# Using score set 1 logs for revision 1898869 from: # ham-net-darxus.r1898869.log ham-net-ena-week0.r1898869.log ham-net-ena-week1.r1898869.log ham-net-ena-week2.r1898869.log ham-net-ena-week3.r1898869.log ham-net-ena-week4.r1898869.log ham-net-giovanni-ham.r1898869.log ham-net-giovanni-spammy.r1898869.log ham-net-giovanni-spam.r1898869.log ham-net-grenier.r1898869.log ham-net-hege.r1898869.log ham-net-jhardin.r1898869.log ham-net-llanga.r1898869.log ham-net-mmiroslaw-mails-ham.r1898869.log ham-net-mmiroslaw-mails-spam.r1898869.log ham-net-pds.r1898869.log ham-net-spamsponge.r1898869.log ham-net-thendrikx.r1898869.log spam-net-darxus.r1898869.log spam-net-ena-week0.r1898869.log spam-net-ena-week1.r1898869.log spam-net-ena-week2.r1898869.log spam-net-ena-week3.r1898869.log spam-net-ena-week4.r1898869.log spam-net-giovanni-ham.r1898869.log spam-net-giovanni-spammy.r1898869.log spam-net-giovanni-spam.r1898869.log spam-net-grenier.r1898869.log spam-net-hege.r1898869.log spam-net-jhardin.r1898869.log spam-net-llanga.r1898869.log spam-net-mmiroslaw-mails-ham.r1898869.log spam-net-mmiroslaw-mails-spam.r1898869.log spam-net-pds.r1898869.log spam-net-spamsponge.r1898869.log spam-net-thendrikx.r1898869.log score ACCT_PHISHING_MANY 2.996 score AC_BR_BONANZA 0.001 score AC_DIV_BONANZA 0.001 score AC_FROM_MANY_DOTS 2.996 score AC_HTML_NONSENSE_TAGS 1.997 score ADMITS_SPAM 3.196 score ADVANCE_FEE_2_NEW_FORM 1.997 score ADVANCE_FEE_2_NEW_FRM_MNY 1.097 score ADVANCE_FEE_2_NEW_MONEY 1.997 score ADVANCE_FEE_3_NEW 3.496 score ADVANCE_FEE_3_NEW_FRM_MNY 1.088 score ADVANCE_FEE_3_NEW_MONEY 2.799 score ADVANCE_FEE_4_NEW 2.297 score ADVANCE_FEE_4_NEW_FRM_MNY 1.107 score ADVANCE_FEE_4_NEW_MONEY 0.270 score ADVANCE_FEE_5_NEW 1.894 score ADVANCE_FEE_5_NEW_FRM_MNY 0.001 score ADVANCE_FEE_5_NEW_MONEY 1.648 score AD_PREFS 0.499 score ALIBABA_IMG_NOT_RCVD_ALI 2.497 score AMAZON_IMG_NOT_RCVD_AMZN 2.497 score APP_DEVELOPMENT_NORDNS 1.942 score AXB_XMAILER_MIMEOLE_OL_024C2 0.001 score AXB_XM_FORGED_OL2600 0.697 score BIGNUM_EMAILS_FREEM 2.161 score BIGNUM_EMAILS_MANY 2.996 score BITCOIN_DEADLINE 1.348 score BITCOIN_EXTORT_01 4.294 score BITCOIN_MALF_HTML 0.405 score BITCOIN_OBFU_SUBJ 1.549 score BITCOIN_SPAM_02 1.598 score BITCOIN_SPAM_04 0.835 score BITCOIN_SPAM_07 