Email routing - reject (instead of drop) specific address

In my existing mail setup, I use catchall addresses for some domains. If I start to get spam at a specific address, I can reject (with a 550 SMTP error code) mail to that particular address, while still receiving mail to all other addresses via the catchall.

Playing with CF Email routing, it seems that if I do not have a catchall, then any mail to a non-existent address will get a 550 SMTP error, which is a good thing. But if I provide a catchall, then it seems like I can no longer block a specific address and return an error. I see that there is a “Drop” option, which allows mail to a specific address to be silently dropped. It would be nice if there was also a “Reject” option, to refuse the mail at the MX interface and provide an error to the sender. I realize that in most cases, spammers don’t care about errors, but in the (hopefully unlikely) event that a legitimate sender for some reason sends email to an address I have blocked, I would like him to receive some notification that the mail will not be delivered

+1 for this.

The only caveat for me here is for privacy reasons, the error report shouldn’t include the destination email address info in the report, which is commonly the case in my experience with email forwarding errors, depending on the type of error. CF would have to write some code to clean that up.

1 Like

I’m not sure what you mean by “the report”. When a receving SMTP server gets a request to deliver mail to a specific recipient ( RCPT TO header), it can either reply to the sending server with an OK message or an Error message. The sending server already knows what address it was trying to send mail to, and makes its own decision about what kind of message to relay back to the sender if the receiving server responds with an error code. If the receving server accepts the message with an OK code, it can then either (try to) deliver it to the intended recipient, or silently drop it without informing the sending server that the message will not be delivered.

I’m just asking that Cloudflare give me the option to issue the same kind of error code for a recipient that I have explicitly blocked as it would for a non-existent recipient, rather than silently dropping the message. I see no privacy concern here, especially if this option as provided in addition to the existing option to silently drop it.

I just don’t like the idea of silently dropping mail with no error indication, because of the (probably unlikely) possibility that it was a legitimate email that was mis-addressed and the sender will not know it didn’t get delivered. I realize that spammers usually spoof return addresses, so it’s a bad idea to send a bounce message to the return address. But an error reponse during the SMTP transaction is different. If it’s a legitimate message, the sending server knows what to do about it. If it’s spam, the sending server will probably just ignore the rejection.

1 Like

Right, the forwarding address is known by the sender, but if there’s some issue with delivery to the destination address that causes a rejection (server down, attachment too large, etc.), the response from the destination email server would likely include the destination email address in the error response, which would then be revealed to the original sender. This is the case with another registrar I use for email forwarding, and I suspect the reason CF is not currently sending NDRs. While having the option to reject vs drop would be nice, it would also be nice to be able to do so in a way that doesn’t reveal the destination address.

1 Like

No. I’m not talking about the destination mail server or the destination address. Neither of those even exists in the scenario I’m talking about. I’m talking about the address that the incoming mail is addressed to. If the incoming mail is addressed to [email protected], and I have a catchall for routing to some other destination address, I want to tell CF to specifically reject mail to [email protected], without trying to contact ANY OTHER SERVER, while passing all other mail addressed to to some other address, which is unkown to the sender. Right now, if I have a catchall for, I can tell CF to silently drop mail to [email protected], with no indication to the sender. I want to be able to specifically reject that message instead, sending a 5xx SMTP response back to the sending server, just as it would do if there was no catchall and [email protected] was not defined. There is no destination address involved here, because I want to tell CF NOT to deliver the mail to another destination. I don’t want CF to try to look up a destination address, or contact a destination server, or return any info from any other server to the sender. I simply want it to look at the address that the incoming mail is addressed to, see that I have specified Reject for that address, and tell the sending server “sorry, this address is invalid”.

1 Like

Ah, that makes sense, and would be useful. Thanks for clarifying. Maybe that capability might be available in the Route to Workers that’s going to be available in private beta soon. :slightly_smiling_face:

It shouldn’t require anything as complex as Route to Workers. It’s a pretty simple concept. Right now, CF gives me 2 options when I define a routing address: route to a destination address, or Drop (silently). I simply want a third option: Reject (with error). CF already has the capability to Reject with error, because that’s what it does to incoming mail to an address that hasn’t been defined and no catchall exists. I just want to tell it that for some specific addresses, pretend the address isn’t defined and pretend there is no catchall, and do just what it already does in that case. (Well, ideally, I’d like to be able to define a custom message to be returned in the SMTP error message, but I’d be satisfied with just a generic “invalid recipient” message)

1 Like

I know it is not what you wanted, but I’ve been playing with Email Workers and they work well for what I want.

The following should work for what you wanted. In this case there is a KV store which indexes off the TO address and may give an error message to return when rejecting a specific TO address

export default {   // module Workers
  async email(message, env, context) {

    const rejectMessage = await env.REJECTS.get( );

    if (null !== rejectMessage) {
    } else {
      context.waitUntil( message.forward( "[email protected]" ) );