1 # -*- mode: spamassassin -*-
2 # Added some rules from Rule du Jour that I've been testing for a while
4 #Monotone (from airmax.cf)
5 body MONOTONE_WORDS_2_15 /^([a-z]{2,20}[\s\.]+){15}/
6 describe MONOTONE_WORDS_2_15 Lines with many (long) lowercase words (15+ words, 2+ letters)
7 body MONOTONE_WORDS_2_30 /^([a-z]{2,20}[\s\.]+){30}/
8 describe MONOTONE_WORDS_2_30 Lines with many (long) lowercase words (30+ words, 2+ letters)
9 body MONOTONE_WORDS_3_20 /^([a-z]{3,20}[\s\.]+){20}/
10 describe MONOTONE_WORDS_3_20 Lines with many (long) lowercase words (20+ words, 3+ letters)
11 body MONOTONE_WORDS_5_8 /^([a-z]{5,20}[\s\.]+){8}/
12 describe MONOTONE_WORDS_5_8 Lines with many (long) lowercase words (8+ words, 5+ letters)
13 body MONOTONE_WORDS_5_12 /^([a-z]{5,20}[\s\.]+){12}/
14 describe MONOTONE_WORDS_5_12 Lines with many (long) lowercase words (12+ words, 5+ letters)
15 body MONOTONE_WORDS_5_20 /^([a-z]{5,20}[\s\.]+){20}/
16 describe MONOTONE_WORDS_5_20 Lines with many (long) lowercase words (20+ words, 5+ letters)
18 # Lots of auto-responders seem to have this
19 body MDO_AUTORESP1 /online form/i
20 score MDO_AUTORESP1 0.1
22 body MDO_AUTORESP2 /large amount of (spam|virus)/i
23 score MDO_AUTORESP2 0.1
25 body MDO_AUTORESP3 /(electronically|automatically) (generated|created) (email|ack)/i
26 score MDO_AUTORESP3 0.1
28 body MDO_AUTORESP4 /(respond|answer) your enquiry/i
29 score MDO_AUTORESP4 0.1
31 body MDO_AUTORESP5 /(email|enquiry) has been received/i
32 score MDO_AUTORESP5 0.1
34 body MDO_AUTORESP6 /will be answered within/i
35 score MDO_AUTORESP6 0.1
37 body MDO_AUTORESP7 /the e-mail address to which you have written does not support incoming messages/i
38 score MDO_AUTORESP7 0.1
40 meta MDO_AUTORESP_META1 (MDO_AUTORESP1 + MDO_AUTORESP2 + MDO_AUTORESP3 + MDO_AUTORESP4 + MDO_AUTORESP5 + MDO_AUTORESP6 + MDO_AUTORESP7) > 1
41 score MDO_AUTORESP_META1 2.0
43 body MURPHY_DIPLOMA /dip[l1]omas?/i
44 describe MURPHY_DIPLOMA No Diploma
45 score MURPHY_DIPLOMA 1
47 body MURPHY_CALORIES /calories/
48 describe MURPHY_CALORIES No Calories
49 score MURPHY_CALORIES 1
51 header MURPHY_CONTENT_GIF Content-Type =~ /image\/gif/
52 describe MURPHY_CONTENT_GIF Content contains image/gif
53 score MURPHY_CONTENT_GIF 1
55 # cable tv spam -- pasc 04/05/11-12
56 body MDO_CABLE_TV1 /pay.?per.?view/i
57 score MDO_CABLE_TV1 0.5
59 body MDO_CABLE_TV2 /mature.?channel/i
60 score MDO_CABLE_TV2 0.5
62 body MDO_CABLE_TV3 /c(\@|a)ble/i
63 score MDO_CABLE_TV3 0.5
65 body MDO_CABLE_TV4 /rem(o|0)te.?control/i
66 score MDO_CABLE_TV4 0.5
68 meta MDO_CABLE_META1 (MDO_CABLE_TV1 || MDO_CABLE_TV2 || MDO_CABLE_TV4) && (MDO_CABLE_TV3)
69 describe MDO_CABLE_META1 Too much cable stuff
70 score MDO_CABLE_META1 3
72 header MDO_TAGSPAM1 Subject =~ /Unknown Tag *free* Please Fix/
75 body MDO_BAD_WORD1 /PORTFOLIO/i
76 score MDO_BAD_WORD1 2.8
78 # blarson, 2004-04-30 -> lists --pasc 04/05/11
79 body AFFILIATEID /affiliate.?id/i
80 describe AFFILIATEID affiliate id
84 header REFWD subject =~ /\b(?:RE|FWD?|AW)(?:\[\d+\])?\:\s*$/i
85 describe REFWD re or fwd nothing
89 header ONEWORD subject =~ /^(?:Fw:|re:)?\s*\S+\s*$/i
90 describe ONEWORD one word subject
93 rawbody ONEWORDBODY /^\s*\S+\s*$/s
94 describe ONEWORDBODY One word body
97 meta ONEWORDALL (ONEWORD && ONEWORDBODY)
98 describe ONEWORDALL Both subject and body contain one word
101 # robot101, 2003-09-22
102 header CROSSWALK X-UnityUser =~ /^Crosswalk.com, Inc/
103 describe CROSSWALK Crosswalk bible mailing list
106 header CROSSWALK_SPAM From =~ /Crosswalk/
107 describe CROSSWALK_SPAM Crosswalk Spam
108 score CROSSWALK_SPAM 1
111 header BOMDIA Subject =~ /Bom dia /
112 describe BOMDIA Bom dia, usually some Romanic language spam
115 header RCVD_FROM_UNCONF_HOST Received =~ /^from localhost.localdomain/
116 describe RCVD_FROM_UNCONF_HOST Mail comes from a host with unconfigured mailer daemon
117 score RCVD_FROM_UNCONF_HOST 2
120 body ECOSPAM /Corridas de Toros para los turistas Ingleses en Barcelona/
121 describe ECOSPAM Eco-spam all right
124 # cjwatson, 2003/02/24
125 body SPANISH_FORM_CGI /Este formulario fue enviado por/
126 describe SPANISH_FORM_CGI "Below is the result of your feedback form", eh?
127 score SPANISH_FORM_CGI 4.0
130 body TRAFFICMAGNET /Become a TrafficMagnet Reseller/
131 describe TRAFFICMAGNET SpamMagnet
132 score TRAFFICMAGNET 4
135 header BKR Subject =~ /^bkr/
136 describe BKR bkr spam
140 header RISEANDSHINE Subject =~ /^Rise and Shine in 15 minutes/
141 describe RISEANDSHINE Rise and Shine in 15 minutes spam
145 header UNIVDIP Subject =~ /U N I V E R S I T Y . D I P L O M A S/i
146 describe UNIVDIP university diplomas spam
150 header YOUTHERE Subject =~ /^(Re: )?You/i
151 describe YOUTHERE Who, me? Likely spam
154 # cjwatson, 2003-11-20
155 header HOUSECLEANING Subject =~ /^Affordable Housecleaning Service/
156 describe HOUSECLEANING let's clean out the spam instead
157 score HOUSECLEANING 3
159 # cjwatson, 2003-12-11
160 header OTC_FIRST Subject =~ /OTC FIRST ALERT/
161 describe OTC_FIRST OTC spam
165 body AVAILABLENOW /available now/i
166 describe AVAILABLENOW must be selling some shit
169 # cjwatson, 2004-01-16
170 body TEDIOUS_WITTER /If not i included it below so let me know if you like it/
171 describe TEDIOUS_WITTER annoying wittering spam, mypillsource.com I think
172 score TEDIOUS_WITTER 2
174 # cjwatson, 2004-03-12
176 header UNI_DIPLOMA subject =~ /\b(?:university|college|doctora+te|bache+lor|maste+rs?)[\/\s]+(?:(dip[l1][o0]ma|cert|degree)|(?:university|college|doctora+te|bache+lor|maste+rs?))/i
177 describe UNI_DIPLOMA Got a diploma, thanks
181 body UNI2 /university\s+(diploma|cert|degree)/i
182 describe UNI2 Got one, thanks
186 body UNI3 /(?:(?:maste+rs|batche+lor|m\s*b\s*a\s*|ph\.?\s*d|doctora+te)\s*[,.\/]?\s*){2,}/i
187 describe UNI3 multiple types of degrees
190 # cjwatson, 2004-03-12
191 header JOB_CONFIRM Subject =~ /Job confirmation/
192 describe JOB_CONFIRM Got one of these too, thanks
196 header MESSAGESUB subject =~ /^\s*\(?message\s*(subject)?\)?$/i
197 describe MESSAGESUB really descriptive subject
200 # blarson 2006-03-16 2007-09-18 not working, replaced 2007-12-08
201 # body DEARDIGIT /^(?:well\s+)?(?:Dear|Hey|H[ea]y?ll?.?o|To|Attention|Hi+|Hey+a?|Bonjorno|(?:Yo\s*)+|(?:g[o0]+d\s*)?(?:d?ay|morning|evening?|afternoon|night)|what.?i?s\s+up|wa(?:s|z)+up|greetings?|Salutations|(Mail|News)\s+to|how(?:.?s|\s+is)?\s*(?:(?:it)?(?:\s+is)??\s*going|have\s+you\s+been|are you).?\s*(?:there|to\s+you)?|compliments|Regards|Adieu)\,?\s+(?:Account\s+\#?|\=?3d|)(?:bro|there|sir|Mr\.?)\s*?\d{3,}/i
202 body DEARDIGIT /^\s*(?:Good\s*)?(?:evenin|night|day|hi|hello|greetin|Compliment|Wa[sz]+up|dear|Regard|Mornin|(?:yo\s*)+)[sg]?\s+(?:there\s+)?\d{3,}/i
203 describe DEARDIGIT Dear number
207 header SIZEMATTERS subject =~ /^S.ze matters$/i
208 describe SIZEMATTERS Size matters spammer
211 # cjwatson 2005-01-02
