Test Performed

Test Description

AWL

Standard description: "From:" of the address is auto-whitelisted

Explanation:

Automatic Whitelisting (AWL) keeps track of the scores associated with known senders and pushes the total score of the mail to the sender's average. Thus, mail from a previous sender that has a higher-than-average score may receive a negative score; mail with a lower-than-average score may receive a positive score.

BAYES_99

Standard description: Bayes spam probability is 99 to 100% (or 99.00 to 100.00% for BAYES_999).

Explanation:

The SpamAssassin includes a Bayesian filter that assigns scores based on the user's previous email history. This can assign both positive and negative scores. For example, a user might receive a given spam message multiple times through a relay identified in a DNSBL, so that the SpamAssassin correctly identifies it as spam. If the user receives the same message through a new unlisted relay, the Bayesian algorithm will assign him a high score based on previous experience.

Conversely, if a user receives a regular newsletter from a fitness club, and one issue references diet and weight loss pills (which normally flage the message as spam), the Bayesian algorithm will assign it a lower score.

BAYES_999

DKIM_SIGNED

Standard description: Identified mail domain keys: the message has a signature

Explanation:

The message is signed using DKIM (http://www.dkim.org/)

DKIM_VALID

Standard description: Domain keys Identified mail: verification of signature passes

Explanation:

The message is signed using DKIM (http://www.dkim.org/) and the signature has been verified

DKIM_VALID_AU

Standard description: The message has a valid DKIM or DK signature from the originator's domain

Explanation:

The emails contain a DKIM signature validated to the author's domain, which essentially means that the email comes from where it says it is.

HTML_IMAGE_ONLY_20

Standard description: HTML: images with 1600-2000 bytes of words

Explanation:

This can indicate a message using an image instead of words in order to bypass text-based filtering.

HTML_MESSAGE

Standard description: HTML included in the message

Explanation:

HTML messages are more visually appealing than plain text.

HTML_SHORT_LINK_IMG_3

Standard description: HTML is too short with an image attached

Explanation:

The message is HTML with only one link to an external image. This may indicate an attempt to avoid text-based filters.

HTML_TITLE_SUBJ_DIFF

-

MIME_HTML_ONLY

Standard description: The message has only text/html MIME parts

Explanation:

Indicates that the message lacks the alternative plain text part.

MIME_HTML_ONLY_MULTI

Standard description: Multipart message has only text/html MIME parts

Explanation:

A multi-part message usually has HTML and plain text alternatives with the same content. One with only HTML parts may indicate an attempt to avoid text-based filters.

MPART_ALT_DIFF

Standard description: HTML and text parts are different

Explanation:

The mail contains content in both HTML and plain text format, but its content is (most likely) different. This suggests that the sender is not using a normal mail client, and is trying to evade filtering by using a message that looks different to humans and mail filters.

RCVD_IN_DNSWL_BLOCKED

Standard description: The DNSWL query was blocked.

Explanation:

DNS block lists are a common form of network-accessible database used for spam detection. They are also referred to as "DNSBLs", "DNS Black Lists" and "RBLs".

SPF_HELO_PASS

Standard description: SPF: HELO corresponds to the SPF register

Explanation:

SPF (Sender Policy Framework) is an open standard that specifies a technical method to prevent the spoofing of sender addresses. The domain in the HELO command is compared against a list of allowed mail relays for that domain. This states, for example, that mail from [email protected] should have come through mail.example.com and not mail.badguys.info.

In a normal mail client, the HELO command uses the Internet name of the computer sending the mail, so someone can use your 1-2-3-dyn.bigisp.com computer to send mail through the bigisp.com mail relay, which has an SPF record indicating that this is allowed.

Passe

A "Pass" result means that the client is authorised to inject mail with the given identity. The domain can now, in a reputational sense, be held responsible for sending the message. Further policy checks can now proceed with confidence in the legitimate use of the identity.

ð  From RFC 4408

SPF_PASS

Standard description: SPF: sender corresponds to the SPF record

Explanation:

SPF (Sender Policy Framework) is an open standard that specifies a technical method to prevent the spoofing of sender addresses. The sender domain is compared against a list of allowed mail relays for that domain. This states, for example, that mail from [email protected] should have come from mail.example.com and not mail.badguys.info.

This often happens when users forward their mail to another domain, but the forwarding mechanism is not SPF-sensitive. Such a user would see SPF_FAIL tags in some of their incoming mail.

Passe

A "Pass" result means that the client is authorised to inject mail with the given identity. The domain can now, in a reputational sense, be held responsible for sending the message. Further policy checks can now proceed with confidence in the legitimate use of the identity.

ð  From RFC 4408

T_REMOTE_IMAGE

Standard description: The message contains an external image

Explanation:

The message contains an image that is not attached but is uploaded from an external server.

URIBL_BLOCKED

Standard description: Consultation of the URIBL was blocked.

Explanation:

DNS block lists are a common form of network-accessible database used for spam detection. They are also referred to as "DNSBLs", "DNS Black Lists" and "RBLs".

Spamscore

Sum of the total points of the tests performed