# active ruleset list, automatically generated from http://ruleqa.spamassassin.org/ # with results from: day 1: axb-8mile axb-coi-bulk axb-generic axb-ham-misc bb-guenther_fraud bb-jhardin bb-jhardin_fraud bb-jm bb-kmcgrail bb-zmi bernie-fsf bernie-it_batt bpoliakoff grenier jarif kpg-core mas-cps mas-mas zmi; day 2: axb-8mile axb-coi-bulk axb-generic axb-ham-misc bb-guenther_fraud bb-jhardin bb-jhardin_fraud bb-jm bb-kmcgrail bb-zmi bernie-fsf bernie-it_batt bpoliakoff grenier jarif kpg-core llanga mas-cps mas-mas mmiroslaw-ham mmiroslaw-spam zmi; day 3: axb-8mile axb-coi-bulk axb-generic axb-ham-misc bb-guenther_fraud bb-jhardin bb-jhardin_fraud bb-jm bb-kmcgrail bb-zmi bernie-fsf bernie-it_batt bpoliakoff grenier jarif kpg-core llanga mas-cps mas-mas mmiroslaw-ham mmiroslaw-spam zmi # tflags publish AC_BR_BONANZA # tflags publish AC_DIV_BONANZA # tflags publish AC_HTML_NONSENSE_TAGS # tflags publish AC_SPAMMY_URI_PATTERNS1 # tflags publish AC_SPAMMY_URI_PATTERNS10 # tflags publish AC_SPAMMY_URI_PATTERNS11 # tflags publish AC_SPAMMY_URI_PATTERNS12 # tflags publish AC_SPAMMY_URI_PATTERNS2 # tflags publish AC_SPAMMY_URI_PATTERNS3 # tflags publish AC_SPAMMY_URI_PATTERNS4 # tflags publish AC_SPAMMY_URI_PATTERNS8 # tflags publish AC_SPAMMY_URI_PATTERNS9 # tflags publish ADVANCE_FEE_2_NEW_FORM # good enough ADVANCE_FEE_2_NEW_FRM_MNY # tflags publish ADVANCE_FEE_2_NEW_MONEY # tflags publish ADVANCE_FEE_3_NEW # tflags publish ADVANCE_FEE_3_NEW_FORM # good enough ADVANCE_FEE_3_NEW_FRM_MNY # tflags publish ADVANCE_FEE_3_NEW_MONEY # tflags publish ADVANCE_FEE_4_NEW # good enough ADVANCE_FEE_4_NEW_FORM # good enough ADVANCE_FEE_4_NEW_FRM_MNY # good enough ADVANCE_FEE_4_NEW_MONEY # good enough ADVANCE_FEE_5_NEW # good enough ADVANCE_FEE_5_NEW_FORM # good enough ADVANCE_FEE_5_NEW_FRM_MNY # good enough ADVANCE_FEE_5_NEW_MONEY # tflags userconf ALL_TRUSTED # good enough AXB_3LITTLE_PIGS # good enough AXB_ONMS_LEAKS # good enough AXB_XMAILER_MIMEOLE_OL_024C2 # good enough AXB_XMAILER_MIMEOLE_OL_1ECD5 # good enough AXB_X_FF_SEZ_S # good enough BANKING_LAWS # tflags learn BAYES_00 # tflags learn BAYES_05 # tflags learn BAYES_20 # tflags learn BAYES_40 # tflags learn BAYES_50 # tflags learn BAYES_60 # tflags learn BAYES_80 # tflags learn BAYES_95 # tflags learn BAYES_99 # tflags learn BAYES_999 # good enough BIGNUM_EMAILS # good enough BILLION_OVERLAP # good enough BODY_EMPTY # tflags userconf CHARSET_FARAWAY # tflags userconf CHARSET_FARAWAY_HEADER # good enough CK_HELO_DYNAMIC_SPLIT_IP # good enough CK_HELO_GENERIC # good enough CN_B2B_SPAMMER # good enough COMMENT_GIBBERISH # good enough COMPENSATION # tflags publish CORRUPT_FROM_LINE_IN_HDRS # good enough DATE_DOTS # good enough DATE_IN_FUTURE_96_Q # good enough DATE_IN_FUTURE_Q_PLUS # good enough DEAR_BENEFICIARY # good enough DEAR_WINNER # tflags