Spamassassin: Tests und deren Beschreibung

Wer sich schon einmal näher mit Spamassassin beschäftigt hat wird wissen, dass dieses hilfreiche Werkzeug die durchgeleitete eMail mittels verschiedener Algorithmen bewertet und während der Ausführung der diversen Tests bei passender Konfiguration die als positiv erkannten Spamerkennungs-Treffer durch Schlagworte im Mailheader anzeigt.
Ein Beispiel:

X-Spam-Status: No, score=-1.5 required=8.8 tests=AWL,BAYES_00,
    FORGED_RCVD_HELO,HTML_90_100,HTML_IMAGE_RATIO_02,HTML_MESSAGE,
    SPF_HELO_PASS autolearn=no version=3.1.1

Die Stichwörter besitzen zwar einigermaßen sprechende Namen, manchmal wäre es aber doch hilfreich, nähere Details über den positiven Treffer zu erhalten.
Hier eine Auflistung der am häufigsten anzutreffenden Schlüsselworte mit Erklärung und Ort der Erkennung:

Schlüsselwort Erklärung Ort
ACCESSDB Message would have been caught by accessdb header
ACT_NOW_CAPS Talks about ‘acting now’ with capitals body
ADDR_FREE From Address contains FREE header
ADDRESS_IN_SUBJECT To: address appears in Subject header
ALL_NATURAL Spam is 100% natural?! body
ALL_TRUSTED Passed through trusted hosts only via SMTP header
AMATEUR_PORN Possible porn – Amateur Porn body
AMAZING_STUFF Amazing Stuff body
AS_SEEN_ON As seen on national TV! body
AWL From: address is in the auto white-list header
BAD_CREDIT Eliminate Bad Credit body
BAD_ENC_HEADER Message has bad MIME encoding in the header header
BANG_EXERCISE Talks about exercise with an exclamation! body
BANG_GUAR Something is emphatically guaranteed body
BANG_MORE Talks about more with an exclamation! body
BANG_OPRAH Talks about Oprah with an exclamation! body
BARGAIN_URL Includes a link to a likely spammer domain uri
BAYES_00 Bayesian spam probability is 0 to 1% body
BAYES_05 Bayesian spam probability is 1 to 5% body
BAYES_20 Bayesian spam probability is 5 to 20% body
BAYES_40 Bayesian spam probability is 20 to 40% body
BAYES_50 Bayesian spam probability is 40 to 60% body
BAYES_60 Bayesian spam probability is 60 to 80% body
BAYES_80 Bayesian spam probability is 80 to 95% body
BAYES_95 Bayesian spam probability is 95 to 99% body
BAYES_99 Bayesian spam probability is 99 to 100% body
BE_BOSS Be your own boss body
BEST_PORN Possible porn – Best, Largest, Most Porn body
BILL_1618 Possible mention of bill 1618 (anti-spam bill) body
BILLION_DOLLARS Talks about lots of money body
BIZ_TLD Contains an URL in the BIZ top-level domain uri
BLANK_LINES_70_80 Message body has 70-80% blank lines body
BLANK_LINES_80_90 Message body has 80-90% blank lines body
BLANK_LINES_90_100 Message body has 90-100% blank lines body
BODY_8BITS Body includes 8 consecutive 8-bit characters body
BODY_ENHANCEMENT Information on growing body parts body
BODY_ENHANCEMENT2 Information on getting larger body parts body
CHARSET_FARAWAY Character set indicates a foreign language body
CHARSET_FARAWAY_HEADER A foreign language charset used in headers header
CHINA_HEADER Involves ‘china.com’ header
CLICK_BELOW_CAPS Asks you to click below (in capital letters) body
CLICK_TO_REMOVE_1 Click to be removed body
COMPETE Compete for your business body
CONFIDENTIAL_ORDER Confidentiality on all orders body
CONSOLIDATE_DEBT Consolidate debt, credit, or bills body
CUM_SHOT Possible porn – Cum Shot body
DATE_IN_FUTURE_03_06 Date: is 3 to 6 hours after Received: date header
DATE_IN_FUTURE_06_12 Date: is 6 to 12 hours after Received: date header
DATE_IN_FUTURE_12_24 Date: is 12 to 24 hours after Received: date header
DATE_IN_FUTURE_24_48 Date: is 24 to 48 hours after Received: date header
DATE_IN_FUTURE_48_96 Date: is 48 to 96 hours after Received: date header
DATE_IN_FUTURE_96_XX Date: is 96 hours or more after Received: date header
DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date header
DATE_IN_PAST_06_12 Date: is 6 to 12 hours before Received: date header
DATE_IN_PAST_12_24 Date: is 12 to 24 hours before Received: date header
DATE_IN_PAST_24_48 Date: is 24 to 48 hours before Received: date header
DATE_IN_PAST_48_96 Date: is 48 to 96 hours before Received: date header
DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date header
DATE_SPAMWARE_Y2K Date header uses unusual Y2K formatting header
DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) full
DEAR_FRIEND Dear Friend? That’s not very dear! body
DEAR_SOMETHING Contains ‘Dear (something)’ body
DEEP_DISC_MEDS Deep discount medications body
DIET_1 Lose Weight Spam body
DIET_2 Describes weight loss body
DIET_3 Describes body fat loss body
DISGUISE_PORN Attempts to disguise porn words body
DISGUISE_PORN_MUNDANE Attempts to disguise mundane words used in porn body
DK_POLICY_SIGNALL Domain Keys: policy says domain signs all mails header
DK_POLICY_SIGNSOME Domain Keys: policy says domain signs some mails header
DK_POLICY_TESTING Domain Keys: policy says domain is testing DK header
DK_SIGNED Domain Keys: message has an unverified signature header
DK_VERIFIED Domain Keys: signature passes verification header
DNS_FROM_AHBL_RHSBL From: sender listed in dnsbl.ahbl.org header
DNS_FROM_RFC_ABUSE Envelope sender in abuse.rfc-ignorant.org header
DNS_FROM_RFC_BOGUSMX Envelope sender in bogusmx.rfc-ignorant.org header
DNS_FROM_RFC_DSN Envelope sender in dsn.rfc-ignorant.org header
DNS_FROM_RFC_POST Envelope sender in postmaster.rfc-ignorant.org header
DNS_FROM_RFC_WHOIS Envelope sender in whois.rfc-ignorant.org header
DNS_FROM_SECURITYSAGE Envelope sender in blackholes.securitysage.com header
DOMAIN_4U2 Domain name containing a "4u" variant uri
DOMAIN_RATIO Message body mentions many internet domains body
DRUG_DOSAGE Talks about price per dose body
DRUG_ED_CAPS Mentions an E.D. drug body
DRUG_ED_COMBO Viagra and other drugs body
DRUG_ED_GENERIC Mentions Generic Viagra body
DRUG_ED_ONLINE Fast Viagra Delivery body
DRUG_ED_SILD Talks about an E.D. drug using its chemical name body
DRUGS_SMEAR1 Two or more drugs crammed together into one word body
EARN_PER_WEEK Contains ‘earn (dollar) something per week’ body
EM_ROLEX Message puts emphasis on the watch manufacturer body
EMAIL_ROT13 Body contains a ROT13-encoded email address body
ENGLISH_UCE_SUBJECT Subject contains an English UCE tag header
ENTITY_DEC_ALPHANUM HTML contains needlessly encoded characters rawbody
EXCUSE_10 "if you do not wish to receive any more" body
EXCUSE_12 Nobody’s perfect body
EXCUSE_23 Claims you have provided permission body
EXCUSE_24 Claims you wanted this ad body
EXCUSE_4 Claims you can be removed from the list body
EXCUSE_6 Claims you can be removed from the list body
EXCUSE_REMOVE Talks about how to be removed from mailings body
EXTRA_CASH Offers Extra Cash body
EXTRA_MPART_TYPE Header has extraneous Content-type:…type= entry header
FAKE_HELO_EMAIL_COM Host HELO did not match rDNS: email.com header
FAKE_HELO_EUDORAMAIL Host HELO did not match rDNS: eudoramail.com header
FAKE_HELO_EXCITE Host HELO did not match rDNS: excite.com header
FAKE_HELO_LYCOS Host HELO did not match rDNS: lycos.com header
FAKE_HELO_MAIL_COM Host HELO did not match rDNS: mail.com header
FAKE_HELO_MAIL_COM_DOM Relay HELO’d with suspicious hostname (mail.com) header
FAKE_HELO_MSN Host HELO did not match rDNS: msn.com header
FAKE_HELO_YAHOO_CA Host HELO did not match rDNS: yahoo.ca header
FAKE_OUTBLAZE_RCVD Received header contains faked ‘mr.outblaze.com’ header
FAKED_UNDISC_RECIPS Faked To "Undisclosed-Recipients" header
FIN_FREE Freedom of a financial nature body
FORGED_AOL_RCVD Received forged, contains fake AOL relays header
FORGED_EUDORAMAIL_RCVD Forged eudoramail.com ‘Received:’ header found header
FORGED_GW05_RCVD Forged ‘by gw05′ ‘Received:’ header found header
FORGED_HOTMAIL_RCVD Forged hotmail.com ‘Received:’ header found header
FORGED_HOTMAIL_RCVD2 hotmail.com ‘From’ address, but no ‘Received:’ header
FORGED_JUNO_RCVD ‘From’ juno.com does not match ‘Received’ headers header
FORGED_RCVD_HELO Received: contains a forged HELO header
FORGED_TELESP_RCVD Contains forged hostname for a DSL IP in Brazil header
FORGED_YAHOO_RCVD  ‘From’ yahoo.com does not
match ‘Received’ headers
header
FORWARD_LOOKING Stock Disclaimer Statement body
FRAGMENTED_MESSAGE Partial message header
FREE_ACCESS Contains ‘free access’ with capitals body
FREE_PORN Possible porn – Free Porn body
FREE_PREVIEW Free Preview body
FREE_QUOTE_INSTANT Free express or no-obligation quote body
FREE_SAMPLE Contains ‘free sample’ with capitals body
FROM_ALL_NUMS From numeric address (except US/Canada phones) header
FROM_AND_TO_SAME From and To are the same, but not exactly header
FROM_BLANK_NAME From: contains empty name header
FROM_DOMAIN_NOVOWEL From: domain has series of non-vowel letters header
FROM_ENDS_IN_NUMS From: ends in many numbers header
FROM_HAS_MIXED_NUMS From: contains numbers mixed in with letters header
FROM_HAS_ULINE_NUMS From: contains an underline and numbers/letters header
FROM_ILLEGAL_CHARS From: has too many raw illegal characters header
FROM_LOCAL_DIGITS From: localpart has long digit sequence header
FROM_LOCAL_HEX From: localpart has long hexadecimal sequence header
FROM_LOCAL_NOVOWEL From: localpart has series of non-vowel letters header
FROM_NO_LOWER From address has no lower-case characters header
FROM_NO_USER From: has no local-part before @ sign header
