Merge pull request #27890 from overleaf/jlm-spam-safe-email

Apply new spam check to email address GitOrigin-RevId: 9e204ea75e930455971769a73843d015fc4a9033
2026-05-31 12:51:35 +02:00 · 2025-08-13 14:39:22 +01:00
parent 671059fdfc
commit aa10bc92af
2 changed files with 13 additions and 1 deletions
--- a/services/web/app/src/Features/Email/SpamSafe.js
+++ b/services/web/app/src/Features/Email/SpamSafe.js
@@ -34,7 +34,14 @@ const SpamSafe = {
  },

  isSafeEmail(email) {
-    return EMAIL_REGEX.test(email) && email.length <= 40
+    if (!EMAIL_REGEX.test(email) || email.length > 40) {
+      return false
+    }
+
+    // All-digits, e.g. qq, is safe, but mixed digits and letters is not.
+    const localPart = email.split('@')[0]
+    const digitCount = countDigits(localPart)
+    return digitCount === localPart.length || digitCount <= 5
  },

  safeUserName(name, alternative, project) {
--- a/services/web/test/unit/src/Email/SpamSafeTests.js
+++ b/services/web/test/unit/src/Email/SpamSafeTests.js
@@ -42,6 +42,11 @@ describe('SpamSafe', function () {
    expect(
      SpamSafe.isSafeEmail('realistic-email+1@domain.sub-hyphen.com')
    ).to.equal(true)
+    expect(SpamSafe.isSafeEmail('jnd-9807408-1oos68@@example.com')).to.equal(
+      false
+    )
+    expect(SpamSafe.isSafeEmail('123456789@example.com')).to.equal(true)
+    expect(SpamSafe.isSafeEmail('abcdefghi@example.com')).to.equal(true)
    expect(SpamSafe.isSafeEmail('notquiteRight@evil$.com')).to.equal(false)

    expect(SpamSafe.safeUserName('Tammy Weinstįen', 'A User')).to.equal(