#disable this rule so it doesnt appear in reports as we are blocked score URIBL_BLOCKED 0 skip_rbl_checks 0 score DCC_CHECK 4 score MISSING_SUBJECT 3 score RCVD_IN_SORBS_SPAM 10 score RCVD_IN_BL_SPAMCOP_NET 0 score RCVD_IN_SBL_CSS 10 score URIBL_DBL_SPAM 10 score BODY_URI_ONLY 5 score SUBJ_ILLEGAL_CHARS 4 score URI_WP_HACKED 4 score URIBL_ABUSE_SURBL 6 score URIBL_MW_SURBL 4 score DATE_IN_FUTURE_06_12 4.0 score SUBJECT_NEEDS_ENCODING 1.5 score URIBL_BLACK 10 score SPF_NONE 0 score SPF_HELO_NONE 0 ### emergency override for sorbs score RCVD_IN_SORBS_SPAM 1 full X34SP_OVERRIDE /X-Authenticated-As/i describe X34SP_OVERRIDE '34SP OverRide' score X34SP_OVERRIDE -1 header __RCVD_IN_ZEN eval:check_rbl('zen','4ftb224caxv272tls4yv2wvrlq.zen.dq.spamhaus.net.') header RCVD_IN_XBL eval:check_rbl('zen-lastexternal', '4ftb224caxv272tls4yv2wvrlq.zen.dq.spamhaus.net.','127.0.0.[45678]') header RCVD_IN_PBL eval:check_rbl('zen-lastexternal', '4ftb224caxv272tls4yv2wvrlq.zen.dq.spamhaus.net.', '127.0.0.1[01]') ifplugin Mail::SpamAssassin::Plugin::URIDNSBL uridnssub URIBL_SBL 4ftb224caxv272tls4yv2wvrlq.zen.dq.spamhaus.net. A 127.0.0.2 uridnsbl URIBL_SBL_A 4ftb224caxv272tls4yv2wvrlq.sbl.dq.spamhaus.net. A urirhssub URIBL_DBL_SPAM 4ftb224caxv272tls4yv2wvrlq.dbl.dq.spamhaus.net. A 127.0.1.2 urirhssub URIBL_DBL_PHISH 4ftb224caxv272tls4yv2wvrlq.dbl.dq.spamhaus.net. A 127.0.1.4 urirhssub URIBL_DBL_MALWARE 4ftb224caxv272tls4yv2wvrlq.dbl.dq.spamhaus.net. A 127.0.1.5 urirhssub URIBL_DBL_BOTNETCC 4ftb224caxv272tls4yv2wvrlq.dbl.dq.spamhaus.net. A 127.0.1.6 urirhssub URIBL_DBL_ABUSE_SPAM 4ftb224caxv272tls4yv2wvrlq.dbl.dq.spamhaus.net. A 127.0.1.102 urirhssub URIBL_DBL_ABUSE_REDIR 4ftb224caxv272tls4yv2wvrlq.dbl.dq.spamhaus.net. A 127.0.1.103 urirhssub URIBL_DBL_ABUSE_PHISH 4ftb224caxv272tls4yv2wvrlq.dbl.dq.spamhaus.net. A 127.0.1.104 urirhssub URIBL_DBL_ABUSE_MALW 4ftb224caxv272tls4yv2wvrlq.dbl.dq.spamhaus.net. A 127.0.1.105 urirhssub URIBL_DBL_ABUSE_BOTCC 4ftb224caxv272tls4yv2wvrlq.dbl.dq.spamhaus.net. A 127.0.1.106 urirhssub URIBL_DBL_ERROR 4ftb224caxv272tls4yv2wvrlq.dbl.dq.spamhaus.net. A 127.0.1.255 if can(Mail::SpamAssassin::Plugin::URIDNSBL::has_tflags_domains_only) urirhsbl URIBL_ZRD 4ftb224caxv272tls4yv2wvrlq.zrd.dq.spamhaus.net. A body URIBL_ZRD eval:check_uridnsbl('URIBL_ZRD') describe URIBL_ZRD Contains a URL listed in the Spamhaus ZRD blocklist tflags URIBL_ZRD net domains_only score URIBL_ZRD 2.5 endif # if can endif # Mail::SpamAssassin::Plugin::URIDNSBL body X34_LOC_NO_EXTORT1_ALL /You have 24 hours in order to make the payment/i score X34_LOC_NO_EXTORT1_ALL 9.9 body X34_LOC_NO_EXTORT2_ALL /I made a split-screen video/i score X34_LOC_NO_EXTORT2_ALL 9.9 body X34_LOC_NO_EXTORT3_ALL /I actually placed a malware on the porn website/i score X34_LOC_NO_EXTORT3_ALL 9.9 body X34_LOC_NO_EXTORT4_ALL /I will send your video to all of your contacts including/i score X34_LOC_NO_EXTORT4_ALL 9.9 body X34_LOC_NO_EXTORT5_ALL /Moreover..we.ve gotten full damps of these data/i score X34_LOC_NO_EXTORT5_ALL 9.9 body X34_LOC_NO_EXTORT6_ALL /Your tastes are so weird, you know/i score X34_LOC_NO_EXTORT6_ALL 9.9 body X34_LOC_NO_EXTORT7_ALL /Transfer.*to our Bitcoin Wallet:.*erase.*data/i score X34_LOC_NO_EXTORT7_ALL 9.9 full X34SP_ALLOW_GMAIL_EVEN_IF_BLACKLISTED /\bfrom mail-...-...\.google.com\b|\bfrom mail-...-....\.google.com\b/i score X34SP_ALLOW_GMAIL_EVEN_IF_BLACKLISTED -5 describe X34SP_ALLOW_GMAIL_EVEN_IF_BLACKLISTED Allow users using google mail services to not get blocked as some google mailservers are frequently on blacklists full BADDOMAIN_mail_froilabo /mail.froilabo.com/i score BADDOMAIN_mail_froilabo 100 describe BADDOMAIN_mail_froilabo Causing mailerdaemons on a hosted domain full BADDOMAIN_factjack /factjack.net/i score BADDOMAIN_factjack 10 describe BADDOMAIN_factjack Links in spam for adult content full BADDOMAIN_sitecode /site.code-place/i score BADDOMAIN_sitecode 10 describe BADDOMAIN_sitecode Links in spam for adult content full BADDOMAIN_abuzzandabrand /abuzzandabrand.com/i score BADDOMAIN_abuzzandabrand 10 describe BADDOMAIN_abuzzandabrand Links in spam for adult content full BADDOMAIN_tecpronic /tecpronic.com/i score BADDOMAIN_tecpronic 10 describe BADDOMAIN_tecpronic Links in spam for adult content full BADDOMAIN_tankoksoon /tankoksoon.com/i score BADDOMAIN_tankoksoon 10 describe BADDOMAIN_tankoksoon Links in spam for adult content full BADDOMAIN_kpsfilm /kpsfilm.com/i score BADDOMAIN_kpsfilm 10 describe BADDOMAIN_kpsfilm Links in spam for adult content full BADDOMAIN_imgdepo /imgdepo.com/i score BADDOMAIN_imgdepo 10 describe BADDOMAIN_imgdepo Links in spam full BADDOMAIN_lifehuman /life-human.com/i score BADDOMAIN_lifehuman 10 describe BADDOMAIN_lifehuman Links in spam full BADDOMAIN_salvareleimprese /salvareleimprese.com/i score BADDOMAIN_salvareleimprese 10 describe BADDOMAIN_salvareleimprese Links in spam full BADDOMAIN_nanjinghavo /nanjinghavo.com/i score BADDOMAIN_nanjinghavo 10 describe BADDOMAIN_nanjinghavo Links in spam full BADDOMAIN_izobrazevanje /izobrazevanje.acs.si/i score BADDOMAIN_izobrazevanje 10 describe BADDOMAIN_izobrazevanje Links in spam full BADDOMAIN_proadvisordrivers /dev.proadvisordrivers.com/i score BADDOMAIN_proadvisordrivers 10 describe BADDOMAIN_proadvisordrivers Links in spam full BADDOMAIN_quickshopsmart /quickshopsmart.com/i score BADDOMAIN_quickshopsmart 10 describe BADDOMAIN_quickshopsmart Links in spam full BADDOMAIN_trybun /blog.trybun.com/i score BADDOMAIN_trybun 10 describe BADDOMAIN_trybun Links in spam full BADDOMAIN_tongkat /tongkat-guide.com/i score BADDOMAIN_tongkat 10 describe BADDOMAIN_tongkat Links in spam full BADDOMAIN_pachimpachim /pachimpachim.com/i score BADDOMAIN_pachimpachim 10 describe BADDOMAIN_pachimpachim Links in spam full BADDOMAIN_rabbitstale /rabbitstale.com/i score BADDOMAIN_rabbitstale 10 describe BADDOMAIN_rabbitstale Links in spam full BADDOMAIN_notrequotidien /notrequotidien.com/i score BADDOMAIN_notrequotidien 10 describe BADDOMAIN_notrequotidien Links in spam full BADDOMAIN_mediapolisonline /mediapolisonline.com.ar/i score BADDOMAIN_mediapolisonline 10 describe BADDOMAIN_mediapolisonline 10 full X34SP_CONTENT1 /this is.*random but I.* finally single/i describe X34SP_CONTENT1 Spam like content score X34SP_CONTENT1 10 full X34SP_CONTENT2 /sure this is unusual but I am finally single/i describe X34SP_CONTENT2 Spam like content score X34SP_CONTENT2 10 full X34SP_CONTENT3 /friend with benefits/i describe X34SP_CONTENT3 Spam like content score X34SP_CONTENT3 10 full X34SP_CONTENT4 /if not still with that chick.*more.*you/i describe X34SP_CONTENT4 Spam like content score X34SP_CONTENT4 10 full X34SP_CONTENT5 /I know this is unusual but I am now single and loo/i describe X34SP_CONTENT5 Spam like content score X34SP_CONTENT5 10 full X34SP_CONTENT6 /this is.*random but I.* now single/i describe X34SP_CONTENT6 Spam like content score X34SP_CONTENT6 10 full X34SP_CONTENT7 /this is.*unusual.*finally single and look/i describe X34SP_CONTENT7 Spam like content score X34SP_CONTENT7 10 full X34SP_CONTENT8 /txt me.*707 289 881/i describe X34SP_CONTENT8 Spam like content score X34SP_CONTENT8 10 full X34SP_CONTENT9 /txt me.*7072898018/i describe X34SP_CONTENT9 Spam like content score X34SP_CONTENT9 10 full X34SP_CONTENT10 /You are now matched with.*in your area.*you can/i describe X34SP_CONTENT10 Spam like content score X34SP_CONTENT10 10 full X34SP_CONTENT11 /You.*matched with.*in your city/i describe X34SP_CONTENT11 Spam like content score X34SP_CONTENT11 10 full X34SP_CONTENT12 /rate with people meeting up in real life/i describe X34SP_CONTENT12 Spam like content score X34SP_CONTENT12 10 full X34SP_CONTENT13 /on a full-.*part- time basis/i describe X34SP_CONTENT13 Spam like content score X34SP_CONTENT13 10 full X34SP_CONTENT14 /Ability to surf comfortably on the.*internet and with a printer/i describe X34SP_CONTENT14 Spam like content score X34SP_CONTENT14 10 full X34SP_CONTENT15 /You.*matched with.*in your area.*she.+s allow/i describe X34SP_CONTENT15 Spam like content score X34SP_CONTENT15 10 full X34SP_CONTENT16 /You.*matched with.*in your city.*she.+s allow/i describe X34SP_CONTENT16 Spam like content score X34SP_CONTENT16 10 full X34SP_CONTENT17 /You.*matched with.*near you.*reach her/i describe X34SP_CONTENT17 Spam like content score X34SP_CONTENT17 10 full X34SP_CONTENT18 /You.*matched with.*in you.*area/i describe X34SP_CONTENT18 Spam like content score X34SP_CONTENT18 10 full X34SP_CONTENT19 /You.*matched with.*near you.*she.*allow/i describe X34SP_CONTENT19 Spam like content score X34SP_CONTENT19 10 full X34SP_CONTENT20 /You.*matched with.*near you.*text her/i describe X34SP_CONTENT20 Spam like content score X34SP_CONTENT20 10 full X34SP_CONTENT21 /Adult sex glossary|Teens with amazing.*meet|sexy local beaut|Incognito sex dating|Nearby chicks.*fast dates|woman for sex|women for sex|Premium sex dates|Perfect women seeking.*Fast dating|babes with amazing forms|Secret adult meetings|Nearby women.*Among the best|seeking for pleasure|fast hook up.