| # Using score set 1 logs for revision 1881840 from: |
| # ham-net-axb-coi-bulk.r1881840.log ham-net-axb-generic.r1881840.log ham-net-axb-ham-misc.r1881840.log ham-net-darxus.r1881840.log ham-net-ena-week0.r1881840.log ham-net-ena-week1.r1881840.log ham-net-ena-week2.r1881840.log ham-net-ena-week3.r1881840.log ham-net-ena-week4.r1881840.log ham-net-giovanni-ham.r1881840.log ham-net-giovanni-spammy.r1881840.log ham-net-giovanni-spam.r1881840.log ham-net-grenier.r1881840.log ham-net-jbrooks.r1881840.log ham-net-mmiroslaw-mails-ham.r1881840.log ham-net-mmiroslaw-mails-spam.r1881840.log ham-net-npiazzi.r1881840.log ham-net-pds.r1881840.log ham-net-sihde.r1881840.log ham-net-spamsponge.r1881840.log ham-net-thendrikx.r1881840.log spam-net-axb-coi-bulk.r1881840.log spam-net-axb-generic.r1881840.log spam-net-axb-ham-misc.r1881840.log spam-net-darxus.r1881840.log spam-net-ena-week0.r1881840.log spam-net-ena-week1.r1881840.log spam-net-ena-week2.r1881840.log spam-net-ena-week3.r1881840.log spam-net-ena-week4.r1881840.log spam-net-giovanni-ham.r1881840.log spam-net-giovanni-spammy.r1881840.log spam-net-giovanni-spam.r1881840.log spam-net-grenier.r1881840.log spam-net-jbrooks.r1881840.log spam-net-mmiroslaw-mails-ham.r1881840.log spam-net-mmiroslaw-mails-spam.r1881840.log spam-net-npiazzi.r1881840.log spam-net-pds.r1881840.log spam-net-sihde.r1881840.log spam-net-spamsponge.r1881840.log spam-net-thendrikx.r1881840.log |
| |
| score AC_BR_BONANZA 0.001 |
| score AC_DIV_BONANZA 0.001 |
| score AC_FROM_MANY_DOTS 0.866 |
| score AC_HTML_NONSENSE_TAGS 1.999 |
| score AC_POST_EXTRAS 0.001 |
| score ADMITS_SPAM 0.001 |
| score ADVANCE_FEE_2_NEW_MONEY 1.999 |
| score ADVANCE_FEE_3_NEW 3.499 |
| score ADVANCE_FEE_3_NEW_MONEY 0.001 # force non-zero |
| score ADVANCE_FEE_4_NEW_MONEY 1.146 |
| score ADVANCE_FEE_5_NEW 2.699 |
| score AMAZON_IMG_NOT_RCVD_AMZN 2.499 |
| score AXB_XMAILER_MIMEOLE_OL_024C2 0.001 |
| score BITCOIN_DEADLINE 2.760 |
| score BITCOIN_EXTORT_01 4.357 |
| score BITCOIN_MALF_HTML 3.499 |
| score BITCOIN_SPAM_02 2.100 |
| score BITCOIN_SPAM_04 1.498 |
| score BITCOIN_SPAM_05 2.455 |
| score BITCOIN_SPAM_07 3.499 |
| score BITCOIN_XPRIO 1.258 |
| score BITCOIN_YOUR_INFO 0.462 |
| score BODY_URI_ONLY 0.001 |
| score BOGUS_MIME_VERSION 3.499 |
| score CK_HELO_DYNAMIC_SPLIT_IP 1.498 |
| score CK_HELO_GENERIC 0.249 |
| score CTE_8BIT_MISMATCH 0.999 |
| score CTYPE_NULL 2.499 |
| score DKIMWL_BL 2.999 |
| score DKIMWL_WL_HIGH -1.455 |
| score DKIMWL_WL_MED -0.001 |
| score DOTGOV_IMAGE 2.999 |
| score DSN_NO_MIMEVERSION 1.999 |
| score DX_TEXT_03 0.299 |
| score END_FUTURE_EMAILS 1.039 |
| score FILL_THIS_FORM 0.001 |
| score FONT_INVIS_DIRECT 0.001 # force non-zero |
| score FONT_INVIS_DOTGOV 0.001 |
| score FONT_INVIS_LONG_LINE 1.564 |
| score FONT_INVIS_MSGID 0.001 |
| score FONT_INVIS_POSTEXTRAS 2.411 |
| score FORGED_RELAY_MUA_TO_MX 3.670 |
| score FORGED_SPF_HELO 1.498 |
| score FORM_FRAUD 0.998 |
| score FORM_FRAUD_5 2.699 |
| score FOUND_YOU 3.249 |
| score FREEMAIL_FORGED_FROMDOMAIN 0.248 |
| score FROM_2_EMAILS_SHORT 1.999 |
| score FROM_ADDR_WS 2.745 |
| score FROM_FMBLA_NEWDOM 1.499 |
| score FROM_FMBLA_NEWDOM14 0.998 |
| score FROM_FMBLA_NEWDOM28 0.649 |
| score FROM_GOV_DKIM_AU -0.998 |
| score FROM_GOV_SPOOF 0.999 |
| score FROM_MISSPACED 0.001 |
| score FROM_MISSP_DYNIP 2.599 |
| score FROM_MISSP_EH_MATCH 0.001 |
| score FROM_MISSP_FREEMAIL 2.347 |
| score FROM_MISSP_MSFT 0.001 |
| score FROM_MISSP_REPLYTO 0.001 |
| score FROM_MISSP_SPF_FAIL 1.999 |
| score FROM_MISSP_TO_UNDISC 1.229 |
| score FROM_MISSP_USER 0.001 |
| score FROM_MISSP_XPRIO 0.001 # force non-zero |
| score FROM_NAME_EQ_TO_G_DRIVE 1.430 |
| score FROM_NTLD_REPLY_FREEMAIL 1.999 |
| score FROM_SUSPICIOUS_NTLD 0.499 |
| score FROM_SUSPICIOUS_NTLD_FP 1.997 |
| score FROM_UNBAL1 2.406 |
| score FROM_URI 1.346 |
| score FROM_WORDY 2.499 |
| score FROM_WWW 2.399 |
| score FSL_BULK_SIG 0.001 # force non-zero |
| score FSL_CTYPE_WIN1251 0.001 |
| score FSL_NEW_HELO_USER 0.001 |
| score FSL_THIS_IS_ADV 0.001 |
| score FUZZY_WALLET 2.199 |
| score GB_BITCOIN_CP 0.403 |
| score GB_FREEMAIL_DISPTO 0.001 |
| score GB_GOOGLE_OBFUS 0.749 |
| score HDRS_LCASE 0.100 |
| score HDRS_LCASE_IMGONLY 0.099 |
| score HDR_ORDER_FTSDMCXX_DIRECT 0.811 |
| score HDR_ORDER_FTSDMCXX_NORDNS 2.898 |
| score HEADER_FROM_DIFFERENT_DOMAINS 0.249 |
| score HELO_MISC_IP 0.053 |
| score HELO_NO_DOMAIN 0.001 |
| score HK_RANDOM_FROM 0.001 |
| score HK_RANDOM_REPLYTO 0.998 |
| score HK_SCAM 0.001 |
| score HOSTED_IMG_DIRECT_MX 1.558 |
| score HTML_OFF_PAGE 0.001 |
| score HTML_SINGLET_MANY 0.001 |
| score HTML_TEXT_INVISIBLE_FONT 2.003 |
| score HTML_TEXT_INVISIBLE_STYLE 2.533 |
| score IMG_ONLY_FM_DOM_INFO 2.442 |
| score KB_FORGED_MOZ4 4.499 |
| score KHOP_FAKE_EBAY 0.119 |
| score KHOP_HELO_FCRDNS 0.399 |
| score LH_URI_DOM_IN_PATH 0.001 |
| score LIST_PRTL_SAME_USER 0.791 |
| score LONG_HEX_URI 0.001 |
