FutureQuest SpamAssassin Test & Scoring Chart

FutureQuest SpamAssassin Test & Scoring Chart

This is the current list of tests SpamAssassin performs on email with SpamAssassin Filtering enabled to determine if they're spam or not. (Version 3.2.4 Updated 2008-03-19)

You may also test specific X-Spam-Status headers via the SpamAssassin Status Decoder.

Test Name	Area Tested	Locale	Description Of Test	Score
ACT_NOW_CAPS	body	--	Talks about 'acting now' with capitals	`0.001`
ADVANCE_FEE_2	meta	--	Appears to be advance fee fraud (Nigerian 419)	`2.049`
ADVANCE_FEE_3	meta	--	Appears to be advance fee fraud (Nigerian 419)	`1.435`
ADVANCE_FEE_4	meta	--	Appears to be advance fee fraud (Nigerian 419)	`1.502`
ANY_BOUNCE_MESSAGE	meta	--	Message is some kind of bounce message	`0.100`
APOSTROPHE_FROM	header	--	From address contains an apostrophe	`0.001`
AWL	header	--	From: address is in the auto white-list	`1.000`
AXB_XMID_1212	header	--	Barbera Fingerprint	`3.899`
AXB_XMID_1510	header	--	Brunello Fingerprint	`4.295`
AXB_XMID_OEGOESNULL	header	--	Amarone Fingerprint	`4.216`
AXB_XR_STULDAP	header	--	Received =~ /$8\.12\.3 da nor stuldap\/8\.12\.3$/	`3.196`
AXB_XTIDX_CHAIN	header	--	Montepulciano Fingerprint	`1.000`
BAD_CREDIT	body	--	Eliminate Bad Credit	`0.325`
BAD_ENC_HEADER	header	--	Message has bad MIME encoding in the header	`2.870`
BANG_GUAR	body	--	Something is emphatically guaranteed	`1.237`
BANKING_LAWS	body	--	Talks about banking laws	`3.096`
BASE64_LENGTH_78_79	body	--	eval:check_base64_length('78','79')	`3.699`
BASE64_LENGTH_79_INF	body	--	eval:check_base64_length('79')	`2.763`
BILLION_DOLLARS	body	--	Talks about lots of money	`0.001`
BODY_8BITS	body	--	Body includes 8 consecutive 8-bit characters	`1.500`
BODY_ENHANCEMENT	body	--	Information on growing body parts	`1.608`
BODY_ENHANCEMENT2	body	--	Information on getting larger body parts	`0.714`
BOUNCE_MESSAGE	meta	--	MTA bounce message	`0.100`
CHARSET_FARAWAY	body	--	Character set indicates a foreign language	`3.200`
CHARSET_FARAWAY_HEADER	header	--	A foreign language charset used in headers	`3.200`
CORRUPT_FROM_LINE_IN_HDRS	meta	--	Informational: message is corrupt, with a From line in its headers	`0.001`
CRBOUNCE_MESSAGE	meta	--	Challenge-response bounce message	`0.100`
CTYPE_001C_A	meta	--	(0)	`2.319`
CUM_SHOT	body	--	Possible porn - Cum Shot	`2.796`
CURR_PRICE	body	--	/\bCurrent Price:/	`2.659`
DATE_IN_FUTURE_03_06	header	--	Date: is 3 to 6 hours after Received: date	`0.416`
DATE_IN_FUTURE_06_12	header	--	Date: is 6 to 12 hours after Received: date	`3.099`
DATE_IN_FUTURE_12_24	header	--	Date: is 12 to 24 hours after Received: date	`3.299`
DATE_IN_FUTURE_24_48	header	--	Date: is 24 to 48 hours after Received: date	`2.800`
DATE_IN_FUTURE_48_96	header	--	Date: is 48 to 96 hours after Received: date	`3.182`
DATE_IN_FUTURE_96_XX	header	--	Date: is 96 hours or more after Received: date	`3.899`
DATE_IN_PAST_03_06	header	--	Date: is 3 to 6 hours before Received: date	`1.394`
DATE_IN_PAST_06_12	header	--	Date: is 6 to 12 hours before Received: date	`1.854`
DATE_IN_PAST_12_24	header	--	Date: is 12 to 24 hours before Received: date	`1.770`
DATE_IN_PAST_24_48	header	--	Date: is 24 to 48 hours before Received: date	`1.627`
DATE_IN_PAST_96_XX	header	--	Date: is 96 hours or more before Received: date	`2.320`
DATE_SPAMWARE_Y2K	header	--	Date header uses unusual Y2K formatting	`1.031`
DCC_CHECK	full	--	Listed in DCC (http://rhyolite.com/anti-spam/dcc/)	`1.370`
DC_GIF_UNO_LARGO	meta	--	Message contains a single large inline gif	`3.787`
DC_IMAGE_SPAM_HTML	meta	--	Possible Image-only spam	`0.001`
DC_IMAGE_SPAM_TEXT	meta	--	Possible Image-only spam with little text	`0.001`
DC_PNG_UNO_LARGO	meta	--	Message contains a single large inline gif	`2.092`
DEAR_FRIEND	body	--	Dear Friend? That's not very dear!	`2.696`
DEAR_SOMETHING	body	--	Contains 'Dear (something)'	`2.234`
DEAR_WINNER	body	--	/\bdear.{1,20}winner/i	`3.196`
DIET_1	body	--	Lose Weight Spam	`0.336`
DIGEST_MULTIPLE	meta	--	Message hits more than one network digest check	`0.001`
DKIM_POLICY_SIGNALL	header	--	Domain Keys Identified Mail: policy says domain signs all mails	`0.001`
DKIM_POLICY_TESTING	header	--	Domain Keys Identified Mail: policy says domain is testing DK	`0.001`
DKIM_SIGNED	header	--	Domain Keys Identified Mail: message has a signature	`0.001`
DK_POLICY_SIGNALL	header	--	Domain Keys: policy says domain signs all mails	`0.001`
DK_POLICY_TESTING	header	--	Domain Keys: policy says domain is testing DK	`0.001`
DK_SIGNED	header	--	Domain Keys: message has a signature	`0.001`
DNS_FROM_AHBL_RHSBL	header	--	Envelope sender listed in dnsbl.ahbl.org	`2.025`
DNS_FROM_DOB	header	--	Sender from new domain (Day Old Bread)	`0.341`
DNS_FROM_OPENWHOIS	header	--	Envelope sender listed in bl.open-whois.org.	`2.431`
DNS_FROM_RFC_BOGUSMX	header	--	Envelope sender in bogusmx.rfc-ignorant.org	`2.125`
DNS_FROM_RFC_DSN	header	--	Envelope sender in dsn.rfc-ignorant.org	`2.527`
DOS_PROVISION4	body	--	Provision for income taxes	`1.000`
DOS_REPORT_FIN_INC	body	--	Report of financial income	`1.000`
DOS_STOCK_BAT	meta	--	Probable pump and dump stock spam	`3.383`
DOS_STOCK_CDYV_GENERIC	body	--	Pump and dump stock spam	`1.000`
DOS_STOCK_INCOME_STATEMENT	meta	--	Pump and dump stock income statement spam	`1.000`
DOS_YOUR_PLACE	meta	--	Russian dating spam	`2.596`
DRUGS_ANXIETY	meta	--	Refers to an anxiety control drug	`1.331`
DRUGS_ANXIETY_EREC	meta	--	Refers to both an erectile and an anxiety drug	`0.001`
DRUGS_ANXIETY_OBFU	meta	--	Obfuscated reference to an anxiety control drug	`0.001`
DRUGS_DIET	meta	--	Refers to a diet drug	`0.001`
DRUGS_ERECTILE	meta	--	Refers to an erectile drug	`0.646`
DRUGS_ERECTILE_OBFU	meta	--	Obfuscated reference to an erectile drug	`2.113`
DRUGS_HDIA	header	--	Subject =~ /\bhoodia\b/i	`2.501`
DRUGS_MANYKINDS	meta	--	Refers to at least four kinds of drugs	`0.001`
DRUGS_MUSCLE	meta	--	Refers to a muscle relaxant	`0.001`
DRUGS_SLEEP_EREC	meta	--	Refers to both an erectile and a sleep aid drug	`1.952`
DRUGS_STOCK_MIMEOLE	meta	--	Stock-spam forged headers found (5510)	`2.852`
DRUG_DOSAGE	body	--	Talks about price per dose	`0.128`
