SpamAssassin(tm)

The Apache SpamAssassin Project

The Powerful #1 Open-Source Spam Filter

 SpamAssassin Home   Home   News   Wiki   Download   FAQ   Docs   Lists   Tests   Bugs   Credits 

Tests Performed: v3.1.x

This is the current list of tests SpamAssassin(tm) performs on mail messages to determine if they're spam or not. If you wish to change the score from the default, add a line like this to your ~/.spamassassin/user_prefs:

score NAME_OF_TEST 3.0

Where 3.0 is the hits you wish that test to incur, and NAME_OF_TEST is the test name from the TEST NAME column below.

If you wish to disable a test, set the score to 0 by adding a line like this to your ~/.spamassassin/user_prefs:

score NAME_OF_TEST 0

Note that these are the scores for the current stable release of SpamAssassin; they may be different from the ones you're running on your servers, if SpamAssassin is installed there.

The 'More Info' links, if present, lead to a section of our Wiki for collaborative documentation of rules; some of the rules include additional user-contributed documentation there. If you feel like adding a page describing a rule in further detail, feel free to create a page at that link, using the RuleDescriptionTemplate format.


AREA TESTED LOCALE DESCRIPTION OF TEST TEST NAME DEFAULT SCORES
(local, net, with bayes, with bayes+net) 		MORE INFO
(additional wiki docs)
body Generic Test for Unsolicited Bulk Email GTUBE 1000.000 Wiki
body Incorporates a tracking ID number TRACKER_ID 2.000 1.295 2.292 1.032 Wiki
body Weird repeated double-quotation marks WEIRD_QUOTING 1.120 1.200 1.295 1.341 Wiki
rawbody Extra blank lines in base64 encoding MIME_BASE64_BLANKS 0 0 0.184 0.224 Wiki
rawbody base64 attachment does not have a file name MIME_BASE64_NO_NAME 0 0 0 0.224 Wiki
rawbody Message text disguised using base64 encoding MIME_BASE64_TEXT 2.048 1.522 2.749 1.885 Wiki
rawbody MIME section missing boundary MIME_MISSING_BOUNDARY 1 Wiki
body Missing blank line between MIME header and body MISSING_MIME_HB_SEP 1 Wiki
body Multipart message mostly text/html MIME MIME_HTML_MOSTLY 1.703 0.699 2.309 1.102 Wiki
body Message only has text/html MIME parts MIME_HTML_ONLY 0.414 0.001 0.389 0.001 Wiki
rawbody Quoted-printable line longer than 76 chars MIME_QP_LONG_LINE 0.159 0 0.234 0 Wiki
body HTML and text parts are different MPART_ALT_DIFF 0.425 0.137 1.142 0 Wiki
body HTML and text parts are different MPART_ALT_DIFF_COUNT 1.649 0 1.607 0.708 Wiki
body MIME character set is an unknown ISO charset MIME_BAD_ISO_CHARSET 3.360 3.360 3.885 4.185 Wiki
body Character set indicates a foreign language CHARSET_FARAWAY 3.200 Wiki
body Body contains a ROT13-encoded email address EMAIL_ROT13 1.600 1.680 1.850 2.000 Wiki
body Message body has 70-80% blank lines BLANK_LINES_70_80 1.499 1.236 1.757 1.805 Wiki
body Message body has 80-90% blank lines BLANK_LINES_80_90 0.272 0.107 0.810 0 Wiki
