+# -*- mode: spamassassin -*-
# Added some rules from Rule du Jour that I've been testing for a while
#Monotone (from airmax.cf)
describe ONEWORD one word subject
score ONEWORD 2
+rawbody ONEWORDBODY /^\s*\S+\s*$/s
+describe ONEWORDBODY One word body
+score ONEWORDBODY 2
+
+meta ONEWORDALL (ONEWORD && ONEWORDBODY)
+describe ONEWORDALL Both subject and body contain one word
+score ONEWORDALL 4
+
# robot101, 2003-09-22
header CROSSWALK X-UnityUser =~ /^Crosswalk.com, Inc/
describe CROSSWALK Crosswalk bible mailing list
# cjwatson, 2004-03-12
# blarson 2004-06-09
-header UNI_DIPLOMA subject =~ /\b(?:(?:university|college|doctora+te|bache+lor|maste+rs?)[\/\s]+(?:(dip[l1][o0]ma|cert|degree)|(?:university|college|doctora+te|bache+lor|maste+rs?))/i
+header UNI_DIPLOMA subject =~ /\b(?:university|college|doctora+te|bache+lor|maste+rs?)[\/\s]+(?:(dip[l1][o0]ma|cert|degree)|(?:university|college|doctora+te|bache+lor|maste+rs?))/i
describe UNI_DIPLOMA Got a diploma, thanks
score UNI_DIPLOMA 4
score ACRO8PR0 4
# blarson 2007-10-05
-body WBRS /\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?|wwng|WWNG|F\WD\WE\WG|FDEG|UTYW|M\s*I\s*H\s*I|O\W?N\W?C\W?O|P\W?P\W?Y\W?H|S\W?R\W?E\W?A|A\W?C\W?G\W?U|S\W?C\W?Y\W?F|C\W?H\W?V\W?C|D\W?M\W?X\W?C|F\W?R\W?L\W?E|M\W?A\W?K\W?U|C\W?W\W?T\W?E|F\W?R\W?L\W?E|M\W?X\W?X\W?R|P\W?R\W?T\W?H|A\W?L\W?L\W?U|C\W?W\W?T\W?D|T\W?A\W?D\W?F|D\W?M\W?H\W?N|C\W?A\W?O\W?N|Cwtd|N\W?C\W?S\W?H|F\W?R\W?L\W?E|M\W?A\W?K\W?U|d\W?m\W?h\W?n|T\W?R\W?T\W?M|[Ee]\W?[Tt]\W?[Gg]\W?[Uu]|P\W?E\W?R\W?T|EWIN|SXB\.F|OPLO|DCNM)\b/
+body WBRS /\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?|wwng|WWNG|F\WD\WE\WG|FDEG|UTYW|M\s*I\s*H\s*I|O\W?N\W?C\W?O|P\W?P\W?Y\W?H|S\W?R\W?E\W?A|A\W?C\W?G\W?U|S\W?C\W?Y\W?F|C\W?H\W?V\W?C|D\W?M\W?X\W?C|F\W?R\W?L\W?E|M\W?A\W?K\W?U|C\W?W\W?T\W?E|F\W?R\W?L\W?E|M\W?X\W?X\W?R|P\W?R\W?T\W?H|A\W?L\W?L\W?U|C\W?W\W?T\W?D|T\W?A\W?D\W?F|D\W?M\W?H\W?N|C\W?A\W?O\W?N|Cwtd|N\W?C\W?S\W?H|F\W?R\W?L\W?E|M\W?A\W?K\W?U|d\W?m\W?h\W?n|T\W?R\W?T\W?M|[Ee]\W?[Tt]\W?[Gg]\W?[Uu]|P\W?E\W?R\W?T|EWIN|SXB\.F|OPLO|DCNM|mpix|MPIX|UCSO|TBCO)\b/
describe WBRS stock spam
score WBRS 4
# blarson 2007-11-22
header CAPINIT subject =~ /^(?:Re:)?\s*(?:(?:[A-Z][a-z-\']+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket|IWC|\&|Jaeger-LeCoultre)\s+)+(?:[A-Z][a-z-]+|PaintBrush|Jet (?:plane|fighter)|Tennis racquet|Leather jacket)\s*$/
describe CAPINIT Capinit Every Word
-score CAPINIT 3
+score CAPINIT 0.5
# blarson 2007-11-23
body REMOVESPACE /\b(?:remove|w\/o|without|delete) spaces?\b/i
describe OEMSOFT OEM software
score OEMSOFT 2
+# tviehmann 2008-07-20
+full XORGBUGREPORTS /\/usr\/lib\/xorg\/modules/
+describe XORGBUGREPORTS ameliorate score of xorg bug reports matching OEMSOFT
+score XORGBUGREPORTS -5
+
# don 2008-02-23
body MSSOFTWARE /(?:Microsoft|Windows) (?:Office Enterprise|Vista Ultimate)/i
describe MSSOFTWARE Microsoft Office Enterprise/Vista Ultimate
score ITCSTORE 4
# blarson 2008-03-26
-header GENDER subject =~ /\b(?:she|her|wom[ae]n|m[ae]n|girls?|males?|females?|herself|wife|ladies|lady|wives)\b/i
+header GENDER subject =~ /\b(?:she|her|wom[ae]n|m[ae]n|girls?|males?|females?|herself|wife|ladies|lady|wives|(?:girl|boy)friends?)\b/i
describe GENDER gender pronoun in subject
-score GENDER 1
+score GENDER 0.5
# blarson 2008-03-28
body REBODY /^re\:\s/
score SUMHERE 3
# don 2008-04-24
-header INVITATIONFROM subject =~ /^\s*Invitation\s*from\s*\w+\s*$/i
+header INVITATIONFROM subject =~ /^\s*(Invitation|Invitaci.n)\s*(from|curso)\s*\w+\s*$/i
describe INVITATIONFROM Invitation from Spammer
score INVITATIONFROM 5
+header INVITESYOU subject =~ /^[\w\s]+(invites|communicates\s+with)\s+you\s+(to|about)[\w\s]+$/i
+describe INVITESYOU Invites or communicates me with spam
+score INVITESYOU 5
+
# blarson 2008-04-28
header RERE subject =~ /^Re\:\s+Re\:\s+/i
describe RERE Re: Re:
describe CONTACTUS Don't contact us, we'll spam you
# don 2008-06-18
-header FASHION subject =~ /(?:(?:armani|chanel|boss|versache|ugg|dsquared)(?:\,\s*|$)){2,}/i
+header FASHION subject =~ /(?:(?:armani|gucci|chanel|boss|versache|ugg|dsquared)(?:\,\s*|$)){2,}/i
describe FASHION Fashion designers in subject
score FASHION 2
+# don 2008-07-30
+header SCOUR subject =~ /Scour(?:.com)? invite from/
+describe SCOUR Scour invite from some spammer
+score SCOUR 3
+
+# don 2008-09-04
+body YOURNAME /\d+\)\s*y+o+u+r+\s*n+a+m+e+/i
+describe YOURNAME 1) your name is spam
+score YOURNAME 3
+
+# blarson 2008-12-11
+header TWITTER subject =~ /you on Twitter/
+describe TWITTER Twitter invite spam
+score TWITTER 4
+
+# don 2008-12-18
+uri DOS_LIVE_SPACES_CID /cid-.{10,20}\.spaces\.live\.com/
+describe DOS_LIVE_SPACES_CID live spaces uri
+score DOS_LIVE_SPACES_CID 3
+
+# don 2008-12-18
+header CHRISTMAS subject =~ /chris+tma+s (pleasure+|night)/i
+describe CHRISTMAS Does christmas really give you pleasure?
+score CHRISTMAS 2
+
+# cord 2008-12-27 (transfered from rc.spam)
+# don 2010-07-18 (decrease score from 4 to 2.5 for false positives)
+full AWARD_WINNING /Award win/i
+describe AWARD_WINNING Award win(ning); we don't believe that it is
+score AWARD_WINNING 2.5
+
+# don 2009-01-10
+header LINKEDIN from =~ /linkedin\.com/
+describe LINKEDIN Linked in spam
+score LINKEDIN 4
+
+# don 2009-02-02
+header LIFECHANGERS from =~ /lifechangers/
+describe LIFECHANGERS Life changers spam
+score LIFECHANGERS 4
+
+# don 2009-02-05
+header WINESEASON subject =~ /Wine\s*Season\s*Promo/i
+describe WINESEASON Wine season spam
+score WINESEASON 3
+
+# don 2009-02-05
+header JOINMEON subject =~ /(?:friend request|join me) on/i
+describe JOINMEON Lets not join you on anything
+score JOINMEON 2
+
+# don 2009-02-09
+header ABOUTAPARTMENT subject =~/about\s*the\s*apartment/i
+describe ABOUTAPARTMENT We don't care about apartments
+score ABOUTAPARTMENT 2
+
+# don 2009-02-14
+header YARISUBJECT subject =~ /\byari\b/i
+describe YARISUBJECT Contains YARI in the subject
+score YARISUBJECT 2
+
+# don 2009-03-03
+body HTMLCOMPATIBLE /html\s+compatible\s+(?:e-?mail)?\s*(?:viewer|client)/i
+describe HTMLCOMPATIBLE If you want us to use an HTML compatible viewer, we don't want your mail.
+score HTMLCOMPATIBLE 3
+
+# zobel 2009-08-31
+header AYDA10KILO subject =~ /Ayda 10 Kilo Vermek Istermisiniz/i
+describe AYDA10KILO We don't care about Ayda 10 Kilo Vermek
+score AYDA10KILO 4
+
+# don 2010-08-21
+body CANNOTVIEW /cannot\s+view\s+this\s+email/i
+describe CANNOTVIEW If we cannot view this email, it must be spam
+score CANNOTVIEW 4
+
+# don 2010-09-24
+header AAVEHICLE subject =~ /vehicle check report/i
+describe AAVEHICLE The AA Vehicle check report is broken
+score AAVEHICLE 4
+
+# don 2010-12-27
+header MODERNART X-BeenThere =~ /group1\@modernartmagazine.com/i
+describe MODERNART Broken mailing list spamers
+score MODERNART 5
+
+# formorer 2011-01-07
+header NYPOSTCARD subject =~ /New Year postcard/i
+describe NYPOSTCARD Enough New Year cards for 2011
+score NYPOSTCARD 4
+
+
+# don 2011-01-24
+header BIZZBOOSTER from =~ /bizzbooster/i
+describe BIZZBOOSTER From bizzbooster
+score BIZZBOOSTER 5
+
+# don 2011-09-22
+header QUOTAEXP subject =~ /mail\s+account(.+)quot[ae]\s+limit/
+describe QUOTAEXP Exceeded quota limit
+score QUOTAEXP 4
+
+# don 2011-09-22
+body SEOBODY /search\s+engine\s+traffic/
+describe SEOBODY Body contains SEO terms
+score SEOBODY 1
+
+header SEOSUBJECT subject =~ /\bseo\b/i
+describe SEOSUBJECT Subject contains SEO terms
+score SEOSUBJECT 1
+
+meta SEOMETA (SEOBODY && SEOSUBJECT)
+describe SEOMETA Matches both SEOBODY and SEOSUBJECT
+score SEOMETA 3
+
+body WEBINAR /webinar/i
+describe WEBINAR Contains webinar
+score WEBINAR 2
+
+
+header TRIALVERSION subject =~ /trial\s*version/i
+describe TRIALVERSION Trial version in subject
+score TRIALVERSION 3
+
+header SHARESPAM subject =~ /shared photos with you/i
+describe SHARESPAM shares photos
+score SHARESPAM 3
+
+header MYNAMEIS subject =~ /hello(.*)my name is/i
+describe MYNAMEIS Name spam
+score MYNAMEIS 2.5
+
+# formorer 2012-02-28
+header VOTREANN Subject =~ /(votre|Petites) annonce/i
+describe VOTREANN Votre annonce
+score VOTREANN 4
+
+# formorer 2010-01-23
+header LEXCHANGE subject =~ /(?:for|4)\s+L[i1]nks?\s+E?xcha?nge/i
+describe LEXCHANGE ask for link exchange
+score LEXCHANGE 4
+
+# formorer 2013-11-08
+header IMARKETING subject =~ /integrated marketing/i
+describe IMARKETING integrated marketing
+score IMARKETING 4
+
+header LYMBOOMATH subject =~ /Lymboo Math/i
+describe LYMBOOMATH Lymboo Math spam
+score LYMBOOMATH 4
+
+# formorer 2014-05-26
+header JOB_DE1 subject =~ /(Freie Stellen|Stellenbeschreibungen)/
+describe JOB_DE1 german job spam
+score JOB_DE1 4
+
+header TODAYSHOW subject =~ /Today Show/i
+describe TODAYSHOW the today show
+score TODAYSHOW 4
+
+header LEADS subject =~ /business leads/i
+describe LEADS business leads
+score LEADS 4
+
+header CLIENTS subject =~ /need more clients/i
+describe CLIENTS need more clients
+score CLIENTS 4
+
+body SEOCONS /SEO Consultant/i
+score SEOCONS 3
+describe SEOCONS SEO Consultant
+
+body SEOISSUES /major issues with your website/i
+score SEOISSUES 2.5
+describe SEOISSUES Major issues with your website
+
+body SEOCOM /SEO Company/i
+score SEOCOM 2.5
+describe SEOCOM SEO Company
+
+# rince 2017-03-30
+header USERSLIST_HEADER1 Subject =~ /\bUsers\bList/i
+describe USERSLIST_HEADER1 Check wether Subject contains 'Users List'
+rawbody USERSLIST_BODY1 /\<div dir=3D\"ltr\"\>\<p class=3D\"MsoNormal\" style=3D\"background-image:/
+describe USERSLIST_BODY1 First potential Spam reconnaissance: style of HTML
+rawbody USERSLIST_BODY2 /\<\/span\>\<span style=3D\"color\:rgb\(219,219,219\)\"\>If you don=E2=80=99t want/
+describe USERSLIST_BODY2 second potential Spam reconnaissance: style of HTML
+rawbody USERSLIST_BODY3 /A Quick Follow up to you that if you are interested in/i
+describe USERSLIST_BODY3 third potential Spam reconnaissance: text phrases
+rawbody USERSLIST_BODY4 /we also have other technology users like: aws, tripod seat, Jira,/i
+describe USERSLIST_BODY4 fourth potential Spam reconnaissance: text phrases
+rawbody USERSLIST_BODY5 /Please let me know your thoughts (so that I can send you cost of the list.|we will provide you the more information)/i
+describe USERSLIST_BODY5 fifth potential Spam reconnaissance: text phrases
+meta META_USERSLIST (( USERSLIST_HEADER1 + USERSLIST_BODY1 + USERSLIST_BODY2 ) || ( USERSLIST_HEADER1 + USERSLIST_BODY3 + USERSLIST_BODY4 ) || ( USERSLIST_HEADER1 + USERSLIST_BODY5 ) > 1 )
+describe META_USERSLIST Question for a Users List
+score META_USERSLIST 0.5
+
+# rince 2017-04-11
+header OWNERSLIST_HEADER1 Subject =~ /\bOwners\bList/i
+describe OWNERSLIST_HEADER1 Check wether Subject contains 'Owners List'
+rawbody OWNERSLIST_BODY1 /The list of contacts are \*opt\-in verified\*/
+describe OWNERSLIST_BODY1 First potential Spam reconnaissance: verified opt-in lists
+meta META_OWNERSLIST ( (OWNERSLIST_HEADER1 + OWNERSLIST_BODY1 ) >1 )
+describe META_OWNERSLIST Questions for an Owners List
+score META_OWNERSLIST 0.5
+
+# rince 2017-04-14
+header PRATT subject =~ /Pratt Is Now Earth Works Jacksonville/i
+score PRATT 4
+describe PRATT Pratt spam
+
+# rince 2017-04-15
+header PRATTFROM From =~ /Pratt Brothers/
+describe PRATTFROM Pratt Brothers Spam
+score PRATTFROM 1
+
projects / spamassassin_config.git / blobdiff