Good day, using the example for allow list, the email trigger test will work properly. Yet sending an email to that route results in the reject message. I have validated the email address several times. Is there something trivial I am missing here? I did alter the reject message to make sure it was the worker sending the bounce.

Just to confirm, by "validated the email address several times", you're saying that the email(s) you are trying to forward to are verified destination addresses (Email Routing -> routes -> bottom of page is Dest. Addresses)? You will need to verify any destination you want to forward to. If that is the case, I would navigate to the Email Routing Overview, and look in the Activity Log. If the cause is a Worker error, it's the worker throwing an exception. You can find the exact error by tailing your worker To Tail your worker, you can use

wrangler tail

or go to the worker in the dashboard, and then Logs -> Start Log Stream, then send an email. It should show the failure and you can expand it to see the error

I have validated the destinations, if I send the route to the destination vs the worker, it will forward fine. Looking at the activity log, it will say "Delivery Failed" with Worker rejected email with reason: Your address is not allowed to send to this user, which is the modified reject statement I used. The test email I am sending from is the only one in the const allowList = ["xxxxxx@xxxxxx.net"];

hmm.. I wonder if the template is flawed. If you change the 4th line from

if (allowList.indexOf(message.headers.get("from")) == -1) {

to

if (allowList.indexOf(message.from) == -1) {

(just changing message.headers.get("from") to message.from) Does that work? The different is the message.from is the envelope FROM rather then the header I haven't used that template before, but my understanding is the header from is the "friendly" version of the header and includes sender name and such, envelope only includes the actual sender address ex. "From header: \"Chaika\" " "From envelope: chaika@chaika.dev"

Sure enough, that worked! Thanks

Like allowing email from a specific domain only? a naive approach would be something like this (changing that same 4th line):

if (message.from.endsWith("@domain.com") == false) {

Well, what I was looking to do is potentially have a list of email addresses and domains.

Something like that is pretty easy to do yea,

export default {
  async email(message, env, ctx) {
    const allowList = ["chaika@example.org"];
    const allowDomainList = ["@example.com"]
    if (allowList.indexOf(message.from) == -1 && allowDomainList.some(domain => message.from.endsWith(domain)) == false) {
      message.setReject(`Address not allowed from: ${message.from}`);
    } else {
      await message.forward("inbox@corp");
    }
  }
}

Fwiw, I believe FROM Addresses can be spoofed to some extent, although I believe that comes down to the security the sending domain has setup

Ah nice! Thanks.. Yeah, this is more for my personal (old) email forwarding to where I want it, but only allowing specific senders. So, I suspect the limited number of domains and emails should be a low risk