body Message body has 90-100% blank lines BLANK_LINES_90_100 1 Wiki
body Message body has many words used only once UNIQUE_WORDS 2.066 1.336 2.543 2.347 Wiki
body Message body mentions many internet domains DOMAIN_RATIO 0 0 0.184 0 Wiki
body IP to HTTPS link found in HTML HTTPS_IP_MISMATCH 1.920 1.920 2.220 2.400 Wiki
rawbody Message looks to contain HTML-interrupted text INTERRUPTUS 1.154 0.533 1.106 0.182 Wiki
body eval:check_ma_non_text() MULTIPART_ALT_NON_TEXT 1 Wiki
header Passed through trusted hosts only via SMTP ALL_TRUSTED -1.360 -1.440 -1.665 -1.800 Wiki
header Informational: message was not relayed via SMTP NO_RELAYS -0.001 Wiki
header NJABL: sender is confirmed open relay RCVD_IN_NJABL_RELAY 1 Wiki
header NJABL: dialup sender did non-local SMTP RCVD_IN_NJABL_DUL 0 1.713 0 1.946 Wiki
header NJABL: sender is confirmed spam source RCVD_IN_NJABL_SPAM 0 1.905 0 2.775 Wiki
header NJABL: sent through multi-stage open relay RCVD_IN_NJABL_MULTI 1 Wiki
header NJABL: sender is an open formmail RCVD_IN_NJABL_CGI 1 Wiki
header NJABL: sender is an open proxy RCVD_IN_NJABL_PROXY 0 0.327 0 0.721 Wiki
header SORBS: sender is open HTTP proxy server RCVD_IN_SORBS_HTTP 1 Wiki
header SORBS: sender is open SOCKS proxy server RCVD_IN_SORBS_SOCKS 0 1.823 0 2.159 Wiki
header SORBS: sender is open proxy server RCVD_IN_SORBS_MISC 1 Wiki
header SORBS: sender is open SMTP relay RCVD_IN_SORBS_SMTP 0 0 0 0.201 Wiki
header SORBS: sender is a abuseable web server RCVD_IN_SORBS_WEB 0 1.236 0 1.456 Wiki
header SORBS: sender demands to never be tested RCVD_IN_SORBS_BLOCK 1 Wiki
header SORBS: sender is on a hijacked network RCVD_IN_SORBS_ZOMBIE 0 0.240 0 0.258 Wiki
header SORBS: sent directly from dynamic IP address RCVD_IN_SORBS_DUL 0 1.988 0 2.046 Wiki
header Received via a relay in Spamhaus SBL RCVD_IN_SBL 0 2.712 0 3.160 Wiki
header Received via a relay in Spamhaus XBL RCVD_IN_XBL 0 3.114 0 3.897 Wiki
header Envelope sender in dsn.rfc-ignorant.org DNS_FROM_RFC_DSN 0 2.872 0 2.597 Wiki
header Envelope sender in postmaster.rfc-ignorant.org DNS_FROM_RFC_POST 0 1.440 0 1.708 Wiki
header Envelope sender in abuse.rfc-ignorant.org DNS_FROM_RFC_ABUSE 0 0.479 0 0.200 Wiki
header Envelope sender in whois.rfc-ignorant.org DNS_FROM_RFC_WHOIS 0 0.879 0 1.447 Wiki
header Envelope sender in bogusmx.rfc-ignorant.org DNS_FROM_RFC_BOGUSMX 0 2.034 0 1.945 Wiki
header CompleteWhois: sender on bogons IP block RCVD_IN_WHOIS_BOGONS 0 1.811 0 2.430 Wiki
header CompleteWhois: sender on hijacked IP block RCVD_IN_WHOIS_HIJACKED 0 1.0 0 1.0 Wiki
header CompleteWhois: sender on invalid IP block RCVD_IN_WHOIS_INVALID 0 2.151 0 2.234 Wiki
header Received via a relay in list.dsbl.org RCVD_IN_DSBL 0 1.801 0 2.600 Wiki
header From: sender listed in dnsbl.ahbl.org DNS_FROM_AHBL_RHSBL 0 0.306 0 0.231 Wiki
header Envelope sender in blackholes.securitysage.com DNS_FROM_SECURITYSAGE 0 2.001 0 1.513 Wiki
