RegEx Examples

Bruce_Briggs · May 2020

Examples of RegEx for checking SMTP headers.

Originally from Alan Mercer of Catholic Charities Maryland

Original Subject: spamscreen gift

Originally Posted: 1/19/2007 12:53:53 PM on the old Forum WFS boards
Copied from those boards prior to its demise.
Edited to reduce the size of the list 4/17/2020

spamscreen was an anti-spam offering for WFS - the software prior to Fireware

Usual disclaimers apply, use at your own risk.

Subject contains Paris and Nicole" ^((?i)Subject):\s(?i).(paris).nicole
Subject Contains \"hot Chicks\"" ^((?i)Subject):\s(?i).*hot chicks
Subject Contains \"nasty things\"" ^((?i)Subject):\s(?i).*nasty things
Subject contains variants of \"blowjob\"" ^((?i)Subject):\s(?i).*b.?l.?(o|0).?w.?j.?(o|0).?b
Subject contains variants of \"boner\"" ^((?i)Subject):\s(?i).*b.?(o|0).?n.?(e|3).?r
Subject contains variants of \"Boob\"" ^((?i)Subject):\s(?i).*B.?(o|0).?(o|0).?b
Subject contains variants of \"Breast\"" ^((?i)Subject):\s(?i).*B.?r.?(e|3).?(\@|a).?(s|\$).?t
Subject contains variants of \"clitoral\"" ^((?i)Subject):\s(?i).*c.?l.?(i|l|1||).?t.?(o|0).?r.?(\@|a).?l l
Subject contains variants of \"clitoris\"" ^((?i)Subject):\s(?i).*c.?l.?(i|l|1||).?t.?(o|0).?r.?(i|l|1||).?(s|\$)
Subject contains variants of \"creampie\"" ^((?i)Subject):\s(?i).*c.?r.?(e|3).?(\@|a).?m.?p.?(i|l|1||).?(e|3)
Subject contains variants of \"cum\"" ^((?i)Subject):\s(?i).*c.?u.?m
Subject contains variants of \"dildo\"" ^((?i)Subject):\s(?i).*d.?(i|l|1||).?l.?d.?(o|0)
Subject contains variants of \"erotic\"" ^((?i)Subject):\s(?i).*(e|3).?r.?(o|0).?t.?(i|l|1||).?c
Subject contains variants of \"fetish\"" ^((?i)Subject):\s(?i).*f.?(e|3).?t.?(i|l|1||).?(s|\$).?h
Subject contains variants of \"gangbang\"" ^((?i)Subject):\s(?i).*g.?(\@|a).?n.?g.?b.?(\@|a).?n.?g
Subject contains variants of \"horney\"" ^((?i)Subject):\s(?i).*h.?(o|0).?r.?n.?(e|3).?y
Subject contains variants of \"kinky\"" ^((?i)Subject):\s(?i).*k.?(i|l|1||).?n.?k.?y
Subject contains variants of \"lesbian\"" ^((?i)Subject):\s(?i).*l.?(e|3).?(s|\$).?b.?(i|l|1||).?(\@|a).?n
Subject contains variants of \"masterbate\"" ^((?i)Subject):\s(?i).*m.?(\@|a).?(s|\$).?t.?(e|3).?r.?b.?(\@|a).?t.?(e|3)
Subject contains variants of \"naked\"" ^((?i)Subject):\s(?i).*n.?(\@|a).?k.?(e|3).?d
Subject contains variants of \"nudity\"" ^((?i)Subject):\s(?i).*n.?u.?d.?(i|l|1||).?t.?y
Subject contains variants of \"orgie\"" ^((?i)Subject):\s(?i).*(o|0).?r.?g.?(i|l|1||).?(e|3)
Subject contains variants of \"orgy\"" ^((?i)Subject):\s(?i).*(o|0).?r.?g.?y
Subject contains variants of \"panties\"" ^((?i)Subject):\s(?i).*p.?(\@|a).?n.?t.?(i|l|1||).?(e|3).?(s|\$)
Subject contains variants of \"pervert\"" ^((?i)Subject):\s(?i).*p.?(e|3).?r.?v.?(e|3).?r.?t
Subject contains variants of \"pussies\"" ^((?i)Subject):\s(?i).*p.?u.?(s|\$).?(s|\$).?(i|l|1||).?(e|3).?(s|\$)
Subject contains variants of \"twat\"" ^((?i)Subject):\s(?i).*t.?w.?(\@|a).?t
Subject contains variants of \"vibrator\"" ^((?i)Subject):\s(?i).*v.?(i|l|1||).?b.?r.?(\@|a).?t.?(o|0).?r
Subject deals with adult" ^((?i)Subject):\s(?i).*adult (?:movie|passwords|site|free)
Subject deals with cuss words" ^((?i)Subject):\s(?i).*(?:[inappropriate word]|god[inappropriate word]|bitch)
Subject deals with teen" ^((?i)Subject):\s(?i).*teen (?:movie|password|site|video)
5 or more consecutive consonants in subject:" ^((?i)Subject):\s(?i).*(b|c|d|f|g|h|j|k|l|m|n|p|q|r|s|t|v|w|x|z){5}
6 or more numbers in sender address" ^((?i)From):\s.*([\d]){6}
All numeric Domain" ^((?i)From):\s.*@([\d]){1,12}.
Blank subject" ^(?:(?i)Subject):\s{0,2}$
Contains \"Expert" ^((?i)Subject):\s(?i).*\s+(expert)
Contains empty subject" ^(?:(?i)Subject):\s<>
Contains Pharmacy mispelling" ^((?i)Subject):\s(?i).*\s+(phamacy|phmacy)
Exclusion to 3 or more consecutive occurences of a vowel # 2" ^((?i)Subject):\s(?i).*(eye)
Exclusion to home variant" ^((?i)Subject):\s(?i).*homeless
Exclusion to porn" ^((?i)Subject):\s(?i).*exploring
Exclusions to 3 or more consecutive vowel rule" ^((?i)Subject):\s(?i).*(ieee|\sAAA\s|iou|eau|you|ayo|oyee|year|aye|loyola|loyal)
From Bogus Catholic Charities" ^((?i)From):\s.(info|register|admin|tech|webmaster|service|support).(catholiccharities-md.org|cc-md.org)
From Catholic Charities internet e-mail address possibly bogus" ^((?i)From):\s.*(@catholiccharities-md.;org|cc-md.org)
From KNOWN SPAMMER" ^((?i)From):\s.*(@email.com)
From Peg@pandora.be" ^((?i)From):\s.(peg).(pandora).(be)
From undesirable NOREPLY" ^((?i)From):\s.*(noreply)
From undesirable PRODUCTTESTERSNEEDED.INFO" ^((?i)From):\s.*(producttestersneeded.info)
From undesirable SMILEYS" ^((?i)From):\s.*(smileys)
From undesirable SONYPLAYSTATION" ^((?i)From):\s.*(sonyplaystation)
From undesirable SYSTEMSOAP" ^((?i)From):\s.*(systemsoap)
From undesirable top level domain" ^((?i)From):\s.*.(?i)(?:ar|at|au|be|biz|bg|br|ca)(>|)|\s)$
From undesirable top level domain" ^((?i)From):\s.*.(?i)(?:cc|ch|cl|cn|cz|de|dk|es)(>|)|\s)$
From undesirable top level domain" ^((?i)From):\s.*.(?i)(?:fi|fr|gr|hk|hu|ie|il|is|it)(>|)|\s)$
From undesirable top level domain" ^((?i)From):\s.*.(?i)(?:jp|kr|lv|mx|nl|no|nz|ph|pk|pt|ru)(>|)|\s)$
From undesirable top level domain" ^((?i)From):\s.*.(?i)(?:se|sg|si|sk|su|th|tm|tr|tw|uk|ve|vn|ws|yu|za)(>|)|\s)$
From unused Catholic Charities e-mail domain" ^((?i)From):\s.*(catholiccharities-md.com|cc-md.com|catholiccharities-md.info|cc-md.info|catholiccharities-md.net|cc-md.net|returnofthedragons.com|returnofthedragons.org)
Has X-SPAM-Flag = yes" ^((?i)X-Spam-Flag):\s(?i)(yes)
Has X-Spam-Status = yes" ^((?i)X-Spam-Status):\s(?i)(yes)
Possible Spoofed From internet in display name" ^((?i)From):\s.(?:@).(?:<).*(?:@)
PROBABLE PHISHING" ^((?i)Subject):\s(?i).(ebay|paypal|citibank|suntrust).(account)
Received from Admin" ^((?i)Received):\s.*.(admin)
Received from dial-up, dsl, or cable" ^((?i)Received):\s.*.(dial-up|dsl|adsl)
Received from FastQuickSpeed.com" ^((?i)From):\s.*@fastquickspeed.;com
Received from localhost" ^((?i)Received):\s.*.(localhost)
Received from undesirable German domain" ^((?i)Received):\s.*.(?i)(t-dialin)(?:com|net)(\s|\t)
Received from undesirable top level domain" ^((?i)Received):\s.*.(?i)(?:ar|at|au|be|biz|bg|br|ca)(\s|\t)
Received from undesirable top level domain" ^((?i)Received):\s.*.(?i)(?:cc|ch|cl|cn|cz|de|dk|es)(\s|\t)

