diff --git a/sa-updates/20_advance_fee.cf b/sa-updates/20_advance_fee.cf
index 76ed417..5d83f97 100644
--- a/sa-updates/20_advance_fee.cf
+++ b/sa-updates/20_advance_fee.cf
@@ -23,7 +23,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 # predicate naming used to avoid renumbering
 # 1. assign new rules a random unique three letter sequence
diff --git a/sa-updates/20_body_tests.cf b/sa-updates/20_body_tests.cf
index 463a0c8..700bd42 100644
--- a/sa-updates/20_body_tests.cf
+++ b/sa-updates/20_body_tests.cf
@@ -30,7 +30,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 ###########################################################################
 # GTUBE test - the generic test for UBE.
diff --git a/sa-updates/20_compensate.cf b/sa-updates/20_compensate.cf
index 8bf44ab..83ba608 100644
--- a/sa-updates/20_compensate.cf
+++ b/sa-updates/20_compensate.cf
@@ -24,7 +24,7 @@
 ###########################################################################
 # Header compensation tests
 
-require_version 3.004005
+require_version 3.004006
 
 header __HAS_RCVD       exists:Received
 meta NO_RECEIVED        (!__HAS_RCVD)
diff --git a/sa-updates/20_dnsbl_tests.cf b/sa-updates/20_dnsbl_tests.cf
index 3a57581..69a2912 100644
--- a/sa-updates/20_dnsbl_tests.cf
+++ b/sa-updates/20_dnsbl_tests.cf
@@ -23,7 +23,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 ###########################################################################
 
@@ -203,27 +203,48 @@ tflags RCVD_IN_IADB_VOUCHED     net nice
 reuse RCVD_IN_IADB_VOUCHED
 
 # ---------------------------------------------------------------------------
-# Return Path Certified:
-# https://www.returnpath.net/internetserviceprovider/certification/
+# Validity (née Return Path, SenderScore) reputation DNSBLs
+# https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6247
+# Certified:
+# https://www.validity.com/resource-center/fact-sheet-certification/
 # (replaces RCVD_IN_BSP_TRUSTED, RCVD_IN_BSP_OTHER, RCVD_IN_SSC_TRUSTED_COI)
-header RCVD_IN_RP_CERTIFIED     eval:check_rbl_txt('ssc-firsttrusted', 'sa-trusted.bondedsender.org.')
-describe RCVD_IN_RP_CERTIFIED   Sender in ReturnPath Certified - Contact cert-sa@returnpath.net
-tflags RCVD_IN_RP_CERTIFIED     net nice
+header RCVD_IN_VALIDITY_CERTIFIED     eval:check_rbl_txt('ssc-firsttrusted', 'sa-trusted.bondedsender.org.')
+describe RCVD_IN_VALIDITY_CERTIFIED   Sender in Validity Certification - Contact certification@validity.com
+tflags RCVD_IN_VALIDITY_CERTIFIED     net nice publish
+reuse RCVD_IN_VALIDITY_CERTIFIED
+
+# Safe:
+# https://www.validity.com/resource-center/fact-sheet-certification/
+# (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED)
+header RCVD_IN_VALIDITY_SAFE     eval:check_rbl_txt('ssc-firsttrusted','sa-accredit.habeas.com.')
+describe RCVD_IN_VALIDITY_SAFE   Sender in Validity Safe - Contact certification@validity.com
+tflags RCVD_IN_VALIDITY_SAFE     net nice publish
+reuse RCVD_IN_VALIDITY_SAFE
+
+# Validity RPBL (née Return Path Reputation Network Blacklist - RNBL):
+# https://www.senderscore.org/blocklistlookup/
+header RCVD_IN_VALIDITY_RPBL     eval:check_rbl('rnbl-lastexternal','bl.score.senderscore.com.')
+describe RCVD_IN_VALIDITY_RPBL   Relay in Validity RPBL, https://senderscore.org/blocklistlookup/
+tflags RCVD_IN_VALIDITY_RPBL     net publish
+reuse RCVD_IN_VALIDITY_RPBL
+
+# temporary
+meta RCVD_IN_RP_CERTIFIED RCVD_IN_VALIDITY_CERTIFIED
+describe RCVD_IN_RP_CERTIFIED RCVD_IN_RP_CERTIFIED renamed to RCVD_IN_VALIDITY_CERTIFIED, please update local rules
+score RCVD_IN_RP_CERTIFIED -0.001
+tflags RCVD_IN_RP_CERTIFIED net nice publish
 reuse RCVD_IN_RP_CERTIFIED
 
-# Return Path Safe:
-# https://www.returnpath.net/internetserviceprovider/certification/
-# (replaces HABEAS_ACCREDITED_COI, HABEAS_ACCREDITED_SOI, HABEAS_CHECKED)
-header RCVD_IN_RP_SAFE     eval:check_rbl_txt('ssc-firsttrusted','sa-accredit.habeas.com.')
-describe RCVD_IN_RP_SAFE   Sender in ReturnPath Safe - Contact safe-sa@returnpath.net
-tflags RCVD_IN_RP_SAFE     net nice
+meta RCVD_IN_RP_SAFE RCVD_IN_VALIDITY_SAFE
+describe RCVD_IN_RP_SAFE RCVD_IN_RP_SAFE renamed to RCVD_IN_VALIDITY_SAFE, please update local rules
+score RCVD_IN_RP_SAFE -0.001
+tflags RCVD_IN_RP_SAFE net nice publish
 reuse RCVD_IN_RP_SAFE
 
-# Return Path Reputation Network Blacklist (RNBL):
-# https://senderscore.org/blacklistlookup/
-header RCVD_IN_RP_RNBL         eval:check_rbl('rnbl-lastexternal','bl.score.senderscore.com.')
-describe RCVD_IN_RP_RNBL       Relay in RNBL, https://senderscore.org/blacklistlookup/
-tflags RCVD_IN_RP_RNBL         net
+meta RCVD_IN_RP_RNBL RCVD_IN_VALIDITY_RPBL
+describe RCVD_IN_RP_RNBL RCVD_IN_RP_RNBL renamed to RCVD_IN_VALIDITY_RPBL, please update local rules
+score RCVD_IN_RP_RNBL 0.001
+tflags RCVD_IN_RP_RNBL net publish
 reuse RCVD_IN_RP_RNBL
 
 endif
diff --git a/sa-updates/20_drugs.cf b/sa-updates/20_drugs.cf
index 5b8dd60..124695f 100644
--- a/sa-updates/20_drugs.cf
+++ b/sa-updates/20_drugs.cf
@@ -31,7 +31,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 ###########################################################################
 # header rules
diff --git a/sa-updates/20_dynrdns.cf b/sa-updates/20_dynrdns.cf
index 9cb60f9..5233569 100644
--- a/sa-updates/20_dynrdns.cf
+++ b/sa-updates/20_dynrdns.cf
@@ -25,7 +25,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 # ---------------------------------------------------------------------------
 
diff --git a/sa-updates/20_fake_helo_tests.cf b/sa-updates/20_fake_helo_tests.cf
index 00bcda2..f5be658 100644
--- a/sa-updates/20_fake_helo_tests.cf
+++ b/sa-updates/20_fake_helo_tests.cf
@@ -25,7 +25,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 #---------------------------------------------------------------------------
 # Handle hosts that look like HELO_DYNAMIC hosts
diff --git a/sa-updates/20_head_tests.cf b/sa-updates/20_head_tests.cf
index 969ce09..64df56d 100644
--- a/sa-updates/20_head_tests.cf
+++ b/sa-updates/20_head_tests.cf
@@ -23,7 +23,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 ###########################################################################
 
diff --git a/sa-updates/20_html_tests.cf b/sa-updates/20_html_tests.cf
index a346ee4..0745e7d 100644
--- a/sa-updates/20_html_tests.cf
+++ b/sa-updates/20_html_tests.cf
@@ -23,7 +23,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 # HTML parser tests
 #
diff --git a/sa-updates/20_meta_tests.cf b/sa-updates/20_meta_tests.cf
index ac94737..aad82fe 100644
--- a/sa-updates/20_meta_tests.cf
+++ b/sa-updates/20_meta_tests.cf
@@ -29,7 +29,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 # some tests that will trigger FPs on ISO-2022-JP mails.
 
diff --git a/sa-updates/20_net_tests.cf b/sa-updates/20_net_tests.cf
index be751a9..3f2da4c 100644
--- a/sa-updates/20_net_tests.cf
+++ b/sa-updates/20_net_tests.cf
@@ -30,7 +30,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 # bug 2220. nice results
 meta DIGEST_MULTIPLE		RAZOR2_CHECK + DCC_CHECK + PYZOR_CHECK > 1
diff --git a/sa-updates/20_phrases.cf b/sa-updates/20_phrases.cf
index cd1f4ee..4601c33 100644
--- a/sa-updates/20_phrases.cf
+++ b/sa-updates/20_phrases.cf
@@ -27,7 +27,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 ###########################################################################
 
diff --git a/sa-updates/20_porn.cf b/sa-updates/20_porn.cf
index ef18ea1..487ce3e 100644
--- a/sa-updates/20_porn.cf
+++ b/sa-updates/20_porn.cf
@@ -27,7 +27,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 ###########################################################################
 
diff --git a/sa-updates/20_uri_tests.cf b/sa-updates/20_uri_tests.cf
index ae379b4..11bb24b 100644
--- a/sa-updates/20_uri_tests.cf
+++ b/sa-updates/20_uri_tests.cf
@@ -23,7 +23,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 # possible IDN spoofing attack: https://web.archive.org/web/20141006091906/https://www.shmoo.com/idn/homograph.txt
 # not expecting any hits on this (yet)
diff --git a/sa-updates/23_bayes.cf b/sa-updates/23_bayes.cf
index 137bc4b..274f424 100644
--- a/sa-updates/23_bayes.cf
+++ b/sa-updates/23_bayes.cf
@@ -23,7 +23,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 ###########################################################################
 
diff --git a/sa-updates/25_asn.cf b/sa-updates/25_asn.cf
index bd8f80c..12a8bbe 100644
--- a/sa-updates/25_asn.cf
+++ b/sa-updates/25_asn.cf
@@ -33,7 +33,7 @@
 # Usage changed in 4.0: there is also direct GeoDB/GeoIP support,
 # users should configure manually as described in plugin documentation.
 ifplugin Mail::SpamAssassin::Plugin::ASN
-if can(Mail::SpamAssassin::Plugin::ASN::has_check_asn)
+if !(can(Mail::SpamAssassin::Plugin::ASN::has_check_asn))
  asn_lookup asn.routeviews.org _ASN_ _ASNCIDR_
  add_header all ASN _ASN_ _ASNCIDR_
 
@@ -41,5 +41,5 @@ if can(Mail::SpamAssassin::Plugin::ASN::has_check_asn)
  #if can(Mail::SpamAssassin::Plugin::ASN::has_asn_lookup_ipv6)
  #  asn_lookup_ipv6 origin6.asn.cymru.com _ASN_ _ASNCIDR_
  #endif
-endif	# has_check_asn
+endif	# !has_check_asn
 endif	# Mail::SpamAssassin::Plugin::ASN
diff --git a/sa-updates/50_scores.cf b/sa-updates/50_scores.cf
index 5b69e60..3b06941 100644
--- a/sa-updates/50_scores.cf
+++ b/sa-updates/50_scores.cf
@@ -281,7 +281,7 @@ score RCVD_FORGED_WROTE 0 # n=0 n=1 n=2 n=3
 score RCVD_FORGED_WROTE2 0 # n=0 n=1 n=2 n=3
 #score RCVD_IN_BRBL_LASTEXT 0 1.644 0 1.449 # n=0 n=2
 score RCVD_IN_PSBL 0 2.700 0 2.700 # n=0 n=2
-score RCVD_IN_RP_RNBL 0 1.284 0 1.310 # n=0 n=2
+score RCVD_IN_VALIDITY_RPBL 0 1.284 0 1.310 # n=0 n=2
 score RCVD_MAIL_COM 0 # n=0 n=1 n=2 n=3
 score RDNS_DYNAMIC 2.639 0.363 1.663 0.982
 score RDNS_LOCALHOST 3.700 0.969 2.345 0.001
@@ -520,12 +520,12 @@ score NO_DNS_FOR_FROM 0 0.379 0 0.001 # n=0 n=2
 score RCVD_IN_ZEN_BLOCKED_OPENDNS 0 0.001 0 0.001
 score RCVD_IN_ZEN_BLOCKED 0 0.001 0 0.001
 
-# ReturnPath Certified
-# https://www.returnpath.net/internetserviceprovider/certification/
+# Validity (née ReturnPath) Certified
+# https://www.validity.com/resource-center/fact-sheet-certification/
 # CERTIFIED is a subset of SAFE, thus the score is cumulative.
 # -2 + -3 = -5 points for CERTIFIED
-score RCVD_IN_RP_CERTIFIED 0.0 -3.0 0.0 -3.0
-score RCVD_IN_RP_SAFE 0.0 -2.0 0.0 -2.0
+score RCVD_IN_VALIDITY_CERTIFIED 0.0 -3.0 0.0 -3.0
+score RCVD_IN_VALIDITY_SAFE 0.0 -2.0 0.0 -2.0
 
 # DNSWL is a commercial service that requires payment for servers over 100K queries daily.
 # Unfortunately, they will return true answers for DNS servers they consider abusive so
diff --git a/sa-updates/72_active.cf b/sa-updates/72_active.cf
index 424d05a..a09b034 100644
--- a/sa-updates/72_active.cf
+++ b/sa-updates/72_active.cf
@@ -23,7 +23,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 ##{ ACCT_PHISHING_MANY
 
@@ -575,13 +575,6 @@ describe       BITCOIN_YOUR_INFO      BitCoin with your personal info
 tflags         BITCOIN_YOUR_INFO      publish
 ##} BITCOIN_YOUR_INFO
 
-##{ BODY_EMPTY
-
-meta        BODY_EMPTY           __EMPTY_BODY && !ALL_TRUSTED && !__MIME_ATTACHMENT && !__HAS_THREAD_INDEX && !__TO_EQ_FROM_DOM && !NO_RELAYS && !__PDF_ATTACH && !__HDR_RCVD_GOOGLE && !__MSGID_APPLEMAIL && !__XM_IPHONEMAIL 
-describe    BODY_EMPTY           No body text in message
-#score       BODY_EMPTY           2.00	# limit
-##} BODY_EMPTY
-
 ##{ BODY_SINGLE_URI
 
 meta        BODY_SINGLE_URI     __BODY_SINGLE_URI && !ALL_TRUSTED && !__HDRS_LCASE_KNOWN && !__FROM_ALL_NUMS && !__RCD_RDNS_SMTP && !__VIA_ML 
@@ -681,13 +674,6 @@ describe    CANT_SEE_AD       You really want to see our spam.
 tflags      CANT_SEE_AD       publish
 ##} CANT_SEE_AD
 
-##{ CK_HELO_GENERIC
-
-header 		CK_HELO_GENERIC   	X-Spam-Relays-Untrusted =~ /^[^\]]+helo=(?=\S*(?:pool|dyna|lease|dial|dip|static))\S*\d+[^\d\s]+\d+[^\]]+ auth= /i
-describe	CK_HELO_GENERIC		Relay used name indicative of a Dynamic Pool or Generic rPTR
-#score		CK_HELO_GENERIC		0.25
-##} CK_HELO_GENERIC
-
 ##{ CN_B2B_SPAMMER
 
 body        CN_B2B_SPAMMER         /\bWe are (?:(?:a )?(?:China|Taiwan)[-\s]based|(?:one of (?:the )?best|(?:a )?leading) (?:international|[^\.]{10,90} (?:in|from) (?:\w+, )?(?:China|Taiwan)))\b/i
@@ -778,6 +764,14 @@ endif
 body CURR_PRICE         /\bCurrent Price:/
 ##} CURR_PRICE
 
+##{ DATE_IN_FUTURE_96_Q ifplugin Mail::SpamAssassin::Plugin::HeaderEval
+
+ifplugin Mail::SpamAssassin::Plugin::HeaderEval
+header   DATE_IN_FUTURE_96_Q    eval:check_for_shifted_date('96', '2920')
+describe DATE_IN_FUTURE_96_Q    Date: is 4 days to 4 months after Received: date
+endif
+##} DATE_IN_FUTURE_96_Q ifplugin Mail::SpamAssassin::Plugin::HeaderEval
+
 ##{ DAY_I_EARNED if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
 if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
@@ -1050,6 +1044,11 @@ describe EXCUSE_24              Claims you wanted this ad
 meta     FAKE_REPLY_A1		(__SUBJ_RE && __MISSING_REPLY && __MISSING_REF && __BOTH_INR_AND_REF)
 ##} FAKE_REPLY_A1
 
+##{ FAKE_REPLY_B
+
+meta     FAKE_REPLY_B		(__SUBJ_RE && __MISSING_REPLY && __INR_AND_NO_REF)
+##} FAKE_REPLY_B
+
 ##{ FAKE_REPLY_C
 
 meta     FAKE_REPLY_C		(__SUBJ_RE && __MISSING_REF && __NO_INR_YES_REF)
@@ -1239,6 +1238,12 @@ describe   FRNAME_IN_MSG_XPRIO_NO_SUB From name in message + X-Priority + short
 tflags     FRNAME_IN_MSG_XPRIO_NO_SUB publish
 ##} FRNAME_IN_MSG_XPRIO_NO_SUB
 
+##{ FROMSPACE
+
+describe	FROMSPACE	Idiosyncratic "From" header format
+header		FROMSPACE	From:raw =~ /^\s?\"\s/
+##} FROMSPACE
+
 ##{ FROM_2_EMAILS_SHORT
 
 meta     FROM_2_EMAILS_SHORT __KAM_BODY_LENGTH_LT_512 && (__PDS_FROM_2_EMAILS || __NAME_EMAIL_DIFF)
@@ -1518,12 +1523,6 @@ endif
 endif
 ##} FROM_SUSPICIOUS_NTLD_FP if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 
-##{ FROM_WEBSITE
-
-header	 FROM_WEBSITE	From:raw =~ m'\b(?:f|ht)tps?://[^\s"</\@]{3,60}\.\w\w'i
-describe FROM_WEBSITE	Sender name appears to be a link
-##} FROM_WEBSITE
-
 ##{ FROM_WSP_TRAIL
 
 header   FROM_WSP_TRAIL	From:raw =~ /< [^>]* \s > [^<>]* \z/xm
@@ -1840,13 +1839,6 @@ describe    GB_GOOGLE_OBFUR	Obfuscate url through Google redirect
 tflags      GB_GOOGLE_OBFUR     publish
 ##} GB_GOOGLE_OBFUR
 
-##{ GB_GOOGLE_OBFUS
-
-uri         GB_GOOGLE_OBFUS	/^https:\/\/www\.google\.([a-z]{2,3})\/search\?ei=.{1,50}\&gs_l=.{1,20}/
-describe    GB_GOOGLE_OBFUS	Obfuscate url through Google search
-#score       GB_GOOGLE_OBFUS     0.75 # limit
-##} GB_GOOGLE_OBFUS
-
 ##{ GEO_QUERY_STRING
 
 uri	GEO_QUERY_STRING	/^http:\/\/(?:\w{2,4}\.)?geocities\.com(?::\d*)?\/.+?\/\?/i
@@ -2077,13 +2069,6 @@ header HELO_LH_LD   X-Spam-Relays-External =~ /^[^\]]+ helo=localhost\.localdoma
 header HELO_LOCALHOST   X-Spam-Relays-External =~ /^[^\]]+ helo=localhost /i
 ##} HELO_LOCALHOST
 
-##{ HELO_MISC_IP
-
-meta     	HELO_MISC_IP          	(__HELO_MISC_IP && !HELO_DYNAMIC_IPADDR && !HELO_DYNAMIC_IPADDR2 && !HELO_DYNAMIC_SPLIT_IP && !HELO_DYNAMIC_HCC && !HELO_DYNAMIC_DIALIN && ((TVD_RCVD_IP4 + TVD_RCVD_IP + __FSL_HELO_BARE_IP_2) <2))
-describe	HELO_MISC_IP		Looking for more Dynamic IP Relays
-#score		HELO_MISC_IP		0.25
-##} HELO_MISC_IP
-
 ##{ HELO_NO_DOMAIN
 
 meta     HELO_NO_DOMAIN	__HELO_NO_DOMAIN && !HELO_LOCALHOST
@@ -2218,7 +2203,7 @@ tflags     HOSTED_IMG_FREEM            publish
 
 meta       HOSTED_IMG_MULTI            __HOSTED_IMG_MULTI && !__DKIM_EXISTS 
 #score      HOSTED_IMG_MULTI            3.000	# limit
-describe   HOSTED_IMG_MULTI            Multiple images hosted at different large ecomm sites or redirected
+describe   HOSTED_IMG_MULTI            Multiple images hosted at different large ecomm sites, free image sites, or redirected
 tflags     HOSTED_IMG_MULTI            publish
 ##} HOSTED_IMG_MULTI
 
@@ -2504,6 +2489,13 @@ describe LOTTO_AGENT      Claims Agent
 #score    LOTTO_AGENT      1.50		# limit
 ##} LOTTO_AGENT
 
+##{ LOTTO_DEPT
+
+meta     LOTTO_DEPT       __LOTTO_DEPT && !__COMMENT_EXISTS && !__HAS_IN_REPLY_TO && !__THREADED && !__VIA_ML && !__TO_YOUR_ORG && !__TRAVEL_ITINERARY && !__AUTO_ACCIDENT
+describe LOTTO_DEPT       Claims Department
+#score    LOTTO_DEPT       2.00		# limit
+##} LOTTO_DEPT
+
 ##{ LUCRATIVE
 
 meta     LUCRATIVE        ( __LUCRATIVE && __HELO_NO_DOMAIN ) && !ALL_TRUSTED
@@ -2979,11 +2971,6 @@ endif
 endif
 ##} OFFER_ONLY_AMERICA if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 
-##{ ONLINE_MKTG_CNSLT
-
-body      ONLINE_MKTG_CNSLT             /\bonline marketing consultant\b/i
-##} ONLINE_MKTG_CNSLT
-
 ##{ ORDER_TODAY
 
 meta        ORDER_TODAY                __ORDER_TODAY && (__HTML_IMG_ONLY || __ALIBABA_IMG_NOT_RCVD_ALI || __TO_NO_BRKTS_NORDNS_HTML)
@@ -3095,6 +3082,13 @@ describe PDS_HELO_SPF_FAIL High profile HELO that fails SPF
 tflags   PDS_HELO_SPF_FAIL net
 ##} PDS_HELO_SPF_FAIL
 
+##{ PDS_NAKED_TO_NUMERO
+
+meta     PDS_NAKED_TO_NUMERO __NAKED_TO && __NUMBERONLY_TLD
+describe PDS_NAKED_TO_NUMERO Naked-to, numberonly domain
+#score    PDS_NAKED_TO_NUMERO 2.0
+##} PDS_NAKED_TO_NUMERO
+
 ##{ PDS_NO_FULL_NAME_SPOOFED_URL ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
@@ -3117,16 +3111,16 @@ endif
 endif
 ##} PDS_OTHER_BAD_TLD if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 
-##{ PDS_SHORTFWD_URISHRT_QP ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+##{ PDS_SHORTFWD_URISHRT_FP ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     PDS_SHORTFWD_URISHRT_QP (__PDS_URISHORTENER || __URL_SHORTENER) && __HS_SUBJ_RE_FW && __T_PDS_MSG_512 && !T_PDS_SHORTFWD_URISHRT_FP
-describe PDS_SHORTFWD_URISHRT_QP Apparently a short fwd/re with URI shortener
-#score    PDS_SHORTFWD_URISHRT_QP 1.5 # limit
+meta     PDS_SHORTFWD_URISHRT_FP (__PDS_URISHORTENER || __URL_SHORTENER) && __HS_SUBJ_RE_FW && __PDS_MSG_512
+describe PDS_SHORTFWD_URISHRT_FP Apparently a short fwd/re with URI shortener
+#score    PDS_SHORTFWD_URISHRT_FP 1.5 # limit
 endif
 endif
-##} PDS_SHORTFWD_URISHRT_QP ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+##} PDS_SHORTFWD_URISHRT_FP ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
 ##{ PDS_SHORT_SPOOFED_URL ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
@@ -3186,17 +3180,6 @@ if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
 endif
 ##} PDS_TO_EQ_FROM_NAME if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
 
