SpamAssassin(tm)

The Apache SpamAssassin Project

The Powerful #1 Open-Source Spam Filter

 SpamAssassin Home   Home   News   Wiki   Download   FAQ   Docs   Lists   Tests   Bugs   Credits 

Tests Performed: v3.2.x

This is the current list of tests SpamAssassin(tm) performs on mail messages to determine if they're spam or not. If you wish to change the score from the default, add a line like this to your ~/.spamassassin/user_prefs:

score NAME_OF_TEST 3.0

Where 3.0 is the hits you wish that test to incur, and NAME_OF_TEST is the test name from the TEST NAME column below.

If you wish to disable a test, set the score to 0 by adding a line like this to your ~/.spamassassin/user_prefs:

score NAME_OF_TEST 0

Note that these are the scores for the current stable release of SpamAssassin; they may be different from the ones you're running on your servers, if SpamAssassin is installed there.

The 'More Info' links, if present, lead to a section of our Wiki for collaborative documentation of rules; some of the rules include additional user-contributed documentation there. If you feel like adding a page describing a rule in further detail, feel free to create a page at that link, using the RuleDescriptionTemplate format.


AREA TESTED LOCALE DESCRIPTION OF TEST TEST NAME DEFAULT SCORES
(local, net, with bayes, with bayes+net) 		MORE INFO
(additional wiki docs)
body Generic Test for Unsolicited Bulk Email GTUBE 1000.000 Wiki
body Incorporates a tracking ID number TRACKER_ID 2.699 2.696 2.000 2.003 Wiki
body Weird repeated double-quotation marks WEIRD_QUOTING 2.799 2.796 1.428 1.396 Wiki
body Body contains a ROT13-encoded email address EMAIL_ROT13 1.600 1.680 1.850 2.000 Wiki
body HTML and text parts are different MPART_ALT_DIFF 2.498 1.143 1.456 0.739 Wiki
body HTML and text parts are different MPART_ALT_DIFF_COUNT 2.899 1.882 1.500 1.110 Wiki
body Message body has 80-90% blank lines BLANK_LINES_80_90 1 Wiki
body eval:tvd_vertical_words('0','10') TVD_SPACE_RATIO 2.899 2.899 2.307 2.219 Wiki
body eval:check_ma_non_text() MULTIPART_ALT_NON_TEXT 2.699 2.696 2.699 2.696 Wiki
body Character set indicates a foreign language CHARSET_FARAWAY 3.200 Wiki
rawbody Extra blank lines in base64 encoding MIME_BASE64_BLANKS 0.221 0.001 0.016 0.041 Wiki
rawbody Message text disguised using base64 encoding MIME_BASE64_TEXT 2.701 2.796 1.709 1.753 Wiki
body Missing blank line between MIME header and body MISSING_MIME_HB_SEP 2.599 2.699 2.205 2.119 Wiki
body Multipart message mostly text/html MIME MIME_HTML_MOSTLY 0.001 Wiki
body Message only has text/html MIME parts MIME_HTML_ONLY 2.299 1.672 1.925 1.457 Wiki
rawbody Quoted-printable line longer than 76 chars MIME_QP_LONG_LINE 2.499 1.819 1.500 1.396 Wiki
body MIME character set is an unknown ISO charset MIME_BAD_ISO_CHARSET 3.363 2.831 2.768 0.346 Wiki