2.503 score BITCOIN_XPRIO 2.263 score BITCOIN_YOUR_INFO 2.911 score BODY_EMPTY 0.724 score BODY_URI_ONLY 0.001 score BOGUS_MIME_VERSION 3.262 score BOGUS_MSM_HDRS 0.141 score CK_HELO_GENERIC 0.001 score CONTENT_AFTER_HTML 2.497 score CONTENT_AFTER_HTML_WEAK 1.498 score CTE_8BIT_MISMATCH 0.001 score DEAR_BENEFICIARY 3.097 score DKIMWL_BL 2.996 score DKIMWL_WL_HIGH -1.498 score DKIMWL_WL_MED -0.001 score DKIMWL_WL_MEDHI -0.001 score END_FUTURE_EMAILS 1.062 score FAKE_REPLY_A1 2.164 score FAKE_REPLY_B 2.455 score FILL_THIS_FORM 0.001 score FONT_INVIS_DIRECT 0.001 score FONT_INVIS_HTML_NOHTML 2.996 score FONT_INVIS_LONG_LINE 1.099 score FONT_INVIS_MSGID 1.082 score FONT_INVIS_NORDNS 0.001 score FONT_INVIS_POSTEXTRAS 2.180 score FORGED_SPF_HELO 1.043 score FORM_FRAUD 0.537 score FORM_FRAUD_3 1.781 score FORM_FRAUD_5 2.209 score FOUND_YOU 2.129 score FREEMAIL_FORGED_FROMDOMAIN 0.248 score FROMSPACE 3.096 score FROM_2_EMAILS_SHORT 0.481 score FROM_ADDR_WS 2.997 score FROM_BANK_NOAUTH 0.999 score FROM_FMBLA_NEWDOM 1.499 score FROM_FMBLA_NEWDOM14 0.998 score FROM_FMBLA_NEWDOM28 0.798 score FROM_GOV_DKIM_AU -0.001 score FROM_IN_TO_AND_SUBJ 2.102 score FROM_MISSPACED 1.997 score FROM_MISSP_DYNIP 2.197 score FROM_MISSP_EH_MATCH 1.997 score FROM_MISSP_FREEMAIL 0.001 score FROM_MISSP_MSFT 0.001 score FROM_MISSP_PHISH 1.123 score FROM_MISSP_SPF_FAIL 0.001 score FROM_MISSP_TO_UNDISC 2.397 score FROM_MISSP_USER 0.001 score FROM_MULTI_NORDNS 0.994 score FROM_NTLD_LINKBAIT 1.166 score FROM_PAYPAL_SPOOF 0.001 score FROM_SUSPICIOUS_NTLD 0.498 score FROM_SUSPICIOUS_NTLD_FP 0.863 score FROM_UNBAL1 2.197 score FROM_WSP_TRAIL 2.397 score FSL_BULK_SIG 1.164 score FSL_CTYPE_WIN1251 0.078 score FSL_NEW_HELO_USER 0.001 score FUZZY_AMAZON 2.143 score FUZZY_CLICK_HERE 2.397 score FUZZY_WALLET 3.196 score GAPPY_LOW_CONTRAST 2.497 score GB_FAKE_RF_SHORT 0.280 score GB_FREEMAIL_DISPTO 0.498 score GB_FREEMAIL_DISPTO_NOTFREEM 0.499 score GOOG_MALWARE_DNLD 3.876 score GOOG_REDIR_HTML_ONLY 1.998 score GOOG_REDIR_NORDNS 3.099 score GOOG_REDIR_SHORT 2.197 score GOOG_STO_EMAIL_PHISH 1.430 score GOOG_STO_HTML_PHISH 2.033 score GOOG_STO_HTML_PHISH_MANY 2.312 score GOOG_STO_IMG_HTML 2.435 score GOOG_STO_IMG_NOHTML 1.606 score GOOG_STO_NOIMG_HTML 2.996 score HAS_X_NO_RELAY 2.497 score HAS_X_OUTGOING_SPAM_STAT 0.730 score HDRS_MISSP 1.707 score HDR_ORDER_FTSDMCXX_DIRECT 1.999 score HDR_ORDER_FTSDMCXX_NORDNS 1.290 score HEADER_FROM_DIFFERENT_DOMAINS 0.249 score HELO_NO_DOMAIN 0.001 score HK_LOTTO 0.205 score HK_NAME_FROM 0.468 score HK_NAME_MR_MRS 0.001 score HK_RANDOM_ENVFROM 0.998 score HK_RANDOM_FROM 0.998 score HK_RANDOM_REPLYTO 0.999 score HK_SCAM 0.001 score HK_WIN 0.998 score HOSTED_IMG_DIRECT_MX 1.850 score HOSTED_IMG_FREEM 3.496 score HOSTED_IMG_MULTI_PUB_01 2.730 score HTML_ENTITY_ASCII 0.923 score HTML_ENTITY_ASCII_TINY 2.996 score HTML_FONT_TINY_NORDNS 0.977 score HTML_OFF_PAGE 2.996 score HTML_SINGLET_MANY 0.001 score HTML_TAG_BALANCE_CENTER 2.395 score HTML_TEXT_INVISIBLE_FONT 1.466 score HTML_TEXT_INVISIBLE_STYLE 3.090 score IMG_ONLY_FM_DOM_INFO 0.479 score JH_SPAMMY_HEADERS 3.496 score KHOP_HELO_FCRDNS 0.272 score LONGLN_LOW_CONTRAST 2.497 score LONG_HEX_URI 0.001 score LONG_IMG_URI 1.819 score LONG_INVISIBLE_TEXT 0.860 score LOTS_OF_MONEY 0.010 score LOTTO_AGENT 0.862 score LOTTO_DEPT 0.001 score MALWARE_NORDNS 2.319 score MALW_ATTACH 2.197 score MANY_SPAN_IN_TEXT 2.198 score MILLION_HUNDRED 0.167 score MIMEOLE_DIRECT_TO_MX 1.999 score MIXED_AREA_CASE 0.241 score MIXED_CENTER_CASE 2.497 score MIXED_CTYPE_CASE 1.032 score MIXED_ES 0.798 score MIXED_FONT_CASE 1.894 score MIXED_HREF_CASE 0.001 score MIXED_IMG_CASE 1.084 score MONEY_ATM_CARD 0.001 score MONEY_BARRISTER 0.001 score MONEY_FORM 0.001 score MONEY_FORM_SHORT 0.092 score MONEY_FRAUD_3 0.001 score MONEY_FRAUD_5 2.996 score MONEY_FRAUD_8 0.001 score MONEY_FREEMAIL_REPTO 0.001 score MONEY_FROM_41 1.997 score MONEY_FROM_MISSP 1.997 score MSMAIL_PRI_ABNORMAL 0.139 score NAME_EMAIL_DIFF 2.674 score NA_DOLLARS 0.001 score NICE_REPLY_A -0.001 score NORDNS_LOW_CONTRAST 0.629 score NO_FM_NAME_IP_HOSTN 0.001 score NSL_RCVD_FROM_USER 0.001 score NSL_RCVD_HELO_USER 1.636 score NUMBEREND_LINKBAIT 0.184 score OBFU_JVSCR_ESC 2.197 score OBFU_TEXT_ATTACH 1.597 score ODD_FREEM_REPTO 2.638 score PDS_BTC_ID 0.498 score PDS_BTC_MSGID 0.154 score PDS_DBL_URL_TNB_RUNON 1.613 score PDS_FRNOM_TODOM_DBL_URL 0.203 score PDS_FRNOM_TODOM_NAKED_TO 1.477 score PDS_FROM_2_EMAILS_SHRTNER 0.394 score PDS_FROM_NAME_TO_DOMAIN 1.146 score PDS_HP_HELO_NORDNS 