|
AREA TESTED
|
LOCALE
|
DESCRIPTION OF TEST
|
TEST NAME
|
DEFAULT SCORES (local, net, with bayes, with bayes+net)
|
|
header
|
|
Message-Id indicates a non-spam MUA (Pine)
|
USER_AGENT_PINE
|
-5.801 -5.801 -5.701 -5.701
|
|
header
|
|
User-Agent header indicates a non-spam MUA (Mozilla)
|
USER_AGENT_MOZILLA_UA
|
-5.801 -5.800 -5.701 -6.300
|
|
header
|
|
X-Mailer header indicates a non-spam MUA (Netscape)
|
USER_AGENT_MOZILLA_XM
|
0.001
|
|
header
|
|
User-Agent header indicates a non-spam MUA (Outlook Express)
|
USER_AGENT_MACOE
|
0.001
|
|
header
|
|
User-Agent header indicates a non-spam MUA (Entourage)
|
USER_AGENT_ENTOURAGE
|
0.001
|
|
header
|
|
User-Agent header indicates a non-spam MUA (KMail)
|
USER_AGENT_KMAIL
|
-5.800 -5.801 -6.300 -6.400
|
|
header
|
|
User-Agent header indicates a non-spam MUA (IMP)
|
USER_AGENT_IMP
|
0.001
|
|
header
|
|
X-Mailer header indicates a non-spam MUA (T-Offline)
|
USER_AGENT_TONLINE
|
-2.900
|
|
header
|
|
X-Mailer header indicates a non-spam MUA (Apple Mail)
|
USER_AGENT_APPLEMAIL
|
0.001
|
|
header
|
|
User-Agent header indicates a non-spam MUA (Gnus)
|
USER_AGENT_GNUS_UA
|
-6.400 -6.300 -2.900 -6.300
|
|
header
|
|
X-Mailer header indicates a non-spam MUA (Gnus)
|
USER_AGENT_GNUS_XM
|
-1.897 -1.997 -1.240 -1.808
|
|
header
|
|
X-Mailer header indicates a non-spam MUA (VM)
|
USER_AGENT_VM
|
-5.801 -5.701 -5.701 -5.701
|
|
header
|
|
X-Mailer header indicates a non-spam MUA (Forte)
|
USER_AGENT_FORTE
|
-2.900
|
|
body
|
|
Generic Test for Unsolicited Bulk Email
|
GTUBE
|
1000
|
|
full
|
|
Listed in Razor1, see http://razor.sf.net/
|
RAZOR_CHECK
|
1
|
|
full
|
|
Listed in Razor2, see http://razor.sf.net/
|
RAZOR2_CHECK
|
0 2.029 0 0.787
|
|
body
|
|
Razor2 gives a spam confidence level between 1 and 10
|
RAZOR2_CF_RANGE_01_10
|
0.001
|
|
body
|
|
Razor2 gives a spam confidence level between 11 and 20
|
RAZOR2_CF_RANGE_11_20
|
0.001
|
|
body
|
|
Razor2 gives a spam confidence level between 21 and 30
|
RAZOR2_CF_RANGE_21_30
|
0.001
|
|
body
|
|
Razor2 gives a spam confidence level between 31 and 40
|
RAZOR2_CF_RANGE_31_40
|
0.001
|
|
body
|
|
Razor2 gives a spam confidence level between 41 and 50
|
RAZOR2_CF_RANGE_41_50
|
0.001
|
|
body
|
|
Razor2 gives a spam confidence level between 51 and 60
|
RAZOR2_CF_RANGE_51_60
|
0.001
|
|
body
|
|
Razor2 gives a spam confidence level between 61 and 70
|
RAZOR2_CF_RANGE_61_70
|
0.001
|
|
body
|
|
Razor2 gives a spam confidence level between 71 and 80
|
RAZOR2_CF_RANGE_71_80
|
0.001
|
|
body
|
|
Razor2 gives a spam confidence level between 81 and 90
|
RAZOR2_CF_RANGE_81_90
|
0.001
|
|
body
|
|
Razor2 gives a spam confidence level between 91 and 100
|
RAZOR2_CF_RANGE_91_100
|
0.001
|
|
full
|
|
Listed in DCC, see http://rhyolite.com/anti-spam/dcc/
|
DCC_CHECK
|
0 3.126 0 2.756
|
|
full
|
|
Listed in Pyzor, see http://pyzor.sf.net/
|
PYZOR_CHECK
|
0 4.400 0 1.248
|
|
body
|
|
List removal information
|
REMOVE_IN_QUOTES
|
0.185 0.366 0.166 0.604
|
|
body
|
|
Click-to-remove with mailto: found beforehand
|
CLICK_TO_REMOVE_2
|
0.802 0.140 0.909 0.133
|
|
rawbody
|
|
Contains an ASCII-formatted form
|
ASCII_FORM_ENTRY
|
0.001
|
|
body
|
|
Incorporates a tracking ID number
|
TRACKER_ID
|
2.560 4.295 3.249 4.295
|
|
body
|
|
RAND found, spammer forgot to run the random-ID generator
|
MARKUP_RAND
|
2.900
|
|
body
|
|
SSPL found, spammer forgot to run the random-ID generator
|
MARKUP_SSPL
|
0.001
|
|
body
|
|
Contains a large block of hexadecimal code
|
LARGE_HEX
|
0.884 0.424 0.811 0.521
|
|
body
|
|
A WHOLE LINE OF YELLING DETECTED
|
LINES_OF_YELLING
|
0.001
|
|
body
|
|
2 WHOLE LINES OF YELLING DETECTED
|
LINES_OF_YELLING_2
|
0.001
|
|
body
|
|
3 WHOLE LINES OF YELLING DETECTED
|
LINES_OF_YELLING_3
|
0.001
|
|
body
|
|
Weird repeated double-quotation marks in body
|
WEIRD_QUOTING
|
0.426 2.275 0.642 2.308
|
|
rawbody
|
|
Message text disguised using base-64 encoding
|
BASE64_ENC_TEXT
|
2.685 1.735 1.857 1.738
|
|
rawbody
|
|
Excessive quoted-printable encoding in body
|
MIME_EXCESSIVE_QP
|
0.001
|
|
rawbody
|
|
Message text in HTML without specified charset
|
MIME_HTML_NO_CHARSET
|
0.001
|
|
rawbody
|
|
Quoted-printable line longer than 76 characters
|
MIME_LONG_LINE_QP
|
0.001
|
|
rawbody
|
|
MIME section missing boundary
|
MIME_MISSING_BOUNDARY
|
0.001
|
|
rawbody
|
|
Message includes Microsoft executable program
|
MICROSOFT_EXECUTABLE
|
0.100
|
|
rawbody
|
|
MIME filename does not match content
|
MIME_SUSPECT_NAME
|
0.100
|
|
body
|
|
Character set indicates a foreign language
|
CHARSET_FARAWAY
|
3.200
|
|
body
|
|
Written in an undesired language
|
UNDESIRED_LANGUAGE_BODY
|
3.970
|
|
body
|
|
Body includes 8 consecutive 8-bit characters
|
BODY_8BITS
|
1.500
|
|
rawbody
|
|
Deficient quoted-printable encoding in body
|
MIME_DEFICIENT_QP
|
2.098 1.927 1.262 2.696
|
|
header
|
|
Uses the Habeas warrant mark (http://www.habeas.com/)
|
HABEAS_SWE
|
-6.400 -6.300 -6.300 -6.300
|
|
header
|
|
Message from eBay
|
GENUINE_EBAY_RCVD
|
-2.600 -2.900 -1.401 -2.900
|
|
header
|
|
Has an Approved-By moderated list header
|
APPROVED_BY
|
-1.434 -0.534 -0.344 -0.275
|
|
header
|
|
Looks like a Bugzilla bug
|
BUGZILLA_BUG
|
-6.400 -6.300 -2.900 -6.300
|
|
header
|
|
Looks like a Debian BTS bug
|
DEBIAN_BTS_BUG
|
0.001
|
|
header
|
|
From Majordomo
|
MAJORDOMO
|
0.001
|
|
header
|
|
Has a valid-looking References header
|
REFERENCES
|
-6.600 -6.600 -6.500 -6.500
|
|
header
|
|
Has a X-Cron-Env header
|
CRON_ENV
|
-6.400 -6.300 -5.701 -5.701
|
|
header
|
|
Has a In-Reply-To header
|
IN_REP_TO
|
-3.300 -3.301 -0.600 -3.201
|
|
header
|
|
Has a X-Authentication-Warning header
|
X_AUTH_WARNING
|
-1.008 -1.513 -0.137 -1.409
|
|
header
|
|
Has a X-Mailing-List header
|
X_MAILING_LIST
|
-0.001 -0.001 -0.001 -3.101
|
|
header
|
|
Has a X-Loop header
|
X_LOOP
|
0.001
|
|
header
|
|
Has a X-Accept-Language header
|
X_ACCEPT_LANG
|
0.001
|
|
header
|
|
Has a Resent-To header
|
RESENT_TO
|
0.001
|
|
header
|
|
Email came from some known mailing list software
|
KNOWN_MAILING_LIST
|
-0.600 -0.912 -0.017 -0.601
|
|
body
|
|
Came from MSN Communities
|
MSN_GROUPS
|
0.001
|
|
header
|
|
Subject is an eBay question
|
Q_FOR_SELLER
|
-1.124 -0.176 -1.643 -2.275
|
|
header
|
|
Subject contains newsletter header (in review)
|
SUBJECT_IS_IN_REVIEW
|
0.001
|
|
header
|
|
Appears to be from yahoo groups
|
FROM_EGROUPS
|
-0.614 -3.100 -0.600 -0.600
|
|
header
|
|
'Message-Id' was added by yahoo.com, that's OK
|
YAHOO_MSGID_ADDED
|
0.001
|
|
body
|
|
Common footer for Hotmail
|
HOTMAIL_FOOTER1
|
0.001
|
|
body
|
|
Common footer for Hotmail
|
HOTMAIL_FOOTER2
|
0.001
|
|
body
|
|
Common footer for Hotmail
|
HOTMAIL_FOOTER3
|
0.001
|
|
body
|
|
Common footer for Hotmail
|
HOTMAIL_FOOTER5
|
0.001
|
|
body
|
|
Common footer for MSN
|
MSN_FOOTER1
|
0.001
|
|
body
|
|
Yahoo! Groups message
|
GROUPS_YAHOO_1
|
-5.801
|
|
full
|
|
Short signature present (no empty lines)
|
SIGNATURE_SHORT_DENSE
|
0.001
|
|
full
|
|
Short signature present (empty lines)
|
SIGNATURE_SHORT_SPARSE
|
0.001
|
|
full
|
|
Long signature present (no empty lines)
|
SIGNATURE_LONG_DENSE
|
-6.400 -6.300 -6.300 -6.300
|
|
full
|
|
Long signature present (empty lines)
|
SIGNATURE_LONG_SPARSE
|
-5.801 -5.801 -3.101 -5.801
|
|
body
|
|
A MailMan confirm-your-address message
|
MAILMAN_CONFIRM
|
0.001
|
|
header
|
|
Contains a PGP-signed message (signature attached)
|
PGP_SIGNATURE_2
|
-6.400 -6.300 -6.300 -6.300
|
|
rawbody
|
|
Contains what looks like a patch from diff -u
|
PATCH_UNIFIED_DIFF
|
-6.027 -6.027 -2.900 -6.300
|
|
rawbody
|
|
Contains what looks like a patch from diff -c
|
PATCH_CONTEXT_DIFF
|
0.001
|
|
body
|
|
Contains what looks like an 'E-Mail Disclaimer'
|
DISCLAIMER_LEGALESE
|
0.001
|
|
body
|
|
Contains what looks like an email attribution
|
EMAIL_ATTRIBUTION
|
-6.600 -6.500 -6.500 -6.500
|
|
rawbody
|
|
Contains what looks like a quoted email text
|
QUOTED_EMAIL_TEXT
|
-3.301 -3.201 -3.201 -3.201
|
|
body
|
|
Contains twice quoted reply
|
QUOTE_TWICE_1
|
-0.600 -0.600 -0.601 -0.600
|
|
body
|
|
Contains a password retrieval system
|
FORGOTTEN_PASSWORD
|
-0.620 -0.981 -0.217 -0.563
|
|
header
|
|
Where are you working at?
|
HAS_ORGANIZATION
|
0.001
|
|
body
|
|
Common footer for Hotmail
|
HOTMAIL_FOOTER4
|
0.001
|
|
header
|
|
From the Mailer-Daemon
|
MAILER_DAEMON
|
0.001
|
|
header
|
|
Mailer daemon failure notice (1)
|
FAILURE_NOTICE_1
|
0.001
|
|
body
|
|
Mailer daemon failure notice (2)
|
FAILURE_NOTICE_2
|
0.001
|
|
header
|
|
Forwarded email
|
FWD_MSG
|
0.001
|
|
header
|
|
Message-Id indicates the message was sent from MS Exchange
|
MSGID_GOOD_EXCHANGE
|
-5.801 -5.701 -5.701 -5.701
|
|
header
|
|
From: does not include a real name
|
NO_REAL_NAME
|
0.888 0.732 0.887 0.991
|
|
header
|
|
From: ends in numbers
|
FROM_ENDS_IN_NUMS
|
0.611 0.719 0.580 0.675
|
|
header
|
|
From: starts with nums
|
FROM_STARTS_WITH_NUMS
|
0.001
|
|
header
|
|
From: contains numbers mixed in with letters
|
FROM_HAS_MIXED_NUMS
|
0.001
|
|
header
|
|
Uses an address with lots of numbers, at a big ISP
|
ADDR_NUMS_AT_BIGSITE
|
0.580 0.449 1.971 1.094
|
|
header
|
|
From address is "at something-offers"
|
FROM_OFFERS
|
4.300 4.295 4.300 4.295
|
|
header
|
|
From: has no local-part before @ sign
|
FROM_NO_USER
|
1.576 1.044 2.796 2.731
|
|
header
|
|
To: has no local-part before @ sign
|
TO_NO_USER
|
2.796 2.796 2.696 2.124
|
|
header
|
|
To: address contains spaces
|
TO_HAS_SPACES
|
0.001
|
|
header
|
|
To: is empty
|
TO_EMPTY
|
2.280 2.596 2.596 2.497
|
|
header
|
|
Reply-To: is empty
|
REPLY_TO_EMPTY
|
1.866 0.767 0.561 1.566
|
|
header
|
|
Reply-To: contains an underline and numbers/letters
|
REPLY_TO_HAS_UNDERLINE_NUMS
|
0.745 0.500 1.744 0.001
|
|
header
|
|
To: repeats address as real name
|
TO_ADDRESS_EQ_REAL
|
0.001
|
|
header
|
|
Valid-looking To "undisclosed-recipients"
|
UNDISC_RECIPS
|
0.001
|
|
header
|
|
Faked To "Undisclosed-Recipients"
|
FAKED_UNDISC_RECIPS
|
4.300
|
|
header
|
|
Subject has exclamation mark and question mark
|
PLING_QUERY
|
0.001
|
|
header
|
|
Subject contains a unique ID
|
SUBJ_HAS_UNIQ_ID
|
1.485 0.820 0.831 0.953
|
|
header
|
|
Subject contains lots of white space
|
SUBJ_HAS_SPACES
|
2.425 2.026 1.101 2.329
|
|
header
|
|
Subject is all capitals
|
SUBJ_ALL_CAPS
|
1.115 1.054 0.849 0.664
|
|
header
|
|
Message-Id has no @ sign
|
MSGID_HAS_NO_AT
|
0.001
|
|
header
|
|
Message-Id generated by a spam tool
|
MSGID_SPAMSIGN_1
|
2.900
|
|
header
|
|
Message-Id generated by spam tool (zeroes variant)
|
MSGID_SPAMSIGN_ZEROES
|
4.400 4.300 4.300 4.300
|
|
header
|
|
Message-Id generated by spam tool (6-letter variant)
|
MSGID_SPAMSIGN_6LETTER
|
4.400 4.400 4.300 4.300
|
|
header
|
|
Message-Id generated by spam tool (4-zeroes variant)
|
MSGID_OE_SPAM_4ZERO
|
1.558 3.255 4.300 4.300
|
|
header
|
|
Message-Id generated by spam tool (3-dollars variant)
|
MSGID_3_DOLLARS
|
2.900
|
|
header
|
|
Message-Id generated by spam tool (4-num-dollar variant)
|
MSGID_4NUMS_DOLLAR
|
2.900
|
|
header
|
|
Message-Id has characters indicating spam
|
MSGID_CHARS_SPAM
|
0.275 0.439 0.691 0.399
|
|
header
|
|
Message-Id has no hostname
|
MSGID_NO_HOST
|
2.793 2.900 0.730 1.908
|
|
header
|
|
Message-Id is fake (in Outlook Express format)
|
MSGID_OUTLOOK_TIME
|
4.400
|
|
header
|
|
Invalid Date: header (not RFC 2822)
|
INVALID_DATE
|
0.444 0.567 0.605 0.452
|
|
header
|
|
Invalid Date: header (timezone does not exist)
|
INVALID_DATE_TZ_ABSURD
|
4.400 4.300 4.300 4.300
|
|
header
|
|
Invalid Date: year begins with zero
|
DATE_YEAR_ZERO_FIRST
|
4.300
|
|
header
|
|
Date: is 3 to 6 hours before Received: date
|
DATE_IN_PAST_03_06
|
0.270 0.271 0.364 0.348
|
|
header
|
|
Date: is 6 to 12 hours before Received: date
|
DATE_IN_PAST_06_12
|
0.728 0.474 0.313 0.141
|
|
header
|
|
Date: is 12 to 24 hours before Received: date
|
DATE_IN_PAST_12_24
|
0.001
|
|
header
|
|
Date: is 24 to 48 hours before Received: date
|
DATE_IN_PAST_24_48
|
0.001
|
|
header
|
|
Date: is 48 to 96 hours before Received: date
|
DATE_IN_PAST_48_96
|
0.001
|
|
header
|
|
Date: is 96 hours or more before Received: date
|
DATE_IN_PAST_96_XX
|
1.270 1.966 2.108 0.830
|
|
header
|
|
Date: is 3 to 6 hours after Received: date
|
DATE_IN_FUTURE_03_06
|
2.370 0.870 1.525 1.519
|
|
header
|
|
Date: is 6 to 12 hours after Received: date
|
DATE_IN_FUTURE_06_12
|
1.522 1.015 1.060 1.249
|
|
header
|
|
Date: is 12 to 24 hours after Received: date
|
DATE_IN_FUTURE_12_24
|
1.635 2.796 0.500 0.902
|
|
header
|
|
Date: is 24 to 48 hours after Received: date
|
DATE_IN_FUTURE_24_48
|
2.696 2.596 2.696 2.900
|
|
header
|
|
Date: is 48 to 96 hours after Received: date
|
DATE_IN_FUTURE_48_96
|
2.197 2.197 1.599 1.305
|
|
header
|
|
Date: is 96 hours or more after Received: date
|
DATE_IN_FUTURE_96_XX
|
0.001
|
|
header
|
|
Subject: starts with advertising tag
|
ADVERT_CODE
|
1.101 1.981 4.300 1.115
|
|
header
|
|
Subject: contains advertising tag
|
ADVERT_CODE2
|
2.144 2.453 1.101 1.410
|
|
header
|
|
Subject: contains Korean unsolicited email tag
|
KOREAN_UCE_SUBJECT
|
4.300
|
|
header
|
|
sent to you@you.com or similar
|
FRIEND_AT_PUBLIC
|
2.900 2.900 2.796 1.963
|
|
header
|
|
sent from or to friend@public.com
|
FRIEND_PUBLIC
|
2.900
|
|
header
|
|
Subject: domain names are cheap
|
DOMAINS_CHEAP
|
2.900
|
|
header
|
|
Subject: domain registration spam subject
|
DOMAIN_SUBJECT
|
0.001
|
|
header
|
|
Domain in From header has no MX or A DNS records
|
NO_DNS_FOR_FROM
|
0 1.265 0 1.331
|
|
header
|
|
From and To are the same, but not exactly
|
FROM_AND_TO_SAME
|
1.997 2.896 2.097 2.451
|
|
header
|
|
Fake name used in SMTP HELO command
|
BAD_HELO_WARNING
|
0.001
|
|
header
|
|
Subject is full of 8-bit characters
|
SUBJ_FULL_OF_8BITS
|
4.400 4.300 4.300 4.300
|
|
header
|
|
Headers include 3 consecutive 8-bit characters
|
HEADER_8BITS
|
4.400 1.153 4.300 2.129
|
|
header
|
|
Received via buggy SMTP server (MDaemon 2.7.4SP4R)
|
MDAEMON_2_7_4
|
2.900
|
|
header
|
|
Received: contains a name with a faked IP-address
|
FAKED_IP_IN_RCVD
|
2.900
|
|
header
|
|
Received via SMTPD32 server (SMTPD32-n.n)
|
SMTPD_IN_RCVD
|
0.001
|
|
header
|
|
Received via a relay in relays.osirusoft.com
|
RCVD_IN_OSIRUSOFT_COM
|
0 0.562 0 0.509
|
|
header
|
|
DNSBL: sender is Confirmed Open Relay
|
X_OSIRU_OPEN_RELAY
|
0.001
|
|
header
|
|
DNSBL: sender ip address in in a dialup block
|
X_OSIRU_DUL
|
0.001
|
|
header
|
|
DNSBL: sender is Confirmed Spam Source
|
X_OSIRU_SPAM_SRC
|
0.001
|
|
header
|
|
DNSBL: sender is a Spamware site or vendor
|
X_OSIRU_SPAMWARE_SITE
|
0.001
|
|
header
|
|
Received from first hop dialup listed in relays.osirusoft.com
|
X_OSIRU_DUL_FH
|
0.001
|
|
header
|
|
Received via a relay in relays.ordb.org
|
RCVD_IN_RELAYS_ORDB_ORG
|
0.001
|
|
header
|
|
Received via a relay in relays.visi.com
|
RCVD_IN_VISI
|
0.001
|
|
header
|
|
Received via SBLed relay, see http://www.spamhaus.org/sbl/
|
RCVD_IN_SBL
|
0 0.557 0 1.101
|
|
header
|
|
Received via a relay in orbs.dorkslayers.com
|
RCVD_IN_ORBS
|
0 0.458 0 0.121
|
|
header
|
|
Received via a relay in opm.blitzed.org
|
RCVD_IN_OPM
|
0 4.295 0 4.295
|
|
header
|
|
Received via a relay in list.dsbl.org
|
RCVD_IN_DSBL
|
0 2.225 0 4.295
|
|
header
|
|
Received via a relay in multihop.dsbl.org
|
RCVD_IN_MULTIHOP_DSBL
|
0.001
|
|
header
|
|
Received via a relay in unconfirmed.dsbl.org
|
RCVD_IN_UNCONFIRMED_DSBL
|
0.001
|
|
header
|
|
Received via a relay in ipwhois.rfc-ignorant.org
|
RCVD_IN_RFCI
|
0 1.771 0 1.249
|
|
header
|
|
Sender is on www.habeas.com Habeas Infringer List
|
HABEAS_HIL
|
4.000
|
|
header
|
|
Bonded sender, see http://www.bondedsender.org/referred.html
|
RCVD_IN_BONDEDSENDER
|
0 -1.784 0 -5.701
|
|
header
|
|
Received via a relay in bl.spamcop.net
|
RCVD_IN_BL_SPAMCOP_NET
|
1
|
|
header
|
|
Received via RBLed relay, see http://www.mail-abuse.org/rbl/
|
RCVD_IN_RBL
|
1
|
|
header
|
|
Received via RSSed relay, see http://www.mail-abuse.org/rss/
|
RCVD_IN_RSS
|
1
|
|
header
|
|
Received from dialup, see http://www.mail-abuse.org/dul/
|
RCVD_IN_DUL
|
1
|
|
header
|
|
Received from first hop dialup, see http://www.mail-abuse.org/dul/
|
RCVD_IN_DUL_FH
|
1
|
|
header
|
|
Received via a relay in dnsbl.njabl.org
|
RCVD_IN_NJABL
|
0 0.968 0 1.213
|
|
header
|
|
NJABL: sender is proxy/relay/formmail/spam-source
|
X_NJABL_OPEN_PROXY
|
0 0.866 0 0.403
|
|
header
|
|
NJABL: sender is on dialup/dynamic IP
|
X_NJABL_DIALUP
|
0.001
|
|
header
|
|
Lots and lots of Cc: headers
|
LOTS_OF_CC_LINES
|
2.900
|
|
header
|
|
trail of Received: headers seems to be forged
|
FORGED_RCVD_TRAIL
|
1.443 1.840 1.678 2.243
|
|
header
|
|
Received forged, contains fake AOL relays
|
FORGED_AOL_RCVD
|
4.300
|
|
header
|
|
Contains forged hostname for a DSL IP in Brazil
|
FORGED_TELESP_RCVD
|
2.900
|
|
header
|
|
Forged hotmail.com 'Received:' header found
|
FORGED_HOTMAIL_RCVD
|
2.384 1.101 1.101 1.101
|
|
header
|
|
hotmail.com 'From' address, but no 'Received:'
|
SEMIFORGED_HOTMAIL_RCVD
|
2.061 1.677 2.596 1.527
|
|
header
|
|
Forged eudoramail.com 'Received:' header found
|
FORGED_EUDORAMAIL_RCVD
|
2.796 1.836 2.796 2.429
|
|
header
|
|
'From' yahoo.com does not match 'Received' headers
|
FORGED_YAHOO_RCVD
|
2.580 2.318 2.696 2.696
|
|
header
|
|
'From' juno.com does not match 'Received' headers
|
FORGED_JUNO_RCVD
|
2.696 2.796 2.696 2.796
|
|
header
|
|
Forged 'by gw05' 'Received:' header found
|
FORGED_GW05_RCVD
|
2.900
|
|
header
|
|
Forged hotmail.com Received 'from mx' header
|
FORGED_MX_HOTMAIL
|
2.900
|
|
header
|
|
Sent by a known spamhaus (qves)
|
RCVD_BY_QVES_COM
|
2.900
|
|
header
|
|
Character set doesn't exist
|
NONEXISTENT_CHARSET
|
2.900
|
|
header
|
|
A foreign language charset used in headers
|
CHARSET_FARAWAY_HEADERS
|
2.060
|
|
header
|
|
'X-Mailer' line contains gibberish
|
X_MAILER_GIBBERISH
|
0.001
|
|
header
|
|
Sent with 'X-Priority' set to high
|
X_PRIORITY_HIGH
|
1.919 1.989 0.815 1.873
|
|
header
|
|
Sent with 'X-Msmail-Priority' set to high
|
X_MSMAIL_PRIORITY_HIGH
|
0.001
|
|
header
|
|
'Message-Id' was added by a relay (2)
|
MSG_ID_ADDED_BY_MTA_2
|
1.115 0.330 1.371 0.875
|
|
header
|
|
'Message-Id' was added by a relay (3)
|
MSG_ID_ADDED_BY_MTA_3
|