header Received via a relay in bl.spamcop.net RCVD_IN_BL_SPAMCOP_NET 0 1.332 0 1.558 Wiki
header Relay in RBL, http://www.mail-abuse.org/rbl/ RCVD_IN_MAPS_RBL 1 Wiki
header Relay in DUL, http://www.mail-abuse.org/dul/ RCVD_IN_MAPS_DUL 1 Wiki
header Relay in RSS, http://www.mail-abuse.org/rss/ RCVD_IN_MAPS_RSS 1 Wiki
header Relay in NML, http://www.mail-abuse.org/nml/ RCVD_IN_MAPS_NML 1 Wiki
header Sender is in Bonded Sender Program (trusted relay) RCVD_IN_BSP_TRUSTED 0 -4.3 0 -4.3 Wiki
header Sender is in Bonded Sender Program (other relay) RCVD_IN_BSP_OTHER 0 -0.1 0 -0.1 Wiki
header ISIPP IADB lists as vouched-for sender RCVD_IN_IADB_VOUCHED 0 -1.825 0 -2.200 Wiki
header Habeas Accredited Confirmed Opt-In or Better HABEAS_ACCREDITED_COI 0 -8.0 0 -8.0 Wiki
header Habeas Accredited Opt-In or Better HABEAS_ACCREDITED_SOI 0 -4.3 0 -4.3 Wiki
header Habeas Checked HABEAS_CHECKED 0 -0.2 0 -0.2 Wiki
header Subject contains a gappy version of 'cialis' SUBJECT_DRUG_GAP_C 2.880 1.035 3.140 0.614 Wiki
header Subject contains a gappy version of 'levitra' SUBJECT_DRUG_GAP_L 1.840 1.840 2.118 2.300 Wiki
header Subject contains a gappy version of 'phentermine' SUBJECT_DRUG_GAP_P 0.542 0.563 0.834 0.699 Wiki
header Subject contains a gappy version of 'soma' SUBJECT_DRUG_GAP_S 1.729 0.378 2.498 1.581 Wiki
header Subject contains a gappy version of 'valium' SUBJECT_DRUG_GAP_VA 2.437 2.442 2.743 2.619 Wiki
header Subject contains a gappy version of 'vicodin' SUBJECT_DRUG_GAP_VIC 2.720 2.720 3.145 2.656 Wiki
header Subject contains a gappy version of 'xanax' SUBJECT_DRUG_GAP_X 2.262 2.334 2.447 2.401 Wiki
body Talks about price per dose DRUG_DOSAGE 2.337 1.592 2.745 2.242 Wiki
body Mentions an E.D. drug DRUG_ED_CAPS 0.547 0.352 1.011 0.501 Wiki
body Viagra and other drugs DRUG_ED_COMBO 1.280 1.280 1.353 1.375 Wiki
body Talks about an E.D. drug using its chemical name DRUG_ED_SILD 1.440 0 1.594 0 Wiki
body Mentions Generic Viagra DRUG_ED_GENERIC 2.140 1.814 2.461 1.807 Wiki
body Fast Viagra Delivery DRUG_ED_ONLINE 2.160 2.160 2.498 2.700 Wiki
body Deep discount medications DEEP_DISC_MEDS 1.440 1.132 1.665 1.177 Wiki
body Online Pharmacy ONLINE_PHARMACY 2.720 2.102 3.145 2.043 Wiki
body No prescription needed NO_PRESCRIPTION 3.200 2.888 3.700 3.887 Wiki
body Attempts to disguise the word 'viagra' VIA_GAP_GRA 2.480 2.419 2.867 2.529 Wiki
body Two or more drugs crammed together into one word DRUGS_SMEAR1 1.310 1.372 1.576 1.337 Wiki
header Host HELO did not match rDNS: msn.com FAKE_HELO_MSN 2.080 2.060 2.358 2.509 Wiki
header Host HELO did not match rDNS: mail.com FAKE_HELO_MAIL_COM 1.920 1.920 2.220 2.369 Wiki
header Host HELO did not match rDNS: email.com FAKE_HELO_EMAIL_COM 1.440 1.440 1.665 1.335 Wiki
header Host HELO did not match rDNS: eudoramail.com FAKE_HELO_EUDORAMAIL 1.360 1.440 1.665 1.705 Wiki
header Host HELO did not match rDNS: excite.com FAKE_HELO_EXCITE 1 Wiki