DRUG_ED_CAPS	body	--	Mentions an E.D. drug	`1.540`
DRUG_ED_GENERIC	body	--	Mentions Generic Viagra	`3.314`
DRUG_ED_SILD	body	--	Talks about an E.D. drug using its chemical name	`0.001`
DYN_RDNS_AND_INLINE_IMAGE	meta	--	Contains image, and was sent by dynamic rDNS	`0.001`
DYN_RDNS_SHORT_HELO_HTML	meta	--	Sent by dynamic rDNS, short HELO, and HTML	`0.287`
DYN_RDNS_SHORT_HELO_IMAGE	meta	--	Short HELO string, dynamic rDNS, inline image	`0.001`
EMAIL_ROT13	body	--	Body contains a ROT13-encoded email address	`1.680`
EMPTY_MESSAGE	meta	--	Message appears to have no textual parts and no Subject: text	`0.607`
EXCUSE_24	body	--	Claims you wanted this ad	`2.599`
EXCUSE_4	body	--	Claims you can be removed from the list	`1.934`
EXCUSE_REMOVE	body	--	Talks about how to be removed from mailings	`1.477`
EXTRA_MPART_TYPE	header	--	Header has extraneous Content-type:...type= entry	`1.000`
FAKE_HELO_EXCITE	header	--	Host HELO did not match rDNS: excite.com	`2.552`
FAKE_HELO_LYCOS	header	--	Host HELO did not match rDNS: lycos.com	`2.432`
FAKE_HELO_MAIL_COM	header	--	Host HELO did not match rDNS: mail.com	`0.220`
FAKE_HELO_MAIL_COM_DOM	header	--	Relay HELO'd with suspicious hostname (mail.com)	`3.196`
FAKE_OUTBLAZE_RCVD	header	--	Received header contains faked 'mr.outblaze.com'	`3.496`
FAKE_REPLY_C	meta	--	(__SUBJ_RE && __MISSING_REF && __NO_INR_YES_REF)	`2.197`
FB_ADD_INCHES	body	--	Add / Gain inches	`2.999`
FB_ALMOST_SEX	body	--	It's almost sex, but not!	`3.096`
FB_ANA_TRIM	body	--	Broken AnaTrim phrase.	`3.995`
FB_ANUI	body	--	Phrase: A_U_N_I	`1.618`
FB_C0MPANY	body	--	Phrase: C0mpany	`2.106`
FB_CAN_LONGER	body	--	Phrase: can last longer	`1.309`
FB_CIALIS_LEO3	body	--	Uses a mis-spelled version of cialis.	`2.815`
FB_DOUBLE_0WORDS	body	--	Looks like double 0 words	`3.595`
FB_EMAIL_HIER	body	--	Phrase: email hier	`1.203`
FB_EXTRA_INCHES	body	--	Phrase: extra inches	`3.096`
FB_FHARMACY	body	--	Phrase: Farmacy	`3.695`
FB_GAPPY_ADDRESS	body	--	Too much spacing in Address	`3.399`
FB_GET_MEDS	body	--	Looks like trying to sell meds	`1.097`
FB_GVR	body	--	Looks like generic viagra	`0.001`
FB_HEY_BRO_COMMA	body	--	Phrase hey bro,	`2.783`
FB_HG_H_CAP	body	--	Phrase: HGH	`0.887`
FB_HOMELOAN	body	--	Phrase $x home loan	`2.014`
FB_IMPRESS_GIRL	body	--	Phrase: impress ... girl	`1.757`
FB_INCREASE_YOUR	body	--	Phrase: Increase your energy	`3.396`
FB_INDEPEND_RWD	body	--	Phrase: independent reward	`3.599`
FB_LETTERS_21B	body	--	Special people leave special signs!	`3.999`
FB_LOWER_PAYM	body	--	Phrase: lower your monthly payments	`2.996`
FB_MED1CAT	body	--	Phrase: Med1cat	`1.000`
FB_MEDS_PERCENT	body	--	Talks about meds and %	`1.000`
FB_MORE_SIZE	body	--	Phrase: more size	`1.422`
FB_NOT_PHONE_NUM1	body	--	Looks like a fake phone number (1)	`2.599`
FB_NOT_PHONE_NUM3	body	--	Looks like a fake phone number (3)	`2.596`
FB_NOT_SCHOOL	body	--	Looks like school but it's not!	`2.312`
FB_NO_SCRIP_NEEDED	body	--	Phrase: no prescription needed.	`2.458`
FB_NUMYO	body	--	Speaks of teenager.	`2.397`
FB_ODD_SPACED_MONEY	body	--	Looks like money but has odd spacing.	`2.723`
FB_P1LL	body	--	Phrase: p1ll	`1.088`
FB_PIPEDOLLAR	body	--	Phrase: Dollar, with pipes or 0's.	`2.430`
FB_QUALITY_REPLICA	body	--	Phrase: quality replica	`3.899`
FB_REF_CODE_SPACE	body	--	Refcode with spacing	`3.599`
FB_REPLIC_CAP	body	--	Phrase: REPLICA	`3.995`
FB_RE_FI	body	--	Looks like refi.	`2.696`
FB_SOFTTABS	body	--	Phrase: Softabs	`4.281`
FB_SPACED_PHN_3B	body	--	Phone number with -- spacing. (B)	`2.896`
FB_SPACEY_ZIP	body	--	Looks like a s p a c e d zipcode.	`1.785`
FB_SSEX	body	--	Phrase: ssex	`2.001`
FB_STOCK_EXPLODE	body	--	Looks like stocks exploding.	`2.696`
FB_TO_STOP_DISTRO	body	--	Phrase: to stop further distribution	`3.096`
FB_ULTRA_ALLURE	body	--	Phrase: Ultra Allure	`2.841`
FB_UNLOCK_YOUR_G	body	--	Phrase: lock to your girlfriend	`2.696`
FB_UNRESOLV_PROV	body	--	Pattern Replacement PROV_D	`1.132`
FB_WORD1_END_DOLLAR	body	--	Looks like a word ending with a $	`1.000`
FB_YOURSELF_MASTER	body	--	Phrase: yourself master	`1.248`
FB_YOUR_REFI	body	--	Phrase: Your refi	`3.306`
FH_BAD_OEV1441	header	--	Bad X-Mailer version	`2.393`
FH_DATE_IS_19XX	header	--	The date is not 19xx.	`1.970`
FH_DATE_PAST_20XX	header	--	The date is grossly in the future.	`3.384`
FH_FAKE_RCVD_LINE	header	--	RCVD line looks faked (A)	`2.215`
FH_FROMEML_NOTLD	header	--	E-mail address doesn't have TLD (.com, etc.)	`2.196`
FH_FROM_CASH	header	--	From name has "cash"	`2.996`
FH_FROM_GIVEAWAY	header	--	From name is giveaway.	`2.796`
FH_FROM_HOODIA	header	--	From has Hoodia!!?	`2.696`
FH_HAS_XAIMC	header	--	Has X-AIMC-AUTH header	`2.699`
FH_HELO_ALMOST_IP	header	--	Helo is almost an IP addr.	`3.727`
FH_HELO_ENDS_DOT	header	--	Helo ends with a dot.	`3.020`
FH_HELO_EQ_610HEX	header	--	Helo is 6-10 hex chr's.	`4.099`
FH_HELO_EQ_CHARTER	header	--	Helo is d-d-d-d charter.com	`1.258`
FH_HELO_EQ_D_D_D_D	header	--	Helo is d-d-d-d	`0.498`
FH_HOST_EQ_DYNAMICIP	header	--	Host is dynamicip	`3.097`
FH_HOST_EQ_PACBELL_D	header	--	Host is pacbell.net dsl	`0.893`
FH_HOST_EQ_VERIZON_P	header	--	Host is pool-.+verizon.net	`1.105`
FH_MSGID_000000	header	--	Special MSGID	`4.299`
FH_MSGID_01C67	header	--	Special MSGID	`0.495`
FH_MSGID_01C70XXX	header	--	MESSAGE ID seen often!!!	`3.895`
FH_MSGID_REPLACE	header	--	Broken Replace Template	`2.079`
FH_MSGID_XXBLAH	header	--	Common sign in msg-id's 12/21/2006	`4.495`
FH_MSGID_XXX	header	--	Message-Id = @xxx	`3.196`
FH_RE_NEW_DDD	header	--	Subject is Re: new \d\d\d	`1.209`
FH_XMAIL_REPLACE	header	--	Broken Replace Template	`2.142`
FH_XMAIL_RND_833	header	--	Special X-Mailer Version	`1.000`
FIN_FREE	body	--	Freedom of a financial nature	`2.599`
FM_DOESNT_SAY_STOCK	meta	--	It's a stock spam but doesn't say stock	`4.295`
FM_FAKE_53COM_SPOOF	meta	--	Spoof mail from 53.com?	`3.096`
FM_FAKE_HELO_VERIZON	meta	--	Looks like a fake verizon.net helo.	`2.573`
FM_FRM_RN_L_BRACK	meta	--	From name has > but not <	`3.096`
FM_LIKE_STOCKS	meta	--	It looks like a duck, it's a duck!	`2.940`
FM_LUX_GIFTS_REDUCED	meta	--	Luxury Gifts with dd%	`2.486`
FM_MANY_DRUG_WORDS	meta	--	Lot's of almost drug words	`1.161`
FM_MORTGAGE4PLUS	meta	--	Looks like a mortgage spam (4+)	`1.000`
FM_MORTGAGE5PLUS	meta	--	Looks like a mortgage spam (5+)	`3.099`
FM_MULTI_LUX_GIFTS	meta	--	Talks about variety of luxury gifts	`2.494`
FM_PHN_NODNS	meta	--	Phone spacing + no dns	`2.538`
FM_RATSIGN_1106	meta	--	Fingerprint seen in lots of spam. 11/2006	`0.250`
FM_RE_HELLO_SPAM	meta	--	Re: Hello / hi	`2.798`
FM_ROLEX_ADS	meta	--	Looks like Rolex spams.	`3.999`
FM_SCHOOLING	meta	--	Meta Combo Phrase for Schooling (2)	`2.386`
FM_SCHOOL_DIPLOMA	meta	--	Meta for Schooling + Diploma.	`0.776`
FM_SCHOOL_TYPES	meta	--	Meta Combo Phrase for Schooling	`3.096`
FM_SEX_HELODDDD	meta	--	Sex words + helo = dddd	`2.332`
FM_VIAGRA_SPAM1114	meta	--	Signs of a Viagra spam 11/14/2006	`2.191`
FM_XMAIL_F_OUT	header	--	Looks like Fake Outlook?	`4.199`
FORGED_HOTMAIL_RCVD2	header	--	hotmail.com 'From' address, but no 'Received:'	`1.117`
FORGED_IMS_HTML	meta	--	IMS can't send HTML message only	`2.050`
FORGED_IMS_TAGS	meta	--	IMS mailers can't send HTML in this format	`1.579`
FORGED_MSGID_AOL	meta	--	Message-ID is forged, (aol.com)	`0.001`
FORGED_MSGID_HOTMAIL	meta	--	Message-ID is forged, (hotmail.com)	`2.706`
FORGED_MSGID_MSN	meta	--	Message-ID is forged, (msn.com)	`1.222`
FORGED_MSGID_YAHOO	meta	--	Message-ID is forged, (yahoo.com)	`3.211`
FORGED_MUA_EUDORA	meta	--	Forged mail pretending to be from Eudora	`1.665`
FORGED_MUA_IMS	meta	--	Forged mail pretending to be from IMS	`2.033`
FORGED_MUA_MOZILLA	meta	--	Forged mail pretending to be from Mozilla	`2.696`
FORGED_MUA_OIMO	meta	--	Forged mail pretending to be from MS Outlook IMO	`3.595`
FORGED_MUA_OUTLOOK	meta	--	Forged mail pretending to be from MS Outlook	`4.199`
FORGED_MUA_THEBAT_BOUN	meta	--	Mail pretending to be from The Bat! (boundary)	`1.019`
FORGED_MUA_THEBAT_CS	meta	--	Mail pretending to be from The Bat! (charset)	`0.854`
FORGED_OUTLOOK_HTML	meta	--	Outlook can't send HTML message only	`0.001`
FORGED_OUTLOOK_TAGS	meta	--	Outlook can't send HTML in this format	`0.001`
FORGED_QUALCOMM_TAGS	meta	--	QUALCOMM mailers can't send HTML in this format	`3.127`
FORGED_THEBAT_HTML	meta	--	The Bat! can't send HTML message only	`2.407`
FORGED_YAHOO_RCVD	header	--	'From' yahoo.com does not match 'Received' headers	`1.408`
FRAGMENTED_MESSAGE	header	--	Partial message	`2.500`
FREE_QUOTE_INSTANT	body	--	Free express or no-obligation quote	`2.499`
FROM_BLANK_NAME	header	--	From: contains empty name	`2.212`
FROM_DOMAIN_NOVOWEL	header	--	From: domain has series of non-vowel letters	`3.099`
FROM_EXCESS_BASE64	meta	--	From: base64 encoded unnecessarily	`1.984`
FROM_ILLEGAL_CHARS	header	--	From: has too many raw illegal characters	`3.999`
FROM_LOCAL_DIGITS	header	--	From: localpart has long digit sequence	`0.001`
FROM_LOCAL_HEX	header	--	From: localpart has long hexadecimal sequence	`2.733`
FROM_LOCAL_NOVOWEL	header	--	From: localpart has series of non-vowel letters	`3.196`
FROM_NO_USER	header	--	From: has no local-part before @ sign	`0.499`
FROM_OFFERS	header	--	From address is "at something-offers"	`1.145`
FROM_STARTS_WITH_NUMS	header	--	From: starts with many numbers	`0.723`
FRT_BIGGERMEM1	body	--	ReplaceTags: Bigger / Larger, Penis / Member	`0.001`
FRT_DISCOUNT	body	--	ReplaceTags: Discount	`2.996`
FRT_DOLLAR	body	--	ReplaceTags: Dollar	`2.596`
FRT_GUARANTEE1	body	--	ReplaceTags: Guarantee (1)	`2.819`
FRT_LEVITRA	body	--	ReplaceTags: Levitra	`0.745`
FRT_MEETING	body	--	ReplaceTags: Meeting	`2.699`
FRT_OFFER2	body	--	ReplaceTags: Offer (2)	`1.590`
FRT_OPPORTUN1	body	--	ReplaceTags: Oppertun (1)	`1.000`
FRT_OPPORTUN2	body	--	ReplaceTags: Oppertun (2)	`2.699`
FRT_PENIS1	body	--	ReplaceTags: Penis	`3.074`
FRT_PRICE	body	--	ReplaceTags: Price	`2.531`
FRT_REFINANCE1	body	--	ReplaceTags: Refinance (1)	`2.727`
FRT_ROLEX	body	--	ReplaceTags: Rolex	`3.096`
FRT_SEXUAL	body	--	ReplaceTags: Sexual	`3.196`
FRT_STRONG1	body	--	ReplaceTags: Strong (1)	`2.919`
FRT_STRONG2	body	--	ReplaceTags: Strong (2)	`0.001`
FRT_SYMBOL	body	--	ReplaceTags: Symbol	`3.561`
FRT_TODAY2	body	--	ReplaceTags: Today (2)	`2.460`
FRT_VALIUM1	body	--	ReplaceTags: Valium	`3.049`
FRT_VALIUM2	body	--	ReplaceTags: Valium (2)	`1.933`
FRT_WEIGHT2	body	--	ReplaceTags: Weight (2)	`2.930`
FRT_XANAX1	body	--	ReplaceTags: Xanax (1)	`3.799`
FRT_XANAX2	body	--	ReplaceTags: Xanax (2)	`0.001`
FR_3TAG_3TAG	rawbody	--	Looks like 3 <e> small tags.	`0.998`
FR_ALMOST_VIAG2	rawbody	--	Almost looks like viagra.	`2.376`
FR_MIDER	rawbody	--	Sign often seen in spams	`1.706`
FS_AT_NO_COST	header	--	Subject says "At No Cost"	`2.596`
FS_CHEAP_CAP	header	--	Phrase: Cheap in Caps in Subject.	`0.001`
FS_DOLLAR_BONUS	header	--	Subject talks about money bonus!	`2.696`
FS_EJACULA	header	--	Phrase: ejaculation in subject.	`2.996`
FS_ERECTION	header	--	Phrase: erection in subject.	`2.020`
FS_LARGE_PERCENT2	header	--	Larger than 100% in subj.	`1.037`
FS_LOWER_YOUR	header	--	Phrase: lower your	`1.000`
FS_LOW_RATES	header	--	Subject says low rates	`1.763`
FS_NEW_SOFT_UPLOAD	header	--	Subj starts with New software uploaded	`1.154`
FS_NEW_XXX	header	--	Subject looks like Fharmacy spams.	`0.616`
FS_NO_SCRIP	header	--	Subject almost says No prescription	`2.422`
FS_OBFU_PRMCY	header	--	what could this word be?	`0.722`
FS_PHARMASUB2	header	--	Looks like Phramacy subject.	`3.895`
FS_RAMROD	header	--	Subject says Ramrod	`2.820`
FS_REPLICA	header	--	Subject says "replica"	`1.179`
FS_REPLICAWATCH	header	--	Subject says Replica watch	`3.799`
FS_START_DOYOU2	header	--	Subject starts with Do you dream,have,want,love, etc.	`3.099`
FS_START_LOSE	header	--	Subject starts with Lose	`2.596`
FS_TEEN_BAD	header	--	Subject says something bad about teens	`2.596`
FS_TIP_DDD	header	--	Phrase: subject = tip ddd	`0.021`
FS_WEIGHT_LOSS	header	--	Subject says Weight Loss	`1.000`
FS_WILL_HELP	header	--	Subject says will help	`3.299`
FUZZY_AMBIEN	body	--	Attempt to obfuscate words in spam	`0.962`
FUZZY_CPILL	body	--	Attempt to obfuscate words in spam	`0.001`
FUZZY_CREDIT	body	--	Attempt to obfuscate words in spam	`0.522`
FUZZY_ERECT	body	--	Attempt to obfuscate words in spam	`0.708`
FUZZY_GUARANTEE	body	--	Attempt to obfuscate words in spam	`0.962`
