| # Using score set 0 logs for revision 1862963 from: |
| # ham-axb-coi-bulk.r1862963.log ham-axb-generic.r1862963.log ham-axb-ham-misc.r1862963.log ham-darxus.r1862963.log ham-ena-week0.r1862963.log ham-ena-week1.r1862963.log ham-ena-week2.r1862963.log ham-ena-week3.r1862963.log ham-ena-week4.r1862963.log ham-giovanni-ham.r1862963.log ham-giovanni-spammy.r1862963.log ham-giovanni-spam.r1862963.log ham-grenier.r1862963.log ham-hege.r1862963.log ham-jarif.r1862963.log ham-jbrooks.r1862963.log ham-llanga.r1862963.log ham-mmiroslaw-mails-ham.r1862963.log ham-mmiroslaw-mails-spam.r1862963.log ham-npiazzi.r1862963.log ham-pds.r1862963.log ham-sihde.r1862963.log ham-spamsponge.r1862963.log ham-thendrikx.r1862963.log spam-axb-coi-bulk.r1862963.log spam-axb-generic.r1862963.log spam-axb-ham-misc.r1862963.log spam-darxus.r1862963.log spam-ena-week0.r1862963.log spam-ena-week1.r1862963.log spam-ena-week2.r1862963.log spam-ena-week3.r1862963.log spam-ena-week4.r1862963.log spam-giovanni-ham.r1862963.log spam-giovanni-spammy.r1862963.log spam-giovanni-spam.r1862963.log spam-grenier.r1862963.log spam-hege.r1862963.log spam-jarif.r1862963.log spam-jbrooks.r1862963.log spam-llanga.r1862963.log spam-mmiroslaw-mails-ham.r1862963.log spam-mmiroslaw-mails-spam.r1862963.log spam-npiazzi.r1862963.log spam-pds.r1862963.log spam-sihde.r1862963.log spam-spamsponge.r1862963.log spam-thendrikx.r1862963.log |
| |
| score AC_BR_BONANZA 0.001 |
| score AC_DIV_BONANZA 0.001 |
| score AC_FROM_MANY_DOTS 2.999 |
| score AC_HTML_NONSENSE_TAGS 1.999 |
| score ADVANCE_FEE_2_NEW_MONEY 1.241 |
| score ADVANCE_FEE_3_NEW 2.053 |
| score ADVANCE_FEE_3_NEW_MONEY 2.451 |
| score ADVANCE_FEE_4_NEW 2.700 |
| score ADVANCE_FEE_4_NEW_FRM_MNY 1.511 |
| score ADVANCE_FEE_4_NEW_MONEY 2.899 |
| score ADVANCE_FEE_5_NEW 1.451 |
| score ADVANCE_FEE_5_NEW_FRM_MNY 0.001 # force non-zero |
| score ADVANCE_FEE_5_NEW_MONEY 0.578 |
| score AD_PREFS 0.499 |
| score AMAZON_IMG_NOT_RCVD_AMZN 1.065 |
| score ANY_PILL_PRICE 1.423 |
| score AXB_XMAILER_MIMEOLE_OL_024C2 3.699 |
| score AXB_XMAILER_MIMEOLE_OL_1ECD5 1.400 |
| score BIGNUM_EMAILS 2.999 |
| score BITCOIN_DEADLINE 2.902 |
| score BITCOIN_EXTORT_01 4.999 |
| score BITCOIN_MALWARE 3.499 |
| score BITCOIN_PAY_ME 3.000 |
| score BITCOIN_SPAM_01 0.001 |
| score BITCOIN_SPAM_02 2.499 |
| score BITCOIN_SPAM_03 2.500 |
| score BITCOIN_SPAM_05 2.499 |
| score BITCOIN_SPAM_06 1.499 |
| score BITCOIN_SPAM_07 3.499 |
