Skip to main content
Back to Gorganizer

Changelog

What's new in Gorganizer — the Gmail inbox cleaner that works while you sleep.

  1. v9.19Security

    SACRED safety invariant — top-level regression guard

    • Composite SACRED-safety invariant test covering 10 categories of "NEVER delete" rules (starred emails, PDF/DOC/XLSX/ZIP attachments, strict-invoice senders, recent calendar invites, self-sends, ambiguous-confidence scores, invoice/receipt subject keywords in English + Swedish with NFC Unicode normalization, reply/forward prefixes in six languages, In-Reply-To + References headers, security-code/OTP/monetary body signals, and Gmail-IMPORTANT labels).
    • Every rule enforced by the isSafeToDelete gate now has at least one top-level composite-invariant test. A refactor that accidentally drops any protection fails loudly in CI.
    • Includes one adversarial test for the reply-chain-hijack exception: attacker-injected In-Reply-To headers must NOT shield phishing emails from trash when the hijack detector fires.
  2. v9.18Security

    Pre-launch security hardening

    • Cross-Origin-Opener-Policy (same-origin-allow-popups) and Cross-Origin-Resource-Policy (same-origin) headers added — isolate the browsing context against Spectre-class side-channel attacks while keeping OAuth popup flows functional.
    • Content-Security-Policy directives manifest-src and worker-src added explicitly for the PWA manifest and Next.js web workers — locks them in against future default-src tightening.
    • Deploy-log cleanup: env-validation warning deduplicated via globalThis sentinel (211 duplicate lines per build → 9), dynamic-route annotations on /api/phishing-leaderboard and /api/tools/gmail-inbox-analyzer eliminate recurring "dynamic server usage" warnings.
    • robots.txt extended to disallow /admin and /share/ (tokenized share URLs) so admin UI and one-time tokens never leak into search indexes.
    • Error pages (not-found.tsx + error.tsx + global-error.tsx) hardened with motion-safe transitions, active:scale press feedback, and focus-visible:ring focus rings across every CTA.
    • Single shared site-URL helper (src/lib/site-url.ts) unifies robots.ts, sitemap.ts, email-unsubscribe-token.ts, and 14 email-template hrefs so the domain migrates with one env var change.
  3. v9.17Feature

    52 new 2026 scam-detection signals

    • Health-insurance trio — UnitedHealthcare/Aetna/Cigna prior-auth denial lure (exploits 2024 UnitedHealth auto-denial controversy), auto-insurance policy-expiring lure (targets 230M+ US drivers with "driving illegally" framing), homeowner-insurance non-renewal lure (post-CA + FL insurance-market-exit crisis).
    • Highest-blast-radius consumer credential class covered: 1Password/LastPass/Bitwarden/Dashlane master-password breach lure — one credential unlocks every saved account.
    • Physical-world attack chains: smart-home (Ring/Nest/SimpliSafe) breach → burglary handoff, connected-car (Tesla/Rivian/Mercedes) account takeover → remote unlock + physical vehicle theft.
    • Financial account coverage: retirement-account (Fidelity/Vanguard/Schwab — $40T US surface) breach lure, SIM-swap (Verizon/AT&T/T-Mobile) approval lure that bypasses SMS 2FA, student-loan-servicer (Aidvantage/MOHELA/Nelnet) payment-failed lure for 44M federal borrowers.
    • Loyalty-asset liquidation: airline miles (Delta/American/United — 230M+ members) and hotel points (Marriott/Hilton/Hyatt — 430M+ members) expiration lures.
    • Additional coverage: password-manager, SIM-swap carrier approval, K-12 parent school portal (PowerSchool), cloud-compute DevOps (AWS/Azure/GCP), tax-software (TurboTax/HR Block) breach, BNPL (Klarna/Afterpay/Affirm), Web3 wallet drainer signatures, AI API key leaks, gig-worker deactivation, Meta Business Suite + LinkedIn Recruiter, Airbnb host payout, Shopify store suspension, Microsoft 365 MFA reset, Robinhood brokerage, IRS refund hold, Venmo/Cash App P2P, Coinbase exchange, Stripe dashboard, ChatGPT Plus subscription, Amazon Seller Central, MyChart patient portal, Google Business Profile, FAFSA deadline.
    • Each signal includes vendor allowlist, demographic-specific urgency regex, In-Reply-To / List-Unsubscribe guards, and 9 regression tests (3 positive + 6 negative) locking in both detection and the correct no-fire cases.
  4. v10.0Security

    1,050+ scoring signals, 115+ scam types detected

    • Scoring engine now evaluates 1,050+ signals per email. Added 16 new named scam signals across Rounds 68–75: PayPal / Microsoft / Apple / Google / Amazon phishing, FedEx/UPS/USPS delivery fee fraud, bank wire transfer fraud alerts, romance scams, IRS arrest threats, lottery advance fee, job reshipping money mule, SSN suspension, student loan forgiveness fraud, health insurance enrollment scams, weight-loss supplement spam, and home warranty expiration scams.
  5. v9.16Feature

    Outlook / Microsoft 365 support prep

    • Email provider abstraction layer — decouples the scanning and cleaning pipeline from Gmail-specific APIs. Outlook and M365 connectors can now be wired in without touching core logic.
  6. v9.15Feature

    Community phishing reporting + leaderboard

    • Fourth free tool: users can report phishing emails to a shared community database and compete on a public leaderboard. Crowdsourced threat intelligence feeds back into the scoring engine.
  7. v9.14Performance

    A/B testing infrastructure

    • Server-side A/B testing framework for landing page variants, pricing experiments, and onboarding flows. Feature flags with consistent user bucketing and analytics integration.
  8. v9.13SEO

    Social proof on landing page

    • Live stats counters, trust badges, and user testimonials added to the landing page. Builds credibility for first-time visitors and improves conversion.
  9. v9.12Feature

    Full i18n migration — Swedish + German UI

    • Complete internationalization of all UI strings. Swedish and German fully supported with locale-aware formatting for dates, numbers, and plurals.
  10. v9.11Performance

    Supabase migrations — 21 files, production-ready DB

    • 21 migration files covering all tables, indexes, RLS policies, and seed data. Database schema is now fully version-controlled and reproducible from scratch.
  11. v9.10Feature

    Before/after inbox visualization

    • Interactive before/after comparison on the landing page showing a cluttered inbox transforming into a clean one. Communicates the product value instantly.
  12. v9.9Feature

    Weekly email report for paid users

    • Paid users receive a weekly summary email with emails cleaned, storage reclaimed, threats blocked, and top spam senders. Reinforces ongoing value.
  13. v9.8Feature

    Smart Digest — borderline email bundling

    • Daily or weekly digest that bundles borderline emails (scored near the threshold) into a single summary. Reduces noise without risking important mail.
  14. v9.7Feature

    Privacy Score widget

    • Dashboard widget showing your inbox privacy score out of 100, benchmarked against competitors. Highlights tracker exposure, unencrypted senders, and data-sharing risk.
  15. v9.6Feature

    Onboarding wizard — 5-step guided setup

    • New users walk through a 5-step wizard: connect Gmail, set cleaning aggressiveness, choose categories to protect, preview results, and confirm. Reduces time-to-value.
  16. v9.5Feature

    Multi-account support

    • Connect multiple Gmail accounts to a single Gorganizer account. Free tier gets 1, Pro gets 2, Business gets 5. Each account scans and cleans independently.
  17. v9.4Feature

    Gmail storage reclaimed metric

    • Dashboard now shows total MB/GB of storage reclaimed by cleaning. Tracks attachment sizes and email weight across all clean runs.
  18. v9.3Feature

    Annual re-clean pass ($2.99/yr)

    • New pricing tier: a $2.99/year pass for users who want a single deep clean annually. Lower barrier to entry for light users.
  19. v9.2Security

    All 9 Red Team security gaps closed

    • Closed every remaining Red Team finding: ASCII QR codes, calendar phishing, Google infrastructure abuse, AI-generated phishing, DMARC alignment checks, and 4 more. Zero known blind spots.
  20. v9.1Performance

    Engine modular architecture — 14K monolith split into 15 files

    • Refactored the scoring engine from a single 14,000-line file into 15 focused modules. Faster builds, easier testing, and cleaner ownership boundaries.
  21. v9.0Security

    1,012 scoring signals

    • Scoring engine now evaluates 1,012 signals per email (was 879). New signals cover emerging 2025 threat patterns, regional spam variants, and refined attachment analysis.
  22. v8.0New

    1,751+ signals, free tools suite, blog, Smart Protection Report, 2025 threat detection

    • 406 new scoring signals (500 → 906): live Gmail inbox analysis, Red/Blue Team security audits, international marketing (German/French/Spanish/Swedish), 2025 threat detection (QR phishing, CSS zero-font, SVG/HTML smuggling, TOAD callback, AMP redirects, homoglyph obfuscation, crypto scams, OAuth phishing, MFA fatigue, BitB browser attacks, deepfake voicemail, CSRF, reply-chain hijacking), and 60+ new spam/protective categories.
    • Free tools suite: "Is This Email Suspicious?" email checker (/tools/email-checker) and "Is This Sender Legit?" sender reputation check (/tools/sender-check). Both powered by the full 1,751+ signal engine, no signup required. Forwarded email parser auto-fills from Gmail/Outlook forwards. Tools hub at /tools.
    • Dashboard trust features: Smart Protection Report shows what was SAVED (invoices, security codes, calendar invites). Privacy Summary shows exactly what data was accessed. Share Your Clean Stats lets users post results to X/LinkedIn with referral link. Top Trash Senders panel ranks worst offenders.
    • Blog with 8 SEO articles in English and Swedish: "How to Clean Gmail", "Is Unroll.me Safe?", "Gmail Storage Full?", "Best Gmail Cleaner 2026", "How to Spot Phishing Emails", "Stop Spam Emails", "Email Privacy Guide", and "Rensa din Gmail-inkorg" (Swedish). All statically generated with JSON-LD BlogPosting schema.
    • Landing page: competitor comparison table (Gorganizer vs Clean Email vs SaneBox vs Unroll.me), trust strip with 5 credibility signals, phishing detection showcase with free tool CTA. WCAG 2.1 AA accessibility audit passed.
    • 10,507 tests across 298 test files. 195 golden-set regression fixtures. Performance: 1.1ms per email scoring (904 emails/sec). 8 Nordic ESP detectors. 20 sitemap pages.
  23. v7.0New

    500+ signals, Simple/Advanced mode, interactive signal charts, and landing page animations

    • 297 new scoring signals (203 → 500): commercial notifications (abandoned cart, trial expiration, NPS surveys, loyalty rewards), transactional protection (travel bookings, healthcare, bank alerts, government notices, insurance, legal holds, utility bills, food delivery, prescriptions, boarding passes, tax filings), subject patterns (urgency deadlines, personalized greetings, question hooks, listicles, emoji detection), footer detection (copyright, privacy policy, CAN-SPAM address, ESP names), and lifestyle signals (smart home, pet care, sports, weather, recipes, childcare, weddings, graduations). 138 protective signals ensure invoices, receipts, and important emails are never trashed.
    • Simple/Advanced dashboard mode: toggle between a calm summary view (one-click clean) and full transparency with stats, categories, signal distribution chart, search, and filters. Persists in localStorage. Advanced mode auto-expands on scan complete.
    • Interactive SignalDistribution bar chart: horizontal bars showing top 8 signals by frequency, color-coded by tier. Click any bar to filter the email list to only emails with that signal. "Clear filter" chip above the email list.
    • Dashboard split: 4 major component extractions (EmailCard, ScanEntryView, FloatingCleanButton, ProcessingHistory) reduced dashboard from 2167 to 1605 lines (-26%). 62 new component tests shrunk the coverage allowlist to just 1 entry.
    • Landing page polish: ScrollReveal viewport-triggered animations on all below-fold sections with staggered delays. AnimatedCounter counts up from 0 with ease-out cubic when stats bar enters viewport. Animated gradient text on hero heading. Pulsing "1,751+ Smart Signals" badge. Zero dependencies — pure IntersectionObserver + requestAnimationFrame + CSS.
  24. v6.0New

    200+ signals, dashboard refactor, BEC fraud detection, and single-source brand data

    • 14 new engine signals: href-brand-in-path (phishing links with brand names in URL paths), subject-bracket-urgency-tag ([URGENT] / [FINAL NOTICE] fake headers), body-payment-details-override (BEC vendor-fraud — "our bank details have changed"), body-letter-spaced-keyword (p a y p a l classifier evasion), display-name-contains-emoji, subject and anchor-text invisible-char obfuscation, message-id-freewebmail-mismatch (corporate From + gmail Message-ID forgery fingerprint), attachment and display-name mixed-script homographs (Cyrillic/Greek lookalikes), SVG foreignObject sanitizer bypass, and WhatsApp + Signal move-off-email detection.
    • Dashboard refactored: 12 extractions (StatsGrid, PhishingThreatBanner, CategoryBreakdown, TabNavigation, SortControl, SearchInput, EmptyState + 5 pure-logic helpers) reduced dashboard from 2339 to 2126 lines (-9.1%) with 147 new component tests. Fixed a latent whitespace-only search bug and NaN date-sort instability.
    • Brand trust data unified: three drifted copies of brand domain lists (HREF_BRAND_LABELS, LOOKALIKE_PATTERNS, BRAND_TRUST_MAP) collapsed into one canonical source in config.ts with derived lookups. Added 4 US banks, expanded Microsoft (+4 domains including microsoftonline.com), Google (+3), Apple (+1). 43-test invariant suite prevents future drift.
    • CTA labels unified to "Unlock for $4.99" everywhere. Signal count updated from 90+ to 200+ across all marketing pages with an invariant test that verifies the claim stays honest.
  25. v5.9Improvement

    Visa / immigration scam detection — fake visa approval + processing fee to release documents

    • New visa-immigration-scam signal (+5 trash, danger tier): fires when a body contains a fake government-authority approval claim ("Your visa application has been approved", "Your green card has been granted", "Congratulations — you have been selected in the DV Lottery", "Your work permit is ready for collection") AND a monetisation trap: a processing/clearance/activation fee to "release" the documents, a Western Union/Bitcoin/gift-card payment demand, a request to enter personal data "to verify your record", or the advance-fee pattern of "pay before your visa can be issued".
    • Covers the full immigration scam family: tourist, student, work, business, and DV diversity visa lottery frauds, as well as green card advance-fee schemes. The DV Lottery never charges winners a fee — legitimate DV winners are notified only through the official DV Entrant Status Check at dvlottery.state.gov. No legitimate embassy or USCIS communication cold-emails an approval then demands a wire transfer.
    • 7 new tests: visa approval + processing fee, green card granted + clearance fee, DV lottery selected + fee payment, visa documents ready + western union, congratulations green card + collection fee, plus FP guards for a real US Embassy appointment reminder and a USCIS case status update notification.
  26. v5.8Improvement

    IRS tax phone scam detection — back-tax debt claim + call to avoid arrest / gift-card payment demand

    • New irs-tax-phone-scam signal (+5 trash, danger tier): fires when a body contains an IRS/tax-authority debt claim ("you owe back taxes", "your tax account is delinquent", "you are under investigation for tax evasion", "final notice — IRS tax debt") AND an illegal pressure tactic the real IRS explicitly states it never uses: a call-back demand to avoid arrest or criminal charges, an arrest/warrant threat for unpaid tax, a demand to pay via gift cards or Bitcoin, a bank-account-seizure/wage-garnishment threat combined with an immediate action demand, or a "do not ignore / failure to respond = arrest" robocall script.
    • This is a separate signal from the existing tax-authority-phishing (which covers refund-claim credential harvest — "click to claim your refund, enter your SSN"). This signal targets the far more common "call or be arrested for tax debt" family, which is consistently the #1 or #2 most-reported government impersonation scam to the FTC. The IRS only contacts taxpayers by postal mail first, never demands immediate payment by email, and never accepts gift cards or cryptocurrency.
    • 7 new tests: IRS back taxes + call to avoid criminal charges, IRS final notice + arrest warrant, tax evasion investigation + gift card payment, IRS debt + arrest warrant bidirectional, bank account frozen + call now, plus FP guards for a TurboTax filing confirmation and an H&R Block appointment reminder.
  27. v5.7Improvement

    Social Security / Medicare benefit scam detection — SSN suspended + urgent call / arrest threat / gift-card demand

    • New social-security-benefit-scam signal (+5 trash, danger tier): fires when a body contains a Social Security, Medicare, or SSN suspension/compromise claim ("Your Social Security number has been suspended", "Your SSN was flagged for criminal activity", "Your Medicare benefits have been terminated") AND an illegal pressure tactic the real SSA explicitly states it never uses: an urgent call-back demand, arrest/warrant threat for failing to respond, gift card or Bitcoin payment to "reactivate" benefits, or a request to provide your SSN to "verify identity".
    • The SSA only contacts people by postal mail — it never sends emails about benefit suspensions and never asks for payment to restore Social Security or Medicare. The FTC receives hundreds of thousands of SSA impersonation scam reports each year, making it one of the most common government impersonation scam families.
    • 7 new tests: SSN suspended + call immediately, SSN compromised + arrest warrant, SS benefits frozen + gift card to restore, Medicare suspended + provide SSN to verify, suspicious activity on SS account + failure to respond = arrest, plus FP guards for a legitimate SSA retirement benefit start notice and a Medicare wellness visit reminder.
  28. v5.6Improvement

    Background check / public records removal scam detection — data-broker fear + pay-to-remove / personal info phishing

    • New background-check-removal-scam signal (+5 trash, danger tier): fires when a body contains a personal data exposure claim — your home address, phone number, criminal records, or profile was "found" and publicly listed on data-broker sites (Spokeo, BeenVerified, Whitepages, Intelius, TruthFinder, Instant Checkmate, Radaris, etc.) — AND a monetisation or phishing element: a fee/subscription to "remove" the data, fear framing ("criminals/stalkers can find you"), "guaranteed removal from all sites", or a request to enter personal details to "check your record".
    • Legitimate privacy services (DeleteMe, Abine, Privacy Bee) are subscriptions you sign up for — they send removal reports to existing customers, not cold fear-emails with immediate payment demands. The FTC notes that data broker opt-outs are legally required to be free under CCPA — no company can charge you to exercise your opt-out rights.
    • 7 new tests: Spokeo record found + pay to remove, home address publicly listed + criminals can find you, BeenVerified + guaranteed removal from all sites, background check + enter personal info to view, people search + subscription to remove data, plus FP guards for a legitimate privacy service report and a data breach notification email.
  29. v5.5Improvement

    Business grant/government funding scam detection — fake SBA/govt grant approval + processing fee

    • New business-grant-loan-scam signal (+5 trash, danger tier): fires when a body contains a business grant or government funding claim (SBA/CARES Act/EIDL impersonation, "free business capital", "no repayment required" for a loan, or "you have been pre-approved for a business grant") AND demands an upfront fee before the funds can be released (processing/activation/security deposit, "pay $X to unlock your grant", refundable deposit, tax/clearance fee).
    • Real government grant programmes (SBA, SBIR, USDA, NEA) never charge application or activation fees — this is an advance-fee fraud variant under a different disguise. The FTC and SBA issue regular warnings about these scams, which typically target small business owners and self-employed individuals.
    • 7 new tests: SBA grant approval + processing fee, free business capital + activation fee, pre-approved for government grant + security deposit, CARES Act grant + pay to release, "no repayment required" loan + upfront fee, plus FP guards for a legitimate bank business loan offer and a real SBA programme information email.
  30. v5.4Improvement

    Fake debt collection scam detection — FDCPA-illegal arrest threats + gift-card/crypto payment demands

    • New fake-debt-collection-scam signal (+5 trash, danger tier): fires when a body contains a debt collection context (outstanding debt, account in collections, law firm/attorney + unpaid balance) AND an illegal pressure tactic — an arrest/warrant threat ("a warrant for your arrest has been issued"), federal agents/marshal dispatch threat, criminal charges framing for civil debt, or payment demanded via gift cards, prepaid debit, Bitcoin, or Western Union.
    • The FDCPA (Fair Debt Collection Practices Act) explicitly prohibits threatening arrest for consumer debt. Real collection agencies send written notice with dispute rights and accept payment via check or ACH — they never demand gift card codes or cryptocurrency. These scams target people with real or fabricated debt anxiety.
    • 7 new tests: collection agency + arrest warrant, law office + criminal charges, debt + federal agents dispatched, outstanding balance + pay via gift cards, final notice + pay via Bitcoin, plus FP guards for a legitimate credit bureau notification and a real bank past-due notice.
  31. v5.3Improvement

    Fake charity / disaster-relief donation fraud detection — charity impersonation + untraceable payment

    • New fake-charity-solicitation signal (+5 trash, danger tier): fires when a body contains a charity or disaster-relief donation appeal (named real charity — Red Cross, UNICEF, Save the Children, Oxfam, etc. — OR generic humanitarian/disaster crisis) AND routes the donation through an untraceable payment channel: Western Union, MoneyGram, gift cards, cryptocurrency wallet address, or bank account details request.
    • Legitimate charities (Red Cross, UNICEF, Habitat for Humanity) accept donations via credit card on their official website or PayPal Giving Fund — they never ask you to wire money via Western Union, buy gift cards and email the codes, or send Bitcoin to a wallet address. These scams spike after major disasters (earthquakes, hurricanes, war) when public sympathy is highest.
    • 7 new tests: Red Cross + Western Union, UNICEF + Bitcoin wallet address, earthquake victims + MoneyGram, children in crisis + gift cards, Save the Children + Zelle, plus FP guards for a legitimate Red Cross donation email and a UNICEF newsletter with no unusual payment method.
  32. v5.2Improvement

    Weight loss miracle spam detection — rapid loss claims + fraudulent supplements + buy-now CTA

