499 2.499 2.499 2.499
|
||||
score BITCOIN_YOUR_INFO 1.000 1.000 1.000 1.000
|
||||
score BODY_SINGLE_URI 1.680 0.547 1.680 0.547
|
||||
score BODY_SINGLE_WORD 0.784 0.001 0.784 0.001
|
||||
score BODY_URI_ONLY 0.178 0.001 0.178 0.001
|
||||
score BOGUS_MIME_VERSION 3.499 2.706 3.499 2.706
|
||||
score BOGUS_MSM_HDRS 2.355 2.528 2.355 2.528
|
||||
score BITCOIN_TOEQFM 3.499 2.863 3.499 2.863
|
||||
score BITCOIN_VISTA 0.001 0.001 0.001 0.001
|
||||
score BITCOIN_XPRIO 0.001 0.001 0.001 0.001
|
||||
score BITCOIN_YOUR_INFO 0.618 0.001 0.618 0.001
|
||||
score BODY_URI_ONLY 0.001 0.001 0.001 0.001
|
||||
score BOGUS_MIME_VERSION 3.499 3.499 3.499 3.499
|
||||
score BOGUS_MSM_HDRS 2.197 0.161 2.197 0.161
|
||||
score BOMB_FREEM 1.000 1.000 1.000 1.000
|
||||
score BOMB_MONEY 1.000 1.000 1.000 1.000
|
||||
score BTC_ORG 1.000 1.000 1.000 1.000
|
||||
score BULK_RE_SUSP_NTLD 1.000 1.000 1.000 1.000
|
||||
score CANT_SEE_AD 1.000 1.000 1.000 1.000
|
||||
score CK_HELO_GENERIC 0.249 0.249 0.249 0.249
|
||||
score CK_HELO_GENERIC 0.250 0.249 0.250 0.249
|
||||
score COMMENT_GIBBERISH 1.000 1.000 1.000 1.000
|
||||
score COMPENSATION 1.499 0.538 1.499 0.538
|
||||
score CONTENT_AFTER_HTML 1.000 1.000 1.000 1.000
|
||||
score CONTENT_AFTER_HTML_WEAK 1.000 1.000 1.000 1.000
|
||||
score CTE_8BIT_MISMATCH 0.999 0.001 0.999 0.001
|
||||
score DATE_IN_FUTURE_Q_PLUS 2.760 2.006 2.760 2.006
|
||||
score COMPENSATION 1.342 0.068 1.342 0.068
|
||||
score CONTENT_AFTER_HTML 2.499 2.499 2.499 2.499
|
||||
score CONTENT_AFTER_HTML_WEAK 1.499 1.500 1.499 1.500
|
||||
score CTE_8BIT_MISMATCH 0.999 0.260 0.999 0.260
|
||||
score DAY_I_EARNED 1.000 1.000 1.000 1.000
|
||||
score DEAR_BENEFICIARY 3.099 2.446 3.099 2.446
|
||||
score DEAR_BENEFICIARY 3.399 2.451 3.399 2.451
|
||||
score DEAR_NOBODY 2.999 2.559 2.999 2.559
|
||||
score DKIMWL_BL 0.001 1.000 0.001 1.000
|
||||
score DKIMWL_BLOCKED 0.001 0.001 0.001 0.001
|
||||
score DKIMWL_WL_HIGH 0.001 -0.014 0.001 -0.014
|
||||
score DKIMWL_WL_HIGH 0.001 -0.141 0.001 -0.141
|
||||
score DKIMWL_WL_MED 0.001 -0.001 0.001 -0.001
|
||||
score DKIMWL_WL_MEDHI 0.001 -0.001 0.001 -0.001
|
||||
score DOTGOV_IMAGE 1.000 1.000 1.000 1.000
|
||||
score DSN_NO_MIMEVERSION 1.999 1.999 1.999 1.999
|
||||
score DYNAMIC_IMGUR 1.000 1.000 1.000 1.000
|
||||
score DSN_NO_MIMEVERSION 2.000 1.999 2.000 1.999
|
||||
score DYNAMIC_IMGUR 2.324 1.244 2.324 1.244
|
||||
score EBAY_IMG_NOT_RCVD_EBAY 1.000 1.000 1.000 1.000
|
||||
score ENCRYPTED_MESSAGE -0.999 -0.999 -0.999 -0.999
|
||||
score END_FUTURE_EMAILS 2.499 2.499 2.499 2.499
|
||||
score ENVFROM_GOOG_TRIX 1.000 1.000 1.000 1.000
|
||||
score FACEBOOK_IMG_NOT_RCVD_FB 1.999 1.999 1.999 1.999
|
||||
score FBI_MONEY 1.000 1.000 1.000 1.000
|
||||
score FBI_SPOOF 1.000 1.000 1.000 1.000
|
||||
score FILL_THIS_FORM 0.798 0.801 0.798 0.801
|
||||
score FONT_INVIS_DIRECT 0.001 0.001 0.001 0.001
|
||||
score FBI_MONEY 1.999 1.999 1.999 1.999
|
||||
score FBI_SPOOF 0.378 0.385 0.378 0.385
|
||||
score FILL_THIS_FORM 0.001 0.001 0.001 0.001
|
||||
score FONT_INVIS_DIRECT 1.363 0.214 1.363 0.214
|
||||
score FONT_INVIS_DOTGOV 1.000 1.000 1.000 1.000
|
||||
score FONT_INVIS_HTML_NOHTML 2.487 1.018 2.487 1.018
|
||||
score FONT_INVIS_LONG_LINE 2.162 2.999 2.162 2.999
|
||||
score FONT_INVIS_HTML_NOHTML 2.999 2.481 2.999 2.481
|
||||
score FONT_INVIS_LONG_LINE 1.944 2.999 1.944 2.999
|
||||
score FONT_INVIS_MSGID 2.499 2.499 2.499 2.499
|
||||
score FONT_INVIS_NORDNS 0.001 0.710 0.001 0.710
|
||||
score FONT_INVIS_POSTEXTRAS 2.590 0.872 2.590 0.872
|
||||
score FONT_INVIS_NORDNS 0.001 0.672 0.001 0.672
|
||||
score FONT_INVIS_POSTEXTRAS 2.646 2.967 2.646 2.967
|
||||
score FORM_FRAUD 0.999 0.999 0.999 0.999
|
||||
score FORM_FRAUD_3 2.253 1.199 2.253 1.199
|
||||
score FORM_FRAUD_5 2.453 1.619 2.453 1.619
|
||||
score FOUND_YOU 1.000 1.000 1.000 1.000
|
||||
score FREEMAIL_FORGED_FROMDOMAIN 0.001 0.001 0.001 0.001
|
||||