212 header RNDMX subject =~ /^<rndmx/
213 describe RNDMX weird empty spam
217 header VERIFYCAT subject =~ /verifycation mail/
218 describe VERIFYCAT verifycation spam
222 header D0WNLOAD subject =~ /\bd[o0]wn[l1][o0]ad.*(?:m[o0]v[i1]e|mp3|tune|music)/i
223 describe D0WNLOAD download spam
227 header REDUCESPAM subject =~ /Reduce Spam\b/i
228 describe REDUCESPAM reduce spam spam
232 body DIRT /\.(?:the|\d|)dirty?\d+\.info\//
233 describe DIRT dirty spammer
237 body RNDWORD /^RND_WORD\s*$/
238 describe RNDWORD RND_WORD
242 header D3GREE subject =~ /\bd(?:3gres?|esgre|eerge|eeerg|reege|egres)e?s?\b/i
243 describe D3GREE Want a used paper from someone who can't spell
247 body FINALNOTE /\bfinal\s+notif/i
248 describe FINALNOTE yet another final notification
252 header HIITS subject =~ /\bHi\! It\'s\b/i
253 describe HIITS hi its
257 header GOTONE subject =~ /\bgot one$/i
258 describe GOTONE got this spam already
262 body IMMEDIATEREV /^ATTENTION- For your immediate review:/
263 describe IMMEDIATEREV immediate discard
267 body CLIENTALERT /^(?:CLIENT ALERT|ATTENTION CLIENT)/i
268 describe CLIENTALERT client alert
271 # cjwatson 2005-10-20
272 header DEBIANTUX23 From =~ /DebianTux23|wieseltux23/i
273 describe DEBIANTUX23 Linux spammer, sigh
277 body SHITBRO /^\s*sh[i1]+t\s+bro/i
278 describe SHITBRO shitty spam
282 header POPPROG subject =~ /popular programs for everyday use/i
283 describe POPPROG unpopular spam
287 body GREET /^\%(?:GREET|EXIT)/
288 describe GREET broken spamware
292 header WROTE subject =~ /\bwrote\:\s*$/i
293 describe WROTE stock scam
296 body DEGREE_SPAM /earn.+degree.+transcripts/i
297 describe DEGREE_SPAM earn a degree with transcripts spam
298 score DEGREE_SPAM 2.5
301 body BLUEPILL /blue pill/i
302 describe BLUEPILL Blue pill spam
306 header PHOTOQUEST subject =~ /question about your photo/i
307 describe PHOTOQUEST questioning photo
311 body KBDP /Knowledge Based Degree Program/i
312 describe KBDP degree spam
316 body CRITERIAHAS /\bOur criteria has changed\b/i
317 describe CRITERIAHAS Diploma salesman with bad english
321 body TORA08 /\b\d{6} \d{7} \d{6} \d \d{7} \d{7}/
322 describe TORA08 TORA.08 spam
326 body SERIOUSBRO /^Seriously bro\b/i
327 describe SERIOUSBRO Seriously bro
331 body INSETET /\bwilson\@insitetcnologia\.com\.br\b/
332 describe INSETET please send spammer
336 body USUARIO /\bEl usuario destinatario no es un usuario valido/
337 describe USUARIO No such user -- sent in infinite loop
341 body NOMAILRECBI /no recibi tu mail/i
342 describe NOMAILRECBI No recbi of mail -- was closing way to many bugs
346 header URHELP subject =~ /\bi need ur help\b/
347 describe URHELP blank spam
351 header ACRO8PR0 subject =~ /\bAcr[0o]bat\s*[78]\s+(?:PR[0O]\b|\$?\d+\$?)/i
352 describe ACRO8PR0 sales spam
356 body WBRS /\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?|wwng|WWNG|F\WD\WE\WG|FDEG|UTYW|M\s*I\s*H\s*I|O\W?N\W?C\W?O|P\W?P\W?Y\W?H|S\W?R\W?E\W?A|A\W?C\W?G\W?U|S\W?C\W?Y\W?F|C\W?H\W?V\W?C|D\W?M\W?X\W?C|F\W?R\W?L\W?E|M\W?A\W?K\W?U|C\W?W\W?T\W?E|F\W?R\W?L\W?E|M\W?X\W?X\W?R|P\W?R\W?T\W?H|A\W?L\W?L\W?U|C\W?W\W?T\W?D|T\W?A\W?D\W?F|D\W?M\W?H\W?N|C\W?A\W?O\W?N|Cwtd|N\W?C\W?S\W?H|F\W?R\W?L\W?E|M\W?A\W?K\W?U|d\W?m\W?h\W?n|T\W?R\W?T\W?M|[Ee]\W?[Tt]\W?[Gg]\W?[Uu]|P\W?E\W?R\W?T|EWIN|SXB\.F|OPLO|DCNM|mpix|MPIX|UCSO|TBCO)\b/
357 describe WBRS stock spam
360 body FOURLA /\b([A-Z]\s?){4}\b/
361 describe FOURLA Four letter acronym (stock spam?)
364 meta STOCKLIKE (FOURLA && (MONEY || SUBJMONEY))
365 describe STOCKLIKE Four letter acronyms with money; stock scam
369 header ACROBAT8 subject =~ /\badobe acr[o0]bat 8\b/i
370 describe ACROBAT8 more sales spam
374 header VLSTA subject =~ /VlSTA|0FFlCE|ACR0B8T/i
375 describe VLSTA misspelled microshit software
379 header ANGEKUEN subject =~ /\bTrauer angekuendigt\b/
380 describe ANGEKUEN german spam
384 body INTCAFE /\binternet caff?e\b/i
385 describe INTCAFE internet cafe spam
389 header VERIFIC subject =~ /Your email requires verification/
390 describe VERIFIC some people prefer you get their spam
394 header WHITELIST subject =~ /You have been added to .* whitelist/
395 describe WHITELIST whitelist spam
399 body CASNIO /^Please be advised that your casnio account is still inactive/
400 describe CASNIO casnio account
404 header AUTOREPLY subject =~ /\bauto(?:mated|matic|)[\s-]+re(?:spon[cs]e|ply)\b/i
405 describe AUTOREPLY Automatic reply
409 body CONFSERV /^Thanks for using our confidential service/
410 describe CONFSERV confidential service
414 body CONTENC /^Confirmation has been enclosed/
415 describe CONTENC more pdf spam
419 header PHONE subject =~ /\b(tele)?phone\b/i
420 describe PHONE phone spam
424 body ASPDF /^We send our messages as Portable Document Format/
425 describe ASPDF more pdf spam
429 body DELAFT /Please delete your private message after reading/
430 describe DELAFT more pdf spam
434 header OFF1CE subject =~ /\b[O0Q]f+[1i7l|]ce\s*\W?2[O0Qk]+7\b/i
435 describe OFF1CE off1ce spam
439 header SOFTSALE subject =~ /\bsoftware sales\b/i
440 describe SOFTSALE software spam
444 body SUPERMACHO /\bBe a supermacho/i
445 describe SUPERMACHO supermacho
449 body BIGINTER /\bBig international commercial organization\b/i
450 describe BIGINTER job spam
454 header HASSENT subject =~ /\b(?:sent you a (?:personal|confidential)?\s*(?:message|note))\b/i
455 describe HASSENT sent a message
459 header WANTTOCHAT subject =~ /\b(?:(?:would like|wants|feels?) (?:to chat|like chatting|to keep up with you))\b/i
460 describe WANTTOCHAT I want to chat/keep up with spam
464 header ORDERNUM subject =~ /\b(?:Order|Recipet)\s*.?\d{3,}/i
465 describe ORDERNUM order number
469 header DICTIONARYSEQ subject =~ /\b(\w{3})\w*(?:\s+\1\w*){2}/i
470 describe DICTIONARYSEQ Ventricular Vents Venting Ventures
471 score DICTIONARYSEQ 3.5
474 header NOLET subject =~ /^\W{4,}$/
475 describe NOLET swearing subject
479 body SSIST /^ssistant Manager/
480 describe SSIST ssistant Manager
484 body GRADUATEUNDER /\bgraduate in under\b/i
485 describe GRADUATEUNDER graduate in under
486 score GRADUATEUNDER 3
489 header NOINVEST subject =~ /\b(?:no investment|high.paid)\b/i
490 describe NOINVEST no investment
494 header INTEXP subject =~ /\b[I|]nternet Exp[l|]orer\b/i
495 describe INTEXP |nternet Exp|orer
499 header WORKATHOME subject =~ /work\Wat\Whome/i
500 describe WORKATHOME Work at home
504 body PHONENUMBER /\b1[\-\.\s]?8[07]+[\-\.\s]?\d+/
505 describe PHONENUMBER Toll free phone number
506 score PHONENUMBER 1.5
509 body GERMANSPAM /Zerix Intern/i
510 describe GERMANSPAM Um... no clue what that is.