| score LONG_IMG_URI 0.001 |
| score LONG_INVISIBLE_TEXT 1.848 |
| score LOTS_OF_MONEY 0.010 |
| score MANY_SPAN_IN_TEXT 1.435 |
| score MILLION_HUNDRED 0.001 |
| score MIMEOLE_DIRECT_TO_MX 0.001 |
| score MIME_NO_TEXT 0.001 |
| score MIXED_ES 2.497 |
| score MONEY_FORM_SHORT 0.001 |
| score MONEY_FRAUD_3 1.907 |
| score MONEY_FRAUD_5 1.534 |
| score MONEY_FRAUD_8 0.001 |
| score MONEY_FROM_MISSP 0.001 |
| score MSM_PRIO_REPTO 2.499 |
| score NICE_REPLY_A -0.001 |
| score NORDNS_LOW_CONTRAST 0.910 |
| score NO_FM_NAME_IP_HOSTN 0.001 |
| score NSL_RCVD_FROM_USER 0.001 |
| score NSL_RCVD_HELO_USER 0.174 |
| score PDS_BTC_ID 0.499 |
| score PDS_BTC_MSGID 0.011 |
| score PDS_EMPTYSUBJ_URISHRT 0.001 |
| score PDS_FREEMAIL_REPLYTO_URISHRT 1.499 |
| score PDS_FRNOM_TODOM_NAKED_TO 1.499 |
| score PDS_FROM_2_EMAILS 1.499 |
| score PDS_FROM_NAME_TO_DOMAIN 1.000 |
| score PDS_NAKED_TO_NUMERO 1.999 |
| score PDS_SHORTFWD_URISHRT 1.499 |
| score PDS_TINYSUBJ_URISHRT 0.592 |
| score PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE 0.972 |
| score PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE 1.999 |
| score PDS_TONAME_EQ_TOLOCAL_VSHORT 0.999 |
| score PDS_TO_EQ_FROM_NAME 3.399 |
| score PHP_ORIG_SCRIPT 2.499 |
| score PP_MIME_FAKE_ASCII_TEXT 0.001 |
| score RATWARE_NO_RDNS 1.627 |
| score RCVD_DOTEDU_SHORT 2.401 |
| score RCVD_DOTEDU_SUSP_URI 0.001 |
| score RCVD_IN_MSPIKE_H2 -0.001 |
| score RDNS_NUM_TLD_XM 0.352 |
| score RISK_FREE 2.699 |
| score SENDGRID_REDIR 1.498 |
| score SENDGRID_REDIR_PHISH 3.393 |
| score SERGIO_SUBJECT_VIAGRA01 3.599 |
| score SHORTENED_URL_SRC 2.699 |
| score SHORTENER_SHORT_IMG 1.728 |
| score SHORT_BODY_G_DRIVE_DYN 0.001 |
| score SHORT_SHORTNER 1.997 |
| score SHORT_URL 0.440 |
| score SINGLETS_LOW_CONTRAST 0.001 |
| score SPOOFED_FREEMAIL 1.997 |
| score SPOOFED_FREEMAIL_NO_RDNS 0.001 # force non-zero |
| score SPOOFED_FREEM_REPTO 0.694 |
| score SPOOFED_FREEM_REPTO_CHN 0.660 |
| score STATIC_XPRIO_OLE 1.999 |
| score STOCK_LOW_CONTRAST 0.001 |
| score STOX_BOUND_090909_B 2.299 |
| score SUBJ_OBFU_PUNCT_FEW 0.008 |
| score SUBJ_OBFU_PUNCT_MANY 0.001 |
| score SUSP_UTF8_WORD_COMBO 2.999 |
| score SUSP_UTF8_WORD_FROM 1.999 |
| score SUSP_UTF8_WORD_SUBJ 1.999 |
| score THIS_AD 0.899 |
| score THIS_IS_ADV_SUSP_NTLD 0.001 |
| score TONOM_EQ_TOLOC_SHRT_SHRTNER 0.558 |
| score TO_EQ_FM_DOM_HTML_IMG 0.600 |
| score TO_EQ_FM_DOM_HTML_ONLY 1.899 |
| score TO_EQ_FM_DOM_SPF_FAIL 0.001 |