score FORM_FRAUD_3 2.799 2.699 2.799 2.699
|
||||
score FORM_FRAUD_5 0.001 0.001 0.001 0.001
|
||||
score FOUND_YOU 1.416 3.055 1.416 3.055
|
||||
score FREEMAIL_FORGED_FROMDOMAIN 0.250 0.001 0.250 0.001
|
||||
score FREEM_FRNUM_UNICD_EMPTY 1.000 1.000 1.000 1.000
|
||||
score FRNAME_IN_MSG_XPRIO_NO_SUB 1.000 1.000 1.000 1.000
|
||||
score FROM_ADDR_WS 1.050 0.001 1.050 0.001
|
||||
score FROM_ADDR_WS 2.999 1.548 2.999 1.548
|
||||
score FROM_BANK_NOAUTH 0.001 1.000 0.001 1.000
|
||||
score FROM_FMBLA_NDBLOCKED 0.001 0.001 0.001 0.001
|
||||
score FROM_FMBLA_NEWDOM 0.001 1.352 0.001 1.352
|
||||
score FROM_FMBLA_NEWDOM 0.001 1.499 0.001 1.499
|
||||
score FROM_FMBLA_NEWDOM14 0.001 0.999 0.001 0.999
|
||||
score FROM_FMBLA_NEWDOM28 0.001 0.799 0.001 0.799
|
||||
score FROM_GOV_DKIM_AU 0.001 -0.156 0.001 -0.156
|
||||
score FROM_GOV_DKIM_AU 0.001 -0.469 0.001 -0.469
|
||||
score FROM_GOV_REPLYTO_FREEMAIL 0.001 1.000 0.001 1.000
|
||||
score FROM_GOV_SPOOF 0.001 1.000 0.001 1.000
|
||||
score FROM_IN_TO_AND_SUBJ 1.799 1.799 1.799 1.799
|
||||
score FROM_MISSPACED 1.999 1.149 1.999 1.149
|
||||
score FROM_MISSP_DYNIP 1.661 0.533 1.661 0.533
|
||||
score FROM_MISSP_EH_MATCH 1.999 2.000 1.999 2.000
|
||||
score FROM_MISSP_FREEMAIL 2.304 2.401 2.304 2.401
|
||||
score FROM_MISSP_MSFT 0.892 0.001 0.892 0.001
|
||||
score FROM_MISSP_PHISH 2.782 3.002 2.782 3.002
|
||||
score FROM_MISSP_REPLYTO 2.500 0.858 2.500 0.858
|
||||
score FROM_MISSP_SPF_FAIL 0.001 1.779 0.001 1.779
|
||||
score FROM_MISSP_TO_UNDISC 3.203 2.332 3.203 2.332
|
||||
score FROM_GOV_SPOOF 0.001 0.999 0.001 0.999
|
||||
score FROM_IN_TO_AND_SUBJ 1.899 1.799 1.899 1.799
|
||||
score FROM_MISSPACED 0.201 0.001 0.201 0.001
|
||||
score FROM_MISSP_DYNIP 0.001 0.792 0.001 0.792
|
||||
score FROM_MISSP_EH_MATCH 0.001 0.001 0.001 0.001
|
||||
score FROM_MISSP_FREEMAIL 2.252 3.199 2.252 3.199
|
||||
score FROM_MISSP_MSFT 0.001 0.001 0.001 0.001
|
||||
score FROM_MISSP_PHISH 3.499 3.499 3.499 3.499
|
||||
score FROM_MISSP_REPLYTO 1.111 0.001 1.111 0.001
|
||||
score FROM_MISSP_SPF_FAIL 0.001 1.312 0.001 1.312
|
||||
score FROM_MISSP_TO_UNDISC 2.146 1.256 2.146 1.256
|
||||
score FROM_MISSP_USER 0.001 0.001 0.001 0.001
|
||||
score FROM_MISSP_XPRIO 2.500 2.499 2.500 2.499
|
||||
score FROM_MISSP_XPRIO 0.001 0.001 0.001 0.001
|
||||
score FROM_NEWDOM_BTC 0.001 1.000 0.001 1.000
|
||||
score FROM_NTLD_LINKBAIT 1.000 1.000 1.000 1.000
|
||||
score FROM_NTLD_REPLY_FREEMAIL 1.663 1.000 1.663 1.000
|
||||
score FROM_NTLD_LINKBAIT 0.800 0.610 0.800 0.610
|
||||
score FROM_NTLD_REPLY_FREEMAIL 0.001 0.001 0.001 0.001
|
||||
score FROM_NUMBERO_NEWDOMAIN 0.001 1.000 0.001 1.000
|
||||
score FROM_PAYPAL_SPOOF 0.001 0.001 0.001 0.001
|
||||
score FROM_PAYPAL_SPOOF 0.001 1.599 0.001 1.599
|
||||
score FROM_SUSPICIOUS_NTLD 0.499 0.499 0.499 0.499
|
||||
score FROM_SUSPICIOUS_NTLD_FP 1.999 1.999 1.999 1.999
|
||||
score FROM_UNBAL1 2.266 2.020 2.266 2.020
|
||||
score FROM_WSP_TRAIL 2.699 2.699 2.699 2.699
|
||||
score FSL_BULK_SIG 0.001 0.714 0.001 0.714
|
||||
score FROM_SUSPICIOUS_NTLD_FP 1.999 0.409 1.999 0.409
|
||||
score FROM_UNBAL1 2.499 2.399 2.499 2.399
|
||||
score FROM_WSP_TRAIL 2.699 2.599 2.699 2.599
|
||||
score FSL_BULK_SIG 0.001 0.001 0.001 0.001
|
||||
score FSL_CTYPE_WIN1251 0.001 0.001 0.001 0.001
|
||||
score FSL_HAS_TINYURL 2.799 2.699 2.799 2.699
|
||||
score FSL_NEW_HELO_USER 0.001 0.001 0.001 0.001
|
||||
score FUZZY_AMAZON 2.599 2.499 2.599 2.499
|
||||
score FUZZY_IMPORTANT 2.399 1.996 2.399 1.996
|
||||
score FUZZY_PRIVACY 2.699 2.699 2.699 2.699
|
||||
score FUZZY_SECURITY 2.599 2.499 2.599 2.499
|
||||
score FUZZY_WALLET 1.787 0.001 1.787 0.001
|
||||
score FUZZY_AMAZON 1.729 0.688 1.729 0.688
|
||||
score FUZZY_CLICK_HERE 3.500 3.399 3.500 3.399
|
||||
score FUZZY_IMPORTANT 2.699 2.699 2.699 2.699
|
||||
score FUZZY_WALLET 1.016 0.001 1.016 0.001
|
||||
score GAPPY_SALES_LEADS_FREEM 1.000 1.000 1.000 1.000
