1# Using score set 1 logs for revision 1896115 from: 2# ham-net-darxus.r1896115.log ham-net-ena-week0.r1896115.log ham-net-ena-week1.r1896115.log ham-net-ena-week2.r1896115.log ham-net-ena-week3.r1896115.log ham-net-ena-week4.r1896115.log ham-net-giovanni-ham.r1896115.log ham-net-giovanni-spammy.r1896115.log ham-net-giovanni-spam.r1896115.log ham-net-grenier.r1896115.log ham-net-hege.r1896115.log ham-net-jhardin.r1896115.log ham-net-llanga.r1896115.log ham-net-mmiroslaw-mails-ham.r1896115.log ham-net-mmiroslaw-mails-spam.r1896115.log ham-net-pds.r1896115.log ham-net-spamsponge.r1896115.log ham-net-thendrikx.r1896115.log spam-net-darxus.r1896115.log spam-net-ena-week0.r1896115.log spam-net-ena-week1.r1896115.log spam-net-ena-week2.r1896115.log spam-net-ena-week3.r1896115.log spam-net-ena-week4.r1896115.log spam-net-giovanni-ham.r1896115.log spam-net-giovanni-spammy.r1896115.log spam-net-giovanni-spam.r1896115.log spam-net-grenier.r1896115.log spam-net-hege.r1896115.log spam-net-jhardin.r1896115.log spam-net-llanga.r1896115.log spam-net-mmiroslaw-mails-ham.r1896115.log spam-net-mmiroslaw-mails-spam.r1896115.log spam-net-pds.r1896115.log spam-net-spamsponge.r1896115.log spam-net-thendrikx.r1896115.log 3 4score ACCT_PHISHING_MANY 2.999 5score AC_BR_BONANZA 0.001 6score AC_DIV_BONANZA 0.001 7score AC_FROM_MANY_DOTS 2.999 8score AC_HTML_NONSENSE_TAGS 1.999 9score ADMITS_SPAM 2.400 10score ADVANCE_FEE_2_NEW_FORM 1.143 11score ADVANCE_FEE_2_NEW_FRM_MNY 2.499 12score ADVANCE_FEE_2_NEW_MONEY 1.207 13score ADVANCE_FEE_3_NEW 2.322 14score ADVANCE_FEE_3_NEW_FRM_MNY 0.085 15score ADVANCE_FEE_3_NEW_MONEY 2.599 16score ADVANCE_FEE_4_NEW 2.297 17score ADVANCE_FEE_4_NEW_FRM_MNY 1.599 18score ADVANCE_FEE_4_NEW_MONEY 0.001 19score ADVANCE_FEE_5_NEW 0.001 20score ADVANCE_FEE_5_NEW_FRM_MNY 0.001 21score ADVANCE_FEE_5_NEW_MONEY 0.688 22score AD_PREFS 0.499 23score AMAZON_IMG_NOT_RCVD_AMZN 2.460 24score AXB_XMAILER_MIMEOLE_OL_024C2 0.001 25score BIGNUM_EMAILS_FREEM 0.505 26score BIGNUM_EMAILS_MANY 2.999 27score BITCOIN_DEADLINE 2.958 28score BITCOIN_MALF_HTML 3.292 29score BITCOIN_MALWARE 2.515 30score BITCOIN_SPAM_02 1.349 31score BITCOIN_SPAM_05 1.560 32score BITCOIN_SPAM_07 3.499 33score BITCOIN_SPAM_09 1.499 34score BITCOIN_XPRIO 0.001 35score BITCOIN_YOUR_INFO 2.999 36score BODY_SINGLE_URI 1.880 37score BODY_SINGLE_WORD 0.001 38score BODY_URI_ONLY 0.001 39score