proxmox-mirrors/proxmox-spamassassin
1
0
Fork 0
mirror of https://git.proxmox.com/git/proxmox-spamassassin synced 2025-04-28 12:19:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

update SpamAssassin signatures

Browse Source 
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
This commit is contained in:
Stoiko Ivanov 2021-04-13 11:43:56 +02:00
parent 79fe35d4fe
commit cabe596e29
20 changed files with 417 additions and 376 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
sa-updates/20_advance_fee.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
# predicate naming used to avoid renumbering
# 1. assign new rules a random unique three letter sequence

2
sa-updates/20_body_tests.cf
View File

@ -30,7 +30,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
###########################################################################
# GTUBE test - the generic test for UBE.

2
sa-updates/20_compensate.cf
View File

@ -24,7 +24,7 @@
###########################################################################
# Header compensation tests
require_version 3.004005
require_version 3.004006
header __HAS_RCVD exists:Received
meta NO_RECEIVED (!__HAS_RCVD)

55
sa-updates/20_dnsbl_tests.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
###########################################################################
@ -203,27 +203,48 @@ tflags RCVD_IN_IADB_VOUCHED net nice
reuse RCVD_IN_IADB_VOUCHED
# ---------------------------------------------------------------------------
# Return Path Certified:
# https://www.returnpath.net/internetserviceprovider/certification/
# Validity (née Return Path, SenderScore) reputation DNSBLs
# https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6247
# Certified:
# https://www.validity.com/resource-center/fact-sheet-certification/
# (replaces RCVD_IN_BSP_TRUSTED, RCVD_IN_BSP_OTHER, RCVD_IN_SSC_TRUSTED_COI)
header RCVD_IN_RP_CERTIFIED eval:check_rbl_txt('ssc-firsttrusted', 'sa-trusted.bondedsender.org.')
describe RCVD_IN_RP_CERTIFIED Sender in ReturnPath Certified - Contact cert-sa@returnpath.net
tflags RCVD_IN_RP_CERTIFIED net nice
header RCVD_IN_VALIDITY_CERTIFIED eval:check_rbl_txt('ssc-firsttrusted', 'sa-trusted.bondedsender.org.')
describe RCVD_IN_VALIDITY_CERTIFIED Sender in Validity Certification - Contact certification@validity.com
tflags RCVD_IN_VALIDITY_CERTIFIED net nice publish
reuse RCVD_IN_VALIDITY_CERTIFIED
# Safe:
# https://www.validity.com/resource-center/fact-sheet-certification/
# (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED)
header RCVD_IN_VALIDITY_SAFE eval:check_rbl_txt('ssc-firsttrusted','sa-accredit.habeas.com.')
describe RCVD_IN_VALIDITY_SAFE Sender in Validity Safe - Contact certification@validity.com
tflags RCVD_IN_VALIDITY_SAFE net nice publish
reuse RCVD_IN_VALIDITY_SAFE
# Validity RPBL (née Return Path Reputation Network Blacklist - RNBL):
# https://www.senderscore.org/blocklistlookup/
header RCVD_IN_VALIDITY_RPBL eval:check_rbl('rnbl-lastexternal','bl.score.senderscore.com.')
describe RCVD_IN_VALIDITY_RPBL Relay in Validity RPBL, https://senderscore.org/blocklistlookup/
tflags RCVD_IN_VALIDITY_RPBL net publish
reuse RCVD_IN_VALIDITY_RPBL
# temporary
meta RCVD_IN_RP_CERTIFIED RCVD_IN_VALIDITY_CERTIFIED
describe RCVD_IN_RP_CERTIFIED RCVD_IN_RP_CERTIFIED renamed to RCVD_IN_VALIDITY_CERTIFIED, please update local rules
score RCVD_IN_RP_CERTIFIED -0.001
tflags RCVD_IN_RP_CERTIFIED net nice publish
reuse RCVD_IN_RP_CERTIFIED
# Return Path Safe:
# https://www.returnpath.net/internetserviceprovider/certification/
# (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED)
header RCVD_IN_RP_SAFE eval:check_rbl_txt('ssc-firsttrusted','sa-accredit.habeas.com.')
describe RCVD_IN_RP_SAFE Sender in ReturnPath Safe - Contact safe-sa@returnpath.net
tflags RCVD_IN_RP_SAFE net nice
meta RCVD_IN_RP_SAFE RCVD_IN_VALIDITY_SAFE
describe RCVD_IN_RP_SAFE RCVD_IN_RP_SAFE renamed to RCVD_IN_VALIDITY_SAFE, please update local rules
score RCVD_IN_RP_SAFE -0.001
tflags RCVD_IN_RP_SAFE net nice publish
reuse RCVD_IN_RP_SAFE
# Return Path Reputation Network Blacklist (RNBL):
# https://senderscore.org/blacklistlookup/
header RCVD_IN_RP_RNBL eval:check_rbl('rnbl-lastexternal','bl.score.senderscore.com.')
describe RCVD_IN_RP_RNBL Relay in RNBL, https://senderscore.org/blacklistlookup/
tflags RCVD_IN_RP_RNBL net
meta RCVD_IN_RP_RNBL RCVD_IN_VALIDITY_RPBL
describe RCVD_IN_RP_RNBL RCVD_IN_RP_RNBL renamed to RCVD_IN_VALIDITY_RPBL, please update local rules
score RCVD_IN_RP_RNBL 0.001
tflags RCVD_IN_RP_RNBL net publish
reuse RCVD_IN_RP_RNBL
endif

2
sa-updates/20_drugs.cf
View File

@ -31,7 +31,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
###########################################################################
# header rules

2
sa-updates/20_dynrdns.cf
View File

@ -25,7 +25,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
# ---------------------------------------------------------------------------

2
sa-updates/20_fake_helo_tests.cf
View File

@ -25,7 +25,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
#---------------------------------------------------------------------------
# Handle hosts that look like HELO_DYNAMIC hosts

2
sa-updates/20_head_tests.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
###########################################################################

2
sa-updates/20_html_tests.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
# HTML parser tests
#

2
sa-updates/20_meta_tests.cf
View File

@ -29,7 +29,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
# some tests that will trigger FPs on ISO-2022-JP mails.

2
sa-updates/20_net_tests.cf
View File

@ -30,7 +30,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
# bug 2220. nice results
meta DIGEST_MULTIPLE RAZOR2_CHECK + DCC_CHECK + PYZOR_CHECK > 1

2
sa-updates/20_phrases.cf
View File

@ -27,7 +27,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
###########################################################################

2
sa-updates/20_porn.cf
View File

@ -27,7 +27,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
###########################################################################

2
sa-updates/20_uri_tests.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
# possible IDN spoofing attack: https://web.archive.org/web/20141006091906/https://www.shmoo.com/idn/homograph.txt
# not expecting any hits on this (yet)

2
sa-updates/23_bayes.cf
View File

@ -23,7 +23,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
###########################################################################

4
sa-updates/25_asn.cf
View File

@ -33,7 +33,7 @@
# Usage changed in 4.0: there is also direct GeoDB/GeoIP support,
# users should configure manually as described in plugin documentation.
ifplugin Mail::SpamAssassin::Plugin::ASN
if can(Mail::SpamAssassin::Plugin::ASN::has_check_asn)
if !(can(Mail::SpamAssassin::Plugin::ASN::has_check_asn))
asn_lookup asn.routeviews.org _ASN_ _ASNCIDR_
add_header all ASN _ASN_ _ASNCIDR_
@ -41,5 +41,5 @@ if can(Mail::SpamAssassin::Plugin::ASN::has_check_asn)
#if can(Mail::SpamAssassin::Plugin::ASN::has_asn_lookup_ipv6)
# asn_lookup_ipv6 origin6.asn.cymru.com _ASN_ _ASNCIDR_
#endif
endif # has_check_asn
endif # !has_check_asn
endif # Mail::SpamAssassin::Plugin::ASN

