Skip to content

Instantly share code, notes, and snippets.

@cpragadeesh
Created August 23, 2017 21:00
Show Gist options
  • Save cpragadeesh/4745522d690f242baa12e599306bac12 to your computer and use it in GitHub Desktop.
Save cpragadeesh/4745522d690f242baa12e599306bac12 to your computer and use it in GitHub Desktop.
SYMBOL OLD_SCORE NEW_SCORE
R_MIXED_CHARSET 5 5.43
FORGED_MUA_THEBAT_BOUN 2 0.44
FORGED_MUA_THEBAT_MSGID_UNKNOWN 3 17.22
MID_BARE_IP 2 -5.16
FROM_EXCESS_BASE64 1.5 3.21
SUBJ_ALL_CAPS 3 20.95
FAKE_REPLY_C 6 2.69
TO_DOM_EQ_FROM_DOM 0 9.70
R_BAD_CTE_7BIT 4 22.36
SUSPICIOUS_RECIPS 1.5 2.93
FORGED_OUTLOOK_HTML 5 2.59
MV_CASE 0.5 13.11
R_SUSPICIOUS_URL 5 2.13
BROKEN_HEADERS 10 4.96
FAKE_REPLY 1 -15.45
SUBJECT_ENDS_EXCLAIM 0 18.37
RATWARE_MS_HASH 2 7.74
RCPT_COUNT_GT_50 0 -0.70
PREVIOUSLY_DELIVERED 0 0.92
SUBJECT_HAS_EXCLAIM 0 -0.73
FROM_EQ_ENVFROM 0 4.65
INTRODUCTION 2 46.49
REPTO_QUOTE_YAHOO 2 9.44
R_UNDISC_RCPT 3 11.55
MIME_HTML_ONLY 0.2 12.21
FORGED_MUA_MAILLIST 0 -0.78
TAGGED_RCPT 0 -0.70
URI_COUNT_ODD 1 1.03
HEADER_FORGED_MDN 2 0.43
MISSING_TO 2 0.43
FROM_EXCESS_QP 1.2 -19.01
TO_DN_EQ_ADDR_SOME 0 -0.71
FROM_DN_EQ_ADDR 1 4.82
HAS_XAW 0 -9.22
REPLYTO_ADDR_EQ_FROM 0 25.94
HAS_ATTACHMENT 0 3.51
HAS_ORG_HEADER 0 0.92
HTML_SHORT_LINK_IMG_1 2 20.40
REPLYTO_EQ_FROM 0 18.09
RCVD_COUNT_FIVE 0 9.03
HAS_X_PRIO_ONE 0 11.57
PRECEDENCE_BULK 0 -14.50
RCPT_COUNT_THREE 0 -14.15
TO_EXCESS_BASE64 1.5 3.21
RCVD_COUNT_TWO 0 5.27
MID_RHS_IP_LITERAL 0.5 -16.10
ARC_NA 0 3.65
RCVD_COUNT_SEVEN 0 -19.29
DATE_IN_FUTURE 4 1.56
RCPT_COUNT_SEVEN 0 -0.70
FORGED_MUA_KMAIL_MSGID 3 0.46
MIME_BASE64_TEXT 0 4.51
TO_EQ_FROM 0 2.19
MISSING_SUBJECT 2 0.43
INVALID_MSGID 1.7 3.80
MID_MISSING_BRACKETS 0.5 -0.42
SUBJECT_NEEDS_ENCODING 1 6.76
FROM_NO_DN 0 17.19
MIME_GOOD -0.1 -22.25
MIME_HEADER_CTYPE_ONLY 2 10.59
EXT_CSS 1 -0.14
RCVD_COUNT_THREE 0 4.19
RCPT_COUNT_TWO 0 -14.48
TO_DN_ALL 0 -7.43
HFILTER_HOSTNAME_4 2.5 0.71
HAS_REPLYTO 0 9.09
INVALID_RCPT_8BIT 6 2.69
MID_RHS_MATCH_FROM 0 -0.35
MISSING_MIMEOLE 2 9.30
RCVD_ILLEGAL_CHARS 4 6.83
TAGGED_FROM 0 -1.06
HAS_X_PRIO_FIVE 0 2.08
MID_CONTAINS_FROM 1 -18.34
HTTP_TO_IP 1 5.16
CT_EXTRA_SEMI 1 1.60
REPLYTO_DN_EQ_FROM_DN 0 35.11