-##{ PDS_URISHRT_LOCALPART_SUBJ ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
-
-ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-if (version >= 3.004000)
-meta     PDS_URISHRT_LOCALPART_SUBJ LOCALPART_IN_SUBJECT && (__PDS_URISHORTENER || __URL_SHORTENER) && __PDS_MSG_1024
-describe PDS_URISHRT_LOCALPART_SUBJ Localpart of To in subject
-#score    PDS_URISHRT_LOCALPART_SUBJ 1.0
-endif
-endif
-##} PDS_URISHRT_LOCALPART_SUBJ ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
-
 ##{ PHISH_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
@@ -3697,16 +3680,10 @@ tflags     RDNS_NUM_TLD_XM             publish
 
 ##{ READY_TO_SHIP
 
-body       READY_TO_SHIP               /(?:in our (?:stock|warehouse)(?: today)?[.,] Ready (?:to (?:be )?|for )+ship|ready for shipping (?:in|from) our warehouse)/i
-#score      READY_TO_SHIP               1.500	# limit
+body       READY_TO_SHIP               /(?:(?:in our (?:stock|warehouse|store)(?: today)?[.,:] |our (?:\w+,? ){2,8}(?:is |now )+)Ready (?:to (?:be )?|for )+ship|ready (?:for shipping|to (?:ship|send)) (?:(?:in|from|by) our (?:warehouse|stock)|(?:to|for)(?: global(?:ly)?| worldwide| customers){2})|(?:(?:our|this|a|great|fine|wonderful|cool|popular) new product|we have(?: \w+){1,6} available) in (?:our )?(?:warehouse|stock|store)|just arrived in our warehouse)/i
+#score      READY_TO_SHIP               1.250	# limit
 ##} READY_TO_SHIP
 
-##{ REPLYTO_EMPTY
-
-header      REPLYTO_EMPTY          Reply-To =~ /<>/
-describe    REPLYTO_EMPTY          Reply-To undeliverable
-##} REPLYTO_EMPTY
-
 ##{ REPLYTO_WITHOUT_TO_CC
 
 meta REPLYTO_WITHOUT_TO_CC     (__HAS_REPLY_TO && !__TOCC_EXISTS)
@@ -3714,7 +3691,7 @@ meta REPLYTO_WITHOUT_TO_CC     (__HAS_REPLY_TO && !__TOCC_EXISTS)
 
 ##{ REPTO_419_FRAUD
 
-header REPTO_419_FRAUD Reply-To:addr =~ /^(?![^\s<>@]+\@(?:(?:gmail|yahoo|outlook|hotmail|aol|yandex|protonmail|qq|consultant)\.com|yahoo\.co\.jp)(?:$|[>,\s]))(?:(?:speakers)\@012\.net\.il|(?:mail)\@101private\.com|(?:(?:alfredcheuk002|fbi_1234|longchii|mavis_wanczyk|qfdonation))\@126\.com|(?:(?:a(?:aronmichaels005|lfredcheuk_yuchow)|ehagler|google_promoaward0?|istarsolar|joeblp|microsoft(?:_office16|award01)|panyawein|wong(?:_shiu(?:09|2016)|shiu_ki)))\@163\.com|(?:(?:navas1|ray\-thomas7h))\@1email\.eu|(?:mathew\.yon2)\@abbsinvestment\.com|(?:wang)\@abconline\.hk|(?:(?:mr\.tonyelumelu|r(?:emittancedept001|ussia2018worldcuplotto5)))\@accountant\.com|(?:midwestern)\@adexec\.com|(?:joxford)\@adm-irs\.com|(?:office)\@admntline\.ml|(?:info)\@aidakj\.com|(?:(?:a\.aktr|c(?:arlos\.adan|entralbank_malaysia2)|infovsa|maria\.louge|sarahjiwooali|w(?:bfefft|n\.buffett)))\@aim\.com|(?:(?:adainis|jessikasingh|travisalex))\@aliyun\.com|(?:(?:director|info))\@anletco-jp\.com|(?:(?:deanie_ron|m(?:softgbcmanager|undo\.europe)|richwetton))\@aol\.co\.uk|(?:mrssabah_ibrahim7)\@aol\.fr|(?:institutionaldepartment)\@aol\.nl|(?:deajohn)\@arubacloub\.com|(?:djohns)\@arubacloud\.com|(?:jeromecgb12)\@asia\.com|(?:bllphillips)\@att\.net|(?:garry\.quinlan)\@australiamail\.com|(?:(?:traoreahmed|zetiaziz))\@barid\.com|(?:atendimento\-multiplus\-banco\-brasil)\@bb\.com|(?:(?:admin|info))\@bhleu\.com|(?:noreply\.fujvfes)\@bibliothequegaillard\.com|(?:costruire)\@bigmat\.it|(?:alerts\-noreply)\@bis\.org|(?:susan\.lampard)\@bk\.ru|(?:(?:office\.uk|renataapsilva))\@bol\.com\.br|(?:executivedirector)\@box\.az|(?:ochiaisatoruasistbank)\@brew-master\.com|(?:nicola)\@brighenti\.net|(?:drbenardsani\.nnpc)\@bsgcpk\.com|(?:mrshelen)\@btarneauds\.com|(?:inter01)\@c2\.hu|(?:rim43505)\@cantv\.net|(?:duncanttodd)\@centrum\.cz|(?:(?:contact\.roycockrumgrantoffice|fbipayment(?:50|600)|harunajim667|ralphwjohnson))\@citromail\.hu|(?:info)\@classicmail\.co\.za|(?:martin)\@claudiatrincado\.com|(?:irdi33)\@cock\.li|(?:federal_ministrayoffinance)\@comtube\.com|(?:(?:jones\-co|kellyzwo))\@cox\.net|(?:(?:dmalpasswb|re(?:covered\-tax|em(?:2018|alhashimi|hashimi2020))))\@daum\.net|(?:rex)\@departmentofsecretary\.com|(?:blythemasters)\@digitalassetholding\.org|(?:(?:diplomaticagent11|jentwistle90))\@diplomats\.com|(?:(?:abd\.aljassem|claimreview))\@dr\.com|(?:atmpaymentcentttt)\@e-mail\.ua|(?:(?:herrick01|rogersteare02))\@e1\.ru|(?:olga\.ingrif)\@ecb-securities\.com|(?:jesusgacia)\@eclipso\.email|(?:davison\.warwick)\@eclipso\.eu|(?:no\-reply)\@economizar-na-web\.com\.br|(?:(?:denbrink|kathy_gerald1965|megaclaimcenter))\@email\.com|(?:johnkadiri)\@englandmail\.com|(?:info)\@euro-pinnacle\.com|(?:(?:advancedsegurosespana|claimdpts|monitorunitbelgium))\@europe\.com|(?:us\.secretaryofstate)\@ex\.ua|(?:susanibrahim)\@exclusivemail\.co\.za|(?:jabufa)\@executivemail\.co\.za|(?:adam_moroney\.esq)\@fedco-usa\.com|(?:steven)\@federalreservebanks\.us|(?:(?:jeferrey|yakuyaya77))\@financier\.com|(?:harry\.jones)\@firstbondcapital\.com|(?:admindepart)\@firstinlandbnkplc\.com|(?:notice)\@fnb\.co\.za|(?:info)\@fnconsultant\.biz|(?:(?:atmofficeauthoriza|captain\.lucasadam|e(?:golan2|u_payment)|gella1|k(?:aith\-angel|ossihpilip202)|pchwinningoffice1953|qatardonations16|smadartsadik|tepnherve00|worldauthorization))\@foxmail\.com|(?:zen)\@fpg\.com\.co|(?:mmpaulsmith145)\@frontier\.com|(?:mrchau1)\@gala\.net|(?:info)\@gcbonline\.co\.ua|(?:(?:bn|jb))\@getmaworldwide\.org|(?:info)\@gezimarkt\.com|(?:o(?:ctaviancm|rlando\.bloom))\@gmx\.co\.uk|(?:(?:a(?:hmet\.broker|lliance\.consultant)|f(?:aridaomar|er3nrod1512)|johnson\.douglas|p\.hamedmoff|rosicboteruff|walter_anderson))\@gmx\.com|(?:(?:fernrodyup12|harrish|miraiminaki))\@gmx\.fr|(?:joxford)\@gmx\.us|(?:ben\.malbon)\@googlefps\.co\.uk|(?:m\.johnson10012)\@googlemail\.com|(?:larrypage)\@gpa-team\.com|(?:ceo)\@gpromo-team\.com|(?:sundarpichai)\@gpromoteam\.com|(?:sundarpichai)\@gpromoteamuk\.com|(?:garreth\.webb)\@grossfitconsultancy\.biz|(?:irenegeorgiadou)\@hellenicbankcy\.com|(?:raymondchanjp)\@hkmaltd\.org|(?:marketing)\@homebg\.in|(?:williamsdavid_3r)\@hotmail\.co\.uk|(?:christgoldwilliams)\@hotmail\.fr|(?:douglasflint)\@hsbcbank\.group|(?:gtakeshi)\@htisteel\.com|(?:alexgoodwill129)\@ibibo\.com|(?:victorwang67)\@imail\.com|(?:01)\@imf-org\.org|(?:chrisdodgshun)\@inbound\.plus|(?:imffunds)\@inbox\.lv|(?:info\.fidelity\.finance)\@inbox\.ru|(?:(?:janetyellenoffice|off(?:er2021|iceme)))\@indamail\.hu|(?:lizawong)\@infohsbc\.net|(?:sgt\.dave)\@inmano\.com|(?:baankston)\@instruction\.com|(?:sheikhwahab)\@islamicfb\.com|(?:mrsfatimahhassan[12])\@itbox\.ro|(?:info)\@johnhenryorg\.com|(?:john)\@johnpedroconsults\.com|(?:wbuk0[13])\@katamail\.com|(?:(?:ditmereduart|europsenderscouriers|lewiscarl))\@keemail\.me|(?:mikiwilliams)\@knol-power\.nl|(?:a015)\@laposte\.net|(?:johndavid)\@lawdistributionlimited\.com|(?:info)\@lbafltd\.com|(?:philiphampton)\@lec20\.com|(?:ecowascourt)\@legislator\.com|(?:olivia_simon)\@lihat\.dds-akaun\.com|(?:pb\-2pb012)\@live\.co\.uk|(?:(?:financiero172|helen_galloway|markjohnson650))\@live\.com|(?:mr\.williamrigule)\@live\.fr|(?:deqishanmedical1)\@localnet\.com|(?:miraminaki)\@lycos\.com|(?:drdanielmminele)\@magicmail\.co\.za|(?:andrewh1)\@mail2banker\.com|(?:lanxianjun)\@mail2hongkong\.com|(?:hwc2)\@mail2world\.com|(?:shillay)\@mail\.bg|(?:fanliangjen)\@mail\.china\.com|(?:(?:a(?:isha\-gaddafi0|yishagddafio|zimhashim2018)|eddy_haryono|ghazal\-a|info\.federalreserve\.org|kateclough1|mriamchombo1968|nancyvee80|ren\.deqi212))\@mail\.com|(?:williamsdawson)\@mail\.com\.tr|(?:(?:ayishagddafio|david\.onyeoma\.74|hmtreasyru\.ng|sambo_dasuki))\@mail\.ru|(?:(?:publishers_clearinghouse|rev\.williamschurch))\@mail\.uk|(?:mrcheongg2012)\@mailbox\.hu|(?:brantwbishop)\@mailbox\.org|(?:epowerball)\@mailbox\.sk|(?:johannreimann)\@memeware\.net|(?:miguel)\@miguel-sanchez\.com|(?:rbi\-e)\@mit\.tc|(?:info)\@morbicera\.com|(?:anjer\.keith)\@ms-fsp-europe\.com|(?:paul\.chang)\@msn\.com|(?:enquiry)\@multiplysearch\.com|(?:cadpayout01)\@my\.com|(?:(?:contactmee|ministersoffinance))\@mynet\.com|(?:me)\@myprivatemail\.website|(?:stephanfalzer)\@myself\.com|(?:(?:reem9999|wujames))\@naver\.com|(?:jessicahunt1960)\@net-c\.com|(?:zenith)\@nmk\.ugu\.pl|(?:maxedwards)\@octopusinvestment\.co\.uk|(?:lindsaytrembley)\@oimail\.com|(?:googleclaims111)\@one\.lt|(?:accountingdrg)\@onet\.eu|(?:(?:allanwoodmarko1|eco\.depo\.services|fred\.grenville))\@onet\.pl|(?:(?:castorock|infobiz2|jarramos|mrsalice09))\@ono\.com|(?:pablomancilla1)\@orange\.es|(?:servicio\.correo)\@orange\.fr|(?:turkish\-air)\@outlook\.com\.tr|(?:(?:ahmed3khan|dpt_transferunionwestern|mr\.onyeadams|rohitjain0))\@outlook\.fr|(?:m\.khan1)\@outlook\.sa|(?:info\-casino888\.com)\@ozu\.es|(?:info)\@peagent\.net|(?:andrew\.penning)\@penninglegalassociate\.com|(?:info)\@phillipsmorgan\.co\.za|(?:wood)\@poczta\.onet\.eu|(?:m(?:aryjosen|boyaeth))\@post\.com|(?:united\.globeawardoffice)\@post\.cz|(?:ffundsremitunits)\@premiumtbnk\.com|(?:santiagomachado)\@presidency\.com|(?:ecowaspayoffice)\@protonmail\.ch|(?:uni1)\@rayana\.ir|(?:(?:mrsrose\.hill|robert\.cota|unionbatmpaymentsection))\@rediffmail\.com|(?:nidiabustamante)\@registerednurses\.com|(?:info)\@rehapmed\.com|(?:info)\@repsol\.org\.uk|(?:jamesmr\.monday)\@rocketmail\.com|(?:(?:g(?:loriacmackenzie001|mackenzie001)|monicatorres001|wanczykmavis101))\@rogers\.com|(?:elena\.santos)\@rollageoup\.com|(?:info)\@roycockrum\.org|(?:mrs\.rachel2013)\@safe-mail\.net|(?:vera)\@safrica\.com|(?:enqraward)\@sbcglobal\.net|(?:fbotha2009)\@secsuremail\.com|(?:peterddeng)\@secsuremailer\.com|(?:francisbotha65)\@securesvsmail\.online|(?:smtpfox\-ys2n8)\@semillasdeamor\.com\.co|(?:wils)\@send\.com|(?:ibralsmma)\@seznam\.cz|(?:(?:jimyang77|kentpace))\@sina\.com|(?:swat)\@sltdchambers\.com|(?:(?:dycheseaan|sean(?:dyyches|sdychh)))\@sol\.dk|(?:info(?:04|1))\@sony\.com|(?:info\.jschneider)\@spainmail\.com|(?:barrister_hans)\@stationlibraryjhelum\.com|(?:contact\.hmrc\.gov\.uk)\@sudhisalooja\.com|(?:fbidirector(?:11|wadc))\@superposta\.com|(?:anders\.karlsson)\@swedbankabgroup\.com|(?:insurance_contl)\@swissmail\.com|(?:nnbank)\@szm\.sk|(?:xiankailu)\@taiyaubank-hk\.com|(?:mhua)\@tbochk\.com|(?:veronicabright)\@terra\.com\.pe|(?:billard\.thompson)\@thompsonlawassociates\.com|(?:fabio2016)\@tim\.it|(?:zimcargoservicehelpdesks)\@tlen\.pl|(?:drew)\@ton\.net\.ru|(?:itpark01)\@tpg\.com\.au|(?:bobby\.william)\@tradent\.net|(?:info)\@treasury-departmentdc\.twomini\.com|(?:info)\@treasury-usa\.3eeweb\.com|(?:info)\@un-grant\.info|(?:(?:b(?:lueskyanimatedfilm|rown\.monica_l)|info\.(?:clev\.frb|imfamerica)|policyaddmin\.file))\@usa\.com|(?:bmuczdh)\@virgilio\.it|(?:itgiix)\@visa\.com|(?:vankoning)\@volny\.cz|(?:holt1231)\@w\.cn|(?:infos)\@walmart\.com|(?:daydreamin)\@wanadoo\.fr|(?:(?:foreignoperationmanager|mr\.(?:ikokuoya|olicadams)))\@web\.cg|(?:weboffice05)\@web\.de|(?:b(?:\-calebfirm2007|oriscaleb121))\@webmail\.co\.za|(?:(?:frboffice|jw\.ny\.frb))\@webmail\.hu|(?:verificationsector)\@webname\.com|(?:grahamjoneschambers)\@wildblue\.net|(?:e\.shaw)\@wilmagroup\.com|(?:tbryant6)\@woh\.rr\.com|(?:henleywatkinss)\@y7mail\.com|(?:stephaniehans\.euromillionlottery)\@yahoo\.be|(?:johnkwanghooi101)\@yahoo\.c|(?:chapelliermadeleine)\@yahoo\.ca|(?:arroblutt\.paymentoffice)\@yahoo\.cn|(?:bencook5511)\@yahoo\.co\.nz|(?:gloriamoses02)\@yahoo\.co\.th|(?:(?:abigailbanga1975|bobwatson92|fundyawa2014|j(?:effwilliam207|oe_modisen)|lloydsbanksb|owengreen70|rebeccajoe98|samue95))\@yahoo\.co\.uk|(?:(?:changgordon(?:61|946)|lordsmartin|revlarrutycoker2015|thomaspeter227|zhu\.shumin))\@yahoo\.com\.hk|(?:imf_office_agent)\@yahoo\.com\.my|(?:(?:dr\.pauljames110|jessicp1))\@yahoo\.com\.sg|(?:boa2cb)\@yahoo\.com\.vn|(?:(?:contactus88\-00|jflangvm5nshyazyo7si6jfuqah6jsldw2kw6c2t|lmj82717|m(?:r\.angelabenjamin|srangelabne32)))\@yahoo\.es|(?:(?:charlinebebe22|fortinsandrine|rita_will001))\@yahoo\.fr|(?:maktoum\.shasher)\@yahoo\.pt|(?:ukdebtmanagement5)\@yahool\.com|(?:dr\.amelia\.george1)\@yandex\.ru|(?:jayanderson)\@yccaifuu\.com|(?:(?:alfred_cheuk_chow|friedrich_mayrh1|maviswanczyk01))\@yeah\.net|(?:(?:avaethan21|feliciamagi|westernunion817))\@ymail\.com|(?:goldfish20123)\@zing\.vn|(?:(?:asiafoundationorg\.hr|jefflindsay))\@zoho\.com|(?:laprimitivaes)\@zohomail\.eu)$/i
+header REPTO_419_FRAUD Reply-To:addr =~ /^(?![^\s<>@]+\@(?:(?:gmail|yahoo|outlook|hotmail|aol|yandex|protonmail|qq|consultant)\.com|yahoo\.co\.jp)(?:$|[>,\s]))(?:(?:speakers)\@012\.net\.il|(?:mail)\@101private\.com|(?:(?:alfredcheuk002|fbi_1234|longchii|mavis_wanczyk|qfdonation))\@126\.com|(?:(?:a(?:aronmichaels005|lfredcheuk_yuchow)|ehagler|google_promoaward0?|istarsolar|joeblp|microsoft(?:_office16|award01)|panyawein|wong(?:_shiu(?:09|2016)|shiu_ki)))\@163\.com|(?:(?:navas1|ray\-thomas7h))\@1email\.eu|(?:mathew\.yon2)\@abbsinvestment\.com|(?:wang)\@abconline\.hk|(?:(?:mr\.tonyelumelu|r(?:emittancedept001|ussia2018worldcuplotto5)))\@accountant\.com|(?:midwestern)\@adexec\.com|(?:joxford)\@adm-irs\.com|(?:office)\@admntline\.ml|(?:info)\@aidakj\.com|(?:(?:a\.aktr|c(?:arlos\.adan|entralbank_malaysia2)|infovsa|maria\.louge|sarahjiwooali|w(?:bfefft|n\.buffett)))\@aim\.com|(?:(?:adainis|jessikasingh|travisalex))\@aliyun\.com|(?:(?:director|info))\@anletco-jp\.com|(?:(?:deanie_ron|m(?:softgbcmanager|undo\.europe)|richwetton))\@aol\.co\.uk|(?:mrssabah_ibrahim7)\@aol\.fr|(?:institutionaldepartment)\@aol\.nl|(?:deajohn)\@arubacloub\.com|(?:djohns)\@arubacloud\.com|(?:jeromecgb12)\@asia\.com|(?:bllphillips)\@att\.net|(?:garry\.quinlan)\@australiamail\.com|(?:(?:traoreahmed|zetiaziz))\@barid\.com|(?:atendimento\-multiplus\-banco\-brasil)\@bb\.com|(?:(?:admin|info))\@bhleu\.com|(?:noreply\.fujvfes)\@bibliothequegaillard\.com|(?:costruire)\@bigmat\.it|(?:alerts\-noreply)\@bis\.org|(?:susan\.lampard)\@bk\.ru|(?:(?:office\.uk|renataapsilva))\@bol\.com\.br|(?:executivedirector)\@box\.az|(?:ochiaisatoruasistbank)\@brew-master\.com|(?:nicola)\@brighenti\.net|(?:drbenardsani\.nnpc)\@bsgcpk\.com|(?:mrshelen)\@btarneauds\.com|(?:inter01)\@c2\.hu|(?:rim43505)\@cantv\.net|(?:duncanttodd)\@centrum\.cz|(?:(?:contact\.roycockrumgrantoffice|fbipayment(?:50|600)|harunajim667|ralphwjohnson))\@citromail\.hu|(?:info)\@classicmail\.co\.za|(?:martin)\@claudiatrincado\.com|(?:irdi33)\@cock\.li|(?:federal_ministrayoffinance)\@comtube\.com|(?:(?:jones\-co|kellyzwo))\@cox\.net|(?:(?:dmalpasswb|re(?:covered\-tax|em(?:2018|alhashimi|hashimi2020))))\@daum\.net|(?:rex)\@departmentofsecretary\.com|(?:blythemasters)\@digitalassetholding\.org|(?:(?:diplomaticagent11|jentwistle90))\@diplomats\.com|(?:(?:abd\.aljassem|claimreview))\@dr\.com|(?:atmpaymentcentttt)\@e-mail\.ua|(?:(?:herrick01|rogersteare02))\@e1\.ru|(?:olga\.ingrif)\@ecb-securities\.com|(?:jesusgacia)\@eclipso\.email|(?:davison\.warwick)\@eclipso\.eu|(?:no\-reply)\@economizar-na-web\.com\.br|(?:(?:denbrink|kathy_gerald1965|megaclaimcenter))\@email\.com|(?:johnkadiri)\@englandmail\.com|(?:info)\@euro-pinnacle\.com|(?:(?:advancedsegurosespana|claimdpts|monitorunitbelgium))\@europe\.com|(?:us\.secretaryofstate)\@ex\.ua|(?:susanibrahim)\@exclusivemail\.co\.za|(?:jabufa)\@executivemail\.co\.za|(?:adam_moroney\.esq)\@fedco-usa\.com|(?:steven)\@federalreservebanks\.us|(?:(?:jeferrey|yakuyaya77))\@financier\.com|(?:harry\.jones)\@firstbondcapital\.com|(?:admindepart)\@firstinlandbnkplc\.com|(?:notice)\@fnb\.co\.za|(?:info)\@fnconsultant\.biz|(?:(?:atmofficeauthoriza|captain\.lucasadam|e(?:golan2|u_payment)|gella1|k(?:aith\-angel|ossihpilip202)|pchwinningoffice1953|qatardonations16|smadartsadik|tepnherve00|worldauthorization))\@foxmail\.com|(?:zen)\@fpg\.com\.co|(?:mmpaulsmith145)\@frontier\.com|(?:mrchau1)\@gala\.net|(?:info)\@gcbonline\.co\.ua|(?:(?:bn|jb))\@getmaworldwide\.org|(?:info)\@gezimarkt\.com|(?:o(?:ctaviancm|rlando\.bloom))\@gmx\.co\.uk|(?:(?:a(?:hmet\.broker|lliance\.consultant)|f(?:aridaomar|er3nrod1512)|johnson\.douglas|kevin\-office|p\.hamedmoff|rosicboteruff|walter_anderson))\@gmx\.com|(?:(?:fernrodyup12|harrish|miraiminaki))\@gmx\.fr|(?:joxford)\@gmx\.us|(?:ben\.malbon)\@googlefps\.co\.uk|(?:m\.johnson10012)\@googlemail\.com|(?:larrypage)\@gpa-team\.com|(?:ceo)\@gpromo-team\.com|(?:sundarpichai)\@gpromoteam\.com|(?:sundarpichai)\@gpromoteamuk\.com|(?:garreth\.webb)\@grossfitconsultancy\.biz|(?:irenegeorgiadou)\@hellenicbankcy\.com|(?:raymondchanjp)\@hkmaltd\.org|(?:marketing)\@homebg\.in|(?:williamsdavid_3r)\@hotmail\.co\.uk|(?:christgoldwilliams)\@hotmail\.fr|(?:douglasflint)\@hsbcbank\.group|(?:gtakeshi)\@htisteel\.com|(?:alexgoodwill129)\@ibibo\.com|(?:victorwang67)\@imail\.com|(?:01)\@imf-org\.org|(?:chrisdodgshun)\@inbound\.plus|(?:imffunds)\@inbox\.lv|(?:info\.fidelity\.finance)\@inbox\.ru|(?:(?:janetyellenoffice|off(?:er2021|iceme)))\@indamail\.hu|(?:lizawong)\@infohsbc\.net|(?:sgt\.dave)\@inmano\.com|(?:baankston)\@instruction\.com|(?:sheikhwahab)\@islamicfb\.com|(?:mrsfatimahhassan[12])\@itbox\.ro|(?:info)\@johnhenryorg\.com|(?:john)\@johnpedroconsults\.com|(?:wbuk0[13])\@katamail\.com|(?:(?:ditmereduart|europsenderscouriers|lewiscarl))\@keemail\.me|(?:mikiwilliams)\@knol-power\.nl|(?:a015)\@laposte\.net|(?:johndavid)\@lawdistributionlimited\.com|(?:info)\@lbafltd\.com|(?:philiphampton)\@lec20\.com|(?:ecowascourt)\@legislator\.com|(?:olivia_simon)\@lihat\.dds-akaun\.com|(?:pb\-2pb012)\@live\.co\.uk|(?:(?:financiero172|helen_galloway|markjohnson650))\@live\.com|(?:mr\.williamrigule)\@live\.fr|(?:deqishanmedical1)\@localnet\.com|(?:miraminaki)\@lycos\.com|(?:drdanielmminele)\@magicmail\.co\.za|(?:andrewh1)\@mail2banker\.com|(?:lanxianjun)\@mail2hongkong\.com|(?:hwc2)\@mail2world\.com|(?:shillay)\@mail\.bg|(?:fanliangjen)\@mail\.china\.com|(?:(?:a(?:isha\-gaddafi0|yishagddafio|zimhashim2018)|eddy_haryono|ghazal\-a|info\.federalreserve\.org|kateclough1|mriamchombo1968|nancyvee80|ren\.deqi212))\@mail\.com|(?:williamsdawson)\@mail\.com\.tr|(?:(?:ayishagddafio|david\.onyeoma\.74|hmtreasyru\.ng|sambo_dasuki))\@mail\.ru|(?:(?:publishers_clearinghouse|rev\.williamschurch))\@mail\.uk|(?:mrcheongg2012)\@mailbox\.hu|(?:brantwbishop)\@mailbox\.org|(?:epowerball)\@mailbox\.sk|(?:johannreimann)\@memeware\.net|(?:miguel)\@miguel-sanchez\.com|(?:rbi\-e)\@mit\.tc|(?:info)\@morbicera\.com|(?:anjer\.keith)\@ms-fsp-europe\.com|(?:paul\.chang)\@msn\.com|(?:enquiry)\@multiplysearch\.com|(?:cadpayout01)\@my\.com|(?:(?:contactmee|ministersoffinance))\@mynet\.com|(?:me)\@myprivatemail\.website|(?:stephanfalzer)\@myself\.com|(?:(?:reem9999|wujames))\@naver\.com|(?:jessicahunt1960)\@net-c\.com|(?:zenith)\@nmk\.ugu\.pl|(?:maxedwards)\@octopusinvestment\.co\.uk|(?:lindsaytrembley)\@oimail\.com|(?:googleclaims111)\@one\.lt|(?:accountingdrg)\@onet\.eu|(?:(?:allanwoodmarko1|eco\.depo\.services|fred\.grenville))\@onet\.pl|(?:(?:castorock|infobiz2|jarramos|mrsalice09))\@ono\.com|(?:pablomancilla1)\@orange\.es|(?:servicio\.correo)\@orange\.fr|(?:turkish\-air)\@outlook\.com\.tr|(?:(?:ahmed3khan|dpt_transferunionwestern|mr\.onyeadams|rohitjain0))\@outlook\.fr|(?:m\.khan1)\@outlook\.sa|(?:info\-casino888\.com)\@ozu\.es|(?:info)\@peagent\.net|(?:andrew\.penning)\@penninglegalassociate\.com|(?:info)\@phillipsmorgan\.co\.za|(?:wood)\@poczta\.onet\.eu|(?:m(?:aryjosen|boyaeth))\@post\.com|(?:united\.globeawardoffice)\@post\.cz|(?:ffundsremitunits)\@premiumtbnk\.com|(?:santiagomachado)\@presidency\.com|(?:ecowaspayoffice)\@protonmail\.ch|(?:uni1)\@rayana\.ir|(?:(?:mrsrose\.hill|robert\.cota|unionbatmpaymentsection))\@rediffmail\.com|(?:nidiabustamante)\@registerednurses\.com|(?:info)\@rehapmed\.com|(?:info)\@repsol\.org\.uk|(?:jamesmr\.monday)\@rocketmail\.com|(?:(?:g(?:loriacmackenzie001|mackenzie001)|monicatorres001|wanczykmavis101))\@rogers\.com|(?:elena\.santos)\@rollageoup\.com|(?:info)\@roycockrum\.org|(?:mrs\.rachel2013)\@safe-mail\.net|(?:vera)\@safrica\.com|(?:enqraward)\@sbcglobal\.net|(?:fbotha2009)\@secsuremail\.com|(?:peterddeng)\@secsuremailer\.com|(?:francisbotha65)\@securesvsmail\.online|(?:smtpfox\-ys2n8)\@semillasdeamor\.com\.co|(?:wils)\@send\.com|(?:ibralsmma)\@seznam\.cz|(?:(?:jimyang77|kentpace))\@sina\.com|(?:swat)\@sltdchambers\.com|(?:(?:dycheseaan|sean(?:dyyches|sdychh)))\@sol\.dk|(?:info(?:04|1))\@sony\.com|(?:info\.jschneider)\@spainmail\.com|(?:barrister_hans)\@stationlibraryjhelum\.com|(?:contact\.hmrc\.gov\.uk)\@sudhisalooja\.com|(?:fbidirector(?:11|wadc))\@superposta\.com|(?:anders\.karlsson)\@swedbankabgroup\.com|(?:insurance_contl)\@swissmail\.com|(?:nnbank)\@szm\.sk|(?:xiankailu)\@taiyaubank-hk\.com|(?:mhua)\@tbochk\.com|(?:veronicabright)\@terra\.com\.pe|(?:billard\.thompson)\@thompsonlawassociates\.com|(?:fabio2016)\@tim\.it|(?:zimcargoservicehelpdesks)\@tlen\.pl|(?:drew)\@ton\.net\.ru|(?:itpark01)\@tpg\.com\.au|(?:bobby\.william)\@tradent\.net|(?:info)\@treasury-departmentdc\.twomini\.com|(?:info)\@treasury-usa\.3eeweb\.com|(?:info)\@un-grant\.info|(?:(?:b(?:lueskyanimatedfilm|rown\.monica_l)|info\.(?:clev\.frb|imfamerica)|policyaddmin\.file))\@usa\.com|(?:bmuczdh)\@virgilio\.it|(?:itgiix)\@visa\.com|(?:vankoning)\@volny\.cz|(?:holt1231)\@w\.cn|(?:infos)\@walmart\.com|(?:daydreamin)\@wanadoo\.fr|(?:(?:foreignoperationmanager|mr\.(?:ikokuoya|olicadams)))\@web\.cg|(?:weboffice05)\@web\.de|(?:b(?:\-calebfirm2007|oriscaleb121))\@webmail\.co\.za|(?:(?:frboffice|jw\.ny\.frb))\@webmail\.hu|(?:verificationsector)\@webname\.com|(?:grahamjoneschambers)\@wildblue\.net|(?:e\.shaw)\@wilmagroup\.com|(?:tbryant6)\@woh\.rr\.com|(?:henleywatkinss)\@y7mail\.com|(?:stephaniehans\.euromillionlottery)\@yahoo\.be|(?:johnkwanghooi101)\@yahoo\.c|(?:chapelliermadeleine)\@yahoo\.ca|(?:arroblutt\.paymentoffice)\@yahoo\.cn|(?:bencook5511)\@yahoo\.co\.nz|(?:gloriamoses02)\@yahoo\.co\.th|(?:(?:abigailbanga1975|bobwatson92|fundyawa2014|j(?:effwilliam207|oe_modisen)|lloydsbanksb|owengreen70|rebeccajoe98|samue95))\@yahoo\.co\.uk|(?:(?:changgordon(?:61|946)|lordsmartin|revlarrutycoker2015|thomaspeter227|zhu\.shumin))\@yahoo\.com\.hk|(?:imf_office_agent)\@yahoo\.com\.my|(?:(?:dr\.pauljames110|jessicp1))\@yahoo\.com\.sg|(?:boa2cb)\@yahoo\.com\.vn|(?:(?:contactus88\-00|jflangvm5nshyazyo7si6jfuqah6jsldw2kw6c2t|lmj82717|m(?:r\.angelabenjamin|srangelabne32)))\@yahoo\.es|(?:(?:charlinebebe22|fortinsandrine|rita_will001))\@yahoo\.fr|(?:maktoum\.shasher)\@yahoo\.pt|(?:ukdebtmanagement5)\@yahool\.com|(?:dr\.amelia\.george1)\@yandex\.ru|(?:jayanderson)\@yccaifuu\.com|(?:(?:alfred_cheuk_chow|friedrich_mayrh1|maviswanczyk01))\@yeah\.net|(?:(?:avaethan21|feliciamagi|westernunion817))\@ymail\.com|(?:goldfish20123)\@zing\.vn|(?:(?:asiafoundationorg\.hr|jefflindsay))\@zoho\.com|(?:laprimitivaes)\@zohomail\.eu)$/i
 describe REPTO_419_FRAUD Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD 3.000
 tflags REPTO_419_FRAUD publish
@@ -3738,7 +3715,7 @@ tflags REPTO_419_FRAUD_AOL_LOOSE publish
 
 ##{ REPTO_419_FRAUD_CNS
 
-header REPTO_419_FRAUD_CNS Reply-To:addr =~ /^(?=[^\s<>@]+\@consultant\.com)(?:(?:anthonyalvarad|davidhenri|legacylawfirmdakar|m(?:iguel\-pinto|orrisherb)|owenschamber|santiagosegur|t(?:eo\.westin|he\.trustees1?)|westernunion1659))\@consultant\.com$/i
+header REPTO_419_FRAUD_CNS Reply-To:addr =~ /^(?=[^\s<>@]+\@consultant\.com)(?:(?:anthonyalvarad|davidhenri|legacylawfirmdakar|m(?:iguel\-pinto|orrisherb)|owenschamber|santiagosegur|t(?:eo\.westin|he\.trustees1?|rustees202000)|westernunion1659))\@consultant\.com$/i
 describe REPTO_419_FRAUD_CNS Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD_CNS 3.000
 tflags REPTO_419_FRAUD_CNS publish
@@ -3746,7 +3723,7 @@ tflags REPTO_419_FRAUD_CNS publish
 
 ##{ REPTO_419_FRAUD_GM
 
-header REPTO_419_FRAUD_GM Reply-To:addr =~ /^(?=[^\s<>@]+\@gmail\.com)(?:(?:01marviswanczyk|41speedlinkdelivery|7912richardtony|a(?:bu(?:lkareem461|shadi0004)|c(?:aalzz11|count\.optionsmr\.jonasarmstrong|e(?:alss11|cere001))|d(?:esilgon77|iallo\.boa)|erofilxeport|gent\.laryedwad|isha(?:1976algaddafi|gaddafiaam)|jaminamo|l(?:\.jo60691737|a(?:n\.austin(?:041|223)|scramac)|ber\.yang222|ex(?:ander(?:daisy911|peterson4499)|hoffman3319|smithznn)|ghafrij13|hajarb|lenholden121|nizmaria|ure\.wawrenka1472)|m(?:b\.w\.stuart\.symington|ericadeliverycomapny1(?:300|800)|ina(?:ltwaijiri02|tasomda))|n(?:d(?:rewumehunitedbankforafrica|yfox0022)|itaminarnguessan|n(?:a(?:choihkkic|llee091|sigurlaug458)|jenijohnsonn)|t(?:honyalvaradollc|o(?:meuenio|niopaco20consultant)))|r(?:adka01|chibaldhamble|thur11alan)|s(?:h(?:0611jnag|westwood7)|ianbae1010|sistance7agent)|t(?:m(?:mastercard41|office929)|tohlawoffice\.tg)|w1614860|yevayawovi190|zi(?:m(?:\.h(?:ashim\.premj|premji13)|hashim(?:2018|donation2019))|z(?:dake0|george50)))|b(?:a(?:lla250abc|nk(?:centralasiahalobca34|ingcentralng)|ochang7a|r(?:bersmadar75|r(?:\.(?:charles(?:1954|office)|martinrichard)|ister(?:\.fidelisokafor|lordruben94)|ubenjames)|teld\.huisman01))|bongo593|c0996013|e(?:linekra1|n(?:ezero392|jaminsarah195))|i(?:anigercash|ll(?:\.lawrence0747|fhome))|laisevodoun|mw(?:automobile242|officeline)|o(?:arddept0|cchenyi)|r(?:a(?:ndy\.heavenscenttt|volpaul55)|endalaporte112|ianmoynih00)|uff(?:ettwarrene21|ookj))|c(?:a(?:ixaseguros9810001|mluba2017|r(?:eisu98|l(?:os\.s\.helux|thomos)|twrighttownhomesllc))|bnatm847|claimsa|e(?:li(?:cerez|neroullier(?:200|nm))|ntraltrustlltd)|h(?:a(?:ngching885|r(?:itylisajohnrobinson41|l(?:esluenga01|tonnewmanus1)))|e(?:mchung1011|nchung1011)|i(?:enkraymond|mwiakim))|iticonsultantjohncg0|kruger00017|l(?:a(?:im(?:adviser11|officeadm)|xtonpaul00)|s79408)|o(?:l(?:\.(?:ahmedmarani|fakhrialsalabi(?:01)?|hmedismari)|abdullahassi|edavid77032|husseinharmuchc(?:cj|j)|inchrisweir50|mohmanairf|o(?:mbasjuan53|nelsaad00))|mpensationcommitteboard|n(?:sult(?:ancy64|matthias|sto\.u)|tact(?:\.kolason|ad00[04]))|operation612)|pt\.eugenebarash|r(?:a(?:bbechambers|wfordgillies1)|ist(?:bru(?:05|n05)|i1537bru))|ustomerservicelacaixa2)|d(?:29laws|a(?:n(?:008629|iel(?:35508109|zulu11)|nydan24532)|v(?:i(?:d(?:\.loanfirm18|ibe718|larbi11|pere337|r(?:amirez\.luis9012|ikhen))|scarolyn334|yax98)|ychan1970))|c(?:layconsult|ole77032)|e(?:btm123|n(?:iwalts|nis(?:clark659|quaid888))|partmentofstate(?:123|321)|tlefeckhardd)|hill27676|i(?:ane\.s\.wojcicki|gitalassetholding|p(?:francis1|lomat(?:\.john\.clerke|sshenry)))|o(?:minicahkye|na(?:ldwilliam1988|tionhelpercare5))|r(?:\.(?:meirh|wilsonpaul02)|abodid|davidrhama221|j(?:amesdee|oesimon77)|kennedyuzo|meier\.heidi?|o(?:vieogor1|wenfrederick))|u(?:a1155a|nsilva58|stinmoskovitz\.2facebook)|v\.metus)|e(?:benezero392|christina937|d(?:runity|winfreeman22)|fcc\.financial\.dept|l(?:i(?:bethgomez(?:175|499)|sabethmaria600|zabethedw0)|otocashoffice1?)|m(?:2keld|ailpostlink09|efiele(?:328|g757)|ilyrichmond391)|renakgeorge123|ssexlss1|vgpatmow)|f(?:\.mikhail025|a(?:ithdesrie511|tme\.mehmed001)|blott47|e(?:deralreservebankdallasdst|lix88995)|g0067333|irstbank(?:49(?:666|966)|k49666)|j569282|l(?:556249|aurentdz40|uhmann\.dn)|mb\.agent|o(?:ropunionbank|undations\.west)|r(?:a(?:100dub132|n(?:c(?:espatrickconnolly(?:5050|4)|isca(?:mendoza960|samendoza))|k(?:jwangg|laurarivera)))|bbankny\.gov|e(?:derick\.colemanesq|elottosweepstake51))|u(?:lanlan28|ngg1w))|g(?:00gleggewinner19|a(?:b(?:albertoassociates|rielkalia1102)|r(?:ethbull112016|yakinson121))|bill4880|e(?:n(?:\.ahmedmsksi|eral(?:abdulrazak|williamstony990))|orgekwame481|r(?:aldjhjh11|tjanvlieghe787))|g780904|i(?:idp955|lbert12oook)|kwasiiwusu1\.persona|l(?:enmoore0011|oriachow5052)|o(?:glegewinnerteam|o(?:dnessxtra|golteam2019|oglegwiinner219)|vgodwinemefiele111)|r(?:ace(?:jackmanwoods|obia001)|e(?:ant311|energeoffrey776))|veraallen)|h(?:a(?:r(?:old\.dia1100|ryebert101|twellbdaniel)|s(?:h(?:imyreem78|mireem801)|sanalshujairy))|e(?:a(?:dofficecentre0210|therbrooeke101)|cto(?:alon|r(?:castillos653|scastillo6))|lpdesk47321)|gold8080|heba\.hhassan207|i(?:ldad837|toshurui)|klee\.mike|o(?:lsemeyerole6|nmackjohn518|rnbeckmajordennis63[478]|seoky(?:34|9))|sbchgm|trryt34|uichmh)|i(?:1955smael|amannjejosonn|bed627|n(?:fo(?:\.(?:abogadosmfontana|g00gleclaim|questiondesk|ulmusau)|64240|98cbnoffice7|aprl06|fdrserve)|gridrolle2|t(?:ernationallppp1|linvestorsfirm))|terryoffice)|j(?:35809121|a(?:888179|cobmaseon5995|m(?:alpriv8un|es(?:husmansdesk2240|okoh82))|nusensecureprivate|sonyeungchiwai|vierlesme001)|b5406424|c2222222rrr|e(?:ff(?:deandk2|erydean1960)|nniannjhsonn|ssikasingh4)|imyang977|k3311131|mpowellfr|o(?:e(?:dward023|kendal540|lmodisen)|hn(?:\.wilde\.oneplusfinance|a9577|griffn818|paton\.alphafmc|r(?:awlings956|oxfordjr1)|son(?:deba|wilson(?:389|490))|tanko214|uba234|walterlove2010)|monkzza|n(?:esandassociates68|monkssa)|s(?:ephacevedo024|ianeangenor)|y(?:ce00011|mrskone5))|rawlings007|s4fernado|uliet\.le(?:222|e2222)|w6935997)|k(?:a(?:lstromjames3|malnizar000|rabo\.ramala39|t(?:ebaronbarr|hilittman7|jamess043|rinaziako56))|e(?:lsawamelia55|n(?:mck(?:ay1980|enziejr)|nedy\.sawadogo19))|halidbuhazza99|js09376|kasbu790|o(?:ntakt\.claim|tokairportcargo|watsusho\.co\.ltd\.jp)|rnkl1109|un(?:gwei7777|ioue28)|wasiowusug)|l(?:a(?:r(?:ateambo|rytoms200)|ursent892|wrencefoundation30)|blackshirepm|e(?:ndfair\.co\.uk1|rynne(?:0west99|west2289))|i(?:amfinchus(?:11|3)|ezlnatashavanessa|li(?:ane\.bettencourt1945|ianchrstph)|n(?:elink008|glung104)|xiung(?:l48|9))|john6132|o(?:g(?:anntomas|eengen)|ttyoffice1|u(?:ghreymargaret67|isdreyfusmargarita5))|p319765|u(?:ckywinners2018|sba\.moored2019)|w94059|y(?:\.cheapiseth909|n(?:\.arthur011|cmba440|nmkl3332)))|m(?:a(?:bel\.manaku|ck(?:enzbezos|oliver324)|incare655|jor(?:dennishornbeck53|townsend01)|k(?:altschmidt|toumsheikhhasher)|nuelfranco(?:727|foundation0)|r(?:cusdembialomr|i(?:a(?:111dembele|27idemba|3(?:31lucas|51lucas)|hhills00)|nacoleman84|opabl26)|k(?:roth456|uses200)|y(?:franson56|jify00aaz01))|s(?:onmanny05|pencer5151)|t(?:hewriaanza|twilly3)|u(?:noveutileina|rhinck11?)|viswanczyk(?:1(?:19|987)|4(?:89|5)|775|foundation45|k112|zz)|xaajn|ydetratt)|c(?:\.cheadychang76|kenthando)|dredban775|e(?:044386|engeoffrey|l(?:lagolan|vidabullock5)|nnss01)|gfrederick80|husameddine|i(?:c(?:he(?:alwuu002|lintagro)|paulla|w954)|k(?:edawson1960s|h(?:\.fridman|ai(?:\.fridman261|lfridm32)))|nfin\.gv|ss(?:\.melisa\.mehmett|boteogottai|yaelronen))|jminabii|k(?:ent7117|untjoro52)|lbriggs08860|m(?:1086771|argaritalouisdreyfus)|nmalarge|o(?:ham(?:edabdul1717|madraqab00)|rienkal30)|r(?:\.(?:justinmaxwell09|lusee|wlsonkabore)|7672900|cjames001|d517341|ericfranck|fabianchukwu|hanimuhammad627|jamesmc6|martine80|paulfrank01|r(?:echardthomas|ichardanthony1)|s(?:\.(?:biyufungchi16|janetolsen?|olsenjanett|patarkatsishvili|susanread12)|a(?:ishaalqadafi1976|ngela454)|g(?:ezeria|racewoods70)|h(?:amima60|ristinemadeleine)|j(?:ackman123|lleach)|maureens847|nicolefr1marios|r(?:obinsanders185|uthsmith9900)|s(?:arahbenjamin103|ophiac)|veraaellen)|tomcrist\.ca)|s(?:agent02|golaan4|smadar44)|twvvv|u(?:ali000111|stadris22)|y(?:burghhugohendrik|racbally))|n(?:aomiiwasaki181|ckniem|eilt(?:9108|rotter(?:2017|968))|obuyuki\.hirano128|tawdglobal)|o(?:\.peace004|3344nb|ffice(?:\.012123|rricherd876|windowterms)|liviemorgan4|marinyandeng|nufoundationclaims|pcwkdw|swald\.l(?:\.lewis|ewwis)|vieogor1)|p(?:\.compton101|a(?:storfrancesco1|trick(?:\.efcc|andfrancessconnolly)|ul(?:eed1969|n8018)|ymentofficer14)|brookk0|e(?:130304|t(?:er(?:\.waddell204|guggi0|kenin73?|stephen4040)|ronasofficepromo))|h(?:\.cbnl|illip\.richead218)|ieterstevens511|o(?:lloke|wellmrwilliam)|r(?:esleybathini1|o(?:1nvstream|cessing2013general))|trsvermeulen|w178483)|q(?:iquanzhou7|nzeng1)|r(?:19772744|677gfd|a(?:johnfernn|kidy23|lhashimi78|ymond(?:aba200|damon15))|e(?:beccagarang11|em(?:has(?:himy(?:1978|mail)|m044)|n2214)|mittanceofficeasaba|neehii\.omb|plyback00|v(?:\.(?:jamesabel1|mikedadax)|ernestcebi|frankjackson91))|i(?:ch(?:ard(?:lustig4u|w(?:ahl511|illis815))|lawandds)|tawilliams4141)|josh200000|o(?:berthanandez6655|naldmorris786|s(?:a\.gomes0044|e(?:kipkalya934|tam00)))|svcdusan|t(?:\.rev\.ericmark05|honrichardshepherd)|u(?:ssiaworldcuppromo|thmporat1\"))|s(?:a(?:chingrams|l(?:ehhussienconsult1|imzaid7000)|nchoscozfifa|rfiafarfask7)|cottpeters7989|e(?:cretservicce[78]|rgeantrobertbrown1|ydouthiebaconsultant)|g\.offiice\.group|h(?:a(?:msiahmohamadyunusbnegara|nemissler2009)|e(?:ikhalmaktoum79|ry(?:\.gtl131|etr03))|inawatrathaksin93)|i(?:lverlakeconsultant|mlkheng5)|krause680|l5342743|o(?:fia\.adams201|u(?:rcingloggs|thwsltd))|peelman1972|rfredericodehernandez|sdt224|tephentam1(?:47|6)|u(?:iyang(?:\.boc|02)|leiman\.cbnn|n\.hor20|san(?:freeman112x|neklatten502)|zana111bah)|w(?:eeneyjohnson384|islottnl))|t(?:a(?:mmy21gill|y(?:ebsouami0|lorcathy362))|davalvse|erryparkins11|h(?:ailandbankoffice01|e(?:ara\.choy2|bigbiglottowinning77|odorosloannis9|resawilliams7661?|smithfm124))|imothymetheny01|lyerdonald613|mason9w4r|o(?:m(?:\.cristdonor|c(?:hrist1995|rist(?:52|donation12|foundation99|world)))|ny(?:\.chung760|zimpro11)|pchronodesk|shikazusendo101)|p2911220|ransfermoney21\.2|tkhan69s)|u(?:babankbjplc|dregwqr|kponguko|marukareem8|n(?:claimedfunds554|itednation(?:organization70|s(?:8182|councilrefunds)))|sdepartmentofjustice80)|v(?:a(?:mamakazlegalchambers|nderwesthuizen560)|e(?:enapatel883|neerchris20003|r(?:a(?:aellen7|hollinkvan0)|enichekaterinaekaterina4))|i(?:ctoriaabraham2310|dalpamela85|ngut170|pjeferrey)|owpovertyfoundation)|w(?:a(?:dp4726|hlr(?:5990|ichard18)|ldibeatesieberhagen|nczykm61)|b(?:271981|6159980)|d232633|i(?:ge122|ll(?:iamrobert3852|update123))|kfinancialservice|orldbankregionalmanageroffice|u(?:\.office212|mt722)|ww\.moneygram9054)|y(?:\.oguzhan011|anghoseok5|doo974)|z(?:enithbankplconline98|kiaslan1963|minhong65)))\@gmail\.com$/i
+header REPTO_419_FRAUD_GM Reply-To:addr =~ /^(?=[^\s<>@]+\@gmail\.com)(?:(?:01marviswanczyk|41speedlinkdelivery|7912richardtony|a(?:bu(?:lkareem461|shadi0004)|c(?:aalzz11|count\.optionsmr\.jonasarmstrong|e(?:alss11|cere001))|d(?:esilgon77|iallo\.boa)|erofilxeport|gent\.laryedwad|isha(?:1976algaddafi|gaddafiaam)|jaminamo|l(?:\.jo60691737|a(?:n\.austin(?:041|223)|scramac)|ber\.yang222|ex(?:ander(?:daisy911|peterson4499)|hoffman3319|smithznn)|ghafrij13|hajarb|lenholden121|nizmaria|ure\.wawrenka1472)|m(?:b\.w\.stuart\.symington|ericadeliverycomapny1(?:300|800)|ina(?:ltwaijiri02|tasomda))|n(?:d(?:rewumehunitedbankforafrica|yfox0022)|itaminarnguessan|n(?:a(?:choihkkic|llee091|sigurlaug458)|jenijohnsonn)|t(?:honyalvaradollc|o(?:meuenio|niopaco20consultant)))|r(?:adka01|chibaldhamble|thur11alan)|s(?:h(?:0611jnag|westwood7)|ianbae1010|sistance7agent)|t(?:m(?:mastercard41|office929)|tohlawoffice\.tg)|w1614860|yevayawovi190|zi(?:m(?:\.h(?:ashim\.premj|premji13)|hashim(?:2018|donation2019))|z(?:dake0|george50)))|b(?:a(?:lla250abc|nk(?:centralasiahalobca34|ingcentralng)|ochang7a|r(?:bersmadar75|r(?:\.(?:charles(?:1954|office)|martinrichard)|ister(?:\.fidelisokafor|lordruben94)|ubenjames)|teld\.huisman01))|bongo593|c0996013|e(?:linekra1|n(?:ezero392|jaminsarah195))|i(?:anigercash|ll(?:\.lawrence0747|fhome))|laisevodoun|mw(?:automobile242|officeline)|o(?:arddept0|cchenyi)|r(?:a(?:ndy\.heavenscenttt|volpaul55)|endalaporte112|ianmoynih00)|uff(?:ettwarrene21|ookj))|c(?:a(?:ixaseguros9810001|mluba2017|r(?:eisu98|l(?:os\.s\.helux|thomos)|twrighttownhomesllc))|bnatm847|claimsa|e(?:li(?:cerez|neroullier(?:200|nm))|ntraltrustlltd)|h(?:a(?:ngching885|r(?:itylisajohnrobinson41|l(?:esluenga01|tonnewmanus1)))|e(?:mchung1011|nchung1011)|i(?:enkraymond|mwiakim))|iticonsultantjohncg0|kruger00017|l(?:a(?:im(?:adviser11|officeadm)|xtonpaul00)|s79408)|o(?:l(?:\.(?:ahmedmarani|fakhrialsalabi(?:01)?|hmedismari)|abdullahassi|edavid77032|husseinharmuchc(?:cj|j)|inchrisweir50|mohmanairf|o(?:mbasjuan53|nelsaad00))|mpensationcommitteboard|n(?:sult(?:ancy64|matthias|sto\.u)|tact(?:\.kolason|ad00[04]))|operation612)|pt\.eugenebarash|r(?:a(?:bbechambers|wfordgillies1)|ist(?:bru(?:05|n05)|i1537bru))|ustomerservicelacaixa2)|d(?:29laws|a(?:n(?:008629|iel(?:35508109|zulu11)|nydan24532)|v(?:i(?:d(?:\.loanfirm18|ibe718|larbi11|pere337|r(?:amirez\.luis9012|ikhen))|scarolyn334|yax98)|ychan1970))|c(?:layconsult|ole77032)|e(?:btm123|n(?:iwalts|nis(?:clark659|quaid888))|partmentofstate(?:123|321)|tlefeckhardd)|hill27676|i(?:ane\.s\.wojcicki|gitalassetholding|p(?:francis1|lomat(?:\.john\.clerke|sshenry)))|o(?:minicahkye|na(?:ldwilliam1988|tionhelpercare5))|r(?:\.(?:meirh|wilsonpaul02)|abodid|davidrhama221|j(?:amesdee|oesimon77)|kennedyuzo|meier\.heidi?|o(?:vieogor1|wenfrederick))|u(?:a1155a|nsilva58|stinmoskovitz\.2facebook)|v\.metus)|e(?:benezero392|christina937|d(?:runity|winfreeman22)|fcc\.financial\.dept|l(?:i(?:bethgomez(?:175|499)|sabethmaria600|zabethedw0)|otocashoffice1?)|m(?:2keld|ailpostlink09|efiele(?:328|g757)|ilyrichmond391)|renakgeorge123|ssexlss1|vgpatmow)|f(?:\.mikhail025|a(?:ithdesrie511|tme\.mehmed001)|blott47|e(?:deralreservebankdallasdst|lix88995)|g0067333|irstbank(?:49(?:666|966)|k49666)|j569282|l(?:556249|aurentdz40|uhmann\.dn)|mb\.agent|o(?:ropunionbank|undations\.west)|r(?:a(?:100dub132|n(?:c(?:espatrickconnolly(?:5050|4)|isca(?:mendoza960|samendoza))|k(?:jwangg|laurarivera)))|bbankny\.gov|e(?:derick\.colemanesq|elottosweepstake51))|u(?:lanlan28|ngg1w))|g(?:00gleggewinner19|a(?:b(?:albertoassociates|rielkalia1102)|r(?:ethbull112016|yakinson121))|bill4880|e(?:n(?:\.ahmedmsksi|eral(?:abdulrazak|williamstony990))|orgekwame481|r(?:aldjhjh11|tjanvlieghe787))|g780904|i(?:idp955|lbert12oook)|kwasiiwusu1\.persona|l(?:enmoore0011|oriachow5052)|o(?:glegewinnerteam|o(?:dnessxtra|golteam2019|oglegwiinner219)|vgodwinemefiele111)|r(?:ace(?:jackmanwoods|obia001)|e(?:ant311|energeoffrey776))|veraallen)|h(?:a(?:r(?:old\.dia1100|ryebert101|twellbdaniel)|s(?:h(?:imyreem78|mireem801)|sanalshujairy))|e(?:a(?:dofficecentre0210|therbrooeke101)|cto(?:alon|r(?:castillos653|scastillo6))|lpdesk47321)|gold8080|heba\.hhassan207|i(?:ldad837|toshurui)|klee\.mike|o(?:lsemeyerole6|nmackjohn518|rnbeckmajordennis63[478]|seoky(?:34|9))|sbchgm|trryt34|uichmh)|i(?:1955smael|amannjejosonn|bed627|n(?:fo(?:\.(?:abogadosmfontana|g00gleclaim|questiondesk|ulmusau)|64240|98cbnoffice7|a(?:prl06|sminternationalpk)|fdrserve)|gridrolle2|t(?:ernationallppp1|linvestorsfirm))|terryoffice)|j(?:35809121|a(?:888179|cobmaseon5995|m(?:alpriv8un|es(?:husmansdesk2240|okoh82))|nusensecureprivate|sonyeungchiwai|vierlesme001)|b5406424|c2222222rrr|e(?:ff(?:deandk2|erydean1960)|nniannjhsonn|ssikasingh4)|imyang977|k3311131|mpowellfr|o(?:e(?:dward023|kendal540|lmodisen)|hn(?:\.wilde\.oneplusfinance|a9577|griffn818|paton\.alphafmc|r(?:awlings956|oxfordjr1)|son(?:deba|wilson(?:389|490))|tanko214|uba234|walterlove2010)|monkzza|n(?:esandassociates68|monkssa)|s(?:ephacevedo024|ianeangenor)|y(?:ce00011|mrskone5))|rawlings007|s4fernado|uliet\.le(?:222|e2222)|w6935997)|k(?:a(?:lstromjames3|malnizar000|rabo\.ramala39|t(?:ebaronbarr|hilittman7|jamess043|rinaziako56))|e(?:lsawamelia55|n(?:mck(?:ay1980|enziejr)|nedy\.sawadogo19))|halidbuhazza99|js09376|kasbu790|o(?:ntakt\.claim|tokairportcargo|watsusho\.co\.ltd\.jp)|rnkl1109|un(?:gwei7777|ioue28)|wasiowusug)|l(?:a(?:r(?:ateambo|rytoms200)|ursent892|wrencefoundation30)|blackshirepm|e(?:ndfair\.co\.uk1|rynne(?:0west99|west2289))|i(?:amfinchus(?:11|3)|ezlnatashavanessa|li(?:ane\.bettencourt1945|ianchrstph)|n(?:elink008|glung104)|xiung(?:l48|9))|john6132|o(?:g(?:anntomas|eengen)|ttyoffice1|u(?:ghreymargaret67|isdreyfusmargarita5))|p319765|u(?:ckywinners2018|sba\.moored2019)|w94059|y(?:\.cheapiseth909|n(?:\.arthur011|cmba440|nmkl3332)))|m(?:a(?:bel\.manaku|ck(?:enzbezos|oliver324)|incare655|jor(?:dennishornbeck53|townsend01)|k(?:altschmidt|toumsheikhhasher)|n(?:duesq58|uelfranco(?:727|foundation0))|r(?:cusdembialomr|i(?:a(?:111dembele|27idemba|3(?:31lucas|51lucas)|hhills00)|nacoleman84|opabl26)|k(?:roth456|uses200)|y(?:franson56|jify00aaz01))|s(?:onmanny05|pencer5151)|t(?:hewriaanza|twilly3)|u(?:noveutileina|rhinck11?)|viswanczyk(?:1(?:19|987)|4(?:89|5)|775|foundation45|k112|zz)|xaajn|ydetratt)|c(?:\.cheadychang76|kenthando)|dredban775|e(?:044386|engeoffrey|l(?:lagolan|vidabullock5)|nnss01)|gfrederick80|husameddine|i(?:c(?:he(?:alwuu002|lintagro)|paulla|w954)|k(?:edawson1960s|h(?:\.fridman|ai(?:\.fridman261|lfridm32)))|nfin\.gv|ss(?:\.melisa\.mehmett|boteogottai|yaelronen))|jminabii|k(?:ent7117|untjoro52)|lbriggs08860|m(?:1086771|argaritalouisdreyfus)|nmalarge|o(?:ham(?:edabdul1717|madraqab00)|rienkal30)|r(?:\.(?:justinmaxwell09|lusee|wlsonkabore)|7672900|cjames001|d517341|ericfranck|fabianchukwu|hanimuhammad627|jamesmc6|martine80|paulfrank01|r(?:echardthomas|ichardanthony1)|s(?:\.(?:biyufungchi16|janetolsen?|olsenjanett|patarkatsishvili|susanread12)|a(?:ishaalqadafi1976|ngela454)|g(?:ezeria|racewoods70)|h(?:amima60|ristinemadeleine)|j(?:ackman123|lleach)|maureens847|nicolefr1marios|r(?:obinsanders185|uthsmith9900)|s(?:arahbenjamin103|ophiac)|veraaellen)|tomcrist\.ca)|s(?:agent02|golaan4|smadar44)|twvvv|u(?:ali000111|stadris22)|y(?:burghhugohendrik|racbally))|n(?:aomiiwasaki181|ckniem|eilt(?:9108|rotter(?:2017|968))|obuyuki\.hirano128|tawdglobal)|o(?:\.peace004|3344nb|ffice(?:\.012123|rricherd876|windowterms)|hallkenneth1|liviemorgan4|marinyandeng|nufoundationclaims|pcwkdw|swald\.l(?:\.lewis|ewwis)|vieogor1)|p(?:\.compton101|a(?:storfrancesco1|trick(?:\.efcc|andfrancessconnolly)|ul(?:eed1969|n8018)|ymentofficer14)|brookk0|e(?:130304|t(?:er(?:\.waddell204|guggi0|kenin73?|stephen4040)|ronasofficepromo))|h(?:\.cbnl|illip\.richead218)|i(?:eterstevens511|lz37754)|o(?:lloke|wellmrwilliam)|r(?:esleybathini1|o(?:1nvstream|cessing2013general))|trsvermeulen|w178483)|q(?:iquanzhou7|nzeng1)|r(?:19772744|677gfd|a(?:johnfernn|kidy23|lhashimi78|ymond(?:aba200|damon15))|e(?:beccagarang11|em(?:has(?:himy(?:1978|mail)|m044)|n2214)|mittanceofficeasaba|neehii\.omb|plyback00|v(?:\.(?:jamesabel1|mikedadax)|ernestcebi|frankjackson91))|i(?:ch(?:ard(?:lustig4u|w(?:ahl511|illis815))|lawandds)|tawilliams4141)|josh200000|o(?:berthanandez6655|naldmorris786|s(?:a\.gomes0044|e(?:kipkalya934|tam00)))|svcdusan|t(?:\.rev\.ericmark05|honrichardshepherd)|u(?:ssiaworldcuppromo|thmporat1\"))|s(?:a(?:chingrams|l(?:ehhussienconsult1|imzaid7000)|nchoscozfifa|rfiafarfask7)|cottpeters7989|e(?:cretservicce[78]|rgeantrobertbrown1|ydouthiebaconsultant)|g\.offiice\.group|h(?:a(?:msiahmohamadyunusbnegara|nemissler2009)|e(?:ikhalmaktoum79|ry(?:\.gtl131|etr03))|inawatrathaksin93)|i(?:lverlakeconsultant|mlkheng5)|krause680|l5342743|o(?:fia\.adams201|u(?:rcingloggs|thwsltd))|peelman1972|rfredericodehernandez|sdt224|tephentam1(?:47|6)|u(?:iyang(?:\.boc|02)|leiman\.cbnn|n\.hor20|san(?:freeman112x|neklatten502)|zana111bah)|w(?:eeneyjohnson384|islottnl))|t(?:a(?:mmy21gill|y(?:ebsouami0|lorcathy362))|davalvse|erryparkins11|h(?:ailandbankoffice01|e(?:ara\.choy2|bigbiglottowinning77|odorosloannis9|resawilliams7661?|smithfm124))|imothymetheny01|lyerdonald613|mason9w4r|o(?:m(?:\.cristdonor|c(?:hrist1995|rist(?:52|donation12|foundation99|world)))|ny(?:\.chung760|zimpro11)|pchronodesk|shikazusendo101)|p2911220|ransfermoney21\.2|tkhan69s)|u(?:babankbjplc|dregwqr|kponguko|marukareem8|n(?:claimedfunds554|itednation(?:organization70|s(?:8182|councilrefunds)))|sdepartmentofjustice80)|v(?:a(?:mamakazlegalchambers|nderwesthuizen560)|e(?:enapatel883|neerchris20003|r(?:a(?:aellen7|hollinkvan0)|enichekaterinaekaterina4))|i(?:ctoriaabraham2310|dalpamela85|ngut170|pjeferrey)|owpovertyfoundation)|w(?:a(?:dp4726|hlr(?:5990|ichard18)|ldibeatesieberhagen|nczykm61)|b(?:271981|6159980)|d232633|i(?:ge122|ll(?:iamrobert3852|update123))|kfinancialservice|orldbankregionalmanageroffice|u(?:\.office212|mt722)|ww\.moneygram9054)|y(?:\.oguzhan011|anghoseok5|doo974)|z(?:enithbankplconline98|kiaslan1963|minhong65)))\@gmail\.com$/i
 describe REPTO_419_FRAUD_GM Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD_GM 3.000
 tflags REPTO_419_FRAUD_GM publish
@@ -4058,6 +4035,13 @@ meta SUBJECT_NEEDS_ENCODING    (!__SUBJECT_ENCODED_B64 && !__SUBJECT_ENCODED_QP)
 describe SUBJECT_NEEDS_ENCODING  Subject is encoded but does not specify the encoding
 ##} SUBJECT_NEEDS_ENCODING
 
+##{ SUBJ_ATTENTION
+
+meta        SUBJ_ATTENTION       __SUBJ_ATTENTION && !ALL_TRUSTED
+describe    SUBJ_ATTENTION       ATTENTION in Subject
+#score       SUBJ_ATTENTION       0.500	# limit
+##} SUBJ_ATTENTION
+
 ##{ SUBJ_BRKN_WORDNUMS ifplugin Mail::SpamAssassin::Plugin::DKIM
 
 ifplugin Mail::SpamAssassin::Plugin::DKIM
@@ -4131,6 +4115,11 @@ endif
 endif
 ##} THIS_IS_ADV_SUSP_NTLD if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 
+##{ THREAD_INDEX_HEX
+
+header THREAD_INDEX_HEX  Thread-Index =~ /^[a-z0-9]{30}/
+##} THREAD_INDEX_HEX
+
 ##{ TONLINE_FAKE_DKIM
 
 meta        TONLINE_FAKE_DKIM          __HDR_RCVD_TONLINEDE && __DKIM_EXISTS 
@@ -4263,13 +4252,6 @@ describe   TO_TOO_MANY_WFH_01          Work-from-Home + many recipients
 tflags     TO_TOO_MANY_WFH_01          publish
 ##} TO_TOO_MANY_WFH_01
 
-##{ TRANSFORM_LIFE
-
-meta       TRANSFORM_LIFE              __TRANSFORM_LIFE && !__HAS_CAMPAIGNID && !__HAS_SENDER && !__HAS_X_MAILER && !__VIA_ML 
-describe   TRANSFORM_LIFE              Transform your life!
-#score      TRANSFORM_LIFE              2.500	# limit
-##} TRANSFORM_LIFE
-
 ##{ TT_MSGID_TRUNC
 
 header TT_MSGID_TRUNC   Message-Id =~ /^\s*<?[^<>\s]+\[\d+$/
@@ -4592,14 +4574,6 @@ ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 endif
 ##} T_CDISP_SZ_MANY ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
-##{ T_DATE_IN_FUTURE_96_Q ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-
-ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-header   T_DATE_IN_FUTURE_96_Q    eval:check_for_shifted_date('96', '2920')
-describe T_DATE_IN_FUTURE_96_Q    Date: is 4 days to 4 months after Received: date
-endif
-##} T_DATE_IN_FUTURE_96_Q ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-
 ##{ T_DATE_IN_FUTURE_Q_PLUS ifplugin Mail::SpamAssassin::Plugin::HeaderEval
 
 ifplugin Mail::SpamAssassin::Plugin::HeaderEval
@@ -5045,16 +5019,27 @@ endif
 endif
 ##} T_PDS_SHORTFWD_URISHRT ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
-##{ T_PDS_SHORTFWD_URISHRT_FP ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+##{ T_PDS_SHORTFWD_URISHRT_QP ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     T_PDS_SHORTFWD_URISHRT_FP (__PDS_URISHORTENER || __URL_SHORTENER) && __HS_SUBJ_RE_FW && __PDS_MSG_512
-describe T_PDS_SHORTFWD_URISHRT_FP Apparently a short fwd/re with URI shortener
-#score    T_PDS_SHORTFWD_URISHRT_FP 1.5 # limit
+meta     T_PDS_SHORTFWD_URISHRT_QP (__PDS_URISHORTENER || __URL_SHORTENER) && __HS_SUBJ_RE_FW && __T_PDS_MSG_512 && !PDS_SHORTFWD_URISHRT_FP
+describe T_PDS_SHORTFWD_URISHRT_QP Apparently a short fwd/re with URI shortener
+#score    T_PDS_SHORTFWD_URISHRT_QP 1.5 # limit
 endif
 endif
-##} T_PDS_SHORTFWD_URISHRT_FP ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+##} T_PDS_SHORTFWD_URISHRT_QP ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+
+##{ T_PDS_URISHRT_LOCALPART_SUBJ ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+
+ifplugin Mail::SpamAssassin::Plugin::WLBLEval
+if (version >= 3.004000)
+meta     T_PDS_URISHRT_LOCALPART_SUBJ LOCALPART_IN_SUBJECT && (__PDS_URISHORTENER || __URL_SHORTENER) && __PDS_MSG_1024
+describe T_PDS_URISHRT_LOCALPART_SUBJ Localpart of To in subject
+#score    T_PDS_URISHRT_LOCALPART_SUBJ 1.0
+endif
+endif
+##} T_PDS_URISHRT_LOCALPART_SUBJ ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
 ##{ T_REMOTE_IMAGE ifplugin Mail::SpamAssassin::Plugin::MIMEHeader # {
 
@@ -5333,7 +5318,7 @@ tflags         URI_GOOGLE_PROXY       publish
 
 ##{ URI_GOOG_STO_SPAMMY
 
-uri URI_GOOG_STO_SPAMMY m;^https?://storage\.googleapis\.com/(?:(?:1tactc1200|5a70f8147b2241c|7(?:7(?:7burnf4|ancemrani|kneesleeve|metabolism)|88medw4|arshield777|burn7774|savingsoff)|a(?:d(?:t100visa|vanced1500)|lliedtrust7?|n(?:c77emen777|nutsegtsety|tidcfsdfzef)|pp(?:empresa|itausa)|tividade|udio0254)|b(?:337276797de5b3|7772dcb|ath(?:and777|dfgdfgdfh|rooomlki)|cvncv7845|d(?:fbgverhg|sgbsehtth|thdethydeth)|e(?:dvgervg|t(?:terbutter008|umpoiytre))|looodsugarerte|obby\-dependencies|r(?:ieanfrg|tghrh)|utterknife)|c(?:art\-checkout|bd(?:11gummies|gummty|kfgdfg)|dfeesde|jowa|o(?:mpr(?:essionsocks|ovanteanexo)|n(?:7cealed|defesf)|verageinsu)|reative14141)|d(?:e(?:nta77fend|rma(?:7correc7t|correctskin|hdth|thbsdrhg)|tranmultas)|g(?:iadikir784|vdevgege)|i(?:abetes7|recting77)|rtrebtgh747|zdzefef)|e(?:7co7verage|liminatorlower|ntrega|rectiledysfunction|xpertwindows|yesightmax)|f(?:d(?:128218622bd3f|fdfdzezr78|zdzelom)|habgfdgbfrtg|i(?:7542512|del(?:ityinsulife|ty(?:gbdtrbr|tyhjudtyu))|ghttinnitusnow|ltyredfezz|refig(?:22hting|hting)|xguca777)|la(?:shlight7fr7ee|tbelly)|o(?:mrulasugaa|od54451|toswhatsapps)|rgdfgdfh|s(?:dcfzef|efzgefz)|tlkopmdrdfe|ungusfghgh)|g(?:7oldco|fhfjgfhfg|hetiop|luster|oldii00215|r(?:fgrgrg|owplus11)|u(?:ardiao|mmzdfefzf|tterprotection7))|h(?:dfghbrh|e(?:art14141|rplyy0012)|ome(?:9865|w(?:arranty|rr0216)))|i(?:n(?:formedetranmulta|ogen0065|s(?:7urance7net|t(?:a(?:0541|f(?:atioplo|gregrerg)|hard00021|nttranslator)|h(?:ard879477|eater001))|urancenet)|vest777in)|tchrelief)|k(?:757474|e(?:ranfvgdgfrder|to(?:7rim|ghghgh|jkkfghk|oo7896|toto2323))|nef6565)|l(?:a(?:bcream|wncare3)|eaf7filt7er|i(?:berty77arran|fefiltrevdf)|ocaweb|umiagudiidd)|m(?:a(?:galu|le77en|ttress0707)|e(?:dica(?:lsupplies|r(?:0085|123n|df747))|llitox00545|t(?:abolismlos|f(?:85|dfvde)))|on(?:5g154g|t(?:ezuma001|zdzsds)))|n(?:badefdfg|e(?:sdsd|wtiniggrgr)|inoty74|lmsld)|omeg(?:7aburn|a7burn)|p(?:ersonalized21|o(?:rtableheater7|vsedfzef)|r(?:intsvalentine|otectsecurity)|soidngf8147|ureplant7)|r(?:apidecision77|e(?:adclub11|n(?:ewlaemailved|walllll0065))|iverb1986srt4|oundupccancer)|s(?:a(?:mples7nuge7|vage72)|dfgwsd74fg|eniorserk77s|ignlaotrrmp|teelprobite77|ughdetged|zdzdzdzd)|t(?:acflashlight72|heunbreakable|r(?:abalhos|ugreen30)|unnifgdege)|u(?:berxlm|ltrahgt|sbmosquito)|v(?:e(?:7hicle7cov|hi7clesh7)|frgrerg|i(?:salander|vint0401)|szdefzsfzef)|w(?:4enmedicra8|alk(?:0015|ghghgh)|defgzegfze|e(?:bwhatsfotos|edkiller|llgrove90)|ifibooster)|xcbxcbopiaze|yusdgtduf777|zantacdedzef))/;i
+uri URI_GOOG_STO_SPAMMY m;^https?://storage\.googleapis\.com/(?:(?:1tactc1200|5a70f8147b2241c|7(?:7(?:7burnf4|ancemrani|kneesleeve|metabolism)|88medw4|arshield777|burn7774|savingsoff)|a(?:d(?:t100visa|vanced1500)|lliedtrust7?|n(?:c77emen777|n(?:nuities0102|utsegtsety)|ti(?:1virus|dcfsdfzef))|pp(?:empresa|itausa)|tividade|udio0254)|b(?:337276797de5b3|7772dcb|ath(?:and777|dfgdfgdfh|rooomlki)|cvncv7845|d(?:fbgverhg|sgbsehtth|thdethydeth)|e(?:dvgervg|t(?:ter(?:09909|butter008)|umpoiytre))|ioswitsh0908|loo(?:dshark0508|odsugarerte)|obby\-dependencies|r(?:ainal87484|i(?:an0101|eanfrg)|tghrh)|u(?:rnomegaultra|tterknife))|c(?:a(?:99rshield|rt\-checkout)|bd(?:11gummies|g(?:m0202|ummty)|kfgdfg|sgummys)|dfeesde|hoicehom8270|jowa|o(?:mpr(?:ess(?:a0105|ionsocks)|ovanteanexo)|n(?:7cealed|defesf)|rrectskin|verageinsu)|reative14141)|d(?:e(?:nta77fend|rma(?:7correc7t|acorrectskin|correctskin|hdth|thbsdrhg)|tranmultas)|g(?:iadikir784|vdevgege)|i(?:abetes7|recting77|ta0526)|rtrebtgh747|ysfunction0707|zdzefef)|e(?:7co7verage|ingingears|l(?:eepexperts|iminatorlower)|n(?:ence7777|trega)|rectiledysfunction|xpertwindows(?:0102)?|yesightmax)|f(?:4747|d(?:128218622bd3f|fdfdzezr78|zdzelom)|edilty5401|habgfdgbfrtg|i(?:7542512|d(?:el(?:ityinsulife|ty(?:gbdtrbr|tyhjudtyu))|iity5660|y001)|ghttinnitusnows?|ltyredfezz|refig(?:22hting|hting)|xguca777)|la(?:shlight7fr7ee|tbelly)|o(?:mrulasugaa|od54451|toswhatsapps)|rgdfgdfh|s(?:dcfzef|efzgefz)|tlkopmdrdfe|ung(?:9901|usfghgh))|g(?:7oldco|cumbmdys|fhfjgfhfg|hetiop|luster|oldii00215|r(?:fgrgrg|owplus11)|u(?:ardiao|mm(?:ies11cbd|zdfefzf)|tterprotection7))|h(?:dfghbrh|e(?:art14141|rplyy0012)|ome(?:9865|choice45841|w(?:arranty|rr0216)))|i(?:n(?:formedetranmulta|ogen0065|s(?:7urance7net|t(?:9854|a(?:0541|1heater|f(?:atioplo|gregrerg)|hard0(?:0021|605)|nttranslator)|h(?:ard879477|eater001))|urance(?:7net|net))|vest777in)|tchrelief)|k(?:757474|e(?:ranfvgdgfrder|to(?:7(?:878|rim)|ghghgh|jkkfghk|oo7896|s(?:hark0908|s0479)|toto2323))|iller1111|nef6565)|l(?:a(?:bcream|wncare3)|e(?:a(?:f7filt7er|nde0585)|ciofve1748)|i(?:berty77arran|fefiltrevdf)|ocaweb|umi(?:agudiidd|g875))|m(?:a(?:galu|le(?:0541|77en)|ttress0707)|e(?:dica(?:lsupplies|r(?:0085|123n|df747))|llitox00545|morybooster|t(?:abolismlos|f(?:85|dfvde)))|iraclecannabidiol|on(?:5g154g|t(?:ezuma0(?:01|101)|zdzsds))|ytheraposture001)|n(?:ational14587|badefdfg|e(?:sdsd|wtiniggrgr)|inoty74|lmsld)|o(?:meg(?:7aburn|a7burn)|neshot124578)|p(?:ainsuppl8778|ersonalized21|o(?:rtableheater7|vsedfzef)|r(?:i(?:malgrow|ntsvalentine)|otectsecurity)|soidngf8147|ureplant7)|r(?:apidecision77|e(?:adclub11|n(?:ewlaemailved|walllll0065)|versirol0101)|i(?:ght0108|verb1986srt4)|oundupccancer|vices8)|s(?:a(?:mples7nuge7|vage(?:0502|72))|dfgwsd74fg|eni(?:147orperk|orserk77s)|howersafe|i(?:gnlaotrrmp|mplex18742)|teelprobite77|ug(?:ar4701|hdetged)|zdzdzdzd)|t(?:acflashlight72|erminix0909|heunbreakable|oenailfungus|r(?:abalhos|ugreen30)|unnifgdege)|u(?:berxlm|ltrahgt|nlimitedcanvases?|sbmosquito)|v(?:e(?:7hicle7cov|hi7clesh7)|frgrerg|i(?:salandere?|vint0401)|szdefzsfzef)|w(?:4enmedicra8|alk(?:0015|7485|ghghgh)|defgzegfze|e(?:bwhatsfotos|edkiller|llgrove90)|i(?:fibooster|n(?:0101|doexpr001)))|xcbxcbopiaze|yusdgtduf777|zantacdedzef))/;i
 describe URI_GOOG_STO_SPAMMY Link to spammy content hosted by google storage
 #score URI_GOOG_STO_SPAMMY 3.000
 tflags URI_GOOG_STO_SPAMMY publish
@@ -5426,7 +5411,7 @@ tflags     URI_PHP_REDIR               publish
 
 ##{ URI_TRY_3LD
 
-uri         URI_TRY_3LD       m,^https?://(?:try|start|get(?!\.adobe)|save|check(?!out)|act|compare|join|learn|request|visit(?!or)|my(?!sub|turbotax)\w)[^.]*\.[^/]+\.(?:com|net)\b,i
+meta        URI_TRY_3LD       __URI_TRY_3LD && !__HAS_ERRORS_TO && !__HDR_RCVD_ALIBABA && !__HDR_CASE_REVERSED && !__XM_EC_MESSENGER && !__CHARITY && !__URI_DOTEDU 
 describe    URI_TRY_3LD       "Try it" URI, suspicious hostname
 #score       URI_TRY_3LD       2.000   # limit
 tflags      URI_TRY_3LD       publish
@@ -5436,6 +5421,7 @@ tflags      URI_TRY_3LD       publish
 
 meta        URI_TRY_USME      __URI_TRY_USME && !__DKIM_EXISTS 
 describe    URI_TRY_USME      "Try it" URI, unusual TLD
+#score       URI_TRY_USME      2.000	# limit
 tflags      URI_TRY_USME      publish
 ##} URI_TRY_USME
 
@@ -5508,8 +5494,8 @@ tflags     WALMART_IMG_NOT_RCVD_WAL    publish
 
 ##{ WANT_TO_ORDER
 
-body       WANT_TO_ORDER               /you (?:(?:would )?like|want)( to)? order (?:this|it|now|today)\b/i
-#score      WANT_TO_ORDER               1.500	# limit
+body       WANT_TO_ORDER               /you (?:(?:would )?like|want|are interested)(?: to| in)? (?:plac(?:e|ing) an order|order(?:ing)? (?:for )?(?:this|it|now|today|our \w+))\b/i
+#score      WANT_TO_ORDER               2.500	# limit
 ##} WANT_TO_ORDER
 
 ##{ WIKI_IMG
@@ -5553,13 +5539,6 @@ describe   XM_DIGITS_ONLY              X-Mailer malformed
 tflags     XM_DIGITS_ONLY              publish
 ##} XM_DIGITS_ONLY
 
-##{ XM_LIGHT_HEAVY
-
-meta       XM_LIGHT_HEAVY              __XM_LIGHT_HEAVY && !__HAS_X_BEEN_THERE 
-describe   XM_LIGHT_HEAVY              Special edition of a MUA
-#score      XM_LIGHT_HEAVY              2.500	# limit
-##} XM_LIGHT_HEAVY
-
 ##{ XM_PHPMAILER_FORGED
 
 meta        XM_PHPMAILER_FORGED    __XM_PHPMAILER_FORGED
@@ -5647,8 +5626,8 @@ header X_MAILER_CME_6543_MSN	X-Mailer =~ /^CME-V6\.5\.4\.3; MSN\s*$/
 
 ##{ YOUR_DELIVERY_ADDRESS
 
-body       YOUR_DELIVERY_ADDRESS       /(?:respond|reply) (to )?(?:our|this) email (?:with|and send) your (?:(?:delivery |shipping )?address|address (?:for|of) shipping)/i
-#score      YOUR_DELIVERY_ADDRESS       1.500	# limit
+body       YOUR_DELIVERY_ADDRESS       /(?:(?:respond|reply|answer) (?:to )?(?:our|this) ?e?mail (?:[\w,]+\s){0,10}(?:with|and send(?: us)?)|we need to know|let us know|(?:send|provide)(?: us)?|confirm) (?:your|the) (?:(?:delivery |shipping |mailing |shipment )?address(?:\s?[,.;]|(?: and| so)? we| if you)|address (?:for|of) (?:shipping|delivery|shipment))/i
+#score      YOUR_DELIVERY_ADDRESS       1.250	# limit
 ##} YOUR_DELIVERY_ADDRESS
 
 ##{ YOU_INHERIT
@@ -8209,8 +8188,6 @@ header   __FSL_HAS_LIST_UNSUB  exists:List-Unsubscribe
 
 header  __FSL_HELO_BARE_IP_1      X-Spam-Relays-External =~ /^[^\]]+ helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} [^\]]*auth= /i
 
-header  __FSL_HELO_BARE_IP_2    X-Spam-Relays-Untrusted =~ /helo=(?!127)\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3} /i
-
 header  __FSL_HELO_USER_1   X-Spam-Relays-External =~ / helo=user /i
 
 header  __FSL_HELO_USER_2   Received =~ /from User(?:\s+by|\s*[\[\(]|$)/i
@@ -8254,7 +8231,7 @@ if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
   meta       __GAPPY_SALES_LEADS_MANY    __GAPPY_SALES_LEADS > 2
 endif
 
-header     __GB_FAKE_RF                  Subject =~ /(Fw|Re)\:[a-z0-9\+]/i
+header     __GB_FAKE_RF                  Subject =~ /(Fw|Re)\:{1,2}[a-z0-9\+]/i
 
 body     __GHANA          /\bghana\b/i
 
@@ -8353,6 +8330,9 @@ meta           __HDRS_LCASE_KNOWN    __MSGID_JAVAMAIL || __UA_MSOEMAC || __UA_MS
 
 header         __HDRS_MISSP          ALL:raw =~ /^(?:Subject|From|To|Reply-To):\S/ism
 
+header     __HDR_CASE_REVERSED         ALL =~ /^(?!DomainKey)[^-:\s]*[a-z][A-Z]/m
+tflags     __HDR_CASE_REVERSED         multiple maxhits=4
+
 header __HDR_ORDER_FTSDMCXXXX ALL =~ /\nFrom: .{1,80}?\nTo: .{1,80}?\nSubject: .{1,200}?\nDate: .{1,40}?\nMIME-Version: .{1,40}?\nContent-Type: .{1,120}?\nX-Priority: .{1,40}?\nX-MSMail-Priority: .{1,40}?\nX-Mailer: .{1,80}?\nX-MimeOLE:/s
 
 header     __HDR_RCVD_ALIBABA          X-Spam-Relays-External =~ /\srdns=\S+\.alibaba\.com\s/
@@ -8379,8 +8359,6 @@ endif
 
 header   __HELO_HIGHPROFILE  X-Spam-Relays-External =~ /^[^\]]+ helo=\S*(?:hotmail|gmail|google|yahoo|msn|microsoft|outlook|paypal|xxx)\.[\w]+\b/i
 
-header   __HELO_MISC_IP        	X-Spam-Relays-Untrusted =~ /^[^\]]+ helo=[^a-z\?]\S{0,30}(?:\d{1,3}[^\d]){4}[^\]]+ auth= /i
-
 header __HELO_NOT_RDNS	X-Spam-Relays-External =~ /^[^\]]+ rdns=(\S+) helo=(?!(?i)\1)\S/
 
 header __HELO_NO_DOMAIN   X-Spam-Relays-External =~ /^[^\]]+ helo=[^\.]+ /
@@ -8430,13 +8408,13 @@ ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 mimeheader	__HK_SPAMMY_CTFN	Content-Type =~ /name=.*?(?:lot(?:eri[ej]|t(?:ery|o))|award|prize|winn(?:er|ing)|microsoft|congrat|urgent)/mi
 endif
 
-meta       __HOSTED_IMG_DIRECT_MX      __DOS_DIRECT_TO_MX && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN  || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC)
+meta       __HOSTED_IMG_DIRECT_MX      __DOS_DIRECT_TO_MX && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN  || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC || __URI_IMG_TOPHATTER || __URI_IMG_GBTCDN)
 
-meta       __HOSTED_IMG_DQ_UNSUB       __URI_DQ_UNSUB && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC)
+meta       __HOSTED_IMG_DQ_UNSUB       __URI_DQ_UNSUB && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC || __URI_IMG_TOPHATTER || __URI_IMG_GBTCDN)
 
-meta       __HOSTED_IMG_FREEM          ( FREEMAIL_REPLYTO || FREEMAIL_FROM ) && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_WP_REDIR || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC) 
+meta       __HOSTED_IMG_FREEM          ( FREEMAIL_REPLYTO || FREEMAIL_FROM ) && ( __URI_IMG_EBAY || __URI_IMG_AMAZON || __URI_IMG_ALICDN || __URI_IMG_WALMART || __URI_IMG_NEWEGG || __URI_IMG_SHOPIFY || __URI_IMG_YTIMG || __URI_IMG_JOOMCDN || __URI_IMG_WISH || __URI_IMG_WP_REDIR || __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC || __URI_IMG_TOPHATTER || __URI_IMG_GBTCDN)
 
-meta       __HOSTED_IMG_MULTI          ( __URI_IMG_EBAY + __URI_IMG_AMAZON + __URI_IMG_ALICDN + __URI_IMG_WALMART + __URI_IMG_NEWEGG + __URI_IMG_SHOPIFY + __URI_IMG_YTIMG + __URI_IMG_JOOMCDN + __URI_IMG_WISH + __URI_IMG_WP_REDIR + __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC) > 1
+meta       __HOSTED_IMG_MULTI          ( __URI_IMG_EBAY + __URI_IMG_AMAZON + __URI_IMG_ALICDN + __URI_IMG_WALMART + __URI_IMG_NEWEGG + __URI_IMG_SHOPIFY + __URI_IMG_YTIMG + __URI_IMG_JOOMCDN + __URI_IMG_WISH + __URI_IMG_WP_REDIR + __URI_IMG_STATICBG || __URI_IMG_CHANNYPIC || __URI_IMG_TOPHATTER || __URI_IMG_GBTCDN) > 1
 
 if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
   body           __HOURS_DEADLINE       /\b(?:(?:give\syou|gebe\sihnen(?:\snur)?|you\s(?:will\s)?have(?:\sonly|\sjust)?|within)(?:(\sthe)?\s(?:last|next))?\s(?:\d+|one|two|three|a few)\s?(?:hours?|hr(?:\s?s)?|days?|stunden)|(?:by|to|until|before)\sthe\send\sof\sthe\s(?:work(?:ing)?\s)?day|Ich\sgebe\sIhnen\s\d+\sStunden|\d+\shours?\sbefore\s(?:sending|releasing|exposing|publishing)|(?:the|your)\sdeadline\s(?:is|will\sbe))\b/i
@@ -8521,6 +8499,8 @@ endif
 
 body     __INHERIT_PMT    /\binheritance\spayment\s/i
 
+meta     __INR_AND_NO_REF	(__XM_IMAIL || __XM_APPLEMAIL || __XM_COMMUNIG || __XM_EDMAX || __XM_ELM || __XM_EMUMAIL || __XM_EXMH || __XM_LOTUSN || __XM_MAILCITY || __XM_MAILSMITH || __XM_MSCDO || __XM_MSOUT || __XM_MIMETOOLS || __XM_OPERA6 || __XM_PEGASUS || __XM_QUALCOM || __UA_IMP || __UA_MSOEMAC || __UA_MSENTOUR || __UA_OPERA7)
+
 body     __INTL_BANK      /\b(?:international\s(?:\w+\s)?bank|banque\sinternationale)\b/i
 
 body     __INVEST_COUNTRY /\binvest\sin\syour?\scountry\b/i
@@ -8844,7 +8824,7 @@ if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
 endif
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __MALW_ATTACH_02_01 Content-Disposition =~ /\bfilename(?:="?[^"]*|\*(?:\d+\*)?=(?:UTF-8'')?\S*)(?:invoice|statement|(?:\.|%C2%B7|[\xc2][\xb7]|_)(?:pdf|img|png|gif|jpe?g))\.(?:ace|zip|7z|rar|r17|gz)[";$]/i
+  mimeheader   __MALW_ATTACH_02_01 Content-Disposition =~ /\bfilename(?:="?[^"]*|\*(?:\d+\*)?=(?:UTF-8'')?\S*)(?:invoice|statement|payment(?: advice)?|(?:[.,_]|%C2%B7|[\xc2][\xb7])(?:pdf|img|png|gif|jpe?g))\.(?:ace|zip|rar|r17|[7g]?z|iso)[";$]/i
 endif
 
 if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
@@ -8852,7 +8832,7 @@ if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
 endif
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __MALW_ATTACH_02_02 Content-Type =~ /\bname="?[^"]*(?:invoice|statement|(?:\.|[\xc2][\xb7]|_)(?:pdf|img|png|gif|jpe?g))\.(?:ace|zip|7z|rar|r17|gz)[";$]/i
+  mimeheader   __MALW_ATTACH_02_02 Content-Type =~ /\bname="?[^"]*(?:invoice|statement|payment(?: advice)?|(?:[.,_]|[\xc2][\xb7])(?:pdf|img|png|gif|jpe?g))\.(?:ace|zip|rar|r17|[7g]?z|iso)[";$]/i
 endif
 
 meta           __MANY_HDRS_LCASE     __HDRS_LCASE > 1
@@ -9521,7 +9501,7 @@ header      __REPLYTO_NOREPLY          Reply-To =~ /\bno-?reply@/i
 
 header __REPTO_419_FRAUD_AOL_LOOSE Reply-To:addr =~ /^(?=[^\s<>@]+\@aol\.com)(?:(?:a(?:f\.|ljaber)|brownchurchill|c(?:hanprivacy|ristinabruno|ustom_service)|d(?:hodgkins|onald_anderson)|evelynjoshua|f(?:d\.|ernandezfernandez)|george_clifford|hernandezrosemary|k\.doreen|l(?:erynnewest|izcarroll)|m_l\.wanczyk|p(?:aulpollard|eterwong)|r(?:achel_wat|oyalpalace)|s(?:gt\.gillianj|pwalker)|usembassy|webank))\d+\@aol\.com$/i
 
-header __REPTO_419_FRAUD_GM_LOOSE Reply-To:addr =~ /^(?=[^\s<>@]+\@gmail\.com)(?:(?:a(?:bu(?:lkareem|shadi)|c(?:aalzz|e(?:alss|cere))|desilgon|l(?:an\.austin|ber\.yang|ex(?:ander(?:daisy|peterson)|hoffman)|ghafrij|lenholden|ure\.wawrenka)|m(?:ericadeliverycomapny|inaltwaijiri)|n(?:dyfox|na(?:llee|sigurlaug))|radka|s(?:hwestwood|ianbae)|tm(?:mastercard|office)|yevayawovi|zi(?:m(?:\.hpremji|hashim(?:donation)?)|z(?:dake|george)))|b(?:a(?:nkcentralasiahalobca|r(?:bersmadar|r(?:\.charles|isterlordruben)|teld\.huisman))|bongo|e(?:linekra|n(?:ezero|jaminsarah))|ill\.lawrence|mwautomobile|oarddept|r(?:avolpaul|endalaporte|ianmoynih)|uffettwarrene)|c(?:a(?:mluba|reisu)|bnatm|elineroullier|h(?:a(?:ngching|r(?:itylisajohnrobinson|l(?:esluenga|tonnewmanus)))|e(?:mchung|nchung))|iticonsultantjohncg|la(?:imadviser|xtonpaul)|o(?:l(?:\.fakhrialsalabi|inchrisweir|o(?:mbasjuan|nelsaad))|n(?:sultancy|tactad)|operation)|r(?:awfordgillies|istbrun?)|ustomerservicelacaixa)|d(?:a(?:nielzulu|v(?:i(?:d(?:\.loanfirm|ibe|larbi|pere|ramirez\.luis)|scarolyn|yax)|ychan))|e(?:btm|nnis(?:clark|quaid)|partmentofstate)|ipfrancis|ona(?:ldwilliam|tionhelpercare)|r(?:\.wilsonpaul|davidrhama|joesimon|ovieogor)|unsilva)|e(?:benezero|christina|dwinfreeman|l(?:i(?:bethgomez|sabethmaria|zabethedw)|otocashoffice)|m(?:ailpostlink|efieleg?|ilyrichmond)|renakgeorge|ssexlss)|f(?:\.mikhail|a(?:ithdesrie|tme\.mehmed)|blott|laurentdz|r(?:a(?:100dub|nc(?:espatrickconnolly|iscamendoza))|eelottosweepstake)|ulanlan)|g(?:00gleggewinner|a(?:brielkalia|ryakinson)|bill|e(?:neralwilliamstony|orgekwame|r(?:aldjhjh|tjanvlieghe))|iidp|l(?:enmoore|oriachow)|o(?:o(?:golteam|oglegwiinner)|vgodwinemefiele)|r(?:aceobia|e(?:ant|energeoffrey)))|h(?:a(?:r(?:old\.dia|ryebert)|sh(?:imyreem|mireem))|e(?:a(?:dofficecentre|therbrooeke)|ctor(?:castillos|scastillo))|gold|heba\.hhassan|ildad|o(?:lsemeyerole|nmackjohn|rnbeckmajordennis|seoky)|trryt)|i(?:bed|n(?:fo(?:98cbnoffice|aprl)|gridrolle|ternationallppp))|j(?:a(?:cobmaseon|mes(?:husmansdesk|okoh)|vierlesme)|e(?:ff(?:deandk|erydean)|ssikasingh)|imyang|o(?:e(?:dward|kendal)|hn(?:griffn|r(?:awlings|oxfordjr)|sonwilson|tanko|uba|walterlove|a)|nesandassociates|sephacevedo|ymrskone)|rawlings|uliet\.lee?)|k(?:a(?:lstromjames|malnizar|rabo\.ramala|t(?:hilittman|jamess|rinaziako))|e(?:lsawamelia|n(?:mckay|nedy\.sawadogo))|halidbuhazza|kasbu|rnkl|un(?:gwei|ioue))|l(?:a(?:rrytoms|ursent|wrencefoundation)|e(?:ndfair\.co\.uk|rynne(?:0west|west))|i(?:amfinchus|liane\.bettencourt|n(?:elink|glung)|xiungl?)|john|o(?:ttyoffice|u(?:ghreymargaret|isdreyfusmargarita))|u(?:ckywinners|sba\.moored)|y(?:\.cheapiseth|n(?:\.arthur|cmba|nmkl)))|m(?:a(?:ckoliver|incare|jor(?:dennishornbeck|townsend)|nuelfranco(?:foundation)?|r(?:i(?:ahhills|nacoleman|opabl)|k(?:roth|uses)|y(?:franson|jify00aaz))|s(?:onmanny|pencer)|ttwilly|urhinck|viswanczyk(?:(?:foundation|k))?)|c\.cheadychang|dredban|e(?:lvidabullock|nnss)|gfrederick|i(?:c(?:healwuu|w)|khai(?:\.fridman|lfridm))|k(?:ent|untjoro)|o(?:ham(?:edabdul|madraqab)|rienkal)|r(?:\.justinmaxwell|cjames|hanimuhammad|jamesmc|martine|paulfrank|richardanthony|s(?:\.(?:biyufungchi|susanread)|a(?:ishaalqadafi|ngela)|gracewoods|hamima|jackman|maureens|r(?:obinsanders|uthsmith)|sarahbenjamin))|s(?:agent|golaan|smadar)|ustadris)|n(?:aomiiwasaki|eilt(?:rotter)?|obuyuki\.hirano)|o(?:\.peace|fficerricherd|liviemorgan|vieogor)|p(?:\.compton|a(?:storfrancesco|ul(?:eed|n)|ymentofficer)|brookk|eter(?:\.waddell|guggi|kenin|stephen)|hillip\.richead|ieterstevens|resleybathini)|q(?:iquanzhou|nzeng)|r(?:a(?:kidy|lhashimi|ymond(?:aba|damon))|e(?:beccagarang|em(?:has(?:himy|m)|n)|plyback|v(?:\.jamesabel|frankjackson))|i(?:chardw(?:ahl|illis)|tawilliams)|o(?:berthanandez|naldmorris|s(?:a\.gomes|e(?:kipkalya|tam)))|t\.rev\.ericmark)|s(?:a(?:l(?:ehhussienconsult|imzaid)|rfiafarfask)|cottpeters|e(?:cretservicce|rgeantrobertbrown)|h(?:anemissler|e(?:ikhalmaktoum|ry(?:\.gtl|etr))|inawatrathaksin)|imlkheng|krause|ofia\.adams|peelman|sdt|tephentam|u(?:iyang|n\.hor|sanneklatten)|weeneyjohnson)|t(?:ay(?:ebsouami|lorcathy)|erryparkins|h(?:ailandbankoffice|e(?:ara\.choy|bigbiglottowinning|odorosloannis|resawilliams|smithfm))|imothymetheny|lyerdonald|o(?:mc(?:hrist|rist(?:(?:donation|foundation))?)|ny(?:\.chung|zimpro)|shikazusendo))|u(?:marukareem|n(?:claimedfunds|itednation(?:organization|s))|sdepartmentofjustice)|v(?:anderwesthuizen|e(?:enapatel|r(?:a(?:aellen|hollinkvan)|enichekaterinaekaterina))|i(?:ctoriaabraham|dalpamela|ngut))|w(?:a(?:dp|hlr(?:ichard)?|nczykm)|i(?:ge|ll(?:iamrobert|update))|u(?:\.office|mt)|ww\.moneygram)|y(?:\.oguzhan|anghoseok|doo)|z(?:enithbankplconline|kiaslan|minhong)))\d+\@gmail\.com$/i
+header __REPTO_419_FRAUD_GM_LOOSE Reply-To:addr =~ /^(?=[^\s<>@]+\@gmail\.com)(?:(?:a(?:bu(?:lkareem|shadi)|c(?:aalzz|e(?:alss|cere))|desilgon|l(?:an\.austin|ber\.yang|ex(?:ander(?:daisy|peterson)|hoffman)|ghafrij|lenholden|ure\.wawrenka)|m(?:ericadeliverycomapny|inaltwaijiri)|n(?:dyfox|na(?:llee|sigurlaug))|radka|s(?:hwestwood|ianbae)|tm(?:mastercard|office)|yevayawovi|zi(?:m(?:\.hpremji|hashim(?:donation)?)|z(?:dake|george)))|b(?:a(?:nkcentralasiahalobca|r(?:bersmadar|r(?:\.charles|isterlordruben)|teld\.huisman))|bongo|e(?:linekra|n(?:ezero|jaminsarah))|ill\.lawrence|mwautomobile|oarddept|r(?:avolpaul|endalaporte|ianmoynih)|uffettwarrene)|c(?:a(?:mluba|reisu)|bnatm|elineroullier|h(?:a(?:ngching|r(?:itylisajohnrobinson|l(?:esluenga|tonnewmanus)))|e(?:mchung|nchung))|iticonsultantjohncg|la(?:imadviser|xtonpaul)|o(?:l(?:\.fakhrialsalabi|inchrisweir|o(?:mbasjuan|nelsaad))|n(?:sultancy|tactad)|operation)|r(?:awfordgillies|istbrun?)|ustomerservicelacaixa)|d(?:a(?:nielzulu|v(?:i(?:d(?:\.loanfirm|ibe|larbi|pere|ramirez\.luis)|scarolyn|yax)|ychan))|e(?:btm|nnis(?:clark|quaid)|partmentofstate)|ipfrancis|ona(?:ldwilliam|tionhelpercare)|r(?:\.wilsonpaul|davidrhama|joesimon|ovieogor)|unsilva)|e(?:benezero|christina|dwinfreeman|l(?:i(?:bethgomez|sabethmaria|zabethedw)|otocashoffice)|m(?:ailpostlink|efieleg?|ilyrichmond)|renakgeorge|ssexlss)|f(?:\.mikhail|a(?:ithdesrie|tme\.mehmed)|blott|laurentdz|r(?:a(?:100dub|nc(?:espatrickconnolly|iscamendoza))|eelottosweepstake)|ulanlan)|g(?:00gleggewinner|a(?:brielkalia|ryakinson)|bill|e(?:neralwilliamstony|orgekwame|r(?:aldjhjh|tjanvlieghe))|iidp|l(?:enmoore|oriachow)|o(?:o(?:golteam|oglegwiinner)|vgodwinemefiele)|r(?:aceobia|e(?:ant|energeoffrey)))|h(?:a(?:r(?:old\.dia|ryebert)|sh(?:imyreem|mireem))|e(?:a(?:dofficecentre|therbrooeke)|ctor(?:castillos|scastillo))|gold|heba\.hhassan|ildad|o(?:lsemeyerole|nmackjohn|rnbeckmajordennis|seoky)|trryt)|i(?:bed|n(?:fo(?:98cbnoffice|aprl)|gridrolle|ternationallppp))|j(?:a(?:cobmaseon|mes(?:husmansdesk|okoh)|vierlesme)|e(?:ff(?:deandk|erydean)|ssikasingh)|imyang|o(?:e(?:dward|kendal)|hn(?:griffn|r(?:awlings|oxfordjr)|sonwilson|tanko|uba|walterlove|a)|nesandassociates|sephacevedo|ymrskone)|rawlings|uliet\.lee?)|k(?:a(?:lstromjames|malnizar|rabo\.ramala|t(?:hilittman|jamess|rinaziako))|e(?:lsawamelia|n(?:mckay|nedy\.sawadogo))|halidbuhazza|kasbu|rnkl|un(?:gwei|ioue))|l(?:a(?:rrytoms|ursent|wrencefoundation)|e(?:ndfair\.co\.uk|rynne(?:0west|west))|i(?:amfinchus|liane\.bettencourt|n(?:elink|glung)|xiungl?)|john|o(?:ttyoffice|u(?:ghreymargaret|isdreyfusmargarita))|u(?:ckywinners|sba\.moored)|y(?:\.cheapiseth|n(?:\.arthur|cmba|nmkl)))|m(?:a(?:ckoliver|incare|jor(?:dennishornbeck|townsend)|n(?:duesq|uelfranco(?:foundation)?)|r(?:i(?:ahhills|nacoleman|opabl)|k(?:roth|uses)|y(?:franson|jify00aaz))|s(?:onmanny|pencer)|ttwilly|urhinck|viswanczyk(?:(?:foundation|k))?)|c\.cheadychang|dredban|e(?:lvidabullock|nnss)|gfrederick|i(?:c(?:healwuu|w)|khai(?:\.fridman|lfridm))|k(?:ent|untjoro)|o(?:ham(?:edabdul|madraqab)|rienkal)|r(?:\.justinmaxwell|cjames|hanimuhammad|jamesmc|martine|paulfrank|richardanthony|s(?:\.(?:biyufungchi|susanread)|a(?:ishaalqadafi|ngela)|gracewoods|hamima|jackman|maureens|r(?:obinsanders|uthsmith)|sarahbenjamin))|s(?:agent|golaan|smadar)|ustadris)|n(?:aomiiwasaki|eilt(?:rotter)?|obuyuki\.hirano)|o(?:\.peace|fficerricherd|hallkenneth|liviemorgan|vieogor)|p(?:\.compton|a(?:storfrancesco|ul(?:eed|n)|ymentofficer)|brookk|eter(?:\.waddell|guggi|kenin|stephen)|hillip\.richead|ieterstevens|resleybathini)|q(?:iquanzhou|nzeng)|r(?:a(?:kidy|lhashimi|ymond(?:aba|damon))|e(?:beccagarang|em(?:has(?:himy|m)|n)|plyback|v(?:\.jamesabel|frankjackson))|i(?:chardw(?:ahl|illis)|tawilliams)|o(?:berthanandez|naldmorris|s(?:a\.gomes|e(?:kipkalya|tam)))|t\.rev\.ericmark)|s(?:a(?:l(?:ehhussienconsult|imzaid)|rfiafarfask)|cottpeters|e(?:cretservicce|rgeantrobertbrown)|h(?:anemissler|e(?:ikhalmaktoum|ry(?:\.gtl|etr))|inawatrathaksin)|imlkheng|krause|ofia\.adams|peelman|sdt|tephentam|u(?:iyang|n\.hor|sanneklatten)|weeneyjohnson)|t(?:ay(?:ebsouami|lorcathy)|erryparkins|h(?:ailandbankoffice|e(?:ara\.choy|bigbiglottowinning|odorosloannis|resawilliams|smithfm))|imothymetheny|lyerdonald|o(?:mc(?:hrist|rist(?:(?:donation|foundation))?)|ny(?:\.chung|zimpro)|shikazusendo))|u(?:marukareem|n(?:claimedfunds|itednation(?:organization|s))|sdepartmentofjustice)|v(?:anderwesthuizen|e(?:enapatel|r(?:a(?:aellen|hollinkvan)|enichekaterinaekaterina))|i(?:ctoriaabraham|dalpamela|ngut))|w(?:a(?:dp|hlr(?:ichard)?|nczykm)|i(?:ge|ll(?:iamrobert|update))|u(?:\.office|mt)|ww\.moneygram)|y(?:\.oguzhan|anghoseok|doo)|z(?:enithbankplconline|kiaslan|minhong)))\d+\@gmail\.com$/i
 
 header __REPTO_419_FRAUD_YH_LOOSE Reply-To:addr =~ /^(?=[^\s<>@]+\@yahoo\.com)(?:(?:a(?:driantongson|gaaintl\-4g5ee\.w|lesiakalina|nn(?:awax|hester\.usa))|b(?:a(?:nk\.phbng|rr(?:ister\.dennis|lawrencefubara))|en(?:jaminb|nicholas)|riceangela)|c(?:\.(?:aroline|coulibaly)|h(?:arlesscharf|jackson)|juan|ollins(?:mattew|wayne)|ythiamiller\.un)|d(?:hamilton|i(?:aanesoto|plomaticagent))|f(?:aizaadama|ederal\.r)|graham\.eddie|infobank|j(?:\.edwards|a(?:ckson\.davis|netemoon)|kimyong)|k(?:elvinmark|im(?:\.leang|leang))|l(?:e(?:a_edem|ge|hman)|isarobinson_|y_cheapiseth)|m(?:arie_avis|dzsesszika|elissalewis|o(?:hammedaahil|keye)|rkellyayi|unny(?:\.sopheap|_sopheap))|n(?:estordaniel|orahuz)|o(?:fficial_franksylvester|legkozyrev|mranshaalan)|peterlee|r(?:alphw(?:\.johnson|johnson)|i(?:chard\.w|taadamsw)|o(?:b(?:ertbailey|orts)|serichard))|s(?:amthong|igurlauganna|leo|mithcolin|pwalker|tevecox\.)|tylerhess\.|u(?:butu|kdebtmanagement)|vanserge|will(?:clark|iamsimon)|xianglongdai))\d+\@yahoo\.com$/i
 
@@ -9646,6 +9626,8 @@ meta       __SUBJECT_PRESENT_EMPTY      __HAS_SUBJECT && __SUBJECT_EMPTY
 
 header      __SUBJ_ADMIN         Subject =~ /\b(?:(?:sys)?admin(?:istrator)?|server|service|support)\b/i
 
+header      __SUBJ_ATTENTION     Subject =~ /ATTENTION/
+
 meta        __SUBJ_BRKN_WORDNUMS   __SUBJ_BROKEN_WORD && __TVD_SUBJ_NUM_OBFU
 
 header      __SUBJ_BROKEN_WORD     Subject =~ /\s(?!i[PTM][aoh][bcdou]|e[MP]a[is])[a-z]{1,3}[A-Z][a-z]{2}/
@@ -9924,12 +9906,16 @@ meta     __T_PDS_MSG_512 (__KAM_BODY_LENGTH_LT_512 || __HTML_LENGTH_512 || __PDS
 
 header   __UA_GNUS		User-Agent =~ /^Gnus/
 
+header   __UA_IMP		User-Agent =~ /^Internet Messaging Program/
+
 header   __UA_KMAIL		User-Agent =~ /^KMail/
 
 header   __UA_KNODE		User-Agent =~ /^KNode/
 
 header   __UA_MOZ5		User-Agent =~ /^Mozilla\/5/
 
+header   __UA_MSENTOUR		User-Agent =~ /^Microsoft-Entourage/
+
 header   __UA_MSOEMAC		User-Agent =~ /^Microsoft-Outlook-Express-Mac/
 
 header         __UA_MSOMAC           User-Agent =~ /^Microsoft-MacOutlook\/(?:\d+\.){3}/
@@ -10039,6 +10025,8 @@ uri        __URI_IMG_CHANNYPIC         m,://www\.channypicture\.com/pic/,i
 
 uri        __URI_IMG_EBAY              m,://[^/?]+\.ebayimg\.com/,i
 
+uri        __URI_IMG_GBTCDN            m;://des\.gbtcdn\.com/storage/store/[0-9a-f/]{30,}\.(?:png|gif|jpe?g)$;i
+
 uri        __URI_IMG_JOOMCDN           m,://img\.joomcdn\.net/,i
 
 uri        __URI_IMG_NEWEGG            m,://[^/?]+\.neweggimages\.com/,i
@@ -10047,6 +10035,8 @@ uri        __URI_IMG_SHOPIFY           m,://cdn\.shopify\.com/.+\.(?:jpe?g|gif|p
 
 uri        __URI_IMG_STATICBG          m,://imgaz\.staticbg\.com/images/,i
 
+uri        __URI_IMG_TOPHATTER         m;://images\.tophatter\.com/[0-9a-f]{30,}/;i
+
 uri        __URI_IMG_WALMART           m,://[^/?]+\.walmartimages\.com/,i
 
 uri        __URI_IMG_WISH              m,://contestimg\.wish\.com/,i
@@ -10068,6 +10058,8 @@ meta        __URI_PHISH    __HAS_ANY_URI && !__URI_GOOGLE_DOC && !__URI_GOOG_STO
 
 uri        __URI_PHP_REDIR             m;/redirect\.php\?;i
 
+uri         __URI_TRY_3LD     m,^https?://(?:try(?!r\.codeschool)|start|get(?!\.adobe)|save|check(?!out)|act|compare|join|learn(?!ing)|request|visit(?!or|\.vermont)|my(?!sub|turbotax|news\.apple|a\.godaddy|account|support|build|blob)\w)[^.]*\.[^/]+\.(?:com|net)\b,i
+
 uri         __URI_TRY_USME    m,^https?://(?:try|start|get|save|check|act|compare|join|learn|request|visit|my)[^.]*\.[^/]+\.(?:us|me|mobi|club)\b,i
 
 uri        __URI_WEBAPP                m,://[^./]+\.web\.app/,
@@ -10152,24 +10144,46 @@ header   __XM_BALSA		X-Mailer =~ /^Balsa \d/
 
 header   __XM_CALYPSO		X-Mailer =~ /^Calypso/
 
+header   __XM_COMMUNIG		X-Mailer =~ /^CommuniGate/
+
 header     __XM_DIGITS_ONLY            X-Mailer =~ /^\s*\d+\s*$/
 
+header      __XM_EC_MESSENGER      X-Mailer =~ /\beC-Messenger\b/
+
+header   __XM_EDMAX		X-Mailer =~ /^EdMax/
+
+header   __XM_ELM		X-Mailer =~ /^ELM/
+
+header   __XM_EMUMAIL		X-Mailer =~ /^EMUmail/
+
+header   __XM_EXMH		X-Mailer =~ /^exmh/
+
 header   __XM_FORTE		X-Mailer =~ /^Forte Agent \d/
 
 header   __XM_GNUS		X-Mailer =~ /^Gnus v/
 
-header     __XM_IPHONEMAIL             X-Mailer =~ /^iPhone Mail \([0-9A-F]{4,8}\)/
+header   __XM_IMAIL		X-Mailer =~ /^<IMail v\d/
 
-header     __XM_LIGHT_HEAVY            X-Mailer =~ /\b(?:light|(?<!::)lite|standard|business|pro(?:fessional)?|educational|personal)\b/i
+header   __XM_LOTUSN		X-Mailer =~ /^Lotus Notes/
+
+header   __XM_MAILCITY		X-Mailer =~ /^MailCity Service/
+
+header   __XM_MAILSMITH		X-Mailer =~ /^Mailsmith /
 
 header   __XM_MHE		X-Mailer =~ /^mh-e \d/
 
+header   __XM_MIMETOOLS		X-Mailer =~ /^MIME-tools \d/i
+
 header   __XM_MOZ4		X-Mailer =~ /^Mozilla 4/
 
+header   __XM_MSCDO		X-Mailer =~ /^Microsoft CDO/
+
 header   __XM_MSOE5		X-Mailer =~ /^Microsoft Outlook Express 5/
 
 header   __XM_MSOE6		X-Mailer =~ /^Microsoft Outlook Express 6/
 
+header   __XM_MSOUT		X-Mailer =~ /^Microsoft Outlook[, ]?\s?[BIC]/ #Build, IMO, CWS
+
 header __XM_MS_IN_GENERAL     X-Mailer =~ /\bMSCRM\b|Microsoft (?:CDO|Outlook|Office Outlook)\b/
 
 header __XM_OL_10_0_4115    X-Mailer =~ /^Microsoft Outlook, Build 10.0.4115$/
@@ -10182,10 +10196,16 @@ header __XM_OL_48072300    X-Mailer =~ /^Microsoft Outlook Express 5.50.4807.230
 
 header __XM_OL_4_72_2106_4  X-Mailer =~ /^Microsoft Outlook Express 4.72.2106.4$/
 
+header   __XM_OPERA6		X-Mailer =~ /^Opera 6/
+
 header __XM_OUTLOOK_EXPRESS    X-Mailer =~ /^Microsoft Outlook Express \d/
 
+header   __XM_PEGASUS		X-Mailer =~ /^Pegasus Mail/
+
 header      __XM_PHPMAILER_FORGED  X-Mailer =~ /PHPMailer\s.*version\D+$/
 
+header   __XM_QUALCOM		X-Mailer =~ /^QUALCOMM Windows Eudora/
+
 header     __XM_RANDOM                 X-Mailer =~ /q(?!q?mail|boxmail|\d|[-\w]*=+;)[^u]/i
 