513 body URBANNEWS /UrbaNNews\.ro/
514 describe URBANNEWS URBANNEWS Newsletter
518 header JOBS subject =~ /\b(?:job|Employ(?:ers|ment|ee))s?\b/i
519 describe JOBS job spam
523 header FREEPASSWORD subject =~ /your\s*free\s*password/i
524 describe FREEPASSWORD We don't need free password
528 header AFRICABYBIKE subject =~ /africa\s*by\s*bike/i
529 describe AFRICABYBIKE We don't care about africa by bike or car or bus or train
533 header BRAKETDIGIT subject =~ /\[\d+\]\:\s*$/
534 describe BRAKETDIGIT braketed digit colon last in subject
538 full WHATISOEM /\bWhat\s*is\s*OEM\b/i
539 describe WHATISOEM What is OEM
543 body WORKEXP /\bwork\s+experience\s+degree\b/i
544 describe WORKEXP work experience degree
548 body NICEGIRL /\b(?:nice|young|lonley|unmarried)\s+(?:girl|woman|female)\b/i
549 describe NICEGIRL nice girl
553 header DFF1CE subject =~ /UmU6INDSydfF1CE/i
554 describe DFF1CE korean spam
558 header FAILNOTE subject =~ /\bFailure notice\:/i
559 describe FAILNOTE bounced spam
563 full STILLSINGLE /\bstill\s+single\b/i
564 describe STILLSINGLE still single
568 header PERSONALCRED subject =~ /\bPersonal\s+Credit/i
569 describe PERSONALCRED Personal Credit
573 body XMASGIFT /\b(?:christ|x)mas gift\b/
574 describe XMASGIFT christmas gift
578 body RONPAUL /\bRon Paul\b/
579 describe RONPAUL Ron Paul
583 body YOURJOB /your Job Verification Number/
584 describe YOURJOB your Job Verification Number
588 body PASTERESUME /\bPASTE your resume\b/i
589 describe PASTERESUME PASTE your resume
592 body LETHIHELO /\{Let\:HI,Hi,Hello,hEllo,heLlo,helLo,hellO,HEllo\} how are you/
593 describe LETHIHELO Hello, how are you
597 body DIREKTOR /Direktor of Softline/i
598 describe DIREKTOR Direktor of Softline
602 body THEDEG /\bthe_degree\b/
603 describe THEDEG the_degree
607 body DYNMH /D Y N A M I C M EDIA HOLDIN/
608 describe DYNMH D Y N A M I C M EDIA HOLDIN
612 header LEGBUD subject =~ /\b(?:Legal|smoking) Bud/i
613 describe LEGBUD Legal Bud
617 full LEGBUD2 /\b(?:Legal|smoking) Bud/i
618 describe LEGBUD2 Legal Bud
622 body SMOKING /\b(?:beat|stop|quit|without)\s+(?:nicotine|smoking|cigarettes)\b/i
623 describe SMOKING stop smoking
627 header WORKHOME subject =~ /\bwork\b.*\bhome\b/i
628 describe WORKHOME work from home
632 header HOMEWORK subject =~ /\bhome\b.*\b(?:work|business|job|based)\b/i
633 describe HOMEWORK home business
637 header REPRESENT subject =~ /\bRepresent(?:ative)?\b.*\b(?:Country|needed)\b/i
638 describe REPRESENT represent your country
642 header NOFEE subject =~ /\bNo\s+fee\b/i
643 describe NOFEE No fee
647 body NEEDED /\b(?:manager|executive)\b.*\bneeded\b/i
648 describe NEEDED manager needed
652 body CRETPROF /\b(?:creative|perceptive)\b.*\bprofessionals?\b/i
653 describe CRETPROF creative and perceptive professionals
657 body REMOVEDOT /\b(?:Remove|erase|take (?:away|out)) (?:the dot\b|\W )/i
658 describe REMOVEDOT Remove the dot
662 full VENTTRANS /\bVent Transports\b/
663 describe VENTTRANS Vent Transports
667 body HOLIDAYHERE /\bHolidays are here\b/i
668 describe HOLIDAYHERE Holidays are here
672 header CAPINIT subject =~ /^(?:Re:)?\s*(?:(?:[A-Z][a-z-\']+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket|IWC|\&|Jaeger-LeCoultre)\s+)+(?:[A-Z][a-z-]+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket)\s*$/
673 describe CAPINIT Capinit Every Word
677 body REMOVESPACE /\b(?:remove|w\/o|without|delete) spaces?\b/i