body IP to HTTPS link found in HTML HTTPS_IP_MISMATCH 2.697 2.896 2.899 2.897 Wiki
body Message contained a URI which was truncated URI_TRUNCATED 0.001 Wiki
header Passed through trusted hosts only via SMTP ALL_TRUSTED -1.360 -1.440 -1.665 -1.800 Wiki
header Informational: message was not relayed via SMTP NO_RELAYS -0.001 Wiki
header NJABL: sender is confirmed open relay RCVD_IN_NJABL_RELAY 0 1.841 0 2.696 Wiki
header NJABL: sender is confirmed spam source RCVD_IN_NJABL_SPAM 0 3.096 0 2.072 Wiki
header NJABL: sent through multi-stage open relay RCVD_IN_NJABL_MULTI 1 Wiki
header NJABL: sender is an open formmail RCVD_IN_NJABL_CGI 1 Wiki
header NJABL: sender is an open proxy RCVD_IN_NJABL_PROXY 0 1.693 0 1.643 Wiki
header SORBS: sender is open HTTP proxy server RCVD_IN_SORBS_HTTP 0 0.001 0 0.001 Wiki
header SORBS: sender is open SOCKS proxy server RCVD_IN_SORBS_SOCKS 0 0.182 0 0.801 Wiki
header SORBS: sender is open proxy server RCVD_IN_SORBS_MISC 0 0.001 0 0.353 Wiki
header SORBS: sender is open SMTP relay RCVD_IN_SORBS_SMTP 1 Wiki
header SORBS: sender is a abuseable web server RCVD_IN_SORBS_WEB 0 1.117 0 0.619 Wiki
header SORBS: sender demands to never be tested RCVD_IN_SORBS_BLOCK 1 Wiki
header SORBS: sender is on a hijacked network RCVD_IN_SORBS_ZOMBIE 1 Wiki
header SORBS: sent directly from dynamic IP address RCVD_IN_SORBS_DUL 0 1.615 0 0.877 Wiki
header Received via a relay in Spamhaus SBL RCVD_IN_SBL 0 2.810 0 1.551 Wiki
header Received via a relay in Spamhaus XBL RCVD_IN_XBL 0 2.896 0 3.033 Wiki
header Received via a relay in Spamhaus PBL RCVD_IN_PBL 0 0.509 0 0.905 Wiki
header Envelope sender in dsn.rfc-ignorant.org DNS_FROM_RFC_DSN 0 2.527 0 1.495 Wiki
header Envelope sender in bogusmx.rfc-ignorant.org DNS_FROM_RFC_BOGUSMX 0 2.125 0 1.482 Wiki
header CompleteWhois: sender on bogons IP block RCVD_IN_WHOIS_BOGONS 1 Wiki
header CompleteWhois: sender on hijacked IP block RCVD_IN_WHOIS_HIJACKED 0 1.000 0 1.000 Wiki
header CompleteWhois: sender on invalid IP block RCVD_IN_WHOIS_INVALID 0 1.199 0 0.400 Wiki
header Received via a relay in list.dsbl.org RCVD_IN_DSBL 0 0.753 0 0.961 Wiki
header Envelope sender listed in dnsbl.ahbl.org DNS_FROM_AHBL_RHSBL 0 2.025 0 0.692 Wiki
header Envelope sender in blackholes.securitysage.com DNS_FROM_SECURITYSAGE 0 0.127 0 0.001 Wiki
header Received via a relay in bl.spamcop.net RCVD_IN_BL_SPAMCOP_NET 0 2.188 0 1.960 Wiki
header Relay in RBL, http://www.mail-abuse.org/rbl/ RCVD_IN_MAPS_RBL 1 Wiki
header Relay in DUL, http://www.mail-abuse.org/dul/ RCVD_IN_MAPS_DUL 1 Wiki
header Relay in RSS, http://www.mail-abuse.org/rss/ RCVD_IN_MAPS_RSS 1 Wiki
header Relay in NML, http://www.mail-abuse.org/nml/ RCVD_IN_MAPS_NML 1 Wiki
header Sender is in Bonded Sender Program (trusted relay) RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3 Wiki
header Sender is in Bonded Sender Program (other relay) RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1 Wiki