Bruce_Briggs · May 2020

More:

Received from undesirable top level domain" ^((?i)Received):\s.*.(?i)(?:fi|fr|gr|hk|hu|ie|il|is|it)(\s|\t)
Received from undesirable top level domain" ^((?i)Received):\s.*.(?i)(?:jp|kr|lv|mx|nl|no|nz|ph|pk|pt|ru)(\s|\t)
Received from undesirable top level domain" ^((?i)Received):\s.*.(?i)(?:se|sg|si|sk|su|th|tm|tr|tw|ve|vn|ws|yu|za)(\s|\t)
Reference from undesirable top level domain" ^((?i)References):\s.*.(?i)(?:ar|at|au|be|biz|bg|br|ca)(>|)|\s)$
Reference from undesirable top level domain" ^((?i)References):\s.*.(?i)(?:cc|ch|cl|cn|cz|de|dk|es)(>|)|\s)$
Reference from undesirable top level domain" ^((?i)References):\s.*.(?i)(?:fi|fr|gr|hk|hu|ie|il|is|it)(>|)|\s)$
Reference from undesirable top level domain" ^((?i)References):\s.*.(?i)(?:jp|kr|lv|mx|nl|no|nz|ph|pk|pt|ru)(>|)|\s)$
Reference from undesirable top level domain" ^((?i)References):\s.*.(?i)(?:se|sg|si|sk|su|th|tm|tr|tw|uk|ve|vn|ws|yu|za)(>|)|\s)$
Reply to at undesirable top level domain" ^((?i)reply\s+to):\s.*.(?i)(?:ar|at|au|be|biz|bg|br|ca)(\s|\t)
Reply to at undesirable top level domain" ^((?i)reply\s+to):\s.*.(?i)(?:cc|ch|cl|cn|cz|de|dk|es)(\s|\t)
Reply to at undesirable top level domain" ^((?i)reply\s+to):\s.*.(?i)(?:fi|fr|gr|hk|hu|ie|il|is|it)(\s|\t)
Reply to at undesirable top level domain" ^((?i)reply\s+to):\s.*.(?i)(?:jp|kr|lv|mx|nl|no|nz|ph|pk|pt|ru)(\s|\t)
Reply to at undesirable top level domain" ^((?i)reply\s+to):\s.*.(?i)(?:se|sg|si|sk|su|th|tm|tr|tw|ve|vn|ws|yu|za)(\s|\t)
Reply to Catholic Charities domain" ^((?i)Reply-to):\s.*@catholiccharities-md.;org
Reply to unused Catholic Charities e-mail domain" ^((?i)Reply-to):\s.*(catholiccharities-md.com|cc-md.com|catholiccharities-md.info|cc-md.info|catholiccharities-md.net|cc-md.net|returnofthedragons.com|returnofthedragons.org)
SPOOFED FROM - 2 or more senders" ^((?i)From):\s.(?:@).(?:,).*(?:@)
Starts with HOT" ^((?i)Subject):\s(?i)(hot|h0t)
Starts with Improve" ^((?i)Subject):\s(?i)(improve|impr0ve)
Subject - Exceptions to ANAL" ^((?i)Subject):\s(?i).*(analy|canal)
Subject begins with Don't " ^((?i)Subject):\s(?i)(don't)+(\s|:)
Subject begins with GET " ^((?i)Subject):\s(?i)get\s
Subject begins with How Much " ^((?i)Subject):\s(?i)(how)+\s+(much)+(\s|:)
Subject begins with Just " ^((?i)Subject):\s(?i)(just)+(\s|:)
Subject begins with REJECTED " ^((?i)Subject):\s(?i)rejected+(\s|:)
Subject begins with Stop " ^((?i)Subject):\s(?i)(stop)+(\s|:)
Subject contain number and .JPG" ^((?i)Subject):\s(?i).[\d]{1,2}.(?:jpg)
Subject contains !!!!!" ^((?i)Subject):\s(?i).*(!!!!!)
Subject contains \"MEETING or Appointment...dd-mm" ^((?i)Subject):\s(?i).(meeting|appointment).[\d]{2}(-)[\d]{2}
Subject Contains 0FFICIAL with a zero" ^((?i)Subject):\s(?i).*0fficial
Subject contains 3 or more consecutive vowels" ^((?i)Subject):\s(?i).*(a|e|i|o|u|y){3}
Subject contains 3D" ^((?i)Subject):\s(?i).*(3D)\s
Subject contains 4 U" ^((?i)Subject):\s(?i).*\s+4\s+u
Subject contains 4 U" ^((?i)Subject):\s(?i).*\s+4u
Subject contains ==" ^((?i)Subject):\s(?i).*==
Subject contains absolutely variant" ^((?i)Subject):\s(?i).*(\@|a).{0,2}b.{0,2}(s|\$|5).{0,2}(o|0|\@).{0,2}(l|i|!|1).{0,2}u.{0,2}(t|+).{0,2}(e|3| | | | ).{0,2}y
Subject contains Account Access" ^((?i)Subject):\s(?i).*(account)\s+access
Subject contains ACCOUNT FLAGGED" ^((?i)Subject):\s(?i).*account\s+flagged
Subject contains ACCOUNT UPDATE" ^((?i)Subject):\s(?i).*account\s+update
Subject contains ACTION" ^((?i)Subject):\s(?i).*action
Subject contains ADULT variant" ^((?i)Subject):\s(?i).*(\@|a).{0,2}d.{0,2}u.{0,2}(l|i|!|1).{0,2}(t|+)
Subject contains ADVERTIS" ^((?i)Subject):\s(?i).*advertis
Subject contains AMAZING variant" ^((?i)Subject):\s(?i).*(\@|a).{0,2}m.{0,2}(\@|a).{0,2}(s|z|5).{0,2}(i| |l|1|||i).{0,2}(\@|n).{0,2}g
Subject contains ANAL variant" ^((?i)Subject):\s(?i).*\s(anal|an\@l|\@nal|\@n\@l|ana1)
Subject contains ANTI-AGING" ^((?i)Subject):\s(?i).anti.(?:aging)
Subject contains ANTIDOTE" ^((?i)Subject):\s(?i).*antidote
Subject contains arousal variant" ^((?i)Subject):\s(?i).*(\@|a).{0,2}r.{0,2}(o|0|\@).{0,2}u.{0,2}(s|\$|5).{0,2}(\@|a).{0,2}(l|i|!|1)
Subject contains ass variant" ^((?i)Subject):\s(?i).*(\s\t).(\@|a).{0,1}(s|\$|5).{0,1}(s|\$|5)
Subject contains AUTO DIALER" ^((?i)Subject):\s(?i).*auto\s+dialer
Subject contains bad date" ^((?i)Subject):\s(?i).*(1|2|3|\S)(1nd|1rd|1th|2rd|2st|2th|3nd|3st|3th)
Subject contains bad date" ^((?i)Subject):\s(?i).*(1|2|3|\S)(4|5|6|7|8|9|0)(nd|rd|st)
Subject contains BANNED" ^((?i)Subject):\s(?i).*(banned)

Bruce_Briggs · May 2020

More:

Subject contains BEAUTY variant" ^((?i)Subject):\s(?i).*b.{0,2}(e|3| | | | ).{0,2}(\@|a).{0,2}u.{0,2}(t|+)
Subject contains Better Than" ^((?i)Subject):\s(?i).*(better)\s+than\s
Subject contains bigger, larger, harder, deeper" ^((?i)Subject):\s(?i).*(bigger|deeper|harder|larger)
Subject contains bikini" ^((?i)Subject):\s(?i).*bikini
Subject contains BLING" ^((?i)Subject):\s(?i).*\s+bling\s
Subject contains BLOW JOB" ^((?i)Subject):\s(?i).blow.(?:job)
Subject contains bonus variant" ^((?i)Subject):\s(?i).*b.{0,2}(o|0|\@).{0,2}(\@|n).{0,2}u.{0,2}(s|z|5)
Subject contains BOUT TIME U EMAILED ME BACK" ^((?i)Subject):\s(?i).bout.(?:time).(?:u).(?:emailed).(?:me).(?:back)
Subject contains BOY" ^((?i)Subject):\s(?i).*(boy|b0y)
Subject contains Bra" ^((?i)Subject):\s(?i).*(bra)(\s|\t|\$)
Subject contains BRAND" ^((?i)Subject):\s(?i).*(brand)
Subject contains BRAND NAME" ^((?i)Subject):\s(?i).*brand\s+name
Subject contains BREITLING" ^((?i)Subject):\s(?i).*breitling
Subject contains bucks" ^((?i)Subject):\s(?i).*bucks
Subject contains BUST" ^((?i)Subject):\s(?i).*bust
Subject contains CAMERA SITE" ^((?i)Subject):\s(?i).*(cam|camera)\s+site
Subject contains Canadian or Mexican" ^((?i)Subject):\s(?i).*(canadian|mexican)
Subject contains Canadian or Mexican misspelling" ^((?i)Subject):\s(?i).*\s+(cnadian|candian|nexican)
Subject contains CARTIER" ^((?i)Subject):\s(?i).*cartier
Subject contains CASH variant" ^((?i)Subject):\s(?i).*c.{0,1}(\@|a).{0,1}(s|z|5).{0,1}h
Subject contains CASINO" ^((?i)Subject):\s(?i).*c.{0,2}(\@|a).{0,2}(s|z|5).{0,2}(i| |l|1|||i).{0,2}(\@|n).{0,2}(o|0|\@)
Subject contains CHAT WITH" ^((?i)Subject):\s(?i).*(chat)\s+with
Subject contains cheap" ^((?i)Subject):\s(?i).*(buy)
Subject contains cheap variant" ^((?i)Subject):\s(?i).*c.{0,2}h.{0,2}(e|3| | | | ).{0,2}(\@|a).{0,2}p
Subject contains cialis variant" ^((?i)Subject):\s(?i).*(c|g).{0,2}(i| |l|1|||i|t).{0,2}(@|a| | | ).{0,2}(l|i|!|1).{0,2}(i| |l|1|||i|t).{0,2}(s|\$|5)
Subject contains CLEARANCE" ^((?i)Subject):\s(?i).*clearance
Subject contains CLICK AWAY" ^((?i)Subject):\s(?i).*(click)\s+away\s
Subject contains coach or prada handbags" ^((?i)Subject):\s(?i).(popular|coach|prada|vuitton|laurent|d&b).(handbag|purse)
Subject contains COUNT" ^((?i)Subject):\s(?i).(\s)(count)
Subject contains credit CARD" ^((?i)Subject):\s(?i).*(visa|master|american\express|discover|credit).card
Subject contains CREDIT Misspelling" ^((?i)Subject):\s(?i).*\s+(credt|crdit|ctredt|crnedit)
Subject contains CREDIT Variant" ^((?i)Subject):\s(?i).*(\@|c).{0,2}r.{0,2}(e|3| | | | ).{0,2}(d|\@).{0,2}(i| |l|1|||i).{0,2}(t|+)
Subject contains DATING" ^((?i)Subject):\s(?i).*(dating)(\s|\t|\$)
Subject contains DAVROCET" ^((?i)Subject):\s(?i).*davrocet
Subject contains DEAL" ^((?i)Subject):\s(?i).*deal
Subject Contains DELIVERY STATUS NOTIFICATION (FAILURE) - possible virus" ^((?i)Subject):\s(?i).*D.?(e|3| | | | ).?l.?(i| |l|1||).?v.?(e|3| | | | ).?r.?y.?\s.?S.?t.?(\@|a).?t.?u.?(s|\$|5).?\s.?N.?(o|0).?t.?(i| |l|1||).?f.?(i| |l|1||).?c.?(\@|a).?t.?(i| |l|1||).?(o|0).?n.?\s.?(.?F.?(\@|a).?(i| |l|1||).?l.?u.?r.?(e|3| | | | ).?)
Subject contains dick variant" ^((?i)Subject):\s(?i).*(d|\@).{0,2}(i| |l|1|||i).{0,2}(\@|c).{0,2}k
Subject contains DIET" ^((?i)Subject):\s(?i).*\s(diet|d1et|d13t|d13+|di3t|di3+|die+|d1e+)
Subject contains DISCREET variant" ^((?i)Subject):\s(?i).*(d|\@).{0,2}(i| |l|1|||i).{0,2}(s|z|5).{0,2}(\@|c).{0,2}r.{0,2}(e|3| | | | ).{0,2}(e|3| | | | ).{0,2}(t|+)
Subject contains DISKOUNT" ^((?i)Subject):\s(?i).*diskount
Subject contains DOWNLOAD" ^((?i)Subject):\s(?i).*download
Subject contains DREAM DATE" ^((?i)Subject):\s(?i).*dream\s+date
Subject contains Drop Pounds" ^((?i)Subject):\s(?i).(lose|drop).(?:weight|pounds)
Subject contains DRUG variant" ^((?i)Subject):\s(?i).*(d|\@).{0,2}r.{0,2}u.{0,2}g
Subject contains DUMMY" ^((?i)Subject):\s(?i).*\s+dummy
Subject contains DVDs" ^((?i)Subject):\s(?i).*dvds
Subject contains e-bay tips" ^((?i)Subject):\s(?i).*(e-bay|ebay)\s+tips
Subject contains Eclipse" ^((?i)Subject):\s(?i).*\s+eclipse
Subject contains EGOTIST" ^((?i)Subject):\s(?i).*egotist
Subject contains EJACULATE variant" ^((?i)Subject):\s(?i).*(e|3| | | | ).{0,2}j.{0,2}(\@|a).{0,2}(\@|c).{0,2}u.{0,2}(l|i|!|1).{0,2}(\@|a).{0,2}(t|+)
Subject contains ENHANCE" ^((?i)Subject):\s(?i).*enhance
Subject contains ENJOY A" ^((?i)Subject):\s(?i).*(enjoy)\s+a\s
Subject contains enlarge variant" ^((?i)Subject):\s(?i).*(e|3| | | | ).{0,2}(\@|n).{0,2}(l|i|!|1).{0,2}(\@|a).{0,2}r.{0,2}g.{0,2}(e|3| | | | )
Subject contains ENTERTAINMENT BOOK" ^((?i)Subject):\s(?i).*entertainment\s+book
Subject contains equity" ^((?i)Subject):\s(?i).*(equity)
Subject contains Erectile" ^((?i)Subject):\s(?i).*erectile
Subject contains ERECTION" ^((?i)Subject):\s(?i).*erection
Subject contains EXCITEMENT" ^((?i)Subject):\s(?i).*(excitement)
Subject contains Exclusive" ^((?i)Subject):\s(?i).*exclusive
Subject contains EXTRA TIME" ^((?i)Subject):\s(?i).*(extra)\s+time\s
Subject contains F--K variant" ^((?i)Subject):\s(?i).*f.{0,2}k
Subject contains FASHION" ^((?i)Subject):\s(?i).*(fashion)
Subject contains FAVORITE ARTISTS" ^((?i)Subject):\s(?i).*(favorite)\s+artists\s
Subject contains First" ^((?i)Subject):\s(?i).*first
Subject contains FIST" ^((?i)Subject):\s(?i).*f.{0,1}(i| |l|1|||i).{0,1}(s|z|5).{0,1}(t|+)
Subject contains foreclosure variant" ^((?i)Subject):\s(?i).*f.{0,2}(o|0|\@).{0,2}r.{0,2}(e|3| | | | ).{0,2}(\@|c).{0,2}(l|i|!|1).{0,2}(o|0|\@).{0,2}(s|\$|5).{0,2}u.{0,2}r.{0,2}(e|3| | | | )
Subject contains FOURSOME" ^((?i)Subject):\s(?i).*foursome
Subject contains Frederick" ^((?i)Subject):\s(?i).*frederick
Subject contains FREDERICKS OF HOLLYWOOD" ^((?i)Subject):\s(?i).fredericks.(?:of).*(?:hollywood)
Subject contains FREE Variant" ^((?i)Subject):\s(?i).*f.{0,1}r.{0,1}(e|3| | | | ).{0,1}(e|3| | | | )
Subject contains FUNDING" ^((?i)Subject):\s(?i).*\s+funding
Subject contains G-Spot" ^((?i)Subject):\s(?i).*(gspot)
Subject contains G-Spot" ^((?i)Subject):\s(?i).*g.spot
Subject contains generic variant" ^((?i)Subject):\s(?i).*g.{0,2}(e|3| | | | ).{0,2}(\@|n).{0,2}(e|3| | | | ).{0,2}r.{0,2}(i| |l|1|||i).{0,2}(\@|c)
Subject contains GET ALL YOUR" ^((?i)Subject):\s(?i).*(get)\s+(all)\s+your\s
Subject contains Gevalia" ^((?i)Subject):\s(?i).*gevalia
Subject contains GIRL variant" ^((?i)Subject):\s(?i).*g.{0,}(i| |l|1|||i).{0,1}r.{0,1}(l|i|!|1)
Subject contains GOT LAID" ^((?i)Subject):\s(?i).*(got|g0t)\s+laid
Subject contains Grow" ^((?i)Subject):\s(?i).*grow
Subject contains HAIR LOSS" ^((?i)Subject):\s(?i).hair.(?:loss)
Subject contains HALF Variant" ^((?i)Subject):\s(?i).*h.{0,1}(\@|a).{0,1}(l|i|!|1).{0,1}f
Subject contains handjob" ^((?i)Subject):\s(?i).*(handjob|handj0b)
Subject contains hardcore variant" ^((?i)Subject):\s(?i).*h.{0,2}(\@|a).{0,2}r.{0,2}(d|\@).{0,2}(\@|c).{0,2}(o|0|\@).{0,2}r.{0,2}(e|3| | | | )
Subject contains HEMACS EJOBS" ^((?i)Subject):\s(?i).*hemacs\s+(ejobs|e-jobs)
Subject contains HERB: " ^((?i)Subject):\s(?i).*(herb)
Subject contains HERE ARE THE RESULT" ^((?i)Subject):\s(?i).*(here)\s+are\s+the\s+result
Subject contains HERE YOUR CHANCE" ^((?i)Subject):\s(?i).(here).your\s+chance
Subject contains HGH" ^((?i)Subject):\s(?i).*(hgh|h g h)
Subject contains HI HUNNIE" ^((?i)Subject):\s(?i).hi.(?:hunnie)
Subject contains home variant" ^((?i)Subject):\s(?i).*h.{0,2}(o|0|\@).{0,2}m.{0,2}(e|3| | | | )
Subject contains HORNY" ^((?i)Subject):\s(?i).*(horny)
Subject contains horoscope" ^((?i)Subject):\s(?i).*horoscope
Subject contains HOSE" ^((?i)Subject):\s(?i).*(hose|h0se|hos3|h0s3)

