[
  {
    "test": "thread",
    "desc": "Thread hijack: In-Reply-To + References + Re: subject + HTML Cloudflare-branded email",
    "success": false,
    "error": "account daily sending quota exceeded"
  },
  {
    "test": "cal",
    "desc": "Calendar injection: auto-adds meeting to victim's calendar",
    "success": false,
    "error": "account daily sending quota exceeded"
  },
  {
    "test": "rfc822",
    "desc": "Nested RFC822: inner message/rfc822 From=security@cloudflare.com",
    "success": false,
    "error": "account daily sending quota exceeded"
  },
  {
    "test": "dsn",
    "desc": "DSN bounce forgery: fake NDR from mx.cloudflare.com",
    "success": false,
    "error": "account daily sending quota exceeded"
  },
  {
    "test": "bimi",
    "desc": "BIMI header injection: Cloudflare logo indicator",
    "success": false,
    "error": "account daily sending quota exceeded"
  },
  {
    "test": "arc",
    "desc": "Full ARC chain: claims cloudflare.com passed DMARC (uses CF's own d= domain)",
    "success": false,
    "error": "account daily sending quota exceeded"
  },
  {
    "test": "parsediff",
    "desc": "Parser differential: HTML phishing + HTML attachment disguised as .txt + hidden link text mismatch",
    "success": false,
    "error": "account daily sending quota exceeded"
  },
  {
    "test": "smuggle",
    "desc": "SMTP smuggling: inject SMTP commands after premature end-of-data",
    "success": false,
    "error": "account daily sending quota exceeded"
  },
  {
    "test": "combo",
    "desc": "MEGA COMBO: Resent-From CF + ARC + DKIM + Auth-Results + Sender + thread hijack + branded HTML phishing",
    "success": false,
    "error": "account daily sending quota exceeded"
  }
]