Skip to content

Parse forwarded email bodies to extract original recipients #549

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
bokelley merged 1 commit into from
Jan 4, 2026
Merged

Parse forwarded email bodies to extract original recipients #549

bokelley merged 1 commit into from
Jan 4, 2026

Conversation

@bokelley
Copy link
Contributor

@bokelley bokelley commented Jan 4, 2026

Summary

When users forward emails to [email protected], the actual prospect recipients are in the email body as quoted headers, not in the webhook TO/CC fields. This adds a parser to extract them.

  • Add forwarded-email-parser.ts utility with detection for Gmail, Apple Mail, and Outlook forwarding formats
  • Integrate into handleProspectEmail() to merge extracted recipients with existing TO/CC
  • Add 39 unit tests covering parsing, edge cases, and security

Security improvements (from code review)

  • Added MAX_BODY_SIZE (1MB) limit to prevent DoS on large emails
  • Rewrote parseHeaderValue to use iterative approach (avoids ReDoS vulnerability)
  • Fixed unbalanced bracket handling in splitAddresses
  • Added tests for XSS-like display names and large recipient lists

Example

When you forward an email like:

---------- Forwarded message ---------
From: Brian O'Kelley <[email protected]>
To: John Lee <[email protected]>
Cc: Brown, Jason A <[email protected]>, Klippel, Rob <[email protected]>
Subject: Re: Meeting w/Scope3/adcp/charter

The system now extracts all those Charter contacts and creates contact records for them.

Test plan

  • Unit tests pass (39 tests)
  • TypeScript compiles
  • Manual testing with real-world email examples
  • Deploy to staging and forward a test email

🤖 Generated with Claude Code

@bokelley @claude
Parse forwarded email bodies to extract original recipients
a3713a5 
When users forward emails to addie+prospect@, the actual prospect
recipients are in the email body as quoted headers, not in the
webhook TO/CC fields. This adds a parser to extract them.

- Add forwarded-email-parser.ts utility with detection for Gmail,
  Apple Mail, and Outlook forwarding formats
- Integrate into handleProspectEmail() to merge extracted recipients
- Add 39 unit tests covering parsing, edge cases, and security

Security improvements based on code review:
- Added MAX_BODY_SIZE (1MB) limit to prevent DoS
- Rewrote parseHeaderValue to use iterative approach (avoids ReDoS)
- Fixed unbalanced bracket handling in splitAddresses
- Added tests for XSS-like display names and large recipient lists

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <[email protected]>
@bokelley bokelley merged commit e0fafcc into main Jan 4, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bokelley