10
sa-updates/50_scores.cf
View File

@ -281,7 +281,7 @@ score RCVD_FORGED_WROTE 0 # n=0 n=1 n=2 n=3
score RCVD_FORGED_WROTE2 0 # n=0 n=1 n=2 n=3
#score RCVD_IN_BRBL_LASTEXT 0 1.644 0 1.449 # n=0 n=2
score RCVD_IN_PSBL 0 2.700 0 2.700 # n=0 n=2
score RCVD_IN_RP_RNBL 0 1.284 0 1.310 # n=0 n=2
score RCVD_IN_VALIDITY_RPBL 0 1.284 0 1.310 # n=0 n=2
score RCVD_MAIL_COM 0 # n=0 n=1 n=2 n=3
score RDNS_DYNAMIC 2.639 0.363 1.663 0.982
score RDNS_LOCALHOST 3.700 0.969 2.345 0.001
@ -520,12 +520,12 @@ score NO_DNS_FOR_FROM 0 0.379 0 0.001 # n=0 n=2
score RCVD_IN_ZEN_BLOCKED_OPENDNS 0 0.001 0 0.001
score RCVD_IN_ZEN_BLOCKED 0 0.001 0 0.001
# ReturnPath Certified
# https://www.returnpath.net/internetserviceprovider/certification/
# Validity (née ReturnPath) Certified
# https://www.validity.com/resource-center/fact-sheet-certification/
# CERTIFIED is a subset of SAFE, thus the score is cumulative.
# -2 + -3 = -5 points for CERTIFIED
score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0
score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0
score RCVD_IN_VALIDITY_CERTIFIED 0.0 -3.0 0.0 -3.0
score RCVD_IN_VALIDITY_SAFE 0.0 -2.0 0.0 -2.0
# DNSWL is a commercial service that requires payment for servers over 100K queries daily.
# Unfortunately, they will return true answers for DNS servers they consider abusive so

