Keeping track of the latest words to filter with our anti-spam appliances can be a daunting task. With the power of a wiki, however, we can all keep a master list up to date to fight back against SPAM.

The password for editing the wiki = 'barracuda'

Preview your regular expressions carefully to see if they accidentally contain PBwiki formatting characters that change how they appear. Enclose your pattern in "<raw>" and "</raw>" if necessary. This also works to prevent PBwiki from linkifying domain names.

The Barracuda will take the strictest action possible. If a rule is duplicated across multiple sections (body block, body quarantine, and body tag for example) the lesser actions can be considered extraneous and removed. Since some people may not want to take the same level of action, they will be listed under a separate section to prevent unnecessary computation. But they will not be removed entirely to draw attention to the fact that people disagree on the action needed for that regex.

User Lists

• tkdan235 list
• another list

Master List

Header Block:

^FCC:\ mailbox\:\/\/

^X-Barracuda-Connect: ([a-z]{2}d+|d+-d+).*is.net.pl[

^X-Barracuda-Connect: (dsl|dial|host).{0,40}pool

^X-Barracuda-Connect: (host|pc|h-)d+-d+..*.pl[

^X-Barracuda-Connect: (ip|c)[0-9a-f]{8}.(speed|cable).*.nl[

^X-Barracuda-Connect: [0-9a-f]{8}.cps.*.br[

^X-Barracuda-Connect: d+-d+.us.ool.fr[

^X-Barracuda-Connect: d+.Red-d+-d+-d+.

^X-Barracuda-Connect: bai[0-9a-f]{8}.bai.*.jp[

^X-Barracuda-Connect: c-.*hsd.*comcast.net

^X-Barracuda-Connect: chellod+.chello.([^u0-9][^s0-9]|[a-tv-z]s|u[a-rt-z])[

^X-Barracuda-Connect: cmd+.deltad+.maxonline.com.sg[

^X-Barracuda-Connect: dial-d+..*.pl[

^X-Barracuda-Connect: dpcd+.direcpc

^X-Barracuda-Connect: edd+..*vectant.ne.jp[

^X-Barracuda-Connect: hostd+..*.ar[

^X-Barracuda-Connect: ip1a.*.mesh.ad.jp[

^X-Barracuda-Connect: md+.cd+..*.pl[

^X-Barracuda-Connect: p[0-9a-f]{8}.*t-dialin.net[

^X-Barracuda-Connect: pd+(-|.).{0,40}.jp[

^X-Barracuda-Connect: pld+.nasd+.*.jp[

^X-Barracuda-Connect: pool-

^X-Barracuda-Connect: pool.{0,40}verizon.net

^X-Barracuda-Connect: sd+.{0,40}shawcable.net...

^X-Barracuda-Connect: user-.*.mindspring.com[

^X-Barracuda-Connect: usrd+.usr.*.jp[

^X-Barracuda-Connect: .*(dsl|ppp)-d+-d+-d+-d+.*(pacbell.net|cox.net)[

^X-Barracuda-Connect: .{0,40}(-|.)ppp

^X-Barracuda-Connect: .{0,40}dial(-?up.|in.)

^X-Barracuda-Connect: .{0,40}(dsl|cable|broadband).{0,40}.([^u0-9][^s0-9]|[a-tv-z]s|u[a-rt-z])[

^X-Barracuda-Connect: .{0,40}.dynamic(ip)?.

^X-Barracuda-Connect: .{0,40}ppp(d+|(.)?)(-|.)

^X-Barracuda-Connect: .{0,40}ppp(oe|ool)

^X-Barracuda-Connect: .{0,40}res.rr.com

^X-Barracuda-Connect: .*.opt2.point.ne.jp

^X-Barracuda-Connect: .*d+(.|-|x)d+(.|-|x)d+(.|-|x)d+.{0,40}.([^u0-9][^s0-9]|[a-tv-z]s|u[a-rt-z])[

^X-Barracuda-Connect: .*in-addr.arpa[

^X-Barracuda-Connect: .*onshortnotice.com[

^X-Barracuda-Connect: .+-.+-.+-.+.*.([^u0-9][^s0-9]|[a-tv-z]s|u[a-rt-z])[

The above X-Barracuda-Connect lines block a lot of spam as a last resort, but only works on the 3.4 or newer series firmware. This is a completely new way to block lots of spam from hosts that haven't been blacklisted, yet. Header block list updated on 17 August 2007.