*premium ladies|hot sex/i describe X34SP_CONTENT21 Spam like content score X34SP_CONTENT21 10 full X34SP_CONTENT22 /expect to find such a wonderful thing|my photos.*questionnaire.*attached|Spend sleepless nights Time for sex|babes seeking a boy toy|starlets anticipate you|with prurient vixens|chicks want.*laid|my name.*from russia|good.*mistress|am very groovy person and immediately seeking delicious Man/i describe X34SP_CONTENT22 Spam like content score X34SP_CONTENT22 10 full X34SP_CONTENT23 /Can you imagine it|I should have tried it earlier|A beautiful and slim blonde is look|like anal sex|can be either a slave or a master|very delectable person|seeking .* Man|I'll send You my photo|unusual but .* single and interested|generous mistress|wish to talk, write to me/i describe X34SP_CONTENT23 Spam like content score X34SP_CONTENT23 10 full X34SP_CONTENT24 /Guess who is iti.* I give the hint.*thewtfshow.com/i describe X34SP_CONTENT24 Spam like content score X34SP_CONTENT24 10 full X34SP_PORN18 /mistress.*\bphoto\b/ describe X34SP_PORN18 Possible porn-spam score X34SP_PORN18 6 full X34SP_PORN19 /fulfill.*sexual.*desires/i describe X34SP_PORN19 Possible porn-spam score X34SP_PORN19 10 full X34SP_PORN20 /from Russian Federation/i describe X34SP_PORN20 Possible porn-spam score X34SP_PORN20 5 full X34SP_PORN21 /suck.*c\@ck/i describe X34SP_PORN21 Possible porn-spam score X34SP_PORN21 10 full X34SP_PORN22 /suck.*d\@ck/i describe X34SP_PORN22 Possible porn-spam score X34SP_PORN22 10 full X34SP_PORN30 /man to take my virgin/i describe X34SP_PORN30 Possible porn-spam score X34SP_PORN30 10 full X34SP_PORN31 /need.*d\@ck.*now/i describe X34SP_PORN31 Possible porn-spam score X34SP_PORN31 10 full X34SP_PORN32 /my tits.*picture/i describe X34SP_PORN32 Possible porn-spam score X34SP_PORN32 10 full X34SP_PORN33 /secret pictures for you/i describe X34SP_PORN33 Possible porn-spam score X34SP_PORN33 10 full X34SP_PORN34 /best handjob ever/i describe X34SP_PORN34 Possible porn-spam score X34SP_PORN34 10 full X34SP_PORN35 /check out my boobies/i describe X34SP_PORN35 Possible porn-spam score X34SP_PORN35 10 full X34SP_PORN36 /privateflings|rape.*suck|Secret adult dating|Outstanding adult dating|Enjoy marries women|All best.*thesphinx/i describe X34SP_PORN36 Possible porn-spam score X34SP_PORN36 10 full X34SP_SUBJECT15 /find.*girl.*pleasure/i describe X34SP_SUBJECT15 Possible spam subject score X34SP_SUBJECT15 10 full X34SP_SUBJECT16 /looking.*man.*make love/i describe X34SP_SUBJECT16 Possible spam subject score X34SP_SUBJECT16 10 full X34SP_SUBJECT17 /Housewife.*looking.*lover/i describe X34SP_SUBJECT17 Possible spam subject score X34SP_SUBJECT17 10 full X34SP_SUBJECT18 /online doctor inside/i describe X34SP_SUBJECT18 Possible spam subject score X34SP_SUBJECT18 10 full X34SP_SUBJECT19 /PORTENCY.*friend/i describe X34SP_SUBJECT19 Possible spam subject score X34SP_SUBJECT19 10 full X34SP_SUBJECT20 /make love.*rabbit/i describe X34SP_SUBJECT20 Possible spam subject score X34SP_SUBJECT20 10 full X34SP_SUBJECT21 /stock.*DURGS/i describe X34SP_SUBJECT21 Possible spam subject score X34SP_SUBJECT21 10 full X34SP_SUBJECT22 /CANADIEN/i describe X34SP_SUBJECT22 Possible spam subject score X34SP_SUBJECT22 10 full X34SP_SUBJECT23 /pills.*door/i describe X34SP_SUBJECT23 Possible spam subject score X34SP_SUBJECT23 10 full X34SP_SUBJECT24 /pending.*snatch notification/i describe X34SP_SUBJECT24 known spam subject score X34SP_SUBJECT24 10 full X34SP_SUBJECT25 /pending.*sex request/i describe X34SP_SUBJECT25 known spam subject score X34SP_SUBJECT25 10 full X34SP_SUBJECT26 /Insta Down4Tonight Msg/i describe X34SP_SUBJECT26 known spam subject score X34SP_SUBJECT26 10 full X34SP_SUBJECT27 /New Hot F.ckTonight Alert/i describe X34SP_SUBJECT27 known spam subject score X34SP_SUBJECT27 10 full X34SP_SUBJECT28 /UrgentBang Notification/i describe X34SP_SUBJECT28 known spam subject score X34SP_SUBJECT28 10 full X34SP_SUBJECT29 /waiting.*Snatch Alert/i describe X34SP_SUBJECT29 known spam subject score X34SP_SUBJECT29 10 full X34SP_SUBJECT30 /One Night Stand Request/i describe X34SP_SUBJECT30 known spam subject score X34SP_SUBJECT30 10 full X34SP_SUBJECT31 /HotSex Msg/i describe X34SP_SUBJECT31 known spam subject score X34SP_SUBJECT31 10 full X34SP_SUBJECT32 /Waiting Affair Match/i describe X34SP_SUBJECT32 known spam subject score X34SP_SUBJECT32 10 full X34SP_SUBJECT33 /sexhookup message/i describe X34SP_SUBJECT33 known spam subject score X34SP_SUBJECT33 10 full X34SP_SUBJECT34 /QuickF.ck Alert/i describe X34SP_SUBJECT34 known spam subject score X34SP_SUBJECT34 10 full X34SP_SUBJECT34 /hot.*Night.*Message/i describe X34SP_SUBJECT34 known spam subject score X34SP_SUBJECT34 10 full X34SP_SUBJECT34 /local sex dates/i describe X34SP_SUBJECT34 known spam subject score X34SP_SUBJECT34 10 full X34SP_SUBJECT35 /Subject.*solar panels.*of.*specials|Subject.*silver prepare hide always.*usual matter|Subject:.*Seasonal savings on solar panel.*rebates|Subject:.*Looking for a.*mistress|Subject:.*Looking for a.*sex|sex on Christmas|singles seeking babes|with suave amateurs|true NSA sex|Get sex today|Stop being decent|want ass-fuck|luscious chicks|suck your dick|pretty brunette is looking|Get to sleep babes|Everyone scores|naked girl in search|dick will be OK|ruttish lasses|Open profiles here|Get jiggy today|Attractive honeys need|Mind-blowing adult dat|fuckbuddy|one-night fuckbuddy|fuck.*christmas|christmas.*fuck|become rich|Kiss to you/i describe X34SP_SUBJECT35 known spam subject score X34SP_SUBJECT35 10 full X34SP_SUBJECT36 /Subject:*Reply me urgently|Subject:.*Ray-ban|Subject:.*RayBan|Subject:.*Ray.*Ban|Subject:.*When will you already understand: I want you|Subject:.*You will come today, I wait|Subject:.*You_have_a_cv_of_the_loser|Subject:.*fuck|Subject:.*have sex|Subject:.*blond.*lover/i describe X34SP_SUBJECT36 known spam subject score X34SP_SUBJECT36 10 full X34SP_SUBJECT37 /Subject:.*What are you doing in the evenings|Subject:.*that you watch my profile|Subject:.*idiot.*like you|Subject:.*loser.*do you still need work|Subject:.*Disarmed.*do you like me|Subject:.*spend the night with me|Subject:.*you are better than all men/i describe X34SP_SUBJECT37 known spam subject score X34SP_SUBJECT37 10 full X34SP_SUBJECT38 /Subject:.*Great news.*Kindly reply|Subject:.*MysteryShopperPrograms/i describe X34SP_SUBJECT38 known spam subject score X34SP_SUBJECT38 10 full X34SP_SUBJECT39 /Subject:.*UGG BOOTS.*|Subject:.*RAY-BAN.*/ describe X34SP_SUBJECT39 Recently spammed subject score X34SP_SUBJECT39 5 full X34SP_SUBJECT40 /Subject:.*data.*leak.*/i describe X34SP_SUBJECT40 Subject referring too data leak - generally spammy score X34SP_SUBJECT40 10 full X34SP_SANERULES /MailScanner-SpamVirus-Report.*Sanesecurity.Junk/ describe X34SP_SANERULES Sanesecurity Junk Rules triggered score X34SP_SANERULES 10 full X34SP_SPAMNAME1 /Lyubov/i describe X34SP_SPAMNAME1 Name appearing in lots of spam score X34SP_SPAMNAME1 3 full __X34SP_SPAMNAME2 /Lyubov/i full __X34SP_SPAMNAME3 /Lubov/i full __X34SP_SPAMCOUNTRY /russia/i meta Lyubov_russia __X34SP_SPAMNAME2 && __X34SP_SPAMCOUNTRY describe Lyubov_russia Russian spam links score Lyubov_russia 10 meta Lubov_russia __X34SP_SPAMNAME3 && __X34SP_SPAMCOUNTRY describe Lubov_russia Russian spam links score Lubov_russia 10 full __X34SP_G1 /XXblowXX/i full __X34SP_G2 /horny/i full __X34SP_G3 /bang/i full __X34SP_G4 /profile/i full __X34SP_G5 /gaycommunitynetwork/i full __X34SP_G6 /f\@cked/i full __X34SP_G7 /p\@ssy/i full __X34SP_G8 /c\@ck/i full __X34SP_G9 /butt/i full __X34SP_G10 /photo/i full __X34SP_G11 /smartnetrecycler.com/i full __X34SP_G12 /\bcum\b/i full __X34SP_G13 /spank/i full __X34SP_G14 /wobbly booty/i full __X34SP_G15 /\bsexy\b/i full __X34SP_G16 /pussy/i full __X34SP_G17 /skippernotes.com/i full __X34SP_G18 /f..cked/i full __X34SP_G19 /prprfesorjevih/i full __X34SP_G20 /\bsex\b/i full __X34SP_G21 /just turned 18/i full __X34SP_G22 /bitch/i full __X34SP_G23 /check out.*pictures/i full __X34SP_G24 /notrequotidien/i full __X34SP_G25 /a\$\$/i full __X34SP_G26 /butt.*picture/i full __X34SP_G27 /panties/i full __X34SP_G28 /f\@ck/i full __X34SP_G29 /dildo/i full __X34SP_G30 /casalemontondo/i full __X34SP_G31 /XXdirtyXX/i full __X34SP_G32 /swallow.*jizz/i full __X34SP_G33 /\bjizz\b/i full __X34SP_G34 /tricolor-obninsk/i full __X34SP_G35 /hot blonde/i full __X34SP_G36 /hot body/i full __X34SP_G37 /nymphomaniac/i full __X34SP_G38 /stankostroy/i full __X34SP_G39 /HotSex/i full __X34SP_G40 /virgin.*pussy/i full __X34SP_G41 /\bc\+m\b/i full __X34SP_G42 /boobs/i full __X34SP_G43 /Hot.*Msg/i full __X34SP_G44 /cock/i full __X34SP_G45 /soliscontracting/i full __X34SP_G46 /pleasure/i full __X34SP_MAILARRAY /From:.*mailarray.34sp/i full __X34SP_TINYURL /tinyurl\.com/i full __X34SP_BITDO /bit\.do/i full __X34SP_BF1 /FREE\@mx/i full __X34SP_BF2 /FLY\@mx/i full __X34SP_BF3 /TICKETS\@mx/i full __X34SP_BF4 /Voucherclub.tesla\@mx/i full __X34SP_BF5 /\*customer-services\*\*\@mx/i full __X34SP_BF6 /winner\@approved/i full __X34SP_BF7 /Mini\@mx/i full __X34SP_BF8 /Cooper\@mx/i full __X34SP_BFF1 /From:\ Cooper$/i full __X34SP_BFF2 /From:\ Mini$/i full __X34SP_BFF3 /From:\ \*\*customer-services\*\*$/i full __X34SP_BFF4 /From:\ Voucherclub.tesla/i full __X34SP_BFF5 /From:\ TICKETS$/ full __X34SP_BFF6 /FROM:\ FLY$/ full __X34SP_BFF7 /FROM:\ FREE$/ full __X34SP_BFF8 /FROM:\ THE$/ full __X34SP_BFF9 /FROM:\ RyanAir$/ full __X34SP_BFF10 /FROM:\ GOLF$/ full __X34SP_BFF11 /FROM:\ WINNER$/ full __X34SP_BFF12 /FROM:\ team$/ full __X34SP_BFF13 /FROM:\ organizing$/ meta X34SP_MAILARRAY_KNOWNFROM __X34SP_MAILARRAY && (__X34SP_BF1 || __X34SP_BF2 || __X34SP_BF3 || __X34SP_BF4|| __X34SP_BF5|| __X34SP_BF6|| __X34SP_BF7|| __X34SP_BF8) describe X34SP_MAILARRAY_KNOWNFROM probable spoofed From address score X34SP_MAILARRAY_KNOWNFROM 5 meta X34SP_MAILARRAY_KNOWNFROM_NO_DOMAIN (__X34SP_BFF1 || __X34SP_BFF2 || __X34SP_BFF3 || __X34SP_BFF4|| __X34SP_BFF5|| __X34SP_BFF6|| __X34SP_BFF7 || __X34SP_BFF8 || __X34SP_BFF9 || __X34SP_BFF10 || __X34SP_BFF11 || __X34SP_BFF12 || __X34SP_BFF13) describe X34SP_MAILARRAY_KNOWNFROM_NO_DOMAIN probable spoofed From address with no domain using identified keywords score X34SP_MAILARRAY_KNOWNFROM_NO_DOMAIN 5 meta X34SP_MAILARRAY_SHORTURL __X34SP_MAILARRAY && (__X34SP_TINYURL || __X34SP_BITDO) describe X34SP_MAILARRAY_SHORTURL Spoofed From address using a url shortner in body score X34SP_MAILARRAY_SHORTURL 5 meta X34SP_MAILARRAY_SHORTURL_INVALID_FROM __FROM_ADDR_WS && (__X34SP_TINYURL || __X34SP_BITDO) describe X34SP_MAILARRAY_SHORTURL_INVALID_FROM Invalid From Address using a url shortner in body score X34SP_MAILARRAY_SHORTURL_INVALID_FROM 5 full ABUSE_EMAILS_REPLYTO /reply_to\@job2\.3utilities\.com|reply_to\@online-shoppers\.shop|reply_to\@whynotme\.sytes\.net|reply_to\@job1\.servebeer\.com|reply_to\@adam.\.servequake\.com|reply_to\@adam.\.servehttp\.com|reply_to\@home-improv\.space|reply_to\@testnew.\.servebeer\.com/i describe ABUSE_EMAILS_REPLYTO Regularly seen abuse score ABUSE_EMAILS_REPLYTO 11 #meta X34SP_Multiple_adult_spam_words1 __X34SP_G15 && __X34SP_G16 && __X34SP_G9 && __X34SP_G17 #describe X34SP_Multiple_adult_spam_words1 Multiple adult spam words #score X34SP_Multiple_adult_spam_words1 10 meta X34SP_More_than_3_adult_words (( __X34SP_G1 + __X34SP_G2 + __X34SP_G3 + __X34SP_G4 + __X34SP_G5 + __X34SP_G6 + __X34SP_G7 + __X34SP_G8 + __X34SP_G9 + __X34SP_G10 +__X34SP_G11 + __X34SP_G12 + __X34SP_G13 + __X34SP_G14 + __X34SP_G15 + __X34SP_G16 + __X34SP_G17 + __X34SP_G18 + __X34SP_G19 + __X34SP_G20 + __X34SP_G21+ __X34SP_G22 + __X34SP_G23 + __X34SP_G24 + __X34SP_G25+ __X34SP_G26 + __X34SP_G27 + __X34SP_G28 + __X34SP_G29 + __X34SP_G30+ __X34SP_G31 + __X34SP_G32 + __X34SP_G33 + __X34SP_G34+ __X34SP_G35 + __X34SP_G36+ __X34SP_G37 + __X34SP_G38 + __X34SP_G39 + __X34SP_G40+ __X34SP_G41+ __X34SP_G42+ __X34SP_G43 + __X34SP_G44 + __X34SP_G45 + __X34SP_G46) >3) describe X34SP_More_than_3_adult_words Lots of adult words found in email score X34SP_More_than_3_adult_words 2 meta X34SP_More_than_4_adult_words (( __X34SP_G1 + __X34SP_G2 + __X34SP_G3 + __X34SP_G4 + __X34SP_G5 + __X34SP_G6 + __X34SP_G7 + __X34SP_G8 + __X34SP_G9 + __X34SP_G10 +__X34SP_G11 + __X34SP_G12 + __X34SP_G13 + __X34SP_G14 + __X34SP_G15 + __X34SP_G16 + __X34SP_G17 + __X34SP_G18 + __X34SP_G19 + __X34SP_G20 + __X34SP_G21+ __X34SP_G22 + __X34SP_G23 + __X34SP_G24 + __X34SP_G25+ __X34SP_G26 + __X34SP_G27 + __X34SP_G28 + __X34SP_G29 + __X34SP_G30+ __X34SP_G31 + __X34SP_G32 + __X34SP_G33 + __X34SP_G34+ __X34SP_G35 + __X34SP_G36+ __X34SP_G37 + __X34SP_G38 + __X34SP_G39 + __X34SP_G40+ __X34SP_G41+ __X34SP_G42+ __X34SP_G43 + __X34SP_G44 + __X34SP_G45 + __X34SP_G46) >4) describe X34SP_More_than_4_adult_words Lots of adult words found in email score X34SP_More_than_4_adult_words 10 meta X34SP_gaycommunity_spam __X34SP_G1 && __X34SP_G2 && __X34SP_G3 && __X34SP_G4 && __X34SP_G5 describe X34SP_gaycommunity_spam Spammy emails mentioning gaycommunitynetwork.org score X34SP_gaycommunity_spam 10 meta X34SP_gaycommunity_spam2 __X34SP_G5 && __X34SP_G6 score X34SP_gaycommunity_spam2 10 meta X34SP_gaycommunity_spam3 __X34SP_G5 && __X34SP_G7 score X34SP_gaycommunity_spam3 10 meta X34SP_gaycommunity_spam4 __X34SP_G5 && __X34SP_G8 score X34SP_gaycommunity_spam4 10 meta X34SP_gaycommunity_spam5 __X34SP_G5 && __X34SP_G9 score X34SP_gaycommunity_spam5 10 # GMAIL & HOTMAIL SEO SPAM USING META RULES header __GMAIL_HOTMAIL_SPAM_FROM From =~ /\@gmail\.com|\@hotmail\.com|\@outlook\.com/i body __GMAIL_HOTMAIL_SPAM_BODY /india|seo proposal|seo quote|top ranking guaranteed|front page of google|top in google|google 1st page|guaranteed 1st page|top rankings on google|top ranking on google|top rank in google|top 10 positions in google|top 3 positions|1st ranking on google|1st page of google|1st page on google|1st position in Google|google page 1|ranking proposal/i meta GMAIL_HOTMAIL_SPAM __GMAIL_HOTMAIL_SPAM_FROM && __GMAIL_HOTMAIL_SPAM_BODY score GMAIL_HOTMAIL_SPAM 15 full X34SP_GOOD_EMAILS /trac\@34sp\.com|svn\@34sp\.com/i describe X34SP_GOOD_EMAILS Known emails that create false positives score X34SP_GOOD_EMAILS -15.00 #allow emails from support@34sp.com to go through regardless full ALLOW_EMAIL /support\@34sp.com/i describe ALLOW_EMAIL Email from 34SP Support score ALLOW_EMAIL -100 #regularly seen abused spammers just give them a nudge up full ABUSE_EMAILS /petermorehook\@hotmail\.com|celestine\@ebt-consultancy.london|blohinoleg1\@gmail.com|simon\@bowaterprice.com|info\@monkeyisland.co.uk|sales\@qlic.co.uk|cdh\@thevillagehouse.info/i describe ABUSE_EMAILS Regularly seen abuse score ABUSE_EMAILS 2 full ABUSE_EMAILS_HIGH /mrsgrace_jhonson\@yahoo.com|Blawuk.services\@aol.com|Banjokolawuk\@gmail.com|hansrekan\@outlook\.com/i describe ABUSE_EMAILS_HIGH Regularly seen abuse score ABUSE_EMAILS_HIGH 11 full X34SP_SPAMDOMAINS /organic-traffic-forever.xyz|airbreeze.asia|email-iod.com|lilyswillingplace.win|tbjoff.samsallfood.win|aciclove.xyz|perminuti.xyz|url-de-test.ws|slurp.dk|kancelariaprelex.com|kisses.website|www.mmassistenciatecnica.com.br|www.planejournal.com|www.matinsa.info|www.progenericos.org.br|shopkama.ru|flavorsandtraditions.com|ots.edu.vn|pomogite.net|keystoneteleservices.com|baggaenterprises.com|indymodern.com|shipvevn.com|cmandson.com|1.pochodne.com|inspirationalproducts.co.uk|moteyi.com|kedge.in|xn--ehq78xdf.com|winerabble.com|webftp.puntomagenta.com|usg.ckd-communication.fr|uroczyskokarpiowe.pl|trungdung.vn|travelplus.ph|seikoimoveis2.hospedagemdesites.ws|relis1.soldo222.com|proximalucca.it|ppe\.vn|lensa-indonesia.web.id|efekt-trans.pl|coralclub.soldo222.com|clipshare.ga|brukpol-nowak.pl|cems-crm.com|filmyani\.com/i describe X34SP_SPAMDOMAINS Domain name seen in spam emails regularly score X34SP_SPAMDOMAINS 10 full X34SP_SPAMDOMAINS2 /supply\.vrvono\.com|heathergjerde.com|colibricode.com|\.taxbastard.com|\.hostilemarkets.com|\.basim.biz|\.wiencek.me|\.ziplinecusco.com|\nightofthelivingdead.org|witvipokgen.com|\.theofficeawards.com|\.thetrainingspot.com|\.jsbusinesses.com|\.whitney-cellars.com|\.buysellhouseshouston.com|\.xbarxranch.com|\.alpha-lyrae.us|\.thephotobeast.com|\.accentwindowwellcovers.com|\.exumayoga.com|cprcustomsdurango.com|\.wwwservicesinc.com|official.imrice.org|big.exumayoga.com|enza.deckofcardz.com|majority.jillderoode.com|kcajobvbkj4bsjhgciqj5f.xn|full.bibleofbrass.com|pass.essentialhealthinstitute.com|eliseslittlepieces.com|acsairconditioning.com|brookewert.com|dev.halaldejt.se|ceciliamoya.cl|fourbloodmoons.net|kurumsalatolyeler.com/i describe X34SP_SPAMDOMAINS2 Domain name seen in spam emails regularly score X34SP_SPAMDOMAINS2 10 full X34SP_SPAMDOMAINS3 /candonama\.com|tax-service-gov\.uk|ondro.eu|thewtfshow.com|grl.org.uk|reraisegaming.com|hoangdatstone.com|le-intl.com|lacasadegoethe\.org/i describe X34SP_SPAMDOMAINS3 Domain name seen in spam emails regularly score X34SP_SPAMDOMAINS3 10 full X34SP_HIGH_SPAM_SENDER /sales\@qlic.co.uk/i score X34SP_HIGH_SPAM_SENDER 2 full X3SP_BADDOMAINS /vipsalemaster.ga|vipsalemaster.tk|avilainteligencia.com|bellihair.com|pedroycati.com|en.inner-active.com.cn|davezak.com/i describe X3SP_BADDOMAINS Regularly seen abuse score X3SP_BADDOMAINS 10 full X34SP_BADHELO /blog.rebkow.pl|helo=sdh|helo=lrhm|helo=myltytt|helo=zehxd|helo=xombcvisz|helo=vjck|helo=cod.ege49.ru|helo=llm.im|helo=academiavotorantim.com.br|helo=lucfalva.hu|helo=webshark.ca|helo=www.maslatourlavail.com|helo=llm.im|helo=int-tezak.info|helo=luxwatches.pl|helo=giayphepkd.com|helo=168.228.130.28|helo=acceltech.co.in|helo=grl.org.uk|helo=www.amazoniasocioambiental.org|helo=niva-2.ru/i describe X34SP_BADHELO Regularly seen abuse score X34SP_BADHELO 10 full X34SP_BADHELO2 /helo=hermle-rus.ru|helo=mtechn.ru|helo=reualjames.com|helo=lakedistrictmaps.com|helo=kingofthecourts.net|helo=makham.chanthaburi.doae.go.th/i describe X34SP_BADHELO2 Regularly seen abuse score X34SP_BADHELO2 10 full X34SP_RANDOM_GIBBERISH /krutylmee|mkhwrglac|bvwvhffjszlmqft|cjvomyfudfynyd|Kw2QWVkjxjql|ewuypmbvacc|qvpvsyigyeqryxyagfhy|ptzurqlbmdbqvyn|tcziflz|luorcgktesc|fkxaihayw|indmrzfgnxbwldrd|mjgyqystwkwtvl|dcrhklpewhphhdjp|ikljjjdrc|jxkjvjxgkzjzmey|cmhvuuwyjw|tkwmqqtynussqywzrai|prhmb|cgsdtzkq|ekpriljqsv|mjmmxgfoipmfvu|kqneiocymzp|awjovdyvjpoid|wbjsboqledvyglc|qxqzrofcxzcozbhy|tjtjsqsfkegf|fbljw|dkluuntpqnctwamc|qufjjcol|swdurtjylrtqedybbu|rqhgpry|kswwjywvrjmrpbhz|lajvjjw/i describe X34SP_RANDOM_GIBBERISH Random Gibberish Text 1 score X34SP_RANDOM_GIBBERISH 5 full X34SP_HRMANAGER /Reply-To:.HR.manager.