FROM_NONSENDING_DOMAIN Message is from domain that never sends email header
FROM_OFFERS From address is "at something-offers" header
FROM_STARTS_WITH_NUMS From: starts with many numbers header
FRONTPAGE Frontpage used to create the message rawbody
FULL_REFUND Offers a full refund body
FUZZY_AFFORDABLE Attempt to obfuscate words in spam body
FUZZY_AMBIEN Attempt to obfuscate words in spam body
FUZZY_BILLION Attempt to obfuscate words in spam body
FUZZY_CELEBREX Attempt to obfuscate words in spam body
FUZZY_CPILL Attempt to obfuscate words in spam body
FUZZY_CREDIT Attempt to obfuscate words in spam body
FUZZY_ERECT Attempt to obfuscate words in spam body
FUZZY_FOLLOW Attempt to obfuscate words in spam body
FUZZY_GUARANTEE Attempt to obfuscate words in spam body
FUZZY_MEDICATION Attempt to obfuscate words in spam body
FUZZY_MILF Attempt to obfuscate words in spam body
FUZZY_MILLION Attempt to obfuscate words in spam body
FUZZY_MONEY Attempt to obfuscate words in spam body
FUZZY_MORTGAGE Attempt to obfuscate words in spam body
FUZZY_OBLIGATION Attempt to obfuscate words in spam body
FUZZY_OFFERS Attempt to obfuscate words in spam body
FUZZY_PHARMACY Attempt to obfuscate words in spam body
FUZZY_PHENT Attempt to obfuscate words in spam body
FUZZY_PLEASE Attempt to obfuscate words in spam body
FUZZY_PRESCRIPT Attempt to obfuscate words in spam body
FUZZY_PRICES Attempt to obfuscate words in spam body
FUZZY_REFINANCE Attempt to obfuscate words in spam body
FUZZY_REMOVE Attempt to obfuscate words in spam body
FUZZY_ROLEX Attempt to obfuscate words in spam body
FUZZY_SOFTWARE Attempt to obfuscate words in spam body
FUZZY_THOUSANDS Attempt to obfuscate words in spam body
FUZZY_TRAMADOL Attempt to obfuscate words in spam body
FUZZY_VICODIN Attempt to obfuscate words in spam body
FUZZY_VIOXX Attempt to obfuscate words in spam body
FUZZY_VLIUM Attempt to obfuscate words in spam body
FUZZY_VPILL Attempt to obfuscate words in spam body
FUZZY_XPILL Attempt to obfuscate words in spam body
GAPPY_SUBJECT Subject: contains G.a.p.p.y-T.e.x.t header
GET_PAID Get Paid body
GTUBE Generic Test for Unsolicited Bulk Email body
GUARANTEED_100_PERCENT One hundred percent guaranteed body
GUARANTEED_STUFF Guaranteed Stuff body
HABEAS_ACCREDITED_COI Habeas Accredited Confirmed Opt-In or Better header
HABEAS_ACCREDITED_SOI Habeas Accredited Opt-In or Better header
HABEAS_CHECKED Habeas Checked header
HAIR_LOSS Cures Baldness body
HARDCORE_PORN Possible porn – Hardcore Porn body
HASHCASH_20 Contains valid Hashcash token (20 bits) header
HASHCASH_21 Contains valid Hashcash token (21 bits) header
HASHCASH_22 Contains valid Hashcash token (22 bits) header
HASHCASH_23 Contains valid Hashcash token (23 bits) header
HASHCASH_24 Contains valid Hashcash token (24 bits) header
HASHCASH_25 Contains valid Hashcash token (25 bits) header
HASHCASH_2SPEND Hashcash token already spent in another mail header
HASHCASH_HIGH Contains valid Hashcash token (>25 bits) header
HDR_ORDER_MTSRIX Headers are in order found in spam (MTSRIX) header
HDR_ORDER_TRIMRS Headers are in order found in spam (TRIMRS) header
HEAD_ILLEGAL_CHARS Headers have too many raw illegal characters header
HEAD_LONG Message headers are very long header
HEADER_COUNT_CTYPE Multiple Content-Type headers found header
HEADER_SPAM Bulk email fingerprint (header-based) found header
HELO_DYNAMIC_ADELPHIA Relay HELO’d using suspicious hostname (Adelphia) header
HELO_DYNAMIC_ATTBI Relay HELO’d using suspicious hostname (ATTBI.com) header
HELO_DYNAMIC_CHELLO_NL Relay HELO’d using suspicious hostname (Chello.nl) header
HELO_DYNAMIC_CHELLO_NO  Relay HELO’d using
suspicious hostname (Chello.no)
header
HELO_DYNAMIC_COMCAST Relay HELO’d using suspicious hostname (Comcast) header
HELO_DYNAMIC_DHCP Relay HELO’d using suspicious hostname (DHCP) header
HELO_DYNAMIC_DIALIN Relay HELO’d using suspicious hostname (T-Dialin) header
HELO_DYNAMIC_HCC Relay HELO’d using suspicious hostname (HCC) header
HELO_DYNAMIC_HEXIP Relay HELO’d using suspicious hostname (Hex IP) header
HELO_DYNAMIC_HOME_NL Relay HELO’d using suspicious hostname (Home.nl) header
HELO_DYNAMIC_IPADDR Relay HELO’d using suspicious hostname (IP addr 1) header
HELO_DYNAMIC_IPADDR2 Relay HELO’d using suspicious hostname (IP addr 2) header
HELO_DYNAMIC_NTL Relay HELO’d using suspicious hostname (NTL) header
HELO_DYNAMIC_OOL  Relay HELO’d using
suspicious hostname (OptOnline)
header
HELO_DYNAMIC_ROGERS Relay HELO’d using suspicious hostname (Rogers) header
HELO_DYNAMIC_RR2 Relay HELO’d using suspicious hostname (RR 2) header
HELO_DYNAMIC_SPLIT_IP Relay HELO’d using suspicious hostname (Split IP) header
HELO_DYNAMIC_TELIA Relay HELO’d using suspicious hostname (Telia) header
HELO_DYNAMIC_VELOX Relay HELO’d using suspicious hostname (Veloxzone) header
HELO_DYNAMIC_VTR Relay HELO’d using suspicious hostname (VTR) header
HELO_DYNAMIC_YAHOOBB Relay HELO’d using suspicious hostname (YahooBB) header
HIDDEN_CHARGES Talks about Hidden Charges body
HIDE_WIN_STATUS Javascript to hide URLs in browser rawbody
HIGH_CODEPAGE_URI /^https?:\/\/[^\/]*\&\#(?:\d{4,}| [3456789]\d\d);/i uri
HOT_NASTY Possible porn – Hot, Nasty, Wild, Young body
HTML_00_10 Message is 0% to 10% HTML body
HTML_10_20 Message is 10% to 20% HTML body
HTML_20_30 Message is 20% to 30% HTML body
HTML_30_40 Message is 30% to 40% HTML body
HTML_40_50 Message is 40% to 50% HTML body
HTML_50_60 Message is 50% to 60% HTML body
HTML_60_70 Message is 60% to 70% HTML body
HTML_70_80 Message is 70% to 80% HTML body
HTML_80_90 Message is 80% to 90% HTML body
HTML_90_100 Message is 90% to 100% HTML body
HTML_ATTR_BAD HTML has many bad attributes in tags body
HTML_ATTR_UNIQUE HTML appears to have random attributes in tags body
HTML_BACKHAIR_2 HTML tags used to obfuscate words body
HTML_BACKHAIR_4 HTML tags used to obfuscate words body
HTML_BACKHAIR_8 HTML tags used to obfuscate words body
HTML_BADTAG_00_10 HTML message is 0% to 10% bad tags body
HTML_BADTAG_10_20 HTML message is 10% to 20% bad tags body
HTML_BADTAG_20_30 HTML message is 20% to 30% bad tags body
HTML_BADTAG_30_40 HTML message is 30% to 40% bad tags body
HTML_BADTAG_40_50 HTML message is 40% to 50% bad tags body
HTML_BADTAG_50_60 HTML message is 50% to 60% bad tags body
HTML_BADTAG_60_70 HTML message is 60% to 70% bad tags body
HTML_BADTAG_70_80 HTML message is 70% to 80% bad tags body
HTML_BADTAG_80_90 HTML message is 80% to 90% bad tags body
HTML_BADTAG_90_100 HTML message is 90% to 100% bad tags body
HTML_COMMENT_SAVED_URL HTML message is a saved web page body
HTML_COMMENT_SHORT HTML comment is very short body
HTML_EHTML2 HTML has doubled end HTML tag rawbody
HTML_EMBEDS HTML with embedded plugin object body
HTML_EVENT_UNSAFE HTML contains unsafe auto-executing code body
HTML_EXTRA_CLOSE HTML contains far too many close tags body
HTML_FONT_BIG HTML tag for a big font size body
HTML_FONT_FACE_BAD HTML font face is not a word body
HTML_FONT_FACE_CAPS HTML font face has excess capital characters body
HTML_FONT_INVISIBLE HTML font color is same as background body
HTML_FONT_LOW_CONTRAST HTML font color similar to background body
HTML_FONT_SIZE_HUGE HTML font size is huge body
HTML_FONT_SIZE_LARGE HTML font size is large body
HTML_FONT_SIZE_NONE HTML font size is negative body
HTML_FONT_SIZE_TINY HTML font size is tiny body
HTML_FONT_TINY HTML tag for a tiny font size body
HTML_FORMACTION_MAILTO HTML includes a form which sends mail body
HTML_IMAGE_ONLY_04 HTML: images with 0-400 bytes of words body
HTML_IMAGE_ONLY_08 HTML: images with 400-800 bytes of words body
HTML_IMAGE_ONLY_12 HTML: images with 800-1200 bytes of words body
HTML_IMAGE_ONLY_16 HTML: images with 1200-1600 bytes of words body
HTML_IMAGE_ONLY_20 HTML: images with 1600-2000 bytes of words body
HTML_IMAGE_ONLY_24 HTML: images with 2000-2400 bytes of words body
HTML_IMAGE_ONLY_28 HTML: images with 2400-2800 bytes of words body
HTML_IMAGE_ONLY_32 HTML: images with 2800-3200 bytes of words body
HTML_IMAGE_RATIO_02 HTML has a low ratio of text to image area body
HTML_IMAGE_RATIO_04 HTML has a low ratio of text to image area body
HTML_IMAGE_RATIO_06 HTML has a low ratio of text to image area body
HTML_IMAGE_RATIO_08 HTML has a low ratio of text to image area body
HTML_LINK_IMAGE_BUG HTML link plus image plus web bug body
HTML_LINK_OPT_OUT HTML link text says "opt out" or similar body
HTML_LINK_PUSH_HERE HTML link text says "push here" or similar body
HTML_MESSAGE HTML included in message body
HTML_NONELEMENT_00_10 0% to 10% of HTML elements are non-standard body
HTML_NONELEMENT_10_20 10% to 20% of HTML elements are non-standard body
HTML_NONELEMENT_20_30 20% to 30% of HTML elements are non-standard body
HTML_NONELEMENT_30_40 30% to 40% of HTML elements are non-standard body
HTML_NONELEMENT_40_50 40% to 50% of HTML elements are non-standard body
HTML_NONELEMENT_50_60 50% to 60% of HTML elements are non-standard body
HTML_NONELEMENT_60_70 60% to 70% of HTML elements are non-standard body
HTML_NONELEMENT_70_80 70% to 80% of HTML elements are non-standard body
HTML_NONELEMENT_80_90 80% to 90% of HTML elements are non-standard body
HTML_NONELEMENT_90_100 90% to 100% of HTML elements are non-standard body
HTML_OBFUSCATE_05_10 Message is 5% to 10% HTML obfuscation body
HTML_OBFUSCATE_10_20 Message is 10% to 20% HTML obfuscation body
HTML_OBFUSCATE_20_30 Message is 20% to 30% HTML obfuscation body
HTML_OBFUSCATE_30_40 Message is 30% to 40% HTML obfuscation body
HTML_OBFUSCATE_40_50 Message is 40% to 50% HTML obfuscation body
HTML_OBFUSCATE_50_60 Message is 50% to 60% HTML obfuscation body
HTML_OBFUSCATE_60_70 Message is 60% to 70% HTML obfuscation body
HTML_OBFUSCATE_70_80 Message is 70% to 80% HTML obfuscation body
HTML_OBFUSCATE_80_90 Message is 80% to 90% HTML obfuscation body
HTML_OBFUSCATE_90_100 Message is 90% to 100% HTML obfuscation body
HTML_SHORT_LENGTH HTML is extremely short body
HTML_SHOUTING3 HTML has very strong "shouting" markup body
HTML_SHOUTING4 HTML has very strong "shouting" markup body
HTML_SHOUTING5 HTML has very strong "shouting" markup body
HTML_SHOUTING6 HTML has very strong "shouting" markup body
HTML_SHOUTING7 HTML has very strong "shouting" markup body
HTML_TAG_BALANCE_BODY HTML has unbalanced "body" tags body
HTML_TAG_BALANCE_HEAD HTML has unbalanced "head" tags body
HTML_TAG_EXIST_BGSOUND HTML has "bgsound" tag body
HTML_TAG_EXIST_MARQUEE HTML has "marquee" tag body
HTML_TAG_EXIST_TBODY HTML has "tbody" tag body
HTML_TEXT_AFTER_BODY HTML contains text after BODY close tag body
HTML_TEXT_AFTER_HTML HTML contains text after HTML close tag body
HTML_TINY_FONT body contains 1 or 0-point font rawbody
HTML_TITLE_EMPTY HTML title contains no text body
HTML_TITLE_UNTITLED HTML title contains "Untitled" body
HTML_WEB_BUGS Image tag intended to identify you body
HTTP_77 Contains an URL-encoded hostname (HTTP77) uri
HTTP_CTRL_CHARS_HOST Uses control sequences inside a URL hostname uri
HTTP_ESCAPED_HOST Uses %-escapes inside a URL’s hostname uri
HTTP_EXCESSIVE_ESCAPES Completely unnecessary %-escapes inside a URL uri
HTTPS_IP_MISMATCH IP to HTTPS link found in HTML body
IMPOTENCE Impotence cure body
INFO_TLD Contains an URL in the INFO top-level domain uri
INTERRUPTUS Message looks to contain HTML-interrupted text rawbody
INVALID_DATE Invalid Date: header (not RFC 2822) header
INVALID_DATE_TZ_ABSURD Invalid Date: header (timezone does not exist) header
INVALID_TZ_CST Invalid date in header (wrong CST timezone) header
INVALID_TZ_EST Invalid date in header (wrong EST timezone) header
INVALID_TZ_GMT Invalid date in header (wrong GMT/UTC timezone) header
INVESTMENT_ADVICE Message mentions investment advice body
INVESTMENT_EXPERT Message mentions investment expert body
IP_LINK_PLUS Dotted-decimal IP address followed by CGI uri
JAPANESE_UCE_SUBJECT Subject contains a Japanese UCE tag header
JOIN_MILLIONS Join Millions of Americans body
KOREAN_UCE_SUBJECT Subject: contains Korean unsolicited email tag header
LIVE_PORN Possible porn – Live Porn body
LOCALPART_IN_SUBJECT Local part of To: address appears in Subject header
LOTS_OF_STUFF Thousands or millions of pictures, movies, etc. body
LOW_PRICE Lowest Price body
MAILTO_SUBJ_REMOVE mailto URI includes removal text rawbody
MAILTO_TO_REMOVE Includes a ‘remove’ email address uri
MAILTO_TO_SPAM_ADDR Includes a link to a likely spammer email uri
MALE_ENHANCE Message talks about enhancing men body
MARKETING_PARTNERS Claims you registered with a partner body
MEET_SINGLES Meet Singles body
MICRO_CAP_WARNING SEC-mandated penny-stock warning body
MICROSOFT_EXECUTABLE Message includes Microsoft executable program body
MILLION_USD Talks about millions of dollars body
MIME_BAD_ISO_CHARSET MIME character set is an unknown ISO charset body
MIME_BASE64_BLANKS Extra blank lines in base64 encoding rawbody
MIME_BASE64_NO_NAME base64 attachment does not have a file name rawbody
MIME_BASE64_TEXT Message text disguised using base64 encoding rawbody
MIME_BOUND_DD_DIGITS Spam tool pattern in MIME boundary header
MIME_BOUND_DIGITS_15 Spam tool pattern in MIME boundary header
MIME_BOUND_DIGITS_7 Spam tool pattern in MIME boundary header
MIME_BOUND_MANY_HEX Spam tool pattern in MIME boundary header
MIME_BOUND_RKFINDY Spam tool pattern in MIME boundary (rfkindy) header
MIME_HTML_MOSTLY Multipart message mostly text/html MIME body
MIME_HTML_ONLY Message only has text/html MIME parts body
MIME_MISSING_BOUNDARY MIME section missing boundary rawbody
MIME_QP_LONG_LINE Quoted-printable line longer than 76 chars rawbody
MIME_SUSPECT_NAME MIME filename does not match content body
MISSING_DATE Missing Date: header header
MISSING_HB_SEP Missing blank line between message header and body header
MISSING_HEADERS Missing To: header header
MISSING_MIME_HB_SEP Missing blank line between MIME header and body body
ML_MARKETING Multi Level Marketing mentioned body
MONEY_BACK Money back guarantee body
MORE_SEX Talks about a bigger drive for sex body
MORTGAGE_BEST Information on mortgages body
MORTGAGE_PITCH Looks like mortgage pitch body
MORTGAGE_RATES Information on mortgage rates body
MPART_ALT_DIFF HTML and text parts are different body
MPART_ALT_DIFF_COUNT HTML and text parts are different body
MSGID_FROM_MTA_HOTMAIL Message-Id was added by a hotmail.com relay header
MSGID_FROM_MTA_ID Message-Id for external message added locally header
MSGID_LONG Message-ID is unusually long header
MSGID_MULTIPLE_AT Message-ID contains multiple ‘@’ characters header
MSGID_NO_HOST Message-Id has no hostname header
MSGID_OUTLOOK_INVALID Message-Id is fake (in Outlook Express format) header
MSGID_RATWARE1 Bulk email fingerprint found header
MSGID_SHORT Message-ID is unusually short header
MSGID_SPAM_99X9XX99 Spam tool Message-Id: (99x9xx99 variant) header
MSGID_SPAM_ALPHA_NUM Spam tool Message-Id: (alpha-numeric variant) header
MSGID_SPAM_CAPS Spam tool Message-Id: (caps variant) header
MSGID_SPAM_LETTERS Spam tool Message-Id: (letters variant) header
MSGID_SPAM_ZEROES Spam tool Message-Id: (12-zeroes variant) header
MSGID_YAHOO_CAPS Message-ID has ALLCAPS@yahoo.com header
NA_DOLLARS Talks about a million North American dollars body
NASTY_GIRLS Possible porn – Nasty Girls body
NO_COST No such thing as a free lunch (3) body
NO_DNS_FOR_FROM Envelope sender has no MX or A DNS records header
NO_FORMS No Claim Forms body
NO_MEDICAL No Medical Exams body
NO_OBLIGATION There is no obligation body
NO_PRESCRIPTION No prescription needed body
NO_RDNS_DOTCOM_HELO Host HELO’d as a big ISP, but had no rDNS header
NO_REAL_NAME From: does not include a real name header
NO_RELAYS Informational: message was not relayed via SMTP header
NONEXISTENT_CHARSET Character set doesn’t exist header
NORMAL_HTTP_TO_IP Uses a dotted-decimal IP address in URL uri
NOT_ADVISOR Not registered investment advisor body
NUMERIC_HTTP_ADDR Uses a numeric IP address in URL uri
OBSCURED_EMAIL Message seems to contain rot13ed address body
OFFSHORE_SCAM Off Shore Scams body
ONE_TIME One Time Rip Off body
ONLINE_PHARMACY Online Pharmacy body
OPTING_OUT_CAPS Talks about opting out (capitalized version) body
ORG_MIME_TOOLS Organization is MIME-tools header
PLING_QUERY Subject has exclamation mark and question mark header
PORN_15 Possible porn – various types of feline body
PORN_16 Possible porn – nasty, dirty, little etc. body
PORN_URL_MISC URL uses words/phrases which indicate porn (misc) uri
PORN_URL_SEX URL uses words/phrases which indicate porn (sex) uri
PORN_URL_SLUT URL uses words/phrases which indicate porn (slut) uri
PREST_NON_ACCREDITED ‘Prestigious Non-Accredited Universities’ body
PREVENT_NONDELIVERY Message has Prevent-NonDelivery-Report header header
PRICES_ARE_AFFORDABLE Message says that prices aren’t too expensive body
PYZOR_CHECK Listed in Pyzor (http://pyzor.sf.net/) full
QUALIFY_FOR_THIS Qualify for this special… body
RATWARE_BOUND_PIECE Bulk email fingerprint (piece boundary) found header
RATWARE_EFROM Bulk email fingerprint (envfrom) found header
RATWARE_EGROUPS Bulk email fingerprint (eGroups) found header
RATWARE_GECKO_BUILD Bulk email fingerprint (Gecko faked) found header
RATWARE_HASH_2 Bulk email fingerprint (hash 2) found header
RATWARE_HASH_2_V2 Bulk email fingerprint (hash 2 v2) found header
RATWARE_HASH_DASH Contains a hashbuster in Send-Safe format rawbody
RATWARE_JPFREE Bulk email fingerprint (jpfree) found header
RATWARE_MOZ_MALFORMED Bulk email fingerprint (Mozilla malformed) found header
RATWARE_MPOP_WEBMAIL Bulk email fingerprint (mPOP Web-Mail) header
RATWARE_NETIP Bulk email fingerprint (netIP) found header
RATWARE_OE_MALFORMED X-Mailer has malformed Outlook Express version header
RATWARE_RCVD_AT Bulk email fingerprint (Received @) found header
RATWARE_RCVD_LC_ESMTP Bulk email fingerprint (‘esmtp’ Received) found header
RATWARE_RCVD_PF Bulk email fingerprint (Received PF) found header
RATWARE_STORM_URI Bulk email fingerprint (StormPost) found uri
RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50% full
RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level above 50% full
RAZOR2_CF_RANGE_E8_51_100 Razor2 gives engine 8 confidence level above 50% full
RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/) full
RCVD_AM_PM Received headers forged (AM/PM) header
RCVD_BONUS_SPC_DATE Bulk email fingerprint (bonus space) found header
RCVD_BY_IP Received by mail server with no name header
RCVD_FAKE_HELO_DOTCOM Received contains a faked HELO hostname header
RCVD_HELO_IP_MISMATCH Received: HELO and IP do not match, but should header
RCVD_ILLEGAL_IP Received: contains illegal IP address header
RCVD_IN_BL_SPAMCOP_NET Received via a relay in bl.spamcop.net header
RCVD_IN_BSP_OTHER Sender is in Bonded Sender Program (other relay) header
RCVD_IN_BSP_TRUSTED Sender is in Bonded Sender Program (trusted relay) header
RCVD_IN_DSBL Received via a relay in list.dsbl.org header
RCVD_IN_IADB_VOUCHED ISIPP IADB lists as vouched-for sender header
RCVD_IN_MAPS_DUL Relay in DUL, http://www.mail-abuse.org/dul/ header
RCVD_IN_MAPS_NML Relay in NML, http://www.mail-abuse.org/nml/ header
RCVD_IN_MAPS_RBL Relay in RBL, http://www.mail-abuse.org/rbl/ header
RCVD_IN_MAPS_RSS Relay in RSS, http://www.mail-abuse.org/rss/ header
RCVD_IN_NJABL_CGI NJABL: sender is an open formmail header
RCVD_IN_NJABL_DUL NJABL: dialup sender did non-local SMTP header
RCVD_IN_NJABL_MULTI NJABL: sent through multi-stage open relay header
RCVD_IN_NJABL_PROXY NJABL: sender is an open proxy header
RCVD_IN_NJABL_RELAY NJABL: sender is confirmed open relay header
RCVD_IN_NJABL_SPAM NJABL: sender is confirmed spam source header
RCVD_IN_SBL Received via a relay in Spamhaus SBL header
RCVD_IN_SORBS_BLOCK SORBS: sender demands to never be tested header
RCVD_IN_SORBS_DUL SORBS: sent directly from dynamic IP address header
RCVD_IN_SORBS_HTTP SORBS: sender is open HTTP proxy server header
RCVD_IN_SORBS_MISC SORBS: sender is open proxy server header
RCVD_IN_SORBS_SMTP SORBS: sender is open SMTP relay header
RCVD_IN_SORBS_SOCKS SORBS: sender is open SOCKS proxy server header
RCVD_IN_SORBS_WEB SORBS: sender is a abuseable web server header
RCVD_IN_SORBS_ZOMBIE SORBS: sender is on a hijacked network header
RCVD_IN_WHOIS_BOGONS CompleteWhois: sender on bogons IP block header
RCVD_IN_WHOIS_HIJACKED CompleteWhois: sender on hijacked IP block header
RCVD_IN_WHOIS_INVALID CompleteWhois: sender on invalid IP block header
RCVD_IN_XBL Received via a relay in Spamhaus XBL header
RCVD_NUMERIC_HELO Received: contains an IP address used for HELO header
RECEIVE_OFFER Receive a special offer body
REFINANCE_NOW Home refinancing body
REFINANCE_YOUR_HOME Home refinancing body
REMOVE_BEFORE_LINK Removal phrase right before a link body
REMOVE_PAGE URL of page called "remove" uri
REMOVE_POSTAL Send real mail to be unsubscribed body
REPLICA_WATCH Message talks about a replica watch body
REPLY_TO_EMPTY Reply-To: is empty header
RESISTANCE_IS_FUTILE Resistance to this spam is futile body
REVERSE_AGING Reverses Aging body
RISK_FREE Risk free. Suuurreeee…. body
ROUND_THE_WORLD Received: says mail sent around the world (DNS) header
ROUND_THE_WORLD_LOCAL Received: says mail sent around the world (HELO) header
SATIS_GUAR Mail guarantees satisfaction body
SAVE_THOUSANDS Save big money body
SEE_FOR_YOURSELF See for yourself body
SENT_IN_COMPLIANCE Claims compliance with spam regulations body
SOME_BREAKTHROUGH Describes some sort of breakthrough body
SOMETHING_FOR_ADULTS Possible porn – Adult Web Sites body
SORTED_RECIPS Recipient list is sorted by address header
SPF_FAIL SPF: sender does not match SPF record (fail) header
SPF_HELO_FAIL SPF: HELO does not match SPF record (fail) header
SPF_HELO_NEUTRAL SPF: HELO does not match SPF record (neutral) header
SPF_HELO_PASS SPF: HELO matches SPF record header
SPF_HELO_SOFTFAIL SPF: HELO does not match SPF record (softfail) header
SPF_NEUTRAL SPF: sender does not match SPF record (neutral) header
SPF_PASS SPF: sender matches SPF record header
SPF_SOFTFAIL SPF: sender does not match SPF record (softfail) header
SPOOF_COM2COM URI contains ".com" in middle and end uri
SPOOF_COM2OTH URI contains ".com" in middle uri
SPOOF_NET2COM URI contains ".net" or ".org", then ".com" uri
SPOOF_OURI URI has items in odd places uri
STOCK_ALERT Offers a alert about a stock body
STRONG_BUY Tells you about a strong buy body
SUB_FREE_OFFER Subject starts with "Free" header
SUB_HELLO Subject starts with "Hello" header
SUBJ_2_NUM_PARENS Subject contains common spam sign (2 numbers) header
SUBJ_ALL_CAPS Subject is all capitals header
SUBJ_AS_SEEN Subject contains "As Seen" header
SUBJ_BUY Subject line starts with Buy or Buying header
SUBJ_CONSONANTS Subject contains consecutive consonants in "word" header
SUBJ_DOLLARS Subject starts with dollar amount header
SUBJ_FOR_ONLY Subject contains "For Only" header
SUBJ_FREE_CAP Subject contains "FREE" in CAPS header
SUBJ_GUARANTEED Subject GUARANTEED header
SUBJ_HAS_SPACES Subject contains lots of white space header
SUBJ_HAS_UNIQ_ID Subject contains a unique ID header
SUBJ_ILLEGAL_CHARS Subject: has too many raw illegal characters header
SUBJ_LIFE_INSURANCE Subject includes "life insurance" header
SUBJ_YOUR_DEBT Subject contains "Your Bills" or similar header
