# active ruleset list, automatically generated from http://ruleqa.spamassassin.org/ # with results from: day 1: bb-doc bb-fredt bb-guenther_fraud bb-jhardin bb-jhardin_fraud bb-jm bb-kmcgrail bb-trec_enron bb-zmi bernie-it_batt bernie-mix danmcdonald dos kgolding; day 2: bb-doc bb-fredt bb-guenther_fraud bb-jhardin bb-jhardin_fraud bb-jm bb-kmcgrail bb-trec_enron bb-zmi bernie-it_batt bernie-mix danmcdonald dos; day 3: bb-doc bb-fredt bb-guenther_fraud bb-jhardin bb-jhardin_fraud bb-jm bb-kmcgrail bb-trec_enron bb-zmi bernie-it_batt bernie-mix danmcdonald dos kgolding # tflags publish ADVANCE_FEE_2_NEW_FORM # tflags publish ADVANCE_FEE_2_NEW_MONEY # tflags publish ADVANCE_FEE_3_NEW # tflags publish ADVANCE_FEE_3_NEW_FORM # tflags publish ADVANCE_FEE_3_NEW_MONEY # tflags publish ADVANCE_FEE_4_NEW # tflags publish ADVANCE_FEE_5_NEW # tflags userconf ALL_TRUSTED # good enough AXB_HELO_HOME_UN # good enough AXB_XMID_DIGDOTSHRT # tflags learn BAYES_00 # tflags learn BAYES_05 # tflags learn BAYES_20 # tflags learn BAYES_40 # tflags learn BAYES_50 # tflags learn BAYES_60 # tflags learn BAYES_80 # tflags learn BAYES_95 # tflags learn BAYES_99 # tflags userconf CHARSET_FARAWAY # tflags userconf CHARSET_FARAWAY_HEADER # tflags userconf CORRUPT_FROM_LINE_IN_HDRS # good enough DATE_IN_FUTURE_96_Q # good enough DATE_IN_FUTURE_Q_PLUS # good enough DEAR_BENEFICIARY # good enough DEAR_EMAIL # good enough DECEASED_NO_ML # tflags net DIGEST_MULTIPLE # tflags net DKIMDOMAIN_IN_DWL # tflags net DKIMDOMAIN_IN_DWL_UNKNOWN # tflags net DKIM_ADSP_ALL # tflags net DKIM_ADSP_CUSTOM_HIGH # tflags net DKIM_ADSP_CUSTOM_LOW # tflags net DKIM_ADSP_CUSTOM_MED # tflags net DKIM_ADSP_DISCARD # tflags net DKIM_ADSP_NXDOMAIN # tflags net DKIM_SIGNED # tflags net DKIM_VALID # tflags net DKIM_VALID_AU # tflags net DNS_FROM_AHBL_RHSBL # tflags net DNS_FROM_RFC_BOGUSMX # tflags net DNS_FROM_RFC_DSN # tflags publish DOS_ANAL_SPAM_MAILER # good enough DOS_OE_TO_MX # good enough DOS_OE_TO_MX_IMAGE # good enough DRUGS_STOCK_MIMEOLE # good enough DYN_RDNS_AND_INLINE_IMAGE # good enough DYN_RDNS_SHORT_HELO_HTML # tflags userconf ENV_AND_HDR_SPF_MATCH # good enough FB_ACHIEVE_BACH # good enough FB_CIALIS_LEO3 # good enough FB_GET_MEDS # good enough FB_GVR # good enough FB_QUALITY_REPLICA # good enough FB_REPLICA_ROLEX # good enough FH_FAKE_RCVD_LINE_B # good enough FH_FROM_GET_NAME # good enough FH_HELO_ALMOST_IP # good enough FH_HELO_EQ_D_D_D_D # good enough FH_HOST_EQ_DYNAMICIP # good enough FH_HOST_IN_ADDRARPA # tflags publish FILL_THIS_FORM # good enough FM_LOTTO_YOU_WON # tflags publish FORM_FRAUD_3 # tflags publish FORM_FRAUD_5 # tflags userconf FRAGMENTED_MESSAGE # tflags userconf FROM_DOMAIN_NOVOWEL # tflags publish FROM_IN_TO_AND_SUBJ # tflags userconf FROM_LOCAL_NOVOWEL # good enough FROM_MISSPACED # tflags net FROM_MISSP_DKIM # good enough FROM_MISSP_DYNIP # good enough FROM_MISSP_EH_MATCH # good enough FROM_MISSP_FREEMAIL # good enough FROM_MISSP_MSFT # good enough FROM_MISSP_NO_TO # tflags net FROM_MISSP_SPF_FAIL # good enough FROM_MISSP_TO_UNDISC # good enough FROM_MISSP_URI # good enough FROM_MISSP_USER # good enough FRT_APPROV # good enough FRT_EXPERIENCE # good enough FRT_PHARMAC # good enough FRT_PRICE # good enough