| # Using score set 0 logs for revision 1883740 from: |
| # ham-axb-coi-bulk.r1883740.log ham-axb-generic.r1883740.log ham-axb-ham-misc.r1883740.log ham-darxus.r1883740.log ham-ena-week0.r1883740.log ham-ena-week1.r1883740.log ham-ena-week2.r1883740.log ham-ena-week3.r1883740.log ham-ena-week4.r1883740.log ham-giovanni-ham.r1883740.log ham-giovanni-spammy.r1883740.log ham-giovanni-spam.r1883740.log ham-grenier.r1883740.log ham-jbrooks.r1883740.log ham-mmiroslaw-mails-ham.r1883740.log ham-mmiroslaw-mails-spam.r1883740.log ham-npiazzi.r1883740.log ham-pds.r1883740.log ham-sihde.r1883740.log ham-spamsponge.r1883740.log ham-thendrikx.r1883740.log spam-axb-coi-bulk.r1883740.log spam-axb-generic.r1883740.log spam-axb-ham-misc.r1883740.log spam-darxus.r1883740.log spam-ena-week0.r1883740.log spam-ena-week1.r1883740.log spam-ena-week2.r1883740.log spam-ena-week3.r1883740.log spam-ena-week4.r1883740.log spam-giovanni-ham.r1883740.log spam-giovanni-spammy.r1883740.log spam-giovanni-spam.r1883740.log spam-grenier.r1883740.log spam-jbrooks.r1883740.log spam-mmiroslaw-mails-ham.r1883740.log spam-mmiroslaw-mails-spam.r1883740.log spam-npiazzi.r1883740.log spam-pds.r1883740.log spam-sihde.r1883740.log spam-spamsponge.r1883740.log spam-thendrikx.r1883740.log |
| |
| score AC_BR_BONANZA 0.001 |
| score AC_DIV_BONANZA 0.001 |
| score AC_FROM_MANY_DOTS 2.999 |
| score AC_HTML_NONSENSE_TAGS 1.999 |
| score ADVANCE_FEE_2_NEW_MONEY 1.172 |
| score ADVANCE_FEE_3_NEW 2.601 |
| score ADVANCE_FEE_3_NEW_MONEY 0.292 |
| score ADVANCE_FEE_4_NEW 2.599 |
| score ADVANCE_FEE_5_NEW 3.199 |
| score ADVANCE_FEE_5_NEW_FRM_MNY 0.001 |
| score ADVANCE_FEE_5_NEW_MONEY 2.290 |
| score ALIBABA_IMG_NOT_RCVD_ALI 2.499 |
| score AMAZON_IMG_NOT_RCVD_AMZN 2.499 |
| score APP_DEVELOPMENT_NORDNS 1.625 |
| score AXB_XMAILER_MIMEOLE_OL_024C2 0.001 # force non-zero |
| score AXB_XMAILER_MIMEOLE_OL_1ECD5 2.366 |
| score BITCOIN_DEADLINE 2.999 |
| score BITCOIN_EXTORT_01 2.111 |
| score BITCOIN_MALF_HTML 3.499 |
| score BITCOIN_SPAM_02 2.406 |
| score BITCOIN_SPAM_03 2.499 |
| score BITCOIN_SPAM_07 3.320 |
| score BITCOIN_XPRIO 0.001 |
| score BITCOIN_YOUR_INFO 0.001 |
| score BODY_EMPTY 1.999 |
| score BODY_SINGLE_URI 2.499 |
| score BODY_SINGLE_WORD 0.301 |
| score BODY_URI_ONLY 1.500 |
| score BOGUS_MIME_VERSION 3.499 |
| score BOGUS_MSM_HDRS 0.520 |
| score CK_HELO_GENERIC 0.249 |
| score CTE_8BIT_MISMATCH 0.999 |
| score DATE_IN_FUTURE_96_Q 2.799 |
| score DEAR_BENEFICIARY 0.001 |
| score DSN_NO_MIMEVERSION 1.999 |
| score END_FUTURE_EMAILS 1.852 |
| score FAKE_REPLY_A1 3.599 |
| score FAKE_REPLY_B 2.995 |
| score FILL_THIS_FORM 0.001 |
| score FONT_INVIS_DIRECT 2.393 |
| score FONT_INVIS_MSGID 2.499 |
| score FONT_INVIS_NORDNS 0.350 |
| score FORGED_RELAY_MUA_TO_MX 3.899 |
| score FORM_FRAUD 0.001 |
| score FORM_FRAUD_3 0.001 |
| score FORM_FRAUD_5 0.554 |
| score FOUND_YOU 3.249 |
| score FREEMAIL_FORGED_FROMDOMAIN 0.250 |
| score FROM_2_EMAILS_SHORT 1.951 |
| score FROM_ADDR_WS 2.999 |
| score FROM_MISSPACED 1.999 |
| score FROM_MISSP_DYNIP 0.001 # force non-zero |
| score FROM_MISSP_EH_MATCH 1.999 |
| score FROM_MISSP_FREEMAIL 0.001 |
| score FROM_MISSP_MSFT 0.001 |
| score FROM_MISSP_REPLYTO 0.001 # force non-zero |
| score FROM_MISSP_USER 0.001 |
| score FROM_MISSP_XPRIO 2.499 |
| score FROM_NAME_EQ_TO_G_DRIVE 1.189 |
| score FROM_NTLD_LINKBAIT 1.158 |
| score FROM_NTLD_REPLY_FREEMAIL 1.933 |
| score FROM_SUSPICIOUS_NTLD 0.499 |
| score FROM_SUSPICIOUS_NTLD_FP 1.999 |
| score FROM_WSP_TRAIL 0.731 |
| score FSL_CTYPE_WIN1251 0.001 |
| score FSL_NEW_HELO_USER 0.001 |
| score FUZZY_WALLET 2.400 |
| score GB_BITCOIN_CP 2.024 |
| score GB_FREEMAIL_DISPTO 0.001 |
| score GB_GOOGLE_OBFUS 0.749 |
| score GOOGLE_DOC_SUSP 2.499 |
| score GOOG_REDIR_NORDNS 2.003 |
| score GOOG_REDIR_SHORT 2.599 |
| score GOOG_STO_IMG_HTML 2.648 |
| score GOOG_STO_NOIMG_HTML 2.999 |
| score HDRS_LCASE 0.100 |
| score HDRS_LCASE_IMGONLY 0.099 |
| score HDR_ORDER_FTSDMCXX_DIRECT 1.999 |
| score HDR_ORDER_FTSDMCXX_NORDNS 0.001 |
| score HEADER_FROM_DIFFERENT_DOMAINS 0.249 |
| score HELO_MISC_IP 0.003 |
| score HELO_NO_DOMAIN 0.139 |
| score HEXHASH_WORD 2.999 |
| score HK_NAME_MR_MRS 0.793 |
| score HK_RANDOM_FROM 0.999 |
| score HK_RANDOM_REPLYTO 0.999 |
| score HK_RCVD_IP_MULTICAST 1.999 |
| score HK_SCAM 0.001 |
| score HOSTED_IMG_DIRECT_MX 3.475 |
| score HOSTED_IMG_FREEM 3.499 |
| score HTML_SINGLET_MANY 0.500 |
| score HTML_TEXT_INVISIBLE_FONT 1.999 |
| score HTML_TEXT_INVISIBLE_STYLE 0.352 |
| score IMG_ONLY_FM_DOM_INFO 2.500 |
| score KB_FORGED_MOZ4 2.899 |
| score KHOP_FAKE_EBAY 0.399 |
| score KHOP_HELO_FCRDNS 0.399 |
| score LIST_PRTL_SAME_USER 0.001 |
| score LONG_HEX_URI 2.199 |
| score LONG_IMG_URI 1.655 |
| score LONG_INVISIBLE_TEXT 0.001 |
| score LOTS_OF_MONEY 0.010 |
| score LUCRATIVE 1.999 |
| score MANY_HDRS_LCASE 0.064 |
| score MANY_SPAN_IN_TEXT 2.299 |
| score MAY_BE_FORGED 1.792 |
| score MILLION_HUNDRED 2.999 |
| score MIMEOLE_DIRECT_TO_MX 0.001 |
| score MIME_NO_TEXT 0.001 |
| score MIXED_ES 3.299 |
| score MONEY_ATM_CARD 0.001 |
| score MONEY_FORM 2.419 |
| score MONEY_FORM_SHORT 0.762 |
| score MONEY_FRAUD_3 2.599 |
| score MONEY_FRAUD_5 0.001 |
| score MONEY_FRAUD_8 3.099 |
| score MONEY_FREEMAIL_REPTO 2.999 |
| score MONEY_FROM_MISSP 0.790 |
| score MSGID_DOLLARS_URI_IMG 3.000 |
| score MSGID_NOFQDN1 1.430 |
| score MSMAIL_PRI_ABNORMAL 0.227 |
| score MSM_PRIO_REPTO 1.540 |
| score NAME_EMAIL_DIFF 1.786 |
| score NA_DOLLARS 1.499 |
| score NICE_REPLY_A -0.001 |
| score NORDNS_LOW_CONTRAST 1.285 |
| score NO_FM_NAME_IP_HOSTN 0.001 |
| score NSL_RCVD_FROM_USER 0.001 |
| score NSL_RCVD_HELO_USER 0.810 |