SUBJ_YOUR_FAMILY Subject contains "Your Family" header
SUBJ_YOUR_OWN Subject contains "Your Own" header
SUBJECT_DIET Subject talks about losing pounds header
SUBJECT_DRUG_GAP_C Subject contains a gappy version of ‘cialis’ header
SUBJECT_DRUG_GAP_L Subject contains a gappy version of ‘levitra’ header
SUBJECT_DRUG_GAP_P Subject contains a gappy version of ‘phentermine’ header
SUBJECT_DRUG_GAP_S Subject contains a gappy version of ‘soma’ header
SUBJECT_DRUG_GAP_VA Subject contains a gappy version of ‘valium’ header
SUBJECT_DRUG_GAP_VIC Subject contains a gappy version of ‘vicodin’ header
SUBJECT_DRUG_GAP_X Subject contains a gappy version of ‘xanax’ header
SUBJECT_SEXUAL Subject indicates sexually-explicit content header
SUSPICIOUS_RECIPS Similar addresses in recipient list header
TERRA_ES Contains URI to a document hosted at ‘terra.es’ uri
TO_ADDRESS_EQ_REAL To: repeats address as real name header
TO_EMPTY To: is empty header
TO_MALFORMED To: has a malformed address header
TO_NO_USER To: has no local-part before @ sign header
TO_RECIP_MARKER To header contains ‘recipient’ marker header
TO_TXT Sent to a text file header
TRACKER_ID Incorporates a tracking ID number body
UNCLAIMED_MONEY People just leave money laying around body
UNCLOSED_BRACKET Headers contain an unclosed bracket header
UNDISC_RECIPS Valid-looking To "undisclosed-recipients" header
UNIQUE_WORDS Message body has many words used only once body
UNPARSEABLE_RELAY Informational: message has unparseable relay lines header
UNRESOLVED_TEMPLATE Headers contain an unresolved template header
UNWANTED_LANGUAGE_BODY Message written in an undesired language body
URG_BIZ Contains urgent matter body
URI_4YOU Message has URI 4you uri
URI_AFFILIATE Contains a URI with an affiliate ID code uri
URI_DIGITS URI hostname has long digit sequence uri
URI_HEX URI hostname has long hexadecimal sequence uri
URI_UPPER_LOWER URI contains capitalized hostname parts ("Abcde") uri
URIBL_AB_SURBL Contains an URL listed in the AB SURBL blocklist body
URIBL_JP_SURBL Contains an URL listed in the JP SURBL blocklist body
URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist body
URIBL_PH_SURBL Contains an URL listed in the PH SURBL blocklist body
URIBL_SBL Contains an URL listed in the SBL blocklist body
URIBL_SC_SURBL Contains an URL listed in the SC SURBL blocklist body
URIBL_WS_SURBL Contains an URL listed in the WS SURBL blocklist body
US_DOLLARS_3  Mentions millions of
(dollar) ((dollar) NN,NNN,NNN.NN)
body
USER_IN_ALL_SPAM_TO User is listed in ‘all_spam_to’ header
USER_IN_BLACKLIST From: address is in the user’s black-list header
USER_IN_BLACKLIST_TO User is listed in ‘blacklist_to’ header
USER_IN_DEF_SPF_WL From: address is in the default SPF white-list header
USER_IN_DEF_WHITELIST From: address is in the default white-list header
USER_IN_MORE_SPAM_TO User is listed in ‘more_spam_to’ header
USER_IN_SPF_WHITELIST From: address is in the user’s SPF whitelist header
USER_IN_WHITELIST From: address is in the user’s white-list header
USER_IN_WHITELIST_TO User is listed in ‘whitelist_to’ header
USERPASS URL contains username and (optional) password uri
VIA_GAP_GRA Attempts to disguise the word ‘viagra’ body
WE_HONOR_ALL Claims to honor removal requests body
WEIRD_PORT Uses non-standard port number for HTTP uri
WEIRD_QUOTING Weird repeated double-quotation marks body
WHILE_YOU_SLEEP While you Sleep body
WHY_PAY_MORE Why Pay More? body
WHY_WAIT What are you waiting for body
WITH_LC_SMTP Received line contains spam-sign (lowercase smtp) header
WRINKLES Removes Wrinkles body
X_AUTH_WARN_FAKED X-Authentication-Warning header looks faked header
X_IP Message has X-IP header header
X_LIBRARY Message has X-Library header header
X_MAILER_SPAM X-Mailer: header is bulk email fingerprint header
X_MESSAGE_FLAG_ODD Message has X-Message-flag header (odd case) header
X_MESSAGE_INFO Bulk email fingerprint (X-Message-Info) found header
X_MIME_AUTOCONVERTED Message has X-MIME-Autoconverted "Yes" header header
X_MSMAIL_PRIORITY_HIGH Sent with ‘X-Msmail-Priority’ set to high header
X_ORIG_IP_NOT_IPV4 X-Originating-IP doesn’t look like IPv4 address header
X_PRIORITY_CC Cc: after X-Priority: (bulk email fingerprint) header
X_PRIORITY_HIGH Sent with ‘X-Priority’ set to high header
YAHOO_DRS_REDIR Has Yahoo Redirect URI uri
YAHOO_RD_REDIR Has Yahoo Redirect URI uri
YOU_CAN_SEARCH You can search for anyone body

Die vollständige Auflistung aller Test der aktuellen Spamassassin-Version und früherer Versionen finden sich bei Spamassassin.

1 Kommentar

Hinterlasse eine Antwort

Pflichtfelder sind mit * markiert.

*