// MailWasher Pro filter rules #1, compiled by "Wiz" Feinberg, from www.wizcrafts.net.
// Can be used to replace the default rules, saved to your MWP profile data folders as filters.txt.
// This page is a child of: http://www.wizcrafts.net/mailwasher.html and http://www.wizcrafts.net/mwp-filters.html where you can get MailWasher Pro, or learn more about it.
//
// If these rules prove beneficial to you, please make a donation, at: http://www.wizcrafts.net/donations/
// Thanks :-)
//
// READ THESE NOTES
// // Indicates a comment, and is not parsed.
//
// IMPORTANT READ THE FOLLOWING!
// If you make changes to this file while MailWasher Pro is running, the changes will be overwritten when MailWasher Pro is closed.
// To be safe, close MailWasher first,then edit the filters. Or, edit them within MailWasher using the Filter Sidebar (Control + F7).
// I have had reports about corruption when copying and pasting my filters into existing filters.txt files. Most of the time this is caused because the text editor you are using is allowing a mixture of Unicode and Ascii entries to be copied.
// If you experience MailWasher wiping out the pasted in filters, after you re-open it (assuming it was not running at all when you saved the changes), do this.
// When copying and pasting some or all of these filters into your own "filters.txt," if you are using a text editor that is unicode-aware, you should not just SAVE the file. Rather you should use the "Save AS" feature to save the file as either all ASCII or all UNICODE. MailWasher will accept either, but can only deal with one at a time.
//
// Personally identifiable rules have been deleted from this list. You should create your own rules to deal with your domain name or email address in the Subject or From fields.
// Sample rule for spam sent to an non-existent account on your Domain server, - contacts@yourDomain ...
// (ex:)  [enabled],"contacts@YourDomain.com","Contacts Spam",16711680,OR,Hidden,Delete,Automatic,To,contains,contacts@YourDomain.com,EntireHeader,contains,contacts@YourDomain.com,Subject,contains,contacts@YourDomain.com,From,contains,contacts@yourDomain
// The following are actual, functional rules, ready to drop in to your existing Mailwasher Filters. There may be duplicates because some are from common rules sources.
// There must not be any blank lines from the start of the list to the end. Each rule must be on one continuous line, with a linefeed between rules. The last rule must end at the end of it's line, without a linefeed!
// Turn off word wrap to view these rules.
// Be sure you add your friends and contacts to your Friends List, or the image spam filter rules may delete email you wanted.
// Removed undesirable "Bounce" directives on August 8, 2007. Bouncing no longer works for modern spam as the Return To and From field is always forged and is sent from zombie botnetted home or office computers.
// Bouncing also creates more backscatter of useless, undeliverable email, which email servers must deal with.
// Email matching rules will be flagged as the various types of spam but you will have to delete them manually, by clicking the "Process Email" button.
// You can change the action back to automatic, hidden, or blacklist if you wish, by editing the action rules here, or with MailWasher Pro's Filter sidebar.
// Please read the Blocked Countries filter and remove any extensions for Countries you get legit email from. Use caution with all of the Country-based filters! Disable any that block legitimate foreign email.
// Removed all instances of actions "Hidden," "Automatic," and "Blacklist" on August 11, 2007
// Temporarily disabled the image spam filters because this type of spam is dying. Subject to instant reactivation!
// This is the master filters.txt and includes old filters from years gone by, as well as the most current.
// Rearranged filters according to my own usage; most current rules nearest the top; catch-alls near bottom.
// December 2, 2007: (Split Pharmaceuticals and Male Enhancement filters into separate detections for Subject [S] and Body [B] word matches. Merged Canadian Pharmacy filter into Pharmaceuticals.)
// January 3, 2008, I have begun anchoring the starting characters on new lines with ^ to improve rule processing. Many rules are getting updated to include this, as is appropriate.
// January 17, 2008, I added a new filter to detect the same domain name on both sides of @ sign, in "From:" field. Removed part of .info sender filter to speed up processing.
// Last Updated on September 5, 2008 {2x} (Added Google Phishing Scam. Updated Trojan Video Link [B], Known 1-word spam subject, Viagra.com Spam, Viagra Spam [S], and Male Enhancement [S] & [B] filters.)
// All of these comments will be erased as soon as you save this file as filters.txt and activate MailWasher Pro. Keep a copy of this file on hand.

[enabled],"AVG Returned Email","AVG Bounces",16711680,OR,Delete,Body,contains,"This is the AVG E-mail Scanner program.",Body,contains,"I'm sorry to inform you that the message",Subject,contains,"Undelivered Mail Returned to Sender"
[enabled],"Restored by MWP","Restored by MWP",26112,AND,Legitimate,TakesPrecedence,EntireHeader,contains,"Resent-From: ""MailWasher Pro recycle bin"""
[enabled],"Mailwasher Reports","MWP Report",26112,AND,Legitimate,Subject,contains,"MailWasher Pro summary"
[enabled],"Multiple Forwarded Messages","Multiple Forwarded Messages",16711680,AND,To,containsRE,"(.+@.+,\s){5,}",Subject,contains,FW:
[enabled],"Angelina Jolie Video Trojan","Angelina Jolie Video Trojan",255,AND,Delete,TakesPrecedence,Subject,containsRE,"An[gj]elina\s{1,2}(Jolie\s)?(Free|naked|nude|XXX)?\s(movie|Video)|Jolie\ naked"
[enabled],XdomainY@domain,BlackList,0,AND,Delete,EntireHeader,containsRE,"^Received: from.*@(([\w\d]*)\.\w{2,4}).*^From:.*<\w{2,}\2\w+?@\1"
[enabled],"Fake Windows Update","Exploit Link",16711680,AND,Delete,TakesPrecedence,Subject,contains,"Official Update",Body,containsRE,"/.+\.exe"">"
[enabled],"Trojan Video Link [S]","Trojan Video Link",16711680,OR,Delete,Subject,containsRE,(Kick-up|News)\s-.+-\svideo,Subject,contains,"video without cowards",Subject,contains,"Re: Delivery Protection",Subject,is,"BREAKING news",Subject,is,"Weekly top news"
[enabled],"Trojan Video Link [B]","Trojan Video Link",16711680,OR,Delete,Body,containsRE,"(Kick-up|New|Shocking)\s(presentation|video)|video\ without\ cowards|mp3\ is\ shocking|Interesting\ (cd|mp3|mpeg4)|Stunning\ (mpeg4|porno|video)|porno\ dvd",Body,containsRE,"Download\ and\ watch|Download\ (it\s)?now\!|get\ this\ kick-up\ cd|Look\ (at\s)?it\ now\!",Body,containsRE,"/(play(er)?|mov|stream|vid|video_?\d?|watchit)\.exe"">",Body,contains,"Download VIDEO",Body,contains,"Open video",Body,contains,/paris_hilton,Body,contains,"PUSH TO WATCH",Body,contains,"Shocking movie",Body,containsRE,"/index[0-9]{1,2}\.html"">"
[enabled],"Trojan Video Link [S&B]","Trojan Video Link",16711680,AND,Delete,Subject,containsRE,"Britney\ Spears|(Paris|Barron)\ Hilton",Body,containsRE,"\.exe"">|/index_?\d{1,2}\.html"">"
[enabled],"Exploit Link","Exploit Link",16711680,OR,Delete,Body,contains,"Please read the attachment to get the message",Body,contains,"Please read the attachment.</A>",Body,contains,"have attached your document.</A>",Body,containsRE,http://.+/(begin|checkit|default|first|fresh|index1|gowatch|live(streaming)?|lol|main|news|r|showvideo|start|stream(ing)?|topnews|up|viewmovie|watch|watchit|whatsup)\.html(</a><br>)?(\r\n)?,Body,contains,/viewmovie.html,Body,containsRE,"/(install|msvideoc)\.exe"">",Body,containsRE,".(avi|mpg).exe"">",Body,containsRE,"/(best|index1|up)(\.|=2E)php""",Body,contains,"American soldiery",Body,containsRE,"(?-s)^Content-Transfer-Encoding:\ quoted-printable\r\n\r\n^.+http://.+/.+\.html$\r\n^------=_NextPart_"
[enabled],"Fake Daily Top 10","Exploit Link",16711680,AND,Delete,Subject,contains,"CNN.com Daily Top 10",From,contains,"Daily Top 10",From,doesn'tContain,cnn.com
[enabled],"Fake CNN Alerts","Exploit Link",16711680,AND,Delete,Subject,contains,"CNN Alerts: ",From,doesn'tContain,cnn.com,EntireHeader,doesn'tContainRE,"^Received:\ from\ .+\.cnn\.com\ \(\[64\.236\.31\.[0-9]+\]\)$"
[enabled],"Fake Msnbc Alerts","Exploit Link",16711680,AND,Delete,Subject,contains,"msnbc.com - BREAKING NEWS:",From,doesn'tContain,msnbc.com
[enabled],"Known Spam Subjects #1","Known Spam Subjects",16711680,OR,Delete,Subject,containsRE,"^\d\d% discount$",Subject,contains,"Can you tell me what's wrong, and how we can fix it?",Subject,contains,"No more embarrassment",Subject,contains,"New size for Men",Subject,contains,"U on board",Subject,contains,"huge dignity",Subject,contains,"Won't forget last night",Subject,contains,"Realize all of her dreams",Subject,contains,"re:Nobody will know bout your problems",Subject,contains,"Get on this right away",Subject,is,"Batteries included",Subject,containsRE,(?-i)^Mego\s.+,Subject,containsRE,^(?-i)(MSG\s)?ID:\d{5}\s.+
[enabled],"Known Spam Subjects #2","Known Spam Subjects",16711680,OR,Delete,Subject,contains,"For every men of different ages unique decision",Subject,is,"What time is okay for you",Subject,contains,"We provide for you a real advantage to turn her on",Subject,contains,"Our best decision is suitable for every age",Subject,contains,"She will call you Macho",Subject,contains,"Legendary Hero of rumors",Subject,contains,"Extend your possibilities in your private life",Subject,contains,"Know her from the sexual side how is she inside exactly",Subject,containsRE,"(guys|Mens?)\ (Love|Need)\ This|Are\ you\ ...\?|XXX\ Video",Subject,containsRE,"size\ increase|(luck|pleasure)\ in\ love|\b(?-i)[GH]uu\w{2,}|virility|bikini\s.*shoot",Subject,contains,"The most powerful weapon for your battles",Subject,contains,"Fast Shipping WorldWide",Subject,containsRE,"(Best|Finest|Good)\ [a-z]{3,}\ (propos(al|ition)|solution|suggestion)"
[enabled],"Known 1-word spam subject","Known 1-word spam subject",16711680,OR,Delete,Subject,containsRE,^(attehuor|fumerent|herkapit|Hermes|idaza|atiohar|ne-gnorw|nidnalad)$,Subject,containsRE,^(Best|Electronics|Good|Super)$,Subject,is,Rwd:,Subject,is,Vulcan!,Subject,containsRE,^[0-9]{4}$
[enabled],"Hidden ISO Subject","Hidden ISO or Ascii Subject",16711680,OR,Delete,EntireHeader,containsRE,^Subject:[^\n]*?=?ISO-8859-[^\n]*?\n,EntireHeader,contains,"Subject: =?us-ascii?"