| score NUMBEREND_LINKBAIT 0.964 |
| score NUMBERONLY_BITCOIN_EXP 1.122 |
| score OFFER_ONLY_AMERICA 0.494 |
| score PDS_BTC_ID 0.499 |
| score PDS_BTC_MSGID 0.001 |
| score PDS_DBL_URL_ILLEGAL_CHARS 0.001 |
| score PDS_DBL_URL_TNB_RUNON 1.999 |
| score PDS_EMPTYSUBJ_URISHRT 1.499 |
| score PDS_FRNOM_TODOM_NAKED_TO 1.499 |
| score PDS_FROM_2_EMAILS 1.550 |
| score PDS_FROM_NAME_TO_DOMAIN 0.999 |
| score PDS_NAKED_TO_NUMERO 1.999 |
| score PDS_NO_FULL_NAME_SPOOFED_URL 0.749 |
| score PDS_OTHER_BAD_TLD 1.999 |
| score PDS_RDNS_DYNAMIC_FP 0.001 # force non-zero |
| score PDS_SHORT_SPOOFED_URL 1.999 |
| score PDS_TINYSUBJ_URISHRT 1.499 |
| score PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE 1.999 |
| score PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE 1.999 |
| score PDS_TONAME_EQ_TOLOCAL_SHORT 1.999 |
| score PDS_TONAME_EQ_TOLOCAL_VSHORT 0.999 |
| score PDS_TO_EQ_FROM_NAME 0.001 |
| score PHP_ORIG_SCRIPT 0.351 |
| score PHP_SCRIPT 2.499 |
| score PP_MIME_FAKE_ASCII_TEXT 1.000 |
| score RATWARE_NO_RDNS 1.680 |
| score RDNS_NUM_TLD_XM 3.000 |
| score RISK_FREE 3.599 |
| score SENDGRID_REDIR 1.499 |
| score SENDGRID_REDIR_PHISH 3.090 |
| score SERGIO_SUBJECT_VIAGRA01 0.025 |
| score SHOPIFY_IMG_NOT_RCVD_SFY 2.499 |
| score SHORTENER_SHORT_IMG 0.705 |
| score SHORT_BODY_G_DRIVE_DYN 0.952 |
| score SHORT_IMG_SUSP_NTLD 0.648 |
| score SHORT_SHORTNER 1.999 |
| score SINGLETS_LOW_CONTRAST 0.001 # force non-zero |
| score SPOOFED_FREEMAIL_NO_RDNS 1.500 |
| score STATIC_XPRIO_OLE 1.999 |
| score STOCK_LOW_CONTRAST 0.602 |
| score SUBJ_OBFU_PUNCT_FEW 0.469 |
| score SUBJ_OBFU_PUNCT_MANY 0.882 |
| score SUBJ_UNNEEDED_HTML 2.139 |
| score THIS_AD 1.099 |
| score THIS_IS_ADV_SUSP_NTLD 0.001 # force non-zero |
| score TONOM_EQ_TOLOC_SHRT_SHRTNER 1.499 |
| score TO_EQ_FM_DIRECT_MX 0.001 |
| score TO_EQ_FM_DOM_HTML_IMG 0.201 |
| score TO_EQ_FM_DOM_HTML_ONLY 1.152 |
| score TO_EQ_FM_HTML_ONLY 0.433 |
| score TO_IN_SUBJ 0.100 |
| score TO_NAME_SUBJ_NO_RDNS 2.499 |
| score TO_NO_BRKTS_FROM_MSSP 2.499 |
| score TO_NO_BRKTS_HTML_IMG 1.999 |
| score TO_NO_BRKTS_HTML_ONLY 1.999 |
| score TO_NO_BRKTS_MSFT 2.499 |
| score TO_NO_BRKTS_NORDNS_HTML 1.999 |
| score TO_NO_BRKTS_PCNT 1.562 |
| score TVD_IP_HEX 1.326 |
| score TVD_IP_SING_HEX 2.485 |
| score TVD_RCVD_SPACE_BRACKET 3.399 |
| score TVD_SPACE_ENCODED 2.499 |
| score TVD_SPACE_RATIO_MINFP 2.499 |
| score TVD_SUBJ_NUM_OBFU_MINFP 1.742 |
| score UPGRADE_MAILBOX 0.025 |
| score URI_DOTEDU 1.999 |
| score URI_GOOGLE_PROXY 2.083 |
| score URI_ONLY_MSGID_MALF 1.674 |
| score URI_PHISH 3.049 |
| score URI_PHP_REDIR 3.499 |
| score URI_TRY_3LD 1.505 |
| score URI_WPADMIN 0.787 |
| score URI_WP_DIRINDEX 3.499 |
| score URI_WP_HACKED 3.499 |
| score URI_WP_HACKED_2 2.499 |
| score XPRIO 2.249 |
| score XPRIO_SHORT_SUBJ 2.349 |
