// MailWasher Pro filter rules #1, compiled by "Wiz" Feinberg, from www.wizcrafts.net.
// Can be used to replace the default rules, saved to your MWP profile data folders as filters.txt.
// This page is a child of: http://www.wizcrafts.net/mailwasher.html and http://www.wizcrafts.net/mwp-filters.html where you can get MailWasher Pro, or learn more about it.
//
// If these rules prove beneficial to you, please make a donation, at: http://www.wizcrafts.net/donations/
// Thanks :-)
//
// READ THESE NOTES
// // Indicates a comment, and is not parsed.
//
// IMPORTANT READ THE FOLLOWING!
// If you make changes to this file while MailWasher Pro is running, the changes will be overwritten when MailWasher Pro is closed.
// To be safe, close MailWasher first,then edit the filters. Or, edit them within MailWasher using the Filter Sidebar (Control + F7).
// I have had reports about corruption when copying and pasting my filters into existing filters.txt files. Most of the time this is caused because the text editor you are using is allowing a mixture of Unicode and Ascii entries to be copied.
// If you experience MailWasher wiping out the pasted in filters, after you re-open it (assuming it was not running at all when you saved the changes), do this.
// When copying and pasting some or all of these filters into your own "filters.txt," if you are using a text editor that is unicode-aware, you should not just SAVE the file. Rather you should use the "Save AS" feature to save the file as either all ASCII or all UNICODE. MailWasher will accept either, but can only deal with one at a time.
//
// Personally identifiable rules have been deleted from this list. You should create your own rules to deal with your domain name or email address in the Subject or From fields.
// Sample rule for spam sent to an non-existent account on your Domain server, - contacts@yourDomain ...
// (ex:)  [enabled],"contacts@YourDomain.com","Contacts Spam",16711680,OR,Hidden,Delete,Automatic,To,contains,contacts@YourDomain.com,EntireHeader,contains,contacts@YourDomain.com,Subject,contains,contacts@YourDomain.com,From,contains,contacts@yourDomain
// The following are actual, functional rules, ready to drop in to your existing Mailwasher Filters. There may be duplicates because some are from common rules sources.
// There must not be any blank lines from the start of the list to the end. Each rule must be on one continuous line, with a linefeed between rules. The last rule must end at the end of it's line, without a linefeed!
// Turn off word wrap to view these rules.
// Be sure you add your friends and contacts to your Friends List, or the image spam filter rules may delete email you wanted.
// Removed undesirable "Bounce" directives on August 8, 2007. Bouncing no longer works for modern spam as the Return To and From field is always forged and is sent from zombie botnetted home or office computers.
// Bouncing also creates more backscatter of useless, undeliverable email, which email servers must deal with.
// Email matching rules will be flagged as the various types of spam but you will have to delete them manually, by clicking the "Process Email" button.
// You can change the action back to automatic, hidden, or blacklist if you wish, by editing the action rules here, or with MailWasher Pro's Filter sidebar.
// Please read the Blocked Countries filter and remove any extensions for Countries you get legit email from. Use caution with all of the Country-based filters! Disable any that block legitimate foreign email.
// Removed all instances of actions "Hidden," "Automatic," and "Blacklist" on August 11, 2007
// Temporarily disabled the image spam filters because this type of spam is dying. Subject to instant reactivation!
// This is the master filters.txt and includes old filters from years gone by, as well as the most current.
// Rearranged filters according to my own usage; most current rules nearest the top; catch-alls near bottom.
// December 2, 2007: (Split Pharmaceuticals and Male Enhancement filters into separate detections for Subject [S] and Body [B] word matches. Merged Canadian Pharmacy filter into Pharmaceuticals.)
// January 3, 2008, I have begun anchoring the starting characters on new lines with ^ to improve rule processing. Many rules are getting updated to include this, as is appropriate.
// January 17, 2008, I added a new filter to detect the same domain name on both sides of @ sign, in "From:" field. Removed part of .info sender filter to speed up processing.
// May 24, 2009: Added new filter to detect URL Shortener spam links (above Blocked Countries filter)
// May 31, 2009: Added "Stud Tips" spam filter
// June 23, 2009: Known Spam [From or Body] now split into 2 filters (one for From, one for Body).
// Aug 25, 2009: Added Google Reader Spam Link filter
// Sept 28, 2009: Added Webmail Phishing Scam filter
// Oct 17, 2009: Added African Sender (419) filter
// Nov 10, 2009: Added Unlicensed Prescription Drugs filter
// Nov 17, 2009: Phishing Scam updated and split into 2 filters; one for Subject/From, the other for Body text
// Jan 13, 2010: Added a Western Union phishing filter
// Jan 14, 2010: UPS Phishing Scam #2 added. Original renamed to: UPS Phishing Scam #1
// Jan 29, 2010: Added Courier Phishing Scam for DHL and others, aside from UPS
// Feb 10, 2010: Added Facebook Phish filter
// Feb 15, 2010: Added Live.com Spam Link filter
// Feb 20, 2010: Added "Subject contains < * + ' >" filter. Added "Flagged by Spam Assassin" filter. Moved "XdomainY@domain" below it, to the bottom of the list.
// Feb 22, 2010: Added Blogger Exploit Link filter
// Feb 22, 2010: Split huge Nigerian 419 Scam filter into 6 separate filters, to speed things up
// Mar 07, 2010: Added Craigslist Scammer filter - pitching get rich schemes to Craigslist posters
// Mar 17, 2010: Added Warranty Spam filter (fraudulant extended car warranties)
// Filters updated last week: Dating Scam, Male Enhancement [B], Nigerian 419 Scam #5 [B], Nigerian 419 Scam #6, Pharmaceuticals [S],
// Filters previously updated this week: Pharmaceuticals [S], Live.com Spam Link, (New) Warranty Spam, Dating, Known Spam Domains, Known X-Mailer, Unlicensed Prescription Drugs
// Last updated filters on March 20, 2010: Unlicensed Prescription Drugs
// All of these comments will be erased as soon as you save this file as filters.txt and activate MailWasher Pro. Keep a copy of this file on hand.

[enabled],"AVG Returned Email","AVG Bounces",16711680,OR,Delete,Body,contains,"This is the AVG E-mail Scanner program.",Body,contains,"I'm sorry to inform you that the message",Subject,contains,"Undelivered Mail Returned to Sender"
[enabled],"Restored by MWP","Restored by MWP",26112,AND,Legitimate,TakesPrecedence,EntireHeader,contains,"Resent-From: ""MailWasher Pro recycle bin"""
[enabled],"Mailwasher Reports","MWP Report",26112,AND,Legitimate,Subject,contains,"MailWasher Pro summary"
[enabled],"Multiple Forwarded Messages","Multiple Forwarded Messages",16711680,AND,To,containsRE,"(.+@.+,\s){5,}",Subject,contains,FW:
[enabled],"Phishing Scam [S or F]","Phishing Scam",16711680,OR,Delete,From,containsRE,"(?-i)HSBC\ Bank|NetBank.?Notification|Taxation\ Office|Tax\ |BOA\ Services|Online\ Banking\ Security",Subject,contains,"Facebook Update Tool",Subject,contains,"Unauthorized Activity",Subject,contains,"Taxation Office",Subject,contains,"Your paypal access has been limited",Subject,contains,"Online Banking Verification Process",Subject,contains,"Notification of limited account access",Subject,contains,"Security Notification for your Online Banking",Subject,contains,"Your AOL Instant Messenger account will be deleted",Subject,contains,"Please visit our Client Verification Form using the link below",Subject,containsRE,"Your\ .*account\ .+(has\ been|was)\ limited",Subject,containsRE,"(?-i)NetBank|Your\ Bank\s.+account\ has\ been\ locked|Internet\ Bank(ing)?:.*Urgent\ Security\ Update"
[enabled],"Phishing Scam [B]","Phishing Scam",16711680,OR,Delete,Body,contains,"due to multiple login errors on your account",Body,contains,"Your account has been suspended after too many failed login",Body,contains,"Your account has been limited due to a login attempt failure.",Body,contains,"we were unable to verify your account details",Body,contains,"We were unable to verify your account information during our regular maintainance",Body,contains,"Click CONFIRM to confirm your identity",Body,contains,"Securely confirm your banking information",Body,contains,"failure to confirm your records may result in account ",Body,contains,"Failure to do so may result in temporary account suspension.",Body,contains," has been locked due to some internal issues.",Body,contains,"Read more about installation of SSL Certificate",Body,contains,"To restore your account we have attached a form to this email.",Body,containsRE,"Your\ [A-Za-z]{3,}\ account\ (is|has\ (been|become))\ (flagged\ as\ )?inactive|account\ is\ currently\ locked",Body,containsRE,":8080/www\.capitalone\.com/|Commonwealth\ (Net)?Bank|\sNetBank"
[enabled],"UPS Phishing Scam #1","UPS Phishing Scam",16711680,AND,Delete,Subject,contains,"UPS Delivery Problem",Body,containsRE,"we\ (failed|were\ not\ able)\ to\ deliver\ (the\ |your\ )?(postal\ )?package",Body,contains,"print out the invoice",Body,contains,"Content-Disposition: attachment;"
[enabled],"UPS Phishing Scam #2","UPS Phishing Scam",16711680,AND,Delete,Subject,containsRE,"Confirm\ Your\ UPS\ Parcel\ Delivery|UPS\ Tracking\ Number",EntireHeader,doesn'tContainRE,"^Received:\ from\ [a-z0-9]+\.?ups\.com"
[enabled],"Courier Phishing Scam","Phishing Scam",16711680,AND,Delete,Subject,containsRE,(?-i)DHL,Subject,containsRE,"get\ (a|your)\ parcel",Body,contains,"The courier service was not able to deliver your parcel",Body,contains,"Print this label to get this package at our post office.",Body,contains,"Content-Disposition: attachment;",From,containsRE,Director|Manager|Postal
[enabled],"Blogger Exploit Link","Blogger Exploit Link",16711680,AND,Delete,TakesPrecedence,Subject,contains,"Blogger account",Body,contains,"Dear Blogger account owner",Body,contains,"update your Blogger account",Body,contains,"please click the following link:",Body,containsRE,"<a\ href=3D""http://www\.google\.com\..{3,10}\.\w{2,3}/update/VE\.php\?"
[enabled],"Angelina Jolie Video Trojan","Angelina Jolie Video Trojan",255,AND,Delete,TakesPrecedence,Subject,containsRE,"An[gj]elina\s{1,2}(Jolie\s)?(Free|naked|nude|XXX)?\s(movie|Video)|Jolie\ naked"
[enabled],"Fake Windows Update","Exploit Link",16711680,AND,Delete,TakesPrecedence,Subject,contains,"Official Update",Body,containsRE,"/.+\.exe"">"
[enabled],"Trojan Video Link [S]","Trojan Video Link",16711680,OR,Delete,Subject,containsRE,(Kick-up|News)\s-.+-\svideo,Subject,contains,"video without cowards",Subject,contains,"Re: Delivery Protection",Subject,is,"BREAKING news",Subject,is,"Weekly top news",Subject,containsRE,"(BBC:|CNN:|Breaking\ news:|Hot\ news:)"
[enabled],"Trojan Video Link [B]","Trojan Video Link",16711680,OR,Delete,Body,containsRE,"(Kick-up|New|Shocking)\s(presentation|video)|video\ without\ cowards|mp3\ is\ shocking|Interesting\ (cd|mp3|mpeg4)|Stunning\ (mpeg4|porno|video)|porno\ dvd",Body,containsRE,"Download\ and\ watch|Download\ (it\s)?now\!|get\ this\ kick-up\ cd|Look\ (at\s)?it\ now\!",Body,containsRE,"/(play(er)?|mov|stream|vid|video_?\d?|watchit)\.exe"">",Body,contains,"Download VIDEO",Body,contains,"Open video",Body,contains,/paris_hilton,Body,contains,"PUSH TO WATCH",Body,contains,"Shocking movie",Body,containsRE,"/index[0-9]{1,2}\.html"">",Body,contains,"Video attached"
[enabled],"Trojan Video Link [S&B]","Trojan Video Link",16711680,AND,Delete,Subject,containsRE,"Barack\ Obama|Britney\ Spears|(Paris|Barron)\ Hilton",Body,containsRE,"\.exe"">|/index_?\d{1,2}\.html"">|video\ report|news\ page>>"
[enabled],"Fake Daily Top 10","Exploit Link",16711680,AND,Delete,Subject,contains,"CNN.com Daily Top 10",From,contains,"Daily Top 10",From,doesn'tContain,cnn.com
[enabled],"Fake CNN Alerts","Exploit Link",16711680,AND,Delete,Subject,contains,"CNN Alerts: ",From,doesn'tContain,cnn.com,EntireHeader,doesn'tContainRE,"^Received:\ from\ .+\.cnn\.com\ \(\[64\.236\.31\.[0-9]+\]\)$"
[enabled],"Fake Msnbc Alerts","Exploit Link",16711680,AND,Delete,Subject,contains,"msnbc.com - BREAKING NEWS:",From,doesn'tContain,msnbc.com
[enabled],"Known Spam Subjects #1","Known Spam Subjects",16711680,OR,Delete,Subject,containsRE,"^\d\d% discount$",Subject,contains,"Can you tell me what's wrong, and how we can fix it?",Subject,contains,"No more embarrassment",Subject,contains,"New size for Men",Subject,contains,"U on board",Subject,contains,"huge dignity",Subject,contains,"Won't forget last night",Subject,contains,"Realize all of her dreams",Subject,contains,"re:Nobody will know bout your problems",Subject,contains,"Get on this right away",Subject,is,"Batteries included",Subject,containsRE,(?-i)^Mego\s.+,Subject,containsRE,^(?-i)(MSG\s)?ID:\d{5}\s.+
[enabled],"Known Spam Subjects #2","Known Spam Subjects",16711680,OR,Delete,Subject,contains,"For every men of different ages unique decision",Subject,is,"What time is okay for you",Subject,contains,"We provide for you a real advantage to turn her on",Subject,contains,"Our best decision is suitable for every age",Subject,contains,"She will call you Macho",Subject,contains,"Legendary Hero of rumors",Subject,contains,"Extend your possibilities in your private life",Subject,contains,"Know her from the sexual side how is she inside exactly",Subject,containsRE,"(guys|Mens?)\ (Love|Need)\ This|Are\ you\ ...\?|XXX\ Video",Subject,containsRE,"size\ increase|(luck|pleasure)\ in\ love|\b(?-i)[GH]uu\w{2,}|virility|bikini\s.*shoot",Subject,contains,"The most powerful weapon for your battles",Subject,contains,"Fast Shipping WorldWide",Subject,containsRE,"(Best|Finest|Good)\ [a-z]{3,}\ (propos(al|ition)|solution|suggestion)"
[enabled],"Known Spam Subjects #3","Known Spam Subjects",16711680,OR,Delete,Subject,is,Spamit_New_Subj,Subject,is,"Bring back time when girls were yours.",Subject,is,"Solution for your sexual life",Subject,is,"You can do anything with it",Subject,is,"you have nothing to lose, just a lot to gain!",Subject,is,"Top Quality Size",Subject,contains,"Proven Effective",Subject,contains,"Make your lady w",Subject,contains,"Relax. Take a Deep Breath",Subject,contains,"Buy now, you won't regret!",Subject,contains,"formula for men",Subject,containsRE,"^\d\d%\ off\ for\ [a-z0-9]{3,}$",Subject,containsRE,"(?-i)^from\s[A-Z][a-z]{2,}\s[A-Z][a-z]{3,}$",Subject,containsRE,"<.*details\ inside>",Subject,containsRE,"(?-i)Try\ It\ Free$|FR33"
[enabled],"Known 1-word spam subject","Known Spam Subjects",16711680,OR,Delete,Subject,is,Enlarge,Subject,is,Rwd:,Subject,is,Vulcan!,Subject,containsRE,^[0-9]{4}$,Subject,containsRE,^(Ave|Best|Electronics|Finest|Good(iest)?|Salute|Super)$,Subject,containsRE,^(attehuor|fumerent|herkapit|Hermes|idaza|atiohar|Mego|ne-gnorw|nidnalad)$
[enabled],"Known Spam [From]","Known Spam [F]",16711680,OR,Delete,From,contains,"Rx The Best Source",From,containsRE,MensHealth\.com|Extenze|Try\s?[1i]t\s?4Free,EntireHeader,contains,"From: ""USA Government Center""",EntireHeader,containsRE,"(^From:\s{1,3}""?(Mr\.?\ Song\ Li|ph[ra]{2}macy|(?-i)E-STORE|\{|\}|""=\?ISO-8859-1\?Q\?))",From,contains,CanadianPharm,EntireHeader,contains,"From: =?UTF-8?Q?=C2=",From,contains,"SENATOR DAVID MARK",From,containsRE,Pharmacy.?Online|Online.?Pharmacy|Medical|Vicodin
[enabled],"Known Spam [Body]","Known Spam [B]",16711680,OR,Delete,Body,contains,"Dear stevegilbie",Body,contains,"The most powerful weapon for your battles",Body,contains,"The finest of products, at the lowest of prices:",Body,containsRE,"\b(show\ woman\ you(rself)?\ care|(many|Your)\ w[eo]men)\b",Body,containsRE,"SpamIt\.com|best-kept\ secret\ for\ Men|^peascod|^(?-i)Severtieth|Healthcare\ Management\ Inc",Body,containsRE,"^Satisfy\ (your\ (girl|wom[ae]n)|her\b)|^Best\ offers\.\ \(c\)\ 200[89]",Body,contains,"gift for your lover",Body,contains,"Make her worship you",Body,contains,"pleasure in bed",Body,contains,"(c) 2008. To unsubscribe press <a",Body,contains,"(c) 2009. To unsubscribe press <a"
[enabled],"Hidden/Foreign ISO, UTF, or ASCII Subject","Hidden ISO Subject",16711680,OR,Delete,EntireHeader,containsRE,^Subject:[^\n]*?=?ISO-8859-[^\n]*?\n,EntireHeader,contains,"Subject: =?us-ascii?",EntireHeader,contains,"Subject: =?windows-1251?B?",EntireHeader,contains,"Subject: =?gb2312?B?",EntireHeader,contains,"Subject: =?utf-8?",EntireHeader,contains,"Subject: =?ISO-2022-JP?",EntireHeader,containsRE,"Subject:\ =\?windows-125\d\?"
[enabled],"&nbsp Spam","&nbsp Spam",16711680,AND,Delete,Body,contains,"<TR style=3D""background-color:#33CCFF "">",Body,contains,<TD>&nbsp;</TD>,Body,contains,"<TD style=3D""background-color:#33CCFF "">&nbsp;</TD>",Body,containsRE,"\.(com|net)"">Click here</A></P>"
[enabled],"Viagra.com Spam","Viagra Spam",16711680,OR,Delete,TakesPrecedence,From,contains,Pfizer,From,contains,viagra.com,From,contains,"Free To Try",From,contains,"® Official Site",From,containsRE,VI[A@]G®A|VIAGR[A@]|Viag.?ra|viagar|ivagra|v[ia]{2}gra|v[iy]arga|V_I_A_G_R_A|^i?Ci?a.?li?s\b,From,containsRE,(Anti.?)?(?-i)ED\b|P[i1l]lls\b,Subject,containsRE,"^(RE:\ )?(January|February|March|April|May|June|July|August|September|October|November|December)\ \d\d%\ OFF\s?$",Subject,containsRE,"^Your\ Order\ Status\ ID:\ [A-Z]{11,}",Subject,containsRE,"^Visitor\ .+'s\ personal\ \d\d%\ OFF$",Subject,containsRE,"^User\ .+\ save\ \d\d%\ now",EntireHeader,containsRE,wizd(ist|om)\.com
[enabled],"Fake MSN Newsletter","Canadian Pharmacy",16711680,AND,Delete,TakesPrecedence,EntireHeader,doesn'tContainRE,"^Received:\ from\ .*\.msn\.com",Body,contains,"because you subscribed to MSN Featured Of"
[enabled],"Canadian Pharmacy Fake Newsletter","Canadian Pharmacy",16711680,OR,Delete,From,contains,noreply@newsletter.,From,containsRE,"(?-i)(Express\ Newsletter|WWW\ News|Healthcare\ Management\ Inc|Incredible\ News)",From,contains,"Morning Breaking news",Body,contains,"CPA Newsletters",Body,contains,"Gardena Professional Pharmacy"
[enabled],"Canadian Pharmacy","Canadian Pharmacy",16711680,OR,Delete,TakesPrecedence,From,containsRE,CANAD[i1l|]AN.?(Meds|Ph[a4@]rm),Subject,containsRE,"(?-i)Canada\ Pharmacy|Canad[1i]an.?(Drugs|Meds|Pharmacy|P\.h\.a\.r\.m\.a\.c\.y|RX|Health\ (&|adn|and)\ Care\ Mall|Healthcare)|^re:.{3,4}(?-i)Doctor\ [A-Z].+",Subject,containsRE,"^\d\d\ percent\ discount$",Body,containsRE,"(?-i)Canadian.{0,15}(Chemist|Healthcare|Medd?s|Medical|Pharmacy|Pharmacies|Pric(es|ing)|RX)",Body,contains,"Canadian Health and Care Mall",Body,contains,"Canadian Health & Care Mall",Body,contains,"We ship Worldwide! To all countries! To all destinations!",Body,contains,"This email was sent by: CMD",Body,contains,<Info...>,Body,contains,"preparations for immunity improvement",Body,containsRE,"Canadian.?(online\s)?(drugstore|Phar?|p\.h\.a\.r\.m\.a\.c\.y)|Pharma?.*(Canada|market)|Pharmacy\ Online|Canada\ Drugs",Body,containsRE,"^<A\ href=3D""http://.+/index\d\d\.php"">.+>>></A>$",Body,contains,MEDRX
[enabled],"Fake Fox News Canadian Pharmacy","Canadian Pharmacy",16711680,AND,Delete,EntireHeader,contains,"X-MimeOLE: Produced By Microsoft Exchange V6.5",EntireHeader,doesn'tContain,"Received: from listserv.foxnews.com",Body,contains,"To stop ALL email from FOX News Network",Body,contains,"This email was sent by: FOX News Network"
[enabled],"Fake ABCNews Canadian Pharmacy","Canadian Pharmacy",16711680,AND,Delete,Body,contains,"To stop ALL email from ABCNews Newsletters, click here to remove =",Body,contains,&SESSID=3D,EntireHeader,contains,"X-MimeOLE: Produced By Microsoft Exchange V6.5"
[enabled],"Daily Top 10 Canadian Pharmacy","Canadian Pharmacy",16711680,AND,Delete,Body,contains,CNN.com,Body,contains,"THE DAILY TOP 10",EntireHeader,doesn'tContainRE,"^Received:\ from\ .+\.cnn\.com\ \(\[64\.236\.31\.[0-9]+\]\)$"
[enabled],"Image Spam #11","Image Spam #11",16711680,OR,Delete,TakesPrecedence,Body,contains,img0.gif,Body,contains,sdjbvsj.gif,Body,contains,8dvs9.jpg,Body,contains,ioreuu78.jpg,Body,contains,"""View image in browser now""",Body,contains,"alt=""Cant see a picture? Click Here!""",Body,contains,"alt=""Show picture and go to site now!""",Body,contains,"alt=3D""Want to request ? It's easy to make a request online.",Body,containsRE,"^(?-i)Content-Type:\ image/png;\r\n\s{1,8}name="".{3,10}\.png""\r\nContent-Transfer-Encoding:\ base64$",Body,containsRE,"^<(center|/style)>\r\n^<a\ href=""http://.+\.(ca|cn|com|net|org|info)""><img\ src="".+/.*\.gif"">\r\n^<style>$",Body,containsRE,"(?-i)^<BODY><table>\r\n<tr><td><a\ href=""http://.+\.com/""><img\ src=""http://.+\.com/.+\.jpg""\ border=0\ alt=""Visit\ site\ now!""></a><br>\r\n<br></td></tr></table></BODY></HTML>$",Body,containsRE,"(?-i)^<BODY><a\ href=""http://.+\.com/""\ target=""_blank"">\r\n^<img\ src=""http://.+\.com/.+\.(gif|jpg)""\ border=0\ alt=""Having\ trouble\ viewing\ this\ email\?\s?\r\n^Click\ here\ to\ view\ as\ a\ webpage\.""></a></BODY></HTML>$"
[enabled],"Viagra Spam [S]","Viagra Spam",16711680,OR,Delete,TakesPrecedence,Subject,contains,"Always be ready.",Subject,contains,impotency,Subject,contains,se>.<,Subject,contains," dysfunction",Subject,contains,$_e'xual,Subject,containsRE,(blue|love).?pills?\b,Subject,is,"Be ready.",Subject,containsRE,"\b(cialis|levitra|viagra|Pfizer|^Pending\ delivery)\b",Subject,containsRE,(?-i)ED[_\s]dysfunction|\sED\.,Subject,containsRE,"(?-i)Online\ V[a-z1]{1,4}A\ Store",Subject,containsRE,"^user\ .+brand\ \d\d%\ Off\ Sale"
[enabled],"Viagra Spam [B]","Viagra Spam",16711680,OR,Delete,Body,contains,Viagra!,Body,contains,VIAGQRA,Body,contains,"Best Price for VIAGRA",Body,containsRE,"\b(Erectifix|erectile\ dysfunction|(?-i)anti-ED|(?-i)cure\ ED|(im)?potence|ED\ treatment)\b",Body,contains,"Taste the V",Body,contains,"V-letter remedy",Body,containsRE,blue.?pill?|SoftTabs,Body,containsRE,"(?-i)Vi?<span\ style=""FONT-SIZE:\ 2px;\ FLOAT:\ right;\ COLOR:\ white"">",Body,containsRE,(V|\\/)[l1i|!](a|/\\)g.*(a|/\\)|viiagra|Vagria|Vgaira|Pfizer,Body,containsRE,"(Buy|order|original|with)\ .*Viagra",Body,containsRE,"Viagra\s{1,3}tabs|Viagra.+\$\d",Body,containsRE,"<a\ href=.+>.*viagra.*</a>",Body,containsRE,"bring\ back\ fire\ and\ passion|make\ (luv|love)\ all\ night|endless\ climaxes|your\ xxx\ drive|sexual\ health|\bmale problems?\b"
[enabled],"Misspelled Viagra [S]","Misspelled Viagra [S]",16711680,OR,Delete,Subject,contains,VlsAGRA,Subject,contains,VIAGQRA,Subject,contains,Vlagrxa,Subject,containsRE,"^V.{4,6}a\s\d\d\s?mg",Subject,containsRE,(V|\\/|/)[i|l!1]agr[a@],Subject,containsRE,\bv.*i.*a.*g.*r.*a[^b-z\s]?\b,Subject,contains,Vyagra,Subject,containsRE,(?-i)V[iy]a(rga|gar|gra),Subject,contains,Vgaira
[enabled],"Vertical Text Viagra and Cialis","Viagra Spam",16711680,AND,Delete,Body,containsRE,"^(?-i)(DIV|P):first-letter\ \{.+FONT-SIZE:\s\d{3}%",Body,containsRE,"(?-i)(<(DIV|P)\ class=3D[a-z]+>[VC][a-z]+[,;\.]?</(DIV|P)>\r\n)",Body,containsRE,"(?-i)(<(DIV|P)\ class=3D[a-z]+>I[a-z]+[,;\.]?</(DIV|P)>\r\n)",Body,containsRE,"(?-i)(<(DIV|P)\ class=3D[a-z]+>A[a-z]+[,;\.]?</(DIV|P)>\r\n)",Body,containsRE,"(?-i)(<(DIV|P)\ class=3D[a-z]+>[GL][a-z]+[,;\.]?</(DIV|P)>\r\n)",Body,containsRE,"(?-i)(<(DIV|P)\ class=3D[a-z]+>[RI][a-z]+[,;\.]?</(DIV|P)>\r\n)",Body,containsRE,"(?-i)(<(DIV|P)\ class=3D[a-z]+>[AS][a-z]+[,;\.]?</(DIV|P)>(</A></TD>)?\r\n)"
[enabled],"Male Enhancement [S]","Male Enhancement",16711680,OR,Delete,Subject,contains,"thicker shaft",Subject,contains,"Longer Harder Thicker",Subject,containsRE,(?-i)Mega\s?(Dik|size)|E?Xtra\s?size,Subject,containsRE,"Gains?\ (up\ to\ )?(\d\+?\s)?(inches\ )?in\ (girth|length|size)|Gaining\ inches",Subject,containsRE,(big(ger|gest)?|fuck|hard(er)?|gigantic|love|man)\s(pecker|pole|rod|sausage|stick|tool|weapon),Subject,containsRE,"(bat|bulge|monster|python|rocket|snake)\ in\ your\s{0,3}(pants|pocket|trousers)|trouser\ snake",Subject,containsRE,"(get|grow)\ (a\s)?bigger|sc?h[l1][o0]ng|love\ muscle|\b(bigger|harder|larger|thicker|your)\ (?-i)(PE)\b|giant\ bulge|your\ small\ (di.?k|stick)|your\ little\s",Subject,containsRE,"add\ (\d\s)?inche?s|\d\ inn?cc?hes|girth,?\s( and\s)?(length|lenght)|(length|lenght)\ and\ (girth|thickness)|thickness\ (a[nd][dn])\ length|long(er)?\ and\ thick(er)?",Subject,containsRE,"Bring\ her\ to\ seventh\ heaven|huge\s?(dic'?k|dignity|package)|problems?\swith\ssize|size\ (really\s)?(does\s)?matters?|I've\ gained\ an\ inch|your\ dic?'?k\ size|rock\ hard|Upsize\ your\ DlC?'?K|(Enlarge|Super-Size)\ It|Impress\ .*wom[ae]n",Subject,containsRE,"your\s?(male\ p[a@]ck[a@]ge|copulation|manhood|manliness|masculinity|new\ (tool|rod|size|weener|willy))|Bodypart|(giant|gigantic|male|man|pocket)\ tool|manly|Masculine|lovemaking|(harder|thicker)\ and\ longer|penetrate|Enlarge,\ Widen\ and\ Strengthen|enlarge\ and\ lengthen",Subject,containsRE,"(boner|blue\ balls|c[o0]ck|\bcum\b|d1ck|dic'?k|\bdong\b|ejaculat(e|ion|ory)|ejauclation|elongate|enhancements?|en[l|1]a?rge(d|ment)|enlarge\syour|Erectile|Erection|flaccid|foreplay|\bpeckers?\b|Peni[l1]e|pen.?[i1l!]s\b|p[e3]nis|pen-nis|p\ e\ n\ [i1l]\ s|\bp[aei3]nis\b|phall(i|us)?|prick|sex(ual)?|s'e[^a-z]?x|s'e_xual|\$e><|Manster|MaxMan|Sizeable|VPXL)"
[enabled],"Male Enhancement [B]","Male Enhancement",16711680,OR,Delete,Body,containsRE,"Magnum.?Pro|ManSter|Man\ XL|Max[gG]ain(\+|Plus)|Megadik|PowerEnlarge|VPXL|Xtrasize\s?(\+|Plus)",Body,containsRE,"en(hanc|larg)ement\ (formula|method|pills|suppliment)",Body,containsRE,"(their|your)\ (enlarged|huge)\ (organ|package|prick|shaft)",Body,contains,"Extra inches gives",Body,contains,"Natural Male Enhancement",Body,contains,"Increase your organ size"
[enabled],"Pharmaceuticals [S]",Pharmaceuticals,16711680,OR,Delete,Subject,contains,MensHealt,Subject,contains,"RE: MedHelp ",Subject,containsRE,"\b(?-i)(FDA|Doctor)\ Approved",Subject,containsRE,Pharmaceutical|Pharmacy|pharmas|apothecary|(?-i)RX,Subject,containsRE,(no\s)?(pres|pers?)cription,Subject,containsRE,"\bPhar|P.?ha.{0,2}rmacy\b",Subject,containsRE,med[il|1]c(al|ations?|ines?)|\bm3ds|medds|medzz?\b|(order|purchase|your)\smeds|drugstore,Subject,containsRE,PH.*[A@(/\)]RM[A@(/\)],Subject,containsRE,"health supersite",Subject,containsRE,"^discreet\ (delivery|packing|shipping)|worldwide\ delivery",Subject,containsRE,"save\ \d\d%\ on\ your\ (medic|meds|pharma|pills)|\d\d%\sdiscount\.\sCode\s#[a-z0-9]{4,8}|\d\d%\ personal\ discount",Subject,contains,"Enhance your life with these products"
[enabled],"Pharmaceuticals [B]",Pharmaceuticals,16711680,OR,Delete,Body,containsRE,"Prescription\ drugs\s{1,}without a prescription",Body,containsRE,"ON.?line\ pharmacy",Body,contains,PHARMACY
