# Using score set 0 logs for revision 1876149 from: # ham-axb-coi-bulk.r1876149.log ham-axb-generic.r1876149.log ham-axb-ham-misc.r1876149.log ham-darxus.r1876149.log ham-ena-week0.r1876149.log ham-ena-week1.r1876149.log ham-ena-week2.r1876149.log ham-ena-week3.r1876149.log ham-ena-week4.r1876149.log ham-giovanni-ham.r1876149.log ham-giovanni-spammy.r1876149.log ham-giovanni-spam.r1876149.log ham-grenier.r1876149.log ham-hege.r1876149.log ham-jarif.r1876149.log ham-jbrooks.r1876149.log ham-llanga.r1876149.log ham-mmiroslaw-mails-ham.r1876149.log ham-mmiroslaw-mails-spam.r1876149.log ham-npiazzi.r1876149.log ham-pds.r1876149.log ham-sihde.r1876149.log ham-spamsponge.r1876149.log ham-thendrikx.r1876149.log spam-axb-coi-bulk.r1876149.log spam-axb-generic.r1876149.log spam-axb-ham-misc.r1876149.log spam-darxus.r1876149.log spam-ena-week0.r1876149.log spam-ena-week1.r1876149.log spam-ena-week2.r1876149.log spam-ena-week3.r1876149.log spam-ena-week4.r1876149.log spam-giovanni-ham.r1876149.log spam-giovanni-spammy.r1876149.log spam-giovanni-spam.r1876149.log spam-grenier.r1876149.log spam-hege.r1876149.log spam-jarif.r1876149.log spam-jbrooks.r1876149.log spam-llanga.r1876149.log spam-mmiroslaw-mails-ham.r1876149.log spam-mmiroslaw-mails-spam.r1876149.log spam-npiazzi.r1876149.log spam-pds.r1876149.log spam-sihde.r1876149.log spam-spamsponge.r1876149.log spam-thendrikx.r1876149.log score AC_DIV_BONANZA 0.001 score AC_FROM_MANY_DOTS 2.999 score ADMITS_SPAM 2.803 score ADVANCE_FEE_2_NEW_MONEY 1.999 score ADVANCE_FEE_3_NEW 2.599 score ADVANCE_FEE_3_NEW_MONEY 2.092 score ADVANCE_FEE_4_NEW 2.508 score ADVANCE_FEE_4_NEW_MONEY 2.899 score AD_PREFS 0.499 score AMAZON_IMG_NOT_RCVD_AMZN 1.796 score AXB_XMAILER_MIMEOLE_OL_024C2 2.602 score BITCOIN_EXTORT_01 2.173 score BITCOIN_PAY_ME 2.999 score BITCOIN_SPAM_01 0.479 score BITCOIN_SPAM_02 2.500 score BITCOIN_SPAM_03 2.500 score BITCOIN_SPAM_04 1.499 score BITCOIN_SPAM_06 1.499 score BITCOIN_SPAM_07 1.053 score BITCOIN_SPAM_09 0.027 score BODY_EMPTY 0.708 score BODY_SINGLE_URI 2.499 score BODY_SINGLE_WORD 0.001 score BODY_URI_ONLY 1.000 score BOGUS_MSM_HDRS 2.999 score CK_HELO_DYNAMIC_SPLIT_IP 1.499 score CK_HELO_GENERIC 0.250 score CTE_8BIT_MISMATCH 0.999 score DATE_DOTS 0.001 # force non-zero score DX_TEXT_03 0.699 score END_FUTURE_EMAILS 2.207 score FILL_THIS_FORM 0.001 score FORGED_RELAY_MUA_TO_MX 3.700 score FORM_FRAUD 1.000 score FORM_FRAUD_3 0.386 score FORM_FRAUD_5 1.156 score FOUND_YOU 3.249 score FREEMAIL_FORGED_FROMDOMAIN 0.250 score FROM_2_EMAILS_SHORT 0.257 score FROM_ADDR_WS 2.999 score FROM_MISSPACED 0.001 score FROM_MISSP_DYNIP 1.570 score FROM_MISSP_EH_MATCH 1.501 score FROM_MISSP_FREEMAIL 0.290 score FROM_MISSP_MSFT 0.001 score FROM_MISSP_REPLYTO 2.499 score FROM_MISSP_USER 0.001 # force non-zero score FROM_MISSP_XPRIO 0.001 score FROM_NAME_EQ_TO_G_DRIVE 0.001 score FROM_NTLD_REPLY_FREEMAIL 1.435 score FROM_SUSPICIOUS_NTLD 