[enabled],"Known Spam [From or Body]","Known Spam [F or B]",16711680,OR,Delete,Body,contains,"The most powerful weapon for your battles",Body,containsRE,"SpamIt\.com|8th\ march\ is\ almost\ here",Body,containsRE,"\b(show\ woman\ you(rself)?\ care|(many|Your)\ w[eo]men)\b",Body,contains,"The finest of products, at the lowest of prices:",EntireHeader,containsRE,"^From:\s{1,3}(ph[ra]{2}macy|(?-i)E-STORE|\{|\}|""=\?ISO-8859-1\?Q\?)",Body,contains,"Your tool can only get BIGGER",From,containsRE,^i?Ci?a.?li?s\b,Body,containsRE,"^Satisfy\ (your\ (girl|wom[ae]n)|her\b)",Body,contains,"gift for your lover",Body,contains,"Make her worship you"
[enabled],"Known Spam Domains","Known Spam Domains",255,OR,Delete,Body,contains,.freehyperspace2.com,EntireHeader,contains,.server4you.de,EntireHeader,contains,.ono.com,EntireHeader,contains,".es ",EntireHeader,contains,"User-Agent: Microsoft-Entourage/12.1.0.080305",EntireHeader,contains,Taipei,EntireHeader,contains,Ö,EntireHeader,contains,"Received: from %RND_IP",Body,contains,http://heartremember.com
[enabled],"Nigerian 419 Scams","419 Scam",16711680,OR,Delete,Subject,is,"URGENT AND CONFIDENTIAL",Subject,containsRE,"(?-i)(CONFIDENTIAL\s)?(MUTUAL\s)?BUSINESS\ PROPOSAL|UNITEDN\ NATION|CONTACT\ ATM\ DEPARTMENT|Director,\ United\ Nations",Subject,containsRE,"(?-i)^CONTACT\ .+\ (COURIER\ COMPANY|ATM\ DEPARTMENT)",Subject,containsRE,"(?-i)TREAT\ (AS|VERY)\ (CONFIDENTIAL|URGENT)|(EMINENTLY|STRICTLY|URGENTLY)\ CONFIDENTIAL",Body,containsRE,"^(?-i)\*?Dear\ (Sir/Madam|Friend),\*?(<br>)?$",Body,contains,"URGENT AND CONFIDENTIAL",Body,containsRE,"Bank\ of\ (Nigeria|Benin|(South\s)?Africa)|Benin\ Republic|Republic\ of\ Benin|Director,\ United\ Nations",Body,containsRE,"unclaimed\ (benefits|funds)",Body,contains,"contacting you based on Trust",Body,containsRE,"(Kind\s)?Attn:\s?Beneficiary|^(Hello\s)?(MY\s)?(DEAR\s)?(GOOD\s)?FRIEND[,.]|^Atte?n:Dear\ Friend,|^(Attn,\s)?My Dear\ (Beloved|Friend)[,.]$|^ATTENTION\s?:\s?BENEFICIARY.?$|(?-i)<STRONG>Kind\ Attn:\s?</STRONG>|(?-i)<STRONG>Beneficiary",Body,containsRE,"demurrage|dumourage|Clearance\ Certificate\ (\r\n)?Fee|keeping\ fees|(?-i)IMMEDIATE\ RELEASE\ OF\ YOUR\ PAYMENT|(I\ am|My\ name\ is)\ Barrister"
[enabled],"&nbsp Spam","&nbsp Spam",16711680,AND,Delete,Body,contains,"<TR style=3D""background-color:#33CCFF "">",Body,contains,<TD>&nbsp;</TD>,Body,contains,"<TD style=3D""background-color:#33CCFF "">&nbsp;</TD>",Body,containsRE,"\.(com|net)"">Click here</A></P>"
[enabled],"Postcard Trojan Scam","Postcard Scam",16711680,AND,Delete,Subject,containsRE,"\b(e-?)?(card|greeting|postcard|new\ year|Happy\ 2008!|New\ Hope\ and\ New\ Beginnings|new\s.*year)",Body,containsRE,"\b((e-?)?(post|greeting\s)?card)|new\ year\b",Body,containsRE,"^http://(\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/|(.*postcards?.*|newyearwithlove|.+2008|happy.+cards?|happy2008.*?)\.com/?)"
[enabled],"Numeric IP Link","Numeric IP Link",16711680,AND,Delete,Body,containsRE,"^.*http://\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}/",EntireHeader,doesn'tContainRE,"^Message-ID:\ <.+@mail.gmail.com>"
[enabled],"Viagra.com Spam","Viagra Spam",16711680,OR,Delete,TakesPrecedence,From,contains,viagra.com,From,containsRE,VI[A@]G®A|VIAGR[A@]|Viag.?ra|viagar|ivagra|v[ia]{2}gra|v[iy]arga,EntireHeader,contains,wizd(ist|om).com,From,contains,"® Official Site",Subject,containsRE,"^(RE:\ )?(January|February|March|April|May|June|July|August|September|October|November|December)\ \d\d%\ OFF\s?$",Subject,containsRE,"^Your\ Order\ Status\ ID:\ [A-Z]{11,}"
[enabled],"Image Spam #11","Image Spam #11",16711680,OR,Delete,TakesPrecedence,Body,containsRE,"^<(center|/style)>\r\n^<a\ href=""http://.+\.(ca|cn|com|net|org|info)""><img\ src="".+/.*\.gif"">\r\n^<style>$",Body,contains,img0.gif,Body,contains,"alt=3D""Want to request ? It's easy to make a request online."
[enabled],"Viagra Spam [S]","Viagra Spam",16711680,OR,Delete,TakesPrecedence,Subject,contains,"Always be ready.",Subject,contains,impotency,Subject,contains,se>.<,Subject,contains," dysfunction",Subject,contains,$_e'xual,Subject,containsRE,blue.?pills?\b,Subject,is,"Be ready.",Subject,containsRE,cialis|levitra|viagra|Pfizer
[enabled],"Misspelled Viagra [S]","Misspelled Viagra [S]",16711680,OR,Delete,Subject,contains,VlsAGRA,Subject,contains,VIAGQRA,Subject,contains,Vlagrxa,Subject,containsRE,"^V.{4,6}a\s\d\d\s?mg",Subject,containsRE,(V|\\/|/)[i|l!1]agr[a@],Subject,containsRE,\bv.*i.*a.*g.*r.*a[^b-z\s]?\b,Subject,contains,Vyagra,Subject,containsRE,(?-i)V[iy]a(rga|gar|gra),Subject,contains,Vgaira
[enabled],"Vertical Text Viagra and Cialis",Viagra,16711680,AND,Delete,Body,containsRE,"^(?-i)(DIV|P)\.?[a-z]?:first-letter\ \{.+FONT-SIZE:\s300%;\sCOLOR:\s(green|gray|#[a-gA-G0-9]{6})\r\n\}\r\n",Body,containsRE,"(?-i)<TD noWrap align=3Dleft><A\ style=3D""TEXT-DECORATION:\ (=\r\n)?none""",Body,containsRE,"href=3D""http://www\..+\.[a-z]{2,3}/""\ target=3D_blank>",Body,containsRE,"(?-i)(<(DIV|P)\ class=3D[bg]>[ACGIRLSV][a-z]+[,;\.]?</(DIV|P)>(</A></TD>)?\r\n)"
[enabled],"Male Enhancement [S]","Male Enhancement",16711680,OR,Delete,Subject,containsRE,"your\ (male\ p[a@]ck[a@]ge|copulation|lovemaking|manliness|masculinity|new\ tool|rod|weener|willy)|Bodypart|(giant|gigantic|male)\ tool|manly|Masculine|(harder|thicker)\ and\ longer|penetrate",Subject,containsRE,"add\ (\d\s)?inches|\d\ inn?cc?hes|girth,?\s( and\s)?(length|lenght)|(length|lenght)\ and\ (girth|thickness)|thickness\ (a[nd][dn])\ length|long(er)?\ and\ thick(er)?",Subject,containsRE,(big.?|fuck.?|hard|gigantic.?|love.?)(sausage|stick|pecker|rod|weapon),Subject,containsRE,"huge\s?(dic'?k|dignity)|problems?\swith\ssize|size\ (really\s)?(does\s)?matters?|I've\ gained\ an\ inch|your\ dic?'?k\ size|rock\ hard|Upsize\ your\ DlC?'?K|(Enlarge|Super-Size)\ It|Impress\ .*wom[ae]n",Subject,containsRE,"(boner|blue\ balls|c[o0]ck|\bcum\b|d1ck|dic'?k|\bdong\b|ejaculat(e|ion|ory)|ejauclation|elongate|enhancement|enlarge(d|ment)|enlarge\syour|Erectile|Erection|flaccid|pen.?[i1l!]s\b|p[e3]nis|pen-nis|p\ e\ n\ [i1l]\ s|phall(i|us)?|prick|sex(ual)?|s'e[^a-z]?x|s'e_xual|\$e><|Sizeable|VPXL)",Subject,containsRE,"Gains?\ (up\ to\ )?(\d\+?\s)?(inches\ )?in\ (girth|length|size)",Subject,containsRE,"(bat|bulge|monster|python|rocket|snake)\ in\ your\s{0,3}(pants|pocket|trousers)|trouser\ snake",Subject,containsRE,"\b(?-i)(FDA|Doctor)\ Approved",Subject,containsRE,"get\ (a\s)?bigger|sc?h[l1][o0]ng|love\ muscle|\b(bigger|harder|larger|thicker|your)\ (?-i)(PE)\b|giant\ bulge|your\ small\ (di.?k|stick)|your\ little\s",Subject,contains,"you have nothing to lose, just a lot to gain!"
[enabled],"Pharmaceutical Spam [S]",Pharmaceutical,16711680,OR,Delete,Subject,contains,"RE: MedHelp ",Subject,containsRE,Pharmaceutical|Pharmacy|pharmas|apothecary,Subject,containsRE,Canadian.?Phar(macy)?,Subject,containsRE,(no)?presc(ription)?,Subject,containsRE,"\bPhar|P.?ha.{0,2}rmacy\b",Subject,containsRE,medic(al|ations?|ines?)|\bmedds\b|(order|purchase|your)\smeds|drugstore,Subject,containsRE,PH.*[A@(/\)]RM[A@(/\)],Subject,containsRE,"health supersite",Subject,contains,"discreet packing and Delivery",Subject,containsRE,"save\ \d\d%\ on\ your\ (medic|meds|pharma|pills)|\d\d%\sdiscount\.\sCode\s#[a-z0-9]{4,8}",Subject,contains,"Enhance your life with these products"
[enabled],"Herbal Spam","Herbal Spam",16711680,OR,Delete,Subject,contains,"Be full of energy and fill your partner with it",Subject,is,"Amazing New Products launch!",Subject,contains,"U on board",Subject,contains,"Now it is possible to have sex more than 10 times a day",Subject,containsRE,"insatiable\ chick|egiteat|herba[l1]|Manster|Mega\s?(Dik|size)|E?Xtra\s?size|sexual\ (life|marathon|partners?|preparations?|side)",Subject,contains,"Instead of our old formula, the new one is more concentrated",Body,containsRE,"(Choose|Elite|Express)\ Herbal|(herba[l1]|natura[l1])\ (breakthrough|formulations|pill|products|science|supplement|therapy)|Extra-Time|(male|Men's)\ Supplement|natural\ ingredients|organic\ drugs",Body,contains,"i am so much more confident with the women",Body,contains,"you really can make it big",Body,containsRE,"\bhttp://.+greeting.*This\ product\ is\ amazing!?$",Body,containsRE,EGADIK|E?xtrasize|Mega\W?Dic?k|M.?a.?n.?S.?t.?e.?r
[enabled],"Watches Spam",Watches,16711680,OR,Delete,Subject,is,Luxury,Subject,contains,//atches,Subject,contains,\/\/ATCHES,Subject,containsRE,"(replica|Rolex|swiss|vip)\ watches|w\.a\.t\.c\.h\.e\.s|\ba\ watch\b",Subject,containsRE,"\b(Rolex|replicas?|R\.e\.p\.l\.i\.c|R\.\.e\.\.p\.\.l\.\.i|watches|chronometers|timepieces|time\ control)\b",Body,contains,"luxury replica",Body,contains,"We only sell premium watches.",Body,contains,"exact copies of the original watches",Body,contains,"Detailed replicas of best chronometers by the best brands",Body,contains,"put one of these on your xmas list, you will fall in love with them all",Body,containsRE,"Rolex|replicas?|watches|//atches|chronometers?|timepieces?|flashy\ bling|expensive\ watch|fashion\ pieces"
[enabled],"Viagra Spam [B]","Viagra [B]",16711680,OR,Delete,Body,contains,Viagra!,Body,contains,VIAGQRA,Body,contains,"Best Price for VIAGRA",Body,containsRE,"\b(erectile\ dysfunction|(?-i)anti-ED|(?-i)cure\ ED|(im)?potence)\b",Body,contains,"Taste the V",Body,contains,"V-letter remedy",Body,containsRE,blue.?pill?|SoftTabs,Body,containsRE,\b(?-i)Vi*a*g*r*a\b,Body,containsRE,"(?-i)Vi?<span\ style=""FONT-SIZE:\ 2px;\ FLOAT:\ right;\ COLOR:\ white"">",Body,containsRE,(V|\\/)[l1i|!](a|/\\)g.*(a|/\\)|viiagra|Vagria|Vgaira,Body,containsRE,"(Buy|order|original|with)\ .*Viagra",Body,containsRE,"Viagra\s{1,3}tabs|Viagra.+\$\d",Body,containsRE,"<a\ href=.+>.*viagra.*</a>",Body,containsRE,"make\ (luv|love)\ all\ night|endless\ climaxes|your\ xxx\ drive"
[enabled],"Cialis or Levitra","Cialis or Levitra",16711680,OR,Delete,Subject,containsRE,"C[I|i|1|y].?[A|@].?L[i|1]{1,2}.?[S$]|(?-i)Ca[iy]lis|(?-i)Cy[al][al]is",Subject,containsRE,L[E|3].?V.?[I|1|Y]T(R[A|@]|AR),Subject,contains,"DOCT0R & FDA ",Subject,contains,"C1A.LIS & LEV.1TRA",Subject,contains,Cialis,Body,containsRE,C\\Ialis|C1A.LIS|tadalafil,Body,containsRE,"C[Il|1](A|@|/\\)[Ll|I1][I|1|/].?[S$]|^ci.{0,2}a.?lis\b",Body,containsRE,C\s(/|1|I)\sA\s(L|I|1)\s(/|I|1)\s(S|\$),Body,contains,LEV.1TRA,Body,contains,levitra
[enabled],"Pharmaceutical Spam [B]",Pharmaceutical,16711680,OR,Delete,Body,containsRE,"(Canadian|Offshore|Online)\ (Chemists|Health|Pharmacy)|Health\ Products\ Supersite",Body,containsRE,/\?said=[a-z]1[7-9]|Canadian.?Phar?(macy)?|Canadian\s?Medical\s?Supplies|Pharma?.*(Canada|market),Body,containsRE,"\bPharmac(y|euticals?)|Pharm@cy|meds|generic\ (analogs|me(d)?(i)?(s)?)\b",Body,containsRE,"No\ prescription\ required|prescription\ (bills|prices)|prescription\ .*not\ required|prescriptions|Prescripitons",Body,containsRE,"\bWe\ don.?t\ advertise,\ we\ advise\b",Body,containsRE,"Doctor\ Approved|No\ Health\ practitioner",Body,containsRE,"\bpharma.*\ (pills|products)\b",Body,containsRE,"licensed\ medicines|medicinal|medications?\ at\ http",Body,containsRE,"(online|popular)\ (medical|drug)\ (store)?|(buy|get)\ (your\ )?drugs|Your\ medicati|our\ chemists",Body,containsRE,"(?-i)(Ph|Ca)<span\ style=""FONT-SIZE:\ 2px;\ FLOAT:\ right;\ COLOR:\ white"">",Body,containsRE,\b(me<style>\s.+\s</style>ds)\b,Body,containsRE,"""http://(www\.)?(prescription|drug).+\.c(om|n)/?"">"
[enabled],"Male Enhancement [B]","Male Enhancement",16711680,OR,Delete,Body,contains,"a man that is big",Body,contains,"inches in length is now possible",Body,contains,"3 inch, its up to you",Body,contains,"Want 1 inch more or 3 more inches?",Body,containsRE,"(inch(es)?|larger?|stronger|true|tiny|your?)\ (lovemaking|manh[o0]{2}d|masculinity)|your\ (D[il1|]CK|love\ (stick|tool)|sex|willy)|(a|your)\ (huge|giant|larger|longer|massive)\ (\d{1,2}\sinch\s)?(shotgun|tool)",Body,containsRE,"(bat|bulge|monster|python|rocket|rod|snake|tool)\ in\ your\s{0,3}(pants|trousers)|trouser\ (mouse|snake)",Body,containsRE,"\bbest\ climax|Penetrate\ her|Make\ her\ moan|(boner|c[o0]ck|dic'k|d1ck|elongate|erections?|man\ (meat|pole|tool)|masculinity|masculine\spower|p3nis.?s|pen[i1!]s|phallus|sc?h[l1][o0]ngs?|sexually|s'e_x|se>\.?<|\$e><|(my|your|huge|larger|perfect)\ (new\s)?(dic'?k|manhood)|dic'?k\ big(ger)?|\bpeckers?\b|p[o0]rnstar.{0,2}|VPXL)\b",Body,containsRE,"Bodypart|Phallus|Fuck\s?(stick|weapon)|love\ (banana|gun|stick|wand|weapon)|(male|organ)\ (enhance|enlarge|supple)ment|sex\ life|much\ bigger\ now|problem\ with\ your\ size|size\ (really\ )?does\ matter|size\ matters|sex\ is\ great\ .+satisfy\ her|FDA\ Approved|(herbal|organic|wonderful)\ en(hanc|larg)ement\ (formula|method|pills|suppliment)|(my|your|main)\ (love|main|masculine)\ muscle|your\ huge\ package|satisfy\ (more\s)?women",Body,containsRE,"(girls|women)\ .*laugh\ at\ (m[ey]|your)|my\ girl\ loves\ the\ new\ me|my\ wife\ has\ never\ been\ happier|(Get|make)\ it\ bigger|a\ (big|huge|larger)\ you|Increase\ \w{2,4}\ size|add\ \d\ inches|problems?.?with.*size|(Amazing|Great)\ lovemaking|improves?\ your\ self-esteem|huge\ manhood|well[-\s]hung|super\ size\!",Body,containsRE,"(little|small|big(ger)?|enlarged|hard(er)?|huge|larger?|stronger|thick(er)?)\ ((fat|hard|male)\ )?(coc?k|d[i1]c?k|PE!?$|pen\sis|organ|package!|sc?hl[o0]ng|stick|tool|weener|willy)",Body,containsRE,"\bGain(ing)?\ (\d\+\s)?Inches\b|\badd\ inches\ in\s|gain\ in\ size|\d-\d\ inches\ (in|of)\ growth|add\s\d-\d\sinches\s(in|of|to)\slength|Amazing\ growth",Body,containsRE,"(big|improved|long(er)?)\ (hard\s|strong\s)?dick|GROW\ longer\ and\ harder|larger\ and\ thicker|small\ \$ize|(massive|muscular|huge)\ manhood|enlarge\ your|pleasure\ rod|dick\ thickness"
[enabled],"Casino Spam","Casino Spam",16711680,OR,Delete,Subject,contains,"YOU play we PAY",Subject,containsRE,"\b(Cas[i1]n[o0]|club\s?world|No\ Deposit\ Required|Gambling|roulette|black.?jack|poker|slot\ machines)\b",Body,containsRE,"<a\ href=(3d)?""http://.*casino.+"">.*Casino",Body,containsRE,"(Big\ Dollars?|Free|Golden\ Gate|online|no\ deposit|the)\ Casino",From,containsRE,(?-i)Gambl(e|ing)|Casino|Casnio|Cazino,Subject,contains,"Sign up & collect $500!",Body,contains,"Sign up & collect $500!",Body,containsRE,"\b(poker|jackpot)|poker\ blackjack\ slots\b",Body,containsRE,"Club\s?World|casino\ (games|members)|(Bet|Gamble)\s{1,2}On\s{0,2}(line|credit)|^\s{1,2}Win\s{1,2}\$",Body,containsRE,"Gambling\s{1,2}(chips|credit|from\ home|online)"
[enabled],"Software Spam","Software Spam",16711680,OR,Delete,Subject,is,Software,Subject,contains,"software price$",Subject,containsRE,"(cheap(est)?|downloadable|oem|office|quality).*soft(wares?)|Soft(ware)?\ in\ many\ languages|software\ at\ (amazingly|surprisingly)\ low\ prices|perfectly\ working\ software|software\ immediately\ after\ purchase|ado6e|Vista\ Microsoft\ SP1\ and\ XP\ Cracked|Office\ (Enterprise\ 200[789]|200[789]\ Enterprise)|(?-i)(Access|Communicator|PowerPoint)\ 200[789]|Auto([cC]ad|desk)\ 200[789]",Body,contains,"European languages",Body,contains,"you can download them right after pur",Body,contains,"The best software products at the best prices.",Body,contains,"Microsoft Office Enterprise 2008 includes:",Body,containsRE,"^Retail Price:?\s{1,10}\$\d{3,4}\.[0-9]{2}\r\n^Our Price:?\s{1,10}\$\d{3,4}\.[0-9]{2}",Body,containsRE,"newsoft|softwares|Cheap.*soft(ware)?|oem\ssoftware|software\ (you\s)?needs?",Body,containsRE,"SSoftwarr?e|down.?lo.?ad(d?able)?\ (legal\ )?s?so.?ft(ware)?|(Best|cheapest|lowest)\ software\ prices",Body,containsRE,http://.*software.*\.(com|cn|net|org|php|html?),Body,containsRE,^(type|vis[il]t)\s'?.+soft.*\s\.\scom'?\sin\syour\s.nternet\sExplorer,Body,containsRE,"(?-i)Office\ (Enterprise\ 200[789]|200[789]\ Enterprise)|(Access|Communicator|PowerPoint)\ 200[789]|Auto([cC]ad|desk)\ 200[789]"
[enabled],"RX Spam","RX Spam",16711680,OR,Delete,Body,containsRE,"^Remove\ .*""\*""\ to\ make\ the\ link\ work(ing)?(\!)?",Body,containsRE,"^Remove\ .*space\ in\ the\ above\ link",Body,containsRE,"^Remove "".+"" in the above link",Body,containsRE,"((wonder)?cum|ej[a|@]cul[a|@]t(e|ing|ions?)|org[a|@]sm|pheromones|sperm|strongest\ activator|virility|gnezbenz\.com|glufacts\.net|ED\ (problem[s.]?|treatments?)|ED.?dysfunction|erectile|sexual\ performance|Premature.?Ejaa?culation)\b",Body,containsRE,"^Tired\ of\ being\ just\ (mr\.?\ )?average.*\?",Body,contains,"miracle supplement",Body,contains,"ladies prefer a man",Body,contains,"Any bigger and i would be in a ",Body,containsRE,"sexual(<br>).{0,2}(problems?|relationships?)",Body,contains,"What do women really want?",Body,contains,"Growth Patch",Body,contains,"Improved Self-Esteem",Subject,containsRE,"^Best\ way\ to\ cure\ yourself|RX|better\ sex"
[enabled],"Pills Spam","Pills Spam",16711680,OR,Delete,Subject,contains,P|\\S,Subject,contains,pills,Subject,containsRE,"BE$T|PILL.?S|Plills|p[i1l|!][1l|!]{2,3}s|pill\ that\ (.*)?works",Subject,contains,MEDS,Subject,contains,generic,Body,containsRE,generics|pillz,Body,contains,"these pills ",Body,containsRE,"\b(cheap|herbal|wonder)\ (drugs|pills|remed(y|ies)|solutions?)\b|pills\ at\ (dirt\s|the\s)?cheap(est)?\ prices?",Body,containsRE,^http://.*pills.*\.com,Body,containsRE,"^<a\ href=(3D)?""http://.*pharmacy.*\.com"">"
[enabled],"HGH Spam","HGH Spam",16711680,OR,Delete,Body,contains,HGH,Body,contains,Regenisis,Body,containsRE,H\s{2}G\s{2}H,Body,contains,"Rediscover your youth with ",Body,contains,"Who wouldn't want to feel younger and stronger?",Body,contains,"The Fountain of Youth today!",Body,contains,"Tighten and Increase skin vitality",Subject,contains,"Experience the feeling of youth again",Body,contains,"Feel young again today!"
[enabled],"5 Line Spam","5 Line Spam",16711680,OR,Delete,Body,containsRE,"^(hi(\sthere)?|compliments|Greetings?|hello|Regards|Wa[sz][sz]up|Yo\sYo\sYo|(Good\s)?(afternoon|day|evening|morning|night))\ \b(\w|-){3,12}\b\s?\r\n.+\r\nhttp://.+\r\n\r\n\w{3,9}\s\w{3,9}",Body,containsRE,"^(hi(\sthere)?|compliments|Greetings?|hello|Regards|Wa[sz][sz]up|Yo\sYo\sYo|(Good\s)?(afternoon|day|evening|morning|night))\ \b(\w|-){3,12}\b\s?\r\n.+\r\n\r\n\w{3,9}\s\w{3,9}\r\nhttp://.+\r\n"
[enabled],"Female Sex Organs","Female Sex Organs",16711680,OR,Delete,Subject,containsRE,cunt|personal\s?puss|pussy|twat|Vagina,Body,containsRE,cunt|masterbator|personal\s?puss|pussy|twat|Vagina
[enabled],"Breast Enlargement Pills",Breasts,16711680,OR,Delete,Subject,contains,breasts,Subject,contains,"breast enh",Body,contains,SizeUp,Body,contains,ratedjay.com,Body,contains,breasts,Body,contains,"breast enh"
[enabled],"Lottery Scam","Lottery Scam",16711680,OR,Delete,Subject,contains,"WINNING NUMBER:",Subject,contains,"Microsoft Lottery",Subject,contains,"GO FOR CLAIM VERIFICATION FORM",From,contains,LOTTERY,From,contains,"Department of National Lotteries",Body,contains,"Attn: Lucky Winner",Body,contains,"ATTENTION: DEAR WINNER",Body,contains,"YOUR E-MAIL ADDRESS WON ",Body,contains,"please contact your fudiciary agent",Body,contains,"International Program Online Co-ordinator",Body,containsRE,"(?-i)WINNING\ NUMBER:|LOTTERY|RE:\ LOTTO",Body,containsRE,"(jackpot|International|Microsoft|National)\ Lottery|fiduciary",Body,containsRE,"You\ are\ advised\ to\ keep\ this\ winning\ (.+\s)?confidential"
[enabled],"Money Transfer Scam","$ Xfer Scam",16711680,OR,Delete,Subject,contains,"SWIFT CREDIT CARD",Body,contains,AWARD/INHERITANCE/CONTRACT,Body,contains,"Promptitude in sending the payment",Body,contains,"We redirect the client's payment to you",Body,contains,"after you'll keep our(and yours) earnings, ",Body,contains,"it is your obligation to transfer the rest",Body,contains,"Basic knowledge in Acconting and payment transactions.",Body,containsRE,"^My\ dear\ friend,$|modalities|money\ transfer\ system",Body,contains,CONTRACT/INHERITANCE,Subject,contains,"TRANSFER ASSISTANCE"
[enabled],"Weight Loss Drugs","Weight Loss Drugs",16711680,OR,Delete,Subject,containsRE,"Loo?s(e|ing)\ (your\ )?(pounds|weight)",Subject,contains,"weight loss",Subject,containsRE,Hoodia|Gordonii|Anatrim,Body,containsRE,Hoodia|Gordonii|Fatblaster|anatrim,Subject,contains,"Are you satisfied with the size of your ",Body,containsRE,"herbal\ (capsules|components)",Body,contains,"lose weight",Body,contains,"Amazing weight loss ",Body,contains,"your weight."
[enabled],"Quit Smoking Spam","Quit Smoking",16711680,OR,Delete,Subject,contains,"Live longer life without cigarettes",Subject,contains,"quit smoking",Subject,contains,"Stop Smoking ",Body,contains,"Break free from Nicotine",Body,contains,"break the nasty habit",Body,contains,LIVEFREE,Body,contains,"quit smoking once and for all.",Body,containsRE,"(quit|stop)\ smoking\."
[enabled],"Counterfeit Goods","Counterfeit Goods",16711680,OR,Delete,Subject,containsRE,designer\s(brands|footwear|shoes),Subject,containsRE,\b(gucci|prada|chanel|dior)\b,Subject,contains,repl!c@,Subject,containsRE,Cartier|Gucci|Versace,Subject,containsRE,(?-i)SHOES,Subject,contains,"luxury footwear"
[enabled],"Get Laid Spam","Get Laid Spam",16711680,OR,Delete,Body,contains,"Best of all: it is free...",Body,contains," get laid",Body,contains,"% of members have already gotten laid using our system!",Body,contains,"Are you interested in hooking up with people who live just minutes from you?",Body,contains,"Are you interested in getting laid with locals?",Body,contains,"We have the power to make this happen!",Body,containsRE,fuck.?(buddy|friend),Body,containsRE,"<a\ href=""http://www\.(geocities\.com/.+|.+\.cn)"">.*(It's\ all\ here|Here\ it\ is|Check\ it\!)(\!)?</a>",Body,contains,"want more sex"
[enabled],"Dating Spam","Dating Spam",16711680,OR,Delete,Subject,contains,dating,Body,contains,"Greetings! I wish to get acquainted with you",Body,contains,flirting,Body,contains,"dating system",Body,containsRE,"\d\d%\ of\ our\ members\ .*hooked\ up\ (using|with)\ our\ .*system",Body,contains,"I read your profile online and I was int",Body,contains,"Please write me a letter here http://",Body,contains,"Do you like beautiful girls?"
[enabled],"The Bat Image Spam","The Bat Image Spam",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: The Bat!",Body,containsRE,"^(?-i)<BODY>\r\n^<img\ src=3D""cid:[a-z0-9@$]+"">\r\n^<P><SMALL>.+</SMALL></P></BODY></HTML>",Body,contains,"Content-Type: image/gif;"
[enabled],"1 Word Subject","1 Word Subject",16711680,OR,Delete,Subject,containsRE,"^[a-z'""\|\{\}\[\]]{7,8}$",Subject,containsRE,"^\d{7,8}$"
[enabled],"Re [digits] Spammer","Re [digits]",16711680,AND,Delete,Subject,containsRE,^re.?,Subject,containsRE,"\[\d{1,3}\]:?"
[enabled],"Re: or FW: Spam","Re: or Fw:",16711680,OR,Delete,Subject,is,Re:,Subject,is,Fw:
[enabled],"Russian Sender","Russian Sender",16711680,OR,Delete,EntireHeader,containsRE,"^Received:\ from\ .*85\.140\.\d{1,3}\.\d{1,3}",EntireHeader,containsRE,"^Received:\ from\ .*80\.85\.1([7][6-9]|[8[0-9]|9[01])\.\d{1,3}(\]\))?",EntireHeader,contains,"charset=""koi8-r"";",EntireHeader,contains,"Subject: =?koi8-r"
[enabled],"HTML Spam Tricks","HTML Tricks",16711680,OR,Delete,Subject,containsRE,.*\$.*\$|.*@.*@|(?-i)\$REPSBJ,Body,contains,=2Ecom/,Body,containsRE,(?-i)\$REP(BODY|LINK),Body,containsRE,"font\ size=""?0""?",Body,containsRE,"((<![\w\s,\.\-]+>)([\w\s,\.\-]){1,10}){3,}",Body,containsRE,((&#0*(3[3-9]|[4-9]\d|1[01]\d|12[0-6]);).*?){6},Body,containsRE,"(/[a-z0-9]/[a-z0-9]){5,}",Body,contains,<iframe,Body,contains,<br><br><br><br><br><br><br><br>,Body,containsRE,<\![^-D],Body,contains,&#85;&#00110;&#000115;&#00117;&#98;&#115;&#0099;&#000114;&#00105;&#098;&#101;,Body,contains,"<span style=""FONT-SIZE: 2px; FLOAT: right; COLOR: white"">",Body,contains,"<span style=3D""FONT-SIZE: 2px; FLO",Body,containsRE,"<td\ colspan=(3D)?""\d{1,3}""\ bgcolor=(3D)?""#FFFFFF""></td><td\ colspan=(3D)?""\d{1,3}""\ bgcolor=(3D)?""#[a-z0-9]{6}"">"
[enabled],"Malformed Link Spam","Malformed Link",16711680,AND,Delete,Body,containsRE,"^\s?http://.+\ \.\ (com|cn|info|org|net|ru)/?$"
[enabled],"Maxdik Spam","Maxdik Spam",16711680,AND,Delete,Body,containsRE,"(?-i)^<BODY><br><a\ href=3D""http://[a-z]{7,9}=2Ecom""><font\ size=3D""\+1""><b>"
[enabled],"Image Spam #1","Image Spam #1",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Microsoft Outlook Express",EntireHeader,contains,"X-MimeOLE: Produced By Microsoft MimeOLE",EntireHeader,contains,"MIME-Version: 1.0",EntireHeader,contains,"Content-Type: multipart/related;",EntireHeader,contains,"type=""multipart/alternative"";",EntireHeader,contains,"boundary=""----=_NextPart_",Body,contains,"<META content=3D""MSHTML",Body,contains,"<IMG src=3D",Body,contains,cid:,Body,containsRE,"^Content-Type:\ image/(gif|jpeg);"
[enabled],"Image Spam #2","Image Spam #2",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Microsoft Outlook Express 6.00.",EntireHeader,contains,"X-MimeOLE: Produced By Microsoft MimeOLE V6.00.",EntireHeader,contains,"MIME-Version: 1.0",EntireHeader,contains,"Content-Type: multipart/mixed;",EntireHeader,contains,"boundary=""----=_NextPart_",Body,contains,"Content-Type: multipart/alternative;",Body,contains,"Content-Transfer-Encoding: quoted-printable",Body,contains,"Content-Transfer-Encoding: base64",Body,contains,"Content-Type: image/gif;",Body,contains,"Content-Disposition: attachment;"
[enabled],"Image Spam #3","Image Spam #3",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Microsoft Outlook Express",EntireHeader,contains,"X-MimeOLE: Produced By Microsoft MimeOLE",EntireHeader,contains,"Content-Type: multipart/related;",EntireHeader,contains,"boundary=""----=_NextPart_",Body,contains,"Content-Transfer-Encoding: quoted-printable",Body,contains,"<META content=3D""MSHTML",Body,contains,<IMG,Body,contains,alt=3D,Body,contains,"src=3D""cid:",Body,contains,"Content-Transfer-Encoding: base64"
[enabled],"Image Spam #4","Image Spam #5",16711680,AND,Delete,EntireHeader,contains,"MIME-Version: 1.0",EntireHeader,contains,"Content-Type: multipart/related;",EntireHeader,containsRE,"^\s?boundary="".+""$",Body,contains,"Content-Transfer-Encoding: 7bit",Body,contains,"<img ",Body,containsRE,"src=""cid:.+""",Body,contains,"Content-Type: image/gif;",Body,contains,"Content-Transfer-Encoding: base64",Body,doesn'tContain,"<a href="
[enabled],"Image Spam #10","Image Spam #10",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Microsoft Office Outlook",EntireHeader,contains,"X-MimeOLE: Produced By Microsoft MimeOLE",EntireHeader,contains,"Content-Type: multipart/related;",Body,contains,"This is a multi-part message in MIME format.",Body,contains,"Content-Transfer-Encoding: 7bit",Body,contains,"Content-Transfer-Encoding: quoted-printable",Body,contains,"<meta name=3DGenerator content=3D""Microsoft Word 11 (filtered medium)"">",Body,containsRE,"<A\ HREF=3D""http://.+\.cn/?",Body,contains,"<IMG src=3D",Body,containsRE,"^Content-Type:\ image/(gif|jpeg);"
[enabled],"Bgimg Image Spam","Bgimg Image Spam",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Microsoft",EntireHeader,contains,"X-MimeOLE: Produced By Microsoft MimeOLE V6.00.",EntireHeader,contains,"Content-Type: multipart/related;",Body,contains,"Content-Type: multipart/alternative;",Body,contains,=_NextPart_,Body,contains,"Content-Type: image/gif;",Body,contains,"Content-ID: <bgimg.gif"