FRT_ROLEX # good enough FR_WATCHES_HTTP # good enough FSL_BOTSPAM_1 # good enough FSL_BOTSPAM_2 # good enough FSL_BOTSPAM_3 # good enough FSL_BOTSPAM_4 # good enough FSL_CTYPE_WIN1251 # good enough FSL_HELO_BARE_IP_1 # good enough FSL_HELO_DEVICE # good enough FSL_MID_419 # good enough FSL_RU_URL # good enough FS_LARGE_PERCENT2 # good enough FS_SILDENAFIL # tflags userconf GTUBE # good enough GZ_PILL_SQUATTERS # tflags userconf HASHCASH_20 # tflags userconf HASHCASH_21 # tflags userconf HASHCASH_22 # tflags userconf HASHCASH_23 # tflags userconf HASHCASH_24 # tflags userconf HASHCASH_25 # tflags userconf HASHCASH_2SPEND # tflags userconf HASHCASH_HIGH # tflags userconf HEAD_LONG # good enough HELO_LH_HOME # good enough HELO_NO_DOMAIN # good enough HELO_OEM # good enough HK_NAME_DRUGS # good enough HK_SCAM_N2 # tflags userconf HTML_CHARSET_FARAWAY # good enough IMG_DIRECT_TO_MX # good enough KAM_LOTTO1 # good enough KB_DATE_CONTAINS_TAB # good enough KB_FAKED_THE_BAT # good enough KB_RATWARE_MSGID # good enough KB_RATWARE_OUTLOOK_MID # tflags publish LOTS_OF_MONEY # good enough LOTTERY_PH_004470 # good enough LOTTO_AGENT # tflags publish MAILER_EQ_ORG # tflags publish MANY_SPAN_IN_TEXT # good enough MAY_BE_FORGED # tflags userconf MIME_CHARSET_FARAWAY # tflags userconf MISSING_HB_SEP # good enough MONEY_ATM_CARD # good enough MONEY_FORM # tflags publish MONEY_FRAUD_3 # tflags publish MONEY_FRAUD_5 # tflags publish MONEY_FRAUD_8 # good enough MONEY_FROM_MISSP # good enough MONEY_LOTTERY # good enough MSOE_MID_WRONG_CASE # tflags net NO_DNS_FOR_FROM # tflags userconf NO_RECEIVED # tflags userconf NO_RELAYS # good enough NSL_RCVD_FROM_USER # tflags publish OBFU_JVSCR_ESC # tflags publish OBFU_TEXT_ATTACH # tflags net PYZOR_CHECK # tflags net RAZOR2_CF_RANGE_51_100 # tflags net RAZOR2_CF_RANGE_E4_51_100 # tflags net RAZOR2_CF_RANGE_E8_51_100 # tflags net RAZOR2_CHECK # tflags net RCVD_IN_BL_SPAMCOP_NET # tflags net RCVD_IN_CSS # tflags net RCVD_IN_DNSWL_HI # tflags net RCVD_IN_DNSWL_LOW # tflags net RCVD_IN_DNSWL_MED # tflags net RCVD_IN_DNSWL_NONE # tflags net RCVD_IN_IADB_DK # tflags net RCVD_IN_IADB_DOPTIN # tflags net RCVD_IN_IADB_DOPTIN_GT50 # tflags net RCVD_IN_IADB_DOPTIN_LT50 # tflags net RCVD_IN_IADB_EDDB # tflags net RCVD_IN_IADB_EPIA # tflags net RCVD_IN_IADB_GOODMAIL # tflags net RCVD_IN_IADB_LISTED # tflags net RCVD_IN_IADB_LOOSE # tflags net RCVD_IN_IADB_MI_CPEAR # tflags net RCVD_IN_IADB_MI_CPR_30 # tflags net RCVD_IN_IADB_MI_CPR_MAT # tflags net RCVD_IN_IADB_ML_DOPTIN # tflags net RCVD_IN_IADB_NOCONTROL # tflags net RCVD_IN_IADB_OOO # tflags net RCVD_IN_IADB_OPTIN # tflags net RCVD_IN_IADB_OPTIN_GT50 # tflags net RCVD_IN_IADB_OPTIN_LT50 # tflags net RCVD_IN_IADB_OPTOUTONLY # tflags net RCVD_IN_IADB_RDNS # tflags net RCVD_IN_IADB_SENDERID # tflags net RCVD_IN_IADB_SPF # tflags net RCVD_IN_IADB_UNVERIFIED_1 # tflags net RCVD_IN_IADB_UNVERIFIED_2 # tflags net RCVD_IN_IADB_UT_CPEAR # tflags net RCVD_IN_IADB_UT_CPR_30 # tflags net RCVD_IN_IADB_UT_CPR_MAT # tflags net RCVD_IN_IADB_VOUCHED # tflags net RCVD_IN_MAPS_DUL # tflags net RCVD_IN_MAPS_NML # tflags net RCVD_IN_MAPS_OPS # tflags net RCVD_IN_MAPS_RBL # tflags net RCVD_IN_MAPS_RSS # tflags net RCVD_IN_NJABL_CGI # tflags net RCVD_IN_NJABL_MULTI # tflags net RCVD_IN_NJABL_PROXY # tflags net RCVD_IN_NJABL_RELAY # tflags net RCVD_IN_NJABL_SPAM # tflags net RCVD_IN_PBL # tflags net RCVD_IN_PSBL # tflags net RCVD_IN_RP_CERTIFIED # tflags net RCVD_IN_RP_RNBL # tflags net RCVD_IN_RP_SAFE # tflags net RCVD_IN_SBL # tflags net RCVD_IN_SORBS_BLOCK # tflags net RCVD_IN_SORBS_DUL # tflags net RCVD_IN_SORBS_HTTP # tflags net RCVD_IN_SORBS_MISC # tflags net RCVD_IN_SORBS_SMTP # tflags net RCVD_IN_SORBS_SOCKS # tflags net RCVD_IN_SORBS_WEB # tflags net RCVD_IN_SORBS_ZOMBIE # tflags net RCVD_IN_XBL # good enough RDNS_LOCALHOST # tflags net RFC_ABUSE_POST # good enough RISK_FREE # good enough S25R_4 # good enough S25R_6 # good enough SINGLE_HEADER_2K # good enough SPAMMY_MIME_BDRY_01 # tflags net SPF_FAIL # tflags net SPF_HELO_FAIL # tflags net SPF_HELO_NEUTRAL # tflags userconf SPF_HELO_PASS # tflags net SPF_HELO_SOFTFAIL # tflags net SPF_NEUTRAL # tflags userconf SPF_PASS # tflags net SPF_SOFTFAIL # good enough STOCK_IMG_CTYPE # good enough STOCK_IMG_HDR_FROM # good enough STOCK_IMG_OUTLOOK # good enough STOX_REPLY_TYPE_WITHOUT_QUOTES # tflags userconf SUBJECT_IN_BLACKLIST # tflags userconf SUBJECT_IN_WHITELIST # good enough SUBJECT_NEEDS_ENCODING # good enough TAB_IN_FROM # good enough TINY_FLOAT # tflags publish TO_EQ_FM_DIRECT_MX # good enough TO_EQ_FM_DOM_HTML_IMG # good enough TO_EQ_FM_DOM_HTML_ONLY # tflags net TO_EQ_FM_DOM_SPF_FAIL # tflags publish TO_EQ_FM_HTML_DIRECT # tflags publish TO_EQ_FM_HTML_ONLY # tflags net TO_EQ_FM_SPF_FAIL # good enough TO_IN_SUBJ # tflags publish TO_NO_BRKTS_DIRECT # tflags publish TO_NO_BRKTS_DYNIP # good enough TO_NO_BRKTS_FROM_MSSP # good enough TO_NO_BRKTS_NORDNS_HTML # good enough TO_NO_BRKTS_NOTLIST # good enough TO_NO_BRKTS_PCNT # good enough TO_ONE_CHAR # good enough TVD_FINGER_02 # good enough TVD_PCT_OFF # good enough TVD_QUAL_MEDS # good enough OBFU_JPG_ATTACH # tflags userconf UNPARSEABLE_RELAY # tflags net URIBL_AB_SURBL # tflags net URIBL_BLACK # tflags net URIBL_DBL_ERROR # tflags net URIBL_DBL_SPAM # tflags net URIBL_GREY # tflags net URIBL_JP_SURBL # tflags net URIBL_OB_SURBL # tflags net URIBL_PH_SURBL # tflags net URIBL_RED # tflags net URIBL_RHS_DOB # tflags net URIBL_SBL # tflags net URIBL_SC_SURBL # tflags net URIBL_WS_SURBL # tflags userconf URI_NOVOWEL # tflags userconf USER_IN_ALL_SPAM_TO # tflags userconf USER_IN_BLACKLIST # tflags userconf USER_IN_BLACKLIST_TO # tflags net USER_IN_DEF_DKIM_WL # tflags userconf USER_IN_DEF_SPF_WL # tflags userconf USER_IN_DEF_WHITELIST # tflags net USER_IN_DKIM_WHITELIST # tflags userconf USER_IN_MORE_SPAM_TO # tflags userconf USER_IN_SPF_WHITELIST # tflags userconf USER_IN_WHITELIST # tflags userconf USER_IN_WHITELIST_TO # good enough XMAILER_MIMEOLE_OL_1ECD5 # good enough X_MAILER_CME_6543_MSN # good enough YOUR_PERMISSION # tflags net __DKIMDOMAIN_IN_DWL_ANY # tflags net __DNS_FROM_RFC_ABUSE # tflags net __DNS_FROM_RFC_POST # tflags net __DNS_FROM_RFC_WHOIS # tflags net __RCVD_IN_BRBL # tflags net __RCVD_IN_DNSWL # tflags net __RCVD_IN_IADB # tflags net __RCVD_IN_NJABL # tflags net __RCVD_IN_SORBS # tflags net __RCVD_IN_ZEN # tflags net __RESIGNER1 # tflags net __RESIGNER2 # tflags net __RFC_IGNORANT_ENVFROM # tflags net __SPF_FULL_PASS