CD
Cloudflare Developers14mo ago
McoreD

Building a simple spam worker

Hi there, I am trying to build a simple spam worker which would go through an array of email domains I maintain, and if the email's domain belongs to this array, then the worker will block it, otherwise I would receive it. I have go it up to so far: 
export default {
  async email(message, env, ctx) {
    const block = ["yourprofithour.com", "modernfinancialhabits.com", "oracleofomahasays.com"]
    if (block.indexOf(message.headers.get("from")) == -1) {
      await message.forward("[email protected]");
    } else {
      message.setReject("Address is blocked");
    }
  }
}
export default {
  async email(message, env, ctx) {
    const block = ["yourprofithour.com", "modernfinancialhabits.com", "oracleofomahasays.com"]
    if (block.indexOf(message.headers.get("from")) == -1) {
      await message.forward("[email protected]");
    } else {
      message.setReject("Address is blocked");
    }
  }
}
Q1/ The example has the exact email address but I want it to block at domain level. Would above work? Q2/ Instead of having a fixed string for the message.forward can the code detect the original email address the email was sent to, and forward to that address? Q3/ After Save and Delploy, I think I still need to set Action = Send to a Worker, and choose this spam-worker from the Destination drop down, or otherwise I don't think the spam worker is activated. Correct? Appreciate your help.
6 Replies
McoreD
McoreDOP14mo ago
In terms of Q2 would the following work? 
export default {
  async email(message, env, ctx) {
    const block = ["yourprofithour.com", "modernfinancialhabits.com", "oracleofomahasays.com"]
    if (block.indexOf(message.headers.get("from")) == -1) {
      await message.forward(message.headers.get("to"));
    } else {
      message.setReject("Address is blocked");
    }
  }
}
export default {
  async email(message, env, ctx) {
    const block = ["yourprofithour.com", "modernfinancialhabits.com", "oracleofomahasays.com"]
    if (block.indexOf(message.headers.get("from")) == -1) {
      await message.forward(message.headers.get("to"));
    } else {
      message.setReject("Address is blocked");
    }
  }
}
Chaika
Chaika14mo ago
Q1/ The from header uses RFC5322.FROM format, which means it's usually something like "Cloudflare" <[email protected]> in a simple case example, and indexOf looks for exact matches which wouldn't ever work. You could just check if it contains the block content, or use a proper parser library like https://github.com/jackbearheart/email-addresses Q2/
Any address you forward to has to be a verified email address. It wouldn't make sense to forward it to the to address, because that would just loop around (if it worked at all). When you use Email Workers on a domain, you use CF's MX Records, and you can only (mostly) have a single mail server per hostname. Q3/ Yes, or set the worker as your catch-all and have no route for that specific address
GitHub
GitHub - jackbearheart/email-addresses: An RFC 5322 email address p...
An RFC 5322 email address parser. Contribute to jackbearheart/email-addresses development by creating an account on GitHub.
McoreD
McoreDOP14mo ago
Hi, thanks for getting back to me. Just on Q2: The reason why I need to is because I am planning to reuse the spam worker with my other family members. I own the domain with my last name, so I have my wife’s, kids’, and my email address starting with the first name. Having the spam worker hardcoded with a recipient address limits me from reusing the spam worker. For example, I will have to duplicate and maintain the current list of spam emails array multiple times.
Chaika
Chaika14mo ago
The to header wouldn't work because it's in the same rfc5322 format as from as well, to and from are what you see in email clients, ex From: Cloudflare <[email protected]> To: You <[email protected]> It also wouldn't work because it would be a loop, if you set up the email worker on your domain, you'd have yourdomain.com -> MX Records -> Cloudflare Email There's no concept of sending it through. You could have a simple dictionary / map in Javascript where you have a source address and a dest. address, and you grab the dest. address from the to, but you would need to verify all of the dest. addresses eitherway Something like this, I mean 
    const sourceToDestMapping = {
    };
      const newDest = sourceToDestMapping[toAddr]
      await message.forward(newDest);
    const sourceToDestMapping = {
    };
      const newDest = sourceToDestMapping[toAddr]
      await message.forward(newDest);
Just worth reiterating though: Email Workers aren't a proxy sort of setup like normal Cloudflare CDN is, for example. They have the same restrictions as normal email routing, you cannot reply via email routing, and they become the mail servers handling mail for your domain. You can't pass through to a mail server behind it (would be cool). You could setup custom mail on a subdomain for example like mail.example.com -> Ext MX, example.com -> CF MX, and then forward() to subdomain, but not exactly clean. Forwarding mail also has some other risks with other providers dropping. If your goal is a sort of spam management, you might be better off with buying some whole mail solution like Fastmail Family or Google Workspace where you can be the Administrator and setup filters/manage mail in that way
Mackenly
Mackenly14mo ago
"[...] better off with buying some whole mail solution like Fastmail Family or Google Workspace where you can be the Administrator and setup filters/manage mail in that way."
+1 A block list will never compete with dedicated spam services. It's much bigger than that. Unless there's super specific domains that constantly email you this wouldn't really help manage spam. You'd also have to make sure the spammers use your new spam filtering address.
McoreD
McoreDOP13mo ago
Thanks for this. Appreciate it. I’m not looking into Proton Mail.
Want results from more Discord servers?
Add your server