diff --git a/sa-updates/20_aux_tlds.cf b/sa-updates/20_aux_tlds.cf
index 551bb61..e433910 100644
--- a/sa-updates/20_aux_tlds.cf
+++ b/sa-updates/20_aux_tlds.cf
@@ -51,149 +51,148 @@ endif
 # this block
 #
 # For an up to date list of IDN TLDs that can be pasted into this block, run this command:
-#  wget https://data.iana.org/TLD/tlds-alpha-by-domain.txt -q -O - | grep -i '^xn--' | tr '\n' ' ' | fold -w 80 -s | perl -pe 'chomp; s/.*/util_rb_tld \L$_\n/'
+#  wget https://data.iana.org/TLD/tlds-alpha-by-domain.txt -q -O - | grep -i '^xn--' | tr '\n' ' ' | fold -w 80 -s | perl -pe 's/\s+$//; s/.*/util_rb_tld \L$_\n/'
 # Since version 4.0 the util_rb_tld also accepts Unicode IDN labels (encoded as UTF-8), e.g.:
-#  wget https://data.iana.org/TLD/tlds-alpha-by-domain.txt -q -O - | grep -i '^xn--' | idn -u | tr '\n' ' ' | fold -w 80 -s | perl -pe 'chomp; s/.*/util_rb_tld \L$_\n/'
+#  wget https://data.iana.org/TLD/tlds-alpha-by-domain.txt -q -O - | grep -i '^xn--' | idn -u | tr '\n' ' ' | fold -w 80 -s | perl -pe 's/\s+$//; s/.*/util_rb_tld \L$_\n/'
 
 if can(Mail::SpamAssassin::Conf::feature_registryboundaries)
-util_rb_tld xn--11b4c3d xn--1ck2e1b xn--1qqw23a xn--2scrj9c xn--30rr7y xn--3bst00m 
-util_rb_tld xn--3ds443g xn--3e0b707e xn--3hcrj9c xn--3oq18vl8pn36a xn--3pxu8k xn--42c2d9a 
-util_rb_tld xn--45br5cyl xn--45brj9c xn--45q11c xn--4gbrim xn--54b7fta0cc xn--55qw42g 
-util_rb_tld xn--55qx5d xn--5su34j936bgsg xn--5tzm5g xn--6frz82g xn--6qq986b3xl xn--80adxhks 
-util_rb_tld xn--80ao21a xn--80aqecdr1a xn--80asehdb xn--80aswg xn--8y0a063a xn--90a3ac 
-util_rb_tld xn--90ae xn--90ais xn--9dbq2a xn--9et52u xn--9krt00a xn--b4w605ferd 
-util_rb_tld xn--bck1b9a5dre4c xn--c1avg xn--c2br7g xn--cck2b3b xn--cg4bki 
-util_rb_tld xn--clchc0ea0b2g2a9gcd xn--czr694b xn--czrs0t xn--czru2d xn--d1acj3b xn--d1alf 
-util_rb_tld xn--e1a4c xn--eckvdtc9d xn--efvy88h xn--estv75g xn--fct429k xn--fhbei 
-util_rb_tld xn--fiq228c5hs xn--fiq64b xn--fiqs8s xn--fiqz9s xn--fjq720a xn--flw351e 
-util_rb_tld xn--fpcrj9c3d xn--fzc2c9e2c xn--fzys8d69uvgm xn--g2xx48c xn--gckr3f0f 
-util_rb_tld xn--gecrj9c xn--gk3at1e xn--h2breg3eve xn--h2brj9c xn--h2brj9c8c xn--hxt814e 
-util_rb_tld xn--i1b6b1a6a2e xn--imr513n xn--io0a7i xn--j1aef xn--j1amh xn--j6w193g 
-util_rb_tld xn--jlq61u9w7b xn--jvr189m xn--kcrx77d1x4a xn--kprw13d xn--kpry57d xn--kpu716f 
-util_rb_tld xn--kput3i xn--l1acc xn--lgbbat1ad8j xn--mgb9awbf xn--mgba3a3ejt 
-util_rb_tld xn--mgba3a4f16a xn--mgba7c0bbn0a xn--mgbaakc7dvf xn--mgbaam7a8h xn--mgbab2bd 
-util_rb_tld xn--mgbai9azgqp6j xn--mgbayh7gpa xn--mgbb9fbpob xn--mgbbh1a xn--mgbbh1a71e 
-util_rb_tld xn--mgbc0a9azcg xn--mgbca7dzdo xn--mgberp4a5d4ar xn--mgbgu82a xn--mgbi4ecexp 
-util_rb_tld xn--mgbpl2fh xn--mgbt3dhd xn--mgbtx2b xn--mgbx4cd0ab xn--mix891f xn--mk1bu44c 
-util_rb_tld xn--mxtq1m xn--ngbc5azd xn--ngbe9e0a xn--ngbrx xn--node xn--nqv7f 
-util_rb_tld xn--nqv7fs00ema xn--nyqy26a xn--o3cw4h xn--ogbpf8fl xn--otu796d xn--p1acf 
-util_rb_tld xn--p1ai xn--pbt977c xn--pgbs0dh xn--pssy2u xn--q9jyb4c xn--qcka1pmc xn--qxam 
-util_rb_tld xn--rhqv96g xn--rovu88b xn--rvc1e0am3e xn--s9brj9c xn--ses554g xn--t60b56a 
-util_rb_tld xn--tckwe xn--tiq49xqyj xn--unup4y xn--vermgensberater-ctb 
-util_rb_tld xn--vermgensberatung-pwb xn--vhquv xn--vuq861b xn--w4r85el8fhu5dnra xn--w4rs40l 
-util_rb_tld xn--wgbh1c xn--wgbl6a xn--xhq521b xn--xkc2al3hye2a xn--xkc2dl3a5ee0h xn--y9a3aq 
+# Updated 2022-10-18
+util_rb_tld xn--11b4c3d xn--1ck2e1b xn--1qqw23a xn--2scrj9c xn--30rr7y xn--3bst00m
+util_rb_tld xn--3ds443g xn--3e0b707e xn--3hcrj9c xn--3pxu8k xn--42c2d9a xn--45br5cyl
+util_rb_tld xn--45brj9c xn--45q11c xn--4dbrk0ce xn--4gbrim xn--54b7fta0cc xn--55qw42g
+util_rb_tld xn--55qx5d xn--5su34j936bgsg xn--5tzm5g xn--6frz82g xn--6qq986b3xl xn--80adxhks
+util_rb_tld xn--80ao21a xn--80aqecdr1a xn--80asehdb xn--80aswg xn--8y0a063a xn--90a3ac
+util_rb_tld xn--90ae xn--90ais xn--9dbq2a xn--9et52u xn--9krt00a xn--b4w605ferd
+util_rb_tld xn--bck1b9a5dre4c xn--c1avg xn--c2br7g xn--cck2b3b xn--cckwcxetd xn--cg4bki
+util_rb_tld xn--clchc0ea0b2g2a9gcd xn--czr694b xn--czrs0t xn--czru2d xn--d1acj3b xn--d1alf
+util_rb_tld xn--e1a4c xn--eckvdtc9d xn--efvy88h xn--fct429k xn--fhbei xn--fiq228c5hs
+util_rb_tld xn--fiq64b xn--fiqs8s xn--fiqz9s xn--fjq720a xn--flw351e xn--fpcrj9c3d
+util_rb_tld xn--fzc2c9e2c xn--fzys8d69uvgm xn--g2xx48c xn--gckr3f0f xn--gecrj9c xn--gk3at1e
+util_rb_tld xn--h2breg3eve xn--h2brj9c xn--h2brj9c8c xn--hxt814e xn--i1b6b1a6a2e
+util_rb_tld xn--imr513n xn--io0a7i xn--j1aef xn--j1amh xn--j6w193g xn--jlq480n2rg
+util_rb_tld xn--jlq61u9w7b xn--jvr189m xn--kcrx77d1x4a xn--kprw13d xn--kpry57d xn--kput3i
+util_rb_tld xn--l1acc xn--lgbbat1ad8j xn--mgb9awbf xn--mgba3a3ejt xn--mgba3a4f16a
+util_rb_tld xn--mgba7c0bbn0a xn--mgbaakc7dvf xn--mgbaam7a8h xn--mgbab2bd xn--mgbah1a3hjkrd
+util_rb_tld xn--mgbai9azgqp6j xn--mgbayh7gpa xn--mgbbh1a xn--mgbbh1a71e xn--mgbc0a9azcg
+util_rb_tld xn--mgbca7dzdo xn--mgbcpq6gpa1a xn--mgberp4a5d4ar xn--mgbgu82a xn--mgbi4ecexp
+util_rb_tld xn--mgbpl2fh xn--mgbt3dhd xn--mgbtx2b xn--mgbx4cd0ab xn--mix891f xn--mk1bu44c
+util_rb_tld xn--mxtq1m xn--ngbc5azd xn--ngbe9e0a xn--ngbrx xn--node xn--nqv7f
+util_rb_tld xn--nqv7fs00ema xn--nyqy26a xn--o3cw4h xn--ogbpf8fl xn--otu796d xn--p1acf
+util_rb_tld xn--p1ai xn--pgbs0dh xn--pssy2u xn--q7ce6a xn--q9jyb4c xn--qcka1pmc xn--qxa6a
+util_rb_tld xn--qxam xn--rhqv96g xn--rovu88b xn--rvc1e0am3e xn--s9brj9c xn--ses554g
+util_rb_tld xn--t60b56a xn--tckwe xn--tiq49xqyj xn--unup4y xn--vermgensberater-ctb
+util_rb_tld xn--vermgensberatung-pwb xn--vhquv xn--vuq861b xn--w4r85el8fhu5dnra xn--w4rs40l
+util_rb_tld xn--wgbh1c xn--wgbl6a xn--xhq521b xn--xkc2al3hye2a xn--xkc2dl3a5ee0h xn--y9a3aq
 util_rb_tld xn--yfro4i67o xn--ygbi2ammx xn--zfr164b
 endif
 
 # Standard List
 # For an up to date list of TLDs that can be pasted into this block, run this command:
-#  wget https://data.iana.org/TLD/tlds-alpha-by-domain.txt -q -O - | tail -n+2 | grep -vi '^xn--' | tr '\n' ' ' | fold -w 80 -s | perl -pe 'chomp; s/.*/util_rb_tld \L$_\n/'
+#  wget https://data.iana.org/TLD/tlds-alpha-by-domain.txt -q -O - | tail -n+2 | grep -vi '^xn--' | tr '\n' ' ' | fold -w 80 -s | perl -pe 's/\s+$//; s/.*/util_rb_tld \L$_\n/'
 
-util_rb_tld aaa aarp abarth abb abbott abbvie abc able abogado abudhabi ac academy 
-util_rb_tld accenture accountant accountants aco actor ad adac ads adult ae aeg aero aetna 
-util_rb_tld af afamilycompany afl africa ag agakhan agency ai aig airbus airforce airtel 
-util_rb_tld akdn al alfaromeo alibaba alipay allfinanz allstate ally alsace alstom am 
-util_rb_tld amazon americanexpress americanfamily amex amfam amica amsterdam analytics 
-util_rb_tld android anquan anz ao aol apartments app apple aq aquarelle ar arab aramco 
-util_rb_tld archi army arpa art arte as asda asia associates at athleta attorney au auction 
-util_rb_tld audi audible audio auspost author auto autos avianca aw aws ax axa az azure ba 
-util_rb_tld baby baidu banamex bananarepublic band bank bar barcelona barclaycard barclays 
-util_rb_tld barefoot bargains baseball basketball bauhaus bayern bb bbc bbt bbva bcg bcn bd 
-util_rb_tld be beats beauty beer bentley berlin best bestbuy bet bf bg bh bharti bi bible 
-util_rb_tld bid bike bing bingo bio biz bj black blackfriday blockbuster blog bloomberg 
-util_rb_tld blue bm bms bmw bn bnpparibas bo boats boehringer bofa bom bond boo book 
-util_rb_tld booking bosch bostik boston bot boutique box br bradesco bridgestone broadway 
-util_rb_tld broker brother brussels bs bt budapest bugatti build builders business buy buzz 
-util_rb_tld bv bw by bz bzh ca cab cafe cal call calvinklein cam camera camp cancerresearch 
-util_rb_tld canon capetown capital capitalone car caravan cards care career careers cars 
-util_rb_tld casa case caseih cash casino cat catering catholic cba cbn cbre cbs cc cd ceb 
-util_rb_tld center ceo cern cf cfa cfd cg ch chanel channel charity chase chat cheap 
-util_rb_tld chintai christmas chrome church ci cipriani circle cisco citadel citi citic 
-util_rb_tld city cityeats ck cl claims cleaning click clinic clinique clothing cloud club 
-util_rb_tld clubmed cm cn co coach codes coffee college cologne com comcast commbank 
-util_rb_tld community company compare computer comsec condos construction consulting 
-util_rb_tld contact contractors cooking cookingchannel cool coop corsica country coupon 
-util_rb_tld coupons courses cpa cr credit creditcard creditunion cricket crown crs cruise 
-util_rb_tld cruises csc cu cuisinella cv cw cx cy cymru cyou cz dabur dad dance data date 
-util_rb_tld dating datsun day dclk dds de deal dealer deals degree delivery dell deloitte 
-util_rb_tld delta democrat dental dentist desi design dev dhl diamonds diet digital direct 
-util_rb_tld directory discount discover dish diy dj dk dm dnp do docs doctor dog domains 
-util_rb_tld dot download drive dtv dubai duck dunlop dupont durban dvag dvr dz earth eat ec 
-util_rb_tld eco edeka edu education ee eg email emerck energy engineer engineering 
-util_rb_tld enterprises epson equipment er ericsson erni es esq estate et etisalat eu 
-util_rb_tld eurovision eus events exchange expert exposed express extraspace fage fail 
-util_rb_tld fairwinds faith family fan fans farm farmers fashion fast fedex feedback 
-util_rb_tld ferrari ferrero fi fiat fidelity fido film final finance financial fire 
-util_rb_tld firestone firmdale fish fishing fit fitness fj fk flickr flights flir florist 
-util_rb_tld flowers fly fm fo foo food foodnetwork football ford forex forsale forum 
-util_rb_tld foundation fox fr free fresenius frl frogans frontdoor frontier ftr fujitsu 
-util_rb_tld fujixerox fun fund furniture futbol fyi ga gal gallery gallo gallup game games 
-util_rb_tld gap garden gay gb gbiz gd gdn ge gea gent genting george gf gg ggee gh gi gift 
-util_rb_tld gifts gives giving gl glade glass gle global globo gm gmail gmbh gmo gmx gn 
-util_rb_tld godaddy gold goldpoint golf goo goodyear goog google gop got gov gp gq gr 
-util_rb_tld grainger graphics gratis green gripe grocery group gs gt gu guardian gucci guge 
-util_rb_tld guide guitars guru gw gy hair hamburg hangout haus hbo hdfc hdfcbank health 
-util_rb_tld healthcare help helsinki here hermes hgtv hiphop hisamitsu hitachi hiv hk hkt 
-util_rb_tld hm hn hockey holdings holiday homedepot homegoods homes homesense honda horse 
-util_rb_tld hospital host hosting hot hoteles hotels hotmail house how hr hsbc ht hu hughes 
-util_rb_tld hyatt hyundai ibm icbc ice icu id ie ieee ifm ikano il im imamat imdb immo 
-util_rb_tld immobilien in inc industries infiniti info ing ink institute insurance insure 
-util_rb_tld int intel international intuit investments io ipiranga iq ir irish is ismaili 
-util_rb_tld ist istanbul it itau itv iveco jaguar java jcb jcp je jeep jetzt jewelry jio 
-util_rb_tld jll jm jmp jnj jo jobs joburg jot joy jp jpmorgan jprs juegos juniper kaufen 
-util_rb_tld kddi ke kerryhotels kerrylogistics kerryproperties kfh kg kh ki kia kim kinder 
-util_rb_tld kindle kitchen kiwi km kn koeln komatsu kosher kp kpmg kpn kr krd kred 
-util_rb_tld kuokgroup kw ky kyoto kz la lacaixa lamborghini lamer lancaster lancia land 
-util_rb_tld landrover lanxess lasalle lat latino latrobe law lawyer lb lc lds lease leclerc 
-util_rb_tld lefrak legal lego lexus lgbt li lidl life lifeinsurance lifestyle lighting like 
-util_rb_tld lilly limited limo lincoln linde link lipsy live living lixil lk llc llp loan 
-util_rb_tld loans locker locus loft lol london lotte lotto love lpl lplfinancial lr ls lt 
-util_rb_tld ltd ltda lu lundbeck lupin luxe luxury lv ly ma macys madrid maif maison makeup 
-util_rb_tld man management mango map market marketing markets marriott marshalls maserati 
-util_rb_tld mattel mba mc mckinsey md me med media meet melbourne meme memorial men menu 
-util_rb_tld merckmsd metlife mg mh miami microsoft mil mini mint mit mitsubishi mk ml mlb 
-util_rb_tld mls mm mma mn mo mobi mobile moda moe moi mom monash money monster mormon 
-util_rb_tld mortgage moscow moto motorcycles mov movie mp mq mr ms msd mt mtn mtr mu museum 
-util_rb_tld mutual mv mw mx my mz na nab nagoya name nationwide natura navy nba nc ne nec 
-util_rb_tld net netbank netflix network neustar new newholland news next nextdirect nexus 
-util_rb_tld nf nfl ng ngo nhk ni nico nike nikon ninja nissan nissay nl no nokia 
-util_rb_tld northwesternmutual norton now nowruz nowtv np nr nra nrw ntt nu nyc nz obi 
-util_rb_tld observer off office okinawa olayan olayangroup oldnavy ollo om omega one ong 
-util_rb_tld onl online onyourside ooo open oracle orange org organic origins osaka otsuka 
-util_rb_tld ott ovh pa page panasonic paris pars partners parts party passagens pay pccw pe 
-util_rb_tld pet pf pfizer pg ph pharmacy phd philips phone photo photography photos physio 
-util_rb_tld pics pictet pictures pid pin ping pink pioneer pizza pk pl place play 
-util_rb_tld playstation plumbing plus pm pn pnc pohl poker politie porn post pr pramerica 
-util_rb_tld praxi press prime pro prod productions prof progressive promo properties 
-util_rb_tld property protection pru prudential ps pt pub pw pwc py qa qpon quebec quest qvc 
-util_rb_tld racing radio raid re read realestate realtor realty recipes red redstone 
-util_rb_tld redumbrella rehab reise reisen reit reliance ren rent rentals repair report 
-util_rb_tld republican rest restaurant review reviews rexroth rich richardli ricoh 
-util_rb_tld rightathome ril rio rip rmit ro rocher rocks rodeo rogers room rs rsvp ru rugby 
-util_rb_tld ruhr run rw rwe ryukyu sa saarland safe safety sakura sale salon samsclub 
-util_rb_tld samsung sandvik sandvikcoromant sanofi sap sarl sas save saxo sb sbi sbs sc sca 
-util_rb_tld scb schaeffler schmidt scholarships school schule schwarz science scjohnson 
-util_rb_tld scot sd se search seat secure security seek select sener services ses seven sew 
-util_rb_tld sex sexy sfr sg sh shangrila sharp shaw shell shia shiksha shoes shop shopping 
-util_rb_tld shouji show showtime shriram si silk sina singles site sj sk ski skin sky skype 
-util_rb_tld sl sling sm smart smile sn sncf so soccer social softbank software sohu solar 
-util_rb_tld solutions song sony soy space sport spot spreadbetting sr srl ss st stada 
-util_rb_tld staples star statebank statefarm stc stcgroup stockholm storage store stream 
-util_rb_tld studio study style su sucks supplies supply support surf surgery suzuki sv 
-util_rb_tld swatch swiftcover swiss sx sy sydney symantec systems sz tab taipei talk taobao 
-util_rb_tld target tatamotors tatar tattoo tax taxi tc tci td tdk team tech technology tel 
-util_rb_tld temasek tennis teva tf tg th thd theater theatre tiaa tickets tienda tiffany 
-util_rb_tld tips tires tirol tj tjmaxx tjx tk tkmaxx tl tm tmall tn to today tokyo tools 
-util_rb_tld top toray toshiba total tours town toyota toys tr trade trading training travel 
-util_rb_tld travelchannel travelers travelersinsurance trust trv tt tube tui tunes tushu tv 
-util_rb_tld tvs tw tz ua ubank ubs ug uk unicom university uno uol ups us uy uz va 
-util_rb_tld vacations vana vanguard vc ve vegas ventures verisign versicherung vet vg vi 
-util_rb_tld viajes video vig viking villas vin vip virgin visa vision viva vivo vlaanderen 
-util_rb_tld vn vodka volkswagen volvo vote voting voto voyage vu vuelos wales walmart 
-util_rb_tld walter wang wanggou watch watches weather weatherchannel webcam weber website 
-util_rb_tld wed wedding weibo weir wf whoswho wien wiki williamhill win windows wine 
-util_rb_tld winners wme wolterskluwer woodside work works world wow ws wtc wtf xbox xerox 
-util_rb_tld xfinity xihuan xin xxx xyz yachts yahoo yamaxun yandex ye yodobashi yoga 
+# Updated 2022-10-18
+util_rb_tld aaa aarp abarth abb abbott abbvie abc able abogado abudhabi ac academy
+util_rb_tld accenture accountant accountants aco actor ad adac ads adult ae aeg aero aetna
+util_rb_tld af afl africa ag agakhan agency ai aig airbus airforce airtel akdn al alfaromeo
+util_rb_tld alibaba alipay allfinanz allstate ally alsace alstom am amazon americanexpress
+util_rb_tld americanfamily amex amfam amica amsterdam analytics android anquan anz ao aol
+util_rb_tld apartments app apple aq aquarelle ar arab aramco archi army arpa art arte as
+util_rb_tld asda asia associates at athleta attorney au auction audi audible audio auspost
+util_rb_tld author auto autos avianca aw aws ax axa az azure ba baby baidu banamex
+util_rb_tld bananarepublic band bank bar barcelona barclaycard barclays barefoot bargains
+util_rb_tld baseball basketball bauhaus bayern bb bbc bbt bbva bcg bcn bd be beats beauty
+util_rb_tld beer bentley berlin best bestbuy bet bf bg bh bharti bi bible bid bike bing
+util_rb_tld bingo bio biz bj black blackfriday blockbuster blog bloomberg blue bm bms bmw
+util_rb_tld bn bnpparibas bo boats boehringer bofa bom bond boo book booking bosch bostik
+util_rb_tld boston bot boutique box br bradesco bridgestone broadway broker brother
+util_rb_tld brussels bs bt build builders business buy buzz bv bw by bz bzh ca cab cafe cal
+util_rb_tld call calvinklein cam camera camp canon capetown capital capitalone car caravan
+util_rb_tld cards care career careers cars casa case cash casino cat catering catholic cba
+util_rb_tld cbn cbre cbs cc cd center ceo cern cf cfa cfd cg ch chanel channel charity
+util_rb_tld chase chat cheap chintai christmas chrome church ci cipriani circle cisco
+util_rb_tld citadel citi citic city cityeats ck cl claims cleaning click clinic clinique
+util_rb_tld clothing cloud club clubmed cm cn co coach codes coffee college cologne com
+util_rb_tld comcast commbank community company compare computer comsec condos construction
+util_rb_tld consulting contact contractors cooking cookingchannel cool coop corsica country
+util_rb_tld coupon coupons courses cpa cr credit creditcard creditunion cricket crown crs
+util_rb_tld cruise cruises cu cuisinella cv cw cx cy cymru cyou cz dabur dad dance data
+util_rb_tld date dating datsun day dclk dds de deal dealer deals degree delivery dell
+util_rb_tld deloitte delta democrat dental dentist desi design dev dhl diamonds diet
+util_rb_tld digital direct directory discount discover dish diy dj dk dm dnp do docs doctor
+util_rb_tld dog domains dot download drive dtv dubai dunlop dupont durban dvag dvr dz earth
+util_rb_tld eat ec eco edeka edu education ee eg email emerck energy engineer engineering
+util_rb_tld enterprises epson equipment er ericsson erni es esq estate et etisalat eu
+util_rb_tld eurovision eus events exchange expert exposed express extraspace fage fail
+util_rb_tld fairwinds faith family fan fans farm farmers fashion fast fedex feedback
+util_rb_tld ferrari ferrero fi fiat fidelity fido film final finance financial fire
+util_rb_tld firestone firmdale fish fishing fit fitness fj fk flickr flights flir florist
+util_rb_tld flowers fly fm fo foo food foodnetwork football ford forex forsale forum
+util_rb_tld foundation fox fr free fresenius frl frogans frontdoor frontier ftr fujitsu fun
+util_rb_tld fund furniture futbol fyi ga gal gallery gallo gallup game games gap garden gay
+util_rb_tld gb gbiz gd gdn ge gea gent genting george gf gg ggee gh gi gift gifts gives
+util_rb_tld giving gl glass gle global globo gm gmail gmbh gmo gmx gn godaddy gold
+util_rb_tld goldpoint golf goo goodyear goog google gop got gov gp gq gr grainger graphics
+util_rb_tld gratis green gripe grocery group gs gt gu guardian gucci guge guide guitars
+util_rb_tld guru gw gy hair hamburg hangout haus hbo hdfc hdfcbank health healthcare help
+util_rb_tld helsinki here hermes hgtv hiphop hisamitsu hitachi hiv hk hkt hm hn hockey
+util_rb_tld holdings holiday homedepot homegoods homes homesense honda horse hospital host
+util_rb_tld hosting hot hoteles hotels hotmail house how hr hsbc ht hu hughes hyatt hyundai
+util_rb_tld ibm icbc ice icu id ie ieee ifm ikano il im imamat imdb immo immobilien in inc
+util_rb_tld industries infiniti info ing ink institute insurance insure int international
+util_rb_tld intuit investments io ipiranga iq ir irish is ismaili ist istanbul it itau itv
+util_rb_tld jaguar java jcb je jeep jetzt jewelry jio jll jm jmp jnj jo jobs joburg jot joy
+util_rb_tld jp jpmorgan jprs juegos juniper kaufen kddi ke kerryhotels kerrylogistics
+util_rb_tld kerryproperties kfh kg kh ki kia kids kim kinder kindle kitchen kiwi km kn
+util_rb_tld koeln komatsu kosher kp kpmg kpn kr krd kred kuokgroup kw ky kyoto kz la
+util_rb_tld lacaixa lamborghini lamer lancaster lancia land landrover lanxess lasalle lat
+util_rb_tld latino latrobe law lawyer lb lc lds lease leclerc lefrak legal lego lexus lgbt
+util_rb_tld li lidl life lifeinsurance lifestyle lighting like lilly limited limo lincoln
+util_rb_tld linde link lipsy live living lk llc llp loan loans locker locus loft lol london
+util_rb_tld lotte lotto love lpl lplfinancial lr ls lt ltd ltda lu lundbeck luxe luxury lv
+util_rb_tld ly ma macys madrid maif maison makeup man management mango map market marketing
+util_rb_tld markets marriott marshalls maserati mattel mba mc mckinsey md me med media meet
+util_rb_tld melbourne meme memorial men menu merckmsd mg mh miami microsoft mil mini mint
+util_rb_tld mit mitsubishi mk ml mlb mls mm mma mn mo mobi mobile moda moe moi mom monash
+util_rb_tld money monster mormon mortgage moscow moto motorcycles mov movie mp mq mr ms msd
+util_rb_tld mt mtn mtr mu museum music mutual mv mw mx my mz na nab nagoya name natura navy
+util_rb_tld nba nc ne nec net netbank netflix network neustar new news next nextdirect
+util_rb_tld nexus nf nfl ng ngo nhk ni nico nike nikon ninja nissan nissay nl no nokia
+util_rb_tld northwesternmutual norton now nowruz nowtv np nr nra nrw ntt nu nyc nz obi
+util_rb_tld observer office okinawa olayan olayangroup oldnavy ollo om omega one ong onl
+util_rb_tld online ooo open oracle orange org organic origins osaka otsuka ott ovh pa page
+util_rb_tld panasonic paris pars partners parts party passagens pay pccw pe pet pf pfizer
+util_rb_tld pg ph pharmacy phd philips phone photo photography photos physio pics pictet
+util_rb_tld pictures pid pin ping pink pioneer pizza pk pl place play playstation plumbing
+util_rb_tld plus pm pn pnc pohl poker politie porn post pr pramerica praxi press prime pro
+util_rb_tld prod productions prof progressive promo properties property protection pru
+util_rb_tld prudential ps pt pub pw pwc py qa qpon quebec quest racing radio re read
+util_rb_tld realestate realtor realty recipes red redstone redumbrella rehab reise reisen
+util_rb_tld reit reliance ren rent rentals repair report republican rest restaurant review
+util_rb_tld reviews rexroth rich richardli ricoh ril rio rip ro rocher rocks rodeo rogers
+util_rb_tld room rs rsvp ru rugby ruhr run rw rwe ryukyu sa saarland safe safety sakura
+util_rb_tld sale salon samsclub samsung sandvik sandvikcoromant sanofi sap sarl sas save
+util_rb_tld saxo sb sbi sbs sc sca scb schaeffler schmidt scholarships school schule
+util_rb_tld schwarz science scot sd se search seat secure security seek select sener
+util_rb_tld services ses seven sew sex sexy sfr sg sh shangrila sharp shaw shell shia
+util_rb_tld shiksha shoes shop shopping shouji show showtime si silk sina singles site sj
+util_rb_tld sk ski skin sky skype sl sling sm smart smile sn sncf so soccer social softbank
+util_rb_tld software sohu solar solutions song sony soy spa space sport spot sr srl ss st
+util_rb_tld stada staples star statebank statefarm stc stcgroup stockholm storage store
+util_rb_tld stream studio study style su sucks supplies supply support surf surgery suzuki
+util_rb_tld sv swatch swiss sx sy sydney systems sz tab taipei talk taobao target
+util_rb_tld tatamotors tatar tattoo tax taxi tc tci td tdk team tech technology tel temasek
+util_rb_tld tennis teva tf tg th thd theater theatre tiaa tickets tienda tiffany tips tires
+util_rb_tld tirol tj tjmaxx tjx tk tkmaxx tl tm tmall tn to today tokyo tools top toray
+util_rb_tld toshiba total tours town toyota toys tr trade trading training travel
+util_rb_tld travelchannel travelers travelersinsurance trust trv tt tube tui tunes tushu tv
+util_rb_tld tvs tw tz ua ubank ubs ug uk unicom university uno uol ups us uy uz va
+util_rb_tld vacations vana vanguard vc ve vegas ventures verisign versicherung vet vg vi
+util_rb_tld viajes video vig viking villas vin vip virgin visa vision viva vivo vlaanderen
+util_rb_tld vn vodka volkswagen volvo vote voting voto voyage vu vuelos wales walmart
+util_rb_tld walter wang wanggou watch watches weather weatherchannel webcam weber website
+util_rb_tld wed wedding weibo weir wf whoswho wien wiki williamhill win windows wine
+util_rb_tld winners wme wolterskluwer woodside work works world wow ws wtc wtf xbox xerox
+util_rb_tld xfinity xihuan xin xxx xyz yachts yahoo yamaxun yandex ye yodobashi yoga
 util_rb_tld yokohama you youtube yt yun za zappos zara zero zip zm zone zuerich zw
 
 #
@@ -450,7 +449,7 @@ util_rb_2tld nextmail.ru
 util_rb_2tld nightmail.ru
 util_rb_2tld nm.ru
 util_rb_2tld notlong.com
-util_rb_2tld page.tl
+util_rb_2tld page.tl page.link
 util_rb_2tld pochta.ru
 util_rb_2tld pochtamt.ru
 util_rb_2tld pop3.ru
diff --git a/sa-updates/20_dnsbl_tests.cf b/sa-updates/20_dnsbl_tests.cf
index d905124..5d615f2 100644
--- a/sa-updates/20_dnsbl_tests.cf
+++ b/sa-updates/20_dnsbl_tests.cf
@@ -1,4 +1,4 @@
-# SpamAssassin rules file: DNS blacklist and whitelist tests
+# SpamAssassin rules file: DNS blocklist and welcomelist tests
 #
 # Please don't modify this file as your changes will be overwritten with
 # the next update. Use /etc/mail/spamassassin/local.cf instead.
diff --git a/sa-updates/20_freemail_domains.cf b/sa-updates/20_freemail_domains.cf
index 2b15b1c..c2cd98e 100644
--- a/sa-updates/20_freemail_domains.cf
+++ b/sa-updates/20_freemail_domains.cf
@@ -49,7 +49,7 @@ freemail_domains adres.nl advalvas.be aeiou.pt aeneasmail.com afrik.com
 freemail_domains afropoets.com aggies.com ahaa.dk aichi.com aim.com airpost.net aiutamici.com
 freemail_domains aklan.com aknet.kg alabama.usa.com alaska.usa.com alavatotal.com
 freemail_domains albafind.com albawaba.com alburaq.net aldeax.com aldeax.com.ar alex4all.com  aliyun.com
-freemail_domains alexandria.cc algeria.com alice.it alinto.com allmail.net
+freemail_domains alexandria.cc algeria.com alice.it allmail.net
 freemail_domains alskens.dk altavista.se altbox.org alternativagratis.com alum.com
 freemail_domains alunos.unipar.br alvilag.hu amenworld.com america.hm
 freemail_domains americamail.com amnetsal.com amorous.com ananzi.co.za anet.ne.jp anfmail.com
diff --git a/sa-updates/20_mailspike.cf b/sa-updates/20_mailspike.cf
index 3af7ff5..ae942d2 100644
--- a/sa-updates/20_mailspike.cf
+++ b/sa-updates/20_mailspike.cf
@@ -70,7 +70,7 @@ tflags RCVD_IN_MSPIKE_ZBI	net
 ## Meta rules for aggregating good and bad senders
 # Bad
 meta RCVD_IN_MSPIKE_BL		RCVD_IN_MSPIKE_L5 || RCVD_IN_MSPIKE_L4 || RCVD_IN_MSPIKE_L3 || __RCVD_IN_MSPIKE_Z
-describe RCVD_IN_MSPIKE_BL	Mailspike blacklisted
+describe RCVD_IN_MSPIKE_BL	Mailspike blocklisted
 tflags RCVD_IN_MSPIKE_BL	net
 
 # Good
diff --git a/sa-updates/20_pdfinfo.cf b/sa-updates/20_pdfinfo.cf
index d6963a2..52f469b 100644
--- a/sa-updates/20_pdfinfo.cf
+++ b/sa-updates/20_pdfinfo.cf
@@ -270,6 +270,7 @@ body            GMD_PDF_EMPTY_BODY      eval:pdf_is_empty_body()
 describe        GMD_PDF_EMPTY_BODY      Attached PDF with empty message body
 score           GMD_PDF_EMPTY_BODY      0.25
 # counts        GMD_PDF_EMPTY_BODY      1638s/20h of 27034 corpus (24636s/2398h AxB-MANUAL) 07/19/07
+priority        GMD_PDF_EMPTY_BODY      2000  # workaround for Bug 8070
 
 ######################################################################################################
 # metas
diff --git a/sa-updates/20_vbounce.cf b/sa-updates/20_vbounce.cf
index 3c877a7..3a1a39c 100644
--- a/sa-updates/20_vbounce.cf
+++ b/sa-updates/20_vbounce.cf
@@ -48,18 +48,16 @@
 #
 ###########################################################################
 
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-  ifplugin Mail::SpamAssassin::Plugin::VBounce
-    body __MY_SERVERS_FOUND       eval:check_welcomelist_bounce_relays()
-  endif
-else
-  ifplugin Mail::SpamAssassin::Plugin::VBounce
-    body __MY_SERVERS_FOUND       eval:check_whitelist_bounce_relays()
-  endif
-endif
-
 ifplugin Mail::SpamAssassin::Plugin::VBounce
 
+
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  body __MY_SERVERS_FOUND       eval:check_welcomelist_bounce_relays()
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  body __MY_SERVERS_FOUND       eval:check_whitelist_bounce_relays()
+endif
+
 body __HAVE_BOUNCE_RELAYS     eval:have_any_bounce_relays()
 
 # ---------------------------------------------------------------------------
@@ -335,4 +333,6 @@ describe VBOUNCE_MESSAGE    Virus-scanner bounce message
 meta     ANY_BOUNCE_MESSAGE (CRBOUNCE_MESSAGE||BOUNCE_MESSAGE||VBOUNCE_MESSAGE||OOOBOUNCE_MESSAGE)
 describe ANY_BOUNCE_MESSAGE Message is some kind of bounce message
 
-endif
+
+endif # Mail::SpamAssassin::Plugin::VBounce
+
diff --git a/sa-updates/25_dcc.cf b/sa-updates/25_dcc.cf
index a95dd22..d698e84 100644
--- a/sa-updates/25_dcc.cf
+++ b/sa-updates/25_dcc.cf
@@ -33,7 +33,7 @@ ifplugin Mail::SpamAssassin::Plugin::DCC
 
 full     DCC_CHECK	eval:check_dcc()
 describe DCC_CHECK	Detected as bulk mail by DCC (dcc-servers.net)
-tflags   DCC_CHECK	net
+tflags   DCC_CHECK	net autolearn_body
 priority DCC_CHECK	10
 reuse    DCC_CHECK
 
diff --git a/sa-updates/25_dkim.cf b/sa-updates/25_dkim.cf
index 5c19243..8cb9831 100644
--- a/sa-updates/25_dkim.cf
+++ b/sa-updates/25_dkim.cf
@@ -109,6 +109,21 @@ describe NML_ADSP_CUSTOM_MED    ADSP custom_med hit, and not from a mailing list
 meta     NML_ADSP_CUSTOM_HIGH   DKIM_ADSP_CUSTOM_HIGH && !__VIA_ML && !__VIA_RESIGNER
 describe NML_ADSP_CUSTOM_HIGH   ADSP custom_high hit, and not from a mailing list
 
+if can(Mail::SpamAssassin::Plugin::DKIM::has_arc)
+  full     ARC_SIGNED		eval:check_arc_signed()
+  describe ARC_SIGNED		Message has a ARC signature
+  tflags   ARC_SIGNED		net
+  reuse    ARC_SIGNED
+
+  full     ARC_VALID		eval:check_arc_valid()
+  describe ARC_VALID		Message has a valid ARC signature
+  tflags   ARC_VALID		net
+  reuse    ARC_VALID
+
+  meta     ARC_INVALID		ARC_SIGNED && !ARC_VALID
+  describe ARC_INVALID		ARC signature exists, but is not valid
+endif
+
 #
 # old, declared for compatibility with pre-3.3, should have scores 0
 #
diff --git a/sa-updates/60_whitelist_subject.cf b/sa-updates/25_dmarc.cf
similarity index 52%
rename from sa-updates/60_whitelist_subject.cf
rename to sa-updates/25_dmarc.cf
index 970c808..48afd49 100644
--- a/sa-updates/60_whitelist_subject.cf
+++ b/sa-updates/25_dmarc.cf
@@ -1,4 +1,4 @@
-# SpamAssassin rules file: default whitelist/blacklist subject
+# SpamAssassin - DMARC rules
 #
 # Please don't modify this file as your changes will be overwritten with
 # the next update. Use /etc/mail/spamassassin/local.cf instead.
@@ -20,23 +20,43 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 # </@LICENSE>
-
-###########################################################################
-# Whitelist/Blacklist rules
 #
-# Note that most of these get 'noautolearn'.  They should not be
-# considered when deciding whether to auto-learn a message, as a
-# user slip-up could result in scribbling side-effects in the bayes
-# db as a result -- which is hard to remedy.
+###########################################################################
 
-ifplugin Mail::SpamAssassin::Plugin::WhiteListSubject
+# Requires the Mail::SpamAssassin::Plugin::DMARC plugin be loaded.
 
-header SUBJECT_IN_WHITELIST	eval:check_subject_in_whitelist()
-describe SUBJECT_IN_WHITELIST	Subject: contains string in the user's white-list
-tflags SUBJECT_IN_WHITELIST	userconf nice noautolearn
+# Backwards compatible name (was renamed to DMARC in trunk before 4.0.0)
+ifplugin Mail::SpamAssassin::Plugin::Dmarc
 
-header SUBJECT_IN_BLACKLIST	eval:check_subject_in_blacklist()
-describe SUBJECT_IN_BLACKLIST	Subject: contains string in the user's black-list
-tflags SUBJECT_IN_BLACKLIST	userconf noautolearn
+header DMARC_PASS eval:check_dmarc_pass()
+describe DMARC_PASS DMARC pass policy
+priority DMARC_PASS 500
+tflags DMARC_PASS net nice
+reuse DMARC_PASS
+
+header DMARC_REJECT eval:check_dmarc_reject()
+describe DMARC_REJECT DMARC reject policy
+priority DMARC_REJECT 500
+tflags DMARC_REJECT net
+reuse DMARC_REJECT
+
+header DMARC_QUAR eval:check_dmarc_quarantine()
+describe DMARC_QUAR DMARC quarantine policy
+priority DMARC_QUAR 500
+tflags DMARC_QUAR net
+reuse DMARC_QUAR
+
+header DMARC_NONE eval:check_dmarc_none()
+describe DMARC_NONE DMARC none policy
+priority DMARC_NONE 500
+tflags DMARC_NONE net
+reuse DMARC_NONE
+
+header DMARC_MISSING eval:check_dmarc_missing()
+describe DMARC_MISSING Missing DMARC policy
+priority DMARC_MISSING 500
+tflags DMARC_MISSING net
+reuse DMARC_MISSING
+
+endif
 
-endif # Mail::SpamAssassin::Plugin::WhiteListSubject
diff --git a/sa-updates/25_pyzor.cf b/sa-updates/25_pyzor.cf
index 12495ec..990312a 100644
--- a/sa-updates/25_pyzor.cf
+++ b/sa-updates/25_pyzor.cf
@@ -33,7 +33,7 @@ ifplugin Mail::SpamAssassin::Plugin::Pyzor
 
 full PYZOR_CHECK	eval:check_pyzor()
 describe PYZOR_CHECK	Listed in Pyzor (https://pyzor.readthedocs.io/en/latest/)
-tflags PYZOR_CHECK	net
+tflags PYZOR_CHECK	net autolearn_body
 priority PYZOR_CHECK	30
 reuse  PYZOR_CHECK
 
diff --git a/sa-updates/25_razor2.cf b/sa-updates/25_razor2.cf
index 0626b73..a32bbea 100644
--- a/sa-updates/25_razor2.cf
+++ b/sa-updates/25_razor2.cf
@@ -33,7 +33,7 @@ ifplugin Mail::SpamAssassin::Plugin::Razor2
 
 full RAZOR2_CHECK	eval:check_razor2()
 describe RAZOR2_CHECK	Listed in Razor2 (http://razor.sf.net/)
-tflags RAZOR2_CHECK	net
+tflags RAZOR2_CHECK	net autolearn_body
 priority RAZOR2_CHECK	20
 reuse  RAZOR2_CHECK
 
diff --git a/sa-updates/25_uribl.cf b/sa-updates/25_uribl.cf
index c61abe8..f575ed9 100644
--- a/sa-updates/25_uribl.cf
+++ b/sa-updates/25_uribl.cf
@@ -342,12 +342,12 @@ uridnsbl_skip_domain microsofttranslator.com office.com microsoftonline.com bing
 
 # Some frequent known good URIDNSBL lookups 3.10.2018 -hk
 uridnsbl_skip_domain aka.ms akamaihd.net alibaba.com alicdn.com amazon.co.uk
-uridnsbl_skip_domain amazon.de amazonaws.com amazonses.com bandcamp.com
-uridnsbl_skip_domain booking.com cdninstagram.com cloudfront.net dhl.com
+uridnsbl_skip_domain amazon.de amazonses.com bandcamp.com
+uridnsbl_skip_domain booking.com cdninstagram.com dhl.com
 uridnsbl_skip_domain dhl.fi dna.fi domain.fi dpd.de dropbox.com ebay.fr
 uridnsbl_skip_domain elisa.fi elisanet.fi emltrk.com fbcdn.net ficora.fi
 uridnsbl_skip_domain gappssmtp.com github.com goo.gl google-analytics.com
-uridnsbl_skip_domain google.de google.fi googleapis.com googleusercontent.com
+uridnsbl_skip_domain google.de google.fi googleusercontent.com
 uridnsbl_skip_domain gstatic.com hotels.com ikea.com images-amazon.com
 uridnsbl_skip_domain inet.fi instagram.com kolumbus.fi licdn.com linkedin.com
 uridnsbl_skip_domain media-amazon.com mtasv.net mzstatic.com nebula.fi
diff --git a/sa-updates/25_url_shortener.cf b/sa-updates/25_url_shortener.cf
new file mode 100644
index 0000000..b5ddffd
--- /dev/null
+++ b/sa-updates/25_url_shortener.cf
@@ -0,0 +1,301 @@
+# SpamAssassin - URL shortener rules
+#
+# Please don't modify this file as your changes will be overwritten with
+# the next update. Use /etc/mail/spamassassin/local.cf instead.
+# See 'perldoc Mail::SpamAssassin::Conf' for details.
+#
+# <@LICENSE>
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at:
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# </@LICENSE>
+#
+###########################################################################
+
+###
+### Note that this file contains two separate lists, url_shortener and a
+### backup regex generated from it.  Both must updated and kept in sync.
+###
+### __URL_SHORTENER will always by set by either the plugin or regex
+###
+
+# SpamAssassin 4.0 version required
+if can(Mail::SpamAssassin::Plugin::DecodeShortURLs::has_short_url_redir)
+
+body __URL_SHORTENER eval:short_url()
+
+body URL_SHORTENER_CHAINED     eval:short_url_chained()
+describe URL_SHORTENER_CHAINED Message contains shortened URL chained to other shorteners
+tflags URL_SHORTENER_CHAINED   net
+score URL_SHORTENER_CHAINED    0.01
+
+uri URL_SHORTENER_DISABLED      m,^https://(?:bitly\.com/a/blocked|tinyurl\.com/app/nospam),
+describe URL_SHORTENER_DISABLED Message contains shortened URL that has been disabled due to abuse
+tflags URL_SHORTENER_DISABLED   net
+score URL_SHORTENER_DISABLED    2
+
+#
+# Please only add entries that you manually verified as actual working
+# redirectors that can have abusable custom URLs.  Adding non-abusable
+# services only generates unnecessary HTTP requests.
+#
+# After any changes, also update __URL_SHORTENER regex at end of file.
+#
+
+# generic list of likely active services - cleaned up 25.05.2022
+url_shortener .ftn.app
+url_shortener .page.link
+url_shortener .short.gy
+url_shortener .shortz.me
+url_shortener 0rz.tw
+url_shortener 4sq.com
+url_shortener 4url.cc
+url_shortener afly.co
+url_shortener ai6.net
+url_shortener amzn.com
+url_shortener amzn.to
+url_shortener b.link
+url_shortener b23.ru
+url_shortener binged.it
+url_shortener bit.do
+url_shortener bit.ly
+url_shortener bitly.com
+url_shortener bizj.us
+url_shortener chilp.it
+url_shortener conta.cc
+url_shortener crks.me
+url_shortener cutt.ly
+url_shortener cutwin.biz
+url_shortener dai.ly
+url_shortener db.tt
+url_shortener disq.us
+url_shortener dlvr.it
+url_shortener doi.org
+url_shortener doiop.com
+url_shortener eepurl.com
+url_shortener fb.me
+url_shortener fire.to
+url_shortener firsturl.de
+url_shortener firsturl.net
+url_shortener flic.kr
+url_shortener gdurl.com
+url_shortener go.ly
+url_shortener goo.gl
+url_shortener goolnk.com
+url_shortener gplinks.in
+url_shortener guest.link
+url_shortener hellotxt.com
+url_shortener hop.kz
+url_shortener hotshorturl.com
+url_shortener hub.am
+url_shortener huff.to
+url_shortener hurl.it
+url_shortener hyperurl.co
+url_shortener inx.lv
+url_shortener is.gd
+url_shortener it2.in
+url_shortener j.mp
+url_shortener kore.us
+url_shortener kurl.no
+url_shortener l.bestsellers.to
+url_shortener lnk.sk
+url_shortener lnkd.in
+url_shortener lnkiy.in
+url_shortener lru.jp
+url_shortener mrte.ch
+url_shortener n9.cl
+url_shortener ndurl.com
+url_shortener onion.com
+url_shortener ouo.io
+url_shortener ow.ly
+url_shortener owl.li
+url_shortener pduda.mobi
+url_shortener rb.gy
+url_shortener redir.ec
+url_shortener rotf.lol
+url_shortener s.apache.org
+url_shortener s.id
+url_shortener shar.es
+url_shortener shorl.com
+url_shortener shortn.me
+url_shortener shorturl.at
+url_shortener simurl.net
+url_shortener slidesha.re
+url_shortener smarturl.it
+url_shortener smfu.in
+url_shortener snip.ly
+url_shortener snkr.me
+url_shortener stpmvt.com
+url_shortener t.co
+url_shortener t.ly
+url_shortener tcrn.ch
+url_shortener tgr.ph
+url_shortener tiny.cc
+url_shortener tiny.one
+url_shortener tiny.pl
+url_shortener tinylink.in
+url_shortener tinyurl.com
+url_shortener to.ly
+url_shortener trib.al
+url_shortener twixar.me
+url_shortener u.nu
+url_shortener u.to
+url_shortener url.ie
+url_shortener urlcut.com
+url_shortener urlday.cc
+url_shortener urls.im
+url_shortener urlz.at
+url_shortener urlzs.com
+url_shortener utfg.sk
+url_shortener wow.link
+url_shortener wp.me
+url_shortener x.co
+url_shortener x.hypem.com
+url_shortener xurl.es
+url_shortener yhoo.it
+url_shortener youtu.be
+url_shortener z23.ru
+url_shortener zurl.ws
+
+# www.shrunken.com - list validated 25.05.2022
+url_shortener www.shrunken.com
+url_shortener 0.gp
+url_shortener 2.gp
+url_shortener 2.ly
+url_shortener 3.ly
+url_shortener 4.gp
+url_shortener 4.ly
+url_shortener 5.gp
+url_shortener 6.gp
+url_shortener 6.ly
+url_shortener 7.ly
+url_shortener 8.ly
+url_shortener 9.ly
+url_shortener g.asia
+url_shortener p.asia
+url_shortener ur3.us
+
+# shorturl.com - list validated 25.05.2022
+url_shortener alturl.com
+url_shortener .1sta.com
+url_shortener .24ex.com
+url_shortener .2fear.com
+url_shortener .2fortune.com
+url_shortener .2freedom.com
+url_shortener .2hell.com
+url_shortener .2savvy.com
+url_shortener .2truth.com
+url_shortener .2tunes.com
+url_shortener .2ya.com
+url_shortener .alturl.com
+url_shortener .antiblog.com
+url_shortener .bigbig.com
+url_shortener .dealtap.com
+url_shortener .ebored.com
+url_shortener .echoz.com
+url_shortener .filetap.com
+url_shortener .funurl.com
+url_shortener .headplug.com
+url_shortener .hereweb.com
+url_shortener .hitart.com
+url_shortener .mirrorz.com
+url_shortener .mp3update.com
+url_shortener .shorturl.com
+url_shortener .spyw.com
+url_shortener .vze.com
+
+# iscool.net - list validated 25.05.2022
+url_shortener .arecool.net
+url_shortener .iscool.net
+url_shortener .isfun.net
+url_shortener .tux.nu
+
+# kisa.link - list validated 25.05.2022
+url_shortener kisa.link
+url_shortener www.kisa.link
+url_shortener bul.tc
+url_shortener cy.tc
+url_shortener fn.tc
+url_shortener ftp.tc
+url_shortener gr.tc
+url_shortener hbr.tc
+url_shortener heg.tc
+url_shortener ins.tc
+url_shortener ko.tc
+url_shortener kod.tc
+url_shortener lol.tc
+url_shortener m2.tc
+url_shortener ml.tc
+url_shortener mmo.tc
+url_shortener oy.tc
+url_shortener pc.tc
+url_shortener pubg.tc
+url_shortener pvp.tc
+url_shortener sro.tc
+url_shortener tek.link
+url_shortener tw.tc
+
+# grabify.link - list validated 25.05.2022
+url_shortener grabify.link
+url_shortener catsnthing.com
+url_shortener catsnthings.fun
+url_shortener cheapcinema.club
+url_shortener dateing.club
+url_shortener fortnight.space
+url_shortener fortnitechat.site
+url_shortener freegiftcards.co
+url_shortener gaming-at-my.best
+url_shortener gamingfun.me
+url_shortener headshot.monster
+url_shortener imageshare.best
+url_shortener joinmy.site
+url_shortener leancoding.co
+url_shortener locations.quest
+url_shortener lovebird.guru
+url_shortener myprivate.pics
+url_shortener noodshare.pics
+url_shortener partpicker.shop
+url_shortener progaming.monster
+url_shortener screenshare.pics
+url_shortener screenshot.best
+url_shortener shhh.lol
+url_shortener shrekis.life
+url_shortener sportshub.bar
+url_shortener stopify.co
+url_shortener trulove.guru
+url_shortener yourmy.monster
+
+# GET method required for some services, keep the same services in url_shortener also
+if can(Mail::SpamAssassin::Plugin::DecodeShortURLs::has_get)
+url_shortener_get bit.ly
+endif
+
+endif  # has_short_url_redir
+
+
+###
+### Use a regex if DecodeShortURLs plugin is not loaded
+###
+
+if !can(Mail::SpamAssassin::Plugin::DecodeShortURLs::has_short_url_redir)
+
+## Generate __URL_SHORTENER with this command, to keep it in sync with url_shortener list:
+##
+## perl -pe 'while (<>) {/^\s*url_shortener\s+(\S+)/ or next;$s=quotemeta($1);$s=~s/^\\./\\w+\\./;push @a,$s} print "uri __URL_SHORTENER m,^https?://(?:".join("|",@a).")/,i\n"' < 25_url_shortener.cf
+##
+
+uri __URL_SHORTENER m,^https?://(?:\w+\.ftn\.app|\w+\.page\.link|\w+\.short\.gy|\w+\.shortz\.me|0rz\.tw|4sq\.com|4url\.cc|afly\.co|ai6\.net|amzn\.com|amzn\.to|b\.link|b23\.ru|binged\.it|bit\.do|bit\.ly|bitly\.com|bizj\.us|chilp\.it|conta\.cc|crks\.me|cutt\.ly|cutwin\.biz|dai\.ly|db\.tt|disq\.us|dlvr\.it|doi\.org|doiop\.com|eepurl\.com|fb\.me|fire\.to|firsturl\.de|firsturl\.net|flic\.kr|gdurl\.com|go\.ly|goo\.gl|goolnk\.com|gplinks\.in|guest\.link|hellotxt\.com|hop\.kz|hotshorturl\.com|hub\.am|huff\.to|hurl\.it|hyperurl\.co|inx\.lv|is\.gd|it2\.in|j\.mp|kore\.us|kurl\.no|l\.bestsellers\.to|lnk\.sk|lnkd\.in|lnkiy\.in|lru\.jp|mrte\.ch|n9\.cl|ndurl\.com|onion\.com|ouo\.io|ow\.ly|owl\.li|pduda\.mobi|rb\.gy|redir\.ec|rotf\.lol|s\.apache\.org|s\.id|shar\.es|shorl\.com|shortn\.me|shorturl\.at|simurl\.net|slidesha\.re|smarturl\.it|smfu\.in|snip\.ly|snkr\.me|stpmvt\.com|t\.co|t\.ly|tcrn\.ch|tgr\.ph|tiny\.cc|tiny\.one|tiny\.pl|tinylink\.in|tinyurl\.com|to\.ly|trib\.al|twixar\.me|u\.nu|u\.to|url\.ie|urlcut\.com|urlday\.cc|urls\.im|urlz\.at|urlzs\.com|utfg\.sk|wow\.link|wp\.me|x\.co|x\.hypem\.com|xurl\.es|yhoo\.it|youtu\.be|z23\.ru|zurl\.ws|www\.shrunken\.com|0\.gp|2\.gp|2\.ly|3\.ly|4\.gp|4\.ly|5\.gp|6\.gp|6\.ly|7\.ly|8\.ly|9\.ly|g\.asia|p\.asia|ur3\.us|alturl\.com|\w+\.1sta\.com|\w+\.24ex\.com|\w+\.2fear\.com|\w+\.2fortune\.com|\w+\.2freedom\.com|\w+\.2hell\.com|\w+\.2savvy\.com|\w+\.2truth\.com|\w+\.2tunes\.com|\w+\.2ya\.com|\w+\.alturl\.com|\w+\.antiblog\.com|\w+\.bigbig\.com|\w+\.dealtap\.com|\w+\.ebored\.com|\w+\.echoz\.com|\w+\.filetap\.com|\w+\.funurl\.com|\w+\.headplug\.com|\w+\.hereweb\.com|\w+\.hitart\.com|\w+\.mirrorz\.com|\w+\.mp3update\.com|\w+\.shorturl\.com|\w+\.spyw\.com|\w+\.vze\.com|\w+\.arecool\.net|\w+\.iscool\.net|\w+\.isfun\.net|\w+\.tux\.nu|kisa\.link|www\.kisa\.link|bul\.tc|cy\.tc|fn\.tc|ftp\.tc|gr\.tc|hbr\.tc|heg\.tc|ins\.tc|ko\.tc|kod\.tc|lol\.tc|m2\.tc|ml\.tc|mmo\.tc|oy\.tc|pc\.tc|pubg\.tc|pvp\.tc|sro\.tc|tek\.link|tw\.tc|grabify\.link|catsnthing\.com|catsnthings\.fun|cheapcinema\.club|dateing\.club|fortnight\.space|fortnitechat\.site|freegiftcards\.co|gaming\-at\-my\.best|gamingfun\.me|headshot\.monster|imageshare\.best|joinmy\.site|leancoding\.co|locations\.quest|lovebird\.guru|myprivate\.pics|noodshare\.pics|partpicker\.shop|progaming\.monster|screenshare\.pics|screenshot\.best|shhh\.lol|shrekis\.life|sportshub\.bar|stopify\.co|trulove\.guru|yourmy\.monster)/,i
+
+endif
+
diff --git a/sa-updates/30_text_de.cf b/sa-updates/30_text_de.cf
index 7025146..c14b3e3 100644
--- a/sa-updates/30_text_de.cf
+++ b/sa-updates/30_text_de.cf
@@ -328,10 +328,10 @@ lang de describe BAYES_99 Spamwahrscheinlichkeit nach Bayes-Test: 99-100%
 lang de describe BAYES_999 Spamwahrscheinlichkeit nach Bayes-Test: 99.9-100%
 endif
 #
-lang de describe USER_IN_BLACKLIST Absenderadresse steht in Ihrer persönlichen schwarzen Liste
-lang de describe USER_IN_WHITELIST Absenderadresse steht in Ihrer persönlichen weißen Liste
-lang de describe USER_IN_DEF_WHITELIST Absenderadresse steht in der allgemeinen weißen Liste
-lang de describe USER_IN_BLACKLIST_TO Empfängeradresse steht in Ihrer persönlichen schwarzen Liste
+lang de describe USER_IN_BLOCKLIST Absenderadresse steht in Ihrer persönlichen schwarzen Liste
+lang de describe USER_IN_WELCOMELIST Absenderadresse steht in Ihrer persönlichen weißen Liste
+lang de describe USER_IN_DEF_WELCOMELIST Absenderadresse steht in der allgemeinen weißen Liste
+lang de describe USER_IN_BLOCKLIST_TO Empfängeradresse steht in Ihrer persönlichen schwarzen Liste
 lang de describe USER_IN_WELCOMELIST_TO Empfängeradresse steht in Ihrer persönlichen weißen Liste
 lang de describe USER_IN_MORE_SPAM_TO Empfängeradresse soll fast alle (Spam-) Nachrichten erhalten
 lang de describe USER_IN_ALL_SPAM_TO Empfängeradresse soll alle (Spam-) Nachrichten erhalten
diff --git a/sa-updates/30_text_fr.cf b/sa-updates/30_text_fr.cf
index a511300..840f8e0 100644
--- a/sa-updates/30_text_fr.cf
+++ b/sa-updates/30_text_fr.cf
@@ -246,11 +246,11 @@ lang fr describe UPPERCASE_50_75	Message compos
 lang fr describe UPPERCASE_75_100	Message composé de 75 à 100% de majuscules
 lang fr describe URG_BIZ		Contient la formule "urgent business"
 lang fr describe USER_IN_ALL_SPAM_TO	Destinataire sur la liste "all_spam_to" (config SA locale)
-lang fr describe USER_IN_BLACKLIST	Expéditeur sur la liste noire (config SA locale)
-lang fr describe USER_IN_BLACKLIST_TO   Destinataire sur la liste "blacklist_to" (config SA locale)
-lang fr describe USER_IN_DEF_WHITELIST	Expéditeur dans la liste OK par défaut de SpamAssassin
+lang fr describe USER_IN_BLOCKLIST	Expéditeur sur la liste noire (config SA locale)
+lang fr describe USER_IN_BLOCKLIST_TO   Destinataire sur la liste "blocklist_to" (config SA locale)
+lang fr describe USER_IN_DEF_WELCOMELIST Expéditeur dans la liste OK par défaut de SpamAssassin
 lang fr describe USER_IN_MORE_SPAM_TO	Destinataire sur la liste "more_spam_to" (config SA locale)
-lang fr describe USER_IN_WHITELIST	Expéditeur sur la liste blanche (OK) (config SA locale)
+lang fr describe USER_IN_WELCOMELIST	Expéditeur sur la liste blanche (OK) (config SA locale)
 lang fr describe USER_IN_WELCOMELIST_TO	Destinataire sur la liste blanche (config SA)
 #lang fr describe US_DOLLARS_3           Escroq. nigérienne, version modifiée, phrase clé ($NN,NNN,NNN.NN)
 lang fr describe DRUG_ED_ONLINE          Vente de Viagra par correspondance
diff --git a/sa-updates/30_text_pl.cf b/sa-updates/30_text_pl.cf
index 37712dc..c249b4e 100644
--- a/sa-updates/30_text_pl.cf
+++ b/sa-updates/30_text_pl.cf
@@ -232,12 +232,12 @@ lang pl describe UPPERCASE_75_100	Tre
 lang pl describe URG_BIZ		Pilna sprawa
 #lang pl describe US_DOLLARS_3		Wspomina miliony $ ($NN,NNN,NNN.NN)
 lang pl describe USER_IN_ALL_SPAM_TO	U¿ytkownik jest wymieniony w 'all_spam_to'
-lang pl describe USER_IN_BLACKLIST	Od: zawiera adres z Twojej "czarnej listy"
-lang pl describe USER_IN_BLACKLIST_TO	U¿ytkownik jest wymieniony w 'blacklist_to'
-lang pl describe USER_IN_DEF_WHITELIST	U¿ytkownik jest wymieniony w domy¶lnej white-list (bia³ej li¶cie)
+lang pl describe USER_IN_BLOCKLIST	Od: zawiera adres z Twojej "czarnej listy"
+lang pl describe USER_IN_BLOCKLIST_TO	U¿ytkownik jest wymieniony w 'blocklist_to'
+lang pl describe USER_IN_DEF_WELCOMELIST	U¿ytkownik jest wymieniony w domy¶lnej welcome-list (bia³ej li¶cie)
 lang pl describe USER_IN_MORE_SPAM_TO	U¿ytkownik jest wymieniony w 'more_spam_to'
-lang pl describe USER_IN_WHITELIST	Od: zawiera adres z white-list (bia³ej listy)
-lang pl describe USER_IN_WELCOMELIST_TO	U¿ytkownik jest wymieniony w 'whitelist_to'
+lang pl describe USER_IN_WELCOMELIST	Od: zawiera adres z welcome-list (bia³ej listy)
+lang pl describe USER_IN_WELCOMELIST_TO	U¿ytkownik jest wymieniony w 'welcomelist_to'
 lang pl describe WEIRD_PORT		U¿ywa niestandardowego numeru portu dla HTTP
 lang pl describe WEIRD_QUOTING		Dziwne, powtarzaj±ce siê znaki podwójnego cytowania
 lang pl describe WITH_LC_SMTP		Linia 'Received' zawiera spamerski podpis (smtp)
diff --git a/sa-updates/30_text_pt_br.cf b/sa-updates/30_text_pt_br.cf
index 1e6f859..182d75c 100644
--- a/sa-updates/30_text_pt_br.cf
+++ b/sa-updates/30_text_pt_br.cf
@@ -50,16 +50,16 @@ lang pt_BR unsafe_report ou confirmar que seu endere
 lang pt_BR unsafe_report Se quiser visualizar a mensagem, pode ser mais seguro salvá-la em um arquivo
 lang pt_BR unsafe_report e abrí-la com um editor.
 
-lang pt_BR describe USER_IN_BLACKLIST Endereço do From: está na blacklist do usuário
-lang pt_BR describe USER_IN_WHITELIST Endereço do From: está na whitelist do usuário
-lang pt_BR describe USER_IN_DEF_WHITELIST Endereço do From: está na whitelist padrão
-lang pt_BR describe USER_IN_BLACKLIST_TO Usuário está listado na 'blacklist_to'
-lang pt_BR describe USER_IN_WELCOMELIST_TO Usuário está listado na 'whitelist_to'
+lang pt_BR describe USER_IN_BLOCKLIST Endereço do From: está na blocklist do usuário
+lang pt_BR describe USER_IN_WELCOMELIST Endereço do From: está na welcomelist do usuário
+lang pt_BR describe USER_IN_DEF_WELCOMELIST Endereço do From: está na welcomelist padrão
+lang pt_BR describe USER_IN_BLOCKLIST_TO Usuário está listado na 'blocklist_to'
+lang pt_BR describe USER_IN_WELCOMELIST_TO Usuário está listado na 'welcomelist_to'
 lang pt_BR describe USER_IN_MORE_SPAM_TO Usuário está listado na 'more_spam_to'
 lang pt_BR describe USER_IN_ALL_SPAM_TO Usuário está listado na 'all_spam_to'
 
 ifplugin Mail::SpamAssassin::Plugin::AWL
-lang pt_BR describe AWL Endereço do From: está na auto whitelist
+lang pt_BR describe AWL Endereço do From: está na auto welcomelist
 endif
 
 # 20_advance_fee.cf - These are removed and will break lint
@@ -357,7 +357,7 @@ lang pt_BR describe EMPTY_MESSAGE Mensagem parece n
 lang pt_BR describe NO_HEADERS_MESSAGE Mensagem parece não conter grande parte dos cabeçalhos RFC-822
 
 # 20_net_tests.cf
-lang pt_BR describe DIGEST_MULTIPLE Remetente está listado em mais de uma blacklist
+lang pt_BR describe DIGEST_MULTIPLE Remetente está listado em mais de uma blocklist
 lang pt_BR describe NO_DNS_FOR_FROM Remetente não possui registros MX ou A no DNS
 
 # 20_phrases.cf
@@ -579,17 +579,17 @@ lang pt_BR describe BODY_8BITS Body cont
 endif
 
 # 25_uribl.cf
-lang pt_BR describe URIBL_SBL Contém uma URL listada na blacklist SBL
-lang pt_BR describe URIBL_DBL_SPAM Contém uma URL listada na blacklist DBL blocklist
+lang pt_BR describe URIBL_SBL Contém uma URL listada na blocklist SBL
+lang pt_BR describe URIBL_DBL_SPAM Contém uma URL listada na blocklist DBL blocklist
 lang pt_BR describe URIBL_DBL_ERROR Erro: Consultou a DBL por um IP
-#lang pt_BR describe URIBL_SC_SURBL Contém uma URL listada na blacklist SC SURBL - removed bug 7279
-lang pt_BR describe URIBL_WS_SURBL Contém uma URL listada na blacklist WS SURBL
-lang pt_BR describe URIBL_PH_SURBL Contém uma URL listada na blacklist PH SURBL
-#lang pt_BR describe URIBL_OB_SURBL Contém uma URL listada na blacklist OB SURBL - REMOVED BUG 6853
-#lang pt_BR describe URIBL_AB_SURBL Contém uma URL listada na blacklist AB SURBL - removed bug 7279
+#lang pt_BR describe URIBL_SC_SURBL Contém uma URL listada na blocklist SC SURBL - removed bug 7279
+lang pt_BR describe URIBL_WS_SURBL Contém uma URL listada na blocklist WS SURBL
+lang pt_BR describe URIBL_PH_SURBL Contém uma URL listada na blocklist PH SURBL
+#lang pt_BR describe URIBL_OB_SURBL Contém uma URL listada na blocklist OB SURBL - REMOVED BUG 6853
+#lang pt_BR describe URIBL_AB_SURBL Contém uma URL listada na blocklist AB SURBL - removed bug 7279
 #Changed from JP to ABUSE per bug 7279
-lang pt_BR describe URIBL_ABUSE_SURBL Contém uma URL listada na blacklist ABUSE SURBL
-lang pt_BR describe URIBL_BLACK Contém uma URL listada na blacklist URIBL
+lang pt_BR describe URIBL_ABUSE_SURBL Contém uma URL listada na blocklist ABUSE SURBL
+lang pt_BR describe URIBL_BLACK Contém uma URL listada na blocklist URIBL
 lang pt_BR describe URIBL_GREY Contém uma URL listada na greylist URIBL
 lang pt_BR describe URIBL_RED Contém uma URL listada na redlist URIBL
 
@@ -598,16 +598,12 @@ ifplugin Mail::SpamAssassin::Plugin::Shortcircuit
 lang pt_BR describe SHORTCIRCUIT Nem todas as regras foram executadas por causa de um problema em uma delas
 endif
 
-# 60_whitelist_dkim.cf
-lang pt_BR describe USER_IN_DKIM_WHITELIST Endereço do From: está na whitelist de DKIM do usuário
-lang pt_BR describe USER_IN_DEF_DKIM_WL Endereço do From: está na whitelist de DKIM padrão
+# 60_welcomelist_dkim.cf
+lang pt_BR describe USER_IN_DKIM_WELCOMELIST Endereço do From: está na welcomelist de DKIM do usuário
+lang pt_BR describe USER_IN_DEF_DKIM_WL Endereço do From: está na welcomelist de DKIM padrão
 
-# 60_whitelist_spf.cf
-lang pt_BR describe USER_IN_SPF_WHITELIST Endereço do From: está na whitelist de SPF do usuário
-lang pt_BR describe USER_IN_DEF_SPF_WL Endereço do From: está na whitelist de SPF padrão
-lang pt_BR describe ENV_AND_HDR_SPF_MATCH Endereço do From: confere com Envelope From e está na whitelist de SPF
-
-# 60_whitelist_subject.cf
-lang pt_BR describe SUBJECT_IN_WHITELIST Assunto contém palavra que está na whitelist do usuário
-lang pt_BR describe SUBJECT_IN_BLACKLIST Assunto contém palavra que está na blacklist do usuário
+# 60_welcomelist_spf.cf
+lang pt_BR describe USER_IN_SPF_WELCOMELIST Endereço do From: está na welcomelist de SPF do usuário
+lang pt_BR describe USER_IN_DEF_SPF_WL Endereço do From: está na welcomelist de SPF padrão
+lang pt_BR describe ENV_AND_HDR_SPF_MATCH Endereço do From: confere com Envelope From e está na welcomelist de SPF
 
diff --git a/sa-updates/50_scores.cf b/sa-updates/50_scores.cf
index 5667af5..8df7bdd 100644
--- a/sa-updates/50_scores.cf
+++ b/sa-updates/50_scores.cf
@@ -702,38 +702,35 @@ score NO_HEADERS_MESSAGE 0.001
 score HTML_CHARSET_FARAWAY 0.500
 score MIME_CHARSET_FARAWAY 2.450
 
-# rescore never changes the whitelist/blacklist scores
+# rescore never changes the welcomelist/blocklist scores
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-#score USER_IN_BLACKLIST 100.000 - Moved to 60_whitelist.cf
-#score USER_IN_WHITELIST -100.000 - Moved to 60_whitelist.cf
-#score USER_IN_DEF_WHITELIST -15.000 - Moved to 60_whitelist.cf
-#score USER_IN_BLACKLIST_TO   10.000 - Moved to 60_whitelist.cf
-#score URI_HOST_IN_BLACKLIST  100.0 - Moved to 60_whitelist.cf
-#score URI_HOST_IN_WHITELIST -100.0 - Moved to 60_whitelist.cf
+#score USER_IN_BLOCKLIST 100.000 - Moved to 60_welcomelist.cf
+#score USER_IN_WELCOMELIST -100.000 - Moved to 60_welcomelist.cf
+#score USER_IN_DEF_WELCOMELIST -15.000 - Moved to 60_welcomelist.cf
+#score USER_IN_BLOCKLIST_TO   10.000 - Moved to 60_welcomelist.cf
+#score URI_HOST_IN_BLOCKLIST  100.0 - Moved to 60_welcomelist.cf
+#score URI_HOST_IN_WELCOMELIST -100.0 - Moved to 60_welcomelist.cf
 #Removed in bug 7256
-#score HEADER_HOST_IN_BLACKLIST	100.0
-#score HEADER_HOST_IN_WHITELIST -100.0
+#score HEADER_HOST_IN_BLOCKLIST	100.0
+#score HEADER_HOST_IN_WELCOMELIST -100.0
 
 # not really false positives but the user wants spam!
-#score USER_IN_WHITELIST_TO -6.000 - Moved to 60_whitelist.cf
+#score USER_IN_WELCOMELIST_TO -6.000 - Moved to 60_welcomelist.cf
 score USER_IN_MORE_SPAM_TO -20.000
 score USER_IN_ALL_SPAM_TO -100.000
 endif
 
-ifplugin Mail::SpamAssassin::Plugin::WhiteListSubject
-score SUBJECT_IN_WHITELIST -100
-score SUBJECT_IN_BLACKLIST 100
-endif # Mail::SpamAssassin::Plugin::WhiteListSubject
-
 ifplugin Mail::SpamAssassin::Plugin::SPF
-score USER_IN_SPF_WHITELIST -100.000
+score USER_IN_SPF_WELCOMELIST -100 # overridden in 60_welcomelist_spf.cf
+score USER_IN_SPF_WHITELIST -100 # overridden in 60_welcomelist_spf.cf
 score USER_IN_DEF_SPF_WL -7.500
 score ENV_AND_HDR_SPF_MATCH -0.5
 endif # Mail::SpamAssassin::Plugin::SPF
 
 # DKIM
 ifplugin Mail::SpamAssassin::Plugin::DKIM
-#score USER_IN_DKIM_WHITELIST -100.000 - Moved to 60_whitelist_dkim.cf
+score USER_IN_DKIM_WELCOMELIST -100 # overridden in 60_welcomelist_dkim.cf
+score USER_IN_DKIM_WHITELIST -100 # overridden in 60_welcomelist_dkim.cf
 score USER_IN_DEF_DKIM_WL -7.500
 score DKIM_SIGNED 0.1
 score DKIM_VALID -0.1
@@ -744,6 +741,12 @@ if (version >= 3.004002)
 score DKIM_VALID_EF -0.1
 endif
 
+if can(Mail::SpamAssassin::Plugin::DKIM::has_arc)
+  score ARC_SIGNED 0.001
+  score ARC_VALID -0.1
+  score ARC_INVALID 0.1
+endif
+
 score DKIM_VERIFIED 0
 score DKIM_POLICY_SIGNALL 0
 score DKIM_POLICY_SIGNSOME 0
@@ -787,6 +790,17 @@ score SPF_SOFTFAIL 0 0.972 0 0.665 # n=0 n=2
 # </gen:mutable>
 endif # Mail::SpamAssassin::Plugin::SPF
 
+# DMARC
+ifplugin Mail::SpamAssassin::Plugin::DMARC
+score DMARC_PASS -0.001
+# <gen:mutable>
+score DMARC_REJECT 0.001 1.797 0.001 1.797 # n=0 n=2
+score DMARC_QUAR 0.001 1.198 0.001 1.198 # n=0 n=2
+score DMARC_NONE 0.001 0.898 0.001 0.898 # n=0 n=2
+# </gen:mutable>
+score DMARC_MISSING 0.001
+endif # Mail::SpamAssassin::Plugin::DMARC
+
 # URIDNSBL
 ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
 # <gen:mutable>
diff --git a/sa-updates/60_awl.cf b/sa-updates/60_awl.cf
index 6b86007..6e74e0d 100644
--- a/sa-updates/60_awl.cf
+++ b/sa-updates/60_awl.cf
@@ -1,4 +1,4 @@
-# SpamAssassin rules file: auto-whitelist
+# SpamAssassin rules file: auto-welcomelist
 #
 # Please don't modify this file as your changes will be overwritten with
 # the next update. Use /etc/mail/spamassassin/local.cf instead.
@@ -23,7 +23,13 @@
 
 ifplugin Mail::SpamAssassin::Plugin::AWL
 
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+header AWL			eval:check_from_in_auto_welcomelist()
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
 header AWL			eval:check_from_in_auto_whitelist()
+endif
+
 describe AWL			Adjusted score from AWL reputation of From: address
 tflags AWL			userconf noautolearn
 priority AWL                    1000
diff --git a/sa-updates/60_shortcircuit.cf b/sa-updates/60_shortcircuit.cf
index fb855a8..bb3e076 100644
--- a/sa-updates/60_shortcircuit.cf
+++ b/sa-updates/60_shortcircuit.cf
@@ -27,16 +27,18 @@
 
 ###########################################################################
 
-priority USER_IN_WHITELIST     -1000
-priority USER_IN_DEF_WHITELIST -1000
-priority USER_IN_ALL_SPAM_TO   -1000
-priority SUBJECT_IN_WHITELIST  -1000
+priority USER_IN_WELCOMELIST     -1000
+priority USER_IN_WHITELIST       -1000
+priority USER_IN_DEF_WELCOMELIST -1000
+priority USER_IN_DEF_WHITELIST   -1000
+priority USER_IN_ALL_SPAM_TO     -1000
 
-priority ALL_TRUSTED            -950
+priority ALL_TRUSTED             -950
 
-priority SUBJECT_IN_BLACKLIST   -900
-priority USER_IN_BLACKLIST_TO   -900
-priority USER_IN_BLACKLIST      -900
+priority USER_IN_BLOCKLIST_TO    -900
+priority USER_IN_BLOCKLIST       -900
+priority USER_IN_BLACKLIST_TO    -900
+priority USER_IN_BLACKLIST       -900
 
 ###########################################################################
 
diff --git a/sa-updates/60_welcomelist.cf b/sa-updates/60_welcomelist.cf
new file mode 100644
index 0000000..9e59156
--- /dev/null
+++ b/sa-updates/60_welcomelist.cf
@@ -0,0 +1,263 @@
+# SpamAssassin rules file: default welcomelists
+#
+# Please don't modify this file as your changes will be overwritten with
+# the next update. Use /etc/mail/spamassassin/local.cf instead.
+# See 'perldoc Mail::SpamAssassin::Conf' for details.
+#
+# <@LICENSE>
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at:
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# </@LICENSE>
+
+ifplugin Mail::SpamAssassin::Plugin::WLBLEval
+
+###########################################################################
+# Welcomelist rules
+#
+# Note that most of these get 'noautolearn'.  They should not be
+# considered when deciding whether to auto-learn a message, as a
+# user slip-up could result in scribbling side-effects in the bayes
+# db as a result -- which is hard to remedy.
+
+# 4.0 / Bug 7826 renames whitelist to welcomelist and blacklist to blocklist
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_BLOCKLIST		eval:check_from_in_blocklist()
+  describe USER_IN_BLOCKLIST		From: user is listed in the block-list
+  tflags USER_IN_BLOCKLIST		userconf nice noautolearn
+  score USER_IN_BLOCKLIST		100
+
+  # Backwards compatibility
+  # To disable set "enable_compat welcomelist_blocklist" in init.pre
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta USER_IN_BLACKLIST		(USER_IN_BLOCKLIST)
+    describe USER_IN_BLACKLIST		DEPRECATED: See USER_IN_BLOCKLIST
+    tflags USER_IN_BLACKLIST		userconf nice noautolearn
+    score USER_IN_BLACKLIST		100
+    score USER_IN_BLOCKLIST		0.01
+  endif
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_BLOCKLIST	 	eval:check_from_in_blacklist()
+  describe USER_IN_BLOCKLIST	 	From: user is listed in the block-list
+  tflags USER_IN_BLOCKLIST	 	userconf nice noautolearn
+  score USER_IN_BLOCKLIST	 	0.01
+
+  meta USER_IN_BLACKLIST		(USER_IN_BLOCKLIST)
+  describe USER_IN_BLACKLIST		DEPRECATED: See USER_IN_BLOCKLIST 
+  tflags USER_IN_BLACKLIST		userconf nice noautolearn
+  score USER_IN_BLACKLIST		100
+endif
+
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_WELCOMELIST		eval:check_from_in_welcomelist()
+  describe USER_IN_WELCOMELIST		User is listed in 'welcomelist_from'
+  tflags USER_IN_WELCOMELIST		userconf nice noautolearn
+  score USER_IN_WELCOMELIST		-100
+    
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta USER_IN_WHITELIST		(USER_IN_WELCOMELIST)
+    describe USER_IN_WHITELIST		DEPRECATED: See USER_IN_WELCOMELIST
+    tflags USER_IN_WHITELIST		userconf nice noautolearn
+    score USER_IN_WHITELIST		-100
+    score USER_IN_WELCOMELIST		-0.01
+  endif
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_WELCOMELIST	 	eval:check_from_in_whitelist()
+  describe USER_IN_WELCOMELIST		User is listed in 'welcomelist_from'
+  tflags USER_IN_WELCOMELIST	 	userconf nice noautolearn
+  score USER_IN_WELCOMELIST	 	-0.01
+  
+  meta USER_IN_WHITELIST		(USER_IN_WELCOMELIST)
+  describe USER_IN_WHITELIST     	DEPRECATED: See USER_IN_WELCOMELIST 
+  tflags USER_IN_WHITELIST       	userconf nice noautolearn
+  score USER_IN_WHITELIST		-100
+endif
+
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_DEF_WELCOMELIST	eval:check_from_in_default_welcomelist()
+  describe USER_IN_DEF_WELCOMELIST	From: user is listed in the default welcome-list
+  tflags USER_IN_DEF_WELCOMELIST	userconf nice noautolearn
+  score USER_IN_DEF_WELCOMELIST		-15
+  
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta USER_IN_DEF_WHITELIST		(USER_IN_DEF_WELCOMELIST)
+    describe USER_IN_DEF_WHITELIST	DEPRECATED: See USER_IN_WELCOMELIST 
+    tflags USER_IN_DEF_WHITELIST	userconf nice noautolearn
+    score USER_IN_DEF_WHITELIST		-15
+    score USER_IN_DEF_WELCOMELIST	-0.01
+  endif
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_DEF_WELCOMELIST	eval:check_from_in_default_whitelist()
+  describe USER_IN_DEF_WELCOMELIST	From: user is listed in the default welcome-list
+  tflags USER_IN_DEF_WELCOMELIST	userconf nice noautolearn
+  score USER_IN_DEF_WELCOMELIST		-0.01
+  
+  meta USER_IN_DEF_WHITELIST		(USER_IN_DEF_WELCOMELIST)
+  describe USER_IN_DEF_WHITELIST     	DEPRECATED: See USER_IN_DEF_WELCOMELIST 
+  tflags USER_IN_DEF_WHITELIST       	userconf nice noautolearn
+  score USER_IN_DEF_WHITELIST		-15
+endif
+  
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_BLOCKLIST_TO		eval:check_to_in_blocklist()
+  describe USER_IN_BLOCKLIST_TO       	User is listed in 'blocklist_to'
+  tflags USER_IN_BLOCKLIST_TO		userconf nice noautolearn
+  score USER_IN_BLOCKLIST_TO	     	10
+
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta USER_IN_BLACKLIST_TO		(USER_IN_BLOCKLIST_TO)
+    describe USER_IN_BLACKLIST_TO	DEPRECATED: See USER_IN_BLOCKLIST_TO
+    tflags USER_IN_BLACKLIST_TO		userconf nice noautolearn
+    score USER_IN_BLACKLIST_TO		10
+    score USER_IN_BLOCKLIST_TO		0.01
+  endif
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_BLOCKLIST_TO	 	eval:check_to_in_blacklist()
+  describe USER_IN_BLOCKLIST_TO		User is listed in 'blocklist_to'
+  tflags USER_IN_BLOCKLIST_TO	 	userconf nice noautolearn
+  score USER_IN_BLOCKLIST_TO	 	0.01
+
+  meta USER_IN_BLACKLIST_TO		(USER_IN_BLOCKLIST_TO)
+  describe USER_IN_BLACKLIST_TO     	DEPRECATED: See USER_IN_BLOCKLIST_TO
+  tflags USER_IN_BLACKLIST_TO       	userconf nice noautolearn
+  score USER_IN_BLACKLIST_TO		10
+endif
+
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_WELCOMELIST_TO		eval:check_to_in_welcomelist()
+  describe USER_IN_WELCOMELIST_TO	User is listed in 'welcomelist_to'
+  tflags USER_IN_WELCOMELIST_TO		userconf nice noautolearn
+  score USER_IN_WELCOMELIST_TO		-6
+
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta USER_IN_WHITELIST_TO		(USER_IN_WELCOMELIST_TO)
+    describe USER_IN_WHITELIST_TO	DEPRECATED: See USER_IN_WELCOMELIST_TO
+    tflags USER_IN_WHITELIST_TO		userconf nice noautolearn
+    score USER_IN_WHITELIST_TO		-6
+    score USER_IN_WELCOMELIST_TO	-0.01
+  endif
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_WELCOMELIST_TO		eval:check_to_in_whitelist()
+  describe USER_IN_WELCOMELIST_TO	User is listed in 'welcomelist_to'
+  tflags USER_IN_WELCOMELIST_TO		userconf nice noautolearn
+  score USER_IN_WELCOMELIST_TO		-0.01
+
+  meta USER_IN_WHITELIST_TO		(USER_IN_WELCOMELIST_TO)
+  describe USER_IN_WHITELIST_TO		DEPRECATED: See USER_IN_WELCOMELIST_TO
+  tflags USER_IN_WHITELIST_TO		userconf nice noautolearn
+  score USER_IN_WHITELIST_TO		-6
+endif
+
+header USER_IN_MORE_SPAM_TO     eval:check_to_in_more_spam()
+describe USER_IN_MORE_SPAM_TO   User is listed in 'more_spam_to'
+tflags USER_IN_MORE_SPAM_TO     userconf nice noautolearn
+
+header USER_IN_ALL_SPAM_TO      eval:check_to_in_all_spam()
+describe USER_IN_ALL_SPAM_TO    User is listed in 'all_spam_to'
+tflags USER_IN_ALL_SPAM_TO      userconf nice noautolearn
+
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  body URI_HOST_IN_BLOCKLIST		eval:check_uri_host_in_blocklist()
+  describe URI_HOST_IN_BLOCKLIST	Host or Domain is listed in the user's URI block-list
+  tflags URI_HOST_IN_BLOCKLIST		userconf noautolearn
+  score URI_HOST_IN_BLOCKLIST		100
+
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta URI_HOST_IN_BLACKLIST		(URI_HOST_IN_BLOCKLIST)
+    describe URI_HOST_IN_BLACKLIST	DEPRECATED: See URI_HOST_IN_BLOCKLIST
+    tflags URI_HOST_IN_BLACKLIST	userconf noautolearn
+    score URI_HOST_IN_BLACKLIST		100
+    score URI_HOST_IN_BLOCKLIST		0.01
+  endif
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  if (version >= 3.004000)
+    body URI_HOST_IN_BLOCKLIST		eval:check_uri_host_in_blacklist()
+    describe URI_HOST_IN_BLOCKLIST	Host or Domain is listed in the user's URI block-list
+    tflags URI_HOST_IN_BLOCKLIST	userconf noautolearn
+    score URI_HOST_IN_BLOCKLIST		0.01
+  
+    meta URI_HOST_IN_BLACKLIST		(URI_HOST_IN_BLOCKLIST)
+    describe URI_HOST_IN_BLACKLIST	DEPRECATED: See URI_HOST_IN_BLOCKLIST
+    tflags URI_HOST_IN_BLACKLIST	userconf noautolearn
+    score URI_HOST_IN_BLACKLIST		100
+  endif
+endif
+
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  body URI_HOST_IN_WELCOMELIST	eval:check_uri_host_in_welcomelist()
+  describe URI_HOST_IN_WELCOMELIST	Host or Domain is listed in the user's URI welcome-list
+  tflags URI_HOST_IN_WELCOMELIST	userconf nice noautolearn
+  score URI_HOST_IN_WELCOMELIST		-100
+
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta URI_HOST_IN_WHITELIST		(URI_HOST_IN_WELCOMELIST)
+    describe URI_HOST_IN_WHITELIST	DEPRECATED: See URI_HOST_IN_WELCOMELIST
+    tflags URI_HOST_IN_WHITELIST	userconf nice noautolearn
+    score URI_HOST_IN_WHITELIST		-100
+    score URI_HOST_IN_WELCOMELIST	-0.01
+  endif
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  if (version >= 3.004000)
+    body URI_HOST_IN_WELCOMELIST	eval:check_uri_host_in_whitelist()
+    describe URI_HOST_IN_WELCOMELIST	Host or Domain is listed in the user's URI welcome-list
+    tflags URI_HOST_IN_WELCOMELIST	userconf nice noautolearn
+    score URI_HOST_IN_WELCOMELIST	-0.01
+
+    meta URI_HOST_IN_WHITELIST		(URI_HOST_IN_WELCOMELIST)
+    describe URI_HOST_IN_WHITELIST	DEPRECATED: See URI_HOST_IN_WELCOMELIST
+    tflags URI_HOST_IN_WHITELIST	userconf nice noautolearn
+    score URI_HOST_IN_WHITELIST		-100
+  endif
+endif
+
+      # Bug 7256, using a header rule with an eval() function does not work the way
+      # this was intended.
+
+      # header    HEADER_HOST_IN_BLACKLIST eval:check_uri_host_listed('BLOCK')
+      # describe  HEADER_HOST_IN_BLACKLIST Host or Domain in header is listed in the user's URI black-list
+      # tflags    HEADER_HOST_IN_BLACKLIST userconf noautolearn
+
+      # header    HEADER_HOST_IN_WHITELIST eval:check_uri_host_listed('WELCOME')
+      # describe  HEADER_HOST_IN_WHITELIST Host or Domain in header is listed in the user's URI white-list
+      # tflags    HEADER_HOST_IN_WHITELIST userconf nice noautolearn
+
+###########################################################################
+# Default welcomelists.  These should be addresses which send mail that is often
+# tagged (incorrectly) as spam; it also helps that they be addresses of big
+# companies with lots of lawyers, so if spammers impersonate them, they'll get
+# into big trouble, so it doesn't provide a shortcut around SpamAssassin.
+#
+# Welcomelist and blocklist addresses are now file-glob-style patterns, so
+# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
+#
+# Please do not add unmoderated public mailing lists here.  They are
+# too easily abused by spammers.
+
+# Should really not be used these days, use def_welcomelist_auth if possible.
+
+  # def_welcomelist_from_rcvd  *@foo.com  foo.com
+
+#
+#
+#
+
+endif # ifplugin Mail::SpamAssassin::Plugin::WLBLEval
+
diff --git a/sa-updates/60_whitelist_auth.cf b/sa-updates/60_welcomelist_auth.cf
similarity index 99%
rename from sa-updates/60_whitelist_auth.cf
rename to sa-updates/60_welcomelist_auth.cf
index bd9f3d6..1fed9e7 100644
--- a/sa-updates/60_whitelist_auth.cf
+++ b/sa-updates/60_welcomelist_auth.cf
@@ -24,8 +24,6 @@
 ###########################################################################
 # SPF and DKIM whitelist rules
 
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-
 ###########################################################################
 # These should be primarily envelope-from addresses which send mail that is
 # often tagged (incorrectly) as spam or high-profile domains that are common
@@ -42,6 +40,9 @@ if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
 # SA.  Change the def_welcomelist_auth entry and search "older" and change 
 # the previous config entries in unison.
 
+# 4.0 / Bug 7826 renames whitelist to welcomelist and blacklist to blocklist
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+
 def_welcomelist_auth *@apache.org
 def_welcomelist_auth *@*.apache.org
 
@@ -120,6 +121,7 @@ def_welcomelist_auth *@*.docusign.com
 #   authentic emails
 #
 def_welcomelist_auth *@*.indeed.com
+def_welcomelist_auth *@*.wellframe.com
 def_welcomelist_auth *@*.hyatt.com
 def_welcomelist_auth *@*.sears.com
 def_welcomelist_auth *@*.jcpenney.com
@@ -433,7 +435,6 @@ def_welcomelist_auth *@logmein.com
 def_welcomelist_auth *@lastpass.com
 def_welcomelist_auth *@*.seabourn.com
 def_welcomelist_auth *@*.execucar.com
-def_welcomelist_auth *@*.intuit.com
 def_welcomelist_auth *@*.build.com
 def_welcomelist_auth *@*.trulia.com
 def_welcomelist_auth *@*.rentalcars.com
@@ -496,7 +497,6 @@ def_welcomelist_auth *@*.aarp.org
 def_welcomelist_auth *@*.aeropostale.com
 def_welcomelist_auth *@*.zappos.com
 def_welcomelist_auth *@*.redhat.com
-def_welcomelist_auth *@*.freshdesk.com
 def_welcomelist_auth *@*.planningcenteronline.com
 def_welcomelist_auth *@*.ihg.com
 def_welcomelist_auth *@*.opendns.com
@@ -796,7 +796,6 @@ def_welcomelist_auth *@*.endcitizensunited.org
 def_welcomelist_auth *@*.redditgifts.com
 def_welcomelist_auth *@*.tdworld.com
 def_welcomelist_auth *@*.thenorthface.com
-def_welcomelist_auth *@*.bark.com
 def_welcomelist_auth *@*.center.io
 def_welcomelist_auth *@*.movethisworld.com
 def_welcomelist_auth *@*.pgsurveying.com
@@ -1014,9 +1013,14 @@ def_welcomelist_auth *@*.testingmom.com
 def_welcomelist_auth *@*.ceramicartsnetwork.org
 def_welcomelist_auth *@*.verintefm.com
 
-else
+endif # if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
 
-#For older versions of SA, these old entries remain for SA before version 4.0
+
+#
+# For older versions of SA, these old entries remain for SA before version 4.0
+#
+
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
 
 def_whitelist_auth *@apache.org
 def_whitelist_auth *@*.apache.org
@@ -1409,7 +1413,6 @@ def_whitelist_auth *@logmein.com
 def_whitelist_auth *@lastpass.com
 def_whitelist_auth *@*.seabourn.com
 def_whitelist_auth *@*.execucar.com
-def_whitelist_auth *@*.intuit.com
 def_whitelist_auth *@*.build.com
 def_whitelist_auth *@*.trulia.com
 def_whitelist_auth *@*.rentalcars.com
@@ -1472,7 +1475,6 @@ def_whitelist_auth *@*.aarp.org
 def_whitelist_auth *@*.aeropostale.com
 def_whitelist_auth *@*.zappos.com
 def_whitelist_auth *@*.redhat.com
-def_whitelist_auth *@*.freshdesk.com
 def_whitelist_auth *@*.planningcenteronline.com
 def_whitelist_auth *@*.ihg.com
 def_whitelist_auth *@*.opendns.com
@@ -1990,5 +1992,5 @@ def_whitelist_auth *@*.testingmom.com
 def_whitelist_auth *@*.ceramicartsnetwork.org
 def_whitelist_auth *@*.verintefm.com
 
-endif # if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
+endif # if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
 
diff --git a/sa-updates/60_whitelist_dkim.cf b/sa-updates/60_welcomelist_dkim.cf
similarity index 81%
rename from sa-updates/60_whitelist_dkim.cf
rename to sa-updates/60_welcomelist_dkim.cf
index 8e4e067..2f3d024 100644
--- a/sa-updates/60_whitelist_dkim.cf
+++ b/sa-updates/60_welcomelist_dkim.cf
@@ -21,60 +21,59 @@
 # limitations under the License.
 # </@LICENSE>
 
+ifplugin Mail::SpamAssassin::Plugin::DKIM
+
 ###########################################################################
 # DKIM whitelist rules
 
-#For those wondering why there's not just an ifplugin in front of all of this, there's a big involving it
-#in nested if statements
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-  ifplugin Mail::SpamAssassin::Plugin::DKIM
-    #bz7826 renames whitelist to welcomelist and blacklist to blocklist
-    header USER_IN_DKIM_WELCOMELIST     eval:check_for_dkim_welcomelist_from()
-    describe USER_IN_DKIM_WELCOMELIST   From: address is in the user's DKIM welcomelist
-    tflags USER_IN_DKIM_WELCOMELIST     nice noautolearn net userconf
-    score USER_IN_DKIM_WELCOMELIST      -100.000
-
-    ifplugin Mail::SpamAssassin::Plugin::RaciallyCharged
-      meta USER_IN_DKIM_WHITELIST       (USER_IN_DKIM_WELCOMELIST)
-      describe USER_IN_DKIM_WHITELIST   DEPRECATED: See USER_IN_DKIM_WELCOMELIST
-      tflags USER_IN_DKIM_WHITELIST     nice noautolearn net userconf
-      score USER_IN_DKIM_WELCOMELIST    -0.01
-      score USER_IN_DKIM_WHITELIST      -100.000
-    endif
-  endif
-
-  #might be a way to only have one instance of the below block, unsure if it's even necessary
-  reuse USER_IN_DKIM_WHITELSIT
+# 4.0 / Bug 7826 renames whitelist to welcomelist and blacklist to blocklist
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_DKIM_WELCOMELIST	eval:check_for_dkim_welcomelist_from()
+  describe USER_IN_DKIM_WELCOMELIST	From: address is in the user's DKIM welcomelist
+  tflags USER_IN_DKIM_WELCOMELIST	nice noautolearn net userconf
+  score USER_IN_DKIM_WELCOMELIST	-100
   reuse USER_IN_DKIM_WELCOMELIST
 
-else
-  ifplugin Mail::SpamAssassin::Plugin::DKIM
-    header USER_IN_DKIM_WELCOMELIST     eval:check_for_dkim_whitelist_from()
-    describe USER_IN_DKIM_WELCOMELIST   From: address is in the user's DKIM welcomelist
-    tflags USER_IN_DKIM_WELCOMELIST     nice noautolearn net userconf
-    score USER_IN_DKIM_WELCOMELIST      -0.01
-
+  # Backwards compatibility
+  # To disable set "enable_compat welcomelist_blocklist" in init.pre
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
     meta USER_IN_DKIM_WHITELIST		(USER_IN_DKIM_WELCOMELIST)
-    describe USER_IN_DKIM_WHITELIST     DEPRECATED: See USER_IN_DKIM_WELCOMELIST
-    tflags USER_IN_DKIM_WHITELIST       nice noautolearn net userconf
-    score USER_IN_DKIM_WHITELIST        -100.000
+    describe USER_IN_DKIM_WHITELIST	DEPRECATED: See USER_IN_DKIM_WELCOMELIST
+    tflags USER_IN_DKIM_WHITELIST	nice noautolearn net userconf
+    score USER_IN_DKIM_WHITELIST	-100
+    reuse USER_IN_DKIM_WHITELIST
+    score USER_IN_DKIM_WELCOMELIST	-0.01
   endif
-
-  reuse USER_IN_DKIM_WHITELSIT
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_DKIM_WELCOMELIST	eval:check_for_dkim_whitelist_from()
+  describe USER_IN_DKIM_WELCOMELIST	From: address is in the user's DKIM welcomelist
+  tflags USER_IN_DKIM_WELCOMELIST	nice noautolearn net userconf
+  score USER_IN_DKIM_WELCOMELIST	-100
   reuse USER_IN_DKIM_WELCOMELIST
 
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta USER_IN_DKIM_WHITELIST		(USER_IN_DKIM_WELCOMELIST)
+    describe USER_IN_DKIM_WHITELIST	DEPRECATED: See USER_IN_DKIM_WELCOMELIST
+    tflags USER_IN_DKIM_WHITELIST	nice noautolearn net userconf
+    score USER_IN_DKIM_WHITELIST	-100
+    reuse USER_IN_DKIM_WHITELIST
+    score USER_IN_DKIM_WELCOMELIST	-0.01
+  endif
 endif
 
-
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-ifplugin Mail::SpamAssassin::Plugin::DKIM
-
-# The backwards compatibility for this rule will be after the else statement below
-header USER_IN_DEF_DKIM_WL	eval:check_for_def_dkim_welcomelist_from()
-describe USER_IN_DEF_DKIM_WL	From: address is in the default DKIM welcome-list
-tflags USER_IN_DEF_DKIM_WL	nice noautolearn net
-reuse USER_IN_DEF_DKIM_WL
-
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_DEF_DKIM_WL	eval:check_for_def_dkim_welcomelist_from()
+  describe USER_IN_DEF_DKIM_WL	From: address is in the default DKIM welcome-list
+  tflags USER_IN_DEF_DKIM_WL	nice noautolearn net
+  reuse USER_IN_DEF_DKIM_WL
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_DEF_DKIM_WL	eval:check_for_def_dkim_whitelist_from()
+  describe USER_IN_DEF_DKIM_WL	From: address is in the default DKIM welcome-list
+  tflags USER_IN_DEF_DKIM_WL	nice noautolearn net
+  reuse USER_IN_DEF_DKIM_WL
+endif
 
 ###########################################################################
 # Default welcomelists.  These should be e-mail addresses of authors (i.e.
@@ -87,6 +86,8 @@ reuse USER_IN_DEF_DKIM_WL
 # Whitelist and blacklist addresses are file-glob-style patterns, so
 # "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
 
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+
 def_welcomelist_from_dkim  *@*.ebay.com		ebay.com
 def_welcomelist_from_dkim  *@ebay.com
 def_welcomelist_from_dkim  *@ebay.co.uk
@@ -195,22 +196,14 @@ def_welcomelist_from_dkim *@fisglobal.com
 def_welcomelist_from_dkim *@*.msgfocus.com
 def_welcomelist_from_dkim *@boredpanda.com mailersend.com
 
-endif # Mail::SpamAssassin::Plugin::DKIM
-
-
+endif # if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
 
 
 #
 # For older versions of SA, these old entries remain for SA before version 4.0
 #
 
-else
-ifplugin Mail::SpamAssassin::Plugin::DKIM
-
-header USER_IN_DEF_DKIM_WL	eval:check_for_def_dkim_whitelist_from()
-describe USER_IN_DEF_DKIM_WL	From: address is in the default DKIM welcome-list
-tflags USER_IN_DEF_DKIM_WL	nice noautolearn net
-reuse USER_IN_DEF_DKIM_WL
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
 
 def_whitelist_from_dkim  *@*.ebay.com		ebay.com
 def_whitelist_from_dkim  *@ebay.com
@@ -320,6 +313,11 @@ def_whitelist_from_dkim *@fisglobal.com
 def_whitelist_from_dkim *@*.msgfocus.com
 def_whitelist_from_dkim *@boredpanda.com mailersend.com
 
-endif # Mail::SpamAssassin::Plugin::DKIM
-endif # if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
+endif # if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+
+#
+#
+#
+
+endif # Mail::SpamAssassin::Plugin::DKIM
 
diff --git a/sa-updates/60_welcomelist_spf.cf b/sa-updates/60_welcomelist_spf.cf
new file mode 100644
index 0000000..b814455
--- /dev/null
+++ b/sa-updates/60_welcomelist_spf.cf
@@ -0,0 +1,170 @@
+# SpamAssassin rules file: default SPF welcomelists
+#
+# Please don't modify this file as your changes will be overwritten with
+# the next update. Use /etc/mail/spamassassin/local.cf instead.
+# See 'perldoc Mail::SpamAssassin::Conf' for details.
+#
+# <@LICENSE>
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at:
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# </@LICENSE>
+
+ifplugin Mail::SpamAssassin::Plugin::SPF
+
+###########################################################################
+# SPF welcomelist rules
+
+# 4.0 / Bug 7826 renames whitelist to welcomelist and blacklist to blocklist
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_SPF_WELCOMELIST	eval:check_for_spf_welcomelist_from()
+  describe USER_IN_SPF_WELCOMELIST	From: address is in the user's SPF welcomelist
+  tflags USER_IN_SPF_WELCOMELIST	userconf nice noautolearn net
+  score USER_IN_SPF_WELCOMELIST		-100
+  reuse USER_IN_SPF_WELCOMELIST
+
+  # Backwards compatibility
+  # To disable set "enable_compat welcomelist_blocklist" in init.pre
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta USER_IN_SPF_WHITELIST		(USER_IN_SPF_WELCOMELIST)
+    describe USER_IN_SPF_WHITELIST	DEPRECATED: See USER_IN_SPF_WELCOMELIST
+    tflags USER_IN_SPF_WHITELIST	userconf nice noautolearn net
+    score USER_IN_SPF_WHITELIST		-100
+    reuse USER_IN_SPF_WHITELIST
+    score USER_IN_SPF_WELCOMELIST	-0.01
+  endif
+
+  header USER_IN_DEF_SPF_WL		eval:check_for_def_spf_welcomelist_from()
+  describe USER_IN_DEF_SPF_WL		From: address is in the default SPF welcome-list
+  tflags USER_IN_DEF_SPF_WL		userconf nice noautolearn net
+  reuse USER_IN_DEF_SPF_WL
+endif
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+  header USER_IN_SPF_WELCOMELIST	eval:check_for_spf_whitelist_from()
+  describe USER_IN_SPF_WELCOMELIST	From: address is in the user's SPF welcomelist
+  tflags USER_IN_SPF_WELCOMELIST	userconf nice noautolearn net
+  score USER_IN_SPF_WELCOMELIST		-0.01
+  reuse USER_IN_SPF_WELCOMELIST
+
+  meta USER_IN_SPF_WHITELIST		(USER_IN_SPF_WELCOMELIST)
+  describe USER_IN_SPF_WHITELIST	DEPRECATED: See USER_IN_SPF_WELCOMELIST
+  tflags USER_IN_SPF_WHITELIST		userconf nice noautolearn net
+  score USER_IN_SPF_WHITELIST		-100
+  reuse USER_IN_SPF_WHITELIST
+
+  header USER_IN_DEF_SPF_WL		eval:check_for_def_spf_whitelist_from()
+  describe USER_IN_DEF_SPF_WL		From: address is in the default SPF welcome-list
+  tflags USER_IN_DEF_SPF_WL		userconf nice noautolearn net
+  reuse USER_IN_DEF_SPF_WL
+endif
+
+meta ENV_AND_HDR_SPF_MATCH	(USER_IN_DEF_SPF_WL && __ENV_AND_HDR_FROM_MATCH)
+describe ENV_AND_HDR_SPF_MATCH	Env and Hdr From used in default SPF WL Match
+tflags ENV_AND_HDR_SPF_MATCH	userconf nice noautolearn net
+
+###########################################################################
+# Default welcomelists.  These should be addresses which send mail that is often
+# tagged (incorrectly) as spam; it also helps that they be addresses of big
+# companies with lots of lawyers, so if spammers impersonate them, they'll get
+# into big trouble, so it doesn't provide a shortcut around SpamAssassin.
+#
+# Whitelist and blacklist addresses are now file-glob-style patterns, so
+# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
+#
+# Please do not add unmoderated public mailing lists here.  They are
+# too easily abused by spammers.
+
+if can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+
+def_welcomelist_from_spf   *@nytimes.com
+def_welcomelist_from_spf   *@amazon.com
+def_welcomelist_from_spf   *@amazon.co.uk
+def_welcomelist_from_spf   *@*.amazon.co.uk
+def_welcomelist_from_spf   *@ora.com
+def_welcomelist_from_spf   *@*.ora.com
+def_welcomelist_from_spf   *@mypoints.com
+def_welcomelist_from_spf   *@*.mypoints.com
+def_welcomelist_from_spf   *@paypal.com
+def_welcomelist_from_spf   *@ebay.com
+def_welcomelist_from_spf   *@foolsubs.com
+def_welcomelist_from_spf   *@match.com
+
+# bugtraq: can contain malicious Javascript etc.
+def_welcomelist_from_spf   *@securityfocus.com
+
+def_welcomelist_from_spf   *@mediaunspun.imakenews.net
+
+# sender of Cringley newsletter
+def_welcomelist_from_spf   *@bdcimail.com
+
+# Silicon.com newslettters - we see thousands of these
+def_welcomelist_from_spf   *@silicon.com
+
+# C|Net news.com newsletters
+def_welcomelist_from_spf   *@newsletter.online.com
+
+# bug 1348
+def_welcomelist_from_spf   *@enews.buy.com
+def_welcomelist_from_spf   *@palm.m0.net
+def_welcomelist_from_spf   *@handspring.4at1.com
+
+endif
+
+
+###
+### For <4.0 compatibility
+###
+
+if !can(Mail::SpamAssassin::Conf::feature_welcomelist_blocklist)
+
+def_whitelist_from_spf   *@nytimes.com
+def_whitelist_from_spf   *@amazon.com
+def_whitelist_from_spf   *@amazon.co.uk
+def_whitelist_from_spf   *@*.amazon.co.uk
+def_whitelist_from_spf   *@ora.com
+def_whitelist_from_spf   *@*.ora.com
+def_whitelist_from_spf   *@mypoints.com
+def_whitelist_from_spf   *@*.mypoints.com
+def_whitelist_from_spf   *@paypal.com
+def_whitelist_from_spf   *@ebay.com
+def_whitelist_from_spf   *@foolsubs.com
+def_whitelist_from_spf   *@match.com
+
+# bugtraq: can contain malicious Javascript etc.
+def_whitelist_from_spf   *@securityfocus.com
+
+def_whitelist_from_spf   *@mediaunspun.imakenews.net
+
+# sender of Cringley newsletter
+def_whitelist_from_spf   *@bdcimail.com
+
+# Silicon.com newslettters - we see thousands of these
+def_whitelist_from_spf   *@silicon.com
+
+# C|Net news.com newsletters
+def_whitelist_from_spf   *@newsletter.online.com
+
+# bug 1348
+def_whitelist_from_spf   *@enews.buy.com
+def_whitelist_from_spf   *@palm.m0.net
+def_whitelist_from_spf   *@handspring.4at1.com
+
+endif
+
+###
+###
+###
+
+endif # Mail::SpamAssassin::Plugin::SPF
+
diff --git a/sa-updates/60_welcomelist_subject.cf b/sa-updates/60_welcomelist_subject.cf
new file mode 100644
index 0000000..072e4a4
--- /dev/null
+++ b/sa-updates/60_welcomelist_subject.cf
@@ -0,0 +1,87 @@
+# SpamAssassin rules file: default welcomelist/blocklist subject
+#
+# Please don't modify this file as your changes will be overwritten with
+# the next update. Use /etc/mail/spamassassin/local.cf instead.
+# See 'perldoc Mail::SpamAssassin::Conf' for details.
+#
+# <@LICENSE>
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to you under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at:
+# 
+#     http://www.apache.org/licenses/LICENSE-2.0
+# 
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# </@LICENSE>
+
+###########################################################################
+# Welcomelist/Blocklist rules
+#
+# Note that most of these get 'noautolearn'.  They should not be
+# considered when deciding whether to auto-learn a message, as a
+# user slip-up could result in scribbling side-effects in the bayes
+# db as a result -- which is hard to remedy.
+
+# 4.0 / Bug 7826 renames whitelist to welcomelist and blacklist to blocklist
+# Module was renamed WhiteListSubject -> WelcomeListSubject
+ifplugin Mail::SpamAssassin::Plugin::WelcomeListSubject
+  header SUBJECT_IN_WELCOMELIST		eval:check_subject_in_welcomelist()
+  describe SUBJECT_IN_WELCOMELIST	Subject: contains string in the user's welcome-list
+  tflags SUBJECT_IN_WELCOMELIST		userconf nice noautolearn
+  score SUBJECT_IN_WELCOMELIST		-100
+
+  # Backwards compatibility
+  # To disable set "enable_compat welcomelist_blocklist" in init.pre
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta SUBJECT_IN_WHITELIST		(SUBJECT_IN_WELCOMELIST)
+    describe SUBJECT_IN_WHITELIST	DEPRECATED: See SUBJECT_IN_WELCOMELIST
+    tflags SUBJECT_IN_WHITELIST		userconf nice noautolearn
+    score SUBJECT_IN_WHITELIST		-100
+    score SUBJECT_IN_WELCOMELIST	-0.01
+  endif
+
+  header SUBJECT_IN_BLOCKLIST		eval:check_subject_in_blocklist()
+  describe SUBJECT_IN_BLOCKLIST		Subject: contains string in the user's block-list
+  tflags SUBJECT_IN_BLOCKLIST		userconf noautolearn
+  score SUBJECT_IN_BLOCKLIST		100
+
+  if !can(Mail::SpamAssassin::Conf::compat_welcomelist_blocklist)
+    meta SUBJECT_IN_BLACKLIST		(SUBJECT_IN_BLOCKLIST)
+    describe SUBJECT_IN_BLACKLIST	DEPRECATED: See SUBJECT_IN_BLOCKLIST
+    tflags SUBJECT_IN_BLACKLIST		userconf noautolearn
+    score SUBJECT_IN_BLACKLIST		100
+    score SUBJECT_IN_BLOCKLIST		0.01
+  endif
+endif
+
+if !plugin(Mail::SpamAssassin::Plugin::WelcomeListSubject)
+ifplugin Mail::SpamAssassin::Plugin::WhiteListSubject
+  header SUBJECT_IN_WELCOMELIST		eval:check_subject_in_whitelist()
+  describe SUBJECT_IN_WELCOMELIST	Subject: contains string in the user's welcome-list
+  tflags SUBJECT_IN_WELCOMELIST		userconf nice noautolearn
+  score SUBJECT_IN_WELCOMELIST		-0.01
+
+  meta SUBJECT_IN_WHITELIST		(SUBJECT_IN_WELCOMELIST)
+  describe SUBJECT_IN_WHITELIST		DEPRECATED: See SUBJECT_IN_WELCOMELIST
+  tflags SUBJECT_IN_WHITELIST		userconf nice noautolearn
+  score SUBJECT_IN_WHITELIST		-100
+
+  header SUBJECT_IN_BLOCKLIST		eval:check_subject_in_blacklist()
+  describe SUBJECT_IN_BLOCKLIST		Subject: contains string in the user's block-list
+  tflags SUBJECT_IN_BLOCKLIST		userconf noautolearn
+  score SUBJECT_IN_BLOCKLIST		0.01
+
+  meta SUBJECT_IN_BLACKLIST		(SUBJECT_IN_BLOCKLIST)
+  describe SUBJECT_IN_BLACKLIST		DEPRECATED: See SUBJECT_IN_BLOCKLIST
+  tflags SUBJECT_IN_BLACKLIST		userconf noautolearn
+  score SUBJECT_IN_BLACKLIST		100
+endif
+endif
+
diff --git a/sa-updates/60_whitelist.cf b/sa-updates/60_whitelist.cf
deleted file mode 100644
index 46268ac..0000000
--- a/sa-updates/60_whitelist.cf
+++ /dev/null
@@ -1,286 +0,0 @@
-# SpamAssassin rules file: default welcomelists
-#
-# Please don't modify this file as your changes will be overwritten with
-# the next update. Use /etc/mail/spamassassin/local.cf instead.
-# See 'perldoc Mail::SpamAssassin::Conf' for details.
-#
-# <@LICENSE>
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at:
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# </@LICENSE>
-
-###########################################################################
-# Welcomelist rules
-#
-# Note that most of these get 'noautolearn'.  They should not be
-# considered when deciding whether to auto-learn a message, as a
-# user slip-up could result in scribbling side-effects in the bayes
-# db as a result -- which is hard to remedy.
-
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-
-    #bz7826 renames whitelist to welcomelist and blacklist to blocklist
-    header USER_IN_BLOCKLIST		eval:check_from_in_blocklist()
-    describe USER_IN_BLOCKLIST		From: user is listed in the block-list
-    tflags USER_IN_BLOCKLIST		userconf nice noautolearn
-    score USER_IN_BLOCKLIST             100.0
-  
-    ifplugin Mail::SpamAssassin::Plugin::RaciallyCharged
-      meta USER_IN_BLACKLIST            (USER_IN_BLOCKLIST)
-      describe USER_IN_BLACKLIST        DEPRECATED: See USER_IN_BLOCKLIST
-      tflags USER_IN_BLACKLIST          userconf nice noautolearn
-      score USER_IN_BLOCKLIST           0.01
-      score USER_IN_BLACKLIST           100.0
-    endif
-  endif
-else
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    header USER_IN_BLOCKLIST	 	eval:check_from_in_blacklist()
-    describe USER_IN_BLOCKLIST	 	From: user is listed in the block-list
-    tflags USER_IN_BLOCKLIST	 	userconf nice noautolearn
-    score USER_IN_BLOCKLIST	 	0.01
-  
-    meta USER_IN_BLACKLIST        	(USER_IN_BLOCKLIST)
-    describe USER_IN_BLACKLIST     	DEPRECATED: See USER_IN_BLOCKLIST 
-    tflags USER_IN_BLACKLIST       	userconf nice noautolearn
-    score USER_IN_BLACKLIST		100.0
-  endif
-endif
-
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    #bz7826 renames whitelist to welcomelist and blacklist to blocklist
-    header USER_IN_WELCOMELIST		eval:check_from_in_welcomelist()
-    describe USER_IN_WELCOMELIST	User is listed in 'welcomelist_from'
-    tflags USER_IN_WELCOMELIST		userconf nice noautolearn
-    score USER_IN_WELCOMELIST           -100.0
-    
-    ifplugin Mail::SpamAssassin::Plugin::RaciallyCharged
-      meta USER_IN_WHITELIST            (USER_IN_WELCOMELIST)
-      describe USER_IN_WHITELIST        DEPRECATED: See USER_IN_WELCOMELIST
-      tflags USER_IN_WHITELIST          userconf nice noautolearn
-      score USER_IN_WELCOMELIST         -0.01
-      score USER_IN_WHITELIST           -100.0
-    endif
-  endif 
-else
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    header USER_IN_WELCOMELIST	 	eval:check_from_in_whitelist()
-    describe USER_IN_WELCOMELIST	User is listed in 'welcomelist_from'
-    tflags USER_IN_WELCOMELIST	 	userconf nice noautolearn
-    score USER_IN_WELCOMELIST	 	-0.01
-  
-    meta USER_IN_WHITELIST        	(USER_IN_WELCOMELIST)
-    describe USER_IN_WHITELIST     	DEPRECATED: See USER_IN_WELCOMELIST 
-    tflags USER_IN_WHITELIST       	userconf nice noautolearn
-    score USER_IN_WHITELIST		-100.0
-  endif
-endif
-
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    #bz7826 renames whitelist to welcomelist and blacklist to blocklist
-    header USER_IN_DEF_WELCOMELIST	eval:check_from_in_default_welcomelist()
-    describe USER_IN_DEF_WELCOMELIST	From: user is listed in the default welcome-list
-    tflags USER_IN_DEF_WELCOMELIST	userconf nice noautolearn
-    score USER_IN_DEF_WELCOMELIST       -15.0
-  
-    ifplugin Mail::SpamAssassin::Plugin::RaciallyCharged
-      meta USER_IN_DEF_WHITELIST	(USER_IN_DEF_WELCOMELIST)
-      describe USER_IN_DEF_WHITELIST	DEPRECATED: See USER_IN_WELCOMELIST 
-      tflags USER_IN_DEF_WHITELIST	userconf nice noautolearn
-      score USER_IN_DEF_WELCOMELIST     -0.01
-      score USER_IN_DEF_WHITELIST       -15.0
-    endif
-  endif
-else
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    header USER_IN_DEF_WELCOMELIST	eval:check_from_in_default_whitelist()
-    describe USER_IN_DEF_WELCOMELIST	From: user is listed in the default welcome-list
-    tflags USER_IN_DEF_WELCOMELIST	userconf nice noautolearn
-    score USER_IN_DEF_WELCOMELIST       -0.01
-  
-    meta USER_IN_DEF_WHITELIST        	(USER_IN_DEF_WELCOMELIST)
-    describe USER_IN_DEF_WHITELIST     	DEPRECATED: See USER_IN_DEF_WELCOMELIST 
-    tflags USER_IN_DEF_WHITELIST       	userconf nice noautolearn
-    score USER_IN_DEF_WHITELIST		-15.0
-  endif
-endif
-  
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    #bz7826 renames whitelist to welcomelist and blacklist to blocklist
-    header USER_IN_BLOCKLIST_TO		eval:check_to_in_blocklist()
-    describe USER_IN_BLOCKLIST_TO       User is listed in 'blocklist_to'
-    tflags USER_IN_BLOCKLIST_TO		userconf nice noautolearn
-    score USER_IN_BLOCKLIST             10.0
-    
-    ifplugin Mail::SpamAssassin::Plugin::RaciallyCharged
-      meta USER_IN_BLACKLIST_TO		(USER_IN_BLOCKLIST_TO)
-      describe USER_IN_BLACKLIST_TO	DEPRECATED: See USER_IN_BLOCKLIST_TO
-      tflags USER_IN_BLACKLIST_TO	userconf nice noautolearn
-      score USER_IN_BLOCKLIST_TO        0.01
-      score USER_IN_BLACKLIST_TO        10.0
-    endif
-  endif
-else
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    header USER_IN_BLOCKLIST_TO	 	eval:check_to_in_blacklist()
-    describe USER_IN_BLOCKLIST_TO	User is listed in 'blocklist_to'
-    tflags USER_IN_BLOCKLIST_TO	 	userconf nice noautolearn
-    score USER_IN_BLOCKLIST_TO	 	0.01
-  
-    meta USER_IN_BLACKLIST_TO        	(USER_IN_BLOCKLIST_TO)
-    describe USER_IN_BLACKLIST_TO     	DEPRECATED: See USER_IN_BLOCKLIST_TO
-    tflags USER_IN_BLACKLIST_TO       	userconf nice noautolearn
-    score USER_IN_BLACKLIST_TO		10.0
-  endif
-endif
-
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    #bz7826 renames whitelist to welcomelist and blacklist to blocklist
-    header USER_IN_WELCOMELIST_TO	eval:check_to_in_welcomelist()
-    describe USER_IN_WELCOMELIST_TO	User is listed in 'welcomelist_to'
-    tflags USER_IN_WELCOMELIST_TO	userconf nice noautolearn
-    score USER_IN_WELCOMELIST_TO        -6.0
-  
-    ifplugin Mail::SpamAssassin::Plugin::RaciallyCharged
-      meta USER_IN_WHITELIST_TO         (USER_IN_WELCOMELIST_TO)
-      describe USER_IN_WHITELIST_TO     DEPRECATED: See USER_IN_WELCOMELIST_TO
-      tflags USER_IN_WHITELIST_TO       userconf nice noautolearn
-      score USER_IN_WELCOMELIST_TO	-0.01
-      score USER_IN_WHITELIST_TO        -6.0
-    endif
-  endif
-else
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    header USER_IN_WELCOMELIST_TO	eval:check_to_in_whitelist()
-    describe USER_IN_WELCOMELIST_TO	User is listed in 'welcomelist_to'
-    tflags USER_IN_WELCOMELIST_TO	userconf nice noautolearn
-    score USER_IN_WELCOMELIST_TO	-0.01
-  
-    meta USER_IN_WHITELIST_TO		(USER_IN_WELCOMELIST_TO)
-    describe USER_IN_WHITELIST_TO	DEPRECATED: See USER_IN_WELCOMELIST_TO
-    tflags USER_IN_WHITELIST_TO		userconf nice noautolearn
-    score USER_IN_WHITELIST_TO		-6.0
-  endif
-endif
-
-ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-  header USER_IN_MORE_SPAM_TO     eval:check_to_in_more_spam()
-  describe USER_IN_MORE_SPAM_TO   User is listed in 'more_spam_to'
-  tflags USER_IN_MORE_SPAM_TO     userconf nice noautolearn
-
-  header USER_IN_ALL_SPAM_TO      eval:check_to_in_all_spam()
-  describe USER_IN_ALL_SPAM_TO    User is listed in 'all_spam_to'
-  tflags USER_IN_ALL_SPAM_TO      userconf nice noautolearn
-endif
-
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    #bz7826 renames whitelist to welcomelist and blacklist to blocklist
-    body URI_HOST_IN_BLOCKLIST      eval:check_uri_host_in_blocklist()
-    describe URI_HOST_IN_BLOCKLIST    Host or Domain is listed in the user's URI block-list
-    tflags URI_HOST_IN_BLOCKLIST      userconf noautolearn
-    score URI_HOST_IN_BLOCKLIST	100.0
-  
-    ifplugin Mail::SpamAssassin::Plugin::RaciallyCharged
-      meta URI_HOST_IN_BLACKLIST      (URI_HOST_IN_BLOCKLIST)
-      describe URI_HOST_IN_BLACKLIST  DEPRECATED: See URI_HOST_IN_BLOCKLIST
-      tflags URI_HOST_IN_BLACKLIST    userconf noautolearn
-      score URI_HOST_IN_BLOCKLIST     -0.01
-      score URI_HOST_IN_BLACKLIST     100.0
-    endif
-  endif
-else
-  if (version >= 3.004000)
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    body URI_HOST_IN_BLOCKLIST      eval:check_uri_host_in_blacklist()
-    describe URI_HOST_IN_BLOCKLIST    Host or Domain is listed in the user's URI block-list
-    tflags URI_HOST_IN_BLOCKLIST      userconf noautolearn
-    score URI_HOST_IN_BLOCKLIST 	-0.01
-  
-    meta URI_HOST_IN_BLACKLIST  (URI_HOST_IN_BLOCKLIST)
-    describe URI_HOST_IN_BLACKLIST    DEPRECATED: See URI_HOST_IN_BLOCKLIST
-    tflags URI_HOST_IN_BLACKLIST      userconf noautolearn
-    score URI_HOST_IN_BLACKLIST 	100.0
-  endif
-  endif
-endif
-
-if can(Mail::SpamAssassin::Conf::feature_blocklist_welcomelist)
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    #bz7826 renames whitelist to welcomelist and blacklist to blocklist
-    body URI_HOST_IN_WELCOMELIST      eval:check_uri_host_in_welcomelist()
-    describe URI_HOST_IN_WELCOMELIST    Host or Domain is listed in the user's URI welcome-list
-    tflags URI_HOST_IN_WELCOMELIST      userconf nice noautolearn
-    score URI_HOST_IN_WELCOMELIST       -100.0
-
-    ifplugin Mail::SpamAssassin::Plugin::RaciallyCharged
-      meta URI_HOST_IN_WHITELIST        (URI_HOST_IN_WELCOMELIST)
-      describe URI_HOST_IN_WHITELIST    DEPRECATED: See URI_HOST_IN_WELCOMELIST
-      tflags URI_HOST_IN_WHITELIST      userconf nice noautolearn
-      score URI_HOST_IN_WELCOMELIST     -0.01
-      score URI_HOST_IN_WHITELIST       -100.0
-    endif
-  endif
-else
-  if (version >= 3.004000)
-  ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-    body URI_HOST_IN_WELCOMELIST      eval:check_uri_host_in_whitelist()
-    describe URI_HOST_IN_WELCOMELIST    Host or Domain is listed in the user's URI welcome-list
-    tflags URI_HOST_IN_WELCOMELIST      userconf nice noautolearn
-    score URI_HOST_IN_WELCOMELIST       -0.01
-
-    meta URI_HOST_IN_WHITELIST  (URI_HOST_IN_WELCOMELIST)
-    describe URI_HOST_IN_WHITELIST      DEPRECATED: See URI_HOST_IN_WELCOMELIST
-    tflags URI_HOST_IN_WHITELIST        userconf nice noautolearn
-    score URI_HOST_IN_WHITELIST -100.0
-  endif
-  endif
-endif
-
-      # Bug 7256, using a header rule with an eval() function does not work the way
-      # this was intended.
-
-      # header    HEADER_HOST_IN_BLACKLIST eval:check_uri_host_listed('BLACK')
-      # describe  HEADER_HOST_IN_BLACKLIST Host or Domain in header is listed in the user's URI black-list
-      # tflags    HEADER_HOST_IN_BLACKLIST userconf noautolearn
-
-      # header    HEADER_HOST_IN_WHITELIST eval:check_uri_host_listed('WHITE')
-      # describe  HEADER_HOST_IN_WHITELIST Host or Domain in header is listed in the user's URI white-list
-      # tflags    HEADER_HOST_IN_WHITELIST userconf nice noautolearn
-
-###########################################################################
-# Default welcomelists.  These should be addresses which send mail that is often
-# tagged (incorrectly) as spam; it also helps that they be addresses of big
-# companies with lots of lawyers, so if spammers impersonate them, they'll get
-# into big trouble, so it doesn't provide a shortcut around SpamAssassin.
-#
-# Welcomelist and blocklist addresses are now file-glob-style patterns, so
-# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
-#
-# Please do not add unmoderated public mailing lists here.  They are
-# too easily abused by spammers.
-
-# Should really not be used these days, use def_welcomelist_auth if possible.
-
-ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-
-  # def_welcomelist_from_rcvd  *@foo.com  foo.com
-
-endif
diff --git a/sa-updates/60_whitelist_spf.cf b/sa-updates/60_whitelist_spf.cf
deleted file mode 100644
index d845f46..0000000
--- a/sa-updates/60_whitelist_spf.cf
+++ /dev/null
@@ -1,87 +0,0 @@
-# SpamAssassin rules file: default SPF whitelists
-#
-# Please don't modify this file as your changes will be overwritten with
-# the next update. Use /etc/mail/spamassassin/local.cf instead.
-# See 'perldoc Mail::SpamAssassin::Conf' for details.
-#
-# <@LICENSE>
-# Licensed to the Apache Software Foundation (ASF) under one or more
-# contributor license agreements.  See the NOTICE file distributed with
-# this work for additional information regarding copyright ownership.
-# The ASF licenses this file to you under the Apache License, Version 2.0
-# (the "License"); you may not use this file except in compliance with
-# the License.  You may obtain a copy of the License at:
-# 
-#     http://www.apache.org/licenses/LICENSE-2.0
-# 
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-# </@LICENSE>
-
-###########################################################################
-# SPF whitelist rules
-
-ifplugin Mail::SpamAssassin::Plugin::SPF
-
-header USER_IN_SPF_WHITELIST	eval:check_for_spf_whitelist_from()
-describe USER_IN_SPF_WHITELIST	From: address is in the user's SPF whitelist
-tflags USER_IN_SPF_WHITELIST	userconf nice noautolearn net
-reuse USER_IN_SPF_WHITELIST
-
-header USER_IN_DEF_SPF_WL	eval:check_for_def_spf_whitelist_from()
-describe USER_IN_DEF_SPF_WL	From: address is in the default SPF white-list
-tflags USER_IN_DEF_SPF_WL	userconf nice noautolearn net
-reuse USER_IN_DEF_SPF_WL
-
-meta ENV_AND_HDR_SPF_MATCH	(USER_IN_DEF_SPF_WL && __ENV_AND_HDR_FROM_MATCH)
-describe ENV_AND_HDR_SPF_MATCH	Env and Hdr From used in default SPF WL Match
-tflags ENV_AND_HDR_SPF_MATCH	userconf nice noautolearn net
-
-###########################################################################
-# Default whitelists.  These should be addresses which send mail that is often
-# tagged (incorrectly) as spam; it also helps that they be addresses of big
-# companies with lots of lawyers, so if spammers impersonate them, they'll get
-# into big trouble, so it doesn't provide a shortcut around SpamAssassin.
-#
-# Whitelist and blacklist addresses are now file-glob-style patterns, so
-# "friend@somewhere.com", "*@isp.com", or "*.domain.net" will all work.
-#
-# Please do not add unmoderated public mailing lists here.  They are
-# too easily abused by spammers.
-
-def_whitelist_from_spf   *@nytimes.com
-def_whitelist_from_spf   *@amazon.com
-def_whitelist_from_spf   *@amazon.co.uk
-def_whitelist_from_spf   *@*.amazon.co.uk
-def_whitelist_from_spf   *@ora.com
-def_whitelist_from_spf   *@*.ora.com
-def_whitelist_from_spf   *@mypoints.com
-def_whitelist_from_spf   *@*.mypoints.com
-def_whitelist_from_spf   *@paypal.com
-def_whitelist_from_spf   *@ebay.com
-def_whitelist_from_spf   *@foolsubs.com
-def_whitelist_from_spf   *@match.com
-
-# bugtraq: can contain malicious Javascript etc.
-def_whitelist_from_spf   *@securityfocus.com
-
-def_whitelist_from_spf   *@mediaunspun.imakenews.net
-
-# sender of Cringley newsletter
-def_whitelist_from_spf   *@bdcimail.com
-
-# Silicon.com newslettters - we see thousands of these
-def_whitelist_from_spf   *@silicon.com
-
-# C|Net news.com newsletters
-def_whitelist_from_spf   *@newsletter.online.com
-
-# bug 1348
-def_whitelist_from_spf   *@enews.buy.com
-def_whitelist_from_spf   *@palm.m0.net
-def_whitelist_from_spf   *@handspring.4at1.com
-
-endif # Mail::SpamAssassin::Plugin::SPF
diff --git a/sa-updates/72_active.cf b/sa-updates/72_active.cf
index 550fbc1..7bfb621 100644
--- a/sa-updates/72_active.cf
+++ b/sa-updates/72_active.cf
@@ -25,13 +25,6 @@
 
 require_version 3.004006
 
-##{ ACCT_PHISHING_MANY
-
-meta        ACCT_PHISHING_MANY   (__ACCT_PHISH_MANY || __EMAIL_PHISH_MANY) && !GOOGLE_DOCS_PHISH_MANY && !GOOG_STO_HTML_PHISH_MANY
-describe    ACCT_PHISHING_MANY   Phishing for account information
-#score       ACCT_PHISHING_MANY   3.000  # limit
-##} ACCT_PHISHING_MANY
-
 ##{ AC_BR_BONANZA
 
 rawbody AC_BR_BONANZA   /(?:<br>\s*){30}/i
@@ -298,14 +291,6 @@ describe   AMAZON_IMG_NOT_RCVD_AMZN    Amazon hosted image but message not from
 tflags     AMAZON_IMG_NOT_RCVD_AMZN    publish
 ##} AMAZON_IMG_NOT_RCVD_AMZN
 
-##{ ANY_PILL_PRICE if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta        ANY_PILL_PRICE         (__PILL_PRICE_01 || __PILL_PRICE_02) && !__NOT_A_PERSON
-  describe    ANY_PILL_PRICE         Prices for pills
-endif
-##} ANY_PILL_PRICE if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-
 ##{ APOSTROPHE_FROM
 
 header		APOSTROPHE_FROM	From:addr =~ /'/
@@ -338,16 +323,11 @@ meta   AXB_XMAILER_MIMEOLE_OL_024C2  (__AXB_XM_OL_024C2 && __AXB_MO_OL_024C2)
 describe AXB_XMAILER_MIMEOLE_OL_024C2 Yet another X header trait
 ##} AXB_XMAILER_MIMEOLE_OL_024C2
 
-##{ AXB_XMAILER_MIMEOLE_OL_1ECD5
+##{ AXB_X_FF_SEZ_S
 
-meta   AXB_XMAILER_MIMEOLE_OL_1ECD5  (__AXB_XM_OL_1ECD5 && __AXB_MO_OL_1ECD5)
-describe AXB_XMAILER_MIMEOLE_OL_1ECD5   Yet another X header trait##} AXB_XMAILER_MIMEOLE_OL_1ECD5
-
-##{ AXB_XM_FORGED_OL2600
-
-meta            AXB_XM_FORGED_OL2600    (__AXB_XM_OL_2600  && !__AXB_MO_OL_2600 )
-describe        AXB_XM_FORGED_OL2600     Forged OE v. 6.2600
-##} AXB_XM_FORGED_OL2600
+header          AXB_X_FF_SEZ_S          X-Forefront-Antispam-Report =~ /\bSFV\:SPM\b/
+describe        AXB_X_FF_SEZ_S          Forefront sez this is spam
+##} AXB_X_FF_SEZ_S
 
 ##{ BANKING_LAWS
 
@@ -371,6 +351,13 @@ describe BASE64_LENGTH_79_INF   base64 encoded email part uses line length great
 endif
 ##} BASE64_LENGTH_79_INF ifplugin Mail::SpamAssassin::Plugin::MIMEEval
 
+##{ BAT_BDRY_TO_MALF
+
+meta       BAT_BDRY_TO_MALF           __BAT_BOUNDARY && __TO_NO_ARROWS_R 
+describe   BAT_BDRY_TO_MALF           Bat boundary + misformatted To: address
+#score      BAT_BDRY_TO_MALF           2.500	# limit
+##} BAT_BDRY_TO_MALF
+
 ##{ BEBEE_IMG_NOT_RCVD_BB
 
 meta       BEBEE_IMG_NOT_RCVD_BB       __BEBEE_IMG_NOT_RCVD_BB
@@ -604,20 +591,6 @@ describe       BITCOIN_YOUR_INFO      BitCoin with your personal info
 tflags         BITCOIN_YOUR_INFO      publish
 ##} BITCOIN_YOUR_INFO
 
-##{ BODY_SINGLE_URI
-
-meta        BODY_SINGLE_URI     __BODY_SINGLE_URI && !ALL_TRUSTED && !__HDRS_LCASE_KNOWN && !__FROM_ALL_NUMS && !__RCD_RDNS_SMTP && !__VIA_ML 
-describe    BODY_SINGLE_URI     Message body is only a URI
-#score       BODY_SINGLE_URI     2.500	# limit
-##} BODY_SINGLE_URI
-
-##{ BODY_SINGLE_WORD
-
-meta        BODY_SINGLE_WORD    __BODY_SINGLE_WORD && !ALL_TRUSTED && !__HDRS_LCASE_KNOWN && !__FROM_ALL_NUMS && !__RCD_RDNS_SMTP
-describe    BODY_SINGLE_WORD    Message body is only one word (no spaces)
-#score       BODY_SINGLE_WORD    2.500	# limit
-##} BODY_SINGLE_WORD
-
 ##{ BODY_URI_ONLY
 
 meta        BODY_URI_ONLY        __BODY_URI_ONLY && !__NOT_SPOOFED && !__TO_EQ_FROM_DOM && !__X_CRON_ENV && !__DKIM_EXISTS && !__VIA_ML && !__HAS_X_REF && !__RCD_RDNS_MX_MESSY && !__RCD_RDNS_MAIL_MESSY && !__RCD_RDNS_SMTP_MESSY && !__MSGID_JAVAMAIL && !__RP_MATCHES_RCVD && !__URI_GOOGLE_DRV 
@@ -742,12 +715,20 @@ endif
 
 ##{ CONTENT_AFTER_HTML
 
-meta       CONTENT_AFTER_HTML          __CONTENT_AFTER_HTML && !__HAS_SENDER && !__LYRIS_EZLM_REMAILER && !__HAS_CID && !__RCD_RDNS_MTA_MESSY && !__URI_DOTGOV 
-describe   CONTENT_AFTER_HTML          More content after HTML close tag
+meta       CONTENT_AFTER_HTML          __CONTENT_AFTER_HTML && (__L_CTE_8BIT || __RDNS_NUMERIC_TLD || __HTML_TAG_BALANCE_CENTER || __STY_INVIS_MANY || __TO_EQ_FROM_USR || __TO_EQ_FROM_USR_2 || __KAM_HTML_FONT_INVALID || __SUBJECT_ENCODED_B64 )
+describe   CONTENT_AFTER_HTML          More content after HTML close tag + other spam signs
 #score      CONTENT_AFTER_HTML          2.500	# limit
 tflags     CONTENT_AFTER_HTML          publish
 ##} CONTENT_AFTER_HTML
 
+##{ CONTENT_AFTER_HTML_WEAK
+
+meta       CONTENT_AFTER_HTML_WEAK     __CONTENT_AFTER_HTML && !CONTENT_AFTER_HTML && !__CT_TEXT_PLAIN && !__BOUNCE_FROM_DAEMON && !__MSGID_OK_HEX && !__HAS_SENDER && !__LYRIS_EZLM_REMAILER && !MAILING_LIST_MULTI && !__HAS_CID && !__URI_DOTGOV 
+describe   CONTENT_AFTER_HTML_WEAK     More content after HTML close tag
+#score      CONTENT_AFTER_HTML_WEAK     1.500	# limit
+tflags     CONTENT_AFTER_HTML_WEAK     publish
+##} CONTENT_AFTER_HTML_WEAK
+
 ##{ CORRUPT_FROM_LINE_IN_HDRS
 
 meta CORRUPT_FROM_LINE_IN_HDRS (MISSING_HEADERS && __BODY_STARTS_WITH_FROM_LINE && MISSING_DATE && NO_RELAYS)
@@ -782,19 +763,19 @@ describe CTYPE_8SPACE_GIF   Stock spam image part 'Content-Type' found (8 spc)
 endif
 ##} CTYPE_8SPACE_GIF ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
-##{ CTYPE_NULL ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  meta         CTYPE_NULL          __CTYPE_NULL
-  describe     CTYPE_NULL          Malformed Content-Type header
-endif
-##} CTYPE_NULL ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-
 ##{ CURR_PRICE
 
 body CURR_PRICE         /\bCurrent Price:/
 ##} CURR_PRICE
 
+##{ DATE_IN_FUTURE_Q_PLUS ifplugin Mail::SpamAssassin::Plugin::HeaderEval
+
+ifplugin Mail::SpamAssassin::Plugin::HeaderEval
+header   DATE_IN_FUTURE_Q_PLUS  eval:check_for_shifted_date('2920', 'undef')
+describe DATE_IN_FUTURE_Q_PLUS  Date: is over 4 months after Received: date
+endif
+##} DATE_IN_FUTURE_Q_PLUS ifplugin Mail::SpamAssassin::Plugin::HeaderEval
+
 ##{ DAY_I_EARNED if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
 if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
@@ -1207,14 +1188,6 @@ describe    FOUND_YOU          I found you...
 tflags      FOUND_YOU          publish
 ##} FOUND_YOU
 
-##{ FREEMAIL_DOC_PDF_BCC ifplugin Mail::SpamAssassin::Plugin::FreeMail
-
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         FREEMAIL_DOC_PDF_BCC   __FREEMAIL_DOC_PDF && __TO_UNDISCLOSED
-  describe     FREEMAIL_DOC_PDF_BCC   MS document or PDF attachment, from freemail, all recipients hidden
-endif
-##} FREEMAIL_DOC_PDF_BCC ifplugin Mail::SpamAssassin::Plugin::FreeMail
-
 ##{ FREEMAIL_FORGED_FROMDOMAIN ifplugin Mail::SpamAssassin::Plugin::FreeMail ifplugin Mail::SpamAssassin::Plugin::HeaderEval if (version >= 3.004000)
 
 ifplugin Mail::SpamAssassin::Plugin::FreeMail
@@ -1404,13 +1377,6 @@ meta           FROM_MISSP_MSFT       __FROM_RUNON && (__ANY_OUTLOOK_MUA || __MIM
 describe       FROM_MISSP_MSFT       From misspaced + supposed Microsoft tool
 ##} FROM_MISSP_MSFT
 
-##{ FROM_MISSP_PHISH
-
-meta        FROM_MISSP_PHISH     __FROM_MISSP_PHISH && !__DOS_HAS_LIST_UNSUB 
-describe    FROM_MISSP_PHISH     Malformed, claims to be from financial organization - possible phish
-#score       FROM_MISSP_PHISH     3.500	# limit
-##} FROM_MISSP_PHISH
-
 ##{ FROM_MISSP_REPLYTO
 
 meta           FROM_MISSP_REPLYTO    __FROM_MISSP_REPLYTO && !__NOT_SPOOFED && !__RCD_RDNS_MTA_MESSY && !__TO___LOWER && !__COMMENT_EXISTS && !__UNSUB_LINK && !__MIME_QP && !__CTYPE_MULTIPART_ALT && !__JM_REACTOR_DATE && !__PLING_QUERY && !__DOS_HAS_LIST_UNSUB 
@@ -1427,12 +1393,6 @@ ifplugin Mail::SpamAssassin::Plugin::SPF
 endif
 ##} FROM_MISSP_SPF_FAIL ifplugin Mail::SpamAssassin::Plugin::SPF
 
-##{ FROM_MISSP_TO_UNDISC
-
-meta           FROM_MISSP_TO_UNDISC  (__FROM_RUNON && __TO_UNDISCLOSED)
-describe       FROM_MISSP_TO_UNDISC  From misspaced, To undisclosed
-##} FROM_MISSP_TO_UNDISC
-
 ##{ FROM_MISSP_USER
 
 meta           FROM_MISSP_USER       (__FROM_RUNON && NSL_RCVD_FROM_USER)
@@ -1495,13 +1455,6 @@ endif
 endif
 ##} FROM_NUMBERO_NEWDOMAIN if (version >= 3.004001) ifplugin Mail::SpamAssassin::Plugin::AskDNS
 
-##{ FROM_NUMERIC_TLD
-
-header     FROM_NUMERIC_TLD            From:addr =~ /\.\d+$/
-describe   FROM_NUMERIC_TLD            From: address has numeric TLD
-#score      FROM_NUMERIC_TLD            3.000	# limit
-##} FROM_NUMERIC_TLD
-
 ##{ FROM_PAYPAL_SPOOF if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 
 if (version >= 3.004002)
@@ -1538,12 +1491,6 @@ endif
 endif
 ##} FROM_SUSPICIOUS_NTLD_FP if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 
-##{ FROM_WSP_TRAIL
-
-header   FROM_WSP_TRAIL	From:raw =~ /< [^>]* \s > [^<>]* \z/xm
-describe FROM_WSP_TRAIL	Trailing whitespace before '>' in From header field
-##} FROM_WSP_TRAIL
-
 ##{ FSL_BULK_SIG
 
 meta     FSL_BULK_SIG          (DCC_CHECK || RAZOR2_CHECK || PYZOR_CHECK) && !__FSL_HAS_LIST_UNSUB && !__UNSUB_LINK && !__DOS_HAS_LIST_UNSUB && !__RCVD_IN_DNSWL && !__JM_REACTOR_DATE && !__RCD_RDNS_SMTP && !__RCD_RDNS_SMTP_MESSY && !__USING_VERP1 && !__KAM_BODY_LENGTH_LT_128 
@@ -1573,11 +1520,6 @@ meta    FSL_HELO_BARE_IP_1        __FSL_HELO_BARE_IP_1 && !ALL_TRUSTED
 header  FSL_HELO_DEVICE         X-Spam-Relays-External =~ /\bhelo=(?:(?:dsl)?device|speedtouch)\.lan\b/i
 ##} FSL_HELO_DEVICE
 
-##{ FSL_HELO_FAKE
-
-header  FSL_HELO_FAKE           X-Spam-Relays-External =~ /\bhelo=(?:yandex.ru|(?:hotmail|gmail|google|yahoo|msn|microsoft)\.com)\b/i
-##} FSL_HELO_FAKE
-
 ##{ FSL_HELO_NON_FQDN_1
 
 header  FSL_HELO_NON_FQDN_1     X-Spam-Relays-External =~ /^[^\]]+ helo=[a-zA-Z0-9-_]+ /i
@@ -1805,13 +1747,6 @@ ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
 endif
 ##} FUZZY_WALLET ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
 
-##{ GAPPY_LOW_CONTRAST
-
-meta        GAPPY_LOW_CONTRAST    __GAPPY_LOW_CONTRAST && !__HAS_LIST_ID 
-describe    GAPPY_LOW_CONTRAST    Gappy subject + hidden text
-#score       GAPPY_LOW_CONTRAST    2.500   # limit
-##} GAPPY_LOW_CONTRAST
-
 ##{ GAPPY_SALES_LEADS_FREEM if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
 if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
@@ -1822,9 +1757,35 @@ if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 endif
 ##} GAPPY_SALES_LEADS_FREEM if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
+##{ GB_BITCOIN_CP
+
+meta     GB_BITCOIN_CP        ( __GB_BITCOIN_CP_DE || __GB_BITCOIN_CP_ES || __GB_BITCOIN_CP_EN || __GB_BITCOIN_CP_FR || __GB_BITCOIN_CP_IT || __GB_BITCOIN_CP_NL || __GB_BITCOIN_CP_SE )
+describe GB_BITCOIN_CP        Localized Bitcoin scam
+#score    GB_BITCOIN_CP        3.0 # limit
+##} GB_BITCOIN_CP
+
+##{ GB_BITCOIN_NH
+
+meta     GB_BITCOIN_NH        ( __BITCOIN_ID && !__URL_BTC_ID && ( __NEVER_HEAR_EN || __NEVER_HEAR_IT ) )
+describe GB_BITCOIN_NH        Localized Bitcoin scam
+#score    GB_BITCOIN_NH        3.0 # limit
+##} GB_BITCOIN_NH
+
+##{ GB_CUSTOM_HTM_URI if (version >= 4.000000) if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+
+if (version >= 4.000000)
+if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+  meta          GB_CUSTOM_HTM_URI       ( __GB_CUSTOM_HTM_URI0 || __GB_CUSTOM_HTM_URI1 || __GB_CUSTOM_HTM_URI2 || __GB_DRUPAL_URI )
+  describe      GB_CUSTOM_HTM_URI       Custom html uri
+#  score         GB_CUSTOM_HTM_URI       1.500 # limit
+  tflags        GB_CUSTOM_HTM_URI       publish
+endif
+endif
+##} GB_CUSTOM_HTM_URI if (version >= 4.000000) if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+
 ##{ GB_FAKE_RF_SHORT
 
-meta       GB_FAKE_RF_SHORT              ( ! __THREADED && __GB_FAKE_RF && __PDS_URISHORTENER )
+meta       GB_FAKE_RF_SHORT              ( ! __THREADED && __GB_FAKE_RF && __URL_SHORTENER )
 describe   GB_FAKE_RF_SHORT              Fake reply or forward with url shortener
 #score      GB_FAKE_RF_SHORT              2.000 # limit
 tflags     GB_FAKE_RF_SHORT              publish
@@ -1866,12 +1827,37 @@ describe    GB_GOOGLE_OBFUR	Obfuscate url through Google redirect
 tflags      GB_GOOGLE_OBFUR     publish
 ##} GB_GOOGLE_OBFUR
 
-##{ GB_GOOG_IMG_NOT_RCVD_GOOG
+##{ GB_HASHBL_BTC if (version >= 3.004003) ifplugin Mail::SpamAssassin::Plugin::HashBL
 
-meta       GB_GOOG_IMG_NOT_RCVD_GOOG   ( __GDRIVE_IMG_NOT_RCVD_GOOG || __GPHOTO_IMG_NOT_RCVD_GOOG ) && !__HAS_ERRORS_TO && !__MSGID_LIST && !__MSGID_GUID && !__RCD_RDNS_SMTP
-describe   GB_GOOG_IMG_NOT_RCVD_GOOG   Google hosted image but message not from Google
-#score      GB_GOOG_IMG_NOT_RCVD_GOOG   2.500    # limit
-##} GB_GOOG_IMG_NOT_RCVD_GOOG
+if (version >= 3.004003)
+  ifplugin Mail::SpamAssassin::Plugin::HashBL
+    body          GB_HASHBL_BTC eval:check_hashbl_bodyre('bl.btcblack.it', 'raw/max=10/shuffle', '\b(?<!=)([13][a-km-zA-HJ-NP-Z1-9]{25,34}|bc1[acdefghjklmnpqrstuvwxyz234567890]{30,62})\b')
+    tflags        GB_HASHBL_BTC net publish
+    describe      GB_HASHBL_BTC Message contains BTC address found on BTCBL
+#    score         GB_HASHBL_BTC 5.0 # limit
+endif
+endif
+##} GB_HASHBL_BTC if (version >= 3.004003) ifplugin Mail::SpamAssassin::Plugin::HashBL
+
+##{ GB_STORAGE_GOOGLE_EMAIL if (version >= 4.000000) if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+
+if (version >= 4.000000)
+if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+  uri           GB_STORAGE_GOOGLE_EMAIL m|^https?://storage\.cloud\.google\.com/.{4,128}\#%{GB_TO_ADDR}|i
+  describe      GB_STORAGE_GOOGLE_EMAIL Google storage cloud abuse
+#  score         GB_STORAGE_GOOGLE_EMAIL 2.000 # limit
+  tflags        GB_STORAGE_GOOGLE_EMAIL publish
+endif
+endif
+##} GB_STORAGE_GOOGLE_EMAIL if (version >= 4.000000) if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+
+##{ GB_URI_FLEEK_STO_HTM
+
+uri        GB_URI_FLEEK_STO_HTM          m,^https?://storageapi\.fleek\.co/.*\.html?,i
+describe   GB_URI_FLEEK_STO_HTM          Html file stored on Fleek cloud
+#score      GB_URI_FLEEK_STO_HTM          1.000 # limit
+tflags     GB_URI_FLEEK_STO_HTM          multiple maxhits=5
+##} GB_URI_FLEEK_STO_HTM
 
 ##{ GEO_QUERY_STRING
 
@@ -2196,19 +2182,6 @@ meta		HK_SCAM			__HK_SCAM_N2 || __HK_SCAM_N3 || __HK_SCAM_N8 || __HK_SCAM_N15 ||
 tflags		HK_SCAM			publish
 ##} HK_SCAM
 
-##{ HK_SPAMMY_FILENAME ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-
-ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-meta		HK_SPAMMY_FILENAME	__HK_SPAMMY_CTFN || __HK_SPAMMY_CDFN
-endif
-##} HK_SPAMMY_FILENAME ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-
-##{ HK_WIN
-
-meta		HK_WIN			((__hk_win_2 + __hk_win_3 + __hk_win_4 + __hk_win_5 + __hk_win_7 + __hk_win_8 + __hk_win_9 + __hk_win_0 + __hk_win_a + __hk_win_b + __hk_win_c + __hk_win_d + __hk_win_i + __hk_win_j + __hk_win_l + __hk_win_m + __hk_win_n + __hk_win_o) >= 2)
-#score		HK_WIN			1
-##} HK_WIN
-
 ##{ HOSTED_IMG_DIRECT_MX
 
 meta       HOSTED_IMG_DIRECT_MX        __HOSTED_IMG_DIRECT_MX && !__DKIM_EXISTS 
@@ -2464,13 +2437,6 @@ tflags      LIST_PRTL_SAME_USER    publish
 uri  LIVEFILESTORE       m~livefilestore.com/~
 ##} LIVEFILESTORE
 
-##{ LONGLN_LOW_CONTRAST
-
-meta        LONGLN_LOW_CONTRAST   __LONGLN_LOW_CONTRAST && !ALL_TRUSTED && !__HAS_ERRORS_TO && !__TRAVEL_ITINERARY 
-describe    LONGLN_LOW_CONTRAST   Excessively long line + hidden text
-#score       LONGLN_LOW_CONTRAST   2.500   # limit
-##} LONGLN_LOW_CONTRAST
-
 ##{ LONG_HEX_URI
 
 meta        LONG_HEX_URI      __128_HEX_URI && !__LCL__KAM_BODY_LENGTH_LT_1024
@@ -2553,13 +2519,6 @@ describe LOTTO_AGENT      Claims Agent
 #score    LOTTO_AGENT      1.50		# limit
 ##} LOTTO_AGENT
 
-##{ LOTTO_DEPT
-
-meta     LOTTO_DEPT       __LOTTO_DEPT && !__COMMENT_EXISTS && !__HAS_IN_REPLY_TO && !__THREADED && !__VIA_ML && !__TO_YOUR_ORG && !__TRAVEL_ITINERARY && !__AUTO_ACCIDENT
-describe LOTTO_DEPT       Claims Department
-#score    LOTTO_DEPT       2.00		# limit
-##} LOTTO_DEPT
-
 ##{ LUCRATIVE
 
 meta     LUCRATIVE        ( __LUCRATIVE && __HELO_NO_DOMAIN ) && !ALL_TRUSTED
@@ -2573,6 +2532,12 @@ tflags   LUCRATIVE        publish
 header L_SPAM_TOOL_13   Date =~ /\s[+-]\d(?![2358]45)\d[124-9]\d$/
 ##} L_SPAM_TOOL_13
 
+##{ MALFORMED_FREEMAIL
+
+meta	 MALFORMED_FREEMAIL	(MISSING_HEADERS||__HDRS_LCASE) && FREEMAIL_FROM
+describe MALFORMED_FREEMAIL	Bad headers on message from free email service
+##} MALFORMED_FREEMAIL
+
 ##{ MALF_HTML_B64
 
 meta       MALF_HTML_B64               MIME_BASE64_TEXT && HTML_MIME_NO_HTML_TAG 
@@ -2606,26 +2571,6 @@ ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 endif
 ##} MALW_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
-##{ MANY_HDRS_LCASE
-
-describe       MANY_HDRS_LCASE       Odd capitalization of multiple message headers
-#score          MANY_HDRS_LCASE       0.10	# limit
-##} MANY_HDRS_LCASE
-
-##{ MANY_HDRS_LCASE if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-
-if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-  meta         MANY_HDRS_LCASE       __MANY_HDRS_LCASE && !__HDRS_LCASE_KNOWN && !__VIA_ML && !__THREADED && !__UNUSABLE_MSGID && !__DOS_SINGLE_EXT_RELAY && !__DKIM_EXISTS && !__NOT_SPOOFED && !__BUGGED_IMG && !__MIME_QP && !__RDNS_NONE
-endif
-##} MANY_HDRS_LCASE if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
-
-##{ MANY_HDRS_LCASE ifplugin Mail::SpamAssassin::Plugin::FreeMail
-
-ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta         MANY_HDRS_LCASE       __MANY_HDRS_LCASE && !__HDRS_LCASE_KNOWN && !__VIA_ML && !__freemail_safe && !__THREADED && !__UNUSABLE_MSGID && !__DOS_SINGLE_EXT_RELAY && !__DKIM_EXISTS && !__NOT_SPOOFED && !__BUGGED_IMG && !__MIME_QP && !__RDNS_NONE
-endif
-##} MANY_HDRS_LCASE ifplugin Mail::SpamAssassin::Plugin::FreeMail
-
 ##{ MANY_SPAN_IN_TEXT
 
 meta           MANY_SPAN_IN_TEXT   __MANY_SPAN_IN_TEXT && !__VIA_ML
@@ -2651,6 +2596,13 @@ describe	MILLION_HUNDRED		Million "One to Nine" Hundred
 tflags		MILLION_HUNDRED		publish
 ##} MILLION_HUNDRED
 
+##{ MILLION_USD
+
+body MILLION_USD                /Million\b.{0,40}\b(?:United States? Dollars?|USD)/i
+describe MILLION_USD            Talks about millions of dollars
+#score MILLION_USD 2
+##} MILLION_USD
+
 ##{ MIMEOLE_DIRECT_TO_MX
 
 meta       MIMEOLE_DIRECT_TO_MX        __MIMEOLE_DIRECT_TO_MX && !__ANY_IMAGE_ATTACH && !__DKIM_EXISTS 
@@ -2770,6 +2722,12 @@ describe       MONERO_PAY_ME          Pay me via Monero cryptocurrency
 tflags         MONERO_PAY_ME          publish
 ##} MONERO_PAY_ME
 
+##{ MONEY_ATM_CARD
+
+meta     MONEY_ATM_CARD   __MONEY_ATM_CARD && !__COMMENT_EXISTS && !__TAG_EXISTS_STYLE
+describe MONEY_ATM_CARD   Lots of money on an ATM card
+##} MONEY_ATM_CARD
+
 ##{ MONEY_FORM
 
 meta     MONEY_FORM          __MONEY_FORM && !__FB_TOUR && !__FM_MY_PRICE && !__FR_SPACING_8 && !__COMMENT_EXISTS && !__CAN_HELP
@@ -2851,12 +2809,6 @@ describe 	MSGID_MULTIPLE_AT	Message-ID contains multiple '@' characters
 #score 		MSGID_MULTIPLE_AT	0.001
 ##} MSGID_MULTIPLE_AT
 
-##{ MSGID_NOFQDN1
-
-meta     MSGID_NOFQDN1    __MSGID_NOFQDN1
-describe MSGID_NOFQDN1    Message-ID with no domain name
-##} MSGID_NOFQDN1
-
 ##{ MSMAIL_PRI_ABNORMAL
 
 meta        MSMAIL_PRI_ABNORMAL        __MSMAIL_PRI_ABNORMAL && !ALL_TRUSTED && !__ANY_OUTLOOK_MUA && !__HAS_THREAD_INDEX  && !__DKIM_EXISTS && !__MSOE_MID_WRONG_CASE && !__HAS_X_MAILER && !__HAS_UA && !__MSMAIL_PRI_HIGH 
@@ -2877,6 +2829,12 @@ tflags     MSM_PRIO_REPTO              publish
 meta MSOE_MID_WRONG_CASE  (__XM_OUTLOOK_EXPRESS && __MSOE_MID_WRONG_CASE && !__MIMEOLE_1106)
 ##} MSOE_MID_WRONG_CASE
 
+##{ NAME_EMAIL_DIFF
+
+meta	 NAME_EMAIL_DIFF	__NAME_IS_EMAIL && ! __NAME_EQ_EMAIL
+describe NAME_EMAIL_DIFF	Sender NAME is an unrelated email address
+##} NAME_EMAIL_DIFF
+
 ##{ NA_DOLLARS
 
 body NA_DOLLARS                        /\b(?:\d{1,3})?Million\b.{0,40}\b(?:Canadian Dollar?s?|US\$|U\.? ?S\.? Dollar)/i
@@ -2906,13 +2864,6 @@ describe NICE_REPLY_A		Looks like a legit reply (A)
 tflags   NICE_REPLY_A		nice
 ##} NICE_REPLY_A
 
-##{ NORDNS_LOW_CONTRAST
-
-meta        NORDNS_LOW_CONTRAST   __NORDNS_LOW_CONTRAST && !ALL_TRUSTED && !__HAS_CID && !__THREADED 
-describe    NORDNS_LOW_CONTRAST   No rDNS + hidden text
-#score       NORDNS_LOW_CONTRAST   2.500   # limit
-##} NORDNS_LOW_CONTRAST
-
 ##{ NOT_SPAM
 
 body        NOT_SPAM           /\b(?:(?:this (?:e?-?mail|message)|we) (?:is not|are not|cannot be considered) Spam|ESTE CORREO NO PUEDE SER CONSIDERADO (?:INTRUSIVO|spam)|Diese Nachricht ist KEIN SPAM)/i
@@ -2946,6 +2897,13 @@ full NULL_IN_BODY       /\x00/
 describe NULL_IN_BODY   Message has NUL (ASCII 0) byte in message
 ##} NULL_IN_BODY
 
+##{ NUMBERONLY_BITCOIN_EXP
+
+meta     NUMBERONLY_BITCOIN_EXP __NUMBERONLY_TLD && __BITCOIN_ID && __NAKED_TO
+describe NUMBERONLY_BITCOIN_EXP Domain ends in a large number and very short body with link
+#score    NUMBERONLY_BITCOIN_EXP 2.0 # limit
+##} NUMBERONLY_BITCOIN_EXP
+
 ##{ OBFU_BITCOIN
 
 meta           OBFU_BITCOIN     __OBFU_BITCOIN
@@ -2987,17 +2945,6 @@ ifplugin Mail::SpamAssassin::Plugin::FreeMail
 endif
 ##} ODD_FREEM_REPTO ifplugin Mail::SpamAssassin::Plugin::FreeMail
 
-##{ OFFER_ONLY_AMERICA if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-
-if (version >= 3.004002)
-ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-meta     OFFER_ONLY_AMERICA __FROM_ADDRLIST_SUSPNTLD && __PDS_OFFER_ONLY_AMERICA
-describe OFFER_ONLY_AMERICA Offer only available to US
-#score    OFFER_ONLY_AMERICA 2.0 # limit
-endif
-endif
-##} OFFER_ONLY_AMERICA if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-
 ##{ PART_CID_STOCK ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
@@ -3014,6 +2961,13 @@ describe PART_CID_STOCK_LESS Has a spammy image attachment (by Content-ID, more
 endif
 ##} PART_CID_STOCK_LESS ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
+##{ PDS_BAD_THREAD_QP_64
+
+meta     PDS_BAD_THREAD_QP_64 __PDS_QP_64 && __HAS_THREAD_INDEX && !__THREAD_INDEX_GOOD
+describe PDS_BAD_THREAD_QP_64 Bad thread header - short QP
+#score    PDS_BAD_THREAD_QP_64 1.0
+##} PDS_BAD_THREAD_QP_64
+
 ##{ PDS_BTC_ID
 
 meta     PDS_BTC_ID __PDS_BTC_ID
@@ -3046,26 +3000,14 @@ describe PDS_DBL_URL_TNB_RUNON Double-url and To no arrows, from runon
 #score    PDS_DBL_URL_TNB_RUNON 2.0
 ##} PDS_DBL_URL_TNB_RUNON
 
-##{ PDS_FRNOM_TODOM_DBL_URL
+##{ PDS_FROM_2_EMAILS if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
 
-meta     PDS_FRNOM_TODOM_DBL_URL PDS_FROM_NAME_TO_DOMAIN && __PDS_DOUBLE_URL
-describe PDS_FRNOM_TODOM_DBL_URL From Name to domain, double URL
-#score    PDS_FRNOM_TODOM_DBL_URL 1.5
-##} PDS_FRNOM_TODOM_DBL_URL
-
-##{ PDS_FRNOM_TODOM_NAKED_TO
-
-meta     PDS_FRNOM_TODOM_NAKED_TO __NAKED_TO && PDS_FROM_NAME_TO_DOMAIN
-describe PDS_FRNOM_TODOM_NAKED_TO Naked to From name equals to Domain
-#score    PDS_FRNOM_TODOM_NAKED_TO 1.5
-##} PDS_FRNOM_TODOM_NAKED_TO
-
-##{ PDS_FROM_NAME_TO_DOMAIN
-
-meta     PDS_FROM_NAME_TO_DOMAIN __PDS_FROM_NAME_TO_DOMAIN
-#score    PDS_FROM_NAME_TO_DOMAIN 2.0
-describe PDS_FROM_NAME_TO_DOMAIN From:name looks like To:domain
-##} PDS_FROM_NAME_TO_DOMAIN
+if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
+  meta       PDS_FROM_2_EMAILS        __PDS_FROM_2_EMAILS && !__VIA_ML && !__VIA_RESIGNER && !__MSGID_JAVAMAIL && !__RCD_RDNS_MAIL_MESSY && !__RCD_RDNS_SMTP_MESSY && !__DKIM_EXISTS 
+  describe   PDS_FROM_2_EMAILS        From header has multiple different addresses
+#  score      PDS_FROM_2_EMAILS        3.500	# limit
+endif
+##} PDS_FROM_2_EMAILS if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
 
 ##{ PDS_HELO_SPF_FAIL
 
@@ -3075,12 +3017,23 @@ describe PDS_HELO_SPF_FAIL High profile HELO that fails SPF
 tflags   PDS_HELO_SPF_FAIL net
 ##} PDS_HELO_SPF_FAIL
 
-##{ PDS_HP_HELO_NORDNS
+##{ PDS_NAKED_TO_NUMERO
 
-meta     PDS_HP_HELO_NORDNS RDNS_NONE && __HELO_HIGHPROFILE
-describe PDS_HP_HELO_NORDNS High profile HELO with no sender rDNS
-#score    PDS_HP_HELO_NORDNS 1.0
-##} PDS_HP_HELO_NORDNS
+meta     PDS_NAKED_TO_NUMERO __NAKED_TO && __NUMBERONLY_TLD
+describe PDS_NAKED_TO_NUMERO Naked-to, numberonly domain
+#score    PDS_NAKED_TO_NUMERO 2.0
+##} PDS_NAKED_TO_NUMERO
+
+##{ PDS_NO_FULL_NAME_SPOOFED_URL ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+
+ifplugin Mail::SpamAssassin::Plugin::WLBLEval
+if (version >= 3.004000)
+meta     PDS_NO_FULL_NAME_SPOOFED_URL __PDS_MSG_1024 && __KHOP_NO_FULL_NAME && __SPOOFED_URL && !(__VIA_ML || __SENDER_BOT || __YAHOO_BULK || __UNSUB_LINK || __THREADED || __URL_SHORTENER)
+describe PDS_NO_FULL_NAME_SPOOFED_URL HTML message short, T_SPOOFED_URL and T_KHOP_NO_FULL_NAME
+#score    PDS_NO_FULL_NAME_SPOOFED_URL 0.75 # limit
+endif
+endif
+##} PDS_NO_FULL_NAME_SPOOFED_URL ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
 ##{ PDS_OTHER_BAD_TLD if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 
@@ -3093,20 +3046,6 @@ endif
 endif
 ##} PDS_OTHER_BAD_TLD if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 
-##{ PDS_PHPEXP_BOT
-
-meta     PDS_PHPEXP_BOT __SENDER_BOT && (__PDS_TONAME_EQ_TOLOCAL + __NAKED_TO >= 1) && (__PDS_PHP_EVAL2 + __PDS_PHP_EVAL1 + T_PDS_X_PHP_WP_EXP + __PDS_X_PHP_WELLKNOWN >= 1)
-describe PDS_PHPEXP_BOT PHP exploit bot sender
-#score    PDS_PHPEXP_BOT 1.5
-##} PDS_PHPEXP_BOT
-
-##{ PDS_PHP_EVAL
-
-meta     PDS_PHP_EVAL __PDS_PHP_EVAL1
-describe PDS_PHP_EVAL PHP header shows eval'd code
-#score    PDS_PHP_EVAL 1.5
-##} PDS_PHP_EVAL
-
 ##{ PDS_RDNS_DYNAMIC_FP
 
 meta     PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC && !__PDS_RDNS_MTA
@@ -3114,11 +3053,22 @@ meta     PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC && !__PDS_RDNS_MTA
 describe PDS_RDNS_DYNAMIC_FP RDNS_DYNAMIC with FP steps
 ##} PDS_RDNS_DYNAMIC_FP
 
+##{ PDS_SHORT_SPOOFED_URL ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+
+ifplugin Mail::SpamAssassin::Plugin::WLBLEval
+if (version >= 3.004000)
+meta     PDS_SHORT_SPOOFED_URL __PDS_MSG_1024 && __SPOOFED_URL && !(__VIA_ML || __SENDER_BOT || __YAHOO_BULK || __UNSUB_LINK || __THREADED || __URL_SHORTENER)
+describe PDS_SHORT_SPOOFED_URL HTML message short and T_SPOOFED_URL (S_U_FP)
+#score    PDS_SHORT_SPOOFED_URL 2.0
+endif
+endif
+##} PDS_SHORT_SPOOFED_URL ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+
 ##{ PDS_TINYSUBJ_URISHRT ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     PDS_TINYSUBJ_URISHRT (__PDS_URISHORTENER || __URL_SHORTENER) && __SUBJ_SHORT && __PDS_MSG_1024
+meta     PDS_TINYSUBJ_URISHRT __URL_SHORTENER && __SUBJ_SHORT && __PDS_MSG_1024
 describe PDS_TINYSUBJ_URISHRT Short subject with URL shortener
 #score    PDS_TINYSUBJ_URISHRT 1.5 # limit
 endif
@@ -3132,21 +3082,6 @@ describe PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE Forged replyto and __PDS_TONAME_EQ_TO
 #score    PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE 2.0 # limit
 ##} PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE
 
-##{ PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE
-
-meta     PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE __PDS_TONAME_EQ_TOLOCAL && __HDRS_LCASE
-describe PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE To: name matches everything in local email - LCASE headers
-#score    PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE 2.0 # limit
-##} PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE
-
-##{ PDS_TO_EQ_FROM_NAME if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-
-if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-  meta       PDS_TO_EQ_FROM_NAME      (__PDS_TO_EQ_FROM_NAME_1 || __PDS_TO_EQ_FROM_NAME_2) && !__HAS_SENDER 
-  describe   PDS_TO_EQ_FROM_NAME      From: name same as To: address
-endif
-##} PDS_TO_EQ_FROM_NAME if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-
 ##{ PHISH_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
@@ -3172,24 +3107,6 @@ describe   PHISH_FBASEAPP              Probable phishing via hosted web app
 tflags     PHISH_FBASEAPP              publish
 ##} PHISH_FBASEAPP
 
-##{ PHOTO_EDITING_DIRECT if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta       PHOTO_EDITING_DIRECT       (__PHOTO_RETOUCHING && __DOS_DIRECT_TO_MX) && !ALL_TRUSTED && !__HAS_HREF
-  describe   PHOTO_EDITING_DIRECT       Image editing service, direct to MX
-#  score      PHOTO_EDITING_DIRECT       3.000	# limit
-endif
-##} PHOTO_EDITING_DIRECT if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-
-##{ PHOTO_EDITING_FREEM if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta       PHOTO_EDITING_FREEM        __PHOTO_RETOUCHING > 4 && (__REPTO_CHN_FREEM || __freemail_hdr_replyto)
-  describe   PHOTO_EDITING_FREEM        Image editing service, freemail or CHN replyto
-#  score      PHOTO_EDITING_FREEM        3.750	# limit
-endif
-##} PHOTO_EDITING_FREEM if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-
 ##{ PHP_NOVER_MUA
 
 describe  PHP_NOVER_MUA       Mail from PHP with no version number
@@ -3219,13 +3136,6 @@ describe   PHP_ORIG_SCRIPT             Sent by bot & other signs
 tflags     PHP_ORIG_SCRIPT             publish
 ##} PHP_ORIG_SCRIPT
 
-##{ PHP_ORIG_SCRIPT_EVAL
-
-meta       PHP_ORIG_SCRIPT_EVAL        __PHP_ORIG_SCRIPT_EVAL
-describe   PHP_ORIG_SCRIPT_EVAL        From suspicious PHP source
-#score      PHP_ORIG_SCRIPT_EVAL        3.000	# limit
-##} PHP_ORIG_SCRIPT_EVAL
-
 ##{ PHP_SCRIPT
 
 meta       PHP_SCRIPT                  __HAS_PHP_SCRIPT && !ALL_TRUSTED && !__PHP_NOVER_MUA && !__TO___LOWER && !__MIME_BASE64 && !__HAS_ANY_EMAIL && !__L_CTE_7BIT 
@@ -3242,11 +3152,6 @@ describe   PHP_SCRIPT_MUA              Sent by PHP script, no version number
 tflags     PHP_SCRIPT_MUA              publish
 ##} PHP_SCRIPT_MUA
 
-##{ POSSIBLE_AMAZON_PHISH_02
-
-meta       POSSIBLE_AMAZON_PHISH_02    (__FROM_NAME_AMAZONCOM && !__HDR_RCVD_AMAZON && !__HDR_RCVD_AMAZON_HELO)
-##} POSSIBLE_AMAZON_PHISH_02
-
 ##{ POSSIBLE_APPLE_PHISH_02
 
 meta       POSSIBLE_APPLE_PHISH_02     (__FROM_NAME_APPLECOM && !__HDR_RCVD_APPLE)
@@ -3685,11 +3590,11 @@ describe   RDNS_NUM_TLD_XM             Relay rDNS has numeric TLD + suspicious h
 tflags     RDNS_NUM_TLD_XM             publish
 ##} RDNS_NUM_TLD_XM
 
-##{ REPLYTO_EMPTY
+##{ READY_TO_SHIP
 
-header      REPLYTO_EMPTY          Reply-To =~ /<>/
-describe    REPLYTO_EMPTY          Reply-To undeliverable
-##} REPLYTO_EMPTY
+body       READY_TO_SHIP               /(?:(?:in our (?:stock|warehouse|store|storage facility)(?: today| now| right away)?[.,:]\s|our (?:\w+,? ){2,8}(?:is |now )+)Ready (?:to (?:be )?|for )+(?:ship|send|deliver)|ready (?:for shipping|to (?:ship|send)) (?:(?:in|from|by) our (?:warehouse|stock|stor(?:e|age))|(?:to|for)(?: global(?:ly)?| worldwide| customers){2})|(?:(?:our|this|a|great|fine|wonderful|cool|popular) new product|we have(?: \w+){1,6} available|ready) in (?:our )?(?:warehouse|stock|stor(?:e|age))|just arrived in our (?:warehouse|stor(?:e|age))|we will (?:contact the (?:warehouse|logistics|store|storage(?: facility)) to )?arrange (?:the )?(?:shipment|delivery)|a new (?:\w+ ){1,3}in our (?:warehouse|storage)|this (?:new )?(?:merchandise|product|item) is (?:now )?(?:ready (?:to ship )?|available )(?:at|in|from) our (?:warehouse|stock|stor(?:e|age)))/i
+#score      READY_TO_SHIP               1.250	# limit
+##} READY_TO_SHIP
 
 ##{ REPLYTO_WITHOUT_TO_CC
 
@@ -3698,7 +3603,7 @@ meta REPLYTO_WITHOUT_TO_CC     (__HAS_REPLY_TO && !__TOCC_EXISTS)
 
 ##{ REPTO_419_FRAUD
 
-header REPTO_419_FRAUD Reply-To:addr =~ /^(?![^\s<>@]+\@(?:(?:gmail|yahoo|outlook|hotmail|aol|yandex|protonmail|qq|consultant)\.com|yahoo\.co\.jp)(?:$|[>,\s]))(?:(?:mail)\@101private\.com|(?:(?:alfredcheuk002|mavis_wanczyk))\@126\.com|(?:(?:alfredcheuk_yuchow|ehagler))\@163\.com|(?:mathew\.yon2)\@abbsinvestment\.com|(?:wang)\@abconline\.hk|(?:russia2018worldcuplotto5)\@accountant\.com|(?:midwestern)\@adexec\.com|(?:joxford)\@adm-irs\.com|(?:office)\@admntline\.ml|(?:(?:infovsa|maria\.louge|w(?:bfefft|n\.buffett)))\@aim\.com|(?:(?:jessikasingh|travisalex))\@aliyun\.com|(?:(?:deanie_ron|mundo\.europe|richwetton))\@aol\.co\.uk|(?:mrssabah_ibrahim7)\@aol\.fr|(?:support)\@apostlesfoundation\.com|(?:jeromecgb12)\@asia\.com|(?:bllphillips)\@att\.net|(?:atendimento\-multiplus\-banco\-brasil)\@bb\.com|(?:(?:admin|info))\@bhleu\.com|(?:costruire)\@bigmat\.it|(?:susan\.lampard)\@bk\.ru|(?:(?:office\.uk|renataapsilva))\@bol\.com\.br|(?:onmydestiny18)\@boulevardmalls\.com|(?:ochiaisatoruasistbank)\@brew-master\.com|(?:nicola)\@brighenti\.net|(?:mrshelen)\@btarneauds\.com|(?:inter01)\@c2\.hu|(?:(?:andrelwotti|contact\.roycockrumgrantoffice|fbipayment(?:50|600)|harunajim667|ralphwjohnson))\@citromail\.hu|(?:info)\@classicmail\.co\.za|(?:martin)\@claudiatrincado\.com|(?:irdi33)\@cock\.li|(?:federal_ministrayoffinance)\@comtube\.com|(?:cc(?:hendik|jjdesk))\@consultancydesk\.co\.ua|(?:(?:jones\-co|kellyzwo))\@cox\.net|(?:(?:dmalpasswb|joseramonjr1|re(?:covered\-tax|em(?:2018|alhashimi|hashimi2020))))\@daum\.net|(?:blythemasters)\@digitalassetholding\.org|(?:(?:abd\.aljassem|claimreview))\@dr\.com|(?:atmpaymentcentttt)\@e-mail\.ua|(?:rogersteare02)\@e1\.ru|(?:jesusgacia)\@eclipso\.email|(?:davison\.warwick)\@eclipso\.eu|(?:(?:denbrink|kathy_gerald1965|pch\.cliamdept))\@email\.com|(?:info)\@euro-pinnacle\.com|(?:(?:advancedsegurosespana|monitorunitbelgium))\@europe\.com|(?:us\.secretaryofstate)\@ex\.ua|(?:susanibrahim)\@exclusivemail\.co\.za|(?:lottomax)\@execs\.com|(?:jabufa)\@executivemail\.co\.za|(?:adam_moroney\.esq)\@fedco-usa\.com|(?:steven)\@federalreservebanks\.us|(?:jeferrey)\@financier\.com|(?:harry\.jones)\@firstbondcapital\.com|(?:admindepart)\@firstinlandbnkplc\.com|(?:info)\@fnconsultant\.biz|(?:(?:egolan2|gella1|qatardonations16|smadartsadik|tepnherve00))\@foxmail\.com|(?:zen)\@fpg\.com\.co|(?:mmpaulsmith145)\@frontier\.com|(?:mrchau1)\@gala\.net|(?:info)\@gcbonline\.co\.ua|(?:(?:bn|jb))\@getmaworldwide\.org|(?:info)\@gezimarkt\.com|(?:octaviancm)\@gmx\.co\.uk|(?:(?:ahmet\.broker|f(?:aridaomar|er3nrod1512)|kevin\-office|p\.hamedmoff|rosicboteruff|walter_anderson))\@gmx\.com|(?:(?:fernrodyup12|harrish|miraiminaki))\@gmx\.fr|(?:joxford)\@gmx\.us|(?:m\.johnson10012)\@googlemail\.com|(?:raymondchanjp)\@hkmaltd\.org|(?:marketing)\@homebg\.in|(?:christgoldwilliams)\@hotmail\.fr|(?:gtakeshi)\@htisteel\.com|(?:alexgoodwill129)\@ibibo\.com|(?:imffunds)\@inbox\.lv|(?:info\.fidelity\.finance)\@inbox\.ru|(?:(?:offer2021|pierresgift_2021))\@indamail\.hu|(?:lizawong)\@infohsbc\.net|(?:sheikhwahab)\@islamicfb\.com|(?:mrsfatimahhassan[12])\@itbox\.ro|(?:info)\@johannaconsultancy\.com|(?:info)\@johnhenryorg\.com|(?:john)\@johnpedroconsults\.com|(?:(?:hre187390|re(?:em\.alhashimi|mmhashimi)))\@kakao\.com|(?:europsenderscouriers)\@keemail\.me|(?:a015)\@laposte\.net|(?:johndavid)\@lawdistributionlimited\.com|(?:info)\@lbafltd\.com|(?:ecowascourt)\@legislator\.com|(?:fatih)\@leventsimsek\.com\.tr|(?:olivia_simon)\@lihat\.dds-akaun\.com|(?:pb\-2pb012)\@live\.co\.uk|(?:(?:financiero172|helen_galloway|markjohnson650))\@live\.com|(?:mr\.williamrigule)\@live\.fr|(?:miraminaki)\@lycos\.com|(?:drdanielmminele)\@magicmail\.co\.za|(?:andrewh1)\@mail2banker\.com|(?:bmwofficeinfo)\@mail2consultant\.com|(?:lanxianjun)\@mail2hongkong\.com|(?:hwc2)\@mail2world\.com|(?:shillay)\@mail\.bg|(?:(?:a(?:isha\-gaddafi0|yishagddafio|zimhashim2018)|kateclough1|mriamchombo1968))\@mail\.com|(?:ayishagddafio)\@mail\.ru|(?:(?:publishers_clearinghouse|rev\.williamschurch))\@mail\.uk|(?:mrcheongg2012)\@mailbox\.hu|(?:johannreimann)\@memeware\.net|(?:sarb_bnk086)\@meta\.ua|(?:miguel)\@miguel-sanchez\.com|(?:info)\@morbicera\.com|(?:anjer\.keith)\@ms-fsp-europe\.com|(?:cadpayout01)\@my\.com|(?:me)\@myprivatemail\.website|(?:stephanfalzer)\@myself\.com|(?:(?:reem9999|wujames))\@naver\.com|(?:abel)\@nbdeil\.com|(?:jessicahunt1960)\@net-c\.com|(?:lindsaytrembley)\@oimail\.com|(?:accountingdrg)\@onet\.eu|(?:(?:allanwoodmarko1|eco\.depo\.services|fred\.grenville))\@onet\.pl|(?:jarramos)\@ono\.com|(?:pablomancilla1)\@orange\.es|(?:ahmed3khan)\@outlook\.fr|(?:info\-casino888\.com)\@ozu\.es|(?:info)\@peagent\.net|(?:andrew\.penning)\@penninglegalassociate\.com|(?:wood)\@poczta\.onet\.eu|(?:m(?:aryjosen|boyaeth))\@post\.com|(?:ffundsremitunits)\@premiumtbnk\.com|(?:santiagomachado)\@presidency\.com|(?:ecowaspayoffice)\@protonmail\.ch|(?:uni1)\@rayana\.ir|(?:(?:franciscoperezc|mrsrose\.hill|robert\.cota|unionbatmpaymentsection))\@rediffmail\.com|(?:nidiabustamante)\@registerednurses\.com|(?:info)\@rehapmed\.com|(?:info)\@repsol\.org\.uk|(?:wanczykmavis101)\@rogers\.com|(?:elena\.santos)\@rollageoup\.com|(?:mrs\.rachel2013)\@safe-mail\.net|(?:enqraward)\@sbcglobal\.net|(?:fbotha2009)\@secsuremail\.com|(?:francisbotha65)\@securesvsmail\.online|(?:smtpfox\-ys2n8)\@semillasdeamor\.com\.co|(?:wils)\@send\.com|(?:ibralsmma)\@seznam\.cz|(?:(?:jimyang77|kentpace))\@sina\.com|(?:stan)\@soborka\.net|(?:dycheseaan)\@sol\.dk|(?:info(?:04|1))\@sony\.com|(?:info\.jschneider)\@spainmail\.com|(?:mroliverbergmuellers)\@specialautokins\.com|(?:barrister_hans)\@stationlibraryjhelum\.com|(?:fbidirector(?:11|wadc))\@superposta\.com|(?:anders\.karlsson)\@swedbankabgroup\.com|(?:insurance_contl)\@swissmail\.com|(?:nnbank)\@szm\.sk|(?:mhua)\@tbochk\.com|(?:billard\.thompson)\@thompsonlawassociates\.com|(?:fabio2016)\@tim\.it|(?:bobby\.william)\@tradent\.net|(?:lopez\.rios)\@udttld\.com|(?:info)\@un-grant\.info|(?:(?:info\.(?:clev\.frb|imfamerica)|policyaddmin\.file))\@usa\.com|(?:bmuczdh)\@virgilio\.it|(?:holt1231)\@w\.cn|(?:daydreamin)\@wanadoo\.fr|(?:weboffice05)\@web\.de|(?:portiaw)\@webbe\.work|(?:b(?:\-calebfirm2007|enklerk\-postpact2|oriscaleb121))\@webmail\.co\.za|(?:(?:frboffice|jw\.ny\.frb))\@webmail\.hu|(?:verificationsector)\@webname\.com|(?:tbryant6)\@woh\.rr\.com|(?:henleywatkinss)\@y7mail\.com|(?:johnkwanghooi101)\@yahoo\.c|(?:chapelliermadeleine)\@yahoo\.ca|(?:arroblutt\.paymentoffice)\@yahoo\.cn|(?:bencook5511)\@yahoo\.co\.nz|(?:gloriamoses02)\@yahoo\.co\.th|(?:(?:abigailbanga1975|jeffwilliam207|owengreen70|samue95))\@yahoo\.co\.uk|(?:(?:changgordon946|thomaspeter227))\@yahoo\.com\.hk|(?:boa2cb)\@yahoo\.com\.vn|(?:contactus88\-00)\@yahoo\.es|(?:fortinsandrine)\@yahoo\.fr|(?:dr\.amelia\.george1)\@yandex\.ru|(?:(?:alfred_cheuk_chow|maviswanczyk01))\@yeah\.net|(?:(?:avaethan21|westernunion817))\@ymail\.com|(?:goldfish20123)\@zing\.vn|(?:jefflindsay)\@zoho\.com|(?:benaffleck1977)\@zohomail\.com|(?:laprimitivaes)\@zohomail\.eu)$/i
+header REPTO_419_FRAUD Reply-To:addr =~ /^(?![^\s<>@]+\@(?:(?:gmail|yahoo|outlook|hotmail|aol|yandex|protonmail|qq|consultant)\.com|yahoo\.co\.jp)(?:$|[>,\s]))(?:(?:mail)\@101private\.com|(?:(?:alfredcheuk002|mavis_wanczyk))\@126\.com|(?:(?:alfredcheuk_yuchow|ehagler))\@163\.com|(?:mathew\.yon2)\@abbsinvestment\.com|(?:wang)\@abconline\.hk|(?:russia2018worldcuplotto5)\@accountant\.com|(?:midwestern)\@adexec\.com|(?:joxford)\@adm-irs\.com|(?:office)\@admntline\.ml|(?:(?:infovsa|maria\.louge|w(?:bfefft|n\.buffett)))\@aim\.com|(?:(?:jessikasingh|travisalex))\@aliyun\.com|(?:(?:deanie_ron|mundo\.europe|richwetton))\@aol\.co\.uk|(?:mrssabah_ibrahim7)\@aol\.fr|(?:support)\@apostlesfoundation\.com|(?:jeromecgb12)\@asia\.com|(?:bllphillips)\@att\.net|(?:atendimento\-multiplus\-banco\-brasil)\@bb\.com|(?:(?:admin|info))\@bhleu\.com|(?:costruire)\@bigmat\.it|(?:susan\.lampard)\@bk\.ru|(?:(?:office\.uk|renataapsilva))\@bol\.com\.br|(?:onmydestiny18)\@boulevardmalls\.com|(?:luciamariacampbell)\@boximail\.com|(?:ochiaisatoruasistbank)\@brew-master\.com|(?:nicola)\@brighenti\.net|(?:mrshelen)\@btarneauds\.com|(?:inter01)\@c2\.hu|(?:gregwingo)\@cheapnet\.it|(?:(?:andrelwotti|contact\.roycockrumgrantoffice|dbank12|fbipayment(?:50|600)|harunajim667|manuel\.rabelais|paul\.wilson|r(?:alphwjohnson|ev_markbless)|trustees101))\@citromail\.hu|(?:info)\@classicmail\.co\.za|(?:martin)\@claudiatrincado\.com|(?:irdi33)\@cock\.li|(?:federal_ministrayoffinance)\@comtube\.com|(?:cc(?:hendik|jjdesk))\@consultancydesk\.co\.ua|(?:(?:jones\-co|kellyzwo))\@cox\.net|(?:(?:brunoso|lisatroutman))\@currently\.com|(?:(?:dmalpasswb|i(?:lanasoloshneor|nfo90000)|joseramonjr1|re(?:covered\-tax|em(?:2018|alhashimi|ealhashimi|hashimi2020))))\@daum\.net|(?:blythemasters)\@digitalassetholding\.org|(?:bar_sahil)\@dominionassociates\.uk|(?:zahvoedir)\@donations\.christchurchliverpool\.xyz|(?:(?:abd\.aljassem|claimreview))\@dr\.com|(?:atmpaymentcentttt)\@e-mail\.ua|(?:rogersteare02)\@e1\.ru|(?:jesusgacia)\@eclipso\.email|(?:davison\.warwick)\@eclipso\.eu|(?:(?:denbrink|kathy_gerald1965|pch\.cliamdept))\@email\.com|(?:infoleonfredberbst)\@emailgroups\.net|(?:info)\@euro-pinnacle\.com|(?:(?:advancedsegurosespana|monitorunitbelgium))\@europe\.com|(?:us\.secretaryofstate)\@ex\.ua|(?:susanibrahim)\@exclusivemail\.co\.za|(?:lottomax)\@execs\.com|(?:jabufa)\@executivemail\.co\.za|(?:adam_moroney\.esq)\@fedco-usa\.com|(?:steven)\@federalreservebanks\.us|(?:jeferrey)\@financier\.com|(?:mrsdebbielevin)\@firemail\.de|(?:steve_dickson)\@firemail\.eu|(?:harry\.jones)\@firstbondcapital\.com|(?:admindepart)\@firstinlandbnkplc\.com|(?:info)\@fnconsultant\.biz|(?:(?:egolan2|gella1|qatardonations16|smadartsadik|tepnherve00))\@foxmail\.com|(?:zen)\@fpg\.com\.co|(?:mmpaulsmith145)\@frontier\.com|(?:mrchau1)\@gala\.net|(?:info)\@gcbonline\.co\.ua|(?:(?:bn|jb))\@getmaworldwide\.org|(?:info)\@gezimarkt\.com|(?:octaviancm)\@gmx\.co\.uk|(?:(?:ahmet\.broker|f(?:aridaomar|er3nrod1512)|kevin\-office|p\.hamedmoff|rosicboteruff|walter_anderson))\@gmx\.com|(?:(?:fernrodyup12|harrish|miraiminaki))\@gmx\.fr|(?:(?:arthur1alan|joxford))\@gmx\.us|(?:m(?:\.johnson10012|aryclayton123))\@googlemail\.com|(?:solotexglobalcouriercompany)\@groupesgb\.net|(?:raymondchanjp)\@hkmaltd\.org|(?:marketing)\@homebg\.in|(?:christgoldwilliams)\@hotmail\.fr|(?:gtakeshi)\@htisteel\.com|(?:alexgoodwill129)\@ibibo\.com|(?:bo_li)\@imgrantfunds\.com|(?:irdi33)\@inbox\.lt|(?:imffunds)\@inbox\.lv|(?:info\.fidelity\.finance)\@inbox\.ru|(?:(?:a\.josepaulino|jonardossantos|mingmui0012|offer2021|pierresgift_2021))\@indamail\.hu|(?:lizawong)\@infohsbc\.net|(?:info)\@intarpol-int\.online|(?:sheikhwahab)\@islamicfb\.com|(?:mrsfatimahhassan[12])\@itbox\.ro|(?:info)\@johannaconsultancy\.com|(?:info)\@johnhenryorg\.com|(?:john)\@johnpedroconsults\.com|(?:(?:annzainab2022|h(?:ashimirrr22|re187390)|re(?:e(?:m\.alhashimi|ninvestor111)|mmhashimi)))\@kakao\.com|(?:europsenderscouriers)\@keemail\.me|(?:a015)\@laposte\.net|(?:johndavid)\@lawdistributionlimited\.com|(?:info)\@lbafltd\.com|(?:ecowascourt)\@legislator\.com|(?:fatih)\@leventsimsek\.com\.tr|(?:olivia_simon)\@lihat\.dds-akaun\.com|(?:pb\-2pb012)\@live\.co\.uk|(?:(?:financiero172|helen_galloway|markjohnson650))\@live\.com|(?:mr\.williamrigule)\@live\.fr|(?:miraminaki)\@lycos\.com|(?:drdanielmminele)\@magicmail\.co\.za|(?:andrewh1)\@mail2banker\.com|(?:bmwofficeinfo)\@mail2consultant\.com|(?:lanxianjun)\@mail2hongkong\.com|(?:hwc2)\@mail2world\.com|(?:shillay)\@mail\.bg|(?:(?:a(?:isha\-gaddafi0|yishagddafio|zimhashim2018)|kateclough1|mriamchombo1968))\@mail\.com|(?:ayishagddafio?)\@mail\.ru|(?:(?:publishers_clearinghouse|rev\.williamschurch))\@mail\.uk|(?:mrcheongg2012)\@mailbox\.hu|(?:cb(?:nofficemail|officemail))\@mailsire\.com|(?:johannreimann)\@memeware\.net|(?:sarb_bnk086)\@meta\.ua|(?:miguel)\@miguel-sanchez\.com|(?:info)\@morbicera\.com|(?:anjer\.keith)\@ms-fsp-europe\.com|(?:cadpayout01)\@my\.com|(?:me)\@myprivatemail\.website|(?:stephanfalzer)\@myself\.com|(?:(?:reem9999|wujames))\@naver\.com|(?:abel)\@nbdeil\.com|(?:jessicahunt1960)\@net-c\.com|(?:lindsaytrembley)\@oimail\.com|(?:(?:accountingdrg|emmy\.marty))\@onet\.eu|(?:(?:allanwoodmarko1|eco\.depo\.services|fred\.grenville))\@onet\.pl|(?:jarramos)\@ono\.com|(?:pablomancilla1)\@orange\.es|(?:ahmed3khan)\@outlook\.fr|(?:info\-casino888\.com)\@ozu\.es|(?:info)\@peagent\.net|(?:andrew\.penning)\@penninglegalassociate\.com|(?:wood)\@poczta\.onet\.eu|(?:(?:m(?:aryjosen|boyaeth)|uncch\-info))\@post\.com|(?:martinahrivnakova)\@post\.cz|(?:ffundsremitunits)\@premiumtbnk\.com|(?:santiagomachado)\@presidency\.com|(?:charitylisajohnrobinson700)\@proton\.me|(?:ecowaspayoffice)\@protonmail\.ch|(?:uni1)\@rayana\.ir|(?:(?:franciscoperezc|mrsrose\.hill|robert\.cota|unionbatmpaymentsection))\@rediffmail\.com|(?:nidiabustamante)\@registerednurses\.com|(?:info)\@rehapmed\.com|(?:info)\@repsol\.org\.uk|(?:wanczykmavis101)\@rogers\.com|(?:elena\.santos)\@rollageoup\.com|(?:mrs\.rachel2013)\@safe-mail\.net|(?:enqraward)\@sbcglobal\.net|(?:fbotha2009)\@secsuremail\.com|(?:francisbotha65)\@securesvsmail\.online|(?:smtpfox\-ys2n8)\@semillasdeamor\.com\.co|(?:wils)\@send\.com|(?:ibralsmma)\@seznam\.cz|(?:(?:jimyang77|kentpace))\@sina\.com|(?:stan)\@soborka\.net|(?:dycheseaan)\@sol\.dk|(?:info(?:04|1))\@sony\.com|(?:info\.jschneider)\@spainmail\.com|(?:mroliverbergmuellers)\@specialautokins\.com|(?:barrister_hans)\@stationlibraryjhelum\.com|(?:alexander)\@stny\.rr\.com|(?:fbidirector(?:11|wadc))\@superposta\.com|(?:anders\.karlsson)\@swedbankabgroup\.com|(?:insurance_contl)\@swissmail\.com|(?:nnbank)\@szm\.sk|(?:mhua)\@tbochk\.com|(?:billard\.thompson)\@thompsonlawassociates\.com|(?:fabio2016)\@tim\.it|(?:bobby\.william)\@tradent\.net|(?:lopez\.rios)\@udttld\.com|(?:2100973645smsgateway)\@ukraine\.wheat-farmers\.website|(?:info)\@un-grant\.info|(?:(?:info\.(?:clev\.frb|imfamerica)|policyaddmin\.file))\@usa\.com|(?:dataphilanthropy)\@vipmail\.hu|(?:bmuczdh)\@virgilio\.it|(?:holt1231)\@w\.cn|(?:daydreamin)\@wanadoo\.fr|(?:weboffice05)\@web\.de|(?:portiaw)\@webbe\.work|(?:b(?:\-calebfirm2007|enklerk\-postpact2|oriscaleb121))\@webmail\.co\.za|(?:(?:elizabethlyonsfield|frboffice|jw\.ny\.frb))\@webmail\.hu|(?:verificationsector)\@webname\.com|(?:tbryant6)\@woh\.rr\.com|(?:henleywatkinss)\@y7mail\.com|(?:johnkwanghooi101)\@yahoo\.c|(?:chapelliermadeleine)\@yahoo\.ca|(?:arroblutt\.paymentoffice)\@yahoo\.cn|(?:bencook5511)\@yahoo\.co\.nz|(?:gloriamoses02)\@yahoo\.co\.th|(?:(?:abigailbanga1975|jeffwilliam207|owengreen70|samue95))\@yahoo\.co\.uk|(?:(?:changgordon946|thomaspeter227))\@yahoo\.com\.hk|(?:boa2cb)\@yahoo\.com\.vn|(?:contactus88\-00)\@yahoo\.es|(?:fortinsandrine)\@yahoo\.fr|(?:dr\.amelia\.george1)\@yandex\.ru|(?:(?:alfred_cheuk_chow|maviswanczyk01))\@yeah\.net|(?:(?:avaethan21|westernunion817))\@ymail\.com|(?:goldfish20123)\@zing\.vn|(?:jefflindsay)\@zoho\.com|(?:(?:benaffleck1977|monicadaniels909))\@zohomail\.com|(?:laprimitivaes)\@zohomail\.eu)$/i
 describe REPTO_419_FRAUD Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD 3.000
 tflags REPTO_419_FRAUD publish
@@ -3706,7 +3611,7 @@ tflags REPTO_419_FRAUD publish
 
 ##{ REPTO_419_FRAUD_AOL
 
-header REPTO_419_FRAUD_AOL Reply-To:addr =~ /^(?=[^\s<>@]+\@aol\.com)(?:(?:a(?:f\.2[06]|ljaber111|meliageorge|nd(?:_bley|rew_hans)|rthur\.alan)|b(?:aanidleewy|claimdept)|c(?:\.european|allumfoundation|h(?:anprivacy03|eungdavidd|ngeric|ristyruwalt)|laimdept21|ristinabruno38|ustom_service58)|d(?:avid\.kms|hodgkins001|ianwaynie)|e(?:ricalbertdpm|velynjoshua44)|f(?:d\.29|ernandezfernandez3|oundation\.charity)|g(?:arang\.rebeca|eorge_clifford4|roupfacility)|hernandezrosemary632|jmesaud|k\.doreen00|l(?:\.b162k|erynnewest99|isarobinson5\.0|orrainewirangee)|m(?:_l\.wanczyk62|aviswanczyk[do]|rs(?:isabelladzsesszika|safiagaddafi))|officework172|p(?:aulpollard2|otfolio\.management)|royalpalace2018|s(?:afiiagadafi|ovchan|pwalker721|t(?:aatsloterijnederlands|efano_pessina))|usembassy330|wattson\.renwick|yurdaaytarkan5))\@aol\.com$/i
+header REPTO_419_FRAUD_AOL Reply-To:addr =~ /^(?=[^\s<>@]+\@aol\.com)(?:(?:a(?:brajjohn|f\.2[06]|ljaber111|meliageorge|nd(?:_bley|rew_hans)|rthur\.alan)|b(?:a(?:anidleewy|rr_luc)|claimdept)|c(?:\.european|allumfoundation|h(?:anprivacy03|eungdavidd|ngeric|ristyruwalt)|laimdept21|ristinabruno38|ustom_service58)|d(?:avid\.kms|hodgkins001|ianwaynie)|e(?:ricalbertdpm|velynjoshua44)|f(?:d\.29|ernandezfernandez3|oundation\.charity)|g(?:arang\.rebeca|eorge_clifford4|roupfacility)|hernandezrosemary632|jmesaud|k\.doreen00|l(?:\.b162k|erynnewest99|isarobinson5\.0|orrainewirangee|ynnpage44)|m(?:_l\.wanczyk62|a(?:sayohara21|viswanczyk[do])|rs(?:isabelladzsesszika|janetedwards0001|safiagaddafi))|officework172|p(?:aulpollard2|otfolio\.management)|royalpalace2018|s(?:\.fofo|afiiagadafi|ovchan|pwalker721|t(?:aatsloterijnederlands|efano_pessina))|usembassy330|wattson\.renwick|yurdaaytarkan5))\@aol\.com$/i
 describe REPTO_419_FRAUD_AOL Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD_AOL 3.000
 tflags REPTO_419_FRAUD_AOL publish
@@ -3722,7 +3627,7 @@ tflags REPTO_419_FRAUD_AOL_LOOSE publish
 
 ##{ REPTO_419_FRAUD_CNS
 
-header REPTO_419_FRAUD_CNS Reply-To:addr =~ /^(?=[^\s<>@]+\@consultant\.com)(?:(?:anthonyalvarad|davidhenri|lottomaxclaims7|morrisherb|t(?:eo\.westin|he\.trustees1|rustees202000)))\@consultant\.com$/i
+header REPTO_419_FRAUD_CNS Reply-To:addr =~ /^(?=[^\s<>@]+\@consultant\.com)(?:(?:anthonyalvarad|davidhenri|lottomaxclaims7|morrisherb|t(?:eo\.westin|he\.trustees1|rustees202000)|westernuniopayment\.agent0018))\@consultant\.com$/i
 describe REPTO_419_FRAUD_CNS Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD_CNS 3.000
 tflags REPTO_419_FRAUD_CNS publish
@@ -3730,7 +3635,7 @@ tflags REPTO_419_FRAUD_CNS publish
 
 ##{ REPTO_419_FRAUD_GM
 
-header REPTO_419_FRAUD_GM Reply-To:addr =~ /^(?=[^\s<>@]+\@gmail\.com)(?:(?:01marviswanczyk|7912richardtony|a(?:b(?:d97412345|u(?:lkareem461|shadi0004))|c(?:count\.optionsmr\.jonasarmstrong|ecere001)|d(?:iallo\.boa|rabidiahmed)|isha(?:1976algaddafi|gaddafiaam)|l(?:\.jo60691737|an\.austin(?:041|223)|ex(?:anderpeterson4499|hoffman3319)|ghafrij13|kasimunadi221|l(?:enholden121|isoncluade11)|nizmaria|ure\.wawrenka1472)|m(?:ericadeliverycomapny1(?:300|800)|ina(?:ltwaijiri02|medjahed95))|n(?:d(?:rewumehunitedbankforafrica|yfox0022)|n(?:a(?:llee091|sigurlaug458)|jenijohnsonn)|t(?:honyalvaradollc|o(?:meuenio|niopaco20consultant)))|r(?:adka01|chibaldhamble|thur11alan)|shwestwood7|ttohlawoffice\.tg|w1614860|zi(?:m(?:\.h(?:ashim\.premj|premji13)|hashim(?:2018|donation2019))|z(?:dake0|george50)))|b(?:a(?:nkcentralasiahalobca34|ochang7a|r(?:bersmadar75|clays\.kenya\.bank|rister(?:\.fidelisokafor|lordruben94)|teld\.huisman01))|bongo593|e(?:alitoniua9|linekra1|n(?:ezero392|jaminsarah195))|ill\.lawrence0747|laisevodoun|mw(?:automobile242|officeline)|o(?:arddept0|cchenyi)|r(?:andy\.heavenscenttt|endalaporte112)|uff(?:ettwarrene21|ookj))|c(?:artwrighttownhomesllc|claimsa|elicerez|h(?:a(?:ngching885|r(?:itylisajohnrobinson41|l(?:esluenga01|tonnewmanus1)))|e(?:mchung1011|nchung1011)|ienkwongp)|iticonsultantjohncg0|kruger00017|l(?:axtonpaul00|s79408)|o(?:l(?:edavid77032|husseinharmuchc(?:cj|j)|ombasjuan53)|mp(?:asationsettlement|ensationcommitteboard)|n(?:sult(?:matthias|sto\.u)|tactad00[04]))|pt\.eugenebarash|r(?:abbechambers|ist(?:bru(?:05|n05)|i1537bru))|ustomerservicelacaixa2)|d(?:29laws|a(?:n(?:008629|iel35508109|nydan24532)|tukannuarbinmusa|vi(?:d(?:\.loanfirm18|larbi11|pere337|r(?:amirez\.luis9012|ikhen))|scarolyn334|yax98))|cole77032|e(?:n(?:iwalts|nisclark659)|partmentofstate123|tlefeckhardd)|i(?:ane\.s\.wojcicki|gitalassetholding|plomatsshenry)|minique200|o(?:minicahkye|na(?:ldwilliam1988|tionhelpercare5))|r(?:\.meirh|abodid|davidrhama221|jamesdee|kennedyuzo|meier\.heidi?|owenfrederick)|u(?:nsilva58|stinmoskovitz\.2facebook)|v\.metus)|e(?:benezero392|christina937|drunity|l(?:i(?:bethgomez(?:175|499)|sabethmaria600|zabethedw0)|otocashoffice1?)|m(?:2keld|efiele(?:328|g757)|ilyrichmond391)|r(?:e(?:nakgeorge123|zcelic0)|ioncarter\.private)|stherkatherine1960|vgpatmow|wynn284)|f(?:\.mikhail025|a(?:ithdesrie511|tme\.mehmed001)|blott47|e(?:deralreservebankdallasdst|lix88995)|g0067333|irstbank(?:49966|6669|k49666)|j569282|l(?:556249|uhmann\.dn)|oundations\.west|r(?:a(?:100dub132|n(?:c(?:espatrickconnolly(?:5050|4)|iscamendoza960)|kj(?:ane984|wangg)))|eelottosweepstake51)|spero80|u(?:lanlan28|ngg1w))|g(?:00gleggewinner19|a(?:b(?:albertoassociates|rielkalia1102)|rethbull112016)|bill4880|e(?:neralwilliamstony990|orgekwame481|raldjhjh11)|iidp955|l(?:enmoore0011|oriachow5052)|o(?:glegewinnerteam|o(?:dnessxtra|golteam2019|oglegwiinner219))|r(?:aceobia001|e(?:ant311|energeoffrey776))|veraallen)|h(?:a(?:rryebert101|s(?:h(?:imyreem78|mireem801)|sanalshujairy))|e(?:atherbrooeke101|cto(?:alon|r(?:castillos653|scastillo6))|l(?:enadamsidaho|pdesk47321))|gold8080|i(?:ldad837|toshurui)|o(?:nmackjohn518|rnbeckmajordennis63[478]|seoky(?:34|9))|sbchgm|uichmh)|i(?:1955smael|amannjejosonn|bed627|mfgrantinter|n(?:fo(?:\.(?:abogadosmfontana|g00gleclaim|ulmusau)|64240|asminternationalpk|dessk\.dfwairportonline|fdrserve)|gridrolle2)|smailtarkan533)|j(?:35809121|a(?:6002932|888179|m(?:alpriv8un|esokoh82)|nusensecureprivate|sonyeungchiwai|vierlesme001)|b5406424|c2222222rrr|e(?:fferydean1960|nniannjhsonn)|k3311131|m(?:3461128|powellfr)|o(?:edward023|hn(?:\.wilde\.oneplusfinance|a9577|griffn818|paton\.alphafmc|r(?:awlings956|oxfordjr1)|son(?:deba|wilson(?:389|490))|uba234|walterlove2010)|monkzza|n(?:athanhaskel377|hugo1964|monkssa)|sephacevedo024|yce00011)|rawlings007|s4fernado|w6935997)|k(?:a(?:malnizar000|rabo\.ramala39|t(?:ebaronbarr|jamess043|rinaziako56))|en(?:mckenziejr|nedy\.sawadogo19)|halidbuhazza99|js09376|kasbu790|o(?:ntakt\.claim|tokairportcargo|watsusho\.co\.ltd\.jp)|rnkl1109|un(?:gwei7777|ioue28))|l(?:a(?:rrytoms200|ursent892|wrencefoundation30)|blackshirepm|erynne(?:0west99|west2289)|i(?:amfinchus(?:11|3)|ezlnatashavanessa|li(?:ane\.bettencourt1945|ianchrstph)|nelink008)|john6132|o(?:ganntomas|rrainewirengee|ughreymargaret67)|p319765|u(?:ckywinners2018|sba\.moored2019)|w94059|y(?:\.cheapiseth909|diawright836|n(?:\.arthur011|cmba440|nmkl3332)))|m(?:a(?:bel\.manaku|ckenzbezos|incare655|j(?:ialfutt|or(?:dennishornbeck53|townsend01))|kaltschmidt|n(?:duesq58|fran630|uelfranco(?:727|foundation0))|r(?:i(?:a(?:111dembele|27idemba|3(?:31lucas|51lucas)|hhills00)|opabl26)|kroth456|tinamayer903|yfranson56)|thewriaanza|u(?:noveutileina|rhinck11?)|viswan(?:142|czyk(?:1(?:19|987)|4(?:89|5)|775|foundation45|k112))|xaajn|ydetratt)|c(?:\.cheadychang76|kenthando)|dredban775|e(?:044386|l(?:lagolan|vidabullock5))|gfrederick80|husameddine|i(?:c(?:h(?:ael\.woosley1972|eal(?:sjohnj|wuu002))|paulla|w954)|kh(?:\.fridman|ai(?:\.fridman261|lfridm32))|ss(?:\.melisa\.mehmett|yaelronen))|jminabii|k(?:ent7117|untjoro52)|m(?:1086771|argaritalouisdreyfus)|nmalarge|ohamedabdul1717|r(?:\.(?:justinmaxwell09|lusee)|cjames001|d517341|ericfranck|hanimuhammad627|jamesmc6|r(?:echardthomas|ichardanthony1)|s(?:\.(?:janetolsen?|olsenjanett|susanread12)|a(?:ishaalqadafi1976|ngela454)|fatimaamiraqureshi1983|gezeria|h(?:amima60|ristinemadeleine)|j(?:ackman123|lleach)|maureens847|r(?:obinsanders185|uthsmith9900)|sarahbenjamin103|veraaellen)|tomcrist\.ca)|s(?:agent02|golaan4|smadar44)|u(?:ali000111|stadris22)|y(?:burghhugohendrik|racbally))|n(?:aomiiwasaki181|ckniem|eilt(?:9108|rotter968)|obuyuki\.hirano128|tawdglobal)|o(?:\.peace004|3344nb|ffice(?:\.012123|rricherd876|windowterms)|hallkenneth1|marinyandeng|nufoundationclaims|pcwkdw)|p(?:a(?:trick(?:\.efcc|andfrancessconnolly)|ul(?:eed1969|n8018))|b(?:ph202lay2|rookk0)|e(?:130304|t(?:er(?:\.waddell204|guggi0|kenin73?|stephen4040)|ronasofficepromo))|good60000|hillip\.richead218|ilz37754|olloke|ro1nvstream|trsvermeulen|w178483)|q(?:iquanzhou7|nzeng1)|r(?:19772744|677gfd|a(?:johnfernn|kidy23|lhashimi78|ymondaba200)|e(?:beccagarang11|em(?:has(?:himy(?:1978|mail)|m044)|n2214)|lpandemic|mittanceofficeasaba|neehii\.omb|plyback00|v(?:\.jamesabel1|ernestcebi|frankjackson91))|ichard(?:lustig4u|w(?:ahl511|illis815))|josh200000|o(?:berthanandez6655|naldmorris786|s(?:a\.gomes0044|ekipkalya934))|svcdusan|t(?:\.rev\.ericmark05|honrichardshepherd)|ussiaworldcuppromo)|s(?:a(?:chingrams|l(?:ehhussienconsult1|imzaid7000)|nchoscozfifa|rfiafarfask7)|cottpeters7989|e(?:cretservicce[78]|rgeantrobertbrown1)|g(?:\.offiice\.group|tireneb2)|h(?:a(?:msiahmohamadyunusbnegara|nemissler2009)|ery(?:\.gtl131|etr03)|inawatrathaksin93)|imlkheng5|op(?:adam3|hiajesse41)|peelman1972|tephentam1(?:47|6)|u(?:iyang(?:\.boc|02)|n\.hor20|san(?:freeman112x|neklatten502)|zana111bah)|weeneyjohnson384)|t(?:ay(?:ebsouami0|lorcathy362)|davalvse|erryparkins11|h(?:ailandbankoffice01|e(?:ara\.choy2|odorosloannis9))|imothymetheny01|lyerdonald613|mason9w4r|o(?:m(?:\.cristdonor|c(?:hrist1995|rist(?:52|donation12|foundation99|world)))|ny(?:\.chung760|zimpro11)|pchronodesk|shikazusendo101)|p2911220|tkhan69s)|u(?:kponguko|marukareem8|n(?:claimedfunds554|itednation(?:organization70|s(?:8182|councilrefunds)))|sdepartmentofjustice80)|v(?:a(?:mamakazlegalchambers|nderwesthuizen560)|e(?:enapatel883|neerchris20003|r(?:a(?:aellen7|hollinkvan0)|enichekaterinaekaterina4))|i(?:ctoriaabraham2310|dalpamela85|ngut170|pjeferrey)|owpovertyfoundation)|w(?:a(?:dp4726|hlr(?:5990|ichard18)|ldibeatesieberhagen|nczykm61|rrenebuffett2)|b(?:271981|6159980)|i(?:elandherzog\.sw\.herad16|ll(?:clark2618|iamsmartyrs888))|kfinancialservice|orldbankregionalmanageroffice|u\.office212|ww\.moneygram9054)|y(?:\.oguzhan011|anghoseok5|doo974|ousefzongo5722)|z(?:enithbankplconline98|kiaslan1963|minhong65)))\@gmail\.com$/i
+header REPTO_419_FRAUD_GM Reply-To:addr =~ /^(?=[^\s<>@]+\@gmail\.com)(?:(?:01marviswanczyk|7912richardtony|9porssts9|a(?:\.wafager1|b(?:d(?:97412345|ullahmundani019)|u(?:lkareem461|shadi0004))|c(?:count\.optionsmr\.jonasarmstrong|ecere001)|d(?:iallo\.boa|rabidiahmed)|isha(?:1976algaddafi|gaddafiaam)|l(?:\.jo60691737|an\.austin(?:041|223)|ex(?:anderpeterson4499|hoffman3319)|ghafrij13|kasimunadi221|l(?:enholden121|isoncluade11)|nizmaria|ure\.wawrenka1472)|m(?:bassadormarybethleonardl4|ericadeliverycomapny1(?:300|800)|ina(?:ltwaijiri02|medjahed95))|n(?:d(?:rewumehunitedbankforafrica|yfox0022)|n(?:a(?:llee091|sigurlaug458)|ettrevor|jenijohnsonn)|t(?:honyalvaradollc|o(?:meuenio|niopaco20consultant)))|office1office1|r(?:adka01|chibaldhamble|thur11alan)|shwestwood7|ttohlawoffice\.tg|ustinbillmark9|w1614860|z(?:i(?:m(?:\.h(?:ashim\.premj|premji13)|hashim(?:2018|donation2019))|z(?:dake0|george50))|zedineguessous))|b(?:a(?:nkcentralasiahalobca34|ochang7a|r(?:bersmadar75|clays\.kenya\.bank|rister(?:\.fidelisokafor|lordruben94)|teld\.huisman01))|bongo593|e(?:alitoniua9|linekra1|n(?:ezero392|gatl80|jaminsarah195))|ill\.lawrence0747|laisevodoun|mw(?:automobile242|officeline)|o(?:arddept0|cchenyi)|r(?:andy\.heavenscenttt|endalaporte112)|uff(?:ettwarrene21|ookj)|w1832621)|c(?:artwrighttownhomesllc|claimsa|elicerez|h(?:a(?:ngching885|r(?:itylisajohnrobinson41|l(?:es(?:luenga01|wrightdepartments)|tonnewmanus1)))|e(?:mchung1011|nchung1011)|ienkwongp)|iticonsultantjohncg0|kruger00017|l(?:axtonpaul00|s79408)|o(?:l(?:edavid77032|husseinharmuchc(?:cj|j)|ombasjuan53)|mp(?:asationsettlement|ensationcommitteboard)|n(?:sult(?:matthias|sto\.u)|tactad00[04]))|pt\.eugenebarash|r(?:abbechambers|ist(?:bru(?:05|n05)|davis67|i1537bru|ydavisdonation1))|ustomerservicelacaixa2)|d(?:29laws|a(?:n(?:008629|i(?:el35508109|shlokija)|n(?:uar4|ydan24532))|tukannuarbinmusa|vi(?:d(?:\.loanfirm18|kaltschmidtmaureend|larbi11|pere337|r(?:amirez\.luis9012|ikhen))|scarolyn334|yax98))|cole77032|e(?:n(?:iwalts|nisclark659)|partmentofstate123|tlefeckhardd)|hsdevice|i(?:ane\.s\.wojcicki|gitalassetholding|plomatsshenry)|minique200|o(?:minicahkye|na(?:ldwilliam1988|tionhelpercare5))|r(?:\.meirh|abodid|davidrhama221|jamesdee|kennedyuzo|meier\.heidi?|owenfrederick)|u(?:nsilva58|stinmoskovitz\.2facebook)|v\.metus)|e(?:benezero392|christina937|drunity|l(?:i(?:bethgomez(?:175|499)|sabethmaria600|zabethedw0)|o(?:diesawadogo123|tocashoffice1?))|m(?:2keld|efiele(?:328|g757)|ilyrichmond391)|r(?:e(?:nakgeorge123|zcelic0)|ioncarter\.private)|stherkatherine1960|vgpatmow|wynn284)|f(?:\.mikhail025|a(?:ithdesrie511|tme\.mehmed001)|blott47|e(?:deralreservebankdallasdst|lix88995)|g0067333|irstbank(?:49966|6669|k49666)|j569282|l(?:556249|uhmann\.dn)|oundations\.west|p462558|r(?:a(?:100dub132|n(?:c(?:espatrickconnolly(?:5050|4)|iscamendoza960)|k(?:j(?:ane984|wangg)|linpiesie6)))|eelottosweepstake51)|spero8[02]|u(?:lanlan28|ngg1w))|g(?:00gleggewinner19|a(?:b(?:albertoassociates|riel(?:eschmitt002|kalia1102))|r(?:ciavincent500|ethbull112016))|b(?:528796|ill4880)|e(?:neralwilliamstony990|orgekwame481|raldjhjh11)|iidp955|l(?:enmoore0011|oriachow5052)|o(?:dfreyscottdonation|glegewinnerteam|o(?:dnessxtra|golteam2019|oglegwiinner219))|r(?:aceobia001|e(?:ant311|energeoffrey776))|veraallen)|h(?:a(?:r(?:gate2909|ryebert101)|s(?:h(?:imyreem78|mireem801)|sanalshujairy))|e(?:atherbrooeke101|cto(?:alon|r(?:castillos653|scastillo6))|l(?:en(?:adamsidaho|giggs88)|pdesk47321))|gold8080|i(?:ldad837|toshurui)|o(?:nmackjohn518|rnbeckmajordennis63[478]|seoky(?:34|9))|sbchgm|uichmh)|i(?:1955smael|amannjejosonn|bed627|mf(?:deputyoff000|grantinter)|n(?:fo(?:\.(?:a(?:bogadosmfontana|nnedouglas10)|g00gleclaim|ulmusau)|64240|asminternationalpk|bankofamerikaa|dessk\.dfwairportonline|fdrserve|ttcuckk)|gridrolle2)|smail(?:eman874|tarkan533))|j(?:35809121|a(?:6002932|888179|m(?:alpriv8un|esokoh82)|n(?:nsjonifer|usensecureprivate)|sonyeungchiwai|vierlesme001)|b5406424|c2222222rrr|e(?:fferydean1960|nniannjhsonn|robtt)|josvu|k3311131|m(?:3461128|powellfr)|o(?:edward023|hn(?:\.wilde\.oneplusfinance|a9577|griffn818|paton\.alphafmc|r(?:awlings956|oxfordjr1)|son(?:deba|wilson(?:389|490))|uba234|walterlove2010)|monkzza|n(?:athanhaskel377|hugo1964|monkssa)|sephacevedo024|vannyanderson001|yce00011)|rawlings007|s4fernado|uliewatson975|w6935997)|k(?:a(?:l(?:iaksandr5|tschmidtdavid8)|malnizar000|rabo\.ramala39|t(?:ebaron(?:barr|xq)|jamess043|rinaziako56))|en(?:mckenziejr|nedy\.sawadogo19)|halidbuhazza99|js09376|kasbu790|o(?:ntakt\.claim|tokairportcargo|watsusho\.co\.ltd\.jp)|rnkl1109|un(?:gwei7777|ioue28))|l(?:a(?:rrytoms200|ursent892|w(?:officealouancooparation|rencefoundation30))|blackshirepm|e(?:enasinghs97|onidasresearch|rynne(?:0west99|west2289))|i(?:amfinchus(?:11|3)|ezlnatashavanessa|fecshortt63|li(?:ane\.bettencourt1945|ianchrstph)|nelink008|sa(?:milner001|robin117))|john6132|o(?:ganntomas|rrainewirengee|ughreymargaret67)|p319765|u(?:ckywinners2018|sba\.moored2019)|w94059|y(?:\.cheapiseth909|diawright836|n(?:\.arthur011|cmba440|nmkl3332)))|m(?:a(?:bel\.manaku|ckenzbezos|damkoenig\.ruhama1b|incare655|j(?:ialfutt|or(?:dennishornbeck53|townsend01))|kaltschmidt|ll(?:am\.mlawal|etman2021)|mastar33m|n(?:ankovefimovich|duesq58|fran630|uelfranco(?:727|donation02|foundation0|spende8))|r(?:i(?:a(?:111dembele|27idemba|3(?:31lucas|51lucas)|hhills00)|opabl26|tinesecurityusa)|kroth456|shalh011|tin(?:amayer903|eziglesiasabogados|jrschwarz)|y(?:franson56|josen(?:62|81)))|thewriaanza|u(?:noveutileina|rhinck11?)|viswan(?:142|czyk(?:01478|1(?:19|987)|4(?:89|5)|775|foundation45|k112))|xaajn|ydetratt)|c(?:\.cheadychang76|kenthando)|dredban775|e(?:044386|l(?:lagolan|vidabullock5))|gfrederick80|husameddine|i(?:c(?:h(?:ael\.woosley1972|eal(?:sjohnj|wuu002))|paulla|w954)|k(?:e\.weirsky\.foundational001|h(?:\.fridman|ai(?:\.fridman261|lfridm32)))|ss(?:\.(?:melisa\.mehmett|yasmineibrahim101)|yaelronen))|jminabii|k(?:ent7117|untjoro52)|m(?:1086771|argaritalouisdreyfus|ohammadaljllilati)|nmalarge|oham(?:edabdul1717|m(?:daljililati1|edshamekh24))|r(?:\.(?:elbahi\.mohammed\.2021|justinmaxwell09|lusee)|cjames001|d517341|eric(?:franck|schmid4002)|hanimuhammad627|jamesmc6|r(?:echardthomas|ichardanthony1)|s(?:\.(?:janetolsen?|olsenjanett|susanread12)|a(?:ishaalqadafi1976|ngela454)|evelynbrown7|fatimaamiraqureshi1983|gezeria|h(?:amima60|ristinemadeleine)|isabelladz|j(?:ackman123|lleach)|maureens847|r(?:obinsanders185|uthsmith9900)|sarahbenjamin103|v(?:eraaellen|ictoriaedmond03))|tomcrist\.ca|viktorzubkovv)|s(?:\.ellagolan56|agent02|golaan4|smadar44)|u(?:ali000111|stadris22)|y(?:burghhugohendrik|racbally))|n(?:aomiiwasaki181|ckniem|eilt(?:9108|rotter968)|icholas\.jose73|obuyuki\.hirano128|tawdglobal|v637245)|o(?:\.peace004|3344nb|ffice(?:\.012123|rricherd876|windowterms)|hallkenneth1|marinyandeng|nufoundationclaims|pcwkdw|xfaminternationa1980)|p(?:a(?:trick(?:\.efcc|andfrancessconnolly)|ul(?:eed1969|n8018))|b(?:ph202lay2|rookk0)|e(?:130304|rezdonlorenzo336|t(?:er(?:\.waddell204|guggi0|kenin73?|stephen4040)|ronasofficepromo))|good60000|hillip\.richead218|ilz37754|olloke|ro1nvstream|trsvermeulen|w178483)|q(?:iquanzhou7|nzeng1)|r(?:19772744|677gfd|a(?:johnfernn|kidy23|lhashimi78|ymondaba200)|e(?:beccagarang11|em(?:has(?:himy(?:1978|mail)|m044)|n(?:2214|asser003302))|lpandemic|mittanceofficeasaba|neehii\.omb|plyback00|v(?:\.jamesabel1|ernestcebi|fr(?:ankjackson91|paulwilliams2)))|icha(?:miller18|rd(?:lustig4u|w(?:ahl511|il(?:lis815|son19091))))|josh200000|o(?:b(?:erthanandez6655|inf036)|naldmorris786|s(?:a\.gomes0044|ekipkalya934))|raya9989|svcdusan|t(?:\.rev\.ericmark05|honrichardshepherd)|ussiaworldcuppromo)|s(?:a(?:chingrams|l(?:ehhussienconsult1|imzaid7000)|nchoscozfifa|rfiafarfask7)|cottpeters7989|e(?:cretservicce[78]|rgeantrobertbrown1)|g(?:\.offiice\.group|t(?:\.monicab03|ireneb2))|h(?:a(?:msiahmohamadyunusbnegara|nemissler2009)|ery(?:\.gtl131|etr03)|inawatrathaksin93)|im(?:lkheng5|onhei47)|op(?:adam3|hiajesse41)|peelman1972|t(?:anleyjohn1469|ephentam1(?:47|6))|u(?:iyang(?:\.boc|02)|n\.hor20|san(?:freeman112x|neklatten502)|zana111bah)|weeneyjohnson384)|t(?:a(?:mmywebster24|y(?:ebsouami0|lorcathy362))|ch33555|davalvse|erryparkins11|h(?:ailandbankoffice01|e(?:ara\.choy2|odorosloannis9))|imothymetheny01|lyerdonald613|mason9w4r|o(?:m(?:\.cristdonor|ander231|c(?:hrist1995|rist(?:52|donation12|foundation99|world))|spende480)|ny(?:\.chung760|zimpro11)|pchronodesk|shikazusendo101)|p2911220|tkhan69s)|u(?:kponguko|marukareem8|n(?:claimedfunds554|itednation(?:organization70|s(?:8182|councilrefunds)))|s(?:alotery2|departmentofjustice80))|v(?:a(?:mamakazlegalchambers|nderwesthuizen560)|e(?:enapatel883|linagreen|neerchris20003|r(?:a(?:aellen7|hollinkvan0)|enichekaterinaekaterina4))|i(?:ctoriaabraham2310|dalpamela85|ngut170|pjeferrey)|n935990|owpovertyfoundation)|w(?:a(?:dp4726|hlr(?:5990|ichard18)|ldibeatesieberhagen|nczykm61|rrenebuffett2)|b(?:271981|6159980)|hatsappofficial001|i(?:elandherzog\.sw\.herad16|ll(?:clark(?:2618|629)|iamsmartyrs888))|kfinancialservice|orldbankregionalmanageroffice|u\.office212|ww\.moneygram9054)|y(?:\.oguzhan011|anghoseok5|doo974|ousefzongo5722)|z(?:bank8876|enithbankplconline98|kiaslan1963|minhong65|ubkovmrviktor)))\@gmail\.com$/i
 describe REPTO_419_FRAUD_GM Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD_GM 3.000
 tflags REPTO_419_FRAUD_GM publish
@@ -3746,7 +3651,7 @@ tflags REPTO_419_FRAUD_GM_LOOSE publish
 
 ##{ REPTO_419_FRAUD_HM
 
-header REPTO_419_FRAUD_HM Reply-To:addr =~ /^(?=[^\s<>@]+\@hotmail\.com)(?:(?:a(?:brahambeniam|n(?:ikal01|nagray00)|zezul\.idrisazezulidris)|choi21|d(?:l13139|r\.dukanalycoulibaly)|egorbunova22|faxttransfer\.skyebk\.service\.care\.th|infos(?:43|8)|katabettencourt2018|l(?:e(?:a_edem|galcosme|wisarm44)|ulihongm)|mr(?:abrahambeniamfc|pedrohilldonations|smicheleallison2003)|n(?:inajohn226|waigwe2765)|ocbc\-ba\-nkonline|powen10001|s(?:ajda\.andleeb|ulaimaninfante)|t(?:ashacap|omashntr)|unb(?:2015|int)|yostinbellamohammad))\@hotmail\.com$/i
+header REPTO_419_FRAUD_HM Reply-To:addr =~ /^(?=[^\s<>@]+\@hotmail\.com)(?:(?:a(?:brahambeniam|n(?:ikal01|nagray00)|zezul\.idrisazezulidris)|c(?:hoi21|laytousey)|d(?:l13139|r\.dukanalycoulibaly)|egorbunova22|faxttransfer\.skyebk\.service\.care\.th|infos(?:43|8)|katabettencourt2018|l(?:e(?:a_edem|galcosme|wisarm44)|ulihongm)|mr(?:abrahambeniamfc|pedrohilldonations|s(?:\.chantal_bill|micheleallison2003))|n(?:inajohn226|waigwe2765)|ocbc\-ba\-nkonline|powen10001|quickcashloansservices|s(?:a(?:jda\.andleeb|nchamps798)|ulaimaninfante)|t(?:ashacap|omashntr)|unb(?:2015|int)|yostinbellamohammad))\@hotmail\.com$/i
 describe REPTO_419_FRAUD_HM Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD_HM 3.000
 tflags REPTO_419_FRAUD_HM publish
@@ -3754,7 +3659,7 @@ tflags REPTO_419_FRAUD_HM publish
 
 ##{ REPTO_419_FRAUD_OL
 
-header REPTO_419_FRAUD_OL Reply-To:addr =~ /^(?=[^\s<>@]+\@outlook\.com)(?:(?:a(?:brahamwilliamsonrpsltduk|lbertchebe|ndrewgamble7)|b(?:asidris|etty\.c_investment|illgfile203)|c(?:bforeignremitdept|harlie\.j\.goodmand|laimunit\.facebook|ompensationfunding)|d(?:eborahleeconsult|hl(?:customercares|express\.fastservice)|onation_dept|rjonathankuku)|e(?:benezernonyeagwuceozbplc|urope\.win2)|f(?:abienna\.s|iduciarybmw2020)|g(?:20compessdesk|race\.manonfoundation)|j(?:ackson4steve|e(?:anedo1|ssicameir30))|kaujong|l(?:\.williams722|ui1480)|m(?:card\.msoftuk|illerjeffreylawchambers|oussa\.sayyid|r(?:\.henrichkisker|antonioguterress|bryandavisuk44|mduku|s(?:_elizabeth20|michelleallison|roseallen))|spvt2020)|philcohen0012|richardwahlfreegrant|s(?:aaman10|gi2019|t(?:\.monica|eve\.lenkathomson11))|t(?:g331965|oyotadrawboard2019)|unvanzyl_mrs|winuklotocash2018))\@outlook\.com$/i
+header REPTO_419_FRAUD_OL Reply-To:addr =~ /^(?=[^\s<>@]+\@outlook\.com)(?:(?:a(?:16u71|b(?:rahamwilliamsonrpsltduk|s0000200)|lbertchebe|ndrewgamble7)|b(?:asidris|etty\.c_investment|illgfile203)|c(?:bforeignremitdept|harlie\.j\.goodmand|laimunit\.facebook|ompensationfunding)|d(?:eborahleeconsult|hl(?:customercares|express\.fastservice)|onation_dept|rjonathankuku)|e(?:benezernonyeagwuceozbplc|urope\.win2)|f(?:abienna\.s|iduciarybmw2020|mr01|oundation701|p\.conn)|g(?:20compessdesk|race\.manonfoundation)|j(?:ackson4steve|e(?:anedo1|ssicameir30))|kaujong|l(?:\.williams722|ui1480)|m(?:card\.msoftuk|illerjeffreylawchambers|oussa\.sayyid|r(?:\.henrichkisker|antonioguterress|b(?:illgate9|ryandavisuk44)|mduku|s(?:_elizabeth20|michelleallison|roseallen))|spvt2020)|philcohen0012|richardwahlfreegrant|s(?:aaman10|gi2019|t(?:\.monica|eve\.lenkathomson11))|t(?:g331965|oyotadrawboard2019)|unvanzyl_mrs|w(?:esteruniontransferunite7|hatsapp_givewin|inuklotocash2018)))\@outlook\.com$/i
 describe REPTO_419_FRAUD_OL Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD_OL 3.000
 tflags REPTO_419_FRAUD_OL publish
@@ -3762,7 +3667,7 @@ tflags REPTO_419_FRAUD_OL publish
 
 ##{ REPTO_419_FRAUD_PM
 
-header REPTO_419_FRAUD_PM Reply-To:addr =~ /^(?=[^\s<>@]+\@protonmail\.com)(?:(?:armstrong0244|berndkoch|davidmetus|euclaim|p(?:a(?:melagriffi|t\.nwankwo)|rotonydonation)|scottpeter012|v\.brianpierre|yihsbltan|ziraatbankasi))\@protonmail\.com$/i
+header REPTO_419_FRAUD_PM Reply-To:addr =~ /^(?=[^\s<>@]+\@protonmail\.com)(?:(?:armstrong0244|berndkoch|davidmetus|euclaim|p(?:a(?:melagriffi|t\.nwankwo)|rotonydonation)|scottpeter012|the\.trustees1|v\.brianpierre|yihsbltan|ziraatbankasi))\@protonmail\.com$/i
 describe REPTO_419_FRAUD_PM Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD_PM 3.000
 tflags REPTO_419_FRAUD_PM publish
@@ -3778,7 +3683,7 @@ tflags REPTO_419_FRAUD_QQ publish
 
 ##{ REPTO_419_FRAUD_YH
 
-header REPTO_419_FRAUD_YH Reply-To:addr =~ /^(?=[^\s<>@]+\@yahoo\.com)(?:(?:a(?:driantongson13|lesiakalina2006|mbassador\.l|nnhester\.usa4)|b(?:a(?:che\.delfine|nk\.phbng14|rr\.thomasclark)|en(?:jaminb34|nicholas22)|illlawrenceee|riceangela45)|c(?:\.aroline90|abinet_maitre_emmanuel_patris|h(?:arlesscharf112|hoy\.t|jackson65)|juan852|ontelamine|ythiamiller\.un10)|d(?:hamilton9099|r(?:_raymondfung|kobiorah|victorobaji))|ericalbert24|f(?:bicompensation_funds|ederal\.r73)|i(?:\.project33411|befranfgnfmf|nfomoney|project32411)|j(?:a(?:ckson\.davis915|netemoon150)|kimyong21|lawrencefrb|ulietjohnsonn)|k(?:elvinmark629|im(?:\.leang2018?|leang(?:575|90)))|l(?:e(?:a_edem13|hman(?:909|bila))|i(?:m_kaan|sarobinson_555)|orrainewirengee|y_cheapiseth(?:11|2019))|m(?:a(?:itre_arthur\.catheau|rie_avis12)|d(?:\.ps|zsesszika672)|elissalewis4004|o(?:hammedaahil46|keye79)|rs(?:\.esthernicolas|isabella\.dzesszikan)|s\.gracie_olakun)|o(?:legkozyrev1|mranshaalan52)|p(?:ackerkelvin|eterlee1950|rincerasmane)|r(?:alphw(?:\.johnson78|johnson78)|o(?:bertbailey2004|serichard655))|s(?:amthong4040|igurlauganna34|leo25|opheap\.munny|pwalker101|tevecox\.98)|t(?:\.murasawa|ep1chen|heara\.chhoy|ylerhess\.43)|vanserge2001|willclark0010|xianglongdai60|zhaodonghk))\@yahoo\.com$/i
+header REPTO_419_FRAUD_YH Reply-To:addr =~ /^(?=[^\s<>@]+\@yahoo\.com)(?:(?:a(?:driantongson13|ilmohammed11|lesiakalina2006|mbassador\.l|nnhester\.usa4)|b(?:a(?:che\.delfine|nk\.phbng14|rr\.thomasclark)|en(?:jaminb34|nicholas22)|illlawrenceee|riceangela45)|c(?:\.aroline90|abinet_maitre_emmanuel_patris|h(?:arlesscharf112|hoy\.t|jackson65)|juan852|ontelamine|ythiamiller\.un10)|d(?:hamilton9099|r(?:_raymondfung|kobiorah|obiorahkenneth|victorobaji))|e(?:denvictor71|ricalbert24)|f(?:bicompensation_funds|ederal\.r73)|i(?:\.project33411|befranfgnfmf|nfomoney|project32411)|j(?:a(?:ckson\.davis915|netemoon150)|kimyong21|lawrencefrb|ulietjohnsonn)|k(?:altschmidtdavid8|elvinmark629|im(?:\.leang2018?|leang(?:575|90)))|l(?:e(?:a_edem13|hman(?:909|bila))|i(?:m_kaan|sarobinson_555)|o(?:an\.assist|rrainewirengee)|y_cheapiseth(?:11|2019))|m(?:\.kogi81|a(?:itre_arthur\.catheau|rie_avis12)|d(?:\.ps|zsesszika672)|elissalewis4004|o(?:hammedaahil46|keye79)|rs(?:\.esthernicolas|isabella\.dzesszikan)|s\.gracie_olakun)|o(?:legkozyrev1|mranshaalan52)|p(?:ackerkelvin|eterlee1950|rincerasmane)|r(?:alphw(?:\.johnson78|johnson78)|o(?:bertbailey2004|serichard655))|s(?:amthong4040|igurlauganna34|leo25|opheap\.munny|pwalker101|te(?:fanopessina573|vecox\.98))|t(?:\.murasawa|ep1chen|heara\.chhoy|ylerhess\.43)|vanserge2001|will(?:clark0010|smi68)|xianglongdai60|zhaodonghk))\@yahoo\.com$/i
 describe REPTO_419_FRAUD_YH Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD_YH 3.000
 tflags REPTO_419_FRAUD_YH publish
@@ -3802,12 +3707,19 @@ tflags REPTO_419_FRAUD_YJ publish
 
 ##{ REPTO_419_FRAUD_YN
 
-header REPTO_419_FRAUD_YN Reply-To:addr =~ /^(?=[^\s<>@]+\@yandex\.com)(?:(?:a(?:m(?:andarandle|g3333txx101)|na\.mariposa|wesome\.mariacarmen)|clemlau|dejongpeter|f(?:3dex\.courier|ed\.r3v|reedommarketinvestments)|gadd4fi\.aisha|h(?:ashimireem|halesbbanddd?)|joseph\-scott2k5|l(?:es20sc|otointernational\.elgordo)|m(?:arcarmenguty|fdpm|r(?:\.kongkea|akram\.elkerrami|spercy))|p(?:aragonloansinc|rincedarren0244)|rich(?:ard\.wahl|lawands)|tresor\.mambo|w(?:b\.foundation|ill(?:1amsmarg1|iam(?:simon1960|wilbert1)))|za\.dc2016))\@yandex\.com$/i
+header REPTO_419_FRAUD_YN Reply-To:addr =~ /^(?=[^\s<>@]+\@yandex\.com)(?:(?:a(?:lhashimi123|m(?:andarandle|g3333txx101)|n(?:a\.mariposa|n(?:acooper2019|zainab))|wesome\.mariacarmen)|c(?:harles\.kable|lemlau)|de(?:edee\-paul|jongpeter|ptoversea)|f(?:3dex\.courier|ed\.r3v|reedommarketinvestments)|gadd4fi\.aisha|h(?:ashimireem|halesbbanddd?)|joseph\-scott2k5|l(?:es20sc|otointernational\.elgordo)|m(?:arcarmenguty|fdpm|r(?:\.kongkea|akram\.elkerrami|spercy))|p(?:aragonloansinc|rincedarren0244)|rich(?:ard\.wahl|lawands)|tresor\.mambo|w(?:b\.foundation|ill(?:1amsmarg1|iam(?:simon1960|wilbert1)))|za\.dc2016))\@yandex\.com$/i
 describe REPTO_419_FRAUD_YN Reply-To is known advance fee fraud collector mailbox
 #score REPTO_419_FRAUD_YN 3.000
 tflags REPTO_419_FRAUD_YN publish
 ##} REPTO_419_FRAUD_YN
 
+##{ REPTO_INFONUMSCOM
+
+meta       REPTO_INFONUMSCOM           __REPTO_INFONUMSCOM
+#score      REPTO_INFONUMSCOM           3.000	# limit
+tflags     REPTO_INFONUMSCOM           publish
+##} REPTO_INFONUMSCOM
+
 ##{ RISK_FREE
 
 meta     RISK_FREE      __FRAUD_IOV && !__UNSUB_LINK && !__VIA_ML && !__HTML_LINK_IMAGE && !__SUBSCRIPTION_INFO && !__HS_SUBJ_RE_FW && !__LCL__ENV_AND_HDR_FROM_MATCH 
@@ -3819,11 +3731,60 @@ describe RISK_FREE      No risk!
 meta SB_GIF_AND_NO_URIS (__GIF_ATTACH&&!__HAS_ANY_URI&&!__HAS_ANY_EMAIL)
 ##} SB_GIF_AND_NO_URIS
 
-##{ SCRIPT_GIBBERISH
+##{ SCC_BOGUS_CTE_1 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
-meta           SCRIPT_GIBBERISH         __SCRIPT_GIBBERISH && (__BODY_XHTML || !__SCRIPT_TAG_IN_BODY) && !__TAG_EXISTS_META
-describe       SCRIPT_GIBBERISH         Nonsense in HTML <SCRIPT> tag
-##} SCRIPT_GIBBERISH
+ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+meta		SCC_BOGUS_CTE_1	__SCC_BOGUS_CTE_1
+describe	SCC_BOGUS_CTE_1	Bogus Content-Transfer-Encoding header
+tflags		SCC_BOGUS_CTE_1 publish
+endif
+##} SCC_BOGUS_CTE_1 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+
+##{ SCC_CANSPAM_2
+
+describe SCC_CANSPAM_2		Interesting compliance language
+body	 SCC_CANSPAM_2		/you may unsubscribe by clicking here or by writing to/
+##} SCC_CANSPAM_2
+
+##{ SCC_CTMPP ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+describe	SCC_CTMPP	Uncommon Content-Type
+meta		SCC_CTMPP	__SCC_CTMPP
+tflags		SCC_CTMPP	publish
+endif
+##} SCC_CTMPP ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+
+##{ SCC_ISEMM_LID_1
+
+describe SCC_ISEMM_LID_1	Fingerprint of a particular spammer using an old spamware
+header SCC_ISEMM_LID_1		X-Mailer-LID =~ /54,55,56,58,53/
+tflags SCC_ISEMM_LID_1		publish
+#score SCC_ISEMM_LID_1		3.5
+##} SCC_ISEMM_LID_1
+
+##{ SCC_ISEMM_LID_1A
+
+describe SCC_ISEMM_LID_1A	Fingerprint of a particular spammer using an old spamware
+header SCC_ISEMM_LID_1A		X-Mailer-LID =~ /54,55,56,/
+tflags SCC_ISEMM_LID_1A		publish
+#score SCC_ISEMM_LID_1A		3.5
+##} SCC_ISEMM_LID_1A
+
+##{ SCC_ISEMM_LID_1B
+
+describe SCC_ISEMM_LID_1B	Genericized spammer fingerprint
+header SCC_ISEMM_LID_1B		X-Mailer-LID =~ /([56][0-9],)+/
+tflags SCC_ISEMM_LID_1B		publish
+#score SCC_ISEMM_LID_1B		1.5
+##} SCC_ISEMM_LID_1B
+
+##{ SCC_SPECIAL_GUID
+
+describe  SCC_SPECIAL_GUID      Unique in a similar way
+rawbody   SCC_SPECIAL_GUID	/^([[:xdigit:]]{8})-([[:xdigit:]]{4})-([[:xdigit:]]{3})-\3-([[:xdigit:]]{12})$/m
+tflags    SCC_SPECIAL_GUID	publish multiple maxhits=15
+##} SCC_SPECIAL_GUID
 
 ##{ SENDGRID_REDIR
 
@@ -3867,11 +3828,6 @@ describe   SHOPIFY_IMG_NOT_RCVD_SFY    Shopify hosted image but message not from
 tflags     SHOPIFY_IMG_NOT_RCVD_SFY    publish
 ##} SHOPIFY_IMG_NOT_RCVD_SFY
 
-##{ SHORTENED_URL_SRC
-
-rawbody	 SHORTENED_URL_SRC	/<[^>]{1,99}\ssrc=\W?https?:\/\/(?:bit\.ly|bit\.do|buff\.ly|tinyurl\.com|ow\.ly|owl\.li|is\.gd|tumblr\.com|mysp\.ac|formspring\.me|ff\.im|youtu\.be|tl\.gd|plurk\.com|migre\.me|j\.mp|cli\.gs|goo\.gl|goo\.io|yfrog\.com|lnk\.ms|su\.pr|fb\.me|alturl\.com|wp\.me|ping\.fm|chatter\.com|post\.ly|twurl\.nl|tiny\.cc|4sq\.com|ustre\.am|short\.to|u\.nu|flic\.kr|budurl\.com|digg\.com|twitvid\.com|gowal\.la|om\.ly|justin\.tv|icio\.us|p\.gs|loopt\.us|tcrn\.ch|xrl\.us|wpo\.st|bkite\.com|t\.cn|t\.co|x\.co|hop\.kz|urla\.ru|fw\.to|back\.ly|ecs\.page\.link|cc\.uz|smarturl\.it|s\.apache\.org)\/[^\/]{3}/
-##} SHORTENED_URL_SRC
-
 ##{ SHORTENER_SHORT_IMG
 
 meta       SHORTENER_SHORT_IMG         __URL_SHORTENER && HTML_SHORT_LINK_IMG_1
@@ -3902,7 +3858,7 @@ endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     SHORT_SHORTNER __PDS_MSG_512 && (__PDS_URISHORTENER || __URL_SHORTENER) && !DRUGS_ERECTILE
+meta     SHORT_SHORTNER __PDS_MSG_512 && __URL_SHORTENER && !DRUGS_ERECTILE
 describe SHORT_SHORTNER Short body with little more than a link to a shortener
 #score    SHORT_SHORTNER 2.0 # limit
 endif
@@ -4015,11 +3971,6 @@ tflags      STOCK_TIP         publish
 meta STOX_AND_PRICE     CURR_PRICE && STOX_REPLY_TYPE
 ##} STOX_AND_PRICE
 
-##{ STOX_BOUND_090909_B
-
-header STOX_BOUND_090909_B Content-Type:raw =~ /;\n boundary=\"------------0[0-9]0[0-9]0[0-9]0[0-9]0[0-9]0[0-9]0[0-9]0[0-9]0[0-9]0[0-9]0[0-9]0[0-9]\"$/s
-##} STOX_BOUND_090909_B
-
 ##{ STOX_REPLY_TYPE
 
 header STOX_REPLY_TYPE  Content-Type =~ /text\/plain; .* reply-type=original/
@@ -4036,6 +3987,13 @@ meta SUBJECT_NEEDS_ENCODING    (!__SUBJECT_ENCODED_B64 && !__SUBJECT_ENCODED_QP)
 describe SUBJECT_NEEDS_ENCODING  Subject includes non-encoded illegal characters
 ##} SUBJECT_NEEDS_ENCODING
 
+##{ SUBJ_ATTENTION
+
+meta        SUBJ_ATTENTION       __SUBJ_ATTENTION && !ALL_TRUSTED
+describe    SUBJ_ATTENTION       ATTENTION in Subject
+#score       SUBJ_ATTENTION       0.500	# limit
+##} SUBJ_ATTENTION
+
 ##{ SUBJ_BRKN_WORDNUMS
 
 #score     SUBJ_BRKN_WORDNUMS     1.500	# limit
@@ -4056,12 +4014,11 @@ ifplugin Mail::SpamAssassin::Plugin::DKIM
 endif
 ##} SUBJ_BRKN_WORDNUMS ifplugin Mail::SpamAssassin::Plugin::DKIM
 
-##{ SUBJ_OBFU_LOW_CNTRST
+##{ SUBJ_UNNEEDED_HTML
 
-meta        SUBJ_OBFU_LOW_CNTRST  (HTML_FONT_LOW_CONTRAST && __SUBJ_OBFU_PUNCT) && !ALL_TRUSTED && !__NOT_A_PERSON && !__THREADED 
-describe    SUBJ_OBFU_LOW_CNTRST  Subject obfuscation + hidden text
-#score       SUBJ_OBFU_LOW_CNTRST  2.500   # limit
-##} SUBJ_OBFU_LOW_CNTRST
+meta      SUBJ_UNNEEDED_HTML            __SUBJ_UNNEEDED_HTML && !__NOT_SPOOFED && !__RP_MATCHES_RCVD && !__VIA_ML 
+describe  SUBJ_UNNEEDED_HTML            Unneeded HTML formatting in Subject:
+##} SUBJ_UNNEEDED_HTML
 
 ##{ SUSP_UTF8_WORD_SUBJ
 
@@ -4161,12 +4118,6 @@ describe       TO_EQ_FM_DIRECT_MX   To == From and direct-to-MX
 tflags         TO_EQ_FM_DIRECT_MX   publish
 ##} TO_EQ_FM_DIRECT_MX
 
-##{ TO_EQ_FM_DOM_HTML_ONLY
-
-meta           TO_EQ_FM_DOM_HTML_ONLY   __TO_EQ_FM_DOM_HTML_ONLY && !__NOT_SPOOFED && !__CTYPE_MULTIPART_ALT && !HTML_MIME_NO_HTML_TAG && !__IS_EXCH && !__MSGID_BEFORE_RECEIVED && !__FM_TO_ALL_NUMS && !__FROM_LOWER && !__HAS_IN_REPLY_TO && !__BUGGED_IMG && !__FROM_ENCODED_QP && !__MSGID_OK_HEX
-describe       TO_EQ_FM_DOM_HTML_ONLY   To domain == From domain and HTML only
-##} TO_EQ_FM_DOM_HTML_ONLY
-
 ##{ TO_EQ_FM_DOM_SPF_FAIL ifplugin Mail::SpamAssassin::Plugin::SPF
 
 ifplugin Mail::SpamAssassin::Plugin::SPF
@@ -4176,12 +4127,6 @@ ifplugin Mail::SpamAssassin::Plugin::SPF
 endif
 ##} TO_EQ_FM_DOM_SPF_FAIL ifplugin Mail::SpamAssassin::Plugin::SPF
 
-##{ TO_EQ_FM_HTML_ONLY
-
-meta           TO_EQ_FM_HTML_ONLY   __TO_EQ_FM_HTML_ONLY && !ALL_TRUSTED && !__RCD_RDNS_MAIL_MESSY && !__RCD_RDNS_SMTP_MESSY && !__NOT_SPOOFED && !__DKIM_EXISTS && !__ANY_IMAGE_ATTACH && !__FROM_LOWER && !__TAG_EXISTS_CENTER
-describe       TO_EQ_FM_HTML_ONLY   To == From and HTML only
-##} TO_EQ_FM_HTML_ONLY
-
 ##{ TO_EQ_FM_SPF_FAIL ifplugin Mail::SpamAssassin::Plugin::SPF
 
 ifplugin Mail::SpamAssassin::Plugin::SPF
@@ -4207,12 +4152,6 @@ describe   TO_NAME_SUBJ_NO_RDNS        Recipient username in subject + no rDNS
 tflags     TO_NAME_SUBJ_NO_RDNS        publish
 ##} TO_NAME_SUBJ_NO_RDNS
 
-##{ TO_NO_BRKTS_DYNIP
-
-meta       TO_NO_BRKTS_DYNIP       __TO_NO_BRKTS_DYNIP && !__NAME_IS_EMAIL && !__MSGID_OK_HEX && !__UNSUB_LINK && !__THREADED && !__RCD_RDNS_MX_MESSY && !__COMMENT_EXISTS && !__MUA_TBIRD && !__CD && !__ML1 && !__RP_MATCHES_RCVD && !__SUBSCRIPTION_INFO && !__HAS_THREAD_INDEX && !__IS_EXCH 
-describe   TO_NO_BRKTS_DYNIP       To: lacks brackets and dynamic rDNS
-##} TO_NO_BRKTS_DYNIP
-
 ##{ TO_NO_BRKTS_FROM_MSSP
 
 meta       TO_NO_BRKTS_FROM_MSSP     __TO_NO_BRKTS_FROM_RUNON && !__RCD_RDNS_MTA_MESSY && !__CTYPE_MULTIPART_ALT && !__REPTO_QUOTE && !__MIME_QP && !__TO___LOWER && !__BUGGED_IMG && !__SUBJECT_ENCODED_QP && !__VIA_ML && !__FR_SPACING_8 && !__TAG_EXISTS_CENTER && !__RCVD_ZIXMAIL && !__RP_MATCHES_RCVD && !__HAS_SENDER 
@@ -4266,13 +4205,6 @@ describe   TO_TOO_MANY_WFH_01          Work-from-Home + many recipients
 tflags     TO_TOO_MANY_WFH_01          publish
 ##} TO_TOO_MANY_WFH_01
 
-##{ TRANSFORM_LIFE
-
-meta       TRANSFORM_LIFE              __TRANSFORM_LIFE && !__HAS_CAMPAIGNID && !__HAS_SENDER && !__HAS_X_MAILER && !__VIA_ML 
-describe   TRANSFORM_LIFE              Transform your life!
-#score      TRANSFORM_LIFE              2.500	# limit
-##} TRANSFORM_LIFE
-
 ##{ TT_MSGID_TRUNC
 
 header TT_MSGID_TRUNC   Message-Id =~ /^\s*<?[^<>\s]+\[\d+$/
@@ -4496,13 +4428,6 @@ meta        TVD_SPACE_ENCODED      __TVD_SPACE_ENCODED && !__NOT_SPOOFED && !__V
 describe    TVD_SPACE_ENCODED      Space ratio & encoded subject
 ##} TVD_SPACE_ENCODED
 
-##{ TVD_SPACE_ENC_FM_MIME
-
-meta        TVD_SPACE_ENC_FM_MIME  __TVD_SPACE_ENCODED && __FROM_NEEDS_MIME && !__ISO_2022_JP_DELIM
-#score       TVD_SPACE_ENC_FM_MIME  2.000   # limit
-describe    TVD_SPACE_ENC_FM_MIME  Space ratio & encoded subject & MIME needed
-##} TVD_SPACE_ENC_FM_MIME
-
 ##{ TVD_SPACE_RATIO_MINFP
 
 meta        TVD_SPACE_RATIO_MINFP  __TVD_SPACE_RATIO && !__CT_ENCRYPTED && !__X_CRON_ENV && !__ISO_2022_JP_DELIM && !__NOT_SPOOFED && !ALL_TRUSTED && !__MIME_NO_TEXT && !__LONGLINE && !__THREADED && !__SUBSCRIPTION_INFO && !__VIA_ML && !__HELO_HIGHPROFILE && !__DKIM_EXISTS && !__RCD_RDNS_SMTP_MESSY && !__RCD_RDNS_MAIL && !__EMPTY_BODY && !__XM_APPLEMAIL 
@@ -4575,6 +4500,14 @@ ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 endif
 ##} T_ACH_CANCELLED_EXE ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
+##{ T_ANY_PILL_PRICE if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+
+if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+  meta        T_ANY_PILL_PRICE         (__PILL_PRICE_01 || __PILL_PRICE_02) && !__NOT_A_PERSON
+  describe    T_ANY_PILL_PRICE         Prices for pills
+endif
+##} T_ANY_PILL_PRICE if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+
 ##{ T_CDISP_SZ_MANY ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
@@ -4584,6 +4517,14 @@ ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 endif
 ##} T_CDISP_SZ_MANY ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
+##{ T_CTYPE_NULL ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+  meta         T_CTYPE_NULL          __CTYPE_NULL
+  describe     T_CTYPE_NULL          Malformed Content-Type header
+endif
+##} T_CTYPE_NULL ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+
 ##{ T_DATE_IN_FUTURE_96_Q ifplugin Mail::SpamAssassin::Plugin::HeaderEval
 
 ifplugin Mail::SpamAssassin::Plugin::HeaderEval
@@ -4592,14 +4533,6 @@ describe T_DATE_IN_FUTURE_96_Q    Date: is 4 days to 4 months after Received: da
 endif
 ##} T_DATE_IN_FUTURE_96_Q ifplugin Mail::SpamAssassin::Plugin::HeaderEval
 
-##{ T_DATE_IN_FUTURE_Q_PLUS ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-
-ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-header   T_DATE_IN_FUTURE_Q_PLUS  eval:check_for_shifted_date('2920', 'undef')
-describe T_DATE_IN_FUTURE_Q_PLUS  Date: is over 4 months after Received: date
-endif
-##} T_DATE_IN_FUTURE_Q_PLUS ifplugin Mail::SpamAssassin::Plugin::HeaderEval
-
 ##{ T_DOC_ATTACH_NO_EXT ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
@@ -4627,7 +4560,7 @@ endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     T_DRUGS_ERECTILE_SHORT_SHORTNER __PDS_HTML_LENGTH_1024 && (__PDS_URISHORTENER || __URL_SHORTENER) && DRUGS_ERECTILE
+meta     T_DRUGS_ERECTILE_SHORT_SHORTNER __PDS_HTML_LENGTH_1024 && __URL_SHORTENER && DRUGS_ERECTILE
 describe T_DRUGS_ERECTILE_SHORT_SHORTNER Short erectile drugs advert with T_URL_SHORTENER
 #score    T_DRUGS_ERECTILE_SHORT_SHORTNER 1.5 # limit
 endif
@@ -4676,6 +4609,14 @@ ifplugin Mail::SpamAssassin::Plugin::FreeMail
 endif
 ##} T_FREEMAIL_DOC_PDF ifplugin Mail::SpamAssassin::Plugin::FreeMail
 
+##{ T_FREEMAIL_DOC_PDF_BCC ifplugin Mail::SpamAssassin::Plugin::FreeMail
+
+ifplugin Mail::SpamAssassin::Plugin::FreeMail
+  meta         T_FREEMAIL_DOC_PDF_BCC   __FREEMAIL_DOC_PDF && __TO_UNDISCLOSED
+  describe     T_FREEMAIL_DOC_PDF_BCC   MS document or PDF attachment, from freemail, all recipients hidden
+endif
+##} T_FREEMAIL_DOC_PDF_BCC ifplugin Mail::SpamAssassin::Plugin::FreeMail
+
 ##{ T_FREEMAIL_RVW_ATTCH ifplugin Mail::SpamAssassin::Plugin::FreeMail
 
 ifplugin Mail::SpamAssassin::Plugin::FreeMail
@@ -4757,22 +4698,10 @@ ifplugin Mail::SpamAssassin::Plugin::FromNameSpoof
 endif
 ##} T_GB_FROMNAME_SPOOFED_EMAIL_IP ifplugin Mail::SpamAssassin::Plugin::FromNameSpoof
 
-##{ T_GB_HASHBL_BTC if (version >= 3.004003) ifplugin Mail::SpamAssassin::Plugin::HashBL
-
-if (version >= 3.004003)
-  ifplugin Mail::SpamAssassin::Plugin::HashBL
-    body          T_GB_HASHBL_BTC eval:check_hashbl_bodyre('bl.btcblack.it', 'raw/max=10/shuffle', '\b(?<!=)([13][a-km-zA-HJ-NP-Z1-9]{25,34}|bc1[acdefghjklmnpqrstuvwxyz234567890]{30,90})\b')
-    tflags        T_GB_HASHBL_BTC net
-    describe      T_GB_HASHBL_BTC Message contains BTC address found on BTCBL
-#    score         T_GB_HASHBL_BTC 5.0 # limit
-endif
-endif
-##} T_GB_HASHBL_BTC if (version >= 3.004003) ifplugin Mail::SpamAssassin::Plugin::HashBL
-
 ##{ T_GB_WEBFORM ifplugin Mail::SpamAssassin::Plugin::FreeMail
 
 ifplugin Mail::SpamAssassin::Plugin::FreeMail
-  meta            T_GB_WEBFORM              ( ( __XMAIL_CODEIGN || __XMAIL_PHPMAIL ) && ( __PDS_URISHORTENER || __URL_SHORTENER ) && FREEMAIL_FROM )
+  meta            T_GB_WEBFORM              ( ( __XMAIL_CODEIGN || __XMAIL_PHPMAIL ) && __URL_SHORTENER && FREEMAIL_FROM )
   describe        T_GB_WEBFORM              Webform with url shortener
 #  score           T_GB_WEBFORM              1.500 # limit
 endif
@@ -4808,6 +4737,13 @@ endif
 endif
 ##} T_HK_NAME_FROM ifplugin Mail::SpamAssassin::Plugin::FreeMail if (version >= 3.004000)
 
+##{ T_HK_SPAMMY_FILENAME ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+
+ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+meta		T_HK_SPAMMY_FILENAME	__HK_SPAMMY_CTFN || __HK_SPAMMY_CDFN
+endif
+##} T_HK_SPAMMY_FILENAME ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+
 ##{ T_HTML_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
@@ -4867,6 +4803,26 @@ uri      T_LOTTO_URI       /(?:claim(?:s|ing)?(?:[-_]?processing)?|fiducia\w+|re
 describe T_LOTTO_URI       Claims Department URL
 ##} T_LOTTO_URI
 
+##{ T_MANY_HDRS_LCASE
+
+describe       T_MANY_HDRS_LCASE       Odd capitalization of multiple message headers
+#score          T_MANY_HDRS_LCASE       0.10	# limit
+##} T_MANY_HDRS_LCASE
+
+##{ T_MANY_HDRS_LCASE if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
+
+if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
+  meta         T_MANY_HDRS_LCASE       __MANY_HDRS_LCASE && !__HDRS_LCASE_KNOWN && !__VIA_ML && !__THREADED && !__UNUSABLE_MSGID && !__DOS_SINGLE_EXT_RELAY && !__DKIM_EXISTS && !__NOT_SPOOFED && !__BUGGED_IMG && !__MIME_QP && !__RDNS_NONE
+endif
+##} T_MANY_HDRS_LCASE if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
+
+##{ T_MANY_HDRS_LCASE ifplugin Mail::SpamAssassin::Plugin::FreeMail
+
+ifplugin Mail::SpamAssassin::Plugin::FreeMail
+  meta         T_MANY_HDRS_LCASE       __MANY_HDRS_LCASE && !__HDRS_LCASE_KNOWN && !__VIA_ML && !__freemail_safe && !__THREADED && !__UNUSABLE_MSGID && !__DOS_SINGLE_EXT_RELAY && !__DKIM_EXISTS && !__NOT_SPOOFED && !__BUGGED_IMG && !__MIME_QP && !__RDNS_NONE
+endif
+##} T_MANY_HDRS_LCASE ifplugin Mail::SpamAssassin::Plugin::FreeMail
+
 ##{ T_MANY_PILL_PRICE if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
 if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
@@ -4919,7 +4875,7 @@ endif
 ##{ T_OBFU_HTML_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   T_OBFU_HTML_ATTACH    Content-Type =~ m,\bapplication/octet-stream\b.+\.html?\b,i
+  mimeheader   T_OBFU_HTML_ATTACH    Content-Type =~ m,\bapplication/octet-stream\b.+\.s?html?\b,i
   describe     T_OBFU_HTML_ATTACH    HTML attachment with non-text MIME type
 endif
 ##} T_OBFU_HTML_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
@@ -4948,6 +4904,17 @@ ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 endif
 ##} T_OBFU_PDF_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
+##{ T_OFFER_ONLY_AMERICA if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
+
+if (version >= 3.004002)
+ifplugin Mail::SpamAssassin::Plugin::WLBLEval
+meta     T_OFFER_ONLY_AMERICA __FROM_ADDRLIST_SUSPNTLD && __PDS_OFFER_ONLY_AMERICA
+describe T_OFFER_ONLY_AMERICA Offer only available to US
+#score    T_OFFER_ONLY_AMERICA 2.0 # limit
+endif
+endif
+##} T_OFFER_ONLY_AMERICA if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
+
 ##{ T_PDS_BTC_AHACKER ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
 
 ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
@@ -4970,7 +4937,7 @@ endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     T_PDS_EMPTYSUBJ_URISHRT (__PDS_URISHORTENER || __URL_SHORTENER) && __SUBJECT_EMPTY && __PDS_MSG_1024
+meta     T_PDS_EMPTYSUBJ_URISHRT __URL_SHORTENER && __SUBJECT_EMPTY && __PDS_MSG_1024
 describe T_PDS_EMPTYSUBJ_URISHRT Empty subject with little more than URI shortener 
 #score    T_PDS_EMPTYSUBJ_URISHRT 1.5 # limit
 endif
@@ -4981,27 +4948,18 @@ endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     T_PDS_FREEMAIL_REPLYTO_URISHRT (__PDS_URISHORTENER || __URL_SHORTENER) && __freemail_hdr_replyto && __SUBJ_SHORT && __PDS_HTML_LENGTH_2048
+meta     T_PDS_FREEMAIL_REPLYTO_URISHRT __URL_SHORTENER && __freemail_hdr_replyto && __SUBJ_SHORT && __PDS_HTML_LENGTH_2048
 describe T_PDS_FREEMAIL_REPLYTO_URISHRT Freemail replyto with URI shortener
 #score    T_PDS_FREEMAIL_REPLYTO_URISHRT 1.5 # limit
 endif
 endif
 ##} T_PDS_FREEMAIL_REPLYTO_URISHRT ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
-##{ T_PDS_FROM_2_EMAILS if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-
-if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-  meta       T_PDS_FROM_2_EMAILS        __PDS_FROM_2_EMAILS && !__VIA_ML && !__VIA_RESIGNER && !__MSGID_JAVAMAIL && !__RCD_RDNS_MAIL_MESSY && !__RCD_RDNS_SMTP_MESSY && !__DKIM_EXISTS 
-  describe   T_PDS_FROM_2_EMAILS        From header has multiple different addresses
-#  score      T_PDS_FROM_2_EMAILS        3.500	# limit
-endif
-##} T_PDS_FROM_2_EMAILS if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
-
 ##{ T_PDS_FROM_2_EMAILS_SHRTNER ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     T_PDS_FROM_2_EMAILS_SHRTNER (__PDS_URISHORTENER || __URL_SHORTENER) && (__PDS_FROM_2_EMAILS || __NAME_EMAIL_DIFF) && __BODY_URI_ONLY
+meta     T_PDS_FROM_2_EMAILS_SHRTNER __URL_SHORTENER && (__PDS_FROM_2_EMAILS || __NAME_EMAIL_DIFF) && __BODY_URI_ONLY
 describe T_PDS_FROM_2_EMAILS_SHRTNER From 2 emails short email with little more than a URI shortener
 #score    T_PDS_FROM_2_EMAILS_SHRTNER 1.5 # limit
 endif
@@ -5026,17 +4984,6 @@ ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
 endif
 ##} T_PDS_LTC_HACKER ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
 
-##{ T_PDS_NO_FULL_NAME_SPOOFED_URL ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
-
-ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-if (version >= 3.004000)
-meta     T_PDS_NO_FULL_NAME_SPOOFED_URL __PDS_MSG_1024 && __KHOP_NO_FULL_NAME && __SPOOFED_URL && !(__VIA_ML || __SENDER_BOT || __YAHOO_BULK || __UNSUB_LINK || __THREADED || __URL_SHORTENER)
-describe T_PDS_NO_FULL_NAME_SPOOFED_URL HTML message short, T_SPOOFED_URL and T_KHOP_NO_FULL_NAME
-#score    T_PDS_NO_FULL_NAME_SPOOFED_URL 0.75 # limit
-endif
-endif
-##} T_PDS_NO_FULL_NAME_SPOOFED_URL ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
-
 ##{ T_PDS_PRO_TLD if (version >= 3.004002) ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 
 if (version >= 3.004002)
@@ -5052,7 +4999,7 @@ endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     T_PDS_SHORTFWD_URISHRT (__PDS_URISHORTENER || __URL_SHORTENER) && (__THREADED || __HAS_IN_REPLY_TO || __HAS_THREAD_INDEX || __URI_MAILTO || __REPTO_QUOTE) && __SUBJ_SHORT && __PDS_HTML_LENGTH_2048
+meta     T_PDS_SHORTFWD_URISHRT __URL_SHORTENER && (__THREADED || __HAS_IN_REPLY_TO || __HAS_THREAD_INDEX || __URI_MAILTO || __REPTO_QUOTE) && __SUBJ_SHORT && __PDS_HTML_LENGTH_2048
 describe T_PDS_SHORTFWD_URISHRT Threaded email with URI shortener
 #score    T_PDS_SHORTFWD_URISHRT 1.5 # limit
 endif
@@ -5063,7 +5010,7 @@ endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     T_PDS_SHORTFWD_URISHRT_FP (__PDS_URISHORTENER || __URL_SHORTENER) && __HS_SUBJ_RE_FW && __PDS_MSG_512
+meta     T_PDS_SHORTFWD_URISHRT_FP __URL_SHORTENER && __HS_SUBJ_RE_FW && __PDS_MSG_512
 describe T_PDS_SHORTFWD_URISHRT_FP Apparently a short fwd/re with URI shortener
 #score    T_PDS_SHORTFWD_URISHRT_FP 1.5 # limit
 endif
@@ -5074,41 +5021,49 @@ endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     T_PDS_SHORTFWD_URISHRT_QP (__PDS_URISHORTENER || __URL_SHORTENER) && __HS_SUBJ_RE_FW && __T_PDS_MSG_512 && !T_PDS_SHORTFWD_URISHRT_FP
+meta     T_PDS_SHORTFWD_URISHRT_QP __URL_SHORTENER && __HS_SUBJ_RE_FW && __T_PDS_MSG_512 && !T_PDS_SHORTFWD_URISHRT_FP
 describe T_PDS_SHORTFWD_URISHRT_QP Apparently a short fwd/re with URI shortener
 #score    T_PDS_SHORTFWD_URISHRT_QP 1.5 # limit
 endif
 endif
 ##} T_PDS_SHORTFWD_URISHRT_QP ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
-##{ T_PDS_SHORT_SPOOFED_URL ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+##{ T_PDS_TO_EQ_FROM_NAME if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
 
-ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-if (version >= 3.004000)
-meta     T_PDS_SHORT_SPOOFED_URL __PDS_MSG_1024 && __SPOOFED_URL && !(__VIA_ML || __SENDER_BOT || __YAHOO_BULK || __UNSUB_LINK || __THREADED || __URL_SHORTENER)
-describe T_PDS_SHORT_SPOOFED_URL HTML message short and T_SPOOFED_URL (S_U_FP)
-#score    T_PDS_SHORT_SPOOFED_URL 2.0
+if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
+  meta       T_PDS_TO_EQ_FROM_NAME      (__PDS_TO_EQ_FROM_NAME_1 || __PDS_TO_EQ_FROM_NAME_2) && !__HAS_SENDER 
+  describe   T_PDS_TO_EQ_FROM_NAME      From: name same as To: address
 endif
-endif
-##} T_PDS_SHORT_SPOOFED_URL ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+##} T_PDS_TO_EQ_FROM_NAME if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
 
 ##{ T_PDS_URISHRT_LOCALPART_SUBJ ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     T_PDS_URISHRT_LOCALPART_SUBJ LOCALPART_IN_SUBJECT && (__PDS_URISHORTENER || __URL_SHORTENER) && __PDS_MSG_1024
+meta     T_PDS_URISHRT_LOCALPART_SUBJ LOCALPART_IN_SUBJECT && __URL_SHORTENER && __PDS_MSG_1024
 describe T_PDS_URISHRT_LOCALPART_SUBJ Localpart of To in subject
 #score    T_PDS_URISHRT_LOCALPART_SUBJ 1.0
 endif
 endif
 ##} T_PDS_URISHRT_LOCALPART_SUBJ ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
 
-##{ T_PDS_X_PHP_WP_EXP
+##{ T_PHOTO_EDITING_DIRECT if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
-meta     T_PDS_X_PHP_WP_EXP (__PDS_X_PHP_WPCONTENT || __PDS_X_PHP_WPINCLUDES || __PDS_X_PHP_WPADMIN || __PDS_X_PHP_WPJS)
-describe T_PDS_X_PHP_WP_EXP X-PHP-Script shows sent from a Wordpress PHP script where you would not expect one
-#score    T_PDS_X_PHP_WP_EXP 1.5
-##} T_PDS_X_PHP_WP_EXP
+if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+  meta       T_PHOTO_EDITING_DIRECT       (__PHOTO_RETOUCHING && __DOS_DIRECT_TO_MX) && !ALL_TRUSTED && !__HAS_HREF
+  describe   T_PHOTO_EDITING_DIRECT       Image editing service, direct to MX
+#  score      T_PHOTO_EDITING_DIRECT       3.000	# limit
+endif
+##} T_PHOTO_EDITING_DIRECT if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+
+##{ T_PHOTO_EDITING_FREEM if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+
+if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+  meta       T_PHOTO_EDITING_FREEM        __PHOTO_RETOUCHING > 4 && (__REPTO_CHN_FREEM || __freemail_hdr_replyto)
+  describe   T_PHOTO_EDITING_FREEM        Image editing service, freemail or CHN replyto
+#  score      T_PHOTO_EDITING_FREEM        3.750	# limit
+endif
+##} T_PHOTO_EDITING_FREEM if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
 ##{ T_REMOTE_IMAGE ifplugin Mail::SpamAssassin::Plugin::MIMEHeader # {
 
@@ -5170,7 +5125,7 @@ endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     T_TONOM_EQ_TOLOC_SHRT_SHRTNER __PDS_URISHORTENER && __PDS_TONAME_EQ_TOLOCAL && __PDS_MSG_1024
+meta     T_TONOM_EQ_TOLOC_SHRT_SHRTNER __URL_SHORTENER && __PDS_TONAME_EQ_TOLOCAL && __PDS_MSG_1024
 describe T_TONOM_EQ_TOLOC_SHRT_SHRTNER Short email with shortener and To:name eq To:local
 #score    T_TONOM_EQ_TOLOC_SHRT_SHRTNER 1.5 # limit
 endif
@@ -5228,17 +5183,6 @@ ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 endif
 ##} T_WON_NBDY_ATTACH ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
 
-##{ T_XPRIO_URL_SHORTNER ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
-
-ifplugin Mail::SpamAssassin::Plugin::WLBLEval
-if (version >= 3.004000)
-meta     T_XPRIO_URL_SHORTNER __XPRIO_MINFP && __PDS_URISHORTENER
-describe T_XPRIO_URL_SHORTNER X-Priority header and short URL
-#score    T_XPRIO_URL_SHORTNER 1.0 # limit
-endif
-endif
-##} T_XPRIO_URL_SHORTNER ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
-
 ##{ T_ZW_OBFU_BITCOIN if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
 if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
@@ -5248,6 +5192,15 @@ if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 endif
 ##} T_ZW_OBFU_BITCOIN if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
+##{ T_ZW_OBFU_FREEM if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+
+if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+  meta       T_ZW_OBFU_FREEM              __UNICODE_OBFU_ZW && __freemail_hdr_replyto 
+  describe   T_ZW_OBFU_FREEM              Obfuscated text + freemail
+#  score      T_ZW_OBFU_FREEM              2.000	# limit
+endif
+##} T_ZW_OBFU_FREEM if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
+
 ##{ T_ZW_OBFU_FROMTOSUBJ if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
 if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
@@ -5299,6 +5252,14 @@ if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 endif
 ##} UNICODE_OBFU_ZW if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
 
+##{ UNSUB_GOOG_FORM
+
+meta        UNSUB_GOOG_FORM      __UNSUB_GOOG_FORM
+describe    UNSUB_GOOG_FORM      Unsubscribe via Google Docs form
+#score       UNSUB_GOOG_FORM      2.500	# limit
+tflags      UNSUB_GOOG_FORM      publish
+##} UNSUB_GOOG_FORM
+
 ##{ URIBL_RHS_DOB ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
 
 ifplugin Mail::SpamAssassin::Plugin::URIDNSBL
@@ -5387,7 +5348,7 @@ tflags         URI_GOOGLE_PROXY       publish
 
 ##{ URI_GOOG_STO_SPAMMY
 
-uri URI_GOOG_STO_SPAMMY m;^https?://storage\.googleapis\.com/(?:(?:1tactc1200|5a70f8147b2241c|7(?:7(?:7burnf4|ancemrani|kneesleeve|metabolism)|88medw4|arshield777|burn7774|savingsoff)|a(?:1discover|d(?:t100visa|vanced1500)|geless(?:brain|t001)|l(?:liedtrust7?|zheimerbrain)|merican(?:ho(?:777|me(?:191|warranty))|w1)|n(?:c77emen777|dersens40|n(?:nuities0102|utsegtsety)|ti(?:1virus|dcfsdfzef))|pp(?:1ointment|empresa|itausa)|tividade|udio0254)|b(?:337276797de5b3|7772dcb|a(?:ckmedic|th(?:and777|bhow98|dfgdfgdfh|rooomlki))|cvncv7845|d(?:fbgverhg|sgbsehtth|thdethydeth)|e(?:achskinnew|dvgervg|lly(?:00fetyy|gluca)|t(?:ter(?:09909|863|butter008)|umpoiytre))|io(?:swit(?:010|sh0908)|techinvest)|l(?:oo(?:ds(?:hark0508|ug(?:217|ar(?:010|blueprint)))|odsugarerte)|ue(?:0sky|printms0?))|o(?:bby\-dependencies|ostinglive01)|r(?:ain(?:232654|al87484)|i(?:an(?:0(?:101|509)|the0101)|eanfrg)|tghrh)|u(?:ll(?:gold|market)|rnomegaultra|tter(?:knife|spreader(?:0[48]|news))))|c(?:a(?:99rshield|nvascheap|rt\-checkout|unlimited)|bd(?:11gummies|g(?:m0202|umm(?:ty|y005))|health7417|kfgdfg|sgummys)|dfeesde|ertificat01|hoicehom8270|ircaknee0|jowa|o(?:gnigenix|mp(?:erssac00232|r(?:e(?:essaa001|hensiveamericanhomewarranty|ss(?:a(?:0(?:105|201)|191)|ionsocks))|ovanteanexo))|n(?:7cealed|cealed(?:aff0054|tactical)|defesf)|rrectskin|verageinsu)|quelleczema|reative14141)|d(?:0ujdusudu9s9u\.appspot\.com|e(?:mentiabrain|nta77fend|rma(?:01247|1correct|587475|7correc7t|acorrectskin|correct(?:new001|skin|1)|hdth|thbsdrhg)|tranmultas)|g(?:iadikir784|vdevgege)|i(?:abetes7|gitaldots1|recting77|ta0526)|rtrebtgh747|ysfunction0707|zdzefef)|e(?:7co7verage|a(?:rsring01|sy(?:1canvas|canvasprints))|ingingears|l(?:eepexperts|iminatorlower)|n(?:e(?:nce7777|rgy(?:0icits|savings))|trega)|rec(?:01tions|tiledysfunction)|talsprcious|vent(?:0saves01?|save(?:010?|s010))|xpertwindows(?:0102)?|yes(?:1ight|ightmax))|f(?:4747|d(?:128218622bd3f|fdfdzezr78|zdzelom)|edilty5401|habgfdgbfrtg|i(?:7(?:485612|542512)|d(?:el(?:ity(?:09|217|insulife)|ty(?:gbdtrbr|tyhjudtyu))|iity5660|y001)|ghttinnitusnow(?:(?:911|s))?|ltyredfezz|refig(?:22hting|hting)|tnesswatch|xguca777)|l(?:a(?:sh(?:light7fr7ee|tric540)|tbelly)|oodlight(?:010|slima))|o(?:mrulasugaa|od54451|toswhatsapps)|rgdfgdfh|s(?:dcfzef|efzgefz)|tlkopmdrdfe|u(?:ng(?:01ft|9901|enail010|us(?:eliminator0807|fghgh))|turistic00insol))|g(?:7oldco|cumbmdys|eniusbutter|fhfjgfhfg|hetiop|lu(?:lossn01k|ster)|old(?:ii00215|trust00)|r(?:fgrgrg|ow(?:191|plus11|savage01085))|u(?:ardiao|mm(?:ies11cbd|yss|zdfefzf)|tter(?:0fr1|protection7))|ympro22)|h(?:dfghbrh|e(?:1al1t4|a(?:lt(?:h(?:life|news|yhairremedy)|ycbd0909)|rt(?:14141|beat911))|rp(?:ly(?:24701|y0012)|y1414))|ome(?:1security|9865|choice45841|w(?:arranty|rr0216)))|i(?:n(?:formedetranmulta|ogen0065|s(?:1urance7net|7urance7net|t(?:9854|a(?:0541|1heater|863|f(?:atioplo|gregrerg)|hard0(?:0021|605)|nttranslator)|h(?:ard879477|eater001))|urance(?:7net|net))|vest777in)|tchrelief)|k(?:757474|e(?:ranfvgdgfrder|to(?:0(?:102|202|81477)|191|7(?:878|rim)|adv217|ghghgh|healthnews|jkkfghk|o(?:2(?:22|45)|o7896)|rapid00888|s(?:hark0908|s0479)|toto2323))|iller1111|ne(?:e852|f6565))|l(?:a(?:bcream|wn(?:care3|trugreen001))|e(?:a(?:f7filt7er|nde0585)|ciofve1748)|giesnaturas0|i(?:berty77arran|fefiltrevdf|ve(?:r(?:0health0support|md|supp10)|wirenew024))|o(?:caweb|odlight(?:s0|0)|ss(?:00wrabido0|rapid01245|weightnew85))|u(?:llmattressne000|mi(?:00guard01|agudiidd|g(?:87[56]|uard(?:1074|87585)))))|m(?:a(?:galu|le(?:0(?:1ed|541)|24700|77en|health475)|ttress0707)|e(?:dica(?:lsupplies|r(?:0085|123n|df747))|llitox00545|morybooster|t(?:a(?:bolismlos|greens|lspr(?:ciou[0s]|ecious))|f(?:85|dfvde)))|iracl(?:ecannabidiol|sweight[0s]?|weight)|le(?:3mlemlm3lm\.appspot\.com|n(?:hsances?|shsance0s))|o(?:n(?:5g154g|t(?:ezuma0(?:01|101)|zdzsds))|onmenermaintain\-66j)|y(?:seniorpe?|theraposture001))|n(?:at(?:ional14587|uralgies)|badefdfg|e(?:sdsd|wtiniggrgr)|inoty74|lmsld|u(?:bupatches|trisd17))|o(?:m(?:eg(?:7aburn|a(?:7burn|n(?:ew|ow00?)))|gaburn)|ne(?:00shot|shot(?:0[01]|124578))|zmenshe)|p(?:a(?:in(?:en01(?:ew|sew)|supp(?:10|l8778)|wenes010)|rtnersav01)|e(?:rsonalized21|tplan85)|ho(?:01to001|tostick004)|leteroid|o(?:rtable(?:heater7|telescope045)|vsedfzef)|r(?:eadvanceds|i(?:mal(?:08544|fhdfh|grow)|ntsvalentine)|otectsecurity)|soidngf8147|ure(?:cbdgummies7|plant7))|r(?:apidecision77|e(?:adclub11|grow101|n(?:ewlaemailved|walllll0065)|v(?:caus181|e(?:alscause|rsirol0101)|kcaus181|scaus181))|i(?:ght0108|ngingearstinnitus|verb1986srt4)|oundupccancer|vices8|yokorout(?:(?:01|s010?))?)|s(?:a(?:fety(?:homes?|shome0?)|mples7nuge7|v(?:age(?:0502|72|999|grow010)|ingsevent)|y(?:byebugs|life004))|coutstonenew|dfgwsd74fg|e(?:curity(?:homenew|providernew)|ni(?:147orperk|orserk77s))|gp008|h(?:arkcbd0808|owersafe)|i(?:gnlaotrrmp|mplex18742)|leepditch|o(?:lbeam004|uthbeach(?:001|skin))|preader35|sgummy777|t(?:ain245|eelprobite77|rictionbp0)|u(?:g(?:ar4701|hdetged)|mmersy0(?:10)?)|zdzdzdzd)|t(?:a(?:cflashlight72|lcumpowder)|e(?:lescope001|rminix0909|stomus)|h(?:e(?:photostick2804|rasl(?:eeves|ves)|unbreakable)|opinall)|innitus(?:102|new911)|o(?:enailfungus|pinal)|r(?:a(?:balhos|nslato10)|ugreen(?:30|s30))|telescope44|unnifgdege)|u(?:berxlm|ltra(?:hgt|omegaburn|u(?:ifipro|wifip)|wifi(?:058|pro002))|n(?:breakable(?:0417|brain0087)|limitedcanvase[es]?)|rgentfung171|sbmosquito|tility3in1)|v(?:e(?:7hicle7cov|hi(?:7clesh7|cle01))|frgrerg|i(?:sa(?:alandere?|lander[es]?)|v(?:247w01|int(?:0(?:401|officially)|967857)))|szdefzsfzef)|w(?:4enmedicra8|a(?:l(?:k(?:0015|7485|ghghgh|inbath(?:tub44|0))|lkk0409|mart010)|rranhome0012)|defgzegfze|e(?:atherproof|bwhatsfotos|edkiller[1s]?|ightloss(?:005|newketo)|llgrove90)|i(?:fi(?:booste(?:01|r)|tiop)|n(?:0101|doexpr001))|painen01es)|xcbxcbopiaze|yusdgtduf777|zantacdedzef))/;i
+uri URI_GOOG_STO_SPAMMY m;^https?://storage\.googleapis\.com/(?:(?:1tactc1200|430bc3a2d98b15a0c58bf8df8f938d|5(?:a70f8147b2241c|lose1weight)|7(?:7(?:7burnf4|ancemrani|kneesleeve|metabolism)|88medw4|arshield777|burn7774|savingsoff)|a(?:1discover|d(?:t100visa|vanced1500)|geless(?:brain|t001)|ir0doc5octor|l(?:liedtrust7?|zheimerbrain)|merican(?:ho(?:777|me(?:191|warranty))|w1)|n(?:c77emen777|dersens40|n(?:nuities0102|utsegtsety)|ti(?:1virus|dcfsdfzef))|pp(?:1ointment|empresa|itausa)|tividade|udio0254)|b(?:337276797de5b3|7772dcb|a(?:ckmedic|th(?:and777|bhow98|dfgdfgdfh|rooomlki))|cvncv7845|d(?:fbgverhg|sgbsehtth|thdethydeth)|e(?:achskinnew|dvgervg|lly(?:00fetyy|gluca)|t(?:ter(?:09909|863|butter008)|umpoiytre))|io(?:swit(?:010|sh0908)|techinvest)|l(?:oo(?:ds(?:hark0508|ug(?:217|ar(?:010|blueprint)))|odsugarerte)|ue(?:0sky|printms0?))|o(?:bby\-dependencies|ostinglive01)|r(?:ain(?:232654|al87484)|i(?:an(?:0(?:101|509)|the0101)|eanfrg)|tghrh)|u(?:kssin|ll(?:gold|market)|rnomegaultra|tter(?:knife|spreader(?:0[48]|news)))|yte01smil1e)|c(?:a(?:99rshield|nvascheap|rt\-checkout|unlimited)|bd(?:11gummies|g(?:m0202|umm(?:ty|y005))|health7417|kfgdfg|sgummys)|dfeesde|ertificat01|hoicehom8270|ircaknee0|jowa|o(?:gnigenix|mp(?:erssac00232|r(?:e(?:essaa001|hensiveamericanhomewarranty|ss(?:a(?:0(?:105|201)|191)|ionsocks))|ovanteanexo))|n(?:7cealed|cealed(?:aff0054|tactical)|defesf|ne5ctrou4t0s)|ptquad5e1r|rrectskin|verageinsu)|quelleczema|reative14141)|d(?:0ujdusudu9s9u\.appspot\.com|e(?:mentiabrain|nta77fend|rma(?:01247|1correct|587475|7correc7t|acorrectskin|correct(?:001new1|new001|skin|1)|hdth|thbsdrhg)|tranmultas)|g(?:iadikir784|vdevgege)|i(?:abetes7|gitaldots1|recting77|ta0526)|rtrebtgh747|ysfunction0707|zdzefef)|e(?:7co7verage|a(?:rsring01|sy(?:1canvas|canvasprints))|ingingears|l(?:eepexperts|iminatorlower)|n(?:e(?:nce7777|rgy(?:0icits|savings))|trega)|rec(?:01tions|tiledysfunction)|t(?:alsprcious|ernal07light)|vent(?:0saves01?|save(?:010?|s010))|xpertwindows(?:0102)?|yes(?:1ight|ightmax))|f(?:4747|d(?:128218622bd3f|fdfdzezr78|zdzelom)|edilty5401|habgfdgbfrtg|i(?:7(?:485612|542512)|d(?:el(?:ity(?:09|217|insulife)|ty(?:gbdtrbr|tyhjudtyu))|iity5660|y001)|ghttinnitusnow(?:(?:911|s))?|ltyredfezz|refig(?:22hting|hting)|tnesswatch|xguca777)|l(?:a(?:sh(?:light7fr7ee|tric540)|tbelly)|oodlight(?:010|slima))|o(?:mrulasugaa|od54451|toswhatsapps)|rgdfgdfh|s(?:dcfzef|efzgefz)|tlkopmdrdfe|u(?:ng(?:01ft|9901|enail010|us(?:eliminator0807|fghgh))|turistic00insol))|g(?:7oldco|cumbmdys|eniusbutter|fhfjgfhfg|hetiop|lu(?:1lossn01k|lossn01k|ster)|old(?:ii00215|trust00)|r(?:7owtmaihn9ew|fgrgrg|ow(?:191|plus11|savage01085))|u(?:ardiao|mm(?:ies11cbd|yss|zdfefzf)|tter(?:0fr1(?:dian)?|protection7))|ympro22)|h(?:4ome1owne1r|dfghbrh|e(?:1al1t4|a(?:lt(?:h(?:life|news|yhairremedy)|ycbd0909)|rt(?:14141|beat911))|rp(?:ly(?:24701|y0012)|y1414))|ome(?:1security|9865|choice45841|w(?:arranty|rr0216)))|i(?:n(?:formedetranmulta|ogen0065|s(?:1urance7net|7urance7net|t(?:9854|a(?:0541|1heater|863|f(?:atioplo|gregrerg)|hard0(?:0021|605)|nttranslator)|h(?:ard879477|eater001))|urance(?:7net|net))|vest777in)|ron479max5x|tchrelief)|k(?:757474|e(?:ranfvgdgfrder|to(?:0(?:102|202|81477)|191|7(?:878|rim)|adv217|ghghgh|healthnews|jkkfghk|o(?:2(?:22|45)|o7896)|rapid00888|s(?:hark0908|s0479)|toto2323))|iller1111|ne(?:e852|f6565))|l(?:a(?:bcream|wn(?:care3|trugreen001))|e(?:a(?:f7filt7er|nde0585)|ciofve1748)|giesnaturas0|i(?:berty77arran|fefiltrevdf|ve(?:r(?:0health0support|md|supp10)|wirenew024))|o(?:caweb|odlight(?:s0|0)|ss(?:00wrabido0|rapid01245|weightnew85))|u(?:llmattressne000|mi(?:00guard01|agudiidd|g(?:87[56]|uard(?:1074|87585)))))|m(?:a(?:galu|l(?:4e7e5nhanc7ement|e(?:0(?:1ed|541)|24700|77en|health475))|ttress0707)|e(?:di(?:ca(?:lsupplies|r(?:0085|123n|df747))|p0lanning)|llitox00545|morybooster|t(?:a(?:bolismlos|greens|lspr(?:ciou[0s]|ecious))|f(?:85|dfvde)))|iracl(?:ecannabidiol|sweight[0s]?|weight)|le(?:3mlemlm3lm\.appspot\.com|n(?:hsances?|shsance0s))|o(?:bile57mint|n(?:5g154g|t(?:ezuma0(?:01|101)|zdzsds))|onmenermaintain\-66j)|y(?:seniorpe?|theraposture001))|n(?:at(?:ional14587|uralgies)|badefdfg|e(?:sdsd|wtiniggrgr)|inoty74|lmsld|u(?:bupatches|trisd17))|o(?:m(?:eg(?:7aburn|a(?:7burn|n(?:ew|ow00?)))|gaburn)|ne(?:00shot|shot(?:0[01]|124578))|zmenshe)|p(?:a(?:in(?:en01(?:ew|sew)|supp(?:10|l8778)|wenes010)|rtnersav01)|e(?:rsonalized21|tplan85)|ho(?:01to001|tostick004)|leteroid|o(?:rtable(?:heater7|telescope045)|vsedfzef)|r(?:eadvanceds|i(?:mal(?:08544|fhdfh|grow)|ntsvalentine)|otectsecurity)|soidngf8147|ure(?:cbdgummies7|plant7))|r(?:apidecision77|e(?:5model1ro4om|adclub11|direct0gumm0|grow101|n(?:ew(?:al20consult|laemailved)|walllll0065)|v(?:caus181|e(?:alscause|rsirol0101)|kcaus181|scaus181))|i(?:ght0108|ngingearstinnitus|verb1986srt4)|oundupccancer|vices8|yokorout(?:(?:01|s010?))?)|s(?:a(?:fety(?:homes?|shome0?)|mples7nuge7|v(?:age(?:0502|72|999|grow010)|es0even0t|ingsevent)|y(?:byebugs|life004))|coutstonenew|dfgwsd74fg|e(?:curity(?:homenew|providernew)|ni(?:147orperk|orserk77s))|gp008|h(?:arkcbd0808|owersafe)|i(?:gnlaotrrmp|mplex18742)|leepditch|o(?:lbeam004|uthbeach(?:001|skin))|preader35|sgummy777|t(?:ain245|eelprobite77|rictionbp0)|u(?:g(?:ar4701|hdetged)|mmersy0(?:10)?)|zdzdzdzd)|t(?:a(?:cflashlight72|lcumpowder)|e(?:lescope001|rminix0909|stomus)|h(?:e(?:photostick2804|rasl(?:eeves|ves)|unbreakable)|opinall)|i(?:me0share|nnitus(?:102|new911))|mobile0sur1vey|o(?:enailfungus|p(?:inal|olio29034))|r(?:4ans1lat5or|a(?:balhos|nslato10)|im1life0|ugreen(?:30|s30))|telescope44|unnifgdege)|u(?:berxlm|ltra(?:hgt|omegaburn|u(?:ifipro|wifip)|wifi(?:058|pro002))|n(?:breakable(?:0417|brain0087)|limitedcanvase[es]?)|rgentfung171|s(?:bmosquito|6)|tility3in1)|v(?:e(?:7hicle7cov|hi(?:7clesh7|cle01))|frgrerg|i(?:sa(?:alandere?|lander[es]?)|v(?:247w01|int(?:0(?:401|officially)|1010smart|967857)))|szdefzsfzef)|w(?:4enmedicra8|a(?:l(?:k(?:0015|7485|ghghgh|inbath(?:tub44|0))|lkk0409|mart010)|rranhome0012)|defgzegfze|e(?:atherproof|bwhatsfotos|edkiller[1s]?|ight(?:00loss|loss(?:005|newketo))|llgrove90)|i(?:fi(?:booste(?:01|r)|tiop)|n(?:0101|doexpr001))|painen01es)|xcbxcbopiaze|yusdgtduf777|z(?:antacdedzef|ipp874ype57t)))/;i
 describe URI_GOOG_STO_SPAMMY Link to spammy content hosted by google storage
 #score URI_GOOG_STO_SPAMMY 3.000
 tflags URI_GOOG_STO_SPAMMY publish
@@ -5409,12 +5370,6 @@ describe   URI_IMG_WP_REDIR            Image via WordPress "accelerator" proxy
 tflags     URI_IMG_WP_REDIR            publish
 ##} URI_IMG_WP_REDIR
 