header Host HELO did not match rDNS: lycos.com FAKE_HELO_LYCOS 1 Wiki
header Host HELO did not match rDNS: yahoo.ca FAKE_HELO_YAHOO_CA 1.186 1.353 1.466 1.599 Wiki
header Relay HELO'd with suspicious hostname (mail.com) FAKE_HELO_MAIL_COM_DOM 2.160 2.160 2.498 2.700 Wiki
header Relay HELO'd using suspicious hostname (IP addr 1) HELO_DYNAMIC_IPADDR 3.360 3.360 3.885 4.200 Wiki
header Relay HELO'd using suspicious hostname (DHCP) HELO_DYNAMIC_DHCP 3.280 2.664 3.792 3.066 Wiki
header Relay HELO'd using suspicious hostname (HCC) HELO_DYNAMIC_HCC 3.280 3.280 3.792 4.100 Wiki
header Relay HELO'd using suspicious hostname (ATTBI.com) HELO_DYNAMIC_ATTBI 2.400 2.400 2.775 2.692 Wiki
header Relay HELO'd using suspicious hostname (Rogers) HELO_DYNAMIC_ROGERS 1.840 1.203 2.127 1.580 Wiki
header Relay HELO'd using suspicious hostname (Adelphia) HELO_DYNAMIC_ADELPHIA 1.680 1.680 1.942 1.787 Wiki
header Relay HELO'd using suspicious hostname (T-Dialin) HELO_DYNAMIC_DIALIN 2.080 2.080 2.405 2.600 Wiki
header Relay HELO'd using suspicious hostname (Hex IP) HELO_DYNAMIC_HEXIP 1.280 1.280 1.480 1.600 Wiki
header Relay HELO'd using suspicious hostname (Split IP) HELO_DYNAMIC_SPLIT_IP 2.880 2.880 3.330 2.191 Wiki
header Relay HELO'd using suspicious hostname (YahooBB) HELO_DYNAMIC_YAHOOBB 2.240 2.240 2.590 2.800 Wiki
header Relay HELO'd using suspicious hostname (OptOnline) HELO_DYNAMIC_OOL 1.840 1.839 2.127 2.012 Wiki
header Relay HELO'd using suspicious hostname (IP addr 2) HELO_DYNAMIC_IPADDR2 3.280 3.213 3.792 3.818 Wiki
header Relay HELO'd using suspicious hostname (RR 2) HELO_DYNAMIC_RR2 1.440 1.440 1.665 1.605 Wiki
header Relay HELO'd using suspicious hostname (Comcast) HELO_DYNAMIC_COMCAST 2.800 2.800 3.237 3.500 Wiki
header Relay HELO'd using suspicious hostname (Telia) HELO_DYNAMIC_TELIA 1 Wiki
header Relay HELO'd using suspicious hostname (VTR) HELO_DYNAMIC_VTR 1.440 1.492 1.757 1.287 Wiki
header Relay HELO'd using suspicious hostname (Chello.no) HELO_DYNAMIC_CHELLO_NO 1 Wiki
header Relay HELO'd using suspicious hostname (Chello.nl) HELO_DYNAMIC_CHELLO_NL 1.624 0 2.035 0.170 Wiki
header Relay HELO'd using suspicious hostname (Veloxzone) HELO_DYNAMIC_VELOX 1 Wiki
header Relay HELO'd using suspicious hostname (NTL) HELO_DYNAMIC_NTL 1.360 1.360 1.573 1.481 Wiki
header Relay HELO'd using suspicious hostname (Home.nl) HELO_DYNAMIC_HOME_NL 1.600 1.600 1.850 2.000 Wiki
header Message headers are very long HEAD_LONG 2.5 Wiki
header Partial message FRAGMENTED_MESSAGE 2.5 Wiki
header Missing blank line between message header and body MISSING_HB_SEP 2.5 Wiki
header Informational: message has unparseable relay lines UNPARSEABLE_RELAY 0.001 Wiki
header From: does not include a real name NO_REAL_NAME 0 0.550 0 0.961 Wiki
header From: contains empty name FROM_BLANK_NAME 1.659 1.467 0.936 1.534 Wiki
header From: ends in many numbers FROM_ENDS_IN_NUMS