0.615 0.326 0.847 0.895
|
|
header
|
|
'From' contains more than one address
|
MANY_FROMS
|
0.001
|
|
header
|
|
Header contains an address from btamail.net.cn
|
BTAMAIL_HEADER
|
2.900
|
|
header
|
|
From: address is in the user's black-list
|
USER_IN_BLACKLIST
|
100
|
|
header
|
|
From: address is in the user's white-list
|
USER_IN_WHITELIST
|
-100
|
|
header
|
|
Content type is "TEXT/HTML" in all caps
|
HTML_ALL_CAPS
|
2.900
|
|
header
|
|
Received: says mail bounced around the world (HELO)
|
ROUND_THE_WORLD_LOCAL
|
2.391 2.796 2.102 2.596
|
|
header
|
|
Received: says mail bounced around the world (DNS)
|
ROUND_THE_WORLD
|
0 2.497 0 2.297
|
|
header
|
|
Missing To: header
|
MISSING_HEADERS
|
0.001
|
|
header
|
|
Similar addresses in recipient list
|
SUSPICIOUS_RECIPS
|
2.052 1.953 1.972 3.407
|
|
header
|
|
Very similar addresses in recipient list
|
VERY_SUSP_RECIPS
|
2.417 1.145 2.439 0.944
|
|
header
|
|
Recipient list is sorted by address
|
SORTED_RECIPS
|
3.022 3.940 2.796 3.227
|
|
header
|
|
User is listed in 'whitelist_to'
|
USER_IN_WHITELIST_TO
|
-6.000
|
|
header
|
|
User is listed in 'more_spam_to'
|
USER_IN_MORE_SPAM_TO
|
-20
|
|
header
|
|
User is listed in 'all_spam_to'
|
USER_IN_ALL_SPAM_TO
|
-100
|
|
header
|
|
Subject: contains G.a.p.p.y-T.e.x.t
|
GAPPY_SUBJECT
|
0.919 0.381 0.711 1.391
|
|
header
|
|
Message has X-Encoding header
|
X_ENC_PRESENT
|
2.900
|
|
header
|
|
Message has x-esmtp header
|
X_ESMTP
|
0.969 0.423 0.683 1.124
|
|
header
|
|
Message has X-Library header
|
X_LIBRARY
|
1.566 1.740 1.429 2.332
|
|
header
|
|
Message has X-List-Unsubscribe header
|
X_LIST_UNSUBSCRIBE
|
4.300
|
|
header
|
|
Message has X-MailingID header
|
X_MAIL_ID_PRESENT
|
0.701 0.700 0.701 0.392
|
|
header
|
|
Message has X-PMFLAGS header
|
X_PMFLAGS_PRESENT
|
2.796 2.900 2.799 2.900
|
|
header
|
|
Message has X-Precedence-Ref header
|
X_PRECEDENCE_REF
|
2.900
|
|
header
|
|
Message has X-ServerHost header
|
X_SERV_HOST_PRESENT
|
0.701 0.700 0.701 0.234
|
|
header
|
|
Message has X-Stormpost-To header
|
X_STORMPOST_TO
|
2.900
|
|
header
|
|
Message has X-x header
|
X_X_PRESENT
|
4.300
|
|
header
|
|
Message has X-Fix header
|
X_FIX_PRESENT
|
0.001
|
|
header
|
|
Message has Complain-To header
|
COMPLAIN_TO
|
2.900
|
|
header
|
|
Message has X-VMP-Text header
|
X_VMP_TEXT
|
2.900 4.300 2.900 2.900
|
|
header
|
|
Message has X-GCMulti header
|
X_GCMULTI
|
1.797 1.697 2.197 1.797
|
|
header
|
|
Message has X-Mime-Key header
|
X_MIME_KEY
|
2.900
|
|
header
|
|
Message has microsoft header
|
MICROSOFT
|
0.001
|
|
header
|
|
MiME-Version header (oddly capitalized)
|
MIME_ODD_CASE
|
4.400 4.300 4.300 4.300
|
|
header
|
|
Subject contains "As Seen"
|
SUBJ_AS_SEEN
|
0.969 2.545 1.579 2.559
|
|
header
|
|
Subject starts with dollar amount
|
SUBJ_DOLLARS
|
1.719 0.822 0.846 1.372
|
|
header
|
|
Subject contains "Double Your"
|
SUBJ_DOUBLE_YOUR
|
2.796 2.111 2.108 2.433
|
|
header
|
|
Subject contains "For Only"
|
SUBJ_FOR_ONLY
|
0.001
|
|
header
|
|
Subject contains "FREE" in CAPS
|
SUBJ_FREE_CAP
|
0.001
|
|
header
|
|
Subject contains "Free Instant"
|
SUBJ_FREE_INSTANT
|
2.900
|
|
header
|
|
Subject starts with "Free"
|
SUB_FREE_OFFER
|
0.339 0.488 0.224 0.383
|
|
header
|
|
Subject GUARANTEED
|
SUBJ_GUARANTEED
|
2.900
|
|
header
|
|
Subject starts with "Hello"
|
SUB_HELLO
|
2.067 2.696 2.497 2.391
|
|
header
|
|
Subject includes "life insurance"
|
SUBJ_LIFE_INSURANCE
|
1.948 2.900 1.743 2.900
|
|
header
|
|
Subject contains "Now Only"
|
SUBJ_NOW_ONLY
|
2.900
|
|
header
|
|
Subject contains "Ripped & Strong"
|
SUBJ_RIPPED
|
0.001
|
|
header
|
|
Subject includes "viagra"
|
SUBJ_VIAGRA
|
2.896 2.165 2.631 3.434
|
|
header
|
|
Subject contains "Your Bills" or similar
|
SUBJ_YOUR_DEBT
|
0.700 0.713 0.701 0.701
|
|
header
|
|
Subject contains "Your Family"
|
SUBJ_YOUR_FAMILY
|
2.900
|
|
header
|
|
Subject contains "Your Own"
|
SUBJ_YOUR_OWN
|
1.310 1.232 1.373 1.601
|
|
header
|
|
Received contains a (dollar) variable reference
|
VAR_REF_IN_RECEIVED
|
0.001
|
|
header
|
|
Received contains a faked HELO hostname
|
RCVD_FAKE_HELO_DOTCOM
|
4.127 2.269 3.659 3.599
|
|
header
|
|
Received contains a faked HELO hostname (2)
|
RCVD_FAKE_HELO_DOTCOM_2
|
2.703 2.553 1.576 2.796
|
|
header
|
|
To: username at front of subject
|
USERNAME_IN_SUBJECT
|
2.900
|
|
header
|
|
Subject talks about losing pounds
|
LOSE_POUNDS
|
4.300 4.300 2.900 2.900
|
|
header
|
|
Message with extraneous Content-type:...type= header
|
EXTRA_MPART_TYPE
|
0.418 0.506 0.678 0.837
|
|
header
|
|
To header contains 'recipient' marker
|
TO_RECIP_MARKER
|
2.900
|
|
header
|
|
Subject talks about savings
|
SAVINGS
|
0.001
|
|
header
|
|
Spam tool pattern in MIME boundary
|
MIME_BOUND_DASH_DIGIT
|
1.681 0.413 0.559 0.881
|
|
header
|
|
Spam tool pattern in MIME boundary
|
MIME_BOUND_HASHES
|
2.900
|
|
header
|
|
Spam tool pattern in MIME boundary
|
MIME_BOUND_DIGITS_4
|
2.100 2.599 1.719 1.778
|
|
header
|
|
Spam tool pattern in MIME boundary
|
MIME_BOUND_DIGITS_7
|
2.900
|
|
header
|
|
Spam tool pattern in MIME boundary
|
MIME_BOUND_HEX_24
|
2.412 1.537 2.107 1.629
|
|
header
|
|
Spam tool pattern in MIME boundary
|
MIME_BOUND_MA
|
0.001
|
|
header
|
|
Spam tool pattern in MIME boundary
|
MIME_BOUND_MANY_HEX
|
2.900
|
|
header
|
|
Spam tool pattern in MIME boundary
|
MIME_BOUND_OPTIN
|
2.900
|
|
header
|
|
Spam tool pattern in MIME boundary
|
MIME_BOUND_MAIL_BOUND
|
0.001
|
|
header
|
|
Spam tool pattern in MIME boundary
|
MIME_BOUND_TEP
|
2.900
|
|
header
|
|
Spam tool pattern in MIME boundary (rfkindy)
|
MIME_BOUND_RKFINDY
|
1.799 2.900 2.900 2.900
|
|
header
|
|
From address matches known spammer format
|
FROM_HAS_MIXED_NUMS2
|
1.101 1.699 1.101 2.178
|
|
header
|
|
Missing Date: header
|
DATE_MISSING
|
1.370 0.982 0.712 0.262
|
|
header
|
|
Received contains fake 'Post.cz' hostname
|
POST_IN_RCVD
|
0.001
|
|
header
|
|
To: non-existent 'Investors' address
|
TO_INVESTORS
|
0.001
|
|
header
|
|
To: has a malformed address
|
TO_MALFORMED
|
1.146 1.085 1.697 1.803
|
|
header
|
|
From azoogle.com, azogle.com, etc.