FUZZY_MEDICATION	body	--	Attempt to obfuscate words in spam	`0.001`
FUZZY_MERIDIA	body	--	/<inter W3><post P2>\b(?!meridia)<M><E><R><I><D><I><A>\b/i	`0.778`
FUZZY_MILLION	body	--	Attempt to obfuscate words in spam	`2.325`
FUZZY_MONEY	body	--	Attempt to obfuscate words in spam	`2.796`
FUZZY_MORTGAGE	body	--	Attempt to obfuscate words in spam	`3.296`
FUZZY_OBLIGATION	body	--	Attempt to obfuscate words in spam	`2.796`
FUZZY_OFFERS	body	--	Attempt to obfuscate words in spam	`1.032`
FUZZY_PHARMACY	body	--	Attempt to obfuscate words in spam	`2.999`
FUZZY_PRESCRIPT	body	--	Attempt to obfuscate words in spam	`2.644`
FUZZY_PRICES	body	--	Attempt to obfuscate words in spam	`2.458`
FUZZY_REFINANCE	body	--	Attempt to obfuscate words in spam	`0.001`
FUZZY_SOFTWARE	body	--	Attempt to obfuscate words in spam	`2.860`
FUZZY_VLIUM	body	--	Attempt to obfuscate words in spam	`0.001`
FUZZY_VPILL	body	--	Attempt to obfuscate words in spam	`0.001`
FUZZY_XPILL	body	--	Attempt to obfuscate words in spam	`3.314`
FU_COMMON_SUBS2	uri	--	Sub-dir seen often in spam (2).	`2.057`
FU_ENDS_NUMS_DOTS_CLK	uri	--	Ends with clk/d+.d+.d+	`3.196`
FU_END_ET	uri	--	ET Phone Home?	`3.599`
FU_HOODIA	uri	--	URL has hoodia in it.	`1.484`
FU_LONG_QUERY3	uri	--	URL has a long file name with .aspx extension.	`0.001`
FU_MIDER	uri	--	URL has /gal/	`2.024`
FU_UKGEOCITIES	uri	--	URL with [a-z]{2}.geocities.com	`3.296`
FU_URI_TRACKER_T	uri	--	URI style tracker (T)	`3.895`
GAPPY_SUBJECT	header	--	Subject: contains G.a.p.p.y-T.e.x.t	`2.001`
GEO_QUERY_STRING	uri	--	/^http:\/\/(?:\w{2,4}\.)?geocities\.com(?::\d*)?\/.+?\/\?/i	`2.696`
GTUBE	body	--	Generic Test for Unsolicited Bulk Email	`1000.000`
GUARANTEED_100_PERCENT	body	--	One hundred percent guaranteed	`0.965`
HASHCASH_2SPEND	header	--	Hashcash token already spent in another mail	`0.100`
HDR_ORDER_FTSDMCXX_001C	meta	--	Header order similar to spam (FTSDMCXX/MID variant)	`1.937`
HDR_ORDER_FTSDMCXX_BAT	meta	--	Header order similar to spam (FTSDMCXX/boundary variant)	`2.739`
HEADER_COUNT_CTYPE	header	--	Multiple Content-Type headers found	`0.671`
HEADER_COUNT_SUBJECT	header	--	Multiple Subject headers found	`3.099`
HEADER_SPAM	header	--	Bulk email fingerprint (header-based) found	`3.396`
HEAD_ILLEGAL_CHARS	header	--	Headers have too many raw illegal characters	`3.729`
HEAD_LONG	header	--	Message headers are very long	`2.500`
HELO_DYNAMIC_CHELLO_NL	header	--	Relay HELO'd using suspicious hostname (Chello.nl)	`3.599`
HELO_DYNAMIC_DHCP	header	--	Relay HELO'd using suspicious hostname (DHCP)	`1.520`
HELO_DYNAMIC_DIALIN	header	--	Relay HELO'd using suspicious hostname (T-Dialin)	`3.995`
HELO_DYNAMIC_HCC	header	--	Relay HELO'd using suspicious hostname (HCC)	`4.295`
HELO_DYNAMIC_HEXIP	header	--	Relay HELO'd using suspicious hostname (Hex IP)	`3.099`
HELO_DYNAMIC_HOME_NL	header	--	Relay HELO'd using suspicious hostname (Home.nl)	`3.496`
HELO_DYNAMIC_IPADDR	header	--	Relay HELO'd using suspicious hostname (IP addr 1)	`2.935`
HELO_DYNAMIC_IPADDR2	header	--	Relay HELO'd using suspicious hostname (IP addr 2)	`4.395`
HELO_DYNAMIC_SPLIT_IP	header	--	Relay HELO'd using suspicious hostname (Split IP)	`4.199`
HELO_FRIEND	header	--	X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=friend /i	`0.001`
HELO_LH_HOME	header	--	X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=\S+\.(?:home\|lan) /i	`3.169`
HELO_LH_LD	header	--	X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=localhost\.localdomain /i	`0.792`
HELO_LOCALHOST	header	--	X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=localhost /i	`4.499`
HELO_OEM	header	--	X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=(?:pc\|oem\S*) /i	`3.296`
HG_HORMONE	meta	--	Talks about hormones for human growth	`2.292`
HIDE_WIN_STATUS	rawbody	--	Javascript to hide URLs in browser	`2.213`
HIGH_CODEPAGE_URI	uri	--	/^https?:\/\/[^\/]*\&\#(?:\d{4,}\|[3456789]\d\d);/i	`2.500`
HS_BODY_UPLOADED_SOFTWARE	body	--	Somebody has uploaded some new software for you	`1.992`
HS_DRUG_DOLLAR_1	body	--	Contains a drug and price-like pattern.	`1.350`
HS_DRUG_DOLLAR_2	body	--	Contains a drug and price-like pattern.	`1.119`
HS_DRUG_DOLLAR_3	body	--	Contains a drug and price-like pattern.	`1.901`
HS_DRUG_DOLLAR_MANY	meta	--	Contains several drug and dollar-like patterns.	`0.688`
HS_FORGED_OE_FW	meta	--	Outlook does not prefix forwards with "FW:"	`2.796`
HS_INDEX_PARAM	uri	--	Link contains a common tracker pattern.	`0.001`
HS_SUBJ_NEW_SOFTWARE	header	--	Subject starts with 'New software uploaded by'	`0.253`
HTML_CHARSET_FARAWAY	meta	--	A foreign language charset used in HTML markup	`0.500`
HTML_COMMENT_SAVED_URL	body	--	HTML message is a saved web page	`1.820`
HTML_COMMENT_SHORT	body	--	HTML comment is very short	`0.001`
HTML_EMBEDS	body	--	HTML with embedded plugin object	`0.440`
HTML_EXTRA_CLOSE	body	--	HTML contains far too many close tags	`1.089`
HTML_FONT_FACE_BAD	body	--	HTML font face is not a word	`0.606`
HTML_FONT_LOW_CONTRAST	body	--	HTML font color similar to background	`0.543`
HTML_FONT_SIZE_HUGE	body	--	HTML font size is huge	`0.389`
HTML_FONT_SIZE_LARGE	body	--	HTML font size is large	`0.001`
HTML_IFRAME_SRC	body	--	Message has HTML IFRAME tag with SRC URI	`0.001`
HTML_IMAGE_ONLY_04	body	--	HTML: images with 0-400 bytes of words	`1.462`
HTML_IMAGE_ONLY_08	body	--	HTML: images with 400-800 bytes of words	`2.432`
HTML_IMAGE_ONLY_12	body	--	HTML: images with 800-1200 bytes of words	`2.245`
HTML_IMAGE_ONLY_16	body	--	HTML: images with 1200-1600 bytes of words	`2.498`
HTML_IMAGE_ONLY_20	body	--	HTML: images with 1600-2000 bytes of words	`1.808`
HTML_IMAGE_ONLY_24	body	--	HTML: images with 2000-2400 bytes of words	`2.207`
HTML_IMAGE_ONLY_28	body	--	HTML: images with 2400-2800 bytes of words	`1.519`
HTML_IMAGE_ONLY_32	body	--	HTML: images with 2800-3200 bytes of words	`1.318`
HTML_IMAGE_RATIO_02	body	--	HTML has a low ratio of text to image area	`0.550`
HTML_IMAGE_RATIO_04	body	--	HTML has a low ratio of text to image area	`0.170`
HTML_IMAGE_RATIO_06	body	--	HTML has a low ratio of text to image area	`0.001`
HTML_IMAGE_RATIO_08	body	--	HTML has a low ratio of text to image area	`0.001`
HTML_MESSAGE	body	--	HTML included in message	`0.001`
HTML_MIME_NO_HTML_TAG	meta	--	HTML-only message, but there is no HTML tag	`1.052`
HTML_MISSING_CTYPE	meta	--	Message is HTML without HTML Content-Type	`2.380`
HTML_NONELEMENT_30_40	body	--	30% to 40% of HTML elements are non-standard	`1.775`
HTML_NONELEMENT_40_50	body	--	40% to 50% of HTML elements are non-standard	`0.001`
HTML_OBFUSCATE_05_10	body	--	Message is 5% to 10% HTML obfuscation	`0.572`
HTML_OBFUSCATE_10_20	body	--	Message is 10% to 20% HTML obfuscation	`3.196`
HTML_OBFUSCATE_20_30	body	--	Message is 20% to 30% HTML obfuscation	`2.747`
HTML_OBFUSCATE_30_40	body	--	Message is 30% to 40% HTML obfuscation	`2.599`
HTML_SHORT_CENTER	meta	--	HTML is very short with CENTER tag	`0.001`
HTML_SHORT_LINK_IMG_1	meta	--	HTML is very short with a linked image	`1.078`
HTML_SHORT_LINK_IMG_2	meta	--	HTML is very short with a linked image	`0.239`
HTML_SHORT_LINK_IMG_3	meta	--	HTML is very short with a linked image	`0.556`
HTML_TAG_BALANCE_BODY	body	--	HTML has unbalanced "body" tags	`0.807`
HTML_TAG_BALANCE_HEAD	body	--	HTML has unbalanced "head" tags	`1.370`
HTML_TITLE_SUBJ_DIFF	meta	--	__HTML_TITLE_SUBJ_DIFF && !__MIME_ATTACHMENT	`0.805`
HTTPS_IP_MISMATCH	body	--	IP to HTTPS link found in HTML	`2.896`
HTTP_77	uri	--	Contains an URL-encoded hostname (HTTP77)	`0.001`
HTTP_ESCAPED_HOST	uri	--	Uses %-escapes inside a URL's hostname	`0.001`
HTTP_EXCESSIVE_ESCAPES	uri	--	Completely unnecessary %-escapes inside a URL	`0.964`
IMPOTENCE	body	--	Impotence cure	`1.678`
INVALID_DATE	header	--	Invalid Date: header (not RFC 2822)	`1.651`
INVALID_DATE_TZ_ABSURD	header	--	Invalid Date: header (timezone does not exist)	`0.243`
INVALID_MSGID	meta	--	Message-Id is not valid, according to RFC 2822	`2.603`
INVALID_TZ_CST	header	--	Invalid date in header (wrong CST timezone)	`0.862`
INVALID_TZ_EST	header	--	Invalid date in header (wrong EST timezone)	`2.065`
INVESTMENT_ADVICE	body	--	Message mentions investment advice	`0.001`
IP_LINK_PLUS	uri	--	Dotted-decimal IP address followed by CGI	`0.001`
JM_RCVD_QMAILV1	header	--	Received =~ /by \S+ $Qmailv1$ with ESMTP/	`3.995`
JM_TORA_XM	meta	--	(__MAILER_OL_6626 && __MOLE_2962 && __NAKED_TO)	`3.096`
JOIN_MILLIONS	body	--	Join Millions of Americans	`1.807`
KAM_LOTTO1	meta	--	Likely to be a e-Lotto Scam Email	`1.569`
KAM_LOTTO2	meta	--	Highly Likely to be a e-Lotto Scam Email	`1.190`
KAM_LOTTO3	meta	--	Almost certain to be a e-Lotto Scam Email	`1.000`
KAM_STOCKOTC	meta	--	(0)	`2.328`
KAM_STOCKTIP15	meta	--	(0)	`0.001`
KOREAN_UCE_SUBJECT	header	--	Subject: contains Korean unsolicited email tag	`1.111`
LOCALPART_IN_SUBJECT	header	--	Local part of To: address appears in Subject	`2.497`
LONGWORDS	meta	--	Long string of long words	`3.196`
LONG_TERM_PRICE	body	--	/long\W+term\W+(target\|projected)(\W+price)?/i	`0.212`
LOOPHOLE_1	body	--	A loop hole in the banking laws?	`2.474`
LOTTERY_1	meta	--	(__DBLCLAIM && __CASHPRZ)	`3.196`
LOW_PRICE	body	--	Lowest Price	`1.159`
L_SPAM_TOOL_13	header	--	Date =~ /\s[+-]\d(?![2358]45)\d[124-9]\d$/	`4.499`
MALE_ENHANCE	body	--	Message talks about enhancing men	`2.596`
MARKETING_PARTNERS	body	--	Claims you registered with a partner	`2.355`
MICROSOFT_EXECUTABLE	body	--	Message includes Microsoft executable program	`0.100`
MID_DEGREES	header	--	Message-ID =~ /^<\d{14}\.[A-F0-9]{10}\@[A-Z0-9]+>$/	`4.195`
MILLION_USD	body	--	Talks about millions of dollars	`1.777`
MIME_BAD_ISO_CHARSET	body	--	MIME character set is an unknown ISO charset	`2.831`
MIME_BASE64_BLANKS	rawbody	--	Extra blank lines in base64 encoding	`0.001`
MIME_BASE64_TEXT	rawbody	--	Message text disguised using base64 encoding	`2.796`
MIME_BOUND_DD_DIGITS	header	--	Spam tool pattern in MIME boundary	`4.199`
MIME_BOUND_DIGITS_15	header	--	Spam tool pattern in MIME boundary	`2.896`
MIME_BOUND_EQ_REL	header	--	Content-Type =~ /boundary="=====================_\d+==\.REL"/s	`0.845`
MIME_BOUND_MANY_HEX	header	--	Spam tool pattern in MIME boundary	`0.001`
MIME_CHARSET_FARAWAY	meta	--	MIME character set indicates foreign language	`2.450`
MIME_HEADER_CTYPE_ONLY	meta	--	'Content-Type' found without required MIME headers	`0.856`
MIME_HTML_MOSTLY	body	--	Multipart message mostly text/html MIME	`0.001`
MIME_HTML_ONLY	body	--	Message only has text/html MIME parts	`1.672`
MIME_HTML_ONLY_MULTI	meta	--	Multipart message only has text/html MIME parts	`0.001`
MIME_QP_LONG_LINE	rawbody	--	Quoted-printable line longer than 76 chars	`1.819`
MIME_SUSPECT_NAME	body	--	MIME filename does not match content	`0.100`
MISSING_DATE	header	--	Missing Date: header	`0.001`
MISSING_HB_SEP	header	--	Missing blank line between message header and body	`2.500`
MISSING_HEADERS	header	--	Missing To: header	`1.581`
MISSING_MID	header	--	Missing Message-Id: header	`0.001`
MISSING_MIMEOLE	meta	--	Message has X-MSMail-Priority, but no X-MimeOLE	`0.001`
MISSING_MIME_HB_SEP	body	--	Missing blank line between MIME header and body	`2.699`
MISSING_SUBJECT	meta	--	Missing Subject: header	`1.285`
MONEY_BACK	body	--	Money back guarantee	`0.001`
MORE_SEX	body	--	Talks about a bigger drive for sex	`2.321`
MPART_ALT_DIFF	body	--	HTML and text parts are different	`1.143`
MPART_ALT_DIFF_COUNT	body	--	HTML and text parts are different	`1.882`
MSGID_DOLLARS_RANDOM	meta	--	__MSGID_DOLLARS_MAYBE && !__MSGID_DOLLARS_OK	`3.296`
MSGID_FROM_MTA_HEADER	meta	--	Message-Id was added by a relay	`1.495`
MSGID_MULTIPLE_AT	header	--	Message-ID contains multiple '@' characters	`1.211`
MSGID_OUTLOOK_INVALID	header	--	Message-Id is fake (in Outlook Express format)	`2.896`
MSGID_RANDY	meta	--	Message-Id has pattern used in spam	`0.001`
MSGID_SHORT	header	--	Message-ID is unusually short	`0.232`
MSGID_SPAM_CAPS	header	--	Spam tool Message-Id: (caps variant)	`4.195`
MSGID_SPAM_LETTERS	header	--	Spam tool Message-Id: (letters variant)	`1.637`
MSGID_YAHOO_CAPS	header	--	Message-ID has ALLCAPS@yahoo.com	`0.448`
MSOE_MID_WRONG_CASE	meta	--	(__XM_OUTLOOK_EXPRESS && __MSOE_MID_WRONG_CASE && !__MIMEOLE_1106)	`0.699`
MULTIPART_ALT_NON_TEXT	body	--	eval:check_ma_non_text()	`2.696`
NA_DOLLARS	body	--	Talks about a million North American dollars	`1.129`
NORMAL_HTTP_TO_IP	uri	--	Uses a dotted-decimal IP address in URL	`0.001`
NO_DNS_FOR_FROM	header	--	Envelope sender has no MX or A DNS records	`1.407`
NO_HEADERS_MESSAGE	meta	--	Message appears to be missing most RFC-822 headers	`0.001`
NO_PRESCRIPTION	body	--	No prescription needed	`2.757`
NO_RDNS_DOTCOM_HELO	header	--	Host HELO'd as a big ISP, but had no rDNS	`0.799`
NULL_IN_BODY	full	--	Message has NUL (ASCII 0) byte in message	`1.489`
NUMERIC_HTTP_ADDR	uri	--	Uses a numeric IP address in URL	`0.001`
OBFUSCATING_COMMENT	meta	--	HTML comments which obfuscate text	`0.230`
OBSCURED_EMAIL	body	--	Message seems to contain rot13ed address	`0.012`
ONLINE_PHARMACY	body	--	Online Pharmacy	`1.484`
OUTLOOK_3416	header	--	Claims to be sent by an unusual build of Outlook (3416)	`1.695`
PART_CID_STOCK	meta	--	Has a spammy image attachment (by Content-ID)	`1.231`
PART_CID_STOCK_LESS	meta	--	Has a spammy image attachment (by Content-ID, more specific)	`0.001`
PERCENT_RANDOM	meta	--	Message has a random macro in it	`3.196`
PLING_QUERY	header	--	Subject has exclamation mark and question mark	`1.333`
PREVENT_NONDELIVERY	header	--	Message has Prevent-NonDelivery-Report header	`1.640`
PRICES_ARE_AFFORDABLE	body	--	Message says that prices aren't too expensive	`0.001`
PYZOR_CHECK	full	--	Listed in Pyzor (http://pyzor.sf.net/)	`2.834`
RATWARE_EFROM	header	--	Bulk email fingerprint (envfrom) found	`3.795`
RATWARE_EGROUPS	header	--	Bulk email fingerprint (eGroups) found	`2.379`
RATWARE_MS_HASH	meta	--	Bulk email fingerprint (msgid ms hash) found	`2.779`
RATWARE_OE_MALFORMED	header	--	X-Mailer has malformed Outlook Express version	`2.095`
RATWARE_OUTLOOK_NONAME	meta	--	Bulk email fingerprint (Outlook no name) found	`0.001`
RATWARE_RCVD_AT	header	--	Bulk email fingerprint (Received @) found	`0.650`
RATWARE_RCVD_PF	header	--	Bulk email fingerprint (Received PF) found	`3.895`
RAZOR2_CF_RANGE_51_100	full	--	Razor2 gives confidence level above 50%	`0.500`
RAZOR2_CF_RANGE_E4_51_100	full	--	Razor2 gives engine 4 confidence level above 50%	`1.500`
RAZOR2_CF_RANGE_E8_51_100	full	--	Razor2 gives engine 8 confidence level above 50%	`1.500`
RAZOR2_CHECK	full	--	Listed in Razor2 (http://razor.sf.net/)	`0.500`
RCVD_AM_PM	header	--	Received headers forged (AM/PM)	`1.688`
RCVD_BAD_ID	header	--	Received =~ /\bid\s+[a-zA-Z0-9_+\/\\,-]+(?:[!"\#\$\%&'()*:<=>?\@\[\]^\`{\|}~]\|;\S)/	`2.088`
RCVD_DOUBLE_IP_LOOSE	meta	--	Received: by and from look like IP addresses	`0.001`
RCVD_DOUBLE_IP_SPAM	meta	--	Bulk email fingerprint (double IP) found	`3.895`
RCVD_FAKE_HELO_DOTCOM	header	--	Received contains a faked HELO hostname	`2.775`
RCVD_FORGED_WROTE	header	--	Forged 'Received' header found ('wrote:' spam)	`4.479`
RCVD_FORGED_WROTE2	header	--	Received =~ /from [0-9.]+ $HELO \S+[A-Za-z]+$ by (\S+) with esmtp $\S+\s\S+$ id \S{6}-\S{6}-\S\S for \S+@\1;/s	`2.736`
RCVD_HELO_IP_MISMATCH	header	--	Received: HELO and IP do not match, but should	`2.320`
RCVD_ILLEGAL_IP	header	--	Received: contains illegal IP address	`3.196`
RCVD_IN_BL_SPAMCOP_NET	header	--	Received via a relay in bl.spamcop.net	`2.188`
RCVD_IN_DOB	header	--	Received via relay in new domain (Day Old Bread)	`0.835`
RCVD_IN_DSBL	header	--	Received via a relay in list.dsbl.org	`0.753`
RCVD_IN_NJABL_PROXY	header	--	NJABL: sender is an open proxy	`1.693`
RCVD_IN_NJABL_RELAY	header	--	NJABL: sender is confirmed open relay	`1.841`
RCVD_IN_NJABL_SPAM	header	--	NJABL: sender is confirmed spam source	`3.096`
RCVD_IN_PBL	header	--	Received via a relay in Spamhaus PBL	`0.509`
RCVD_IN_SBL	header	--	Received via a relay in Spamhaus SBL	`2.810`
RCVD_IN_SORBS_DUL	header	--	SORBS: sent directly from dynamic IP address	`1.615`
RCVD_IN_SORBS_HTTP	header	--	SORBS: sender is open HTTP proxy server	`0.001`
RCVD_IN_SORBS_MISC	header	--	SORBS: sender is open proxy server	`0.001`
RCVD_IN_SORBS_SOCKS	header	--	SORBS: sender is open SOCKS proxy server	`0.182`
RCVD_IN_SORBS_WEB	header	--	SORBS: sender is a abuseable web server	`1.117`
RCVD_IN_XBL	header	--	Received via a relay in Spamhaus XBL	`2.896`
RCVD_MAIL_COM	header	--	Forged Received header (contains post.com or mail.com)	`1.452`
RCVD_NUMERIC_HELO	header	--	Received: contains an IP address used for HELO	`2.599`
RDNS_DYNAMIC	meta	--	Delivered to trusted network by host with dynamic-looking rDNS	`0.100`
RDNS_NONE	meta	--	Delivered to trusted network by a host with no rDNS	`0.100`
REFINANCE_NOW	body	--	Home refinancing	`0.169`
REFINANCE_YOUR_HOME	body	--	Home refinancing	`0.001`
REMOVE_BEFORE_LINK	body	--	Removal phrase right before a link	`0.001`
REPLICA_WATCH	body	--	Message talks about a replica watch	`3.396`
REPTO_OVERQUOTE_THEBAT	meta	--	The Bat! doesn't do quoting like this	`3.499`
REPTO_QUOTE_AOL	meta	--	AOL doesn't do quoting like this	`1.595`
REPTO_QUOTE_IMS	meta	--	IMS doesn't do quoting like this	`0.314`
REPTO_QUOTE_MSN	meta	--	MSN doesn't do quoting like this	`2.689`
REPTO_QUOTE_QUALCOMM	meta	--	Qualcomm/Eudora doesn't do quoting like this	`0.415`
REPTO_QUOTE_YAHOO	meta	--	Yahoo! doesn't do quoting like this	`0.729`
ROUND_THE_WORLD_LOCAL	header	--	Received: says mail sent around the world (HELO)	`2.696`
SB_GIF_AND_NO_URIS	meta	--	(__GIF_ATTACH&&!__HAS_ANY_URI&&!__HAS_ANY_EMAIL)	`1.257`
SHORT_HELO_AND_INLINE_IMAGE	meta	--	Short HELO string, with inline image	`0.702`
SHORT_TERM_PRICE	body	--	/short\W+term\W+(target\|projected)(\W+price)?/i	`1.950`
SORTED_RECIPS	header	--	Recipient list is sorted by address	`1.800`
SPAMMY_XMAILER	meta	--	X-Mailer string is common in spam and not in ham	`2.333`
SPF_FAIL	header	--	SPF: sender does not match SPF record (fail)	`0.992`
SPF_HELO_FAIL	header	--	SPF: HELO does not match SPF record (fail)	`0.365`
SPF_HELO_NEUTRAL	header	--	SPF: HELO does not match SPF record (neutral)	`2.000`
SPF_HELO_SOFTFAIL	header	--	SPF: HELO does not match SPF record (softfail)	`1.533`
SPF_NEUTRAL	header	--	SPF: sender does not match SPF record (neutral)	`1.210`
SPF_SOFTFAIL	header	--	SPF: sender does not match SPF record (softfail)	`0.654`
SPOOF_COM2COM	uri	--	URI contains ".com" in middle and end	`0.341`
SPOOF_COM2OTH	uri	--	URI contains ".com" in middle	`0.848`