[enabled],"Unlicensed Prescription Drugs",Pharmaceuticals,16711680,OR,Delete,From,containsRE,Restricted|Rx|Meds|M3ds|Medd[sz]|Medz|V[i1l|]c[o0]d[i1l|]n|Perc[o0]cet,Subject,contains,Oxycontin,Subject,contains,"without a prescription",Subject,contains,"EMS Delivery",Subject,containsRE,(?-i)Adderall?|Phentermine|Perco[cs]e.?t|Rit[ai]lin|Valium|Vicodin?,Body,contains,rxrefill.com,Body,contains,"no prescription needed",Body,containsRE,(?-i)Valium|Vicodin|Percocet|Phentermine|Ritalin
[enabled],"Subject contains < * + ' >","Known Spam Subjects",16711680,AND,Delete,Subject,containsRE,"(.+(\*|\+|'|<|>)){4,}"
[enabled],"Herbal Spam","Herbal Spam",16711680,OR,Delete,Subject,containsRE,"^(Men's|Natural)\ .*Supplement",Subject,containsRE,Colon?\s?Cleans(e|ing),Subject,contains,"Be full of energy and fill your partner with it",Subject,is,"Amazing New Products launch!",Subject,contains,"U on board",Subject,contains,"Now it is possible to have sex more than 10 times a day",Subject,containsRE,"insatiable\ chick|egiteat|herba[l1]|sexual\ (life|marathon|partners?|preparations?|side)",Subject,contains,"Instead of our old formula, the new one is more concentrated",Body,containsRE,"(Choose|Elite|Express)\ Herbal|(?-i)Express\ Newsletter|(herba[l1]|natura[l1])\ (breakthrough|formulations|pill|products|science|supplement|therapy)|Extra-Time|(male|Men's)\ Supplement|natural\ (herbs|ingredients)|organic\ drugs",Body,contains,"i am so much more confident with the women",Body,contains,"you really can make it big",Body,containsRE,"\bhttp://.+greeting.*This\ product\ is\ amazing!?$",Body,contains,"Colo Cleanse"
[enabled],"Breast Enlargement Pills",Breasts,16711680,OR,Delete,Subject,contains,breasts,Subject,contains,"breast enh",Body,contains,SizeUp,Body,contains,ratedjay.com,Body,contains,breasts,Body,contains,"breast enh"
[enabled],"Watches Spam",Watches,16711680,OR,Delete,From,containsRE,R[o0][l1]exx?|Rep[l1]icas|Watches,Subject,is,Luxury,Subject,contains,//atches,Subject,contains,\/\/ATCHES,Subject,containsRE,"Submariner\ SS|(replica|Rolex|swiss|vip)\ watches|w\.a\.t\.c\.h\.e\.s|\ba\ watch\b",Subject,containsRE,"\b(R[0olex\.]{8,}|Rolex|r,?eplicas?|r\.{1,3}e\.{1,3}p\.{1,3}.l\.{1,3}i\.{1,3}c\.{1,3}a\.{1,3}|watches|chronometers|timepieces?|time\ control)\b",Body,contains,"luxury replica",Body,contains,"We only sell premium watches.",Body,contains,"exact copies of the original watches",Body,contains,"Detailed replicas of best chronometers by the best brands",Body,contains,"put one of these on your xmas list, you will fall in love with them all",Body,containsRE,"Rolex|Rollie|replicas?|Submariner\ SS|watches|//atches|chronometers?|timepieces?|flashy\ bling|expensive\ watch|fashion\ pieces"
[enabled],"Cialis or Levitra","Cialis or Levitra",16711680,OR,Delete,Subject,containsRE,"C[I|i|1|y].?[A|@].?L[i|1]{1,2}.?[S$]|(?-i)Ca[iy]lis|(?-i)Cy[al][al]is",Subject,containsRE,L[E|3].?V.?[I|1|Y]T(R[A|@]|AR),Subject,contains,"DOCT0R & FDA ",Subject,contains,"C1A.LIS & LEV.1TRA",Subject,contains,Cialis,Body,containsRE,C\\Ialis|C1A.LIS|tadalafil|\bCalis\b,Body,containsRE,"C[Il|1](A|@|/\\)[Ll|I1][I|1|/].?[S$]|^ci.{0,2}a.?lis\b",Body,containsRE,C\s(/|1|I)\sA\s(L|I|1)\s(/|I|1)\s(S|\$),Body,contains,LEV.1TRA,Body,contains,levitra
[enabled],"Weight Loss Drugs","Weight Loss Drugs",16711680,OR,Delete,Subject,containsRE,weight.?loss,Subject,containsRE,"Loo?s(e|ing)\ (your\ )?(pounds|weight)|unwanted\ fat",Subject,containsRE,(?-i)Hoodia|Gordonii|Anatrim|Acai[\sBW],Body,containsRE,(?-i)Hoodia|Gordonii|Fatblaster|Anatrim|Acai\s,Body,containsRE,"herbal\ (capsules|components)",Body,contains,"lose weight",Body,contains,"Amazing weight loss ",Body,contains,"your weight.",From,contains,"Lose Weight"
[enabled],"Controlled Drugs",Pharmaceutical,16711680,OR,Delete,Subject,containsRE,(?-i)\bSoma\b,Body,contains,"Soma "
[enabled],"RX Spam","RX Spam",16711680,OR,Delete,Body,containsRE,"^Remove\ .*""\*""\ to\ make\ the\ link\ work(ing)?(\!)?",Body,containsRE,"^Remove\ .*space\ in\ the\ above\ link",Body,containsRE,"^Remove "".+"" in the above link",Body,containsRE,"((wonder)?cum|ej[a|@]cul[a|@]t(e|ing|ions?)|org[a|@]sm|pheromones|sperm|strongest\ activator|virility|gnezbenz\.com|glufacts\.net|ED\ (problem[s.]?|treatments?)|ED.?dysfunction|erectile|sexual\ performance|Premature.?Ejaa?culation)\b",Body,containsRE,"^Tired\ of\ being\ just\ (mr\.?\ )?average.*\?",Body,contains,"miracle supplement",Body,contains,"ladies prefer a man",Body,contains,"Any bigger and i would be in a ",Body,containsRE,"sexual(<br>).{0,2}(problems?|relationships?)",Body,contains,"What do women really want?",Body,contains,"Growth Patch",Body,contains,"Improved Self-Esteem",Subject,containsRE,"^Best\ way\ to\ cure\ yourself|RX|better\ sex"
[enabled],"Pills Spam","Pills Spam",16711680,OR,Delete,Subject,contains,P|\\S,Subject,contains,pills,Subject,containsRE,"BE$T|PILL.?S|Plills|p[i1l|!][1l|!]{2,3}s|pill\ that\ (.*)?works",Subject,contains,MEDS,Subject,contains,generic,Body,containsRE,"PHARMACY\ CLUB|generics|pillz|\bmeds\b",Body,containsRE,"(boost|our|these)\s{1,3}pills",Body,containsRE,"\b(buy|cheap|herbal|wonder)\ (drugs|pills|remed(y|ies)|solutions?)\b|pills\ at\ (dirt\s|the\s)?cheap(est)?\ prices?|medicines|your\ prescriptions|(?-i)MaxGentleman",Body,containsRE,^http://.*pills.*\.com,Body,containsRE,"^<a\ href=(3D)?""http://.*pharmacy.*\.com"">"
[enabled],"HGH Spam","HGH Spam",16711680,OR,Delete,Body,contains,"HGH ",Body,contains,Regenisis,Body,containsRE,H\s{2}G\s{2}H,Body,contains,"Rediscover your youth with ",Body,contains,"Who wouldn't want to feel younger and stronger?",Body,contains,"The Fountain of Youth today!",Body,contains,"Tighten and Increase skin vitality",Subject,contains,"Experience the feeling of youth again",Body,contains,"Feel young again today!"
[enabled],"Casino Spam","Casino Spam",16711680,OR,Delete,Subject,is,VIP,Subject,contains,"YOU play we PAY",Subject,contains,"Sign up & collect $500!",Subject,containsRE,"['""\*s\_-]?(Cas[i1]n[o0]s?|club\s?world|No\ Deposit\ Required|Gambling|online\ games|roulette|black.?jack|craps|poker|slot\ machines|video\ slots?|win\ money)['""\*s\_-]?",From,containsRE,(?-i)[Gg]ambl(e|ing)|Casino|Casnio|Cazino,Body,contains,"Sign up & collect $500!",Body,contains,"the velvet ropes",Body,contains,"Play at our club",Body,containsRE,"Games\ Online|Online\ Gam(es|ing|bling)|Gâmëss?",Body,containsRE,"(Big\ Dollars?|Free|Golden\ Gate|online|no\ deposit|the|World)\ Casino|casino\.com/",Body,containsRE,"\b(poker|jackpot)|poker\ blackjack\ slots\b",Body,containsRE,"Club\s?World|casino\ (classics|games|members)|(Bet|Gamble)\s{1,2}On\s{0,2}(line|credit)|^\s{1,2}Win\s{1,2}\$",Body,containsRE,"Gambling\s{1,2}(chips|credit|from\ home|online)"
[enabled],"Software Spam","Software Spam",16711680,OR,Delete,Subject,containsRE,^[Ss]oftware$,Subject,containsRE,"\$oftware|software\ price\$",Subject,containsRE,"(best|cheap(est)?|downloadable|oem|office|popular|quality).*s[o0]ft(wares?)?|Soft(ware)?\ in\ many\ languages|software\ at\ (amazingly|surprisingly)\ low\ prices|perfectly\ working\ software|software\ you\ need|software\ immediately\ after\ purchase|ado6e|Vista\ Microsoft\ SP1\ and\ XP\ Cracked|Office\ (Enterprise\ 200[789]|200[789]\ Enterprise)|(?-i)(Access|Communicator|PowerPoint)\ 200[789]|Auto([cC]ad|desk)\ 200[789]|OEM\ full\ version\ download|Microsoft,\ Adobe\ and\ many\ other\ software\ brands|purchase\ any\ software\ you\ want|look\ at\ our\ prices\ for\ Adobe\ \w|100%\ workable\ software",Body,contains,"Click this link and download most popular software",Body,contains,"Click this link and downloaded newest software",Body,contains,"you can download them right after pur",Body,contains,"The best software products at the best prices.",Body,containsRE,"EURO.?SOFT(WARE)?|European\ languages|Fully\ localized\ versions",Body,containsRE,"^Retail Price:?\s{1,10}\$\d{3,4}\.[0-9]{2}\r\n^Our Price:?\s{1,10}\$\d{3,4}\.[0-9]{2}",Body,containsRE,"Operational\ systems|newsoft|softwares|Cheap.*soft(ware)?|oem\ssoftware|software\ (you\s)?needs?",Body,containsRE,"SSoftwarr?e|down.?lo.?ad(d?able)?\ (legal\ )?s?so.?ft(ware)?|(Best|cheapest|lowest)\ software\ prices|popular\s?software",Body,containsRE,^(type|vis[il]t)\s'?.+soft.*\s\.\scom'?\sin\syour\s.nternet\sExplorer,Body,containsRE,"(?-i)Office\ (Enterprise\ 200[789]|200[789]\ Enterprise)|(Access|Communicator|PowerPoint)\ 200[789]|Auto([cC]ad|desk)\ 200[789]",Body,contains,"Any program for any operational system"
[enabled],"Exploit Link","Exploit Link",16711680,OR,Delete,Body,contains,"American soldiery",Body,contains,"HELLO!,Is This Your Photo?link",Body,contains,"some jerk has posted your pictures",Body,contains,"and sent a link of them to all ur friends",Body,contains,"Please read the attachment to get the message",Body,contains,"Please read the attachment.</A>",Body,contains,"have attached your document.</A>",Body,contains,/viewmovie.html,Body,containsRE,".(avi|mpg).exe"">",Body,containsRE,"/(install|msvideoc)\.exe"">",Body,containsRE,"/(best|index1|up)(\.|=2E)php""",Body,containsRE,"(?-s)^Content-Transfer-Encoding:\ quoted-printable\r\n\r\n^.+http://.+/.+\.html$\r\n^------=_NextPart_",Body,containsRE,http://.+/(begin|checkit|default|first|fresh|index1|gowatch|live(streaming)?|lol|main|news|r|showvideo|start|stream(ing)?|topnews|up|viewmovie|watch|watchit|whatsup)\.html(</a><br>)?(\r\n)?
[enabled],"Exploit Link Only","Exploit Link",16711680,AND,Delete,TakesPrecedence,Subject,containsRE,"^RE:|RE:\ FW:|FW:$",Body,containsRE,"^http://[a-z0-9.]+\.[a-z]{2,4}/archive[0-9]{2,6}/\?id=.+@.+\.[a-z]{2,4}$"
[enabled],"Postcard Trojan Scam","Postcard Scam",16711680,AND,Delete,Subject,containsRE,"\b(e-?)?(card|greeting|postcard|new\ (greeting|postcard|year)|Happy\ 2009!|New\ Hope\ and\ New\ Beginnings|new\s.*year)",Body,containsRE,"\b((e-?)?(post|greeting\s)?card)|new\ (greeting|postcard|year)\b",Body,containsRE,"^http://(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/|(.*postcards?.*|newyearwithlove|.+2009|happy.+cards?|happy2009.*?)\.(com|exe|org)/?)"
[enabled],"Numeric IP Link","Numeric IP Link",16711680,AND,Delete,Body,containsRE,"^.*http://\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/",EntireHeader,doesn'tContainRE,"^Message-ID:\ <.+@mail.gmail.com>"
[enabled],"Image Spam #11","Image Spam",16711680,OR,Delete,TakesPrecedence,Body,contains,img0.gif,Body,contains,8dvs9.jpg,Body,contains,sdjbvsj.gif,Body,contains,ioreuu78.jpg,Body,contains,"alt=""Cant see a picture? Click Here!""",Body,contains,"alt=""If nothing seen, please press here""",Body,contains,"alt=""If graphics is not enabled, press here""",Body,contains,"alt=""If none image is shown please click here""",Body,contains,"alt=3D""Want to request ? It's easy to make a request online.",Body,containsRE,"^<(center|/style)>\r\n^<a\ href=""http://.+\.(ca|cn|com|net|org|info)""><img\ src="".+/.*\.gif"">\r\n^<style>$",Body,containsRE,"(?-i)^<BODY><table>\r\n<tr><td><a\ href=""http://.+\.com/""><img\ src=""http://.+\.com/.+\.jpg""\ border=0\ alt=""Visit\ site\ now!""></a><br>\r\n<br></td></tr></table></BODY></HTML>$",Body,containsRE,"(?-i)^<BODY><a\ href=""http://.+\.com/""\ target=""_blank"">\r\n^<img\ src=""http://.+\.com/.+\.(gif|jpg)""\ border=0\ alt=""Having\ trouble\ viewing\ this\ email\?\s?\r\n^Click\ here\ to\ view\ as\ a\ webpage\.""></a></BODY></HTML>$",Body,containsRE,"^(?-i)Content-Type:\ image/png;\r\n\s{1,8}name="".{3,10}\.png""\r\nContent-Transfer-Encoding:\ base64$"
[enabled],"5 Line Spam","5 Line Spam",16711680,OR,Delete,Body,containsRE,"^(hi(\sthere)?|compliments|Greetings?|hello|Regards|Wa[sz][sz]up|Yo\sYo\sYo|(Good\s)?(afternoon|day|evening|morning|night))\ \b(\w|-){3,12}\b\s?\r\n.+\r\nhttp://.+\r\n\r\n\w{3,9}\s\w{3,9}",Body,containsRE,"^(hi(\sthere)?|compliments|Greetings?|hello|Regards|Wa[sz][sz]up|Yo\sYo\sYo|(Good\s)?(afternoon|day|evening|morning|night))\ \b(\w|-){3,12}\b\s?\r\n.+\r\n\r\n\w{3,9}\s\w{3,9}\r\nhttp://.+\r\n"
[enabled],"Female Sex Organs","Female Sex Organs",16711680,OR,Delete,Subject,containsRE,cunt|personal\s?puss|pussy|twat|Vagina,Body,containsRE,cunt|masterbator|personal\s?puss|pussy|twat|Vagina
[enabled],"Breast Enlargement Pills",Breasts,16711680,OR,Delete,Subject,contains,breasts,Subject,contains,"breast enh",Body,contains,SizeUp,Body,contains,ratedjay.com,Body,contains,breasts,Body,contains,"breast enh",Body,containsRE,(?-i)Ultra\s?Curves
[enabled],"Nigerian 419 Scam #1 [S]","419 Scam",16711680,AND,Delete,Subject,contains,URGENT,Subject,contains,AND,Subject,contains,CONFIDENTIAL
[enabled],"Nigerian 419 Scam #2 [S]","419 Scam",16711680,AND,Delete,Subject,containsRE,(?-i)^URGENT|CONFIDENTIAL,Subject,contains,BUSINESS,Subject,containsRE,(?-i)PROPOSAL|RELATIONSHIP
[enabled],"Nigerian 419 Scam #3 [S, F, R]","419 Scam",16711680,OR,Delete,From,containsRE,BARRISTER|TRANSFER,EntireHeader,containsRE,^Reply-To:\s.+<?.+@yahoo.com\.hk>?$,Subject,is,BUSINESS,Subject,is,"URGENT BUSINESS",Subject,containsRE,"(?-i)(^CONTACT\ (\w*\s)?(COURIER\ COMPANY|ATM\ DEPARTMENT))",Subject,containsRE,"(?-i)TREAT\ (AS|VERY)\ (CONFIDENTIAL|URGENT)|(EMINENTLY|STRICTLY|URGENTLY)\ CONFIDENTIAL",Subject,containsRE,"UNITEDN\ NATION|Director,\ United\ Nations",Subject,containsRE,"^Dear\ Friend$|Urgent\ Proposal|Business\ letter\ from",Subject,contains,"FUND TRANSFER",Subject,contains,"From Barrister"
[enabled],"Nigerian 419 Scam #4 [B]","419 Scam",16711680,AND,Delete,Body,containsRE,^(Kind\s)?Atte?n:|ATTENTION|Hello,Body,containsRE,"Beneficiary|(My\ )?Dear\ (GOOD\s)?(Beloved|Friend)"
[enabled],"Nigerian 419 Scam #5 [B]","419 Scam",16711680,OR,Delete,Body,contains,"contacting you based on Trust",Body,containsRE,"^Hello,\ I.{0,2}m\ Sgt\.",Body,containsRE,"^(?-i)\*?(Dear\ (Sir/Madam|Friend)|Complement\ of\ the\ day)",Body,contains,"I need your urgent assistance in transferring",Body,contains,"Waiting to hear from you soonest",Body,containsRE,"unclaimed\ (benefits|funds)",Body,containsRE,"(I\ am|My\ name\ is)\ Barrister|^Barrister.+ESQ$|^(?-i)Barrister\ [A-Z][a-z]{2,}\ [A-Z][a-z]{3,}",Body,containsRE,^Best\sregards.?\r\nBarr\..?[A-Z],Body,containsRE,"^Mr\.\ \w{3,}\ \w{3,}\ \(Barrister\)",Body,contains,"your utmost confidentiality in this matter"
[enabled],"Nigerian 419 Scam #6 [B]","419 Scam",16711680,OR,Delete,Body,containsRE,"Business\ proposal\ valued\ at|(?-i)(CONFIDENTIAL\s)?(MUTUAL\s)?BUSINESS\ (PROPOSAL|RELATIONSHIP?)|URGENT\ AND\ CONFIDENTIAL",Body,containsRE,"Bank\ (of\ )?(Nigeria|Benin|(South\s)?Africa)|Benin\ Republic|Republic\ of\ Benin|Director,\ United\ Nations|REPUBLIC\ OF\ NIGERIA",Body,containsRE,"beneficiary|no\ Beneficiaries|demurrage|dumourage|duemorrage|Clearance\ Certificate\ (\r\n)?Fee|keeping\ fees|(?-i)IMMEDIATE\ RELEASE\ OF\ YOUR\ PAYMENT",Body,containsRE,"\{[a-z]{3,8}\sMillion\s[a-z-]{3,6}\sHundred\sThousand\sDollars}",Body,contains,"I am Mr. Patrick Chan"
[disabled],"Nigerian 419 Scams","419 Scam",16711680,OR,Delete,From,containsRE,BARRISTER|TRANSFER,EntireHeader,containsRE,^Reply-To:\s.+<.+@yahoo.com\.hk>$,Subject,containsRE,"(?-i)(^URGENT\ AND\ CONFIDENTIAL$|^Dear\ Friend$)",Subject,containsRE,"Urgent\ Proposal|Business\ letter\ from|(?-i)URGENT\ BUSINESS|CONFIDEN[CT]IAL.*URGENT|(?-i)BUSINESS\  PROPOSAL",Subject,containsRE,"(?-i)(CONFIDENTIAL\s)?(MUTUAL\s)?BUSINESS\ (PROPOSAL|RELATIONSHIP?)|UNITEDN\ NATION|CONTACT\ ATM\ DEPARTMENT|Director,\ United\ Nations",Subject,containsRE,"(?-i)^CONTACT\ .+\ (COURIER\ COMPANY|ATM\ DEPARTMENT)",Subject,containsRE,"(?-i)TREAT\ (AS|VERY)\ (CONFIDENTIAL|URGENT)|(EMINENTLY|STRICTLY|URGENTLY)\ CONFIDENTIAL",Body,containsRE,"^(?-i)\*?(Dear\ (Sir/Madam|Friend)|Complement\ of\ the\ day),\*?(<br>)?$",Body,containsRE,"Business\ proposal\ valued\ at|(?-i)(CONFIDENTIAL\s)?(MUTUAL\s)?BUSINESS\ (PROPOSAL|RELATIONSHIP?)|URGENT\ AND\ CONFIDENTIAL",Body,containsRE,"Bank\ (of\ )?(Nigeria|Benin|(South\s)?Africa)|Benin\ Republic|Republic\ of\ Benin|Director,\ United\ Nations|REPUBLIC\ OF\ NIGERIA",Body,containsRE,"unclaimed\ (benefits|funds)",Body,contains,"contacting you based on Trust",Body,containsRE,"(Kind\s)?Attn:\s?Beneficiary|^(Hello\s)?(MY\s)?(DEAR\s)?(GOOD\s)?FRIEND[,.]|^Atte?n:Dear\ Friend,|^(Attn,\s)?My Dear\ (Beloved|Friend)[,.]$|^ATTENTION\s?:\s?BENEFICIARY.?$|(?-i)<STRONG>Kind\ Attn:\s?</STRONG>|(?-i)<STRONG>Beneficiary|BENEFICIARY,",Body,containsRE,"beneficiary|no\ Beneficiaries|demurrage|dumourage|duemorrage|Clearance\ Certificate\ (\r\n)?Fee|keeping\ fees|(?-i)IMMEDIATE\ RELEASE\ OF\ YOUR\ PAYMENT|(I\ am|My\ name\ is)\ Barrister|^Barrister.+ESQ$|^Mr\.\ \w{3,}\ \w{3,}\ \(Barrister\)",Body,containsRE,^Best\sregards.?\r\nBarr\..?[A-Z],Body,containsRE,"\{[a-z]{3,8}\sMillion\s[a-z-]{3,6}\sHundred\sThousand\sDollars}"
[enabled],"Lottery Scam","Lottery Scam",16711680,OR,Delete,Subject,contains,"Your Email Has Won Prize",Subject,containsRE,"^(WINNING\ (Notification|NUMBER:)|ticket\ number\ \(.+\))",Subject,contains," Lottery",Subject,contains,"GO FOR CLAIM VERIFICATION FORM",From,contains,LOTTERY,From,containsRE,"coca.?cola.?promm?o|Microsoft\ Award\ Department|Department\ of\ National\ Lotteries|Superenalotto|WORLD\ CUP|your\ email\ (address|id)\ has\ (won|been\ selected)",Body,contains,"Attn: Lucky Winner",Body,contains,"DEAR WINNER",Body,contains,"YOUR E-MAIL ADDRESS WON ",Body,contains,"please contact your fudiciary agent",Body,contains,"International Program Online Co-ordinator",Body,containsRE,"(?-i)WINNING\ NUMBER:|LOTTERY|RE:\ LOTTO|Lottery\ Coordinator|your\ email\ ID\ has\ won",Body,containsRE,"(jackpot|International|ExxonMobil|Microsoft|National)\ (Award|Lottery)|Freelotto|fiduciary|The\ Kings\ Charity|weekly\ sweepstakes",Body,containsRE,"You\ are\ advised\ to\ keep\ this\ winning\ (.+\s)?confidential",From,contains,AFRICA
[enabled],"Money Transfer Scam","$ Xfer Scam",16711680,OR,Delete,Subject,contains,"TRANSFER ASSISTANCE",Subject,contains,"SWIFT CREDIT CARD",Body,contains,"SWIFT CREDIT CARD",Body,contains,AWARD/INHERITANCE/CONTRACT,Body,contains,"Promptitude in sending the payment",Body,contains,"We redirect the client's payment to you",Body,contains,"after you'll keep our(and yours) earnings, ",Body,contains,"it is your obligation to transfer the rest",Body,contains,"Basic knowledge in Acconting and payment transactions.",Body,containsRE,"^My\ dear\ friend,$|Dear\ good\ friend\s?,|modalities|money\ transfer\ system|I\ will\ give\ you\ \d\d%\ for\ your\ kind\ assistance to me",Body,contains,CONTRACT/INHERITANCE
[enabled],"Job Scams","Job Scams",16711680,OR,Delete,Subject,containsRE,"(jobs|work)\ (at|from)\ home",Subject,containsRE,"(earn|Make)\ Money\ (at|From)\ (Your\s)?Home",Body,contains,"looking for representatives in the US",Body,contains,"Our company is looking for new business partners in United States.",Body,contains,lvelectronic,Body,contains,"I`m president of LV Electroni",Body,contains,"If you are interested in our proposition, contact us by e-mail:"
[enabled],"Money Mule Scam","Money Mule",16711680,OR,Delete,Subject,containsRE,"Update\ on\ available\ .+positions",Body,contains,"EMPLOYER SNAPSHOT",Body,contains,"VACANCY CODE: "
[enabled],"Quit Smoking Spam","Quit Smoking",16711680,OR,Delete,Subject,contains,"Live longer life without cigarettes",Subject,contains,"quit smoking",Subject,contains,"Stop Smoking ",Body,contains,"Break free from Nicotine",Body,contains,"break the nasty habit",Body,contains,LIVEFREE,Body,contains,"quit smoking once and for all.",Body,containsRE,"(quit|stop)\ smoking\."
[enabled],"Counterfeit Goods","Counterfeit Goods",16711680,OR,Delete,From,contains,Gucci,Subject,containsRE,des1gner|designer\s(brands|footwear|shoes),Subject,containsRE,\b(gucci|prada|chanel|chloe|dior|(?-i)UGG)\b,Subject,contains,repl!c@,Subject,containsRE,Cartier|Gucci|Versace|KN[0O]CK.?[0O]FFS,Subject,containsRE,(?-i)SHOES|\bBling\b,Subject,contains,"luxury footwear",Subject,containsRE,"Branded\ (footwear|shoes)",Subject,contains,"Clad your feet",Body,contains,"~ Gucci",Body,containsRE,Knock.?[O0]ffs,Body,containsRE,"(?-i)Vertu\s.{3,14}phones\s"
[enabled],"Get Laid Spam","Get Laid Spam",16711680,OR,Delete,Body,contains,"Best of all: it is free...",Body,contains," get laid",Body,contains,"% of members have already gotten laid using our system!",Body,contains,"Are you interested in hooking up with people who live just minutes from you?",Body,contains,"Are you interested in getting laid with locals?",Body,contains,"We have the power to make this happen!",Body,containsRE,fuck.?(buddy|friend),Body,containsRE,"<a\ href=""http://www\.(geocities\.com/.+|.+\.cn)"">.*(It's\ all\ here|Here\ it\ is|Check\ it\!)(\!)?</a>",Body,contains,"want more sex"
[enabled],"Dating Spam","Dating Spam",16711680,OR,Delete,Subject,containsRE,"\bdating\b|single.?ladies|Married.{1,5}lonely|(?-i)Add\ Me|Find\ Someone|^Hi\ remember\ me\?|Looking\ for\ love\b|Russian\ (beauties|girls?|hotties?|lad(ies|y)|wife|wives|wom[ae]n)|we\ fucked|from\ Russia|meet\ a\ beautiful\ girl",Body,contains,"Greetings! I wish to get acquainted with you",Body,containsRE,"\bdating\ (site|system)\b|dating!|flirting",Body,containsRE,"\d\d%\ of\ our\ members\ .*hooked\ up\ (using|with)\ our\ .*system|maybe\ we\ can\ hook\ up",Body,contains,"I read your profile online and I was int",Body,contains,"Please write me a letter here http://",Body,contains,"Do you like beautiful girls?",Body,contains,"good looking girl who is looking to chat with you",Body,contains,"looking for a nice guy to chat with",Body,contains,Ifoundyourprofileonline,Body,contains,HithereI,Body,containsRE,"I'm\ from\ Russia|Russian\ (girls|lad(ies|y))|single\ Russian\ (girl|lad.{1,3}|wom[ea]n)|i\ (found|loved|was\ just\ reading)\ your\ profile|and\ i\ would\ (like|love)\ to\ get\s",Body,contains,"My pics and short video",Body,contains,"your so hot!"
[enabled],"Credit Card Phishing Scam","Phishing Scam",16711680,OR,Delete,Subject,contains," Your Card Number 5018-0XXX-XXXX-XXXXX",Body,contains,"MasterCard has been deactivated.",Body,contains,"As the primary contact, you have to reactivate your card or you will not be able to use it.",Body,contains,"Please reactivate your MasterCard by going to:",Body,contains,"Dear VISA card holder,",Body,contains,.vc/secureapps/
[enabled],"The Bat Image Spam","The Bat Image Spam",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: The Bat!",Body,containsRE,"^(?-i)<BODY>\r\n^<img\ src=3D""cid:[a-z0-9@$]+"">\r\n^<P><SMALL>.+</SMALL></P></BODY></HTML>",Body,contains,"Content-Type: image/gif;"
[enabled],"Re [digits] Spammer","Re [digits]",16711680,AND,Delete,Subject,containsRE,^re.?,Subject,containsRE,"\[\d{1,3}\]:?"
[enabled],"Yahoo Groups or Profiles Spam Link","Yahoo Groups or Profiles Spam",16711680,OR,Delete,Body,containsRE,"http://groups.yahoo.com/group/.{8,18}/message/\d['""]?>?",Body,containsRE,"http://profiles\.yahoo\.com/blog/[A-Z0-9]{20,}("">)?"
[enabled],"Re: or FW: Spam","Re: or Fw:",16711680,OR,Delete,Subject,is,Re:,Subject,is,Fw:
[enabled],"Stud Tips Spam","Stud Tips Spam",16711680,OR,Delete,Subject,contains,"Stud secrets",Subject,contains,"pick up any woman",Body,contains,"pick up women",Body,contains,"learn the art of  seduction",Body,contains,"<font size=""4"" color=""ff3333"">MORE TIPS INSIDE!</font></a>",Subject,contains,"pick up women",Subject,contains,"Be a Stud"
[enabled],"Known X-Mailer Spam","Known X-Mailer Spam",16711680,OR,Delete,EntireHeader,contains,"X-Mailer: Apple Mail (2.924)",EntireHeader,contains,"X-Mailer: The Bat! ",EntireHeader,contains,"X-Mailer: Mediacomm Communicator ",EntireHeader,contains,"X-Mailer: xinnet.com webmail 1.0",EntireHeader,contains,"X-Mailer: Openwave WebEngine",EntireHeader,contains,"X-Mailer: iPlanet Messenger Express",EntireHeader,contains,"X-Mailer: CommuniGate Pro WebUser",EntireHeader,contains,"X-Mailer: ZuckMail",EntireHeader,contains,"X-Mailer: PHPMailer",EntireHeader,contains,"X-Mailer: Sun Java",EntireHeader,contains,"X-Mailer: Evolution",EntireHeader,containsRE,"^X-Mailer:\ (Prayer|sejkuuk|WhatCounts|Zimbra)"
[enabled],"Known User-Agent Spam","Known User-Agent Spam",16711680,OR,Delete,EntireHeader,contains,"User-Agent: SquirrelMail/",EntireHeader,contains,"User-Agent: Rodriquezmail",EntireHeader,contains,"User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)",EntireHeader,contains,"User-Agent: Opera Mail/",EntireHeader,contains,"User-Agent: Microsoft-Entourage/12.1.0.080305",EntireHeader,contains,"User-Agent: Internet Messaging Program",EntireHeader,contains,"User-Agent: CwazyMail"
[enabled],"Western Union Scam","Phishing Scam",16711680,AND,Blacklist,Delete,Subject,containsRE,"Notification\ of\ limited\ (account\ )access|(?-i)Western\ Union",From,contains,"Western Union",EntireHeader,doesn'tContainRE,"Received:\ from\ (westernunion|instantservice).com",Body,containsRE,"(?-i)Western\ Union|Your account has been limited"
[enabled],"Russian Sender","Russian Sender",16711680,OR,Delete,EntireHeader,containsRE,"^Received:\ from\ .*85\.140\.\d{1,3}\.\d{1,3}",EntireHeader,containsRE,"^Received:\ from\ .*80\.85\.1([7][6-9]|[8[0-9]|9[01])\.\d{1,3}(\]\))?",EntireHeader,contains,"charset=""koi8-r"";",EntireHeader,contains,"Subject: =?koi8-r",Body,contains,charset=3Dkoi8-r,EntireHeader,containsRE,Message-ID:\s<.+@.+\.ru>,EntireHeader,containsRE,"\(envelope-from\ <.+@.+\.ru>\)",EntireHeader,containsRE,HELO\s.+\.ru
[enabled],Pornography,Porn,16711680,OR,Delete,Subject,contains,FuckBook,Subject,containsRE,"((wet\ )?puss(ies|y))|nympho|porno?s?\b|Live\ Girls|\bP[\.,']?0RN[0O]?\b",Body,contains,nymphos,From,contains,"webcam ",Body,contains,"Porniest Home Videos",Body,contains,P.0RN,Body,contains,PORN,Body,contains," XXX "
[enabled],"Warranty Spam","Warranty Spam",16711680,OR,Delete,Automatic,Body,contains,"your auto extended warranty and insurance",Subject,containsRE,"Get\ your\ warranty\ .+\d\d%"
[enabled],"Live.com Spam Link","Live.com Spam Link",16711680,OR,Delete,Body,containsRE,"<a\ href=3D""http://[a-z0-9]{6,16}\.spaces\.live.com"">.+<span\sstyle=3D""FONT-SIZE:\ 2px;\ FLOAT:\ right;\ COLOR:\ white"">.{2,4}</span></a.{0,3}>",Body,containsRE,"http://[a-z0-9]{6,16}\.spaces\.live.com"
[enabled],"HTML Spam Tricks","HTML Tricks",16711680,OR,Delete,Subject,containsRE,.*\$.*\$|.*@.*@|(?-i)\$REPSBJ,Body,contains,=2Ecom/,Body,containsRE,(?-i)\$REP(BODY|LINK),Body,containsRE,"font\ size=""?0""?",Body,containsRE,"((<![\w\s,\.\-]+>)([\w\s,\.\-]){1,10}){3,}",Body,containsRE,((&#0*(3[3-9]|[4-9]\d|1[01]\d|12[0-6]);).*?){6},Body,containsRE,"(/[a-z0-9]/[a-z0-9]){5,}",Body,contains,<iframe,Body,contains,<br><br><br><br><br><br><br><br>,Body,containsRE,<\![^-D],Body,contains,&#85;&#00110;&#000115;&#00117;&#98;&#115;&#0099;&#000114;&#00105;&#098;&#101;,Body,contains,"<span style=""FONT-SIZE: 2px; FLOAT: right; COLOR: white"">",Body,contains,"<span style=3D""FONT-SIZE: 2px; FLO",Body,containsRE,"<td\ colspan=(3D)?""\d{1,3}""\ bgcolor=(3D)?""#FFFFFF""></td><td\ colspan=(3D)?""\d{1,3}""\ bgcolor=(3D)?""#[a-z0-9]{6}"">",Body,containsRE,"<strong><a\ href=""http://.+\.com""></a></strong>"
[enabled],"Malformed Link Spam","Malformed Link",16711680,AND,Delete,Body,containsRE,"^\s?http://.+\ \.\ (com|cn|info|org|net|ru)/?$"
[enabled],"Maxdik Spam","Maxdik Spam",16711680,AND,Delete,Body,containsRE,"(?-i)^<BODY><br><a\ href=3D""http://[a-z]{7,9}=2Ecom""><font\ size=3D""\+1""><b>"
[enabled],"Image Spam #1","Image Spam #1",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Microsoft Outlook Express",EntireHeader,contains,"X-MimeOLE: Produced By Microsoft MimeOLE",EntireHeader,contains,"MIME-Version: 1.0",EntireHeader,contains,"Content-Type: multipart/related;",EntireHeader,contains,"type=""multipart/alternative"";",EntireHeader,contains,"boundary=""----=_NextPart_",Body,contains,"<META content=3D""MSHTML",Body,contains,"<IMG src=3D",Body,contains,cid:,Body,containsRE,"^Content-Type:\ image/(gif|jpeg);"
[enabled],"Image Spam #2","Image Spam #2",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Microsoft Outlook Express 6.00.",EntireHeader,contains,"X-MimeOLE: Produced By Microsoft MimeOLE V6.00.",EntireHeader,contains,"MIME-Version: 1.0",EntireHeader,contains,"Content-Type: multipart/mixed;",EntireHeader,contains,"boundary=""----=_NextPart_",Body,contains,"Content-Type: multipart/alternative;",Body,contains,"Content-Transfer-Encoding: quoted-printable",Body,contains,"Content-Transfer-Encoding: base64",Body,contains,"Content-Type: image/gif;",Body,contains,"Content-Disposition: attachment;"
[enabled],"Image Spam #3","Image Spam #3",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Microsoft Outlook Express",EntireHeader,contains,"X-MimeOLE: Produced By Microsoft MimeOLE",EntireHeader,contains,"Content-Type: multipart/related;",EntireHeader,contains,"boundary=""----=_NextPart_",Body,contains,"Content-Transfer-Encoding: quoted-printable",Body,contains,"<META content=3D""MSHTML",Body,contains,<IMG,Body,contains,alt=3D,Body,contains,"src=3D""cid:",Body,contains,"Content-Transfer-Encoding: base64"
[enabled],"Image Spam #4","Image Spam #5",16711680,AND,Delete,EntireHeader,contains,"MIME-Version: 1.0",EntireHeader,contains,"Content-Type: multipart/related;",EntireHeader,containsRE,"^\s?boundary="".+""$",Body,contains,"Content-Transfer-Encoding: 7bit",Body,contains,"<img ",Body,containsRE,"src=""cid:.+""",Body,contains,"Content-Type: image/gif;",Body,contains,"Content-Transfer-Encoding: base64",Body,doesn'tContain,"<a href="
[enabled],"Image Spam #10","Image Spam #10",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Microsoft Office Outlook",EntireHeader,contains,"X-MimeOLE: Produced By Microsoft MimeOLE",EntireHeader,contains,"Content-Type: multipart/related;",Body,contains,"This is a multi-part message in MIME format.",Body,contains,"Content-Transfer-Encoding: 7bit",Body,contains,"Content-Transfer-Encoding: quoted-printable",Body,contains,"<meta name=3DGenerator content=3D""Microsoft Word 11 (filtered medium)"">",Body,containsRE,"<A\ HREF=3D""http://.+\.cn/?",Body,contains,"<IMG src=3D",Body,containsRE,"^Content-Type:\ image/(gif|jpeg);"
[enabled],"Bgimg Image Spam","Bgimg Image Spam",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Microsoft",EntireHeader,contains,"X-MimeOLE: Produced By Microsoft MimeOLE V6.00.",EntireHeader,contains,"Content-Type: multipart/related;",Body,contains,"Content-Type: multipart/alternative;",Body,contains,=_NextPart_,Body,contains,"Content-Type: image/gif;",Body,contains,"Content-ID: <bgimg.gif"
[enabled],"Stocks Spam #4","Stocks Spam #4",16711680,OR,Delete,Body,containsRE,"read\ (up|the)\ (news|release)?",Body,containsRE,"and\ (get\ (all\ over|on))|(move\ on|jump\ on)|(be\ ready\ to)",Body,containsRE,"\bget\ (all\ over|on)\ [A-Z]{4}\ first\ thing\ .+day\b",Body,contains,"Beat the news to the market",Body,containsRE,"^Price\ up\ .{1,4}%",Body,containsRE,"^5.*day\ price: ",Body,contains,"Emergency report. Check",Body,containsRE,"pushed\ share\ prices\ up\ over\ \d{1,3}%",Body,contains,"The Gold Watcher",Body,contains,"is climbing hard. UP"
[enabled],"Stocks Spam #3","Stocks Spam #3",16711680,OR,Delete,Body,contains,"This Is Going To Explode!",Body,containsRE,^(target|current).?price,Body,contains,"stock watch notices",Body,contains,"Stock reporting sites",Body,containsRE,^Sym(bol)?.?:\s[A-Z],Body,containsRE,c.?h.?i.?n.?a\s\w,Body,containsRE,"^j?.u.?m.?p\ o.?n\ t.?h.?i.?s\ f.?i.?r.?s.?t\ t.?h.?i.?n.?g\s",Body,containsRE,"^H.?E.?R.?E\ W.?E\ G.?O\ A.?G.?A.?I.?N\!",Body,containsRE,"^T.?i.{1,2}k.{1,2}:\ \w.?\w.?\w.?\w\s?$",Body,containsRE,"^(S|\$).?y.?m.?b.{0,4}\W?:\ \w.?\w.?\w.?\w\s?$"
[enabled],"Stocks spam #2","Stocks spam #2",16711680,OR,Delete,Subject,containsRE,"^Trade\ Noti(ce|fication)",Subject,containsRE,"g.?oing\ to\ e.?xplode\ on\ (mon|tues|wednes|thurs|fri)day",Subject,containsRE,invest(or|ment)|Dividends,Body,containsRE,stock.?exchange,Body,containsRE,"^U.?RGENT S.?TOCK A.?LERT",Body,contains,"Big News Expected",Body,contains,"Easy walk in price",Body,contains,"MARKET WIRE",Body,contains,"Opening bell message",Subject,containsRE,"\b(Big\ Market|(Market|Trader)\ Alert)\b"
[enabled],"Stocks spam #1","Stocks spam #1",16711680,OR,Delete,Body,containsRE,"^H.?ot\ st.?ock\ ale.?rt",Body,containsRE,"breaking\ mark.?et\ n.?ews",Body,containsRE,"Watc.?h\ this\ sto.?ck\ go\ higher\ and\ higher",Body,containsRE,^((Symbol|Stock)(\s)?:\s){1}([A-Z].?[A-Z].?[A-Z].?),Body,containsRE,"(financial|fina\ ncial|fin\ ancial|fi\ nancial)\sadvice",Body,containsRE,"^Price:?\ \$?\d{0,2}\.\d{2,3}",Body,contains,"within the meaning of Section 27a of the Securities act of 1933",Body,contains,"Information within this email contains ""forward looking",Body,contains,"Expected: This one is going to grow at a rapid rate",Subject,containsRE,"^Read\ this\ before\ .+day"
[enabled],"PDF Attachment","PDF Attachment",16711680,AND,Delete,Body,containsRE,"^Content-Type: application/(pdf|octet-stream);",Body,containsRE,"^Content-Disposition:\ (attachment|inline);",Body,containsRE,"name="".+\.pdf"""
[enabled],"Ebay Phishing Scams","Phishing Scam",16711680,AND,Delete,EntireHeader,doesn'tContainRE,"^Received:\ from\ .+\..+ebay\.com\ .+\ helo=.+\.ebay\.com",Subject,contains,eBay,Body,containsRE,"^Dear\ eBay\ (Customer|Member),",Body,contains,"eBay Confirmation Request"
[enabled],"Facebook Phish","Phishing Scam",16711680,AND,Delete,From,contains,@facebook.com,Subject,containsRE,password,Body,contains,"You can find your new password in attached document",Body,contains,Facebook,Body,contains,"Content-Disposition: attachment;"
[enabled],"PayPal Scams #1","PayPal Phishing Scam",16711680,AND,Delete,TakesPrecedence,EntireHeader,doesn'tContainRE,"^Received:\ from\ [a-z0-9.-]+\.paypal\.com\s",From,containsRE,.+@(intl|www[-\.])?paypal(-us)?.com|^PayPa[l1I]|paypai\.com
[enabled],"PayPal Scams #2","PayPal Phishing Scam",16711680,AND,Delete,TakesPrecedence,Body,containsRE,"^Dear\ PayPal\ (User|Member|Customer)|Your\ paypal\ access\ has\ been\ limited",EntireHeader,doesn'tContain,nix.paypal.com
[enabled],"Credit Report Spam","Credit Report Spam",16711680,OR,Delete,From,contains,MemberValueChoice,Subject,contains,"your Credit Report",EntireHeader,containsRE,(rhino|rhbino|rhmino)yellow\.com
[enabled],"Illegal Drugs","Illegal Drugs",16711680,OR,Delete,Subject,contains,"legal buds",Body,containsRE,"legal\ buds?\ online"
[enabled],"Loans Spam",Loans/Bankrupcy,16711680,OR,Delete,Body,contains,"Bad credit",Body,contains,Bankruptcy,Body,containsRE,"low(est)?\ rate(s)?|payday\ (loan|advance)|(Equity|short-term)\ loan|debt",Body,contains,"fixed low rate",Body,contains,"You have been pre-approved",Subject,containsRE,"consolidat(e|ion)|debt|lenders|loan|mortgage|refinan?c(e|ing|ment)|Your\ Life\ Insurance",Body,containsRE,"^C[o0]ngra[dt]ulati[o0]ns.*you('ll|\scan)\ get\ (.*\ )?\$""?\d\d\d.+""?\ loan\ for\ ",Body,contains,"Refinance ",Body,contains,loans,Body,contains,"Are your premiums payments too high",Body,contains,"eLoan is offering loan to"
[enabled],"Diploma Spam","Diploma Spam",16711680,OR,Delete,Subject,containsRE,(diplomas?|dip1omas?|DIMPLOMAS?|Degree)\b|(?-i)Bacheelor|Masteer|MBA/|Doctoraate,Body,containsRE,"^No\ (classes|Exams|Pre-School)",Body,contains,"your Graduation is a phone call away",Body,contains,"UNIVERSITY DIPLOMA",Body,containsRE,"Diiploma|DIMPLOMA|(?-i)D\ I\ P\ L\ O\ M\ A\sS?",Body,contains,"Obtain the_degree you deserve",Body,containsRE,"^(For US:\s)?\+?1[-,'\.\*\s\~](206|267|305|501|718|781|832)[-,'\.\*\s\~]\d{3}[-,'\.\*\s\~]\d{4}|Call\ Today|call(ing)?\ this\ number:",Body,containsRE,"your\ (degree|diploma)|No\ Pre-School",Body,containsRE,"(?-i)([dD]iplomas|Bachelors,?|Masters,?|Doctoral|PhD's)",Body,contains,non-accredited,Body,containsRE,"Outside\ U.?S.?A.?:\ \+1-(206|267|305|501|718|781|832)-\d\d\d-\d\d\d\d"
[enabled],"Hitman Scam","Hitman Scam",16711680,AND,Blacklist,Delete,Subject,contains,"BE MORE CAREFUL",From,contains,"BE MORE CAREFUL"
[enabled],"Malformed Link Spam","Malformed Link",16711680,AND,Delete,Body,containsRE,"^\s?http://.+\ \.\ (com|cn|info|org|net|ru)/?$"
[enabled],"Underscore/Dash Sender","_- Sender",16711680,OR,Delete,EntireHeader,containsRE,"(envelope-from\ <-[a-z0-9]+@.+\..+>)",From,containsRE,".*<_[a-z1-9-]+@.+\.\w{2,3}>$"
[enabled],"Zip attachment","Zip, Rar, Gz Attachment",255,AND,TakesPrecedence,Body,containsRE,"^Content-disposition:\ attachment;$|^Content-Type:\ application/zip;$",Body,containsRE,"(^\s?filename|\tname)="".+\.(zip|rar|t?gz)"""
[enabled],"Webmail Phishing Scam","Phishing Scam",16711680,OR,Delete,Subject,containsRE,"(?-i)^Dear\ Account\ Owner|^Dear\ Webmail\ Subscriber|^YOUR\ WEBMAIL\ ACCOUNT",Body,containsRE,"^Dear\s(Webmail\s)?(Account\s)?(Owner|Subscriber|User)[;,]$"
[enabled],"Google Reader Spam Link","Google Reader Spam",16711680,AND,Delete,Body,contains,http://www.google.com/reader/view/user/,Body,contains,/com.google/broadcast
[enabled],"Google Phishing Scam","Google Phishing Scam",16711680,AND,Delete,TakesPrecedence,Subject,contains,Please,From,contains,Google-AdWords,EntireHeader,doesn'tContainRE,"Received:\ from\ [a-z0-9-\.]+\.google\.com",Body,contains,"Dear Advertiser,"
[enabled],"Google Redirect Exploit #2","Google Redirect Exploit",255,OR,Delete,Body,containsRE,http://documents\.google\.com/a/.+\.(com|cn|net|org|ru)/View?
[enabled],"Google Feeling Lucky Spam","Google Feeling Lucky Spam",16711680,AND,Delete,Body,containsRE,http://www\.google\.com/search\?hl=en&q=inurl:.+=Im\+Feeling\+Lucky
[enabled],"HopOne Spammers","HopOne Spammers",16711680,OR,Delete,EntireHeader,containsRE,^Received:\sfrom\s.+209.160.[0-7][0-9]?..+,EntireHeader,containsRE,^Received:\sfrom\s.+66\.148\.(6[4-9]|[789][0-9]|1[012][0-7]|2[0-7])\..+,EntireHeader,containsRE,^Received:\sfrom\s.+66\.235\.((1[678][0-9])|(19[01]))\..+,EntireHeader,containsRE,^Received:\sfrom\s.*208\.75\.1(7[6-9]|8[0-3])\..+
[enabled],"Yahoo Finance Summary Link","Yahoo Finance Summary Link",16711680,AND,Delete,Body,containsRE,"^http://finance\.yahoo\.com/q\?s=\w{4}(\.\w{2,3})?"
[enabled],".info sender",".info sender",16711680,AND,Delete,From,containsRE,.+@.+\.info
[enabled],"From juviotravel@gmail.com",juviotravel@gmail.com,16711680,AND,Delete,EntireHeader,contains,juviotravel@gmail.com
[enabled],"Base 64 Encoded Body","Base 64 Encoded",16711680,AND,Body,contains,"Content-Transfer-Encoding: base64",Body,doesn'tContain,"Content-Type: image/",Body,doesn'tContainRE,"^Content-Disposition:\ (inline|attachment);",Body,contains,"Content-Type: text/plain;"
[enabled],"Worm - Double Extension Attachment","WORM >Double Extension!!",255,AND,Delete,TakesPrecedence,noreport,Body,contains,"Content-disposition: attachment; filename=",Body,containsRE,"(file)?name="".+\.(gif|jpg)\.(scr|pif|exe|cmd|com)"""
[enabled],"Dangerous Attachment Extension","Dangerous Attachment Extension!",255,AND,Delete,TakesPrecedence,noreport,Body,contains,"Content-disposition: attachment;",Body,containsRE,"^\s?filename="".+\.(pif|scr|hta|cmd|bat|vbs|com|cpl|hlp)"""
[enabled],"Exe Attachment",".exe attachment",255,AND,TakesPrecedence,noreport,Body,contains,"Content-disposition:\ attachment;",Body,containsRE,"^\s?filename="".+\.exe"""
[enabled],"Spamis spam",SPAMIS,255,AND,Delete,TakesPrecedence,Body,contains,"Public Service Announcement Brought To You By SPAMIS",Body,contains,"SPAMIS NOTIFICATION"
[enabled],"Domain Renewal Phisher","Domain Renewal Phisher",16711680,OR,Blacklist,Delete,EntireHeader,contains,domainrenewal-online.com,EntireHeader,contains,domainrenewalonline.com
[enabled],"Top-Sites Domain Listings Spam","Top Sites",16711680,AND,Delete,Subject,containsRE,"^Please\ update\ (the|your)\ .+listing\ by\ ",EntireHeader,contains,www-goto.com,From,contains,"The Editor"
[enabled],MonsterCommerceSites,MonsterCommerceSites,16711680,OR,Blacklist,Delete,EntireHeader,contains,monstercommercesites.com,EntireHeader,contains,Tecamericajac
[enabled],"Word of Mouth spam","Word of Mouth",16711680,OR,Delete,From,contains,connectionAwarenessSystem@WordOfMouthConnection.Com,Subject,contains,"A Connection Has Been Made To: ",EntireHeader,contains,"Received: from PETER.WORD-OF-MOUTH.ORG",EntireHeader,contains,"Return-Path: <nobody@PETER.WORD-OF-MOUTH.ORG>",Body,contains,"Word-of-Mouth.Org Connection Awareness System",From,contains,awareness-system@word-of-mouth-connection.net,From,contains,support@wordofmouthreports.net,Body,containsRE,http://womc\.info|wordexch\.(com|biz)|SearchForMeOnline|GoFindMeOnline,EntireHeader,containsRE,peter\.wominfo\.net|BACKGROUND-RESEARCH\.INFO,Body,contains,"Someone just submitted a word-of-mouth connection about you at our website."
[enabled],"Emailing spammers","Emailers Spam",16711680,OR,Delete,Body,contains,"Celebrating Our 10th Year of Charity Emailings!",Body,contains,"Click to Advertise Your Site to",Body,contains,"Charity/Non-Profit Organization Contact:"
[enabled],"From Emailsniper.com",EmailSniper,16711680,AND,Delete,EntireHeader,contains,"Received: from themailsniper.com",Body,contains,http://www.themailsniper.com
[enabled],"Hospital Directory Spam","Hospital Directory",16711680,OR,Delete,Body,contains,"American Hospital Email Directory",Subject,contains,"hospital email addresses"
[enabled],"Thunderbird 2-Line Spam","Thunderbird Spam",16711680,AND,Delete,EntireHeader,contains,"User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)",EntireHeader,contains,"MIME-Version: 1.0",Body,contains,"Content-Transfer-Encoding: 7bit",Body,containsRE,"^[a-z,'!\.\s-]+\r\n^http://[a-z]+\.(com|net)\s<(http://[a-z]+\.(com|net)|(?-i)(GoTo|Info)\.\.\.)>\r\n\r\n-+0"
[enabled],"Image+Link Spam","Image+Link Spam",255,AND,Delete,EntireHeader,containsRE,"^X-MIME-Autoconverted:\ from\ 8bit to\ quoted-printable\ by\ .+\.info",Body,containsRE,"<a href=",Body,containsRE,3D.+\.info,Body,contains,"<img src=3D",Body,contains,<br>=93
[enabled],"Baby Supplies Spam","Baby Supplies Spam",255,AND,Delete,Subject,contains,Baby,Subject,contains,Supplies
[enabled],"Spam Domains in Header","Spam Domain (H)",16711680,OR,Delete,EntireHeader,containsRE,"^http-x-forwarded-for\ 065\.110\.05[4-5]\.+|sender\@mail1\.unlist\.net|64\.46\.114\.161|\.unlist\.net|codec\.ro|marshall\.cc|matrix\.net|tomparker\@another\-world\.com|mail\.bsbx\.net|bruffner\.com|pretension\.com",EntireHeader,contains,mail2world.com,EntireHeader,contains,dyn.optonline.net,EntireHeader,contains,dsl.brasiltelecom.net.br,EntireHeader,containsRE,^canada\.com$,EntireHeader,containsRE,(prod-infinitum|pongimmediate|vsteals)\.com,EntireHeader,containsRE,(fibertel|freedoomsat)\.com\.ar,EntireHeader,containsRE,"^Received: from (boardermail\.com|bolt\.com|moxmail16|sleepyseed\.com|boardermail\.com|email\.com|eadvertizing|bobolink|hkgolden\.com|1million2006\.com|saurabh\.info|lists\.aikiri\.com)",EntireHeader,containsRE,"Natalee\ Almonte|maintec\.com|Robin\ Keyes|Richard\ K\.\ Lee|ezagenda\.com|thefreesite\.com|hotpop\.com|minnietheminx\.com|malaysia\.net|prod-infinitum\.com|di-ve\.com|playful\.com|mc\.videotron\.ca|mozartmail\.com|adsl\.tele\.dk|routerhoster\.com|mchsi\.com|pollcadot|wise-expectations\.com|westcoastnovelty\.com|authenticinternetpromotions\.com|cliffordwindows\.com|mail4him\.com|bestbidding\.com|KINGCOOLER\.COM\.CN|mixmail\.com|freeoffers4you\.com|hotwireindia\.com|forex\ profits|proper\.com|blackburnmail\.com|andreaeberl\.de|worldnetcams\.com|tvsatbg\.net|online.*bid\.info|hooters"
[enabled],"SiteProtect Ebay Phishing Scam","Phishing Scam",255,AND,Delete,TakesPrecedence,ReturnPath,contains,.siteprotect.com,EntireHeader,contains,siteprotect.com,From,contains,"eBay Gifts"
[enabled],"Screensaver Trojan","Screensaver Trojan",255,OR,Delete,Subject,is,"Life is beautiful",Subject,is,"Life will be better",Subject,is,"Good summer",Subject,is,"help you",Body,contains,"filename=""bsaver.zip""",Body,contains,"cool screensaver in your attachment!",Body,contains,"Wanna more? Welcome to our site"
[enabled],"African Sender (419)","African Sender (419)",16711680,OR,Blacklist,Delete,EntireHeader,containsRE,"Received:\sfrom\s.*[\[\(]41\.\d{1,3}\.\d{1,3}\.\d{1,3}[\[\]\)]",EntireHeader,containsRE,"Received:\sfrom\s.*[\[\(]196\.\d{1,3}\.\d{1,3}\.\d{1,3}[\[\]\)]",EntireHeader,containsRE,"Received:\sfrom\s.*[\[\(]81\.199\.\d{1,3}\.\d{1,3}[\[\]\)]",EntireHeader,containsRE,"^Received:\ from\ .+41\.\d{1,3}\.\d{1,3}\.\d{1,3}",Body,containsRE,"(Tele)?phone\s\+?(0027|002[123456]\d)[\s_\*'-]\d{3,}"
[enabled],"1 Word Subject","1 Word Subject",16711680,OR,Delete,Subject,containsRE,"^[a-z'""\|\{\}\[\]]{7,8}$",Subject,containsRE,"^\d{7,8}$"
[enabled],"Subject All Caps","Subject All Caps",33023,AND,Delete,Subject,doesn'tContainRE,(?-i)[a-z],Subject,containsRE,.
[enabled],"No Subject","No Subject",16711680,AND,Delete,Subject,doesn'tContainRE,.
[enabled],"S P A C E D Subject (S)","S P A C E D Subject (S)",16711680,OR,Delete,Subject,containsRE,"[A-Z]([ \.\*:_-]+)([A-Z]\1){2,}[A-Z]",Subject,containsRE,"([A-Z]+[:=\.\-_]){3,}"
[enabled],"10 spaces in Subject",Spaces,16711680,AND,Delete,Subject,contains,"          "
[enabled],"Fake Domain Renewals","Fake Domain Renewals",16711680,AND,Delete,From,contains,"eNom Support Team",Body,containsRE,http://www\.enom\.com\..+.ru
[enabled],"Known Spam Domains","Known Spam Domains",255,OR,Delete,TakesPrecedence,Body,contains,.freehyperspace2.com,EntireHeader,containsRE,\.server4you\.de|staticip\.rima-tde\.net|emaillove\.net|\.cwazy\.net,EntireHeader,contains,.ono.com,EntireHeader,contains,".es ",EntireHeader,contains,Taipei,Body,contains,/group.php?group_id=152,Body,contains,/group.php?group_id=3D152,Body,contains,"sent from: iContact",EntireHeader,contains,"Received: from %RND_IP",Body,containsRE,"http://(www\.)?(\d\dvip-?2010\.com|.+\.cn/.*['""]>|.+\.cn$|.+\.ru|pages\.suddenlink\.net/|(cleans?\w{2,7}|healthcentral|heartremember|rangesure|sheetcome)\.com|highoptimism\.com|menshealth\.com|spamsoft)|http://.+\.tumblr.com|vvmarketv\.com|users\d\.Jabry\.com/.+",Body,containsRE,"(?-i)(Discovery\ Health|Men's\ Health\ Today|Health\s?Central|Plentiful\ Pleasures|US\ Pharmacy)",Body,contains,"Altera product announcements",Body,containsRE,"(?-i)P\.P\.\ Monthly\ Newsletter|SMART-LIST"
[enabled],"Consecutive digits or consonants",digits-consnts,16711680,OR,Delete,Subject,containsRE,"^[bcdfghjklmnpqrstvwxz0-9]{5,}"
[enabled],"URL Shortener Spam Link","URL Shortener Spam Link",16711680,OR,Delete,Body,containsRE,"http://(bit|ow)\.ly/[a-z0-9]{4,6}",Body,containsRE,"http://takeme\.to\.it/[a-z0-9]{4,6}",Body,containsRE,"http://(www\.)?dwarfurl\.com/[a-z0-9]{4,6}"
[enabled],"Blocked Countries","Blocked Country",16711680,OR,Delete,EntireHeader,containsRE,"^Received:\ from\ .+\.(ar|br|cn|co|jp|kr|ma|my|ng|pl|ro|ru|th|tr|vn|hinet\.net|orange.fr|ukrtel\.net)\b\s?"
[enabled],Spain,Spain,16711680,OR,Delete,EntireHeader,containsRE,"Received:\ from\ .*\[84\.12[0-3]\.\d{1,3}\.\d{1,3}\]",EntireHeader,contains,".ono.com "
[enabled],Turkey,Turkey,16711680,OR,Delete,EntireHeader,containsRE,"^Received:\ from\ (\[(85.10[56]\.\d{1,3}\.\d{1,3}|88\.234\..+\..+|194\.27\.\d{1,3}\.\d{1,3}|195.175\.\d{1,3}\.\d{1,3})\])|.+\.tr\)",EntireHeader,containsRE,"88\.255\.\d{1,3}\.\d{1,3}"
[enabled],"Hong Kong Spam","Hong Kong Spam",16711680,OR,Delete,Body,containsRE,^http://.+\.hk/\?.+
[enabled],"APNIC (Asia-Pacific)",APNIC,16711808,OR,Delete,EntireHeader,containsRE,"^Received: from [^[]*?\[(6[01]|20[23]|21[01]|21[89]|22[0-2])(\.[1-2]?\d?\d?){3}\]",EntireHeader,containsRE,"^Received: from [^[]*?\[(\[58|\[59]|6[01]|20[23]|21[01]|21[89]|22[0-2])(\.[1-2]?\d?\d?){3}\]",EntireHeader,contains,"SE Asia Standard Time",EntireHeader,contains,charset=big5,EntireHeader,containsRE,^Message-Id:\s.*<.+@.+\.cn>$
[enabled],"RIPE (Europe)",RIPE,16711808,OR,Delete,EntireHeader,containsRE,"^Received: from [^[]*?\[(62|8[0-2]|19[345]|21[237])(\.[1-2]?\d?\d?){3}\]",EntireHeader,contains,kpnplanet.nl,EntireHeader,contains,kpnxchange.com
[enabled],"LACNIC (Latin America)",LACNIC,16711808,OR,Delete,EntireHeader,containsRE,"^Received: from [^[]*?\[20[01](\.[1-2]?\d?\d?){3}\]",EntireHeader,containsRE,\.cable\.net\.co\b
[enabled],"Chinese Email","Chinese Email",16711680,OR,Delete,EntireHeader,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(gb2312|euc-cn|big5)",Body,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(gb2312|euc-cn|big5)"
[enabled],"Korean Email","Korean Email",16711680,OR,Delete,EntireHeader,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(ks_c_5601-1987|euc-kr|iso-2022-kr)",Body,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(ks_c_5601-1987|euc-kr|iso-2022-kr)"
[enabled],"Japanese Email","Japanese Email",16711680,OR,Delete,EntireHeader,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(euc-jp|iso-2022-jp)",Body,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(euc-jp|iso-2022-jp)"
[enabled],"IANA RESERVED","IANA RESERVED",180,OR,Delete,EntireHeader,containsRE,"^Received: from [^[]*?\[([1257]|2[37]|3[1679]|4[129]|5[089]|7\d|8[3-9]|9\d|1[01]\d|12[0-6]|17[3-9]|18[0-79]|19[07]|22[3-9]|2[34]\d|25[0-5])(\.[1-2]?\d?\d?){3}\]",EntireHeader,containsRE,"^Received:[^\n]*?[ []([1257]|2[37]|3[1679]|4[129]|5[089]|7[1-9]|8[5-9]|9\d|1[01]\d|12[0-6]|17[3-9]|18[0-79]|19[07]|22[3-9]|2[34]\d|25[0-5])(\.[1-2]?\d?\d?){3}[] ]"
[enabled],"Flagged by Spam Assassin","Spam Assassin",16711680,AND,Delete,TakesPrecedence,Subject,contains,*****SPAM*****
[enabled],XdomainY@domain,BlackList,0,AND,Delete,EntireHeader,containsRE,"^Received: from.*@(([\w\d]*)\.\w{2,4}).*^From:.*<\w{2,}\2\w+?@\1"
[enabled],"Craigslist Scammer","Craigslist Scammer",16711680,AND,Blacklist,Delete,EntireHeader,containsRE,"Received:\ from\ .+\.craigslist\.org",Body,contains,"CRAIGSLIST ADVISORY",Body,contains,"Hi, This morning I was reading Craigslist and noticed your post. ",Body,containsRE," I thought (=\r\n)?this could help you out.",Body,contains,"You have the ability to begin making money in a matter of days."
