Skip to content

TrickeySolutions/mailcheck

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
web
web
 
 
.dev.vars.example
.dev.vars.example
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 
wrangler.toml
wrangler.toml
 
 

Repository files navigation

mailcheck

Email security scanning service — checks SPF, DKIM, DMARC, MTA-STS, TLS-RPT and STARTTLS for any domain.

Hosted at mailcheck.trickey.solutions as a public demo. This repository is the open-source code behind it.

What it does

  • Scan any domain — stateless, no account required
  • Email trigger — send an email from your domain to the check address and get a report back
  • Monitors — track a domain's email security posture over time with scheduled scans
  • Change detection — notifies when check results improve or degrade between scans

Stack

Architecture

[Astro static site]  →  served via Assets binding
      ↕
[Hono Worker — /api/*]
  ├── DomainMonitor DO  (one per monitored domain — scan history, alarms)
  └── MonitorRegistry DO  (single instance — authoritative domain list)

[Email handler]  →  scan sender domain  →  reply with results

Public routes: GET /api/scan/:domain, GET /api/monitors, GET /api/monitors/:domain
Protected by Cloudflare Access: POST /api/monitors, DELETE /api/monitors/:domain

Deployment

Prerequisites

  • Cloudflare account on the Workers Paid plan (required for Durable Objects)
  • Wrangler CLI: npm install -g wrangler
  • Node.js 18+

Steps

  1. Clone and install

    git clone https://github.com/trickeysolutions/mailcheck
cd mailcheck
npm install

  2. Configure wrangler.toml

    [vars]
WORKER_BASE_URL = "https://your-domain.com"
EMAIL_ADDRESS = "check@your-domain.com"
CF_ACCESS_AUD = "your-cloudflare-access-audience-tag"

  3. Set up Cloudflare Access

    Create an Access Application for your-domain.com/api/monitors* with a policy that allows only your identity (email). Copy the audience tag into CF_ACCESS_AUD.

  4. Set up Email Routing

    In the Cloudflare dashboard, configure Email Routing for check@your-domain.com to forward to this Worker.

  5. Deploy

    npm run deploy

Local development

npm run dev

Runs astro build --watch (rebuilds frontend on changes) and wrangler dev (serves Worker + assets) concurrently. Access at http://localhost:8787.

Observability

Workers Logs and Traces are enabled by default ([observability] in wrangler.toml). All operational events are logged as structured JSON — queryable in the Cloudflare dashboard under Workers → your-worker → Observability.

Key events: scan_completed, scan_failed, monitor_created, email_received, email_reply_sent, access_denied.

To retain logs beyond 7 days, configure a Logpush job to push to R2. logpush = true is already set in wrangler.toml.

License

MIT — see LICENSE

A TrickeySolutions project.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages