SpamAssassin(tm)

The Apache SpamAssassin Project

The Powerful #1 Open-Source Spam Filter

 SpamAssassin Home   Home   News   Wiki   Download   FAQ   Docs   Lists   Tests   Bugs   Credits 

Tests Performed: v2.6x

This is the current list of tests SpamAssassin(tm) performs on mail messages to determine if they're spam or not. If you wish to change the score from the default, add a line like this to your ~/.spamassassin/user_prefs:

score NAME_OF_TEST 3.0

Where 3.0 is the hits you wish that test to incur, and NAME_OF_TEST is the test name from the TEST NAME column below.

If you wish to disable a test, set the score to 0 by adding a line like this to your ~/.spamassassin/user_prefs:

score NAME_OF_TEST 0

Note that these are the scores for the current stable release of SpamAssassin; they may be different from the ones you're running on your servers, if SpamAssassin is installed there.

The 'More Info' links, if present, lead to a section of our Wiki for collaborative documentation of rules; some of the rules include additional user-contributed documentation there. If you feel like adding a page describing a rule in further detail, feel free to create a page at that link, using the RuleDescriptionTemplate format.


AREA TESTED LOCALE DESCRIPTION OF TEST TEST NAME DEFAULT SCORES
(local, net, with bayes, with bayes+net) 		MORE INFO
(additional wiki docs)
body Generic Test for Unsolicited Bulk Email GTUBE 1000
full Listed in Razor2 (http://razor.sf.net/) RAZOR2_CHECK 0 0.899 0 1.047
body Razor2 gives confidence between 11 and 50 RAZOR2_CF_RANGE_11_50 0 0.559 0 0.876
body Razor2 gives confidence between 51 and 100 RAZOR2_CF_RANGE_51_100 0 1.552 0 1.101
full Listed in DCC (http://rhyolite.com/anti-spam/dcc/) DCC_CHECK 0 1.806 0 2.907
full Listed in Pyzor (http://pyzor.sf.net/) PYZOR_CHECK 0 0.322 0 3.511
body List removal information REMOVE_IN_QUOTES 0.001 0.187 0.001 0.001
body Click-to-remove with mailto: found CLICK_TO_REMOVE_2 1
rawbody Contains an ASCII-formatted form ASCII_FORM_ENTRY 1
body Incorporates a tracking ID number TRACKER_ID 2.528 3.527 3.261 3.784
body RAND found, spammer tried to use a random-ID MARKUP_RAND 2.900 2.800 0 0
body SSPL found, spammer tried to use a random-ID MARKUP_SSPL 1
body Contains a large block of hexadecimal code LARGE_HEX 0.633 1.595 1.193 1.160
body A WHOLE LINE OF YELLING DETECTED LINES_OF_YELLING 0 0.011 0 0
body 2 WHOLE LINES OF YELLING DETECTED LINES_OF_YELLING_2 0 0.105 0 0
body 3 WHOLE LINES OF YELLING DETECTED LINES_OF_YELLING_3 1
body Weird repeated double-quotation marks WEIRD_QUOTING 1.373 0.471 0.061 0
rawbody Extra blank lines in base64 encoding MIME_BASE64_BLANKS 1
rawbody base64 attachment uses illegal characters MIME_BASE64_ILLEGAL 0.432 1.715 0 1.581
rawbody Latin alphabet text using base64 encoding MIME_BASE64_LATIN 1.101 1.101 0.500 0.500
rawbody base64 attachment does not have a file name MIME_BASE64_NO_NAME 0.189 0 0 0
rawbody Message text disguised using base64 encoding MIME_BASE64_TEXT 1.101 1.101 1.001 1.008
rawbody Message text in HTML without charset MIME_HTML_NO_CHARSET 1.064 0.716 1.030 0.561
rawbody MIME section missing boundary MIME_MISSING_BOUNDARY 1.179 0.803 0 1.838
body Multipart message mostly text/html MIME MIME_HTML_MOSTLY 1.587 1.162 1.180 1.238
body Message only has text/html MIME parts MIME_HTML_ONLY 0.666 0.100 0.248 0.320
rawbody Deficient quoted-printable encoding in body MIME_QP_DEFICIENT 1.048 1.797 2.097 1.912
rawbody Excessive quoted-printable encoding in body MIME_QP_EXCESSIVE 1
rawbody Quoted-printable line longer than 76 chars MIME_QP_LONG_LINE 0.242 0 0 0
rawbody Quoted-printable inline text with no charset MIME_QP_NO_CHARSET 0.931 0.714 0.047 0.197
rawbody Message includes Microsoft executable program MICROSOFT_EXECUTABLE 0.100
rawbody MIME filename does not match content MIME_SUSPECT_NAME 0.100
body Character set indicates a foreign language CHARSET_FARAWAY 3.200
body Message written in an undesired language UNWANTED_LANGUAGE_BODY 2.800
body Body includes 8 consecutive 8-bit characters BODY_8BITS 1.500
rawbody Contains a hashbuster in Send-Safe format RATWARE_HASH_DASH 1.101 4.300 1.920 4.100
body Body contains a ROT13-encoded email address EMAIL_ROT13 4.400 4.300 2.590 4.100
body Message body has 70-80% blank lines BLANK_LINES_70_80 1.999 0.867 1.424 2.126
body Message body has 80-90% blank lines BLANK_LINES_80_90 1.643 1.489 2.596 2.599
body Message body has 90-100% blank lines BLANK_LINES_90_100 1
header Has Habeas warrant mark (http://www.habeas.com/) HABEAS_SWE -8.0
header NJABL: sender is confirmed open relay RCVD_IN_NJABL_RELAY 0 1.133 0 0.824
header NJABL: dialup sender did non-local SMTP RCVD_IN_NJABL_DUL 0 1.580 0 1.708
header NJABL: sender is confirmed spam source RCVD_IN_NJABL_SPAM 0 0.899 0 0.951
header NJABL: sent through multi-stage open relay RCVD_IN_NJABL_MULTI 0 0.101 0 0.101
header NJABL: sender is an open formmail RCVD_IN_NJABL_CGI 0 0.1 0 0.100
header NJABL: sender is an open proxy RCVD_IN_NJABL_PROXY 0 1.186 0 2.342
header SORBS: sender is open HTTP proxy server RCVD_IN_SORBS_HTTP 0 0.000 0 1.203
header SORBS: sender is open proxy server RCVD_IN_SORBS_MISC 0 0.118 0 0.004
header SORBS: sender is open SMTP relay RCVD_IN_SORBS_SMTP 0 1.630 0 0.382
header SORBS: sender is open SOCKS proxy server RCVD_IN_SORBS_SOCKS 0 1.603 0 0.927
header SORBS: sender is a abuseable web server RCVD_IN_SORBS_WEB 0 0.000 0 0.353
header SORBS: sender demands to never be tested RCVD_IN_SORBS_BLOCK 0 0.001 0 0.001