|
||||
score GB_BITCOIN_CP 3.000 2.999 3.000 2.999
|
||||
score GB_CUSTOM_HTM_URI 1.499 0.001 1.499 0.001
|
||||
score GB_FAKE_RF_SHORT 1.939 1.999 1.939 1.999
|
||||
score GB_BITCOIN_CP 2.036 1.851 2.036 1.851
|
||||
score GB_CUSTOM_HTM_URI 1.037 0.001 1.037 0.001
|
||||
score GB_FAKE_RF_SHORT 1.228 1.593 1.228 1.593
|
||||
score GB_FORGED_MUA_POSTFIX 1.000 1.000 1.000 1.000
|
||||
score GB_FREEMAIL_DISPTO 0.001 0.001 0.001 0.001
|
||||
score GB_FREEMAIL_DISPTO_NOTFREEM 0.500 0.500 0.500 0.500
|
||||
score GB_FREEMAIL_DISPTO_NOTFREEM 0.499 0.499 0.499 0.499
|
||||
score GB_GOOGLE_OBFUR 0.750 0.750 0.750 0.750
|
||||
score GB_HASHBL_BTC 0.001 4.852 0.001 4.852
|
||||
score GB_HASHBL_BTC 0.001 0.360 0.001 0.360
|
||||
score GOOGLE_DOCS_PHISH 1.000 1.000 1.000 1.000
|
||||
score GOOGLE_DOCS_PHISH_MANY 1.000 1.000 1.000 1.000
|
||||
score GOOGLE_DOC_SUSP 1.000 1.000 1.000 1.000
|
||||
score GOOGLE_DRIVE_REPLY_BAD_NTLD 1.000 1.000 1.000 1.000
|
||||
score GOOG_MALWARE_DNLD 3.889 3.186 3.889 3.186
|
||||
score GOOG_REDIR_HTML_ONLY 1.999 1.999 1.999 1.999
|
||||
score GOOG_REDIR_NORDNS 2.498 0.899 2.498 0.899
|
||||
score GOOG_MALWARE_DNLD 3.613 1.000 3.613 1.000
|
||||
score GOOG_REDIR_HTML_ONLY 2.000 1.999 2.000 1.999
|
||||
score GOOG_REDIR_NORDNS 0.501 0.012 0.501 0.012
|
||||
score GOOG_STO_EMAIL_PHISH 1.000 1.000 1.000 1.000
|
||||
score GOOG_STO_HTML_PHISH 1.000 1.000 1.000 1.000
|
||||
score GOOG_STO_HTML_PHISH_MANY 1.000 1.000 1.000 1.000
|
||||
score GOOG_STO_IMG_HTML 2.501 2.523 2.501 2.523
|
||||
score GOOG_STO_IMG_NOHTML 1.000 1.000 1.000 1.000
|
||||
score GOOG_STO_NOIMG_HTML 2.496 1.524 2.496 1.524
|
||||
score GOOG_STO_IMG_HTML 2.000 2.225 2.000 2.225
|
||||
score GOOG_STO_IMG_NOHTML 1.937 2.499 1.937 2.499
|
||||
score GOOG_STO_NOIMG_HTML 2.999 2.999 2.999 2.999
|
||||
score HAS_X_NO_RELAY 1.000 1.000 1.000 1.000
|
||||
score HAS_X_OUTGOING_SPAM_STAT 1.000 1.000 1.000 1.000
|
||||
score HDRS_LCASE_IMGONLY 0.099 0.099 0.099 0.099
|
||||
score HDRS_MISSP 2.500 2.499 2.500 2.499
|
||||
score HDR_ORDER_FTSDMCXX_DIRECT 1.999 1.787 1.999 1.787
|
||||
score HDR_ORDER_FTSDMCXX_NORDNS 3.499 1.931 3.499 1.931
|
||||
score HEADER_FROM_DIFFERENT_DOMAINS 0.249 0.250 0.249 0.250
|
||||
score HELO_MISC_IP 0.250 0.249 0.250 0.249
|
||||
score HELO_NO_DOMAIN 0.001 0.443 0.001 0.443
|
||||
score HEXHASH_WORD 1.000 1.000 1.000 1.000
|
||||
score HAS_X_OUTGOING_SPAM_STAT 1.000 0.044 1.000 0.044
|
||||
score HDRS_LCASE 0.100 0.001 0.100 0.001
|
||||
score HDRS_LCASE_IMGONLY 0.036 0.100 0.036 0.100
|
||||
score HDRS_MISSP 2.149 2.249 2.149 2.249
|
||||
score HDR_ORDER_FTSDMCXX_DIRECT 1.999 0.001 1.999 0.001
|
||||
score HDR_ORDER_FTSDMCXX_NORDNS 2.609 3.499 2.609 3.499
|
||||
score HEADER_FROM_DIFFERENT_DOMAINS 0.250 0.249 0.250 0.249
|
||||
score HELO_NO_DOMAIN 0.001 0.001 0.001 0.001
|
||||
score HEXHASH_WORD 2.343 2.996 2.343 2.996
|
||||
score HK_CTE_RAW 1.000 1.000 1.000 1.000
|
||||
score HK_LOTTO 0.999 0.999 0.999 0.999
|
||||
score HK_NAME_FM_MR_MRS 1.299 0.402 1.299 0.402
|
||||
score HK_NAME_MR_MRS 0.999 0.999 0.999 0.999
|
||||
score HK_RANDOM_ENVFROM 0.999 0.674 0.999 0.674
|
||||
score HK_RANDOM_FROM 0.999 1.000 0.999 1.000
|
||||
score HK_RANDOM_REPLYTO 0.999 0.999 0.999 0.999
|
||||
score HK_RCVD_IP_MULTICAST 1.000 1.000 1.000 1.000
|
||||
score HK_SCAM 1.999 1.999 1.999 1.999
|
||||
score HOSTED_IMG_DIRECT_MX 3.499 3.220 3.499 3.220
|
||||
score HK_LOTTO 0.001 0.036 0.001 0.036
|
||||
score HK_NAME_FM_MR_MRS 0.913 0.001 0.913 0.001
|
||||
score HK_NAME_MR_MRS 1.000 0.999 1.000 0.999
|
||||
score HK_RANDOM_ENVFROM 0.001 0.001 0.001 0.001
|
||||
score HK_RANDOM_FROM 0.997 0.001 0.997 0.001
|
||||
score HK_RANDOM_REPLYTO 1.000 0.999 1.000 0.999
|
||||
score HK_RCVD_IP_MULTICAST 1.000 0.001 1.000 0.001
|
||||
score HK_SCAM 2.000 0.097 2.000 0.097
|
||||
score HK_WIN 0.001 0.001 0.001 0.001
|
||||
score HOSTED_IMG_DIRECT_MX 0.001 0.001 0.001 0.001
|
||||
score HOSTED_IMG_DQ_UNSUB 1.000 1.000 1.000 1.000
|
||||
score HOSTED_IMG_FREEM 0.001 0.001 0.001 0.001
|
||||
score HOSTED_IMG_MULTI 1.000 1.000 1.000 1.000
|
||||
score HOSTED_IMG_MULTI_PUB_01 2.999 2.999 2.999 2.999
|
||||
score HREF_EMPTY_NORDNS 0.004 0.522 0.004 0.522
|
||||
score HREF_EMPTY_NORDNS 0.194 0.001 0.194 0.001
|
||||
score HREF_EMPTY_PHPMAIL 1.000 1.000 1.000 1.000
|
||||
score HREF_EMPTY_XANTIABUSE 1.000 1.000 1.000 1.000
|
||||
score HREF_EMPTY_XAUTHED 1.000 1.000 1.000 1.000
|
||||
score HTML_BADATTR 1.000 1.000 1.000 1.000
|
||||
score HTML_BADATTR 0.999 0.999 0.999 0.999
|
||||
score HTML_ENTITY_ASCII 2.999 2.999 2.999 2.999
|
||||
score HTML_ENTITY_ASCII_TINY 1.000 1.000 1.000 1.000
|
||||
score HTML_FONT_TINY_NORDNS 1.999 1.818 1.999 1.818
|
||||
score HTML_OFF_PAGE 2.999 2.999 2.999 2.999
|
||||
score HTML_FONT_TINY_NORDNS 1.574 0.001 1.574 0.001
|
||||
score HTML_OFF_PAGE 1.000 1.000 1.000 1.000
|
||||
score HTML_SHRT_CMNT_OBFU_MANY 1.000 1.000 1.000 1.000
|
||||
score HTML_SINGLET_MANY 2.499 2.499 2.499 2.499
|
||||
score HTML_TEXT_INVISIBLE_FONT 1.343 1.148 1.343 1.148
|
||||
score HTML_TEXT_INVISIBLE_STYLE 1.130 0.858 1.130 0.858
|
||||
score IMG_DIRECT_TO_MX 0.521 0.040 0.521 0.040
|
||||
score IMG_ONLY_FM_DOM_INFO 1.000 1.000 1.000 1.000
|
||||
score HTML_SINGLET_MANY 1.861 1.306 1.861 1.306
|
||||
score HTML_TEXT_INVISIBLE_FONT 0.186 0.001 0.186 0.001
|
||||
score HTML_TEXT_INVISIBLE_STYLE 0.920 2.726 0.920 2.726
|
||||
score IMG_ONLY_FM_DOM_INFO 2.499 1.779 2.499 1.779
|
||||
score JH_SPAMMY_HEADERS 3.499 3.499 3.499 3.499
|
||||
score JH_SPAMMY_PATTERN01 1.000 1.000 1.000 1.000
|
||||
score JH_SPAMMY_PATTERN02 1.000 1.000 1.000 1.000
|
||||
score KHOP_FAKE_EBAY 0.001 0.001 0.001 0.001
|
||||
score KHOP_HELO_FCRDNS 0.399 0.259 0.399 0.259
|
||||
score KHOP_HELO_FCRDNS 0.400 0.399 0.400 0.399
|
||||
score LINKEDIN_IMG_NOT_RCVD_LNKN 1.000 1.000 1.000 1.000
|
||||
score LIST_PARTIAL_SHORT_MSG 2.370 1.001 2.370 1.001
|
||||
score LIST_PRTL_PUMPDUMP 1.000 1.000 1.000 1.000
|
||||
score LIST_PRTL_SAME_USER 1.000 1.000 1.000 1.000
|
||||
score LONGLN_LOW_CONTRAST 2.124 0.001 2.124 0.001
|
||||
score LONG_HEX_URI 3.000 2.158 3.000 2.158
|
||||
score LONG_IMG_URI 1.944 0.443 1.944 0.443
|
||||
score LONG_INVISIBLE_TEXT 2.154 2.098 2.154 2.098
|
||||
score LOTS_OF_MONEY 0.010 0.010 0.010 0.010
|
||||
score LONG_HEX_URI 2.999 1.615 2.999 1.615
|
||||
score LONG_IMG_URI 1.685 2.365 1.685 2.365
|
||||
score LONG_INVISIBLE_TEXT 1.683 1.350 1.683 1.350
|
||||
score LOTS_OF_MONEY 0.010 0.001 0.010 0.001
|
||||
score LOTTO_AGENT 0.001 0.132 0.001 0.132
|
||||
score LOTTO_DEPT 1.162 0.001 1.162 0.001
|
||||
score LUCRATIVE 1.000 1.000 1.000 1.000
|
||||
score MALFORMED_FREEMAIL 2.268 1.248 2.268 1.248
|
||||
score MALFORMED_FREEMAIL 3.026 2.693 3.026 2.693
|
||||
score MALF_HTML_B64 1.000 1.000 1.000 1.000
|
||||
score MALWARE_NORDNS 0.839 1.471 0.839 1.471
|
||||
score MALWARE_NORDNS 0.001 0.001 0.001 0.001
|
||||
score MALWARE_PASSWORD 1.000 1.000 1.000 1.000
|
||||
score MANY_HDRS_LCASE 0.100 0.001 0.100 0.001
|
||||
score MANY_SUBDOM 3.199 3.100 3.199 3.100
|
||||
score MAY_BE_FORGED 2.099 0.001 2.099 0.001
|
||||
score MALW_ATTACH 2.299 2.199 2.299 2.199
|
||||
score MANY_HDRS_LCASE 0.100 0.100 0.100 0.100
|
||||
score MANY_SPAN_IN_TEXT 2.199 1.756 2.199 1.756
|
||||
score MANY_SUBDOM 3.000 2.999 3.000 2.999
|
||||
score MAY_BE_FORGED 1.426 1.539 1.426 1.539
|
||||
score MILLION_HUNDRED 0.001 0.001 0.001 0.001
|
||||
score MILLION_USD 1.736 0.435 1.736 0.435
|
||||
score MIMEOLE_DIRECT_TO_MX 1.999 1.126 1.999 1.126
|
||||
score MIME_NO_TEXT 1.000 1.000 1.000 1.000
|
||||
score MILLION_USD 0.001 0.001 0.001 0.001
|
||||
score MIMEOLE_DIRECT_TO_MX 1.999 0.001 1.999 0.001
|
||||
score MIME_NO_TEXT 1.999 1.832 1.999 1.832
|
||||
score MIXED_AREA_CASE 1.000 1.000 1.000 1.000
|
||||
score MIXED_CENTER_CASE 2.499 2.238 2.499 2.238
|
||||
score MIXED_ES 2.199 2.199 2.199 2.199