0.999 score PDS_OTHER_BAD_TLD 1.997 score PDS_PHPEXP_BOT 1.498 score PDS_PHP_EVAL 1.272 score PDS_SHORTFWD_URISHRT_FP 0.635 score PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE 1.997 score PDS_TO_EQ_FROM_NAME 2.990 score PHISH_FBASEAPP 1.486 score PHP_ORIG_SCRIPT 2.497 score PHP_ORIG_SCRIPT_EVAL 2.999 score PHP_SCRIPT 2.186 score POSTCARD_06 2.297 score PP_MIME_FAKE_ASCII_TEXT 0.999 score RAND_HEADER_LIST_SPOOF 2.993 score RAND_HEADER_MANY 0.884 score RAND_MKTG_HEADER 1.495 score RATWARE_NO_RDNS 2.996 score RCVD_IN_MSPIKE_H2 -0.001 score RDNS_NUM_TLD_XM 1.534 score REPLYTO_EMPTY 2.896 score REPTO_419_FRAUD_GM 2.866 score SCC_BODY_URI_ONLY 0.357 score SCC_ISEMM_LID_1 0.760 score SCRIPT_GIBBERISH 2.696 score SENDGRID_REDIR 0.001 score SERGIO_SUBJECT_PORN011 0.127 score SERGIO_SUBJECT_VIAGRA01 4.095 score SHOPIFY_IMG_NOT_RCVD_SFY 2.497 score SHORTENED_URL_SRC 1.960 score SHORTENER_SHORT_IMG 1.456 score SHORT_SHORTNER 1.997 score SPOOFED_FREEMAIL 1.198 score SPOOFED_FREEMAIL_NO_RDNS 0.001 score SPOOFED_FREEM_REPTO 2.497 score SPOOF_GMAIL_MID 1.245 score STATIC_XPRIO_OLE 0.001 score STOX_BOUND_090909_B 0.345 score SUBJ_ATTENTION 0.498 score THIS_AD 1.398 score TO_EQ_FM_DIRECT_MX 0.001 score TO_EQ_FM_DOM_HTML_IMG 2.497 score TO_EQ_FM_DOM_SPF_FAIL 0.001 score TO_EQ_FM_SPF_FAIL 0.001 score TO_IN_SUBJ 0.098 score TO_NAME_SUBJ_NO_RDNS 2.848 score TO_NO_BRKTS_FROM_MSSP 2.497 score TO_NO_BRKTS_HTML_IMG 1.498 score TO_NO_BRKTS_HTML_ONLY 1.997 score TO_NO_BRKTS_NORDNS_HTML 1.203 score TO_NO_BRKTS_PCNT 2.378 score TVD_PH_BODY_META 0.001 score TVD_RCVD_SPACE_BRACKET 1.209 score UNDISC_FREEM 3.696 score UNDISC_MONEY 2.612 score UNICODE_OBFU_ASC 2.497 score UNSUB_GOOG_FORM 2.497 score URI_AZURE_CLOUDAPP 2.326 score URI_FIREBASEAPP 2.996 score URI_GOOGLE_PROXY 2.696 score URI_GOOG_STO_SPAMMY 2.309 score URI_IN_URI_10 3.297 score URI_ONLY_MSGID_MALF 0.001 score URI_PHISH 3.624 score URI_PHP_REDIR 2.898 score URI_TRY_3LD 1.998 score URI_WPADMIN 1.997 score URI_WP_HACKED 3.496 score URI_WP_HACKED_2 1.152 score VFY_ACCT_NORDNS 2.897 score WORD_INVIS 0.514 score WORD_INVIS_MANY 2.996 score XFER_LOTSA_MONEY 0.998 score XM_LIGHT_HEAVY 2.497 score XM_RANDOM 2.160 score XM_RECPTID 2.997 score XPRIO 1.371 score YOU_INHERIT 0.769 score