|
AZOOGLE
|
2.900
|
|
header
|
|
Subject talks about being approved
|
SUBJECT_APPROVED
|
2.796 1.052 2.451 2.214
|
|
header
|
|
Subject has a Time ID
|
SUBJ_HAS_TIME_ID
|
2.900
|
|
header
|
|
From address is webmail, but starts with a number
|
FROM_NUM_AT_WEBMAIL
|
2.900
|
|
header
|
|
From address is webmail, and ends in lots of numbers
|
FROM_WEBMAIL_ENDS_IN_NUMS6
|
1.426 1.760 0.425 0.099
|
|
header
|
|
From Address contains FREE
|
ADDR_FREE
|
2.051 1.759 2.696 0.836
|
|
header
|
|
Message was sent by a Squid HTTP proxy
|
RECEIVED_IDENT_SQUID
|
2.900
|
|
header
|
|
Received contains 'CacheFlowServer' IDENT name
|
RECEIVED_IDENT_CACHEFLOW
|
0.630 2.900 0.462 2.900
|
|
header
|
|
Sent to a text file
|
TO_TXT
|
2.900
|
|
header
|
|
Involves 'china.com'
|
CHINA_HEADER
|
2.900
|
|
header
|
|
Received line contains spam-sign (lowercase smtp)
|
WITH_LC_SMTP
|
4.300
|
|
header
|
|
'From' has no lower-case characters
|
FROM_NO_LOWER
|
2.246 2.197 1.009 1.795
|
|
header
|
|
'Subject' starts with Buy, Buying
|
SUBJ_BUY
|
0.908 2.074 0.862 1.396
|
|
header
|
|
Subject is indicative of a Nigerian spam
|
NIGERIAN_SUBJECT1
|
2.900 2.900 1.935 2.900
|
|
header
|
|
Subject is indicative of a Nigerian spam
|
NIGERIAN_SUBJECT2
|
2.397 2.297 2.599 1.360
|
|
header
|
|
Subject is indicative of a Nigerian spam
|
NIGERIAN_SUBJECT6
|
0.001
|
|
body
|
|
HTML included in message
|
HTML_MESSAGE
|
0.001
|
|
body
|
|
Message is 0% to 10% HTML
|
HTML_00_10
|
0.001
|
|
body
|
|
Message is 10% to 20% HTML
|
HTML_10_20
|
0.996 1.030 1.303 1.036
|
|
body
|
|
Message is 20% to 30% HTML
|
HTML_20_30
|
1.287 1.104 1.293 1.571
|
|
body
|
|
Message is 30% to 40% HTML
|
HTML_30_40
|
0.708 0.834 0.344 0.658
|
|
body
|
|
Message is 40% to 50% HTML
|
HTML_40_50
|
1.058 0.747 0.814 0.428
|
|
body
|
|
Message is 50% to 60% HTML
|
HTML_50_60
|
0.551 0.212 0.532 0.100
|
|
body
|
|
Message is 60% to 70% HTML
|
HTML_60_70
|
0.518 0.121 0.100 0.100
|
|
body
|
|
Message is 70% to 80% HTML
|
HTML_70_80
|
0.682 0.379 0.310 0.254
|
|
body
|
|
Message is 80% to 90% HTML
|
HTML_80_90
|
0.406 0.483 0.163 0.166
|
|
body
|
|
Message is 90% to 100% HTML
|
HTML_90_100
|
0.001
|
|
body
|
|
HTML has very strong "shouting" markup
|
HTML_SHOUTING3
|
0.001
|
|
body
|
|
HTML has very strong "shouting" markup
|
HTML_SHOUTING4
|
0.500 0.504 0.530 0.761
|
|
body
|
|
HTML has very strong "shouting" markup
|
HTML_SHOUTING5
|
0.001
|
|
body
|
|
HTML has very strong "shouting" markup
|
HTML_SHOUTING6
|
2.896 2.900 2.594 2.900
|
|
body
|
|
HTML has very strong "shouting" markup
|
HTML_SHOUTING7
|
1.708 2.900 2.630 2.900
|
|
body
|
|
HTML has very strong "shouting" markup
|
HTML_SHOUTING8
|
2.900
|
|
body
|
|
HTML has very strong "shouting" markup
|
HTML_SHOUTING9
|
0.644 2.696 0.130 2.674
|
|
body
|
|
HTML table has thick border
|
HTML_TABLE_THICK_BORDER
|
1.101 1.101 1.101 0.500
|
|
body
|
|
HTML comment contains email address
|
HTML_COMMENT_EMAIL
|
0.001
|
|
body
|
|
HTML comment contains non-spam Yahoo! Groups banner
|
HTML_COMMENT_EGP
|
0.001
|
|
body
|
|
HTML comment contains SKY database codes
|
HTML_COMMENT_SKY
|
1.752 2.001 4.300 4.300
|
|
body
|
|
HTML comment has 3 consecutive 8-bit characters
|
HTML_COMMENT_8BITS
|
2.900
|
|
body
|
|
HTML message is a saved web page
|
HTML_COMMENT_SAVED_URL
|
1.417 1.603 1.219 0.500
|
|
body
|
|
HTML with embedded plugin object
|
HTML_EMBEDS
|
0.001
|
|
body
|
|
HTML contains auto-executing code
|
HTML_EVENT
|
0.001
|
|
body
|
|
HTML contains unsafe auto-executing code
|
HTML_EVENT_UNSAFE
|
0.001
|
|
body
|
|
FONT Size +2 and up or 3 and up
|
HTML_FONT_BIG
|
0.294 0.136 0.262 0.293
|
|
body
|
|
HTML has a big "font" and "B" tag combo
|
HTML_FONT_BIG_B
|
0.001
|
|
body
|
|
HTML font color is missing hash (
|
HTML_FONT_COLOR_NOHASH
|
0.001
|
|
body
|
|
HTML font color not within safe 6x6x6 palette
|
HTML_FONT_COLOR_UNSAFE
|
0.100
|
|
body
|
|
HTML font color has unusual name
|
HTML_FONT_COLOR_NAME
|
0.001
|
|
body
|
|
HTML font color is same as background
|
HTML_FONT_INVISIBLE
|
0.001
|
|
body
|
|
HTML font color is gray
|
HTML_FONT_COLOR_GRAY
|
0.100
|
|
body
|
|
HTML font color is red
|
HTML_FONT_COLOR_RED
|
0.100
|
|
body
|
|
HTML font color is yellow
|
HTML_FONT_COLOR_YELLOW
|
0.001
|
|
body
|
|
HTML font color is green
|
HTML_FONT_COLOR_GREEN
|
0.718 0.703 1.008 0.815
|
|
body
|
|
HTML font color is cyan
|
HTML_FONT_COLOR_CYAN
|
0.001
|
|
body
|
|
HTML font color is blue
|
HTML_FONT_COLOR_BLUE
|
0.100
|
|
body
|
|
HTML font color is magenta
|
HTML_FONT_COLOR_MAGENTA
|
0.001
|
|
body
|
|
HTML font color is unknown to us
|
HTML_FONT_COLOR_UNKNOWN
|
0.001
|
|
body
|
|
HTML font face is not a word
|
HTML_FONT_FACE_BAD
|
0.001
|
|
body
|
|
HTML font face is not a commonly used face
|
HTML_FONT_FACE_ODD
|
0.118 0.211 0.023 0.571
|
|
body
|
|
HTML font face has excess capital characters
|
HTML_FONT_FACE_CAPS
|
0.001
|
|
body
|
|
HTML includes a form which sends mail
|
HTML_FORM_ACTION_MAILTO
|
1.101 4.300 1.101 1.101
|
|
body
|
|
HTML has 4-5 kilopixels of images
|
HTML_IMAGE_AREA_04
|
0.001
|
|
body
|
|
HTML has 5-6 kilopixels of images
|
HTML_IMAGE_AREA_05
|
0.001
|
|
body
|
|
HTML has 6-7 kilopixels of images
|
HTML_IMAGE_AREA_06
|
0.001
|
|
body
|
|
HTML has 7-8 kilopixels of images
|
HTML_IMAGE_AREA_07
|
0.001
|
|
body
|
|
HTML has 8-9 kilopixels of images
|
HTML_IMAGE_AREA_08
|
0.001
|
|
body
|
|
HTML has over 9 kilopixels of images
|
HTML_IMAGE_AREA_09
|
0.001
|
|
body
|
|
HTML has images with 0-200 bytes of words
|
HTML_IMAGE_ONLY_02
|
1.978 1.920 1.660 1.482
|
|
body
|
|
HTML has images with 200-400 bytes of words
|
HTML_IMAGE_ONLY_04
|
2.087 1.920 1.735 1.846
|
|
body
|
|
HTML has images with 400-600 bytes of words
|
HTML_IMAGE_ONLY_06
|
1.228 1.072 1.433 0.610
|
|
body
|
|
HTML has images with 600-800 bytes of words
|
HTML_IMAGE_ONLY_08
|
0.001
|
|
body
|
|
HTML has images with 800-1000 bytes of words
|
HTML_IMAGE_ONLY_10
|
0.843 0.708 0.354 0.504
|
|
body
|
|
HTML has images with 1000-1200 bytes of words
|
HTML_IMAGE_ONLY_12
|
0.001
|
|
body
|
|
HTML has a low ratio of text to image area
|
HTML_IMAGE_RATIO_02
|
1.101 0.500 1.101 0.500
|
|
body
|
|
HTML has a low ratio of text to image area
|
HTML_IMAGE_RATIO_04
|
0.882 0.907 0.719 0.540
|
|
body
|
|
HTML has a low ratio of text to image area
|
HTML_IMAGE_RATIO_06
|
0.001
|
|
body
|
|
HTML has a low ratio of text to image area
|
HTML_IMAGE_RATIO_08
|
0.798 0.278 0.424 0.816
|
|
body
|
|
HTML has a low ratio of text to image area
|
HTML_IMAGE_RATIO_10
|
0.001
|
|
body
|
|
HTML has a low ratio of text to image area
|
HTML_IMAGE_RATIO_12
|
0.001
|
|
body
|
|
HTML has a low ratio of text to image area
|
HTML_IMAGE_RATIO_14
|
0.001
|
|
body
|
|
JavaScript code
|
HTML_JAVASCRIPT
|
0.001
|
|
body
|
|
HTML link text says "click here"
|
HTML_LINK_CLICK_HERE
|
0.100
|
|
body
|
|
HTML link text says "CLICK"
|
HTML_LINK_CLICK_CAPS
|
1.101
|
|
body
|
|
Frame wanted to load outside URL
|
HTML_RELAYING_FRAME
|
0.001
|
|
body
|
|
Image tag with an ID code to identify you
|
HTML_WEB_BUGS
|
0.203 0.100 0.100 0.100
|
|
body
|
|
Javascript to move windows around
|
HTML_WIN_BLUR
|
0.001
|
|
body
|
|
Javascript to change window focus
|
HTML_WIN_FOCUS
|
0.001
|
|
body
|
|
Javascript to open a new window
|
HTML_WIN_OPEN
|
0.500 0.678 0.500 0.637
|
|
body
|
|
HTML mail with non-white background
|
HTML_WITH_BGCOLOR
|
0.001
|
|
body
|
|
HTML has excess "a" close tags
|
HTML_TAG_BALANCE_A
|
0.001
|
|
body
|
|
HTML has excess "font" close tags
|
HTML_TAG_BALANCE_FONT
|
0.001
|
|
body
|
|
HTML has unbalanced "html" tags
|
HTML_TAG_BALANCE_HTML
|
0.001
|
|
body
|
|
HTML has unbalanced "body" tags
|
HTML_TAG_BALANCE_BODY
|
0.001
|
|
body
|
|
HTML has unbalanced "head" tags
|
HTML_TAG_BALANCE_HEAD
|
0.001
|
|
body
|
|
HTML is missing "table" close tags
|
HTML_TAG_BALANCE_TABLE
|
0.001
|
|
body
|
|
HTML has "base" tags
|
HTML_TAG_EXISTS_BASE
|
0.001
|
|
body
|
|
HTML has "param" tag
|
HTML_TAG_EXISTS_PARAM
|
0.001
|
|
body
|
|
HTML has "tbody" tag
|
HTML_TAG_EXISTS_TBODY
|
0.527 0.149 0.228 0.100
|
|
body
|
|
HTML title contains no text
|
HTML_TITLE_EMPTY
|
0.001
|
|
body
|
|
HTML title contains "Untitled"
|
HTML_TITLE_UNTITLED
|
0.586 0.680 0.701 0.065
|
|
rawbody
|
|
Form for changing email address
|
SPAM_FORM
|
0.001
|
|
rawbody
|
|
Form for checking email address
|
SPAM_FORM_RETURN
|
0.001
|
|
rawbody
|
|
Obfuscated action attribute in HTML form
|
SPAM_FORM_ACTION
|
0.001
|
|
rawbody
|
|
Javascript to hide URLs in browser
|
HIDE_WIN_STATUS
|
2.801 2.172 2.799 2.644
|
|
rawbody
|
|
Contains link without http:// prefix
|
LINK_TO_NO_SCHEME
|
0.001
|
|
body
|
|
List removal information
|
REMOVE_SUBJ
|
1.639 0.813 1.193 0.440
|
|
body
|
|
List removal information
|
SUBJ_REMOVE
|
1.101 0.500 1.263 0.500
|
|
body
|
|
List removal information
|
REPLY_REMOVE_SUBJECT
|
0.001
|
|
body
|
|
List removal information
|
DISCONTINUE
|
0.001
|
|
body
|
|
To be removed from list
|
REMOVE_FROM_LIST
|
0.001
|
|
body
|
|
We respect all removal requests
|
REMOVE_RESPECT
|
4.300
|
|
body
|
|
Send real mail to be unsubscribed
|
REMOVE_POSTAL
|
3.760 3.039 4.237 1.671
|
|
body
|
|
Asks you to click below (in capital letters)
|
CLICK_BELOW_CAPS
|
0.500 0.500 0.100 0.500
|
|
body
|
|
Click to be removed
|
CLICK_TO_REMOVE_1
|
1.101 1.101 1.101 1.885
|
|
body
|
|
Claims compliance with spam regulations
|
SENT_IN_COMPLIANCE
|
1.101 4.300 1.101 4.300
|
|
body
|
|
Claims compliance with Senate Bill 1618
|
BILL_1618
|
2.814 2.427 1.893 2.183
|
|
body
|
|
Claims compliance with Senate Bill 1618
|
S_1618
|
0.001
|
|
body
|
|
Claims compliance with Senate Bill 1618
|
UNDER_BILL_1618
|
4.300
|
|
body
|
|
Claims compliance with spam regulations
|
SECTION_301
|
1.101 3.188 1.101 1.101
|
|
body
|
|
Claims compliance with House Bill 4176
|
HR_4176
|
2.900
|
|
body
|
|
Claims compliance with spam regulations
|
FURTHER_TRANSMISSIONS
|
1.101 2.900 0.700 2.900
|
|
body
|
|
Contains word 'guarantee' in all-caps
|
GUARANTEE
|
1.226 1.694 1.051 0.522
|
|
body
|
|
Doesn't ask any questions
|
NO_QS_ASKED
|
0.001
|
|
body
|
|
Offers a full refund
|
FULL_REFUND
|
0.782 1.473 0.572 0.659
|
|
body
|
|
No such thing as a free lunch (1)
|
FOR_FREE
|
0.625 0.545 0.592 0.455
|
|
body
|
|
No such thing as a free lunch (2)
|
COMPLETELY_FREE
|
0.949 1.101 0.500 1.101
|
|
body
|
|
No such thing as a free lunch (3)
|
NO_COST
|
1.085 0.882 0.977 0.252
|
|
body
|
|
One hundred percent guaranteed
|
GUARANTEED_100_PERCENT
|
1.101 0.500 1.101 0.759
|
|
body
|
|
Discusses money making
|
MONEY_MAKING
|
1.700 2.651 2.696 2.047
|
|
body
|
|
Talks about bulk email
|
BULK_EMAIL
|
2.073 2.070 2.011 2.350
|
|
body
|
|
How dear can you be if you don't know my name?
|
DEAR_FRIEND
|
0.001
|
|
body
|
|
Contains 'Dear (something)'
|
DEAR_SOMETHING
|
2.596 2.596 1.806 1.803
|
|
body
|
|
Urges you to call now
|
CALL_NOW
|
1.799 0.700 1.011 1.070
|
|
body
|
|
Contains a tollfree number
|
CALL_FREE
|
0.001
|
|
body
|
|
Wants you to do business online
|
ONLINE_BIZ_OPS
|
2.900
|
|
body
|
|
Talks about lots of money
|
BILLION_DOLLARS
|
1.225 2.900 0.335 1.590
|
|
body
|
|
Talks about opting in (lowercase version)
|
OPT_IN
|
1.316 0.298 1.288 1.160
|
|
body
|
|
Talks about opting in (capitalized version)
|
OPT_IN_CAPS
|
0.377 0.235 0.428 0.625
|
|
body
|
|
Talks about opting out (lowercase version)
|
OPT_OUT
|
0.001
|
|
body
|
|
Talks about opting out (capitalized version)
|
OPT_OUT_CAPS
|
0.001
|
|
body
|
|
Talks about direct email
|
DIRECT_EMAIL
|
0.001
|
|
body
|
|
Talks about mass email
|
MASS_EMAIL
|
0.001
|
|
body
|
|
Talks about email marketing
|
EMAIL_MARKETING
|
0.001
|
|
body
|
|
Tells you it's an ad
|
PRODUCED_AND_SENT_OUT
|
0.001
|
|
body
|
|
Instructions on how to increase something
|
INCREASE_SOMETHING
|
0.001
|
|
body
|
|
"another mailing" will "never" be "received"
|
NEVER_ANOTHER
|
2.900
|
|
body
|
|
"one time mailing" doesn't mean it isn't spam
|
ONE_TIME_MAILING
|
1.486 1.400 1.438 1.626
|
|
body
|
|
Get a million email addresses
|
MILLION_EMAIL
|
2.896 2.585 0.571 1.592
|
|
body
|
|
Only thing addresses on CD are useful for is spam
|
ADDRESSES_ON_CD
|
2.900 2.900 2.375 1.972
|
|
body
|
|
Gives a lame excuse about why you were sent this spam
|
EXCUSE_1
|
0.001
|
|
body
|
|
Claims you actually asked for this spam
|
EXCUSE_2
|
0.001
|
|
body
|
|
Claims you can be removed from the list
|
EXCUSE_3
|
0.100 0.100 0.100 0.083
|
|
body
|
|
Claims you can be removed from the list
|
EXCUSE_4
|
2.896 2.042 2.900 2.896
|
|
body
|
|
Claims you can be removed from the list
|
EXCUSE_6
|
0.999 2.297 1.909 1.749
|
|
body
|
|
Claims you can be removed from the list
|
EXCUSE_7
|
0.001
|
|
body
|
|
"if you do not wish to receive any more"
|
EXCUSE_10
|
0.001
|
|
body
|
|
Claims you were on a list
|
EXCUSE_11
|
1.681 1.666 1.079 1.255
|
|
body
|
|
Nobody's perfect
|
EXCUSE_12
|
2.238 2.218 1.101 2.511
|
|
body
|
|
Gives an excuse for why message was sent
|
EXCUSE_13
|
0.001
|
|
body
|
|
Tells you how to stop further spam
|
EXCUSE_14
|
0.001
|
|
body
|
|
Claims to be legitimate email
|
EXCUSE_15
|
1.706 1.814 1.157 1.407
|
|
body
|
|
I wonder how many emails they sent in error...