header SORBS: sender is on a hijacked network RCVD_IN_SORBS_ZOMBIE 0 0.948 0 0.918
header SORBS: sent directly from dynamic IP address RCVD_IN_SORBS_DUL 0 0.067 0 0.092
header Received via a relay in Spamhaus SBL RCVD_IN_SBL 0 0.814 0 0.875
header Received via a relay in Spamhaus XBL RCVD_IN_XBL 0 2.333 0 4.923
header Received via a relay in list.dsbl.org RCVD_IN_DSBL 0 1.101 0 0.706
header Sent via a relay in ipwhois.rfc-ignorant.org RCVD_IN_RFCI 0 0.100 0 0.100
header From: sender listed in dsn.rfc-ignorant.org DNS_FROM_RFCI_DSN 0 1.389 0 0.291
header Has Habeas warrant mark and on Infringer List HABEAS_VIOLATOR 16.0
header Sender is in Bonded Sender Program (trusted relay) RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3
header Sender is in Bonded Sender Program (other relay) RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1
header Received via a relay in bl.spamcop.net RCVD_IN_BL_SPAMCOP_NET 0 2.25 0 1.50
header Relay in RBL, http://www.mail-abuse.org/rbl/ RCVD_IN_MAPS_RBL 1
header Relay in DUL, http://www.mail-abuse.org/dul/ RCVD_IN_MAPS_DUL 1
header Relay in RSS, http://www.mail-abuse.org/rss/ RCVD_IN_MAPS_RSS 1
header Relay in NML, http://www.mail-abuse.org/nml/ RCVD_IN_MAPS_NML 1
header Host HELO did not match rDNS: aol.com FAKE_HELO_AOL 1.916 1.875 1.788 2.354
header Host HELO did not match rDNS: hotmail.com FAKE_HELO_HOTMAIL 1.172 0 2.335 1.499
header Host HELO did not match rDNS: usa.net FAKE_HELO_USA_NET 2.800 2.800 2.696 2.488
header Host HELO did not match rDNS: shaw.ca FAKE_HELO_SHAW_CA 0.298 0.904 2.800 0.585
header Host HELO did not match rDNS: netscape.com FAKE_HELO_NETSCAPE_COM 0.583 1.133 2.078 1.817
header Host HELO did not match rDNS: netzero.net FAKE_HELO_NETZERO 1
header Host HELO did not match rDNS: msn.com FAKE_HELO_MSN 0.700 1.883 1.576 0.319
header Host HELO did not match rDNS: mail.ru FAKE_HELO_MAIL_RU 2.033 1.859 2.462 0.473
header Host HELO did not match rDNS: mail.com FAKE_HELO_MAIL_COM 4.113 3.526 3.705 3.769
header Host HELO did not match rDNS: flashmail.com FAKE_HELO_FLASHMAIL 1
header Host HELO did not match rDNS: email.com FAKE_HELO_EMAIL_COM 2.900 2.800 2.800 2.700
header Host HELO did not match rDNS: caramail.com FAKE_HELO_CARAMAIL 2.900 2.800 0 2.700
header Host HELO did not match rDNS: bigfoot.com FAKE_HELO_BIGFOOT 2.900 2.800 2.800 2.700
header Host HELO did not match rDNS: eudoramail.com FAKE_HELO_EUDORAMAIL 2.900 2.800 2.800 2.700
header Host HELO did not match rDNS: excite.com FAKE_HELO_EXCITE 2.804 2.800 2.800 2.700
header Host HELO did not match rDNS: mailcity.com FAKE_HELO_MAILCITY 2.287 2.800 1.309 0
header Host HELO did not match rDNS: lycos.com FAKE_HELO_LYCOS 2.900 2.800 2.800 1.355
header Host HELO did not match rDNS: juno.com FAKE_HELO_JUNO 2.551 2.800 2.800 2.700
header Host HELO did not match rDNS: yahoo.com FAKE_HELO_YAHOO 1.871 0 2.696 2.599
header Host HELO did not match rDNS: yahoo.ca FAKE_HELO_YAHOO_CA 1.424 1.852 2.800 2.700
header From: does not include a real name NO_REAL_NAME 0.339 0.285 0.339 0.160
header From: ends in numbers FROM_ENDS_IN_NUMS 0.999 0.869 0.677 0.994
header From: starts with nums FROM_STARTS_WITH_NUMS 0.390 1.574 1.044 0.579
header From: contains numbers mixed in with letters FROM_HAS_MIXED_NUMS 0.100 0.304 0.100 0.259
header From address matches known spammer format FROM_HAS_MIXED_NUMS2 1.977 2.800 1.960 2.216
header From: contains numbers mixed in with letters FROM_HAS_MIXED_NUMS3 1.811 1.999 4.095 3.248
header Uses an address with lots of numbers, at a big ISP ADDR_NUMS_AT_BIGSITE 1.044 0.724 1.087 2.699
header From address is "at something-offers" FROM_OFFERS 4.300 3.932 4.095 4.100
header From: has no local-part before @ sign FROM_NO_USER 2.226 1.286 2.599 2.386
header To: has no local-part before @ sign TO_NO_USER 1.662 1.498 1.597 0
header To: address contains spaces TO_HAS_SPACES 0.492 2.397 0 0
header To: is empty TO_EMPTY 1.600 0 0 0
header Reply-To: is empty REPLY_TO_EMPTY 0.065 0.888 1.663 2.599
header Reply-To: has an underline and numbers/letters REPLY_TO_ULINE_NUMS 0.001 0.001 0.001 2.699
header To: repeats address as real name TO_ADDRESS_EQ_REAL 0.444 0.011 0.593 0.778
header Valid-looking To "undisclosed-recipients" UNDISC_RECIPS 1
header Faked To "Undisclosed-Recipients" FAKED_UNDISC_RECIPS 2.899 2.694 2.800 2.700
header Subject has exclamation mark and question mark PLING_QUERY 0.014 0.238 0 0
header Subject contains a unique ID SUBJ_HAS_UNIQ_ID 1.390 0.212 0.882 2.677
header Subject contains lots of white space SUBJ_HAS_SPACES 1.581 0.973 3.324 4.099
header Subject is all capitals SUBJ_ALL_CAPS 0.550 0.567 0 0
header Message-Id has no @ sign MSGID_HAS_NO_AT 1
header Message-Id generated by a spam tool MSGID_SPAM_1 2.900 2.800 0 2.700
header Spam tool Message-Id: (6-letter variant) MSGID_SPAM_6LETTER 2.900 2.800 2.800 2.700
header Spam tool Message-Id: (99x9xx99 variant) MSGID_SPAM_99X9XX99 4.300 4.300 4.100 4.100
header Spam tool Message-Id: (12-zeroes variant) MSGID_SPAM_ZEROES 4.400 4.300 4.200 4.100
header Spam tool Message-Id: (3-dollars variant) MSGID_3_DOLLARS 2.900 0 2.800 0
header Spam tool Message-Id: (4-num-dollar variant) MSGID_4NUMS_DOLLAR 2.900 2.800 2.800 2.700
header Spam tool Received: (6-caps ESMTP ID variant) RCVD_6_CAPS_ESMTP_ID 2.900 2.800 2.800 2.700
header Message-Id has no hostname MSGID_NO_HOST 0.381 1.278 2.397 1.103
header Message-Id is fake (in Outlook Express format) MSGID_OUTLOOK_INVALID 4.400 4.300 4.200 4.100
header Message-Id was added by a relay MSGID_FROM_MTA_SHORT 3.665 3.310 3.167 3.030