BOGUS_MIME_VERSION 3.182 40score CK_HELO_GENERIC 0.001 41score CONTENT_AFTER_HTML 2.499 42score CTE_8BIT_MISMATCH 0.001 43score DEAR_BENEFICIARY 1.094 44score DKIMWL_BL 2.999 45score DKIMWL_WL_HIGH -0.209 46score DKIMWL_WL_MED -0.001 47score DKIMWL_WL_MEDHI -0.001 48score DX_TEXT_03 1.099 49score DYNAMIC_IMGUR 3.328 50score END_FUTURE_EMAILS 0.140 51score FILL_THIS_FORM 1.038 52score FONT_INVIS_DIRECT 0.001 53score FONT_INVIS_DOTGOV 3.499 54score FONT_INVIS_HTML_NOHTML 1.395 55score FONT_INVIS_LONG_LINE 2.999 56score FONT_INVIS_MSGID 1.498 57score FORGED_SPF_HELO 1.399 58score FORM_FRAUD 0.881 59score FORM_FRAUD_3 2.299 60score FORM_FRAUD_5 0.001 61score FOUND_YOU 3.249 62score FREEMAIL_FORGED_FROMDOMAIN 0.250 63score FROMSPACE 2.899 64score FROM_2_EMAILS_SHORT 1.158 65score FROM_BANK_NOAUTH 0.999 66score FROM_FMBLA_NEWDOM 1.499 67score FROM_FMBLA_NEWDOM14 1.000 68score FROM_FMBLA_NEWDOM28 0.799 69score FROM_GOV_DKIM_AU -0.124 70score FROM_IN_TO_AND_SUBJ 1.799 71score FROM_MISSPACED 0.001 72score FROM_MISSP_EH_MATCH 0.001 73score FROM_MISSP_FREEMAIL 0.001 74score FROM_MISSP_MSFT 0.001 # force non-zero 75score FROM_MISSP_SPF_FAIL 0.001 76score FROM_MISSP_TO_UNDISC 0.032 77score FROM_MISSP_USER 0.001 78score FROM_MISSP_XPRIO 0.497 79score FROM_MULTI_NORDNS 1.895 80score FROM_NEWDOM_BTC 1.946 81score FROM_PAYPAL_SPOOF 1.599 82score FROM_SUSPICIOUS_NTLD 0.499 83score FROM_SUSPICIOUS_NTLD_FP 0.523 84score FSL_BULK_SIG 1.753 85score FSL_CTYPE_WIN1251 0.001 86score FSL_HELO_FAKE 2.899 87score FSL_NEW_HELO_USER 0.001 88score FUZZY_BITCOIN 2.464 89score FUZZY_BTC_WALLET 0.341 90score FUZZY_WALLET 2.800 91score GAPPY_LOW_CONTRAST 2.499 92score GB_FAKE_RF_SHORT 0.001 93score GB_FREEMAIL_DISPTO 0.500 94score GOOG_REDIR_NORDNS 2.900 95score GOOG_REDIR_SHORT 3.099 96score GOOG_STO_EMAIL_PHISH 2.999 97score GOOG_STO_IMG_HTML 2.999 98score GOOG_STO_NOIMG_HTML 2.999 99score HAS_X_OUTGOING_SPAM_STAT 0.803 100score HDRS_LCASE_IMGONLY 0.100 101score HDRS_MISSP 2.499 102score HDR_ORDER_FTSDMCXX_DIRECT 1.999 103score HDR_ORDER_FTSDMCXX_NORDNS 2.554 104score HEADER_FROM_DIFFERENT_DOMAINS 0.250 105score HELO_NO_DOMAIN 0.001 106score HK_LOTTO 0.999 107score HK_NAME_MR_MRS 0.999 108score HK_RANDOM_ENVFROM 0.990 109score HK_RANDOM_FROM 0.999 110score HK_RANDOM_REPLYTO 0.500 111score HK_SCAM 0.933 112score HK_WIN 0.001 113score HOSTED_IMG_DIRECT_MX 0.946 114score HOSTED_IMG_FREEM 3.499 