fix: stop suppressing synthetic@pipeline.com (real customer address)

Paul Wilson (Compound Technologies) signed up with synthetic@pipeline.com, which is a genuine, deliverable EarthLink address (pipeline.com MX -> earthlink-vadesecure.net; he confirmed receipt by phone). Our code had hardcoded pipeline.com + the synthetic@ prefix as a 'non-deliverable FMCSA-census placeholder' and silently suppressed every automated email to him (checkout provisioning, order-creation validation, intake reminders, set-password invites). Nothing in the codebase actually generates that address, so the placeholder rationale was wrong. Removed pipeline.com and the synthetic@ rule from all four suppression sites; only RFC-reserved example.com/test.com/invalid remain blocked.
2026-06-10 14:41:19 -05:00 · 2026-06-10 14:41:19 -05:00 · 1ff8b88ac8
commit 1ff8b88ac8
parent 983c732baf
4 changed files with 20 additions and 21 deletions
--- a/api/src/routes/checkout.ts
+++ b/api/src/routes/checkout.ts
@ -202,14 +202,10 @@ async function ensureCompliancePortalUser(
  }
  if (!email) return;

-  // Skip only the genuine FMCSA-census placeholder, never a real customer who
-  // happens to use these (real) consumer domains. The census placeholder is
-  // exactly "synthetic@pipeline.com"; treat that one string as non-deliverable
-  // and anything else as a real address.
-  if (email === "synthetic@pipeline.com") {
-    console.warn(`[checkout] Skipping portal provisioning for ${orderId}: FMCSA-census placeholder email`);
-    return;
-  }
+  // (No address suppression here. `synthetic@pipeline.com` is a real customer
+  // address (EarthLink/pipeline.com), not a placeholder -- provisioning + email
+  // proceed normally. Only RFC-reserved test domains are rejected upstream at
+  // order creation (emailError in compliance-orders.ts).)

  // ── Portal login account (Postgres `customers` row) ──────────────────
  // The portal login + forgot-password read the Postgres `customers` table
--- a/api/src/routes/compliance-orders.ts
+++ b/api/src/routes/compliance-orders.ts
@ -18,19 +18,21 @@ import { requireAdmin } from "../middleware/admin-auth.js";
 const router = Router();

 // ── Email validation ────────────────────────────────────────────────────────
-// Reject malformed addresses AND known non-deliverable placeholders (e.g. the
-// FMCSA-census "synthetic@pipeline.com" used when no real email was found) at
-// order-creation time, so we never seed an order/portal account with an
-// address we can't actually reach.
+// Reject malformed addresses AND RFC-reserved non-deliverable test domains, so
+// we never seed an order/portal account with an address we can't reach. NOTE:
+// `pipeline.com` is a REAL (EarthLink) domain with deliverable mailboxes and is
+// NOT a placeholder -- a customer (Paul Wilson) uses synthetic@pipeline.com as
+// his genuine address, confirmed reachable. Only example.com/test.com are
+// reserved test domains.
 const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
-const PLACEHOLDER_EMAIL_DOMAINS = new Set(["pipeline.com", "example.com", "test.com"]);
+const PLACEHOLDER_EMAIL_DOMAINS = new Set(["example.com", "test.com", "invalid"]);

 function emailError(raw: unknown): string | null {
  const email = String(raw || "").trim().toLowerCase();
  if (!email) return "customer_email is required.";
  if (!EMAIL_RE.test(email)) return "customer_email is not a valid email address.";
  const domain = email.split("@")[1] || "";
-  if (email.startsWith("synthetic@") || PLACEHOLDER_EMAIL_DOMAINS.has(domain)) {
+  if (PLACEHOLDER_EMAIL_DOMAINS.has(domain)) {
    return "customer_email appears to be a placeholder; a real email address is required.";
  }
  return null;
--- a/scripts/workers/delivery_worker.py
+++ b/scripts/workers/delivery_worker.py
@ -338,10 +338,10 @@ def _build_portal_onboard_html(pg_order: dict | None) -> str:
    order_number = pg_order.get("order_number", "")
    if not email:
        return ""
-    # Never send a set-password invite to a known placeholder address (e.g. the
-    # FMCSA-census "synthetic@pipeline.com" used when no real email was found).
+    # Never send to RFC-reserved test domains. (pipeline.com is a REAL EarthLink
+    # domain a customer uses -- not a placeholder -- so it is allowed.)
    em = email.strip().lower()
-    if em.startswith("synthetic@") or em.split("@")[-1] in {"pipeline.com", "example.com", "test.com"}:
+    if em.split("@")[-1] in {"example.com", "test.com", "invalid"}:
        return ""
    token = _generate_set_password_token(email, order_number)
    url = f"{PORTAL_URL.rstrip('/')}/set-password?token={token}"
--- a/scripts/workers/intake_reminder.py
+++ b/scripts/workers/intake_reminder.py
@ -64,10 +64,11 @@ MAX_REMINDERS = int(os.getenv("INTAKE_REMINDER_MAX", "10"))
 MIN_AGE_HOURS = int(os.getenv("INTAKE_REMINDER_MIN_AGE_HOURS", "20"))

 # Mirror the API's email validation (api/src/routes/compliance-orders.ts):
-# reject malformed addresses AND known non-deliverable placeholders such as the
-# FMCSA-census "synthetic@pipeline.com" used when no real email was found.
+# reject malformed addresses AND RFC-reserved non-deliverable test domains.
+# NOTE: pipeline.com is a REAL (EarthLink) domain a customer uses -- not a
+# placeholder -- so it is NOT blocked.
 EMAIL_RE = re.compile(r"^[^@\s]+@[^@\s]+\.[^@\s]+$")
-PLACEHOLDER_DOMAINS = {"pipeline.com", "example.com", "test.com"}
+PLACEHOLDER_DOMAINS = {"example.com", "test.com", "invalid"}


 def _email_ok(raw: str | None) -> bool:
@ -75,7 +76,7 @@ def _email_ok(raw: str | None) -> bool:
    if not email or not EMAIL_RE.match(email):
        return False
    domain = email.split("@", 1)[1] if "@" in email else ""
-    if email.startswith("synthetic@") or domain in PLACEHOLDER_DOMAINS:
+    if domain in PLACEHOLDER_DOMAINS:
        return False
    return True