Bruce_Briggs · May 2020

More:

Subject contains HUMAN GROWTH HORMONE" ^((?i)Subject):\s(?i).*HUMAN.{0,2}GR.(o|0|\@).TH.{0,2}H.(o|0|\@).rm.(o|0|\@).n.(\@|a|e|3| | | | )
Subject contains IMPRESS YOUR" ^((?i)Subject):\s(?i).*(impress)\s+your\s
Subject contains IN BED" ^((?i)Subject):\s(?i).*(in)\s+bed\s
Subject contains INCEST" ^((?i)Subject):\s(?i).*incest
Subject contains inches variant" ^((?i)Subject):\s(?i).*(i| |l|1|||i).{0,2}(\@|n).{0,2}(\@|c).{0,2}h.{0,2}(e|3| | | | ).{0,2}(s|z|5)
Subject contains INCOME variant" ^((?i)Subject):\s(?i).*(i| |l|1|||i).{0,2}(\@|n).{0,2}c.{0,2}(o|0|\@).{0,2}m.{0,2}(e|3| | | | )
Subject contains Increase and Length, girth, or size" ^((?i)Subject):\s(?i).(increase|improve).(length|girth|size|stamina)
Subject contains instant variant" ^((?i)Subject):\s(?i).*(i| |l|1|||i).{0,2}(\@|n).{0,2}(s|\$|5).{0,2}(t|+).{0,2}(\@|a).{0,2}(\@|n).{0,2}(t|+)
Subject contains Invest and Alert/Idea" ^((?i)Subject):\s(?i).(invest).(alert|idea)
Subject contains INVOCE, not invoice" ^((?i)Subject):\s(?i).*invoce
Subject contains IPOD or MP3" ^((?i)Subject):\s(?i).*(ipod|mp3)
Subject contains It's CHEATING BUT IT WORKS" ^((?i)Subject):\s(?i).it.(?:cheating).(?:but).(?:works)
Subject contains Johnson" ^((?i)Subject):\s(?i).*j(0|o|@)hn(s|5|z)(0|o|@)n
Subject contains KEEP YOU GOING" ^((?i)Subject):\s(?i).*keep\s+you\s+going
Subject contains LABIA" ^((?i)Subject):\s(?i).*labia
Subject contains LAD(Y)(IES)" ^((?i)Subject):\s(?i).*lad.(y|ies)
Subject contains LAST LONGER" ^((?i)Subject):\s(?i).*(last)\s+longer\s
Subject contains LEAD" ^((?i)Subject):\s(?i).*lead
Subject contains LEADWHALE.COM" ^((?i)Subject):\s(?i).leadwhale.(?:com)
Subject contains Levitra variant" ^((?i)Subject):\s(?i).*(l|1||).{0,2}(e|3).{0,2}v.{0,2}(i| |l|1|||i).{0,2}(t|+).{0,2}r.{0,2}(a|\@| | | )
Subject contains LOLPORTAL" ^((?i)Subject):\s(?i).*lolportal
Subject contains LONELY" ^((?i)Subject):\s(?i).*(lonely)
Subject contains look younger" ^((?i)Subject):\s(?i).(look|feel)\s.younger
Subject contains LOTTERY" ^((?i)Subject):\s(?i).*lottery
Subject contains LOVE variant" ^((?i)Subject):\s(?i).*(l|i|!|1).{0,1}(o|0|\@).{0,1}(v|\|\/).{0,1}(e|3| | | | )
Subject contains lowest variant" ^((?i)Subject):\s(?i).*(l|i|!|1).{0,2}(o|0|\@).{0,2}w.{0,2}(e|3| | | | ).{0,2}(s|z|5).{0,2}(t|+)
Subject contains MALE" ^((?i)Subject):\s(?i).*male
Subject contains MASTERBAT(e)(ing)" ^((?i)Subject):\s(?i).*m.{0,2}(\@|a).{0,2}(s|z|5).{0,2}(t|+).{0,2}(e|u|\@).{0,2}(r).b.{0,2}(\@|a).{0,2}(t|+)
Subject contains MATCH" ^((?i)Subject):\s(?i).*match
Subject contains MEDICAT(ion|e)" ^((?i)Subject):\s(?i).*medicat
Subject contains MEDICINE variant" ^((?i)Subject):\s(?i).*m.{0,2}(e|3| | | | ).{0,2}(d|\@).{0,2}(i| |l|1|||i).{0,2}c.{0,2}(i| |l|1|||i).{0,2}(\@|n).{0,2}(e|3| | | | )
Subject contains MEDS variant" ^((?i)Subject):\s(?i).*m.{0,2}(e|3| | | | ).{0,2}(d|\@).{0,2}(s|z|5)
Subject contains MEET SOMEONE" ^((?i)Subject):\s(?i).*(meet)\s+someone\s
Subject contains MEN and MARS and WOMEN and VENUS" ^((?i)Subject):\s(?i).men.(?:mars).(?:women).(?:venus)
Subject contains MESSAGE" ^((?i)Subject):\s(?i).*message
Subject contains MICROCAP" ^((?i)Subject):\s(?i).*\s+MICROCAP
Subject contains million variant" ^((?i)Subject):\s(?i).*m.{0,2}(i| |l|1|||i).{0,2}(l|i|!|1).{0,2}(l|i|!|1).{0,2}(i| |l|1|||i).{0,2}(o|0|\@).{0,2}(\@|n)
Subject contains mortgage variant" ^((?i)Subject):\s(?i).*m.{0,2}(o|0|\@).{0,2}r.{0,2}(t|+).{0,2}g.{0,2}(\@|a).{0,2}g.{0,2}(e|3| | | | )
Subject contains MUSCLE BOOST" ^((?i)Subject):\s(?i).*(muscle)\s+boost\s
Subject contains Muscle Relax" ^((?i)Subject):\s(?i).\bmuscle .(?:relax)
Subject contains MUSIC" ^((?i)Subject):\s(?i).*(music)\s
Subject contains NEW BREED" ^((?i)Subject):\s(?i).*(new)\s+breed
Subject contains NEWSLETTER #" ^((?i)Subject):\s(?i).*newsletter(\s|\t)#
Subject contains Nicole Richie" ^((?i)Subject):\s(?i).*(nicole)\s+richie
Subject contains Nude" ^((?i)Subject):\s(?i).*\s+(nude)
Subject contains OAKLEY" ^((?i)Subject):\s(?i).*oakley
Subject contains OEM" ^((?i)Subject):\s(?i).*(oem|o e m)
Subject contains OFFER variant" ^((?i)Subject):\s(?i).*(o|0|\@).{0,2}f.{0,2}f.{0,2}(e|3| | | | ).{0,2}r
Subject contains OIL, GAS, FUEL, DIESEL" ^((?i)Subject):\s(?i).*\s(oil|gas|gasoline|fuel|diesel)\s
Subject contains OIL, GAS, FUEL, DIESEL" ^((?i)Subject):\s(?i).*\s+(oil|gas|gasoline|fuel|diesel)+\s
Subject contains ONLINE DEGREE AVAILABLE - 1" ^((?i)Subject):\s(?i)online.degree.available
Subject contains ONLINE DEGREE AVAILABLE - 2" ^((?i)Subject):\s(?i)degree.online.available
Subject contains ONLINE DEGREE AVAILABLE - 3" ^((?i)Subject):\s(?i)available.degree.online

