Contents of /trunk/spamassassin_config/common/phrase_spam

# Added some rules from Rule du Jour that I've been testing for a while

#Monotone (from airmax.cf)
body     MONOTONE_WORDS_2_15            /^([a-z]{2,20}[\s\.]+){15}/
describe MONOTONE_WORDS_2_15            Lines with many (long) lowercase words (15+ words, 2+ letters)
body     MONOTONE_WORDS_2_30            /^([a-z]{2,20}[\s\.]+){30}/
describe MONOTONE_WORDS_2_30            Lines with many (long) lowercase words (30+ words, 2+ letters)
body     MONOTONE_WORDS_3_20            /^([a-z]{3,20}[\s\.]+){20}/
describe MONOTONE_WORDS_3_20            Lines with many (long) lowercase words (20+ words, 3+ letters)
body     MONOTONE_WORDS_5_8                     /^([a-z]{5,20}[\s\.]+){8}/
describe MONOTONE_WORDS_5_8                     Lines with many (long) lowercase words (8+ words, 5+ letters)
body     MONOTONE_WORDS_5_12            /^([a-z]{5,20}[\s\.]+){12}/
describe MONOTONE_WORDS_5_12            Lines with many (long) lowercase words (12+ words, 5+ letters)
body     MONOTONE_WORDS_5_20            /^([a-z]{5,20}[\s\.]+){20}/
describe MONOTONE_WORDS_5_20            Lines with many (long) lowercase words (20+ words, 5+ letters)

# Lots of auto-responders seem to have this
body    MDO_AUTORESP1   /online form/i
score   MDO_AUTORESP1   0.1

body    MDO_AUTORESP2   /large amount of (spam|virus)/i
score   MDO_AUTORESP2   0.1

body    MDO_AUTORESP3   /(electronically|automatically) (generated|created) (email|ack)/i
score   MDO_AUTORESP3   0.1

body    MDO_AUTORESP4   /(respond|answer) your enquiry/i
score   MDO_AUTORESP4   0.1

body    MDO_AUTORESP5   /(email|enquiry) has been received/i
score   MDO_AUTORESP5   0.1

body    MDO_AUTORESP6   /will be answered within/i
score   MDO_AUTORESP6   0.1

body    MDO_AUTORESP7   /the e-mail address to which you have written does not support incoming messages/i
score   MDO_AUTORESP7   0.1

meta    MDO_AUTORESP_META1      (MDO_AUTORESP1 + MDO_AUTORESP2 + MDO_AUTORESP3 + MDO_AUTORESP4 + MDO_AUTORESP5 + MDO_AUTORESP6 + MDO_AUTORESP7) > 1
score   MDO_AUTORESP_META1      2.0

body MURPHY_DIPLOMA     /Diploma/
describe MURPHY_DIPLOMA No Diploma
score MURPHY_DIPLOMA    1

body MURPHY_CALORIES    /calories/
describe MURPHY_CALORIES        No Calories
score MURPHY_CALORIES   1

header MURPHY_CONTENT_GIF       Content-Type =~ /image\/gif/
describe MURPHY_CONTENT_GIF     Content contains image/gif
score MURPHY_CONTENT_GIF        1

# cable tv spam -- pasc 04/05/11-12
body MDO_CABLE_TV1      /pay.?per.?view/i
score MDO_CABLE_TV1     0.5

body MDO_CABLE_TV2      /mature.?channel/i
score MDO_CABLE_TV2     0.5

body MDO_CABLE_TV3      /c(\@|a)ble/i
score MDO_CABLE_TV3     0.5

body MDO_CABLE_TV4      /rem(o|0)te.?control/i
score MDO_CABLE_TV4     0.5

meta MDO_CABLE_META1    (MDO_CABLE_TV1 || MDO_CABLE_TV2 || MDO_CABLE_TV4) && (MDO_CABLE_TV3)
describe MDO_CABLE_META1 Too much cable stuff
score MDO_CABLE_META1   3

header  MDO_TAGSPAM1            Subject =~ /Unknown Tag *free* Please Fix/
score   MDO_TAGSPAM1            4

body    MDO_BAD_WORD1           /PORTFOLIO/i
score   MDO_BAD_WORD1           2.8

# blarson, 2004-04-30 -> lists --pasc 04/05/11 
body AFFILIATEID        /affiliate.?id/i
describe AFFILIATEID    affiliate id
score AFFILIATEID       3

# joy, 2003-08-30, 2003-09-21
header FW               Subject =~ /^Fw: /
describe FW             Sounds like a Fw: spam
score FW                3

# blarson 2007-07-13
header REFWD            subject =~ /\b(?:RE|FWD)\:\s*$/i
describe REFWD          re or fwd nothing
score REFWD             3

# blarson 2005-11-11
header ONEWORD          subject =~ /^(?:Fw:|re:)?\s*\w+\s*$/i
describe ONEWORD        one word subject
score ONEWORD           1

# robot101, 2003-09-22
header CROSSWALK        X-UnityUser =~ /^Crosswalk.com, Inc/
describe CROSSWALK      Crosswalk bible mailing list
score CROSSWALK         3

header CROSSWALK_SPAM   From =~ /Crosswalk/
describe CROSSWALK_SPAM Crosswalk Spam
score CROSSWALK_SPAM    1

# -- joy, 2003-06-28
header BOMDIA           Subject =~ /Bom dia /
describe BOMDIA         Bom dia, usually some Romanic language spam
score BOMDIA            2

header RCVD_FROM_UNCONF_HOST    Received =~ /^from localhost.localdomain/
describe RCVD_FROM_UNCONF_HOST  Mail comes from a host with unconfigured mailer daemon
score RCVD_FROM_UNCONF_HOST     2

# joy, 2003/01/25
body ECOSPAM                    /Corridas de Toros para los turistas Ingleses en Barcelona/
describe ECOSPAM                Eco-spam all right
score ECOSPAM                   5.0

# cjwatson, 2003/02/24
body SPANISH_FORM_CGI           /Este formulario fue enviado por/
describe SPANISH_FORM_CGI       "Below is the result of your feedback form", eh?
score SPANISH_FORM_CGI          4.0

# joy, 2003-06-18
body TRAFFICMAGNET              /Become a TrafficMagnet Reseller/
describe TRAFFICMAGNET          SpamMagnet
score TRAFFICMAGNET             4

# joy, 2003-06-27
header BKR                      Subject =~ /^bkr/
describe BKR                    bkr spam
score BKR                       4

# joy, 2003-06-27
header RISEANDSHINE             Subject =~ /^Rise and Shine in 15 minutes/
describe RISEANDSHINE           Rise and Shine in 15 minutes spam
score RISEANDSHINE              4

# joy, 2003-09-20
header UNIVDIP          Subject =~ /U N I V E R S I T Y . D I P L O M A S/i
describe UNIVDIP        university diplomas spam
score UNIVDIP           4

# joy, 2003-09-21
header YOUTHERE         Subject =~ /^(Re: )?You/i
describe YOUTHERE       Who, me? Likely spam
score YOUTHERE          2

# cjwatson, 2003-11-20
header HOUSECLEANING    Subject =~ /^Affordable Housecleaning Service/
describe HOUSECLEANING  let's clean out the spam instead
score HOUSECLEANING     3

# cjwatson, 2003-12-11
header OTC_FIRST        Subject =~ /OTC FIRST ALERT/
describe OTC_FIRST      OTC spam
score OTC_FIRST         3

# joy, 2004-01-03
body AVAILABLENOW       /available now/i
describe AVAILABLENOW   must be selling some shit
score AVAILABLENOW      1

# cjwatson, 2004-01-16
body TEDIOUS_WITTER     /If not i included it below so let me know if you like it/
describe TEDIOUS_WITTER annoying wittering spam, mypillsource.com I think
score TEDIOUS_WITTER    2

# cjwatson, 2004-03-12
# blarson 2004-06-09
header UNI_DIPLOMA      Subject =~ /\b(university|college)\s+(diploma|cert|degree)/i
describe UNI_DIPLOMA    Got one, thanks
score UNI_DIPLOMA       4

# blarson 2004-04-27
body UNI2       /university\s+(diploma|cert|degree)/i
describe UNI2   Got one, thanks
score UNI2      4

# cjwatson, 2004-03-12
header JOB_CONFIRM      Subject =~ /Job confirmation/
describe JOB_CONFIRM    Got one of these too, thanks
score JOB_CONFIRM       3

# blarson 2005-09-20
header MESSAGESUB       subject =~ /^\s*\(?message\s*(subject)?\)?$/i
describe MESSAGESUB     really descriptive subject
score MESSAGESUB        3

# don 2007-09-20
header SENTMESSAGE      subject =~ /(sent you a( personal|) message|would like to chat)/i
describe SENTMESSAGE    Sent you a message (like duh?)
score SENTMESSAGE       2

# blarson 2006-03-16 2007-09-18
body DEARDIGIT          /^(?:well\s+)?(?:Dear|Hey|H[ea]y?ll?.?o|To|Attention|Hi+|Hey+a?|Bonjorno|(?:Yo\s*)+|(?:g[o0]+d\s*)?(?:d?ay|morning|evening?|afternoon|night)|what.?i?s\s+up|wa(?:s|z)+up|greetings?|Salutations|(Mail|News)\s+to|how(?:.?s|\s+is)?\s*(?:(?:it)?(?:\s+is)??\s*going|have\s+you\s+been|are you).?\s*(?:there|to\s+you)?|compliments|Regards|Adieu)\,?\s+(?:Account\s+\#?|\=?3d|)(?:bro|there|sir|Mr\.?)\s*?\d{3,}/i
describe DEARDIGIT      Dear number
score DEARDIGIT         3.9

# blarson 2004-11-08
header SIZEMATTERS      subject =~ /^S.ze matters$/i
describe SIZEMATTERS    Size matters spammer
score SIZEMATTERS       3

# cjwatson 2005-01-02
header RNDMX            subject =~ /^<rndmx/
describe RNDMX          weird empty spam
score RNDMX             4

# blarson 2005-01-06
header VERIFYCAT        subject =~ /verifycation mail/
describe VERIFYCAT      verifycation spam
score   VERIFYCAT       4

# blarson 2005-01-10
header D0WNLOAD         subject =~ /\bd[o0]wn[l1][o0]ad.*(?:m[o0]v[i1]e|mp3|tune|music)/i
describe D0WNLOAD       download spam
score D0WNLOAD          3

# blarson 2005-02-11
header REDUCESPAM       subject =~ /Reduce Spam\b/i
describe REDUCESPAM     reduce spam spam
score REDUCESPAM        2

# blarson 2005-04-15
body DIRT               /\.(?:the|\d|)dirty?\d+\.info\//
describe DIRT           dirty spammer
score DIRT              3

# blarson 2005-04-17
body RNDWORD            /^RND_WORD\s*$/
describe RNDWORD        RND_WORD
score RNDWORD           3

# blarson 2005-08-18
header D3GREE           subject =~ /\bd(?:3gres?|esgre|eerge|eeerg|reege|egres)e?s?\b/i
describe D3GREE         Want a used paper from someone who can't spell
score D3GREE            3