    • New weight-loss-miracle-spam signal (+5 trash, danger tier): fires when a body contains a miracle weight loss claim — quantified rapid loss ("lose 30 lbs in 30 days"), zero-effort modifier ("no diet or exercise", "burn fat while you sleep"), a named fraudulent supplement (garcinia cambogia, raspberry ketones, forskolin), or a fake scientific claim ("clinically proven to melt belly fat") — AND a commercial CTA: buy/order + pill/bottle, "free trial / just pay shipping", "as seen on CNN/Dr. Oz", or scarcity language tied to the product.
    • The FTC has brought thousands of enforcement actions against weight loss miracle claims. No product can deliver rapid effortless fat loss — these emails typically sell overpriced supplements and enroll victims in undisclosed monthly subscription charges.
    • 7 new tests: garcinia cambogia + free trial, lose 30 lbs in 30 days + free bottle, burn fat while sleeping + as seen on CNN, keto pills + lose 20 lbs in 2 weeks, raspberry ketones + just pay shipping, plus FP guards for a legitimate gym membership and a health/wellness newsletter.
  33. v5.1Improvement

    Crypto recovery scam detection — "we recover your lost Bitcoin" + upfront fee or 100% guarantee

    • New crypto-recovery-scam signal (+5 trash, danger tier): fires when a body contains a crypto recovery service pitch ("our Bitcoin recovery specialists", "blockchain forensics team can recover your stolen Ethereum") combined with either an upfront/advance fee demand ("a nominal advance fee is required to begin recovery") or a fraudulent guarantee ("100% guaranteed recovery of your funds").
    • Distinct from existing crypto-wallet-phishing (seed phrase extraction) and investment-scam-body (trading platform fraud) — this specifically targets victims of prior crypto losses who are then re-victimised by a "recovery service" scam.
    • 7 new tests: Bitcoin recovery specialist + upfront fee, crypto recovery experts + 100% guarantee, "have you lost your cryptocurrency" + advance fee, stolen Ethereum + processing fee required, blockchain recovery firm + upfront deposit, plus FP guards for a legitimate crypto exchange security notice and a crypto news newsletter.
  34. v5.0Improvement

    Prescription drug spam detection — controlled substances without prescription + buy-online CTA

    • New prescription-drug-spam signal (+5 trash, danger tier): fires when a body names a controlled or prescription medication (Viagra, Cialis, Xanax, Adderall, OxyContin, tramadol, etc.) combined with a no-prescription claim — AND an online purchase CTA with discount pricing or discreet shipping language.
    • This is universally illegal: no legitimate pharmacy or healthcare provider sends cold emails offering controlled substances without a valid prescription. Rogue online pharmacies ship counterfeit medications containing wrong doses, dangerous fillers, or no active ingredient. The FDA and Interpol operate joint task forces against these networks.
    • 7 new tests: Viagra without prescription + discreet shipping, generic Xanax no RX + 90% off, Cialis no RX + cheapest online pharmacy, Adderall no doctor visit + order now, tramadol/hydrocodone + Canadian pharmacy no prescription, plus FP guards for a legitimate prescription pickup reminder and a healthcare awareness email with "a valid prescription is required".
  35. v4.9Improvement

    Money mule / financial agent scam detection — receive funds + keep % + forward the rest

    • New money-mule-scam signal (+5 trash, danger tier): fires when a body contains a financial-agent or payment-processor recruitment pitch — AND a keep-percentage-forward-the-rest instruction. Distinct from job-scam-body (which targets upfront fees and equipment purchases): money mule emails offer to put money INTO your account rather than asking for money up front.
    • Victims who accept become unwitting money launderers: the funds received are proceeds of fraud (stolen from other victims), and the "agent" is personally liable under anti-money-laundering law when law enforcement traces the transfers. FinCEN, the FTC, and CIFAS regularly warn about this as one of the fastest-growing financial crime enablers.
    • 7 new tests: financial representative + retain 10% + transfer remainder, payment processor + deduct 8% + forward funds, receive payments to personal account + keep 12% + forward the rest, local financial agent + your commission 15% + wire remaining, process cross-border transfers + retain 5% + send balance, plus FP guards for a legitimate HR payroll setup email and a legitimate reseller accounts receivable email.
  36. v4.8Improvement

    Microsoft/O365 password-expiry phishing detection — password expires + click-to-verify credentials

    • New microsoft-o365-phishing signal (+5 trash, danger tier): fires when a body contains a Microsoft/Office 365/Outlook brand reference combined with a password-expiry claim — AND a credential-harvest CTA ("click here to verify your password", "enter your current password below to continue access").
    • Distinct from the generic account-phishing-body signal — this specifically targets the password-expiry attack vector used in corporate O365 phishing campaigns. Attackers harvest Office 365 credentials to access entire organisations' email, SharePoint, and Teams environments. Legitimate Microsoft password resets never ask users to enter their current password into a form linked from an email.
    • 7 new tests: Microsoft 365 password expires in 24h + click to verify, Office 365 account will expire + reset password before deadline, Microsoft account will be deactivated if you don't verify, Outlook password expiring + enter current password below, IT helpdesk: Microsoft password expires + click to change, plus FP guards for a legitimate Microsoft sign-in activity notification and a legitimate IT password reminder with no credential CTA.
  37. v4.7Improvement

    Package delivery fee phishing detection — USPS/DHL/FedEx/UPS impersonation + pay-to-redeliver

    • New package-delivery-fee-phishing signal (+5 trash, danger tier): fires when a body contains a carrier brand (USPS, FedEx, UPS, DHL, Royal Mail, Canada Post, PostNord, etc.) paired with a failed/undelivered package claim — AND a fee or credit card request to release or redeliver the package.
    • Real parcel carriers never charge a redelivery fee via email, never ask for credit card details in an email body, and never require payment to release a held package. Fraudsters send hundreds of millions of these per year, collecting $1.99–$3.99 shipping fees that are used to steal CC data outright or enroll victims in undisclosed monthly subscriptions.
    • 7 new tests: USPS failed delivery + redelivery fee, DHL attempted delivery + customs clearance fee + CC details, FedEx shipment on hold + CC details, UPS storage fee + click to pay, Royal Mail redelivery fee + card details, plus FP guards for a legitimate FedEx delivery confirmation and a real USPS missed-delivery slip with no fee.
  38. v4.6Improvement

    Student loan forgiveness scam detection — fake DoE / upfront fee or FSA ID harvest

    • New student-loan-forgiveness-scam signal (+5 trash, danger tier): fires when a body contains a student loan forgiveness / debt relief pitch (PSLF, income-driven repayment, "you qualify for $X in loan cancellation") combined with either an upfront fee demand ("pay a $199 processing fee", "enrollment fee required to apply") or a request for FSA ID / studentaid.gov credentials.
    • Legitimate federal forgiveness programs (PSLF, SAVE, IBR, loan discharge) are 100% free to apply for directly on studentaid.gov — no third party can charge a fee for something borrowers can do themselves for free. Handing over FSA ID credentials gives attackers full control of a borrower's federal aid account. The FTC regularly reports this as one of the top fraud types targeting the 43+ million Americans with student loan debt.
    • 7 new tests: upfront processing fee + forgiveness program, FSA ID credential harvest + loan forgiveness pitch, "you qualify for $X" + act-now deadline, PSLF enrollment scam with enrollment fee, income-driven repayment scam with studentaid.gov credential request, plus FP guards for a legitimate DoE notification and a university financial aid award letter.
  39. v4.5Improvement

    Rental advance fraud detection — landlord-abroad + mail-keys-after-payment + Western Union deposit