|
||||
score MIXED_FONT_CASE 1.194 0.739 1.194 0.739
|
||||
score MIXED_HREF_CASE 1.999 1.999 1.999 1.999
|
||||
score MIXED_CENTER_CASE 1.000 2.208 1.000 2.208
|
||||
score MIXED_CTYPE_CASE 1.852 2.154 1.852 2.154
|
||||
score MIXED_ES 2.599 2.499 2.599 2.499
|
||||
score MIXED_FONT_CASE 1.000 1.000 1.000 1.000
|
||||
score MIXED_HREF_CASE 1.939 1.999 1.939 1.999
|
||||
score MIXED_IMG_CASE 1.000 1.000 1.000 1.000
|
||||
score MONERO_DEADLINE 1.000 1.000 1.000 1.000
|
||||
score MONERO_EXTORT_01 1.000 1.000 1.000 1.000
|
||||
score MONERO_MALWARE 1.000 1.000 1.000 1.000
|
||||
score MONERO_PAY_ME 1.000 1.000 1.000 1.000
|
||||
score MONEY_ATM_CARD 0.219 0.330 0.219 0.330
|
||||
score MONEY_ATM_CARD 0.001 3.099 0.001 3.099
|
||||
score MONEY_BARRISTER 0.999 0.999 0.999 0.999
|
||||
score MONEY_FORM 0.001 0.001 0.001 0.001
|
||||
score MONEY_FORM_SHORT 1.272 1.787 1.272 1.787
|
||||
score MONEY_FRAUD_3 0.953 0.262 0.953 0.262
|
||||
score MONEY_FORM_SHORT 1.548 1.613 1.548 1.613
|
||||
score MONEY_FRAUD_3 2.999 2.799 2.999 2.799
|
||||
score MONEY_FRAUD_5 0.001 0.001 0.001 0.001
|
||||
score MONEY_FRAUD_8 3.099 2.999 3.099 2.999
|
||||
score MONEY_FREEMAIL_REPTO 2.999 1.084 2.999 1.084
|
||||
score MONEY_FRAUD_8 0.001 0.001 0.001 0.001
|
||||
score MONEY_FREEMAIL_REPTO 2.489 0.598 2.489 0.598
|
||||
score MONEY_FROM_41 1.999 1.999 1.999 1.999
|
||||
score MONEY_FROM_MISSP 0.001 0.001 0.001 0.001
|
||||
score MONEY_NOHTML 2.499 2.499 2.499 2.499
|
||||
score MONEY_NOHTML 2.499 2.298 2.499 2.298
|
||||
score MSGID_DOLLARS_URI_IMG 1.000 1.000 1.000 1.000
|
||||
score MSGID_HDR_MALF 2.395 2.997 2.395 2.997
|
||||
score MSGID_NOFQDN1 0.001 1.935 0.001 1.935
|
||||
score MSM_PRIO_REPTO 1.000 1.000 1.000 1.000
|
||||
score NA_DOLLARS 1.499 0.001 1.499 0.001
|
||||
score MSGID_HDR_MALF 1.000 1.000 1.000 1.000
|
||||
score MSGID_NOFQDN1 1.748 2.999 1.748 2.999
|
||||
score MSM_PRIO_REPTO 2.500 2.499 2.500 2.499
|
||||
score NA_DOLLARS 1.499 0.277 1.499 0.277
|
||||
score NEWEGG_IMG_NOT_RCVD_NEGG 1.000 1.000 1.000 1.000
|
||||
score NEW_PRODUCTS 1.000 1.000 1.000 1.000
|
||||
score NICE_REPLY_A -1.545 -1.553 -1.545 -1.553
|
||||
score NORDNS_LOW_CONTRAST 0.001 0.953 0.001 0.953
|
||||
score NICE_REPLY_A -2.836 -3.565 -2.836 -3.565
|
||||
score NO_FM_NAME_IP_HOSTN 0.001 0.001 0.001 0.001
|
||||
score NSL_RCVD_FROM_USER 0.001 0.001 0.001 0.001
|
||||
score NSL_RCVD_HELO_USER 0.001 0.107 0.001 0.107
|
||||
score NSL_RCVD_HELO_USER 0.001 0.001 0.001 0.001
|
||||
score OBFU_BITCOIN 1.000 1.000 1.000 1.000
|
||||
score OBFU_TEXT_ATTACH 1.499 1.599 1.499 1.599
|
||||
score ODD_FREEM_REPTO 1.000 1.000 1.000 1.000
|
||||
score PDS_BAD_THREAD_QP_64 0.999 0.001 0.999 0.001
|
||||
score PDS_BTC_ID 0.499 0.499 0.499 0.499
|
||||
score PDS_BTC_MSGID 0.001 0.674 0.001 0.674
|
||||
score PDS_DBL_URL_TNB_RUNON 1.999 2.000 1.999 2.000
|
||||
score PDS_EMPTYSUBJ_URISHRT 0.736 1.499 0.736 1.499
|
||||
score PDS_FREEMAIL_REPLYTO_URISHRT 1.499 0.891 1.499 0.891
|
||||
score PDS_FRNOM_TODOM_DBL_URL 0.001 0.001 0.001 0.001
|
||||
score PDS_FRNOM_TODOM_NAKED_TO 1.499 0.291 1.499 0.291
|
||||
score PDS_FROM_NAME_TO_DOMAIN 2.000 1.130 2.000 1.130
|
||||
score OBFU_JVSCR_ESC 0.007 0.001 0.007 0.001
|
||||
score ODD_FREEM_REPTO 2.999 1.396 2.999 1.396
|
||||
score PDS_BAD_THREAD_QP_64 0.999 0.999 0.999 0.999
|
||||
score PDS_BTC_ID 0.499 0.500 0.499 0.500
|
||||
score PDS_BTC_MSGID 0.001 0.537 0.001 0.537
|
||||
score PDS_DBL_URL_TNB_RUNON 0.403 0.001 0.403 0.001
|
||||
score PDS_FRNOM_TODOM_DBL_URL 0.001 1.271 0.001 1.271
|
||||
score PDS_HELO_SPF_FAIL 0.001 1.999 0.001 1.999
|
||||
score PDS_HP_HELO_NORDNS 0.498 0.001 0.498 0.001
|
||||
score PDS_NAKED_TO_NUMERO 1.000 1.000 1.000 1.000
|
||||
score PDS_HP_HELO_NORDNS 0.669 0.001 0.669 0.001
|
||||
score PDS_OTHER_BAD_TLD 1.999 1.999 1.999 1.999
|
||||
score PDS_PHP_EVAL 1.500 1.499 1.500 1.499
|
||||
score PDS_TINYSUBJ_URISHRT 0.001 1.499 0.001 1.499
|
||||
score PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE 1.999 1.999 1.999 1.999
|
||||
score PDS_PHPEXP_BOT 1.499 1.242 1.499 1.242
|
||||
score PDS_PHP_EVAL 1.499 1.499 1.499 1.499
|
||||
score PHISH_AZURE_CLOUDAPP 3.500 3.500 3.500 3.500
|
||||
score PHISH_FBASEAPP 1.000 1.000 1.000 1.000
|
||||
score PHOTO_EDITING_DIRECT 1.360 1.815 1.360 1.815
|
||||
score PHP_NOVER_MUA 1.000 1.000 1.000 1.000
|
||||
score PHP_ORIG_SCRIPT 1.000 1.000 1.000 1.000
|
||||
score PHP_ORIG_SCRIPT_EVAL 3.000 2.999 3.000 2.999
|
||||
score PHP_ORIG_SCRIPT 1.399 2.130 1.399 2.130
|
||||
score PHP_ORIG_SCRIPT_EVAL 2.999 2.999 2.999 2.999
|
||||
score PHP_SCRIPT 2.499 2.499 2.499 2.499
|
||||
score PHP_SCRIPT_MUA 1.000 1.000 1.000 1.000
|
||||
score PP_MIME_FAKE_ASCII_TEXT 0.999 0.001 0.999 0.001
|
||||
@ -303,10 +299,9 @@ score PUMPDUMP 1.000 1.000 1.000 1.000
|
||||
score PUMPDUMP_MULTI 1.000 1.000 1.000 1.000
|
||||
score RAND_HEADER_LIST_SPOOF 1.000 1.000 1.000 1.000
|
||||
score RAND_HEADER_MANY 1.000 1.000 1.000 1.000
|
||||
score RAND_MKTG_HEADER 2.000 1.969 2.000 1.969
|
||||
score RATWARE_NO_RDNS 2.682 1.148 2.682 1.148
|
||||
score RAND_MKTG_HEADER 1.999 1.999 1.999 1.999
|
||||
score RATWARE_NO_RDNS 0.837 0.069 0.837 0.069
|
||||
score RCVD_DOTEDU_SHORT 1.000 1.000 1.000 1.000
|
||||
score RCVD_DOTEDU_SUSP 0.331 0.914 0.331 0.914
|
||||
score RCVD_DOTEDU_SUSP_URI 1.000 1.000 1.000 1.000
|
||||
score RCVD_IN_IADB_COURT 0.001 -0.001 0.001 -0.001
|
||||
score RCVD_IN_IADB_LEG_MAND 0.001 -0.001 0.001 -0.001
|
||||
@ -323,121 +318,122 @@ score RCVD_IN_MSPIKE_WL 0.001 0.001 0.001 0.001
|
||||
score RCVD_IN_MSPIKE_ZBI 0.001 0.001 0.001 0.001
|
||||
score RDNS_NUM_TLD_ATCHNX 1.000 1.000 1.000 1.000
|
||||
score RDNS_NUM_TLD_XM 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD 2.999 2.999 2.999 2.999
|
||||
score REPTO_419_FRAUD_AOL 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD_AOL_LOOSE 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD_CNS 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD_GM 2.999 2.794 2.999 2.794
|
||||
score REPTO_419_FRAUD_GM 2.999 2.505 2.999 2.505
|
||||
score REPTO_419_FRAUD_GM_LOOSE 0.999 0.999 0.999 0.999
|
||||
score REPTO_419_FRAUD_HM 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD_OL 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD_OL 2.670 2.119 2.670 2.119
|
||||
score REPTO_419_FRAUD_PM 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD_QQ 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD_YH 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD_YH_LOOSE 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD_YJ 1.000 1.639 1.000 1.639
|
||||
score REPTO_419_FRAUD_YJ 1.000 1.000 1.000 1.000
|
||||
score REPTO_419_FRAUD_YN 1.000 1.000 1.000 1.000
|
||||
score REPTO_INFONUMSCOM 1.000 1.000 1.000 1.000
|
||||
score RISK_FREE 0.001 0.354 0.001 0.354
|
||||
score SCC_BODY_SINGLE_WORD 0.001 0.001 0.001 0.001
|
||||
score SCC_BODY_URI_ONLY 1.940 2.699 1.940 2.699
|
||||
score SCC_CANSPAM_1 1.941 0.202 1.941 0.202
|
||||
score SCC_CANSPAM_2 3.799 3.599 3.799 3.599
|
||||
score SCC_CTMPP 2.210 1.756 2.210 1.756
|
||||
score RISK_FREE 2.299 0.001 2.299 0.001
|
||||
score SCC_BODY_SINGLE_WORD 1.629 0.166 1.629 0.166
|
||||
score SCC_BOGUS_CTE_1 0.001 0.001 0.001 0.001
|
||||
score SCC_CANSPAM_1 2.199 0.001 2.199 0.001
|
||||
score SCC_CANSPAM_2 2.000 3.522 2.000 3.522
|
||||
score SCC_ISEMM_LID_1 1.000 1.000 1.000 1.000
|
||||
score SCC_ISEMM_LID_1A 1.000 1.000 1.000 1.000
|
||||
score SCC_ISEMM_LID_1B 1.499 1.499 1.499 1.499
|
||||
score SCC_SPAMMER_ADDR_2 2.243 2.803 2.243 2.803
|
||||
score SENDGRID_REDIR 1.500 1.500 1.500 1.500
|
||||
score SCC_SPAMMER_ADDR_2 0.302 0.001 0.302 0.001
|
||||
score SENDGRID_REDIR 0.001 0.001 0.001 0.001
|
||||
score SENDGRID_REDIR_PHISH 1.000 1.000 1.000 1.000
|
||||
score SEO_SUSP_NTLD 1.000 1.000 1.000 1.000
|
||||
score SHOPIFY_IMG_NOT_RCVD_SFY 2.499 2.499 2.499 2.499
|
||||
score SHORTENER_SHORT_IMG 0.001 0.739 0.001 0.739
|
||||
score SHORTENER_SHORT_SUBJ 0.238 0.001 0.238 0.001
|
||||
score SHORT_IMG_SUSP_NTLD 1.000 1.000 1.000 1.000
|
||||
score SHORT_SHORTNER 1.999 0.001 1.999 0.001
|
||||
score SHORTENER_SHORT_IMG 0.001 2.051 0.001 2.051
|
||||
score SHORT_IMG_SUSP_NTLD 1.093 1.483 1.093 1.483
|
||||
score SHORT_SHORTNER 0.867 0.001 0.867 0.001
|
||||
score SHY_OBFU_EXPIRE 1.000 1.000 1.000 1.000
|
||||
score SHY_OBFU_PASSWORD 1.000 1.000 1.000 1.000
|
||||
score SPAM_CWINDOWSNET 0.349 0.685 0.349 0.685
|
||||
score SPOOFED_FREEMAIL 0.001 1.795 0.001 1.795
|
||||
score SPOOFED_FREEMAIL_NO_RDNS 1.155 0.001 1.155 0.001
|
||||
score SPOOFED_FREEM_REPTO 0.001 2.075 0.001 2.075
|
||||
score SPAM_CWINDOWSNET 1.118 2.112 1.118 2.112
|
||||
score SPOOFED_FREEMAIL 0.001 0.746 0.001 0.746
|
||||
score SPOOFED_FREEMAIL_NO_RDNS 0.432 0.001 0.432 0.001
|
||||
score SPOOFED_FREEM_REPTO 0.001 2.499 0.001 2.499
|
||||
score SPOOFED_FREEM_REPTO_CHN 0.001 1.000 0.001 1.000
|
||||
score SPOOFED_FREEM_REPTO_RUS 0.001 1.000 0.001 1.000
|
||||
score SPOOF_GMAIL_MID 1.499 0.998 1.499 0.998
|
||||
score STATIC_XPRIO_OLE 1.995 0.764 1.995 0.764
|
||||
score SPOOF_GMAIL_MID 1.499 1.338 1.499 1.338
|
||||
score STATIC_XPRIO_OLE 0.001 0.754 0.001 0.754
|
||||
score STOCK_TIP 1.000 1.000 1.000 1.000
|
||||
score SUBJ_ATTENTION 0.499 0.499 0.499 0.499
|
||||
score SUBJ_BRKN_WORDNUMS 1.000 1.000 1.000 1.000
|
||||
score SURBL_BLOCKED 0.001 0.001 0.001 0.001
|
||||
score SUSP_UTF8_WORD_FROM 1.999 1.999 1.999 1.999
|
||||
score SUSP_UTF8_WORD_MANY 2.999 2.999 2.999 2.999
|
||||
score SUSP_UTF8_WORD_SUBJ 1.999 1.999 1.999 1.999
|
||||
score SYSADMIN 1.000 1.000 1.000 1.000
|
||||
score TAGSTAT_IMG_NOT_RCVD_TGST 1.000 1.000 1.000 1.000
|
||||
score TARINGANET_IMG_NOT_RCVD_TN 1.000 1.000 1.000 1.000
|
||||
score THIS_AD 2.299 2.155 2.299 2.155
|
||||
score THIS_IS_ADV_SUSP_NTLD 1.226 1.499 1.226 1.499
|
||||
score THIS_AD 1.299 1.366 1.299 1.366
|
||||
score THIS_IS_ADV_SUSP_NTLD 1.000 1.000 1.000 1.000
|
||||
score TONLINE_FAKE_DKIM 1.000 1.000 1.000 1.000
|
||||
score TO_EQ_FM_DIRECT_MX 0.001 0.001 0.001 0.001
|
||||
score TO_EQ_FM_DOM_SPF_FAIL 0.001 0.690 0.001 0.690
|
||||
score TO_EQ_FM_HTML_ONLY 0.001 0.001 0.001 0.001
|
||||
score TO_EQ_FM_SPF_FAIL 0.001 0.213 0.001 0.213
|
||||
score TO_IN_SUBJ 0.100 0.099 0.100 0.099
|
||||
score TO_NAME_SUBJ_NO_RDNS 2.915 1.801 2.915 1.801
|
||||
score TO_NO_BRKTS_FROM_MSSP 2.500 2.499 2.500 2.499
|
||||
score TO_NO_BRKTS_HTML_IMG 1.902 1.799 1.902 1.799
|
||||
score TO_NO_BRKTS_HTML_ONLY 1.999 1.999 1.999 1.999
|
||||
score TO_NO_BRKTS_MSFT 1.006 2.129 1.006 2.129
|
||||
score TO_NO_BRKTS_NORDNS_HTML 1.999 1.626 1.999 1.626
|
||||
score TO_NO_BRKTS_PCNT 2.500 2.499 2.500 2.499
|
||||
score TVD_SPACE_ENCODED 2.499 1.260 2.499 1.260
|
||||
score TVD_SPACE_RATIO_MINFP 2.352 0.001 2.352 0.001
|
||||
score TO_EQ_FM_DOM_HTML_IMG 2.499 2.091 2.499 2.091
|
||||
score TO_EQ_FM_DOM_HTML_ONLY 0.001 1.312 0.001 1.312
|
||||
score TO_EQ_FM_DOM_SPF_FAIL 0.001 0.001 0.001 0.001
|
||||
score TO_EQ_FM_HTML_ONLY 0.001 0.312 0.001 0.312
|
||||
score TO_EQ_FM_SPF_FAIL 0.001 1.054 0.001 1.054
|
||||
score TO_IN_SUBJ 0.099 0.100 0.099 0.100
|
||||
score TO_NAME_SUBJ_NO_RDNS 2.786 2.999 2.786 2.999
|
||||
score TO_NO_BRKTS_FROM_MSSP 2.499 1.319 2.499 1.319
|
||||
score TO_NO_BRKTS_HTML_IMG 1.999 1.999 1.999 1.999
|
||||
score TO_NO_BRKTS_HTML_ONLY 1.999 2.000 1.999 2.000
|
||||
score TO_NO_BRKTS_MSFT 0.001 0.001 0.001 0.001
|
||||
score TO_NO_BRKTS_NORDNS_HTML 1.787 1.134 1.787 1.134
|
||||
score TO_NO_BRKTS_PCNT 2.499 2.400 2.499 2.400
|
||||
score TVD_RCVD_SPACE_BRACKET 2.535 2.599 2.535 2.599
|
||||
score TVD_SPACE_ENCODED 1.364 0.001 1.364 0.001
|
||||
score TVD_SPACE_RATIO_MINFP 1.239 0.001 1.239 0.001
|
||||
score TW_GIBBERISH_MANY 1.000 1.000 1.000 1.000
|
||||
score UC_GIBBERISH_OBFU 1.000 1.000 1.000 1.000
|
||||
score UNDISC_FREEM 2.699 2.599 2.699 2.599
|
||||
score UNDISC_MONEY 2.999 2.900 2.999 2.900
|
||||
score UNDISC_FREEM 2.699 2.208 2.699 2.208
|
||||
score UNDISC_MONEY 2.091 0.812 2.091 0.812
|
||||
score UNICODE_OBFU_ASC 2.499 2.499 2.499 2.499
|
||||
score UNICODE_OBFU_ZW 1.000 1.000 1.000 1.000
|
||||
score UNICODE_OBFU_ZW_MANY 0.001 0.001 0.001 0.001
|
||||
score UNSUB_GOOG_FORM 1.000 1.000 1.000 1.000
|
||||
score URI_ADOBESPARK 1.000 1.000 1.000 1.000
|
||||
score URI_AZURE_CLOUDAPP 2.999 2.999 2.999 2.999
|
||||
score URI_AZURE_CLOUDAPP 1.000 1.000 1.000 1.000
|
||||
score URI_CLOUDFLAREIPFS 2.499 2.500 2.499 2.500
|
||||
score URI_DASHGOVEDU 1.000 1.000 1.000 1.000
|
||||
score URI_DATA 1.000 1.000 1.000 1.000
|
||||
score URI_DOTEDU 1.999 1.999 1.999 1.999
|
||||
score URI_DOTEDU 1.999 1.000 1.999 1.000
|
||||
score URI_DOTEDU_ENTITY 1.000 1.000 1.000 1.000
|
||||
score URI_DQ_UNSUB 2.399 2.240 2.399 2.240
|
||||
score URI_FIREBASEAPP 1.000 1.000 1.000 1.000
|
||||
score URI_GOOGLE_PROXY 2.199 2.199 2.199 2.199
|
||||
score URI_GOOG_STO_SPAMMY 3.000 2.999 3.000 2.999
|
||||
score URI_GOOGLE_PROXY 2.299 2.115 2.299 2.115
|
||||
score URI_GOOG_STO_SPAMMY 2.999 2.999 2.999 2.999
|
||||
score URI_HEX_IP 1.000 1.000 1.000 1.000
|
||||
score URI_IMG_CWINDOWSNET 3.129 1.911 3.129 1.911
|
||||
score URI_IMG_CWINDOWSNET 0.001 0.001 0.001 0.001
|
||||
score URI_IMG_WP_REDIR 1.000 1.000 1.000 1.000
|
||||
score URI_LONG_REPEAT 1.000 1.000 1.000 1.000
|
||||
score URI_ONLY_MSGID_MALF 0.528 1.999 0.528 1.999
|
||||
score URI_MALWARE_BH 0.999 0.999 0.999 0.999
|
||||
score URI_ONLY_MSGID_MALF 1.999 1.999 1.999 1.999
|
||||
score URI_OPTOUT_3LD 1.000 1.000 1.000 1.000
|
||||
score URI_PHISH 3.999 3.999 3.999 3.999
|
||||
score URI_PHISH 0.001 0.001 0.001 0.001
|
||||
score URI_PHP_REDIR 1.000 1.000 1.000 1.000
|
||||
score URI_TRY_3LD 1.999 1.999 1.999 1.999
|
||||
score URI_TRY_USME 1.000 1.000 1.000 1.000
|
||||
score URI_WPADMIN 2.399 2.399 2.399 2.399
|
||||
score URI_WPADMIN 2.399 2.199 2.399 2.199
|
||||
score URI_WP_DIRINDEX 1.000 1.000 1.000 1.000
|
||||
score URI_WP_HACKED 3.499 3.499 3.499 3.499
|
||||
score URI_WP_HACKED_2 2.499 2.499 2.499 2.499
|
||||
score URI_WP_HACKED 1.803 3.499 1.803 3.499
|
||||
score URI_WP_HACKED_2 0.727 0.596 0.727 0.596
|
||||
score USB_DRIVES 1.000 1.000 1.000 1.000
|
||||
score VFY_ACCT_NORDNS 2.881 2.999 2.881 2.999
|
||||
score VISTA_COST 1.000 1.000 1.000 1.000
|
||||
score VISTA_TONOM_EQ_TOLOC 2.499 0.860 2.499 0.860
|
||||
score VFY_ACCT_NORDNS 2.798 2.999 2.798 2.999
|
||||
score VISTA_COST 2.115 2.499 2.115 2.499
|
||||
score VISTA_TONOM_EQ_TOLOC 0.491 0.001 0.491 0.001
|
||||
score VPS_NO_NTLD 1.000 1.000 1.000 1.000
|
||||
score WALMART_IMG_NOT_RCVD_WAL 1.000 1.000 1.000 1.000
|
||||
score WIKI_IMG 3.199 3.099 3.199 3.099
|
||||
score WORD_INVIS 1.572 1.898 1.572 1.898
|
||||
score WIKI_IMG 3.399 2.399 3.399 2.399
|
||||
score WORD_INVIS 1.000 1.000 1.000 1.000
|
||||
score WORD_INVIS_MANY 2.999 2.999 2.999 2.999
|
||||
score XFER_LOTSA_MONEY 0.001 0.001 0.001 0.001
|
||||
score XM_DIGITS_ONLY 1.000 1.000 1.000 1.000
|
||||
score XM_LIGHT_HEAVY 2.499 2.499 2.499 2.499
|
||||
score XM_RANDOM 2.499 2.499 2.499 2.499
|
||||
score XM_RECPTID 3.000 2.999 3.000 2.999
|
||||
score XPRIO 0.700 2.249 0.700 2.249
|
||||
score XM_RECPTID 2.999 2.395 2.999 2.395
|
||||
score XPRIO 0.001 0.452 0.001 0.452
|
||||
score XPRIO_SHORT_SUBJ 1.000 1.000 1.000 1.000
|
||||
score XPRIO_VISTA 1.000 1.000 1.000 1.000
|
||||
score YOU_INHERIT 2.266 1.682 2.266 1.682
|
||||
score XPRIO_VISTA 1.172 0.001 1.172 0.001
|
||||
score YOU_INHERIT 1.792 2.142 1.792 2.142
|
||||
|
||||
@ -22,7 +22,7 @@
|
||||
#
|
||||
###########################################################################
|
||||
|
||||
require_version 4.000000
|
||||
require_version 4.000001
|
||||
|
||||
# jhardin
|
||||
# things depend on these
|
||||
|
||||
Loading…
Reference in New Issue
Block a user