115score HOSTED_IMG_MULTI_PUB_01 2.997 116score HTML_ENTITY_ASCII 0.947 117score HTML_FONT_TINY_NORDNS 1.779 118score HTML_OFF_PAGE 2.999 119score HTML_SINGLET_MANY 0.001 120score HTML_TAG_BALANCE_CENTER 3.000 121score HTML_TEXT_INVISIBLE_FONT 0.955 122score HTML_TEXT_INVISIBLE_STYLE 0.940 123score JH_SPAMMY_HEADERS 3.499 124score KHOP_HELO_FCRDNS 0.399 125score LONGLN_LOW_CONTRAST 0.879 126score LONG_HEX_URI 0.223 127score LONG_IMG_URI 0.001 128score LONG_INVISIBLE_TEXT 0.981 129score LOTS_OF_MONEY 0.010 130score LOTTO_DEPT 0.001 131score MALWARE_NORDNS 1.728 132score MANY_SPAN_IN_TEXT 2.199 133score MILLION_HUNDRED 0.001 134score MIMEOLE_DIRECT_TO_MX 1.468 135score MIXED_AREA_CASE 1.762 136score MIXED_CENTER_CASE 0.516 137score MIXED_ES 2.595 138score MIXED_FONT_CASE 2.499 139score MIXED_HREF_CASE 1.999 140score MIXED_IMG_CASE 1.246 141score MONEY_ATM_CARD 0.753 142score MONEY_FORM 0.001 143score MONEY_FORM_SHORT 2.499 144score MONEY_FRAUD_3 0.032 145score MONEY_FRAUD_5 1.661 146score MONEY_FRAUD_8 2.899 147score MONEY_FREEMAIL_REPTO 0.001 148score MONEY_FROM_41 1.321 149score MONEY_FROM_MISSP 1.947 150score MSMAIL_PRI_ABNORMAL 0.001 151score NAME_EMAIL_DIFF 2.674 152score NA_DOLLARS 1.350 153score NICE_REPLY_A -3.608 154score NORDNS_LOW_CONTRAST 0.001 155score NO_FM_NAME_IP_HOSTN 0.001 156score NSL_RCVD_FROM_USER 0.001 157score NSL_RCVD_HELO_USER 2.279 158score OBFU_BITCOIN 2.149 159score OBFU_TEXT_ATTACH 0.860 160score ODD_FREEM_REPTO 2.496 161score ONLINE_MKTG_CNSLT 2.499 162score PDS_BTC_ID 0.499 163score PDS_BTC_MSGID 0.999 164score PDS_CPANEL_PORT_SPOOFEDURL 0.500 165score PDS_DBL_URL_TNB_RUNON 1.999 166score PDS_FRNOM_TODOM_DBL_URL 1.499 167score PDS_FRNOM_TODOM_NAKED_TO 1.399 168score PDS_FROM_2_EMAILS 0.493 169score PDS_FROM_NAME_TO_DOMAIN 1.999 170score PDS_OTHER_BAD_TLD 1.999 171score PDS_PHP_EVAL 1.496 172score PDS_RDNS_DYNAMIC_FP 0.001 # force non-zero 173score PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE 1.999 174score PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE 1.999 175score PDS_TO_EQ_FROM_NAME 0.456 176score PHP_ORIG_SCRIPT 2.499 177score PHP_ORIG_SCRIPT_EVAL 2.904 178score PHP_SCRIPT 2.499 179score PP_MIME_FAKE_ASCII_TEXT 0.999 180score RAND_MKTG_HEADER 1.999 181score RATWARE_NO_RDNS 2.999 182score RCVD_IN_MSPIKE_H2 -0.001 183score RDNS_NUM_TLD_XM 0.001 184score REPLYTO_EMPTY 2.699 185score REPTO_419_FRAUD_GM 0.932 186score SCRIPT_GIBBERISH 2.700 187score SENDGRID_REDIR 0.454 188score SERGIO_SUBJECT_VIAGRA01 2.892 189score SHOPIFY_IMG_NOT_RCVD_SFY 2.499 190score SHORTENED_URL_SRC 2.299 191score SHORT_SHORTNER 1.999 192score SPOOFED_FREEMAIL 1.263 193score SPOOFED_FREEMAIL_NO_RDNS 0.001 194score SPOOFED_FREEM_REPTO 1.566 195score SPOOF_GMAIL_MID 1.064 196score STATIC_XPRIO_OLE 0.001 197score STOX_BOUND_090909_B 2.222 198score THIS_AD 0.699 199score TO_EQ_FM_DIRECT_MX 0.001 200score TO_EQ_FM_DOM_SPF_FAIL 0.001 # force non-zero 201score TO_EQ_FM_SPF_FAIL 0.001 # force non-zero 202score TO_IN_SUBJ 0.100 203score TO_NAME_SUBJ_NO_RDNS 1.592 204score TO_NO_BRKTS_DYNIP 0.001 205score TO_NO_BRKTS_FROM_MSSP 2.456 206score TO_NO_BRKTS_HTML_IMG 1.825 207score TO_NO_BRKTS_HTML_ONLY 1.999 208score TO_NO_BRKTS_NORDNS_HTML 0.001 209score TO_NO_BRKTS_PCNT 1.760 210score TRANSFORM_LIFE 2.499 211score TUMBLR_IMG_NOT_RCVD_TUMB 1.220 212score TVD_RCVD_SPACE_BRACKET 1.976 213score UNDISC_FREEM 3.099 214score UNDISC_MONEY 3.100 215score UNICODE_OBFU_ASC 2.499 216score URI_DOTEDU 1.999 217score URI_FIREBASEAPP 2.999 218score URI_GOOGLE_PROXY 2.193 219score URI_IN_URI_10 2.599 220score URI_ONLY_MSGID_MALF 1.999 221score URI_PHISH 2.633 222score URI_PHP_REDIR 3.277 223score URI_TRY_3LD 1.458 224score URI_WPADMIN 2.399 225score URI_WP_DIRINDEX 2.863 226score URI_WP_HACKED 3.499 227score URI_WP_HACKED_2 2.499 228score VFY_ACCT_NORDNS 2.999 229score XFER_LOTSA_MONEY 0.999 230score XM_DIGITS_ONLY 2.161 231score XM_LIGHT_HEAVY 2.499 232score XM_RANDOM 2.499 233score XM_RECPTID 3.000 234score XPRIO 0.001 # force non-zero 235score YOU_INHERIT 1.482 236score AC_POST_EXTRAS 1.000 237score AC_SPAMMY_URI_PATTERNS1 1.000 238score AC_SPAMMY_URI_PATTERNS10 1.000 239score AC_SPAMMY_URI_PATTERNS11 1.000 240score AC_SPAMMY_URI_PATTERNS12 1.000 241score AC_SPAMMY_URI_PATTERNS2 1.000 242score AC_SPAMMY_URI_PATTERNS3 1.000 243score AC_SPAMMY_URI_PATTERNS4 1.000 244score AC_SPAMMY_URI_PATTERNS8 1.000 245score AC_SPAMMY_URI_PATTERNS9 1.000 246score ADULT_DATING_COMPANY 10.001 # force non-zero 247score ALIBABA_IMG_NOT_RCVD_ALI 1.000 248score APP_DEVELOPMENT_FREEM 1.000 249score APP_DEVELOPMENT_NORDNS 1.000 250score BEBEE_IMG_NOT_RCVD_BB 1.000 251score BITCOIN_BOMB 1.000 252score BITCOIN_EXTORT_01 1.000 253score BITCOIN_EXTORT_02 1.000 254score BITCOIN_IMGUR 1.000 255score BITCOIN_OBFU_SUBJ 1.000 256score