 header   __XM_SKYRI		X-Mailer =~ /^SKYRiXgreen/
diff --git a/sa-updates/72_scores.cf b/sa-updates/72_scores.cf
index eedd72d..1eebf9e 100644
--- a/sa-updates/72_scores.cf
+++ b/sa-updates/72_scores.cf
@@ -1,7 +1,7 @@
 score ACCT_PHISHING_MANY                    2.999 2.999 2.999 2.999
 score AC_BR_BONANZA                         0.001 0.001 0.001 0.001
 score AC_DIV_BONANZA                        0.001 0.001 0.001 0.001
-score AC_FROM_MANY_DOTS                     3.000 2.999 3.000 2.999
+score AC_FROM_MANY_DOTS                     2.999 2.999 2.999 2.999
 score AC_HTML_NONSENSE_TAGS                 1.999 1.999 1.999 1.999
 score AC_POST_EXTRAS                        1.000 1.000 1.000 1.000
 score AC_SPAMMY_URI_PATTERNS1               1.000 1.000 1.000 1.000
@@ -13,43 +13,43 @@ score AC_SPAMMY_URI_PATTERNS3               1.000 1.000 1.000 1.000
 score AC_SPAMMY_URI_PATTERNS4               1.000 1.000 1.000 1.000
 score AC_SPAMMY_URI_PATTERNS8               1.000 1.000 1.000 1.000
 score AC_SPAMMY_URI_PATTERNS9               1.000 1.000 1.000 1.000
-score ADMITS_SPAM                           4.099 3.699 4.099 3.699
+score ADMITS_SPAM                           4.199 4.199 4.199 4.199
 score ADVANCE_FEE_2_NEW_FORM                1.000 1.000 1.000 1.000
-score ADVANCE_FEE_2_NEW_FRM_MNY             1.419 2.499 1.419 2.499
-score ADVANCE_FEE_2_NEW_MONEY               0.675 0.001 0.675 0.001
-score ADVANCE_FEE_3_NEW                     2.848 0.586 2.848 0.586
-score ADVANCE_FEE_3_NEW_FRM_MNY             0.001 1.606 0.001 1.606
-score ADVANCE_FEE_3_NEW_MONEY               2.999 2.899 2.999 2.899
-score ADVANCE_FEE_4_NEW                     2.550 2.149 2.550 2.149
+score ADVANCE_FEE_2_NEW_FRM_MNY             2.499 1.781 2.499 1.781
+score ADVANCE_FEE_2_NEW_MONEY               1.999 1.999 1.999 1.999
+score ADVANCE_FEE_3_NEW                     3.499 3.499 3.499 3.499
+score ADVANCE_FEE_3_NEW_FRM_MNY             0.001 1.946 0.001 1.946
+score ADVANCE_FEE_3_NEW_MONEY               2.491 2.588 2.491 2.588
+score ADVANCE_FEE_4_NEW                     2.599 2.137 2.599 2.137
 score ADVANCE_FEE_4_NEW_FRM_MNY             0.001 0.001 0.001 0.001
-score ADVANCE_FEE_4_NEW_MONEY               1.690 0.431 1.690 0.431
-score ADVANCE_FEE_5_NEW                     2.801 2.999 2.801 2.999
-score ADVANCE_FEE_5_NEW_FRM_MNY             0.001 0.001 0.001 0.001
+score ADVANCE_FEE_4_NEW_MONEY               1.575 0.001 1.575 0.001
+score ADVANCE_FEE_5_NEW                     2.600 2.399 2.600 2.399
+score ADVANCE_FEE_5_NEW_FRM_MNY             1.997 2.699 1.997 2.699
 score ADVANCE_FEE_5_NEW_MONEY               0.001 0.001 0.001 0.001
 score AD_PREFS                              0.250 0.250 0.250 0.250
-score ALIBABA_IMG_NOT_RCVD_ALI              2.500 2.499 2.500 2.499
-score AMAZON_IMG_NOT_RCVD_AMZN              2.499 1.780 2.499 1.780
+score ALIBABA_IMG_NOT_RCVD_ALI              2.499 1.426 2.499 1.426
+score AMAZON_IMG_NOT_RCVD_AMZN              2.499 2.499 2.499 2.499
 score APP_DEVELOPMENT_FREEM                 1.000 1.000 1.000 1.000
-score APP_DEVELOPMENT_NORDNS                1.999 1.999 1.999 1.999
+score APP_DEVELOPMENT_NORDNS                1.222 1.999 1.222 1.999
 score AXB_XMAILER_MIMEOLE_OL_024C2          0.001 0.001 0.001 0.001
-score AXB_XMAILER_MIMEOLE_OL_1ECD5          1.097 0.558 1.097 0.558
-score BIGNUM_EMAILS_FREEM                   0.001 0.001 0.001 0.001
-score BIGNUM_EMAILS_MANY                    2.999 2.999 2.999 2.999
+score AXB_XMAILER_MIMEOLE_OL_1ECD5          2.345 0.934 2.345 0.934
+score BIGNUM_EMAILS_FREEM                   2.999 1.497 2.999 1.497
+score BIGNUM_EMAILS_MANY                    1.000 1.000 1.000 1.000
 score BITCOIN_BOMB                          1.000 1.000 1.000 1.000
-score BITCOIN_DEADLINE                      0.001 0.001 0.001 0.001
-score BITCOIN_EXTORT_01                     0.001 0.714 0.001 0.714
+score BITCOIN_DEADLINE                      1.720 2.999 1.720 2.999
+score BITCOIN_EXTORT_01                     1.691 0.001 1.691 0.001
 score BITCOIN_EXTORT_02                     1.000 1.000 1.000 1.000
-score BITCOIN_IMGUR                         3.499 3.499 3.499 3.499
+score BITCOIN_IMGUR                         2.857 3.432 2.857 3.432
 score BITCOIN_MALF_HTML                     3.499 3.499 3.499 3.499
-score BITCOIN_MALWARE                       2.021 0.001 2.021 0.001
-score BITCOIN_OBFU_SUBJ                     0.055 2.966 0.055 2.966
-score BITCOIN_ONAN                          2.599 2.999 2.599 2.999
+score BITCOIN_MALWARE                       2.781 2.522 2.781 2.522
+score BITCOIN_OBFU_SUBJ                     1.000 1.000 1.000 1.000
+score BITCOIN_ONAN                          1.000 1.000 1.000 1.000
 score BITCOIN_PAY_ME                        1.000 1.000 1.000 1.000
 score BITCOIN_SPAM_01                       1.000 1.000 1.000 1.000
-score BITCOIN_SPAM_02                       2.480 1.790 2.480 1.790
-score BITCOIN_SPAM_03                       1.000 1.911 1.000 1.911
+score BITCOIN_SPAM_02                       2.499 2.499 2.499 2.499
+score BITCOIN_SPAM_03                       1.000 1.000 1.000 1.000
 score BITCOIN_SPAM_04                       1.000 1.000 1.000 1.000
-score BITCOIN_SPAM_05                       0.001 0.001 0.001 0.001
+score BITCOIN_SPAM_05                       0.001 2.499 0.001 2.499
 score BITCOIN_SPAM_06                       1.000 1.000 1.000 1.000
 score BITCOIN_SPAM_07                       3.499 3.499 3.499 3.499
 score BITCOIN_SPAM_08                       1.000 1.000 1.000 1.000
@@ -58,24 +58,23 @@ score BITCOIN_SPAM_10                       1.000 1.000 1.000 1.000
 score BITCOIN_SPAM_11                       1.000 1.000 1.000 1.000
 score BITCOIN_SPAM_12                       1.000 1.000 1.000 1.000
 score BITCOIN_SPF_ONLYALL                   0.001 1.000 0.001 1.000
-score BITCOIN_XPRIO                         0.309 0.867 0.309 0.867
-score BITCOIN_YOUR_INFO                     2.113 0.001 2.113 0.001
-score BODY_EMPTY                            1.999 0.986 1.999 0.986
-score BODY_SINGLE_URI                       2.499 0.001 2.499 0.001
-score BODY_SINGLE_WORD                      0.245 0.964 0.245 0.964
-score BODY_URI_ONLY                         2.608 1.905 2.608 1.905
-score BOGUS_MIME_VERSION                    3.500 3.499 3.500 3.499
+score BITCOIN_XPRIO                         2.499 2.499 2.499 2.499
+score BITCOIN_YOUR_INFO                     2.468 2.486 2.468 2.486
+score BODY_SINGLE_URI                       0.962 0.001 0.962 0.001
+score BODY_SINGLE_WORD                      0.240 0.001 0.240 0.001
+score BODY_URI_ONLY                         2.693 1.569 2.693 1.569
+score BOGUS_MIME_VERSION                    3.499 2.703 3.499 2.703
 score BOGUS_MSM_HDRS                        1.000 1.000 1.000 1.000
-score BOMB_FREEM                            1.999 1.373 1.999 1.373
-score BOMB_MONEY                            1.855 2.142 1.855 2.142
+score BOMB_FREEM                            1.000 1.000 1.000 1.000
+score BOMB_MONEY                            1.000 1.000 1.000 1.000
 score BTC_ORG                               1.000 1.000 1.000 1.000
-score BULK_RE_SUSP_NTLD                     1.000 1.000 1.000 1.000
+score BULK_RE_SUSP_NTLD                     0.999 0.001 0.999 0.001
 score CANT_SEE_AD                           1.000 1.000 1.000 1.000
-score CK_HELO_GENERIC                       0.249 0.250 0.249 0.250
 score COMMENT_GIBBERISH                     1.000 1.000 1.000 1.000
-score COMPENSATION                          1.126 1.000 1.126 1.000
+score COMPENSATION                          1.499 1.000 1.499 1.000
 score CONTENT_AFTER_HTML                    2.499 2.499 2.499 2.499
-score CTE_8BIT_MISMATCH                     0.999 0.999 0.999 0.999
+score CTE_8BIT_MISMATCH                     1.000 0.999 1.000 0.999
+score DATE_IN_FUTURE_96_Q                   2.495 2.299 2.495 2.299
 score DAY_I_EARNED                          1.000 1.000 1.000 1.000
 score DEAR_BENEFICIARY                      0.001 0.001 0.001 0.001
 score DKIMWL_BL                             0.001 2.999 0.001 2.999
@@ -85,147 +84,145 @@ score DKIMWL_WL_MED                         0.001 -0.001 0.001 -0.001
 score DKIMWL_WL_MEDHI                       0.001 -1.000 0.001 -1.000
 score DOTGOV_IMAGE                          1.000 1.000 1.000 1.000
 score DSN_NO_MIMEVERSION                    1.999 1.999 1.999 1.999
-score DYNAMIC_IMGUR                         3.106 3.999 3.106 3.999
-score EBAY_IMG_NOT_RCVD_EBAY                2.320 2.999 2.320 2.999
+score DYNAMIC_IMGUR                         1.000 1.000 1.000 1.000
+score EBAY_IMG_NOT_RCVD_EBAY                2.999 1.835 2.999 1.835
 score ENCRYPTED_MESSAGE                     -1.000 -1.000 -1.000 -1.000
-score END_FUTURE_EMAILS                     2.100 1.571 2.100 1.571
+score END_FUTURE_EMAILS                     2.099 1.314 2.099 1.314
 score ENVFROM_GOOG_TRIX                     1.000 1.000 1.000 1.000
-score FAKE_REPLY_A1                         3.099 2.600 3.099 2.600
+score FAKE_REPLY_A1                         3.105 3.999 3.105 3.999
+score FAKE_REPLY_B                          0.635 2.403 0.635 2.403
 score FBI_MONEY                             1.000 1.000 1.000 1.000
 score FBI_SPOOF                             1.000 1.000 1.000 1.000
 score FILL_THIS_FORM                        1.199 0.001 1.199 0.001
-score FONT_INVIS_DIRECT                     1.445 2.946 1.445 2.946
+score FONT_INVIS_DIRECT                     2.232 2.010 2.232 2.010
 score FONT_INVIS_DOTGOV                     1.000 1.000 1.000 1.000
-score FONT_INVIS_HTML_NOHTML                1.759 1.631 1.759 1.631
-score FONT_INVIS_LONG_LINE                  1.000 1.000 1.000 1.000
-score FONT_INVIS_MSGID                      2.425 1.710 2.425 1.710
-score FONT_INVIS_NORDNS                     2.499 2.500 2.499 2.500
-score FONT_INVIS_POSTEXTRAS                 1.000 1.000 1.000 1.000
-score FORM_FRAUD                            0.999 0.999 0.999 0.999
-score FORM_FRAUD_3                          0.001 0.001 0.001 0.001
+score FONT_INVIS_HTML_NOHTML                2.999 2.882 2.999 2.882
+score FONT_INVIS_LONG_LINE                  2.385 2.999 2.385 2.999
+score FONT_INVIS_MSGID                      2.500 2.491 2.500 2.491
+score FONT_INVIS_NORDNS                     2.499 2.499 2.499 2.499
+score FONT_INVIS_POSTEXTRAS                 3.182 3.499 3.182 3.499
+score FORM_FRAUD                            0.999 0.001 0.999 0.001
+score FORM_FRAUD_3                          0.001 0.846 0.001 0.846
 score FORM_FRAUD_5                          0.001 0.001 0.001 0.001
 score FORM_LOW_CONTRAST                     1.000 1.000 1.000 1.000
-score FOUND_YOU                             2.991 3.249 2.991 3.249
+score FOUND_YOU                             3.249 3.249 3.249 3.249
 score FREEMAIL_FORGED_FROMDOMAIN            0.249 0.249 0.249 0.249
 score FREEM_FRNUM_UNICD_EMPTY               1.000 1.000 1.000 1.000
 score FRNAME_IN_MSG_XPRIO_NO_SUB            1.000 1.000 1.000 1.000
+score FROMSPACE                             2.767 0.065 2.767 0.065
 score FROM_2_EMAILS_SHORT                   2.999 2.999 2.999 2.999
 score FROM_ADDR_WS                          2.999 2.999 2.999 2.999
 score FROM_BANK_NOAUTH                      0.001 1.000 0.001 1.000
 score FROM_FMBLA_NDBLOCKED                  0.001 0.001 0.001 0.001
 score FROM_FMBLA_NEWDOM                     0.001 1.499 0.001 1.499
-score FROM_FMBLA_NEWDOM14                   0.001 1.000 0.001 1.000
-score FROM_FMBLA_NEWDOM28                   0.001 0.799 0.001 0.799
+score FROM_FMBLA_NEWDOM14                   0.001 0.999 0.001 0.999
+score FROM_FMBLA_NEWDOM28                   0.001 0.800 0.001 0.800
 score FROM_GOV_DKIM_AU                      0.001 -0.001 0.001 -0.001
 score FROM_GOV_REPLYTO_FREEMAIL             0.001 1.000 0.001 1.000
-score FROM_GOV_SPOOF                        0.001 0.999 0.001 0.999
-score FROM_IN_TO_AND_SUBJ                   2.399 2.199 2.399 2.199
-score FROM_MISSPACED                        0.001 0.001 0.001 0.001
-score FROM_MISSP_DYNIP                      1.582 2.299 1.582 2.299
+score FROM_GOV_SPOOF                        0.001 1.000 0.001 1.000
+score FROM_MISSPACED                        0.685 0.001 0.685 0.001
+score FROM_MISSP_DYNIP                      0.001 2.449 0.001 2.449
 score FROM_MISSP_EH_MATCH                   0.001 0.001 0.001 0.001
-score FROM_MISSP_FREEMAIL                   0.397 0.001 0.397 0.001
+score FROM_MISSP_FREEMAIL                   2.889 0.001 2.889 0.001
 score FROM_MISSP_MSFT                       0.001 0.001 0.001 0.001
-score FROM_MISSP_REPLYTO                    0.001 0.001 0.001 0.001
-score FROM_MISSP_SPF_FAIL                   0.001 0.001 0.001 0.001
-score FROM_MISSP_TO_UNDISC                  1.457 1.981 1.457 1.981
+score FROM_MISSP_REPLYTO                    1.800 1.740 1.800 1.740
+score FROM_MISSP_SPF_FAIL                   0.001 2.000 0.001 2.000
+score FROM_MISSP_TO_UNDISC                  0.761 0.001 0.761 0.001
 score FROM_MISSP_USER                       0.001 0.001 0.001 0.001
-score FROM_MULTI_NORDNS                     0.348 0.971 0.348 0.971
+score FROM_MULTI_NORDNS                     0.001 0.961 0.001 0.961
 score FROM_NEWDOM_BTC                       0.001 1.000 0.001 1.000
-score FROM_NTLD_LINKBAIT                    1.000 0.418 1.000 0.418
-score FROM_NTLD_REPLY_FREEMAIL              1.484 1.999 1.484 1.999
+score FROM_NTLD_LINKBAIT                    1.000 0.001 1.000 0.001
+score FROM_NTLD_REPLY_FREEMAIL              1.737 1.999 1.737 1.999
 score FROM_NUMBERO_NEWDOMAIN                0.001 1.000 0.001 1.000
 score FROM_NUMERIC_TLD                      1.000 1.000 1.000 1.000
-score FROM_PAYPAL_SPOOF                     0.001 0.434 0.001 0.434
+score FROM_PAYPAL_SPOOF                     0.001 0.658 0.001 0.658
 score FROM_SUSPICIOUS_NTLD                  0.499 0.500 0.499 0.500
 score FROM_SUSPICIOUS_NTLD_FP               1.999 0.001 1.999 0.001
-score FROM_WEBSITE                          2.599 2.399 2.599 2.399
-score FROM_WSP_TRAIL                        2.131 2.299 2.131 2.299
 score FSL_BULK_SIG                          0.001 0.001 0.001 0.001
 score FSL_CTYPE_WIN1251                     0.001 0.001 0.001 0.001
 score FSL_NEW_HELO_USER                     0.001 0.001 0.001 0.001
 score FUZZY_AMAZON                          2.699 2.599 2.699 2.599
-score FUZZY_BITCOIN                         2.399 0.092 2.399 0.092
+score FUZZY_BITCOIN                         2.399 0.546 2.399 0.546
 score GAPPY_SALES_LEADS_FREEM               1.000 1.000 1.000 1.000
 score GB_FAKE_RF_SHORT                      1.999 1.999 1.999 1.999
 score GB_FORGED_MUA_POSTFIX                 1.000 1.000 1.000 1.000
-score GB_FREEMAIL_DISPTO                    0.499 0.001 0.499 0.001
-score GB_FREEMAIL_DISPTO_NOTFREEM           0.500 0.499 0.500 0.499
+score GB_FREEMAIL_DISPTO                    0.487 0.001 0.487 0.001
+score GB_FREEMAIL_DISPTO_NOTFREEM           0.499 0.499 0.499 0.499
 score GB_GOOGLE_OBFUR                       0.750 0.750 0.750 0.750
-score GB_GOOGLE_OBFUS                       0.749 0.391 0.749 0.391
 score GOOGLE_DOCS_PHISH                     1.000 1.000 1.000 1.000
 score GOOGLE_DOCS_PHISH_MANY                1.000 1.000 1.000 1.000
 score GOOGLE_DOC_SUSP                       2.999 2.999 2.999 2.999
 score GOOGLE_DRIVE_REPLY_BAD_NTLD           1.000 1.000 1.000 1.000
 score GOOG_MALWARE_DNLD                     1.000 1.000 1.000 1.000
-score GOOG_REDIR_NORDNS                     2.601 2.211 2.601 2.211
-score GOOG_STO_HTML_PHISH                   2.391 2.999 2.391 2.999
-score GOOG_STO_HTML_PHISH_MANY              3.695 1.000 3.695 1.000
-score GOOG_STO_IMG_HTML                     3.000 2.999 3.000 2.999
-score GOOG_STO_IMG_NOHTML                   2.499 2.499 2.499 2.499
+score GOOG_REDIR_NORDNS                     2.604 2.197 2.604 2.197
+score GOOG_STO_HTML_PHISH                   2.505 1.663 2.505 1.663
+score GOOG_STO_HTML_PHISH_MANY              1.000 1.000 1.000 1.000
+score GOOG_STO_IMG_HTML                     2.999 2.999 2.999 2.999
+score GOOG_STO_IMG_NOHTML                   2.500 2.499 2.500 2.499
 score GOOG_STO_NOIMG_HTML                   2.999 2.999 2.999 2.999
 score HAS_X_NO_RELAY                        1.000 1.000 1.000 1.000
-score HAS_X_OUTGOING_SPAM_STAT              2.151 2.562 2.151 2.562
-score HDRS_LCASE                            0.100 0.099 0.100 0.099
+score HAS_X_OUTGOING_SPAM_STAT              2.610 2.594 2.610 2.594
+score HDRS_LCASE                            0.099 0.099 0.099 0.099
 score HDRS_LCASE_IMGONLY                    0.100 0.099 0.100 0.099
-score HDRS_MISSP                            2.447 1.939 2.447 1.939
-score HDR_ORDER_FTSDMCXX_DIRECT             1.999 0.073 1.999 0.073
-score HDR_ORDER_FTSDMCXX_NORDNS             0.001 0.001 0.001 0.001
-score HEADER_FROM_DIFFERENT_DOMAINS         0.250 0.249 0.250 0.249
-score HELO_MISC_IP                          0.080 0.174 0.080 0.174
-score HELO_NO_DOMAIN                        0.001 0.001 0.001 0.001
+score HDRS_MISSP                            2.499 2.499 2.499 2.499
+score HDR_ORDER_FTSDMCXX_DIRECT             1.999 1.999 1.999 1.999
+score HDR_ORDER_FTSDMCXX_NORDNS             2.947 3.499 2.947 3.499
+score HEADER_FROM_DIFFERENT_DOMAINS         0.250 0.250 0.250 0.250
+score HELO_NO_DOMAIN                        0.077 0.001 0.077 0.001
 score HEXHASH_WORD                          1.000 1.000 1.000 1.000
 score HK_CTE_RAW                            1.000 1.000 1.000 1.000
-score HK_NAME_FM_MR_MRS                     1.499 1.499 1.499 1.499
-score HK_NAME_MR_MRS                        0.999 0.999 0.999 0.999
+score HK_NAME_FM_MR_MRS                     0.749 0.001 0.749 0.001
+score HK_NAME_MR_MRS                        0.999 0.244 0.999 0.244
 score HK_RANDOM_FROM                        0.999 0.999 0.999 0.999
-score HK_RANDOM_REPLYTO                     0.001 0.001 0.001 0.001
+score HK_RANDOM_REPLYTO                     0.861 0.001 0.861 0.001
 score HK_RCVD_IP_MULTICAST                  1.000 1.000 1.000 1.000
 score HK_SCAM                               0.001 0.001 0.001 0.001
-score HK_WIN                                0.999 0.999 0.999 0.999
-score HOSTED_IMG_DIRECT_MX                  3.297 2.351 3.297 2.351
+score HK_WIN                                0.001 0.999 0.001 0.999
+score HOSTED_IMG_DIRECT_MX                  2.004 1.875 2.004 1.875
 score HOSTED_IMG_DQ_UNSUB                   1.000 1.000 1.000 1.000
-score HOSTED_IMG_FREEM                      3.499 3.437 3.499 3.437
-score HOSTED_IMG_MULTI                      1.552 1.755 1.552 1.755
-score HOSTED_IMG_MULTI_PUB_01               1.200 2.196 1.200 2.196
-score HTML_ENTITY_ASCII                     2.999 2.948 2.999 2.948
+score HOSTED_IMG_FREEM                      3.499 3.499 3.499 3.499
+score HOSTED_IMG_MULTI                      1.804 2.864 1.804 2.864
+score HOSTED_IMG_MULTI_PUB_01               2.600 2.999 2.600 2.999
+score HTML_ENTITY_ASCII                     1.000 1.000 1.000 1.000
 score HTML_ENTITY_ASCII_TINY                1.000 1.000 1.000 1.000
 score HTML_OFF_PAGE                         2.999 2.999 2.999 2.999
-score HTML_SHRT_CMNT_OBFU_MANY              0.849 1.220 0.849 1.220
-score HTML_SINGLET_MANY                     0.780 1.331 0.780 1.331
+score HTML_SHRT_CMNT_OBFU_MANY              0.297 2.482 0.297 2.482
+score HTML_SINGLET_MANY                     2.129 2.499 2.129 2.499
 score HTML_TEXT_INVISIBLE_FONT              1.999 1.999 1.999 1.999
-score HTML_TEXT_INVISIBLE_STYLE             1.830 1.424 1.830 1.424
-score IMG_ONLY_FM_DOM_INFO                  0.001 0.712 0.001 0.712
+score HTML_TEXT_INVISIBLE_STYLE             0.358 1.723 0.358 1.723
+score IMG_ONLY_FM_DOM_INFO                  0.001 2.447 0.001 2.447
 score JH_SPAMMY_HEADERS                     3.499 3.499 3.499 3.499
-score JH_SPAMMY_PATTERN01                   2.864 0.047 2.864 0.047
+score JH_SPAMMY_PATTERN01                   1.000 1.000 1.000 1.000
 score JH_SPAMMY_PATTERN02                   1.000 1.000 1.000 1.000
-score KHOP_FAKE_EBAY                        0.299 0.135 0.299 0.135
+score KHOP_FAKE_EBAY                        0.001 0.999 0.001 0.999
 score KHOP_HELO_FCRDNS                      0.400 0.399 0.400 0.399
 score LIST_PRTL_PUMPDUMP                    1.000 1.000 1.000 1.000
-score LIST_PRTL_SAME_USER                   0.001 0.697 0.001 0.697
-score LONG_HEX_URI                          2.844 1.887 2.844 1.887
-score LONG_IMG_URI                          1.688 1.178 1.688 1.178
-score LONG_INVISIBLE_TEXT                   0.588 1.326 0.588 1.326
+score LIST_PRTL_SAME_USER                   0.001 1.461 0.001 1.461
+score LONG_HEX_URI                          1.908 0.001 1.908 0.001
+score LONG_IMG_URI                          0.737 0.409 0.737 0.409
+score LONG_INVISIBLE_TEXT                   1.806 1.587 1.806 1.587
 score LOTS_OF_MONEY                         0.010 0.010 0.010 0.010
-score LOTTO_AGENT                           0.001 0.001 0.001 0.001
+score LOTTO_AGENT                           1.499 1.499 1.499 1.499
+score LOTTO_DEPT                            0.001 0.001 0.001 0.001
 score LUCRATIVE                             1.000 1.000 1.000 1.000
-score MALFORMED_FREEMAIL                    3.099 1.003 3.099 1.003
+score MALFORMED_FREEMAIL                    3.199 1.345 3.199 1.345
 score MALF_HTML_B64                         1.000 1.000 1.000 1.000
-score MALWARE_NORDNS                        0.001 1.263 0.001 1.263
+score MALWARE_NORDNS                        0.001 0.703 0.001 0.703
 score MALWARE_PASSWORD                      1.000 1.000 1.000 1.000
 score MANY_HDRS_LCASE                       0.100 0.100 0.100 0.100
-score MANY_SPAN_IN_TEXT                     2.399 2.299 2.399 2.299
-score MAY_BE_FORGED                         2.529 2.600 2.529 2.600
+score MANY_SPAN_IN_TEXT                     2.299 2.200 2.299 2.200
+score MAY_BE_FORGED                         2.390 2.699 2.390 2.699
 score MILLION_HUNDRED                       0.001 0.001 0.001 0.001
 score MILLION_USD                           0.001 0.001 0.001 0.001
-score MIMEOLE_DIRECT_TO_MX                  0.001 0.001 0.001 0.001
-score MIME_NO_TEXT                          1.000 1.000 1.000 1.000