678 describe REMOVESPACE w/o space
682 header BEAHERO subject =~ /Be a hero/
683 describe BEAHERO Be a hero
687 header SOFTCHEAP subject =~ /Soft and cheap/i
688 describe SOFTCHEAP Soft and cheap
692 body CHEAPSOFT /\bcheap (?:OEM)?\s*soft(?:ware)?/i
693 describe CHEAPSOFT cheap OEM soft
697 header MAKEMONEY subject =~ /\b(?:Make|need|extra)\s+(?:Cash|money|income)\b/i
698 describe MAKEMONEY Make Cash
702 header PREVED subject =~ /\bPreved\b/i
703 describe PREVED Preved
707 body YOURPROFILE /\byour profile\b/i
708 describe YOURPROFILE your profile
712 body SEEKEMP /\bseeking for employees\b/
713 describe SEEKEMP seeking for employees
717 body PRICELIST /(?m:^(?:adobe|microsoft|intuit|autodesk|symantec)\W.*\b\d{2,}$){3,}/i
718 describe PRICELIST list of prices
722 full OEMSOFT /\b[O0]EM\s+s[o0][\W_]?ft_?(?:w_?a_?r_?e)?\b/i
723 describe OEMSOFT OEM software
726 # tviehmann 2008-07-20
727 full XORGBUGREPORTS /\/usr\/lib\/xorg\/modules/
728 describe XORGBUGREPORTS ameliorate score of xorg bug reports matching OEMSOFT
729 score XORGBUGREPORTS -5
732 body MSSOFTWARE /(?:Microsoft|Windows) (?:Office Enterprise|Vista Ultimate)/i
733 describe MSSOFTWARE Microsoft Office Enterprise/Vista Ultimate
737 header NIGHTGIRL subject =~ /\bnight\b.*\bgirlfriend\b/
738 describe NIGHTGIRL night ... girlfriend
741 body SITESUBJECT /\bPlease see this site in Subject\b/i
742 describe SITESUBJECT Pls check this new site
746 header PLSCHECKSITE from =~ /\bPls check this new site\b/i
747 describe PLSCHECKSITE Pls check this new site
751 header MARRYCH subject =~ /\bMarry Christmas\b/
752 describe MARRYCH Marry Christmas
756 header BUYTHEPRODUCT subject =~ /Buy the product/i
757 describe BUYTHEPRODUCT Buy the product subject
758 score BUYTHEPRODUCT 3
761 body IBERIS /\bIberis Capital Group\b/
762 describe IBERIS Iberis Capital Group
766 header HIFROM subject =~ /\b(?:hello|hi)\s+from/i
767 describe HIFROM hello from
771 body INTCORP /\bInternational\s+corporation\b/i
772 describe INTCORP International corporation
776 header ISITYOU subject =~ /\bis it you\b/i
777 describe ISITYOU is it you
781 header CUSTOMERALERT subject =~ /\bCustomer alert\b/i
782 describe CUSTOMERALERT Customer alert
783 score CUSTOMERALERT 3
786 body SLASHITY /^\s*\/\/\/.*\\\\\\\s*$/
787 describe SLASHITY /// ... \\\
791 full OPENPOS /\bopen\s*position/i
792 describe OPENPOS open positions
796 header EBAYMEMBER subject =~ /message from ebay member/i
797 describe EBAYMEMBER Message from ebay member
801 header RESPONSERES subject =~ /\bResponse to Resume\b/i
802 describe RESPONSERES Response to Resume
806 body INTCOMP /^International company/
807 describe INTCOMP International company
811 header VIAGPHRA subject =~ /\b(?:She want|in bed|love heaven|My hormones|the person|damn goood|more sexy|all night|seven heaven|pounds off|away pounds|She wants|beautiful women)\b/i
812 describe VIAGPHRA misc spam phrases
816 body SEXHEALTH /\bSexual Health/i
817 describe SEXHEALTH Sexual Health
821 header ADEGREE subject =~ /\b(a|some|quick)\s+degree\b/i
822 describe ADEGREE a degree
826 rawbody PZIP /\bfilename\=\"\w\w?\.zip\"/
831 header RETWO subject =~ /RE\:(?: [ab][a-z\']+){2,3}\s*$/
832 describe RETWO RE: bogus arbitrary
836 full SUBBODYREP /Subject: (?:RE\:\s*)?([a-z]+)\s+([a-z]+)(?:\s+[a-z]+)\n.+\1\2/i
837 describe SUBBODYREP Repeated word in subject and body without spaces
