MailScanner & SpamAssassin Rules Description - Page 2

Here is a list of SpamAssassin rules and their description, which is used by MailScanner:

See MailScanner & SpamAssassin Rules Description - Page 1

901 TO_TOO_MANY_WFH_01 Work-from-Home + many recipients
902 T_PDS_FREEMAIL_REPLYTO_URISHRT Freemail replyto with URI shortener
903 T_PDS_FROM_2_EMAILS_SHRTNER From 2 emails short email with little more than a URI shortener
904 T_PDS_PRO_TLD .pro TLD
905 T_PDS_SHORTFWD_URISHRT_FP Apparently a short fwd/re with URI shortener
906 T_PDS_SHORTFWD_URISHRT Threaded email with URI shortener
907 T_PDS_URISHRT_LOCALPART_SUBJ Localpart of To in subject
908 TRACKER_ID Incorporates a tracking ID number
909 TRANSFORM_LIFE Transform your life!
910 T_SENT_TO_EMAIL_ADDR Email was sent to email address
911 T_SPF_HELO_PERMERROR SPF: test of HELO record failed (permerror)
912 T_SPF_HELO_TEMPERROR SPF: test of HELO record failed (temperror)
913 T_SPF_PERMERROR SPF: test of record failed (permerror)
914 T_SPF_TEMPERROR SPF: test of record failed (temperror)
915 TT_MSGID_TRUNC Scora: Message-Id ends after left-bracket + digits
916 TT_OBSCURED_VALIUM Scora: obscured "VALIUM" in subject
917 TT_OBSCURED_VIAGRA Scora: obscured "VIAGRA" in subject
918 T_TONOM_EQ_TOLOC_SHRT_PSHRTNER Short subject with potential shortener and To:name eq To:local
919 TVD_ACT_193 Message refers to an act passed in the 1930s
920 TVD_APPROVED Body states that the recipient has been approved
921 TVD_DEAR_HOMEOWNER Spam with generic salutation of "dear homeowner"
922 TVD_ENVFROM_APOST Envelope From contains single-quote
923 TVD_FLOAT_GENERAL Message uses CSS float style
924 TVD_FUZZY_DEGREE Obfuscation of the word "degree"
925 TVD_FUZZY_FINANCE Obfuscation of the word "finance"
926 TVD_FUZZY_FIXED_RATE Obfuscation of the phrase "fixed rate"
927 TVD_FUZZY_MICROCAP Obfuscation of the word "micro-cap"
928 TVD_FUZZY_PHARMACEUTICAL Obfuscation of the word "pharmaceutical"
929 TVD_FUZZY_SYMBOL Obfuscation of the word "symbol"
930 TVD_FW_GRAPHIC_NAME_LONG Long image attachment name
931 TVD_FW_GRAPHIC_NAME_MID Medium sized image attachment name
932 TVD_INCREASE_SIZE Advertising for penis enlargement
933 TVD_LINK_SAVE Spam with the text "link to save"
934 TVD_PH_BODY_ACCOUNTS_PRE The body matches phrases such as "accounts suspended", "account credited", "account verification"
935 TVD_PH_REC Message includes a phrase commonly used in phishing mails
936 TVD_PH_SEC Message includes a phrase commonly used in phishing mails
937 TVD_QUAL_MEDS The body matches phrases such as "quality meds" or "quality medication"
938 TVD_RATWARE_CB_2 Content-Type header that is commonly indicative of ratware
939 TVD_RATWARE_CB Content-Type header that is commonly indicative of ratware
940 TVD_RATWARE_MSGID_02 Ratware with a Message-ID header that is entirely lower-case
941 TVD_RCVD_IP4 Message was received from an IPv4 address
942 TVD_RCVD_IP Message was received from an IP address
943 TVD_SECTION References to specific legal codes
944 TVD_SILLY_URI_OBFU URI obfuscation that can fool a URIBL or a uri rule
945 TVD_SPACED_SUBJECT_WORD3 Entire subject is "UPPERlowerUPPER" with no whitespace
946 TVD_SPACE_ENCODED Space ratio & encoded subject
947 TVD_STOCK1 Spam related to stock trading
948 TVD_SUBJ_ACC_NUM Subject has spammy looking monetary reference
949 TVD_SUBJ_FINGER_03 Entire subject is enclosed in asterisks "* like so *"
950 TVD_SUBJ_OWE Subject line states that the recipieint is in debt
951 TVD_SUBJ_WIPE_DEBT Spam advertising a way to eliminate debt
952 TVD_VIS_HIDDEN Invisible textarea HTML tags
953 TVD_VISIT_PHARMA Body mentions online pharmacy
954 TW_GIBBERISH_MANY Lots of gibberish text to spoof pattern matching filters
955 T_XPRIO_URL_SHORTNER X-Priority header and short URL
956 TXREP Score normalizing based on sender's reputation
957 UC_GIBBERISH_OBFU Multiple instances of "word VERYLONGGIBBERISH word"
958 UNCLAIMED_MONEY People just leave money laying around
959 UNCLOSED_BRACKET Headers contain an unclosed bracket
960 UNDISC_FREEM Undisclosed recipients + freemail reply-to
961 UNDISC_MONEY Undisclosed recipients + money/fraud signs
962 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
963 UNRESOLVED_TEMPLATE Headers contain an unresolved template
964 UNWANTED_LANGUAGE_BODY Message written in an undesired language
965 UPPERCASE_50_75 message body is 50-75% uppercase
966 UPPERCASE_75_100 message body is 75-100% uppercase
967 URG_BIZ Contains urgent matter
968 URI_AZURE_CLOUDAPP Link to hosted azure web application, possible phishing
969 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
970 URIBL_BLACK Contains an URL listed in the URIBL blacklist
971 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists\#dnsbl-block for more information.
972 URIBL_CR_SURBL Contains an URL listed in the CR SURBL blocklist
973 URIBL_CSS Contains an URL's NS IP listed in the Spamhaus CSS blocklist
974 URIBL_DBL_ABUSE_BOTCC Contains an abused botnet C&C URL listed in the Spamhaus DBL blocklist
975 URIBL_DBL_ABUSE_MALW Contains an abused malware URL listed in the Spamhaus DBL blocklist
976 URIBL_DBL_ABUSE_PHISH Contains an abused phishing URL listed in the Spamhaus DBL blocklist
977 URIBL_DBL_ABUSE_REDIR Contains an abused redirector URL listed in the Spamhaus DBL blocklist
978 URIBL_DBL_ABUSE_SPAM Contains an abused spamvertized URL listed in the Spamhaus DBL blocklist
979 URIBL_DBL_BLOCKED ADMINISTRATOR NOTICE: The query to dbl.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/
980 URIBL_DBL_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to dbl.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/
981 URIBL_DBL_BOTNETCC Contains a botned C&C URL listed in the Spamhaus DBL blocklist
982 URIBL_DBL_ERROR Error: queried the Spamhaus DBL blocklist for an IP
983 URIBL_DBL_MALWARE Contains a malware URL listed in the Spamhaus DBL blocklist
984 URIBL_DBL_PHISH Contains a Phishing URL listed in the Spamhaus DBL blocklist
985 URIBL_DBL_SPAM Contains a spam URL listed in the Spamhaus DBL blocklist
986 URIBL_GREY Contains an URL listed in the URIBL greylist
987 URIBL_MW_SURBL Contains a URL listed in the MW SURBL blocklist
988 URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist
989 URIBL_RED Contains an URL listed in the URIBL redlist
990 URIBL_RHS_DOB Contains an URI of a new domain (Day Old Bread)
991 URIBL_SBL Contains an URL's NS IP listed in the Spamhaus SBL blocklist
992 URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist
993 URIBL_ZEN_BLOCKED ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked. See https://www.spamhaus.org/returnc/vol/
994 URIBL_ZEN_BLOCKED_OPENDNS ADMINISTRATOR NOTICE: The query to zen.spamhaus.org was blocked due to usage of an open resolver. See https://www.spamhaus.org/returnc/pub/
995 URI_DASHGOVEDU Suspicious domain name
996 URI_DATA "data:" URI - possible malware or phish
997 URI_DOTEDU_ENTITY Via .edu MTA + suspicious HTML content
998 URI_DOTEDU Has .edu URI
999 URI_DOTTY_HEX Suspicious URI format
1000 URI_DQ_UNSUB IP-address unsubscribe URI
1001 URI_FIREBASEAPP Link to hosted firebase web application, possible phishing
1002 URI_GOOGLE_PROXY Accessing a blacklisted URI or obscuring source of phish via Google proxy?
1003 URI_GOOG_STO_SPAMMY Link to spammy content hosted by google storage
1004 URI_HEX_IP URI with hex-encoded IP-address host
1005 URI_HEX URI hostname has long hexadecimal sequence
1006 URI_IMG_WP_REDIR Image via WordPress "accelerator" proxy
1007 URI_LONG_REPEAT Very long identical host+domain
1008 URI_MALWARE_SCMS Link to malware exploit download (.SettingContent-ms file)
1009 URI_NOVOWEL URI hostname has long non-vowel sequence
1010 URI_NO_WWW_BIZ_CGI CGI in .biz TLD other than third-level "www"
1011 URI_NO_WWW_INFO_CGI CGI in .info TLD other than third-level "www"
1012 URI_OBFU_DOM URI pretending to be different domain
1013 URI_ONLY_MSGID_MALF URI only + malformed message ID
1014 URI_OPTOUT_3LD Opt-out URI, suspicious hostname
1015 URI_OPTOUT_USME Opt-out URI, unusual TLD
1016 URI_PHISH Phishing using web form
1017 URI_PHP_REDIR PHP redirect to different URL (link obfuscation)
1018 URI_TRUNCATED Message contained a URI which was truncated
1019 URI_TRY_3LD "Try it" URI, suspicious hostname
1020 URI_TRY_USME "Try it" URI, unusual TLD
1021 URI_UNSUBSCRIBE URI contains suspicious unsubscribe link
1022 URI_WPADMIN WordPress login/admin URI, possible phishing
1023 URI_WP_DIRINDEX URI for compromised WordPress site, possible malware
1024 URI_WP_HACKED_2 URI for compromised WordPress site, possible malware
1025 URI_WP_HACKED URI for compromised WordPress site, possible malware
1026 USB_DRIVES Trying to sell custom USB flash drives
1027 USER_IN_DEF_DKIM_WL From: address is in the default DKIM white-list
1028 USER_IN_DEF_SPF_WL From: address is in the default SPF white-list
1029 USER_IN_DKIM_WHITELIST From: address is in the user's DKIM whitelist
1030 USER_IN_SPF_WHITELIST From: address is in the user's SPF whitelist
1031 VBOUNCE_MESSAGE Virus-scanner bounce message
1032 VFY_ACCT_NORDNS Verify your account to a poorly-configured MTA - probable phishing
1033 VIA_GAP_GRA Attempts to disguise the word 'viagra'
1034 __VIA_ML Mail from a mailing list
1035 __VIA_RESIGNER Mail through a popular signing remailer
1036 VPS_NO_NTLD vps[0-9] domain at a suspiscious TLD
1037 WALMART_IMG_NOT_RCVD_WAL Walmart hosted image but message not from Walmart
1038 WEIRD_PORT Uses non-standard port number for HTTP
1039 WEIRD_QUOTING Weird repeated double-quotation marks
1040 WIKI_IMG Image from wikipedia
1041 WITH_LC_SMTP Received line contains spam-sign (lowercase smtp)
1042 XFER_LOTSA_MONEY Transfer a lot of money
1043 X_IP Message has X-IP header
1044 XM_DIGITS_ONLY X-Mailer malformed
1045 X_MESSAGE_INFO Bulk email fingerprint (X-Message-Info) found
1046 XM_LIGHT_HEAVY Special edition of a MUA
1047 XM_PHPMAILER_FORGED Apparently forged header
1048 XM_RANDOM X-Mailer apparently random
1049 XM_RECPTID Has spammy message header
1050 XPRIO Has X-Priority header
1051 X_PRIORITY_CC Cc: after X-Priority: (bulk email fingerprint)
1052 XPRIO_SHORT_SUBJ Has X Priority header + short subject
1053 YAHOO_DRS_REDIR Has Yahoo Redirect URI
1054 YAHOO_RD_REDIR Has Yahoo Redirect URI
1055 YOU_INHERIT Discussing your inheritance

Please let us know if you have any questions or need further help.

  • 0 brukere syntes dette svaret var til hjelp
Var dette svaret til hjelp?

Relaterte artikler

How Do I Change/Reset My Email Password?

For security, we recommend changing all of your passwords every few months. Also, if your email...

How Do I Login to Webmail?

To login to Webmail, open your Web browser (Chrome, Firefox, Edge, Safari, etc.) and visit:...

How Do I Add an Email Address?

LinkSky hosted email addresses are a great way to promote your business, because you can setup an...

Email Incorrectly Flagged as Spam

Email addresses or email domains can be whitelisted in cPanel -> Email section ->...

Is an Email Spam?

When determining if an email is spam, always check the from email address, because emails from...