|
EXCUSE_16
|
0.001
|
|
body
|
|
Claims not to be spam
|
EXCUSE_18
|
0.001
|
|
body
|
|
Claims you opted-in or registered
|
EXCUSE_19
|
1.637 0.891 1.101 0.500
|
|
body
|
|
Claims you registered at their site
|
EXCUSE_20
|
2.900
|
|
body
|
|
Claims your address was obtained legitimately
|
EXCUSE_21
|
2.408 1.532 4.300 2.355
|
|
body
|
|
Claims you're receiving this offer for a reason
|
EXCUSE_22
|
2.900
|
|
body
|
|
Claims you have provided permission
|
EXCUSE_23
|
2.900
|
|
body
|
|
Claims you received an ad because you wanted it
|
EXCUSE_24
|
4.300
|
|
body
|
|
Talks about how to be removed from mailings
|
EXCUSE_REMOVE
|
2.219 2.678 2.603 2.211
|
|
body
|
|
Plugs Viagra
|
VIAGRA
|
1.249 2.162 0.122 0.567
|
|
body
|
|
Plugs "Natural Viagra"
|
NATURAL_VIAGRA
|
0.001
|
|
body
|
|
Plugs "Herbal Viagra"
|
HERBAL_VIAGRA
|
1.979 1.069 1.087 1.486
|
|
body
|
|
Targeted Traffic / Email Addresses
|
TARGETED
|
2.796 2.796 2.739 1.993
|
|
body
|
|
Offers a limited time offer
|
LIMITED_TIME_ONLY
|
0.328 0.084 0.101 0.403
|
|
body
|
|
Tells you about a strong buy
|
STRONG_BUY
|
1.230 2.117 0.166 2.700
|
|
body
|
|
Claims to honor removal requests
|
WE_HONOR_ALL
|
1.101 4.300 1.101 4.300
|
|
body
|
|
Sent using a trial version of CommuniGate
|
COMMUNIGATE
|
1.759 1.237 2.271 0.967
|
|
body
|
|
Gives information about an opportunity
|
OPPORTUNITY
|
1.509 0.908 2.699 2.360
|
|
body
|
|
Offers "pure" profit
|
PURE_PROFIT
|
1.624 2.900 0.534 2.900
|
|
body
|
|
Offers a picked stock
|
STOCK_PICK
|
0.121 2.796 2.350 1.453
|
|
body
|
|
Offers a alert about a stock
|
STOCK_ALERT
|
2.796
|
|
body
|
|
SEC-mandated penny-stock warning -- thanks SEC
|
MICRO_CAP_WARNING
|
0.001
|
|
body
|
|
Not registered investment advisor
|
NOT_ADVISOR
|
2.900
|
|
body
|
|
Offers a consultation for nothing
|
FREE_CONSULTATION
|
2.900 2.899 2.900 2.099
|
|
body
|
|
Describes some sort of breakthrough
|
SOME_BREAKTHROUGH
|
0.715 1.849 1.024 0.923
|
|
body
|
|
They have selected you for something
|
SELECTED_YOU
|
0.001
|
|
body
|
|
Asks for credit card details
|
WANTS_CREDIT_CARD
|
1.738 2.796 2.796 2.494
|
|
body
|
|
Asks for a billing address
|
ASKS_BILLING_ADDRESS
|
0.001
|
|
body
|
|
Asks you for your signature on a form
|
PRINT_FORM_SIGNATURE
|
2.271 0.787 1.209 0.349
|
|
body
|
|
Contains mail-in order form
|
MAIL_IN_ORDER_FORM
|
1.059 0.780 1.467 0.886
|
|
body
|
|
Instant Access button
|
FOR_INSTANT_ACCESS
|
0.001
|
|
body
|
|
University Diplomas
|
UNIVERSITY_DIPLOMAS
|
2.303 0.434 2.900 2.108
|
|
body
|
|
'Prestigious Non-Accredited Universities'
|
PREST_NON_ACCREDITED
|
2.900
|
|
body
|
|
Possible registry spammer
|
NEW_DOMAIN_EXTENSIONS
|
2.044 2.599 1.695 2.013
|
|
body
|
|
Domain registration spam body
|
DOMAIN_BODY
|
0.001
|
|
body
|
|
Gives instructions for removal from list
|
REMOVAL_INSTRUCTIONS
|
0.001
|
|
body
|
|
Claims "cannot be considered spam"
|
CANNOT_BE_SPAM
|
1.541 1.533 1.541 1.541
|
|
body
|
|
Claims "This is not spam"
|
THIS_AINT_SPAM
|
2.087 2.799 1.594 2.796
|
|
body
|
|
Says "We strongly oppose the use of spam email"
|
WE_HATE_SPAM
|
2.799 1.744 2.900 1.650
|
|
body
|
|
Says "this is an advertisement" (thanks!)
|
THIS_IS_AN_AD
|
1.172 2.067 2.900 1.287
|
|
body
|
|
Mentions Spam law "H.R. 3113"
|
HR_3113
|
4.300 4.300 2.900 2.900
|
|
body
|
|
Mentions Spam Law "UCE-Mail Act"
|
UCE_MAIL_ACT
|
4.300 4.300 2.900 2.900
|
|
body
|
|
Information on getting a larger penis or breasts
|
PENIS_ENLARGE
|
2.342 2.174 2.342 2.469
|
|
body
|
|
Information on getting a larger penis or breasts (2)
|
PENIS_ENLARGE2
|
2.290 2.799 0.909 2.126
|
|
body
|
|
Impotence cure
|
IMPOTENCE
|
2.381 2.900 0.518 2.900
|
|
body
|
|
Information on how to work at home (1)
|
WORK_AT_HOME
|
0.001
|
|
body
|
|
Information on how to work at home (2)
|
HOME_EMPLOYMENT
|
1.652 1.497 1.798 1.500
|
|
body
|
|
No experience needed!
|
NO_EXPERIENCE
|
1.792 2.696 2.341 1.176
|
|
body
|
|
Information on mortgages
|
MORTGAGE_BEST
|
1.186 2.553 1.101 1.672
|
|
body
|
|
Looks like mortgage pitch
|
MORTGAGE_PITCH
|
0.607 0.743 0.500 0.605
|
|
body
|
|
Information on mortgage rates
|
MORTGAGE_RATES
|
0.500 0.021 1.101 0.500
|
|
body
|
|
Something about waiting for mortgages
|
MORTGAGE_WAITING
|
2.900
|
|
body
|
|
Something about a mortgage network
|
MORTGAGE_NETWORK
|
2.900
|
|
body
|
|
A dodgy mortgage testimonial
|
HELPED_FINANCE
|
0.001
|
|
body
|
|
Interest rates
|
FALLING_INTEREST
|
2.900
|
|
body
|
|
Order a report from someone
|
ORDER_REPORT
|
2.900
|
|
body
|
|
Tells you to 'take action now!'
|
TAKE_ACTION_NOW
|
2.900
|
|
body
|
|
Asks you to fill out a form
|
THE_FOLLOWING_FORM
|
0.484 1.400 1.639 2.270
|
|
rawbody
|
|
mailto URI includes removal text
|
MAILTO_WITH_SUBJ_REMOVE
|
1.101 0.500 1.101 0.500
|
|
rawbody
|
|
Includes a URL link to send an email
|
MAILTO_LINK
|
0.001
|
|
body
|
|
Includes a link for AOL users to click
|
AOL_USERS_LINK
|
1.410 1.121 0.680 1.855
|
|
body
|
|
Nigerian scam key phrase (million dollars)
|
US_DOLLARS
|
0.326 1.375 0.770 1.513
|
|
body
|
|
Nigerian scam key phrase ((dollar) NNN.N m/USDNNN.N m/US(dollar) NN.N m)
|
US_DOLLARS_2
|
0.001
|
|
body
|
|
Nigerian scam key phrase ((dollar) NN,NNN,NNN.NN)
|
US_DOLLARS_3
|
1.469 0.579 1.882 1.475
|
|
body
|
|
Nigerian scam key phrase (millions of dollars)
|
MILLION_USD
|
0.001
|
|
rawbody
|
|
Frontpage used to create the message
|
FRONTPAGE
|
0.500 0.919 0.501 1.589
|
|
body
|
|
Contains "Temple Kiff"
|
KIFF
|
2.900
|
|
body
|
|
Contains "CBYI"
|
CBYI
|
2.796 2.796 2.900 1.619
|
|
body
|
|
Contains "My wife, Jody" testimonial
|
JODY
|
2.900
|
|
body
|
|
Contains "Gentle Ferocity"
|
GENTLE_FEROCITY
|
2.900
|
|
body
|
|
Contains "Vjestika Aphrodisia"
|
VJESTIKA
|
2.900
|
|
body
|
|
Contains "Toner Cartridge"
|
TONER
|
1.341 1.494 1.546 1.197
|
|
body
|
|
Doing something with my income
|
YOUR_INCOME
|
2.256 2.129 1.533 2.696
|
|
body
|
|
Apparently, you'll be amazed
|
BE_AMAZED
|
0.001
|
|
body
|
|
Resistance to this spam is futile
|
RESISTANCE_IS_FUTILE
|
0.977 1.355 0.700 2.900
|
|
body
|
|
Trying to offer you something
|
GREAT_OFFER
|
0.001
|
|
body
|
|
Contains 'subject to credit approval'
|
SUBJ_2_CREDIT
|
0.001
|
|
body
|
|
Contains urgent matter
|
URGENT_BIZ
|
2.397 2.153 2.799 2.696
|
|
body
|
|
Contains 'earn (dollar) something per week'
|
EARN_PER_WEEK
|
0.001
|
|
body
|
|
Contains 'for only pennies a day'
|
PENNIES_A_DAY
|
2.900
|
|
body
|
|
Contains 'for only' some amount of cash
|
FOR_JUST_SOME_AMT
|
0.001
|
|
body
|
|
You'd better read all of this spam!
|
READ_TO_END
|
2.900 2.900 2.900 2.657
|
|
body
|
|
Spam is 100% natural?!