AC_POST_EXTRAS 1.000 score AC_SPAMMY_URI_PATTERNS1 1.000 score AC_SPAMMY_URI_PATTERNS10 1.000 score AC_SPAMMY_URI_PATTERNS11 1.000 score AC_SPAMMY_URI_PATTERNS12 1.000 score AC_SPAMMY_URI_PATTERNS2 1.000 score AC_SPAMMY_URI_PATTERNS3 1.000 score AC_SPAMMY_URI_PATTERNS4 1.000 score AC_SPAMMY_URI_PATTERNS8 1.000 score AC_SPAMMY_URI_PATTERNS9 1.000 score ADULT_DATING_COMPANY 10.001 # force non-zero score APP_DEVELOPMENT_FREEM 1.000 score BEBEE_IMG_NOT_RCVD_BB 1.000 score BITCOIN_BOMB 1.000 score BITCOIN_EXTORT_02 1.000 score BITCOIN_IMGUR 1.000 score BITCOIN_MALWARE 1.000 score BITCOIN_ONAN 1.000 score BITCOIN_PAY_ME 1.000 score BITCOIN_SPAM_01 1.000 score BITCOIN_SPAM_03 1.000 score BITCOIN_SPAM_05 1.000 score BITCOIN_SPAM_06 1.000 score BITCOIN_SPAM_08 1.000 score BITCOIN_SPAM_09 1.000 score BITCOIN_SPAM_10 1.000 score BITCOIN_SPAM_11 1.000 score BITCOIN_SPAM_12 1.000 score BITCOIN_SPF_ONLYALL 1.000 score BOMB_FREEM 1.000 score BOMB_MONEY 1.000 score BTC_ORG 1.000 score BULK_RE_SUSP_NTLD 1.000 score CANT_SEE_AD 1.000 score COMMENT_GIBBERISH 1.000 score DAY_I_EARNED 1.000 score DKIMWL_BLOCKED 0.001 score DOTGOV_IMAGE 1.000 score DYNAMIC_IMGUR 1.000 score EBAY_IMG_NOT_RCVD_EBAY 1.000 score ENCRYPTED_MESSAGE -1.000 score ENVFROM_GOOG_TRIX 1.000 score FACEBOOK_IMG_NOT_RCVD_FB 1.000 score FBI_MONEY 1.000 score FBI_SPOOF 1.000 score FONT_INVIS_DOTGOV 1.000 score FREEM_FRNUM_UNICD_EMPTY 1.000 score FRNAME_IN_MSG_XPRIO_NO_SUB 1.000 score FROM_FMBLA_NDBLOCKED 0.001 score FROM_GOV_REPLYTO_FREEMAIL 1.000 score FROM_GOV_SPOOF 1.000 score FROM_NEWDOM_BTC 1.000 score FROM_NTLD_REPLY_FREEMAIL 1.000 score FROM_NUMBERO_NEWDOMAIN 1.000 score FROM_NUMERIC_TLD 1.000 score GAPPY_SALES_LEADS_FREEM 1.000 score GB_BITCOIN_CP 1.000 score GB_FORGED_MUA_POSTFIX 1.000 score GB_GOOGLE_OBFUR 0.750 score GOOGLE_DOCS_PHISH 1.000 score GOOGLE_DOCS_PHISH_MANY 1.000 score GOOGLE_DOC_SUSP 1.000 score GOOGLE_DRIVE_REPLY_BAD_NTLD 1.000 score HDRS_LCASE_IMGONLY 0.100 score HEXHASH_WORD 1.000 score HK_CTE_RAW 1.000 score HK_RCVD_IP_MULTICAST 1.000 score HOSTED_IMG_DQ_UNSUB 1.000 score HOSTED_IMG_MULTI 1.000 score HTML_SHRT_CMNT_OBFU_MANY 1.000 score JH_SPAMMY_PATTERN01 1.000 score JH_SPAMMY_PATTERN02 1.000 score LINKEDIN_IMG_NOT_RCVD_LNKN 1.000 score LIST_PRTL_PUMPDUMP 1.000 score LIST_PRTL_SAME_USER 1.000 score LUCRATIVE 1.000 score MALF_HTML_B64 1.000 score MALWARE_PASSWORD 1.000 score MIME_NO_TEXT 1.000 score MONERO_DEADLINE 1.000 score MONERO_EXTORT_01 1.000 score MONERO_MALWARE 1.000 score MONERO_PAY_ME 1.000 score MSGID_DOLLARS_URI_IMG 1.000 score MSGID_HDR_MALF 1.000 score MSM_PRIO_REPTO 1.000 score NEWEGG_IMG_NOT_RCVD_NEGG 1.000 score NEW_PRODUCTS 1.000 score OBFU_BITCOIN 1.000 score PDS_HELO_SPF_FAIL 1.000 score PDS_PHP_RUNTIME_FUNC 1.000 score PHISH_AZURE_CLOUDAPP 3.500 score PHOTO_EDITING_DIRECT 1.000 score PHOTO_EDITING_FREEM 1.000 score PHP_NOVER_MUA 1.000 score PHP_SCRIPT_MUA 1.000 score PP_TOO_MUCH_UNICODE02 0.500 score PP_TOO_MUCH_UNICODE05 1.000 score PUMPDUMP 1.000 score PUMPDUMP_MULTI 1.000 score RCVD_DOTEDU_SHORT 1.000 score RCVD_DOTEDU_SUSP_URI 1.000 score RDNS_NUM_TLD_ATCHNX 1.000 score READY_TO_SHIP 1.000 score REPTO_419_FRAUD 1.000 score REPTO_419_FRAUD_AOL 1.000 score REPTO_419_FRAUD_AOL_LOOSE 1.000 score REPTO_419_FRAUD_CNS 1.000 score REPTO_419_FRAUD_GM_LOOSE 1.000 score REPTO_419_FRAUD_HM 1.000 score REPTO_419_FRAUD_OL 1.000 score REPTO_419_FRAUD_PM 1.000 score REPTO_419_FRAUD_QQ 1.000 score REPTO_419_FRAUD_YH 1.000 score REPTO_419_FRAUD_YH_LOOSE 1.000 score REPTO_419_FRAUD_YJ 1.000 score REPTO_419_FRAUD_YN 1.000 score SENDGRID_REDIR_PHISH 1.000 score SEO_SUSP_NTLD 1.000 score SHORT_IMG_SUSP_NTLD 1.000 score SPOOFED_FREEM_REPTO_CHN 1.000 score SPOOFED_FREEM_REPTO_RUS 1.000 score STOCK_TIP 1.000 score SUBJ_BRKN_WORDNUMS 1.000 score SUSPNTLD_EXPIRATION_EXTORT 1.000 score SYSADMIN 1.000 score TAGSTAT_IMG_NOT_RCVD_TGST 1.000 score TARINGANET_IMG_NOT_RCVD_TN 1.000 score THIS_IS_ADV_SUSP_NTLD 1.000 score TONLINE_FAKE_DKIM 1.000 score TUMBLR_IMG_NOT_RCVD_TUMB 1.000 score TW_GIBBERISH_MANY 1.000 score UC_GIBBERISH_OBFU 1.000 score UNICODE_OBFU_ZW 1.000 score URI_ADOBESPARK 1.000 score URI_DASHGOVEDU 1.000 score URI_DATA 1.000 score URI_DOTEDU 1.000 score URI_DOTEDU_ENTITY 1.000 score URI_HEX_IP 1.000 score URI_IMG_WP_REDIR 1.000 score URI_LONG_REPEAT 1.000 score URI_OPTOUT_3LD 1.000 score URI_TRY_USME 1.000 score URI_WP_DIRINDEX 1.000 score USB_DRIVES 1.000 score VPS_NO_NTLD 1.000 score WALMART_IMG_NOT_RCVD_WAL 1.000 score XM_DIGITS_ONLY 1.000 score XPRIO_SHORT_SUBJ 1.000