# blarson 2005-08-19
body FINALNOTE          /\bfinal\s+notif/i
describe FINALNOTE      yet another final notification
score FINALNOTE         2

# blarson 2005-08-23
header HIITS            subject =~ /\bHi\! It\'s\b/i
describe HIITS          hi its
score HIITS             3

# blarson 2005-08-23
header GOTONE           subject =~ /\bgot one$/i
describe GOTONE         got this spam already
score GOTONE            3

# blarson 2005-09-06
body IMMEDIATEREV       /^ATTENTION- For your immediate review:/
describe IMMEDIATEREV   immediate discard
score IMMEDIATEREV      3

# blarson 2005-09-12
body CLIENTALERT        /^(?:CLIENT ALERT|ATTENTION CLIENT)/i
describe CLIENTALERT    client alert
score CLIENTALERT       3

# cjwatson 2005-10-20
header DEBIANTUX23      From =~ /DebianTux23|wieseltux23/i
describe DEBIANTUX23    Linux spammer, sigh
score DEBIANTUX23       5

# blarson 2005-10-29
body SHITBRO            /^\s*sh[i1]+t\s+bro/i
describe SHITBRO        shitty spam
score SHITBRO           3

# blarson 2005-12-05
header POPPROG          subject =~ /popular programs for everyday use/i
describe POPPROG        unpopular spam
score POPPROG           3

# blarson 2006-02-03
body GREET              /^\%(?:GREET|EXIT)/
describe GREET          broken spamware
score GREET             3

# blarson 2006-10-18
header WROTE            subject =~ /\bwrote\:\s*$/i
describe WROTE          stock scam
score WROTE             2

body DEGREE_SPAM        /earn.+degree.+transcripts/i
describe DEGREE_SPAM    earn a degree with transcripts spam
score    DEGREE_SPAM    2.5     

# blarson 2006-10-23
body BLUEPILL           /blue pill/i
describe BLUEPILL       Blue pill spam
score BLUEPILL          2

# blarson 2006-11-04
header PHOTOQUEST       subject =~ /question about your photo/i
describe PHOTOQUEST     questioning photo
score PHOTOQUEST        2

# blarson 2006-11-08
body KBDP               /Knowledge Based Degree Program/i
describe KBDP           degree spam
score KBDP              4

# blarson 2006-11-13
body CRITERIAHAS        /\bOur criteria has changed\b/i
describe CRITERIAHAS    Diploma salesman with bad english
score CRITERIAHAS       3

# blarson 2006-11-18
body TORA08             /\b\d{6}   \d{7}   \d{6}         \d             \d{7}   \d{7}/
describe TORA08         TORA.08 spam
score TORA08            3

# blarson 2006-11-21
body SERIOUSBRO         /^Seriously bro\b/i
describe SERIOUSBRO     Seriously bro
score SERIOUSBRO        3

# blarson 2006-12-06
body INSETET            /\bwilson\@insitetcnologia\.com\.br\b/
describe INSETET        please send spammer
score INSETET           4

# blarson 2006-12-09
body USUARIO            /\bEl usuario destinatario no es un usuario valido/
describe USUARIO        No such user -- sent in infinite loop
score   USUARIO         3

# don 2006-12-13
body NOMAILRECBI        /no recibi tu mail/i
describe NOMAILRECBI    No recbi of mail -- was closing way to many bugs
score   NOMAILRECBI     3

# blarson 2007-02-13
header URHELP           subject =~ /\bi need ur help\b/
describe URHELP         blank spam
score URHELP            3

# blarson 2006-12-08
header ACRO8PR0         subject =~ /\bAcr[0o]bat\s*[78]\s+(?:PR[0O]\b|\$?\d+\$?)/i
describe ACRO8PR0       sales spam
score ACRO8PR0          4       

# blarson 2007-09-15
body WBRS               /\b(WBRS|FPMC|ADYN|AFML|MISJ|HXPN|WHKA|CBFE|HSBC|PCAI|MPRG|HPRS|AUNI|TGVI|MHII|TAMG|GDKI|ACEN|CDYV|G7Q\.F|mbwc|CHFR|CDPN|DSDI|UTEV|P-S-U-D|GPSI|SGXI|CAON|SREA|ERMX|VPSN|SZSN|PAYI\.OB|LTDI|C\W\W?Y\W\W?T\W\W?V|E\WX\WM\WT|CYTV|VGPM|V\s?G\s?P\s?M(\.PK)?|wwng|WWNG|F\WD\WE\WG|FDEG|UTYW|M\s*I\s*H\s*I|O\W?N\W?C\W?O|P\W?P\W?Y\W?H|S\W?R\W?E\W?A|A\W?C\W?G\W?U|S\W?C\W?Y\W?F|C\W?H\W?V\W?C|D\W?M\W?X\W?C|F\W?R\W?L\W?E|M\W?A\W?K\W?U|MAKU|CWTE|FRLE)\b/
describe WBRS           stock spam
score WBRS              4

body FOURLA             /\b([A-Z]\s?){4}\b/
describe FOURLA         Four letter acronym (stock spam?)
score FOURLA            1

body WORDMONEY          /^\w+\s*:\s*(?:\$\s*[\d\.]+|[\d\.]+\s*USD)/mi
describe WORDMONEY      Word Colon Money
score WORDMONEY         1

meta STOCKLIKE          (FOURLA && WORDMONEY)
describe STOCKLIKE      Four letter acronyms with money; stock scam
score STOCKLIKE         2

# blarson 2007-01-26
header ACROBAT8         subject =~ /\badobe acr[o0]bat 8\b/i
describe ACROBAT8       more sales spam
score ACROBAT8          3

# blarson 2007-03-14
header VLSTA            subject =~ /VlSTA|0FFlCE|ACR0B8T/i
describe VLSTA          misspelled microshit software
score VLSTA             3

# blarson 2007-04-19
header ANGEKUEN         subject =~ /\bTrauer angekuendigt\b/
describe ANGEKUEN       german spam
score ANGEKUEN          3

# blarson 2007-05-06
body INTCAFE            /\binternet caff?e\b/i
describe INTCAFE        internet cafe spam
score INTCAFE           2

# blarson 2007-07-14
header VERIFIC          subject =~ /Your email requires verification/
describe VERIFIC        some people prefer you get their spam
score VERIFIC           3

# blarson 2007-07-14
header WHITELIST        subject =~ /You have been added to .* whitelist/
describe WHITELIST      whitelist spam
score WHITELIST         3

# blarson 2007-07-15
body CASNIO             /^Please be advised that your casnio account is still inactive/
describe CASNIO         casnio account
score CASNIO            3

# don 2007-07-17
header AUTOREPLY        subject =~ /\bauto(?:mated|matic|)[\s-]+re(?:spon[cs]e|ply)\b/i
describe AUTOREPLY      Automatic reply
score AUTOREPLY         2

# blarson 2007-07-18
body CONFSERV           /^Thanks for using our confidential service/
describe CONFSERV       confidential service
score CONFSERV          3

# blarson 2007-07-18
body CONTENC            /^Confirmation has been enclosed/
describe CONTENC        more pdf spam
score CONTENC           4

# blarson 2007-07-23
header PHONE            subject =~ /\b(tele)?phone\b/i
describe PHONE          phone spam
score PHONE             2

# blarson 2007-07-30
body ASPDF              /^We send our messages as Portable Document Format/
describe ASPDF          more pdf spam
score ASPDF             3

# blarson 2007-08-20
body DELAFT             /Please delete your private message after reading/
describe DELAFT         more pdf spam
score DELAFT            3

# blarson 2007-09-13
header OFF1CE           subject =~ /\b[O0]ff[1i7l|]ce\s*\W?2[O0Qk]+7\b/i
describe OFF1CE         off1ce spam
score OFF1CE            4

# blarson 2007-09-13
header SOFTSALE         subject =~ /\bsoftware sales\b/i
describe SOFTSALE       software spam
score SOFTSALE          3

# blarson 2007-09-18
body SUPERMACHO         /\bBe a supermacho/i
describe SUPERMACHO     supermacho
score SUPERMACHO        4

# blarson 2007-09-19
body BIGINTER           /\bBig international commercial organization\b/i
describe BIGINTER       job spam
score BIGINTER          4

# blarson 2007-09-20
header HASSENT          subject =~ /\b(?:sent you a (?:personal|confidential)?\s*(?:message|note)|would like to chat)\b/i
describe HASSENT        sent a message
score HASSENT           4

# blarson 2007-09-20
header ORDERNUM         subject =~ /\b(?:Order|Recipet)\s*.?\d{3,}/i
describe ORDERNUM       order number
score ORDERNUM          3

# don 2007-09-20
header DICTIONARYSEQ    subject =~ /\b(\w{3})\w*(?:\s+\1\w*){2}/i
describe DICTIONARYSEQ  Ventricular Vents Venting Ventures
score DICTIONARYSEQ     3.5

# blarson 2007-09-21
header NOLET            subject =~ /^\W{4,}$/
describe NOLET          swearing subject
score NOLET             2

# blarson 2007-09-21
body SSIST              /^ssistant Manager/
describe SSIST          ssistant Manager
score SSIST             4

# blarson 2007-09-21
body GRADUATEUNDER      /\bgraduate in under\b/i
describe GRADUATEUNDER  graduate in under
score GRADUATEUNDER     3

# blarson 2007-09-24
header NOINVEST         subject =~ /\b(?:no investment|high.paid)\b/i
describe NOINVEST       no investment
score NOINVEST          4

# blarson 2007-09-25
header INTEXP           subject =~ /\b[I|]nternet Exp[l|]orer\b/i
describe INTEXP         |nternet Exp|orer
score INTEXP            2

# don 2007-09-29
header WORKATHOME       subject =~ /work\Wat\Whome/i
describe WORKATHOME     Work at home
score WORKATHOME        4       

# don 2007-10-01
body PHONENUMBER        /\b1[\-\.\s]?8[07]+[\-\.\s]?\d+/
describe PHONENUMBER    Toll free phone number
score PHONENUMBER       1.5
1	don	2	# Added some rules from Rule du Jour that I've been testing for a while
2
3			#Monotone (from airmax.cf)
4			body MONOTONE_WORDS_2_15 /^([a-z]{2,20}[\s\.]+){15}/
5			describe MONOTONE_WORDS_2_15 Lines with many (long) lowercase words (15+ words, 2+ letters)
6			body MONOTONE_WORDS_2_30 /^([a-z]{2,20}[\s\.]+){30}/
7			describe MONOTONE_WORDS_2_30 Lines with many (long) lowercase words (30+ words, 2+ letters)
8			body MONOTONE_WORDS_3_20 /^([a-z]{3,20}[\s\.]+){20}/
9			describe MONOTONE_WORDS_3_20 Lines with many (long) lowercase words (20+ words, 3+ letters)
10			body MONOTONE_WORDS_5_8 /^([a-z]{5,20}[\s\.]+){8}/
11			describe MONOTONE_WORDS_5_8 Lines with many (long) lowercase words (8+ words, 5+ letters)
12			body MONOTONE_WORDS_5_12 /^([a-z]{5,20}[\s\.]+){12}/
13			describe MONOTONE_WORDS_5_12 Lines with many (long) lowercase words (12+ words, 5+ letters)
14			body MONOTONE_WORDS_5_20 /^([a-z]{5,20}[\s\.]+){20}/
15			describe MONOTONE_WORDS_5_20 Lines with many (long) lowercase words (20+ words, 5+ letters)
16
17			# Lots of auto-responders seem to have this
18			body MDO_AUTORESP1 /online form/i
19			score MDO_AUTORESP1 0.1
20
21			body MDO_AUTORESP2 /large amount of (spam\|virus)/i
22			score MDO_AUTORESP2 0.1
23
24			body MDO_AUTORESP3 /(electronically\|automatically) (generated\|created) (email\|ack)/i
25			score MDO_AUTORESP3 0.1
26
27			body MDO_AUTORESP4 /(respond\|answer) your enquiry/i
28			score MDO_AUTORESP4 0.1
29
30			body MDO_AUTORESP5 /(email\|enquiry) has been received/i
31			score MDO_AUTORESP5 0.1
32
33			body MDO_AUTORESP6 /will be answered within/i
34			score MDO_AUTORESP6 0.1
35
36			body MDO_AUTORESP7 /the e-mail address to which you have written does not support incoming messages/i
37			score MDO_AUTORESP7 0.1
38
39			meta MDO_AUTORESP_META1 (MDO_AUTORESP1 + MDO_AUTORESP2 + MDO_AUTORESP3 + MDO_AUTORESP4 + MDO_AUTORESP5 + MDO_AUTORESP6 + MDO_AUTORESP7) > 1
40			score MDO_AUTORESP_META1 2.0
41
42			body MURPHY_DIPLOMA /Diploma/
43			describe MURPHY_DIPLOMA No Diploma
44			score MURPHY_DIPLOMA 1
45
46			body MURPHY_CALORIES /calories/
47			describe MURPHY_CALORIES No Calories
48			score MURPHY_CALORIES 1
49
50			header MURPHY_CONTENT_GIF Content-Type =~ /image\/gif/
51			describe MURPHY_CONTENT_GIF Content contains image/gif
52			score MURPHY_CONTENT_GIF 1
53
54			# cable tv spam -- pasc 04/05/11-12
55			body MDO_CABLE_TV1 /pay.?per.?view/i
56			score MDO_CABLE_TV1 0.5
57
58			body MDO_CABLE_TV2 /mature.?channel/i
59			score MDO_CABLE_TV2 0.5
60
61			body MDO_CABLE_TV3 /c(\@\|a)ble/i
62			score MDO_CABLE_TV3 0.5
63
64			body MDO_CABLE_TV4 /rem(o\|0)te.?control/i
65			score MDO_CABLE_TV4 0.5
66
67			meta MDO_CABLE_META1 (MDO_CABLE_TV1 \|\| MDO_CABLE_TV2 \|\| MDO_CABLE_TV4) && (MDO_CABLE_TV3)
68			describe MDO_CABLE_META1 Too much cable stuff
69			score MDO_CABLE_META1 3
70
71			header MDO_TAGSPAM1 Subject =~ /Unknown Tag free Please Fix/
72			score MDO_TAGSPAM1 4
73
74			body MDO_BAD_WORD1 /PORTFOLIO/i
75			score MDO_BAD_WORD1 2.8
76
77			# blarson, 2004-04-30 -> lists --pasc 04/05/11
78			body AFFILIATEID /affiliate.?id/i
79			describe AFFILIATEID affiliate id
80			score AFFILIATEID 3
81
82			# joy, 2003-08-30, 2003-09-21
83			header FW Subject =~ /^Fw: /
84			describe FW Sounds like a Fw: spam
85			score FW 3
86
87			# blarson 2007-07-13
88			header REFWD subject =~ /\b(?:RE\|FWD)\:\s*$/i
89			describe REFWD re or fwd nothing
90			score REFWD 3
91
92			# blarson 2005-11-11
93			header ONEWORD subject =~ /^(?:Fw:\|re:)?\s\w+\s$/i
94			describe ONEWORD one word subject
95			score ONEWORD 1
96
97			# robot101, 2003-09-22
98			header CROSSWALK X-UnityUser =~ /^Crosswalk.com, Inc/
99			describe CROSSWALK Crosswalk bible mailing list
100			score CROSSWALK 3
101
102			header CROSSWALK_SPAM From =~ /Crosswalk/
103			describe CROSSWALK_SPAM Crosswalk Spam
104			score CROSSWALK_SPAM 1
105
106			# -- joy, 2003-06-28
107			header BOMDIA Subject =~ /Bom dia /
108			describe BOMDIA Bom dia, usually some Romanic language spam
109			score BOMDIA 2
110
111			header RCVD_FROM_UNCONF_HOST Received =~ /^from localhost.localdomain/
112			describe RCVD_FROM_UNCONF_HOST Mail comes from a host with unconfigured mailer daemon
113			score RCVD_FROM_UNCONF_HOST 2
114
115			# joy, 2003/01/25
116			body ECOSPAM /Corridas de Toros para los turistas Ingleses en Barcelona/
117			describe ECOSPAM Eco-spam all right
118			score ECOSPAM 5.0
119
120			# cjwatson, 2003/02/24
121			body SPANISH_FORM_CGI /Este formulario fue enviado por/
122			describe SPANISH_FORM_CGI "Below is the result of your feedback form", eh?
123			score SPANISH_FORM_CGI 4.0
124
125			# joy, 2003-06-18
126			body TRAFFICMAGNET /Become a TrafficMagnet Reseller/
127			describe TRAFFICMAGNET SpamMagnet
128			score TRAFFICMAGNET 4
129
130			# joy, 2003-06-27
131			header BKR Subject =~ /^bkr/
132			describe BKR bkr spam
133			score BKR 4
134
135			# joy, 2003-06-27
136			header RISEANDSHINE Subject =~ /^Rise and Shine in 15 minutes/
137			describe RISEANDSHINE Rise and Shine in 15 minutes spam
138			score RISEANDSHINE 4
139
140			# joy, 2003-09-20
141			header UNIVDIP Subject =~ /U N I V E R S I T Y . D I P L O M A S/i
142			describe UNIVDIP university diplomas spam
143			score UNIVDIP 4
144
145			# joy, 2003-09-21
146			header YOUTHERE Subject =~ /^(Re: )?You/i
147			describe YOUTHERE Who, me? Likely spam
148			score YOUTHERE 2
149
150			# cjwatson, 2003-11-20
151			header HOUSECLEANING Subject =~ /^Affordable Housecleaning Service/
152			describe HOUSECLEANING let's clean out the spam instead
153			score HOUSECLEANING 3
154
155			# cjwatson, 2003-12-11
156			header OTC_FIRST Subject =~ /OTC FIRST ALERT/
157			describe OTC_FIRST OTC spam
158			score OTC_FIRST 3
159
160			# joy, 2004-01-03
161			body AVAILABLENOW /available now/i
162			describe AVAILABLENOW must be selling some shit
163			score AVAILABLENOW 1
164
165			# cjwatson, 2004-01-16
166			body TEDIOUS_WITTER /If not i included it below so let me know if you like it/
167			describe TEDIOUS_WITTER annoying wittering spam, mypillsource.com I think
168			score TEDIOUS_WITTER 2
169
170			# cjwatson, 2004-03-12
171			# blarson 2004-06-09
172			header UNI_DIPLOMA Subject =~ /\b(university\|college)\s+(diploma\|cert\|degree)/i
173			describe UNI_DIPLOMA Got one, thanks
174			score UNI_DIPLOMA 4
175
176			# blarson 2004-04-27
177			body UNI2 /university\s+(diploma\|cert\|degree)/i
178			describe UNI2 Got one, thanks
179			score UNI2 4
180
181			# cjwatson, 2004-03-12
182			header JOB_CONFIRM Subject =~ /Job confirmation/
183			describe JOB_CONFIRM Got one of these too, thanks
184			score JOB_CONFIRM 3
185
186			# blarson 2005-09-20
187			header MESSAGESUB subject =~ /^\s\(?message\s(subject)?\)?$/i
188			describe MESSAGESUB really descriptive subject
189			score MESSAGESUB 3
190
191	don	16	# don 2007-09-20
192			header SENTMESSAGE subject =~ /(sent you a( personal\|) message\|would like to chat)/i
193			describe SENTMESSAGE Sent you a message (like duh?)
194			score SENTMESSAGE 2
195
196			# blarson 2006-03-16 2007-09-18
197			body DEARDIGIT /^(?:well\s+)?(?:Dear\|Hey\|H[ea]y?ll?.?o\|To\|Attention\|Hi+\|Hey+a?\|Bonjorno\|(?:Yo\s)+\|(?:g[o0]+d\s)?(?:d?ay\|morning\|evening?\|afternoon\|night)\|what.?i?s\s+up\|wa(?:s\|z)+up\|greetings?\|Salutations\|(Mail\|News)\s+to\|how(?:.?s\|\s+is)?\s(?:(?:it)?(?:\s+is)??\sgoing\|have\s+you\s+been\|are you).?\s(?:there\|to\s+you)?\|compliments\|Regards\|Adieu)\,?\s+(?:Account\s+\#?\|\=?3d\|)(?:bro\|there\|sir\|Mr\.?)\s?\d{3,}/i
198	don	2	describe DEARDIGIT Dear number
199			score DEARDIGIT 3.9
200
201			# blarson 2004-11-08
202			header SIZEMATTERS subject =~ /^S.ze matters$/i
203			describe SIZEMATTERS Size matters spammer
204			score SIZEMATTERS 3
205
206			# cjwatson 2005-01-02
207			header RNDMX subject =~ /^<rndmx/
208			describe RNDMX weird empty spam
209			score RNDMX 4
210
211			# blarson 2005-01-06
212			header VERIFYCAT subject =~ /verifycation mail/
213			describe VERIFYCAT verifycation spam
214			score VERIFYCAT 4
215
216			# blarson 2005-01-10
217			header D0WNLOAD subject =~ /\bd[o0]wn[l1][o0]ad.*(?:m[o0]v[i1]e\|mp3\|tune\|music)/i
218			describe D0WNLOAD download spam
219			score D0WNLOAD 3
220
221			# blarson 2005-02-11
222			header REDUCESPAM subject =~ /Reduce Spam\b/i
223			describe REDUCESPAM reduce spam spam
224			score REDUCESPAM 2
225
226			# blarson 2005-04-15
227			body DIRT /\.(?:the\|\d\|)dirty?\d+\.info\//
228			describe DIRT dirty spammer
229			score DIRT 3
230
231			# blarson 2005-04-17
232			body RNDWORD /^RND_WORD\s*$/
233			describe RNDWORD RND_WORD
234	don	8	score RNDWORD 3
235	don	2
236			# blarson 2005-08-18