[enabled],"Stocks Spam #4","Stocks Spam #4",16711680,OR,Delete,Body,containsRE,"read\ (up|the)\ (news|release)?",Body,containsRE,"and\ (get\ (all\ over|on))|(move\ on|jump\ on)|(be\ ready\ to)",Body,containsRE,"\bget\ (all\ over|on)\ [A-Z]{4}\ first\ thing\ .+day\b",Body,contains,"Beat the news to the market",Body,containsRE,"^Price\ up\ .{1,4}%",Body,containsRE,"^5.*day\ price: ",Body,contains,"Emergency report. Check",Body,containsRE,"pushed\ share\ prices\ up\ over\ \d{1,3}%",Body,contains,"The Gold Watcher",Body,contains,"is climbing hard. UP"
[enabled],"Stocks Spam #3","Stocks Spam #3",16711680,OR,Delete,Body,contains,"This Is Going To Explode!",Body,containsRE,^(target|current).?price,Body,contains,"stock watch notices",Body,contains,"Stock reporting sites",Body,containsRE,^Sym(bol)?.?:\s[A-Z],Body,containsRE,c.?h.?i.?n.?a\s\w,Body,containsRE,"^j?.u.?m.?p\ o.?n\ t.?h.?i.?s\ f.?i.?r.?s.?t\ t.?h.?i.?n.?g\s",Body,containsRE,"^H.?E.?R.?E\ W.?E\ G.?O\ A.?G.?A.?I.?N\!",Body,containsRE,"^T.?i.{1,2}k.{1,2}:\ \w.?\w.?\w.?\w\s?$",Body,containsRE,"^(S|\$).?y.?m.?b.{0,4}\W?:\ \w.?\w.?\w.?\w\s?$"
[enabled],"Stocks spam #2","Stocks spam #2",16711680,OR,Delete,Subject,containsRE,"^Trade\ Noti(ce|fication)",Subject,containsRE,"g.?oing\ to\ e.?xplode\ on\ (mon|tues|wednes|thurs|fri)day",Subject,containsRE,invest(or|ment)|Dividends,Body,containsRE,stock.?exchange,Body,containsRE,"^U.?RGENT S.?TOCK A.?LERT",Body,contains,"Big News Expected",Body,contains,"Easy walk in price",Body,contains,"MARKET WIRE",Body,contains,"Opening bell message",Subject,containsRE,"\b(Big\ Market|(Market|Trader)\ Alert)\b"
[enabled],"Stocks spam #1","Stocks spam #1",16711680,OR,Delete,Body,containsRE,"^H.?ot\ st.?ock\ ale.?rt",Body,containsRE,"breaking\ mark.?et\ n.?ews",Body,containsRE,"Watc.?h\ this\ sto.?ck\ go\ higher\ and\ higher",Body,containsRE,^((Symbol|Stock)(\s)?:\s){1}([A-Z].?[A-Z].?[A-Z].?),Body,containsRE,"(financial|fina\ ncial|fin\ ancial|fi\ nancial)\sadvice",Body,containsRE,"^Price:?\ \$?\d{0,2}\.\d{2,3}",Body,contains,"within the meaning of Section 27a of the Securities act of 1933",Body,contains,"Information within this email contains ""forward looking",Body,contains,"Expected: This one is going to grow at a rapid rate",Subject,containsRE,"^Read\ this\ before\ .+day"
[enabled],"PDF Attachment","PDF Attachment",16711680,AND,Delete,Body,containsRE,"^Content-Type: application/(pdf|octet-stream);",Body,containsRE,"^Content-Disposition:\ (attachment|inline);",Body,containsRE,"name="".+\.pdf"""
[enabled],"Ebay Phishing Scams","Ebay Phishing Scam",16711680,AND,Delete,EntireHeader,doesn'tContainRE,"^Received:\ from\ .+\..+ebay\.com\ .+\ helo=.+\.ebay\.com",Subject,contains,eBay,Body,containsRE,"^Dear\ eBay\ (Customer|Member),",Body,contains,"eBay Confirmation Request"
[enabled],"PayPal Scams #1","PayPal Scam #1",16711680,AND,Delete,TakesPrecedence,EntireHeader,doesn'tContainRE,"^Received:\ from\ [a-z0-9.-]+\.paypal\.com\s",From,containsRE,.+@(intl\.)?paypal(-us)?.com
[enabled],"PayPal Scams #2","PayPal Scam #2",16711680,AND,Delete,TakesPrecedence,Body,containsRE,"^Dear\ PayPal\ (User|Member|Customer)",EntireHeader,doesn'tContain,nix.paypal.com
[enabled],"Credit Report Spam","Credit Report Spam",16711680,OR,Delete,From,contains,MemberValueChoice,Subject,contains,"your Credit Report",EntireHeader,containsRE,(rhino|rhbino|rhmino)yellow\.com
[enabled],"Illegal Drugs","Illegal Drugs",16711680,OR,Delete,Subject,contains,"legal buds",Body,containsRE,"legal\ buds?\ online"
[enabled],"Loans Spam",Loans/Bankrupcy,16711680,OR,Delete,Body,contains,"Bad credit",Body,contains,Bankruptcy,Body,containsRE,"low(est)?\ rate(s)?|payday\ advance|short-term\ loan",Body,contains,"fixed low rate",Body,contains,"You have been pre-approved",Subject,containsRE,"Debt|loan|mortgage|refinan?c(e|ing|ment)|Your\ Life\ Insurance",Body,containsRE,"^C[o0]ngra[dt]ulati[o0]ns.*you('ll|\scan)\ get\ (.*\ )?\$""?\d\d\d.+""?\ loan\ for\ ",Body,contains,"Refinance loan",Body,contains,loans,Body,contains,"Are your premiums payments too high"
[enabled],"Diploma Spam","Diploma Spam",16711680,OR,Delete,Subject,containsRE,\b(diploma|DIMPLOMA|(?-i)Degree)\b,Body,contains,"No classes!",Body,contains,"your Graduation is a phone call away",Body,contains,"UNIVERSITY DIPLOMA",Body,containsRE,"DIMPLOMA|(?-i)D\ I\ P\ L\ O\ M\ A\sS?",Body,contains,"Obtain the_degree you deserve",Body,containsRE,"^1[-,'\.\*\s\~](206|267|501)[-,'\.\*\s\~]\d{3}[-,'\.\*\s\~]\d{4}|Call\ Today|call(ing)?\ this\ number:",Body,containsRE,"your\ (degree|diploma)",Body,containsRE,"(diplomas|(?-i)Bachelors,?|(?-i)Masters,?|PhD's)",Body,contains,"non-accredited universities"
[enabled],"Hitman Scam","Hitman Scam",16711680,AND,Blacklist,Delete,Subject,contains,"BE MORE CAREFUL",From,contains,"BE MORE CAREFUL"
[enabled],Pornography,Porn,16711680,OR,Delete,Subject,containsRE,"((wet\ )?puss(ies|y))|nympho|porno?s?\b|Live\ Girls",Body,contains,nymphos,From,contains,"webcam ",Body,contains,"Porniest Home Videos"
[enabled],"Malformed Link Spam","Malformed Link",16711680,AND,Delete,Body,containsRE,"^\s?http://.+\ \.\ (com|cn|info|org|net|ru)/?$"
[enabled],"Underscore/Dash Sender","_- Sender",16711680,OR,Delete,EntireHeader,containsRE,"(envelope-from\ <-[a-z0-9]+@.+\..+>)",From,containsRE,".*<_[a-z1-9-]+@.+\.\w{2,3}>$"
[enabled],"Zip attachment","Zip, Rar, Gz Attachment",255,AND,TakesPrecedence,Body,contains,"Content-disposition: attachment;",Body,containsRE,"^\s?filename="".+\.(zip|rar|t?gz)"""
[enabled],"Consecutive digits or consonants",digits-consnts,16711680,OR,Delete,From,containsRE,\d{4}[\w\.\-]*@,From,containsRE,[bcdfghjklmnpqrstvwxz]{5}[\w\.\-]*@,Subject,containsRE,^[bcdfghjklmnpqrstvwxz]{5}[\w\.\-]*
[enabled],"Google Phishing Scam","Google Phishing Scam",16711680,AND,Delete,TakesPrecedence,Subject,contains,Please,From,contains,Google-AdWords,EntireHeader,doesn'tContainRE,"Received:\ from\ [a-z0-9-\.]+\.google\.com",Body,contains,"Dear Advertiser,"
[enabled],"Google Feeling Lucky Spam","Google Feeling Lucky Spam",16711680,AND,Delete,Body,containsRE,http://www\.google\.com/search\?hl=en&q=inurl:.+=Im\+Feeling\+Lucky
[enabled],"HopOne Spammers","HopOne Spammers",16711680,OR,Delete,EntireHeader,containsRE,^Received:\sfrom\s.+209.160.[0-7][0-9]?..+,EntireHeader,containsRE,^Received:\sfrom\s.+66\.148\.(6[4-9]|[789][0-9]|1[012][0-7]|2[0-7])\..+,EntireHeader,containsRE,^Received:\sfrom\s.+66\.235\.((1[678][0-9])|(19[01]))\..+,EntireHeader,containsRE,^Received:\sfrom\s.*208\.75\.1(7[6-9]|8[0-3])\..+
[enabled],"Yahoo Finance Summary Link","Yahoo Finance Summary Link",16711680,AND,Delete,Body,containsRE,"^http://finance\.yahoo\.com/q\?s=\w{4}(\.\w{2,3})?"
[enabled],"Geocities Link","Geocities Link",16711680,AND,Delete,Body,contains,http://www.geocities.com/
[enabled],".info sender",".info sender",16711680,AND,Delete,From,containsRE,.+@.+\.info
[enabled],"Job Scams","Job Scams",16711680,OR,Delete,Subject,containsRE,"(jobs|work)\ at\ home",Body,contains,"looking for representatives in the US"
[enabled],"From juviotravel@gmail.com",juviotravel@gmail.com,16711680,AND,Delete,EntireHeader,contains,juviotravel@gmail.com
[enabled],"Base 64 Encoded Body","Base 64 Encoded",16711680,AND,Body,contains,"Content-Transfer-Encoding: base64",Body,doesn'tContain,"Content-Type: image/",Body,doesn'tContainRE,"^Content-Disposition:\ (inline|attachment);",Body,contains,"Content-Type: text/plain;"
[enabled],"Worm - Double Extension Attachment","WORM >Double Extension!!",255,AND,Delete,TakesPrecedence,noreport,Body,contains,"Content-disposition: attachment; filename=",Body,containsRE,"(file)?name="".+\.(gif|jpg)\.(scr|pif|exe|cmd|com)"""
[enabled],"Dangerous Attachment Extension","Dangerous Attachment Extension!",255,AND,Delete,TakesPrecedence,noreport,Body,contains,"Content-disposition: attachment;",Body,containsRE,"^\s?filename="".+\.(pif|scr|hta|cmd|bat|vbs|com|cpl|hlp)"""
[enabled],"Exe Attachment",".exe attachment",255,AND,TakesPrecedence,noreport,Body,contains,"Content-disposition:\ attachment;",Body,containsRE,"^\s?filename="".+\.exe"""
[enabled],"Spamis spam",SPAMIS,255,AND,Delete,TakesPrecedence,Body,contains,"Public Service Announcement Brought To You By SPAMIS",Body,contains,"SPAMIS NOTIFICATION"
[enabled],"Domain Renewal Phisher","Domain Renewal Phisher",16711680,OR,Blacklist,Delete,EntireHeader,contains,domainrenewal-online.com,EntireHeader,contains,domainrenewalonline.com
[enabled],"Top-Sites Domain Listings Spam","Top Sites",16711680,AND,Delete,Subject,containsRE,"^Please\ update\ (the|your)\ .+listing\ by\ ",EntireHeader,contains,www-goto.com,From,contains,"The Editor"
[enabled],MonsterCommerceSites,MonsterCommerceSites,16711680,OR,Blacklist,Delete,EntireHeader,contains,monstercommercesites.com,EntireHeader,contains,Tecamericajac
[enabled],"Word of Mouth spam","Word of Mouth",16711680,OR,Delete,From,contains,connectionAwarenessSystem@WordOfMouthConnection.Com,Subject,contains,"A Connection Has Been Made To: ",EntireHeader,contains,"Received: from PETER.WORD-OF-MOUTH.ORG",EntireHeader,contains,"Return-Path: <nobody@PETER.WORD-OF-MOUTH.ORG>",Body,contains,"Word-of-Mouth.Org Connection Awareness System",From,contains,awareness-system@word-of-mouth-connection.net,From,contains,support@wordofmouthreports.net,Body,containsRE,http://womc\.info|wordexch\.(com|biz)|SearchForMeOnline|GoFindMeOnline,EntireHeader,containsRE,peter\.wominfo\.net|BACKGROUND-RESEARCH\.INFO,Body,contains,"Someone just submitted a word-of-mouth connection about you at our website."