|
ALL_NATURAL
|
3.040 1.804 2.796 1.950
|
|
body
|
|
Money back guarantee
|
MONEY_BACK
|
0.900 0.645 1.398 1.328
|
|
body
|
|
There is no catch
|
NO_CATCH
|
2.900 2.900 2.699 2.900
|
|
body
|
|
There is no obligation
|
NO_OBLIGATION
|
0.001
|
|
body
|
|
You won't be "disappointed"
|
NO_DISAPPOINTMENT
|
0.001
|
|
body
|
|
Serious Enquiries Only
|
SERIOUS_ONLY
|
0.001
|
|
body
|
|
Risk free. Suuurreeee....
|
RISK_FREE
|
0.844 0.994 0.762 0.664
|
|
body
|
|
As seen on national TV!
|
AS_SEEN_ON
|
1.988 2.081 1.101 3.272
|
|
body
|
|
Not intended for residents of somewhere or other
|
NOT_INTENDED
|
2.900
|
|
body
|
|
Common pyramid scheme phrase (1)
|
COPY_ACCURATELY
|
2.900
|
|
body
|
|
See for yourself
|
SEE_FOR_YOURSELF
|
0.467 0.473 0.958 0.192
|
|
body
|
|
Encourages you to waste no time in ordering
|
ORDER_NOW
|
0.001
|
|
body
|
|
Off Shore Scams
|
OFFSHORE_SCAM
|
0.801 2.696 2.497 2.497
|
|
body
|
|
Vacation Offers
|
VACATION_SCAM
|
0.415 0.905 0.813 0.291
|
|
body
|
|
Why Pay More?
|
WHY_PAY_MORE
|
0.001
|
|
body
|
|
Congratulations - you've been scammed?
|
CONGRATULATIONS
|
0.001
|
|
body
|
|
Talks about free mobile phones
|
FREE_CELL_PHONE
|
2.166 2.801 2.541 2.900
|
|
body
|
|
Free Leads
|
FREE_LEADS
|
2.900 2.900 1.782 1.495
|
|
body
|
|
Receive third party email
|
RECEIVE_EMAIL
|
2.900
|
|
body
|
|
Receive a special offer
|
RECEIVE_OFFER
|
0.500 0.500 1.101 0.500
|
|
body
|
|
Free Offer
|
OFFER
|
0.100
|
|
body
|
|
Free Quote
|
FREE_QUOTE
|
1.197 1.147 1.101 1.101
|
|
body
|
|
Free express or no-obligation quote
|
FREE_QUOTE_INSTANT
|
2.896 2.900 2.748 2.900
|
|
body
|
|
Free DVD
|
FREE_DVD
|
0.001
|
|
body
|
|
Free Investment
|
FREE_INVESTMENT
|
1.747 1.514 1.137 1.848
|
|
body
|
|
Free Trial
|
FREE_TRIAL
|
0.001
|
|
body
|
|
Free Membership
|
FREE_MEMBERSHIP
|
0.700 0.700 0.892 0.314
|
|
body
|
|
Free Website
|
FREE_WEBSITE
|
2.297 2.499 1.893 2.599
|
|
body
|
|
Credit Card Offers
|
CREDIT_CARD
|
0.392 1.407 0.726 1.173
|
|
body
|
|
No Credit Check
|
NO_CREDIT_CHECK
|
2.900
|
|
body
|
|
Avoid Bankruptcy
|
BANKRUPTCY
|
1.515 1.697 0.551 2.643
|
|
body
|
|
Credit Bureaus
|
CREDIT_BUREAU
|
0.001
|
|
body
|
|
Accept Credit Cards
|
ACCEPT_CREDIT_CARDS
|
0.747 1.500 2.184 1.189
|
|
body
|
|
Eliminate Bad Credit
|
BAD_CREDIT
|
0.787 0.716 0.535 0.491
|
|
body
|
|
Unsecured Credit/Debt
|
UNSECURED_CREDIT
|
2.896 1.214 2.366 1.884
|
|
body
|
|
Lower Interest Rates
|
LOW_INTEREST
|
1.750 2.781 1.471 2.454
|
|
body
|
|
Compare Rates
|
COMPARE_RATES
|
2.059 1.882 2.413 0.767
|
|
body
|
|
Save Up To
|
SAVE_UP_TO
|
0.001
|
|
body
|
|
Lower Monthly Payment
|
LOW_PAYMENT
|
2.300 2.543 2.011 2.616
|
|
body
|
|
Consolidate debt, credit, or bills
|
CONSOLIDATE_DEBT
|
1.453 4.300 1.721 1.101
|
|
body
|
|
Calling Creditors
|
CREDITORS_CALLING
|
0.001
|
|
body
|
|
Home refinancing
|
REFINANCE_YOUR_HOME
|
0.001
|
|
body
|
|
Home refinancing
|
REFINANCE_NOW
|
1.825 2.279 2.900 2.272
|
|
body
|
|
Discusses search engine listings
|
SEARCH_ENGINE_PROMO
|
1.155 1.705 1.995 1.997
|
|
body
|
|
Opportunity - What a deal!
|
OPPORTUNITY_2
|
1.562 1.331 0.535 0.715
|
|
body
|
|
No Purchase Necessary
|
NO_PURCHASE
|
0.356 0.258 0.185 0.173
|
|
body
|
|
No Strings Attached
|
NO_STRINGS
|
2.244 2.697 2.699 2.696
|
|
body
|
|
No Fees
|
NO_FEE
|
0.392 0.012 0.428 0.114
|
|
body
|
|
No Medical Exams
|
NO_MEDICAL
|
0.001
|
|
body
|
|
No Age Restrictions
|
NO_AGE
|
2.569 2.696 1.829 2.497
|
|
body
|
|
No Claim Forms
|
NO_FORMS
|
2.656 2.578 1.714 2.280
|
|
body
|
|
No Gimmick
|
NO_GIMMICK
|
0.001
|
|
body
|
|
No Investment
|
NO_INVESTMENT
|
2.793 2.900 2.596 2.900
|
|
body
|
|
Requires Initial Investment
|
INITIAL_INVEST
|
2.899 2.896 2.796 2.796
|
|
body
|
|
No Inventory
|
NO_INVENTORY
|
1.768 2.900 1.574 2.900
|
|
body
|
|
Buy Direct
|
BUY_DIRECT
|
1.003 0.829 1.008 0.370
|
|
body
|
|
Drastically Reduced
|
DRASTIC_REDUCED
|
1.168 1.545 1.418 2.459
|
|
body
|
|
Do it Today
|
DO_IT_TODAY
|
0.001
|
|
body
|
|
What are you waiting for
|
WHY_WAIT
|
1.021 1.090 0.691 0.931
|
|
body
|
|
Supplies are Limited
|
SUPPLIES_LIMITED
|
0.001
|
|
body
|
|
Secretly Recorded
|
SECRET_RECORD
|
0.001
|
|
body
|
|
Someone using your identity
|
USE_IDENTITY
|
2.900
|
|
body
|
|
You can search for anyone
|
YOU_CAN_SEARCH
|
2.900
|
|
body
|
|
Find out anything
|
FIND_ANYTHING
|
0.330 0.679 0.831 0.686
|
|
body
|
|
Score with babes!
|
SEDUCTION
|
0.289 2.031 0.317 0.389
|
|
body
|
|
Invaluable marketing information
|
INVALUABLE_MARKETING
|
2.900
|
|
body
|
|
Marketing Solutions
|
MARKET_SOLUTION
|
2.097 2.197 2.197 1.897
|
|
body
|
|
Direct Marketing
|
MARKETING
|
0.021 0.487 0.010 0.130
|
|
body
|
|
Save big money
|
SAVE_MONEY
|
0.001
|
|
body
|
|
Guaranteed Stuff
|
GUARANTEED_STUFF
|
0.001
|
|
body
|
|
Additional Income
|
INCOME
|
2.377 2.900 2.768 1.965
|
|
body
|
|
Potential Earnings
|
EARNINGS
|
1.964 2.900 1.706 2.900
|
|
body
|
|
The best Rates
|
THE_BEST_RATE
|
4.300 4.141 3.954 4.284
|
|
body
|
|
Promise you ...!
|
WE_PROMISE_YOU
|
1.982 2.545 2.506 0.636
|
|
body
|
|
Amazing Stuff
|
AMAZING_STUFF
|
0.244 1.829 0.700 1.718
|
|
body
|
|
Cash Bonus
|
CASH_BONUS
|
0.463 0.964 0.588 1.247
|
|
body
|
|
Shopping Spree
|
SHOPPING_SPREE
|
0.001
|
|
body
|
|
Fantastic Deal
|
FANTASTIC
|
0.001
|
|
body
|
|
Cents on the Dollar
|
CENTS_ON_DOLLAR
|
2.900
|
|
body
|
|
Lose Weight Spam
|
DIET
|
0.001
|
|
body
|
|
Long Distance Phone Offer
|
LONG_DISTANCE
|
0.001
|
|
body
|
|
Reverses Aging
|
REVERSE_AGING
|
3.179 3.268 2.402 2.880
|
|
body
|
|
Cures Baldness
|
HAIR_LOSS
|
2.796 2.796 2.796 4.295
|
|
body
|
|
Cable Converter
|
CABLE_CONVERTER
|
2.900
|
|
body
|
|
Luxury Car
|
LUXURY_CAR
|
1.489 1.296 1.797 0.420
|
|
body
|
|
Removes Wrinkles
|
WRINKLES
|
4.300 2.900 4.300 4.300
|
|
body
|
|
Buying judgements
|
BUY_JUDGEMENTS
|
0.001
|
|
body
|
|
Will not Believe your Eyes!
|
|