0.499 score FROM_SUSPICIOUS_NTLD_FP 1.999 score FSL_CTYPE_WIN1251 0.001 score FSL_HELO_FAKE 2.799 score FSL_NEW_HELO_USER 0.001 score FUZZY_BITCOIN 2.296 score FUZZY_BROWSER 2.710 score FUZZY_IMPORTANT 3.014 score FUZZY_SECURITY 0.001 score FUZZY_WALLET 0.001 score GB_BITCOIN_CP 2.999 score GB_BITCOIN_NH 2.327 score GB_FREEMAIL_DISPTO 0.499 score GB_GOOGLE_OBFUR 0.537 score GB_GOOGLE_OBFUS 0.749 score GB_GOOG_IMG_NOT_RCVD_GOOG 2.499 score GB_MONERO_CP 1.999 score GOOG_REDIR_NORDNS 2.277 score HDRS_LCASE 0.100 score HDRS_LCASE_IMGONLY 0.100 score HDR_ORDER_FTSDMCXX_DIRECT 1.999 score HDR_ORDER_FTSDMCXX_NORDNS 2.600 score HEADER_FROM_DIFFERENT_DOMAINS 0.249 score HELO_MISC_IP 0.249 score HELO_NO_DOMAIN 0.001 # force non-zero score HEXHASH_WORD 2.599 score HK_GOLDDUST 2.999 score HK_NAME_FROM 0.999 score HK_NAME_MR_MRS 0.999 score HK_RANDOM_FROM 0.999 score HK_RANDOM_REPLYTO 0.999 score HK_RCVD_IP_MULTICAST 0.333 score HK_SCAM 1.289 score HOSTED_IMG_DIRECT_MX 3.242 score HOSTED_IMG_FREEM 2.695 score HTML_OFF_PAGE 0.102 score HTML_SINGLET_MANY 0.001 score HTML_TEXT_INVISIBLE_STYLE 0.001 score IMG_ONLY_FM_DOM_INFO 2.316 score KB_FORGED_MOZ4 4.499 score KHOP_FAKE_EBAY 0.001 score KHOP_HELO_FCRDNS 0.400 score LIST_PRTL_SAME_USER 1.219 score LITECOIN_EXTORT_01 0.470 score LONG_HEX_URI 1.955 score LONG_IMG_URI 1.404 score LOTS_OF_MONEY 0.010 score MALFORMED_FREEMAIL 2.200 score MALF_HTML_B64 3.499 score MALWARE_NORDNS 1.608 score MALWARE_PASSWORD 2.618 score MANY_SPAN_IN_TEXT 2.899 score MAY_BE_FORGED 1.700 score MILLION_HUNDRED 0.001 score MIMEOLE_DIRECT_TO_MX 1.999 score MIXED_ES 2.699 score MONERO_EXTORT_01 1.929 score MONEY_FORM_SHORT 0.488 score MONEY_FRAUD_3 2.295 score MONEY_FRAUD_5 0.893 score MONEY_FRAUD_8 1.398 score MONEY_FROM_MISSP 1.999 score MSM_PRIO_REPTO 2.499 score NORDNS_LOW_CONTRAST 1.886 score NO_FM_NAME_IP_HOSTN 2.499 score NSL_RCVD_FROM_USER 0.001 score NSL_RCVD_HELO_USER 2.413 score NUMBERONLY_BITCOIN_EXP 0.161 score OBFU_BITCOIN 0.001 score OFFER_ONLY_AMERICA 1.368 score PDS_BTC_ID 0.500 score PDS_BTC_MSGID 0.999 score PDS_DBL_URL_TNB_RUNON 1.999 score PDS_EMPTYSUBJ_URISHRT 1.500 score PDS_FREEMAIL_REPLYTO_URISHRT 1.500 score PDS_FRNOM_TODOM_NAKED_TO 1.499 score PDS_FROM_2_EMAILS 1.499 score PDS_FROM_NAME_TO_DOMAIN 0.999 score PDS_HP_HELO_NORDNS 0.001 # force non-zero score PDS_NAKED_TO_NUMERO 1.999 score PDS_OTHER_BAD_TLD 1.999 score PDS_SHORTFWD_URISHRT 1.499 score PDS_SHORT_BOGUS_MSM_HDRS 1.999 score PDS_TINYSUBJ_URISHRT 1.499 score PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE 1.999 score PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE 1.701 score PDS_TONAME_EQ_TOLOCAL_SHORT 1.999 score PDS_TONAME_EQ_TOLOCAL_VSHORT 1.000 score PP_MIME_FAKE_ASCII_TEXT 0.999 score RATWARE_NO_RDNS 0.001 score RDNS_NUM_TLD_ATCHNX 2.905 score RDNS_NUM_TLD_XM 2.999 score RISK_FREE 3.599 score SCRIPT_GIBBERISH 1.904 score SERGIO_SUBJECT_PORN014 2.196 