-score MIXED_AREA_CASE                       0.727 0.910 0.727 0.910
+score MIMEOLE_DIRECT_TO_MX                  1.999 1.999 1.999 1.999
+score MIME_NO_TEXT                          1.999 1.999 1.999 1.999
+score MIXED_AREA_CASE                       1.065 2.437 1.065 2.437
 score MIXED_CENTER_CASE                     2.499 2.499 2.499 2.499
-score MIXED_CTYPE_CASE                      0.965 1.479 0.965 1.479
-score MIXED_ES                              2.399 2.299 2.399 2.299
-score MIXED_FONT_CASE                       2.499 2.499 2.499 2.499
+score MIXED_CTYPE_CASE                      0.426 2.634 0.426 2.634
+score MIXED_ES                              2.499 2.299 2.499 2.299
+score MIXED_FONT_CASE                       1.637 2.329 1.637 2.329
 score MIXED_HREF_CASE                       1.999 1.999 1.999 1.999
-score MIXED_IMG_CASE                        2.999 2.583 2.999 2.583
+score MIXED_IMG_CASE                        2.999 2.999 2.999 2.999
 score MONERO_DEADLINE                       1.000 1.000 1.000 1.000
 score MONERO_EXTORT_01                      1.000 1.000 1.000 1.000
 score MONERO_MALWARE                        1.000 1.000 1.000 1.000
@@ -233,72 +230,71 @@ score MONERO_PAY_ME                         1.000 1.000 1.000 1.000
 score MONEY_ATM_CARD                        0.001 0.001 0.001 0.001
 score MONEY_FORM                            0.001 0.001 0.001 0.001
 score MONEY_FORM_SHORT                      0.001 0.001 0.001 0.001
-score MONEY_FRAUD_3                         2.799 2.699 2.799 2.699
+score MONEY_FRAUD_3                         2.699 2.599 2.699 2.599
 score MONEY_FRAUD_5                         0.001 0.001 0.001 0.001
 score MONEY_FRAUD_8                         0.001 0.001 0.001 0.001
-score MONEY_FREEMAIL_REPTO                  2.993 1.640 2.993 1.640
+score MONEY_FREEMAIL_REPTO                  2.999 2.484 2.999 2.484
 score MONEY_FROM_41                         1.999 1.999 1.999 1.999
 score MONEY_FROM_MISSP                      0.001 0.001 0.001 0.001
-score MONEY_NOHTML                          1.246 0.590 1.246 0.590
+score MONEY_NOHTML                          2.499 2.401 2.499 2.401
 score MSGID_DOLLARS_URI_IMG                 1.000 1.000 1.000 1.000
-score MSGID_HDR_MALF                        2.359 3.499 2.359 3.499
-score MSGID_NOFQDN1                         0.498 0.001 0.498 0.001
-score MSMAIL_PRI_ABNORMAL                   0.517 0.671 0.517 0.671
+score MSGID_HDR_MALF                        3.035 3.499 3.035 3.499
+score MSGID_NOFQDN1                         0.050 0.364 0.050 0.364
+score MSMAIL_PRI_ABNORMAL                   0.618 1.263 0.618 1.263
 score MSM_PRIO_REPTO                        1.000 1.000 1.000 1.000
-score NAME_EMAIL_DIFF                       2.002 0.632 2.002 0.632
+score NAME_EMAIL_DIFF                       1.451 1.070 1.451 1.070
 score NA_DOLLARS                            1.499 1.499 1.499 1.499
 score NEWEGG_IMG_NOT_RCVD_NEGG              1.000 1.000 1.000 1.000
-score NICE_REPLY_A                          -0.001 -0.001 -0.001 -0.001
-score NORDNS_LOW_CONTRAST                   1.784 2.301 1.784 2.301
+score NICE_REPLY_A                          -0.243 -0.001 -0.243 -0.001
+score NORDNS_LOW_CONTRAST                   1.886 2.313 1.886 2.313
 score NO_FM_NAME_IP_HOSTN                   0.001 0.001 0.001 0.001
 score NSL_RCVD_FROM_USER                    0.001 0.001 0.001 0.001
 score NSL_RCVD_HELO_USER                    0.001 0.001 0.001 0.001
-score NUMBEREND_LINKBAIT                    0.582 0.001 0.582 0.001
-score OBFU_BITCOIN                          0.001 0.001 0.001 0.001
-score OBFU_UNSUB_UL                         2.400 2.199 2.400 2.199
-score ODD_FREEM_REPTO                       2.999 2.670 2.999 2.670
-score OFFER_ONLY_AMERICA                    1.310 1.999 1.310 1.999
-score ONLINE_MKTG_CNSLT                     2.599 0.001 2.599 0.001
-score ORDER_TODAY                           2.499 0.429 2.499 0.429
-score PDS_BAD_THREAD_QP_64                  1.000 0.999 1.000 0.999
-score PDS_BTC_ID                            0.500 0.499 0.500 0.499
-score PDS_BTC_MSGID                         0.001 0.001 0.001 0.001
-score PDS_DBL_URL_TNB_RUNON                 0.900 0.554 0.900 0.554
-score PDS_EMPTYSUBJ_URISHRT                 0.302 0.001 0.302 0.001
-score PDS_FRNOM_TODOM_DBL_URL               1.499 1.499 1.499 1.499
+score NUMBEREND_LINKBAIT                    0.471 0.519 0.471 0.519
+score OBFU_BITCOIN                          0.008 0.062 0.008 0.062
+score OBFU_UNSUB_UL                         2.299 2.199 2.299 2.199
+score ODD_FREEM_REPTO                       2.999 2.864 2.999 2.864
+score OFFER_ONLY_AMERICA                    1.999 1.579 1.999 1.579
+score ORDER_TODAY                           2.397 2.499 2.397 2.499
+score PDS_BAD_THREAD_QP_64                  0.999 1.000 0.999 1.000
+score PDS_BTC_ID                            0.499 0.499 0.499 0.499
+score PDS_BTC_MSGID                         0.003 0.999 0.003 0.999
+score PDS_DBL_URL_TNB_RUNON                 1.305 0.001 1.305 0.001
+score PDS_EMPTYSUBJ_URISHRT                 0.001 0.032 0.001 0.032
+score PDS_FRNOM_TODOM_DBL_URL               1.499 0.338 1.499 0.338
 score PDS_FRNOM_TODOM_NAKED_TO              1.499 1.499 1.499 1.499
-score PDS_FROM_2_EMAILS                     1.635 2.648 1.635 2.648
-score PDS_FROM_2_EMAILS_SHRTNER             0.396 1.499 0.396 1.499
+score PDS_FROM_2_EMAILS                     1.681 1.776 1.681 1.776
+score PDS_FROM_2_EMAILS_SHRTNER             0.001 0.946 0.001 0.946
 score PDS_FROM_NAME_TO_DOMAIN               1.999 1.999 1.999 1.999
 score PDS_HELO_SPF_FAIL                     0.001 1.000 0.001 1.000
-score PDS_NO_FULL_NAME_SPOOFED_URL          0.284 0.344 0.284 0.344
+score PDS_NAKED_TO_NUMERO                   1.999 0.345 1.999 0.345
+score PDS_NO_FULL_NAME_SPOOFED_URL          0.121 0.344 0.121 0.344
 score PDS_OTHER_BAD_TLD                     1.999 1.999 1.999 1.999
-score PDS_SHORTFWD_URISHRT_QP               1.499 1.079 1.499 1.079
-score PDS_SHORT_SPOOFED_URL                 0.989 1.999 0.989 1.999
-score PDS_TINYSUBJ_URISHRT                  1.499 0.001 1.499 0.001
+score PDS_SHORTFWD_URISHRT_FP               1.500 1.499 1.500 1.499
+score PDS_SHORT_SPOOFED_URL                 1.149 1.999 1.149 1.999
+score PDS_TINYSUBJ_URISHRT                  1.395 0.655 1.395 0.655
 score PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE     1.999 1.999 1.999 1.999
 score PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE      1.999 1.999 1.999 1.999
-score PDS_TONAME_EQ_TOLOCAL_SHORT           2.000 1.999 2.000 1.999
-score PDS_TONAME_EQ_TOLOCAL_VSHORT          0.999 1.000 0.999 1.000
-score PDS_TO_EQ_FROM_NAME                   3.199 2.385 3.199 2.385
-score PDS_URISHRT_LOCALPART_SUBJ            0.999 0.790 0.999 0.790
+score PDS_TONAME_EQ_TOLOCAL_SHORT           1.999 1.999 1.999 1.999
+score PDS_TONAME_EQ_TOLOCAL_VSHORT          0.999 0.999 0.999 0.999
+score PDS_TO_EQ_FROM_NAME                   3.099 2.390 3.099 2.390
 score PHISH_AZURE_CLOUDAPP                  3.500 3.500 3.500 3.500
-score PHISH_FBASEAPP                        0.965 1.000 0.965 1.000
-score PHOTO_EDITING_DIRECT                  2.999 1.290 2.999 1.290
+score PHISH_FBASEAPP                        1.000 1.000 1.000 1.000
+score PHOTO_EDITING_DIRECT                  1.000 1.000 1.000 1.000
 score PHOTO_EDITING_FREEM                   1.000 1.000 1.000 1.000
 score PHP_NOVER_MUA                         1.000 1.000 1.000 1.000
-score PHP_ORIG_SCRIPT                       0.001 0.001 0.001 0.001
-score PHP_SCRIPT                            2.499 2.500 2.499 2.500
+score PHP_ORIG_SCRIPT                       0.305 0.001 0.305 0.001
+score PHP_SCRIPT                            2.381 2.499 2.381 2.499
 score PHP_SCRIPT_MUA                        1.000 1.000 1.000 1.000
-score PP_MIME_FAKE_ASCII_TEXT               1.000 0.233 1.000 0.233
+score PP_MIME_FAKE_ASCII_TEXT               0.999 0.195 0.999 0.195
 score PP_TOO_MUCH_UNICODE02                 0.500 0.500 0.500 0.500
 score PP_TOO_MUCH_UNICODE05                 1.000 1.000 1.000 1.000
 score PUMPDUMP                              1.000 1.000 1.000 1.000
 score PUMPDUMP_MULTI                        1.000 1.000 1.000 1.000
-score RAND_HEADER_LIST_SPOOF                2.999 2.999 2.999 2.999
+score RAND_HEADER_LIST_SPOOF                3.000 3.000 3.000 3.000
 score RAND_HEADER_MANY                      1.000 1.000 1.000 1.000
-score RAND_MKTG_HEADER                      1.999 1.999 1.999 1.999
-score RATWARE_NO_RDNS                       2.136 1.961 2.136 1.961
+score RAND_MKTG_HEADER                      2.000 1.999 2.000 1.999
+score RATWARE_NO_RDNS                       0.866 1.744 0.866 1.744
 score RCVD_DOTEDU_SHORT                     1.000 1.000 1.000 1.000
 score RCVD_DOTEDU_SUSP_URI                  2.999 2.999 2.999 2.999
 score RCVD_IN_MSPIKE_BL                     0.001 0.001 0.001 0.001
@@ -312,113 +308,116 @@ score RCVD_IN_MSPIKE_L4                     0.001 0.001 0.001 0.001
 score RCVD_IN_MSPIKE_L5                     0.001 0.001 0.001 0.001
 score RCVD_IN_MSPIKE_WL                     0.001 0.001 0.001 0.001
 score RCVD_IN_MSPIKE_ZBI                    0.001 0.001 0.001 0.001
+score RCVD_IN_RP_CERTIFIED                  0.001 0.001 0.001 0.001
+score RCVD_IN_RP_RNBL                       0.001 0.001 0.001 0.001
+score RCVD_IN_RP_SAFE                       0.001 0.001 0.001 0.001
 score RDNS_NUM_TLD_ATCHNX                   1.000 1.000 1.000 1.000
-score RDNS_NUM_TLD_XM                       2.075 0.640 2.075 0.640
-score READY_TO_SHIP                         0.657 0.575 0.657 0.575
-score REPTO_419_FRAUD                       2.999 2.139 2.999 2.139
+score RDNS_NUM_TLD_XM                       1.697 2.236 1.697 2.236
+score READY_TO_SHIP                         0.940 0.914 0.940 0.914
+score REPTO_419_FRAUD                       1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_AOL                   1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_AOL_LOOSE             1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_CNS                   1.000 1.000 1.000 1.000
-score REPTO_419_FRAUD_GM                    2.999 2.999 2.999 2.999
-score REPTO_419_FRAUD_GM_LOOSE              0.999 1.000 0.999 1.000
+score REPTO_419_FRAUD_GM                    2.999 2.700 2.999 2.700
+score REPTO_419_FRAUD_GM_LOOSE              1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_HM                    1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_OL                    1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_PM                    1.000 1.000 1.000 1.000
-score REPTO_419_FRAUD_QQ                    2.999 2.999 2.999 2.999
+score REPTO_419_FRAUD_QQ                    2.999 2.299 2.999 2.299
 score REPTO_419_FRAUD_YH                    1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_YH_LOOSE              1.000 1.000 1.000 1.000
-score REPTO_419_FRAUD_YJ                    0.001 0.001 0.001 0.001
+score REPTO_419_FRAUD_YJ                    1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_YN                    1.000 1.000 1.000 1.000
-score RISK_FREE                             3.199 3.100 3.199 3.100
-score SENDGRID_REDIR                        1.499 1.499 1.499 1.499
+score RISK_FREE                             2.899 2.699 2.899 2.699
+score SENDGRID_REDIR                        1.499 1.333 1.499 1.333
 score SENDGRID_REDIR_PHISH                  1.000 1.000 1.000 1.000
-score SEO_SUSP_NTLD                         1.199 1.000 1.199 1.000
-score SERGIO_SUBJECT_VIAGRA01               3.398 4.099 3.398 4.099
-score SHOPIFY_IMG_NOT_RCVD_SFY              2.499 2.500 2.499 2.500
+score SEO_SUSP_NTLD                         1.000 1.000 1.000 1.000
+score SERGIO_SUBJECT_VIAGRA01               3.524 4.099 3.524 4.099
+score SHOPIFY_IMG_NOT_RCVD_SFY              2.500 2.499 2.500 2.499
 score SHORTENER_SHORT_IMG                   1.000 1.000 1.000 1.000
-score SHORTENER_SHORT_SUBJ                  2.999 2.706 2.999 2.706
-score SHORT_IMG_SUSP_NTLD                   0.001 0.001 0.001 0.001
-score SHORT_SHORTNER                        1.999 1.999 1.999 1.999
+score SHORTENER_SHORT_SUBJ                  2.999 2.049 2.999 2.049
+score SHORT_IMG_SUSP_NTLD                   0.001 1.000 0.001 1.000
+score SHORT_SHORTNER                        1.999 0.695 1.999 0.695
 score SINGLETS_LOW_CONTRAST                 0.001 0.001 0.001 0.001
-score SPOOFED_FREEMAIL                      0.001 1.564 0.001 1.564
-score SPOOFED_FREEMAIL_NO_RDNS              1.500 0.332 1.500 0.332
-score SPOOFED_FREEM_REPTO                   0.001 2.433 0.001 2.433
+score SPOOFED_FREEMAIL                      0.001 1.983 0.001 1.983
+score SPOOFED_FREEMAIL_NO_RDNS              1.499 0.001 1.499 0.001
+score SPOOFED_FREEM_REPTO                   0.001 2.013 0.001 2.013
 score SPOOFED_FREEM_REPTO_CHN               0.001 1.000 0.001 1.000
 score SPOOFED_FREEM_REPTO_RUS               0.001 1.000 0.001 1.000
 score SPOOF_GMAIL_MID                       1.499 0.001 1.499 0.001
-score STATIC_XPRIO_OLE                      0.001 0.001 0.001 0.001
-score STOCK_LOW_CONTRAST                    1.127 0.001 1.127 0.001
+score STATIC_XPRIO_OLE                      1.999 1.999 1.999 1.999
+score STOCK_LOW_CONTRAST                    1.113 2.499 1.113 2.499
 score STOCK_TIP                             1.000 1.000 1.000 1.000
 score SURBL_BLOCKED                         0.001 0.001 0.001 0.001
 score SYSADMIN                              1.000 1.000 1.000 1.000
-score THIS_AD                               1.100 1.099 1.100 1.099
-score THIS_IS_ADV_SUSP_NTLD                 0.001 0.001 0.001 0.001
+score THIS_AD                               1.199 0.516 1.199 0.516
+score THIS_IS_ADV_SUSP_NTLD                 0.568 0.001 0.568 0.001
+score THREAD_INDEX_HEX                      2.157 0.995 2.157 0.995
 score TONLINE_FAKE_DKIM                     1.000 1.000 1.000 1.000
-score TONOM_EQ_TOLOC_SHRT_SHRTNER           1.499 1.499 1.499 1.499
+score TONOM_EQ_TOLOC_SHRT_SHRTNER           1.499 1.500 1.499 1.500
 score TO_EQ_FM_DIRECT_MX                    0.001 0.001 0.001 0.001
-score TO_EQ_FM_DOM_HTML_IMG                 0.001 0.899 0.001 0.899
-score TO_EQ_FM_DOM_HTML_ONLY                1.999 0.688 1.999 0.688
+score TO_EQ_FM_DOM_HTML_IMG                 0.001 0.001 0.001 0.001
+score TO_EQ_FM_DOM_HTML_ONLY                1.799 0.861 1.799 0.861
 score TO_EQ_FM_DOM_SPF_FAIL                 0.001 0.001 0.001 0.001
-score TO_EQ_FM_HTML_ONLY                    1.299 1.299 1.299 1.299
+score TO_EQ_FM_HTML_ONLY                    0.065 1.299 0.065 1.299
 score TO_EQ_FM_SPF_FAIL                     0.001 0.001 0.001 0.001
-score TO_IN_SUBJ                            0.100 0.100 0.100 0.100
-score TO_NAME_SUBJ_NO_RDNS                  2.497 2.238 2.497 2.238
-score TO_NO_BRKTS_FROM_MSSP                 2.499 0.001 2.499 0.001
+score TO_IN_SUBJ                            0.099 0.099 0.099 0.099
+score TO_NAME_SUBJ_NO_RDNS                  1.884 2.215 1.884 2.215
+score TO_NO_BRKTS_FROM_MSSP                 2.012 0.881 2.012 0.881
 score TO_NO_BRKTS_HTML_IMG                  1.999 1.999 1.999 1.999
-score TO_NO_BRKTS_HTML_ONLY                 1.999 1.999 1.999 1.999
-score TO_NO_BRKTS_MSFT                      0.001 0.001 0.001 0.001
-score TO_NO_BRKTS_NORDNS_HTML               1.999 1.999 1.999 1.999
+score TO_NO_BRKTS_HTML_ONLY                 2.000 1.999 2.000 1.999
+score TO_NO_BRKTS_MSFT                      2.318 0.214 2.318 0.214
+score TO_NO_BRKTS_NORDNS_HTML               1.999 1.118 1.999 1.118
 score TO_NO_BRKTS_PCNT                      2.499 2.499 2.499 2.499
-score TRANSFORM_LIFE                        2.500 2.499 2.500 2.499
-score TVD_IP_HEX                            1.652 2.992 1.652 2.992
-score TVD_IP_SING_HEX                       0.082 1.325 0.082 1.325
-score TVD_RCVD_SPACE_BRACKET                2.699 0.869 2.699 0.869
-score TVD_SPACE_ENCODED                     2.499 0.618 2.499 0.618
-score TVD_SPACE_RATIO_MINFP                 2.500 2.499 2.500 2.499
+score TVD_IP_HEX                            2.699 0.604 2.699 0.604
+score TVD_IP_SING_HEX                       0.410 1.891 0.410 1.891
+score TVD_RCVD_SPACE_BRACKET                2.699 1.777 2.699 1.777
+score TVD_SPACE_ENCODED                     2.499 2.499 2.499 2.499
+score TVD_SPACE_RATIO_MINFP                 2.058 1.440 2.058 1.440
 score TW_GIBBERISH_MANY                     1.000 1.000 1.000 1.000
 score UC_GIBBERISH_OBFU                     1.000 1.000 1.000 1.000
-score UNDISC_FREEM                          3.099 2.999 3.099 2.999
-score UNDISC_MONEY                          3.299 3.199 3.299 3.199
+score UNDISC_FREEM                          2.999 2.800 2.999 2.800
+score UNDISC_MONEY                          3.400 1.787 3.400 1.787
 score UNICODE_OBFU_ASC                      1.000 1.000 1.000 1.000
 score UNICODE_OBFU_ZW                       1.000 1.000 1.000 1.000
-score UPGRADE_MAILBOX                       1.099 0.001 1.099 0.001
+score UPGRADE_MAILBOX                       1.099 1.399 1.099 1.399
 score URI_ADOBESPARK                        1.000 1.000 1.000 1.000
 score URI_AZURE_CLOUDAPP                    1.000 1.000 1.000 1.000
 score URI_DASHGOVEDU                        1.000 1.000 1.000 1.000
 score URI_DATA                              1.000 1.000 1.000 1.000
-score URI_DOTDOT_LOW_CNTRST                 1.369 2.054 1.369 2.054
-score URI_DOTEDU                            1.316 1.074 1.316 1.074
+score URI_DOTDOT_LOW_CNTRST                 2.499 1.790 2.499 1.790
+score URI_DOTEDU                            1.981 1.999 1.981 1.999
 score URI_DOTEDU_ENTITY                     1.000 1.000 1.000 1.000
 score URI_FIREBASEAPP                       2.999 2.999 2.999 2.999
-score URI_GOOGLE_PROXY                      2.999 1.611 2.999 1.611
-score URI_GOOG_STO_SPAMMY                   1.434 0.001 1.434 0.001
-score URI_HEX_IP                            2.104 1.669 2.104 1.669
+score URI_GOOGLE_PROXY                      3.099 1.631 3.099 1.631
+score URI_GOOG_STO_SPAMMY                   2.582 2.618 2.582 2.618
+score URI_HEX_IP                            0.387 2.435 0.387 2.435
 score URI_IMG_WP_REDIR                      1.000 1.000 1.000 1.000
-score URI_LONG_REPEAT                       2.104 1.055 2.104 1.055
-score URI_ONLY_MSGID_MALF                   1.676 1.999 1.676 1.999
+score URI_LONG_REPEAT                       1.000 1.000 1.000 1.000
+score URI_ONLY_MSGID_MALF                   1.999 1.607 1.999 1.607
 score URI_OPTOUT_3LD                        1.000 1.000 1.000 1.000
-score URI_PHISH                             3.999 0.844 3.999 0.844
+score URI_PHISH                             3.999 2.397 3.999 2.397
 score URI_PHP_REDIR                         3.499 3.499 3.499 3.499
-score URI_TRY_3LD                           1.936 1.999 1.936 1.999
-score URI_WPADMIN                           2.899 2.699 2.899 2.699
-score URI_WP_DIRINDEX                       2.300 2.299 2.300 2.299
-score URI_WP_HACKED                         3.499 3.499 3.499 3.499
+score URI_TRY_3LD                           1.999 1.999 1.999 1.999
+score URI_TRY_USME                          1.000 1.000 1.000 1.000
+score URI_WPADMIN                           3.299 3.099 3.299 3.099
+score URI_WP_DIRINDEX                       3.499 0.061 3.499 0.061
+score URI_WP_HACKED                         3.499 1.329 3.499 1.329
 score URI_WP_HACKED_2                       2.499 2.499 2.499 2.499
 score USB_DRIVES                            1.000 1.000 1.000 1.000
-score VFY_ACCT_NORDNS                       2.500 2.904 2.500 2.904
+score VFY_ACCT_NORDNS                       0.602 2.913 0.602 2.913
 score VPS_NO_NTLD                           1.000 1.000 1.000 1.000
 score WALMART_IMG_NOT_RCVD_WAL              1.000 1.000 1.000 1.000
-score WANT_TO_ORDER                         1.499 1.435 1.499 1.435
-score WIKI_IMG                              3.099 2.999 3.099 2.999
+score WANT_TO_ORDER                         2.499 2.499 2.499 2.499
+score WIKI_IMG                              3.199 2.561 3.199 2.561
 score WORD_INVIS                            1.000 1.000 1.000 1.000
-score WORD_INVIS_MANY                       1.000 2.898 1.000 2.898
-score XFER_LOTSA_MONEY                      0.999 0.543 0.999 0.543
-score XM_DIGITS_ONLY                        2.202 2.411 2.202 2.411
-score XM_LIGHT_HEAVY                        0.001 0.101 0.001 0.101
-score XM_RANDOM                             2.551 2.999 2.551 2.999
-score XM_RECPTID                            3.000 1.994 3.000 1.994
-score XPRIO                                 0.690 1.000 0.690 1.000
+score WORD_INVIS_MANY                       1.000 1.000 1.000 1.000
+score XFER_LOTSA_MONEY                      0.244 0.001 0.244 0.001
+score XM_DIGITS_ONLY                        2.643 1.403 2.643 1.403
+score XM_RANDOM                             2.999 2.999 2.999 2.999
+score XM_RECPTID                            2.999 2.999 2.999 2.999
+score XPRIO                                 0.001 1.000 0.001 1.000
 score XPRIO_SHORT_SUBJ                      1.000 1.000 1.000 1.000
-score XPRIO_URL_SHORTNER                    0.999 0.741 0.999 0.741
-score YOUR_DELIVERY_ADDRESS                 1.499 0.001 1.499 0.001
-score YOU_INHERIT                           2.799 2.499 2.799 2.499
+score XPRIO_URL_SHORTNER                    0.567 0.545 0.567 0.545
+score YOUR_DELIVERY_ADDRESS                 0.695 0.823 0.695 0.823
+score YOU_INHERIT                           2.399 2.200 2.399 2.200
diff --git a/sa-updates/73_sandbox_manual_scores.cf b/sa-updates/73_sandbox_manual_scores.cf
index 3dea981..0e8e305 100644
--- a/sa-updates/73_sandbox_manual_scores.cf
+++ b/sa-updates/73_sandbox_manual_scores.cf
@@ -22,7 +22,7 @@
 #
 ###########################################################################
 
-require_version 3.004005
+require_version 3.004006
 
 # jhardin
 # things depend on these
@@ -41,6 +41,7 @@ score FILL_THIS_FORM           0.001
 #score ADVANCE_FEE_3_NEW_FORM   1.00
 #score ADVANCE_FEE_4_NEW        1.00
 #score ADVANCE_FEE_5_NEW        1.50
+score ADVANCE_FEE_5_NEW_MONEY  3.00
 
 # jhardin
 # metas using Advance Fee component rules