[enabled],"Thunderbird Spam","Thunderbird Spam",16711680,AND,Delete,EntireHeader,contains,"User-Agent: Thunderbird 2.0.0.16 (Windows/20080708)",EntireHeader,contains,"MIME-Version: 1.0"
[enabled],"Yahoo Calendar Invite Spam",filtered,16711680,AND,Delete,EntireHeader,contains,"X-Yahoo-Newman-Property: calendar-invite",EntireHeader,contains,X-Yahoo-Calendar-Iid:
[enabled],"Yahoo Search Spam","Search Engine Spam",16711680,AND,Delete,CC,contains,@yahoo.com,Body,contains,http://www.yahoo.com/////////////////////////////,Body,contains,"<td valign=""top"" style=""font: inherit;"">"
[enabled],"Spam Domains #1 (.biz in Body)","Spam Domains #1",16711680,OR,Delete,Body,containsRE,(fastherb|populartablets|broadcastemailingtoday|mxsoft|galamed|puremed|usdirect4u|hostingsmart|broadcastingtoday|starsoftpack|newdeals|healthcares4u|homestuff1|bonusoffer2u|great-offerz|inforn|healthypractise|greatmaleenhancement|unbelievabledealswholesale|vcustom432pills|desireouroffers|healthassist|theice3091rx|lowestpricing|augmay|hostagogo|&#104;osta&#103;ogo|0rder|ukpoint|refileads|3buymeripren|medsdepot|exechost|greathealthoffers|easyoffers|interpillss|emailpromo|directsecure|globalmarketing2000|erx45488rx|softwareforyou|powenei|zerosecond|noyoudaman|realforalldrugs|wowmedz|gwestar|payee|charterdrugs|cabledeals|fifthdimensionrx|firstassist|stock989rx|wholesalepharmasource|letmegetit|goodmedsnow|newcenturymeds|trytobeatthesedealz|wowrx|only-best-offers)\.biz
[enabled],"Spam Domains #5 (.info in Body)","Spam Domains #5",16711680,OR,Delete,Body,containsRE,(oijioju|perbox|bubxax|powermeds|yourbestmeds|dijhaffjej|phdoctor|CNZCNIE|fng112|thdcn6|dfhfks333|lsdkne|msenieje|12hen|nidueh|poiwer|polimardo|hfgti6|zss4|svniejf|gogocd|replicacollection|doublebenefit|gotxxxporn)\.info
[enabled],"Spam Domains #6 (.org in Body)","Spam Domains #6",16711680,OR,Delete,Body,contains,vcay.org,Body,contains,mojohost.org,Body,contains,ritehost.org,EntireHeader,contains,background-research.org,Body,containsRE,(broadcastadvertising|broadcastadvertise|broadcastingemail)\.org,Body,contains,kharch.org
[enabled],"Spam Domains #7 (click-click.ph in Body)","Spam Domains #7",16711680,OR,Delete,Body,containsRE,click\.com-click\.com|click\.com\.ph|click\.net-click\.net\.ph
[enabled],"Spam Domains #9 (Prefixes only in Body)","Spam Domains #9",16711680,OR,Delete,Body,containsRE,selcydc|loanz|getgoing\.+|getmeoff|wehavecheap|only-best-offers|multimed\.ws
[enabled],"Spam Domains #10 (Subject)","Spam Domains #10",16711680,OR,Delete,Subject,contains,"Take advantage of Cheap Canadian Drugs!",Subject,contains,"Researching you by word-of-mouth",Subject,contains,"hospital email addresses",Subject,contains,"Re: your web site details here"
[enabled],"Contains a V Card","V Card",26112,AND,Legitimate,Body,contains,BEGIN:VCARD,Body,contains,END:VCARD
[enabled],"Crush On You",Crush,16711680,OR,Delete,Body,contains,"This is our second attempt at contacting you because ",Body,contains,"someone you know has a crush on you.",Body,contains,"someone you know wants to reveal a secret crush.",Body,contains,http://www.quickhost.bz/webcamz/secretadmirer/
[enabled],"ADV (S) spam",Adv:,16711680,OR,Delete,Subject,contains,"ADV ",Subject,contains,"ADV: "
[enabled],"Your Resume is Excellent","Resume Spam",16711680,OR,Delete,Subject,contains,"Your Resume Is Excellent",Body,containsRE,http://www\.BLASTmyResume\.com/Tip,Subject,contains,"Resumes LIE",From,contains,Chosen,Subject,contains,"your resume is Excellent...",Body,contains,http://www.asap9.com
[enabled],"Career Advise SPAM","Job Spam",16711680,OR,Delete,From,contains,"Career Advice",Subject,contains,"The Construction Industry wants YOU!",Body,contains,"Learn to Make A Fortune With Ebay!"
[enabled],"Copy DVDs",DVDs,16711680,OR,Delete,Subject,contains,"Copy Any DVD",Body,contains,"You don't need to spend hundreds of dollars on a DVD burner"
[enabled],"Diet Patch Spam",Diet,16711680,OR,Delete,Subject,contains,"Amazing New Diet Patch",Subject,containsRE,"Diet Patch|D_iet Patch",Subject,contains,Free-Diet-Patch,Subject,contains,"Eat Normally and Loose Weight",Body,contains,http://www.slimpatchdiet.net,Subject,contains,"Guess who lost 25 pounds ",Subject,contains,"I couldn't take being fat anymore",Body,contains,www.therighthostforyou.com,EntireHeader,contains,bummer.com,Subject,contains,"Eat the foods you love while losing weight"
[enabled],"Digital Camera Spam",Digicams,16711680,OR,Delete,Body,contains,"The Worlds Smallest Digital Camera Has Arrived !!!",Subject,contains,"FWD: just released",Body,contains,http://www.ggfccrv.com/removeme.html,Subject,contains,"Amazing small digital camera!",Body,contains,"NEW Digital Mini-Cam! World's Smallest Ever... ON SALE NOW!",Body,contains,http://www.flyr3cx.com/cam3
[enabled],"Loans and Mortgages","Loan/Mortgage Spam",50406,OR,Delete,Body,contains,"William Burton",Body,contains,"Lenders compete for your business",Body,contains,"30 year fixed mortgage",Body,contains,http://product-service.net/sobe/remove/,From,contains,"Daily Mortgage Newsletter",Subject,contains,"Refinance ",From,contains,"Life Insurance Carriers",Subject,contains,"Save up to 70% on your life insurance",Body,contains,"This email was sent by The Mail Sniper",Subject,contains,"Mortgage rates"
[enabled],"Email Addresses on CDs","Emails on CDs",16711680,OR,Delete,Subject,contains,"CD's PACKAGE WITH 535 MILLION e-mail addresses",Body,contains,"We can Bullet-Proof your Web Site",Body,contains,"Email Addresses 535&nbsp; MILLION in a 5-disk",Body,contains,"(5 CDs 535 million addresses)",Body,contains,"To be removed from this list send a fax to 1-760-495-5906",Subject,contains," E-maiL AddRESSES? We have 535 miLLion (5cdS) ONLY 99.00",Body,contains,"Email Addresses 535  MILLION in a 5-disk set",Body,contains,"MULTILEVEL MARKETING OPPORTUNITIES:",Body,containsRE,(broadcastemailadvertise\.net|awayoutofdebtfast\.com|1ccms\.com),Subject,contains,"99 million emails for only $99"
[enabled],"Wholesale Business Services",".ws registrars",16711680,OR,Delete,From,containsRE,"Wholesale\ Business\ Services\ ,\ Inc\.",Body,contains,"REGISTER Your .WS (Web Site) Domain Names Now:",Subject,contains,"1st Page Search Engine Listings",Body,contains,"Never pay long distance charges again!!!"
[enabled],"W O R K Spam",CRAP,16711680,AND,Delete,ReturnPath,contains,@hotmail.com,To,contains,jobs@,Body,containsRE,@www\.didyouhirethem\.com
[enabled],"Work from home",HomeWork,16711680,OR,Delete,Subject,contains,"Start working from home Today!"
[enabled],"Adult (S)","Adult (S)",16711680,OR,Delete,Subject,containsRE,"XXX|(Adult|Mature) Content|Adults? Only|No Minors|Uncensored",Subject,containsRE,"(Rough|Hot|Teen).* Adult|Sex|Barely Legal Teen|Wet Teen|Teen (Action|Sweetheart|Orgies)|Bitch|Escorts|(^|\s)Cum($|\s|-)|C0ck|Pen[i1l]s|Lesbian",Subject,containsRE,"Sluts|Fuck|Pussy|Pussies|(Suck|Big|Massive|Large) Cock|Virgin\W|Hard-?core|Cumshot|\WCum\W|Suck My|Lesbo Site|Blow ?Job|Sex Videos|Hot(test)? .*P[i1l]cs",Subject,containsRE,(?-i)ADULT|COCKS,Subject,containsRE,"(Nude|Naked|Sex) .*Pic|Barely (Legal|Adult)|(Wet|Dripping|Hot) (Teens|Lesbians)",Subject,containsRE,"Adult Links|Sex (Show|Site)|Porn (Movies|Flick)|Married.+But.+Lonely|Hot Moms|Sexy Photo|Wet Sex",Subject,containsRE,"Horny.+(Housewives|Teens)|(Naked|Nude) (Lesbians|Women|Teens|Girls)",Subject,containsRE,Animals.+(Girls|Women)|(Girls|Women).+Animals,Subject,containsRE,"Tight(est)? (Pussy|Vagina)|Dicks|V[il1]rg[il1]ns|P0rn|L[o0][l1][il1]ta|Gang[ -]?bang| Dong|Hardc0re|H0rny|Cunt|Twat ",Subject,containsRE,"Schoolgirls|Co-Eds Shag for Beer Money!"
[enabled],"Adult (B)","Adult (B)",16711680,OR,Delete,Body,containsRE,"(Hot|Wet) Teen|Barely (Legal|Adult)",Body,containsRE,"(?-i)\WXXX\W(?i)|Site Secrets|Adult (Site )?Links",Body,containsRE,"\WCum\W|Hot Naked Women|Gang ?Bang|Fuck|Dildos",Body,containsRE,"Phone Sex|Married[ \.-]But[ \.-]Lonely",Body,containsRE,"You.{1,15}\d\d .{1,20}To Enter",Body,containsRE,https?://.*xxx.+$,Body,contains,@Sex2go.com/wmaster.asp,Body,containsRE,freshteenporn\.com|bigcocksporn\.com,Body,contains,farmsex.jpg,Body,contains,public.srce.hr
[enabled],"Bad ""From"" (F)","Blank From: Address (F)",255,OR,Delete,From,doesn'tContainRE,"[\w.-]+@([\w-]+\.)+[A-Z]{2,4}"
[enabled],"Bad ""X"" Header (H)","Bad ""X"" Header (H)",16711680,OR,Delete,EntireHeader,containsRE,X-BulkEmail|X-Removal,EntireHeader,containsRE,"X-Sender.*News Breaker",EntireHeader,containsRE,X-Adverti[sz]e?ment:,EntireHeader,containsRE,"X-Mailer.*(Aristotle Mail|Avalanche|E-Mail Magnet|Emailer Platinum.*Internet Marketing|eMarksman|Extractor Pro|Floodgate Pro|Group ?Mail|Mailcast|Millennium Mailer|motion sender|SuperSpam|WorldMerge)"
[enabled],"Cell Phone (S)","Cell Phone (S)",16711680,OR,Delete,Subject,containsRE,"Free .*(Phone|Cellular|Nokia|Motorola)",Subject,containsRE,"(Cell |Cell.?Phone|Cellular) .+(Free|Static|Reception)",Subject,containsRE,boost.+(Cell.?Phone).+Signal,Subject,containsRE,(Cell.?Phone).+Signal.+boost,Subject,contains,"Antenna Amplifier",Subject,containsRE,"Better.+Cell Phone"
[enabled],"College Degree (S,B)","College Degree (S,B)",16711680,OR,Delete,Subject,containsRE,"(Earn|University|College|Your|You Qualify).{1,20}(Degree|Diploma)",Body,containsRE,"(Earn|University|College|Your|You Qualify).{1,20}(Degree|Diploma)"
[enabled],"Computer (S)","Computer (S)",16711680,OR,Delete,Subject,containsRE,"(No More|Rid Of|Stop|Eliminate|Delete) .*(Pop.?Up|Adware|Spyware)",Subject,containsRE,Protect.Your.Computer,Subject,containsRE,Surf.+Fast,Subject,contains,"Screen Saver"
[enabled],"Credit Cards (S,B)","Credit Cards (S,B)",16711680,OR,Delete,Subject,containsRE,"(Gold|Platinum|Titanium|Approval|Guaranteed|Unsecured|Credit|No Deposit|Free|Get|Qualify).+(Master ?Card|Visa|(Credit|Gold|platinum).+Card|Approved|Approval)",Subject,containsRE,(Credit|Card).+(Approved|Approval|Accepted),Subject,containsRE,"(Get|New|Approved|Guaranteed|Apply).+ (Credit|Gold|Platinum|Titanium|Visa|MasterCard)",Subject,containsRE,"Accept.+Credit Cards|Merchant Account",Body,containsRE,"Accept.{1,15}Credit Cards|Merchant Account"
[enabled],"Dating Service (S,F)","Dating Service (S,F)",16711680,OR,Delete,Subject,containsRE,"(Find Your|Dream|Soul|Sexier).+Mate",Subject,containsRE,"(Are You|Meet Other|Chat With|Local|Contact) .*Single",Subject,containsRE,"True Love|Photos Of Singles|Find Someone Special|Meet Single People",Subject,containsRE,"(Some ?one|Guess Who) Wants To Meet You|Attract .*Instantly",From,contains,Dating,Subject,containsRE,"(Females|Singles|Women|Sexy) .* Your Area"
[enabled],"Dating Service (B)","Dating Service (B)",16711680,OR,Delete,Body,containsRE,"(Find Your|Dream|Soul)[\s-]Mate",Body,containsRE,"Quality Relationship",Body,containsRE,"(Are You|Meet Other).{1,15}Single",Body,contains,"Meet A Married Woman",Body,contains,sevmtnsci.com
[enabled],"Debt Consolidation (S)","Debt Consolidation (S)",16711680,OR,Delete,Subject,containsRE,(Debt|Bill).+(Payments|Relief|Free|Elimination|Help|Assistance),Subject,containsRE,"(Erase|Slash|Eliminate|Reduce|Cut|Too Much|Get Out Of|Credit Card|Away Your|Consolidate|Freedom From|Take Control|Solutions? To|Without|Clear|Paying) .*(Debt|Bills)",Subject,containsRE,"(In|Got|Overwhelmed|Too (Much|Many)|Wipe Out|Worry.+About|Dissolve|Monthly|More).+(Debt|Bills)",Subject,containsRE,"(Perfect|Rebuild|Get Back|Bad|Clear).+Credit",Subject,containsRE,"Consolidation|(Home (Equity|Loan))|Bill Free|Financial .*(Help|Assistance)",Subject,containsRE,"Back (Taxes|Child Support)",Subject,containsRE,"(Stop Making|Reduce) .*Payments|Lost.+Job",Subject,containsRE,"Tax (Problems\?|Debt)",Subject,containsRE,"(Halt|Stop) Creditor|Get Help.+Today|Your Bills|Owe\?|Past Due\?|Financial Stress|(Bill|Money) Problems| Bill .*Free|Monthly Payments|Your .*Finances",Subject,containsRE,"High.+Interest|Improve.+Credit.+(Instantly|Immediately)|Consolidate .*Loan"