SPOOF_NET2COM	uri	--	URI contains ".net" or ".org", then ".com"	`2.896`
STOCK_ALERT	body	--	Offers a alert about a stock	`2.889`
STOCK_IMG_CTYPE	meta	--	Stock spam image part, with distinctive Content-Type header	`0.001`
STOCK_IMG_HDR_FROM	meta	--	Stock spam image part, with distinctive From line	`0.001`
STOCK_IMG_HTML	meta	--	Stock spam image part, with distinctive HTML	`0.001`
STOCK_IMG_OUTLOOK	meta	--	Stock spam image part, with Outlook-like features	`0.001`
STOCK_PRICES	meta	--	(SHORT_TERM_PRICE && LONG_TERM_PRICE)	`0.184`
STOX_AND_PRICE	meta	--	CURR_PRICE && STOX_REPLY_TYPE	`2.373`
STOX_REPLY_TYPE	header	--	Content-Type =~ /text\/plain; .* reply-type=original/	`0.001`
STRONG_BUY	body	--	Tells you about a strong buy	`2.478`
SUBJECT_DIET	header	--	Subject talks about losing pounds	`1.621`
SUBJECT_DRUG_GAP_C	header	--	Subject contains a gappy version of 'cialis'	`0.001`
SUBJECT_DRUG_GAP_L	header	--	Subject contains a gappy version of 'levitra'	`1.831`
SUBJECT_DRUG_GAP_VA	header	--	Subject contains a gappy version of 'valium'	`2.596`
SUBJECT_DRUG_GAP_X	header	--	Subject contains a gappy version of 'xanax'	`2.052`
SUBJECT_FUZZY_MEDS	header	--	Attempt to obfuscate words in Subject:	`2.812`
SUBJECT_FUZZY_PENIS	header	--	Attempt to obfuscate words in Subject:	`1.308`
SUBJECT_FUZZY_TION	header	--	Attempt to obfuscate words in Subject:	`0.410`
SUBJECT_FUZZY_VPILL	meta	--	Attempt to obfuscate words in Subject:	`3.299`
SUBJECT_IN_BLACKLIST	header	--	Subject: contains string in the user's black-list	`100.000`
SUBJECT_NEEDS_ENCODING	meta	--	(!__SUBJECT_ENCODED_B64 && !__SUBJECT_ENCODED_QP) && __SUBJECT_NEEDS_MIME	`1.277`
SUBJECT_SEXUAL	header	--	Subject indicates sexually-explicit content	`0.116`
SUBJ_ALL_CAPS	header	--	Subject is all capitals	`1.806`
SUBJ_BUY	header	--	Subject line starts with Buy or Buying	`0.900`
SUBJ_DOLLARS	header	--	Subject starts with dollar amount	`0.842`
SUBJ_ILLEGAL_CHARS	header	--	Subject: has too many raw illegal characters	`1.527`
SUBJ_RE_NUM	meta	--	Subject is faking 'The Bat!' responses	`2.667`
SUBJ_YOUR_DEBT	header	--	Subject contains "Your Bills" or similar	`2.896`
SUBJ_YOUR_FAMILY	header	--	Subject contains "Your Family"	`2.647`
SUSPICIOUS_RECIPS	header	--	Similar addresses in recipient list	`3.196`
TEMPLATE_203_RCVD	header	--	Received =~ /from 192.168.0.\d+ \(203-219-/	`1.000`
TO_MALFORMED	header	--	To: has a malformed address	`0.001`
TRACKER_ID	body	--	Incorporates a tracking ID number	`2.696`
TT_MSGID_TRUNC	header	--	Scora: Message-Id ends after left-bracket + digits	`1.874`
TT_OBSCURED_VALIUM	meta	--	Scora: obscured "VALIUM" in subject	`0.462`
TT_OBSCURED_VIAGRA	meta	--	Scora: obscured "VIAGRA" in subject	`2.154`
TVD_ACT_193	body	--	/\bact of (?:193\|nineteen thirty)/i	`3.420`
TVD_APPROVED	body	--	/you.{1,2}re .{0,20}approved/i	`2.558`
TVD_APP_LOAN	body	--	/approved .{0,20}loan/i	`1.000`
TVD_DEAR_HOMEOWNER	body	--	/^dear homeowner/i	`2.599`
TVD_EB_PHISH	meta	--	__FROM_EBAY && NORMAL_HTTP_TO_IP	`2.996`
TVD_ENVFROM_APOST	header	--	EnvelopeFrom =~ /\'/	`3.307`
TVD_FINGER_02	header	--	Content-Type =~ /^text\/plain(?:; (?:format=flowed\|charset="Windows-1252"\|reply-type=original)){3}/i	`2.720`
TVD_FLOAT_GENERAL	rawbody	--	/\bstyle\s=\s"[^"]\bfloat\s:\s[a-z]+\s">\s[a-zA-Z]+\s</i	`1.114`
TVD_FUZZY_SYMBOL	body	--	/<inter W2><post P2>(?!symbol)<S><Y><M><B><O><L>/i	`1.435`
TVD_PH_REC	body	--	Message has a phrase standard for phishing mails	`2.996`
TVD_PH_SUBJ_ACCOUNTS_POST	header	--	Subject =~ /\b(?:(?:re-?)?activat[a-z]\|secure\|verify\|restore\|flagged\|limited\|unusual\|report\|notif(?:y\|ication)\|suspen(?:d\|ded\|sion)\|confirm[a-z]) (?:[a-z_,-]+ )*?accounts?\b/i	`2.996`
TVD_PH_SUBJ_META	meta	--	__TVD_PH_SUBJ_00 \|\| __TVD_PH_SUBJ_02 \|\| __TVD_PH_SUBJ_04 \|\| __TVD_PH_SUBJ_15 \|\| __TVD_PH_SUBJ_17 \|\| __TVD_PH_SUBJ_18 \|\| __TVD_PH_SUBJ_19 \|\| __TVD_PH_SUBJ_29 \|\| __TVD_PH_SUBJ_31 \|\| __TVD_PH_SUBJ_36 \|\| __TVD_PH_SUBJ_37 \|\| __TVD_PH_SUBJ_38 \|\| __TVD_PH_SUBJ_39 \|\| __TVD_PH_SUBJ_41 \|\| __TVD_PH_SUBJ_52 \|\| __TVD_PH_SUBJ_54 \|\| __TVD_PH_SUBJ_56 \|\| __TVD_PH_SUBJ_58 \|\| __TVD_PH_SUBJ_59 \|\| __TVD_PH_SUBJ_ACCESS_POST	`1.000`
TVD_PH_SUBJ_URGENT	header	--	Subject =~ /^urgent(?:[\s\W]*$\|.{1,40}(?:alert\|response\|assistance\|proposal\|reply\|warning\|noti(?:ce\|fication)\|greeting\|matter))/i	`2.102`
TVD_PP_PHISH	meta	--	__FROM_PAYPAL && NORMAL_HTTP_TO_IP	`3.099`
TVD_QUAL_MEDS	body	--	/\bquality med(?:ication)?s\b/i	`4.123`
TVD_RATWARE_CB	header	--	Content-Type =~ /\bboundary\b.{1,40}qzsoft_directmail_seperator/i	`2.914`
TVD_RATWARE_MSGID_02	header	--	Message-ID =~ /^[^<]*<[a-z]+\@/	`1.688`
TVD_RCVD_IP	header	--	Received =~ /^from\s+(?:\d+[^0-9a-zA-Z\s]){3}\d+[.\s]/	`1.617`
TVD_RCVD_IP4	header	--	Received =~ /^from\s+(?:\d+\.){3}\d+\s/	`3.344`
TVD_RCVD_SINGLE	header	--	Received =~ /^from\s+(?!localhost)[^\s.a-z0-9-]+\s/	`0.303`
TVD_SECTION	body	--	/\bSection (?:27A\|21B)/i	`3.317`
TVD_SPACED_SUBJECT_WORD3	header	--	Subject =~ /^(?:(?:Re\|Fw)[^:]{0,5}: )?[A-Z]+[a-z]+[A-Z]+$/	`3.599`
TVD_SPACE_RATIO	body	--	eval:tvd_vertical_words('0','10')	`2.899`
TVD_STOCK1	body	--	eval:check_stock_info('2')	`3.792`
TVD_SUBJ_OWE	header	--	Subject =~ /^\s(?:\w+\s+)+you\s+(?:\w+\s+)(?:owe\|indebted)\s+(?:\w+\s+)+an\s*other/i	`3.196`
TVD_SUBJ_WIPE_DEBT	header	--	Subject =~ /(?:wipe out\|remove\|get (?:rid\|out) of\|eradicate) .{0,20}(?:owe\|debt\|obligation)/i	`2.896`
TVD_VISIT_PHARMA	body	--	/Online Ph.rmacy/i	`0.001`
TVD_VIS_HIDDEN	rawbody	--	/<TEXTAREA[^>]+style\s=\s"visibility:\s*hidden\b/i	`1.908`
UNCLAIMED_MONEY	body	--	People just leave money laying around	`2.985`
UNCLOSED_BRACKET	header	--	Headers contain an unclosed bracket	`2.083`
UNPARSEABLE_RELAY	header	--	Informational: message has unparseable relay lines	`0.001`
UNRESOLVED_TEMPLATE	header	--	Headers contain an unresolved template	`3.325`
UNWANTED_LANGUAGE_BODY	body	--	Message written in an undesired language	`2.800`
UPPERCASE_50_75	meta	--	message body is 50-75% uppercase	`0.490`
UPPERCASE_75_100	meta	--	message body is 75-100% uppercase	`1.930`
URG_BIZ	body	--	Contains urgent matter	`0.667`
URIBL_AB_SURBL	body	--	Contains an URL listed in the AB SURBL blocklist	`1.613`