237			header D3GREE subject =~ /\bd(?:3gres?\|esgre\|eerge\|eeerg\|reege\|egres)e?s?\b/i
238			describe D3GREE Want a used paper from someone who can't spell
239			score D3GREE 3
240
241			# blarson 2005-08-19
242			body FINALNOTE /\bfinal\s+notif/i
243			describe FINALNOTE yet another final notification
244			score FINALNOTE 2
245
246			# blarson 2005-08-23
247			header HIITS subject =~ /\bHi\! It\'s\b/i
248			describe HIITS hi its
249			score HIITS 3
250
251			# blarson 2005-08-23
252			header GOTONE subject =~ /\bgot one$/i
253			describe GOTONE got this spam already
254			score GOTONE 3
255
256			# blarson 2005-09-06
257			body IMMEDIATEREV /^ATTENTION- For your immediate review:/
258			describe IMMEDIATEREV immediate discard
259			score IMMEDIATEREV 3
260
261			# blarson 2005-09-12
262			body CLIENTALERT /^(?:CLIENT ALERT\|ATTENTION CLIENT)/i
263			describe CLIENTALERT client alert
264			score CLIENTALERT 3
265
266			# cjwatson 2005-10-20
267			header DEBIANTUX23 From =~ /DebianTux23\|wieseltux23/i
268			describe DEBIANTUX23 Linux spammer, sigh
269			score DEBIANTUX23 5
270
271			# blarson 2005-10-29
272			body SHITBRO /^\s*sh[i1]+t\s+bro/i
273			describe SHITBRO shitty spam
274			score SHITBRO 3
275
276			# blarson 2005-12-05
277			header POPPROG subject =~ /popular programs for everyday use/i
278			describe POPPROG unpopular spam
279			score POPPROG 3
280
281			# blarson 2006-02-03
282			body GREET /^\%(?:GREET\|EXIT)/
283			describe GREET broken spamware
284			score GREET 3
285
286			# blarson 2006-10-18
287			header WROTE subject =~ /\bwrote\:\s*$/i
288			describe WROTE stock scam
289			score WROTE 2
290
291			body DEGREE_SPAM /earn.+degree.+transcripts/i
292			describe DEGREE_SPAM earn a degree with transcripts spam
293			score DEGREE_SPAM 2.5
294
295			# blarson 2006-10-23
296			body BLUEPILL /blue pill/i
297			describe BLUEPILL Blue pill spam
298			score BLUEPILL 2
299
300			# blarson 2006-11-04
301			header PHOTOQUEST subject =~ /question about your photo/i
302			describe PHOTOQUEST questioning photo
303			score PHOTOQUEST 2
304
305			# blarson 2006-11-08
306			body KBDP /Knowledge Based Degree Program/i
307			describe KBDP degree spam
308			score KBDP 4
309
310			# blarson 2006-11-13
311			body CRITERIAHAS /\bOur criteria has changed\b/i
312			describe CRITERIAHAS Diploma salesman with bad english
313			score CRITERIAHAS 3
314
315			# blarson 2006-11-18
316			body TORA08 /\b\d{6} \d{7} \d{6} \d \d{7} \d{7}/
317			describe TORA08 TORA.08 spam
318			score TORA08 3
319
320			# blarson 2006-11-21
321			body SERIOUSBRO /^Seriously bro\b/i
322			describe SERIOUSBRO Seriously bro
323			score SERIOUSBRO 3
324
325			# blarson 2006-12-06
326			body INSETET /\bwilson\@insitetcnologia\.com\.br\b/
327			describe INSETET please send spammer
328			score INSETET 4
329
330			# blarson 2006-12-09
331			body USUARIO /\bEl usuario destinatario no es un usuario valido/
332			describe USUARIO No such user -- sent in infinite loop
333			score USUARIO 3
334
335			# don 2006-12-13
336			body NOMAILRECBI /no recibi tu mail/i
337			describe NOMAILRECBI No recbi of mail -- was closing way to many bugs
338			score NOMAILRECBI 3
339
340			# blarson 2007-02-13
341			header URHELP subject =~ /\bi need ur help\b/
342			describe URHELP blank spam
343			score URHELP 3
344
345			# blarson 2006-12-08
346			header ACRO8PR0 subject =~ /\bAcr[0o]bat\s*[78]\s+(?:PR[0O]\b\|\$?\d+\$?)/i
347			describe ACRO8PR0 sales spam
348			score ACRO8PR0 4
349
350	don	16	# blarson 2007-09-15
351	don	33	body WBRS /\b(WBRS\|FPMC\|ADYN\|AFML\|MISJ\|HXPN\|WHKA\|CBFE\|HSBC\|PCAI\|MPRG\|HPRS\|AUNI\|TGVI\|MHII\|TAMG\|GDKI\|ACEN\|CDYV\|G7Q\.F\|mbwc\|CHFR\|CDPN\|DSDI\|UTEV\|P-S-U-D\|GPSI\|SGXI\|CAON\|SREA\|ERMX\|VPSN\|SZSN\|PAYI\.OB\|LTDI\|C\W\W?Y\W\W?T\W\W?V\|E\WX\WM\WT\|CYTV\|VGPM\|V\s?G\s?P\s?M(\.PK)?\|wwng\|WWNG\|F\WD\WE\WG\|FDEG\|UTYW\|M\sI\sH\s*I\|O\W?N\W?C\W?O\|P\W?P\W?Y\W?H\|S\W?R\W?E\W?A\|A\W?C\W?G\W?U\|S\W?C\W?Y\W?F\|C\W?H\W?V\W?C\|D\W?M\W?X\W?C\|F\W?R\W?L\W?E\|M\W?A\W?K\W?U\|MAKU\|CWTE\|FRLE)\b/
352	don	2	describe WBRS stock spam
353	don	8	score WBRS 4
354	don	2
355	don	16	body FOURLA /\b([A-Z]\s?){4}\b/
356			describe FOURLA Four letter acronym (stock spam?)
357			score FOURLA 1
358
359	don	35	body WORDMONEY /^\w+\s:\s(?:\$\s[\d\.]+\|[\d\.]+\sUSD)/mi
360	don	33	describe WORDMONEY Word Colon Money
361			score WORDMONEY 1
362
363			meta STOCKLIKE (FOURLA && WORDMONEY)
364			describe STOCKLIKE Four letter acronyms with money; stock scam
365			score STOCKLIKE 2
366
367	don	2	# blarson 2007-01-26
368			header ACROBAT8 subject =~ /\badobe acr[o0]bat 8\b/i
369			describe ACROBAT8 more sales spam
370			score ACROBAT8 3
371
372			# blarson 2007-03-14
373			header VLSTA subject =~ /VlSTA\|0FFlCE\|ACR0B8T/i
374			describe VLSTA misspelled microshit software
375			score VLSTA 3
376
377			# blarson 2007-04-19
378			header ANGEKUEN subject =~ /\bTrauer angekuendigt\b/
379			describe ANGEKUEN german spam
380			score ANGEKUEN 3
381
382			# blarson 2007-05-06
383			body INTCAFE /\binternet caff?e\b/i
384			describe INTCAFE internet cafe spam
385			score INTCAFE 2
386
387			# blarson 2007-07-14
388			header VERIFIC subject =~ /Your email requires verification/
389			describe VERIFIC some people prefer you get their spam
390			score VERIFIC 3
391
392			# blarson 2007-07-14
393			header WHITELIST subject =~ /You have been added to .* whitelist/
394			describe WHITELIST whitelist spam
395			score WHITELIST 3
396
397			# blarson 2007-07-15
398			body CASNIO /^Please be advised that your casnio account is still inactive/
399			describe CASNIO casnio account
400			score CASNIO 3
401
402			# don 2007-07-17
403			header AUTOREPLY subject =~ /\bauto(?:mated\|matic\|)[\s-]+re(?:spon[cs]e\|ply)\b/i
404			describe AUTOREPLY Automatic reply
405			score AUTOREPLY 2
406
407			# blarson 2007-07-18
408			body CONFSERV /^Thanks for using our confidential service/
409			describe CONFSERV confidential service
410			score CONFSERV 3
411
412			# blarson 2007-07-18
413			body CONTENC /^Confirmation has been enclosed/
414			describe CONTENC more pdf spam
415			score CONTENC 4
416
417			# blarson 2007-07-23
418			header PHONE subject =~ /\b(tele)?phone\b/i
419			describe PHONE phone spam
420			score PHONE 2
421
422			# blarson 2007-07-30
423			body ASPDF /^We send our messages as Portable Document Format/
424			describe ASPDF more pdf spam
425			score ASPDF 3
426
427			# blarson 2007-08-20
428			body DELAFT /Please delete your private message after reading/
429			describe DELAFT more pdf spam
430			score DELAFT 3
431
432	don	16	# blarson 2007-09-13
433	don	30	header OFF1CE subject =~ /\b[O0]ff[1i7l\|]ce\s*\W?2[O0Qk]+7\b/i
434	don	16	describe OFF1CE off1ce spam
435			score OFF1CE 4
436
437			# blarson 2007-09-13
438			header SOFTSALE subject =~ /\bsoftware sales\b/i
439			describe SOFTSALE software spam
440			score SOFTSALE 3
441
442			# blarson 2007-09-18
443			body SUPERMACHO /\bBe a supermacho/i
444			describe SUPERMACHO supermacho
445			score SUPERMACHO 4
446
447			# blarson 2007-09-19
448			body BIGINTER /\bBig international commercial organization\b/i
449			describe BIGINTER job spam
450			score BIGINTER 4
451
452			# blarson 2007-09-20
453			header HASSENT subject =~ /\b(?:sent you a (?:personal\|confidential)?\s*(?:message\|note)\|would like to chat)\b/i
454			describe HASSENT sent a message
455			score HASSENT 4
456
457			# blarson 2007-09-20
458			header ORDERNUM subject =~ /\b(?:Order\|Recipet)\s*.?\d{3,}/i
459			describe ORDERNUM order number
460			score ORDERNUM 3
461
462			# don 2007-09-20
463			header DICTIONARYSEQ subject =~ /\b(\w{3})\w(?:\s+\1\w){2}/i
464			describe DICTIONARYSEQ Ventricular Vents Venting Ventures
465			score DICTIONARYSEQ 3.5
466
467			# blarson 2007-09-21
468			header NOLET subject =~ /^\W{4,}$/
469			describe NOLET swearing subject
470			score NOLET 2
471
472			# blarson 2007-09-21
473			body SSIST /^ssistant Manager/
474			describe SSIST ssistant Manager
475			score SSIST 4
476
477			# blarson 2007-09-21
478			body GRADUATEUNDER /\bgraduate in under\b/i
479			describe GRADUATEUNDER graduate in under
480			score GRADUATEUNDER 3
481	don	24
482			# blarson 2007-09-24
483			header NOINVEST subject =~ /\b(?:no investment\|high.paid)\b/i
484			describe NOINVEST no investment
485			score NOINVEST 4
486
487			# blarson 2007-09-25
488			header INTEXP subject =~ /\b[I\|]nternet Exp[l\|]orer\b/i
489			describe INTEXP \|nternet Exp\|orer
490			score INTEXP 2
491	don	27
492			# don 2007-09-29
493			header WORKATHOME subject =~ /work\Wat\Whome/i
494			describe WORKATHOME Work at home
495	don	30	score WORKATHOME 4
496	don	34
497			# don 2007-10-01
498			body PHONENUMBER /\b1[\-\.\s]?8[07]+[\-\.\s]?\d+/
499			describe PHONENUMBER Toll free phone number
500			score PHONENUMBER 1.5