E-exchange Finland

[spamassassin_config.git] / common / phrase_spam

# Added some rules from Rule du Jour that I've been testing for a while

#Monotone (from airmax.cf)
body     MONOTONE_WORDS_2_15            /^([a-z]{2,20}[\s\.]+){15}/
describe MONOTONE_WORDS_2_15            Lines with many (long) lowercase words (15+ words, 2+ letters)
body     MONOTONE_WORDS_2_30            /^([a-z]{2,20}[\s\.]+){30}/
describe MONOTONE_WORDS_2_30            Lines with many (long) lowercase words (30+ words, 2+ letters)
body     MONOTONE_WORDS_3_20            /^([a-z]{3,20}[\s\.]+){20}/
describe MONOTONE_WORDS_3_20            Lines with many (long) lowercase words (20+ words, 3+ letters)
body     MONOTONE_WORDS_5_8                     /^([a-z]{5,20}[\s\.]+){8}/
describe MONOTONE_WORDS_5_8                     Lines with many (long) lowercase words (8+ words, 5+ letters)
body     MONOTONE_WORDS_5_12            /^([a-z]{5,20}[\s\.]+){12}/
describe MONOTONE_WORDS_5_12            Lines with many (long) lowercase words (12+ words, 5+ letters)
body     MONOTONE_WORDS_5_20            /^([a-z]{5,20}[\s\.]+){20}/
describe MONOTONE_WORDS_5_20            Lines with many (long) lowercase words (20+ words, 5+ letters)

# Lots of auto-responders seem to have this
body    MDO_AUTORESP1   /online form/i
score   MDO_AUTORESP1   0.1

body    MDO_AUTORESP2   /large amount of (spam|virus)/i
score   MDO_AUTORESP2   0.1

body    MDO_AUTORESP3   /(electronically|automatically) (generated|created) (email|ack)/i
score   MDO_AUTORESP3   0.1

body    MDO_AUTORESP4   /(respond|answer) your enquiry/i
score   MDO_AUTORESP4   0.1

body    MDO_AUTORESP5   /(email|enquiry) has been received/i
score   MDO_AUTORESP5   0.1

body    MDO_AUTORESP6   /will be answered within/i
score   MDO_AUTORESP6   0.1

body    MDO_AUTORESP7   /the e-mail address to which you have written does not support incoming messages/i
score   MDO_AUTORESP7   0.1

meta    MDO_AUTORESP_META1      (MDO_AUTORESP1 + MDO_AUTORESP2 + MDO_AUTORESP3 + MDO_AUTORESP4 + MDO_AUTORESP5 + MDO_AUTORESP6 + MDO_AUTORESP7) > 1
score   MDO_AUTORESP_META1      2.0

body MURPHY_DIPLOMA     /Diploma/
describe MURPHY_DIPLOMA No Diploma
score MURPHY_DIPLOMA    1

body MURPHY_CALORIES    /calories/
describe MURPHY_CALORIES        No Calories
score MURPHY_CALORIES   1

header MURPHY_CONTENT_GIF       Content-Type =~ /image\/gif/
describe MURPHY_CONTENT_GIF     Content contains image/gif
score MURPHY_CONTENT_GIF        1

# cable tv spam -- pasc 04/05/11-12
body MDO_CABLE_TV1      /pay.?per.?view/i
score MDO_CABLE_TV1     0.5

body MDO_CABLE_TV2      /mature.?channel/i
score MDO_CABLE_TV2     0.5

body MDO_CABLE_TV3      /c(\@|a)ble/i
score MDO_CABLE_TV3     0.5

body MDO_CABLE_TV4      /rem(o|0)te.?control/i
score MDO_CABLE_TV4     0.5

meta MDO_CABLE_META1    (MDO_CABLE_TV1 || MDO_CABLE_TV2 || MDO_CABLE_TV4) && (MDO_CABLE_TV3)
describe MDO_CABLE_META1 Too much cable stuff
score MDO_CABLE_META1   3

header  MDO_TAGSPAM1            Subject =~ /Unknown Tag *free* Please Fix/
score   MDO_TAGSPAM1            4

body    MDO_BAD_WORD1           /PORTFOLIO/i
score   MDO_BAD_WORD1           2.8

# blarson, 2004-04-30 -> lists --pasc 04/05/11 
body AFFILIATEID        /affiliate.?id/i
describe AFFILIATEID    affiliate id
score AFFILIATEID       3