header Message-Id was added by a relay MSGID_FROM_MTA_LATER 1
header Message-Id was added by a relay MSGID_FROM_MTA_BACKUP 0 1.774 0 0.817
header Message-Id was added by a hotmail.com relay MSGID_FROM_MTA_HOTMAIL 1.747 1.560 2.800 2.700
header Date header uses unusual Y2K formatting DATE_SPAMWARE_Y2K 4.500 4.400 4.300 4.200
header Invalid Date: header (not RFC 2822) INVALID_DATE 0.042 0 0 0
header Invalid Date: header (timezone does not exist) INVALID_DATE_TZ_ABSURD 1.746 1.737 1.749 1.779
header Invalid Date: year begins with zero DATE_YEAR_ZERO_FIRST 2.900 0 2.800 0
header Date: is 3 to 6 hours before Received: date DATE_IN_PAST_03_06 0.322 0.680 0.753 0.419
header Date: is 6 to 12 hours before Received: date DATE_IN_PAST_06_12 0.800 0.599 1.363 0.650
header Date: is 12 to 24 hours before Received: date DATE_IN_PAST_12_24 0.756 0.385 1.364 0.746
header Date: is 24 to 48 hours before Received: date DATE_IN_PAST_24_48 1
header Date: is 48 to 96 hours before Received: date DATE_IN_PAST_48_96 1
header Date: is 96 hours or more before Received: date DATE_IN_PAST_96_XX 1.781 1.238 2.165 1.534
header Date: is 3 to 6 hours after Received: date DATE_IN_FUTURE_03_06 2.904 2.834 0.753 1.931
header Date: is 6 to 12 hours after Received: date DATE_IN_FUTURE_06_12 1.609 1.946 1.559 1.973
header Date: is 12 to 24 hours after Received: date DATE_IN_FUTURE_12_24 1.754 1.953 2.216 3.332
header Date: is 24 to 48 hours after Received: date DATE_IN_FUTURE_24_48 2.730 2.796 2.567 2.546
header Date: is 48 to 96 hours after Received: date DATE_IN_FUTURE_48_96 1
header Date: is 96 hours or more after Received: date DATE_IN_FUTURE_96_XX 2.486 2.370 2.071 2.599
header Subject: starts with advertising tag ADVERT_CODE 2.899 1.578 2.633 1.817
header Subject: contains advertising tag ADVERT_CODE2 2.299 2.098 2.097 1.999
header Subject contains too many raw illegal characters SUBJ_ILLEGAL_CHARS 3.610 2.651 3.475 3.913
header From contains too many raw illegal characters FROM_ILLEGAL_CHARS 4.300 4.300 4.100 4.100
header Header contains too many raw illegal characters HEAD_ILLEGAL_CHARS 4.300 4.300 4.100 4.100
header Subject contains a Japanese UCE tag JAPANESE_UCE_SUBJECT 2.900 2.800 2.800 2.700
header Subject contains a Russian UCE tag RUSSIAN_UCE_SUBJECT 1
header Subject: contains Korean unsolicited email tag KOREAN_UCE_SUBJECT 3.659 3.835 2.800 2.700
header sent to you@you.com or similar FRIEND_AT_PUBLIC 2.900 0 0 0
header sent from or to friend@public.com FRIEND_PUBLIC 1
header Subject: domain names are cheap DOMAINS_CHEAP 1
header Subject: domain registration spam subject DOMAIN_SUBJECT 1
header Domain in From header has no MX or A DNS records NO_DNS_FOR_FROM 0 1.105 0 1.650
header From and To are the same, but not exactly FROM_AND_TO_SAME 0.718 1.443 2.097 0.522
header Received via buggy SMTP server (MDaemon 2.7.4SP4R) MDAEMON_2_7_4 2.900 2.800 2.800 2.700
header Received: contains a forged HELO FORGED_RCVD_HELO 1
header Received: contains a numeric HELO RCVD_NUMERIC_HELO 1.271 0.326 1.526 1.502
header Received: contains a name with a faked IP-address FAKED_IP_IN_RCVD 2.900 2.800 2.800 2.700
header Received via SMTPD32 server (SMTPD32-n.n) SMTPD_IN_RCVD 1
header Lots and lots of Cc: headers LOTS_OF_CC_LINES 2.900 2.800 0 0
header Received forged, contains fake AOL relays FORGED_AOL_RCVD 4.300 4.300 4.100 4.100
header Contains forged hostname for a DSL IP in Brazil FORGED_TELESP_RCVD 2.900 2.800 2.800 2.700
header Forged hotmail.com 'Received:' header found FORGED_HOTMAIL_RCVD 0.470 0.001 0.500 0.500
header hotmail.com 'From' address, but no 'Received:' FORGED_HOTMAIL_RCVD2 0.051 0 1.884 2.499
header Forged eudoramail.com 'Received:' header found FORGED_EUDORAMAIL_RCVD 2.799 2.796 2.696 2.700
header 'From' yahoo.com does not match 'Received' headers FORGED_YAHOO_RCVD 0.375 0.477 1.181 0.901
header 'From' juno.com does not match 'Received' headers FORGED_JUNO_RCVD 1.538 2.796 2.696 2.058
header Forged 'by gw05' 'Received:' header found FORGED_GW05_RCVD 2.900 2.800 2.800 2.700
header Forged hotmail.com Received 'from mx' header FORGED_MX_HOTMAIL 2.900 2.800 2.800 2.700
header Sent by a known spamhaus (qves) RCVD_BY_QVES_COM 2.900 0 0 0
header Character set doesn't exist NONEXISTENT_CHARSET 2.900 2.800 2.800 2.700
header A foreign language charset used in headers CHARSET_FARAWAY_HEADER 3.200
header 'X-Mailer' line contains gibberish X_MAILER_GIBBERISH 1
header Sent with 'X-Priority' set to high X_PRIORITY_HIGH 1.495 0.516 1.486 1.305
header Sent with 'X-Msmail-Priority' set to high X_MSMAIL_PRIORITY_HIGH 0.500 0.501 0.501 0.500
header 'From' contains more than one address MANY_FROMS 1
header Header contains an address from btamail.net.cn BTAMAIL_HEADER 2.900 0 0 0
header From: address is in the user's black-list USER_IN_BLACKLIST 100.000
header From: address is in the user's white-list USER_IN_WHITELIST -100.000
header From: address is in the default white-list USER_IN_DEF_WHITELIST -15.000
header Content type is "TEXT/HTML" in all caps HTML_ALL_CAPS 1
header Received: says mail sent around the world (HELO) ROUND_THE_WORLD_LOCAL 3.072 2.965 2.696 2.699
header Received: says mail sent around the world (DNS) ROUND_THE_WORLD 0 2.515 0 2.141
header Missing To: header MISSING_HEADERS 1
header Similar addresses in recipient list SUSPICIOUS_RECIPS 2.632 3.003 2.696 2.599
header Very similar addresses in recipient list VERY_SUSP_RECIPS 2.900 2.800 2.800 2.700
header Recipient list is sorted by address SORTED_RECIPS 4.299 4.300 2.696 2.699
header User is listed in 'blacklist_to' USER_IN_BLACKLIST_TO 10.000
header User is listed in 'whitelist_to' USER_IN_WHITELIST_TO -6.000
header User is listed in 'more_spam_to' USER_IN_MORE_SPAM_TO -20.000
header User is listed in 'all_spam_to' USER_IN_ALL_SPAM_TO -100.000
header Subject: contains G.a.p.p.y-T.e.x.t GAPPY_SUBJECT 2.326 1.316 2.696 2.270
header Message has X-List-Unsubscribe header X_LIST_UNSUBSCRIBE 2.900 2.800 2.800 2.700
header Message has X-Encoding header X_ENC_PRESENT 2.900 2.800 2.800 2.700
header Message has x-esmtp header X_ESMTP 0.218 1.582 1.368 0
header Message has X-Library header X_LIBRARY 1.403 1.376 2.282 1.578
header Message has X-MailingID header X_MAIL_ID_PRESENT 0 2.800 0 0
header Message has X-PMFLAGS header X_PMFLAGS_PRESENT 2.900 2.800 2.800 2.700
header Message has X-Precedence-Ref header X_PRECEDENCE_REF 2.900 2.800 2.800 2.700
header Message has X-ServerHost header X_SERV_HOST_PRESENT 0 2.800 0 0
header Message has X-Stormpost-To header X_STORMPOST_TO 2.900 0 2.800 0
header Message has X-x header X_X_PRESENT 2.900 2.800 2.800 2.700
header Message has X-Fix header X_FIX_PRESENT 1
header Message has Complain-To header COMPLAIN_TO 1
header Message has X-VMP-Text header X_VMP_TEXT 2.900 2.800 2.800 0
header Message has X-GCMulti header X_GCMULTI 1
header Message has X-Mime-Key header X_MIME_KEY 1
header Message has microsoft header MICROSOFT 1
header MiME-Version header (oddly capitalized) MIME_ODD_CASE 2.900 2.800 2.800 2.700
header Subject contains "As Seen" SUBJ_AS_SEEN 2.699 2.596 0.744 2.500
header Subject starts with dollar amount SUBJ_DOLLARS 1.180 0.616 0.523 1.921
header Subject contains "Double Your" SUBJ_DOUBLE_YOUR 0 2.232 0 0
header Subject contains "For Only" SUBJ_FOR_ONLY 0.773 0.913 0.689 0.972
header Subject contains "FREE" in CAPS SUBJ_FREE_CAP 0.395 0.070 0 0
header Subject contains "Free Instant" SUBJ_FREE_INSTANT 2.900 2.800 2.800 2.700
header Subject starts with "Free" SUB_FREE_OFFER 0.803 0.484 0.223 1.660
header Subject GUARANTEED SUBJ_GUARANTEED 2.895 2.407 2.696 2.504
header Subject starts with "Hello" SUB_HELLO 0.872 2.696 1.514 2.456
header Subject includes "life insurance" SUBJ_LIFE_INSURANCE 0 1.657 0 0
header Subject contains "Now Only" SUBJ_NOW_ONLY 0.045 0.577 0 0
header Subject contains "Ripped & Strong" SUBJ_RIPPED 1
header Subject includes "viagra" SUBJ_VIAGRA 2.535 2.816 4.095 4.100
header Subject contains "Your Bills" or similar SUBJ_YOUR_DEBT 2.136 0.700 0.700 0.821
header Subject contains "Your Family" SUBJ_YOUR_FAMILY 2.840 2.796 2.697 2.700
header Subject contains "Your Own" SUBJ_YOUR_OWN 0.391 2.052 0.110 2.299
header Received contains a (dollar) variable reference VAR_REF_IN_RECEIVED 1
header Received contains a faked HELO hostname RCVD_FAKE_HELO_DOTCOM 2.063 1.354 3.207 1.555
header To: username at front of subject USERNAME_IN_SUBJECT 2.900 2.800 2.800 2.700
header Subject talks about losing pounds LOSE_POUNDS 2.899 2.796 2.796 2.618
header Header has extraneous Content-type:...type= entry EXTRA_MPART_TYPE 1.116 0 0 0
header To header contains 'recipient' marker TO_RECIP_MARKER 1
header Subject talks about savings SAVINGS 0 0.395 0 0
header Spam tool pattern in MIME boundary MIME_BOUND_DASH_DIGIT 1.182 2.033 0.319 1.702
header Spam tool pattern in MIME boundary MIME_BOUND_HASHES 1
header Spam tool pattern in MIME boundary MIME_BOUND_DIGITS_4 1
header Spam tool pattern in MIME boundary MIME_BOUND_DIGITS_7 2.399 2.197 1.643 1.647
header Spam tool pattern in MIME boundary MIME_BOUND_HEX_24 1.462 0 1.934 0
header Spam tool pattern in MIME boundary MIME_BOUND_MA 1
header Spam tool pattern in MIME boundary MIME_BOUND_MANY_HEX 2.899 2.796 2.800 2.700
header Spam tool pattern in MIME boundary MIME_BOUND_OPTIN 2.900 2.800 2.800 2.700
header Spam tool pattern in MIME boundary MIME_BOUND_MAIL_BOUND 2.900 2.800 2.800 2.700
header Spam tool pattern in MIME boundary MIME_BOUND_TEP 1
header Spam tool pattern in MIME boundary (rfkindy) MIME_BOUND_RKFINDY 1.951 2.800 2.697 2.700
header Missing Date: header DATE_MISSING 1.540 0.985 0.869 1.917
header Received contains fake 'Post.cz' hostname POST_IN_RCVD 1
header To: non-existent 'Investors' address TO_INVESTORS 1
header To: has a malformed address TO_MALFORMED 0.345 0.274 0.907 0.640
header From azoogle.com, azogle.com, etc. AZOOGLE 2.900 0 2.800 0
header Subject talks about being approved SUBJECT_APPROVED 1.223 2.056 1.004 0.173
header Subject has a Time ID SUBJ_HAS_TIME_ID 1
header From address is webmail, but starts with a number FROM_NUM_AT_WEBMAIL 1.106 1.101 4.200 4.100
header From webmail service and address ends in numbers FROM_WEBMAIL_END_NUMS6 0.989 2.062 1.709 2.699
header From Address contains FREE ADDR_FREE 1.506 1.804 2.596 2.599
header Message was sent by a Squid HTTP proxy RECEIVED_IDENT_SQUID 2.900 0 2.800 2.700
header Received contains 'CacheFlowServer' IDENT name RECEIVED_CACHEFLOW 2.710 2.800 2.800 2.700
header Sent to a text file TO_TXT 2.900 2.800 2.800 2.700
header Involves 'china.com' CHINA_HEADER 2.899 2.796 2.800 2.700
header Received line contains spam-sign (lowercase smtp) WITH_LC_SMTP 4.300 4.300 2.800 2.700
header 'From' has no lower-case characters FROM_NO_LOWER 1.599 1.897 1.498 1.999
header 'Subject' starts with Buy, Buying SUBJ_BUY 0.431 0.885 0.665 0.632
header Subject is indicative of a Nigerian spam NIGERIAN_SUBJECT1 0.029 1.877 2.150 2.599
header Subject is indicative of a Nigerian spam NIGERIAN_SUBJECT2 2.900 2.800 2.666 2.699
header Subject is indicative of a Nigerian spam NIGERIAN_SUBJECT6 1
header Message would have been caught by accessdb ACCESSDB 1
header Header contains forged Yahoo! SMTP server hostname FORGED_YAHOO_RCVD_SMTP 2.899 2.800 2.800 2.700
header Received headers forged (numeric hostname) FORGED_RCVD_FROM_NUM 2.900 2.800 2.800 2.700
header Received headers forged (AM/PM) RCVD_AM_PM 4.300 4.300 4.100 4.100
header Received headers forged (empty HELO) RATWARE_EMPTY_HELO 2.900 2.800 2.800 2.700
header "To" header contains a filename TO_FILENAME 1
header Reply-To address with reply and numbers ID_REPLY_TO_REPLY 1
header Multiple Content-Type headers found HEADER_COUNT_CTYPE 0.170 2.021 2.297 1.635
header Message-Id header indicates message is spam MSGID_THREESIXSIX 0.196 1.298 0 0
header Host HELO'd using the wrong IP network FORGED_RCVD_NET_HELO 2.725 3.022 4.095 4.099
header Host HELO'd as a big ISP, but had no rDNS NO_RDNS_DOTCOM_HELO 2.194 2.952 2.865 4.099
header Message has X-Originating-Host header X_ORIG_HOST 2.900 2.800 2.800 2.700
header Bulk email fingerprint (X-Message-Info) found X_MESSAGE_INFO 3.600 4.077 7.503 2.253
header Spam tool pattern in MIME boundary MIME_BOUND_DD_DIGITS 3.600 4.230 8.610 2.784
header Spam tool Message-Id: (caps variant) MSGID_SPAM_CAPS 3.520 3.069 6.845 1.916
header Bulk email fingerprint (Received @) found RATWARE_RCVD_AT 2.560 1.116 1.628 1.014
header Subject contains a gappy version of 'xanax' SUBJECT_DRUG_GAP_X 2.552 2.120 0.647 0.543
header Subject contains a gappy version of 'soma' SUBJECT_DRUG_GAP_S 1.863 1.180 3.770 0.764
header Subject contains a gappy version of 'valium' SUBJECT_DRUG_GAP_VA 1.468 1.548 0.780 0.321
body HTML included in message HTML_MESSAGE 0.160 0.001 0.100 0.100
body Message is 0% to 10% HTML HTML_00_10 1
body Message is 10% to 20% HTML HTML_10_20 1
body Message is 20% to 30% HTML HTML_20_30 0.691 0.474 1.172 0
body Message is 30% to 40% HTML HTML_30_40 0.837 0.809 0.919 0
body Message is 40% to 50% HTML HTML_40_50 0.870 0.474 0.898 0
body Message is 50% to 60% HTML HTML_50_60 0.699 0.183 0.514 0.100
body Message is 60% to 70% HTML HTML_60_70 0.359 0.100 0.516 0.113
body Message is 70% to 80% HTML HTML_70_80 0.383 0.105 0.305 0.100
body Message is 80% to 90% HTML HTML_80_90 0.014 0 0 0
body Message is 90% to 100% HTML HTML_90_100 0.308 1.073 0 1.187
body HTML has very strong "shouting" markup HTML_SHOUTING3 1
body HTML has very strong "shouting" markup HTML_SHOUTING4 0 0.309 0 0
body HTML has very strong "shouting" markup HTML_SHOUTING5 0 1.762 0 0
body HTML has very strong "shouting" markup HTML_SHOUTING6 1
body HTML has very strong "shouting" markup HTML_SHOUTING7 0.514 2.400 1.316 0.045
body HTML has very strong "shouting" markup HTML_SHOUTING8 0.066 1.232 0.932 0.442
body HTML has very strong "shouting" markup HTML_SHOUTING9 0.500 0.500 0 0
body HTML table has thick border HTML_TABLE_THICK_BORD 0.580 0.699 0 0
body HTML comment contains email address HTML_COMMENT_EMAIL 1
body HTML comment inside of "shouting" markup HTML_COMMENT_SHOUTING 1
body HTML comment contains SKY database codes HTML_COMMENT_SKY 2.900 2.800 2.800 2.700
body HTML comment has 3 consecutive 8-bit chars HTML_COMMENT_8BITS 0.121 0.822 0 0
body HTML message is a saved web page HTML_COMMENT_SAVED_URL 0.404 0.821 0.768 1.039
body HTML with embedded plugin object HTML_EMBEDS 0 0.280 0 0
body HTML contains auto-executing code HTML_EVENT 1
body HTML contains unsafe auto-executing code HTML_EVENT_UNSAFE 0 0.130 0 0
body HTML has a big font HTML_FONT_BIG 0.271 0.100 0.270 0.267
body HTML font color not in safe 6x6x6 palette HTML_FONTCOLOR_UNSAFE 0.100
body HTML font color has unusual name HTML_FONTCOLOR_NAME 1
body HTML font color is same as background HTML_FONT_INVISIBLE 0.938 0.446 0.957 0.601
body HTML font color similar to background HTML_FONT_LOW_CONTRAST 1
body HTML font color is gray HTML_FONTCOLOR_GRAY 1
body HTML font color is red HTML_FONTCOLOR_RED 0.100 0.100 0.100 0.101
body HTML font color is yellow HTML_FONTCOLOR_YELLOW 1
body HTML font color is green HTML_FONTCOLOR_GREEN 0.056 0.103 0.043 0
body HTML font color is cyan HTML_FONTCOLOR_CYAN 1
body HTML font color is blue HTML_FONTCOLOR_BLUE 0.100
body HTML font color is magenta HTML_FONTCOLOR_MAGENTA 1
body HTML font color is unknown to us HTML_FONTCOLOR_UNKNOWN 0.100 0.100 0.283 0.100
body HTML font face is not a word HTML_FONT_FACE_BAD 0.063 0.203 0 0
body HTML font face is not a commonly used face HTML_FONT_FACE_ODD 0.185 0 0 0
body HTML font face has excess capital characters HTML_FONT_FACE_CAPS 1
body HTML includes a form which sends mail HTML_FORMACTION_MAILTO 2.900 2.800 1.812 0.966
body HTML has 4-5 kilopixels of images HTML_IMAGE_AREA_04 1
body HTML has 5-6 kilopixels of images HTML_IMAGE_AREA_05 0.283 1.342 1.122 2.199
body HTML has 6-7 kilopixels of images HTML_IMAGE_AREA_06 1
body HTML has 7-8 kilopixels of images HTML_IMAGE_AREA_07 1.615 1.681 1.997 1.022
body HTML has 8-9 kilopixels of images HTML_IMAGE_AREA_08 1
body HTML has over 9 kilopixels of images HTML_IMAGE_AREA_09 1
body HTML: images with 0-200 bytes of words HTML_IMAGE_ONLY_02 2.751 2.244 1.472 1.230
body HTML: images with 200-400 bytes of words HTML_IMAGE_ONLY_04 1.898 1.527 1.136 1.001
body HTML: images with 400-600 bytes of words HTML_IMAGE_ONLY_06 1.531 1.709 0.527 1.439
body HTML: images with 600-800 bytes of words HTML_IMAGE_ONLY_08 0.525 0.837 0 0
body HTML: images with 800-1000 bytes of words HTML_IMAGE_ONLY_10 0.615 1.138 0.431 0.019
body HTML: images with 1000-1200 bytes of words HTML_IMAGE_ONLY_12 0.787 1.012 0.483 0
