@bobfrankston/mailx 1.0.438 → 1.0.439

package/client/app.js

@@ -2873,6 +2873,21 @@ optAiProofread?.addEventListener("change", () => {
     }
     catch { /* */ }
 });
+// Sender reputation check (Spamhaus DBL). Stored at top-level settings so
+// the service can read it cheaply without going through autocomplete config.
+// Off by default — enabling it leaks read-recipient domains to Spamhaus's
+// DNS infra, which the user should opt into knowingly.
+const optCheckReputation = document.getElementById("opt-check-reputation");
+getSettings().then((s) => {
+    if (optCheckReputation)
+        optCheckReputation.checked = !!s.checkDomainReputation;
+}).catch(() => { });
+optCheckReputation?.addEventListener("change", () => {
+    getSettings().then((settings) => {
+        settings.checkDomainReputation = !!optCheckReputation.checked;
+        saveSettings(settings);
+    }).catch(() => { });
+});
 const isApp = typeof mailxapi !== "undefined" && mailxapi?.isApp;
 // Wait for server ready signal, then fetch version
 const versionPromise = getVersion();

package/client/components/message-viewer.js

@@ -548,12 +548,22 @@ export async function showMessage(accountId, uid, folderId, specialUse, isRetry
             const toAddr = msg.to?.[0]?.address || "";
             const returnPath = msg.returnPath || "";
             const isFlagged = !!msg.isFlagged;
+            const reputation = msg.reputation;
+            const reputationFlagged = !!(reputation && reputation.flagged);
+            const reputationText = reputationFlagged
+                ? `⚠ ${reputation.listedCount} of ${reputation.checkedCount} reputation services flag <strong>${escapeText(senderDomain)}</strong> as <strong>${escapeText(reputation.verdict)}</strong> (${escapeText(reputation.sources.map(s => s.service).join(", "))})`
+                : "";
             const banner = document.createElement("div");
-            banner.className = "mv-remote-banner" + (isFlagged ? " mv-remote-banner-flagged" : "");
+            banner.className = "mv-remote-banner"
+                + (isFlagged ? " mv-remote-banner-flagged" : "")
+                + (reputationFlagged ? " mv-remote-banner-reputation" : "");
             banner.innerHTML =
                 (isFlagged
                     ? `<div class="mv-rb-flagged">⚠ FLAGGED: this sender or domain is on your flagged list</div>`
                     : "") +
+                    (reputationFlagged
+                        ? `<div class="mv-rb-reputation">${reputationText}</div>`
+                        : "") +
                     `<div class="mv-rb-summary">` +
                     `<span class="mv-rb-toggle">&#x25B8;</span>` +
                     `<span>Remote content blocked</span>` +

package/client/index.html

@@ -55,6 +55,7 @@
                     <label class="tb-menu-item" title="Ghost-text completions while composing — Ollama / Claude / OpenAI back-end, off by default"><input type="checkbox" id="opt-autocomplete"> AI autocomplete</label>
                     <label class="tb-menu-item" title="Right-click in message body → Translate"><input type="checkbox" id="opt-ai-translate"> AI translate (off by default)</label>
                     <label class="tb-menu-item" title="Right-click in compose editor → Proofread (when wired)"><input type="checkbox" id="opt-ai-proofread"> AI proofread (off by default)</label>
+                    <label class="tb-menu-item" title="When opening a message with remote content, look up the sender's domain in Spamhaus DBL. Domain leaks to Spamhaus's DNS. Off by default."><input type="checkbox" id="opt-check-reputation"> Check sender reputation (Spamhaus DBL)</label>
                     <hr class="tb-menu-sep">
                     <button class="tb-menu-item" id="btn-edit-jsonc" title="Edit accounts.jsonc / allowlist.jsonc">Edit config files...</button>
                     <button class="tb-menu-item" id="btn-open-mailx-dir" title="Open ~/.mailx in file explorer">Open mailx folder...</button>

package/client/styles/components.css

@@ -1536,6 +1536,18 @@ body.calendar-sidebar-on .calendar-sidebar { display: flex; }
 .mv-remote-banner-flagged { box-shadow: inset 0 0 0 2px oklch(0.55 0.22 25); }
 .mv-rb-flag-btn { background: oklch(0.42 0.20 25); }
 
+/* External reputation hit (Spamhaus DBL etc) — orange strip, distinct from
+   the user's manual red flag. Renders below the user-flag strip when both
+   are present so the precedence is visible. */
+.mv-rb-reputation {
+    background: oklch(0.55 0.18 50);
+    color: white;
+    padding: var(--gap-xs) var(--gap-md);
+    font-weight: 600;
+    letter-spacing: 0.02em;
+}
+.mv-remote-banner-reputation { box-shadow: inset 0 0 0 2px oklch(0.65 0.20 50); }
+
 .mv-rb-summary {
     display: flex;
     align-items: center;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bobfrankston/mailx",
-  "version": "1.0.438",
+  "version": "1.0.439",
   "description": "Local-first email client with IMAP sync and standalone native app",
   "type": "module",
   "main": "bin/mailx.js",

package/packages/mailx-service/index.d.ts

@@ -6,6 +6,18 @@
 import { MailxDB } from "@bobfrankston/mailx-store";
 import { ImapManager } from "@bobfrankston/mailx-imap";
 import type { Folder, AutocompleteRequest, AutocompleteResponse, AutocompleteSettings, AiTransformRequest, AiTransformResponse } from "@bobfrankston/mailx-types";
+interface ReputationResult {
+    flagged: boolean;
+    listedCount: number;
+    checkedCount: number;
+    sources: Array<{
+        service: string;
+        flagged: boolean;
+        verdict: string;
+    }>;
+    verdict: string;
+    service: string;
+}
 export declare class MailxService {
     private db;
     private imapManager;
@@ -82,6 +94,30 @@ export declare class MailxService {
     closeWordEdit(editId: string): Promise<void>;
     updateFlags(accountId: string, uid: number, flags: string[]): Promise<void>;
     allowRemoteContent(type: "sender" | "domain" | "recipient", value: string): Promise<void>;
+    /** Domain-reputation cache. Lookups are fast (~50ms each, three in
+     *  parallel) but we still don't want to redo them on every render of
+     *  the same sender's mail. Five-minute TTL — long enough that scrolling
+     *  a folder fans out one query set, short enough that a newly-listed
+     *  domain surfaces within minutes. */
+    private reputationCache;
+    private static readonly REPUTATION_TTL_MS;
+    private static readonly REPUTATION_TIMEOUT_MS;
+    /** Check a domain against three free no-key DNS blocklists in parallel:
+     *
+     *    Spamhaus DBL    — `<d>.dbl.spamhaus.org`     spam/phish/malware
+     *    SURBL multi     — `<d>.multi.surbl.org`      mixed (ph/mw/abuse)
+     *    URIBL multi     — `<d>.multi.uribl.com`      black/grey/red lists
+     *
+     *  Each lookup is bounded at 500 ms; missing/slow services are treated
+     *  as "unknown" (don't poison the cache). Returns the aggregate plus
+     *  the per-service detail so the UI can show "N of 3 services flag
+     *  this domain" with the contributing source list.
+     *
+     *  Privacy: each query leaks the bare domain to that DNSBL's
+     *  infrastructure plus the user's local resolver. Opt-in via Settings.
+     *
+     *  No API keys, free for personal use across all three services. */
+    checkDomainReputation(domain: string): Promise<ReputationResult | null>;
     /** Mark a sender or domain as suspect. Surfaced in the remote-content
      *  banner as a red warning on subsequent messages. Toggle: calling with
      *  the same value removes it. Returns the new state for UI feedback. */
@@ -311,4 +347,5 @@ export declare class MailxService {
      *  default false. Returns empty text + reason when disabled or on error. */
     aiTransform(req: AiTransformRequest): Promise<AiTransformResponse>;
 }
+export {};
 //# sourceMappingURL=index.d.ts.map

package/packages/mailx-service/index.js

@@ -468,11 +468,22 @@ export class MailxService {
         const senderDomain = senderAddr.split("@")[1] || "";
         const isFlagged = !!((allowList.flaggedSenders || []).some((s) => (s || "").toLowerCase() === senderAddr) ||
             (allowList.flaggedDomains || []).some((d) => (d || "").toLowerCase() === senderDomain));
+        // External reputation check — Spamhaus DBL + SURBL + URIBL in parallel.
+        // Off by default (privacy: the domain leaks to those DNSBLs and the
+        // user's local resolver). User opts in via Settings → "Check sender
+        // reputation". Each lookup is bounded at 500 ms; the whole check is
+        // bounded by the slowest, ~500 ms worst case.
+        let reputation = null;
+        const settings = loadSettings() || {};
+        if (settings.checkDomainReputation && senderDomain && hasRemoteContent) {
+            reputation = await this.checkDomainReputation(senderDomain);
+        }
         return {
             ...envelope, bodyHtml, bodyText, hasRemoteContent, remoteAllowed: allowRemote,
             attachments, emlPath, deliveredTo, returnPath,
             listUnsubscribe, listUnsubscribeMail, listUnsubscribeHttp, listUnsubscribeOneClick,
             isFlagged,
+            reputation,
         };
     }
     /** RFC 8058 one-click unsubscribe: POST `List-Unsubscribe=One-Click` to the
@@ -687,6 +698,81 @@ export class MailxService {
         await saveAllowlist(list);
         console.log(`  [allow] Added ${type}: ${value}`);
     }
+    /** Domain-reputation cache. Lookups are fast (~50ms each, three in
+     *  parallel) but we still don't want to redo them on every render of
+     *  the same sender's mail. Five-minute TTL — long enough that scrolling
+     *  a folder fans out one query set, short enough that a newly-listed
+     *  domain surfaces within minutes. */
+    reputationCache = new Map();
+    static REPUTATION_TTL_MS = 5 * 60_000;
+    static REPUTATION_TIMEOUT_MS = 500;
+    /** Check a domain against three free no-key DNS blocklists in parallel:
+     *
+     *    Spamhaus DBL    — `<d>.dbl.spamhaus.org`     spam/phish/malware
+     *    SURBL multi     — `<d>.multi.surbl.org`      mixed (ph/mw/abuse)
+     *    URIBL multi     — `<d>.multi.uribl.com`      black/grey/red lists
+     *
+     *  Each lookup is bounded at 500 ms; missing/slow services are treated
+     *  as "unknown" (don't poison the cache). Returns the aggregate plus
+     *  the per-service detail so the UI can show "N of 3 services flag
+     *  this domain" with the contributing source list.
+     *
+     *  Privacy: each query leaks the bare domain to that DNSBL's
+     *  infrastructure plus the user's local resolver. Opt-in via Settings.
+     *
+     *  No API keys, free for personal use across all three services. */
+    async checkDomainReputation(domain) {
+        domain = (domain || "").toLowerCase().trim();
+        if (!domain)
+            return null;
+        const cached = this.reputationCache.get(domain);
+        if (cached && cached.expiresAt > Date.now())
+            return cached.result;
+        const probe = async (service, host, mapVerdict) => {
+            try {
+                const lookup = dns.resolve4(`${domain}.${host}`);
+                const timeout = new Promise((_, reject) => setTimeout(() => reject(new Error("dnsbl-timeout")), MailxService.REPUTATION_TIMEOUT_MS));
+                const records = await Promise.race([lookup, timeout]);
+                const last = records[0]?.split(".").pop() || "";
+                return { service, flagged: true, verdict: mapVerdict(last) };
+            }
+            catch (e) {
+                const code = e?.code || "";
+                if (code === "ENOTFOUND" || code === "ENODATA") {
+                    return { service, flagged: false, verdict: "clean" };
+                }
+                return null; // timeout / network — unknown
+            }
+        };
+        const dblVerdict = (last) => last === "2" ? "spam" :
+            last === "4" ? "phishing" :
+                last === "5" ? "malware" :
+                    last === "6" ? "botnet" :
+                        "listed";
+        // SURBL/URIBL encode multiple list memberships in a bitfield; the
+        // distinction matters less to the end user than "how many sources
+        // agree", so we keep a generic "listed" verdict for both.
+        const generic = (_last) => "listed";
+        const sources = await Promise.all([
+            probe("Spamhaus DBL", "dbl.spamhaus.org", dblVerdict),
+            probe("SURBL", "multi.surbl.org", generic),
+            probe("URIBL", "multi.uribl.com", generic),
+        ]);
+        const known = sources.filter((s) => s !== null);
+        const flagged = known.filter(s => s.flagged);
+        const result = {
+            flagged: flagged.length > 0,
+            listedCount: flagged.length,
+            checkedCount: known.length,
+            sources: flagged,
+            // Pick the most specific verdict if Spamhaus contributed (since
+            // DBL distinguishes phishing/malware/etc); otherwise generic.
+            verdict: flagged.find(s => s.service === "Spamhaus DBL")?.verdict || flagged[0]?.verdict || "clean",
+            service: flagged.map(s => s.service).join(", ") || "Spamhaus DBL / SURBL / URIBL",
+        };
+        this.reputationCache.set(domain, { result, expiresAt: Date.now() + MailxService.REPUTATION_TTL_MS });
+        return result;
+    }
     /** Mark a sender or domain as suspect. Surfaced in the remote-content
      *  banner as a red warning on subsequent messages. Toggle: calling with
      *  the same value removes it. Returns the new state for UI feedback. */