# joy, 2003-08-30, 2003-09-21
header FW               Subject =~ /^Fw: /
describe FW             Sounds like a Fw: spam
score FW                3

# blarson 2007-07-13
header REFWD            subject =~ /\b(?:RE|FWD)\:\s*$/i
describe REFWD          re or fwd nothing
score REFWD             3

# blarson 2005-11-11
header ONEWORD          subject =~ /^(?:Fw:|re:)?\s*\w+\s*$/i
describe ONEWORD        one word subject
score ONEWORD           1

# robot101, 2003-09-22
header CROSSWALK        X-UnityUser =~ /^Crosswalk.com, Inc/
describe CROSSWALK      Crosswalk bible mailing list
score CROSSWALK         3

header CROSSWALK_SPAM   From =~ /Crosswalk/
describe CROSSWALK_SPAM Crosswalk Spam
score CROSSWALK_SPAM    1

# -- joy, 2003-06-28
header BOMDIA           Subject =~ /Bom dia /
describe BOMDIA         Bom dia, usually some Romanic language spam
score BOMDIA            2

header RCVD_FROM_UNCONF_HOST    Received =~ /^from localhost.localdomain/
describe RCVD_FROM_UNCONF_HOST  Mail comes from a host with unconfigured mailer daemon
score RCVD_FROM_UNCONF_HOST     2

# joy, 2003/01/25
body ECOSPAM                    /Corridas de Toros para los turistas Ingleses en Barcelona/
describe ECOSPAM                Eco-spam all right
score ECOSPAM                   5.0

# cjwatson, 2003/02/24
body SPANISH_FORM_CGI           /Este formulario fue enviado por/
describe SPANISH_FORM_CGI       "Below is the result of your feedback form", eh?
score SPANISH_FORM_CGI          4.0

# joy, 2003-06-18
body TRAFFICMAGNET              /Become a TrafficMagnet Reseller/
describe TRAFFICMAGNET          SpamMagnet
score TRAFFICMAGNET             4

# joy, 2003-06-27
header BKR                      Subject =~ /^bkr/
describe BKR                    bkr spam
score BKR                       4

# joy, 2003-06-27
header RISEANDSHINE             Subject =~ /^Rise and Shine in 15 minutes/
describe RISEANDSHINE           Rise and Shine in 15 minutes spam
score RISEANDSHINE              4

# joy, 2003-09-20
header UNIVDIP          Subject =~ /U N I V E R S I T Y . D I P L O M A S/i
describe UNIVDIP        university diplomas spam
score UNIVDIP           4

# joy, 2003-09-21
header YOUTHERE         Subject =~ /^(Re: )?You/i
describe YOUTHERE       Who, me? Likely spam
score YOUTHERE          2

# cjwatson, 2003-11-20
header HOUSECLEANING    Subject =~ /^Affordable Housecleaning Service/
describe HOUSECLEANING  let's clean out the spam instead
score HOUSECLEANING     3

# cjwatson, 2003-12-11
header OTC_FIRST        Subject =~ /OTC FIRST ALERT/
describe OTC_FIRST      OTC spam
score OTC_FIRST         3

# joy, 2004-01-03
body AVAILABLENOW       /available now/i
describe AVAILABLENOW   must be selling some shit
score AVAILABLENOW      1

# cjwatson, 2004-01-16
body TEDIOUS_WITTER     /If not i included it below so let me know if you like it/
describe TEDIOUS_WITTER annoying wittering spam, mypillsource.com I think
score TEDIOUS_WITTER    2

# cjwatson, 2004-03-12
# blarson 2004-06-09
header UNI_DIPLOMA      Subject =~ /\b(university|college)\s+(diploma|cert|degree)/i
describe UNI_DIPLOMA    Got one, thanks
score UNI_DIPLOMA       4

# blarson 2004-04-27
body UNI2       /university\s+(diploma|cert|degree)/i
describe UNI2   Got one, thanks
score UNI2      4

# cjwatson, 2004-03-12
header JOB_CONFIRM      Subject =~ /Job confirmation/
describe JOB_CONFIRM    Got one of these too, thanks
score JOB_CONFIRM       3

# blarson 2005-09-20
header MESSAGESUB       subject =~ /^\s*\(?message\s*(subject)?\)?$/i
describe MESSAGESUB     really descriptive subject
score MESSAGESUB        3

# don 2007-09-20
header SENTMESSAGE      subject =~ /(sent you a( personal|) message|would like to chat)/i
describe SENTMESSAGE    Sent you a message (like duh?)
score SENTMESSAGE       2

# blarson 2006-03-16 2007-09-18
body DEARDIGIT          /^(?:well\s+)?(?:Dear|Hey|H[ea]y?ll?.?o|To|Attention|Hi+|Hey+a?|Bonjorno|(?:Yo\s*)+|(?:g[o0]+d\s*)?(?:d?ay|morning|evening?|afternoon|night)|what.?i?s\s+up|wa(?:s|z)+up|greetings?|Salutations|(Mail|News)\s+to|how(?:.?s|\s+is)?\s*(?:(?:it)?(?:\s+is)??\s*going|have\s+you\s+been|are you).?\s*(?:there|to\s+you)?|compliments|Regards|Adieu)\,?\s+(?:Account\s+\#?|\=?3d|)(?:bro|there|sir|Mr\.?)\s*?\d{3,}/i
describe DEARDIGIT      Dear number
score DEARDIGIT         3.9

# blarson 2004-11-08
header SIZEMATTERS      subject =~ /^S.ze matters$/i
describe SIZEMATTERS    Size matters spammer
score SIZEMATTERS       3

# cjwatson 2005-01-02
header RNDMX            subject =~ /^<rndmx/
describe RNDMX          weird empty spam
score RNDMX             4

# blarson 2005-01-06
header VERIFYCAT        subject =~ /verifycation mail/
describe VERIFYCAT      verifycation spam
score   VERIFYCAT       4

# blarson 2005-01-10
header D0WNLOAD         subject =~ /\bd[o0]wn[l1][o0]ad.*(?:m[o0]v[i1]e|mp3|tune|music)/i
describe D0WNLOAD       download spam
score D0WNLOAD          3

# blarson 2005-02-11
header REDUCESPAM       subject =~ /Reduce Spam\b/i
describe REDUCESPAM     reduce spam spam
score REDUCESPAM        2

# blarson 2005-04-15
body DIRT               /\.(?:the|\d|)dirty?\d+\.info\//
describe DIRT           dirty spammer
score DIRT              3

# blarson 2005-04-17
body RNDWORD            /^RND_WORD\s*$/
describe RNDWORD        RND_WORD
score RNDWORD           3

# blarson 2005-08-18
header D3GREE           subject =~ /\bd(?:3gres?|esgre|eerge|eeerg|reege|egres)e?s?\b/i
describe D3GREE         Want a used paper from someone who can't spell
score D3GREE            3

# blarson 2005-08-19
body FINALNOTE          /\bfinal\s+notif/i
describe FINALNOTE      yet another final notification
score FINALNOTE         2

# blarson 2005-08-23
header HIITS            subject =~ /\bHi\! It\'s\b/i
describe HIITS          hi its
score HIITS             3

# blarson 2005-08-23
header GOTONE           subject =~ /\bgot one$/i
describe GOTONE         got this spam already
score GOTONE            3

# blarson 2005-09-06
body IMMEDIATEREV       /^ATTENTION- For your immediate review:/
describe IMMEDIATEREV   immediate discard
score IMMEDIATEREV      3

# blarson 2005-09-12
body CLIENTALERT        /^(?:CLIENT ALERT|ATTENTION CLIENT)/i
describe CLIENTALERT    client alert
score CLIENTALERT       3

# cjwatson 2005-10-20
header DEBIANTUX23      From =~ /DebianTux23|wieseltux23/i
describe DEBIANTUX23    Linux spammer, sigh
score DEBIANTUX23       5

# blarson 2005-10-29
body SHITBRO            /^\s*sh[i1]+t\s+bro/i
describe SHITBRO        shitty spam
score SHITBRO           3

# blarson 2005-12-05
header POPPROG          subject =~ /popular programs for everyday use/i
describe POPPROG        unpopular spam
score POPPROG           3