[enabled],"Emailing spammers","Emailers Spam",16711680,OR,Delete,Body,contains,"Celebrating Our 10th Year of Charity Emailings!",Body,contains,"Click to Advertise Your Site to",Body,contains,"Charity/Non-Profit Organization Contact:"
[enabled],"From Emailsniper.com",EmailSniper,16711680,AND,Delete,EntireHeader,contains,"Received: from themailsniper.com",Body,contains,http://www.themailsniper.com
[enabled],"Hospital Directory Spam","Hospital Directory",16711680,OR,Delete,Body,contains,"American Hospital Email Directory",Subject,contains,"hospital email addresses"
[enabled],"Apple Mail Spam","Apple Mail Spam",16711680,AND,Delete,EntireHeader,contains,"X-Mailer: Apple Mail (2.924)",Body,containsRE,"^Content-transfer-encoding:\s7BIT\r\n\r\n^[a-z0-9-'""\s\.,\?]+(\r\n)?http://.+\..{2,3}/(.+\.html)?\r\n",Body,containsRE,"<div><a\s(\r\n)?href=""http://.+(/.*)?"">http://.+/.*</a></div></body></html>$"
[enabled],"Opera Mail Spam","Opera Mail Spam",16711680,AND,Delete,EntireHeader,contains,"Content-Type: text/plain; format=flowed; delsp=yes; charset=koi8-r",EntireHeader,contains,"Content-Transfer-Encoding: 7bit",EntireHeader,contains,"User-Agent: Opera Mail/9.50 (Win32)",Body,containsRE,"^[a-z3-9,’'\.-\s\?]+(\s|\r\n)http://(www\.)?.+\.(c(om|n)|net|org)/",Body,contains,"Using Opera's revolutionary e-mail client: http://www.opera.com/mail/"
[enabled],"X-Mailer: The Bat!","X-Mailer: The Bat!",16711680,OR,Delete,EntireHeader,contains,"X-Mailer: The Bat! "
[enabled],"Image+Link Spam","Image+Link Spam",255,AND,Delete,EntireHeader,containsRE,"^X-MIME-Autoconverted:\ from\ 8bit to\ quoted-printable\ by\ .+\.info",Body,containsRE,"<a href=",Body,containsRE,3D.+\.info,Body,contains,"<img src=3D",Body,contains,<br>=93
[enabled],"Baby Supplies Spam","Baby Supplies Spam",255,AND,Delete,Subject,contains,Baby,Subject,contains,Supplies
[enabled],"Spam Domains in Header","Spam Domain (H)",16711680,OR,Delete,EntireHeader,containsRE,"^http-x-forwarded-for\ 065\.110\.05[4-5]\.+|sender\@mail1\.unlist\.net|64\.46\.114\.161|\.unlist\.net|codec\.ro|marshall\.cc|matrix\.net|tomparker\@another\-world\.com|mail\.bsbx\.net|bruffner\.com|pretension\.com",EntireHeader,contains,mail2world.com,EntireHeader,contains,dyn.optonline.net,EntireHeader,contains,dsl.brasiltelecom.net.br,EntireHeader,containsRE,^canada\.com$,EntireHeader,containsRE,(prod-infinitum|pongimmediate|vsteals)\.com,EntireHeader,containsRE,(fibertel|freedoomsat)\.com\.ar,EntireHeader,containsRE,"^Received: from (boardermail\.com|bolt\.com|moxmail16|sleepyseed\.com|boardermail\.com|email\.com|eadvertizing|bobolink|hkgolden\.com|1million2006\.com|saurabh\.info|lists\.aikiri\.com)",EntireHeader,containsRE,"Natalee\ Almonte|maintec\.com|Robin\ Keyes|Richard\ K\.\ Lee|ezagenda\.com|thefreesite\.com|hotpop\.com|minnietheminx\.com|malaysia\.net|prod-infinitum\.com|di-ve\.com|playful\.com|mc\.videotron\.ca|mozartmail\.com|adsl\.tele\.dk|routerhoster\.com|mchsi\.com|pollcadot|wise-expectations\.com|westcoastnovelty\.com|authenticinternetpromotions\.com|cliffordwindows\.com|mail4him\.com|bestbidding\.com|KINGCOOLER\.COM\.CN|mixmail\.com|freeoffers4you\.com|hotwireindia\.com|forex\ profits|proper\.com|blackburnmail\.com|andreaeberl\.de|worldnetcams\.com|tvsatbg\.net|online.*bid\.info|hooters"
[enabled],"SiteProtect Ebay Phishing Scam","Phishing Scam",255,AND,Delete,TakesPrecedence,ReturnPath,contains,.siteprotect.com,EntireHeader,contains,siteprotect.com,From,contains,"eBay Gifts"
[enabled],"Screensaver Trojan","Screensaver Trojan",255,OR,Delete,Subject,is,"Life is beautiful",Subject,is,"Life will be better",Subject,is,"Good summer",Subject,is,"help you",Body,contains,"filename=""bsaver.zip""",Body,contains,"cool screensaver in your attachment!",Body,contains,"Wanna more? Welcome to our site"
[enabled],"Subject All Caps","Subject All Caps",33023,AND,Delete,Subject,doesn'tContainRE,(?-i)[a-z],Subject,containsRE,.
[enabled],"No Subject","No Subject",16711680,AND,Delete,Subject,doesn'tContainRE,.
[disabled],"Subject All Caps/Missing (S)","Subject All Caps/Missing (S)",33023,OR,Delete,Subject,doesn'tContainRE,(?-i)[a-z],Subject,doesn'tContainRE,.
[enabled],"S P A C E D Subject (S)","S P A C E D Subject (S)",16711680,OR,Delete,Subject,containsRE,"[A-Z]([ \.\*:_-]+)([A-Z]\1){2,}[A-Z]",Subject,containsRE,"([A-Z]+[:=\.\-_]){3,}"
[enabled],"10 spaces in Subject",Spaces,16711680,AND,Delete,Subject,contains,"          "
[enabled],"Blocked Countries","Blocked Country",16711680,OR,Delete,EntireHeader,containsRE,"^Received:\ from\ .+\.(ar|br|cn|kr|my|tpnet\.pl|ro|ru|jp|ng|th|tr)\s"
[enabled],Spain,Spain,16711680,OR,Delete,EntireHeader,containsRE,"Received:\ from\ .*\[84\.12[0-3]\.\d{1,3}\.\d{1,3}\]",EntireHeader,contains,".ono.com "
[enabled],Turkey,Turkey,16711680,OR,Delete,EntireHeader,containsRE,"^Received:\ from\ (\[(85.10[56]\.\d{1,3}\.\d{1,3}|88\.234\..+\..+|194\.27\.\d{1,3}\.\d{1,3}|195.175\.\d{1,3}\.\d{1,3})\])|.+\.tr\)",EntireHeader,containsRE,"88\.255\.\d{1,3}\.\d{1,3}"
[enabled],"Hong Kong Spam","Hong Kong Spam",16711680,OR,Delete,Body,containsRE,^http://.+\.hk/\?.+
[enabled],"APNIC (Asia-Pacific)",APNIC,16711808,OR,Delete,EntireHeader,containsRE,"^Received: from [^[]*?\[(6[01]|20[23]|21[01]|21[89]|22[0-2])(\.[1-2]?\d?\d?){3}\]",EntireHeader,containsRE,"^Received: from [^[]*?\[(\[58|\[59]|6[01]|20[23]|21[01]|21[89]|22[0-2])(\.[1-2]?\d?\d?){3}\]"
[enabled],"RIPE (Europe)",RIPE,16711808,AND,Delete,EntireHeader,containsRE,"^Received: from [^[]*?\[(62|8[0-2]|19[345]|21[237])(\.[1-2]?\d?\d?){3}\]"
[enabled],"LACNIC (Latin America)",LACNIC,16711808,OR,Delete,EntireHeader,containsRE,"^Received: from [^[]*?\[20[01](\.[1-2]?\d?\d?){3}\]",EntireHeader,containsRE,\.cable\.net\.co\b
[enabled],"Chinese Email","Chinese Email",16711680,OR,Delete,EntireHeader,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(gb2312|euc-cn|big5)",Body,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(gb2312|euc-cn|big5)"
[enabled],"Korean Email","Korean Email",16711680,OR,Delete,EntireHeader,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(ks_c_5601-1987|euc-kr|iso-2022-kr)",Body,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(ks_c_5601-1987|euc-kr|iso-2022-kr)"
[enabled],"Japanese Email","Japanese Email",16711680,OR,Delete,EntireHeader,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(euc-jp|iso-2022-jp)",Body,containsRE,"Content-type[^\n]*(\n[^\n]*)?charset=(3D)?""?(euc-jp|iso-2022-jp)"
[enabled],"IANA RESERVED","IANA RESERVED",180,OR,Delete,EntireHeader,containsRE,"^Received: from [^[]*?\[([1257]|2[37]|3[1679]|4[129]|5[089]|7\d|8[3-9]|9\d|1[01]\d|12[0-6]|17[3-9]|18[0-79]|19[07]|22[3-9]|2[34]\d|25[0-5])(\.[1-2]?\d?\d?){3}\]",EntireHeader,containsRE,"^Received:[^\n]*?[ []([1257]|2[37]|3[1679]|4[129]|5[089]|7[1-9]|8[5-9]|9\d|1[01]\d|12[0-6]|17[3-9]|18[0-79]|19[07]|22[3-9]|2[34]\d|25[0-5])(\.[1-2]?\d?\d?){3}[] ]"
[enabled],"Spam Domains #1 (.biz in Body)","Spam Domains #1",16711680,OR,Delete,Body,containsRE,(fastherb|populartablets|broadcastemailingtoday|mxsoft|galamed|puremed|usdirect4u|hostingsmart|broadcastingtoday|starsoftpack|newdeals|healthcares4u|homestuff1|bonusoffer2u|great-offerz|inforn|healthypractise|greatmaleenhancement|unbelievabledealswholesale|vcustom432pills|desireouroffers|healthassist|theice3091rx|lowestpricing|augmay|hostagogo|&#104;osta&#103;ogo|0rder|ukpoint|refileads|3buymeripren|medsdepot|exechost|greathealthoffers|easyoffers|interpillss|emailpromo|directsecure|globalmarketing2000|erx45488rx|softwareforyou|powenei|zerosecond|noyoudaman|realforalldrugs|wowmedz|gwestar|payee|charterdrugs|cabledeals|fifthdimensionrx|firstassist|stock989rx|wholesalepharmasource|letmegetit|goodmedsnow|newcenturymeds|trytobeatthesedealz|wowrx|only-best-offers)\.biz
[enabled],"Spam Domains #5 (.info in Body)","Spam Domains #5",16711680,OR,Delete,Body,containsRE,(oijioju|perbox|bubxax|powermeds|yourbestmeds|dijhaffjej|phdoctor|CNZCNIE|fng112|thdcn6|dfhfks333|lsdkne|msenieje|12hen|nidueh|poiwer|polimardo|hfgti6|zss4|svniejf|gogocd|replicacollection|doublebenefit|gotxxxporn)\.info
[enabled],"Spam Domains #6 (.org in Body)","Spam Domains #6",16711680,OR,Delete,Body,contains,vcay.org,Body,contains,mojohost.org,Body,contains,ritehost.org,EntireHeader,contains,background-research.org,Body,containsRE,(broadcastadvertising|broadcastadvertise|broadcastingemail)\.org,Body,contains,kharch.org
[enabled],"Spam Domains #7 (click-click.ph in Body)","Spam Domains #7",16711680,OR,Delete,Body,containsRE,click\.com-click\.com|click\.com\.ph|click\.net-click\.net\.ph
[enabled],"Spam Domains #9 (Prefixes only in Body)","Spam Domains #9",16711680,OR,Delete,Body,containsRE,selcydc|loanz|getgoing\.+|getmeoff|wehavecheap|only-best-offers|multimed\.ws
[enabled],"Spam Domains #10 (Subject)","Spam Domains #10",16711680,OR,Delete,Subject,contains,"Take advantage of Cheap Canadian Drugs!",Subject,contains,"Researching you by word-of-mouth",Subject,contains,"hospital email addresses",Subject,contains,"Re: your web site details here"
[enabled],"Contains a V Card","V Card",26112,AND,Legitimate,Body,contains,BEGIN:VCARD,Body,contains,END:VCARD
[enabled],"Crush On You",Crush,16711680,OR,Delete,Body,contains,"This is our second attempt at contacting you because ",Body,contains,"someone you know has a crush on you.",Body,contains,"someone you know wants to reveal a secret crush.",Body,contains,http://www.quickhost.bz/webcamz/secretadmirer/
[enabled],"ADV (S) spam",Adv:,16711680,OR,Delete,Subject,contains,"ADV ",Subject,contains,"ADV: "
[enabled],"Your Resume is Excellent","Resume Spam",16711680,OR,Delete,Subject,contains,"Your Resume Is Excellent",Body,containsRE,http://www\.BLASTmyResume\.com/Tip,Subject,contains,"Resumes LIE",From,contains,Chosen,Subject,contains,"your resume is Excellent...",Body,contains,http://www.asap9.com
[enabled],"Career Advise SPAM","Job Spam",16711680,OR,Delete,From,contains,"Career Advice",Subject,contains,"The Construction Industry wants YOU!",Body,contains,"Learn to Make A Fortune With Ebay!"
[enabled],"Copy DVDs",DVDs,16711680,OR,Delete,Subject,contains,"Copy Any DVD",Body,contains,"You don't need to spend hundreds of dollars on a DVD burner"
[enabled],"Diet Patch Spam",Diet,16711680,OR,Delete,Subject,contains,"Amazing New Diet Patch",Subject,containsRE,"Diet Patch|D_iet Patch",Subject,contains,Free-Diet-Patch,Subject,contains,"Eat Normally and Loose Weight",Body,contains,http://www.slimpatchdiet.net,Subject,contains,"Guess who lost 25 pounds ",Subject,contains,"I couldn't take being fat anymore",Body,contains,www.therighthostforyou.com,EntireHeader,contains,bummer.com,Subject,contains,"Eat the foods you love while losing weight"
[enabled],"Digital Camera Spam",Digicams,16711680,OR,Delete,Body,contains,"The Worlds Smallest Digital Camera Has Arrived !!!",Subject,contains,"FWD: just released",Body,contains,http://www.ggfccrv.com/removeme.html,Subject,contains,"Amazing small digital camera!",Body,contains,"NEW Digital Mini-Cam! World's Smallest Ever... ON SALE NOW!",Body,contains,http://www.flyr3cx.com/cam3
[enabled],"Loans and Mortgages","Loan/Mortgage Spam",50406,OR,Delete,Body,contains,"William Burton",Body,contains,"Lenders compete for your business",Body,contains,"30 year fixed mortgage",Body,contains,http://product-service.net/sobe/remove/,From,contains,"Daily Mortgage Newsletter",Subject,contains,"Refinance ",From,contains,"Life Insurance Carriers",Subject,contains,"Save up to 70% on your life insurance",Body,contains,"This email was sent by The Mail Sniper",Subject,contains,"Mortgage rates"
[enabled],"Email Addresses on CDs","Emails on CDs",16711680,OR,Delete,Subject,contains,"CD's PACKAGE WITH 535 MILLION e-mail addresses",Body,contains,"We can Bullet-Proof your Web Site",Body,contains,"Email Addresses 535&nbsp; MILLION in a 5-disk",Body,contains,"(5 CDs 535 million addresses)",Body,contains,"To be removed from this list send a fax to 1-760-495-5906",Subject,contains," E-maiL AddRESSES? We have 535 miLLion (5cdS) ONLY 99.00",Body,contains,"Email Addresses 535  MILLION in a 5-disk set",Body,contains,"MULTILEVEL MARKETING OPPORTUNITIES:",Body,containsRE,(broadcastemailadvertise\.net|awayoutofdebtfast\.com|1ccms\.com),Subject,contains,"99 million emails for only $99"
[enabled],"Wholesale Business Services",".ws registrars",16711680,OR,Delete,From,containsRE,"Wholesale\ Business\ Services\ ,\ Inc\.",Body,contains,"REGISTER Your .WS (Web Site) Domain Names Now:",Subject,contains,"1st Page Search Engine Listings",Body,contains,"Never pay long distance charges again!!!"
[enabled],"W O R K Spam",CRAP,16711680,AND,Delete,ReturnPath,contains,@hotmail.com,To,contains,jobs@,Body,containsRE,@www\.didyouhirethem\.com
[enabled],"Work from home",HomeWork,16711680,OR,Delete,Subject,contains,"Start working from home Today!"
[enabled],"Adult (S)","Adult (S)",16711680,OR,Delete,Subject,containsRE,"XXX|(Adult|Mature) Content|Adults? Only|No Minors|Uncensored",Subject,containsRE,"(Rough|Hot|Teen).* Adult|Sex|Barely Legal Teen|Wet Teen|Teen (Action|Sweetheart|Orgies)|Bitch|Escorts|(^|\s)Cum($|\s|-)|C0ck|Pen[i1l]s|Lesbian",Subject,containsRE,"Sluts|Fuck|Pussy|Pussies|(Suck|Big|Massive|Large) Cock|Virgin\W|Hard-?core|Cumshot|\WCum\W|Suck My|Lesbo Site|Blow ?Job|Sex Videos|Hot(test)? .*P[i1l]cs",Subject,containsRE,(?-i)ADULT|COCKS,Subject,containsRE,"(Nude|Naked|Sex) .*Pic|Barely (Legal|Adult)|(Wet|Dripping|Hot) (Teens|Lesbians)",Subject,containsRE,"Adult Links|Sex (Show|Site)|Porn (Movies|Flick)|Married.+But.+Lonely|Hot Moms|Sexy Photo|Wet Sex",Subject,containsRE,"Horny.+(Housewives|Teens)|(Naked|Nude) (Lesbians|Women|Teens|Girls)",Subject,containsRE,Animals.+(Girls|Women)|(Girls|Women).+Animals,Subject,containsRE,"Tight(est)? (Pussy|Vagina)|Dicks|V[il1]rg[il1]ns|P0rn|L[o0][l1][il1]ta|Gang[ -]?bang| Dong|Hardc0re|H0rny|Cunt|Twat ",Subject,containsRE,"Schoolgirls|Co-Eds Shag for Beer Money!"
[enabled],"Adult (B)","Adult (B)",16711680,OR,Delete,Body,containsRE,"(Hot|Wet) Teen|Barely (Legal|Adult)",Body,containsRE,"(?-i)\WXXX\W(?i)|Site Secrets|Adult (Site )?Links",Body,containsRE,"\WCum\W|Hot Naked Women|Gang ?Bang|Fuck|Dildos",Body,containsRE,"Phone Sex|Married[ \.-]But[ \.-]Lonely",Body,containsRE,"You.{1,15}\d\d .{1,20}To Enter",Body,containsRE,https?://.*xxx.+$,Body,contains,@Sex2go.com/wmaster.asp,Body,containsRE,freshteenporn\.com|bigcocksporn\.com,Body,contains,farmsex.jpg,Body,contains,public.srce.hr
[enabled],"Bad ""From"" (F)","Blank From: Address (F)",255,OR,Delete,From,doesn'tContainRE,"[\w.-]+@([\w-]+\.)+[A-Z]{2,4}"
[enabled],"Bad ""X"" Header (H)","Bad ""X"" Header (H)",16711680,OR,Delete,EntireHeader,containsRE,X-BulkEmail|X-Removal,EntireHeader,containsRE,"X-Sender.*News Breaker",EntireHeader,containsRE,X-Adverti[sz]e?ment:,EntireHeader,containsRE,"X-Mailer.*(Aristotle Mail|Avalanche|E-Mail Magnet|Emailer Platinum.*Internet Marketing|eMarksman|Extractor Pro|Floodgate Pro|Group ?Mail|Mailcast|Millennium Mailer|motion sender|SuperSpam|WorldMerge)"
[enabled],"Cell Phone (S)","Cell Phone (S)",16711680,OR,Delete,Subject,containsRE,"Free .*(Phone|Cellular|Nokia|Motorola)",Subject,containsRE,"(Cell |Cell.?Phone|Cellular) .+(Free|Static|Reception)",Subject,containsRE,boost.+(Cell.?Phone).+Signal,Subject,containsRE,(Cell.?Phone).+Signal.+boost,Subject,contains,"Antenna Amplifier",Subject,containsRE,"Better.+Cell Phone"
[enabled],"College Degree (S,B)","College Degree (S,B)",16711680,OR,Delete,Subject,containsRE,"(Earn|University|College|Your|You Qualify).{1,20}(Degree|Diploma)",Body,containsRE,"(Earn|University|College|Your|You Qualify).{1,20}(Degree|Diploma)"
[enabled],"Computer (S)","Computer (S)",16711680,OR,Delete,Subject,containsRE,"(No More|Rid Of|Stop|Eliminate|Delete) .*(Pop.?Up|Adware|Spyware)",Subject,containsRE,Protect.Your.Computer,Subject,containsRE,Surf.+Fast,Subject,contains,"Screen Saver"
[enabled],"Credit Cards (S,B)","Credit Cards (S,B)",16711680,OR,Delete,Subject,containsRE,"(Gold|Platinum|Titanium|Approval|Guaranteed|Unsecured|Credit|No Deposit|Free|Get|Qualify).+(Master ?Card|Visa|(Credit|Gold|platinum).+Card|Approved|Approval)",Subject,containsRE,(Credit|Card).+(Approved|Approval|Accepted),Subject,containsRE,"(Get|New|Approved|Guaranteed|Apply).+ (Credit|Gold|Platinum|Titanium|Visa|MasterCard)",Subject,containsRE,"Accept.+Credit Cards|Merchant Account",Body,containsRE,"Accept.{1,15}Credit Cards|Merchant Account"
[enabled],"Dating Service (S,F)","Dating Service (S,F)",16711680,OR,Delete,Subject,containsRE,"(Find Your|Dream|Soul|Sexier).+Mate",Subject,containsRE,"(Are You|Meet Other|Chat With|Local|Contact) .*Single",Subject,containsRE,"True Love|Photos Of Singles|Find Someone Special|Meet Single People",Subject,containsRE,"(Some ?one|Guess Who) Wants To Meet You|Attract .*Instantly",From,contains,Dating,Subject,containsRE,"(Females|Singles|Women|Sexy) .* Your Area"
[enabled],"Dating Service (B)","Dating Service (B)",16711680,OR,Delete,Body,containsRE,"(Find Your|Dream|Soul)[\s-]Mate",Body,containsRE,"Quality Relationship",Body,containsRE,"(Are You|Meet Other).{1,15}Single",Body,contains,"Meet A Married Woman",Body,contains,sevmtnsci.com
[enabled],"Debt Consolidation (S)","Debt Consolidation (S)",16711680,OR,Delete,Subject,containsRE,(Debt|Bill).+(Payments|Relief|Free|Elimination|Help|Assistance),Subject,containsRE,"(Erase|Slash|Eliminate|Reduce|Cut|Too Much|Get Out Of|Credit Card|Away Your|Consolidate|Freedom From|Take Control|Solutions? To|Without|Clear|Paying) .*(Debt|Bills)",Subject,containsRE,"(In|Got|Overwhelmed|Too (Much|Many)|Wipe Out|Worry.+About|Dissolve|Monthly|More).+(Debt|Bills)",Subject,containsRE,"(Perfect|Rebuild|Get Back|Bad|Clear).+Credit",Subject,containsRE,"Consolidation|(Home (Equity|Loan))|Bill Free|Financial .*(Help|Assistance)",Subject,containsRE,"Back (Taxes|Child Support)",Subject,containsRE,"(Stop Making|Reduce) .*Payments|Lost.+Job",Subject,containsRE,"Tax (Problems\?|Debt)",Subject,containsRE,"(Halt|Stop) Creditor|Get Help.+Today|Your Bills|Owe\?|Past Due\?|Financial Stress|(Bill|Money) Problems| Bill .*Free|Monthly Payments|Your .*Finances",Subject,containsRE,"High.+Interest|Improve.+Credit.+(Instantly|Immediately)|Consolidate .*Loan"
[enabled],"Debt Consolidation (B)","Debt Consolidation (B)",16711680,OR,Delete,Body,containsRE,"Have Perfect Credit|Financially Free|Free (Yourself )?From Debt.*$",Body,containsRE,"Debt (Elimination|Consolidation)",Body,containsRE,"Tired of.{1,20}(Bill|Debt)"
[enabled],"Ebay Scams","eBay Scam",16711680,OR,Delete,Subject,containsRE,"Quit your .? job",Subject,contains,"learn to make a fortune with eBay",Subject,contains,"work on ebay",Body,contains,%random_word,EntireHeader,contains,"Profit huge with eBay!",Subject,contains,"Quit your job and work on ebay"
[enabled],"Embedded Object Exploit",Exploit-ObjectData,255,AND,Delete,Body,contains,"<object ",Body,contains,"data="""