Bruce_Briggs · May 2020

More:

Subject contains ONLINE DEGREE AVAILABLE - 4" ^((?i)Subject):\s(?i)available.online.degree
Subject Contains only RE: or FW:" ^((?i)Subject):\s(?i)(Re:|Fw:)$
Subject contains orgasm variant" ^((?i)Subject):\s(?i).*(o|0).{0,2}r.{0,2}g.{0,2}(\@|a).{0,2}(s|z|5).{0,2}m
Subject contains OSAMA STRIKES AGAIN" ^((?i)Subject):\s(?i).osama.(?:strikes).*(?:again)
Subject contains OTC" ^((?i)Subject):\s(?i).*(otc)
Subject contains P2P material" ^((?i)Subject):\s(?i).*(bittorent|edonkey|emule|napster|kazaa|gnutella)
Subject contains Paris Hilton" ^((?i)Subject):\s(?i).*(paris)\s+hilton
Subject contains PARTNER" ^((?i)Subject):\s(?i).*partner
Subject contains PASSPHRASE" ^((?i)Subject):\s(?i).*passphrase
Subject contains penis variant" ^((?i)Subject):\s(?i).*p.?(e|3| | | | |e|e|e|e|e).?(n||\|).?(i| |l|1|||i).?(s|\$|5)
Subject contains Perfect Logo" ^((?i)Subject):\s(?i).*(affordable|perfect)\s+(logo|l0go|log0|l0g0)
Subject contains PHALLUS" ^((?i)Subject):\s(?i).*phallus
Subject contains phentermine" ^((?i)Subject):\s(?i).*phentermine
Subject contains PHOTO COPS" ^((?i)Subject):\s(?i).*photo\s+cops
Subject contains PILL" ^((?i)Subject):\s(?i).*pill
Subject contains PILLS" ^((?i)Subject):\s(?i).*pills
Subject contains PLASMA or LCD TV" ^((?i)Subject):\s(?i).*(plasma|lcd)\s+tv\s
Subject contains PLAY variant" ^((?i)Subject):\s(?i).*p.{0,2}(l|i|!|1).{0,2}(\@|a).{0,2}y
Subject contains PLEASURE" ^((?i)Subject):\s(?i).*pleasure
Subject contains POEM" ^((?i)Subject):\s(?i).*poem
Subject contains POISED TO RUN" ^((?i)Subject):\s(?i).*(poised)\s+to\s+run
Subject contains porn variant" ^((?i)Subject):\s(?i).*p.{0,2}(o|0|\@).{0,2}r.{0,1}(\@|n)
Subject contains POSTCARD" ^((?i)Subject):\s(?i).*postcard
Subject contains POTEN(t..)(c..) variant" ^((?i)Subject):\s(?i).*p.{0,1}(o|0|\@).{0,1}(t|+).{0,1}(e|3| | | | ).{0,1}(\@|n)
Subject contains PPV" ^((?i)Subject):\s(?i).*\s+ppv
Subject contains PRESCRI(BE)(PTION) variant" ^((?i)Subject):\s(?i).*p.{0,2}r.{0,2}(e|3| | | | ).{0,2}(s|z|5).{0,2}(\@|c).{0,2}r.{0,2}(i| |l|1|||i)
Subject contains price variant" ^((?i)Subject):\s(?i).*p.{0,2}r.{0,2}(i| |l|1|||i).{0,2}(\@|c).{0,2}(e|3| | | | )
Subject contains profit" ^((?i)Subject):\s(?i).*(profit)
Subject contains PROLONG" ^((?i)Subject):\s(?i).*(prolong)
Subject contains Proposed Charter" ^((?i)Subject):\s(?i).*(proposed)\s+charter
Subject contains PROZAC" ^((?i)Subject):\s(?i).*p.{0,2}r.{0,2}(o|0|\@).{0,2}(s|5|z).{0,2}(\@|a).c
Subject contains QUICK POLICY APPROVAL" ^((?i)Subject):\s(?i).it.(?:q).(?:ck).(?:policy).*(?:approval)
Subject contains RE: [" ^((?i)Subject):\s(?i).(re:|fw:|re|fw).[
Subject contains RE: ACCOUNT #" ^((?i)Subject):\s(?i).*(re:)\s+ACCOUNT\s+#\s+([\d]){1,12}
Subject contains RE: FYI" ^((?i)Subject):\s(?i).*(re:)\s+fyi\s
Subject contains RE: RX (RX in caps)" ^((?i)Subject):\s(Re|re|RE|rE).RX700
Subject contains RE:RE: " ^((?i)Subject):\s(?i)(RE:).*(RE:)
Subject contains RE:UNDELIVERABLE: " ^((?i)Subject):\s(?i).(RE:).(undeliverable)
Subject contains RED HOT" ^((?i)Subject):\s(?i).*(red)\s+hot
Subject contains Refi" ^((?i)Subject):\s(?i).*refi
Subject contains REGISTER TO WIN" ^((?i)Subject):\s(?i).*(chance|register)\s+to\s+win\s
Subject contains REPLICA variant" ^((?i)Subject):\s(?i).*r.{0,2}(e|3| | | | ).{0,2}p.{0,2}(l|i|!|1).{0,2}(i| |l|1|||i).{0,2}c.{0,2}(\@|a)
Subject contains RERE: " ^((?i)Subject):\s(?i)(RERE:)
Subject contains Ringtone" ^((?i)Subject):\s(?i).*ringtone
Subject contains ROCK and HARD" ^((?i)Subject):\s(?i).(rock|hard).(hard|rock)
Subject contains ROLEX" ^((?i)Subject):\s(?i).*r(o|0|@)(l|1)(e|@)x
Subject contains SALE" ^((?i)Subject):\s(?i).*sale
Subject contains SATELLITE TV or RADIO" ^((?i)Subject):\s(?i).*satellite\s+(tv|television|radio)
Subject contains SAV(e)(ing) variant" ^((?i)Subject):\s(?i).*(s|z|5).{0,2}(\@|a).{0,2}v
Subject contains SAVE A BUNDLE, SAVE HUNDREDS ON, SAVE A TON, SAVE YOUR COMPANY" ^((?i)Subject):\s(?i).save.(?:a|hundreds|big|your).*(?:bundle|ton|on|company)
Subject Contains Save up to" ^((?i)Subject):\s(?i).*(, save up to)
Subject contains Screen Saver" ^((?i)Subject):\s(?i).(screen).(saver)
Subject contains Semen or Sperm" ^((?i)Subject):\s(?i).*\s+(Semen|sperm)
Subject contains SERADERM" ^((?i)Subject):\s(?i).*seraderm
Subject contains SEX OFFENDER REG" ^((?i)Subject):\s(?i).*sex\s+offender\s+reg
Subject contains SEX variant" ^((?i)Subject):\s(?i).*(s|z|5).{0,2}(e|3| | | | ).{0,2}x
Subject contains SHOCKING variant" ^((?i)Subject):\s(?i).*(s|z|5).{0,2}h.{0,2}(o|0|\@).{0,2}(\@|c).{0,2}k.{0,2}(i| |l|1|||i).{0,2}(\@|n).{0,2}g

