fix: allow normal paypal messages to go through except RT000238 (invo…

…ice spam)
forwardemail · Dec 8, 2024 · b796764 · b796764
1 parent 78c1c36
commit b796764
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/helpers/is-arbitrary.js b/helpers/is-arbitrary.js
@@ -74,8 +74,6 @@ const domainWithoutTLD =
 
 const REGEX_DOMAIN_WITHOUT_TLD = new RE2(new RegExp(domainWithoutTLD, 'im'));
 const REGEX_APP_NAME = new RE2(new RegExp(env.APP_NAME, 'im'));
-const REGEX_PAYPAL_PHRASES = new RE2(/reminder|invoice|money request/im);
-const REGEX_PAYPAL = new RE2(/paypal/im);
 
 // eslint-disable-next-line complexity
 function isArbitrary(session, headers, bodyStr) {
@@ -95,10 +93,12 @@ function isArbitrary(session, headers, bodyStr) {
   // check for paypal scam (very strict until PayPal resolves phishing on their side)
   // (seems to only come from "outlook.com" and "paypal.com" hosts)
   //
+  // X-Email-Type-Id = RT000238
+  //
   if (
-    ((subject && REGEX_PAYPAL_PHRASES.test(subject)) ||
-      (isSANB(bodyStr) && REGEX_PAYPAL_PHRASES.test(bodyStr))) &&
-    (REGEX_PAYPAL.test(from) || (isSANB(bodyStr) && REGEX_PAYPAL.test(bodyStr)))
+    session.originalFromAddressRootDomain === 'paypal.com' &&
+    headers.hasHeader('x-email-type-id') &&
+    headers.getFirst('x-email-type-id') === 'RT000238'
   ) {
     const err = new SMTPError(
       'Due to ongoing PayPal invoice spam, you must manually send an invoice link'