| score BITCOIN_SPAM_08 2.499 |
| score BITCOIN_SPAM_09 0.001 |
| score BITCOIN_SPAM_11 1.798 |
| score BODY_EMPTY 1.999 |
| score BODY_SINGLE_URI 2.316 |
| score BODY_SINGLE_WORD 1.232 |
| score BODY_URI_ONLY 0.999 |
| score BOGUS_MSM_HDRS 2.804 |
| score CANT_SEE_AD 1.898 |
| score CK_HELO_DYNAMIC_SPLIT_IP 1.500 |
| score CK_HELO_GENERIC 0.249 |
| score COMPENSATION 0.001 |
| score DATE_IN_FUTURE_96_Q 2.799 |
| score DEAR_BENEFICIARY 3.099 |
| score DRUGS_ERECTILE_SHORT_SHORTNER 0.422 |
| score DX_TEXT_03 0.899 |
| score FAKE_REPLY_A1 3.099 |
| score FILL_THIS_FORM 0.283 |
| score FORM_FRAUD 0.999 |
| score FORM_FRAUD_3 0.360 |
| score FORM_FRAUD_5 0.001 |
| score FOUND_YOU 3.249 |
| score FREEMAIL_FORGED_FROMDOMAIN 0.209 |
| score FROMSPACE 2.550 |
| score FROM_2_EMAILS_SHORT 1.999 |
| score FROM_ADDR_WS 2.999 |
| score FROM_MISSPACED 0.001 |
| score FROM_MISSP_DYNIP 2.007 |
| score FROM_MISSP_EH_MATCH 0.001 |
| score FROM_MISSP_FREEMAIL 3.052 |
| score FROM_MISSP_MSFT 0.001 |
| score FROM_MISSP_PHISH 3.499 |
| score FROM_MISSP_REPLYTO 0.001 |
| score FROM_MISSP_TO_UNDISC 0.001 |
| score FROM_MISSP_USER 0.001 |
| score FROM_MISSP_XPRIO 0.001 |
| score FROM_NAME_EQ_TO_G_DRIVE 0.251 |
| score FROM_NTLD_REPLY_FREEMAIL 1.999 |
| score FROM_SUSPICIOUS_NTLD 0.500 |
| score FROM_WORDY 0.001 |
| score FROM_WORDY_SHORT 1.065 |
| score FROM_WSP_TRAIL 2.543 |
| score FSL_CTYPE_WIN1251 2.502 |
| score FSL_HELO_FAKE 3.800 |
| score FSL_NEW_HELO_USER 0.001 |
| score FSL_THIS_IS_ADV 3.099 |
| score FUZZY_CLICK_HERE 2.599 |
| score FUZZY_UNSUBSCRIBE 2.599 |
| score GB_FORGED_MUA_POSTFIX 1.999 |
| score GB_FREEMAIL_DISPTO 0.500 |
| score GB_FREEMAIL_DISPTO_NOTFREEM 0.499 |
| score GB_GOOGLE_OBFU 0.749 |
| score GB_GOOG_IMG_NOT_RCVD_GOOG 2.499 |
| score GB_LINKED_IMG_NOT_RCVD_LINK 2.500 |
| score GOOG_REDIR_HTML_ONLY 1.999 |
| score GOOG_REDIR_NORDNS 0.563 |
| score HDRS_LCASE_IMGONLY 0.100 |
| score HDR_ORDER_FTSDMCXX_DIRECT 1.999 |
| score HDR_ORDER_FTSDMCXX_NORDNS 2.496 |
| score HEADER_FROM_DIFFERENT_DOMAINS 0.249 |
| score HELO_MISC_IP 0.250 |
| score HELO_NO_DOMAIN 1.436 |
| score HEXHASH_WORD 2.601 |
| score HK_LOTTO 0.999 |
| score HK_NAME_FM_MR_MRS 1.114 |
| score HK_NAME_FROM 0.999 |
| score HK_NAME_MR_MRS 0.999 |
| score HK_RANDOM_FROM 0.999 |
| score HK_RANDOM_REPLYTO 1.000 |
| score HK_RCVD_IP_MULTICAST 1.985 |
| score HK_SCAM 1.999 |
| score HOSTED_IMG_DIRECT_MX 3.499 |
| score HTML_ENTITY_ASCII 2.652 |
| score HTML_OFF_PAGE 2.999 |
| score HTML_SHRT_CMNT_OBFU_MANY 1.546 |
| score HTML_SINGLET_MANY 1.876 |
| score HTML_TEXT_INVISIBLE_STYLE 0.091 |
| score IMG_ALT_HSPACE_CID_ALIGN 2.108 |
| score IMG_ONLY_FM_DOM_INFO 2.339 |
| score KB_FORGED_MOZ4 3.799 |
| score LIST_PARTIAL 0.999 |
| score LIST_PARTIAL_SHORT_MSG 2.499 |
| score LIST_PRTL_SAME_USER 0.001 |
| score LONG_HEX_URI 2.999 |
| score LONG_IMG_URI 1.275 |
| score LOTS_OF_MONEY 0.010 |
| score LUCRATIVE 1.199 |
| score L_8BIT_MISMATCH 0.010 |
| score MALFORMED_FREEMAIL 1.499 |
| score MALF_HTML_B64 0.001 |
| score MANY_SPAN_IN_TEXT 2.499 |
| score MILLION_HUNDRED 0.443 |
| score MILLION_USD 0.646 |
| score MIMEOLE_DIRECT_TO_MX 1.999 |
| score MIXED_ES 1.164 |
| score MONEY_ATM_CARD 2.390 |
| score MONEY_FORM 0.001 |
| score MONEY_FORM_SHORT 2.499 |
| score MONEY_FRAUD_3 2.800 |
| score MONEY_FRAUD_5 3.100 |
| score MONEY_FRAUD_8 3.299 |
| score MONEY_FROM_41 2.000 |
| score MONEY_FROM_MISSP 1.999 |
| score MSM_PRIO_REPTO 2.237 |
| score NORDNS_LOW_CONTRAST 1.787 |
| score NO_FM_NAME_IP_HOSTN 2.349 |
| score NSL_RCVD_FROM_USER 0.001 |
| score NSL_RCVD_HELO_USER 2.600 |
| score NUMBERONLY_BITCOIN_EXP 0.999 |
| score OBFU_BITCOIN 1.191 |
| score OFFER_ONLY_AMERICA 1.999 |
| score PDS_DBL_URL_LINKBAIT 1.576 |
| score PDS_DBL_URL_TNB_RUNON 1.999 |
| score PDS_HIDDEN_UK_BUSINESSLOAN 1.938 |
| score PDS_PHP_EVAL 1.499 |
| score PDS_TO_EQ_FROM_NAME 0.103 |
| score PDS_URI_HIDDEN_HELO_NO_DOMAIN 0.702 |
| score PDS_X_PHP_WP_EXP 1.499 |
| score PHOTO_EDITING_DIRECT 2.999 |
| score PHP_ORIG_SCRIPT 2.500 |
| score PP_MIME_FAKE_ASCII_TEXT 0.999 |
| score RATWARE_NO_RDNS 1.563 |
| score RDNS_NUM_TLD_XM 2.999 |
| score RISK_FREE 2.634 |
| score RP_8BIT 2.599 |
| score SEO_SUSP_NTLD 1.199 |
| score SERGIO_SUBJECT_PORN014 2.500 |
| score SERGIO_SUBJECT_VIAGRA01 0.076 |
| score SHORTENER_SHORT_IMG 0.153 |
| score SHORT_BODY_G_DRIVE_DYN 1.462 |
| score SHORT_IMG_SUSP_NTLD 1.499 |
| score SINGLETS_LOW_CONTRAST 0.001 # force non-zero |
| score SPOOFED_FREEMAIL_NO_RDNS 1.499 |
| score SPOOFED_FREEM_REPTO 2.499 |
| score STATIC_XPRIO_OLE 1.999 |
| score STOCK_LOW_CONTRAST 1.238 |
| score TEQF_USR_POLITE 1.799 |
| score THIS_AD 1.899 |
| score THIS_IS_ADV_SUSP_NTLD 1.415 |
| score TO_EQ_FM_DIRECT_MX 1.399 |
| score TO_IN_SUBJ 0.100 |
| score TO_NAME_SUBJ_NO_RDNS 0.001 |
| score TO_NO_BRKTS_DYNIP 2.258 |
| score TO_NO_BRKTS_FROM_MSSP 2.499 |
| score TO_NO_BRKTS_HTML_IMG 0.642 |
| score TO_NO_BRKTS_HTML_ONLY 1.999 |
| score TO_NO_BRKTS_MSFT 2.499 |
| score TO_NO_BRKTS_NORDNS_HTML 1.999 |
| score TO_NO_BRKTS_PCNT 2.500 |
| score TVD_IP_HEX 2.128 |
| score TVD_IP_SING_HEX 0.449 |
| score TVD_SPACE_ENCODED 2.484 |
| score TVD_SPACE_RATIO_MINFP 2.499 |
| score TVD_SUBJ_APPR_LOAN 2.316 |
| score TVD_SUBJ_NUM_OBFU_MINFP 0.914 |
| score UNICODE_OBFU_ASC 2.499 |
| score UNICODE_OBFU_ZW 0.001 |
| score URI_BUFFLY 1.183 |
| score URI_GOOGLE_PROXY 1.699 |
| score URI_HEX_IP 1.380 |
| score URI_ONLY_MSGID_MALF 1.999 |
| score URI_PHISH 3.999 |
| score URI_PHP_REDIR 3.499 |
| score URI_TRY_3LD 1.198 |
| score URI_WPADMIN 2.600 |
| score URI_WP_DIRINDEX 3.499 |
| score URI_WP_HACKED 3.499 |
| score URI_WP_HACKED_2 2.500 |
| score XPRIO 2.249 |
| score XPRIO_SHORT_SUBJ 2.499 |
| score XPRIO_URL_SHORTNER 1.000 |
| score YOU_INHERIT 1.961 |
| score ZW_OBFU_BITCOIN 0.001 |
| score AC_SPAMMY_URI_PATTERNS1 1.000 |
| score AC_SPAMMY_URI_PATTERNS10 1.000 |
| score AC_SPAMMY_URI_PATTERNS11 1.000 |
| score AC_SPAMMY_URI_PATTERNS12 1.000 |
| score AC_SPAMMY_URI_PATTERNS2 1.000 |
| score AC_SPAMMY_URI_PATTERNS3 1.000 |
| score AC_SPAMMY_URI_PATTERNS4 1.000 |
| score AC_SPAMMY_URI_PATTERNS8 1.000 |
| score AC_SPAMMY_URI_PATTERNS9 1.000 |
| score ADVANCE_FEE_2_NEW_FORM 1.000 |
| score APP_DEVELOPMENT_FREEM 1.000 |
| score APP_DEVELOPMENT_NORDNS 1.000 |
| score BITCOIN_SPAM_04 1.000 |
| score BITCOIN_SPAM_10 1.000 |
| score BITCOIN_SPAM_12 1.000 |
| score BOGUS_MIME_VERSION 1.000 |
| score BOMB_FREEM 1.000 |
| score BOMB_MONEY 1.000 |
| score BULK_RE_SUSP_NTLD 1.000 |
| score COMMENT_GIBBERISH 1.000 |
| score DAY_I_EARNED 1.000 |
| score EBAY_IMG_NOT_RCVD_EBAY 1.000 |
| score ENCRYPTED_MESSAGE -1.000 |
| score FBI_MONEY 1.000 |
| score FBI_SPOOF 1.000 |
| score FORM_LOW_CONTRAST 1.000 |
| score FREEM_FRNUM_UNICD_EMPTY 1.000 |
| score FRNAME_IN_MSG_XPRIO_NO_SUB 1.000 |
| score FROM_NTLD_LINKBAIT 1.000 |
| score FROM_NUMERIC_TLD 1.000 |
| score GAPPY_SALES_LEADS_FREEM 1.000 |
| score GOOGLE_DOCS_PHISH 1.000 |
| score GOOGLE_DOCS_PHISH_MANY 1.000 |
| score GOOGLE_DRIVE_REPLY_BAD_NTLD 1.000 |
| score GOOG_MALWARE_DNLD 1.000 |
| score HOSTED_IMG_DQ_UNSUB 1.000 |
| score HOSTED_IMG_FREEM 1.000 |
| score HTML_ENTITY_ASCII_TINY 1.000 |
| score HTML_TEXT_INVISIBLE_FONT 1.000 |
| score LIST_PRTL_PUMPDUMP 1.000 |
| score LOTTO_AGENT 1.000 |
| score MIME_NO_TEXT 1.000 |
| score PDS_PHP_RUNTIME_FUNC 1.000 |