[enabled],"Debt Consolidation (B)","Debt Consolidation (B)",16711680,OR,Delete,Body,containsRE,"Have Perfect Credit|Financially Free|Free (Yourself )?From Debt.*$",Body,containsRE,"Debt (Elimination|Consolidation)",Body,containsRE,"Tired of.{1,20}(Bill|Debt)"
[enabled],"Ebay Scams","eBay Scam",16711680,OR,Delete,Subject,containsRE,"Quit your .? job",Subject,contains,"learn to make a fortune with eBay",Subject,contains,"work on ebay",Body,contains,%random_word,EntireHeader,contains,"Profit huge with eBay!",Subject,contains,"Quit your job and work on ebay"
[enabled],"Embedded Object Exploit",Exploit-ObjectData,255,AND,Delete,Body,contains,"<object ",Body,contains,"data="""
[enabled],"Extended Blacklist (F)","Extended Blacklist (F)",255,OR,Delete,From,containsRE,[a-z]+\d\d\d\d[a-z]\d\d@,From,containsRE,[a-z]\d\d\d\d[a-z]\d\d\d\d@,From,containsRE,"([a-z]+_){2,}\d+@yahoo\.com",From,containsRE,"Reduce .*Debt|Deals|Financially",From,containsRE,"\?|Car Loan|Loans|Rewards|Credit|Instant|Special[ \._-]?offer|Offers|Vacation|Blowout|Compare|Coral[ \._-]?Calcium|Values",From,containsRE,\w+-replyto-\d+-d+@.+\.com
[enabled],".EU Domains Spam",".eu Spam",16711680,OR,Delete,Subject,contains,"Domain Landrush: YOURNAME.EU",Subject,contains,"Domain Landrush: ",Subject,contains,YOURNAME.EU,From,contains,"eu Registry Services"
[enabled],"Financial Investments",Stocks,16711680,OR,Delete,Subject,contains,"Latest OTC Recommendation",Body,contains,OTCBB,Subject,contains,"Urgent Investor Recommendation",Body,contains,"Hot OTC Stock",Body,contains,"LAST TWO MONTHLY PICKS:",Subject,contains,"Stock Ready to Breakout",Subject,contains,"Trading Alert of the Week ",Body,contains,"MINING STOCKS ARE EXPLODING!",Body,contains,"Urgent Stock Alert!",Body,contains,"California Investors Network Coalition"
[enabled],"Free/Win (B)","Free/Win (B)",16711680,OR,Delete,Body,containsRE,"Get.{1,15}Free (Membership|Info)",Body,contains,"Claim Your Complimentary"
[enabled],"Health/Beauty (S)","Health/Beauty (S)",16711680,OR,Delete,Subject,containsRE,"Feel .*(Healthier|Younger)|Reverse.Aging|Perfect Skin",Subject,containsRE,"(Stop|Quit) Smoking|Stimulate Hair",Subject,containsRE,"Penis.+(Enlargement|Bigger|Size)|Be Longer",Subject,containsRE,"Better Sex|Your Impotenc|Sexual Potency|Male Organ",Subject,containsRE,"Doctor Approved|Pheromones",Subject,containsRE,"Bigger Breast|Enhance Your Size|Size (Matters|Does Matter)",Subject,containsRE,"(Giant|Thick(|er)|Fuller|Big(|ger)|Large(|r)|Enlarge Your) (Pen[i1l]s|Johnson|Dick|Tool|Knob|Manhood|Breasts)",Subject,contains,"Size must matter to someone ",Subject,contains,"Male Package Enlarger",Subject,contains,"Length Increasement"
[enabled],"Health/Beauty (B)","Health/Beauty (B)",16711680,OR,Delete,Body,containsRE,"Enlarg(e|ing) Your Penis",Body,containsRE,"(Penile|Penis|Organ) Enlargement",Body,containsRE,"Large(|r) Penis",Body,contains,"begins in an unclean Colon!",Body,contains,"a good colon cleansing program.",Body,contains,justdoing.biz,Body,contains,www.medsdepot.biz,Body,contains,"male enlargement program"
[enabled],"Logo spam",Logos,16711680,OR,Delete,Subject,is,"Cheap logos for your business",Subject,is,"Professional Logo and Corporate ID Design"
[enabled],"Long Distance Spam","Long Distance",16711680,OR,Delete,Subject,contains,"15 Cents Per Minute on Long Distance Conferencing",Subject,contains,"Long Distance Conferencing",EntireHeader,contains,"X-Mailer: eGroups Message Poster",Body,contains,about-mtg.com/mortgage,Body,contains,http://www.about-mtg.com/mortgage/conf/
[enabled],"Money Making 2 (S)","Money Making 2 (S)",16711680,OR,Delete,Subject,containsRE,"%.+Money|Money.+%|Money Making",Subject,containsRE,"Advance Your Career|Career Advancement",Subject,containsRE,"Your Own Hours|Work(|ing).+When You Want|Employment Opportunity"
[enabled],"Money Making (B)","Money Making (B)",16711680,OR,Delete,Body,contains,"No Experience Necessary",Body,contains,"Per Week!",Body,containsRE,"(Earn(ing|)|Make) Money .{1,15}From Home",Body,contains,"Make Up To $"
[enabled],"Pharmacy (S,B)","Pharmacy (S,B)",16711680,OR,Delete,Subject,containsRE,V[i1l]agra|Erectile,Subject,containsRE,"(?-i)HGF|HGH(?-i)|Human Growth|Hgh|Huuman Growth Hormone|H\*G\*H",Body,containsRE,"Growth.+Hormone|(?-i)HGH|HGF|H G H 1000(?i)",Subject,containsRE,"Let Our Doctors|Prescribed OnlineLOWEST Prices of Drugs ANYWHERE",Body,containsRE,"Online (Prescription|Rx|Drug|Pharmacy)",Subject,containsRE,"Online (Prescription|Rx|Drug|Pharmacy)",Body,containsRE,"Prescription Drugs Online|bestexpressmeds|Offshore Pharmacy!",Subject,containsRE,"Non.?Prescription|Herbal Alternative",Body,contains,http://www.rxmedsusa.com/,Body,contains,"drugs online with NO prescription required."
[enabled],"Prescription Drugs",Drugs,16711680,OR,Delete,Subject,contains,"LOWEST Prices of Drugs ANYWHERE",Body,contains,"All New Online Pharmacy with BEST DEALS! GUARANTEED LOWEST PRICES",Body,contains,http://www.pharmacyworldwide.biz/pharm/,Body,contains,www.tolast55.com,Body,contains,"OUR DOCTORS WILL WRITE YOU A PRESCRIPTION FOR",Body,contains,.instrhh.com
[enabled],"Weight Loss (S)","Weight Loss (S)",16711680,OR,Delete,Subject,containsRE,We[i1l]ght.Loss,Subject,containsRE,(Lose|Melt).+(LBS|Pounds|We[i1l]ght|Fat),Subject,containsRE,"Dieting|Unwanted (Weight|Pounds)",Subject,containsRE,"Fat Burn(ing|er)|Burn(ing|) Fat",Subject,containsRE,"Get.+Firm Abs"
[enabled],"Hospital Directory Spam","Hospital Directory",16711680,OR,Delete,Body,contains,"American Hospital Email Directory",Subject,contains,"hospital email addresses"
[enabled],".WS Domain Spam","Domain",16711680,OR,Delete,From,contains,"Domain Hostmaster",Subject,contains,".WS is growing faster than .COM",Body,contains,"*  Have a nicer looking email address?",Body,contains,"The .WS (WebSite) domain is GLOBAL and is recognized by over 6 Billion people",Body,contains,"My name is Ed Green and I want to show you something interesting that you can try on the web right now.",Body,contains,"Pull up your web browser and type: www. <firstname-lastname> .ws",Body,contains,http://www.LeadsOnline.ws/mjsmith/,Subject,contains,".WS (WebSite) Domains ",Body,contains,"The .WS ""WebSite"" Domain Name Registry is the #37 fastest growing",Body,contains,"Get a .ws (WebSite) globally accessible domain name."
[enabled],"Misc. Ads (S)","Misc. Ads (S)",16711680,OR,Delete,Subject,containsRE,"(?-i)GUARANTEED(?i)|[,-] Guaranteed",Subject,containsRE,"Pennies A Day|As Seen On|Act Now|Risk Free|Get.+(Today|Now)!",Subject,containsRE,"(Seized|Unclaimed) (Property|Properties)",Subject,containsRE,"In (Just|Only) (Minutes|Moments)",Subject,containsRE,"^Now Available|Try Our New|We Can Help|No Cost",Subject,containsRE,Call\s\S*\d\d,Subject,containsRE,"Lowest (Price|Rate)|Save (Hundreds|Thousands)",Subject,containsRE,"100% (Safe|Effective|Guaranteed)|Guarantee .*Results|Results Guaranteed|Cut.+ Cost",Subject,containsRE,"No.Obligation|No.Risk|Seen On TV|Limited Time|Join Now|\sNow!|Why Wait",Subject,contains,"paris hilton caught on cam"
[enabled],"Random phoney email prefixes","Phoney prefix",16711680,AND,Delete,From,containsRE,[a-z]+\d+[a-z]+\d+,From,containsRE,\d+[a-z]+\d+[a-z]+
[enabled],"Questionable Link (B)","Questionable Link (B)",33023,OR,Body,containsRE,http://[1-9],Body,containsRE,"Click.{1,20}To Order",Body,containsRE,http://[\w\.]+@,Body,contains,"href=""http://massivefreehosting.com"
[enabled],"Contains Script (B)","Contains Script (B)",33023,OR,Delete,Body,contains,"SCRIPT LANGUAGE="
[enabled],"Save Gas",Gas,16711680,OR,Delete,Body,contains,http://www.azxq.org,Subject,contains,"save gas",Subject,contains,"save on gasoline now"
[enabled],"Suspicious Routing* (H)","Suspicious Routing (H)",33023,OR,Delete,EntireHeader,containsRE,Received:.+(\.ru|\.rr|\.cz|\.ro|\.md|\.fi|\.dk|\.vu|\.kr|\.no|\.ar|\.br|\.jp|\.tw|\.cn|\.nl|\.co|\.in|\.se|\.ac|\.it|\.fr|\.tr|\.be|\.at|\.za)\W
[enabled],"Suspicious Origin (F)","Suspicious Origin (F)",33023,OR,Delete,From,containsRE,@(msn\.com|yahoo\.com|hotmail\.com|excite\.com|aol\.com),From,containsRE,you(rmail|rdomain)\.(net|com|org|cc),From,containsRE,friend@public\.(net|com|org|cc),From,containsRE,"promotions?|bargains?|Screen ?Saver",From,containsRE,Anybody|Anyone|Bulk|Casino|Credit|Everybody|Everyone|Friend|Hotdeals|Nobody|Promo|Savetrees|Winner|User|XX+|Free|AutoQuote,From,containsRE,offers|sav(e|ings)|special|free|hotdeals|wincash,From,containsRE,"Inkjet ?Cartridges",From,containsRE,"Relief From|Concerned|Work At Home",From,containsRE,Suffering|Unwanted|Guaranteed|opt[\._-]?in,From,containsRE,"(.)\1{3,}|(.+_){2,}|([A-Z]+[\.\-_]){3,}"
[enabled],"Invalid Header Field (F,H)","Invalid Header Field (F,R,H)",16711680,OR,Delete,EntireHeader,doesn'tContainRE,(?m)^Message-ID:\s<.+@[\w\.-]+>,EntireHeader,doesn'tContainRE,"(?m)^Date:\s([A-Z]{3},\s)?\d{1,2}\s[A-Z]{3}\s\d{4}\s\d{1,2}:\d{2}(:\d{2})?\s(([+-]\d{4})|([CEMP][DS]|GM|U)T)"
[disabled],"Misc. Ads (B)","Misc. Ads (B)",16711680,OR,Delete,Body,containsRE,"Revealed.{1,10}Pros\W",Body,containsRE,"Money.Back Guarantee|Real Savings On",Body,containsRE,"Dear Homeowner|No Credit Card|To Learn More",Body,containsRE,"Risk.Free Trial",Body,containsRE,"(Special|Limited|Limited Time).{1,25}(Offer|Opportunity)",Body,containsRE,"Get Your Free|Order Now And Get",Body,contains,go-mtg.com/mortgage/conf/rm.html,Body,contains,ukpoint.biz,Body,contains,"Swift Logos",Body,contains,"Fun! New Mini Remote Control Cars & Boats!"
[disabled],"Male Enhancement [B]","Male Enhancement",16711680,OR,Delete,Body,contains,"a man that is big",Body,contains,"inches in length is now possible",Body,contains,"3 inch, its up to you",Body,contains,"Want 1 inch more or 3 more inches?",Body,containsRE,"(inch(es)?|larger?|stronger|true|tiny|your?)\ (lovemaking|manh[o0]{2}d|masculinity)|your\ (D[il1|]CK|love\ (stick|tool)|sex|willy)|(a|your)\ (huge|giant|larger|longer|massive)\ (\d{1,2}\sinch\s)?(shotgun|tool)",Body,containsRE,"(bat|bulge|monster|python|rocket|rod|snake|tool)\ in\ your\s{0,3}(pants|trousers)|trouser\ (mouse|snake)",Body,containsRE,"\bbest\ climax|Penetrate\ her|Make\ her\ moan|(boner|c[o0]ck|dic'k|d1ck|elongate|erections?|man\ (meat|pole|tool)|masculinity|masculine\spower|p3nis.?s|pen[i1!]s|phallus|sc?h[l1][o0]ngs?|sexually|s'e_x|se>\.?<|\$e><|(my|your|huge|larger|perfect)\ (new\s)?(dic'?k|manhood)|dic'?k\ big(ger)?|\bpeckers?\b|p[o0]rnstar.{0,2}|VPXL|Maxgain)\b",Body,containsRE,"Bodypart|Phallus|Fuck\s?(stick|weapon)|love\ (banana|gun|stick|toy|wand|weapon)|lovemaking|(male|organ)\ (enhance|enlarge|improve|supple)ment|sex\ life|much\ bigger\ now|problem\ with\ your\ size|size\ (really\ )?does\ matter|size\ matters|sex\ is\ great\ .+satisfy\ her|FDA\ Approved|(herbal|organic|wonderful)\ en(hanc|larg)ement\ (formula|method|pills|suppliment)|(my|your|main)\ (love|main|masculine)\ muscle|(their|your)\ (enlarged|huge)\ (organ|package|prick|shaft)|satisfy\ (more\s)?women",Body,containsRE,"(girls|women)\ .*laugh\ at\ (m[ey]|your)|my\ girl\ loves\ the\ new\ me|my\ wife\ has\ never\ been\ happier|(Get|make)\ it\ bigger|a\ (big|huge|larger)\ you|Increase\ \w{2,4}\ size|add\ \d\ inches|problems?.?with.*size|(Amazing|Great)\ lovemaking|improves?\ your\ self-esteem|huge\ manhood|well[-\s]hung|super\ size\!",Body,containsRE,"(little|small|big(ger)?|enlarged|hard(er)?|huge|larger?|stronger|thick(er)?)\ ((fat|hard|male)\ )?(coc?k|d[i1]c?k|PE!?$|pen\sis|organ|package!|sc?hl[o0]ng|stick|tool|weener|willy)",Body,containsRE,"\bGain(ing)?\ (\d\+\s)?Inches\b|\badd\ inches\ in\s|gain\ in\ size|\d-\d\ inches\ (in|of)\ growth|add\s\d-\d\sinches\s(in|of|to)\slength|Amazing\ growth",Body,containsRE,"(big|improved|long(er)?)\ (hard\s|strong\s)?dick|GROW\ longer\ and\ harder|larger\ and\ thicker|small\ \$ize|(massive|muscular|huge)\ manhood|enlarge\ your|pleasure\ rod|dick\ thickness",Body,containsRE,"girth,?\s( and\s)?(length|lenght)|(length|lenght)\ and\ (girth|thickness)"
[disabled],"Example filter - Mail sent to ""Undisclosed recipients"" (ie not specifically me)","undisclosed recipients",16711680,AND,Delete,To,contains,undisclosed,To,contains,recipients