score SERGIO_SUBJECT_VIAGRA01 3.121 score SHOPIFY_IMG_NOT_RCVD_SFY 2.499 score SHORT_IMG_SUSP_NTLD 0.717 score SHORT_SHORTNER 1.999 score SINGLETS_LOW_CONTRAST 0.001 score SPOOFED_FREEMAIL_NO_RDNS 1.499 score STATIC_XPRIO_OLE 1.999 score STOCK_LOW_CONTRAST 2.499 score SUBJ_OBFU_PUNCT_FEW 0.749 score SUBJ_OBFU_PUNCT_MANY 1.451 score TEQF_USR_IMAGE 1.088 score THIS_AD 1.499 score THIS_IS_ADV_SUSP_NTLD 1.016 score TONOM_EQ_TOLOC_SHRT_SHRTNER 1.500 score TO_EQ_FM_DIRECT_MX 1.294 score TO_EQ_FM_DOM_HTML_IMG 0.001 # force non-zero score TO_EQ_FM_DOM_HTML_ONLY 0.352 score TO_EQ_FM_HTML_ONLY 0.001 score TO_IN_SUBJ 0.100 score TO_NAME_SUBJ_NO_RDNS 2.596 score TO_NO_BRKTS_FROM_MSSP 2.499 score TO_NO_BRKTS_HTML_IMG 1.400 score TO_NO_BRKTS_HTML_ONLY 1.999 score TO_NO_BRKTS_MSFT 2.499 score TO_NO_BRKTS_NORDNS_HTML 0.301 score TVD_SPACE_ENCODED 0.001 score TVD_SPACE_RATIO_MINFP 2.500 score UNICODE_OBFU_ASC 2.500 score UNICODE_OBFU_ZW 3.499 score UPGRADE_MAILBOX 1.399 score URI_BUFFLY 1.999 score URI_GOOGLE_PROXY 2.599 score URI_IMG_WP_REDIR 2.999 score URI_ONLY_MSGID_MALF 1.999 score URI_PHISH 2.251 score URI_PHP_REDIR 3.499 score URI_TRY_3LD 1.928 score URI_WP_DIRINDEX 3.499 score URI_WP_HACKED 3.499 score URI_WP_HACKED_2 2.500 score XPRIO 2.249 score XPRIO_SHORT_SUBJ 2.500 score XPRIO_URL_SHORTNER 0.136 score ZW_OBFU_BITCOIN 2.499 score AC_BR_BONANZA 0.001 score AC_HTML_NONSENSE_TAGS 1.000 score AC_SPAMMY_URI_PATTERNS1 1.000 score AC_SPAMMY_URI_PATTERNS10 1.000 score AC_SPAMMY_URI_PATTERNS11 1.000 score AC_SPAMMY_URI_PATTERNS12 1.000 score AC_SPAMMY_URI_PATTERNS2 1.000 score AC_SPAMMY_URI_PATTERNS3 1.000 score AC_SPAMMY_URI_PATTERNS4 1.000 score AC_SPAMMY_URI_PATTERNS8 1.000 score AC_SPAMMY_URI_PATTERNS9 1.000 score ADVANCE_FEE_2_NEW_FORM 1.000 score ALIBABA_IMG_NOT_RCVD_ALI 1.000 score APP_DEVELOPMENT_FREEM 1.000 score APP_DEVELOPMENT_NORDNS 1.000 score BITCOIN_BOMB 1.000 score BITCOIN_DEADLINE 1.000 score BITCOIN_EXTORT_02 1.000 score BITCOIN_MALWARE 1.000 score BITCOIN_SPAM_08 1.000 score BITCOIN_SPAM_10 1.000 score BITCOIN_SPAM_11 1.000 score BITCOIN_SPAM_12 1.000 score BITCOIN_YOUR_INFO 1.000 score BOGUS_MIME_VERSION 1.000 score BOMB_FREEM 1.000 score BOMB_MONEY 1.000 score BTC_ORG 1.000 score BULK_RE_SUSP_NTLD 1.000 score CANT_SEE_AD 1.000 score COMMENT_GIBBERISH 1.000 score COMPENSATION 1.000 score DAY_I_EARNED 1.000 score EBAY_IMG_NOT_RCVD_EBAY 1.000 score ENCRYPTED_MESSAGE -1.000 score FBI_MONEY 1.000 score FBI_SPOOF 1.000 score FORM_LOW_CONTRAST 1.000 score FREEM_FRNUM_UNICD_EMPTY 1.000 score FRNAME_IN_MSG_XPRIO_NO_SUB 1.000 score FROM_NTLD_LINKBAIT 1.000 score FROM_WORDY 1.000 score FROM_WORDY_SHORT 1.000 score GAPPY_SALES_LEADS_FREEM 1.000 score GB_FORGED_MUA_POSTFIX 1.000 score GB_FREEMAIL_DISPTO_NOTFREEM 0.500 score GB_LINKED_IMG_NOT_RCVD_LINK 1.000 score GOOGLE_DOCS_PHISH 1.000 score GOOGLE_DOCS_PHISH_MANY 1.000 score GOOGLE_DRIVE_REPLY_BAD_NTLD 1.000 score GOOG_MALWARE_DNLD 1.000 score HDRS_MISSP 1.000 score HK_CTE_RAW 1.000 score HOSTED_IMG_DQ_UNSUB 1.000 score HOSTED_IMG_MULTI 1.000 score HTML_ENTITY_ASCII 1.000 score HTML_ENTITY_ASCII_TINY 1.000 score HTML_SHRT_CMNT_OBFU_MANY 1.000 score HTML_TEXT_INVISIBLE_FONT 1.000 score LIST_PARTIAL_SHORT_MSG 1.000 score LIST_PRTL_PUMPDUMP 1.000 score LUCRATIVE 1.000 score MANY_HDRS_LCASE 0.100 score MIME_NO_TEXT 1.000 score MONEY_FROM_41 1.000 score NEWEGG_IMG_NOT_RCVD_NEGG 1.000 score PHOTO_EDITING_DIRECT 1.000 score PHP_NOVER_MUA 1.000 score PHP_ORIG_SCRIPT 1.000 score PHP_SCRIPT_MUA 1.000 score PP_TOO_MUCH_UNICODE02 0.500 score PP_TOO_MUCH_UNICODE05 1.000 score PUMPDUMP 1.000 score PUMPDUMP_MULTI 1.000 score RAND_HEADER_MANY 1.000 score SEO_SUSP_NTLD 1.000 score STOCK_TIP 1.000 score SYSADMIN 1.000 score TO_NO_BRKTS_PCNT 1.000 score TW_GIBBERISH_MANY 1.000 score UC_GIBBERISH_OBFU 1.000 score URI_DATA 1.000 score URI_HEX_IP 1.000 score URI_OPTOUT_3LD 1.000 score USB_DRIVES 1.000 score VPS_NO_NTLD 1.000 score WALMART_IMG_NOT_RCVD_WAL 1.000 # in active.list but have no hits in recent corpus score BITCOIN_SPAM_05 0.001 # force non-zero score BITCOIN_SPF_ONLYALL 0.001 # force non-zero score DKIMWL_BL 0.001 # force non-zero score DKIMWL_BLOCKED 0.001 # force non-zero score DKIMWL_WL_HIGH 0.001 # force non-zero score DKIMWL_WL_MED 0.001 # force non-zero score DKIMWL_WL_MEDHI 0.001 # force non-zero score FROM_BANK_NOAUTH 0.001 # force non-zero score FROM_FMBLA_NDBLOCKED 0.001 # force non-zero score FROM_FMBLA_NEWDOM 0.001 # force non-zero score FROM_FMBLA_NEWDOM14 0.001 # force non-zero score FROM_FMBLA_NEWDOM28 0.001 # force non-zero score FROM_GOV_DKIM_AU 0.001 # force non-zero score FROM_GOV_REPLYTO_FREEMAIL 0.001 # force non-zero score FROM_GOV_SPOOF 0.001 # force non-zero score FROM_MISSP_SPF_FAIL 0.001 # force non-zero score FROM_NEWDOM_BTC 0.001 # force non-zero score FROM_NUMBERO_NEWDOMAIN 0.001 # force non-zero score FROM_PAYPAL_SPOOF 0.001 # force non-zero score FSL_BULK_SIG 0.001 # force non-zero score PDS_HELO_SPF_FAIL 0.001 # force non-zero score RCVD_IN_MSPIKE_BL 0.001 # force non-zero score RCVD_IN_MSPIKE_H2 0.001 # force non-zero score RCVD_IN_MSPIKE_H3 0.001 # force non-zero score RCVD_IN_MSPIKE_H4 0.001 # force non-zero score RCVD_IN_MSPIKE_H5 0.001 # force non-zero score RCVD_IN_MSPIKE_L2 0.001 # force non-zero score RCVD_IN_MSPIKE_L3 0.001 # force non-zero score RCVD_IN_MSPIKE_L4 0.001 # force non-zero score RCVD_IN_MSPIKE_L5 0.001 # force non-zero score RCVD_IN_MSPIKE_WL 0.001 # force non-zero score RCVD_IN_MSPIKE_ZBI 0.001 # force non-zero score SPOOFED_FREEMAIL 0.001 # force non-zero score SPOOFED_FREEM_REPTO 0.001 # force non-zero score SPOOFED_FREEM_REPTO_CHN 0.001 # force non-zero score SPOOFED_FREEM_REPTO_RUS 0.001 # force non-zero score SURBL_BLOCKED 0.001 # force non-zero score TO_EQ_FM_DOM_SPF_FAIL 0.001 # force non-zero score TO_EQ_FM_SPF_FAIL 0.001 # force non-zero