*gmail/i describe X34SP_HRMANAGER Regular spam reply to score X34SP_HRMANAGER 6 full X34SP_REPLYME /Reply-To:.*krasaa24\@gmail.com|Reply-To:.*warmsun861\@gmail.com|Reply-To:.*ssuunlightt\@gmail.com|Reply-To: Mufutau Shepherd|Reply-To: Sweety.*gmail.com/i describe X34SP_REPLYME Known spam replyto score X34SP_REPLYME 7 header X34P_ALREADY_MARKED_SPAM Subject =~/\{Spam\?\}|[SPAM]\ 1/i describe X34P_ALREADY_MARKED_SPAM already has spam markers trying to bypass spam checks score X34P_ALREADY_MARKED_SPAM 1 full X34SP_KNOWN_SPAMTRAPS /jbz\@finaledgedev.com/i describe X34SP_KNOWN_SPAMTRAPS Known spamtraps - should not have email being sent too them score X34SP_KNOWN_SPAMTRAPS 10 #full X34SP_BADURLS /http.*\..*\..*\/should-try|http.*\..*\..*\/the-most-effective|http.*\..*\..*\/brandnew|http.*\..*\..*\/awesome-thing|http.*\..*\..*\/breakingnews|http.*\..*\..*\/speechless\ #describe X34SP_BADURLS General spam links #score X34SP_BADURLS 5 full X34SP_PHISH34SP /auth-pagment-regis-ter\.chocolats-delices-des-sens\.com/ describe X34SP_PHISH34SP Spam trying to pose as 34SP.com score X34SP_PHISH34SP 100 header BIG_TO_CC ToCc =~ /(?:[^,\@]{1,60}\@[^,]{4,25},){10}/ describe BIG_TO_CC Sent to 10+ recipients instaed of Bcc or a list score BIG_TO_CC 5 header SUBJECT_NUM1ONLY Subject =~ /^1$|{Spam\?}\ 1/ score SUBJECT_NUM1ONLY 3 full X34SP_COLLECTED_KNOWN_BAD_AUTH /X-Authenticated-As: chief\@urbansedated.com|X-Authenticated-As: chris1810\@cphodgson.co.uk|X-Authenticated-As: jon\@pigeonmilk.com|X-Authenticated-As: nicos|X-Authenticated-As: info\@super8cynics.com|X-Authenticated-As: jayscott\@scottsofstratford.co.uk|X-Authenticated-As: wayne\@bmw-accountants.com|X-Authenticated-As: photo\@richardheeps.co.uk|X-Authenticated-As: salma\@salmaalam.com|X-Authenticated-As: alan.daniel\@cdk.co.uk|X-Authenticated-As: emily\@grizzlymedia.tv|X-Authenticated-As: allan\@nyadach.com|X-Authenticated-As: dan\@theuglytree.co.uk|X-Authenticated-As: info\@shadow-technologies.net|X-Authenticated-As: linkedin\@petemachine.co.uk|X-Authenticated-As: nigelmunro\@nigelmunro.co.uk|X-Authenticated-As: info\@rkgconsulting.com|X-Authenticated-As: katie\@sojoyful.com|X-Authenticated-As: contact\@tetejewellers.com|X-Authenticated-As: jayenne|X-Authenticated-As: abbi\@savethedatemagazine.co.uk/ describe X34SP_COLLECTED_KNOWN_BAD_AUTH Authentication Abused Regularly score X34SP_COLLECTED_KNOWN_BAD_AUTH 5 full X34SP_DRUG /Here is your private.*premium certificate|Erectile dysfunction.*men.*death/ describe X34SP_DRUG Other drug spam score X34SP_DRUG 4 rawbody X34SP_COPYRIGHT_NOSPACE /.*Copyright...2010–2016\. All rights reserved\..*/ describe X34SP_COPYRIGHT_NOSPACE Old copyright with no spacing either side score X34SP_COPYRIGHT_NOSPACE 1 ##rules taken from https://www.pccc.com/downloads/SpamAssassin/contrib/KAM.cf #SEXUALLY EXPLICIT EMAILS - With updates courtesy of Mark Damrose header __KAM_SEX_EXPLICIT1 Subject =~ /SEXUAL{2,3}Y[-_, ]{0,1}EXPL{1,2}I{1,2}CI{1,2}T/i #EXPANDED TO INCLUDE HEADERS FOR SPAMS PREVALENT MAR 2007 header __KAM_SEX_EXPLICIT2 Subject =~ /(?:fuck .*suck|suck .*fuck|pussy .*cock|cock .*pussy|horny amateur|couch sex|slut fuck|naked celebrity|pissing babes|ass[- ]fuck|animal cock|(^|\b)P.O.R.N |exposes sexy ass|drunk babe nude|masturbate|looking.for.sex|breast.implants|pedophile|child predator|explore.being.bad|double.penetration|hardcore.slut|getting.laid|your.disco.stick|having.sex.*begging|f.ckbook|xxx gay|asian porn|blowjob|anal xxx|huge tits tube|xxx tube|porn tube|porn video|sexy.clip|portal for xxx|3d porn|hard(er)?.erect)|dreaming of f.?cking|(^|\b)sex.in.the.car|horny.virgin|sex.acts|best.intercourse|sex request|dripping wet and need to get/i header __KAM_SEX_EXPLICIT3 From =~ /(?:better sex|sextrick|ashleymadison|booty.call|breast.(aug|surg|redu)|throbing.member|f[\*u]?ckbook|Local MILFs)/i #MODIFIED TO FIX FP THANKS TO DOC SCHNEIDER AND MARK MARTINEC - REMOVED castrate|sexual.encounter|casual.sex|discreet.encounter 5/19/15 body __KAM_SEX_EXPLICIT4 /(?:fucked hardcore|dildoes her tight ass|kinky watersports|schoolgirls? slut|teens? porn|first anal(\b|$)|pussy lips|kinky lesbian|sucks? cock|rub puss|spreads? cunt|fetish babe|kinky pee|muffdived \& fuck|deepthroat on knees|hello.naughty.boy|certain.type.of.guy|girlfriend.trick|sexual.stamina|sex...toy|porn.link|cunt.fuck|c-o-c-k|non.stop.sex|porn.industry|stronger.erection|make.her.moan|extreme.pro.abortion|erection.problem|your.erection|get.an.erection|hardest.erection|get.erect|xxx gay|asian porn|blowjob porn|anal xxx|huge tits tube|xxx tube|porn tube|fuckbook|portal for xxx|3d porn|DrPEnterprise|girlfriends.porn|\bsex.galler|pussy.eaten|shemale|anal.adventure|black.girls.video|gay.porn|pussy.wet|make.her.horny|crave sex|women.fuck|women.horny|wanting.to.bang|getting.laid.is.simple|woman.on.her.knees|b r e a s t|generic.ed.product|best.sex|f[^a-z]cking.you|f[^a-z]ckbuddy|F\#ckFriends|Milf Selfies|need.a.horny.man|cute.sex.lover|horny.as.f.ck|fun.in.the.bedroom|my.tits.are|be.horny|horny.girl|horny.i.am|horny.latina|huge.dildo|made.me.climax|sex in my office|a.good.f\@ck|married.horny.woman|sucked.your.d\@ck|horny.milf|suck.you.off|horny.stories|all.my.h[o0]les|cum.heavily|sucking.your.c[o0]ck|to.get.f[^a-z]cked)|h00kup|s\*xy|h0rny|ch0ked|pu\$\$y|f\*cked|F\#ck|F\*ck_/i header __KAM_SEX_EXPLICIT5 Subject =~ /(?:Babe.*dildo|milk.*pussy|licks.*lesbian.*tits|mud.*wrestling.*sluts|rock.*hard.*cock|working.*pussy|(anal|suck|lick|hot|cock|wife).*f.?u.?c.?k|sneaky.*upskirt.*shots|hairy.*(pussy|cunt)|chicks.*cum|shows.*off.*titties|tits.*milf.*sex|riding.*big.*dick|dildo.*pussy|slut.*sex|suck.*dick|show.*off.*pink.*slit|coed.*pussy|squirt.*pussy|polish.*cock|femdom.*fist|schoolgirl.*(f.?u.?c.?k|blowjob)|mistress.*finger.*slave|cervix.*examined|tits.*vibrator|licks.*lesbian|slut.*anal|slurp.*pecker|master.*hogtie|bitch.*stroke.*guy|huge.*cock.*bang|take.*dick.*ride|milf.*nailed|girl.*in.*panties|Slut.*Doing.*it|barely.*legal.*teen|perverted.*girl.*works.*ass|slut.*milking|caught.*fucking|F.?u.?c.?k.*(dick)|shemale.*strips|chick.*drilled|\bass.*screw|teen.*pussy|fucked.*hard|bimbo.*hooter|cuntbanged|tittyfucked|fuck.*cock|blowing and nailed|lesbians.*masturbat|shaking wet booty|pussy.*lip|lick.*asshole|kinky lesbian|suck.*cock|rub puss|tits.*cunt|kinky pee|fetish babe|exposes sexy ass|drunk babe nude|muff.*fuck|cock.?suck.*blonde|fuck.*vibrator|threeway.*orgy|sex.life.*new.level|your.sex.life|hotsex|f.cktonight|my.?pu[s\$]{1,5}y|InstaSext|SnapHookup|InstaAffair|InstaHookup|SexiSnap|SnapF.ck|snapbangmsg)/i meta KAM_SEX_EXPLICIT (__KAM_SEX_EXPLICIT1 + __KAM_SEX_EXPLICIT2 + __KAM_SEX_EXPLICIT3 + __KAM_SEX_EXPLICIT4 + __KAM_SEX_EXPLICIT5 >= 1) describe KAM_SEX_EXPLICIT Subject or body indicates Sexually Explicit material score KAM_SEX_EXPLICIT 16.0 #SOLICITING AFFAIR SPAM header __KAM_SEX_AFFAIR1 Subject =~ /Have an affair|Your Affair is Waiting|sick of your wife|find you a girlfriend/i header __KAM_SEX_AFFAIR2 From =~ /Ashley.?Madison|Let's have fun/i rawbody __KAM_SEX_AFFAIR3 /have an affair|ashleymadison/i rawbody __KAM_SEX_AFFAIR4 /looking.for.affair/i meta KAM_SEX_AFFAIR (__KAM_SEX_AFFAIR1 + __KAM_SEX_AFFAIR2 + __KAM_SEX_AFFAIR3 + __KAM_SEX_AFFAIR4 >= 2) describe KAM_SEX_AFFAIR Subject or body soliciting an affair score KAM_SEX_AFFAIR 8.0 #LOTTO CRUD body __KAM_LOTTO1 /((you |e-?mail )(?:address,? )?(has |have )?(emerged as one of (the|our) winning|emerged as a category "A" Winner|came out as the winning coupon|emerged a winner|has won|(?:was |is )?attached( to)?\s+(winning number|serial|ticket|reference)|was one of the ten winners|has been selected as one of the lucky)|random selection in our computerized email selection system|procuring your prize|email id identified with coupon|e-mail addresses are picked randomly|send your winning identification|final recipients? of a cash|selected as the one of the beneficiaries|receiving your donation)/is body __KAM_LOTTO2 /((ticket|serial|lucky) number|secret pin ?code|pin number|batch number|reference number|promotion date|lottery|sweepstake|\d+ lucky recipients|for claim and inquiring)/is body __KAM_LOTTO3 /(won|claim|cash prize|pounds? sterling|over \$500|award sum of US\$|NOTIFICATION FOR CASH AID)/is body __KAM_LOTTO4 /(claims (office|agent|manager)|lottery coordinator|(certificate|fiduciary) (officer|agent)|fiduaciary claims|accredited agent|payment agency board|promotion manager|promotions? department|Name of +Agent:|executive secretary|claims & Management|lottery approved courier|promo.team)/is body __KAM_LOTTO5 /(POWERBALL LOTTO|freelotto group|Royal Heritage Lottery|(British|UK) National( Online)? Lottery|U\.?K\.? Grand Promotions|Lottery Department UK|Euromillion Loteria|Luckyday International Lottery|International Lottery|Euro - Afro Asian Sweepstake|urawinner|Free Lotto Sweepstakes|PROMOTION DEPARTMENT|PROMOTION\/PRIZE AWARD|Nederlandse Internationale Loterij|EURO MILLIONS|APPLE LOTTERY ONLINE|MSW MEGA JACKPOT|MICROSOFT EMAIL PROMO|MSNlottery|ECOWAS|Nigeria|National Lottery|claim.{1,10}your.gbp|won.you.{1,10]gbp)/is body __KAM_LOTTO6 /(Dear (Award|Consultation Prize|Lucky) Winner|Winning Notification|Attention:Winner|Dear:? Winner|Amount won:|Sincere Congratulations|Lucky Numbers:|you are a winner|prize attached|prize notification|claims requirement|winning number|winning sum|payout of|qualification number)|attached.file|numbers.on.email/is header __KAM_LOTTO7 Subject =~ /(Your Lucky Day|Final Notice|CONGRATULATION|(Attention:|ONLINE) WINNER|Winning Notification|Claim Fund|YOU HAVE WON|Online Notification|Your Winning Amount|PROMOTIONS MANAGER|Winnin?g Alert|NOTICE FOR YOUR CLAIM|WINNER|Reference Number)/i header __KAM_LOTTO8 From =~ /Lottery|powerball|western.union/i header __KAM_LOTTO9 Subject =~ /\d{3},\d{3}|eligibility.for.claims|promo.desk|deserves.\$\d/i meta KAM_LOTTO1 (__KAM_LOTTO1 + __KAM_LOTTO2 + __KAM_LOTTO3 + __KAM_LOTTO4 + __KAM_LOTTO5 + __KAM_LOTTO6 + __KAM_LOTTO7 + __KAM_LOTTO8 + __KAM_LOTTO9 >= 3) describe KAM_LOTTO1 Likely to be an e-Lotto Scam Email score KAM_LOTTO1 0.5 meta KAM_LOTTO2 (__KAM_LOTTO1 + __KAM_LOTTO2 + __KAM_LOTTO3 + __KAM_LOTTO4 + __KAM_LOTTO5 + __KAM_LOTTO6 + __KAM_LOTTO7 + __KAM_LOTTO8 + __KAM_LOTTO9 >= 4) describe KAM_LOTTO2 Highly Likely to be an e-Lotto Scam Email score KAM_LOTTO2 1.0 meta KAM_LOTTO3 (__KAM_LOTTO1 + __KAM_LOTTO2 + __KAM_LOTTO3 + __KAM_LOTTO4 + __KAM_LOTTO5 + __KAM_LOTTO6 + __KAM_LOTTO7 + __KAM_LOTTO8 + __KAM_LOTTO9 >= 5) describe KAM_LOTTO3 Almost certain to be an e-Lotto Scam Email score KAM_LOTTO3 2.0 #EMAIL ADVERTISING body __KAM_ADVERT1 /email advertising|\d{3}%.roi/is body __KAM_ADVERT2 /instant traffic (to your website|and sales)|demand.generation/is body __KAM_ADVERT3 /Email Ad Broadcast|Double OPT IN list|making.some.changes/is header __KAM_ADVERT4 Subject =~ /(get (instant|more) (sales|business|orders)|instant traffic, leads and sales|within 24 hours|increase in business|Ten Time Increase in Sales and Traffic|Emails Sent to Get You Sales)|sales.goal/i meta KAM_ADVERT (__KAM_ADVERT1 + __KAM_ADVERT2 + __KAM_ADVERT3 + __KAM_ADVERT4 >= 4) describe KAM_ADVERT Mailing List Scammers Hawking Their Lists / Services score KAM_ADVERT 2.5 #MYSTERY SHOPPER body __KAM_SHOP1 /chosen to participate as a Mystery Shopper/is body __KAM_SHOP2 /Do you like to shop/is body __KAM_SHOP3 /make money while you shop/is meta KAM_SHOP (__KAM_SHOP1 + __KAM_SHOP2 + __KAM_SHOP3 >= 3) describe KAM_SHOP Mystery Shopper Scams score KAM_SHOP 2.0 #WEIGHT LOSS body __KAM_WEIGHT1 /(overweight|extra weight|glutting|shed fat|burns fat|burn calories|appetite suppressant|stimulate your metabolism|unwanted weight|duet of the year|healthy energy boost|Suppresses Appetite|internal cleansing|detoxify|cellulite|unsightly bulges|fat burn|Diet of the year|acai|cuts cholesterol|cleanse excess waste|free sample|unwanted weight|Acai suppl[ie]ments|Diet\/Detox|\#1 Weight Loss|lose body fat|(lose|drop) (about )?\d+\s*[li]b|calorie burning machine|before eating carbs)|flush.fat.away|slimming.down|\d+.pounds.gone|lose.\dx|highest.rated.episode|unwanted..?gain|too.goo?d.to.be.true|get.slim|tv.segment|weird.solution/is body __KAM_WEIGHT2 /(\d pounds|lose[_ ]weight|suppress appetite|appetite out of control|Oprah|for cancer patients|colon cure|colon cleanse|colonmate|avai berry|acai burn|ultraslim|feel energized|excess[_ ]weight|no diet changes|no exercise|hollywood'?s hottest -?diet|acai berry edge|Acai Diet|top secret diet|Power HCG|Sensa|shocking method|Jennifer Aniston|before eating carbs|all natural weight.?loss|green fruit|top celeb's diet)|one.secret|enjoying.food|f-a-t|melt.fat|squeeze into them|crazy.workout|celebs.everywhere|zero.effort|nothing.to.lose/is header __KAM_WEIGHT3 Subject =~ /(leaner|slimmer|stop gaining weight|fat loss|weight management|now available without a script|wuYi tea|(drop|lost|shed|knocked) \d+.?(pounds|[li]bs?)|FRS Healthy Energy|instant diet|colonmate|trimmer you|body cleanse|acai berry|acai burn|Fatburner|cholesterol reduction|cholestapro|Ephedra|W[EA]IGHT[- ]LOSS PRODUCT OF THE YEAR|t-r-i-a-l|try our trial|cleanse your system|no exc?ercise|Acai Advanced|toxic sludge|cleanse your body|Acai Diet|Acai Elite|Acai Super|losing weight fast|weight loss|detox product|Power HCG|Weight Loss System|shocking (?:weight|weihgt) loss)|before eating carbs|all natural weight.?loss|eat this fruit|Jennifer An+iston's secret|drop.\d.dress.sizes|fat.burning|burn..?fat|get.slim|drop.the.weight|(drop|shed).[li]bs?|move.\.*.?the scale|step.by.step|drop..?pounds|perfect.body|lose.the.weight|half.my.size|special.nutrition|workout|skinny|simple.way|to.get.slim|workout.for.the..?lazy|start.losing.weight|melt.fat|celebs.boycott|celebs.did|overeating|without.any.effort|doctors.tv|oprah|results.are.in|as.seen.on|slim.?spray|zero.effort/i rawbody __KAM_WEIGHT4 /shocking method|Jennifer Aniston|nationally known|never.seen.anything.like.this|unusual.(new.)?tip|your.metabolism|need.a.boost|this.is.not.a."?(joke|hoax|fad|trend)|no working out|no starving|a trimmer you|celebrity.doctor|seen.on.(cnn|abc|cbs)|\d+%.?off|oprah.and.celeb|beer.belly|thunder.thigh|flush.fat.fast|get.skinny|Women's Health|dress.size|feel.good|physical.activity|starving|hit.a.plateau|flat.belly|brakes on your appetite/i header __KAM_WEIGHT5 From =~ /celeb.weightloss|no.work.workout|(drop|shed).pounds|(drop|shed).\d+[il]bs?|inches off|your.waist|nutrisystem|fat.burn|magic.slim|slim.pack|get.?slim|overweight|becomingslim|slimmer|skinny.tee|flush.fat|slimming.down|hot.trend|curves.?\dweek|stubborn.fat|\d+.pounds|look.great|lazy.workout|bikini|fit.community|slim.?spray|shave.off.(the.)?(pound|lb)|f-a-t|fit.in.\d+.day|days.to.slim|oprah|belly|biggestloser/i #ANATRIM / GREEN TEA / CORTITHERM / ETC body __KAM_ANA1 /(anatrim|Green ?Tea|cortitherm|PHENTERTHIN|Phentremine|Acai Ultra|Civ-xR|WuYi Tea|Wu-?Yi Source|FRS Healthy Energy|Acai Berry|Chinese secret|Ephedra|Cholestapro|ColonMedic|Pure Cleanse|AcaiBurn|Acai Elite|Garcinia|Chlorogenic Acid|green coffee)/i header __KAM_ANA2 From =~ /green ?tea|Ultra ?Energy|weight ?loss|colon? ?clean|colon ?aid|acai|As seen on|Garcinia|sensa/i meta KAM_ANA (__KAM_ANA1 + __KAM_ANA2 + (__KAM_OZ1 || __KAM_OZ2 || __KAM_OZ3) + __KAM_WEIGHT1 + __KAM_WEIGHT2 + __KAM_WEIGHT3 + __KAM_WEIGHT4 + __KAM_WEIGHT5 + KAM_FDA + (__KAM_HTML1 || KAM_INFOUSMEBIZ) >= 3) describe KAM_ANA Likely Weight-loss / Medical Spam score KAM_ANA 3.5 meta KAM_ANA2 (__KAM_ANA1 + __KAM_ANA2 + __KAM_OZ1 + __KAM_OZ2 + __KAM_OZ3 + __KAM_WEIGHT1 + __KAM_WEIGHT2 + __KAM_WEIGHT3 + __KAM_WEIGHT4 + __KAM_WEIGHT5 + KAM_FDA + (__KAM_HTML1 || KAM_INFOUSMEBIZ) >= 5) describe KAM_ANA2 Higher probability of Weight-loss / Medical Spam score KAM_ANA2 3.5 #EVEN MORE NIGERIAN SCAMS AND VARIANTS body __KAM_NIGERIAN1 /(?:payment officer|personal treasurer|experienced marketers|Chairman of the Finance Committee|contact my secretary|field of Financial Services|Head of Human Resources|Public Relation Officer|field of Business Services|payment agent|representing partner|vacancy in my company|representative\/book ?keeper|executor|search and selection of both experienced|retired chief economist|foreign partner|diplomatic courier|senior auditor|online book-?keeper)|in.your.country|united.state[^s]|states?.citizen|retired.ceo|nigeria|origin.finland|serious.illness|brain.(tumor|cancer)|former.minister|investment.partner|got.mugged|losing.my.(wife|only.son)/is body __KAM_NIGERIAN2 /(?:looking for dynamic representative|seek your partnership|new online business model|seek to transfer this money|completely legal activity|never ask you to pay or invest|in search of trustworthy representatives|establishing a new liaison network|rec[ei]{2}ving payment on our behalf|assist me in transferring those funds|make money at home|requiring rep to work on a part time|part time job\/full time|organization for the good work of the lord|job search directory|investor willing to invest in lebanon|invest in Real Estate|Your kind assistance|next of kin|gold.exportation|calgary.lotto)|oil.producing|import.firm|oil.and.gas|petroleum|asset.available|urgent.reply|(cash|credit.cards?|cell(.phone)?).(were|was).stolen/is body __KAM_NIGERIAN3 /(?:\d{1,2}\% (?:commission on each transaction|of the total will be set|will be mapped out|is made available to you|of the total sum for your partner|of the money for your effort|for\s+sales)|pay for performance|floating deficit|for your compensation|financial independence|their financial dreams|work from home part\s*-?