-##{ URI_IN_URI_10
-
-uri		URI_IN_URI_10		/(?::\/\/.*?){10}/
-describe	URI_IN_URI_10		Multiple URIs inside URI
-##} URI_IN_URI_10
-
 ##{ URI_LONG_REPEAT
 
 meta       URI_LONG_REPEAT             __URI_LONG_REPEAT
@@ -5430,6 +5385,12 @@ describe    URI_MALWARE_SCMS   Link to malware exploit download (.SettingContent
 tflags      URI_MALWARE_SCMS   publish
 ##} URI_MALWARE_SCMS
 
+##{ URI_OBFU_DOM
+
+meta            URI_OBFU_DOM            __URI_OBFU_DOM && !__VIA_ML
+describe        URI_OBFU_DOM            URI pretending to be different domain
+##} URI_OBFU_DOM
+
 ##{ URI_ONLY_MSGID_MALF
 
   meta      URI_ONLY_MSGID_MALF           __URI_ONLY_MSGID_MALF && !__RP_MATCHES_RCVD && !__URI_MAILTO && !__NOT_SPOOFED && !__DKIM_EXISTS && !__MSGID_JAVAMAIL && !__HAS_REPLY_TO && !RCVD_IN_DNSWL_LOW
@@ -5486,7 +5447,7 @@ tflags     URI_PHP_REDIR               publish
 
 ##{ URI_TRY_3LD
 
-meta        URI_TRY_3LD       __URI_TRY_3LD && !__HAS_ERRORS_TO && !__HDR_RCVD_ALIBABA && !__HDR_CASE_REVERSED && !__XM_EC_MESSENGER && !__CHARITY && !__URI_DOTEDU 
+meta        URI_TRY_3LD       __URI_TRY_3LD && !__HAS_ERRORS_TO && !__HDR_RCVD_ALIBABA && !__HDR_CASE_REVERSED && !__XM_EC_MESSENGER && !__CHARITY && !__URI_DOTEDU && !__HAS_X_REF && !__HDR_RCVD_APPLE 
 describe    URI_TRY_3LD       "Try it" URI, suspicious hostname
 #score       URI_TRY_3LD       2.000   # limit
 tflags      URI_TRY_3LD       publish
@@ -5602,13 +5563,6 @@ describe   XM_DIGITS_ONLY              X-Mailer malformed
 tflags     XM_DIGITS_ONLY              publish
 ##} XM_DIGITS_ONLY
 
-##{ XM_LIGHT_HEAVY
-
-meta       XM_LIGHT_HEAVY              __XM_LIGHT_HEAVY && !__HAS_X_BEEN_THERE 
-describe   XM_LIGHT_HEAVY              Special edition of a MUA
-#score      XM_LIGHT_HEAVY              2.500	# limit
-##} XM_LIGHT_HEAVY
-
 ##{ XM_PHPMAILER_FORGED
 
 meta        XM_PHPMAILER_FORGED    __XM_PHPMAILER_FORGED
@@ -5624,13 +5578,6 @@ describe   XM_RANDOM                   X-Mailer apparently random
 tflags     XM_RANDOM                   publish
 ##} XM_RANDOM
 
-##{ XM_RECPTID
-
-meta       XM_RECPTID                  __HAS_XM_RECPTID && !__TAG_EXISTS_SCRIPT && !__REPLYTO_NOREPLY && !__ENVFROM_AMAZONSES && !__DOS_DIRECT_TO_MX && !__FRAUD_PTX 
-describe   XM_RECPTID                  Has spammy message header
-#score      XM_RECPTID                  3.000	# limit
-##} XM_RECPTID
-
 ##{ XPRIO
 
 describe    XPRIO              Has X-Priority header
@@ -5678,6 +5625,17 @@ describe    XPRIO_SHORT_SUBJ   Has X Priority header + short subject
 tflags      XPRIO_SHORT_SUBJ   publish
 ##} XPRIO_SHORT_SUBJ
 
+##{ XPRIO_URL_SHORTNER ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+
+ifplugin Mail::SpamAssassin::Plugin::WLBLEval
+if (version >= 3.004000)
+meta     XPRIO_URL_SHORTNER __XPRIO_MINFP && __URL_SHORTENER
+describe XPRIO_URL_SHORTNER X-Priority header and short URL
+#score    XPRIO_URL_SHORTNER 1.0 # limit
+endif
+endif
+##} XPRIO_URL_SHORTNER ifplugin Mail::SpamAssassin::Plugin::WLBLEval if (version >= 3.004000)
+
 ##{ X_MAILER_CME_6543_MSN
 
 header X_MAILER_CME_6543_MSN	X-Mailer =~ /^CME-V6\.5\.4\.3; MSN\s*$/
@@ -5689,15 +5647,6 @@ meta     YOU_INHERIT      __YOU_INHERIT
 describe YOU_INHERIT      Discussing your inheritance
 ##} YOU_INHERIT
 
-##{ ZW_OBFU_FREEM if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-
-if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-  meta       ZW_OBFU_FREEM              __UNICODE_OBFU_ZW && __freemail_hdr_replyto 
-  describe   ZW_OBFU_FREEM              Obfuscated text + freemail
-#  score      ZW_OBFU_FREEM              2.000	# limit
-endif
-##} ZW_OBFU_FREEM if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
-
 ##{ bayes_ignore_header_sandbox
 
 bayes_ignore_header X-ACL-Warn
@@ -6035,7 +5984,6 @@ enlist_addrlist (SUSP_NTLD) *@*.xyz
 enlist_addrlist (SUSP_NTLD) *@*.bid
 enlist_addrlist (SUSP_NTLD) *@*.stream
 enlist_addrlist (SUSP_NTLD) *@*.site
-enlist_addrlist (SUSP_NTLD) *@*.space
 enlist_addrlist (SUSP_NTLD) *@*.gdn
 enlist_addrlist (SUSP_NTLD) *@*.click
 enlist_addrlist (SUSP_NTLD) *@*.world
@@ -6058,7 +6006,6 @@ enlist_uri_host (SUSP_URI_NTLD) xyz
 enlist_uri_host (SUSP_URI_NTLD) bid
 enlist_uri_host (SUSP_URI_NTLD) stream
 enlist_uri_host (SUSP_URI_NTLD) site
-enlist_uri_host (SUSP_URI_NTLD) space
 enlist_uri_host (SUSP_URI_NTLD) gdn
 enlist_uri_host (SUSP_URI_NTLD) click
 enlist_uri_host (SUSP_URI_NTLD) world
@@ -6083,8 +6030,8 @@ endif
 
 if (version >= 3.004003)
   ifplugin Mail::SpamAssassin::Plugin::HashBL
-    priority      T_GB_HASHBL_BTC -100
-    reuse         T_GB_HASHBL_BTC
+    priority      GB_HASHBL_BTC -100
+    reuse         GB_HASHBL_BTC
 endif
 endif
 ##} if (version >= 3.004003) ifplugin Mail::SpamAssassin::Plugin::HashBL_sandbox
@@ -6415,785 +6362,6 @@ enlist_uri_host (PDS_CASHSHORTENER) yoitect.com
 enlist_uri_host (PDS_CASHSHORTENER) zipansion.com
 enlist_uri_host (PDS_CASHSHORTENER) zipteria.com
 enlist_uri_host (PDS_CASHSHORTENER) zipvale.com
-enlist_uri_host (PDS_URISHORTENER) owl.li
-enlist_uri_host (PDS_URISHORTENER) formspring.me
-enlist_uri_host (PDS_URISHORTENER) cc.uz
-enlist_uri_host (PDS_URISHORTENER) back.ly
-enlist_uri_host (PDS_URISHORTENER) surl.me
-enlist_uri_host (PDS_URISHORTENER) mysp.ac
-enlist_uri_host (PDS_URISHORTENER) s.apache.org
-enlist_uri_host (PDS_URISHORTENER) 0rz.tw
-enlist_uri_host (PDS_URISHORTENER) 1l2.us
-enlist_uri_host (PDS_URISHORTENER) 1link.in
-enlist_uri_host (PDS_URISHORTENER) 1u.ro
-enlist_uri_host (PDS_URISHORTENER) 1url.com
-enlist_uri_host (PDS_URISHORTENER) 2.gp
-enlist_uri_host (PDS_URISHORTENER) 2.ly
-enlist_uri_host (PDS_URISHORTENER) 2big.at
-enlist_uri_host (PDS_URISHORTENER) 2chap.it
-enlist_uri_host (PDS_URISHORTENER) 2pl.us
-enlist_uri_host (PDS_URISHORTENER) 2su.de
-enlist_uri_host (PDS_URISHORTENER) 2tu.us
-enlist_uri_host (PDS_URISHORTENER) 2ze.us
-enlist_uri_host (PDS_URISHORTENER) 3.ly
-enlist_uri_host (PDS_URISHORTENER) 301.to
-enlist_uri_host (PDS_URISHORTENER) 301url.com
-enlist_uri_host (PDS_URISHORTENER) 307.to
-enlist_uri_host (PDS_URISHORTENER) 4ms.me
-enlist_uri_host (PDS_URISHORTENER) 4sq.com
-enlist_uri_host (PDS_URISHORTENER) 4url.cc
-enlist_uri_host (PDS_URISHORTENER) 6url.com
-enlist_uri_host (PDS_URISHORTENER) 7.ly
-enlist_uri_host (PDS_URISHORTENER) 9mp.com
-enlist_uri_host (PDS_URISHORTENER) a.gd
-enlist_uri_host (PDS_URISHORTENER) a.gg
-enlist_uri_host (PDS_URISHORTENER) a.nf
-enlist_uri_host (PDS_URISHORTENER) a2a.me
-enlist_uri_host (PDS_URISHORTENER) a2n.eu
-enlist_uri_host (PDS_URISHORTENER) aa.cx
-enlist_uri_host (PDS_URISHORTENER) abbr.com
-enlist_uri_host (PDS_URISHORTENER) abcurl.net
-enlist_uri_host (PDS_URISHORTENER) abe5.com
-enlist_uri_host (PDS_URISHORTENER) access.im
-enlist_uri_host (PDS_URISHORTENER) ad.vu
-enlist_uri_host (PDS_URISHORTENER) adf.ly
-enlist_uri_host (PDS_URISHORTENER) adjix.com
-enlist_uri_host (PDS_URISHORTENER) afx.cc
-enlist_uri_host (PDS_URISHORTENER) all.fuseurl.com
-enlist_uri_host (PDS_URISHORTENER) alturl.com
-enlist_uri_host (PDS_URISHORTENER) amzn.com
-enlist_uri_host (PDS_URISHORTENER) amzn.to
-enlist_uri_host (PDS_URISHORTENER) ar.gy
-enlist_uri_host (PDS_URISHORTENER) arm.in
-enlist_uri_host (PDS_URISHORTENER) arst.ch
-enlist_uri_host (PDS_URISHORTENER) asso.in
-enlist_uri_host (PDS_URISHORTENER) atu.ca
-enlist_uri_host (PDS_URISHORTENER) aurls.info
-enlist_uri_host (PDS_URISHORTENER) awe.sm
-enlist_uri_host (PDS_URISHORTENER) ayl.lv
-enlist_uri_host (PDS_URISHORTENER) azc.cc
-enlist_uri_host (PDS_URISHORTENER) azqq.com
-enlist_uri_host (PDS_URISHORTENER) b23.ru
-enlist_uri_host (PDS_URISHORTENER) b2l.me
-enlist_uri_host (PDS_URISHORTENER) b65.com
-enlist_uri_host (PDS_URISHORTENER) b65.us
-enlist_uri_host (PDS_URISHORTENER) bacn.me
-enlist_uri_host (PDS_URISHORTENER) bcool.bz
-enlist_uri_host (PDS_URISHORTENER) beam.to
-enlist_uri_host (PDS_URISHORTENER) bgl.me
-enlist_uri_host (PDS_URISHORTENER) binged.it
-enlist_uri_host (PDS_URISHORTENER) bit.do
-enlist_uri_host (PDS_URISHORTENER) bit.ly
-enlist_uri_host (PDS_URISHORTENER) bitly.com
-enlist_uri_host (PDS_URISHORTENER) bizj.us
-enlist_uri_host (PDS_URISHORTENER) bkite.com
-enlist_uri_host (PDS_URISHORTENER) blippr.com
-enlist_uri_host (PDS_URISHORTENER) bloat.me
-enlist_uri_host (PDS_URISHORTENER) blu.cc
-enlist_uri_host (PDS_URISHORTENER) bon.no
-enlist_uri_host (PDS_URISHORTENER) bravo.ly
-enlist_uri_host (PDS_URISHORTENER) bsa.ly
-enlist_uri_host (PDS_URISHORTENER) bt.io
-enlist_uri_host (PDS_URISHORTENER) budurl.com
-enlist_uri_host (PDS_URISHORTENER) buff.ly
-enlist_uri_host (PDS_URISHORTENER) buk.me
-enlist_uri_host (PDS_URISHORTENER) burnurl.com
-enlist_uri_host (PDS_URISHORTENER) c-o.in
-enlist_uri_host (PDS_URISHORTENER) c.shamekh.ws
-enlist_uri_host (PDS_URISHORTENER) canurl.com
-enlist_uri_host (PDS_URISHORTENER) cd4.me
-enlist_uri_host (PDS_URISHORTENER) chilp.it
-enlist_uri_host (PDS_URISHORTENER) chopd.it
-enlist_uri_host (PDS_URISHORTENER) chpt.me
-enlist_uri_host (PDS_URISHORTENER) chs.mx
-enlist_uri_host (PDS_URISHORTENER) chzb.gr
-enlist_uri_host (PDS_URISHORTENER) cl.lk
-enlist_uri_host (PDS_URISHORTENER) cl.ly
-enlist_uri_host (PDS_URISHORTENER) clck.ru
-enlist_uri_host (PDS_URISHORTENER) cli.gs
-enlist_uri_host (PDS_URISHORTENER) cliccami.info
-enlist_uri_host (PDS_URISHORTENER) clickthru.ca
-enlist_uri_host (PDS_URISHORTENER) clipurl.us
-enlist_uri_host (PDS_URISHORTENER) clk.my
-enlist_uri_host (PDS_URISHORTENER) cloaky.de
-enlist_uri_host (PDS_URISHORTENER) clop.in
-enlist_uri_host (PDS_URISHORTENER) clp.ly
-enlist_uri_host (PDS_URISHORTENER) coge.la
-enlist_uri_host (PDS_URISHORTENER) cokeurl.com
-enlist_uri_host (PDS_URISHORTENER) conta.cc
-enlist_uri_host (PDS_URISHORTENER) cort.as
-enlist_uri_host (PDS_URISHORTENER) cot.ag
-enlist_uri_host (PDS_URISHORTENER) crks.me
-enlist_uri_host (PDS_URISHORTENER) crum.pl
-enlist_uri_host (PDS_URISHORTENER) ctvr.us
-enlist_uri_host (PDS_URISHORTENER) curio.us
-enlist_uri_host (PDS_URISHORTENER) cuthut.com
-enlist_uri_host (PDS_URISHORTENER) cutt.us
-enlist_uri_host (PDS_URISHORTENER) cuturl.com
-enlist_uri_host (PDS_URISHORTENER) cuturls.com
-enlist_uri_host (PDS_URISHORTENER) dai.ly
-enlist_uri_host (PDS_URISHORTENER) db.tt
-enlist_uri_host (PDS_URISHORTENER) dealspl.us
-enlist_uri_host (PDS_URISHORTENER) decenturl.com
-enlist_uri_host (PDS_URISHORTENER) df9.net
-enlist_uri_host (PDS_URISHORTENER) dfl8.me
-enlist_uri_host (PDS_URISHORTENER) digbig.com
-enlist_uri_host (PDS_URISHORTENER) digg.com
-enlist_uri_host (PDS_URISHORTENER) digipills.com
-enlist_uri_host (PDS_URISHORTENER) digs.by
-enlist_uri_host (PDS_URISHORTENER) disq.us
-enlist_uri_host (PDS_URISHORTENER) dld.bz
-enlist_uri_host (PDS_URISHORTENER) dlvr.it
-enlist_uri_host (PDS_URISHORTENER) dn.vc
-enlist_uri_host (PDS_URISHORTENER) do.my
-enlist_uri_host (PDS_URISHORTENER) doi.org
-enlist_uri_host (PDS_URISHORTENER) doiop.com
-enlist_uri_host (PDS_URISHORTENER) dopen.us
-enlist_uri_host (PDS_URISHORTENER) dr.tl
-enlist_uri_host (PDS_URISHORTENER) drudge.tw
-enlist_uri_host (PDS_URISHORTENER) durl.me
-enlist_uri_host (PDS_URISHORTENER) durl.us
-enlist_uri_host (PDS_URISHORTENER) dvlr.it
-enlist_uri_host (PDS_URISHORTENER) dwarfurl.com
-enlist_uri_host (PDS_URISHORTENER) easyuri.com
-enlist_uri_host (PDS_URISHORTENER) easyurl.net
-enlist_uri_host (PDS_URISHORTENER) eca.sh
-enlist_uri_host (PDS_URISHORTENER) eclurl.com
-enlist_uri_host (PDS_URISHORTENER) eepurl.com
-enlist_uri_host (PDS_URISHORTENER) eezurl.com
-enlist_uri_host (PDS_URISHORTENER) eweri.com
-enlist_uri_host (PDS_URISHORTENER) ewerl.com
-enlist_uri_host (PDS_URISHORTENER) ezurl.eu
-enlist_uri_host (PDS_URISHORTENER) fa.by
-enlist_uri_host (PDS_URISHORTENER) faceto.us
-enlist_uri_host (PDS_URISHORTENER) fav.me
-enlist_uri_host (PDS_URISHORTENER) fb.me
-enlist_uri_host (PDS_URISHORTENER) fbshare.me
-enlist_uri_host (PDS_URISHORTENER) ff.im
-enlist_uri_host (PDS_URISHORTENER) fff.to
-enlist_uri_host (PDS_URISHORTENER) fhurl.com
-enlist_uri_host (PDS_URISHORTENER) fire.to
-enlist_uri_host (PDS_URISHORTENER) firsturl.de
-enlist_uri_host (PDS_URISHORTENER) firsturl.net
-enlist_uri_host (PDS_URISHORTENER) flic.kr
-enlist_uri_host (PDS_URISHORTENER) flingk.com
-enlist_uri_host (PDS_URISHORTENER) flq.us
-enlist_uri_host (PDS_URISHORTENER) fly2.ws
-enlist_uri_host (PDS_URISHORTENER) fon.gs
-enlist_uri_host (PDS_URISHORTENER) foxyurl.com
-enlist_uri_host (PDS_URISHORTENER) freak.to
-enlist_uri_host (PDS_URISHORTENER) fur.ly
-enlist_uri_host (PDS_URISHORTENER) fuseurl.com
-enlist_uri_host (PDS_URISHORTENER) fuzzy.to
-enlist_uri_host (PDS_URISHORTENER) fwd4.me
-enlist_uri_host (PDS_URISHORTENER) fwdurl.net
-enlist_uri_host (PDS_URISHORTENER) fwib.net
-enlist_uri_host (PDS_URISHORTENER) g.ro.lt
-enlist_uri_host (PDS_URISHORTENER) g8l.us
-enlist_uri_host (PDS_URISHORTENER) get-shorty.com
-enlist_uri_host (PDS_URISHORTENER) get-url.com
-enlist_uri_host (PDS_URISHORTENER) get.sh
-enlist_uri_host (PDS_URISHORTENER) geturl.us
-enlist_uri_host (PDS_URISHORTENER) gg.gg
-enlist_uri_host (PDS_URISHORTENER) gi.vc
-enlist_uri_host (PDS_URISHORTENER) gizmo.do
-enlist_uri_host (PDS_URISHORTENER) gkurl.us
-enlist_uri_host (PDS_URISHORTENER) gl.am
-enlist_uri_host (PDS_URISHORTENER) go.9nl.com
-enlist_uri_host (PDS_URISHORTENER) go.ign.com
-enlist_uri_host (PDS_URISHORTENER) go.to
-enlist_uri_host (PDS_URISHORTENER) go.usa.gov
-enlist_uri_host (PDS_URISHORTENER) go2.me
-enlist_uri_host (PDS_URISHORTENER) gog.li
-enlist_uri_host (PDS_URISHORTENER) golmao.com
-enlist_uri_host (PDS_URISHORTENER) goo.gl
-enlist_uri_host (PDS_URISHORTENER) goo.io
-enlist_uri_host (PDS_URISHORTENER) good.ly
-enlist_uri_host (PDS_URISHORTENER) goshrink.com
-enlist_uri_host (PDS_URISHORTENER) gplus.to
-enlist_uri_host (PDS_URISHORTENER) gri.ms
-enlist_uri_host (PDS_URISHORTENER) gurl.es
-enlist_uri_host (PDS_URISHORTENER) hao.jp
-enlist_uri_host (PDS_URISHORTENER) hellotxt.com
-enlist_uri_host (PDS_URISHORTENER) hex.io
-enlist_uri_host (PDS_URISHORTENER) hiderefer.com
-enlist_uri_host (PDS_URISHORTENER) hmm.ph
-enlist_uri_host (PDS_URISHORTENER) hop.im
-enlist_uri_host (PDS_URISHORTENER) hop.kz
-enlist_uri_host (PDS_URISHORTENER) hopclicks.com
-enlist_uri_host (PDS_URISHORTENER) hotredirect.com
-enlist_uri_host (PDS_URISHORTENER) hotshorturl.com
-enlist_uri_host (PDS_URISHORTENER) href.in
-enlist_uri_host (PDS_URISHORTENER) hsblinks.com
-enlist_uri_host (PDS_URISHORTENER) ht.ly
-enlist_uri_host (PDS_URISHORTENER) htxt.it
-enlist_uri_host (PDS_URISHORTENER) hub.am
-enlist_uri_host (PDS_URISHORTENER) huff.to
-enlist_uri_host (PDS_URISHORTENER) hugeurl.com
-enlist_uri_host (PDS_URISHORTENER) hulu.com
-enlist_uri_host (PDS_URISHORTENER) hurl.it
-enlist_uri_host (PDS_URISHORTENER) hurl.me
-enlist_uri_host (PDS_URISHORTENER) hurl.no
-enlist_uri_host (PDS_URISHORTENER) hurl.ws
-enlist_uri_host (PDS_URISHORTENER) icanhaz.com
-enlist_uri_host (PDS_URISHORTENER) icio.us
-enlist_uri_host (PDS_URISHORTENER) idek.net
-enlist_uri_host (PDS_URISHORTENER) ikr.me
-enlist_uri_host (PDS_URISHORTENER) ilix.in
-enlist_uri_host (PDS_URISHORTENER) inx.lv
-enlist_uri_host (PDS_URISHORTENER) ir.pe
-enlist_uri_host (PDS_URISHORTENER) irt.me
-enlist_uri_host (PDS_URISHORTENER) is.gd
-enlist_uri_host (PDS_URISHORTENER) iscool.net
-enlist_uri_host (PDS_URISHORTENER) it2.in
-enlist_uri_host (PDS_URISHORTENER) ito.mx
-enlist_uri_host (PDS_URISHORTENER) its.my
-enlist_uri_host (PDS_URISHORTENER) itsy.it
-enlist_uri_host (PDS_URISHORTENER) ix.lt
-enlist_uri_host (PDS_URISHORTENER) j.mp
-enlist_uri_host (PDS_URISHORTENER) j2j.de
-enlist_uri_host (PDS_URISHORTENER) jdem.cz
-enlist_uri_host (PDS_URISHORTENER) jijr.com
-enlist_uri_host (PDS_URISHORTENER) just.as
-enlist_uri_host (PDS_URISHORTENER) k.vu
-enlist_uri_host (PDS_URISHORTENER) k6.kz
-enlist_uri_host (PDS_URISHORTENER) ketkp.in
-enlist_uri_host (PDS_URISHORTENER) kisa.ch
-enlist_uri_host (PDS_URISHORTENER) kissa.be
-enlist_uri_host (PDS_URISHORTENER) kl.am
-enlist_uri_host (PDS_URISHORTENER) klck.me
-enlist_uri_host (PDS_URISHORTENER) kore.us
-enlist_uri_host (PDS_URISHORTENER) korta.nu
-enlist_uri_host (PDS_URISHORTENER) kots.nu
-enlist_uri_host (PDS_URISHORTENER) krunchd.com
-enlist_uri_host (PDS_URISHORTENER) krz.ch
-enlist_uri_host (PDS_URISHORTENER) ktzr.us
-enlist_uri_host (PDS_URISHORTENER) kxk.me
-enlist_uri_host (PDS_URISHORTENER) l.hh.de
-enlist_uri_host (PDS_URISHORTENER) l.pr
-enlist_uri_host (PDS_URISHORTENER) l9k.net
-enlist_uri_host (PDS_URISHORTENER) lat.ms
-enlist_uri_host (PDS_URISHORTENER) liip.to
-enlist_uri_host (PDS_URISHORTENER) liltext.com
-enlist_uri_host (PDS_URISHORTENER) lin.cr
-enlist_uri_host (PDS_URISHORTENER) lin.io
-enlist_uri_host (PDS_URISHORTENER) linkbee.com
-enlist_uri_host (PDS_URISHORTENER) linkbun.ch
-enlist_uri_host (PDS_URISHORTENER) linkee.com
-enlist_uri_host (PDS_URISHORTENER) linkgap.com
-enlist_uri_host (PDS_URISHORTENER) linkslice.com
-enlist_uri_host (PDS_URISHORTENER) linxfix.de
-enlist_uri_host (PDS_URISHORTENER) liteurl.net
-enlist_uri_host (PDS_URISHORTENER) liurl.cn
-enlist_uri_host (PDS_URISHORTENER) livesi.de
-enlist_uri_host (PDS_URISHORTENER) lix.in
-enlist_uri_host (PDS_URISHORTENER) lk.ht
-enlist_uri_host (PDS_URISHORTENER) ln-s.net
-enlist_uri_host (PDS_URISHORTENER) ln-s.ru
-enlist_uri_host (PDS_URISHORTENER) lnk.by
-enlist_uri_host (PDS_URISHORTENER) lnk.gd
-enlist_uri_host (PDS_URISHORTENER) lnk.in
-enlist_uri_host (PDS_URISHORTENER) lnk.ly
-enlist_uri_host (PDS_URISHORTENER) lnk.ms
-enlist_uri_host (PDS_URISHORTENER) lnk.sk
-enlist_uri_host (PDS_URISHORTENER) lnkd.in
-enlist_uri_host (PDS_URISHORTENER) lnkurl.com
-enlist_uri_host (PDS_URISHORTENER) loopt.us
-enlist_uri_host (PDS_URISHORTENER) lost.in
-enlist_uri_host (PDS_URISHORTENER) lru.jp
-enlist_uri_host (PDS_URISHORTENER) lt.tl
-enlist_uri_host (PDS_URISHORTENER) lu.to
-enlist_uri_host (PDS_URISHORTENER) lurl.no
-enlist_uri_host (PDS_URISHORTENER) macte.ch
-enlist_uri_host (PDS_URISHORTENER) mash.to
-enlist_uri_host (PDS_URISHORTENER) mavrev.com
-enlist_uri_host (PDS_URISHORTENER) mcaf.ee
-enlist_uri_host (PDS_URISHORTENER) memurl.com
-enlist_uri_host (PDS_URISHORTENER) merky.de
-enlist_uri_host (PDS_URISHORTENER) metamark.net
-enlist_uri_host (PDS_URISHORTENER) migre.me
-enlist_uri_host (PDS_URISHORTENER) min2.me
-enlist_uri_host (PDS_URISHORTENER) minilien.com
-enlist_uri_host (PDS_URISHORTENER) minilink.org
-enlist_uri_host (PDS_URISHORTENER) miniurl.com
-enlist_uri_host (PDS_URISHORTENER) minurl.fr
-enlist_uri_host (PDS_URISHORTENER) mke.me
-enlist_uri_host (PDS_URISHORTENER) moby.to
-enlist_uri_host (PDS_URISHORTENER) moourl.com
-enlist_uri_host (PDS_URISHORTENER) mrte.ch
-enlist_uri_host (PDS_URISHORTENER) msg.sg
-enlist_uri_host (PDS_URISHORTENER) murl.kz
-enlist_uri_host (PDS_URISHORTENER) mv2.me
-enlist_uri_host (PDS_URISHORTENER) myloc.me
-enlist_uri_host (PDS_URISHORTENER) mysp.in
-enlist_uri_host (PDS_URISHORTENER) myurl.in
-enlist_uri_host (PDS_URISHORTENER) myurl.si
-enlist_uri_host (PDS_URISHORTENER) n.pr
-enlist_uri_host (PDS_URISHORTENER) nanoref.com
-enlist_uri_host (PDS_URISHORTENER) nanourl.se
-enlist_uri_host (PDS_URISHORTENER) nbc.co
-enlist_uri_host (PDS_URISHORTENER) nblo.gs
-enlist_uri_host (PDS_URISHORTENER) nbx.ch
-enlist_uri_host (PDS_URISHORTENER) ncane.com
-enlist_uri_host (PDS_URISHORTENER) ndurl.com
-enlist_uri_host (PDS_URISHORTENER) ne1.net
-enlist_uri_host (PDS_URISHORTENER) netnet.me
-enlist_uri_host (PDS_URISHORTENER) netshortcut.com
-enlist_uri_host (PDS_URISHORTENER) ni.to
-enlist_uri_host (PDS_URISHORTENER) nig.gr
-enlist_uri_host (PDS_URISHORTENER) nm.ly
-enlist_uri_host (PDS_URISHORTENER) nn.nf
-enlist_uri_host (PDS_URISHORTENER) not.my
-enlist_uri_host (PDS_URISHORTENER) notlong.com
-enlist_uri_host (PDS_URISHORTENER) nsfw.in
-enlist_uri_host (PDS_URISHORTENER) nutshellurl.com
-enlist_uri_host (PDS_URISHORTENER) nxy.in
-enlist_uri_host (PDS_URISHORTENER) nyti.ms
-enlist_uri_host (PDS_URISHORTENER) o-x.fr
-enlist_uri_host (PDS_URISHORTENER) o.ly
-enlist_uri_host (PDS_URISHORTENER) oboeyasui.com
-enlist_uri_host (PDS_URISHORTENER) oc1.us
-enlist_uri_host (PDS_URISHORTENER) offur.com
-enlist_uri_host (PDS_URISHORTENER) ofl.me
-enlist_uri_host (PDS_URISHORTENER) om.ly
-enlist_uri_host (PDS_URISHORTENER) omf.gd
-enlist_uri_host (PDS_URISHORTENER) omoikane.net
-enlist_uri_host (PDS_URISHORTENER) on.cnn.com
-enlist_uri_host (PDS_URISHORTENER) on.mktw.net
-enlist_uri_host (PDS_URISHORTENER) onecent.us
-enlist_uri_host (PDS_URISHORTENER) onforb.es
-enlist_uri_host (PDS_URISHORTENER) onion.com
-enlist_uri_host (PDS_URISHORTENER) onsaas.info
-enlist_uri_host (PDS_URISHORTENER) ooqx.com
-enlist_uri_host (PDS_URISHORTENER) oreil.ly
-enlist_uri_host (PDS_URISHORTENER) orz.se
-enlist_uri_host (PDS_URISHORTENER) ow.ly
-enlist_uri_host (PDS_URISHORTENER) oxyz.info
-enlist_uri_host (PDS_URISHORTENER) p.ly
-enlist_uri_host (PDS_URISHORTENER) p8g.tw
-enlist_uri_host (PDS_URISHORTENER) parv.us
-enlist_uri_host (PDS_URISHORTENER) paulding.net
-enlist_uri_host (PDS_URISHORTENER) pduda.mobi
-enlist_uri_host (PDS_URISHORTENER) peaurl.com
-enlist_uri_host (PDS_URISHORTENER) pendek.in
-enlist_uri_host (PDS_URISHORTENER) pep.si
-enlist_uri_host (PDS_URISHORTENER) pic.gd
-enlist_uri_host (PDS_URISHORTENER) piko.me
-enlist_uri_host (PDS_URISHORTENER) ping.fm
-enlist_uri_host (PDS_URISHORTENER) piurl.com
-enlist_uri_host (PDS_URISHORTENER) pli.gs
-enlist_uri_host (PDS_URISHORTENER) plumurl.com
-enlist_uri_host (PDS_URISHORTENER) plurl.me
-enlist_uri_host (PDS_URISHORTENER) pnt.me
-enlist_uri_host (PDS_URISHORTENER) politi.co
-enlist_uri_host (PDS_URISHORTENER) poll.fm
-enlist_uri_host (PDS_URISHORTENER) pop.ly
-enlist_uri_host (PDS_URISHORTENER) poprl.com
-enlist_uri_host (PDS_URISHORTENER) post.ly
-enlist_uri_host (PDS_URISHORTENER) posted.at
-enlist_uri_host (PDS_URISHORTENER) pp.gg
-enlist_uri_host (PDS_URISHORTENER) profile.to
-enlist_uri_host (PDS_URISHORTENER) pt2.me
-enlist_uri_host (PDS_URISHORTENER) ptiturl.com
-enlist_uri_host (PDS_URISHORTENER) pub.vitrue.com
-enlist_uri_host (PDS_URISHORTENER) puke.it
-enlist_uri_host (PDS_URISHORTENER) pysper.com
-enlist_uri_host (PDS_URISHORTENER) qik.li
-enlist_uri_host (PDS_URISHORTENER) qlnk.net
-enlist_uri_host (PDS_URISHORTENER) qoiob.com
-enlist_uri_host (PDS_URISHORTENER) qr.cx
-enlist_uri_host (PDS_URISHORTENER) qte.me
-enlist_uri_host (PDS_URISHORTENER) qu.tc
-enlist_uri_host (PDS_URISHORTENER) quickurl.co.uk
-enlist_uri_host (PDS_URISHORTENER) qurl.com
-enlist_uri_host (PDS_URISHORTENER) qurlyq.com
-enlist_uri_host (PDS_URISHORTENER) quu.nu
-enlist_uri_host (PDS_URISHORTENER) qux.in
-enlist_uri_host (PDS_URISHORTENER) qy.fi
-enlist_uri_host (PDS_URISHORTENER) r.im
-enlist_uri_host (PDS_URISHORTENER) rb6.me
-enlist_uri_host (PDS_URISHORTENER) rde.me
-enlist_uri_host (PDS_URISHORTENER) read.bi
-enlist_uri_host (PDS_URISHORTENER) readthis.ca
-enlist_uri_host (PDS_URISHORTENER) reallytinyurl.com
-enlist_uri_host (PDS_URISHORTENER) redir.ec
-enlist_uri_host (PDS_URISHORTENER) redirects.ca
-enlist_uri_host (PDS_URISHORTENER) redirx.com
-enlist_uri_host (PDS_URISHORTENER) relyt.us
-enlist_uri_host (PDS_URISHORTENER) retwt.me
-enlist_uri_host (PDS_URISHORTENER) ri.ms
-enlist_uri_host (PDS_URISHORTENER) rickroll.it
-enlist_uri_host (PDS_URISHORTENER) rivva.de
-enlist_uri_host (PDS_URISHORTENER) riz.gd
-enlist_uri_host (PDS_URISHORTENER) rly.cc
-enlist_uri_host (PDS_URISHORTENER) rnk.me
-enlist_uri_host (PDS_URISHORTENER) rsmonkey.com
-enlist_uri_host (PDS_URISHORTENER) rt.nu
-enlist_uri_host (PDS_URISHORTENER) ru.ly
-enlist_uri_host (PDS_URISHORTENER) rubyurl.com
-enlist_uri_host (PDS_URISHORTENER) rurl.org
-enlist_uri_host (PDS_URISHORTENER) rww.tw
-enlist_uri_host (PDS_URISHORTENER) s.gnoss.us
-enlist_uri_host (PDS_URISHORTENER) s3nt.com
-enlist_uri_host (PDS_URISHORTENER) s4c.in
-enlist_uri_host (PDS_URISHORTENER) s7y.us
-enlist_uri_host (PDS_URISHORTENER) safe.mn
-enlist_uri_host (PDS_URISHORTENER) safelinks.ru
-enlist_uri_host (PDS_URISHORTENER) sai.ly
-enlist_uri_host (PDS_URISHORTENER) sameurl.com
-enlist_uri_host (PDS_URISHORTENER) sdut.us
-enlist_uri_host (PDS_URISHORTENER) sed.cx
-enlist_uri_host (PDS_URISHORTENER) sfu.ca
-enlist_uri_host (PDS_URISHORTENER) shadyurl.com
-enlist_uri_host (PDS_URISHORTENER) shar.es
-enlist_uri_host (PDS_URISHORTENER) shim.net
-enlist_uri_host (PDS_URISHORTENER) shink.de
-enlist_uri_host (PDS_URISHORTENER) shorl.com
-enlist_uri_host (PDS_URISHORTENER) short.ie
-enlist_uri_host (PDS_URISHORTENER) short.to
-enlist_uri_host (PDS_URISHORTENER) shorten.ws
-enlist_uri_host (PDS_URISHORTENER) shortenurl.com
-enlist_uri_host (PDS_URISHORTENER) shorterlink.com
-enlist_uri_host (PDS_URISHORTENER) shortio.com
-enlist_uri_host (PDS_URISHORTENER) shortlinks.co.uk
-enlist_uri_host (PDS_URISHORTENER) shortly.nl
-enlist_uri_host (PDS_URISHORTENER) shortn.me
-enlist_uri_host (PDS_URISHORTENER) shortna.me
-enlist_uri_host (PDS_URISHORTENER) shortr.me
-enlist_uri_host (PDS_URISHORTENER) shorturl.com
-enlist_uri_host (PDS_URISHORTENER) shortz.me
-enlist_uri_host (PDS_URISHORTENER) shoturl.us
-enlist_uri_host (PDS_URISHORTENER) shout.to
-enlist_uri_host (PDS_URISHORTENER) show.my
-enlist_uri_host (PDS_URISHORTENER) shredu
-enlist_uri_host (PDS_URISHORTENER) shredurl.com
-enlist_uri_host (PDS_URISHORTENER) shrinkify.com
-enlist_uri_host (PDS_URISHORTENER) shrinkr.com
-enlist_uri_host (PDS_URISHORTENER) shrinkster.com
-enlist_uri_host (PDS_URISHORTENER) shrinkurl.us
-enlist_uri_host (PDS_URISHORTENER) shrt.fr
-enlist_uri_host (PDS_URISHORTENER) shrt.st
-enlist_uri_host (PDS_URISHORTENER) shrt.ws
-enlist_uri_host (PDS_URISHORTENER) shrten.com
-enlist_uri_host (PDS_URISHORTENER) shrtl.com
-enlist_uri_host (PDS_URISHORTENER) shrtn.com
-enlist_uri_host (PDS_URISHORTENER) shrtnd.com
-enlist_uri_host (PDS_URISHORTENER) shrunkin.com
-enlist_uri_host (PDS_URISHORTENER) shurl.net
-enlist_uri_host (PDS_URISHORTENER) shw.me
-enlist_uri_host (PDS_URISHORTENER) simurl.com
-enlist_uri_host (PDS_URISHORTENER) simurl.net
-enlist_uri_host (PDS_URISHORTENER) simurl.org
-enlist_uri_host (PDS_URISHORTENER) simurl.us
-enlist_uri_host (PDS_URISHORTENER) sitelutions.com
-enlist_uri_host (PDS_URISHORTENER) siteo.us
-enlist_uri_host (PDS_URISHORTENER) sl.ly
-enlist_uri_host (PDS_URISHORTENER) slate.me
-enlist_uri_host (PDS_URISHORTENER) slidesha.re
-enlist_uri_host (PDS_URISHORTENER) slki.ru
-enlist_uri_host (PDS_URISHORTENER) smallr.com
-enlist_uri_host (PDS_URISHORTENER) smallr.net
-enlist_uri_host (PDS_URISHORTENER) smarturl.it
-enlist_uri_host (PDS_URISHORTENER) smfu.in
-enlist_uri_host (PDS_URISHORTENER) smsh.me
-enlist_uri_host (PDS_URISHORTENER) smurl.com
-enlist_uri_host (PDS_URISHORTENER) smurl.name
-enlist_uri_host (PDS_URISHORTENER) sn.im
-enlist_uri_host (PDS_URISHORTENER) sn.vc
-enlist_uri_host (PDS_URISHORTENER) snadr.it
-enlist_uri_host (PDS_URISHORTENER) snipie.com
-enlist_uri_host (PDS_URISHORTENER) snipr.com
-enlist_uri_host (PDS_URISHORTENER) snipurl.com
-enlist_uri_host (PDS_URISHORTENER) snkr.me
-enlist_uri_host (PDS_URISHORTENER) snurl.com
-enlist_uri_host (PDS_URISHORTENER) soo.gd
-enlist_uri_host (PDS_URISHORTENER) song.ly
-enlist_uri_host (PDS_URISHORTENER) sp2.ro
-enlist_uri_host (PDS_URISHORTENER) spedr.com
-enlist_uri_host (PDS_URISHORTENER) sqze.it
-enlist_uri_host (PDS_URISHORTENER) srnk.net
-enlist_uri_host (PDS_URISHORTENER) srs.li
-enlist_uri_host (PDS_URISHORTENER) starturl.com
-enlist_uri_host (PDS_URISHORTENER) stickurl.com
-enlist_uri_host (PDS_URISHORTENER) stpmvt.com
-enlist_uri_host (PDS_URISHORTENER) sturly.com
-enlist_uri_host (PDS_URISHORTENER) su.pr
-enlist_uri_host (PDS_URISHORTENER) surl.co.uk
-enlist_uri_host (PDS_URISHORTENER) surl.hu
-enlist_uri_host (PDS_URISHORTENER) surl.it
-enlist_uri_host (PDS_URISHORTENER) t.cn
-enlist_uri_host (PDS_URISHORTENER) t.co
-enlist_uri_host (PDS_URISHORTENER) t.lh.com
-enlist_uri_host (PDS_URISHORTENER) ta.gd
-enlist_uri_host (PDS_URISHORTENER) takemyfile.com
-enlist_uri_host (PDS_URISHORTENER) tbd.ly
-enlist_uri_host (PDS_URISHORTENER) tcrn.ch
-enlist_uri_host (PDS_URISHORTENER) tgr.me
-enlist_uri_host (PDS_URISHORTENER) tgr.ph
-enlist_uri_host (PDS_URISHORTENER) th8.us
-enlist_uri_host (PDS_URISHORTENER) thecow.me
-enlist_uri_host (PDS_URISHORTENER) thrdl.es
-enlist_uri_host (PDS_URISHORTENER) tighturl.com
-enlist_uri_host (PDS_URISHORTENER) timesurl.at
-enlist_uri_host (PDS_URISHORTENER) tini.us
-enlist_uri_host (PDS_URISHORTENER) tiniuri.com
-enlist_uri_host (PDS_URISHORTENER) tiny.cc
-enlist_uri_host (PDS_URISHORTENER) tiny.ly
-enlist_uri_host (PDS_URISHORTENER) tiny.pl
-enlist_uri_host (PDS_URISHORTENER) tinyarro.ws
-enlist_uri_host (PDS_URISHORTENER) tinylink.com
-enlist_uri_host (PDS_URISHORTENER) tinylink.in
-enlist_uri_host (PDS_URISHORTENER) tinypl.us
-enlist_uri_host (PDS_URISHORTENER) tinysong.com
-enlist_uri_host (PDS_URISHORTENER) tinytw.it
-enlist_uri_host (PDS_URISHORTENER) tinyuri.ca
-enlist_uri_host (PDS_URISHORTENER) tinyurl.com
-enlist_uri_host (PDS_URISHORTENER) tk.
-enlist_uri_host (PDS_URISHORTENER) tl.gd
-enlist_uri_host (PDS_URISHORTENER) tllg.net
-enlist_uri_host (PDS_URISHORTENER) tmi.me
-enlist_uri_host (PDS_URISHORTENER) tncr.ws
-enlist_uri_host (PDS_URISHORTENER) tnij.org
-enlist_uri_host (PDS_URISHORTENER) tnw.to
-enlist_uri_host (PDS_URISHORTENER) tny.com
-enlist_uri_host (PDS_URISHORTENER) to.
-enlist_uri_host (PDS_URISHORTENER) to.je
-enlist_uri_host (PDS_URISHORTENER) to.ly
-enlist_uri_host (PDS_URISHORTENER) to.vg
-enlist_uri_host (PDS_URISHORTENER) togoto.us
-enlist_uri_host (PDS_URISHORTENER) totc.us
-enlist_uri_host (PDS_URISHORTENER) toysr.us
-enlist_uri_host (PDS_URISHORTENER) tpm.ly
-enlist_uri_host (PDS_URISHORTENER) tr.im
-enlist_uri_host (PDS_URISHORTENER) tr.my
-enlist_uri_host (PDS_URISHORTENER) tra.kz
-enlist_uri_host (PDS_URISHORTENER) traceurl.com
-enlist_uri_host (PDS_URISHORTENER) trackurl.it
-enlist_uri_host (PDS_URISHORTENER) trcb.me
-enlist_uri_host (PDS_URISHORTENER) trg.li
-enlist_uri_host (PDS_URISHORTENER) trib.al
-enlist_uri_host (PDS_URISHORTENER) trick.ly
-enlist_uri_host (PDS_URISHORTENER) trii.us
-enlist_uri_host (PDS_URISHORTENER) trim.li
-enlist_uri_host (PDS_URISHORTENER) trumpink.lt
-enlist_uri_host (PDS_URISHORTENER) trunc.it
-enlist_uri_host (PDS_URISHORTENER) truncurl.com
-enlist_uri_host (PDS_URISHORTENER) tsort.us
-enlist_uri_host (PDS_URISHORTENER) tubeurl.com
-enlist_uri_host (PDS_URISHORTENER) turo.us
-enlist_uri_host (PDS_URISHORTENER) tw0.us
-enlist_uri_host (PDS_URISHORTENER) tw1.us
-enlist_uri_host (PDS_URISHORTENER) tw2.us
-enlist_uri_host (PDS_URISHORTENER) tw5.us
-enlist_uri_host (PDS_URISHORTENER) tw6.us
-enlist_uri_host (PDS_URISHORTENER) tw8.us
-enlist_uri_host (PDS_URISHORTENER) tw9.us
-enlist_uri_host (PDS_URISHORTENER) twa.lk
-enlist_uri_host (PDS_URISHORTENER) tweet.me
-enlist_uri_host (PDS_URISHORTENER) tweetburner.com
-enlist_uri_host (PDS_URISHORTENER) tweetl.com
-enlist_uri_host (PDS_URISHORTENER) twhub.com
-enlist_uri_host (PDS_URISHORTENER) twi.gy
-enlist_uri_host (PDS_URISHORTENER) twip.us
-enlist_uri_host (PDS_URISHORTENER) twirl.at
-enlist_uri_host (PDS_URISHORTENER) twit.ac
-enlist_uri_host (PDS_URISHORTENER) twitclicks.com
-enlist_uri_host (PDS_URISHORTENER) twitterurl.net
-enlist_uri_host (PDS_URISHORTENER) twitterurl.org
-enlist_uri_host (PDS_URISHORTENER) twitthis.com
-enlist_uri_host (PDS_URISHORTENER) twittu.ms
-enlist_uri_host (PDS_URISHORTENER) twiturl.de
-enlist_uri_host (PDS_URISHORTENER) twitzap.com
-enlist_uri_host (PDS_URISHORTENER) twlv.net
-enlist_uri_host (PDS_URISHORTENER) twtr.us
-enlist_uri_host (PDS_URISHORTENER) twurl.cc
-enlist_uri_host (PDS_URISHORTENER) twurl.nl
-enlist_uri_host (PDS_URISHORTENER) u.mavrev.com
-enlist_uri_host (PDS_URISHORTENER) u.nu
-enlist_uri_host (PDS_URISHORTENER) u76.org
-enlist_uri_host (PDS_URISHORTENER) ub0.cc
-enlist_uri_host (PDS_URISHORTENER) uiop.me
-enlist_uri_host (PDS_URISHORTENER) ulimit.com
-enlist_uri_host (PDS_URISHORTENER) ulu.lu
-enlist_uri_host (PDS_URISHORTENER) unfaker.it
-enlist_uri_host (PDS_URISHORTENER) updating.me
-enlist_uri_host (PDS_URISHORTENER) u.to
-enlist_uri_host (PDS_URISHORTENER) ur.ly
-enlist_uri_host (PDS_URISHORTENER) ur1.ca
-enlist_uri_host (PDS_URISHORTENER) urizy.com
-enlist_uri_host (PDS_URISHORTENER) url.ag
-enlist_uri_host (PDS_URISHORTENER) url.az
-enlist_uri_host (PDS_URISHORTENER) url.co.uk
-enlist_uri_host (PDS_URISHORTENER) url.go.it
-enlist_uri_host (PDS_URISHORTENER) url.ie
-enlist_uri_host (PDS_URISHORTENER) url.inc-x.eu
-enlist_uri_host (PDS_URISHORTENER) url.lotpatrol.com
-enlist_uri_host (PDS_URISHORTENER) url360.me
-enlist_uri_host (PDS_URISHORTENER) url4.eu
-enlist_uri_host (PDS_URISHORTENER) urlao.com
-enlist_uri_host (PDS_URISHORTENER) urlbee.com
-enlist_uri_host (PDS_URISHORTENER) urlborg.com
-enlist_uri_host (PDS_URISHORTENER) urlbrief.com
-enlist_uri_host (PDS_URISHORTENER) urlcorta.es
-enlist_uri_host (PDS_URISHORTENER) urlcover.com
-enlist_uri_host (PDS_URISHORTENER) urlcut.com
-enlist_uri_host (PDS_URISHORTENER) urlcutter.com
-enlist_uri_host (PDS_URISHORTENER) urlenco.de
-enlist_uri_host (PDS_URISHORTENER) urlg.info
-enlist_uri_host (PDS_URISHORTENER) urlhawk.com
-enlist_uri_host (PDS_URISHORTENER) urli.nl
-enlist_uri_host (PDS_URISHORTENER) urlin.it
-enlist_uri_host (PDS_URISHORTENER) urlkiss.com
-enlist_uri_host (PDS_URISHORTENER) urloo.com
-enlist_uri_host (PDS_URISHORTENER) urlpire.com
-enlist_uri_host (PDS_URISHORTENER) urls.im
-enlist_uri_host (PDS_URISHORTENER) urlshorteningservicefortwitter.com
-enlist_uri_host (PDS_URISHORTENER) urltea.com
-enlist_uri_host (PDS_URISHORTENER) urlu.ms
-enlist_uri_host (PDS_URISHORTENER) urlvi.b
-enlist_uri_host (PDS_URISHORTENER) urlvi.be
-enlist_uri_host (PDS_URISHORTENER) urlx.ie
-enlist_uri_host (PDS_URISHORTENER) urlz.at
-enlist_uri_host (PDS_URISHORTENER) urlzen.com
-enlist_uri_host (PDS_URISHORTENER) usat.ly
-enlist_uri_host (PDS_URISHORTENER) use.my
-enlist_uri_host (PDS_URISHORTENER) uservoice.com
-enlist_uri_host (PDS_URISHORTENER) ustre.am
-enlist_uri_host (PDS_URISHORTENER) vado.it
-enlist_uri_host (PDS_URISHORTENER) vb.ly
-enlist_uri_host (PDS_URISHORTENER) vdirect.com
-enlist_uri_host (PDS_URISHORTENER) vgn.am
-enlist_uri_host (PDS_URISHORTENER) vi.ly
-enlist_uri_host (PDS_URISHORTENER) viigo.im
-enlist_uri_host (PDS_URISHORTENER) virl.com
-enlist_uri_host (PDS_URISHORTENER) vl.am
-enlist_uri_host (PDS_URISHORTENER) vm.lc
-enlist_uri_host (PDS_URISHORTENER) voizle.com
-enlist_uri_host (PDS_URISHORTENER) vtc.es
-enlist_uri_host (PDS_URISHORTENER) w0r.me
-enlist_uri_host (PDS_URISHORTENER) w33.us
-enlist_uri_host (PDS_URISHORTENER) w34.us
-enlist_uri_host (PDS_URISHORTENER) w3t.org
-enlist_uri_host (PDS_URISHORTENER) w55.de
-enlist_uri_host (PDS_URISHORTENER) wa9.la
-enlist_uri_host (PDS_URISHORTENER) wapo.st
-enlist_uri_host (PDS_URISHORTENER) wapurl.co.uk
-enlist_uri_host (PDS_URISHORTENER) webalias.com
-enlist_uri_host (PDS_URISHORTENER) welcome.to
-enlist_uri_host (PDS_URISHORTENER) wh.gov
-enlist_uri_host (PDS_URISHORTENER) widg.me
-enlist_uri_host (PDS_URISHORTENER) wipi.es
-enlist_uri_host (PDS_URISHORTENER) wkrg.com
-enlist_uri_host (PDS_URISHORTENER) woo.ly
-enlist_uri_host (PDS_URISHORTENER) wp.me
-enlist_uri_host (PDS_URISHORTENER) x.co
-enlist_uri_host (PDS_URISHORTENER) x.hypem.com
-enlist_uri_host (PDS_URISHORTENER) x.se
-enlist_uri_host (PDS_URISHORTENER) x.vu
-enlist_uri_host (PDS_URISHORTENER) xeeurl.com
-enlist_uri_host (PDS_URISHORTENER) xil.in
-enlist_uri_host (PDS_URISHORTENER) xlurl.de
-enlist_uri_host (PDS_URISHORTENER) xn--1ci.ws
-enlist_uri_host (PDS_URISHORTENER) xn--3fi.ws
-enlist_uri_host (PDS_URISHORTENER) xn--5gi.ws
-enlist_uri_host (PDS_URISHORTENER) xn--9gi.ws
-enlist_uri_host (PDS_URISHORTENER) xn--bih.ws
-enlist_uri_host (PDS_URISHORTENER) xn--cwg.ws
-enlist_uri_host (PDS_URISHORTENER) xn--egi.ws
-enlist_uri_host (PDS_URISHORTENER) xn--fwg.ws
-enlist_uri_host (PDS_URISHORTENER) xn--hgi.ws
-enlist_uri_host (PDS_URISHORTENER) xn--l3h.ws
-enlist_uri_host (PDS_URISHORTENER) xn--odi.ws
-enlist_uri_host (PDS_URISHORTENER) xn--ogi.ws
-enlist_uri_host (PDS_URISHORTENER) xn--rei.ws
-enlist_uri_host (PDS_URISHORTENER) xn--vgi.ws
-enlist_uri_host (PDS_URISHORTENER) xr.com
-enlist_uri_host (PDS_URISHORTENER) xrl.in
-enlist_uri_host (PDS_URISHORTENER) xrl.us
-enlist_uri_host (PDS_URISHORTENER) xrt.me
-enlist_uri_host (PDS_URISHORTENER) xurl.es
-enlist_uri_host (PDS_URISHORTENER) xurl.jp
-enlist_uri_host (PDS_URISHORTENER) xxsurl.de
-enlist_uri_host (PDS_URISHORTENER) xzb.cc
-enlist_uri_host (PDS_URISHORTENER) y.ahoo.it
-enlist_uri_host (PDS_URISHORTENER) yatuc.com
-enlist_uri_host (PDS_URISHORTENER) ye-s.com
-enlist_uri_host (PDS_URISHORTENER) ye.pe
-enlist_uri_host (PDS_URISHORTENER) yep.it
-enlist_uri_host (PDS_URISHORTENER) yfrog.com
-enlist_uri_host (PDS_URISHORTENER) yhoo.it
-enlist_uri_host (PDS_URISHORTENER) yiyd.com
-enlist_uri_host (PDS_URISHORTENER) yuarel.com
-enlist_uri_host (PDS_URISHORTENER) z.pe
-enlist_uri_host (PDS_URISHORTENER) z0p.de
-enlist_uri_host (PDS_URISHORTENER) zapt.in
-enlist_uri_host (PDS_URISHORTENER) zi.ma
-enlist_uri_host (PDS_URISHORTENER) zi.me
-enlist_uri_host (PDS_URISHORTENER) zi.mu
-enlist_uri_host (PDS_URISHORTENER) zi.pe
-enlist_uri_host (PDS_URISHORTENER) zip.li
-enlist_uri_host (PDS_URISHORTENER) zipmyurl.com
-enlist_uri_host (PDS_URISHORTENER) zite.to
-enlist_uri_host (PDS_URISHORTENER) zootit.com
-enlist_uri_host (PDS_URISHORTENER) zud.me
-enlist_uri_host (PDS_URISHORTENER) zurl.ws
-enlist_uri_host (PDS_URISHORTENER) zz.gd
-enlist_uri_host (PDS_URISHORTENER) zzang.kr
-enlist_uri_host (PDS_URISHORTENER) t.ly
-enlist_uri_host (PDS_URISHORTENER) wow.link
-enlist_uri_host (PDS_URISHORTENER) twixar.me
-enlist_uri_host (PDS_URISHORTENER) lnk.cm
-enlist_uri_host (PDS_URISHORTENER) rb.gy
-enlist_uri_host (PDS_URISHORTENER) gplinks.in
-enlist_uri_host (PDS_URISHORTENER) utfg.sk
-enlist_uri_host (PDS_URISHORTENER) um.lk
-enlist_uri_host (PDS_URISHORTENER) xn--vi8hiv.ws
-enlist_uri_host (PDS_URISHORTENER) ouo.io
-enlist_uri_host (PDS_URISHORTENER) mmo.tc
-enlist_uri_host (PDS_URISHORTENER) pvp.tc
-enlist_uri_host (PDS_URISHORTENER) ko.tc
-enlist_uri_host (PDS_URISHORTENER) m2.tc
-enlist_uri_host (PDS_URISHORTENER) sro.tc
-enlist_uri_host (PDS_URISHORTENER) heg.tc
-enlist_uri_host (PDS_URISHORTENER) fn.tc
-enlist_uri_host (PDS_URISHORTENER) lol.tc
-enlist_uri_host (PDS_URISHORTENER) tek.link
-enlist_uri_host (PDS_URISHORTENER) tr.im
-enlist_uri_host (PDS_URISHORTENER) cutwin.biz
-enlist_uri_host (PDS_URISHORTENER) urlzs.com
-enlist_uri_host (PDS_URISHORTENER) qqc.co
-enlist_uri_host (PDS_URISHORTENER) yyv.co
-enlist_uri_host (PDS_URISHORTENER) erq.io
-enlist_uri_host (PDS_URISHORTENER) yko.io
-enlist_uri_host (PDS_URISHORTENER) poweredbysecurity.online
-enlist_uri_host (PDS_URISHORTENER) poweredbysecurity.org
-enlist_uri_host (PDS_URISHORTENER) poweredbydialup.online
-enlist_uri_host (PDS_URISHORTENER) poweredbydialup.club
-enlist_uri_host (PDS_URISHORTENER) canadianlumberjacks.online
-enlist_uri_host (PDS_URISHORTENER) canadianlumberjacks.club
-enlist_uri_host (PDS_URISHORTENER) packetlivesmatter.online
-enlist_uri_host (PDS_URISHORTENER) packetlivesmatter.club
-enlist_uri_host (PDS_URISHORTENER) amishprincess.com
-enlist_uri_host (PDS_URISHORTENER) poweredbydialup.org
-enlist_uri_host (PDS_URISHORTENER) amishdatacenter.com
-enlist_uri_host (PDS_URISHORTENER) youtubeshort.pro
-enlist_uri_host (PDS_URISHORTENER) catsnthing.com
-enlist_uri_host (PDS_URISHORTENER) youtubeshort.watch
-enlist_uri_host (PDS_URISHORTENER) yourtube.site
-enlist_uri_host (PDS_URISHORTENER) catsnthings.fun
-enlist_uri_host (PDS_URISHORTENER) curiouscat.club
-enlist_uri_host (PDS_URISHORTENER) crabrave.pw
-enlist_uri_host (PDS_URISHORTENER) fortnitechat.site
-enlist_uri_host (PDS_URISHORTENER) fortnight.space
-enlist_uri_host (PDS_URISHORTENER) disçordapp.com
-enlist_uri_host (PDS_URISHORTENER) freegiftcards.co
-enlist_uri_host (PDS_URISHORTENER) minecräft.com
-enlist_uri_host (PDS_URISHORTENER) stopify.co
-enlist_uri_host (PDS_URISHORTENER) spottyfly.com
-enlist_uri_host (PDS_URISHORTENER) bmwforum.co
-enlist_uri_host (PDS_URISHORTENER) grabify.link
-enlist_uri_host (PDS_URISHORTENER) joinmy.site
-enlist_uri_host (PDS_URISHORTENER) youshouldclick.us
 reuse    T_PDS_SHORTFWD_URISHRT
 endif
 endif
@@ -7223,7 +6391,7 @@ reuse    T_SHORT_BODY_QUOTE
 reuse    T_BODY_QUOTE_MALF_MSGID
 reuse    SPOOFED_FREEMAIL_NO_RDNS
 reuse    T_PDS_URI_HIDDEN_HELO_NO_DOMAIN
-reuse    PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE
+reuse    T_PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE
 reuse    T_PDS_TONAME_EQ_TOLOCAL_SHORT
 reuse    PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE
 reuse    T_PDS_TONAME_EQ_TOLOCAL_VSHORT
@@ -7446,16 +6614,8 @@ body     __AUTO_ACCIDENT     /auto(?:mobile)? accident/i
 