250
sa-updates/72_active.cf
View File

File diff suppressed because one or more lines are too long

443
sa-updates/72_scores.cf
View File

@ -1,7 +1,7 @@
score ACCT_PHISHING_MANY 2.999 2.999 2.999 2.999
score AC_BR_BONANZA 0.001 0.001 0.001 0.001
score AC_DIV_BONANZA 0.001 0.001 0.001 0.001
score AC_FROM_MANY_DOTS 3.000 2.999 3.000 2.999
score AC_FROM_MANY_DOTS 2.999 2.999 2.999 2.999
score AC_HTML_NONSENSE_TAGS 1.999 1.999 1.999 1.999
score AC_POST_EXTRAS 1.000 1.000 1.000 1.000
score AC_SPAMMY_URI_PATTERNS1 1.000 1.000 1.000 1.000
@ -13,43 +13,43 @@ score AC_SPAMMY_URI_PATTERNS3 1.000 1.000 1.000 1.000
score AC_SPAMMY_URI_PATTERNS4 1.000 1.000 1.000 1.000
score AC_SPAMMY_URI_PATTERNS8 1.000 1.000 1.000 1.000
score AC_SPAMMY_URI_PATTERNS9 1.000 1.000 1.000 1.000
score ADMITS_SPAM 4.099 3.699 4.099 3.699
score ADMITS_SPAM 4.199 4.199 4.199 4.199
score ADVANCE_FEE_2_NEW_FORM 1.000 1.000 1.000 1.000
score ADVANCE_FEE_2_NEW_FRM_MNY 1.419 2.499 1.419 2.499
score ADVANCE_FEE_2_NEW_MONEY 0.675 0.001 0.675 0.001
score ADVANCE_FEE_3_NEW 2.848 0.586 2.848 0.586
score ADVANCE_FEE_3_NEW_FRM_MNY 0.001 1.606 0.001 1.606
score ADVANCE_FEE_3_NEW_MONEY 2.999 2.899 2.999 2.899
score ADVANCE_FEE_4_NEW 2.550 2.149 2.550 2.149
score ADVANCE_FEE_2_NEW_FRM_MNY 2.499 1.781 2.499 1.781
score ADVANCE_FEE_2_NEW_MONEY 1.999 1.999 1.999 1.999
score ADVANCE_FEE_3_NEW 3.499 3.499 3.499 3.499
score ADVANCE_FEE_3_NEW_FRM_MNY 0.001 1.946 0.001 1.946
score ADVANCE_FEE_3_NEW_MONEY 2.491 2.588 2.491 2.588
score ADVANCE_FEE_4_NEW 2.599 2.137 2.599 2.137
score ADVANCE_FEE_4_NEW_FRM_MNY 0.001 0.001 0.001 0.001
score ADVANCE_FEE_4_NEW_MONEY 1.690 0.431 1.690 0.431
score ADVANCE_FEE_5_NEW 2.801 2.999 2.801 2.999
score ADVANCE_FEE_5_NEW_FRM_MNY 0.001 0.001 0.001 0.001
score ADVANCE_FEE_4_NEW_MONEY 1.575 0.001 1.575 0.001
score ADVANCE_FEE_5_NEW 2.600 2.399 2.600 2.399
score ADVANCE_FEE_5_NEW_FRM_MNY 1.997 2.699 1.997 2.699
score ADVANCE_FEE_5_NEW_MONEY 0.001 0.001 0.001 0.001
score AD_PREFS 0.250 0.250 0.250 0.250
score ALIBABA_IMG_NOT_RCVD_ALI 2.500 2.499 2.500 2.499
score AMAZON_IMG_NOT_RCVD_AMZN 2.499 1.780 2.499 1.780
score ALIBABA_IMG_NOT_RCVD_ALI 2.499 1.426 2.499 1.426
score AMAZON_IMG_NOT_RCVD_AMZN 2.499 2.499 2.499 2.499
score APP_DEVELOPMENT_FREEM 1.000 1.000 1.000 1.000
score APP_DEVELOPMENT_NORDNS 1.999 1.999 1.999 1.999
score APP_DEVELOPMENT_NORDNS 1.222 1.999 1.222 1.999
score AXB_XMAILER_MIMEOLE_OL_024C2 0.001 0.001 0.001 0.001
score AXB_XMAILER_MIMEOLE_OL_1ECD5 1.097 0.558 1.097 0.558
score BIGNUM_EMAILS_FREEM 0.001 0.001 0.001 0.001
score BIGNUM_EMAILS_MANY 2.999 2.999 2.999 2.999
score AXB_XMAILER_MIMEOLE_OL_1ECD5 2.345 0.934 2.345 0.934
score BIGNUM_EMAILS_FREEM 2.999 1.497 2.999 1.497
score BIGNUM_EMAILS_MANY 1.000 1.000 1.000 1.000
score BITCOIN_BOMB 1.000 1.000 1.000 1.000
score BITCOIN_DEADLINE 0.001 0.001 0.001 0.001
score BITCOIN_EXTORT_01 0.001 0.714 0.001 0.714
score BITCOIN_DEADLINE 1.720 2.999 1.720 2.999
score BITCOIN_EXTORT_01 1.691 0.001 1.691 0.001
score BITCOIN_EXTORT_02 1.000 1.000 1.000 1.000
score BITCOIN_IMGUR 3.499 3.499 3.499 3.499
score BITCOIN_IMGUR 2.857 3.432 2.857 3.432
score BITCOIN_MALF_HTML 3.499 3.499 3.499 3.499
score BITCOIN_MALWARE 2.021 0.001 2.021 0.001
score BITCOIN_OBFU_SUBJ 0.055 2.966 0.055 2.966
score BITCOIN_ONAN 2.599 2.999 2.599 2.999
score BITCOIN_MALWARE 2.781 2.522 2.781 2.522
score BITCOIN_OBFU_SUBJ 1.000 1.000 1.000 1.000
score BITCOIN_ONAN 1.000 1.000 1.000 1.000
score BITCOIN_PAY_ME 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_01 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_02 2.480 1.790 2.480 1.790
score BITCOIN_SPAM_03 1.000 1.911 1.000 1.911
score BITCOIN_SPAM_02 2.499 2.499 2.499 2.499
score BITCOIN_SPAM_03 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_04 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_05 0.001 0.001 0.001 0.001
score BITCOIN_SPAM_05 0.001 2.499 0.001 2.499
score BITCOIN_SPAM_06 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_07 3.499 3.499 3.499 3.499
score BITCOIN_SPAM_08 1.000 1.000 1.000 1.000
@ -58,24 +58,23 @@ score BITCOIN_SPAM_10 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_11 1.000 1.000 1.000 1.000
score BITCOIN_SPAM_12 1.000 1.000 1.000 1.000
score BITCOIN_SPF_ONLYALL 0.001 1.000 0.001 1.000
score BITCOIN_XPRIO 0.309 0.867 0.309 0.867
score BITCOIN_YOUR_INFO 2.113 0.001 2.113 0.001
score BODY_EMPTY 1.999 0.986 1.999 0.986
score BODY_SINGLE_URI 2.499 0.001 2.499 0.001
score BODY_SINGLE_WORD 0.245 0.964 0.245 0.964
score BODY_URI_ONLY 2.608 1.905 2.608 1.905
score BOGUS_MIME_VERSION 3.500 3.499 3.500 3.499
score BITCOIN_XPRIO 2.499 2.499 2.499 2.499
score BITCOIN_YOUR_INFO 2.468 2.486 2.468 2.486
score BODY_SINGLE_URI 0.962 0.001 0.962 0.001
score BODY_SINGLE_WORD 0.240 0.001 0.240 0.001
score BODY_URI_ONLY 2.693 1.569 2.693 1.569
score BOGUS_MIME_VERSION 3.499 2.703 3.499 2.703
score BOGUS_MSM_HDRS 1.000 1.000 1.000 1.000
score BOMB_FREEM 1.999 1.373 1.999 1.373
score BOMB_MONEY 1.855 2.142 1.855 2.142
score BOMB_FREEM 1.000 1.000 1.000 1.000
score BOMB_MONEY 1.000 1.000 1.000 1.000
score BTC_ORG 1.000 1.000 1.000 1.000
score BULK_RE_SUSP_NTLD 1.000 1.000 1.000 1.000
score BULK_RE_SUSP_NTLD 0.999 0.001 0.999 0.001
score CANT_SEE_AD 1.000 1.000 1.000 1.000
score CK_HELO_GENERIC 0.249 0.250 0.249 0.250
score COMMENT_GIBBERISH 1.000 1.000 1.000 1.000
score COMPENSATION 1.126 1.000 1.126 1.000
score COMPENSATION 1.499 1.000 1.499 1.000
score CONTENT_AFTER_HTML 2.499 2.499 2.499 2.499
score CTE_8BIT_MISMATCH 0.999 0.999 0.999 0.999
score CTE_8BIT_MISMATCH 1.000 0.999 1.000 0.999
score DATE_IN_FUTURE_96_Q 2.495 2.299 2.495 2.299
score DAY_I_EARNED 1.000 1.000 1.000 1.000
score DEAR_BENEFICIARY 0.001 0.001 0.001 0.001
score DKIMWL_BL 0.001 2.999 0.001 2.999
@ -85,147 +84,145 @@ score DKIMWL_WL_MED 0.001 -0.001 0.001 -0.001
score DKIMWL_WL_MEDHI 0.001 -1.000 0.001 -1.000
score DOTGOV_IMAGE 1.000 1.000 1.000 1.000
score DSN_NO_MIMEVERSION 1.999 1.999 1.999 1.999
score DYNAMIC_IMGUR 3.106 3.999 3.106 3.999
score EBAY_IMG_NOT_RCVD_EBAY 2.320 2.999 2.320 2.999
score DYNAMIC_IMGUR 1.000 1.000 1.000 1.000
score EBAY_IMG_NOT_RCVD_EBAY 2.999 1.835 2.999 1.835
score ENCRYPTED_MESSAGE -1.000 -1.000 -1.000 -1.000
score END_FUTURE_EMAILS 2.100 1.571 2.100 1.571
score END_FUTURE_EMAILS 2.099 1.314 2.099 1.314
score ENVFROM_GOOG_TRIX 1.000 1.000 1.000 1.000
score FAKE_REPLY_A1 3.099 2.600 3.099 2.600
score FAKE_REPLY_A1 3.105 3.999 3.105 3.999
score FAKE_REPLY_B 0.635 2.403 0.635 2.403
score FBI_MONEY 1.000 1.000 1.000 1.000
score FBI_SPOOF 1.000 1.000 1.000 1.000
score FILL_THIS_FORM 1.199 0.001 1.199 0.001
score FONT_INVIS_DIRECT 1.445 2.946 1.445 2.946
score FONT_INVIS_DIRECT 2.232 2.010 2.232 2.010
score FONT_INVIS_DOTGOV 1.000 1.000 1.000 1.000
score FONT_INVIS_HTML_NOHTML 1.759 1.631 1.759 1.631
score FONT_INVIS_LONG_LINE 1.000 1.000 1.000 1.000
score FONT_INVIS_MSGID 2.425 1.710 2.425 1.710
score FONT_INVIS_NORDNS 2.499 2.500 2.499 2.500
score FONT_INVIS_POSTEXTRAS 1.000 1.000 1.000 1.000
score FORM_FRAUD 0.999 0.999 0.999 0.999
score FORM_FRAUD_3 0.001 0.001 0.001 0.001
score FONT_INVIS_HTML_NOHTML 2.999 2.882 2.999 2.882
score FONT_INVIS_LONG_LINE 2.385 2.999 2.385 2.999
score FONT_INVIS_MSGID 2.500 2.491 2.500 2.491
score FONT_INVIS_NORDNS 2.499 2.499 2.499 2.499
score FONT_INVIS_POSTEXTRAS 3.182 3.499 3.182 3.499
score FORM_FRAUD 0.999 0.001 0.999 0.001
score FORM_FRAUD_3 0.001 0.846 0.001 0.846
score FORM_FRAUD_5 0.001 0.001 0.001 0.001
score FORM_LOW_CONTRAST 1.000 1.000 1.000 1.000
score FOUND_YOU 2.991 3.249 2.991 3.249
score FOUND_YOU 3.249 3.249 3.249 3.249
score FREEMAIL_FORGED_FROMDOMAIN 0.249 0.249 0.249 0.249
score FREEM_FRNUM_UNICD_EMPTY 1.000 1.000 1.000 1.000
score FRNAME_IN_MSG_XPRIO_NO_SUB 1.000 1.000 1.000 1.000
score FROMSPACE 2.767 0.065 2.767 0.065
score FROM_2_EMAILS_SHORT 2.999 2.999 2.999 2.999
score FROM_ADDR_WS 2.999 2.999 2.999 2.999
score FROM_BANK_NOAUTH 0.001 1.000 0.001 1.000
score FROM_FMBLA_NDBLOCKED 0.001 0.001 0.001 0.001
score FROM_FMBLA_NEWDOM 0.001 1.499 0.001 1.499
score FROM_FMBLA_NEWDOM14 0.001 1.000 0.001 1.000
score FROM_FMBLA_NEWDOM28 0.001 0.799 0.001 0.799
score FROM_FMBLA_NEWDOM14 0.001 0.999 0.001 0.999
score FROM_FMBLA_NEWDOM28 0.001 0.800 0.001 0.800
score FROM_GOV_DKIM_AU 0.001 -0.001 0.001 -0.001
score FROM_GOV_REPLYTO_FREEMAIL 0.001 1.000 0.001 1.000
score FROM_GOV_SPOOF 0.001 0.999 0.001 0.999
score FROM_IN_TO_AND_SUBJ 2.399 2.199 2.399 2.199
score FROM_MISSPACED 0.001 0.001 0.001 0.001
score FROM_MISSP_DYNIP 1.582 2.299 1.582 2.299
score FROM_GOV_SPOOF 0.001 1.000 0.001 1.000
score FROM_MISSPACED 0.685 0.001 0.685 0.001
score FROM_MISSP_DYNIP 0.001 2.449 0.001 2.449
score FROM_MISSP_EH_MATCH 0.001 0.001 0.001 0.001
score FROM_MISSP_FREEMAIL 0.397 0.001 0.397 0.001
score FROM_MISSP_FREEMAIL 2.889 0.001 2.889 0.001
score FROM_MISSP_MSFT 0.001 0.001 0.001 0.001
score FROM_MISSP_REPLYTO 0.001 0.001 0.001 0.001
score FROM_MISSP_SPF_FAIL 0.001 0.001 0.001 0.001
score FROM_MISSP_TO_UNDISC 1.457 1.981 1.457 1.981
score FROM_MISSP_REPLYTO 1.800 1.740 1.800 1.740
score FROM_MISSP_SPF_FAIL 0.001 2.000 0.001 2.000
score FROM_MISSP_TO_UNDISC 0.761 0.001 0.761 0.001
score FROM_MISSP_USER 0.001 0.001 0.001 0.001
score FROM_MULTI_NORDNS 0.348 0.971 0.348 0.971
score FROM_MULTI_NORDNS 0.001 0.961 0.001 0.961
score FROM_NEWDOM_BTC 0.001 1.000 0.001 1.000
score FROM_NTLD_LINKBAIT 1.000 0.418 1.000 0.418
score FROM_NTLD_REPLY_FREEMAIL 1.484 1.999 1.484 1.999
score FROM_NTLD_LINKBAIT 1.000 0.001 1.000 0.001
score FROM_NTLD_REPLY_FREEMAIL 1.737 1.999 1.737 1.999
score FROM_NUMBERO_NEWDOMAIN 0.001 1.000 0.001 1.000
score FROM_NUMERIC_TLD 1.000 1.000 1.000 1.000
score FROM_PAYPAL_SPOOF 0.001 0.434 0.001 0.434
score FROM_PAYPAL_SPOOF 0.001 0.658 0.001 0.658
score FROM_SUSPICIOUS_NTLD 0.499 0.500 0.499 0.500
score FROM_SUSPICIOUS_NTLD_FP 1.999 0.001 1.999 0.001
score FROM_WEBSITE 2.599 2.399 2.599 2.399
score FROM_WSP_TRAIL 2.131 2.299 2.131 2.299
score FSL_BULK_SIG 0.001 0.001 0.001 0.001
score FSL_CTYPE_WIN1251 0.001 0.001 0.001 0.001
score FSL_NEW_HELO_USER 0.001 0.001 0.001 0.001
score FUZZY_AMAZON 2.699 2.599 2.699 2.599
score FUZZY_BITCOIN 2.399 0.092 2.399 0.092
score FUZZY_BITCOIN 2.399 0.546 2.399 0.546
score GAPPY_SALES_LEADS_FREEM 1.000 1.000 1.000 1.000
score GB_FAKE_RF_SHORT 1.999 1.999 1.999 1.999
score GB_FORGED_MUA_POSTFIX 1.000 1.000 1.000 1.000
score GB_FREEMAIL_DISPTO 0.499 0.001 0.499 0.001
score GB_FREEMAIL_DISPTO_NOTFREEM 0.500 0.499 0.500 0.499
score GB_FREEMAIL_DISPTO 0.487 0.001 0.487 0.001
score GB_FREEMAIL_DISPTO_NOTFREEM 0.499 0.499 0.499 0.499
score GB_GOOGLE_OBFUR 0.750 0.750 0.750 0.750
score GB_GOOGLE_OBFUS 0.749 0.391 0.749 0.391
score GOOGLE_DOCS_PHISH 1.000 1.000 1.000 1.000
score GOOGLE_DOCS_PHISH_MANY 1.000 1.000 1.000 1.000
score GOOGLE_DOC_SUSP 2.999 2.999 2.999 2.999
score GOOGLE_DRIVE_REPLY_BAD_NTLD 1.000 1.000 1.000 1.000
score GOOG_MALWARE_DNLD 1.000 1.000 1.000 1.000
score GOOG_REDIR_NORDNS 2.601 2.211 2.601 2.211
score GOOG_STO_HTML_PHISH 2.391 2.999 2.391 2.999
score GOOG_STO_HTML_PHISH_MANY 3.695 1.000 3.695 1.000
score GOOG_STO_IMG_HTML 3.000 2.999 3.000 2.999
score GOOG_STO_IMG_NOHTML 2.499 2.499 2.499 2.499
score GOOG_REDIR_NORDNS 2.604 2.197 2.604 2.197
score GOOG_STO_HTML_PHISH 2.505 1.663 2.505 1.663
score GOOG_STO_HTML_PHISH_MANY 1.000 1.000 1.000 1.000
score GOOG_STO_IMG_HTML 2.999 2.999 2.999 2.999
score GOOG_STO_IMG_NOHTML 2.500 2.499 2.500 2.499
score GOOG_STO_NOIMG_HTML 2.999 2.999 2.999 2.999
score HAS_X_NO_RELAY 1.000 1.000 1.000 1.000
score HAS_X_OUTGOING_SPAM_STAT 2.151 2.562 2.151 2.562
score HDRS_LCASE 0.100 0.099 0.100 0.099
score HAS_X_OUTGOING_SPAM_STAT 2.610 2.594 2.610 2.594
score HDRS_LCASE 0.099 0.099 0.099 0.099
score HDRS_LCASE_IMGONLY 0.100 0.099 0.100 0.099
score HDRS_MISSP 2.447 1.939 2.447 1.939
score HDR_ORDER_FTSDMCXX_DIRECT 1.999 0.073 1.999 0.073
score HDR_ORDER_FTSDMCXX_NORDNS 0.001 0.001 0.001 0.001
score HEADER_FROM_DIFFERENT_DOMAINS 0.250 0.249 0.250 0.249
score HELO_MISC_IP 0.080 0.174 0.080 0.174
score HELO_NO_DOMAIN 0.001 0.001 0.001 0.001
score HDRS_MISSP 2.499 2.499 2.499 2.499
score HDR_ORDER_FTSDMCXX_DIRECT 1.999 1.999 1.999 1.999
score HDR_ORDER_FTSDMCXX_NORDNS 2.947 3.499 2.947 3.499
score HEADER_FROM_DIFFERENT_DOMAINS 0.250 0.250 0.250 0.250
score HELO_NO_DOMAIN 0.077 0.001 0.077 0.001
score HEXHASH_WORD 1.000 1.000 1.000 1.000
score HK_CTE_RAW 1.000 1.000 1.000 1.000
score HK_NAME_FM_MR_MRS 1.499 1.499 1.499 1.499
score HK_NAME_MR_MRS 0.999 0.999 0.999 0.999
score HK_NAME_FM_MR_MRS 0.749 0.001 0.749 0.001
score HK_NAME_MR_MRS 0.999 0.244 0.999 0.244
score HK_RANDOM_FROM 0.999 0.999 0.999 0.999
score HK_RANDOM_REPLYTO 0.001 0.001 0.001 0.001
score HK_RANDOM_REPLYTO 0.861 0.001 0.861 0.001
score HK_RCVD_IP_MULTICAST 1.000 1.000 1.000 1.000
score HK_SCAM 0.001 0.001 0.001 0.001
score HK_WIN 0.999 0.999 0.999 0.999
score HOSTED_IMG_DIRECT_MX 3.297 2.351 3.297 2.351
score HK_WIN 0.001 0.999 0.001 0.999
score HOSTED_IMG_DIRECT_MX 2.004 1.875 2.004 1.875
score HOSTED_IMG_DQ_UNSUB 1.000 1.000 1.000 1.000
score HOSTED_IMG_FREEM 3.499 3.437 3.499 3.437
score HOSTED_IMG_MULTI 1.552 1.755 1.552 1.755
score HOSTED_IMG_MULTI_PUB_01 1.200 2.196 1.200 2.196
score HTML_ENTITY_ASCII 2.999 2.948 2.999 2.948
score HOSTED_IMG_FREEM 3.499 3.499 3.499 3.499
score HOSTED_IMG_MULTI 1.804 2.864 1.804 2.864
score HOSTED_IMG_MULTI_PUB_01 2.600 2.999 2.600 2.999
score HTML_ENTITY_ASCII 1.000 1.000 1.000 1.000
score HTML_ENTITY_ASCII_TINY 1.000 1.000 1.000 1.000
score HTML_OFF_PAGE 2.999 2.999 2.999 2.999
score HTML_SHRT_CMNT_OBFU_MANY 0.849 1.220 0.849 1.220
score HTML_SINGLET_MANY 0.780 1.331 0.780 1.331
score HTML_SHRT_CMNT_OBFU_MANY 0.297 2.482 0.297 2.482
score HTML_SINGLET_MANY 2.129 2.499 2.129 2.499
score HTML_TEXT_INVISIBLE_FONT 1.999 1.999 1.999 1.999
score HTML_TEXT_INVISIBLE_STYLE 1.830 1.424 1.830 1.424
score IMG_ONLY_FM_DOM_INFO 0.001 0.712 0.001 0.712
score HTML_TEXT_INVISIBLE_STYLE 0.358 1.723 0.358 1.723
score IMG_ONLY_FM_DOM_INFO 0.001 2.447 0.001 2.447
score JH_SPAMMY_HEADERS 3.499 3.499 3.499 3.499
score JH_SPAMMY_PATTERN01 2.864 0.047 2.864 0.047
score JH_SPAMMY_PATTERN01 1.000 1.000 1.000 1.000
score JH_SPAMMY_PATTERN02 1.000 1.000 1.000 1.000
score KHOP_FAKE_EBAY 0.299 0.135 0.299 0.135
score KHOP_FAKE_EBAY 0.001 0.999 0.001 0.999
score KHOP_HELO_FCRDNS 0.400 0.399 0.400 0.399
score LIST_PRTL_PUMPDUMP 1.000 1.000 1.000 1.000
score LIST_PRTL_SAME_USER 0.001 0.697 0.001 0.697
score LONG_HEX_URI 2.844 1.887 2.844 1.887
score LONG_IMG_URI 1.688 1.178 1.688 1.178
score LONG_INVISIBLE_TEXT 0.588 1.326 0.588 1.326
score LIST_PRTL_SAME_USER 0.001 1.461 0.001 1.461
score LONG_HEX_URI 1.908 0.001 1.908 0.001
score LONG_IMG_URI 0.737 0.409 0.737 0.409
score LONG_INVISIBLE_TEXT 1.806 1.587 1.806 1.587
score LOTS_OF_MONEY 0.010 0.010 0.010 0.010
score LOTTO_AGENT 0.001 0.001 0.001 0.001
score LOTTO_AGENT 1.499 1.499 1.499 1.499
score LOTTO_DEPT 0.001 0.001 0.001 0.001
score LUCRATIVE 1.000 1.000 1.000 1.000
score MALFORMED_FREEMAIL 3.099 1.003 3.099 1.003
score MALFORMED_FREEMAIL 3.199 1.345 3.199 1.345
score MALF_HTML_B64 1.000 1.000 1.000 1.000
score MALWARE_NORDNS 0.001 1.263 0.001 1.263
score MALWARE_NORDNS 0.001 0.703 0.001 0.703
score MALWARE_PASSWORD 1.000 1.000 1.000 1.000
score MANY_HDRS_LCASE 0.100 0.100 0.100 0.100
score MANY_SPAN_IN_TEXT 2.399 2.299 2.399 2.299
score MAY_BE_FORGED 2.529 2.600 2.529 2.600
score MANY_SPAN_IN_TEXT 2.299 2.200 2.299 2.200
score MAY_BE_FORGED 2.390 2.699 2.390 2.699
score MILLION_HUNDRED 0.001 0.001 0.001 0.001
score MILLION_USD 0.001 0.001 0.001 0.001