841 full MYMSNNAMEIS /(?:add\s+me\s+on|my)\s+(?:msn|(?:live|msn|)\s*mess?enger|aim|aol|screen)\s+(?:name\s+)?(?:is)?\s+\S+\@\S+/i
842 describe MYMSNNAMEIS My screen name is foo@bar.com
843 score MYMSNNAMEIS 2.5
846 body LONGWURL /^[\w\-]{11,}\s+http\:\/\/[\w\.\-]{4,}\s*$/
847 describe LONGWURL longWord URL
851 header ITCSTORE subject =~ /ITC Store/
852 describe ITCSTORE ITC Store
856 header GENDER subject =~ /\b(?:she|her|wom[ae]n|m[ae]n|girls?|males?|females?|herself|wife|ladies|lady|wives|(?:girl|boy)friends?)\b/i
857 describe GENDER gender pronoun in subject
861 body REBODY /^re\:\s/
862 describe REBODY re: in body
866 header REREHI subject =~ /^Re: Re: H(i|ello)\s*$/i
867 describe REREHI Re: Re: Hi
871 header PEROFF subject =~ /\d+\%\s+off\b/i
872 describe PEROFF xx% off
876 header SUMHERE subject =~ /\b(?:summer|winter|fall|spring) is here\b/i
877 describe SUMHERE summer is here
881 header INVITATIONFROM subject =~ /^\s*(Invitation|Invitaci.n)\s*(from|curso)\s*\w+\s*$/i
882 describe INVITATIONFROM Invitation from Spammer
883 score INVITATIONFROM 5
885 header INVITESYOU subject =~ /^[\w\s]+(invites|communicates\s+with)\s+you\s+(to|about)[\w\s]+$/i
886 describe INVITESYOU Invites or communicates me with spam
890 header RERE subject =~ /^Re\:\s+Re\:\s+/i
891 describe RERE Re: Re:
895 header CLAIMTICKETS subject =~ /claim.+ticket/i
896 describe CLAIMTICKETS Blah blah claim ticket
900 header WAITINGREPLY subject =~ /waiting for your? (reply|to repsond|response)/i
901 describe WAITINGREPLY Waiting for your reply
905 body CONTACTUS /contact us by email:/
907 describe CONTACTUS Don't contact us, we'll spam you
910 header FASHION subject =~ /(?:(?:armani|gucci|chanel|boss|versache|ugg|dsquared)(?:\,\s*|$)){2,}/i
911 describe FASHION Fashion designers in subject
915 header SCOUR subject =~ /Scour(?:.com)? invite from/
916 describe SCOUR Scour invite from some spammer
920 body YOURNAME /\d+\)\s*y+o+u+r+\s*n+a+m+e+/i
921 describe YOURNAME 1) your name is spam
925 header TWITTER subject =~ /you on Twitter/
926 describe TWITTER Twitter invite spam
930 uri DOS_LIVE_SPACES_CID /cid-.{10,20}\.spaces\.live\.com/
931 describe DOS_LIVE_SPACES_CID live spaces uri
932 score DOS_LIVE_SPACES_CID 3
935 header CHRISTMAS subject =~ /chris+tma+s (pleasure+|night)/i
936 describe CHRISTMAS Does christmas really give you pleasure?
939 # cord 2008-12-27 (transfered from rc.spam)
940 # don 2010-07-18 (decrease score from 4 to 2.5 for false positives)
941 full AWARD_WINNING /Award win/i
942 describe AWARD_WINNING Award win(ning); we don't believe that it is
943 score AWARD_WINNING 2.5
946 header LINKEDIN from =~ /linkedin\.com/
947 describe LINKEDIN Linked in spam
951 header LIFECHANGERS from =~ /lifechangers/
952 describe LIFECHANGERS Life changers spam
956 header WINESEASON subject =~ /Wine\s*Season\s*Promo/i
957 describe WINESEASON Wine season spam
961 header JOINMEON subject =~ /(?:friend request|join me) on/i
962 describe JOINMEON Lets not join you on anything
966 header ABOUTAPARTMENT subject =~/about\s*the\s*apartment/i
967 describe ABOUTAPARTMENT We don't care about apartments
968 score ABOUTAPARTMENT 2
971 header YARISUBJECT subject =~ /\byari\b/i
972 describe YARISUBJECT Contains YARI in the subject
976 body HTMLCOMPATIBLE /html\s+compatible\s+(?:e-?mail)?\s*(?:viewer|client)/i
977 describe HTMLCOMPATIBLE If you want us to use an HTML compatible viewer, we don't want your mail.