# blarson 2006-02-03
body GREET              /^\%(?:GREET|EXIT)/
describe GREET          broken spamware
score GREET             3

# blarson 2006-10-18
header WROTE            subject =~ /\bwrote\:\s*$/i
describe WROTE          stock scam
score WROTE             2

body DEGREE_SPAM        /earn.+degree.+transcripts/i
describe DEGREE_SPAM    earn a degree with transcripts spam
score    DEGREE_SPAM    2.5     

# blarson 2006-10-23
body BLUEPILL           /blue pill/i
describe BLUEPILL       Blue pill spam
score BLUEPILL          2

# blarson 2006-11-04
header PHOTOQUEST       subject =~ /question about your photo/i
describe PHOTOQUEST     questioning photo
score PHOTOQUEST        2

# blarson 2006-11-08
body KBDP               /Knowledge Based Degree Program/i
describe KBDP           degree spam
score KBDP              4

# blarson 2006-11-13
body CRITERIAHAS        /\bOur criteria has changed\b/i
describe CRITERIAHAS    Diploma salesman with bad english
score CRITERIAHAS       3

# blarson 2006-11-18
body TORA08             /\b\d{6}   \d{7}   \d{6}         \d             \d{7}   \d{7}/
describe TORA08         TORA.08 spam
score TORA08            3

# blarson 2006-11-21
body SERIOUSBRO         /^Seriously bro\b/i
describe SERIOUSBRO     Seriously bro
score SERIOUSBRO        3

# blarson 2006-12-06
body INSETET            /\bwilson\@insitetcnologia\.com\.br\b/
describe INSETET        please send spammer
score INSETET           4

# blarson 2006-12-09
body USUARIO            /\bEl usuario destinatario no es un usuario valido/
describe USUARIO        No such user -- sent in infinite loop
score   USUARIO         3

# don 2006-12-13
body NOMAILRECBI        /no recibi tu mail/i
describe NOMAILRECBI    No recbi of mail -- was closing way to many bugs
score   NOMAILRECBI     3

# blarson 2007-02-13
header URHELP           subject =~ /\bi need ur help\b/
describe URHELP         blank spam
score URHELP            3

# blarson 2006-12-08
header ACRO8PR0         subject =~ /\bAcr[0o]bat\s*[78]\s+(?:PR[0O]\b|\$?\d+\$?)/i
describe ACRO8PR0       sales spam
score ACRO8PR0          4       

# blarson 2007-09-15
body WBRS               /\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?|wwng|WWNG|F\WD\WE\WG|FDEG|UTYW|M\s*I\s*H\s*I|O\W?N\W?C\W?O|P\W?P\W?Y\W?H|S\W?R\W?E\W?A|A\W?C\W?G\W?U|S\W?C\W?Y\W?F|C\W?H\W?V\W?C|D\W?M\W?X\W?C|F\W?R\W?L\W?E|M\W?A\W?K\W?U|C\W?W\W?T\W?E|F\W?R\W?L\W?E)\b/
describe WBRS           stock spam
score WBRS              4

body FOURLA             /\b([A-Z]\s?){4}\b/
describe FOURLA         Four letter acronym (stock spam?)
score FOURLA            1

full WORDMONEY          /^\w+\s*:\s*(?:\$\s*[\d\.]+|[\d\.]+\s*USD)/mi
describe WORDMONEY      Word Colon Money
score WORDMONEY         1

meta STOCKLIKE          (FOURLA && WORDMONEY)
describe STOCKLIKE      Four letter acronyms with money; stock scam
score STOCKLIKE         2

# blarson 2007-01-26
header ACROBAT8         subject =~ /\badobe acr[o0]bat 8\b/i
describe ACROBAT8       more sales spam
score ACROBAT8          3

# blarson 2007-03-14
header VLSTA            subject =~ /VlSTA|0FFlCE|ACR0B8T/i
describe VLSTA          misspelled microshit software
score VLSTA             3

# blarson 2007-04-19
header ANGEKUEN         subject =~ /\bTrauer angekuendigt\b/
describe ANGEKUEN       german spam
score ANGEKUEN          3

# blarson 2007-05-06
body INTCAFE            /\binternet caff?e\b/i
describe INTCAFE        internet cafe spam
score INTCAFE           2