| score TO_EQ_FM_HTML_ONLY 0.332 |
| score TO_EQ_FM_SPF_FAIL 0.001 |
| score TO_IN_SUBJ 0.099 |
| score TO_NO_BRKTS_FROM_MSSP 2.097 |
| score TO_NO_BRKTS_HTML_IMG 1.787 |
| score TO_NO_BRKTS_HTML_ONLY 1.999 |
| score TO_NO_BRKTS_MSFT 0.001 |
| score TO_NO_BRKTS_NORDNS_HTML 1.997 |
| score TVD_RCVD_SPACE_BRACKET 4.499 |
| score TVD_SPACE_ENCODED 1.779 |
| score TVD_SPACE_RATIO_MINFP 0.001 |
| score UNICODE_OBFU_ASC 2.499 |
| score UPGRADE_MAILBOX 0.274 |
| score URI_DOTEDU 0.001 |
| score URI_DOTEDU_ENTITY 2.999 |
| score URI_DOTEDU_LONG 0.001 # force non-zero |
| score URI_GOOGLE_PROXY 0.132 |
| score URI_IMG_WP_REDIR 2.999 |
| score URI_IN_URI_10 2.492 |
| score URI_IN_URI_5 2.542 |
| score URI_ONLY_MSGID_MALF 1.081 |
| score URI_PHISH 3.999 |
| score URI_PHP_REDIR 3.496 |
| score URI_TRY_3LD 1.997 |
| score URI_WPADMIN 2.399 |
| score URI_WP_DIRINDEX 3.499 |
| score URI_WP_HACKED 3.499 |
| score URI_WP_HACKED_2 2.497 |
| score XPRIO_SHORT_SUBJ 1.428 |
| score AC_SPAMMY_URI_PATTERNS1 1.000 |
| score AC_SPAMMY_URI_PATTERNS10 1.000 |
| score AC_SPAMMY_URI_PATTERNS11 1.000 |
| score AC_SPAMMY_URI_PATTERNS12 1.000 |
| score AC_SPAMMY_URI_PATTERNS2 1.000 |
| score AC_SPAMMY_URI_PATTERNS3 1.000 |
| score AC_SPAMMY_URI_PATTERNS4 1.000 |
| score AC_SPAMMY_URI_PATTERNS8 1.000 |
| score AC_SPAMMY_URI_PATTERNS9 1.000 |
| score ADVANCE_FEE_2_NEW_FORM 1.000 |
| score AD_PREFS 0.250 |
| score ALIBABA_IMG_NOT_RCVD_ALI 1.000 |
| score APP_DEVELOPMENT_FREEM 1.000 |
| score APP_DEVELOPMENT_NORDNS 1.000 |
| score BITCOIN_BOMB 1.000 |
| score BITCOIN_EXTORT_02 1.000 |
| score BITCOIN_MALWARE 1.000 |
| score BITCOIN_PAY_ME 1.000 |
| score BITCOIN_SPAM_01 1.000 |
| score BITCOIN_SPAM_03 1.000 |
| score BITCOIN_SPAM_06 1.000 |
| score BITCOIN_SPAM_08 1.000 |
| score BITCOIN_SPAM_09 1.000 |
| score BITCOIN_SPAM_10 1.000 |
| score BITCOIN_SPAM_11 1.000 |
| score BITCOIN_SPAM_12 1.000 |
| score BITCOIN_SPF_ONLYALL 1.000 |
| score BODY_EMPTY 1.000 |
| score BOGUS_MSM_HDRS 1.000 |
| score BOMB_FREEM 1.000 |
| score BOMB_MONEY 1.000 |
| score BTC_ORG 1.000 |
| score BULK_RE_SUSP_NTLD 1.000 |
| score CANT_SEE_AD 1.000 |
| score COMMENT_GIBBERISH 1.000 |
| score COMPENSATION 1.000 |
| score DAY_I_EARNED 1.000 |
| score DKIMWL_BLOCKED 0.001 |
| score DKIMWL_WL_MEDHI -1.000 |
| score EBAY_IMG_NOT_RCVD_EBAY 1.000 |
| score ENCRYPTED_MESSAGE -1.000 |
| score FBI_MONEY 1.000 |
| score FBI_SPOOF 1.000 |
| score FORM_LOW_CONTRAST 1.000 |
| score FREEM_FRNUM_UNICD_EMPTY 1.000 |
| score FRNAME_IN_MSG_XPRIO_NO_SUB 1.000 |
| score FROM_BANK_NOAUTH 1.000 |
| score FROM_FMBLA_NDBLOCKED 0.001 |
| score FROM_GOV_REPLYTO_FREEMAIL 1.000 |
| score FROM_NEWDOM_BTC 1.000 |
| score FROM_NTLD_LINKBAIT 1.000 |
| score FROM_NUMBERO_NEWDOMAIN 1.000 |
| score FROM_PAYPAL_SPOOF 1.000 |
| score FROM_WORDY_SHORT 1.000 |
| score GAPPY_SALES_LEADS_FREEM 1.000 |
| score GB_BITCOIN_NH 1.000 |
| score GB_FORGED_MUA_POSTFIX 1.000 |
| score GB_FREEMAIL_DISPTO_NOTFREEM 0.500 |
| score GB_GOOGLE_OBFUR 0.750 |
| score GB_LINKED_IMG_NOT_RCVD_LINK 1.000 |
| score GB_WP_FILELINK 1.000 |
| score GOOGLE_DOCS_PHISH 1.000 |
| score GOOGLE_DOCS_PHISH_MANY 1.000 |
| score GOOGLE_DRIVE_REPLY_BAD_NTLD 1.000 |
| score GOOG_MALWARE_DNLD 1.000 |
| score HDRS_MISSP 1.000 |
| score HEXHASH_WORD 1.000 |
| score HK_CTE_RAW 1.000 |
| score HK_RCVD_IP_MULTICAST 1.000 |
| score HOSTED_IMG_DQ_UNSUB 1.000 |
| score HOSTED_IMG_FREEM 1.000 |
| score HOSTED_IMG_MULTI 1.000 |
| score HTML_ENTITY_ASCII 1.000 |
| score HTML_ENTITY_ASCII_TINY 1.000 |
| score HTML_SHRT_CMNT_OBFU_MANY 1.000 |
| score LIST_PARTIAL_SHORT_MSG 1.000 |
| score LIST_PRTL_PUMPDUMP 1.000 |
| score LUCRATIVE 1.000 |
| score MALF_HTML_B64 1.000 |
| score MALWARE_NORDNS 1.000 |
| score MALWARE_PASSWORD 1.000 |
| score MANY_HDRS_LCASE 0.100 |
| score MONERO_DEADLINE 1.000 |
| score MONERO_EXTORT_01 1.000 |
| score MONERO_MALWARE 1.000 |
| score MONERO_PAY_ME 1.000 |
| score NEWEGG_IMG_NOT_RCVD_NEGG 1.000 |
| score OBFU_BITCOIN 1.000 |
| score OFFER_ONLY_AMERICA 1.000 |
| score PDS_HELO_SPF_FAIL 1.000 |
| score PHOTO_EDITING_DIRECT 1.000 |
| score PHP_NOVER_MUA 1.000 |
| score PHP_SCRIPT_MUA 1.000 |
| score PP_TOO_MUCH_UNICODE02 0.500 |
| score PP_TOO_MUCH_UNICODE05 1.000 |
| score PUMPDUMP 1.000 |
| score PUMPDUMP_MULTI 1.000 |
| score RAND_HEADER_MANY 1.000 |
| score RDNS_NUM_TLD_ATCHNX 1.000 |
| score SEO_SUSP_NTLD 1.000 |
| score SHOPIFY_IMG_NOT_RCVD_SFY 1.000 |
| score SHORT_IMG_SUSP_NTLD 1.000 |
| score SPOOFED_FREEM_REPTO_RUS 1.000 |
| score STOCK_TIP 1.000 |
| score SYSADMIN 1.000 |
| score TO_EQ_FM_DIRECT_MX 1.000 |
| score TO_NAME_SUBJ_NO_RDNS 1.000 |
| score TO_NO_BRKTS_PCNT 1.000 |
| score TW_GIBBERISH_MANY 1.000 |
| score UC_GIBBERISH_OBFU 1.000 |
| score UNICODE_OBFU_ZW 1.000 |
| score URI_DATA 1.000 |
| score URI_HEX_IP 1.000 |
| score URI_OPTOUT_3LD 1.000 |
| score USB_DRIVES 1.000 |
| score VPS_NO_NTLD 1.000 |
| score WALMART_IMG_NOT_RCVD_WAL 1.000 |
| score XPRIO 1.000 |