    • New rental-advance-fraud signal (+5 trash, danger tier): fires when a body contains a rental property listing (apartment/house for rent at a stated monthly price) combined with any of: (1) the landlord claims to be "abroad/overseas/on a missionary trip" and cannot show the property; (2) the landlord will "mail/ship the keys" once payment is received; (3) deposit or rent payment is requested via Western Union, MoneyGram, or wire transfer before viewing.
    • This is the "rental listing scam" — one of the most-reported housing fraud categories. Scammers scrape real property photos, post fake listings at below-market prices on Craigslist/Facebook/Zillow, move victims to email, then collect a deposit with no property to show. The landlord-abroad / keys-by-mail combination is the definitive fraud pattern — no legitimate landlord mails keys before a deposit clears through a bank.
    • 7 new tests covering landlord-abroad + keys-by-mail, missionary + mail keys after payment, "I cannot show the apartment, I am overseas" + Western Union deposit, keys-shipped-once-payment-received pattern, plus FP guards for a real rental listing inquiry email, and a legitimate property management response.
  40. v4.4Improvement

    Survey-reward phishing detection — brand-impersonated survey + pay-shipping-to-claim trap

    • New survey-reward-phishing signal (+5 trash, danger tier): fires when a body contains a trusted brand (Amazon, Walmart, Samsung, Google, Apple, etc.) paired with a survey invitation and a prize/gift-card bait — PLUS a credit card entry or small shipping fee required to claim the reward.
    • Legitimate brand survey incentives (Amazon credits, retailer gift cards) are credited automatically and never require credit card details or a "shipping fee." The pay-to-claim step is how the fraud either steals CC data outright or traps victims in undisclosed recurring subscriptions. This campaign family is among the most widely distributed consumer fraud patterns, with billions of fake survey emails sent each year impersonating Amazon, Walmart, and Samsung.
    • 7 new tests covering Amazon survey + gift card + pay shipping, Walmart feedback form + $500 gift card + CC details, Samsung survey + prize claim + shipping fee, "you were selected" + survey + gift card + cover shipping cost, plus FP guards for a real post-purchase survey (no CC payment), and a legitimate survey email without any prize/CC language.
  41. v4.3Improvement

    Mailbox quota phishing detection — fake "inbox 99% full" + verify-or-be-suspended CTA

    • New mailbox-quota-phishing signal (+5 trash, danger tier): fires when a body contains both a mailbox/storage almost-full claim ("your inbox is 99% full", "your email quota has been exceeded", "mailbox storage at capacity") AND an account-suspension threat or click-to-verify CTA ("your account will be deactivated", "click here to upgrade your storage to avoid losing access", "failure to verify will result in account closure").
    • Legitimate storage warnings from Google/Outlook/Yahoo never combine a quota warning with an account suspension threat — they simply link to their storage management page (e.g. "Buy more storage at one.google.com"). The suspension-threat/verify-CTA is unique to phishing and leads to credential-harvesting login pages. This attack family is extremely prevalent and distinct from the general account-phishing-body signal, which handles account compromise claims rather than storage-full bait.
    • 7 new tests covering inbox-99%-full + account-deactivation, email-quota-exceeded + click-to-upgrade-to-avoid-suspension, almost-out-of-storage + failure-to-verify closure, storage-at-capacity + you-will-stop-receiving, plus FP guards for a real Google storage warning with web link, and a legitimate low-storage notification without suspension threat.
  42. v4.2Improvement

    Fake invoice callback scam detection — PayPal/Apple/Norton impersonation with phone-number dispute

    • New fake-invoice-callback-scam signal (+5 trash, danger tier): fires when a body contains all three of: a well-known consumer brand (PayPal, Apple, Amazon, Netflix, Geek Squad, Norton, McAfee, Microsoft), receipt/renewal/charged language, and a dollar amount — PLUS a phone number as the mechanism to dispute or cancel the charge.
    • The phone-to-dispute step is the definitive attack element: real PayPal, Apple, and Amazon receipts always link you to their website — they never provide a phone number as the primary dispute path. Victims who call reach social engineers who either install remote-access malware or directly steal bank credentials. This callback-style fraud has surged in recent years and is among the top fraud types reported to the FTC.
    • 7 new tests covering Geek Squad renewal + billing helpline, Apple invoice + if-you-did-not-authorize + call number, PayPal charged + call-to-dispute, Norton subscription + toll-free number, Amazon order + billing-team phone; plus FP guards for a real PayPal receipt with web link, and a legitimate Apple purchase notification.
  43. v4.1Fix

    Signal consolidation — removed 3 duplicate body signals, strengthened originals

    • Removed duplicate signals tech-support-scam, prize-lottery-scam, and advance-fee-fraud which partially overlapped with the existing tech-support-scam-body, lottery-prize-scam-body, and advance-fee-fraud-body signals. The engine now uses a single consolidated signal per scam family, eliminating confusing double-counting on the same email.
    • Merged unique patterns from the removed signals into the existing ones: tech-support-scam-body gained a remote-access-session P2 pattern; lottery-prize-scam-body gained "you are our lucky winner", "inheritance notification", "to claim your prize + action" P1/P2 patterns; advance-fee-fraud-body gained "confidential business proposal + funds", "seek assistance transferring millions", "trusted foreign partner", "frozen/trapped funds", "provide bank account details", "reply with your full name", and "processing fee for transfer/release" patterns.
    • All 21 tests for the removed signals were updated to assert against their consolidated equivalents (tech-support-scam-body, lottery-prize-scam-body, advance-fee-fraud-body). 871 tests pass — same count, no coverage lost.
  44. v4.0Improvement

    Helpdesk phishing detection — fake support tickets with identity-verification gate

    • New helpdesk-phishing signal (+4 trash, danger tier): fires when a body contains both a support-ticket notification ("you have a new support ticket", "our support agent has replied to your case", "a new support ticket has been opened regarding your account") AND a verify-identity-to-view demand ("verify your identity to access the ticket", "identity verification required to view the reply", "click to confirm your account to open the support message", "your account will be suspended if you do not respond to this support ticket").
    • The verify-to-view gating is the definitive attack element: real helpdesk tools (Zendesk, Intercom, Freshdesk) always give a direct link to the reply — they never require you to verify your identity before reading a support message you triggered. That friction is unique to credential-harvesting phishing pages. Score is +4 (not +5) to reflect that the P1 support-notification language has somewhat higher overlap with legitimate emails.
    • 7 new tests (871 total) covering new-ticket + verify-identity, agent-replied + identity-required, ticket-updated + confirm-account, account-suspension threat tied to not responding, plus FP guards for real Zendesk notification, ticket acknowledgement, and ticket-closed email.
  45. v3.9Improvement

    Advance-fee fraud detection — 419 scam / Nigerian prince / frozen funds solicitation

    • New advance-fee-fraud signal (+5 trash, danger tier): fires when a body contains both a fund-transfer solicitation ("I am writing to seek your assistance in transferring $15 million", "confidential business proposal involving frozen government funds", "you have been named next of kin to an unclaimed estate", "I need a trusted foreign partner to receive trapped funds") AND a personal-data or secrecy demand ("provide your bank account details to facilitate the transfer", "your percentage upon successful transfer will be 30%", "keep this transaction strictly confidential", "do not disclose to anyone", "send me your full name and telephone number").
    • Also known as the 419 scam or Nigerian prince scam — one of the oldest email fraud patterns. Victims are initially promised a large cut of the funds, then hit with escalating "processing/legal/tax fees". The 2-pillar design prevents false positives on wire transfer confirmations, international business proposals without fund-transfer language, and charity donation emails.
    • 7 new tests (864 total) covering seek-assistance + bank-details, confidential proposal + percentage-upon-transfer, next-of-kin estate + do-not-disclose, trusted-foreign-partner + processing fee, plus FP guards for wire confirmations, generic partnership proposals, and charity emails.
  46. v3.8Improvement