[enabled],"Extended Blacklist (F)","Extended Blacklist (F)",255,OR,Delete,From,containsRE,[a-z]+\d\d\d\d[a-z]\d\d@,From,containsRE,[a-z]\d\d\d\d[a-z]\d\d\d\d@,From,containsRE,"([a-z]+_){2,}\d+@yahoo\.com",From,containsRE,"Reduce .*Debt|Deals|Financially",From,containsRE,"\?|Car Loan|Loans|Rewards|Credit|Instant|Special[ \._-]?offer|Offers|Vacation|Blowout|Compare|Coral[ \._-]?Calcium|Values",From,containsRE,\w+-replyto-\d+-d+@.+\.com
[enabled],".EU Domains Spam",".eu Spam",16711680,OR,Delete,Subject,contains,"Domain Landrush: YOURNAME.EU",Subject,contains,"Domain Landrush: ",Subject,contains,YOURNAME.EU,From,contains,"eu Registry Services"
[enabled],"Financial Investments",Stocks,16711680,OR,Delete,Subject,contains,"Latest OTC Recommendation",Body,contains,OTCBB,Subject,contains,"Urgent Investor Recommendation",Body,contains,"Hot OTC Stock",Body,contains,"LAST TWO MONTHLY PICKS:",Subject,contains,"Stock Ready to Breakout",Subject,contains,"Trading Alert of the Week ",Body,contains,"MINING STOCKS ARE EXPLODING!",Body,contains,"Urgent Stock Alert!",Body,contains,"California Investors Network Coalition"
[enabled],"Free/Win (B)","Free/Win (B)",16711680,OR,Delete,Body,containsRE,"Get.{1,15}Free (Membership|Info)",Body,contains,"Claim Your Complimentary"
[enabled],"Health/Beauty (S)","Health/Beauty (S)",16711680,OR,Delete,Subject,containsRE,"Feel .*(Healthier|Younger)|Reverse.Aging|Perfect Skin",Subject,containsRE,"(Stop|Quit) Smoking|Stimulate Hair",Subject,containsRE,"Penis.+(Enlargement|Bigger|Size)|Be Longer",Subject,containsRE,"Better Sex|Your Impotenc|Sexual Potency|Male Organ",Subject,containsRE,"Doctor Approved|Pheromones",Subject,containsRE,"Bigger Breast|Enhance Your Size|Size (Matters|Does Matter)",Subject,containsRE,"(Giant|Thick(|er)|Fuller|Big(|ger)|Large(|r)|Enlarge Your) (Pen[i1l]s|Johnson|Dick|Tool|Knob|Manhood|Breasts)",Subject,contains,"Size must matter to someone ",Subject,contains,"Male Package Enlarger",Subject,contains,"Length Increasement"
[enabled],"Health/Beauty (B)","Health/Beauty (B)",16711680,OR,Delete,Body,containsRE,"Enlarg(e|ing) Your Penis",Body,containsRE,"(Penile|Penis|Organ) Enlargement",Body,containsRE,"Large(|r) Penis",Body,contains,"begins in an unclean Colon!",Body,contains,"a good colon cleansing program.",Body,contains,justdoing.biz,Body,contains,www.medsdepot.biz,Body,contains,"male enlargement program"
[enabled],"Logo spam",Logos,16711680,OR,Delete,Subject,is,"Cheap logos for your business",Subject,is,"Professional Logo and Corporate ID Design"
[enabled],"Long Distance Spam","Long Distance",16711680,OR,Delete,Subject,contains,"15 Cents Per Minute on Long Distance Conferencing",Subject,contains,"Long Distance Conferencing",EntireHeader,contains,"X-Mailer: eGroups Message Poster",Body,contains,about-mtg.com/mortgage,Body,contains,http://www.about-mtg.com/mortgage/conf/
[enabled],"Money Making 2 (S)","Money Making 2 (S)",16711680,OR,Delete,Subject,containsRE,"%.+Money|Money.+%|Money Making",Subject,containsRE,"Advance Your Career|Career Advancement",Subject,containsRE,"Your Own Hours|Work(|ing).+When You Want|Employment Opportunity"
[enabled],"Money Making (B)","Money Making (B)",16711680,OR,Delete,Body,contains,"No Experience Necessary",Body,contains,"Per Week!",Body,containsRE,"(Earn(ing|)|Make) Money .{1,15}From Home",Body,contains,"Make Up To $"
[enabled],"Pharmacy (S,B)","Pharmacy (S,B)",16711680,OR,Delete,Subject,containsRE,V[i1l]agra|Erectile,Subject,containsRE,"(?-i)HGF|HGH(?-i)|Human Growth|Hgh|Huuman Growth Hormone|H\*G\*H",Body,containsRE,"Growth.+Hormone|(?-i)HGH|HGF|H G H 1000(?i)",Subject,containsRE,"Let Our Doctors|Prescribed OnlineLOWEST Prices of Drugs ANYWHERE",Body,containsRE,"Online (Prescription|Rx|Drug|Pharmacy)",Subject,containsRE,"Online (Prescription|Rx|Drug|Pharmacy)",Body,containsRE,"Prescription Drugs Online|bestexpressmeds|Offshore Pharmacy!",Subject,containsRE,"Non.?Prescription|Herbal Alternative",Body,contains,http://www.rxmedsusa.com/,Body,contains,"drugs online with NO prescription required."
[enabled],"Prescription Drugs",Drugs,16711680,OR,Delete,Subject,contains,"LOWEST Prices of Drugs ANYWHERE",Body,contains,"All New Online Pharmacy with BEST DEALS! GUARANTEED LOWEST PRICES",Body,contains,http://www.pharmacyworldwide.biz/pharm/,Body,contains,www.tolast55.com,Body,contains,"OUR DOCTORS WILL WRITE YOU A PRESCRIPTION FOR",Body,contains,.instrhh.com
[enabled],"Weight Loss (S)","Weight Loss (S)",16711680,OR,Delete,Subject,containsRE,We[i1l]ght.Loss,Subject,containsRE,(Lose|Melt).+(LBS|Pounds|We[i1l]ght|Fat),Subject,containsRE,"Dieting|Unwanted (Weight|Pounds)",Subject,containsRE,"Fat Burn(ing|er)|Burn(ing|) Fat",Subject,containsRE,"Get.+Firm Abs"
[enabled],"Hospital Directory Spam","Hospital Directory",16711680,OR,Delete,Body,contains,"American Hospital Email Directory",Subject,contains,"hospital email addresses"
[enabled],".WS Domain Spam","Domain",16711680,OR,Delete,From,contains,"Domain Hostmaster",Subject,contains,".WS is growing faster than .COM",Body,contains,"*  Have a nicer looking email address?",Body,contains,"The .WS (WebSite) domain is GLOBAL and is recognized by over 6 Billion people",Body,contains,"My name is Ed Green and I want to show you something interesting that you can try on the web right now.",Body,contains,"Pull up your web browser and type: www. <firstname-lastname> .ws",Body,contains,http://www.LeadsOnline.ws/mjsmith/,Subject,contains,".WS (WebSite) Domains ",Body,contains,"The .WS ""WebSite"" Domain Name Registry is the #37 fastest growing",Body,contains,"Get a .ws (WebSite) globally accessible domain name."
[enabled],"Misc. Ads (S)","Misc. Ads (S)",16711680,OR,Delete,Subject,containsRE,"(?-i)GUARANTEED(?i)|[,-] Guaranteed",Subject,containsRE,"Pennies A Day|As Seen On|Act Now|Risk Free|Get.+(Today|Now)!",Subject,containsRE,"(Seized|Unclaimed) (Property|Properties)",Subject,containsRE,"In (Just|Only) (Minutes|Moments)",Subject,containsRE,"^Now Available|Try Our New|We Can Help|No Cost",Subject,containsRE,Call\s\S*\d\d,Subject,containsRE,"Lowest (Price|Rate)|Save (Hundreds|Thousands)",Subject,containsRE,"100% (Safe|Effective|Guaranteed)|Guarantee .*Results|Results Guaranteed|Cut.+ Cost",Subject,containsRE,"No.Obligation|No.Risk|Seen On TV|Limited Time|Join Now|\sNow!|Why Wait",Subject,contains,"paris hilton caught on cam"
[disabled],"Misc. Ads (B)","Misc. Ads (B)",16711680,OR,Delete,Body,containsRE,"Revealed.{1,10}Pros\W",Body,containsRE,"Money.Back Guarantee|Real Savings On",Body,containsRE,"Dear Homeowner|No Credit Card|To Learn More",Body,containsRE,"Risk.Free Trial",Body,containsRE,"(Special|Limited|Limited Time).{1,25}(Offer|Opportunity)",Body,containsRE,"Get Your Free|Order Now And Get",Body,contains,go-mtg.com/mortgage/conf/rm.html,Body,contains,ukpoint.biz,Body,contains,"Swift Logos",Body,contains,"Fun! New Mini Remote Control Cars & Boats!"
[enabled],"Random phoney email prefixes","Phoney prefix",16711680,AND,Delete,From,containsRE,[a-z]+\d+[a-z]+\d+,From,containsRE,\d+[a-z]+\d+[a-z]+
[enabled],"Questionable Link (B)","Questionable Link (B)",33023,OR,Body,containsRE,http://[1-9],Body,containsRE,"Click.{1,20}To Order",Body,containsRE,http://[\w\.]+@,Body,contains,"href=""http://massivefreehosting.com"
[enabled],"Contains Script (B)","Contains Script (B)",33023,OR,Delete,Body,contains,"SCRIPT LANGUAGE="
[enabled],"Save Gas",Gas,16711680,OR,Delete,Body,contains,http://www.azxq.org,Subject,contains,"save gas",Subject,contains,"save on gasoline now"
[enabled],"Suspicious Routing* (H)","Suspicious Routing (H)",33023,OR,Delete,EntireHeader,containsRE,Received:.+(\.ru|\.rr|\.cz|\.ro|\.md|\.fi|\.dk|\.vu|\.kr|\.no|\.ar|\.br|\.jp|\.tw|\.cn|\.nl|\.co|\.in|\.se|\.ac|\.it|\.fr|\.tr|\.be|\.at|\.za)\W
[enabled],"Suspicious Origin (F)","Suspicious Origin (F)",33023,OR,Delete,From,containsRE,@(msn\.com|yahoo\.com|hotmail\.com|excite\.com|aol\.com),From,containsRE,you(rmail|rdomain)\.(net|com|org|cc),From,containsRE,friend@public\.(net|com|org|cc),From,containsRE,"promotions?|bargains?|Screen ?Saver",From,containsRE,Anybody|Anyone|Bulk|Casino|Credit|Everybody|Everyone|Friend|Hotdeals|Nobody|Promo|Savetrees|Winner|User|XX+|Free|AutoQuote,From,containsRE,offers|sav(e|ings)|special|free|hotdeals|wincash,From,containsRE,"Inkjet ?Cartridges",From,containsRE,"Relief From|Concerned|Work At Home",From,containsRE,Suffering|Unwanted|Guaranteed|opt[\._-]?in,From,containsRE,"(.)\1{3,}|(.+_){2,}|([A-Z]+[\.\-_]){3,}"
[enabled],"Invalid Header Field (F,H)","Invalid Header Field (F,R,H)",16711680,OR,Delete,EntireHeader,doesn'tContainRE,(?m)^Message-ID:\s<.+@[\w\.-]+>,EntireHeader,doesn'tContainRE,"(?m)^Date:\s([A-Z]{3},\s)?\d{1,2}\s[A-Z]{3}\s\d{4}\s\d{1,2}:\d{2}(:\d{2})?\s(([+-]\d{4})|([CEMP][DS]|GM|U)T)"
[disabled],"Example filter - Mail sent to ""Undisclosed recipients"" (ie not specifically me)","undisclosed recipients",16711680,AND,Delete,To,contains,undisclosed,To,contains,recipients