| score PHOTO_EDITING_FREEM 1.000 |
| score PHP_NOVER_MUA 1.000 |
| score PHP_SCRIPT_MUA 1.000 |
| score PP_TOO_MUCH_UNICODE02 0.500 |
| score PP_TOO_MUCH_UNICODE05 1.000 |
| score PUMPDUMP 1.000 |
| score PUMPDUMP_MULTI 1.000 |
| score RAND_HEADER_MANY 1.000 |
| score RDNS_NUM_TLD_ATCHNX 1.000 |
| score SPOOFED_FREEM_REPTO_CHN 1.000 |
| score SPOOFED_FREEM_REPTO_RUS 1.000 |
| score STOCK_TIP 1.000 |
| score SYSADMIN 1.000 |
| score TW_GIBBERISH_MANY 1.000 |
| score UC_GIBBERISH_OBFU 1.000 |
| score URI_DATA 1.000 |
| score URI_OPTOUT_3LD 1.000 |
| score USB_DRIVES 1.000 |
| score VPS_NO_NTLD 1.000 |
| # in active.list but have no hits in recent corpus |
| score BITCOIN_SPF_ONLYALL 0.001 # force non-zero |
| score DKIMWL_BL 0.001 # force non-zero |
| score DKIMWL_BLOCKED 0.001 # force non-zero |
| score DKIMWL_WL_HIGH 0.001 # force non-zero |
| score DKIMWL_WL_MED 0.001 # force non-zero |
| score DKIMWL_WL_MEDHI 0.001 # force non-zero |
| score FROM_BANK_NOAUTH 0.001 # force non-zero |
| score FROM_FMBLA_NDBLOCKED 0.001 # force non-zero |
| score FROM_FMBLA_NEWDOM 0.001 # force non-zero |
| score FROM_FMBLA_NEWDOM14 0.001 # force non-zero |
| score FROM_FMBLA_NEWDOM28 0.001 # force non-zero |
| score FROM_GOV_DKIM_AU 0.001 # force non-zero |
| score FROM_GOV_REPLYTO_FREEMAIL 0.001 # force non-zero |
| score FROM_GOV_SPOOF 0.001 # force non-zero |
| score FROM_MISSP_SPF_FAIL 0.001 # force non-zero |
| score FROM_NUMBERO_NEWDOMAIN 0.001 # force non-zero |
| score FROM_PAYPAL_SPOOF 0.001 # force non-zero |
| score FSL_BULK_SIG 0.001 # force non-zero |
| score PDS_HELO_SPF_FAIL 0.001 # force non-zero |
| score PDS_HP_HELO_NORDNS 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_BL 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_H2 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_H3 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_H4 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_H5 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_L2 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_L3 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_L4 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_L5 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_WL 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_ZBI 0.001 # force non-zero |
| score SURBL_BLOCKED 0.001 # force non-zero |
| score TO_EQ_FM_DOM_SPF_FAIL 0.001 # force non-zero |
| score TO_EQ_FM_SPF_FAIL 0.001 # force non-zero |