 header __AXB_MO_OL_024C2  X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2600\.0000/
 
-header __AXB_MO_OL_1ECD5  X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2800\.1081/
-
-header          __AXB_MO_OL_2600  X-MimeOLE =~ /Produced\ By\ Microsoft\ MimeOLE\ V6\.00\.2600\.0000/
-
 header __AXB_XM_OL_024C2  X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2600\.0000/
 
-header __AXB_XM_OL_1ECD5  X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2800\.1081/
-
-header          __AXB_XM_OL_2600  X-Mailer =~ /Microsoft\ Outlook\ Express\ 6\.00\.2600\.0000/
-
 body     __BACK_SCRATCH   /\bmutual+y?\s(?:benefi(?:t|cial)|interest)\b/i
 
 body     __BANK_DRAFT     /\bbank\sdraft/i
@@ -7499,10 +6659,6 @@ meta       __BITCOIN_WFH_01            __BITCOIN && __WFH_01
 
 meta           __BITCOIN_XPRIO      __XPRIO && (__BITCOIN || __BITCOIN_ID)
 
-meta        __BODY_SINGLE_URI     (__BODY_SINGLE_WORD && __HAS_ANY_URI)
-
-meta        __BODY_SINGLE_WORD    __BODY_TEXT_LINE < 3 && !__EMPTY_BODY && !__SMIME_MESSAGE && ((__SINGLE_WORD_LINE && !__SINGLE_WORD_SUBJ) || __SINGLE_WORD_LINE > 1)
-
 body __BODY_STARTS_WITH_FROM_LINE /^From \S+ \S\S\S \S\S\S .. ..:..:.. \S+\s+\S+\: /s
 
 body        __BODY_TEXT_LINE     /^\s*\S/
@@ -7510,8 +6666,6 @@ tflags      __BODY_TEXT_LINE     multiple maxhits=3
 
 meta        __BODY_URI_ONLY      __BODY_TEXT_LINE < 3 && __HAS_ANY_URI && !__SMIME_MESSAGE
 
-body           __BODY_XHTML             /<x-html>/i
-
 if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
   full       __BOGUS_MIME_HDR            /\bContent-[XYZ]-[a-z]{6,15}:\s+[a-z]{6,15}\b/
   tflags     __BOGUS_MIME_HDR            multiple maxhits=8
@@ -7566,6 +6720,8 @@ body     __CONTACT_YOU    /\b(?:contact(?:ing)\syou|vous\scontacter?)\b/i
 
 rawbody    __CONTENT_AFTER_HTML        /<\/html>\s*[a-z0-9]/i
 
+body     __COPY_PASTE_DE      /Kopieren Sie es und f(?:\xfc|\xc3\xbc)gen Sie es ein|Kopieren \& Einf(?:\xfc|\xc3\xbc)gen/i
+
 if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
   body     __COPY_PASTE_EN    /Copy (and|\+|\&) paste/i
 endif
@@ -7574,6 +6730,16 @@ ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
   body     __COPY_PASTE_EN    /<C><O><P><Y> (?:<A><N><D>|\+|\&) <P><A><S><T><E>/i
 endif
 
+body     __COPY_PASTE_ES      /copiarlo y pegarlo/i
+
+body     __COPY_PASTE_FR      /le copier (et le|\+) coller/i
+
+body     __COPY_PASTE_IT      /copia(r?)lo (e|\&) incolla(r?)lo/i
+
+body     __COPY_PASTE_NL      /kopieer en plak het/i
+
+body     __COPY_PASTE_SE      /kopiera den och klistra in/i
+
 body     __COURIER        /\bcourier\s(?:company|service)\b/i
 
 header      __CR_IN_SUBJ      Subject:raw =~ /\015/
@@ -7800,8 +6966,6 @@ meta        __EMPTY_BODY         __BODY_TEXT_LINE < 2 && !__SMIME_MESSAGE
 
 body           __END_FUTURE_EMAILS /\b(?:end|stop(?! receiving these (?:alerts|emails))|cease|discontinue|removed?|(?:do(?! not wish to receive [\w\s]{0,20}emails)|would|you(?:'d)?) (?:not (?:wish|want|like|desire)|(?:prefer|wish|want|like|desire) not) to|exclude yourself|fore?go)[- ](?:get |receiv(?:ing|e) |or |(?:a-z{1,30} ){0,4}from )?(?:these|our|(?:any )?(?:future|further)) (?:(?:e|ad)?-?m(?:ail(?:ing)?|es+[age]{3})|alert|PSA|marketing|notice)[- ]?(?:ad|update)?s?\b/i
 
-header     __ENVFROM_AMAZONSES         EnvelopeFrom =~ /\@amazonses\.com$/
-
 header     __ENVFROM_GOOG_TRIX         EnvelopeFrom =~ /(?:@|=)trix\.bounces\.google\.com(?:$|=)/
 
 meta       __ENVFROM_GOOG_TRIX_SPAMMY  __ENVFROM_GOOG_TRIX && (__GOOGLE_DOC_SUSP || FREEMAIL_REPLYTO_END_DIGIT || __ADVANCE_FEE_2_NEW || FORGED_GMAIL_RCVD || LOTS_OF_MONEY || __HAS_X_SOURCE_DIR )
@@ -8179,16 +7343,6 @@ header __FROM_ALL_HEX	    From:addr =~ /^(?!(?:19|20)\d\d[01]\d[0-3]\d)(?![0-9a-
 
 header         __FROM_ALL_NUMS      From:addr =~ /^\d+@/
 
-header      __FROM_AMEX          From =~ /american\s?express/i
-
-header      __FROM_ASB_BANK      From:addr =~ /\basb\.co\.nz$/i
-
-header      __FROM_BANK_LOOSE    From =~ /ban(?:k|co)/i
-
-header      __FROM_CHASE         From:addr =~ /chase(?:2?-?paymentech)\.com$/i
-
-header      __FROM_CMNWLTH_BANK  From:addr =~ /\bcommonwealth\.com\.au$/i
-
 header	 __FROM_DNS		From =~ /(?<![^\w.-])dns(?:admin)?\@/i
 
 meta        __FROM_DOM_ADMIN     __FROM_ADMIN && __PDS_FROM_NAME_TO_DOMAIN
@@ -8197,8 +7351,6 @@ header      __FROM_DOM_INFO    From:addr =~ /\.info$/i
 
 header __FROM_EBAY	From:addr =~ /\@ebay\.com$/i
 
-header      __FROM_EBAY_LOOSE    From =~ /\be-?bay\b/i
-
 header         __FROM_EQ_ORG_1       ALL =~ /\nFrom: "?([^\n]+)"? <[^>]+>\n.*Organization: \1\n/ism
 
 ifplugin Mail::SpamAssassin::Plugin::FreeMail
@@ -8234,12 +7386,8 @@ endif
 header	 __FROM_FULL_NAME	From:name =~ /^[^a-z[:punct:][:cntrl:]\d\s][^[:punct:][:cntrl:]\d\s]*[[:punct:]\s]+[^a-z[:punct:][:cntrl:]\d\s]/
 tflags	 __FROM_FULL_NAME	nice
 
-header      __FROM_HSBC          From:addr =~ /\bhsbc\.co\.uk$/i
-
 header	 __FROM_INFO		From =~ /(?<![^\w.-])info\@/i
 
-header      __FROM_LLOYDSTSB     From:addr =~ /\blloyds(?:tsb)\.(?:co\.uk|com)$/i
-
 header      __FROM_LOWER       ALL =~ /from:\s\S{5}/
 
 header         __FROM_MISSPACED      From =~ /^\s*"[^"]*"</
@@ -8254,8 +7402,6 @@ ifplugin Mail::SpamAssassin::Plugin::FreeMail
   meta         __FROM_MISSP_FREEMAIL __FROM_RUNON && (FREEMAIL_FROM || FREEMAIL_REPLYTO)
 endif
 
-meta        __FROM_MISSP_PHISH   __FROM_MISSPACED && (__FROM_ASB_BANK || __FROM_AMEX || __FROM_BANK_LOOSE || __FROM_CHASE || __FROM_CMNWLTH_BANK || __FROM_EBAY_LOOSE || __FROM_HSBC || __FROM_LLOYDSTSB || __FROM_PAYPAL_LOOSE || __FROM_WELLSFARGO || __FROM_WESTERNUNION)
-
 meta           __FROM_MISSP_REPLYTO  __FROM_RUNON && __HAS_REPLY_TO
 
 if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
@@ -8266,8 +7412,6 @@ if can(Mail::SpamAssassin::Conf::perl_min_version_5010000)
   meta       __FROM_MULTI_SHORT_IMG   __PDS_FROM_2_EMAILS && (HTML_IMAGE_ONLY_16 || HTML_SHORT_LINK_IMG_2 || __HTML_IMG_ONLY)
 endif
 
-header     __FROM_NAME_AMAZONCOM       From:name =~ /\bamazon\.com\b/i
-
 header     __FROM_NAME_APPLECOM        From:name =~ /\bapple\.com\b/i
 
 header     __FROM_NAME_EBAYCOM         From:name =~ /\bebay\.com\b/i
@@ -8278,18 +7422,12 @@ header     __FROM_NAME_PAYPALCOM       From:name =~ /\bpaypal\.com\b/i
 
 header __FROM_PAYPAL	From:addr =~ /\@paypal\.com$/i
 
-header      __FROM_PAYPAL_LOOSE  From =~ /paypal/i
-
 header         __FROM_RUNON          From =~ /\S+<\w+/
 
 header         __FROM_RUNON_UNCODED  From:raw =~ /\S+(?<!\?=)<\w+/
 
 header __FROM_WEB_DAEMON From:addr =~ /(?:apache|www|web|tomcat|\biis\b).*\@/i
 
-header      __FROM_WELLSFARGO    From:addr =~ /wellsfargo\.com$/i
-
-header      __FROM_WESTERNUNION  From:addr =~ /westernunion\.com$/i
-
 header     __FROM_WORDY                From:addr =~ /^(?:(?:[A-Z][A-Za-z]+|or|&)\.)+[A-Z][A-Za-z]+\@/
 
 if !plugin(Mail::SpamAssassin::Plugin::ReplaceTags)
@@ -8340,8 +7478,6 @@ ifplugin Mail::SpamAssassin::Plugin::ReplaceTags
   header        __FUZZY_WELLSFARGO_FROM  From:name =~ /(?=<W>)(?!Wells[-\s]?Fargo)<W><E><L><L><S>[-\s]?<F><A><R><G><O>/i
 endif
 
-meta        __GAPPY_LOW_CONTRAST  HTML_FONT_LOW_CONTRAST && __GAPPY_SUBJECT 
-
 if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
   body       __GAPPY_SALES_LEADS         /\b(?:business|e?-?mail|your|marketing|advertising)\s(?!sales|leads|campaign)(?:s\s?a\s?l\s?e\s?s|l\s?e\s?a\s?d\s?s|c\s?a\s?m\s?p\s?a\s?i\s?g\s?n)\b/i
   tflags     __GAPPY_SALES_LEADS         multiple maxhits=3
@@ -8351,9 +7487,58 @@ if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
   meta       __GAPPY_SALES_LEADS_MANY    __GAPPY_SALES_LEADS > 2
 endif
 
+meta     __GB_BITCOIN_CP_DE   ( __BITCOIN_ID && !__URL_BTC_ID && __COPY_PASTE_DE )
+describe __GB_BITCOIN_CP_DE   German Bitcoin scam
+
+meta     __GB_BITCOIN_CP_EN   ( __BITCOIN_ID && !__URL_BTC_ID && __COPY_PASTE_EN )
+describe __GB_BITCOIN_CP_EN   English Bitcoin scam
+
+meta     __GB_BITCOIN_CP_ES   ( __BITCOIN_ID && !__URL_BTC_ID && __COPY_PASTE_ES )
+describe __GB_BITCOIN_CP_ES   Spanish Bitcoin scam
+
+meta     __GB_BITCOIN_CP_FR   ( __BITCOIN_ID && !__URL_BTC_ID && __COPY_PASTE_FR )
+describe __GB_BITCOIN_CP_FR   French Bitcoin scam
+
+meta     __GB_BITCOIN_CP_IT   ( __BITCOIN_ID && !__URL_BTC_ID && __COPY_PASTE_IT )
+describe __GB_BITCOIN_CP_IT   Italian Bitcoin scam
+
+meta     __GB_BITCOIN_CP_NL   ( __BITCOIN_ID && !__URL_BTC_ID && __COPY_PASTE_NL )
+describe __GB_BITCOIN_CP_NL   Dutch Bitcoin scam
+
+meta     __GB_BITCOIN_CP_SE   ( __BITCOIN_ID && !__URL_BTC_ID && __COPY_PASTE_SE )
+describe __GB_BITCOIN_CP_SE   Swedish Bitcoin scam
+
+if (version >= 4.000000)
+if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+  uri           __GB_CUSTOM_HTM_URI0    m;^https?://.{10,128}(?:\.html?|\.php|\/)(?:\#|\?&e=)%{GB_TO_ADDR};i
+endif
+endif
+
+if (version >= 4.000000)
+if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+  uri           __GB_CUSTOM_HTM_URI1    m|^https?://.{10,64}\=https?://.{4,64}\#%{GB_TO_ADDR}|i
+endif
+endif
+
+if (version >= 4.000000)
+if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+  uri           __GB_CUSTOM_HTM_URI2    m;^https?://.{10,256}(?:\/\?)?(?:email=|wapp\#)%{GB_TO_ADDR};i
+endif
+endif
+
+if (version >= 4.000000)
+if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+  uri           __GB_DRUPAL_URI         m|^https?://.{10,64}/default/files/(?:\@)?\#%{GB_TO_ADDR}|i
+endif
+endif
+
 header     __GB_FAKE_RF                  Subject =~ /(Fw|Re)\:{1,2}[\W+]/i
 
-meta       __GDRIVE_IMG_NOT_RCVD_GOOG  __URI_IMG_GDRIVE && !__HDR_RCVD_GOOGLE
+if (version >= 4.000000)
+if can(Mail::SpamAssassin::Conf::feature_capture_rules)
+  header        __GB_TO_ADDR            To:addr =~ /(?<GB_TO_ADDR>.*)/
+endif
+endif
 
 body     __GHANA          /\bghana\b/i
 
@@ -8381,8 +7566,6 @@ meta       __GOOG_STO_IMG_NOHTML      __URI_GOOG_STO_IMG && !__URI_GOOG_STO_HTML
 
 meta       __GOOG_STO_NOIMG_HTML      !__URI_GOOG_STO_IMG && __URI_GOOG_STO_HTML
 
-meta       __GPHOTO_IMG_NOT_RCVD_GOOG  __URI_IMG_GPHOTO && !__HDR_RCVD_GOOGLE
-
 body __HAS_ANY_EMAIL /\w@\S+\.\w/
 
 uri __HAS_ANY_URI   /^\w+:\/\//
@@ -8577,7 +7760,7 @@ if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
 endif
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __HTML_ATTACH_01    Content-Type =~ m,\btext/html\b.+\.html?\b,i
+  mimeheader   __HTML_ATTACH_01    Content-Type =~ m,\btext/html\b.+\.s?html?\b,i
 endif
 
 if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
@@ -8585,7 +7768,7 @@ if !plugin(Mail::SpamAssassin::Plugin::MIMEHeader)
 endif
 
 ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
-  mimeheader   __HTML_ATTACH_02    Content-Disposition =~ m,\bfilename="?[^"]+\.html?\b,i
+  mimeheader   __HTML_ATTACH_02    Content-Disposition =~ m,\bfilename="?[^"]+\.s?html?\b,i
 endif
 
 rawbody    __HTML_ENTITY_ASCII         /(?:&\#(?:(?:\d{1,2}|1[01]\d|12[0-7])|x[0-7][0-9a-f])\s{0,64};\s{0,64}){10}/i
@@ -8809,8 +7992,6 @@ tflags      __LOCK_MAILBOX       multiple maxhits=2
 
 full     __LONGLINE	/^[^\r\n]{998}/m
 
-meta        __LONGLN_LOW_CONTRAST HTML_FONT_LOW_CONTRAST && __LONGLINE
-
 rawbody   __LONG_INVIS_DIV              /<div\s+style\s*=\s*"(?:(?<!-)visibility\s*:\s*hidden|display\s*:\s*none)\s*">[^<\s]{1400}/i
 
 if can(Mail::SpamAssassin::Conf::feature_bug6558_free)
@@ -8924,6 +8105,8 @@ rawbody __L_BODY_8BITS          /[\x80-\xff]/
 
 header __L_CTE_7BIT             Content-Transfer-Encoding =~ /^7bit$/
 
+header __L_CTE_8BIT             Content-Transfer-Encoding =~ /^8bit$/
+
 body        __MAILBOX_FULL       /\b(?:you(?:r (?:mail\s?box|(?:e-?|web ?)mail))? (?:is (?:almost )?full|quota is running low|(?:quota )?ha(?:s|ve) (?:reached|exceeded|passed) (?:the|your|it'?s?) (?:university )?(?:size|storage|set|(?:e-?|web ?)mail|quota|folder|mail ?box)[\/\s](?:limit |quota |account )+)|over your mail\s?box (?:size )?(?:limit|quota)|maximum mail\s?box (?:size )?(?:limit|quota) exceeded|sua (?:conta|caixa) de (?:(?:e-?|web ?)mail|correio) (?:excedeu (?:sua|o) limite|est(?:=E1|[\xe1]|[\xc3][\xa1]) quase cheio))\b/i
 
 body        __MAILBOX_FULL_SE    /(?:\b=F6|[\xf6]|[\xc3][\xb6])verskridit gr(?:=E4|[\xe4]|[\xc3][\xa4])nsen f(?:=F6|[\xf6]|[\xc3][\xb6])r din postl(?:=E5|[\xe5]|[\xc3][\xa5])da\b/i
@@ -9047,6 +8230,8 @@ body           __MONERO_CURNCY  /Monero \(XMR\)/
 
 body           __MONERO_ID      /\b4[0-9AB][1-9A-HJ-NP-Za-km-z]{93,104}\b/
 
+meta     __MONEY_ATM_CARD LOTS_OF_MONEY && __ATM_CARD
+
 meta     __MONEY_FORM        LOTS_OF_MONEY && __FILL_THIS_FORM
 
 meta     __MONEY_FORM_SHORT  LOTS_OF_MONEY && __FILL_THIS_FORM_SHORT
@@ -9079,8 +8264,6 @@ tflags __MSGID_JAVAMAIL	nice
 header	 __MSGID_LIST	Message-ID =~ /-\w+\#[\w.]+\.\w{2,4}\@/
 tflags	 __MSGID_LIST	nice
 
-header   __MSGID_NOFQDN1  Message-ID =~ /<[^\@]*>/m
-
 header   __MSGID_NOFQDN2  Message-ID =~ /<.*\@[A-Za-z0-9]+>/m
 
 meta        __MSMAIL_PRI_ABNORMAL      __HAS_MSMAIL_PRI && !__MSMAIL_PRI_NORMAL
@@ -9127,6 +8310,10 @@ header __NAME_EQ_EMAIL	From:raw =~ /([\w+.-]+\@[\w.-]+\.\w\w+)["'`\s]*<\s*\1>/i
 
 header __NAME_IS_EMAIL	From:raw =~ /\w\@[\w.-]+\.\w\w+["'`]*\s*<\w+\@\w/
 
+body     __NEVER_HEAR_EN      /(never hear me again|destroy all your secrets|not bother you again|leave you alone)/i
+
+body     __NEVER_HEAR_IT      /eliminare tutti i tuoi segreti|Ti garantisco che non ti disturbe/i
+
 meta       __NEWEGG_IMG_NOT_RCVD_NEGG  __URI_IMG_NEWEGG && !__HDR_RCVD_NEWEGG
 
 body       __NEW_PRODUCTS              /\bhere are new products|\b(?:Our company|we) (?:has |have )?(?:(?:recently|just|newly) (?:introduce|release|launche)[ds](?: a| our| the)? (?:new|(?:\w+\s){1,5}below)|a new (?!cat\s|kitten\s|dog\s|puppy\s|pet\s|baby\s|child\s|boy\s|girl\s)(?:\w+\s){1,5} here)|recently,? our company (?:launch|releas)ed|\bI want to recommend a new (?:\w+ ){1,5}(?:we|our)\b|latest version of our (?:stock|product)|\b(?:our|a) new (?:\w+ ){1,3}has (?:recently|just) been released/i
@@ -9135,8 +8322,6 @@ body     __NEXT_OF_KIN    /\bnext[-\s]of[-\s]kin\b/i
 
 body     __NIGERIA        /\bnigeria\b/i
 
-meta        __NORDNS_LOW_CONTRAST HTML_FONT_LOW_CONTRAST && __RDNS_NONE
-
 meta	 __NOT_A_PERSON	__VACATION || ANY_BOUNCE_MESSAGE || __CHALLENGE_RESPONSE || __VIA_ML || __DOS_HAS_LIST_UNSUB || __SENDER_BOT || __UNSUB_LINK || __UNSUB_EMAIL || __MSGID_LIST || __SUBSCRIPTION_INFO
 tflags	 __NOT_A_PERSON	nice
 
@@ -9402,10 +8587,6 @@ body     __PDS_OFFER_ONLY_AMERICA /This offer (?:is )?(?:only )?for (United Stat
 endif
 endif
 
-header   __PDS_PHP_EVAL1 X-PHP-Originating-Script =~ /eval..'d code/i
-
-header   __PDS_PHP_EVAL2 X-PHP-Originating-Script =~ /runtime-created function/
-
 if !plugin(Mail::SpamAssassin::Plugin::MIMEEval)
   meta    __PDS_QP_1024 0
 endif
@@ -9460,7 +8641,7 @@ endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     __PDS_SHORT_URL __SHORT_URL && !__URL_SHORTENER && !__PDS_URISHORTENER && !ALL_TRUSTED
+meta     __PDS_SHORT_URL __SHORT_URL && !__URL_SHORTENER && !ALL_TRUSTED
 endif
 endif
 
@@ -9484,26 +8665,16 @@ endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-meta     __PDS_TO_SUBJ_URISHRT __TO_IN_SUBJ && (__PDS_URISHORTENER || __URL_SHORTENER) && __PDS_MSG_1024
+meta     __PDS_TO_SUBJ_URISHRT __TO_IN_SUBJ && __URL_SHORTENER && __PDS_MSG_1024
 endif
 endif
 
 ifplugin Mail::SpamAssassin::Plugin::WLBLEval
 if (version >= 3.004000)
-header   __PDS_URISHORTENER eval:check_uri_host_listed('PDS_URISHORTENER')
+meta     __PDS_URISHORTENER __URL_SHORTENER
 endif
 endif
 
-header   __PDS_X_PHP_WELLKNOWN   X-PHP-Script =~ m;/\.well-known/;
-
-header   __PDS_X_PHP_WPADMIN    X-PHP-Script =~ m;/wp-admin/(?:css|themes|js|images|user|maint)/[\S]+\.php for;i
-
-header   __PDS_X_PHP_WPCONTENT  X-PHP-Script =~ m;/wp-content/(?:themes|uploads)/[\S]+\.php for;i
-
-header   __PDS_X_PHP_WPINCLUDES X-PHP-Script =~ m;/wp-includes/(?:css|fonts|js|pomo|Text|theme-compat)/[\S]+\.php for;i
-
-header   __PDS_X_PHP_WPJS       X-PHP-Script =~ m;/js/[\S]+\.php for;i
-
 meta        __PD_CNT_1        (__PUMPDUMP_01+__PUMPDUMP_02+__PUMPDUMP_03+__PUMPDUMP_04+__PUMPDUMP_05+__PUMPDUMP_06+__PUMPDUMP_07+__PUMPDUMP_08+__PUMPDUMP_09+__PUMPDUMP_10) > 0
 
 body        __PENDING_MESSAGES   /\b(?:messages pending|(?:your|\d+[\])}]?) (?:pending|un(?:delivered|received)) (?:messages|e?-?mails))\b/i
@@ -9535,8 +8706,6 @@ header  __PHP_MUA_2           X-Mailer =~ /^PHP\d$/
 
 header  __PHP_NOVER_MUA       X-Mailer =~ /^PHP$/
 
-header     __PHP_ORIG_SCRIPT_EVAL      X-PHP-Originating-Script =~ /\beval\b.*\bcode\b/i
-
 meta       __PHP_ORIG_SCRIPT_SONLY     __HAS_PHP_ORIG_SCRIPT && (__TVD_SPACE_RATIO || __SINGLE_WORD_SUBJ || __OBFUSCATING_COMMENT_B)
 
 if !(can(Mail::SpamAssassin::Conf::feature_bug6558_free))
@@ -9663,16 +8832,16 @@ header   __REPLYTO_ADDRLIST_SUSPNTLD eval:check_replyto_in_list('SUSP_NTLD')
 endif
 endif
 
-header      __REPLYTO_NOREPLY          Reply-To =~ /\bno-?reply@/i
+header __REPTO_419_FRAUD_AOL_LOOSE Reply-To:addr =~ /^(?=[^\s<>@]+\@aol\.com)(?:(?:a(?:f\.|ljaber)|c(?:hanprivacy|laimdept|ristinabruno|ustom_service)|dhodgkins|evelynjoshua|f(?:d\.|ernandezfernandez)|george_clifford|hernandezrosemary|k\.doreen|l(?:erynnewest|ynnpage)|m(?:_l\.wanczyk|asayohara|rsjanetedwards)|officework|paulpollard|royalpalace|spwalker|usembassy|yurdaaytarkan))\d+\@aol\.com$/i
 
-header __REPTO_419_FRAUD_AOL_LOOSE Reply-To:addr =~ /^(?=[^\s<>@]+\@aol\.com)(?:(?:a(?:f\.|ljaber)|c(?:hanprivacy|laimdept|ristinabruno|ustom_service)|dhodgkins|evelynjoshua|f(?:d\.|ernandezfernandez)|george_clifford|hernandezrosemary|k\.doreen|lerynnewest|m_l\.wanczyk|officework|paulpollard|royalpalace|spwalker|usembassy|yurdaaytarkan))\d+\@aol\.com$/i
+header __REPTO_419_FRAUD_GM_LOOSE Reply-To:addr =~ /^(?=[^\s<>@]+\@gmail\.com)(?:(?:9porssts|a(?:\.wafager|b(?:dullahmundani|u(?:lkareem|shadi))|cecere|l(?:an\.austin|ex(?:anderpeterson|hoffman)|ghafrij|kasimunadi|l(?:enholden|isoncluade)|ure\.wawrenka)|m(?:bassadormarybethleonardl|ericadeliverycomapny|ina(?:ltwaijiri|medjahed))|n(?:dyfox|na(?:llee|sigurlaug))|office1office|radka|shwestwood|ustinbillmark|zi(?:m(?:\.hpremji|hashim(?:donation)?)|z(?:dake|george)))|b(?:a(?:nkcentralasiahalobca|r(?:bersmadar|risterlordruben|teld\.huisman))|bongo|e(?:alitoniua|linekra|n(?:ezero|gatl|jaminsarah))|ill\.lawrence|mwautomobile|oarddept|rendalaporte|uffettwarrene)|c(?:h(?:a(?:ngching|r(?:itylisajohnrobinson|l(?:esluenga|tonnewmanus)))|e(?:mchung|nchung))|iticonsultantjohncg|laxtonpaul|o(?:lombasjuan|ntactad)|rist(?:brun?|davis|ydavisdonation)|ustomerservicelacaixa)|d(?:a(?:nnuar|vi(?:d(?:\.loanfirm|larbi|pere|ramirez\.luis)|scarolyn|yax))|e(?:nnisclark|partmentofstate)|minique|ona(?:ldwilliam|tionhelpercare)|rdavidrhama|unsilva)|e(?:benezero|christina|l(?:i(?:bethgomez|sabethmaria|zabethedw)|o(?:diesawadogo|tocashoffice))|m(?:efieleg?|ilyrichmond)|re(?:nakgeorge|zcelic)|stherkatherine|wynn)|f(?:\.mikhail|a(?:ithdesrie|tme\.mehmed)|blott|irstbank|r(?:a(?:100dub|n(?:c(?:espatrickconnolly|iscamendoza)|k(?:jane|linpiesie)))|eelottosweepstake)|spero|ulanlan)|g(?:00gleggewinner|a(?:briel(?:eschmitt|kalia)|rciavincent)|bill|e(?:neralwilliamstony|orgekwame|raldjhjh)|iidp|l(?:enmoore|oriachow)|oo(?:golteam|oglegwiinner)|r(?:aceobia|e(?:ant|energeoffrey)))|h(?:a(?:r(?:gate|ryebert)|sh(?:imyreem|mireem))|e(?:atherbrooeke|ctor(?:castillos|scastillo)|lengiggs)|gold|ildad|o(?:nmackjohn|rnbeckmajordennis|seoky))|i(?:bed|mfdeputyoff|n(?:fo\.annedouglas|gridrolle)|smail(?:eman|tarkan))|j(?:a(?:mesokoh|vierlesme)|efferydean|o(?:edward|hn(?:griffn|r(?:awlings|oxfordjr)|sonwilson|uba|walterlove|a)|n(?:athanhaskel|hugo)|sephacevedo|vannyanderson)|rawlings|uliewatson)|k(?:a(?:l(?:iaksandr|tschmidtdavid)|malnizar|rabo\.ramala|t(?:jamess|rinaziako))|ennedy\.sawadogo|halidbuhazza|kasbu|rnkl|un(?:gwei|ioue))|l(?:a(?:rrytoms|ursent|wrencefoundation)|e(?:enasinghs|rynne(?:0west|west))|i(?:amfinchus|fecshortt|liane\.bettencourt|nelink|sa(?:milner|robin))|john|oughreymargaret|u(?:ckywinners|sba\.moored)|y(?:\.cheapiseth|diawright|n(?:\.arthur|cmba|nmkl)))|m(?:a(?:incare|jor(?:dennishornbeck|townsend)|lletman|n(?:duesq|fran|uelfranco(?:(?:donation|foundation|spende))?)|r(?:i(?:ahhills|opabl)|kroth|shalh|tinamayer|y(?:franson|josen))|urhinck|viswan(?:czyk(?:(?:foundation|k))?)?)|c\.cheadychang|dredban|elvidabullock|gfrederick|i(?:c(?:h(?:ael\.woosley|ealwuu)|w)|k(?:e\.weirsky\.foundational|hai(?:\.fridman|lfridm))|ss\.yasmineibrahim)|k(?:ent|untjoro)|oham(?:edabdul|m(?:daljililati|edshamekh))|r(?:\.(?:elbahi\.mohammed\.|justinmaxwell)|cjames|ericschmid|hanimuhammad|jamesmc|richardanthony|s(?:\.susanread|a(?:ishaalqadafi|ngela)|evelynbrown|fatimaamiraqureshi|hamima|jackman|maureens|r(?:obinsanders|uthsmith)|sarahbenjamin|victoriaedmond))|s(?:\.ellagolan|agent|golaan|smadar)|ustadris)|n(?:aomiiwasaki|eilt(?:rotter)?|icholas\.jose|obuyuki\.hirano)|o(?:\.peace|fficerricherd|hallkenneth|xfaminternationa)|p(?:aul(?:eed|n)|b(?:ph202lay|rookk)|e(?:rezdonlorenzo|ter(?:\.waddell|guggi|kenin|stephen))|hillip\.richead)|q(?:iquanzhou|nzeng)|r(?:a(?:kidy|lhashimi|ymondaba)|e(?:beccagarang|em(?:has(?:himy|m)|n)|plyback|v(?:\.jamesabel|fr(?:ankjackson|paulwilliams)))|icha(?:miller|rdw(?:ahl|illis))|o(?:b(?:erthanandez|inf)|naldmorris|s(?:a\.gomes|ekipkalya))|raya|t\.rev\.ericmark)|s(?:a(?:l(?:ehhussienconsult|imzaid)|rfiafarfask)|cottpeters|e(?:cretservicce|rgeantrobertbrown)|gt(?:\.monicab|ireneb)|h(?:anemissler|ery(?:\.gtl|etr)|inawatrathaksin)|im(?:lkheng|onhei)|op(?:adam|hiajesse)|peelman|t(?:anleyjohn|ephentam)|u(?:iyang|n\.hor|sanneklatten)|weeneyjohnson)|t(?:a(?:mmywebster|y(?:ebsouami|lorcathy))|erryparkins|h(?:ailandbankoffice|e(?:ara\.choy|odorosloannis))|imothymetheny|lyerdonald|o(?:m(?:ander|c(?:hrist|rist(?:(?:donation|foundation))?)|spende)|ny(?:\.chung|zimpro)|shikazusendo))|u(?:marukareem|n(?:claimedfunds|itednation(?:organization|s))|s(?:alotery|departmentofjustice))|v(?:anderwesthuizen|e(?:enapatel|r(?:a(?:aellen|hollinkvan)|enichekaterinaekaterina))|i(?:ctoriaabraham|dalpamela|ngut))|w(?:a(?:dp|hlr(?:ichard)?|nczykm|rrenebuffett)|hatsappofficial|i(?:elandherzog\.sw\.herad|ll(?:clark|iamsmartyrs))|u\.office|ww\.moneygram)|y(?:\.oguzhan|anghoseok|doo|ousefzongo)|z(?:bank|enithbankplconline|kiaslan|minhong)))\d+\@gmail\.com$/i
 
-header __REPTO_419_FRAUD_GM_LOOSE Reply-To:addr =~ /^(?=[^\s<>@]+\@gmail\.com)(?:(?:a(?:bu(?:lkareem|shadi)|cecere|l(?:an\.austin|ex(?:anderpeterson|hoffman)|ghafrij|kasimunadi|l(?:enholden|isoncluade)|ure\.wawrenka)|m(?:ericadeliverycomapny|ina(?:ltwaijiri|medjahed))|n(?:dyfox|na(?:llee|sigurlaug))|radka|shwestwood|zi(?:m(?:\.hpremji|hashim(?:donation)?)|z(?:dake|george)))|b(?:a(?:nkcentralasiahalobca|r(?:bersmadar|risterlordruben|teld\.huisman))|bongo|e(?:alitoniua|linekra|n(?:ezero|jaminsarah))|ill\.lawrence|mwautomobile|oarddept|rendalaporte|uffettwarrene)|c(?:h(?:a(?:ngching|r(?:itylisajohnrobinson|l(?:esluenga|tonnewmanus)))|e(?:mchung|nchung))|iticonsultantjohncg|laxtonpaul|o(?:lombasjuan|ntactad)|ristbrun?|ustomerservicelacaixa)|d(?:avi(?:d(?:\.loanfirm|larbi|pere|ramirez\.luis)|scarolyn|yax)|e(?:nnisclark|partmentofstate)|minique|ona(?:ldwilliam|tionhelpercare)|rdavidrhama|unsilva)|e(?:benezero|christina|l(?:i(?:bethgomez|sabethmaria|zabethedw)|otocashoffice)|m(?:efieleg?|ilyrichmond)|re(?:nakgeorge|zcelic)|stherkatherine|wynn)|f(?:\.mikhail|a(?:ithdesrie|tme\.mehmed)|blott|irstbank|r(?:a(?:100dub|n(?:c(?:espatrickconnolly|iscamendoza)|kjane))|eelottosweepstake)|spero|ulanlan)|g(?:00gleggewinner|abrielkalia|bill|e(?:neralwilliamstony|orgekwame|raldjhjh)|iidp|l(?:enmoore|oriachow)|oo(?:golteam|oglegwiinner)|r(?:aceobia|e(?:ant|energeoffrey)))|h(?:a(?:rryebert|sh(?:imyreem|mireem))|e(?:atherbrooeke|ctor(?:castillos|scastillo))|gold|ildad|o(?:nmackjohn|rnbeckmajordennis|seoky))|i(?:bed|ngridrolle|smailtarkan)|j(?:a(?:mesokoh|vierlesme)|efferydean|o(?:edward|hn(?:griffn|r(?:awlings|oxfordjr)|sonwilson|uba|walterlove|a)|n(?:athanhaskel|hugo)|sephacevedo)|rawlings)|k(?:a(?:malnizar|rabo\.ramala|t(?:jamess|rinaziako))|ennedy\.sawadogo|halidbuhazza|kasbu|rnkl|un(?:gwei|ioue))|l(?:a(?:rrytoms|ursent|wrencefoundation)|erynne(?:0west|west)|i(?:amfinchus|liane\.bettencourt|nelink)|john|oughreymargaret|u(?:ckywinners|sba\.moored)|y(?:\.cheapiseth|diawright|n(?:\.arthur|cmba|nmkl)))|m(?:a(?:incare|jor(?:dennishornbeck|townsend)|n(?:duesq|fran|uelfranco(?:foundation)?)|r(?:i(?:ahhills|opabl)|kroth|tinamayer|yfranson)|urhinck|viswan(?:czyk(?:(?:foundation|k))?)?)|c\.cheadychang|dredban|elvidabullock|gfrederick|i(?:c(?:h(?:ael\.woosley|ealwuu)|w)|khai(?:\.fridman|lfridm))|k(?:ent|untjoro)|ohamedabdul|r(?:\.justinmaxwell|cjames|hanimuhammad|jamesmc|richardanthony|s(?:\.susanread|a(?:ishaalqadafi|ngela)|fatimaamiraqureshi|hamima|jackman|maureens|r(?:obinsanders|uthsmith)|sarahbenjamin))|s(?:agent|golaan|smadar)|ustadris)|n(?:aomiiwasaki|eilt(?:rotter)?|obuyuki\.hirano)|o(?:\.peace|fficerricherd|hallkenneth)|p(?:aul(?:eed|n)|b(?:ph202lay|rookk)|eter(?:\.waddell|guggi|kenin|stephen)|hillip\.richead)|q(?:iquanzhou|nzeng)|r(?:a(?:kidy|lhashimi|ymondaba)|e(?:beccagarang|em(?:has(?:himy|m)|n)|plyback|v(?:\.jamesabel|frankjackson))|ichardw(?:ahl|illis)|o(?:berthanandez|naldmorris|s(?:a\.gomes|ekipkalya))|t\.rev\.ericmark)|s(?:a(?:l(?:ehhussienconsult|imzaid)|rfiafarfask)|cottpeters|e(?:cretservicce|rgeantrobertbrown)|gtireneb|h(?:anemissler|ery(?:\.gtl|etr)|inawatrathaksin)|imlkheng|op(?:adam|hiajesse)|peelman|tephentam|u(?:iyang|n\.hor|sanneklatten)|weeneyjohnson)|t(?:ay(?:ebsouami|lorcathy)|erryparkins|h(?:ailandbankoffice|e(?:ara\.choy|odorosloannis))|imothymetheny|lyerdonald|o(?:mc(?:hrist|rist(?:(?:donation|foundation))?)|ny(?:\.chung|zimpro)|shikazusendo))|u(?:marukareem|n(?:claimedfunds|itednation(?:organization|s))|sdepartmentofjustice)|v(?:anderwesthuizen|e(?:enapatel|r(?:a(?:aellen|hollinkvan)|enichekaterinaekaterina))|i(?:ctoriaabraham|dalpamela|ngut))|w(?:a(?:dp|hlr(?:ichard)?|nczykm|rrenebuffett)|i(?:elandherzog\.sw\.herad|ll(?:clark|iamsmartyrs))|u\.office|ww\.moneygram)|y(?:\.oguzhan|anghoseok|doo|ousefzongo)|z(?:enithbankplconline|kiaslan|minhong)))\d+\@gmail\.com$/i
-
-header __REPTO_419_FRAUD_YH_LOOSE Reply-To:addr =~ /^(?=[^\s<>@]+\@yahoo\.com)(?:(?:a(?:driantongson|lesiakalina|nnhester\.usa)|b(?:ank\.phbng|en(?:jaminb|nicholas)|riceangela)|c(?:\.aroline|h(?:arlesscharf|jackson)|juan|ythiamiller\.un)|dhamilton|ericalbert|federal\.r|j(?:a(?:ckson\.davis|netemoon)|kimyong)|k(?:elvinmark|im(?:\.leang|leang))|l(?:e(?:a_edem|hman)|isarobinson_|y_cheapiseth)|m(?:arie_avis|dzsesszika|elissalewis|o(?:hammedaahil|keye))|o(?:legkozyrev|mranshaalan)|peterlee|r(?:alphw(?:\.johnson|johnson)|o(?:bertbailey|serichard))|s(?:amthong|igurlauganna|leo|pwalker|tevecox\.)|tylerhess\.|vanserge|willclark|xianglongdai))\d+\@yahoo\.com$/i
+header __REPTO_419_FRAUD_YH_LOOSE Reply-To:addr =~ /^(?=[^\s<>@]+\@yahoo\.com)(?:(?:a(?:driantongson|ilmohammed|lesiakalina|nnhester\.usa)|b(?:ank\.phbng|en(?:jaminb|nicholas)|riceangela)|c(?:\.aroline|h(?:arlesscharf|jackson)|juan|ythiamiller\.un)|dhamilton|e(?:denvictor|ricalbert)|federal\.r|j(?:a(?:ckson\.davis|netemoon)|kimyong)|k(?:altschmidtdavid|elvinmark|im(?:\.leang|leang))|l(?:e(?:a_edem|hman)|isarobinson_|y_cheapiseth)|m(?:\.kogi|arie_avis|dzsesszika|elissalewis|o(?:hammedaahil|keye))|o(?:legkozyrev|mranshaalan)|peterlee|r(?:alphw(?:\.johnson|johnson)|o(?:bertbailey|serichard))|s(?:amthong|igurlauganna|leo|pwalker|te(?:fanopessina|vecox\.))|tylerhess\.|vanserge|will(?:clark|smi)|xianglongdai))\d+\@yahoo\.com$/i
 
 header    __REPTO_CHN_FREEM             Reply-To =~ /\@(?:sina|aliyun)\.com/i
 
+header     __REPTO_INFONUMSCOM         Reply-To:addr =~ /^info@\d{5,}\.com$/i
+
 header    __REPTO_RUS_FREEM             Reply-To =~ /\@mail\.ru/i
 
 if !((version >= 3.003000))
@@ -9693,9 +8862,13 @@ endif
 
 body     __SCAM           /\bscam(?:m?e[dr])?s?\b/i
 
-rawbody        __SCRIPT_GIBBERISH       /<script>[^;<]{100}/im
+ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+mimeheader	__SCC_BOGUS_CTE_1	Content-Transfer-Encoding =~ /^Hexa/i
+endif
 
-body           __SCRIPT_TAG_IN_BODY     /<script>/i
+ifplugin Mail::SpamAssassin::Plugin::MIMEHeader
+mimeheader	__SCC_CTMPP     Content-Type =~ /multipart\/parallel/	
+endif
 
 body        __SECURITY_DEPT      /\bsecurity dep(?:artmen)?t\b/i
 
@@ -9794,6 +8967,8 @@ meta       __SUBJECT_PRESENT_EMPTY      __HAS_SUBJECT && __SUBJECT_EMPTY
 
 header      __SUBJ_ADMIN         Subject =~ /\b(?:(?:sys)?admin(?:istrator)?|server|service|support)\b/i
 
+header      __SUBJ_ATTENTION     Subject =~ /ATTENTION/
+
 meta        __SUBJ_BRKN_WORDNUMS   __SUBJ_BROKEN_WORD && __TVD_SUBJ_NUM_OBFU
 
 header      __SUBJ_BROKEN_WORD     Subject =~ /\s(?!i[PTM][aoh][bcdou]|e[MP]a[is])[a-z]{1,3}[A-Z][a-z]{2}/
@@ -9818,6 +8993,9 @@ header   __SUBJ_RE		Subject =~ /^(?:R[eE]|S[vV]|V[sS]|A[wW]):/
 
 header __SUBJ_SHORT	Subject =~ /^.{0,8}$/
 
+header    __SUBJ_UNNEEDED_HTML          Subject =~ /%[0-9a-f][0-9a-f]/i
+tflags    __SUBJ_UNNEEDED_HTML          multiple maxhits=3
+
 header     __SUBJ_USB_DRIVES          Subject =~ /\bUSB (?:[Ff]lash )?[Dd]rives\b/
 
 body	 __SUBSCRIPTION_INFO	/\b(?:e?newsletters?|(?:un)?(?:subscrib|register)|you(?:r| are) subscri(?:b|ption)|opt(?:.|ing)?out\b|further info|you do ?n[o']t w(?:ish|ant)|remov\w{1,3}.{1,9}\blists?\b|to your white.?list)/i
@@ -9859,8 +9037,6 @@ header         __TO_ALL_NUMS        To:addr =~ /^\d+@/
 
 meta           __TO_EQ_FM_DIRECT_MX __TO_EQ_FROM && __DOS_DIRECT_TO_MX
 
-meta           __TO_EQ_FM_DOM_HTML_ONLY __TO_EQ_FROM_DOM && MIME_HTML_ONLY
-
 if !plugin(Mail::SpamAssassin::Plugin::SPF)
   meta           __TO_EQ_FM_DOM_SPF_FAIL  0
 endif
@@ -9870,8 +9046,6 @@ ifplugin Mail::SpamAssassin::Plugin::SPF
   tflags         __TO_EQ_FM_DOM_SPF_FAIL  net
 endif
 
-meta           __TO_EQ_FM_HTML_ONLY __TO_EQ_FROM && MIME_HTML_ONLY
-
 if !plugin(Mail::SpamAssassin::Plugin::SPF)
   meta           __TO_EQ_FM_SPF_FAIL  0
 endif
@@ -9915,8 +9089,6 @@ meta           __TO_IN_SUBJ         (__SUBJ_HAS_TO_1 || __SUBJ_HAS_TO_2 || __SUB
 
 header     __TO_NO_ARROWS_R        To !~ /(?:>$|>,)/
 
-meta       __TO_NO_BRKTS_DYNIP     __TO_NO_ARROWS_R && !__TO_UNDISCLOSED && RDNS_DYNAMIC
-
 if !plugin(Mail::SpamAssassin::Plugin::FreeMail)
   meta       __TO_NO_BRKTS_FREEMAIL  0
 endif
@@ -10137,6 +9309,8 @@ endif
 body	 __UNSUB_EMAIL	/\b(?:(?:un)?subscri(?:ber?|ptions?)|abuses?|opt(?:ing)?.?out)\b[-a-z_0-9.+=]{0,60}\@[a-z0-9][-a-z_0-9.]{4,20}(?:[^a-z_0-9.-]|$)/i
 tflags	 __UNSUB_EMAIL	nice
 
+body        __UNSUB_GOOG_FORM    m,Unsub?sc?ribe\s<?https?://docs\.google\.com/forms/,i
+
 uri	 __UNSUB_LINK	/\b(?:(?:un)?subscri(?:ber?|ptions?)|abuses?|opt(?:ing)?.?out)\b/i
 tflags	 __UNSUB_LINK	nice
 
@@ -10206,10 +9380,6 @@ uri        __URI_IMG_FACEBOOK          m;://([^/.]+\.)+fbcdn\.net/v/.+\.(?:jpe?g
 
 uri        __URI_IMG_GBTCDN            m;://des\.gbtcdn\.com/storage/store/[0-9a-f/]{30,}\.(?:png|gif|jpe?g|webp)$;i
 
-uri        __URI_IMG_GDRIVE            /^https:\/\/www\.google\.com\/drive\/static\/images\/drive\/logo-drive\.png/
-
-uri        __URI_IMG_GPHOTO            /^https:\/\/www\.google\.com\/photos\/about\/static\/images\/logo_photos_64dp\.svg/
-
 uri        __URI_IMG_GTRACING          m;://shopify\.gtracing\.com/img/.+\.(?:jpe?g|gif|png|webp);i
 
 uri        __URI_IMG_IMGBOX_THUMB      m;://thumbs\d*\.imgbox\.com/.+\.(?:jpe?g|gif|png|webp);i
@@ -10252,6 +9422,8 @@ tflags      __URI_MAILTO              multiple maxhits=16
 
 uri            __URI_MONERO     /buy-monero/i
 
+uri             __URI_OBFU_DOM          /:\/\/(?:\w+\.)+(?:com|gov|net|org)(?:\.\w+){3,}\//i
+
 meta      __URI_ONLY_MSGID_MALF         __BODY_URI_ONLY && __MSGID_NOFQDN2
 
 meta        __URI_PHISH    __HAS_ANY_URI && !__URI_GOOGLE_DOC && !__URI_GOOG_STO_HTML && (__EMAIL_PHISH || __ACCT_PHISH)
@@ -10260,7 +9432,7 @@ uri        __URI_PHP_REDIR             m;/redirect\.php\?;i
 
 uri        __URI_PRODUCT_AMAZON        m,://www\.amazon\.(?:com|co\.uk|[a-z][a-z])/dp/[a-z0-9]{10}/,i
 