| score XPRIO_URL_SHORTNER 0.502 |
| score YOU_INHERIT 0.001 |
| score AC_POST_EXTRAS 1.000 |
| score AC_SPAMMY_URI_PATTERNS1 1.000 |
| score AC_SPAMMY_URI_PATTERNS10 1.000 |
| score AC_SPAMMY_URI_PATTERNS11 1.000 |
| score AC_SPAMMY_URI_PATTERNS12 1.000 |
| score AC_SPAMMY_URI_PATTERNS2 1.000 |
| score AC_SPAMMY_URI_PATTERNS3 1.000 |
| score AC_SPAMMY_URI_PATTERNS4 1.000 |
| score AC_SPAMMY_URI_PATTERNS8 1.000 |
| score AC_SPAMMY_URI_PATTERNS9 1.000 |
| score ADVANCE_FEE_2_NEW_FORM 1.000 |
| score AD_PREFS 0.250 |
| score APP_DEVELOPMENT_FREEM 1.000 |
| score BITCOIN_BOMB 1.000 |
| score BITCOIN_EXTORT_02 1.000 |
| score BITCOIN_MALWARE 1.000 |
| score BITCOIN_PAY_ME 1.000 |
| score BITCOIN_SPAM_01 1.000 |
| score BITCOIN_SPAM_04 1.000 |
| score BITCOIN_SPAM_06 1.000 |
| score BITCOIN_SPAM_08 1.000 |
| score BITCOIN_SPAM_09 1.000 |
| score BITCOIN_SPAM_10 1.000 |
| score BITCOIN_SPAM_11 1.000 |
| score BITCOIN_SPAM_12 1.000 |
| score BOMB_FREEM 1.000 |
| score BOMB_MONEY 1.000 |
| score BTC_ORG 1.000 |
| score BULK_RE_SUSP_NTLD 1.000 |
| score CANT_SEE_AD 1.000 |
| score COMMENT_GIBBERISH 1.000 |
| score COMPENSATION 1.000 |
| score DAY_I_EARNED 1.000 |
| score DOTGOV_IMAGE 1.000 |
| score EBAY_IMG_NOT_RCVD_EBAY 1.000 |
| score ENCRYPTED_MESSAGE -1.000 |
| score FBI_MONEY 1.000 |
| score FBI_SPOOF 1.000 |
| score FONT_INVIS_DOTGOV 1.000 |
| score FONT_INVIS_LONG_LINE 1.000 |
| score FONT_INVIS_POSTEXTRAS 1.000 |
| score FORM_LOW_CONTRAST 1.000 |
| score FREEM_FRNUM_UNICD_EMPTY 1.000 |
| score FRNAME_IN_MSG_XPRIO_NO_SUB 1.000 |
| score FROM_NUMERIC_TLD 1.000 |
| score GAPPY_SALES_LEADS_FREEM 1.000 |
| score GB_FORGED_MUA_POSTFIX 1.000 |
| score GB_FREEMAIL_DISPTO_NOTFREEM 0.500 |
| score GB_GOOGLE_OBFUR 0.750 |
| score GB_LINKED_IMG_NOT_RCVD_LINK 1.000 |
| score GB_WP_FILELINK 1.000 |
| score GOOGLE_DOCS_PHISH 1.000 |
| score GOOGLE_DOCS_PHISH_MANY 1.000 |
| score GOOGLE_DRIVE_REPLY_BAD_NTLD 1.000 |
| score GOOG_MALWARE_DNLD 1.000 |
| score GOOG_STO_HTML_PHISH 1.000 |
| score GOOG_STO_HTML_PHISH_MANY 1.000 |
| score GOOG_STO_IMG_NOHTML 1.000 |
| score HDRS_MISSP 1.000 |
| score HK_CTE_RAW 1.000 |
| score HOSTED_IMG_DQ_UNSUB 1.000 |
| score HOSTED_IMG_MULTI 1.000 |
| score HTML_ENTITY_ASCII 1.000 |
| score HTML_ENTITY_ASCII_TINY 1.000 |
| score HTML_OFF_PAGE 1.000 |
| score HTML_SHRT_CMNT_OBFU_MANY 1.000 |
| score LIST_PARTIAL_SHORT_MSG 1.000 |
| score LIST_PRTL_PUMPDUMP 1.000 |
| score MALF_HTML_B64 1.000 |
| score MALWARE_NORDNS 1.000 |
| score MALWARE_PASSWORD 1.000 |
| score MONERO_DEADLINE 1.000 |
| score MONERO_EXTORT_01 1.000 |
| score MONERO_MALWARE 1.000 |
| score MONERO_PAY_ME 1.000 |
| score NEWEGG_IMG_NOT_RCVD_NEGG 1.000 |
| score OBFU_BITCOIN 1.000 |
| score PHOTO_EDITING_DIRECT 1.000 |
| score PHP_NOVER_MUA 1.000 |
| score PHP_SCRIPT_MUA 1.000 |
| score PP_TOO_MUCH_UNICODE02 0.500 |