BITCOIN_ONAN 1.000 257score BITCOIN_PAY_ME 1.000 258score BITCOIN_SPAM_01 1.000 259score BITCOIN_SPAM_03 1.000 260score BITCOIN_SPAM_04 1.000 261score BITCOIN_SPAM_06 1.000 262score BITCOIN_SPAM_08 1.000 263score BITCOIN_SPAM_10 1.000 264score BITCOIN_SPAM_11 1.000 265score BITCOIN_SPAM_12 1.000 266score BITCOIN_SPF_ONLYALL 1.000 267score BOGUS_MSM_HDRS 1.000 268score BOMB_FREEM 1.000 269score BOMB_MONEY 1.000 270score BTC_ORG 1.000 271score BULK_RE_SUSP_NTLD 1.000 272score CANT_SEE_AD 1.000 273score COMMENT_GIBBERISH 1.000 274score DAY_I_EARNED 1.000 275score DKIMWL_BLOCKED 0.001 276score DOTGOV_IMAGE 1.000 277score EBAY_IMG_NOT_RCVD_EBAY 1.000 278score ENCRYPTED_MESSAGE -1.000 279score ENVFROM_GOOG_TRIX 1.000 280score FACEBOOK_IMG_NOT_RCVD_FB 1.000 281score FBI_MONEY 1.000 282score FBI_SPOOF 1.000 283score FONT_INVIS_NORDNS 1.000 284score FONT_INVIS_POSTEXTRAS 1.000 285score FREEM_FRNUM_UNICD_EMPTY 1.000 286score FRNAME_IN_MSG_XPRIO_NO_SUB 1.000 287score FROM_ADDR_WS 1.000 288score FROM_FMBLA_NDBLOCKED 0.001 289score FROM_GOV_REPLYTO_FREEMAIL 1.000 290score FROM_GOV_SPOOF 1.000 291score FROM_MISSP_PHISH 1.000 292score FROM_NTLD_LINKBAIT 1.000 293score FROM_NTLD_REPLY_FREEMAIL 1.000 294score FROM_NUMBERO_NEWDOMAIN 1.000 295score FROM_NUMERIC_TLD 1.000 296score GAPPY_SALES_LEADS_FREEM 1.000 297score GB_FORGED_MUA_POSTFIX 1.000 298score GB_FREEMAIL_DISPTO_NOTFREEM 0.500 299score GB_GOOGLE_OBFUR 0.750 300score GB_GOOG_IMG_NOT_RCVD_GOOG 1.000 301score GOOGLE_DOCS_PHISH 1.000 302score GOOGLE_DOCS_PHISH_MANY 1.000 303score GOOGLE_DOC_SUSP 1.000 304score GOOGLE_DRIVE_REPLY_BAD_NTLD 1.000 305score GOOG_MALWARE_DNLD 1.000 306score GOOG_STO_HTML_PHISH 1.000 307score GOOG_STO_HTML_PHISH_MANY 1.000 308score GOOG_STO_IMG_NOHTML 1.000 309score HAS_X_NO_RELAY 1.000 310score HEXHASH_WORD 1.000 311score HK_CTE_RAW 1.000 312score HK_RCVD_IP_MULTICAST 1.000 313score HOSTED_IMG_DQ_UNSUB 1.000 314score HOSTED_IMG_MULTI 1.000 315score HTML_ENTITY_ASCII_TINY 1.000 316score HTML_SHRT_CMNT_OBFU_MANY 1.000 317score IMG_ONLY_FM_DOM_INFO 1.000 318score JH_SPAMMY_PATTERN01 1.000 319score JH_SPAMMY_PATTERN02 1.000 320score LINKEDIN_IMG_NOT_RCVD_LNKN 1.000 321score LIST_PRTL_PUMPDUMP 1.000 322score LIST_PRTL_SAME_USER 1.000 323score LOTTO_AGENT 1.000 324score LUCRATIVE 1.000 325score MALF_HTML_B64 1.000 326score MALWARE_PASSWORD 1.000 327score MIME_NO_TEXT 1.000 328score MONERO_DEADLINE 