MISSING_MIME_VERSION 2 10.27
PHISHING 7 3.26
TO_EXCESS_QP 1.2 -0.02
MID_RHS_WWW 0.5 -0.42
URL_IN_SUBJECT 4 1.55
RCVD_COUNT_ONE 0 2.20
SUBJECT_HAS_QUESTION 0 -0.41
FORGED_OUTLOOK_TAGS 2.1 0.91
FROM_HAS_DN 0 -5.70
CTYPE_MIXED_BOGUS 0.1 7.23
R_SUSPICIOUS_IMAGES 5 9.39
RCPT_COUNT_TWELVE 0 5.01
SUBJECT_ENDS_SPACES 0.5 2.44
INVALID_FROM_8BIT 6 2.69
SUBJ_EXCESS_QP 1.2 -0.02
FORGED_MUA_OUTLOOK 3 34.72
TO_DN_NONE 0 10.93
MIME_MA_MISSING_HTML 1 -0.14
CTE_CASE 0.5 -2.62
TO_MATCH_ENVRCPT_ALL 0 -0.70
RCPT_COUNT_FIVE 0 -0.70
HAS_X_ANTIABUSE 0 -4.46
RCVD_COUNT_TWELVE 0 -3.32
HTML_SHORT_LINK_IMG_3 0.5 -0.42
ENVFROM_SERVICE_ACCT 1 -0.14
MIME_MA_MISSING_TEXT 2 0.89
MID_RHS_NOT_FQDN 0.5 -15.92
FROM_NEQ_ENVFROM 0 -18.40
HAS_WP_URI 0 -0.71
HTML_SHORT_LINK_IMG_2 1 9.16
HFILTER_URL_ONLY 2.2 0.54
MIME_UNKNOWN 0.1 -0.65
MIME_BAD_ATTACHMENT 4 1.56
TO_DN_SOME 0 -18.46
RCPT_COUNT_ONE 0 15.33
HAS_XOIP 0 -17.53
R_PARTS_DIFFER 1 2.45
SUBJECT_HAS_CURRENCY 1 3.70
RCPT_COUNT_ZERO 0 -0.70
FROM_NAME_EXCESS_SPACE 1 2.63
RCVD_NO_TLS_LAST 0 4.03
REPLYTO_DOM_EQ_FROM_DOM 0 17.25
REPLYTO_DOM_NEQ_FROM_DOM 0 -21.06
MAILLIST -0.2 -34.28
FROM_NAME_HAS_TITLE 1 22.67
R_MISSING_CHARSET 2.5 11.54
DATE_IN_PAST 1 -2.24
R_DKIM_NA 0 -0.70
R_SPF_DNSFAIL 0 21.45
SUBJECT_ENDS_QUESTION 1 -0.04
HAS_X_PRIO_THREE 0 -9.90
BROKEN_CONTENT_TYPE 1.5 5.41
ONCE_RECEIVED 4 4.46
TO_DN_EQ_ADDR_ALL 0 11.75
Class changes
MID_BARE_IP 2 -5.16
FAKE_REPLY 1 -15.45
FROM_EXCESS_QP 1.2 -19.01
MID_RHS_IP_LITERAL 0.5 -16.10
MID_MISSING_BRACKETS 0.5 -0.42
EXT_CSS 1 -0.14
MID_CONTAINS_FROM 1 -18.34
TO_EXCESS_QP 1.2 -0.02
MID_RHS_WWW 0.5 -0.42
SUBJ_EXCESS_QP 1.2 -0.02
MIME_MA_MISSING_HTML 1 -0.14
CTE_CASE 0.5 -2.62
HTML_SHORT_LINK_IMG_3 0.5 -0.42
ENVFROM_SERVICE_ACCT 1 -0.14
MID_RHS_NOT_FQDN 0.5 -15.92
MIME_UNKNOWN 0.1 -0.65
DATE_IN_PAST 1 -2.24
SUBJECT_ENDS_QUESTION 1 -0.04
Pre-rescore test stats
Statistics at threshold: 15
F-score: 0.09
False positive rate: 0.00 %
False negative rate: 95.18 %
Overall accuracy: 47.33 %
Post-rescore test stats
Statistics at threshold: 15
F-score: 0.89
False positive rate: 1.49 %
False negative rate: 19.28 %
Overall accuracy: 88.67 %
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment