#LAST UPDATED 12/31/2020

REVDNS		END	PCRE	(?im:(^|\.)(?!hotmail|live|msn|outlook)[a-z-0-9]+\.((?!hotmail|live|msn|outlook)([a-z]{2,}\.)?[a-z]{2,6}$))
REVDNS		END	PCRE	(?i:(^[a-z0-9[\]<>()\s-]+|(?:[0-9]{1,3}\.){3}[0-9]{1,3})$)

#REVDNS		END	NOTENDSWITH	.hotmail.com

#-------------------------------------------------------------------#
#	BALANCE WEIGHTS		 	 #
#-------------------------------------------------------------------#

TESTSFAILED	1	PCRE	(SPFPASS)
TESTSFAILED	1	PCRE	(CASA)
TESTSFAILED	1	PCRE	(MTAWLREV)
TESTSFAILED	2	PCRE	(MAILSPIKE-H2)
TESTSFAILED	2	PCRE	(URIBL-WHITE)

TESTSFAILED	-1	PCRE	(NOPOSTMASTER)
TESTSFAILED	-2	PCRE	(NOABUSE)

#-------------------------------------------------------------------#
#	BUMP			 	 #
#-------------------------------------------------------------------#

TESTSFAILED	8	PCRE	(FILTER-NON-ENGLISH)
TESTSFAILED	5	PCRE	(SNIFFER)
TESTSFAILED	10	PCRE	(FILTER-SEO)
TESTSFAILED	3	PCRE	(FILTER-(ADULT|DRUGS|LOTTO|MEDICAL|SCAM|STOCKS|SCHEME))
TESTSFAILED	1	PCRE	(SORBS-RECENT)

#CHINESE
ANYWHERE	5	PCRE	(?i:(charset=.{0,2}(big5|gb2312).{0,2})|(\=\?(big5|gb2312)\?))

#COUNTRIES
COUNTRIES	8	PCRE	(JP)
COUNTRIES	8	PCRE	(KR)
COUNTRIES	8	PCRE	(TW)
COUNTRIES	8	PCRE	(CN)

#-------------------------------------------------------------------#
#	HOTMAIL HEADERS		 	 #
#-------------------------------------------------------------------#

HEADERS		30	CONTAINS	(?im:Received-SPF\: Fail \(protection\.outlook\.com: domain of)

HEADERS		-1	CONTAINS	X-Originating-IP: [
HEADERS		-1	CONTAINS	X-Originating-Email: [
HEADERS		-1	CONTAINS	Received: from mail pickup service by hotmail.com

#-------------------------------------------------------------------#
#	SUBJECT				 #
#-------------------------------------------------------------------#

SUBJECT		5	PCRE	(?i:([a-z0-9]){50})

#-------------------------------------------------------------------#
#	SPAM SIGNATURES		 	 #
#-------------------------------------------------------------------#

BODY		10	PCRE	(?i:www\.[a-z]{5,50}\.[a-z]{2,4}=0A=(\r\n){2}.*=20)
BODY		10	PCRE	(?i:icontact\.com)

BODY		10	PCRE	(?:Please Enable (Content|links))
BODY		10	PCRE	(?:Accept Content to View)

#-------------------------------------------------------------------#
#	SPAM CONTENT			 #
#-------------------------------------------------------------------#

BODY		5	PCRE	(?:Search Engine Optimization)
BODY		5	PCRE	(?:SEO service)
BODY		3	PCRE	(?:Business Consultant)

#UNLIKLEY URL EXTENSIONS
BODY		5	PCRE	(?i:/sunny\.php)
BODY		5	PCRE	(?i:friends\.links\.php)
BODY		5	PCRE	(?i:http://.+(\.(info|biz)|co/|j\.mp))
BODY		5	PCRE	(?i:http://www.(google|facebook).com/url\?)
BODY		5	PCRE	(http://[youtbe ]{8,10}\.com)

#ABUSED EXTENSIONS
BODY		10	PCRE	(?i:http://bit\.ly)

#-------------------------------------------------------------------#
#	HOTMAIL CREDITS			 #
#-------------------------------------------------------------------#

#BODY
BODY		-5	PCRE	(?i:https://account.live.com/password/resetconfirm?)
BODY		-5	PCRE	(?i:https://account.live.com/password/resetcancel?)

BODY		-15	PCRE	(?i:Hello,.[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,4}:)

#PHOTO ALBUM
BODY		-10	PCRE	(?i:This album has [0-9]{1,3} photo and will be available on SkyDrive until)

#HOTMAIL OUTBOUND IP SPACE
#REMOTEIP	0	CIDR	65.54.246.64/26
#REMOTEIP	0	CIDR	65.54.246.128/26
#REMOTEIP	0	CIDR	65.54.246.192/26
#REMOTEIP	0	CIDR	65.55.116.0/26
#REMOTEIP	0	CIDR	65.55.116.64/26
#REMOTEIP	0	CIDR	65.55.111.64/26
#REMOTEIP	0	CIDR	65.55.111.128/26
#REMOTEIP	0	CIDR	65.55.175.128/25
#REMOTEIP	0	CIDR	65.55.162.128/26
#REMOTEIP	0	CIDR	65.55.175.128/25
#REMOTEIP	0	CIDR	65.55.90.0/24
#REMOTEIP	0	CIDR	65.55.34.0/24