require ["include", "environment", "variables", "relational", "comparator-i;ascii-numeric", "spamtest"];
require ["fileinto", "imap4flags"];

# Stop processing for outbound emails
if address :all :comparator "i;unicode-casemap" :matches "From" ["username@protonmail.ch", "username@protonmail.com", "username@pm.me", #"username@example.com"] {
   stop;
}

# Discard addresses where localpart is not 3
if not address :localpart :length "from" 3 {
	discard;
}

# DKIM or SPF fail
if anyof(
    header :contains "Authentication-Results" "dkim=fail",
    header :contains "Authentication-Results" "spf=fail"
    ) {
    fileinto "Tampered";
}

# If Unsubscribe header is detected it is newletter
if header :matches "list-unsubscribe" "*" {
	fileinto "\\Newsletters";
}

# No SSL/TLS transport encryption
if header :is "x-pm-transfer-encryption" "none" {
	fileinto "Exposed";
}

# Mark emails that contain full anti-spoofing checks
if allof(header :contains "Authentication-Results" "dmarc=pass", header :contains "Authentication-Results" "spf=pass", header :contains "Authentication-Results" "dkim=pass") {
	fileinto "Validated";
}

# Mark internal ProtonMail emails as validated too
if header :contains "X-Pm-Origin" "internal" {
	fileinto "Validated";
}

# Mark emails that have attachments
if exists "X-Attached" {
    fileinto "Attachment";
}

# Make spam seen
if allof (environment :matches "vnd.proton.spam-threshold" "*", 
spamtest :value "ge" :comparator "i;ascii-numeric" "${1}")
{
    addflag "\\Seen";
    keep;
}