| score PP_TOO_MUCH_UNICODE05 1.000 |
| score PUMPDUMP 1.000 |
| score PUMPDUMP_MULTI 1.000 |
| score RAND_HEADER_MANY 1.000 |
| score RCVD_DOTEDU_SHORT 1.000 |
| score RCVD_DOTEDU_SUSP_URI 1.000 |
| score RDNS_NUM_TLD_ATCHNX 1.000 |
| score SEO_SUSP_NTLD 1.000 |
| score STOCK_TIP 1.000 |
| score SYSADMIN 1.000 |
| score TW_GIBBERISH_MANY 1.000 |
| score UC_GIBBERISH_OBFU 1.000 |
| score UNICODE_OBFU_ASC 1.000 |
| score UNICODE_OBFU_ZW 1.000 |
| score URI_DASHGOVEDU 1.000 |
| score URI_DATA 1.000 |
| score URI_DOTEDU_ENTITY 1.000 |
| score URI_HEX_IP 1.000 |
| score URI_IMG_WP_REDIR 1.000 |
| score URI_OPTOUT_3LD 1.000 |
| score USB_DRIVES 1.000 |
| score VPS_NO_NTLD 1.000 |
| score WALMART_IMG_NOT_RCVD_WAL 1.000 |
| # in active.list but have no hits in recent corpus |
| score BITCOIN_SPAM_05 0.001 # force non-zero |
| score BITCOIN_SPF_ONLYALL 0.001 # force non-zero |
| score DKIMWL_BL 0.001 # force non-zero |
| score DKIMWL_BLOCKED 0.001 # force non-zero |
| score DKIMWL_WL_HIGH 0.001 # force non-zero |
| score DKIMWL_WL_MED 0.001 # force non-zero |
| score DKIMWL_WL_MEDHI 0.001 # force non-zero |
| score FROM_BANK_NOAUTH 0.001 # force non-zero |
| score FROM_FMBLA_NDBLOCKED 0.001 # force non-zero |
| score FROM_FMBLA_NEWDOM 0.001 # force non-zero |
| score FROM_FMBLA_NEWDOM14 0.001 # force non-zero |
| score FROM_FMBLA_NEWDOM28 0.001 # force non-zero |
| score FROM_GOV_DKIM_AU 0.001 # force non-zero |
| score FROM_GOV_REPLYTO_FREEMAIL 0.001 # force non-zero |
| score FROM_GOV_SPOOF 0.001 # force non-zero |
| score FROM_MISSP_SPF_FAIL 0.001 # force non-zero |
| score FROM_NEWDOM_BTC 0.001 # force non-zero |
| score FROM_NUMBERO_NEWDOMAIN 0.001 # force non-zero |
| score FROM_PAYPAL_SPOOF 0.001 # force non-zero |
| score FSL_BULK_SIG 0.001 # force non-zero |
| score PDS_HELO_SPF_FAIL 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_BL 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_H2 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_H3 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_H4 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_H5 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_L2 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_L3 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_L4 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_L5 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_WL 0.001 # force non-zero |
| score RCVD_IN_MSPIKE_ZBI 0.001 # force non-zero |
| score SPOOFED_FREEMAIL 0.001 # force non-zero |
| score SPOOFED_FREEM_REPTO 0.001 # force non-zero |
| score SPOOFED_FREEM_REPTO_CHN 0.001 # force non-zero |
| score SPOOFED_FREEM_REPTO_RUS 0.001 # force non-zero |
| score SURBL_BLOCKED 0.001 # force non-zero |
| score TO_EQ_FM_DOM_SPF_FAIL 0.001 # force non-zero |
| score TO_EQ_FM_SPF_FAIL 0.001 # force non-zero |