# blarson 2007-07-14
header VERIFIC          subject =~ /Your email requires verification/
describe VERIFIC        some people prefer you get their spam
score VERIFIC           3

# blarson 2007-07-14
header WHITELIST        subject =~ /You have been added to .* whitelist/
describe WHITELIST      whitelist spam
score WHITELIST         3

# blarson 2007-07-15
body CASNIO             /^Please be advised that your casnio account is still inactive/
describe CASNIO         casnio account
score CASNIO            3

# don 2007-07-17
header AUTOREPLY        subject =~ /\bauto(?:mated|matic|)[\s-]+re(?:spon[cs]e|ply)\b/i
describe AUTOREPLY      Automatic reply
score AUTOREPLY         2

# blarson 2007-07-18
body CONFSERV           /^Thanks for using our confidential service/
describe CONFSERV       confidential service
score CONFSERV          3

# blarson 2007-07-18
body CONTENC            /^Confirmation has been enclosed/
describe CONTENC        more pdf spam
score CONTENC           4

# blarson 2007-07-23
header PHONE            subject =~ /\b(tele)?phone\b/i
describe PHONE          phone spam
score PHONE             2

# blarson 2007-07-30
body ASPDF              /^We send our messages as Portable Document Format/
describe ASPDF          more pdf spam
score ASPDF             3

# blarson 2007-08-20
body DELAFT             /Please delete your private message after reading/
describe DELAFT         more pdf spam
score DELAFT            3

# blarson 2007-09-13
header OFF1CE           subject =~ /\b[O0]ff[1i7l|]ce\s*\W?2[O0Qk]+7\b/i
describe OFF1CE         off1ce spam
score OFF1CE            4

# blarson 2007-09-13
header SOFTSALE         subject =~ /\bsoftware sales\b/i
describe SOFTSALE       software spam
score SOFTSALE          3

# blarson 2007-09-18
body SUPERMACHO         /\bBe a supermacho/i
describe SUPERMACHO     supermacho
score SUPERMACHO        4

# blarson 2007-09-19
body BIGINTER           /\bBig international commercial organization\b/i
describe BIGINTER       job spam
score BIGINTER          4

# blarson 2007-09-20
header HASSENT          subject =~ /\b(?:sent you a (?:personal|confidential)?\s*(?:message|note)|would like to chat)\b/i
describe HASSENT        sent a message
score HASSENT           4

# blarson 2007-09-20
header ORDERNUM         subject =~ /\b(?:Order|Recipet)\s*.?\d{3,}/i
describe ORDERNUM       order number
score ORDERNUM          3

# don 2007-09-20
header DICTIONARYSEQ    subject =~ /\b(\w{3})\w*(?:\s+\1\w*){2}/i
describe DICTIONARYSEQ  Ventricular Vents Venting Ventures
score DICTIONARYSEQ     3.5

# blarson 2007-09-21
header NOLET            subject =~ /^\W{4,}$/
describe NOLET          swearing subject
score NOLET             2

# blarson 2007-09-21
body SSIST              /^ssistant Manager/
describe SSIST          ssistant Manager
score SSIST             4

# blarson 2007-09-21
body GRADUATEUNDER      /\bgraduate in under\b/i
describe GRADUATEUNDER  graduate in under
score GRADUATEUNDER     3

# blarson 2007-09-24
header NOINVEST         subject =~ /\b(?:no investment|high.paid)\b/i
describe NOINVEST       no investment
score NOINVEST          4

# blarson 2007-09-25
header INTEXP           subject =~ /\b[I|]nternet Exp[l|]orer\b/i
describe INTEXP         |nternet Exp|orer
score INTEXP            2

# don 2007-09-29
header WORKATHOME       subject =~ /work\Wat\Whome/i
describe WORKATHOME     Work at home
score WORKATHOME        4       

# don 2007-10-01
body PHONENUMBER        /\b1[\-\.\s]?8[07]+[\-\.\s]?\d+/
describe PHONENUMBER    Toll free phone number
score PHONENUMBER       1.5

# don 2007-10-02
body GERMANSPAM         /Zerix Intern/i
describe GERMANSPAM     Um... no clue what that is.
score GERMANSPAM        3

body URBANNEWS          /UrbaNNews\.ro/
describe URBANNEWS      URBANNEWS Newsletter
score URBANNEWS         3