# BOGUSHEADER-PATTERNS.RC
#
#  Patterns for non-existent domains and forged received headers.
#
#  Last updated: 10/16/2005

# Non-Existent Domains
#
#  These are domains that are not registered/do not exist.
#
:0
* LEANTAG ?? no
{
 :0 BH
 * !--.*forwarded message --
 * !^forwarded message:
 * -1000^0
 *  1100^0    (^|[^-_0-9a-z])arqczc(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])awnxqptdq(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])course-catalog(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])cyberemailings(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])dns2mailblocks(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])dreamscaper(ÿ|\.|=2E|%2E)co(ÿ|\.|=2E|%2E)mn([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])freeemailservices(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])gahtydsliy(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])globalunsubcribe(ÿ|\.|=2E|%2E)org([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])hereswaxing(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])hijknj(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])kbdsezt(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])krhhkqvuwe(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])moneymadness(ÿ|\.|=2E|%2E)co(ÿ|\.|=2E|%2E)lb([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])moveaheassdsdf233(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])otnhedpi(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])passibus(ÿ|\.|=2E|%2E)net([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])qzfhdyx(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])rhlu(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])silverstate(ÿ|\.|=2E|%2E)co(ÿ|\.|=2E|%2E)sy([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])StopAllThatSpam(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])suempresa(ÿ|\.|=2E|%2E)com(ÿ|\.|=2E|%2E)ar([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])svvkaafsvoon(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])treasurecity(ÿ|\.|=2E|%2E)biz(ÿ|\.|=2E|%2E)in([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])ttwqtr(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])tzujqhb(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])unqurfn(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])vozwng(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])wydpbptv(ÿ|\.|=2E|%2E)net([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])xenailrec(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 {
  SBLOG="A1R-Bogus Domain (nonexistent)"
  INCLUDERC=${SBDIR}/functions/loglevel.rc

  :0
  * $ ${SBSCORE}^0
  * 5^0
  { SBSCORE=$= }
 }
}


# Unused Domains
#
#  These are parked domains, hijacked domains, or other unused domains.
#  In most cases, these are domains forged into headers or used in phony
#  "remove" links by spammers.
#
:0
*  ^(From|Received):.*[^-_0-9a-z](altavista\.(com|net)|\
                                  angelfire\.com|\
                                  goatse\.cx|\
                                  ybecker\.net)([^a-z0-9.]|$)
{
 SBLOG="A1R-Bogus Domain (Unused Domain in Received/From Headers)"
 INCLUDERC=${SBDIR}/functions/loglevel.rc

 :0
 * $ ${SBSCORE}^0
 * 5^0
 { SBSCORE=$= }
}

:0
* LEANTAG ?? no
{
 :0 B
 * !--.*forwarded message --
 * !^forwarded message:
 * -1000^0
 *  1100^0    (^|[^-_0-9a-z])altavista(ÿ|\.|=2E|%2E)(com|net)([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])angelfire(ÿ|\.|=2E|%2E)com([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])goatse(ÿ|\.|=2E|%2E)cx([^a-z0-9.]|\. |\.$|$)
 *  1100^0    (^|[^-_0-9a-z])ybecker(ÿ|\.|=2E|%2E)net([^a-z0-9.]|\. |\.$|$)
 {
  SBLOG="A1R-Bogus Domain (Unused Domain in Message Body)"
  INCLUDERC=${SBDIR}/functions/loglevel.rc

  :0
  * $ ${SBSCORE}^0
  * 5^0
  { SBSCORE=$= }
 }
}