net DIGEST_MULTIPLE # tflags net DKIMDOMAIN_IN_DWL # tflags net DKIMDOMAIN_IN_DWL_UNKNOWN # tflags net DKIM_ADSP_ALL # tflags net DKIM_ADSP_CUSTOM_HIGH # tflags net DKIM_ADSP_CUSTOM_LOW # tflags net DKIM_ADSP_CUSTOM_MED # tflags net DKIM_ADSP_DISCARD # tflags net DKIM_ADSP_NXDOMAIN # tflags net DKIM_SIGNED # tflags net DKIM_VALID # tflags net DKIM_VALID_AU # tflags net DNS_FROM_AHBL_RHSBL # tflags publish DOS_ANAL_SPAM_MAILER # good enough DOS_OE_TO_MX # good enough DOS_OE_TO_MX_IMAGE # good enough DYN_RDNS_AND_INLINE_IMAGE # good enough DYN_RDNS_SHORT_HELO_HTML # good enough DYN_RDNS_SHORT_HELO_IMAGE # tflags publish EMAIL_URI_PHISH # tflags userconf ENV_AND_HDR_SPF_MATCH # good enough FBI_MONEY # good enough FBI_SPOOF # good enough FB_EARN_UP_TO # good enough FH_FAKE_RCVD_LINE # good enough FH_FAKE_RCVD_LINE_B # good enough FH_HELO_ALMOST_IP # good enough FH_HELO_EQ_610HEX # good enough FH_HELO_EQ_CHARTER # good enough FH_HOST_EQ_DYNAMICIP # tflags publish FILL_THIS_FORM # good enough FILL_THIS_FORM_FRAUD_PHISH # good enough FILL_THIS_FORM_LOAN # good enough FILL_THIS_FORM_LONG # good enough FM_LOTTO_MONEY # good enough FM_LOTTO_YOU_WON # tflags publish FORM_FRAUD_3 # tflags publish FORM_FRAUD_5 # tflags userconf FRAGMENTED_MESSAGE # good enough FROM_12LTRDOM # tflags userconf FROM_DOMAIN_NOVOWEL # tflags publish FROM_IN_TO_AND_SUBJ # tflags userconf FROM_LOCAL_NOVOWEL # good enough FROM_MISSPACED # good enough FROM_MISSP_DYNIP # good enough FROM_MISSP_EH_MATCH # good enough FROM_MISSP_FREEMAIL # good enough FROM_MISSP_MSFT # good enough FROM_MISSP_PHISH # good enough FROM_MISSP_REPLYTO # tflags net FROM_MISSP_SPF_FAIL # good enough FROM_MISSP_TO_UNDISC # good enough FROM_MISSP_USER # good enough FROM_WSP_LEAD # good enough FR_ALMOST_VIAG2 # good enough FSL_CTYPE_WIN1251 # good enough FSL_HELO_BARE_IP_1 # good enough FSL_HELO_BARE_IP_2 # good enough FSL_HELO_DEVICE # good enough FSL_HELO_FIREWALL # good enough FSL_HELO_NON_FQDN_1 # good enough FSL_MID_419 # good enough FSL_MISSP_REPLYTO # good enough FSL_NEW_HELO_USER # tflags publish GOOGLE_DOCS_PHISH # tflags publish GOOGLE_DOCS_PHISH_MANY # tflags userconf GTUBE # tflags userconf HASHCASH_20 # tflags userconf HASHCASH_21 # tflags userconf HASHCASH_22 # tflags userconf HASHCASH_23 # tflags userconf HASHCASH_24 # tflags userconf HASHCASH_25 # tflags userconf HASHCASH_2SPEND # tflags userconf HASHCASH_HIGH # tflags userconf HEAD_LONG # good enough HELO_MISC_IP # good enough HELO_NO_DOMAIN # good enough HEXHASH_WORD # good enough HK_LOTTO # good enough HK_NAME_FM_MR_MRS # good enough HK_NAME_FROM # good enough HK_NAME_MR_MRS # good enough HK_RANDOM_FROM # good enough HK_SCAM_N1 # good enough HK_SCAM_N13 # good enough HK_SCAM_N15 # good enough HK_SCAM_N2 # good enough HK_SCAM_N3 # tflags userconf HTML_CHARSET_FARAWAY # good enough KB_DATE_CONTAINS_TAB # good enough KB_FAKED_THE_BAT # good enough KHOP_BIG_TO_CC # tflags publish LOTS_OF_MONEY # good enough LOTTERY_PH_004470 # good enough LOTTO_AGENT # good enough LOTTO_AGENT_RPLY # good enough LOTTO_DEPT # tflags publish MANY_SPAN_IN_TEXT # tflags userconf MIME_CHARSET_FARAWAY # tflags userconf MISSING_HB_SEP # good enough MONEY_12LTRDOM # good enough MONEY_ATM_CARD # good enough MONEY_FORM # good enough MONEY_FORM_SHORT # tflags publish MONEY_FRAUD_3 # tflags publish MONEY_FRAUD_5 # good enough MONEY_FROM_41 # good enough MONEY_FROM_MISSP # good enough MSGID_NOFQDN1 # good enough MSOE_MID_WRONG_CASE # tflags net NO_DNS_FOR_FROM # tflags userconf NO_RECEIVED # tflags userconf NO_RELAYS # good enough NSL_RCVD_FROM_USER # good enough NSL_RCVD_HELO_USER # good enough OBFU_ATTACH_MISSP # tflags publish OBFU_JVSCR_ESC # tflags publish OBFU_TEXT_ATTACH # good enough PHP_NOVER_MUA # tflags net PYZOR_CHECK # tflags net RAZOR2_CF_RANGE_51_100 # tflags net RAZOR2_CF_RANGE_E4_51_100 # tflags net RAZOR2_CF_RANGE_E8_51_100 # tflags net RAZOR2_CHECK # tflags net RCVD_IN_BL_SPAMCOP_NET # tflags net RCVD_IN_DNSWL_BLOCKED # tflags net RCVD_IN_DNSWL_HI # tflags net RCVD_IN_DNSWL_LOW # tflags net RCVD_IN_DNSWL_MED # tflags net RCVD_IN_DNSWL_NONE # tflags net RCVD_IN_IADB_DK # tflags net RCVD_IN_IADB_DOPTIN # tflags net RCVD_IN_IADB_DOPTIN_GT50 # tflags net RCVD_IN_IADB_DOPTIN_LT50 # tflags net RCVD_IN_IADB_EDDB # tflags net RCVD_IN_IADB_EPIA # tflags net RCVD_IN_IADB_GOODMAIL # tflags net RCVD_IN_IADB_LISTED # tflags net RCVD_IN_IADB_LOOSE # tflags net RCVD_IN_IADB_MI_CPEAR # tflags net RCVD_IN_IADB_MI_CPR_30 # tflags net RCVD_IN_IADB_MI_CPR_MAT # tflags net RCVD_IN_IADB_ML_DOPTIN # tflags net RCVD_IN_IADB_NOCONTROL # tflags net RCVD_IN_IADB_OOO # tflags net RCVD_IN_IADB_OPTIN # tflags net RCVD_IN_IADB_OPTIN_GT50 # tflags net RCVD_IN_IADB_OPTIN_LT50 # tflags net RCVD_IN_IADB_OPTOUTONLY # tflags net RCVD_IN_IADB_RDNS # tflags net RCVD_IN_IADB_SENDERID # tflags net RCVD_IN_IADB_SPF # tflags net RCVD_IN_IADB_UNVERIFIED_1 # tflags net RCVD_IN_IADB_UNVERIFIED_2 # tflags net RCVD_IN_IADB_UT_CPEAR # tflags net RCVD_IN_IADB_UT_CPR_30 # tflags net RCVD_IN_IADB_UT_CPR_MAT # tflags net RCVD_IN_IADB_VOUCHED # tflags net RCVD_IN_MAPS_DUL # tflags net RCVD_IN_MAPS_NML # tflags net RCVD_IN_MAPS_OPS # tflags net RCVD_IN_MAPS_RBL # tflags net RCVD_IN_MAPS_RSS # tflags net RCVD_IN_MSPIKE_BL # tflags net RCVD_IN_MSPIKE_H2 # tflags net RCVD_IN_MSPIKE_H3 # tflags net RCVD_IN_MSPIKE_H4 # tflags net RCVD_IN_MSPIKE_H5 # tflags net RCVD_IN_MSPIKE_L2 # tflags net RCVD_IN_MSPIKE_L3 # tflags net RCVD_IN_MSPIKE_L4 # tflags net RCVD_IN_MSPIKE_L5 # tflags net RCVD_IN_MSPIKE_WL # tflags net RCVD_IN_MSPIKE_ZBI # tflags net RCVD_IN_PBL # tflags net RCVD_IN_PSBL # tflags net RCVD_IN_RP_CERTIFIED # tflags net