    Prize / lottery scam detection — fake winner notifications + fee demands

    • New prize-lottery-scam signal (+5 trash, danger tier): fires when a body contains both an unsolicited winning or prize-selection claim ("you have been selected as our lucky winner", "congratulations, you have won a cash prize", "your email was randomly drawn as a winner", "sweepstakes winner notification", "inheritance funds") AND a claim mechanism that harvests data or demands fees ("to claim your prize, provide your bank details", "pay the processing fee to receive your winnings", "reply with your full name and date of birth", "you have 72 hours to claim or your prize will be forfeited").
    • Legitimate contests know who you are and never ask winners to pay upfront fees or submit personal data by email. 2-pillar design guards against FP from real marketing contests (no claim demand) and rewards-points emails (no winner claim).
    • 7 new tests (857 total) covering lucky-winner + bank-details, lottery + processing fee, sweepstakes + forfeiture urgency, inheritance notification + bank transfer, plus FP guards for contest entry CTAs, reward points, and order confirmations.
  47. v3.7Improvement

    Tech support scam detection + Settings Inbox Intelligence empty state

    • New tech-support-scam signal (+5 trash, danger tier): fires when a body contains both a fake device-threat claim ("your computer has been infected with malware", "WARNING: your PC is compromised", "virus detected on your device") AND a call-this-number or certified-technician demand ("call us immediately at 1-800-...", "our certified Microsoft technician will remove the virus", "remote access session to clean your system"). No legitimate security vendor sends unsolicited emails claiming your computer is infected and asking you to call a phone number — this is the defining pattern of tech support fraud.
    • Settings page Inbox Intelligence section now shows a meaningful empty state for new users instead of hiding entirely. The card explains that Gorganizer learns from your clean history and that domain boosts appear automatically after your first run.
    • 7 new tests (850 total) covering infected-computer + call variants, do-not-restart + toll-free helpdesk, Microsoft security alert + certified technician, plus FP guards for antivirus renewal, account security alerts, and clean scan results.
  48. v3.6Improvement

    Social media account-takeover phishing — Instagram, TikTok, YouTube copyright strikes

    • New social-media-account-phishing signal (+5 trash, danger tier): detects phishing emails impersonating Instagram, Facebook, TikTok, YouTube, and Twitter/X with copyright-strike or community-standards-violation notices paired with fake appeal CTAs ("appeal within 24 hours", "submit your appeal to keep your account", "respond to this email to begin your appeal"). Distinct from the existing account-phishing-body signal, which catches generic account suspension threats — this signal specifically targets the DMCA/copyright/violation framing used by social platform impersonators.
    • Real platforms never resolve violations via emailed links — all legitimate appeals go through the platform's own settings page. The 2-pillar design ensures marketing emails mentioning copyright education and platform newsletters are never flagged.
    • 7 new tests (843 total) covering Instagram copyright, Facebook community standards, TikTok terms violation, YouTube DMCA, plus FP guards for guidelines updates, copyright education, and social media growth newsletters.
  49. v3.5Improvement

    NFT / airdrop phishing detection — fake free token drain attacks

    • New nft-airdrop-phishing signal (+4 trash, danger tier): fires when a body contains both an unsolicited NFT/token airdrop invitation ("you were randomly selected for a free NFT", "your wallet was chosen for our airdrop", "you are eligible for an exclusive token drop") AND a wallet drain demand ("connect your wallet to claim", "approve the transaction to receive your tokens", "offer expires in 24 hours — mint now"). These attacks lead to malicious sites that drain entire wallets instantly.
    • 7 new tests (836 total) covering wallet-selection fraud, eligible-for-airdrop variants, free NFT giveaway + mint-now urgency, plus FP guards for purchase confirmations, community newsletters, and crypto market updates.
  50. v3.4Improvement

    2FA bypass detection + history page date grouping

    • New otp-forward-request signal (+5 trash, danger tier): catches the email half of 2FA bypass attacks — when an email claims a verification code was sent to your phone/SMS AND asks you to reply, forward, or share that code. Legitimate services never ask you to email them a code you received; the only valid flow is entering it on their own website. Distinct from the existing otp-in-body signal, which protects emails that contain codes.
    • History page now groups entries by date with section headers: "Today", "Yesterday", short weekday labels for this week, and full month+day for older entries. Timestamps changed from relative-only ("3d ago") to absolute time-of-day ("2:34 PM · 4.2s") since the group header already provides calendar context.
    • 7 new tests (829 total) plus signal count updated to 1,751+ across landing page, layout metadata, and changelog.
  51. v3.3Improvement

    Tax authority phishing detection — IRS, HMRC, Skatteverket impersonation

    • New tax-authority-phishing signal (+5 trash, danger tier): fires when a body contains both a tax authority impersonation (IRS, HMRC, Skatteverket, ATO, CRA — or language like "unclaimed tax refund" / "your return is under review") AND a credential or refund extraction demand ("click to claim your refund", "verify your Social Security Number", "log in to receive your tax refund"). The IRS reports government impersonation as the #1 fraud category by victim count.
    • Real tax authorities never email links to claim refunds or verify identity — all legitimate contact is by postal mail. The 2-pillar design ensures tax software confirmations, filing reminders, and employer payroll bulletins are never flagged.
    • 7 new tests (822 total) covering IRS/HMRC refund fraud, SSN verification demands, fake review notices, plus FP guards for legitimate tax software confirmations, newsletters, and employer bulletins.
  52. v3.2Improvement

    Wire fraud / BEC detection — fake wire requests + bank-change fraud

    • New wire-fraud-bec signal (+5 trash, danger tier): fires when a body contains both a wire/bank-change instruction ("please initiate a wire transfer of $75,000", "our bank account details have changed — please update", "wire the funds to the account below") AND a BEC red flag ("do not call to verify", "keep this strictly confidential", "CEO has personally authorized this", "our attorney provided new bank details"). Business Email Compromise is the FBI's single most costly cybercrime category at $3B+ per year.
    • Two-pillar design means legitimate invoices, payment confirmations, and CFO finance emails are never flagged — only the combination of payment instruction with secrecy/authority manipulation triggers the signal.
    • 7 new tests (815 total) covering fake CEO wire requests, bank-account-changed fraud, attorney escrow fraud, and FP guards for normal invoices, wire confirmations, and banking maintenance notifications.
  53. v3.1Improvement

    Crypto wallet phishing — seed phrase / recovery phrase extraction

    • New crypto-wallet-phishing signal (+5 trash, danger tier): fires when a body contains both a wallet/seed phrase context (MetaMask, Ledger, Trezor, Trust Wallet, Phantom, "12-word/24-word recovery phrase") AND a credential-extraction demand ("enter your seed phrase", "connect your wallet to verify", "click here to restore your wallet access"). Catching this class of attack was the highest remaining protection gap — seed phrase theft gives attackers instant and irrecoverable access to all funds.
    • No legitimate exchange or wallet app ever asks for recovery phrases. The 2-pillar check produces near-zero false positives: P1 alone fires on legitimate notifications, P2 alone fires rarely — only together do they describe the phishing script.
    • 7 new tests (808 total) covering MetaMask, Trust Wallet, Ledger, generic 12/24-word prompts, plus FP guards for real exchange confirmations, educational content, and app updates.
  54. v3.0Improvement