\s*time|employing your services|get extra income|deduct your weekly salary \d\d%|transfer of the funds|make successful career at us|you will get \d{1,2}% on each|funds can be directed to your account as a grant|reasonable parentage|dormant domiciliary account|share would be \d+\%|pay you \d+%)|invest|have.a.sum|make.a.donation|immense.benefits|transact.a?.?business|company.sponsor|loan me \$/is body __KAM_NIGERIAN4 /(?:American oil merchant|independent contractor|removallink|claim the funds|international corporation|bank draft|becoming our contract staff|contractual employment|customers\s*in Europe,\s*America|new partner from UK|great investment site|money orders|cashiers check|access to the funds|piloting the business|moving the funds|next of kin|syrian.refugees|reply.for.detail)|security.reason|(his|her).account|new.investor|directly.beneficial|business.discussion|promise.to|need.to.spend/is body __KAM_NIGERIAN5 /Western Union Money Transfer|Money Gram|form of Money Orders|to apply for this job, please send the following|process our payments|not traceable|risk free transation|transfer to a designated bank account|inheritance return|my.inheritance|my.wealth|donation.to.you|out.of.country|charitable.trust/i meta KAM_NIGERIAN (__KAM_NIGERIAN1 + __KAM_NIGERIAN2 + __KAM_NIGERIAN3 + __KAM_NIGERIAN4 + __KAM_NIGERIAN5 + LOTS_OF_MONEY + __KAM_REFI4 >= 4) describe KAM_NIGERIAN Nigerian Scam and Variants score KAM_NIGERIAN 2.5 #SEXUALLY EXPLICIT RULES ROUND TWO - Fixed some FPs from Scunthorpe thanks to Stefan Morrell body __KAM_SEX1 /(?:double[ -]?headed|pornstar|huge weenie|male power|\d\dper\. of men|male enhancement product|enlarge patch|boost up your virility|clinically tested|improve manhood|Bigger Pen..is|Big Penis|incredible gains to your manhood|muscular manhood|nights unsatisfied|climaxes|sensual enhancer|love instrument|bigger member|excitement with girls|fucker|animal sex)|adds \d inches to your manhood|pussy licked|hard.erection/i body __KAM_SEX2 /(?:(\b|^)cunt(\b|$)|busty|interracial|hardcore|peni(s|le) enlarge|generic quality|enlarge your manhood|stone-hard manhood|XXL Dick|intense pleasure|spend a night with you|efficient medicine|turn on your wife|with your boner|dick dangl)|\d.(extra.)?inches.of.girth|best.sex/i header __KAM_SEX3 Subject =~ /(double dildo|bunsfuck|dominatrix|huge tits|anti-ED|most confident man|for men over 30|peni(s|le) enlargement|interracial gobble|bitch sucking dong|product actually does work|update your penis|mans mall|endurerx|more excitement|love package|add more fire|her best male|average guys|monster cocks|first anal|anal fucking|love with monsters|horse sex|be the stud)/i body __KAM_SEX4 /(?:bring your girlfriend back|satisfied with their size|penis so huge and heavy|more semen|volume of your loads|wondercum|ejaculate|bargain offers on medic|improve xxx|improve your lovemaking|youngest teen|teen pics|monster in his pants|(female|multiple) orgasms|extreme penetration)/i describe KAM_SEX Sexually Explicit SPAM / Penis Enlargement Scam score KAM_SEX 7.0 meta KAM_SEX (__KAM_SEX1 + __KAM_SEX2 + __KAM_SEX3 + __KAM_SEX4 + __HTML_IMG_ONLY + (__KAM_VIAGRA6A + __KAM_VIAGRA6E + __KAM_VIAGRA7A >= 1 && !__KAM_VIAGRA_FPS) >= 2) #STUPID PICTURE SPAMS body __KAM_PIC1 /(tired|bored) (this )?(today|tonight|evening|morning|afternoon)|saw your email address|online right now|can name me|found you on this site|I am alone|my next boyfriend|blonde with blue|like the girls|crush on you/is body __KAM_PIC2 /(nice girl|2\d years old|25 y.o. girl|pretty russian|I russian girl|age is 25|long legs, cute|see my pictures|I'm 19|searching for a bad girl|meet with such attractive|cute lady)/is body __KAM_PIC3 /like to chat|feelings can be true|like to have friendship|friendly guy|gave me your photos|waiting on you|found your pictures|send me a note|more information about you|text me ASAP/is body __KAM_PIC4 /(like to share some of my pics|some (?:great )?pictures of me|sending some of my pictures|To see my pic|hope you like my pic|will reply with my pics|show you some pic|chat with me and see|that's my photo)|will send you my pictures|view my profile|describe yourself|chat with me|bad girl|view your snapshot|want to watch video|erotic pics/is body __KAM_PIC5 /picture|photo|my pics|appended my pic/i describe KAM_PIC Share Pictures and Chat SPAM score KAM_PIC 3.5 meta KAM_PIC (__KAM_PIC1 + __KAM_PIC2 + __KAM_PIC3 + __KAM_PIC4 + __KAM_PIC5 + __KAM_PRIV3 >= 4) #YET MORE DRUG SCAMS body __KAM_DRUG1 /Quality and cheap|premier quality|supor-collosal mixture|Discount-?Pharmacy|hi.quality.drug/is body __KAM_DRUG2 /cheaper|redeem in bulk and save|bigger quantities and Save|drugstore accredi[dt]ations|economical (?:value|amount)|drug.online.supplies/is rawbody __KAM_DRUG3 /local drugstore|(hush-hush|secret) with no waiting rooms|confidential package|distributed securely|shape is our main concern/is body __KAM_DRUG4 /click to buy|no previous doctors direction|No prescript[oi]{2}n needed|no script necessary|medicine assistance supplier|mail[- ]?order medicine/is describe KAM_DRUG More Viagra, Medicine, et al Scams score KAM_DRUG 2.5 meta KAM_DRUG (__KAM_DRUG1 + __KAM_DRUG2 + __KAM_DRUG3 + __KAM_DRUG4 + __KAM_VIAGRA6A + __KAM_VIAGRA7A + KAM_REPLACE >= 4) #FREE TV, SATELLITE, CABLE INTERNET, ETC body __KAM_TV1 /watch unlimited television|DTV4PC|Online TV Code|Free DVD-CD Burner|100% legal|Rabbit TV|reliable.cable.service|existing.smart.tv/i body __KAM_TV2 /without a monthly fee|pay a cable or satellite bill|no monthly fee|watch uncensored|movies online|no censorship|favorite.channels|online.television|\d{3}.channels|high.speed|sysview/i header __KAM_TV3 Subject =~ /watch uncensored tv|digital TV|internet TV|Free TV|tv online for free|(shows|movies).with.cable|less.than.dish|stream.*channels|\$\d{2}.mo|smart.tv/i header __KAM_TV4 From =~ /Unlock Internet TV|Movie Download|product alert|cable.tv|tv.stream|high.speed/i meta KAM_TV (__KAM_TV1 + __KAM_TV2 + __KAM_TV3 + __KAM_TV4 >= 2) score KAM_TV 3.0 describe KAM_TV Free TV/Cable/etc. Scams #PILLS header __KAM_PILLS1 Subject =~ /save \d\d% on your (pills|drugs|medications)/i body __KAM_PILLS2 /be (thrifty|smart|clever), buy your (pills|drugs|medications)/i meta KAM_PILLS (__KAM_PILLS1 + __KAM_PILLS2 >=2) score KAM_PILLS 4.0 describe KAM_PILLS Spam for scam pharmacy #PILLS 2.0 header __KAM_PILLS2_1 From =~ /Enlarge|Men's Supplement/i header __KAM_PILLS2_2 From =~ /Free Sample/i meta KAM_PILLS2 (__KAM_PILLS2_1 + __KAM_PILLS2_2 >= 2) describe KAM_PILLS2 Male enhancement spams score KAM_PILLS2 2.5 #SEARCH ENGINE SPAM header __KAM_SEARCH1 Subject =~ /be seen first on (google|msn|yahoo)|get ranked high|rank high|(no cost|free) website (analysis|search engine)|WEBSITE PROMOTION|social media|blog leads|infotech|(first|1st)(.page)?.result|seo.service|seo.{1,30}expert|on.your.website|organic.seo|site.ranking|website.health/i body __KAM_SEARCH2 /search engine|SEO|bring.traffic|business.development/i body __KAM_SEARCH3 /(first on|all of) the major search|not ranked number one|Website promotion|popular keywords|mobile.website|complete.solution|back.link|india.based|surfing|not.ranking.on/i body __KAM_SEARCH4 /guaranteed type of exposure|free website search engine optimi|increase your revenue|improve your website traffice|website rank higher|marketing service|popular.keyword|media.presence|media.portal|brand.awareness|analytics.certified|optimized.content|white.label|website.optimization|digital.marketing|in.your.industry/i rawbody __KAM_SEARCH5 /Click2Call|a1-solutions|fast-response.net|action-pros.net|tops-1.com|vividinfotech.com|internet.marketing|web.solution/i meta KAM_SEARCH (__KAM_SEARCH1 + __KAM_SEARCH2 + __KAM_SEARCH3 + __KAM_SEARCH4 + __KAM_SEARCH5 >= 4) score KAM_SEARCH 5.0 describe KAM_SEARCH Spammers hawking SEO #SEO header __KAM_SEO1 Subject =~ /Idea for \[|can rank 1st on Google|Organic SEO|SEO (Solution|proposal)|integrated marketing|optimization.service/i body __KAM_SEO2 /(?:top|first page) (?:in|of) (?:Google|MSN|Yahoo|Bing)|rank number one|top page rank|guarantee you 1st|link.building/i body __KAM_SEO3 /never find your web site|major search engines|link.building|WEBSITE AUDIT REPORT|specific.keyword|targeted.email|visited.your.website/i body __KAM_SEO4 /No upfront fees|SEO Specialists|online marketing services|S.?E.?O.? Company in INDIA|google.panda|google.penguin|not.ranking/i body __KAM_SEO5 /more traffic guaranteed|results in thirty day|top 5 organic|high revenue|free.analysis|guaranteed.top/i body __KAM_SEO6 /will not get your website banned|Google.?s SEO policies|six month ongoing campaign|web.promotion/i uri __KAM_SEO7 /./ # LEGITIMATE SEO EMAILS WOULD SURELY HAVE AT LEAST ONE URL TO THEIR WEBSITE... meta KAM_SEO (__KAM_SEO1 + __KAM_SEO2 + __KAM_SEO3 + __KAM_SEO4 + __KAM_SEO5 + __KAM_SEO6 + !__KAM_SEO7 + __KAM_FREEMAIL + KAM_ADVERT2 >= 5) score KAM_SEO 7.0 describe KAM_SEO Spammers hawking SEO #NIGERIAN SCAM SCAN header __KAM_NIGERIAN2_1 Subject =~ /high court|contact fedex courier|WIRE TRANSFER/i body __KAM_NIGERIAN2_2 /barrister|director of central bank|bank director|former.minister|gold.dealer/i body __KAM_NIGERIAN2_3 /high court|central bank|payment center|customs?.officer/i body __KAM_NIGERIAN2_4 /e-?mail id is found among those that have been scammed|paid the fee for your cheque draft|contact the bank director/i body __KAM_NIGERIAN2_5 /fund code|cheque|bank draft|oil.and.gas/i body __KAM_NIGERIAN2_6 /full contact information requested|need your contacts informations|your bank account information|out.of.the.country/i body __KAM_NIGERIAN2_7 /bank|smuggle/i body __KAM_NIGERIAN2_8 /courier|diplomat agent|direct wire transfer|my.gold|the.gold/i body __KAM_NIGERIAN2_9 /scam|don't let them know that it is money|bank transfer charges/i meta KAM_NIGERIAN2 (__KAM_REFI4 + __KAM_NIGERIAN2_1 + __KAM_NIGERIAN2_2 + __KAM_NIGERIAN2_3 + __KAM_NIGERIAN2_4 + __KAM_NIGERIAN2_5 + __KAM_NIGERIAN2_6 + __KAM_NIGERIAN2_7 + __KAM_NIGERIAN2_8 + __KAM_NIGERIAN2_9 >= 6) score KAM_NIGERIAN2 5.0 describe KAM_NIGERIAN2 Yet more Nigerian scams. Some even explaining the scam. #URONLINE body __KAM_URONLINE1 /(chat|chat with me|hook ?up) on Y ?A ?H ?O ?O (tonight|or MSN)|add me with yahoo or msn|view now|press this web link|send me your? photo|can u turn me on|kissing you|begin.a.chat/i body __KAM_URONLINE2 /wanna talk|ur info|found your mail|found ur profile|mutual friend|katya from russia|you came to russia|my gentle sun|see this page I made|match making heaven|meet that special|comee see it over here|hexten.net|looking for a man|waiting for ur mail|found ur account|waiting for your message|casual.hookup/i body __KAM_URONLINE3 /get (naked|naughty)|horny|naughty toys|I will do anything|TOTALLY msg me on MSN|tell me your mobile|I remember you|let's talk|ran across someone like u|sexywebdating|chatting with someone|saw you by BJs|private e-?mail|dating portal|looking.for.fun/i header __KAM_URONLINE4 Subject =~ /i'?m so ho?rny|ur really cute|flirt with u|get the party|lets hookup|MSN messanger|\d\d y.o.|russian soul-?mate|my handsome|want you now|russian girl|costs you nothing|can you feel this|came to russia|I remember you|sexual Russia|take a look|attractive girl writes|found u by accident|tell u something special|hookups.waiting/i meta KAM_URONLINE (__KAM_URONLINE1 + __KAM_URONLINE2 + __KAM_URONLINE3 + __KAM_URONLINE4 >= 3) score KAM_URONLINE 4.5 describe KAM_URONLINE Chat Scams #SEX SCAMS #MEDICINE REFERENCES body __KAM_SEX04_1 /(curative|medicinal|salutary|wholesome|beneficial|satisfaction) effect|(first-rated|splendid) drugs|(yellow|blue|famos) (tablet|pill)|good medical supplies|(commendable|valuable) medicines|canadian pharmacy|GNC|nugenix/is #BED REFERENCES body __KAM_SEX04_2 /fun in bed|(bed|night) adventures|aid your bed|(lift|heave|ascent|hoist|raise|boost|aid) your (belove|love|darling|sex|sweet)|sexuality with assistance|ascent your sweet|bed experience|love sexuality/is #SUBJECT REFERENCES header __KAM_SEX04_3 Subject =~ /your manhood|(bed|night) adventures|sexual experience|empower your (belove|sex)|sweet sex|bed (event|experience)|lover sexuality|(lift|heave|ascent|hoist|raise|boost|aid) your (belove|love|darling|sex|sweet)|discounted drugs/i #SEXUAL REFENCES body __KAM_SEX04_4 /longer your tool|sexual experience|empower your (belove|sex)|sweet sex|(not bad|great|nice|special|awesome|free) bonus|sex all night|lovers package|male.vitality/is meta KAM_SEX04 (__KAM_SEX04_1 + __KAM_SEX04_2 + __KAM_SEX04_3 + __KAM_SEX04_4 >= 3) score KAM_SEX04 10.0 describe KAM_SEX04 Sexually Explicit SPAM meta KAM_SEX04_2 (__KAM_SEX04_1 + __KAM_SEX04_2 + __KAM_SEX04_3 + __KAM_SEX04_4 >= 2 && (KAM_SEX04 < 1)) score KAM_SEX04_2 2.0 describe KAM_SEX04_2 Likely Sexually Explicit SPAM #SEX SCAMS ROUND 5 header __KAM_SEX05_1 Subject =~ /upgrade your virility|become a man|bigger instrument|admire your stick|enlarge your member|you have a tiny tool|with more inches|your mega size|improve your love/i body __KAM_SEX05_2 /buy rubber friends|big bait in your pants|she sees your size|women will be funk|biggest tool|immense monster|women will be daydreaming|have so much meat|prolonging your size|last a lot longer/i meta KAM_SEX05 (__KAM_SEX05_1 + __KAM_SEX05_2 >= 2) score KAM_SEX05 5.0 describe KAM_SEX05 Sexually Explicit SPAM #HONEYPOT HITS #body __KAM_HONEY1 /Intacct Corporation|Miles Technologies|EcoPhones|businessbrief\.com|pbpinfo\.com|pbp-executivereports\.net|b21pubs\.com|sonar6\.com|cheetahsend\.com|voip-news|microcappress.com|myrtlebeachnow|sosonlinebackup.com|Landslide Technologies|The Performance Institute|ASMI Corporate|Kaseya|Cascio|CarProperty|HSRUpdates.com/i #header __KAM_HONEY2 From =~ /\@intacct\.com|\@(staff\.)?milestechnologies\.com|\@greenschoolfundraiser\.org|\@business-brief\.(net|com)|\@b21pubs\.com|\@pbp-executivereports\.net|\@sonar6\.com|\@cheetahsend\.com|\@ripple.us.com|\@voip-news\.com|\@.{0,8}.microcappress.com|\@BetterBuysReports.com|\@MyrtleBeachNow.com|\@sosonlinebackup.com|\@next-gen-crm.com|\@TheInstituteWeb.org|\@ASMIweb.com|\@performanceinstitute.org|\@kaseya.com|\@news.interstatemusic.com|\@interstatemusic.com|\@carproperty.com|\@hsrupdates.com/i #meta KAM_HONEY (__KAM_HONEY1 + __KAM_HONEY2 >= 2) #score KAM_HONEY 12.0 #describe KAM_HONEY Spammer sending to a honeypot or known spammer through other means #MORE DRUG SPAM - 2009-05-03 header __KAM_DRUG2_1 Subject =~ /Viagra|male enhanc|easier time making her|hot infatuations|bed tempera?ment|resigned slaves|prick be soft|increased performance|guys in bed|bedroom fun|love more passion|cure ED|(bed|sex) games|spices? (it up in|to the) bed|(bedroom|nights of) pleasure|ladies love|stay hard|satis?fy (your spouse|her)|(problems|strong|help|good) (in|for) bed|bedtime enhanc|p[0o]rn ?star|blue ?pill|great sex|please your gf|(help in the|king of the|great time in|strong night in|performance in|advice for the) bed|intimate life|gain 3\+? inches|sexual (excitement|anxiety|act)|love tool|sexual treatment|make love|make your girl happ|completely impotent|do.you.suffer/i header __KAM_DRUG2_2 Subject =~ /ambien|Percocet|vicod[i1]n|Meridia|look slim|Phentermin|adderall|codeine|Hydrocodone|Phetermin|oxycodone|no prescription need|(help|trouble) falling asleep|overpriced pharmacy|prescript.medz|Xanx?ax|RxMed|your.rx.meds|fill your meds|pharmacy offers|international pharm|(loved|preferred|favor[ite]{3}) (rx)?med|pain killer|Medi?cati[o0]ns|canadianrx|weightl0ss|no ?prescription|weight l0ss|l0seweight|ritalin|look great|brain.function|cognition|enhance.memory|amazing.energy|joint.pain|nerve.pain/i body __KAM_DRUG2_3 /Medi?cati[o0]ns|desired meds|favou?red (rx)?med|buy remedies|drug store|medicants|medicaments|sexual stim|sex stim|pain killer|(purchase|loved|preferred|favou?rite) (?:rx.?)?(deal|med)[sz]|rx.?Meds?.?deal|buy your meds|choice of meds|Rx.?(deal|Med|Sale)|v[i1]agra|medz.special|loved meds|(rx|medication) ?discount|Get the edge|joint.pain.relief|neuropathy|nerve.pain/i body __KAM_DRUG2_4 /grab hold|at[_ ~]your[_ ~]finger[_ ~]?tip|placing your order|questions about drugs|prescription is not|don't care about prescription|without a doctor|no need for a doctor|affor[df]able.prices|best daily rx|Fav.Prescript|unmatched.prices|rx.med|millions.are.praising/i body __KAM_DRUG2_5 /0nline|hassle[~-]free|favored rx|branded solutions|branded remedies|v[1i]cod[!i]n|Penhtremine|prxpills|ultimaterxhere|insanerx|speedymed4u|mightymeds1|coolestrxhere|hotrxmedspot|topshoprx|mightyrxhere|qualityrxmedz|legitrxlife|dealsformeds|simplyrxdeals|bestrxlight|ezprescriptz|reliablerxsource1|freetrusted-rx|hotmedsourcehere|CabinetOfMeds|mytrusted-rx|RxwarehouseHere|WarehouseofRxMeds|GreatrxMedsRus|rxmedsrus|(come by|Come to|Check Out) our web site|browse [0o]ur (website|selection)|Visit_0ur Web|Order_Now|available_this week|(buy|order) (n[0o]w|today|right.now|instantly|at [0o]nce|immediately)|check it out today|ord3r|0rder|0rd3r|browseour|rx ?unit/i body __KAM_DRUG2_6 /(Express|Prompt|Day|Trusty|Trustworthy|Reliable|fast|true|discreet|confidential|rapid)[_ ~\.]?Shippin|anonymous packing|shipped.right.away|adderrx|clinically.proven|support.formula/i header __KAM_DRUG2_7 Subject =~ / {4}[a-z0-9]{2,4}$/i header __KAM_DRUG2_8 From =~ /aquaflexin/i meta KAM_DRUG2 ( __KAM_DRUG2_1 + __KAM_DRUG2_2 + __KAM_DRUG2_3 + __KAM_DRUG2_4 + __KAM_DRUG2_5 + __KAM_DRUG2_6 + __KAM_DRUG2_7 + __KAM_DRUG2_8 + __KAM_SHORT + KAM_UNSUB1 >= 3) score KAM_DRUG2 3.5 describe KAM_DRUG2 More online Drug Scams meta KAM_DRUG2_2 ( __KAM_DRUG2_1 + __KAM_DRUG2_2 + __KAM_DRUG2_3 + __KAM_DRUG2_4 + __KAM_DRUG2_5 + __KAM_DRUG2_6 + __KAM_DRUG2_7 + __KAM_DRUG2_8 + __KAM_SHORT + KAM_UNSUB1 >= 5) score KAM_DRUG2_2 3.0 describe KAM_DRUG2_2 Higher Certainty of Drug Scam meta KAM_SEXSUBJECT __KAM_DRUG2_1 score KAM_SEXSUBJECT 2.0 describe KAM_SEXSUBJECT Sexually Explicit Subject #RUSSIAN WIFE/BRIDE SCAMS header __KAM_WIFE1 Subject =~ /Remember me|(Russian|asian) ?(single|women|bride|lad(y|ies)|babe)/i body __KAM_WIFE2 /marry a Russian|sizzling photos|(russian|asian) (women|beauties)|Russian ?bride|Slavic babes|Russian ?lad(y|ies)|russian girl/i header __KAM_WIFE3 From =~ /Russian.?Dat|russian.?bride|Russian.?single|russian.?women|asian.?beauties/i meta KAM_WIFE ( __KAM_WIFE1 + __KAM_WIFE2 + __KAM_WIFE3 >= 2) score KAM_WIFE 8.0 describe KAM_WIFE Mail order bride scams #CASINO SPAM body __KAM_CASINO1 /Elite World Casino/i body __KAM_CASINO2 /Online Casino/i header __KAM_CASINO3 Subject =~ /chances to win/i meta KAM_CASINO (__KAM_CASINO1 + __KAM_CASINO2 + __KAM_CASINO3 >= 3) score KAM_CASINO 3.5 describe KAM_CASINO Online Casino Spam #TWITTER PHISHING header __KAM_TWIT1 From =~ /twitter/i header __KAM_TWIT2 Subject =~ /twitter \d{3}-\d{2}/i meta KAM_TWIT (__KAM_TWIT1 + __KAM_TWIT2 + KAM_THEBAT >= 3) score KAM_TWIT 10 describe KAM_TWIT Twitter bogus phishing emails #FACEBOOK PHISHING header __KAM_FACE1 From =~ /password/i header __KAM_FACE2 Subject =~ /reset your facebook/i header __KAM_FACE3 X-Mailer =~ /Zuckmail/i meta KAM_FACE (__KAM_FACE1 + __KAM_FACE2 + __KAM_FACE3 >= 3) score KAM_FACE 10 describe KAM_FACE Facebook bogus phishing emails header __KAM_PHISH3_1 Subject =~ /account notification/i body __KAM_PHISH3_2 /accessed by someone else./ meta KAM_PHISH3 (__KAM_PHISH3_1 + __KAM_PHISH3_2 + __KAM_CLICK >= 3) score KAM_PHISH3 4 describe KAM_PHISH3 Phishing emails for account notification #GALLERY header __KAM_GALLERY1 Subject =~ /(Infinite|Multi|Elite|Extreme|Complete|Instant|Ultimate|Multi|approved|Free|HD|Guaranteed|Unreal) Access|(Ultimate|Babes|Elite|Extreme|P.?o.?r.?n) Collection|(Girls|Adu.?lt|Babes|Celeb.?rities) Passwords|(Ultimate|p.?o.?r.?n|extreme|elite|Girls) gallery|HD Video|Access Now/i body __KAM_GALLERY2 /(?:Infinite|Multi|Elite|Extreme|Complete|Instant|Ultimate|Multi|approved|Free|HD|Guaranteed|Unreal) Access|(?:Ultimate|Babes|Elite|Extreme|P.?o.?r.?n) Collection|(?:Girls|Adu.?lt|Babes|Celeb.?rities) Passwords|(?:Ultimate|p.?o.?r.?n|extreme|elite|Girls) gallery|HD Video|Access Now/i header __KAM_GALLERY3 Subject =~ /(Fantastic|Insane|Mega|Extreme|Extreme|New|Many|Fresh|Your|Check) P.?o.?r.?n|cele.?brities elite|(Insane|P.?o.?r.?n|More|Awesome|All|Mega) Model|(Your|Mega|Asian|Bad|Cool|Fresh|Real|Awesome|More) Girl|(Sweet|Incredible|Insane|The|Grand) chick|(Many|New|Infinite|Cool|All) Cele.?b|The N.?u.?des|(Infinite|Awesome|Many|Sweet|Bad|Get|Fresh|Hot|More|Black) Babe|Amat.?e.?urs|(All|Fresh|Fantastic|The|Mega) Adu.?lt|(Extraordinary) Chicks/i body __KAM_GALLERY4 /(Fantastic|Insane|Mega|Extreme|Extreme|New|Many|Fresh|Your|Check) P.?o.?r.?n|cele.?brities elite|(Insane|P.?o.?r.?n|More|Awesome|All|Mega) Model|(Your|Mega|Asian|Bad|Cool|Fresh|Real|Awesome|More) Girl|(Sweet|Incredible|Insane|The|Grand) chick|(Many|New|Infinite|Cool|All) Cele.?b|The N.?u.?des|(Infinite|Awesome|Many|Sweet|Bad|Get|Fresh|Hot|More|Black) Babe|Amat.?e.?urs|(All|Fresh|Fantastic|The|Mega) Adu.?lt|(Extraordinary) Chicks/i rawbody __KAM_GALLERY5 /wp-content|_vti_cnf|cache|wp-admin|wordpress/i meta KAM_GALLERY (__KAM_GALLERY1 + __KAM_GALLERY2 + __KAM_GALLERY3 + __KAM_GALLERY4 + __KAM_GALLERY5 >=4) describe KAM_GALLERY Exploited Gallery with Porn score KAM_GALLERY 5.0 meta KAM_GALLERY2 (__KAM_GALLERY1 + __KAM_GALLERY2 + __KAM_GALLERY3 + __KAM_GALLERY4 + __KAM_GALLERY5 >=5) describe KAM_GALLERY2 Higher Likelihood of Exploited Gallery with Porn score KAM_GALLERY2 2.0 #NIGERIAN VARIANT body __KAM_BUS1 /business proposal/i body __KAM_BUS2 /sensitive by nature/i body __KAM_BUS3 /have not met/i body __KAM_BUS4 /view my attach/i meta KAM_BUS (__KAM_BUS1 + __KAM_BUS2 + __KAM_BUS3 + __KAM_BUS4 >= 4) describe KAM_BUS Yet another Nigerian Scam/Phishing Variant score KAM_BUS 4.0 #PRIVATE MESSAGE body __KAM_PRIV1 /private message|horny|sweet ass/i body __KAM_PRIV2 /(personal|private) video/i body __KAM_PRIV3 /the attache?ment|attached file/i meta KAM_PRIV (__KAM_PRIV1 + __KAM_PRIV2 + __KAM_PRIV3 >=2 && T_HTML_ATTACH) describe KAM_PRIV Private Messages using Exploits in attached HTML files score KAM_PRIV 5.0 #DIV rawbody __KAM_DIV1 /Viagr?|Cial?
r?a\|l?is/i meta KAM_DIV (__KAM_DIV1 + __KAM_DIV2 >= 2) describe KAM_DIV Use of divs to hide Medical Spams score KAM_DIV 2.0 #COMPROMISED ACCOUNT SPAMS - SCORED HIGH BECAUSE THESE ARE COMPROMISED ACCOUNTS header __KAM_COMPROMISED1A From =~ /\@(yahoo.com|yahoo.com.id|rocketmail.com)/i header __KAM_COMPROMISED1B X-Mailer =~ /Yahoo/i header __KAM_COMPROMISED2 Subject =~ /^(FOR |Hey$|hi$|look at this$|great!?$|amazing!?|the best!?$|excellent!?$|very good!?$|great!?$|question?$|Fwd: (?:latest |top )?news$)|have a look/ body __KAM_COMPROMISED3 /\d{1,2}[\\\/]\d{1,2}[\\\/]\d{2,4} \d{1,2}\:\d{1,2}\:\d{1,2} (AM|PM)/ body __KAM_COMPROMISED4 /How are you\? Look at this.{0,70}Do you know about this site|look at this site right now|I found (an amazing|great) site|hey\. please have a look|have a look right now|breaking news/i meta KAM_COMPROMISED ((__KAM_COMPROMISED1A + __KAM_COMPROMISED1B >=1 ) + __KAM_COMPROMISED2 + __KAM_COMPROMISED3 + __KAM_COMPROMISED4 + __KAM_BODY_LENGTH_LT_128 + MISSING_SUBJECT >= 3) describe KAM_COMPROMISED Compromised Accounts Sending Spam score KAM_COMPROMISED 9.0 #MEMBERS header __KAM_MEMBER1 From =~ /(\b|^|)Date|(\b|^|)Dating|eharmony(.com)?.?partner|(..?en..?or|black)..?e.ple..?eet|cougars|singles|match|our.?time|lonely|affair/i header __KAM_MEMBER2 Subject =~ /naughty|looking for love|single & dating|Dating.site|free.this.weekend|free.communication.weekend|True Love|(Older|black|available|latin[oa]|jewish) Single|single.women|single.photo|local.cougar|want to date|fall in love|meet...1000s|dream.date|meet.single|your.matches|for.single|singles|eharmony(.com)?.match|50\+.{0,5}ngles|your.ex.back|married.dating|(anonymous|secret).affair|unlimited.pics|dating.(video|movie)|fetish|still.single/i body __KAM_MEMBER3 /(\b|^)dating|eharmony|Find.Your.Perfect.Match|thousands.of.single.women|singles?.photos?|local.cougar|successfully matched|blind date|(available|black|latin[oa]|jewish).singles|photos of 50\+/i rawbody __KAM_MEMBER4 /special promotion|free.this.weekend|personal matchmaker|dating service|fall in love|looking.for.someone|kindle.the.passion|cheating.member|dating.mega.site|free.dating|free.fetish/i meta __KAM_MEMBER5 (KAM_INFOUSMEBIZ || KAM_COUK) #header __KAM_MEMBER6 From =~ /Updat/i meta KAM_MEMBER (__KAM_MEMBER1 + __KAM_MEMBER2 + __KAM_MEMBER3 + __KAM_MEMBER4 + __KAM_MEMBER5 >= 3) describe KAM_MEMBER Dating Scams score KAM_MEMBER 4.5 #FAKE DHL/FEDEX/ETC body __KAM_FAKEDELIVER1 /courier couldn.?t make the delivery|Courier was unable to deliver|courier company was not able to deliver|memo.of.application|delivering.address|make.the.delivery|see.attached.file|attention.please|event.invitation|could not deliver|delivery.label|postal.noti(fication|ce)|parcels.(has|have).been.shipped|shipment.label.is.attached/i header __KAM_FAKEDELIVER2 Subject =~ /Invalid Address|shipping service|(ship|postal|delivery) notification|Delivery Failure|Delivery Information|Delivery status|Package Delivery|package is available for pickup|your.package.arrived|attention.please|delivery.problem|id.\d{6}|deliver.(your|the).parcel/i #DHL body __KAM_FAKEDELIVER3 /DHL/ header __KAM_FAKEDELIVER4 From !~ /dhl.com/i #FEDEX rawbody __KAM_FAKEDELIVER5 /Fed ?ex/i header __KAM_FAKEDELIVER6 From !~ /fedex.com/i #USPS body __KAM_FAKEDELIVER7 /USPS/i header __KAM_FAKEDELIVER8 From !~ /usps.com/i #CARGO body __KAM_FAKEDELIVER9 /CARGO/ header __KAM_FAKEDELIVER10 From =~ /shipping|economy|priority/i #USPS body __KAM_FAKEDELIVER11 /DPD/i header __KAM_FAKEDELIVER12 From !~ /dpd.com|dpd.co.uk/i meta KAM_FAKE_DELIVER (__KAM_FAKEDELIVER1 + __KAM_FAKEDELIVER2 + (__KAM_FAKEDELIVER3 + __KAM_FAKEDELIVER4 >= 2) + (__KAM_FAKEDELIVER5 + __KAM_FAKEDELIVER6 >= 2) + (__KAM_FAKEDELIVER7 + __KAM_FAKEDELIVER8 >= 2) + (__KAM_FAKEDELIVER11 + __KAM_FAKEDELIVER12 >= 2) + __KAM_FAKEDELIVER9 + (HEADER_FROM_DIFFERENT_DOMAINS + SPF_SOFTFAIL + KAM_RAPTOR >= 1) >= 3) describe KAM_FAKE_DELIVER Fake delivery notifications score KAM_FAKE_DELIVER 5.0 meta KAM_REALLY_FAKE_DELIVER (KAM_FAKE_DELIVER + KAM_RPTR_PASSED + (__KAM_FAKEDELIVER4 && __KAM_FAKEDELIVER6 && __KAM_FAKEDELIVER8) >= 3) score KAM_REALLY_FAKE_DELIVER 2.5 #OBFUSCATE PORN header __KAM_OBF1 Subject =~ /(\b|^)(P.{0,2}O.{0,2}R.{0,2}N|S.{0,2}E.{0,2}.X.{0,2})/i header __KAM_OBF2 Subject =~ /[-:\#\/_\(\)].{0,10}[-:\#\/_\(\)].{0,10}[-:\#\/_\(\)]/ header __KAM_OBF3 Subject =~ /(\b|^)P.{0,2}r.{0,2}e.{0,2}m.{0,2}i.{0,2}u.{0,2}m/i header __KAM_OBF4 Subject =~ /(\b|^)P.{0,2}a.{0,2}s.{0,2}s.{0,2}/i header __KAM_OBF5 Subject =~ /(\b|^)S.{0,2}i.{0,2}t.{0,2}e.{0,2}/i header __KAM_OBF6 Subject =~ /(\b|^)F.{0,2}r.{0,2}e.{0,2}e.{0,2}/i header __KAM_OBF7 Subject =~ /(\b|^)F.{0,2}i.{0,2}l.{0,2}m.{0,2}/i header __KAM_OBF8 Subject =~ /X.X.X/ meta KAM_OBF ((__KAM_OBF3 + __KAM_OBF4 + __KAM_OBF5 + __KAM_OBF6 + __KAM_OBF7 >= 1) + __KAM_OBF1 + (__KAM_OBF2 - BODY_8BITS) >= 3) describe KAM_OBF Obfuscated Porn Spams score KAM_OBF 4.0 meta KAM_OBF (__KAM_OBF8 + __KAM_OBF2 >= 2) describe KAM_OBF Obfuscated Porn Spams score KAM_OBF 2.0 #qq.com header X34_QQ From =~/qq.com/i describe X34_QQ Emails from qq - generally unsolicited emails score X34_QQ 5 full X34SP_honeyspam /компенса|tinyurl.com.udtqp3w|bit.*2x3VjQ1/i describe X34SP_honeyspam spam being sent from honeybadgers.co.uk score X34SP_honeyspam 3 #first international bank of israel full X34SP_FIBI /\(FIBI\)/i describe X34SP_FIBI first international bank of israel score X34SP_FIBI 8 #beneficiary full X34SP_BENEFICIARY /ATTENTION:.BENEFICIARY/i describe X34SP_BENEFICIARY ATTENTION:.BENEFICIARY score X34SP_BENEFICIARY 8 full X34SP_sultry /A.sultry.girl.liked.you|CHECK.OUT.HER.PHOTOS.AND.PROFILE/i describe X34SP_sultry spam being sent from rocketresearch.co.uk score X34SP_sultry 4