Edge infrastructure for email verification — catches inbound emails, filters spam with Llama 3.1, and auto-extracts OTPs and magic links before storing in Redis.
This is the open-source backend that powers zerodrop.dev. Runs entirely on Cloudflare's edge — no server, no SMTP, no maintenance.
Inbound email → Cloudflare Email Routing
↓
zerodrop-worker (this repo)
↓
Cloudflare Workers AI (Llama 3.1 spam filter)
↓ (LEGITIMATE only)
OTP + magic link extraction
↓
Upstash Redis · TTL 1800s
Documentation · Self-Hosting Guide · SECURITY.md
- Receives email via Cloudflare Email Routing — every email sent to
*@zerodrop-sandbox.onlinetriggers this worker - Parses the MIME payload — extracts from, to, subject, message-id, and raw body
- Runs Llama 3.1 spam filter — classifies the email as SPAM or LEGITIMATE using Cloudflare Workers AI
- Drops spam silently — spam never reaches Redis
- Auto-extracts OTPs and magic links — runs regex at the edge so your test suite gets
email.otpandemail.magicLinkdirectly - Stores legitimate emails in Upstash Redis — key pattern
inbox:{name}, TTL 1800s (30 min)
All secrets are stored as Cloudflare Worker environment variables — never in code or git history.
| Variable | Description |
|---|---|
UPSTASH_REDIS_REST_URL |
Upstash Redis REST endpoint |
UPSTASH_REDIS_REST_TOKEN |
Upstash Redis REST token |
The AI binding is configured via wrangler.jsonc and uses Cloudflare's built-in Workers AI — no external API key needed.
npm install
npx wrangler deploySet your environment variables in the Cloudflare dashboard or via:
npx wrangler secret put UPSTASH_REDIS_REST_URL
npx wrangler secret put UPSTASH_REDIS_REST_TOKEN- No credentials are stored in code or git history
- All secrets are Cloudflare Worker environment variables
- Spam is dropped at the edge before hitting the database
- Inboxes auto-delete after 30 minutes via Redis TTL
- Worker source is fully auditable here
For supply chain security when using the GitHub Action, pin to a specific commit SHA:
# Instead of:
uses: zerodrop-dev/create-inbox@v1
# Pin to a specific commit:
uses: zerodrop-dev/create-inbox@4eb0c06 # v1.0.0- zerodrop-dev/zerodrop-sdk — TypeScript SDK
- zerodrop-dev/create-inbox — GitHub Action
- zerodrop-dev/zerodrop-playwright-example — Working Playwright example
MIT