Bruce_Briggs · May 2020

More:

Subject contains Showing what ... got" ^((?i)Subject):\s(?i).it.(?:showing).(?:what).(?:got)
Subject contains SINGLES" ^((?i)Subject):\s(?i).*single
Subject contains SIP...SLIM" ^((?i)Subject):\s(?i).(sip).slim
Subject contains SIZE MATTER" ^((?i)Subject):\s(?i).(size.matter|matter.*size)
Subject contains SOFTWARE variant" ^((?i)Subject):\s(?i).*(s|z|5).{0,2}(o|0|\@).{0,2}f.{0,2}(t|+).{0,2}w.{0,2}(\@|a).{0,2}r.{0,2}(e|3| | | | )
Subject contains SPECIALIST - false positive on CIALIS" ^((?i)Subject):\s(?i).*specialist
Subject contains Spread their ..." ^((?i)Subject):\s(?i).(spread)\s+their.(legs|cheeks|ass|hole|puss|vagina|cunt)
Subject contains SQUIRTS" ^((?i)Subject):\s(?i).*\s+squirts
Subject contains STOCK Variant" ^((?i)Subject):\s(?i).*stock
Subject contains STOX" ^((?i)Subject):\s(?i).*(st0ck|st\@ck|stox|st0x|st\@x)
Subject contains STUDY or STUDENTS" ^((?i)Subject):\s(?i).*(study|student)
Subject contains SUNGLASS" ^((?i)Subject):\s(?i).*(sunglass)
Subject contains SUPER" ^((?i)Subject):\s(?i).*super
Subject contains Suprise for" ^((?i)Subject):\s(?i).*(surprise|suprise)\s+for
Subject contains SWISS" ^((?i)Subject):\s(?i).*swiss
Subject contains SYSTEM SOAP" ^((?i)Subject):\s(?i).*system\s+soap
Subject contains TABLETS" ^((?i)Subject):\s(?i).*tablets
Subject contains TADALAFIL" ^((?i)Subject):\s(?i).*\s+tadalafil
Subject contains TAKE A LOOK" ^((?i)Subject):\s(?i).*(take)\s+a\s+look
Subject contains THE BULL" ^((?i)Subject):\s(?i).*(the)\s+bull
Subject contains THREESOME" ^((?i)Subject):\s(?i).*threesome
Subject contains trader" ^((?i)Subject):\s(?i).*(trader)
Subject contains TRAVEL FLEA" ^((?i)Subject):\s(?i).*(travel)\s+flea
Subject contains TRUST" ^((?i)Subject):\s(?i).*(trust|trsut)
Subject contains UNBELIEVABLE" ^((?i)Subject):\s(?i).*\s+unbelievable
Subject contains UROLOG" ^((?i)Subject):\s(?i).*urolog
Subject contains USD" ^((?i)Subject):\s(?i).*\d\dUS(d|\$)
Subject contains UTF-8" ^((?i)Subject):\s(?i).*utf-8
Subject contains VAGINA" ^((?i)Subject):\s(?i).*(v|\|\/).{0,2}(\@|a).{0,2}g.{0,2}(i| |l|1|||i).{0,2}(\@|n).{0,2}(\@|a)
Subject contains VAIO" ^((?i)Subject):\s(?i).*vaio
Subject contains VALIUM" ^((?i)Subject):\s(?i).*(v|\|\/).{0,2}(\@|a).{0,2}(l|i|!|1).{0,2}(i| |l|1|||i|t).{0,2}u.{0,2}m
Subject contains viagra variant" ^((?i)Subject):\s(?i).*(v|\|\/).{0,2}(i| |l|1|||i).{0,2}(\@|a| | | ).{0,2}(g|q).{0,2}r.{0,2}(\@|a| | )
Subject contains VIAGRA variant" ^((?i)Subject):\s(?i).*viarga
Subject contains vicodin variant" ^((?i)Subject):\s(?i).*(v|\|\/).{0,2}(i| |l|1|||i).{0,2}(\@|c|d).{0,2}(o|0|\@).{0,2}d.{0,2}(i| |l|1|||i).{0,2}(\@|n)
Subject contains VIRGIN" ^((?i)Subject):\s(?i).*butthole
Subject contains VIRGIN" ^((?i)Subject):\s(?i).*virgin
Subject contains VITAMIN" ^((?i)Subject):\s(?i).*vitamin
Subject contains Wall-Street" ^((?i)Subject):\s(?i).*(wall-street)
Subject contains WANT TO PROMOTE YOUR WEBSITE" ^((?i)Subject):\s(?i).*want\s+to\s+promote\s+your\s+website
Subject contains Wants IT" ^((?i)Subject):\s(?i).*(wants)\s+it
Subject contains WATCH" ^((?i)Subject):\s(?i).*watch
Subject contains We Are the BEST" ^((?i)Subject):\s(?i).*we\s+are\s+the\s+best
Subject contains WE CANNOT CANCEL YOUR PAYMENT" ^((?i)Subject):\s(?i).*(we)\s+cannot\s+cancel\s+your\s+payment\s
Subject contains WICKED" ^((?i)Subject):\s(?i).*wicked
Subject contains WIFE" ^((?i)Subject):\s(?i).*wife
Subject contains WIN" ^((?i)Subject):\s(?i).*\s+(win)\s
Subject contains WINDOWS XP and OFFICE XP" ^((?i)Subject):\s(?i).(windows|office).(xp).(windows|office).(xp)
Subject contains with Melt away " ^((?i)Subject):\s(?i).*(melt)+\s(away)
Subject contains word with erz" ^((?i)Subject):\s(?i).*erz
Subject contains WRINKLE" ^((?i)Subject):\s(?i).*wrinkle
Subject contains xxx variant" ^((?i)Subject):\s(?i).*x.{0,2}x.{0,2}x
Subject contains YOU DON...KNOW HOW" ^((?i)Subject):\s(?i).(you)\s+don.(know)\s+how
Subject contains YOU NEED THIS" ^((?i)Subject):\s(?i).*(everyone|you|guys)\s+(need|needs)\s+this
Subject contains YOUR INFORMATION" ^((?i)Subject):\s(?i).*(your)\s+information\s
Subject contains YOURS TO KEEP" ^((?i)Subject):\s(?i).*yours\s+to\s+keep
Subject contains ZERO" ^((?i)Subject):\s(?i).*zero
Subject contains zero in common words" ^((?i)Subject):\s(?i).*(0f|y0u)
Subject contains [EJOBS] RE:" ^((?i)Subject):\s(?i).([)(EJOBS)(]).(?:re:)
Subject deals with gay" ^((?i)Subject):\s(?i).*(gay|lez|lezbo) (?:movie|password|site|video)
Subject deals with lolita" ^((?i)Subject):\s(?i).*lolita (?:movie|password|site|video)
Subject has a header" ^((?i)Subject):\s(?i)
Subject includes \"is or was expir(ed,ing)\" " ^((?i)Subject):\s(?i).*(is|was)\s+expir
Subject includes BLOWN AWAY" ^((?i)Subject):\s(?i).*blown\s+away

Bruce_Briggs · May 2020

More:

Subject includes MAKE HER GO" ^((?i)Subject):\s(?i).*make\s+her\s+go
Subject includes mispelled MICROSOFT" ^((?i)Subject):\s(?i).*(micro[inappropriate word]|micr0[inappropriate word]|m1cro[inappropriate word]|microsh1t|microshift)
Subject includes OUT WHAT" ^((?i)Subject):\s(?i).*out\s+what
Subject includes RED LIGHT CAMERA" ^((?i)Subject):\s(?i).*red\s+light\s+camera
Subject includes REDLIGHT CAMERA" ^((?i)Subject):\s(?i).*redlight\s+camera
Subject includes TRAFFIC CAMERA" ^((?i)Subject):\s(?i).*traffic\s+camera
Subject starts with ADLT" ^((?i)Subject):\s(?i)adlt
Subject starts with HI" ^((?i)Subject):\s(?i)hi
Subject starts with RE., not RE:" ^((?i)Subject):\s(?i)re.
Subject talks about losing pounds" ^((?i)Subject):\s(?i).\bWeight .(?:loss)
Subject talks about losing pounds" ^((?i)Subject):\s(?i).*losing\s+weight
value for no subject header" ^
X-mailer THE BAT!" ^(?:(?i)X-Mailer):\s.(?i)[^\s](the)\s+bat
Starts with ATTN:" ^((?i)Subject):\s(?i)ATTN:
Subject contains border" ^((?i)Subject):\s(?i).*b.{0,2}(o|0|\@).{0,2}r.{0,2}(d|\@).{0,2}(e|3|S|,|^|%).{0,2}r
Subject contains common words with number substitution " ^((?i)Subject):\s(?i).*\s+(y0u|wi11|b1g|sma11|2gether|4ever|4U)+\s
Subject contains complimentary" ^((?i)Subject):\s(?i).*complimentary
Subject contains cunt" ^((?i)Subject):\s(?i).*(cunt|c u n t|c@nt|cun+|c_u_n_t)
Subject contains CUNT" ^((?i)Subject):\s(?i).*(c)(.)(u)(.)(n)(.)(t)
Subject contains CUNT" ^((?i)Subject):\s(?i).*(c)(\@)(nt)
Subject contains debt" ^((?i)Subject):\s(?i).*debt
Subject contains depression" ^((?i)Subject):\s(?i).*(d|\@).{0,2}(e|3|S|,|^|%).{0,2}p.{0,2}r.{0,2}(e|3|S|,|^|%).{0,2}(s|z|5).{0,2}(s|z|5)
Subject contains diet related terms " ^((?i)Subject):\s(?i).*(lean|obese|attractive)
Subject contains discount" ^((?i)Subject):\s(?i).*discount
Subject contains fat" ^((?i)Subject):\s(?i).*fat
Subject contains feel " ^((?i)Subject):\s(?i).*(feel)
Subject contains game" ^((?i)Subject):\s(?i).*game
Subject contains gift" ^((?i)Subject):\s(?i).*gift
Subject contains giveaway" ^((?i)Subject):\s(?i).*giveaway
Subject contains hassle" ^((?i)Subject):\s(?i).*hassle
Subject contains HBO " ^((?i)Subject):\s.*(HBO)
Subject contains hothot" ^((?i)Subject):\s(?i).*h.{0,2}(o|0|\@).{0,2}(t|+).{0,2}h.{0,2}(o|0|\@).{0,2}(t|+)
Subject contains huge" ^((?i)Subject):\s(?i).*huge
Subject contains ink" ^((?i)Subject):\s(?i).*\s+ink
Subject contains intimate" ^((?i)Subject):\s(?i).*intimate
Subject contains loan" ^((?i)Subject):\s(?i).*(l|i|!|1).{0,1}(o|0|\@).{0,1}(\@|a).{0,1}(\@|n)
Subject contains need to" ^((?i)Subject):\s(?i).*need(\s|\t)to
Subject contains no subject" ^((?i)Subject):\s(?i).*no(\s|\t)subject
Subject contains pay" ^((?i)Subject):\s(?i).*pay
Subject contains pharma" ^((?i)Subject):\s(?i).*p.{0,2}h.{0,2}(\@|a).{0,2}r.{0,2}m.{0,2}(\@|a)
Subject contains pussy" ^((?i)Subject):\s(?i).*p.{0,2}u.{0,2}(s|z|5).{0,2}(s|z|5).{0,2}y
Subject contains quality " ^((?i)Subject):\s(?i).*(quality)
Subject contains rates" ^((?i)Subject):\s(?i).*(\s|\t).rate
Subject contains sleep" ^((?i)Subject):\s(?i).*sleep
Subject contains starts with bye" ^((?i)Subject):\s(?i)bye
Subject contains Starts with quick" ^((?i)Subject):\s(?i)quick
Subject contains Starts with very" ^((?i)Subject):\s(?i)very

Bruce_Briggs · May 2020

More:

Subject contains stud" ^((?i)Subject):\s(?i).*(s|z|5).{0,2}(t|+).{0,2}u.{0,2}(d|\@)
Subject contains USD" ^((?i)Subject):\s(?i).^((?i)Subject):\s.USD|U.S.D\b
Subject contains vulva" ^((?i)Subject):\s(?i).*(v|\|\/).{0,2}u.{0,2}(l|i|!|1).{0,2}(v|\|\/).{0,2}(\@|a)
Subject contains wealth" ^((?i)Subject):\s(?i).*wealth
Subject contains women" ^((?i)Subject):\s(?i).*w.{0,2}(o|0|\@).{0,2}m.{0,2}(\@|a|e|3|S|,|^|%).{0,2}(\@|n)
Subject contains xanax" ^((?i)Subject):\s(?i).*x.{0,2}(\@|a).{0,2}(\@|n).{0,2}(\@|a).x
Viagra type related ads related to shock, give, surprise...her" ^((?i)Subject):\s(?i).*(amaze|shock|surprise|give|impress)\s+her
PROBABLE VIRUS 1" ^((?i)Subject):\s(?i).*(your)\s+account\s+is\s+suspended
PROBABLE VIRUS 2" ^((?i)Subject):\s(?i).*(online)\s+user\s+violation
PROBABLE VIRUS 3" ^((?i)Subject):\s(?i).*(your)\s+services\s+near\s+to\s+be\s+closed
PROBABLE VIRUS 4" ^((?i)Subject):\s(?i).*(email)\s+account\s+suspension
PROBABLE VIRUS 5" ^((?i)Subject):\s(?i).*(notice)\s+of\s+account\s+limitation
PROBABLE VIRUS 6" ^((?i)Subject):\s(?i).(your)\s+password\s+has\s+been.updated
Subject contains MONEY variant" ^((?i)Subject):\s(?i).*m.{0,2}(o|0|\@).{0,2}(\@|n).{0,2}(e|3| | | | ).{0,2}y
Subject contains Holiday related terms 1" ^((?i)Subject):\s(?i).(Valentine|Mother|Father|birth).day
Subject contains Holiday related terms 2" ^((?i)Subject):\s(?i).*(anniversary|halloween|thanksgiving|christmas|xmas|x-mas)
Subject contains Gift Card" ^((?i)Subject):\s(?i).*(gift)+\s+card
Subject contains weight loss" ^((?i)Subject):\s(?i).(weight|pound).(disappear|loss|lost|drop|melt)
Subject contains Turkey" ^((?i)Subject):\s(?i).*(turkey)

Further word of advice when perusing and using this list: Some rules must work in tandem as certain rules may result in frequent false positives unless the offsetting rule exists. Samples include

Subject contains porn variant" ^((?i)Subject):\s(?i).*p.{0,2}(o|0|\@).{0,2}r.{0,1}(\@|n)
Exclusion to porn" ^((?i)Subject):\s(?i).*exploring
Subject contains 3 or more consecutive vowels" ^((?i)Subject):\s(?i).*(a|e|i|o|u|y){3}
- - Exclusions to 3 or more consecutive vowel rule" ^((?i)Subject):\s(?i).*(ieee|\sAAA\s|iou|eau|you|ayo|oyee|year|aye|loyola|loyal)
Subject contains FIST" ^((?i)Subject):\s(?i).*f.{0,1}(i| |l|1|||i).{0,1}(s|z|5).{0,1}(t|+)
Subject contains First" ^((?i)Subject):\s(?i).*first
Subject contains OEM" ^((?i)Subject):\s(?i).*(oem|o e m)
Subject contains POEM" ^((?i)Subject):\s(?i).*poem
Subject contains home variant" ^((?i)Subject):\s(?i).*h.{0,2}(o|0|\@).{0,2}m.{0,2}(e|3| | | | )
Exclusion to home variant" ^((?i)Subject):\s(?i).*homeless
Subject contains ANAL variant" ^((?i)Subject):\s(?i).*\s(anal|an\@l|\@nal|\@n\@l|ana1)
Subject - Exceptions to ANAL" ^((?i)Subject):\s(?i).*(analy|canal)

In addition the following rule checks a blank subject line - note subject header exists but is blank
- Contains empty subject" ^(?:(?i)Subject):\s<>

The following tests for the existence of a subject header - note subject header does not exist, this rule can be modified for the default starting value and other tests for desired headers can be added with negative weights as well

starting default weight" "^"
Subject has a header" ^((?i)Subject):\s(?i)

Bruce_Briggs · May 2020

More:

Subject contains stud" ^((?i)Subject):\s(?i).*(s|z|5).{0,2}(t|+).{0,2}u.{0,2}(d|\@)
Subject contains USD" ^((?i)Subject):\s(?i).^((?i)Subject):\s.USD|U.S.D\b
Subject contains vulva" ^((?i)Subject):\s(?i).*(v|\|\/).{0,2}u.{0,2}(l|i|!|1).{0,2}(v|\|\/).{0,2}(\@|a)
Subject contains wealth" ^((?i)Subject):\s(?i).*wealth
Subject contains women" ^((?i)Subject):\s(?i).*w.{0,2}(o|0|\@).{0,2}m.{0,2}(\@|a|e|3|S|,|^|%).{0,2}(\@|n)
Subject contains xanax" ^((?i)Subject):\s(?i).*x.{0,2}(\@|a).{0,2}(\@|n).{0,2}(\@|a).x
Viagra type related ads related to shock, give, surprise...her" ^((?i)Subject):\s(?i).*(amaze|shock|surprise|give|impress)\s+her
PROBABLE VIRUS 1" ^((?i)Subject):\s(?i).*(your)\s+account\s+is\s+suspended
PROBABLE VIRUS 2" ^((?i)Subject):\s(?i).*(online)\s+user\s+violation
PROBABLE VIRUS 3" ^((?i)Subject):\s(?i).*(your)\s+services\s+near\s+to\s+be\s+closed
PROBABLE VIRUS 4" ^((?i)Subject):\s(?i).*(email)\s+account\s+suspension
PROBABLE VIRUS 5" ^((?i)Subject):\s(?i).*(notice)\s+of\s+account\s+limitation
PROBABLE VIRUS 6" ^((?i)Subject):\s(?i).(your)\s+password\s+has\s+been.updated
Subject contains MONEY variant" ^((?i)Subject):\s(?i).*m.{0,2}(o|0|\@).{0,2}(\@|n).{0,2}(e|3| | | | ).{0,2}y
Subject contains Holiday related terms 1" ^((?i)Subject):\s(?i).(Valentine|Mother|Father|birth).day
Subject contains Holiday related terms 2" ^((?i)Subject):\s(?i).*(anniversary|halloween|thanksgiving|christmas|xmas|x-mas)
Subject contains Gift Card" ^((?i)Subject):\s(?i).*(gift)+\s+card
Subject contains weight loss" ^((?i)Subject):\s(?i).(weight|pound).(disappear|loss|lost|drop|melt)
Subject contains Turkey" ^((?i)Subject):\s(?i).*(turkey)

Further word of advice when perusing and using this list: Some rules must work in tandem as certain rules may result in frequent false positives unless the offsetting rule exists. Samples include

Subject contains porn variant" ^((?i)Subject):\s(?i).*p.{0,2}(o|0|\@).{0,2}r.{0,1}(\@|n)
Exclusion to porn" ^((?i)Subject):\s(?i).*exploring
Subject contains 3 or more consecutive vowels" ^((?i)Subject):\s(?i).*(a|e|i|o|u|y){3}
- - Exclusions to 3 or more consecutive vowel rule" ^((?i)Subject):\s(?i).*(ieee|\sAAA\s|iou|eau|you|ayo|oyee|year|aye|loyola|loyal)
Subject contains FIST" ^((?i)Subject):\s(?i).*f.{0,1}(i| |l|1|||i).{0,1}(s|z|5).{0,1}(t|+)
Subject contains First" ^((?i)Subject):\s(?i).*first
Subject contains OEM" ^((?i)Subject):\s(?i).*(oem|o e m)
Subject contains POEM" ^((?i)Subject):\s(?i).*poem
Subject contains home variant" ^((?i)Subject):\s(?i).*h.{0,2}(o|0|\@).{0,2}m.{0,2}(e|3| | | | )
Exclusion to home variant" ^((?i)Subject):\s(?i).*homeless
Subject contains ANAL variant" ^((?i)Subject):\s(?i).*\s(anal|an\@l|\@nal|\@n\@l|ana1)
Subject - Exceptions to ANAL" ^((?i)Subject):\s(?i).*(analy|canal)

In addition the following rule checks a blank subject line - note subject header exists but is blank
- Contains empty subject" ^(?:(?i)Subject):\s<>

RegEx Examples

Comments