score MIMEOLE_DIRECT_TO_MX 0.001 0.001 0.001 0.001
score MIME_NO_TEXT 1.000 1.000 1.000 1.000
score MIXED_AREA_CASE 0.727 0.910 0.727 0.910
score MIMEOLE_DIRECT_TO_MX 1.999 1.999 1.999 1.999
score MIME_NO_TEXT 1.999 1.999 1.999 1.999
score MIXED_AREA_CASE 1.065 2.437 1.065 2.437
score MIXED_CENTER_CASE 2.499 2.499 2.499 2.499
score MIXED_CTYPE_CASE 0.965 1.479 0.965 1.479
score MIXED_ES 2.399 2.299 2.399 2.299
score MIXED_FONT_CASE 2.499 2.499 2.499 2.499
score MIXED_CTYPE_CASE 0.426 2.634 0.426 2.634
score MIXED_ES 2.499 2.299 2.499 2.299
score MIXED_FONT_CASE 1.637 2.329 1.637 2.329
score MIXED_HREF_CASE 1.999 1.999 1.999 1.999
score MIXED_IMG_CASE 2.999 2.583 2.999 2.583
score MIXED_IMG_CASE 2.999 2.999 2.999 2.999
score MONERO_DEADLINE 1.000 1.000 1.000 1.000
score MONERO_EXTORT_01 1.000 1.000 1.000 1.000
score MONERO_MALWARE 1.000 1.000 1.000 1.000
@ -233,72 +230,71 @@ score MONERO_PAY_ME 1.000 1.000 1.000 1.000
score MONEY_ATM_CARD 0.001 0.001 0.001 0.001
score MONEY_FORM 0.001 0.001 0.001 0.001
score MONEY_FORM_SHORT 0.001 0.001 0.001 0.001
score MONEY_FRAUD_3 2.799 2.699 2.799 2.699
score MONEY_FRAUD_3 2.699 2.599 2.699 2.599
score MONEY_FRAUD_5 0.001 0.001 0.001 0.001
score MONEY_FRAUD_8 0.001 0.001 0.001 0.001
score MONEY_FREEMAIL_REPTO 2.993 1.640 2.993 1.640
score MONEY_FREEMAIL_REPTO 2.999 2.484 2.999 2.484
score MONEY_FROM_41 1.999 1.999 1.999 1.999
score MONEY_FROM_MISSP 0.001 0.001 0.001 0.001
score MONEY_NOHTML 1.246 0.590 1.246 0.590
score MONEY_NOHTML 2.499 2.401 2.499 2.401
score MSGID_DOLLARS_URI_IMG 1.000 1.000 1.000 1.000
score MSGID_HDR_MALF 2.359 3.499 2.359 3.499
score MSGID_NOFQDN1 0.498 0.001 0.498 0.001
score MSMAIL_PRI_ABNORMAL 0.517 0.671 0.517 0.671
score MSGID_HDR_MALF 3.035 3.499 3.035 3.499
score MSGID_NOFQDN1 0.050 0.364 0.050 0.364
score MSMAIL_PRI_ABNORMAL 0.618 1.263 0.618 1.263
score MSM_PRIO_REPTO 1.000 1.000 1.000 1.000
score NAME_EMAIL_DIFF 2.002 0.632 2.002 0.632
score NAME_EMAIL_DIFF 1.451 1.070 1.451 1.070
score NA_DOLLARS 1.499 1.499 1.499 1.499
score NEWEGG_IMG_NOT_RCVD_NEGG 1.000 1.000 1.000 1.000
score NICE_REPLY_A -0.001 -0.001 -0.001 -0.001
score NORDNS_LOW_CONTRAST 1.784 2.301 1.784 2.301
score NICE_REPLY_A -0.243 -0.001 -0.243 -0.001
score NORDNS_LOW_CONTRAST 1.886 2.313 1.886 2.313
score NO_FM_NAME_IP_HOSTN 0.001 0.001 0.001 0.001
score NSL_RCVD_FROM_USER 0.001 0.001 0.001 0.001
score NSL_RCVD_HELO_USER 0.001 0.001 0.001 0.001
score NUMBEREND_LINKBAIT 0.582 0.001 0.582 0.001
score OBFU_BITCOIN 0.001 0.001 0.001 0.001
score OBFU_UNSUB_UL 2.400 2.199 2.400 2.199
score ODD_FREEM_REPTO 2.999 2.670 2.999 2.670
score OFFER_ONLY_AMERICA 1.310 1.999 1.310 1.999
score ONLINE_MKTG_CNSLT 2.599 0.001 2.599 0.001
score ORDER_TODAY 2.499 0.429 2.499 0.429
score PDS_BAD_THREAD_QP_64 1.000 0.999 1.000 0.999
score PDS_BTC_ID 0.500 0.499 0.500 0.499
score PDS_BTC_MSGID 0.001 0.001 0.001 0.001
score PDS_DBL_URL_TNB_RUNON 0.900 0.554 0.900 0.554
score PDS_EMPTYSUBJ_URISHRT 0.302 0.001 0.302 0.001
score PDS_FRNOM_TODOM_DBL_URL 1.499 1.499 1.499 1.499
score NUMBEREND_LINKBAIT 0.471 0.519 0.471 0.519
score OBFU_BITCOIN 0.008 0.062 0.008 0.062
score OBFU_UNSUB_UL 2.299 2.199 2.299 2.199
score ODD_FREEM_REPTO 2.999 2.864 2.999 2.864
score OFFER_ONLY_AMERICA 1.999 1.579 1.999 1.579
score ORDER_TODAY 2.397 2.499 2.397 2.499
score PDS_BAD_THREAD_QP_64 0.999 1.000 0.999 1.000
score PDS_BTC_ID 0.499 0.499 0.499 0.499
score PDS_BTC_MSGID 0.003 0.999 0.003 0.999
score PDS_DBL_URL_TNB_RUNON 1.305 0.001 1.305 0.001
score PDS_EMPTYSUBJ_URISHRT 0.001 0.032 0.001 0.032
score PDS_FRNOM_TODOM_DBL_URL 1.499 0.338 1.499 0.338
score PDS_FRNOM_TODOM_NAKED_TO 1.499 1.499 1.499 1.499
score PDS_FROM_2_EMAILS 1.635 2.648 1.635 2.648
score PDS_FROM_2_EMAILS_SHRTNER 0.396 1.499 0.396 1.499
score PDS_FROM_2_EMAILS 1.681 1.776 1.681 1.776
score PDS_FROM_2_EMAILS_SHRTNER 0.001 0.946 0.001 0.946
score PDS_FROM_NAME_TO_DOMAIN 1.999 1.999 1.999 1.999
score PDS_HELO_SPF_FAIL 0.001 1.000 0.001 1.000
score PDS_NO_FULL_NAME_SPOOFED_URL 0.284 0.344 0.284 0.344
score PDS_NAKED_TO_NUMERO 1.999 0.345 1.999 0.345
score PDS_NO_FULL_NAME_SPOOFED_URL 0.121 0.344 0.121 0.344
score PDS_OTHER_BAD_TLD 1.999 1.999 1.999 1.999
score PDS_SHORTFWD_URISHRT_QP 1.499 1.079 1.499 1.079
score PDS_SHORT_SPOOFED_URL 0.989 1.999 0.989 1.999
score PDS_TINYSUBJ_URISHRT 1.499 0.001 1.499 0.001
score PDS_SHORTFWD_URISHRT_FP 1.500 1.499 1.500 1.499
score PDS_SHORT_SPOOFED_URL 1.149 1.999 1.149 1.999
score PDS_TINYSUBJ_URISHRT 1.395 0.655 1.395 0.655
score PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE 1.999 1.999 1.999 1.999
score PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE 1.999 1.999 1.999 1.999
score PDS_TONAME_EQ_TOLOCAL_SHORT 2.000 1.999 2.000 1.999
score PDS_TONAME_EQ_TOLOCAL_VSHORT 0.999 1.000 0.999 1.000
score PDS_TO_EQ_FROM_NAME 3.199 2.385 3.199 2.385
score PDS_URISHRT_LOCALPART_SUBJ 0.999 0.790 0.999 0.790
score PDS_TONAME_EQ_TOLOCAL_SHORT 1.999 1.999 1.999 1.999
score PDS_TONAME_EQ_TOLOCAL_VSHORT 0.999 0.999 0.999 0.999
score PDS_TO_EQ_FROM_NAME 3.099 2.390 3.099 2.390
score PHISH_AZURE_CLOUDAPP 3.500 3.500 3.500 3.500
score PHISH_FBASEAPP 0.965 1.000 0.965 1.000
score PHOTO_EDITING_DIRECT 2.999 1.290 2.999 1.290