1.000 329score MONERO_EXTORT_01 1.000 330score MONERO_MALWARE 1.000 331score MONERO_PAY_ME 1.000 332score MSGID_DOLLARS_URI_IMG 1.000 333score MSGID_HDR_MALF 1.000 334score MSM_PRIO_REPTO 1.000 335score NEWEGG_IMG_NOT_RCVD_NEGG 1.000 336score NEW_PRODUCTS 1.000 337score OFFER_ONLY_AMERICA 1.000 338score PDS_HELO_SPF_FAIL 1.000 339score PHISH_AZURE_CLOUDAPP 3.500 340score PHISH_FBASEAPP 1.000 341score PHOTO_EDITING_DIRECT 1.000 342score PHOTO_EDITING_FREEM 1.000 343score PHP_NOVER_MUA 1.000 344score PHP_SCRIPT_MUA 1.000 345score PP_TOO_MUCH_UNICODE02 0.500 346score PP_TOO_MUCH_UNICODE05 1.000 347score PUMPDUMP 1.000 348score PUMPDUMP_MULTI 1.000 349score RAND_HEADER_LIST_SPOOF 1.000 350score RAND_HEADER_MANY 1.000 351score RCVD_DOTEDU_SHORT 1.000 352score RCVD_DOTEDU_SUSP_URI 1.000 353score RDNS_NUM_TLD_ATCHNX 1.000 354score REPTO_419_FRAUD 1.000 355score REPTO_419_FRAUD_AOL 1.000 356score REPTO_419_FRAUD_AOL_LOOSE 1.000 357score REPTO_419_FRAUD_CNS 1.000 358score REPTO_419_FRAUD_GM_LOOSE 1.000 359score REPTO_419_FRAUD_HM 1.000 360score REPTO_419_FRAUD_OL 1.000 361score REPTO_419_FRAUD_PM 1.000 362score REPTO_419_FRAUD_QQ 1.000 363score REPTO_419_FRAUD_YH 1.000 364score REPTO_419_FRAUD_YH_LOOSE 1.000 365score REPTO_419_FRAUD_YJ 1.000 366score REPTO_419_FRAUD_YN 1.000 367score SENDGRID_REDIR_PHISH 1.000 368score SEO_SUSP_NTLD 1.000 369score SHORTENER_SHORT_IMG 1.000 370score SHORT_IMG_SUSP_NTLD 1.000 371score SPOOFED_FREEM_REPTO_CHN 1.000 372score SPOOFED_FREEM_REPTO_RUS 1.000 373score STOCK_TIP 1.000 374score SUBJ_BRKN_WORDNUMS 1.000 375score SYSADMIN 1.000 376score TAGSTAT_IMG_NOT_RCVD_TGST 1.000 377score TARINGANET_IMG_NOT_RCVD_TN 1.000 378score THIS_IS_ADV_SUSP_NTLD 1.000 379score TONLINE_FAKE_DKIM 1.000 380score TVD_SPACE_ENC_FM_MIME 1.000 381score TW_GIBBERISH_MANY 1.000 382score UC_GIBBERISH_OBFU 1.000 383score UNICODE_OBFU_ZW 1.000 384score URI_ADOBESPARK 1.000 385score URI_AZURE_CLOUDAPP 1.000 386score URI_DASHGOVEDU 1.000 387score URI_DATA 1.000 388score URI_DOTEDU_ENTITY 1.000 389score URI_GOOG_STO_SPAMMY 3.000 390score URI_HEX_IP 1.000 391score URI_IMG_WP_REDIR 1.000 392score URI_LONG_REPEAT 1.000 393score URI_OPTOUT_3LD 1.000 394score URI_TRY_USME 1.000 395score USB_DRIVES 1.000 396score VPS_NO_NTLD 1.000 397score WALMART_IMG_NOT_RCVD_WAL 1.000 398score WORD_INVIS 1.000 399score WORD_INVIS_MANY 1.000 400score XPRIO_SHORT_SUBJ 1.000 401