    Gift-card demand detection — CEO fraud + boss impersonation

    • New gift-card-demand signal (+5 trash, danger tier): fires when a body contains both a gift-card purchase instruction ("I need you to buy $500 in Google Play cards") AND a code-extraction instruction ("scratch the back and send me the codes", "email me the redemption codes"). The standalone signal catches CEO fraud, boss impersonation, and authority-pressure variants not covered by the existing scam signals.
    • 7 new tests (801 total) covering CEO fraud, boss impersonation, Amazon/iTunes/Google Play variants, photo-code extraction, plus FP guards for birthday gifts, order confirmations, and code delivery emails without purchase instructions.
  55. v2.9Improvement

    Grandparent scam + Settings Inbox Intelligence panel

    • New grandparent-scam-body signal (+5 trash, danger tier): fires when a body contains both a family-member-in-emergency claim ("This is your grandson — I'm in jail / I was arrested / I'm in hospital after an accident") AND a secrecy or bail-money demand ("please don't tell Mom", "post my bail", "my lawyer needs payment urgently"). Catches the grandparent scam and virtual kidnapping script — the most financially devastating email scam targeting elderly victims.
    • New Settings page "Inbox Intelligence" section: shows which domains Gorganizer has learned to trash more aggressively from your clean history. Displays top 10 learned domains with their trash count and boost level (slate/amber/red by intensity). Hidden until after the first clean run.
    • 7 new tests (794 total) covering all major impersonation + emergency + secrecy/bail combos, plus FP guards for real family emails, hospital notifications, and bail bond marketing.
  56. v2.8Improvement

    Job scam detection — fake remote work offers + upfront payment traps

    • New job-scam-body signal (+4 trash, danger tier): fires when a body contains both an unrealistic-income job offer ("earn $500/day, no experience required", "work from home, guaranteed income", "mystery shopper / reshipping agent") AND an upfront payment trap ("pay for your starter kit", "purchase gift cards", "cash the check and wire back the difference").
    • Catches the three most common job scam variants: starter-kit fees, mystery-shopper fake-check fraud, and reshipping agent gift-card extraction. Legitimate employers never ask applicants to pay anything or purchase gift cards.
    • 7 new tests (787 total) covering all three scam variants plus FP guards for legitimate remote jobs, equipment orders, and part-time ads with modest pay.
  57. v2.7Improvement

    Tech-support scam detection — fake security alerts + call-our-technician

    • New tech-support-scam-body signal (+5 trash, danger tier): fires when a body contains both a device/security threat claim ("Microsoft Security Alert: your computer is infected", "your IP address has been flagged", "malware detected on your PC") AND a phone-call demand ("call our certified technician", "do not turn off your computer", "call 1-800-xxx-xxxx"). Catches the full "Windows has been blocked, call us now" script.
    • Legitimate security vendors (Microsoft, Apple, Norton, Avast) never ask you to call a phone number in an email — that pattern is exclusive to tech-support fraud. Near-zero false positives against genuine security alerts and antivirus renewal reminders.
    • 7 new tests (780 total) covering threat+phone combos, and FP guards for legitimate antivirus renewals, real breach notifications, and software update emails.
  58. v2.6Improvement

    Lottery / prize scam detection — body-level, 2-pillar

    • New lottery-prize-scam-body signal (+4 trash, danger tier): fires when a body contains both a prize/lottery winning claim ("your email was randomly selected", "you have won a cash prize") AND a claim-friction element — a processing fee, "provide your bank details", or "contact our claims agent". This is the body-level complement to the subject-based urgency-bait signal, catching prize scams regardless of what the subject line says.
    • The signal uses 2-pillar detection: only fires when both the winning claim AND the extraction mechanism appear together, producing near-zero false positives against legitimate contest emails or bank transfer instructions.
    • 7 new tests (773 total) covering true-positives, false-positive guards (legitimate contest win, bank transfer instructions, HR interview selection), and boundary cases.
  59. v2.5Improvement

    Romance scam detection + dashboard scan tips

    • New romance-scam-body signal (+5 trash, danger tier): fires when a body contains both a romantic-connection opener (military/widow persona, "I found your profile", soulmate language) AND a money/gift card/crypto request. Catches the full "fell in love online, now stranded and need gift cards" script. Near-zero false positives.
    • Dashboard pre-scan tip cards: three info panels now appear below the Scan button (hidden while scanning) showing what Gorganizer checks — spam & bulk mail, phishing protection, and always-protected categories. Reduces first-use anxiety.
    • Improved tab empty states: all four tabs (trash / keep / review / phishing) now show a context-specific two-line message explaining why the tab is empty rather than a one-line placeholder.
  60. v2.4Improvement

    Advance-fee fraud (419) detection + 3 new danger-tier scam signals

    • New advance-fee-fraud-body signal (+5 trash, danger tier): fires when a body contains both a provenance/identity claim ("I am the widow of the late General") AND a multi-million-dollar fund transfer request — the two-part script used by 419/Nigerian Prince scams. Near-zero false positives.
    • New account-phishing-body signal (+5 trash, danger tier): fires when a body contains both an account suspension threat AND a click-to-restore demand — the two-step script used by PayPal, Apple, and bank credential phishing.
    • New investment-scam-body signal (+4 trash, danger tier): fires when a body contains both a guaranteed/inflated profit claim AND a crypto/forex/trading-bot vehicle. Catches "risk-free 15% monthly returns on our bitcoin trading platform" style scams.
    • All three signals use 2-pillar detection — both indicators must appear together — so each produces near-zero false positives against legitimate financial or business email.
    • 21 new tests (759 total) covering true-positive, false-positive, and cross-pillar boundary cases for all three signals.
  61. v2.3Improvement

    Credential & investment scam detection + 50 new known senders

    • New account-phishing-body signal (+5 trash, danger tier): fires when a body contains both an account suspension threat AND a click-to-restore demand — the two-step script used by PayPal, Apple, and bank credential phishing. Near-zero false positives.
    • New investment-scam-body signal (+4 trash, danger tier): fires when a body contains both a guaranteed/inflated profit claim AND a crypto/forex/trading-bot vehicle. Catches "risk-free 15% monthly returns on our bitcoin trading platform" style scams.
    • 50+ new known-sender entries across all protected categories — the biggest classification accuracy improvement since launch. New financial: Länsförsäkringar, Skandia, Folksam, Gjensidige, IF Insurance, DNB, SpareBank1, IKANO Bank, Marginalen, Collector, Bambora. New travel: Finnair, Stena Line, DFDS, Viking Line, Tallink, Ving, Apollo, Hertz, Europcar. New Nordic government: Skatteetaten, NAV, Altinn, SKAT, Borger.dk, Vero.fi, Kela.
  62. v2.2Improvement

    Phishing protection showcase + FAQ

    • New "Not just cleaning — protecting" section on the landing page: 6 real-world phishing scenarios (PayPal/Stripe spoof, DHL/FedEx delivery fee scam, DocuSign lookalike, bank typosquat, Zoom phishing, sextortion) with the exact signal that catches each one.
    • Mini-FAQ section on the landing page: 6 inline collapsible questions addressing the top conversion objections — safety, privacy, undo, permissions, pricing, and Workspace support.
    • Funnel analytics via Vercel Analytics: scan_completed, clean_completed, and upgrade_clicked events now tracked automatically in production.
    • 70+ smart detection signals counter updated across landing page, metadata, and OG tags (was 50+).
  63. v2.1Improvement