RCVD_IN_RP_RNBL # tflags net RCVD_IN_RP_SAFE # tflags net RCVD_IN_SBL # tflags net RCVD_IN_SORBS_BLOCK # tflags net RCVD_IN_SORBS_DUL # tflags net RCVD_IN_SORBS_HTTP # tflags net RCVD_IN_SORBS_MISC # tflags net RCVD_IN_SORBS_SMTP # tflags net RCVD_IN_SORBS_SOCKS # tflags net RCVD_IN_SORBS_WEB # tflags net RCVD_IN_SORBS_ZOMBIE # tflags net RCVD_IN_XBL # good enough REPLYTO_EMPTY # good enough REPLYTO_WITHOUT_TO_CC # good enough RISK_FREE # good enough RP_MATCHES_RCVD # good enough SHORT_HELO_AND_INLINE_IMAGE # tflags net SPF_FAIL # tflags net SPF_HELO_FAIL # tflags net SPF_HELO_NEUTRAL # tflags userconf SPF_HELO_PASS # tflags net SPF_HELO_SOFTFAIL # tflags net SPF_NEUTRAL # tflags userconf SPF_PASS # tflags net SPF_SOFTFAIL # good enough STOCK_IMG_CTYPE # tflags userconf SUBJECT_IN_BLACKLIST # tflags userconf SUBJECT_IN_WHITELIST # good enough SUBJ_BROKEN_WORD # good enough TAB_IN_FROM # tflags net TO_EQ_FM_DOM_SPF_FAIL # tflags net TO_EQ_FM_SPF_FAIL # good enough TO_IN_SUBJ # good enough TO_NO_BRKTS_FROM_MSSP # good enough TO_NO_BRKTS_HTML_ONLY # good enough TO_NO_BRKTS_MSFT # good enough TO_NO_BRKTS_NORDNS # good enough TT_MSGID_TRUNC # good enough TVD_FROM_1 # good enough TVD_PH_BODY_META # good enough TVD_RCVD_IP # good enough TVD_SUBJ_NUM_OBFU_MINFP # good enough DSN_NO_MIMEVERSION # good enough LOTTO_URI # good enough STYLE_GIBBERISH # good enough TO_NO_BRKTS_HTML_IMG # tflags userconf UNPARSEABLE_RELAY # tflags net URIBL_AB_SURBL # tflags net URIBL_BLACK # tflags net URIBL_BLOCKED # tflags net URIBL_DBL_ERROR # tflags net URIBL_DBL_REDIR # tflags net URIBL_DBL_SPAM # tflags net URIBL_GREY # tflags net URIBL_JP_SURBL # tflags net URIBL_MW_SURBL # tflags net URIBL_PH_SURBL # tflags net URIBL_RED # tflags net URIBL_RHS_DOB # tflags net URIBL_SBL # tflags net URIBL_SBL_A # tflags net URIBL_SC_SURBL # tflags net URIBL_WS_SURBL # tflags userconf URI_NOVOWEL # tflags userconf USER_IN_ALL_SPAM_TO # tflags userconf USER_IN_BLACKLIST # tflags userconf USER_IN_BLACKLIST_TO # tflags net USER_IN_DEF_DKIM_WL # tflags userconf USER_IN_DEF_SPF_WL # tflags userconf USER_IN_DEF_WHITELIST # tflags net USER_IN_DKIM_WHITELIST # tflags userconf USER_IN_MORE_SPAM_TO # tflags userconf USER_IN_SPF_WHITELIST # tflags userconf USER_IN_WHITELIST # tflags userconf USER_IN_WHITELIST_TO # tflags net __DKIMDOMAIN_IN_DWL_ANY # tflags net __FROM_MISSP_DKIM # tflags net __RCVD_IN_DNSWL # tflags net __RCVD_IN_IADB # tflags net __RCVD_IN_MSPIKE_B # tflags net __RCVD_IN_MSPIKE_L # tflags net __RCVD_IN_MSPIKE_LOW # tflags net __RCVD_IN_MSPIKE_Z # tflags net __RCVD_IN_SORBS # tflags net __RCVD_IN_ZEN # tflags net __RESIGNER1 # tflags net __RESIGNER2 # tflags net __SPF_FULL_PASS # tflags net __SPF_RANDOM_SENDER # tflags net __TO_EQ_FM_DOM_SPF_FAIL # tflags net __TO_EQ_FM_SPF_FAIL # tflags userconf __UNPARSEABLE_RELAY_COUNT