978 score HTMLCOMPATIBLE 3
981 header AYDA10KILO subject =~ /Ayda 10 Kilo Vermek Istermisiniz/i
982 describe AYDA10KILO We don't care about Ayda 10 Kilo Vermek
986 body CANNOTVIEW /cannot\s+view\s+this\s+email/i
987 describe CANNOTVIEW If we cannot view this email, it must be spam
991 header AAVEHICLE subject =~ /vehicle check report/i
992 describe AAVEHICLE The AA Vehicle check report is broken
996 header MODERNART X-BeenThere =~ /group1\@modernartmagazine.com/i
997 describe MODERNART Broken mailing list spamers
1000 # formorer 2011-01-07
1001 header NYPOSTCARD subject =~ /New Year postcard/i
1002 describe NYPOSTCARD Enough New Year cards for 2011
1007 header BIZZBOOSTER from =~ /bizzbooster/i
1008 describe BIZZBOOSTER From bizzbooster
1012 header QUOTAEXP subject =~ /mail\s+account(.+)quot[ae]\s+limit/
1013 describe QUOTAEXP Exceeded quota limit
1017 body SEOBODY /search\s+engine\s+traffic/
1018 describe SEOBODY Body contains SEO terms
1021 header SEOSUBJECT subject =~ /\bseo\b/i
1022 describe SEOSUBJECT Subject contains SEO terms
1025 meta SEOMETA (SEOBODY && SEOSUBJECT)
1026 describe SEOMETA Matches both SEOBODY and SEOSUBJECT
1029 body WEBINAR /webinar/i
1030 describe WEBINAR Contains webinar
1034 header TRIALVERSION subject =~ /trial\s*version/i
1035 describe TRIALVERSION Trial version in subject
1036 score TRIALVERSION 3
1038 header SHARESPAM subject =~ /shared photos with you/i
1039 describe SHARESPAM shares photos
1042 header MYNAMEIS subject =~ /hello(.*)my name is/i
1043 describe MYNAMEIS Name spam
1046 # formorer 2012-02-28
1047 header VOTREANN Subject =~ /(votre|Petites) annonce/i
1048 describe VOTREANN Votre annonce
1051 # formorer 2010-01-23
1052 header LEXCHANGE subject =~ /(?:for|4)\s+L[i1]nks?\s+E?xcha?nge/i
1053 describe LEXCHANGE ask for link exchange
1056 # formorer 2013-11-08
1057 header IMARKETING subject =~ /integrated marketing/i
1058 describe IMARKETING integrated marketing
1061 header LYMBOOMATH subject =~ /Lymboo Math/i
1062 describe LYMBOOMATH Lymboo Math spam
1065 # formorer 2014-05-26
1066 header JOB_DE1 subject =~ /(Freie Stellen|Stellenbeschreibungen)/
1067 describe JOB_DE1 german job spam
1070 header TODAYSHOW subject =~ /Today Show/i
1071 describe TODAYSHOW the today show
1074 header LEADS subject =~ /business leads/i
1075 describe LEADS business leads
1078 header CLIENTS subject =~ /need more clients/i
1079 describe CLIENTS need more clients
1082 body SEOCONS /SEO Consultant/i
1084 describe SEOCONS SEO Consultant
1086 body SEOISSUES /major issues with your website/i
1088 describe SEOISSUES Major issues with your website
1090 body SEOCOM /SEO Company/i
1092 describe SEOCOM SEO Company
1095 header USERSLIST_HEADER1 Subject =~ /\bUsers\bList/i
1096 rawbody USERSLIST_BODY1 /\<div dir=3D\"ltr\"\>\<p class=3D\"MsoNormal\" style=3D\"background-image:/
1097 rawbody USERSLIST_BODY2 /\<\/span\>\<span style=3D\"color\:rgb\(219,219,219\)\"\>If you don=E2=80=99t want/
1098 rawbody USERSLIST_BODY3 /A Quick Follow up to you that if you are interested in/i
1099 rawbody USERSLIST_BODY4 /we also have other technology users like: aws, tripod seat, Jira,/i
1100 meta META_USERSLIST (( USERSLIST_HEADER1 + USERSLIST_BODY1 + USERSLIST_BODY2 ) || ( USERSLIST_HEADER1 + USERSLIST_BODY3 + USERSLIST_BODY4 ) > 1 )
1101 describe META_USERSLIST Question for a Users List
1102 score META_USERSLIST 0.5