Top

Header Quarantine:

b.ru [[(]

X-Barracuda-Connect: unknown[

X-Barracuda-Connect:.*[dilIpP|.x-_]{11,}.*[

Top

Subject Block:

million.*addresses

soft tabs

\$E{1,2}(\}\{|K)UAL{1,3}Y

bamateur (babe|teen)b

\basian teen\b

\bassfucked\b

\bblack cock\b

b(blonde|brunette|redhead) amateurb

\bC\'ialis\b

\bcocks?\b

\bcreampie\b

bcum(shot|swap)?b

\bdeep anal\b

\bdick\b

\bfucking movies\b

\bimpotence\b

\bLoww\b

\bratess\b

\bslut(s|ty)?\b

\bstocks?\b

\bstox

\bteens\b

\bTnees\b

\bUSD\b

\bvirgin\b

\bWALLIUM\b

\bWiagra\b

\bwilders

A powful tool

A WinXP patch

Allhallowmas

Antigen

ANTIVIRUS SYSTEM found VIRUS

asshloe

Bareely

bitch

Bit(e(ch|hc)|hce|ceh)s

bllowjob

Boondageed

botox

bukkk?akk?e

camel ?toe

casino

cheap cigarettes

cheating wife

([c<ç©€¢]{1,2}[a-z0-9]{0,2}[i1l|\/!¡'îíìï:;]{1,2}[a@ªàáâãäå^æ|/-\]{1,3}[i1l|\/!¡'îíìï:;]{2,4}[s5g$#§šƒz]{1,2})b

coevring

cosleups

Creampie

cristmas

csloeups

Cum Hungry

cumshots

cveoring

cveroed

date with you

dirty cheating

disc0unt

d(lown|nlow|nwol)oadable

E(}{|x|ks)PL[Il]{1,2}C[Il]T{1,2}

erxemte

Fineegrd

FRAMESPACING

Handjoo?bs

Have a excite Christmas

hor{1,2}ny

hot slut

Housewires

Hrony

Htestot

htoetst

I've got YOUR email on my account!!

Infinex Ventures

in(cn(eon|noe)|n(c(eon|one)|eonc|nceo|ocenn|oenc)|o(cnen|en(cn|nc)|n(cen|enc)))t

inonvative

Inteerracial

it was on the news

Japanese girl VS playboy

Leftalign

L(e(ov|vo)|oev|v(eo|oe))ly

mho(et|te)r

\bMILFs\b

mmo(my|s)

Mt(eoh|heo|oeh)r

Norton AntiVirus detected

nymph

oil-thickening off-go

orgasms

p(3|e{1,2})nis

P4in

parnter

peervrt

Phargrmacy

p(o|00)rn

P(o(rs|sr)|s(or|ro)|r(os|so))titut[es]

pr0posal

Preetvrs

puss

R0LEX

r(eos|oes|soe)lution

russian

\bRX\b

sce(er|re)n

se(cer|ecr)n

sr(ce|ec)en

schoolgirl

Secens

Seemn

Seped

\bsex

s5$]e.{1,4}uu?aa?ll?l?y[s-_]+e.{1,4}pp?lii?cit

se(}{|k{1,2}s)ually

sh1pping

shy mommy

shy slut

b[s5S]lut[s5ty]*[ty]*b

sohwing

sotck

spreading lips

srpeading

St0ck

stranergs

stuffing panties

suck(1|ii)ng

supreb

Symantec AVF detected

tight pink

tight pussy

Torrtureed

URGENT MICROSOFT WINDOWS UPDATE

(v|(\[^w]{0,2}/)){1,2}[a-z0-9]{0,2}[i1l|\/!¡îíìï:;]{0,2}([a@àáâãäå^æ])|(/[^w]{0,2}\)){1,2}[gqp96]{1,2}[a-z0-9]{0,2}[r]{1,2}[a-z0-9]{0,2}([a@àáâãäå^æ])|(/[^w]{0,2}\)){1,2}b

v[i1|][a@][gq]ra

vic(ido|od1)n

Vide0s

vilgra

virrgin

volume of your ejaculation

W32.Elkern removal tools

W32.Klez.E removal tools

wants (a|to) date

Wemon

Weohrs

Weomn

Wheors

whore

wild cum

Windows Vista Ultimate ready to download

with NO PRESCRIPTION

wm(eo|oe)n

Wo(hr|rh)e

wow ?gold

wore out pussy

Worm Klez.E immunity

Wreohs

wr(ho|oh)e

xxx

Extraneous Subject Block:

The following regex are considered extraneous because anything they match against will also be caught by another rule already listed.

They are formatted as EXTRANEOUS_RULE RULE_IT'S_OBSOLETED_BY

Rules Duplicated in Subject Block:

nasty pussy puss

nice pussy puss

Top

Subject Quarantine:

\basian\b

\bchick\b

\bdiet\b

\bgirl\b

\bhot\b

\blook\b

bMarried(((W)?[oe]{1,2}m.?n)|(Mom))b

\brates\b

\bshy\b

\bwet\b

\bwild\b

amature

blonde

cheating

dripping

flirty

girls

housewife

mature

nude

opt-(in|out)

Pharmaceutical

spreading

suck(s|ing)

teen

Ultimate Online

wife

wives

young

Extraneous Subject Quarantine:

The following regex are considered extraneous because anything they match against will also be caught by another rule already listed.

They are formatted as EXTRANEOUS_RULE RULE_IT'S_OBSOLETED_BY

Rules Duplicated in Subject Block:

sexy sexy

wow ?gold wow ?gold

Top

Body Block:

000(%| ?percent) return

\bcock\b

\bER ECTI ON\b

\$EXUALLLY\b

\bCialis\b

\bcunt\b

\bgangbang\b

\bhorny\b

\bimpotence\b

\bnymph\b

\bpussy\b

bslut(s|ty)?b

\bteens\b

\bvi.gra\b

\bvirgin\b

100% Guaranteed Safe Results Or Your Money Back!

bad credit ok

bl{1,2}ow{1,2}job

bukkakke

came\ltoe

([c<ç©€¢]{1,2}[a-z0-9]{0,2}[i1l|\/!¡'îíìï:;]{1,2}([a@ªàáâãäå^æ]|/-\){1,3}[i1l|\/!¡'îíìï:;]{2,4}[s5g$#§šƒz]{1,2})b

CIAzLIS

cumshots

dirtty

discreet packaging

eliminate your debt

enlarge your

erection

ERECTl0NS

f r e e

fuuck

g u a r a n t e e d

giving head

holydays

Horrny

looking for a good time

mailslam.net

masturbat(e|ing)

micr(?!oso)[o0]s[o0]ft

Microsoft will pay

\bMILFs?\b

moonlessih

MSHTML 6(.|=2e)00(.|=2e)2800(.|=2e)1437

no credit check

no doctor visit needed

nympho

One of the key rules every good trader knows is volume before price.

orgasms

orgiees

our medical records

p[3e]{1,2}nis

pervverted

pestalozziman.net

Phargrmacy

plesure

premature ejaculation

prostitute

protosoft.org

pussies

reduce your monthly payments

Render Cafe

russian

schoolg{1,2}irl

seduceed

[s5$]e.{1,4}uu?aa?ll?l?y[s-_]+e.{1,4}pp?lii?cit

se(x|\}\{)ually

b[s5S]lut[s5ty]*[ty]*b

sotck

suckiing

(v|(\[^w]{0,2}/)){1,2}[a-z0-9]{0,2}[i1l|\/!¡îíìï:;]{0,2}([a@àáâãäå^æ])|(/[^w]{0,2}\)){1,2}[gqp96]{1,2}[a-z0-9]{0,2}[r]{1,2}[a-z0-9]{0,2}([a@àáâãäå^æ])|(/[^w]{0,2}\)){1,2}b

v[i1|][a@][gq]ra

Vibrator

vilgra

virrgin

web.da-us

www\.dsj\.allwewantfound\.org/is/

whore

wow ?gold

Youung

Top

Body Quarantine:

\bcasino\b

\bdiploma\b

bMarried(((W)?[oe]{1,2}m.?n)|(Mom))b

\bnude\b

\bRX\b

all natural

apply now

as a patient

as seen on

bitch

botox

buy meds

cancel your subscription

cheap-cigarettes

China Media

debt management

doubled? in [247][482] hours

housewives

If you would like to (stop receiving email offers|be removed|remove your address|have us stop)

improves self-esteem

international trading

opt out

opt-(in|out)

pharmacy

r-e-p-l-i-c-a

r-?o-?l-?e-?x

remove out

Ss?ys?ms?(bs?[o0]s?[l1])?[:-]s+(OTC:s*)?[a-z][_-.s]?[a-z][_-.s]?[a-z][_-.s]?[a-z]b

safeguard your account

save up to

supplies are limited

sweepstakes

t ?v offer

the only proven way

This( |email |email contains )is an? (commercial solicitation|advertisement)

University Degree

vicodin

we earnestly

work (at|from) home

www.thegamblehouse.com

save[: ]{1,4}$ddd

(diplomas?|degrees?|University).+(no (required)? (test|book|exam|classe?)s?)

2 week degree

Extraneous Subject Quarantine:

The following regex are considered extraneous because anything they match against will also be caught by another rule already listed.

They are formatted as EXTRANEOUS_RULE RULE_IT'S_OBSOLETED_BY

Rules Duplicated in Body Block:

wow ?gold wow ?gold

Top

Comments about the list and information about the contributers to the wiki can be found in the Barracuda forums here: http://forum.barracudanetworks.com/bb/viewtopic.php?p=17827

---- Edited page to remove basic duplications (terryguld)

---- Edited page to remove spammer links. Request valid users only be able to edit page

---- Removed apostrophe from "List's" because it is plural, not possessive

---- Corrected misspelling of "formatted" in "Extraneous" sections