URIBL_BLACK	body	--	Contains an URL listed in the URIBL blacklist	`1.961`
URIBL_GREY	body	--	Contains an URL listed in the URIBL greylist	`0.250`
URIBL_JP_SURBL	body	--	Contains an URL listed in the JP SURBL blocklist	`2.857`
URIBL_OB_SURBL	body	--	Contains an URL listed in the OB SURBL blocklist	`2.132`
URIBL_PH_SURBL	body	--	Contains an URL listed in the PH SURBL blocklist	`2.035`
URIBL_RED	body	--	Contains an URL listed in the URIBL redlist	`0.001`
URIBL_RHS_AHBL	body	--	Contains an URI listed in rhsbl.ahbl.org.	`1.000`
URIBL_RHS_DOB	body	--	Contains an URI of a new domain (Day Old Bread)	`0.901`
URIBL_SBL	body	--	Contains an URL listed in the SBL blocklist	`2.468`
URIBL_SC_SURBL	body	--	Contains an URL listed in the SC SURBL blocklist	`2.523`
URIBL_WS_SURBL	body	--	Contains an URL listed in the WS SURBL blocklist	`2.100`
URI_HEX	uri	--	URI hostname has long hexadecimal sequence	`1.316`
URI_NOVOWEL	uri	--	URI hostname has long non-vowel sequence	`2.543`
URI_NO_WWW_INFO_CGI	uri	--	CGI in .info TLD other than third-level "www"	`0.601`
URI_TRUNCATED	body	--	Message contained a URI which was truncated	`0.001`
URI_UNSUBSCRIBE	uri	--	URI contains suspicious unsubscribe link	`3.092`
USER_IN_BLACKLIST	header	--	From: address is in the user's black-list	`100.000`
USER_IN_BLACKLIST_TO	header	--	User is listed in 'blacklist_to'	`10.000`
US_DOLLARS_3	body	--	Mentions millions of $ ($NN,NNN,NNN.NN)	`1.165`
VBOUNCE_MESSAGE	meta	--	Virus-scanner bounce message	`0.100`
VIA_GAP_GRA	body	--	Attempts to disguise the word 'viagra'	`1.053`
WEIRD_PORT	uri	--	Uses non-standard port number for HTTP	`1.499`
WEIRD_QUOTING	body	--	Weird repeated double-quotation marks	`2.796`
WHOIS_AITPRIV	body	--	URL registered as an AIT Private Registration	`3.995`
WHOIS_CONTACTPRIV	body	--	URL registered to contactprivacy.com	`2.696`
WHOIS_DMNBYPROXY	body	--	Contains URL registered to Domains by Proxy	`0.260`
WHOIS_MONIKER_PRIV	body	--	URL registered to Moniker Privacy Protection	`2.596`
WHOIS_MYPRIVREG	body	--	URL registered to myprivateregistration.com	`0.156`
WHOIS_NAMEKING	body	--	URL registered to NameKing	`1.477`
WHOIS_NETSOLPR	body	--	URL registered as a NetSol Private Registration	`0.001`
WHOIS_PRIVACYPOST	body	--	Contains URL registered to PrivacyPost	`0.647`
WHOIS_PRIVPROT	body	--	URL registered to WHOIS Privacy Protection	`2.801`
WHOIS_REGISTERFLY	body	--	Contains URL registered to RegisterFly	`3.196`
WHOIS_SECUREWHOIS	body	--	Contains URL registered to SecureWhois	`2.696`
WHOIS_UNLISTED	body	--	Contains URL registered to Unlisted-Whois.com	`2.170`
WHOIS_WHOISGUARD	body	--	URL registered to WhoisGuard	`3.399`
XMAILER_MIMEOLE_OL_015D5	meta	--	(__XM_OL_015D5 && __MO_OL_015D5)	`0.907`
XMAILER_MIMEOLE_OL_07794	meta	--	(__XM_OL_07794 && __MO_OL_07794)	`1.613`
XMAILER_MIMEOLE_OL_09BB4	meta	--	(__XM_OL_09BB4 && __MO_OL_09BB4)	`0.681`
XMAILER_MIMEOLE_OL_1ECD5	meta	--	(__XM_OL_1ECD5 && __MO_OL_1ECD5)	`2.796`
XMAILER_MIMEOLE_OL_20C99	meta	--	(__XM_OL_20C99 && __MO_OL_20C99)	`1.046`
XMAILER_MIMEOLE_OL_22B61	meta	--	(__XM_OL_22B61 && __MO_OL_22B61)	`3.795`
XMAILER_MIMEOLE_OL_25340	meta	--	(__XM_OL_25340 && __MO_OL_25340)	`3.513`
XMAILER_MIMEOLE_OL_32D97	meta	--	(__XM_OL_32D97 && __MO_OL_32D97)	`2.896`
XMAILER_MIMEOLE_OL_3857F	meta	--	(__XM_OL_3857F && __MO_OL_3857F)	`0.509`
XMAILER_MIMEOLE_OL_3AC1D	meta	--	(__XM_OL_3AC1D && __MO_OL_3AC1D)	`1.323`
XMAILER_MIMEOLE_OL_3D61D	meta	--	(__XM_OL_3D61D && __MO_OL_3D61D)	`1.308`
XMAILER_MIMEOLE_OL_465CD	meta	--	(__XM_OL_465CD && __MO_OL_465CD)	`3.576`
XMAILER_MIMEOLE_OL_4B815	meta	--	(__XM_OL_4B815 && __MO_OL_4B815)	`0.407`
XMAILER_MIMEOLE_OL_4BF4C	meta	--	(__XM_OL_4BF4C && __MO_OL_4BF4C)	`0.438`
XMAILER_MIMEOLE_OL_4EEDB	meta	--	(__XM_OL_4EEDB && __MO_OL_4EEDB)	`3.595`
XMAILER_MIMEOLE_OL_4F240	meta	--	(__XM_OL_4F240 && __MO_OL_4F240)	`1.850`
XMAILER_MIMEOLE_OL_58CB5	meta	--	(__XM_OL_58CB5 && __MO_OL_58CB5)	`3.599`
XMAILER_MIMEOLE_OL_5B79A	meta	--	(__XM_OL_5B79A && __MO_OL_5B79A)	`1.453`
XMAILER_MIMEOLE_OL_6554A	meta	--	(__XM_OL_6554A && __MO_OL_6554A)	`0.934`
XMAILER_MIMEOLE_OL_72641	meta	--	(__XM_OL_72641 && __MO_OL_72641)	`0.746`
XMAILER_MIMEOLE_OL_7533E	meta	--	(__XM_OL_7533E && __MO_OL_7533E)	`1.113`
XMAILER_MIMEOLE_OL_812FF	meta	--	(__XM_OL_812FF && __MO_OL_812FF)	`1.847`
XMAILER_MIMEOLE_OL_83BF7	meta	--	(__XM_OL_83BF7 && __MO_OL_83BF7)	`1.209`
XMAILER_MIMEOLE_OL_8627E	meta	--	(__XM_OL_8627E && __MO_OL_8627E)	`3.895`
XMAILER_MIMEOLE_OL_8E893	meta	--	(__XM_OL_8E893 && __MO_OL_8E893)	`2.896`
XMAILER_MIMEOLE_OL_91287	meta	--	(__XM_OL_91287 && __MO_OL_91287)	`1.577`
XMAILER_MIMEOLE_OL_9B90B	meta	--	(__XM_OL_9B90B && __MO_OL_9B90B)	`1.502`
XMAILER_MIMEOLE_OL_A50F8	meta	--	(__XM_OL_A50F8 && __MO_OL_A50F8)	`3.399`
XMAILER_MIMEOLE_OL_A842E	meta	--	(__XM_OL_A842E && __MO_OL_A842E)	`0.963`
XMAILER_MIMEOLE_OL_ADFF7	meta	--	(__XM_OL_ADFF7 && __MO_OL_ADFF7)	`2.759`
XMAILER_MIMEOLE_OL_B30D1	meta	--	(__XM_OL_B30D1 && __MO_OL_B30D1)	`1.748`
XMAILER_MIMEOLE_OL_B4B40	meta	--	(__XM_OL_B4B40 && __MO_OL_B4B40)	`1.765`
XMAILER_MIMEOLE_OL_B9B11	meta	--	(__XM_OL_B9B11 && __MO_OL_B9B11)	`3.496`
XMAILER_MIMEOLE_OL_BC7E6	meta	--	(__XM_OL_BC7E6 && __MO_OL_BC7E6)	`3.695`
XMAILER_MIMEOLE_OL_C65FA	meta	--	(__XM_OL_C65FA && __MO_OL_C65FA)	`2.308`
XMAILER_MIMEOLE_OL_C9068	meta	--	(__XM_OL_C9068 && __MO_OL_C9068)	`1.975`
XMAILER_MIMEOLE_OL_CAC8F	meta	--	(__XM_OL_CAC8F && __MO_OL_CAC8F)	`0.702`
XMAILER_MIMEOLE_OL_CF0C0	meta	--	(__XM_OL_CF0C0 && __MO_OL_CF0C0)	`2.088`
XMAILER_MIMEOLE_OL_EF20B	meta	--	(__XM_OL_EF20B && __MO_OL_EF20B)	`1.048`
XMAILER_MIMEOLE_OL_F3B05	meta	--	(__XM_OL_F3B05 && __MO_OL_F3B05)	`2.217`
XMAILER_MIMEOLE_OL_F475E	meta	--	(__XM_OL_F475E && __MO_OL_F475E)	`0.627`
XMAILER_MIMEOLE_OL_F6D01	meta	--	(__XM_OL_F6D01 && __MO_OL_F6D01)	`3.496`
XMAILER_MIMEOLE_OL_FF5C8	meta	--	(__XM_OL_FF5C8 && __MO_OL_FF5C8)	`3.091`
X_IP	header	--	Message has X-IP header	`1.943`
X_MESSAGE_INFO	header	--	Bulk email fingerprint (X-Message-Info) found	`3.496`
X_PRIORITY_CC	header	--	Cc: after X-Priority: (bulk email fingerprint)	`1.492`
YAHOO_DRS_REDIR	uri	--	Has Yahoo Redirect URI	`0.313`

FutureQuest Professional Web Hosting Services