docs: expand spam-email-domain-list section#42
Merged
Conversation
Replaces the one-paragraph mention of the disposable-domain blocklist with full coverage of the five-stage check chain (direct lookup, SSRF-safe validation, HTTPS redirect probe, CNAME chase, MX fallback), provider-side config (`spamEmailDomainsUrls`, scheduler cron) and the standalone `/v1/prosopo/provider/client/spam/email` endpoint with request/response examples. Also updates the evaluation-order list to reflect that the domain-list stage runs last (after the synchronous pattern rules) since it is the most expensive. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
✅ Deploy Preview for peaceful-pothos-9e62ce ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
Cuts implementation detail that doesn't belong on customer-facing docs: the SSRF safety check, source-code paths, the provider-side feed URLs and cron config, and the per-step DNS-chase explanation. What's left: what the toggle does, what gets caught (including the redirect/CNAME/MX chase, named but not over-explained), the rejection status code, and the standalone endpoint contract. Co-Authored-By: Claude Opus 4.7 (1M context) <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Expands the one-paragraph Spam Email Domain List entry on the email-filter docs page into full coverage of how Prosopo actually evaluates an email domain against the maintained blocklist.
New material covers:
spamEmailDomainCheckEnabledis on: direct lookup → SSRF-safe domain validation → HTTPS redirect probe (with TLS-error handling) → CNAME chase → MX fallback.spamEmailDomainsUrls(multiple feeds merged + deduped) andscheduledTasks.spamEmailDomainsScheduler.schedule(cron).POST /v1/prosopo/provider/client/spam/emailendpoint with request/response examples, and thespamEmailDomainCheckEnabledgating + per-path rate limit it enforces.Also updates the Evaluation Order section to reflect that the domain-list stage runs last (after the synchronous pattern rules) because it is the most expensive.
Context
Paired with prosopo/captcha-private#3436, which ships the matching blog post (
why-do-bots-fill-out-forms) and the limited-use Check Spam Email tool on the marketing site. That tool links into this docs page for the "go deeper" CTA, so this should land before (or together with) the parent PR's submodule pointer bump.Test plan
/blog/why-do-bots-fill-out-forms/,/tools/check-spam-email/) resolve to the right anchors on this page.🤖 Generated with Claude Code