score PHISH_FBASEAPP 1.000 1.000 1.000 1.000
score PHOTO_EDITING_DIRECT 1.000 1.000 1.000 1.000
score PHOTO_EDITING_FREEM 1.000 1.000 1.000 1.000
score PHP_NOVER_MUA 1.000 1.000 1.000 1.000
score PHP_ORIG_SCRIPT 0.001 0.001 0.001 0.001
score PHP_SCRIPT 2.499 2.500 2.499 2.500
score PHP_ORIG_SCRIPT 0.305 0.001 0.305 0.001
score PHP_SCRIPT 2.381 2.499 2.381 2.499
score PHP_SCRIPT_MUA 1.000 1.000 1.000 1.000
score PP_MIME_FAKE_ASCII_TEXT 1.000 0.233 1.000 0.233
score PP_MIME_FAKE_ASCII_TEXT 0.999 0.195 0.999 0.195
score PP_TOO_MUCH_UNICODE02 0.500 0.500 0.500 0.500
score PP_TOO_MUCH_UNICODE05 1.000 1.000 1.000 1.000
score PUMPDUMP 1.000 1.000 1.000 1.000
score PUMPDUMP_MULTI 1.000 1.000 1.000 1.000
score RAND_HEADER_LIST_SPOOF 2.999 2.999 2.999 2.999
score RAND_HEADER_LIST_SPOOF 3.000 3.000 3.000 3.000
score RAND_HEADER_MANY 1.000 1.000 1.000 1.000
score RAND_MKTG_HEADER 1.999 1.999 1.999 1.999
score RATWARE_NO_RDNS 2.136 1.961 2.136 1.961
score RAND_MKTG_HEADER 2.000 1.999 2.000 1.999
score RATWARE_NO_RDNS 0.866 1.744 0.866 1.744
score RCVD_DOTEDU_SHORT 1.000 1.000 1.000 1.000
score RCVD_DOTEDU_SUSP_URI 2.999 2.999 2.999 2.999
score RCVD_IN_MSPIKE_BL 0.001 0.001 0.001 0.001
@ -312,113 +308,116 @@ score RCVD_IN_MSPIKE_L4 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_L5 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_WL 0.001 0.001 0.001 0.001
score RCVD_IN_MSPIKE_ZBI 0.001 0.001 0.001 0.001
score RCVD_IN_RP_CERTIFIED 0.001 0.001 0.001 0.001
score RCVD_IN_RP_RNBL 0.001 0.001 0.001 0.001
score RCVD_IN_RP_SAFE 0.001 0.001 0.001 0.001
score RDNS_NUM_TLD_ATCHNX 1.000 1.000 1.000 1.000
score RDNS_NUM_TLD_XM 2.075 0.640 2.075 0.640
score READY_TO_SHIP 0.657 0.575 0.657 0.575
score REPTO_419_FRAUD 2.999 2.139 2.999 2.139
score RDNS_NUM_TLD_XM 1.697 2.236 1.697 2.236
score READY_TO_SHIP 0.940 0.914 0.940 0.914
score REPTO_419_FRAUD 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_AOL 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_AOL_LOOSE 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_CNS 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_GM 2.999 2.999 2.999 2.999
score REPTO_419_FRAUD_GM_LOOSE 0.999 1.000 0.999 1.000
score REPTO_419_FRAUD_GM 2.999 2.700 2.999 2.700
score REPTO_419_FRAUD_GM_LOOSE 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_HM 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_OL 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_PM 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_QQ 2.999 2.999 2.999 2.999
score REPTO_419_FRAUD_QQ 2.999 2.299 2.999 2.299
score REPTO_419_FRAUD_YH 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_YH_LOOSE 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_YJ 0.001 0.001 0.001 0.001
score REPTO_419_FRAUD_YJ 1.000 1.000 1.000 1.000
score REPTO_419_FRAUD_YN 1.000 1.000 1.000 1.000
score RISK_FREE 3.199 3.100 3.199 3.100
score SENDGRID_REDIR 1.499 1.499 1.499 1.499
score RISK_FREE 2.899 2.699 2.899 2.699
score SENDGRID_REDIR 1.499 1.333 1.499 1.333
score SENDGRID_REDIR_PHISH 1.000 1.000 1.000 1.000
score SEO_SUSP_NTLD 1.199 1.000 1.199 1.000
score SERGIO_SUBJECT_VIAGRA01 3.398 4.099 3.398 4.099
score SHOPIFY_IMG_NOT_RCVD_SFY 2.499 2.500 2.499 2.500
score SEO_SUSP_NTLD 1.000 1.000 1.000 1.000
score SERGIO_SUBJECT_VIAGRA01 3.524 4.099 3.524 4.099
score SHOPIFY_IMG_NOT_RCVD_SFY 2.500 2.499 2.500 2.499
score SHORTENER_SHORT_IMG 1.000 1.000 1.000 1.000
score SHORTENER_SHORT_SUBJ 2.999 2.706 2.999 2.706
score SHORT_IMG_SUSP_NTLD 0.001 0.001 0.001 0.001
score SHORT_SHORTNER 1.999 1.999 1.999 1.999
score SHORTENER_SHORT_SUBJ 2.999 2.049 2.999 2.049
score SHORT_IMG_SUSP_NTLD 0.001 1.000 0.001 1.000
score SHORT_SHORTNER 1.999 0.695 1.999 0.695
score SINGLETS_LOW_CONTRAST 0.001 0.001 0.001 0.001
score SPOOFED_FREEMAIL 0.001 1.564 0.001 1.564
score SPOOFED_FREEMAIL_NO_RDNS 1.500 0.332 1.500 0.332
score SPOOFED_FREEM_REPTO 0.001 2.433 0.001 2.433
score SPOOFED_FREEMAIL 0.001 1.983 0.001 1.983
score SPOOFED_FREEMAIL_NO_RDNS 1.499 0.001 1.499 0.001
score SPOOFED_FREEM_REPTO 0.001 2.013 0.001 2.013
score SPOOFED_FREEM_REPTO_CHN 0.001 1.000 0.001 1.000
score SPOOFED_FREEM_REPTO_RUS 0.001 1.000 0.001 1.000
score SPOOF_GMAIL_MID 1.499 0.001 1.499 0.001
score STATIC_XPRIO_OLE 0.001 0.001 0.001 0.001
score STOCK_LOW_CONTRAST 1.127 0.001 1.127 0.001
score STATIC_XPRIO_OLE 1.999 1.999 1.999 1.999
score STOCK_LOW_CONTRAST 1.113 2.499 1.113 2.499
score STOCK_TIP 1.000 1.000 1.000 1.000
score SURBL_BLOCKED 0.001 0.001 0.001 0.001
score SYSADMIN 1.000 1.000 1.000 1.000
score THIS_AD 1.100 1.099 1.100 1.099
score THIS_IS_ADV_SUSP_NTLD 0.001 0.001 0.001 0.001
score THIS_AD 1.199 0.516 1.199 0.516
score THIS_IS_ADV_SUSP_NTLD 0.568 0.001 0.568 0.001
score THREAD_INDEX_HEX 2.157 0.995 2.157 0.995
score TONLINE_FAKE_DKIM 1.000 1.000 1.000 1.000
score TONOM_EQ_TOLOC_SHRT_SHRTNER 1.499 1.499 1.499 1.499
score TONOM_EQ_TOLOC_SHRT_SHRTNER 1.499 1.500 1.499 1.500
score TO_EQ_FM_DIRECT_MX 0.001 0.001 0.001 0.001
score TO_EQ_FM_DOM_HTML_IMG 0.001 0.899 0.001 0.899
score TO_EQ_FM_DOM_HTML_ONLY 1.999 0.688 1.999 0.688
score TO_EQ_FM_DOM_HTML_IMG 0.001 0.001 0.001 0.001
score TO_EQ_FM_DOM_HTML_ONLY 1.799 0.861 1.799 0.861
score TO_EQ_FM_DOM_SPF_FAIL 0.001 0.001 0.001 0.001
score TO_EQ_FM_HTML_ONLY 1.299 1.299 1.299 1.299
score TO_EQ_FM_HTML_ONLY 0.065 1.299 0.065 1.299
score TO_EQ_FM_SPF_FAIL 0.001 0.001 0.001 0.001
score TO_IN_SUBJ 0.100 0.100 0.100 0.100
score TO_NAME_SUBJ_NO_RDNS 2.497 2.238 2.497 2.238
score TO_NO_BRKTS_FROM_MSSP 2.499 0.001 2.499 0.001
score TO_IN_SUBJ 0.099 0.099 0.099 0.099
score TO_NAME_SUBJ_NO_RDNS 1.884 2.215 1.884 2.215
score TO_NO_BRKTS_FROM_MSSP 2.012 0.881 2.012 0.881
score TO_NO_BRKTS_HTML_IMG 1.999 1.999 1.999 1.999
score TO_NO_BRKTS_HTML_ONLY 1.999 1.999 1.999 1.999
score TO_NO_BRKTS_MSFT 0.001 0.001 0.001 0.001
score TO_NO_BRKTS_NORDNS_HTML 1.999 1.999 1.999 1.999
score TO_NO_BRKTS_HTML_ONLY 2.000 1.999 2.000 1.999
score TO_NO_BRKTS_MSFT 2.318 0.214 2.318 0.214
score TO_NO_BRKTS_NORDNS_HTML 1.999 1.118 1.999 1.118
score TO_NO_BRKTS_PCNT 2.499 2.499 2.499 2.499
score TRANSFORM_LIFE 2.500 2.499 2.500 2.499
score TVD_IP_HEX 1.652 2.992 1.652 2.992
score TVD_IP_SING_HEX 0.082 1.325 0.082 1.325
score TVD_RCVD_SPACE_BRACKET 2.699 0.869 2.699 0.869
score TVD_SPACE_ENCODED 2.499 0.618 2.499 0.618
score TVD_SPACE_RATIO_MINFP 2.500 2.499 2.500 2.499
score TVD_IP_HEX 2.699 0.604 2.699 0.604
score TVD_IP_SING_HEX 0.410 1.891 0.410 1.891
score TVD_RCVD_SPACE_BRACKET 2.699 1.777 2.699 1.777
score TVD_SPACE_ENCODED 2.499 2.499 2.499 2.499
score TVD_SPACE_RATIO_MINFP 2.058 1.440 2.058 1.440
score TW_GIBBERISH_MANY 1.000 1.000 1.000 1.000
score UC_GIBBERISH_OBFU 1.000 1.000 1.000 1.000
score UNDISC_FREEM 3.099 2.999 3.099 2.999
score UNDISC_MONEY 3.299 3.199 3.299 3.199
score UNDISC_FREEM 2.999 2.800 2.999 2.800
score UNDISC_MONEY 3.400 1.787 3.400 1.787
score UNICODE_OBFU_ASC 1.000 1.000 1.000 1.000
score UNICODE_OBFU_ZW 1.000 1.000 1.000 1.000
score UPGRADE_MAILBOX 1.099 0.001 1.099 0.001
score UPGRADE_MAILBOX 1.099 1.399 1.099 1.399
score URI_ADOBESPARK 1.000 1.000 1.000 1.000
score URI_AZURE_CLOUDAPP 1.000 1.000 1.000 1.000
score URI_DASHGOVEDU 1.000 1.000 1.000 1.000
score URI_DATA 1.000 1.000 1.000 1.000
score URI_DOTDOT_LOW_CNTRST 1.369 2.054 1.369 2.054
score URI_DOTEDU 1.316 1.074 1.316 1.074
score URI_DOTDOT_LOW_CNTRST 2.499 1.790 2.499 1.790
score URI_DOTEDU 1.981 1.999 1.981 1.999
score URI_DOTEDU_ENTITY 1.000 1.000 1.000 1.000
score URI_FIREBASEAPP 2.999 2.999 2.999 2.999
score URI_GOOGLE_PROXY 2.999 1.611 2.999 1.611
score URI_GOOG_STO_SPAMMY 1.434 0.001 1.434 0.001
score URI_HEX_IP 2.104 1.669 2.104 1.669
score URI_GOOGLE_PROXY 3.099 1.631 3.099 1.631
score URI_GOOG_STO_SPAMMY 2.582 2.618 2.582 2.618
score URI_HEX_IP 0.387 2.435 0.387 2.435
score URI_IMG_WP_REDIR 1.000 1.000 1.000 1.000
score URI_LONG_REPEAT 2.104 1.055 2.104 1.055
score URI_ONLY_MSGID_MALF 1.676 1.999 1.676 1.999
score URI_LONG_REPEAT 1.000 1.000 1.000 1.000
score URI_ONLY_MSGID_MALF 1.999 1.607 1.999 1.607
score URI_OPTOUT_3LD 1.000 1.000 1.000 1.000
score URI_PHISH 3.999 0.844 3.999 0.844
score URI_PHISH 3.999 2.397 3.999 2.397
score URI_PHP_REDIR 3.499 3.499 3.499 3.499
score URI_TRY_3LD 1.936 1.999 1.936 1.999
score URI_WPADMIN 2.899 2.699 2.899 2.699
score URI_WP_DIRINDEX 2.300 2.299 2.300 2.299
score URI_WP_HACKED 3.499 3.499 3.499 3.499
score URI_TRY_3LD 1.999 1.999 1.999 1.999
score URI_TRY_USME 1.000 1.000 1.000 1.000
score URI_WPADMIN 3.299 3.099 3.299 3.099
score URI_WP_DIRINDEX 3.499 0.061 3.499 0.061
score URI_WP_HACKED 3.499 1.329 3.499 1.329
score URI_WP_HACKED_2 2.499 2.499 2.499 2.499
score USB_DRIVES 1.000 1.000 1.000 1.000
score VFY_ACCT_NORDNS 2.500 2.904 2.500 2.904
score VFY_ACCT_NORDNS 0.602 2.913 0.602 2.913
score VPS_NO_NTLD 1.000 1.000 1.000 1.000
score WALMART_IMG_NOT_RCVD_WAL 1.000 1.000 1.000 1.000
score WANT_TO_ORDER 1.499 1.435 1.499 1.435
score WIKI_IMG 3.099 2.999 3.099 2.999
score WANT_TO_ORDER 2.499 2.499 2.499 2.499
score WIKI_IMG 3.199 2.561 3.199 2.561
score WORD_INVIS 1.000 1.000 1.000 1.000
score WORD_INVIS_MANY 1.000 2.898 1.000 2.898
score XFER_LOTSA_MONEY 0.999 0.543 0.999 0.543
score XM_DIGITS_ONLY 2.202 2.411 2.202 2.411
score XM_LIGHT_HEAVY 0.001 0.101 0.001 0.101
score XM_RANDOM 2.551 2.999 2.551 2.999
score XM_RECPTID 3.000 1.994 3.000 1.994
score XPRIO 0.690 1.000 0.690 1.000
score WORD_INVIS_MANY 1.000 1.000 1.000 1.000
score XFER_LOTSA_MONEY 0.244 0.001 0.244 0.001
score XM_DIGITS_ONLY 2.643 1.403 2.643 1.403
score XM_RANDOM 2.999 2.999 2.999 2.999
score XM_RECPTID 2.999 2.999 2.999 2.999
score XPRIO 0.001 1.000 0.001 1.000
score XPRIO_SHORT_SUBJ 1.000 1.000 1.000 1.000
score XPRIO_URL_SHORTNER 0.999 0.741 0.999 0.741
score YOUR_DELIVERY_ADDRESS 1.499 0.001 1.499 0.001
score YOU_INHERIT 2.799 2.499 2.799 2.499
score XPRIO_URL_SHORTNER 0.567 0.545 0.567 0.545
score YOUR_DELIVERY_ADDRESS 0.695 0.823 0.695 0.823
score YOU_INHERIT 2.399 2.200 2.399 2.200

3
sa-updates/73_sandbox_manual_scores.cf
View File

@ -22,7 +22,7 @@
#
###########################################################################
require_version 3.004005
require_version 3.004006
# jhardin
# things depend on these
@ -41,6 +41,7 @@ score FILL_THIS_FORM 0.001
#score ADVANCE_FEE_3_NEW_FORM 1.00
#score ADVANCE_FEE_4_NEW 1.00
#score ADVANCE_FEE_5_NEW 1.50
score ADVANCE_FEE_5_NEW_MONEY 3.00
# jhardin
# metas using Advance Fee component rules