header ISIPP IADB lists as vouched-for sender RCVD_IN_IADB_VOUCHED 0 -2.2 0 -2.2 Wiki
header Habeas Accredited Confirmed Opt-In or Better HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0 Wiki
header Habeas Accredited Opt-In or Better HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3 Wiki
header Habeas Checked HABEAS_CHECKED 0 -0.2 0 -0.2 Wiki
header Subject contains a gappy version of 'cialis' SUBJECT_DRUG_GAP_C 0.001 0.001 0.508 0.003 Wiki
header Subject contains a gappy version of 'levitra' SUBJECT_DRUG_GAP_L 1.047 1.831 2.407 2.515 Wiki
header Subject contains a gappy version of 'soma' SUBJECT_DRUG_GAP_S 1 Wiki
header Subject contains a gappy version of 'valium' SUBJECT_DRUG_GAP_VA 1.876 2.596 1.035 1.014 Wiki
header Subject contains a gappy version of 'xanax' SUBJECT_DRUG_GAP_X 1.478 2.052 2.298 1.766 Wiki
body Talks about price per dose DRUG_DOSAGE 2.514 0.128 1.621 1.623 Wiki
body Mentions an E.D. drug DRUG_ED_CAPS 0.329 1.540 2.417 0.322 Wiki
body Talks about an E.D. drug using its chemical name DRUG_ED_SILD 0.001 0.001 1.026 1.185 Wiki
body Mentions Generic Viagra DRUG_ED_GENERIC 3.286 3.314 2.001 1.558 Wiki
body Fast Viagra Delivery DRUG_ED_ONLINE 1 Wiki
body Online Pharmacy ONLINE_PHARMACY 2.701 1.484 0.057 0.001 Wiki
body No prescription needed NO_PRESCRIPTION 2.573 2.757 2.944 2.619 Wiki
body Attempts to disguise the word 'viagra' VIA_GAP_GRA 2.203 1.053 2.004 0.133 Wiki
body Two or more drugs crammed together into one word DRUGS_SMEAR1 1 Wiki
header Delivered to trusted network by a host with no rDNS RDNS_NONE 0.1 Wiki
header Relay HELO'd with suspicious hostname (mail.com) FAKE_HELO_MAIL_COM_DOM 3.199 3.196 2.812 3.199 Wiki
header Relay HELO'd using suspicious hostname (IP addr 1) HELO_DYNAMIC_IPADDR 4.399 2.935 2.643 2.426 Wiki
header Relay HELO'd using suspicious hostname (DHCP) HELO_DYNAMIC_DHCP 2.298 1.520 1.536 1.398 Wiki
header Relay HELO'd using suspicious hostname (HCC) HELO_DYNAMIC_HCC 4.299 4.295 4.299 4.295 Wiki
header Relay HELO'd using suspicious hostname (Rogers) HELO_DYNAMIC_ROGERS 1 Wiki
header Relay HELO'd using suspicious hostname (T-Dialin) HELO_DYNAMIC_DIALIN 3.999 3.995 3.999 3.384 Wiki
header Relay HELO'd using suspicious hostname (Hex IP) HELO_DYNAMIC_HEXIP 3.099 3.099 3.100 2.204 Wiki
header Relay HELO'd using suspicious hostname (Split IP) HELO_DYNAMIC_SPLIT_IP 4.199 4.199 4.199 3.493 Wiki
header Relay HELO'd using suspicious hostname (IP addr 2) HELO_DYNAMIC_IPADDR2 4.399 4.395 4.400 4.395 Wiki
header Relay HELO'd using suspicious hostname (Chello.nl) HELO_DYNAMIC_CHELLO_NL 3.600 3.599 3.599 3.595 Wiki
header Relay HELO'd using suspicious hostname (Home.nl) HELO_DYNAMIC_HOME_NL 3.499 3.496 3.499 3.463 Wiki
header Host HELO did not match rDNS: msn.com FAKE_HELO_MSN 1 Wiki