-uri         __URI_TRY_3LD     m,^https?://(?:try(?!r\.codeschool)|start|get(?!\.adobe)|save|check(?!out)|act|compare|join|learn(?!ing)|request|visit(?!or|\.vermont)|my(?!sub|turbotax|news\.apple|a\.godaddy|account|support|build|blob)\w)[^.]*\.[^/]+\.(?:com|net)\b,i
+uri         __URI_TRY_3LD     m,^https?://(?:try(?!r\.codeschool)|start|get(?!\.adobe)|save|check(?!out)|act|compare|join|learn(?!ing)|request|visit(?!or|\.vermont)|my(?!sub|turbotax|news\.apple|a\.godaddy|account|support|build|blob|images?|photos?)\w)[^.]*\.(?:(?!list-manage\.)[^/.]+\.)+(?:com|net)\b,i
 
 uri         __URI_TRY_USME    m,^https?://(?:try|start|get|save|check|act|compare|join|learn|request|visit|my)[^.]*\.[^/]+\.(?:us|me|mobi|club)\b,i
 
@@ -10278,8 +9450,6 @@ uri            __URL_BTC_ID     m;[/.](?:[13][a-km-zA-HJ-NP-Z1-9]{25,34}|bc1[acd
 
 uri      __URL_LTC_ID     m;[/.][LM3][a-km-zA-HJ-NP-Z1-9]{26,33}(?:/|$);
 
-uri	 __URL_SHORTENER	/^https?:\/\/(?:bit\.ly|bit\.do|buff\.ly|tinyurl\.com|ow\.ly|owl\.li|is\.gd|tumblr\.com|mysp\.ac|formspring\.me|ff\.im|youtu\.be|tl\.gd|plurk\.com|migre\.me|j\.mp|cli\.gs|goo\.gl|goo\.io|yfrog\.com|lnk\.ms|su\.pr|fb\.me|alturl\.com|wp\.me|ping\.fm|chatter\.com|post\.ly|twurl\.nl|tiny\.cc|4sq\.com|ustre\.am|short\.to|u\.nu|flic\.kr|budurl\.com|digg\.com|twitvid\.com|gowal\.la|om\.ly|justin\.tv|icio\.us|p\.gs|loopt\.us|tcrn\.ch|xrl\.us|wpo\.st|bkite\.com|t\.cn|t\.co|x\.co|hop\.kz|urla\.ru|fw\.to|back\.ly|ecs\.page\.link|cc\.uz|smarturl\.it|s\.apache\.org)\/[^\/]{3}\/?/
-
 header __USING_VERP1 Return-Path =~ /[+-].*=/
 
 header __VACATION Subject =~ /\b(?:vacatio|away|out.of.offic|auto.?re|confirm)/i
@@ -10364,8 +9534,6 @@ header   __XM_FORTE		X-Mailer =~ /^Forte Agent \d/
 
 header   __XM_GNUS		X-Mailer =~ /^Gnus v/
 
-header     __XM_LIGHT_HEAVY            X-Mailer =~ /\b(?:light|(?<!::)lite|standard|business|pro(?:fessional)?|educational|personal)\b/i
-
 header   __XM_MHE		X-Mailer =~ /^mh-e \d/
 
 header   __XM_MOZ4		X-Mailer =~ /^Mozilla 4/
@@ -10390,7 +9558,7 @@ header __XM_OUTLOOK_EXPRESS    X-Mailer =~ /^Microsoft Outlook Express \d/
 
 header      __XM_PHPMAILER_FORGED  X-Mailer =~ /PHPMailer\s.*version\D+$/
 
-header     __XM_RANDOM                 X-Mailer =~ /q(?!q?mail|boxmail|\d|[-\w]*=+;)[^u]/i
+header     __XM_RANDOM                 X-Mailer =~ /q(?!(?:q|box|i\s)?mail|\d|[-\w]*=+;)[^u]/i
 
 header   __XM_SKYRI		X-Mailer =~ /^SKYRiXgreen/
 
@@ -10496,42 +9664,6 @@ endif
 
 body		__hk_bigmoney		/(?:EURO?|USD?|GBP|CFA|\&\#163;|[\xa3\xa4]|\$|sum of).{0,4}(?:[0-9]{3}[^0-9a-z]?[0-9]{3}|[0-9.,]{1,4}(?: ?M\b| ?(?:de )?Mil))/i
 
-body		__hk_win_0		/\byour? e-?mail just w[oi]n/i
-
-body		__hk_win_2		/\battn.{0,10}winner/i
-
-body		__hk_win_3		/\bhappily aa?nnounce/i
-
-body		__hk_win_4		/\bpleas(?:ure|ed) to inform/i
-
-body		__hk_win_5		/\b(?:notice the|your) winning/i
-
-body		__hk_win_7		/\bcongratulations? to your/i
-
-body		__hk_win_8		/\bunexpected luck/i
-
-body		__hk_win_9		/\blucky (?:nl )number/i
-
-body		__hk_win_a		/\bwinning (?:e-?mail|numbers|information)/i
-
-body		__hk_win_b		/\byour e-?mail (?:address )?(?:has )?w[io]n/i
-
-body		__hk_win_c		/\bune adresse e-?mail sur internet/i
-
-body		__hk_win_d		/\bcategory (?:\S{0,5} )?winner of our/i
-
-body		__hk_win_i		/\bfunds? transfer/i
-
-body		__hk_win_j		/\b(?:winning|ready for|sum) pay ?out/i
-
-body		__hk_win_l		/\b(?:make|file) (?:for )?your claim/i
-
-body		__hk_win_m		/\br.clamation de votre prix/i
-
-body		__hk_win_n		/\bcollect your prize/i
-
-body		__hk_win_o		/\bclarification and procedure/i
-
 ifplugin Mail::SpamAssassin::Plugin::FreeMail
 header   __smf_freemail_hdr_replyto  eval:check_freemail_header('Reply-To:addr')
 endif
diff --git a/sa-updates/72_scores.cf b/sa-updates/72_scores.cf
index 2ece32c..a288713 100644
--- a/sa-updates/72_scores.cf
+++ b/sa-updates/72_scores.cf
@@ -1,8 +1,7 @@
-score ACCT_PHISHING_MANY                    2.999 2.996 2.999 2.996
 score AC_BR_BONANZA                         0.001 0.001 0.001 0.001
 score AC_DIV_BONANZA                        0.001 0.001 0.001 0.001
-score AC_FROM_MANY_DOTS                     3.000 0.578 3.000 0.578
-score AC_HTML_NONSENSE_TAGS                 1.999 1.997 1.999 1.997
+score AC_FROM_MANY_DOTS                     2.999 2.999 2.999 2.999
+score AC_HTML_NONSENSE_TAGS                 2.000 1.999 2.000 1.999
 score AC_POST_EXTRAS                        1.000 1.000 1.000 1.000
 score AC_SPAMMY_URI_PATTERNS1               1.000 1.000 1.000 1.000
 score AC_SPAMMY_URI_PATTERNS10              1.000 1.000 1.000 1.000
@@ -13,281 +12,280 @@ score AC_SPAMMY_URI_PATTERNS3               1.000 1.000 1.000 1.000
 score AC_SPAMMY_URI_PATTERNS4               1.000 1.000 1.000 1.000
 score AC_SPAMMY_URI_PATTERNS8               1.000 1.000 1.000 1.000
 score AC_SPAMMY_URI_PATTERNS9               1.000 1.000 1.000 1.000
-score ADMITS_SPAM                           2.899 1.510 2.899 1.510
-score ADULT_DATING_COMPANY                  10.001 10.001 10.001 10.001
+score ADMITS_SPAM                           3.200 3.113 3.200 3.113
+score ADULT_DATING_COMPANY                  10.000 10.000 10.000 10.000
 score ADVANCE_FEE_2_NEW_FORM                1.000 1.000 1.000 1.000
-score ADVANCE_FEE_2_NEW_FRM_MNY             0.001 0.001 0.001 0.001
-score ADVANCE_FEE_2_NEW_MONEY               0.001 0.001 0.001 0.001
-score ADVANCE_FEE_3_NEW                     2.836 1.673 2.836 1.673
-score ADVANCE_FEE_3_NEW_FRM_MNY             1.536 2.197 1.536 2.197
-score ADVANCE_FEE_3_NEW_MONEY               2.799 0.001 2.799 0.001
-score ADVANCE_FEE_4_NEW                     2.210 0.001 2.210 0.001
-score ADVANCE_FEE_4_NEW_FRM_MNY             0.199 1.098 0.199 1.098
-score ADVANCE_FEE_4_NEW_MONEY               0.406 0.722 0.406 0.722
-score ADVANCE_FEE_5_NEW                     0.091 0.001 0.091 0.001
-score ADVANCE_FEE_5_NEW_FRM_MNY             0.001 1.080 0.001 1.080
+score ADVANCE_FEE_2_NEW_FRM_MNY             1.000 1.000 1.000 1.000
+score ADVANCE_FEE_2_NEW_MONEY               1.999 1.999 1.999 1.999
+score ADVANCE_FEE_3_NEW                     2.039 3.448 2.039 3.448
+score ADVANCE_FEE_3_NEW_MONEY               0.342 2.523 0.342 2.523
+score ADVANCE_FEE_4_NEW                     2.400 2.192 2.400 2.192
+score ADVANCE_FEE_4_NEW_MONEY               1.643 1.642 1.643 1.642
+score ADVANCE_FEE_5_NEW_FRM_MNY             0.001 0.001 0.001 0.001
 score ADVANCE_FEE_5_NEW_MONEY               0.001 0.001 0.001 0.001
-score AD_PREFS                              0.312 0.498 0.312 0.498
+score AD_PREFS                              0.499 0.001 0.499 0.001
 score ALIBABA_IMG_NOT_RCVD_ALI              1.000 1.000 1.000 1.000
-score AMAZON_IMG_NOT_RCVD_AMZN              2.499 0.001 2.499 0.001
+score AMAZON_IMG_NOT_RCVD_AMZN              0.001 0.001 0.001 0.001
 score APP_DEVELOPMENT_FREEM                 1.000 1.000 1.000 1.000
-score APP_DEVELOPMENT_NORDNS                1.000 1.997 1.000 1.997
-score AXB_XMAILER_MIMEOLE_OL_024C2          0.403 0.001 0.403 0.001
+score APP_DEVELOPMENT_NORDNS                1.000 1.000 1.000 1.000
+score ARC_SIGNED                            0.001 0.001 0.001 0.001
+score ARC_VALID                             0.001 0.001 0.001 0.001
+score AXB_XMAILER_MIMEOLE_OL_024C2          0.001 0.001 0.001 0.001
+score AXB_X_FF_SEZ_S                        3.099 3.100 3.099 3.100
+score BAT_BDRY_TO_MALF                      2.499 1.637 2.499 1.637
 score BEBEE_IMG_NOT_RCVD_BB                 1.000 1.000 1.000 1.000
-score BIGNUM_EMAILS_FREEM                   0.159 0.001 0.159 0.001
-score BIGNUM_EMAILS_MANY                    2.999 0.003 2.999 0.003
+score BIGNUM_EMAILS_FREEM                   1.336 0.017 1.336 0.017
+score BIGNUM_EMAILS_MANY                    2.743 1.670 2.743 1.670
 score BITCOIN_BOMB                          1.000 1.000 1.000 1.000
-score BITCOIN_DEADLINE                      1.000 1.000 1.000 1.000
-score BITCOIN_EXTORT_01                     1.000 1.000 1.000 1.000
+score BITCOIN_DEADLINE                      1.753 1.000 1.753 1.000
+score BITCOIN_EXTORT_01                     2.102 2.692 2.102 2.692
 score BITCOIN_EXTORT_02                     1.000 1.000 1.000 1.000
-score BITCOIN_IMGUR                         2.236 3.496 2.236 3.496
-score BITCOIN_MALF_HTML                     0.001 2.487 0.001 2.487
-score BITCOIN_MALWARE                       1.000 0.001 1.000 0.001
+score BITCOIN_IMGUR                         1.000 1.000 1.000 1.000
+score BITCOIN_MALF_HTML                     2.095 0.142 2.095 0.142
+score BITCOIN_MALWARE                       1.043 0.001 1.043 0.001
 score BITCOIN_OBFU_SUBJ                     1.000 1.000 1.000 1.000
-score BITCOIN_ONAN                          1.000 1.000 1.000 1.000
+score BITCOIN_ONAN                          2.011 2.867 2.011 2.867
 score BITCOIN_PAY_ME                        1.000 1.000 1.000 1.000
 score BITCOIN_SPAM_01                       1.000 1.000 1.000 1.000
-score BITCOIN_SPAM_02                       2.499 1.083 2.499 1.083
-score BITCOIN_SPAM_03                       1.000 1.875 1.000 1.875
+score BITCOIN_SPAM_02                       2.189 1.279 2.189 1.279
+score BITCOIN_SPAM_03                       2.225 0.919 2.225 0.919
 score BITCOIN_SPAM_04                       1.000 1.000 1.000 1.000
-score BITCOIN_SPAM_05                       0.001 2.255 0.001 2.255
+score BITCOIN_SPAM_05                       0.001 2.027 0.001 2.027
 score BITCOIN_SPAM_06                       1.000 1.000 1.000 1.000
-score BITCOIN_SPAM_07                       3.499 3.496 3.499 3.496
+score BITCOIN_SPAM_07                       1.000 1.000 1.000 1.000
 score BITCOIN_SPAM_08                       1.000 1.000 1.000 1.000
-score BITCOIN_SPAM_09                       1.499 1.498 1.499 1.498
+score BITCOIN_SPAM_09                       1.499 1.499 1.499 1.499
 score BITCOIN_SPAM_10                       1.000 1.000 1.000 1.000
 score BITCOIN_SPAM_11                       1.000 1.000 1.000 1.000
 score BITCOIN_SPAM_12                       1.000 1.000 1.000 1.000
 score BITCOIN_SPF_ONLYALL                   0.001 1.000 0.001 1.000
-score BITCOIN_XPRIO                         1.490 0.001 1.490 0.001
-score BITCOIN_YOUR_INFO                     2.999 2.975 2.999 2.975
-score BODY_SINGLE_URI                       1.746 2.497 1.746 2.497
-score BODY_SINGLE_WORD                      0.001 0.001 0.001 0.001
-score BODY_URI_ONLY                         1.000 1.533 1.000 1.533
-score BOGUS_MIME_VERSION                    3.499 3.496 3.499 3.496
-score BOGUS_MSM_HDRS                        1.000 1.000 1.000 1.000
+score BITCOIN_XPRIO                         1.051 0.001 1.051 0.001
+score BITCOIN_YOUR_INFO                     1.268 0.708 1.268 0.708
+score BODY_URI_ONLY                         2.499 1.958 2.499 1.958
+score BOGUS_MIME_VERSION                    1.000 1.000 1.000 1.000
+score BOGUS_MSM_HDRS                        1.126 0.001 1.126 0.001
 score BOMB_FREEM                            1.000 1.000 1.000 1.000
 score BOMB_MONEY                            1.000 1.000 1.000 1.000
 score BTC_ORG                               1.000 1.000 1.000 1.000
-score BULK_RE_SUSP_NTLD                     1.000 1.000 1.000 1.000
+score BULK_RE_SUSP_NTLD                     0.999 1.000 0.999 1.000
 score CANT_SEE_AD                           1.000 1.000 1.000 1.000
-score CK_HELO_GENERIC                       0.250 0.001 0.250 0.001
+score CK_HELO_GENERIC                       0.249 0.001 0.249 0.001
 score COMMENT_GIBBERISH                     1.000 1.000 1.000 1.000
-score COMPENSATION                          1.000 0.001 1.000 0.001
-score CONTENT_AFTER_HTML                    2.182 0.001 2.182 0.001
+score COMPENSATION                          1.000 1.000 1.000 1.000
+score CONTENT_AFTER_HTML                    1.000 1.000 1.000 1.000
+score CONTENT_AFTER_HTML_WEAK               1.000 1.000 1.000 1.000
 score CTE_8BIT_MISMATCH                     0.999 0.001 0.999 0.001
+score DATE_IN_FUTURE_Q_PLUS                 2.700 2.700 2.700 2.700
 score DAY_I_EARNED                          1.000 1.000 1.000 1.000
-score DEAR_BENEFICIARY                      0.841 1.432 0.841 1.432
-score DKIMWL_BL                             0.001 2.996 0.001 2.996
+score DEAR_BENEFICIARY                      1.641 2.148 1.641 2.148
+score DKIMWL_BL                             0.001 1.000 0.001 1.000
 score DKIMWL_BLOCKED                        0.001 0.001 0.001 0.001
-score DKIMWL_WL_HIGH                        0.001 -0.702 0.001 -0.702
+score DKIMWL_WL_HIGH                        0.001 -0.001 0.001 -0.001
 score DKIMWL_WL_MED                         0.001 -0.001 0.001 -0.001
 score DKIMWL_WL_MEDHI                       0.001 -0.001 0.001 -0.001
 score DOTGOV_IMAGE                          1.000 1.000 1.000 1.000
-score DX_TEXT_03                            1.200 0.001 1.200 0.001
+score DX_TEXT_03                            1.200 1.299 1.200 1.299
 score DYNAMIC_IMGUR                         1.000 1.000 1.000 1.000
 score EBAY_IMG_NOT_RCVD_EBAY                1.000 1.000 1.000 1.000
-score ENCRYPTED_MESSAGE                     -1.000 -1.000 -1.000 -1.000
-score END_FUTURE_EMAILS                     1.000 0.001 1.000 0.001
+score ENCRYPTED_MESSAGE                     -1.000 -0.999 -1.000 -0.999
+score END_FUTURE_EMAILS                     2.499 1.000 2.499 1.000
 score ENVFROM_GOOG_TRIX                     1.000 1.000 1.000 1.000
-score FACEBOOK_IMG_NOT_RCVD_FB              1.498 1.318 1.498 1.318
-score FBI_MONEY                             1.000 1.000 1.000 1.000
-score FBI_SPOOF                             1.000 1.000 1.000 1.000
-score FILL_THIS_FORM                        1.699 1.597 1.699 1.597
+score FACEBOOK_IMG_NOT_RCVD_FB              1.000 1.000 1.000 1.000
+score FBI_MONEY                             0.227 0.911 0.227 0.911
+score FBI_SPOOF                             1.573 0.887 1.573 0.887
+score FILL_THIS_FORM                        0.952 1.000 0.952 1.000
 score FONT_INVIS_DIRECT                     0.001 0.001 0.001 0.001
 score FONT_INVIS_DOTGOV                     1.000 1.000 1.000 1.000
-score FONT_INVIS_HTML_NOHTML                2.178 0.001 2.178 0.001
-score FONT_INVIS_LONG_LINE                  2.588 2.993 2.588 2.993
-score FONT_INVIS_MSGID                      2.499 1.810 2.499 1.810
-score FONT_INVIS_NORDNS                     1.000 1.000 1.000 1.000
-score FONT_INVIS_POSTEXTRAS                 1.392 1.352 1.392 1.352
-score FORM_FRAUD                            1.000 0.001 1.000 0.001
-score FORM_FRAUD_5                          0.001 0.001 0.001 0.001
-score FOUND_YOU                             3.249 3.246 3.249 3.246
-score FREEMAIL_FORGED_FROMDOMAIN            0.250 0.248 0.250 0.248
+score FONT_INVIS_HTML_NOHTML                1.000 1.000 1.000 1.000
+score FONT_INVIS_LONG_LINE                  2.999 2.999 2.999 2.999
+score FONT_INVIS_MSGID                      1.942 2.195 1.942 2.195
+score FONT_INVIS_NORDNS                     0.001 1.894 0.001 1.894
+score FONT_INVIS_POSTEXTRAS                 1.174 2.900 1.174 2.900
+score FORM_FRAUD                            0.999 0.999 0.999 0.999
+score FORM_FRAUD_3                          2.399 0.001 2.399 0.001
+score FORM_FRAUD_5                          0.001 1.742 0.001 1.742
+score FOUND_YOU                             1.000 1.000 1.000 1.000
+score FREEMAIL_FORGED_FROMDOMAIN            0.250 0.001 0.250 0.001
 score FREEM_FRNUM_UNICD_EMPTY               1.000 1.000 1.000 1.000
 score FRNAME_IN_MSG_XPRIO_NO_SUB            1.000 1.000 1.000 1.000
-score FROM_2_EMAILS_SHORT                   2.999 2.585 2.999 2.585
-score FROM_ADDR_WS                          1.000 1.000 1.000 1.000
-score FROM_BANK_NOAUTH                      0.001 0.998 0.001 0.998
+score FROM_2_EMAILS_SHORT                   0.001 0.921 0.001 0.921
+score FROM_ADDR_WS                          3.000 2.999 3.000 2.999
+score FROM_BANK_NOAUTH                      0.001 1.000 0.001 1.000
 score FROM_FMBLA_NDBLOCKED                  0.001 0.001 0.001 0.001
-score FROM_FMBLA_NEWDOM                     0.001 1.498 0.001 1.498
-score FROM_FMBLA_NEWDOM14                   0.001 0.998 0.001 0.998
-score FROM_FMBLA_NEWDOM28                   0.001 0.798 0.001 0.798
+score FROM_FMBLA_NEWDOM                     0.001 1.499 0.001 1.499
+score FROM_FMBLA_NEWDOM14                   0.001 0.999 0.001 0.999
+score FROM_FMBLA_NEWDOM28                   0.001 0.001 0.001 0.001
 score FROM_GOV_DKIM_AU                      0.001 -0.001 0.001 -0.001
 score FROM_GOV_REPLYTO_FREEMAIL             0.001 1.000 0.001 1.000
 score FROM_GOV_SPOOF                        0.001 1.000 0.001 1.000
-score FROM_IN_TO_AND_SUBJ                   2.099 2.197 2.099 2.197
-score FROM_MISSPACED                        1.217 0.001 1.217 0.001
-score FROM_MISSP_EH_MATCH                   0.001 0.001 0.001 0.001
-score FROM_MISSP_FREEMAIL                   3.199 2.996 3.199 2.996
-score FROM_MISSP_MSFT                       2.450 0.001 2.450 0.001
-score FROM_MISSP_PHISH                      2.953 3.496 2.953 3.496
-score FROM_MISSP_REPLYTO                    1.000 0.001 1.000 0.001
+score FROM_MISSPACED                        1.999 1.999 1.999 1.999
+score FROM_MISSP_DYNIP                      1.928 0.042 1.928 0.042
+score FROM_MISSP_EH_MATCH                   1.999 1.201 1.999 1.201
+score FROM_MISSP_FREEMAIL                   0.001 1.149 0.001 1.149
+score FROM_MISSP_MSFT                       0.001 0.001 0.001 0.001
+score FROM_MISSP_REPLYTO                    2.199 0.001 2.199 0.001
 score FROM_MISSP_SPF_FAIL                   0.001 0.001 0.001 0.001
 score FROM_MISSP_USER                       0.001 0.001 0.001 0.001
-score FROM_MULTI_NORDNS                     2.491 1.896 2.491 1.896
-score FROM_NEWDOM_BTC                       0.001 0.863 0.001 0.863
+score FROM_MULTI_NORDNS                     1.332 1.895 1.332 1.895
+score FROM_NEWDOM_BTC                       0.001 1.000 0.001 1.000
 score FROM_NTLD_LINKBAIT                    1.000 1.000 1.000 1.000
-score FROM_NTLD_REPLY_FREEMAIL              1.999 1.000 1.999 1.000
+score FROM_NTLD_REPLY_FREEMAIL              1.512 1.000 1.512 1.000
 score FROM_NUMBERO_NEWDOMAIN                0.001 1.000 0.001 1.000
-score FROM_NUMERIC_TLD                      1.000 1.000 1.000 1.000
-score FROM_PAYPAL_SPOOF                     0.001 1.597 0.001 1.597
-score FROM_SUSPICIOUS_NTLD                  0.469 0.001 0.469 0.001
-score FROM_SUSPICIOUS_NTLD_FP               1.821 1.997 1.821 1.997
-score FROM_WSP_TRAIL                        2.399 1.402 2.399 1.402
+score FROM_PAYPAL_SPOOF                     0.001 1.599 0.001 1.599
+score FROM_SUSPICIOUS_NTLD                  0.500 0.001 0.500 0.001
+score FROM_SUSPICIOUS_NTLD_FP               1.999 0.694 1.999 0.694
 score FSL_BULK_SIG                          0.001 0.001 0.001 0.001
 score FSL_CTYPE_WIN1251                     0.001 0.001 0.001 0.001
-score FSL_HELO_FAKE                         0.001 0.001 0.001 0.001
 score FSL_NEW_HELO_USER                     0.001 0.001 0.001 0.001
 score FUZZY_AMAZON                          0.001 0.001 0.001 0.001
-score FUZZY_BITCOIN                         2.799 1.802 2.799 1.802
-score FUZZY_WALLET                          2.599 2.097 2.599 2.097
-score GAPPY_LOW_CONTRAST                    2.499 2.497 2.499 2.497
+score FUZZY_BITCOIN                         0.001 0.001 0.001 0.001
+score FUZZY_IMPORTANT                       2.700 1.190 2.700 1.190
+score FUZZY_PORN                            1.836 0.001 1.836 0.001
+score FUZZY_SECURITY                        2.399 2.299 2.399 2.299
+score FUZZY_WALLET                          1.799 0.001 1.799 0.001
 score GAPPY_SALES_LEADS_FREEM               1.000 1.000 1.000 1.000
-score GB_FAKE_RF_SHORT                      1.999 0.073 1.999 0.073
+score GB_BITCOIN_CP                         2.645 2.999 2.645 2.999
+score GB_BITCOIN_NH                         1.994 0.001 1.994 0.001
+score GB_CUSTOM_HTM_URI                     0.350 0.036 0.350 0.036
+score GB_FAKE_RF_SHORT                      1.292 0.820 1.292 0.820
 score GB_FORGED_MUA_POSTFIX                 1.000 1.000 1.000 1.000
-score GB_FREEMAIL_DISPTO                    0.499 0.498 0.499 0.498
+score GB_FREEMAIL_DISPTO                    0.499 0.166 0.499 0.166
 score GB_FREEMAIL_DISPTO_NOTFREEM           0.500 0.500 0.500 0.500
 score GB_GOOGLE_OBFUR                       0.750 0.750 0.750 0.750
-score GB_GOOG_IMG_NOT_RCVD_GOOG             1.000 1.000 1.000 1.000
+score GB_HASHBL_BTC                         0.001 0.562 0.001 0.562
+score GB_STORAGE_GOOGLE_EMAIL               1.000 1.000 1.000 1.000
+score GB_URI_FLEEK_STO_HTM                  0.999 0.999 0.999 0.999
 score GOOGLE_DOCS_PHISH                     1.000 1.000 1.000 1.000
 score GOOGLE_DOCS_PHISH_MANY                1.000 1.000 1.000 1.000
 score GOOGLE_DOC_SUSP                       1.000 1.000 1.000 1.000
 score GOOGLE_DRIVE_REPLY_BAD_NTLD           1.000 1.000 1.000 1.000
 score GOOG_MALWARE_DNLD                     1.000 1.000 1.000 1.000
-score GOOG_REDIR_NORDNS                     2.499 1.452 2.499 1.452
-score GOOG_STO_EMAIL_PHISH                  2.999 2.217 2.999 2.217
+score GOOG_REDIR_NORDNS                     2.502 2.899 2.502 2.899
+score GOOG_STO_EMAIL_PHISH                  1.000 1.000 1.000 1.000
 score GOOG_STO_HTML_PHISH                   1.000 1.000 1.000 1.000
 score GOOG_STO_HTML_PHISH_MANY              1.000 1.000 1.000 1.000
-score GOOG_STO_IMG_HTML                     2.999 2.996 2.999 2.996
-score GOOG_STO_IMG_NOHTML                   1.000 1.000 1.000 1.000
-score GOOG_STO_NOIMG_HTML                   2.999 2.996 2.999 2.996
+score GOOG_STO_IMG_HTML                     1.000 1.000 1.000 1.000
+score GOOG_STO_IMG_NOHTML                   2.500 2.499 2.500 2.499
+score GOOG_STO_NOIMG_HTML                   2.706 2.893 2.706 2.893
 score HAS_X_NO_RELAY                        1.000 1.000 1.000 1.000
-score HAS_X_OUTGOING_SPAM_STAT              1.999 0.807 1.999 0.807
+score HAS_X_OUTGOING_SPAM_STAT              0.502 0.207 0.502 0.207
 score HDRS_LCASE                            0.100 0.001 0.100 0.001
-score HDRS_LCASE_IMGONLY                    0.099 0.098 0.099 0.098
-score HDRS_MISSP                            2.500 0.810 2.500 0.810
+score HDRS_LCASE_IMGONLY                    0.099 0.099 0.099 0.099
+score HDRS_MISSP                            2.499 2.499 2.499 2.499
 score HDR_ORDER_FTSDMCXX_DIRECT             0.001 0.001 0.001 0.001
-score HDR_ORDER_FTSDMCXX_NORDNS             0.001 0.001 0.001 0.001
-score HEADER_FROM_DIFFERENT_DOMAINS         0.249 0.249 0.249 0.249
+score HDR_ORDER_FTSDMCXX_NORDNS             0.349 0.001 0.349 0.001
+score HEADER_FROM_DIFFERENT_DOMAINS         0.250 0.250 0.250 0.250
 score HELO_NO_DOMAIN                        0.001 0.001 0.001 0.001
 score HEXHASH_WORD                          1.000 1.000 1.000 1.000
 score HK_CTE_RAW                            1.000 1.000 1.000 1.000
-score HK_LOTTO                              0.999 0.998 0.999 0.998
-score HK_NAME_MR_MRS                        1.000 0.476 1.000 0.476
-score HK_RANDOM_ENVFROM                     0.999 0.001 0.999 0.001
-score HK_RANDOM_FROM                        0.999 0.998 0.999 0.998
-score HK_RANDOM_REPLYTO                     0.999 0.001 0.999 0.001
+score HK_LOTTO                              0.999 0.242 0.999 0.242
+score HK_NAME_MR_MRS                        0.999 0.999 0.999 0.999
+score HK_RANDOM_ENVFROM                     1.000 0.001 1.000 0.001
+score HK_RANDOM_FROM                        0.999 1.000 0.999 1.000
+score HK_RANDOM_REPLYTO                     0.999 1.000 0.999 1.000
 score HK_RCVD_IP_MULTICAST                  1.000 1.000 1.000 1.000
-score HK_SCAM                               0.409 0.551 0.409 0.551
-score HK_WIN                                1.000 0.998 1.000 0.998
-score HOSTED_IMG_DIRECT_MX                  0.001 0.091 0.001 0.091
+score HK_SCAM                               1.999 1.999 1.999 1.999
+score HOSTED_IMG_DIRECT_MX                  0.001 0.001 0.001 0.001
 score HOSTED_IMG_DQ_UNSUB                   1.000 1.000 1.000 1.000
-score HOSTED_IMG_FREEM                      3.499 3.496 3.499 3.496
+score HOSTED_IMG_FREEM                      3.499 2.673 3.499 2.673
 score HOSTED_IMG_MULTI                      1.000 1.000 1.000 1.000
-score HOSTED_IMG_MULTI_PUB_01               2.999 2.996 2.999 2.996
-score HTML_ENTITY_ASCII                     2.843 0.706 2.843 0.706
+score HOSTED_IMG_MULTI_PUB_01               2.999 0.001 2.999 0.001
+score HTML_ENTITY_ASCII                     1.000 2.999 1.000 2.999
 score HTML_ENTITY_ASCII_TINY                1.000 1.000 1.000 1.000
-score HTML_FONT_TINY_NORDNS                 1.999 1.997 1.999 1.997
-score HTML_OFF_PAGE                         0.400 0.001 0.400 0.001
+score HTML_FONT_TINY_NORDNS                 1.999 1.824 1.999 1.824
+score HTML_OFF_PAGE                         2.601 2.996 2.601 2.996
 score HTML_SHRT_CMNT_OBFU_MANY              1.000 1.000 1.000 1.000
-score HTML_SINGLET_MANY                     1.000 0.001 1.000 0.001
-score HTML_TAG_BALANCE_CENTER               2.085 2.930 2.085 2.930
-score HTML_TEXT_INVISIBLE_FONT              1.000 0.739 1.000 0.739
-score HTML_TEXT_INVISIBLE_STYLE             2.098 1.698 2.098 1.698
+score HTML_SINGLET_MANY                     2.499 1.000 2.499 1.000
+score HTML_TAG_BALANCE_CENTER               1.940 3.099 1.940 3.099
+score HTML_TEXT_INVISIBLE_FONT              1.999 0.258 1.999 0.258
+score HTML_TEXT_INVISIBLE_STYLE             1.275 0.892 1.275 0.892
 score IMG_ONLY_FM_DOM_INFO                  1.000 1.000 1.000 1.000
-score JH_SPAMMY_HEADERS                     3.499 3.496 3.499 3.496
-score JH_SPAMMY_PATTERN01                   2.999 2.872 2.999 2.872
+score JH_SPAMMY_HEADERS                     3.499 3.500 3.499 3.500
+score JH_SPAMMY_PATTERN01                   1.000 1.000 1.000 1.000
 score JH_SPAMMY_PATTERN02                   1.000 1.000 1.000 1.000
-score KHOP_HELO_FCRDNS                      0.400 0.001 0.400 0.001
+score KHOP_FAKE_EBAY                        0.001 0.001 0.001 0.001
+score KHOP_HELO_FCRDNS                      0.399 0.001 0.399 0.001
 score LINKEDIN_IMG_NOT_RCVD_LNKN            1.000 1.000 1.000 1.000
 score LIST_PRTL_PUMPDUMP                    1.000 1.000 1.000 1.000
 score LIST_PRTL_SAME_USER                   1.000 1.000 1.000 1.000
-score LONGLN_LOW_CONTRAST                   1.285 0.001 1.285 0.001
-score LONG_HEX_URI                          2.999 0.926 2.999 0.926
-score LONG_IMG_URI                          0.001 0.001 0.001 0.001
-score LONG_INVISIBLE_TEXT                   0.001 0.750 0.001 0.750
+score LONG_HEX_URI                          2.999 1.614 2.999 1.614
+score LONG_IMG_URI                          2.802 0.001 2.802 0.001
+score LONG_INVISIBLE_TEXT                   2.990 2.999 2.990 2.999
 score LOTS_OF_MONEY                         0.010 0.010 0.010 0.010
-score LOTTO_AGENT                           0.001 0.001 0.001 0.001
-score LOTTO_DEPT                            2.000 1.999 2.000 1.999
+score LOTTO_AGENT                           1.499 1.499 1.499 1.499
 score LUCRATIVE                             1.000 1.000 1.000 1.000
+score MALFORMED_FREEMAIL                    2.899 2.999 2.899 2.999
 score MALF_HTML_B64                         1.000 1.000 1.000 1.000
-score MALWARE_NORDNS                        0.001 0.248 0.001 0.248
+score MALWARE_NORDNS                        0.001 0.126 0.001 0.126
 score MALWARE_PASSWORD                      1.000 1.000 1.000 1.000
-score MANY_HDRS_LCASE                       0.100 0.100 0.100 0.100
-score MILLION_HUNDRED                       0.001 0.710 0.001 0.710
-score MIMEOLE_DIRECT_TO_MX                  1.000 0.001 1.000 0.001
+score MAY_BE_FORGED                         1.699 0.001 1.699 0.001
+score MILLION_HUNDRED                       0.241 1.309 0.241 1.309
+score MILLION_USD                           0.548 0.449 0.548 0.449
+score MIMEOLE_DIRECT_TO_MX                  0.001 0.001 0.001 0.001
 score MIME_NO_TEXT                          1.000 1.000 1.000 1.000
-score MIXED_AREA_CASE                       0.719 0.199 0.719 0.199
-score MIXED_CENTER_CASE                     2.499 1.854 2.499 1.854
-score MIXED_ES                              3.252 2.882 3.252 2.882
-score MIXED_FONT_CASE                       1.945 2.328 1.945 2.328
-score MIXED_HREF_CASE                       0.816 0.408 0.816 0.408
-score MIXED_IMG_CASE                        0.295 1.169 0.295 1.169
+score MIXED_AREA_CASE                       1.000 1.000 1.000 1.000
+score MIXED_CENTER_CASE                     1.000 1.000 1.000 1.000
+score MIXED_ES                              2.699 2.599 2.699 2.599
+score MIXED_FONT_CASE                       1.000 1.000 1.000 1.000
+score MIXED_HREF_CASE                       1.000 1.000 1.000 1.000
+score MIXED_IMG_CASE                        2.999 1.509 2.999 1.509
 score MONERO_DEADLINE                       1.000 1.000 1.000 1.000
 score MONERO_EXTORT_01                      1.000 1.000 1.000 1.000
 score MONERO_MALWARE                        1.000 1.000 1.000 1.000
 score MONERO_PAY_ME                         1.000 1.000 1.000 1.000
+score MONEY_ATM_CARD                        1.799 2.899 1.799 2.899
 score MONEY_FORM                            0.001 0.001 0.001 0.001
-score MONEY_FORM_SHORT                      1.176 1.318 1.176 1.318
-score MONEY_FRAUD_3                         1.395 0.657 1.395 0.657
-score MONEY_FRAUD_5                         3.081 1.999 3.081 1.999
-score MONEY_FRAUD_8                         3.099 0.001 3.099 0.001
-score MONEY_FREEMAIL_REPTO                  1.148 0.001 1.148 0.001
-score MONEY_FROM_41                         1.999 0.001 1.999 0.001
-score MONEY_FROM_MISSP                      1.385 0.001 1.385 0.001
+score MONEY_FORM_SHORT                      2.499 2.499 2.499 2.499
+score MONEY_FRAUD_3                         2.472 2.599 2.472 2.599
+score MONEY_FRAUD_5                         0.001 0.001 0.001 0.001
+score MONEY_FRAUD_8                         0.039 0.001 0.039 0.001
+score MONEY_FREEMAIL_REPTO                  3.000 2.379 3.000 2.379
+score MONEY_FROM_41                         1.999 0.840 1.999 0.840
+score MONEY_FROM_MISSP                      0.001 0.001 0.001 0.001
 score MSGID_DOLLARS_URI_IMG                 1.000 1.000 1.000 1.000
 score MSGID_HDR_MALF                        1.000 1.000 1.000 1.000
-score MSGID_NOFQDN1                         0.001 0.001 0.001 0.001
-score MSMAIL_PRI_ABNORMAL                   0.001 0.001 0.001 0.001
+score MSMAIL_PRI_ABNORMAL                   1.499 0.912 1.499 0.912
 score MSM_PRIO_REPTO                        1.000 1.000 1.000 1.000
-score NA_DOLLARS                            1.055 1.498 1.055 1.498
+score NAME_EMAIL_DIFF                       1.729 0.001 1.729 0.001
+score NA_DOLLARS                            1.281 1.499 1.281 1.499
 score NEWEGG_IMG_NOT_RCVD_NEGG              1.000 1.000 1.000 1.000
 score NEW_PRODUCTS                          1.000 1.000 1.000 1.000
-score NICE_REPLY_A                          -4.151 -1.993 -4.151 -1.993
-score NORDNS_LOW_CONTRAST                   1.888 0.001 1.888 0.001
+score NICE_REPLY_A                          -0.001 -0.257 -0.001 -0.257
 score NO_FM_NAME_IP_HOSTN                   0.001 0.001 0.001 0.001
 score NSL_RCVD_FROM_USER                    0.001 0.001 0.001 0.001
-score NSL_RCVD_HELO_USER                    2.186 0.211 2.186 0.211
-score OBFU_BITCOIN                          1.736 1.914 1.736 1.914
-score OBFU_TEXT_ATTACH                      1.196 0.950 1.196 0.950
-score ODD_FREEM_REPTO                       2.999 2.214 2.999 2.214
-score OFFER_ONLY_AMERICA                    0.853 1.000 0.853 1.000
-score PDS_BTC_ID                            0.499 0.498 0.499 0.498
-score PDS_BTC_MSGID                         0.999 0.001 0.999 0.001
-score PDS_BTC_NTLD                          0.807 0.001 0.807 0.001
-score PDS_DBL_URL_TNB_RUNON                 1.999 1.997 1.999 1.997
-score PDS_FRNOM_TODOM_DBL_URL               1.425 1.373 1.425 1.373
-score PDS_FRNOM_TODOM_NAKED_TO              1.499 1.498 1.499 1.498
-score PDS_FROM_NAME_TO_DOMAIN               1.999 1.997 1.999 1.997
+score NSL_RCVD_HELO_USER                    0.001 0.001 0.001 0.001
+score NUMBERONLY_BITCOIN_EXP                0.001 1.228 0.001 1.228
+score OBFU_BITCOIN                          0.001 0.001 0.001 0.001
+score OBFU_TEXT_ATTACH                      0.569 1.444 0.569 1.444
+score ODD_FREEM_REPTO                       3.000 2.532 3.000 2.532
+score PDS_BAD_THREAD_QP_64                  0.001 0.180 0.001 0.180
+score PDS_BTC_ID                            0.500 0.318 0.500 0.318
+score PDS_BTC_MSGID                         0.001 0.001 0.001 0.001
+score PDS_BTC_NTLD                          0.515 0.554 0.515 0.554
+score PDS_DBL_URL_TNB_RUNON                 1.999 1.000 1.999 1.000
+score PDS_FROM_2_EMAILS                     1.268 1.923 1.268 1.923
 score PDS_HELO_SPF_FAIL                     0.001 1.000 0.001 1.000
-score PDS_HP_HELO_NORDNS                    0.001 0.001 0.001 0.001
-score PDS_OTHER_BAD_TLD                     1.999 0.001 1.999 0.001
-score PDS_PHPEXP_BOT                        1.499 0.001 1.499 0.001
-score PDS_PHP_EVAL                          0.959 1.498 0.959 1.498
+score PDS_NAKED_TO_NUMERO                   1.999 1.999 1.999 1.999
+score PDS_NO_FULL_NAME_SPOOFED_URL          0.750 0.750 0.750 0.750
+score PDS_OTHER_BAD_TLD                     1.999 1.999 1.999 1.999
 score PDS_RDNS_DYNAMIC_FP                   0.001 0.001 0.001 0.001
+score PDS_SHORT_SPOOFED_URL                 1.999 1.999 1.999 1.999
 score PDS_TINYSUBJ_URISHRT                  1.000 1.000 1.000 1.000
-score PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE     1.999 0.745 1.999 0.745
-score PDS_TONAME_EQ_TOLOCAL_HDRS_LCASE      1.999 1.997 1.999 1.997
-score PDS_TO_EQ_FROM_NAME                   3.299 2.796 3.299 2.796
+score PDS_TONAME_EQ_TOLOCAL_FREEM_FORGE     1.000 1.000 1.000 1.000
 score PHISH_AZURE_CLOUDAPP                  3.500 3.500 3.500 3.500
 score PHISH_FBASEAPP                        1.000 1.000 1.000 1.000
-score PHOTO_EDITING_DIRECT                  1.000 1.000 1.000 1.000
-score PHOTO_EDITING_FREEM                   1.000 1.000 1.000 1.000
 score PHP_NOVER_MUA                         1.000 1.000 1.000 1.000
-score PHP_ORIG_SCRIPT                       2.499 2.249 2.499 2.249
-score PHP_ORIG_SCRIPT_EVAL                  2.293 2.996 2.293 2.996
-score PHP_SCRIPT                            2.499 2.497 2.499 2.497
+score PHP_ORIG_SCRIPT                       2.499 2.491 2.499 2.491
+score PHP_SCRIPT                            2.499 2.352 2.499 2.352
 score PHP_SCRIPT_MUA                        1.000 1.000 1.000 1.000
-score PP_MIME_FAKE_ASCII_TEXT               0.999 0.998 0.999 0.998
+score PP_MIME_FAKE_ASCII_TEXT               0.999 0.001 0.999 0.001
 score PP_TOO_MUCH_UNICODE02                 0.500 0.500 0.500 0.500
 score PP_TOO_MUCH_UNICODE05                 1.000 1.000 1.000 1.000
 score PUMPDUMP                              1.000 1.000 1.000 1.000
 score PUMPDUMP_MULTI                        1.000 1.000 1.000 1.000
 score RAND_HEADER_LIST_SPOOF                1.000 1.000 1.000 1.000
 score RAND_HEADER_MANY                      1.000 1.000 1.000 1.000
-score RAND_MKTG_HEADER                      1.999 1.997 1.999 1.997
+score RAND_MKTG_HEADER                      1.999 1.999 1.999 1.999
 score RATWARE_NO_RDNS                       0.001 0.001 0.001 0.001
 score RCVD_DOTEDU_SHORT                     1.000 1.000 1.000 1.000
 score RCVD_DOTEDU_SUSP_URI                  1.000 1.000 1.000 1.000
@@ -303,13 +301,13 @@ score RCVD_IN_MSPIKE_L5                     0.001 0.001 0.001 0.001
 score RCVD_IN_MSPIKE_WL                     0.001 0.001 0.001 0.001
 score RCVD_IN_MSPIKE_ZBI                    0.001 0.001 0.001 0.001
 score RDNS_NUM_TLD_ATCHNX                   1.000 1.000 1.000 1.000
-score RDNS_NUM_TLD_XM                       2.999 2.009 2.999 2.009
-score REPLYTO_EMPTY                         3.099 2.896 3.099 2.896
-score REPTO_419_FRAUD                       1.000 2.996 1.000 2.996
+score RDNS_NUM_TLD_XM                       1.000 1.000 1.000 1.000
+score READY_TO_SHIP                         1.000 1.000 1.000 1.000
+score REPTO_419_FRAUD                       1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_AOL                   1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_AOL_LOOSE             1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_CNS                   1.000 1.000 1.000 1.000
-score REPTO_419_FRAUD_GM                    2.999 2.996 2.999 2.996
+score REPTO_419_FRAUD_GM                    1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_GM_LOOSE              1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_HM                    1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_OL                    1.000 1.000 1.000 1.000
@@ -319,94 +317,92 @@ score REPTO_419_FRAUD_YH                    1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_YH_LOOSE              1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_YJ                    1.000 1.000 1.000 1.000
 score REPTO_419_FRAUD_YN                    1.000 1.000 1.000 1.000
-score RISK_FREE                             2.299 2.197 2.299 2.197
-score SCRIPT_GIBBERISH                      0.001 0.001 0.001 0.001
-score SENDGRID_REDIR                        1.499 0.910 1.499 0.910
+score REPTO_INFONUMSCOM                     1.000 1.000 1.000 1.000
+score RISK_FREE                             0.001 0.001 0.001 0.001
+score SCC_CANSPAM_2                         2.700 0.631 2.700 0.631
+score SCC_ISEMM_LID_1                       1.000 1.000 1.000 1.000
+score SCC_ISEMM_LID_1A                      3.301 3.499 3.301 3.499
+score SCC_ISEMM_LID_1B                      1.499 1.499 1.499 1.499
+score SENDGRID_REDIR                        1.499 1.062 1.499 1.062
 score SENDGRID_REDIR_PHISH                  1.000 1.000 1.000 1.000
-score SEO_SUSP_NTLD                         0.001 1.000 0.001 1.000
-score SERGIO_SUBJECT_VIAGRA01               3.239 0.001 3.239 0.001
-score SHOPIFY_IMG_NOT_RCVD_SFY              2.499 2.497 2.499 2.497
-score SHORTENED_URL_SRC                     2.399 2.397 2.399 2.397
-score SHORTENER_SHORT_IMG                   2.411 2.210 2.411 2.210
+score SEO_SUSP_NTLD                         1.000 1.000 1.000 1.000
+score SERGIO_SUBJECT_VIAGRA01               3.135 1.313 3.135 1.313
+score SHOPIFY_IMG_NOT_RCVD_SFY              2.038 2.499 2.038 2.499
+score SHORTENER_SHORT_IMG                   1.045 1.296 1.045 1.296
 score SHORT_IMG_SUSP_NTLD                   1.000 1.000 1.000 1.000
-score SHORT_SHORTNER                        2.000 1.997 2.000 1.997
-score SPOOFED_FREEMAIL                      0.001 1.324 0.001 1.324
-score SPOOFED_FREEMAIL_NO_RDNS              1.000 0.001 1.000 0.001
-score SPOOFED_FREEM_REPTO                   0.001 2.497 0.001 2.497
+score SHORT_SHORTNER                        1.999 1.999 1.999 1.999
+score SPOOFED_FREEMAIL                      0.001 0.001 0.001 0.001
+score SPOOFED_FREEMAIL_NO_RDNS              0.001 0.001 0.001 0.001
+score SPOOFED_FREEM_REPTO                   0.001 0.502 0.001 0.502
 score SPOOFED_FREEM_REPTO_CHN               0.001 1.000 0.001 1.000
 score SPOOFED_FREEM_REPTO_RUS               0.001 1.000 0.001 1.000
-score SPOOF_GMAIL_MID                       1.000 1.497 1.000 1.497
+score SPOOF_GMAIL_MID                       1.499 0.001 1.499 0.001
 score STATIC_XPRIO_OLE                      0.001 0.001 0.001 0.001
 score STOCK_TIP                             1.000 1.000 1.000 1.000
+score SUBJ_ATTENTION                        0.499 0.499 0.499 0.499
 score SUBJ_BRKN_WORDNUMS                    1.000 1.000 1.000 1.000
-score SUBJ_OBFU_LOW_CNTRST                  2.499 1.488 2.499 1.488
 score SURBL_BLOCKED                         0.001 0.001 0.001 0.001
-score SUSP_UTF8_WORD_SUBJ                   1.999 1.997 1.999 1.997
+score SUSP_UTF8_WORD_SUBJ                   2.000 0.367 2.000 0.367
 score SYSADMIN                              1.000 1.000 1.000 1.000
 score TAGSTAT_IMG_NOT_RCVD_TGST             1.000 1.000 1.000 1.000
 score TARINGANET_IMG_NOT_RCVD_TN            1.000 1.000 1.000 1.000
-score THIS_AD                               1.199 0.998 1.199 0.998
-score THIS_IS_ADV_SUSP_NTLD                 0.001 1.000 0.001 1.000
+score THIS_AD                               1.899 1.799 1.899 1.799
+score THIS_IS_ADV_SUSP_NTLD                 1.000 1.000 1.000 1.000
 score TONLINE_FAKE_DKIM                     1.000 1.000 1.000 1.000
-score TO_EQ_FM_DIRECT_MX                    0.001 0.001 0.001 0.001
+score TO_EQ_FM_DIRECT_MX                    1.000 1.000 1.000 1.000
 score TO_EQ_FM_DOM_SPF_FAIL                 0.001 0.001 0.001 0.001
 score TO_EQ_FM_SPF_FAIL                     0.001 0.001 0.001 0.001
-score TO_IN_SUBJ                            0.099 0.098 0.099 0.098
-score TO_NAME_SUBJ_NO_RDNS                  2.999 2.959 2.999 2.959
-score TO_NO_BRKTS_DYNIP                     0.001 0.250 0.001 0.250
-score TO_NO_BRKTS_FROM_MSSP                 2.499 1.706 2.499 1.706
-score TO_NO_BRKTS_HTML_IMG                  1.999 1.997 1.999 1.997
-score TO_NO_BRKTS_HTML_ONLY                 1.999 1.997 1.999 1.997
-score TO_NO_BRKTS_MSFT                      1.000 0.001 1.000 0.001
-score TO_NO_BRKTS_NORDNS_HTML               1.999 1.203 1.999 1.203
-score TO_NO_BRKTS_PCNT                      2.260 1.219 2.260 1.219
-score TRANSFORM_LIFE                        2.499 2.497 2.499 2.497
-score TVD_RCVD_SPACE_BRACKET                2.899 2.696 2.899 2.696
-score TVD_SPACE_ENCODED                     1.000 0.001 1.000 0.001
-score TVD_SPACE_ENC_FM_MIME                 1.000 1.000 1.000 1.000
-score TVD_SPACE_RATIO_MINFP                 1.000 0.001 1.000 0.001
+score TO_IN_SUBJ                            0.100 0.100 0.100 0.100
+score TO_NAME_SUBJ_NO_RDNS                  1.000 1.000 1.000 1.000
+score TO_NO_BRKTS_FROM_MSSP                 2.499 2.499 2.499 2.499
+score TO_NO_BRKTS_HTML_IMG                  1.999 1.999 1.999 1.999
+score TO_NO_BRKTS_HTML_ONLY                 1.999 1.999 1.999 1.999
+score TO_NO_BRKTS_MSFT                      0.001 0.001 0.001 0.001
+score TO_NO_BRKTS_NORDNS_HTML               2.000 1.999 2.000 1.999
+score TO_NO_BRKTS_PCNT                      2.499 2.500 2.499 2.500
+score TVD_RCVD_SPACE_BRACKET                0.126 0.557 0.126 0.557
+score TVD_SPACE_ENCODED                     2.046 0.001 2.046 0.001
+score TVD_SPACE_RATIO_MINFP                 0.796 0.001 0.796 0.001
 score TW_GIBBERISH_MANY                     1.000 1.000 1.000 1.000
 score UC_GIBBERISH_OBFU                     1.000 1.000 1.000 1.000
-score UNDISC_FREEM                          3.299 3.096 3.299 3.096
-score UNDISC_MONEY                          3.599 3.396 3.599 3.396
-score UNICODE_OBFU_ASC                      2.499 2.497 2.499 2.497
+score UNDISC_FREEM                          2.899 2.799 2.899 2.799
+score UNDISC_MONEY                          3.299 3.200 3.299 3.200
+score UNICODE_OBFU_ASC                      2.499 2.499 2.499 2.499
 score UNICODE_OBFU_ZW                       1.000 1.000 1.000 1.000
+score UNSUB_GOOG_FORM                       1.000 1.000 1.000 1.000
 score URI_ADOBESPARK                        1.000 1.000 1.000 1.000
 score URI_AZURE_CLOUDAPP                    1.000 1.000 1.000 1.000
 score URI_DASHGOVEDU                        1.000 1.000 1.000 1.000
 score URI_DATA                              1.000 1.000 1.000 1.000
-score URI_DOTEDU                            1.999 1.997 1.999 1.997
+score URI_DOTEDU                            1.999 1.265 1.999 1.265
 score URI_DOTEDU_ENTITY                     1.000 1.000 1.000 1.000
-score URI_FIREBASEAPP                       2.999 2.996 2.999 2.996
-score URI_GOOGLE_PROXY                      2.499 2.397 2.499 2.397
-score URI_GOOG_STO_SPAMMY                   2.999 2.996 2.999 2.996
+score URI_FIREBASEAPP                       1.000 1.000 1.000 1.000
+score URI_GOOGLE_PROXY                      2.199 2.199 2.199 2.199
+score URI_GOOG_STO_SPAMMY                   3.000 3.000 3.000 3.000
 score URI_HEX_IP                            1.000 1.000 1.000 1.000
 score URI_IMG_WP_REDIR                      1.000 1.000 1.000 1.000
-score URI_IN_URI_10                         2.699 2.497 2.699 2.497
 score URI_LONG_REPEAT                       1.000 1.000 1.000 1.000
-score URI_ONLY_MSGID_MALF                   1.000 1.997 1.000 1.997
+score URI_OBFU_DOM                          2.499 2.500 2.499 2.500
+score URI_ONLY_MSGID_MALF                   0.001 1.000 0.001 1.000
 score URI_OPTOUT_3LD                        1.000 1.000 1.000 1.000
-score URI_PHISH                             3.999 3.625 3.999 3.625
-score URI_PHP_REDIR                         3.500 3.169 3.500 3.169
-score URI_TRY_3LD                           1.940 1.204 1.940 1.204
+score URI_PHISH                             3.999 3.699 3.999 3.699
+score URI_PHP_REDIR                         1.000 1.000 1.000 1.000
+score URI_TRY_3LD                           1.948 0.378 1.948 0.378
 score URI_TRY_USME                          1.000 1.000 1.000 1.000
-score URI_WPADMIN                           2.699 2.596 2.699 2.596
-score URI_WP_DIRINDEX                       3.499 3.496 3.499 3.496
-score URI_WP_HACKED                         1.000 3.496 1.000 3.496
-score URI_WP_HACKED_2                       2.499 2.497 2.499 2.497
+score URI_WPADMIN                           1.686 2.199 1.686 2.199
+score URI_WP_DIRINDEX                       1.000 1.000 1.000 1.000
+score URI_WP_HACKED                         1.686 3.499 1.686 3.499
+score URI_WP_HACKED_2                       2.499 2.499 2.499 2.499
 score USB_DRIVES                            1.000 1.000 1.000 1.000
-score USER_IN_DKIM_WELCOMELIST              0.001 0.001 0.001 0.001
-score VFY_ACCT_NORDNS                       2.912 2.996 2.912 2.996
+score VFY_ACCT_NORDNS                       2.528 1.970 2.528 1.970
 score VPS_NO_NTLD                           1.000 1.000 1.000 1.000
 score WALMART_IMG_NOT_RCVD_WAL              1.000 1.000 1.000 1.000
-score WORD_INVIS                            1.000 1.000 1.000 1.000
-score WORD_INVIS_MANY                       1.000 1.000 1.000 1.000
-score XFER_LOTSA_MONEY                      1.000 0.998 1.000 0.998
-score XM_DIGITS_ONLY                        1.930 0.858 1.930 0.858
-score XM_LIGHT_HEAVY                        2.499 2.497 2.499 2.497
-score XM_RANDOM                             2.499 2.497 2.499 2.497
-score XM_RECPTID                            2.999 2.996 2.999 2.996
-score XPRIO                                 1.000 0.001 1.000 0.001
-score XPRIO_SHORT_SUBJ                      1.000 1.000 1.000 1.000
-score YOU_INHERIT                           0.549 0.001 0.549 0.001
-score ZW_OBFU_FREEM                         1.999 1.997 1.999 1.997
+score WORD_INVIS                            0.544 0.001 0.544 0.001
+score WORD_INVIS_MANY                       2.999 2.999 2.999 2.999
+score XFER_LOTSA_MONEY                      0.999 0.001 0.999 0.001
+score XM_DIGITS_ONLY                        1.000 1.000 1.000 1.000
+score XM_RANDOM                             1.799 0.001 1.799 0.001
+score XPRIO                                 1.104 0.001 1.104 0.001
+score XPRIO_SHORT_SUBJ                      1.170 2.499 1.170 2.499
+score XPRIO_URL_SHORTNER                    0.999 0.999 0.999 0.999
+score YOU_INHERIT                           1.606 2.237 1.606 2.237
diff --git a/sa-updates/languages b/sa-updates/languages
index 456efe3..b3c4a95 100644
Binary files a/sa-updates/languages and b/sa-updates/languages differ