body HTML has a low ratio of text to image area HTML_IMAGE_RATIO_02 1
body HTML has a low ratio of text to image area HTML_IMAGE_RATIO_04 0.821 0.892 0.667 1.050
body HTML has a low ratio of text to image area HTML_IMAGE_RATIO_06 0.935 0.317 0.649 0
body HTML has a low ratio of text to image area HTML_IMAGE_RATIO_08 0.605 0.408 0.413 0.359
body HTML has a low ratio of text to image area HTML_IMAGE_RATIO_10 0.535 0.488 0.619 0.315
body HTML has a low ratio of text to image area HTML_IMAGE_RATIO_12 0.324 0 0 0
body HTML has a low ratio of text to image area HTML_IMAGE_RATIO_14 0 0.276 0 0
body JavaScript code HTML_JAVASCRIPT 1
body HTML link text says "push here" or similar HTML_LINK_PUSH_HERE 1.147 0.500 1.000 1.001
body HTML link text says "click here" HTML_LINK_CLICK_HERE 0.100
body HTML link text says "CLICK" HTML_LINK_CLICK_CAPS 0.501 0.501 0.500 0.500
body Frame wanted to load outside URL HTML_RELAYING_FRAME 0.877 0.303 0.485 1.732
body Image tag intended to identify you HTML_WEB_BUGS 1.116 0.587 0.279 0.336
body Javascript to move windows around HTML_WIN_BLUR 0.064 0 0 0.951
body Javascript to change window focus HTML_WIN_FOCUS 1
body Javascript to open a new window HTML_WIN_OPEN 1
body HTML mail with non-white background HTML_WITH_BGCOLOR 1
body HTML has excess "a" close tags HTML_TAG_BALANCE_A 0.066 0.079 0 0.196
body HTML has excess "font" close tags HTML_TAG_BALANCE_FONT 1
body HTML has unbalanced "html" tags HTML_TAG_BALANCE_HTML 0.671 0.411 0.099 0
body HTML has unbalanced "body" tags HTML_TAG_BALANCE_BODY 0.353 0.257 0.233 0
body HTML has unbalanced "head" tags HTML_TAG_BALANCE_HEAD 1
body HTML is missing "table" close tags HTML_TAG_BALANCE_TABLE 0.667 0.196 0.154 0
body HTML has "base" tags HTML_TAG_EXISTS_BASE 1
body HTML has "param" tag HTML_TAG_EXISTS_PARAM 1
body HTML has "tbody" tag HTML_TAG_EXISTS_TBODY 0.132 0.100 0.047 0
body HTML title contains no text HTML_TITLE_EMPTY 0.449 0.544 0.200 0.119
body HTML title contains "Untitled" HTML_TITLE_UNTITLED 0.501 0.699 0.360 0.430
rawbody Form for changing email address SPAM_FORM 1
rawbody Form for checking email address SPAM_FORM_RETURN 1
rawbody Obfuscated action attribute in HTML form SPAM_FORM_ACTION 1
rawbody Javascript to hide URLs in browser HIDE_WIN_STATUS 0.157 0 0.846 2.173
rawbody Contains link without http:// prefix LINK_TO_NO_SCHEME 0.452 0.755 0.176 1.597
body List removal information REMOVE_SUBJ 0.343 0.054 0 0.355
body List removal information SUBJ_REMOVE 1
body List removal information REPLY_REMOVE_SUBJECT 0.412 0.757 1.432 2.097
body List removal information DISCONTINUE 1
body To be removed from list REMOVE_FROM_LIST 0.166 0 0 0
body List removal information REMOVE_REMOVAL_1WORD 1.101 1.100 0.500 1.891
body List removal information REMOVE_REMOVAL_2WORD 0.500 0.500 0.500 1.947
body Send real mail to be unsubscribed REMOVE_POSTAL 2.900 2.800 2.696 2.700
body Asks you to click below (in capital letters) CLICK_BELOW_CAPS 0.173 0.566 0.500 0.500
body Click to be removed CLICK_TO_REMOVE_1 1.101 1.101 1.000 1.001
body Claims compliance with spam regulations SENT_IN_COMPLIANCE 0.700 2.800 2.800 2.700
body Claims compliance with Senate Bill 1618 BILL_1618 0.248 0.319 2.696 2.699
body Claims compliance with Senate Bill 1618 S_1618 1
body Claims compliance with Senate Bill 1618 UNDER_BILL_1618 0 0.253 0 0
body Claims compliance with spam regulations SECTION_301 0 0.454 0 0
body Claims compliance with House Bill 4176 HR_4176 2.900 0 0 0
body Claims compliance with spam regulations FURTHER_TRANSMISSIONS 0 2.800 0 0
body Contains word 'guarantee' in all-caps GUARANTEE 2.155 2.146 1.703 2.257
body Doesn't ask any questions NO_QS_ASKED 2.271 2.005 1.018 2.600
body Offers a full refund FULL_REFUND 1
body No such thing as a free lunch (1) FOR_FREE 0.927 0.694 0.781 0.592
body No such thing as a free lunch (2) COMPLETELY_FREE 0.500 0.736 0.500 0.500
body No such thing as a free lunch (3) NO_COST 0.692 1.001 0.741 1.671
body One hundred percent guaranteed GUARANTEED_100_PERCENT 1.101 1.101 1.001 1.000
body Discusses money making MONEY_MAKING 2.799 2.294 0 2.399
body Talks about bulk email BULK_EMAIL 1
body Dear Friend? That's not very dear! DEAR_FRIEND 1.888 1.065 2.397 1.846
body Contains 'Dear (something)' DEAR_SOMETHING 1.611 1.157 2.164 2.299
body Urges you to call now CALL_NOW 1
body Contains a tollfree number CALL_FREE 1
body Wants you to do business online ONLINE_BIZ_OPS 1
body Talks about lots of money BILLION_DOLLARS 1
body Talks about opting in (lowercase version) OPT_IN 0.018 0 0 0.228
body Talks about opting in (capitalized version) OPT_IN_CAPS 0.814 0.295 0.602 2.570
body Talks about opting out (lowercase version) OPT_OUT 1
body Talks about opting out (capitalized version) OPT_OUT_CAPS 0 0.792 0 0
body Talks about direct email DIRECT_EMAIL 1
body Talks about mass email MASS_EMAIL 1
body Talks about email marketing EMAIL_MARKETING 1
body Tells you it's an ad PRODUCED_AND_SENT_OUT 1
body Instructions on how to increase something INCREASE_SOMETHING 1
body "another mailing" will "never" be "received" NEVER_ANOTHER 2.900 2.800 2.800 2.700
body one time mailing doesn't mean it isn't spam ONE_TIME_MAILING 2.388 2.296 1.911 2.599
body Get a million email addresses MILLION_EMAIL 2.499 1.646 2.197 1.999
body Addresses on CD are only useful for spam ADDRESSES_ON_CD 1
body Gives a lame excuse about why spam was sent EXCUSE_1 0.417 0 0 0
body Claims you actually asked for this spam EXCUSE_2 1
body Claims you can be removed from the list EXCUSE_3 0.100 0.100 0 0