header Host HELO did not match rDNS: mail.com FAKE_HELO_MAIL_COM 1.755 0.220 2.600 1.317 Wiki
header Host HELO did not match rDNS: email.com FAKE_HELO_EMAIL_COM 1 Wiki
header Host HELO did not match rDNS: excite.com FAKE_HELO_EXCITE 2.599 2.552 2.599 2.598 Wiki
header Host HELO did not match rDNS: lycos.com FAKE_HELO_LYCOS 2.459 2.432 2.497 2.599 Wiki
header Host HELO did not match rDNS: yahoo.ca FAKE_HELO_YAHOO_CA 1 Wiki
header Partial message FRAGMENTED_MESSAGE 2.5 Wiki
header From: contains empty name FROM_BLANK_NAME 2.215 2.212 2.100 0.760 Wiki
header From: starts with many numbers FROM_STARTS_WITH_NUMS 2.302 0.723 1.232 1.499 Wiki
header From address is "at something-offers" FROM_OFFERS 2.601 1.145 2.699 0.001 Wiki
header From: has no local-part before @ sign FROM_NO_USER 2.199 0.499 2.081 1.483 Wiki
header Subject has exclamation mark and question mark PLING_QUERY 2.160 1.333 1.400 1.390 Wiki
header Spam tool Message-Id: (caps variant) MSGID_SPAM_CAPS 4.199 4.195 4.199 4.195 Wiki
header Spam tool Message-Id: (letters variant) MSGID_SPAM_LETTERS 2.861 1.637 0.866 1.188 Wiki
header Message-ID has ALLCAPS@yahoo.com MSGID_YAHOO_CAPS 1.197 0.448 2.921 3.107 Wiki
header Message-ID is unusually short MSGID_SHORT 0.200 0.232 0.690 1.078 Wiki
header Message-ID contains multiple '@' characters MSGID_MULTIPLE_AT 1.221 1.211 1.571 1.449 Wiki
header Date header uses unusual Y2K formatting DATE_SPAMWARE_Y2K 2.057 1.031 2.912 2.883 Wiki
header Invalid Date: header (not RFC 2822) INVALID_DATE 2.303 1.651 1.329 1.245 Wiki
header Invalid Date: header (timezone does not exist) INVALID_DATE_TZ_ABSURD 0.197 0.243 2.284 2.191 Wiki
header Invalid date in header (wrong CST timezone) INVALID_TZ_CST 1.704 0.862 1.583 2.079 Wiki
header Invalid date in header (wrong EST timezone) INVALID_TZ_EST 2.601 2.065 2.265 2.696 Wiki
header Subject contains an English UCE tag ENGLISH_UCE_SUBJECT 1 Wiki
header Subject contains a Japanese UCE tag JAPANESE_UCE_SUBJECT 1 Wiki
header Subject: contains Korean unsolicited email tag KOREAN_UCE_SUBJECT 3.099 1.111 2.114 2.962 Wiki
header Contains forged hostname for a DSL IP in Brazil FORGED_TELESP_RCVD 1 Wiki
header Character set doesn't exist NONEXISTENT_CHARSET 1 Wiki
header Missing Message-Id: header MISSING_MID 0.001 Wiki
header Missing Date: header MISSING_DATE 0.001 Wiki
header Subject: contains G.a.p.p.y-T.e.x.t GAPPY_SUBJECT 2.104 2.001 0.941 1.020 Wiki
header Message has Prevent-NonDelivery-Report header PREVENT_NONDELIVERY 1.515 1.640 1.737 1.600 Wiki
header Message has X-IP header X_IP 2.840 1.943 2.744 3.177 Wiki
header Subject contains "As Seen" SUBJ_AS_SEEN 1 Wiki
header Subject starts with dollar amount SUBJ_DOLLARS 2.399 0.842 1.501 1.421 Wiki
header Subject contains "Your Bills" or similar SUBJ_YOUR_DEBT 2.899 2.896 2.576 2.622 Wiki
header Subject contains "Your Family" SUBJ_YOUR_FAMILY 2.799 2.647 2.000 1.043 Wiki