    Brand impersonation detection: DocuSign, DHL, FedEx, Zoom, Adobe

    • New brand impersonation detection for DocuSign, Adobe Sign, DHL, FedEx, UPS, and Zoom — the 6 brands most commonly spoofed in phishing campaigns.
    • Trusted domain lists, display-name spoof detection, and lookalike domain patterns (docusign, dhl, fedex, zoom typosquats) added to all three impersonation checkpoints.
    • New body signals: delivery-phishing-fee (+4 trash) detects fake customs/fee demands impersonating postal carriers; review-solicitation (+1 trash) catches post-purchase survey spam.
    • 40+ new test cases across new brand impersonation, body signals, marketing-platform detection, transactional-pattern-in-subject, and known-sender-type suites.
  64. v2.0New

    70+ detection signals + phishing engine + PWA

    • 70+ smart detection signals — up from 40+. Additions include: homoglyph subject detection (Cyrillic/Greek lookalikes), urgency/prize-bait patterns (22 lottery and advance-fee fraud phrases), URL-in-subject detection, excessive punctuation, empty/overlong subject, link shortener detection (16 domains), undisclosed-recipients (BCC-only spam blasts), near-empty HTML body (image-only spam), sextortion scam detection (3-pillar pattern), cold-email body detection (calendly links, follow-up sequences, recruiter patterns), Swedish/Nordic brand impersonation (Nordea, Klarna, PostNord, Kivra, Handelsbanken, Skatteverket, Försäkringskassan, Swedbank), and delivery phishing fee detection.
    • PWA support: Gorganizer can now be added to your iOS or Android home screen as a standalone app.
    • Keyboard navigation in scan results: press j/k to move between emails (Gmail-style), Escape to collapse.
    • Signal badge colors: red for phishing/fraud, amber for bulk/marketing, green for protective, purple for learned behavior.
    • "Open in Gmail ↗" link: click through directly from any scan result to the original email.
    • Signal legend in the expanded email panel — color-keyed to the tiers present in that specific email.
  65. v1.9Improvement

    Onboarding wizard + email reports toggle

    • New 3-step onboarding modal for first-time users: welcome screen, how-it-works walkthrough, and safety guarantees. Appears on first dashboard visit and is permanently dismissible.
    • Safety guarantees screen: clearly communicates what Gorganizer will never touch (starred emails, invoices, PDF attachments, replies, calendar invites).
    • Email reports toggle in Settings: paid users can now opt out of post-clean summary emails.
    • 60+ new Swedish and Nordic sender entries: Budbee, Apoteket Hjärtat, Lyko, Clas Ohlson, Kjell & Company, Biltema, XXL, and more.
    • Comprehensive isSafeToDelete unit tests: all 16 safety keywords, 10 reply/forward prefixes, and 5 attachment types now directly tested.
  66. v1.8Improvement

    Cleaning history + deployment hardening

    • New /history page: see every scan and clean in a timeline with per-entry stats (trashed, labeled, skipped, duration). Available to paid users.
    • History link added to navbar (desktop, mobile, and user dropdown) — visible only for paid users.
    • "View history →" link in the post-clean success banner for quick access.
    • Health check endpoint at /api/health — returns 200 if all required services are configured, 503 if any missing. Used for deployment verification and uptime monitoring.
    • Production environment hardening: Supabase and Stripe vars now throw at startup if missing in production.
    • Skeleton loading states on the history page while data is fetching.
  67. v1.7New

    Referral program + AI classification

    • Invite friends and earn rewards — each referral earns you a 20% discount coupon for Gorganizer Unlocked.
    • AI-powered email classification using Claude Haiku for borderline cases the rule engine flags as ambiguous.
    • Daily auto-clean: paid users can enable a scheduled clean that runs every morning at 3 AM UTC.
    • Processing history: see a log of every scan and clean with timestamps and counts (paid feature).
    • Referral cookie tracking — share a link, get credit even if someone signs up days later.
  68. v1.6New

    Auto-unsubscribe + multilingual scoring

    • Auto-unsubscribe: Gorganizer calls List-Unsubscribe URLs (RFC 8058) before trashing marketing emails, reducing future clutter at the source.
    • Cold-email detection: sales pitches, recruiter outreach, and SEO cold-email patterns now scored with dedicated signals.
    • Transactional vs promotional distinction: the same sender (e.g. Klarna) can send both real receipts and marketing — Gorganizer now tells them apart.
    • Multilingual unsubscribe patterns across 13 languages: English, Swedish, German, French, Spanish, Italian, Portuguese, Russian, Chinese, Finnish, Danish, and Norwegian.
    • Landing page interactive inbox demo: see how Gorganizer would score a realistic set of emails before signing up.
  69. v1.5New

    Streaming scan + advanced scoring engine

    • Emails now appear in real-time as the scan runs — no more waiting for a full response before seeing results.
    • Convergence scoring: +2 bonus when 3+ independent modules agree an email is trash, catching borderline cases.
    • Marketing platform detection: 24+ platforms now identified via X-Mailer, X-Campaign-Id, and RFC 8058 headers.
    • Calendar invite protection (.ics/.ical files) is now hardcoded — these emails can never be trashed.
    • Parallel Gmail fetching with batched AI classification: 5× faster scan for large inboxes.
    • Scan result cache: re-opening the dashboard shows your last scan instantly, without re-fetching Gmail.
  70. v1.4Improvement

    Batch selection, history, and domain learning

    • Select individual emails before cleaning — paid users can choose exactly which emails to trash.
    • Domain score learning: after trashing 3+ emails from the same domain, future emails from that domain receive a score boost.
    • Processing history page: see a log of every scan and clean with timestamps and counts.
    • Email search and filter: search by sender or subject in the scan results.
    • Upstash Redis rate limiter: all API endpoints now support multi-region rate limiting for production scale.
  71. v1.3Improvement

    Settings, upgrade UX, and progress indicator

    • Settings page is now fully wired to the API — aggressiveness, category toggles, and sender rules are saved and applied on every scan and clean.
    • Upgrade prompt for free users with a direct link to the payment page.
    • Payment success and cancelled banners appear automatically after returning from Stripe checkout.
    • Animated progress bar during scan and clean — shows percentage and count of analyzed emails.
    • Email detail view: click any email in the scan results to see the full signal breakdown and scoring.
    • Rate limiting on all API endpoints (20 scans/min, 5 cleans/10 min per user).
  72. v1.2New

    Payments and database

    • Stripe Checkout integration: one-time $4.99 payment to unlock Gorganizer Unlocked.
    • Supabase database for user accounts, settings, and processing history.
    • Stripe webhook handler: marks users as paid and redeems referral coupons automatically.
    • Customer portal: paid users can access their billing history and manage payments.
    • Auth middleware: protected routes redirect unauthenticated users; paid-only endpoints return 402 for free users.
    • Input validation with Zod on all API routes.
  73. v1.1New

    Core app launch

    • Sign in with Google — OAuth 2.0 with gmail.modify scope for full inbox access.
    • Scan endpoint: analyzes up to 250 inbox emails with a 40+ signal scoring engine.
    • Clean endpoint: moves scored junk to Trash and applies Gmail labels for everything else.
    • Six hardcoded safety rules: starred, PDF/Word attachments, calendar invites, replies, invoice keywords, and Trash-only (never permanent delete).
    • Settings page: configure aggressiveness (0–10), category toggles, and sender whitelist/blacklist.
    • Modern dashboard with dark mode, mobile-first layout, and category breakdown.

Questions or feature requests? Email us or read the FAQ.

Try Gorganizer free