body Claims you can be removed from the list EXCUSE_4 2.899 2.216 2.596 2.499
body Claims you can be removed from the list EXCUSE_6 0.791 1.616 1.950 0.244
body Claims you can be removed from the list EXCUSE_7 1
body "if you do not wish to receive any more" EXCUSE_10 0.149 0.136 0 0
body Claims you were on a list EXCUSE_11 1.072 0.146 1.334 0
body Nobody's perfect EXCUSE_12 2.423 2.120 0.462 2.167
body Gives an excuse for why message was sent EXCUSE_13 0.853 1.639 0 0.580
body Tells you how to stop further spam EXCUSE_14 0.320 0.153 0 0.084
body Claims to be legitimate email EXCUSE_15 0 0.708 0 0
body I wonder how many emails they sent in error EXCUSE_16 0.061 0.171 0 0
body Claims not to be spam EXCUSE_18 0.430 0.280 0 0
body Claims you opted-in or registered EXCUSE_19 0.727 0.500 0.613 0.500
body Claims you registered at their site EXCUSE_20 2.900 0 0 0
body Claims address was obtained legitimately EXCUSE_21 1.940 2.800 0.110 2.700
body You're receiving this offer for a reason EXCUSE_22 2.900 2.800 2.800 2.700
body Claims you have provided permission EXCUSE_23 2.900 2.800 2.800 2.700
body Claims you wanted this ad EXCUSE_24 0.700 1.395 2.796 2.700
body Talks about how to be removed from mailings EXCUSE_REMOVE 0.879 0.501 0.903 1.000
body Plugs Viagra VIAGRA 1.536 1.890 0.500 4.099
body Plugs "Natural Viagra" NATURAL_VIAGRA 2.900 2.800 0 2.700
body Plugs "Herbal Viagra" HERBAL_VIAGRA 1
body Targeted Traffic / Email Addresses TARGETED 1.686 1.271 0 2.499
body Offers a limited time offer LIMITED_TIME_ONLY 0.478 0.020 0 0.246
body Tells you about a strong buy STRONG_BUY 2.799 0 2.800 2.700
body Claims to honor removal requests WE_HONOR_ALL 1.101 4.300 4.100 4.065
body Sent using a trial version of CommuniGate COMMUNIGATE 2.300 1.465 1.554 2.399
body Gives information about an opportunity OPPORTUNITY 0.904 1.598 0 2.055
body Offers "pure" profit PURE_PROFIT 1
body Offers a picked stock STOCK_PICK 0 1.248 0 0
body Offers a alert about a stock STOCK_ALERT 2.172 2.399 0 1.727
body SEC-mandated penny-stock warning MICRO_CAP_WARNING 1
body Not registered investment advisor NOT_ADVISOR 2.900 2.800 2.800 2.700
body Offers a consultation for nothing FREE_CONSULTATION 1.566 1.170 0 0.711
body Describes some sort of breakthrough SOME_BREAKTHROUGH 0 0.599 0 0
body They have selected you for something SELECTED_YOU 0.764 2.059 0 1.381
body Asks for credit card details WANTS_CREDIT_CARD 2.489 2.275 1.728 1.887
body Asks for a billing address ASKS_BILLING_ADDRESS 1
body Asks you for your signature on a form PRINT_FORM_SIGNATURE 1.263 0.125 0.039 1.617
body Contains mail-in order form MAIL_IN_ORDER_FORM 2.075 2.800 0 2.700
body offers "instant access" INSTANT_ACCESS 1
body University Diplomas UNIVERSITY_DIPLOMAS 1
body 'Prestigious Non-Accredited Universities' PREST_NON_ACCREDITED 0.898 1.367 0 1.103
body Possible registry spammer NEW_DOMAIN_EXTENSIONS 2.199 1.999 1.552 2.199
body Domain registration spam body DOMAIN_BODY 1.479 1.797 1.052 2.199
body Gives instructions for removal from list REMOVAL_INSTRUCTIONS 0.870 0.692 0.959 2.599
body Claims "cannot be considered spam" CANNOT_BE_SPAM 0.377 0.019 0.701 1.837
body Claims "This is not spam" THIS_AINT_SPAM 1.290 0.084 1.156 1.610
body We strongly oppose the use of spam email too WE_HATE_SPAM 2.900 2.800 0 2.700
body Says "this is an advertisement" (thanks!) THIS_IS_AN_AD 2.900 0 0 0
body Mentions Spam law "HR 3113" HR_3113 2.900 2.800 2.800 2.700
body Mentions Spam Law "UCE-Mail Act" UCE_MAIL_ACT 2.900 2.800 2.800 2.700
body Information on getting larger penis/breasts PENIS_ENLARGE 1.101 1.101 0.500 2.692
body Information on getting larger penis/breasts PENIS_ENLARGE2 0.500 0.590 0 0.501
body Impotence cure IMPOTENCE 3.415 4.243 1.000 1.327
body Information on how to work at home (1) WORK_AT_HOME 0.621 1.279 0.902 2.399
body Information on how to work at home (2) HOME_EMPLOYMENT 0.054 0 1.202 0
body No experience needed! NO_EXPERIENCE 1.012 1.228 2.146 1.353
body Information on mortgages MORTGAGE_BEST 1.100 1.522 1.001 1.802
body Looks like mortgage pitch MORTGAGE_PITCH 1.001 1.538 0 0.763
body Information on mortgage rates MORTGAGE_RATES 0.567 1.101 0 0.724
body Something about waiting for mortgages MORTGAGE_WAITING 1
body Something about a mortgage network MORTGAGE_NETWORK 1
body A dodgy mortgage testimonial HELPED_FINANCE 1
body Interest rates FALLING_INTEREST 1
body Order a report from someone ORDER_REPORT 2.900 2.800 2.800 2.700
body Tells you to 'take action now!' TAKE_ACTION_NOW 1.453 0 0 0
body Asks you to fill out a form THE_FOLLOWING_FORM 1.640 1.173 0.420 0.655
rawbody mailto URI includes removal text MAILTO_SUBJ_REMOVE 0.831 1.325 1.931 0.889
rawbody Includes a URL link to send an email MAILTO_LINK 1
body Includes a link for AOL users to click AOL_USERS_LINK 1.700 1.497 1.338 2.299
body Talks about a million North American dollars NA_DOLLARS 0 1.997 0 0
body Mentions (dollar) (dollar) (dollar) ((dollar) NNN.N m/USDNNN.N m/US(dollar) NN.N m) US_DOLLARS_2 1
body Mentions millions of (dollar) ((dollar) NN,NNN,NNN.NN) US_DOLLARS_3 0.697 0.637 1.716 0.699
body Talks about millions of dollars MILLION_USD 0.365 0.868 0.148 0
rawbody Frontpage used to create the message FRONTPAGE 1.594 1.628 2.225 2.486
body Contains "Temple Kiff" KIFF 2.900 2.800 1.256 0.978
body Contains "CBYI" CBYI 0.030 0 0 0
body Contains "My wife, Jody" testimonial JODY 2.900 2.800 0.701 0.701
body Contains "Gentle Ferocity" GENTLE_FEROCITY 1
body Contains "Vjestika Aphrodisia" VJESTIKA 1
body Contains "Toner Cartridge" TONER 0.555 1.288 0 0
body Doing something with my income YOUR_INCOME 0.398 0.988 2.397 2.202
body Apparently, you'll be amazed BE_AMAZED 0 0.294 0 0
body Resistance to this spam is futile RESISTANCE_IS_FUTILE 2.226 2.800 2.215 2.700
body Trying to offer you something GREAT_OFFER 1
body Contains 'subject to credit approval' SUBJ_2_CREDIT 2.440 2.293 0.245 1.867
body Contains urgent matter URGENT_BIZ 0 0.796 0 0
body Contains 'earn (dollar) something per week' EARN_PER_WEEK 1
body Contains 'for only pennies a day' PENNIES_A_DAY 1
body Contains 'for only' some amount of cash FOR_JUST_SOME_AMT 1
body You'd better read all of this spam! READ_TO_END 2.900 2.800 1.392 2.700
body Spam is 100% natural?! ALL_NATURAL 0.661 1.325 1.001 2.402
body Money back guarantee MONEY_BACK 1.101 4.300 1.001 2.130
body There is no catch NO_CATCH 2.799 2.800 0 1.709
body There is no obligation NO_OBLIGATION 0.954 1.255 1.270 1.462
body You won't be "disappointed" NO_DISAPPOINTMENT 0.801 2.209 0.080 1.626
body Serious Enquiries Only SERIOUS_ONLY 1
body Risk free. Suuurreeee.... RISK_FREE 0.594 0.671 0.318 0.503
body As seen on national TV! AS_SEEN_ON 0.503 1.867 0 1.491
body Not intended for residents of somewhere NOT_INTENDED 2.900 2.800 0.701 0.701
body Common pyramid scheme phrase (1) COPY_ACCURATELY 2.900 2.800 2.800 2.700
body See for yourself SEE_FOR_YOURSELF 0 0.023 0 0
body Encourages you to waste no time in ordering ORDER_NOW 0.358 0.282 0 0.346
body Off Shore Scams OFFSHORE_SCAM 2.499 1.227 1.894 1.268
body Vacation Offers VACATION_SCAM 0.056 0.769 0.439 0.808
body Why Pay More? WHY_PAY_MORE 0 2.125 0 0
body Congratulations - you've been scammed? CONGRATULATIONS 0 0.041 0 0
body Talks about free mobile phones FREE_CELL_PHONE 1
body Free Leads FREE_LEADS 1.538 1.467 0 0
body Receive third party email RECEIVE_EMAIL 2.900 2.800 2.800 2.700
body Receive a special offer RECEIVE_OFFER 1.101 1.110 1.001 1.000
body Free Offer OFFER 1
body Free Quote FREE_QUOTE 1.924 2.796 0 2.343
body Free express or no-obligation quote FREE_QUOTE_INSTANT 2.899 2.133 2.800 2.700
body Free DVD FREE_DVD 1
body Free Investment FREE_INVESTMENT 2.900 2.800 2.652 2.700
body Free Trial FREE_TRIAL 0.144 0.509 0 0.896
body Free Membership FREE_MEMBERSHIP 2.163 2.624 0 1.148
body Free Website FREE_WEBSITE 2.613 2.421 0 2.700
body Credit Card Offers CREDIT_CARD 1
body No Credit Check NO_CREDIT_CHECK 2.900 2.800 0.700 2.700
body Avoid Bankruptcy BANKRUPTCY 0.813 0.906 0 1.797
body Credit Bureaus CREDIT_BUREAU 1
body Accept Credit Cards ACCEPT_CREDIT_CARDS 2.507 2.596 0 1.037
body Eliminate Bad Credit BAD_CREDIT 1.230 0.160 0.500 0.356
body Unsecured Credit/Debt UNSECURED_CREDIT 0.761 2.299 0 1.461
body Lower Interest Rates LOW_INTEREST 0.058 1.915 0 0.605
body Compare Rates COMPARE_RATES 2.241 0.587 0 2.700
body Save Up To SAVE_UP_TO 0.267 0.105 0 0
body Lower Monthly Payment LOW_PAYMENT 1.610 1.264 0 0.701
body Consolidate debt, credit, or bills CONSOLIDATE_DEBT 4.300 4.300 1.001 2.995
body Calling Creditors CREDITORS_CALLING 2.900 2.800 2.800 2.700
body Home refinancing REFINANCE_YOUR_HOME 1
body Home refinancing REFINANCE_NOW 2.012 1.359 2.696 2.010
body Discusses search engine listings SEARCH_ENGINE_PROMO 1
body Opportunity - What a deal! OPPORTUNITY_2 1
body No Purchase Necessary NO_PURCHASE 1
body No Strings Attached NO_STRINGS 1.537 2.098 0 1.392
body No Fees NO_FEE 1
body No Medical Exams NO_MEDICAL 1
body No Age Restrictions NO_AGE 1
body No Claim Forms NO_FORMS 0 1.337 0 0
body No Gimmick NO_GIMMICK 1
body No Investment NO_INVESTMENT 2.900 2.800 0 0
body Requires Initial Investment INITIAL_INVEST 2.799 2.797 0 1.504
body No Inventory NO_INVENTORY 2.799 2.696 0 2.700
body Buy Direct BUY_DIRECT 0.616 1.170 0 1.816
body Drastically Reduced DRASTIC_REDUCED 0.943 1.998 1.797 1.799
body Do it Today DO_IT_TODAY 0.774 0.707 0.801 0.704
body What are you waiting for WHY_WAIT 0.356 0.476 0.149 1.229
body Supplies are Limited SUPPLIES_LIMITED 1.623 1.496 0 0.332
body Secretly Recorded SECRET_RECORD 2.599 2.157 2.515 2.699
body Someone using your identity USE_IDENTITY 2.900 2.800 2.800 2.700
body You can search for anyone YOU_CAN_SEARCH 2.900 2.800 2.800 2.700
body Find out anything FIND_ANYTHING 2.119 0.107 0 0.229
body Score with babes! SEDUCTION 2.283 2.367 0.787 1.208
body Invaluable marketing information INVALUABLE_MARKETING 2.900 2.800 1.119 0.701
body Marketing Solutions MARKET_SOLUTION 1
body Direct Marketing MARKETING 1
body Save big money SAVE_MONEY 1
body Guaranteed Stuff GUARANTEED_STUFF 1.944 1.168 2.696 2.298
body Additional Income INCOME 1.356 0 0 0
body Potential Earnings EARNINGS 2.122 1.565 0 1.962
body The best Rates THE_BEST_RATE 3.254 3.724 0.700 2.145
body Promise you ...! WE_PROMISE_YOU 1.691 1.486 2.596 2.132
body Amazing Stuff AMAZING_STUFF 2.008 2.596 1.279 1.854
body Cash Bonus CASH_BONUS 0.589 1.760 0.812 1.897
body Shopping Spree SHOPPING_SPREE 1
body Fantastic Deal FANTASTIC 1
body Cents on the Dollar CENTS_ON_DOLLAR 1.799 1.597 0 0
body Lose Weight Spam DIET 1
body Long Distance Phone Offer LONG_DISTANCE 1.638 1.261 2.107 0.772
body Reverses Aging REVERSE_AGING 4.300 4.300 1.001 1.001
body Cures Baldness HAIR_LOSS 1.563 0.575 3.847 2.955
body Cable Converter CABLE_CONVERTER 0.010 0.433 0 2.399
body Luxury Car LUXURY_CAR 1.934 2.156 0 1.071
body Removes Wrinkles WRINKLES 4.300 4.300 4.100 4.100
body Buying judgements BUY_JUDGEMENTS 1
body Will not Believe your Eyes! LYING_EYES 0.146 2.330 0 2.599
body While you Sleep WHI