354 changed files with 700917 additions and 24564 deletions
--- a/.github/changelog_configuration.json
+++ b/.github/changelog_configuration.json
@ -1,5 +1,5 @@
 {
-  "template": "${{CHANGELOG}}\n\n<details>\n<summary>Uncategorized</summary>\n\n${{UNCATEGORIZED}}\n</details>",
+  "template": "${{CHANGELOG}}",
  "pr_template": "- ${{TITLE}} #${{NUMBER}}",
  "empty_template": "- no changes",
  "categories": [
@ -20,4 +20,4 @@
  "tag_resolver": {
    "method": "semver"
  }
-}
+}
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@ -1,43 +1,15 @@
-name: Test and lint
+name: Run tests & Publish to Docker Registry

-on: [push, pull_request]
+on:
+  push:

 jobs:
-  lint:
-    runs-on: ubuntu-latest
-    steps:
-      - name: Check out repo
-        uses: actions/checkout@v3
-
-      - name: Install poetry
-        run: pipx install poetry
-
-      - uses: actions/setup-python@v4
-        with:
-          python-version: '3.10'
-          cache: 'poetry'
-
-      - name: Install OS dependencies
-        if: ${{ matrix.python-version }} == '3.10'
-        run: |
-          sudo apt update
-          sudo apt install -y libre2-dev libpq-dev
-
-      - name: Install dependencies
-        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
-        run: poetry install --no-interaction
-
-      - name: Check formatting & linting
-        run: |
-          poetry run pre-commit run --all-files
-
-
  test:
    runs-on: ubuntu-latest
    strategy:
      max-parallel: 4
      matrix:
-        python-version: ["3.10"]
+        python-version: ["3.9", "3.10"]

    # service containers to run with `postgres-job`
    services:
@ -66,16 +38,27 @@ jobs:
          --health-retries 5

    steps:
-      - name: Check out repo
-        uses: actions/checkout@v3
+      - name: Check out repository
+        uses: actions/checkout@v2

-      - name: Install poetry
-        run: pipx install poetry
-
-      - uses: actions/setup-python@v4
+      - name: Set up Python ${{ matrix.python-version }}
+        uses: actions/setup-python@v2
        with:
          python-version: ${{ matrix.python-version }}
-          cache: 'poetry'
+
+      - name: Install poetry
+        uses: snok/install-poetry@v1
+        with:
+          virtualenvs-create: true
+          virtualenvs-in-project: true
+          installer-parallel: true
+
+      - name: Run caching
+        id: cached-poetry-dependencies
+        uses: actions/cache@v2
+        with:
+          path: .venv
+          key: venv-${{ runner.os }}-${{ matrix.python-version }}-${{ hashFiles('**/poetry.lock') }}

      - name: Install OS dependencies
        if: ${{ matrix.python-version }} == '3.10'
@ -85,13 +68,14 @@ jobs:

      - name: Install dependencies
        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
+        run: poetry install --no-interaction --no-root
+
+      - name: Install library
        run: poetry install --no-interaction

-
-      - name: Start Redis v6
-        uses: superchargejs/redis-github-action@1.1.0
-        with:
-          redis-version: 6
+      - name: Check formatting & linting
+        run: |
+          poetry run pre-commit run --all-files

      - name: Run db migration
        run: |
@ -116,7 +100,7 @@ jobs:

  build:
    runs-on: ubuntu-latest
-    needs: ['test', 'lint']
+    needs: ['test']
    if: github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/v'))

    steps:
@ -134,25 +118,7 @@ jobs:

      # We need to checkout the repository in order for the "Create Sentry release" to work
      - name: Checkout repository
-        uses: actions/checkout@v3
-        with:
-          fetch-depth: 0
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Create Sentry release
-        uses: getsentry/action-release@v1
-        env:
-          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
-          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
-          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
-        with:
-          ignore_missing: true
-          ignore_empty: true
+        uses: actions/checkout@v2

      - name: Prepare version file
        run: |
@ -163,10 +129,15 @@ jobs:
        uses: docker/build-push-action@v3
        with:
          context: .
-          platforms: linux/amd64,linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}

+      - name: Create Sentry release
+        uses: getsentry/action-release@v1
+        env:
+          SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
+          SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
+          SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}

      #- name: Send Telegram message
      #  uses: appleboy/telegram-action@master
--- a/.gitignore
+++ b/.gitignore
@ -15,4 +15,3 @@ venv/
 .coverage
 htmlcov
 adhoc
-.env.*
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@ -7,19 +7,21 @@ repos:
    hooks:
      - id: check-yaml
      - id: trailing-whitespace
+  - repo: https://github.com/psf/black
+    rev: 22.3.0
+    hooks:
+      - id: black
+  - repo: https://gitlab.com/pycqa/flake8
+    rev: 3.9.2
+    hooks:
+      - id: flake8
  - repo: https://github.com/Riverside-Healthcare/djLint
    rev: v1.3.0
    hooks:
      - id: djlint-jinja
        files: '.*\.html'
        entry: djlint --reformat
-  - repo: https://github.com/astral-sh/ruff-pre-commit
-    # Ruff version.
-    rev: v0.1.5
+  - repo: https://github.com/PyCQA/pylint
+    rev: v2.14.4
    hooks:
-      # Run the linter.
-      - id: ruff
-        args: [ --fix ]
-      # Run the formatter.
-      - id: ruff-format
-
+      - id: pylint
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -34,7 +34,7 @@ poetry install
 On Mac, sometimes you might need to install some other packages via `brew`:

 ```bash
-brew install pkg-config libffi openssl postgresql@13
+brew install pkg-config libffi openssl postgresql
 ```

 You also need to install `gpg` tool, on Mac it can be done with:
@ -62,18 +62,10 @@ To install it in your development environment.

 ## Run tests

-For most tests, you will need to have ``redis`` installed and started on your machine (listening on port 6379).
-
 ```bash
 sh scripts/run-test.sh
 ```

-You can also run tests using a local Postgres DB to speed things up. This can be done by
-
- creating an empty test DB and running the database migration by `dropdb test && createdb test && DB_URI=postgresql://localhost:5432/test alembic upgrade head`
-
- replacing the `DB_URI` in `test.env` file by `DB_URI=postgresql://localhost:5432/test`
-
 ## Run the code locally

 Install npm packages
@ -88,16 +80,10 @@ To run the code locally, please create a local setting file based on `example.en
 cp example.env .env
 ```

-You need to edit your .env to reflect the postgres exposed port, edit the `DB_URI` to:
-
-```
-DB_URI=postgresql://myuser:mypassword@localhost:35432/simplelogin
-```
-
 Run the postgres database:

 ```bash
-docker run -e POSTGRES_PASSWORD=mypassword -e POSTGRES_USER=myuser -e POSTGRES_DB=simplelogin -p 15432:5432 postgres:13
+docker run -e POSTGRES_PASSWORD=mypassword -e POSTGRES_USER=myuser -e POSTGRES_DB=simplelogin -p 35432:5432 postgres:13
 ```

 To run the server:
@ -157,10 +143,10 @@ Here are the small sum-ups of the directory structures and their roles:

 ## Pull request

-The code is formatted using [ruff](https://github.com/astral-sh/ruff), to format the code, simply run
+The code is formatted using https://github.com/psf/black, to format the code, simply run

 ```
-poetry run ruff format .
+poetry run black .
 ```

 The code is also checked with `flake8`, make sure to run `flake8` before creating the pull request by
@ -175,12 +161,6 @@ For HTML templates, we use `djlint`. Before creating a pull request, please run
 poetry run djlint --check templates
 ```

-If some files aren't properly formatted, you can format all files with
-
-```bash
-poetry run djlint --reformat .
-```
-
 ## Test sending email

 [swaks](http://www.jetmore.org/john/code/swaks/) is used for sending test emails to the `email_handler`.
@ -218,11 +198,4 @@ python email_handler.py
 swaks --to e1@sl.local --from hey@google.com --server 127.0.0.1:20381
 ```

-Now open http://localhost:1080/ (or http://localhost:1080/ for MailHog), you should see the forwarded email.
-
-## Job runner
-
-Some features require a job handler (such as GDPR data export). To test such feature you need to run the job_runner
-```bash
-python job_runner.py
-```
+Now open http://localhost:1080/ (or http://localhost:1080/ for MailHog), you should see the forwarded email.
--- a/14
+++ b/14
@ -2,10 +2,10 @@
 FROM node:10.17.0-alpine AS npm
 WORKDIR /code
 COPY ./static/package*.json /code/static/
-RUN cd /code/static && npm ci
+RUN cd /code/static && npm install

 # Main image
-FROM python:3.10
+FROM python:3.7

 # Keeps Python from generating .pyc files in the container
 ENV PYTHONDONTWRITEBYTECODE 1
@ -13,7 +13,7 @@ ENV PYTHONDONTWRITEBYTECODE 1
 ENV PYTHONUNBUFFERED 1

 # Add poetry to PATH
-ENV PATH="${PATH}:/root/.local/bin"
+ENV PATH="${PATH}:/root/.poetry/bin"

 WORKDIR /code

@ -23,15 +23,15 @@ COPY poetry.lock pyproject.toml ./
 # Install and setup poetry
 RUN pip install -U pip \
    && apt-get update \
-    && apt install -y curl netcat-traditional gcc python3-dev gnupg git libre2-dev cmake ninja-build\
-    && curl -sSL https://install.python-poetry.org | python3 - \
+    && apt install -y curl netcat gcc python3-dev gnupg git libre2-dev \
+    && curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/get-poetry.py | python - \
    # Remove curl and netcat from the image
-    && apt-get purge -y curl netcat-traditional \
+    && apt-get purge -y curl netcat \
    # Run poetry
    && poetry config virtualenvs.create false \
    && poetry install  --no-interaction --no-ansi --no-root \
    # Clear apt cache \
-    && apt-get purge -y libre2-dev cmake ninja-build\
+    && apt-get purge -y libre2-dev \
    && apt-get clean \
    && rm -rf /var/lib/apt/lists/*

--- a/README.md
+++ b/README.md
@ -15,8 +15,8 @@
 <img src="https://img.shields.io/github/license/simple-login/app">
 </a>

-<a href="https://twitter.com/simplelogin">
-<img src="https://img.shields.io/twitter/follow/simplelogin?style=social">
+<a href="https://twitter.com/simple_login">
+<img src="https://img.shields.io/twitter/follow/simple_login?style=social">
 </a>

 </p>
@ -74,7 +74,7 @@ Setting up DKIM is highly recommended to reduce the chance your emails ending up
 First you need to generate a private and public key for DKIM:

 ```bash
-openssl genrsa -out dkim.key -traditional 1024
+openssl genrsa -out dkim.key 1024
 openssl rsa -in dkim.key -pubout -out dkim.pub.key
 ```

@ -334,12 +334,6 @@ smtpd_recipient_restrictions =
   permit
 ```

-Check that the ssl certificates `/etc/ssl/certs/ssl-cert-snakeoil.pem` and `/etc/ssl/private/ssl-cert-snakeoil.key` exist. Depending on the linux distribution you are using they may or may not be present. If they are not, you will need to generate them with this command:
-
-```bash
-openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/ssl/private/ssl-cert-snakeoil.key -out /etc/ssl/certs/ssl-cert-snakeoil.pem
-```
-
 Create the `/etc/postfix/pgsql-relay-domains.cf` file with the following content.
 Make sure that the database config is correctly set, replace `mydomain.com` with your domain, update 'myuser' and 'mypassword' with your postgres credentials.

@ -510,14 +504,11 @@ server {
    server_name  app.mydomain.com;

    location / {
-        proxy_pass              http://localhost:7777;
-    	proxy_set_header        Host $host;
+        proxy_pass http://localhost:7777;
    }
 }
 ```

-Note: If `/etc/nginx/sites-enabled/default` exists, delete it or certbot will fail due to the conflict. The `simplelogin` file should be the only file in `sites-enabled`.
-
 Reload Nginx with the command below

 ```bash
--- a/app/account_linking.py
+++ b/app/account_linking.py
@ -5,23 +5,17 @@ from typing import Optional

 from arrow import Arrow
 from newrelic import agent
-from sqlalchemy import or_

 from app.db import Session
 from app.email_utils import send_welcome_email
-from app.utils import sanitize_email, canonicalize_email
-from app.errors import (
-    AccountAlreadyLinkedToAnotherPartnerException,
-    AccountIsUsingAliasAsEmail,
-    AccountAlreadyLinkedToAnotherUserException,
-)
+from app.utils import sanitize_email
+from app.errors import AccountAlreadyLinkedToAnotherPartnerException
 from app.log import LOG
 from app.models import (
    PartnerSubscription,
    Partner,
    PartnerUser,
    User,
-    Alias,
 )
 from app.utils import random_string

@ -132,9 +126,8 @@ class ClientMergeStrategy(ABC):
 class NewUserStrategy(ClientMergeStrategy):
    def process(self) -> LinkResult:
        # Will create a new SL User with a random password
-        canonical_email = canonicalize_email(self.link_request.email)
        new_user = User.create(
-            email=canonical_email,
+            email=self.link_request.email,
            name=self.link_request.name,
            password=random_string(20),
            activated=True,
@ -168,8 +161,7 @@ class NewUserStrategy(ClientMergeStrategy):

 class ExistingUnlinkedUserStrategy(ClientMergeStrategy):
    def process(self) -> LinkResult:
-        # IF it was scheduled to be deleted. Unschedule it.
-        self.user.delete_on = None
+
        partner_user = ensure_partner_user_exists_for_user(
            self.link_request, self.user, self.partner
        )
@ -183,7 +175,7 @@ class ExistingUnlinkedUserStrategy(ClientMergeStrategy):

 class LinkedWithAnotherPartnerUserStrategy(ClientMergeStrategy):
    def process(self) -> LinkResult:
-        raise AccountAlreadyLinkedToAnotherUserException()
+        raise AccountAlreadyLinkedToAnotherPartnerException()


 def get_login_strategy(
@ -200,12 +192,6 @@ def get_login_strategy(
    return ExistingUnlinkedUserStrategy(link_request, user, partner)


-def check_alias(email: str) -> bool:
-    alias = Alias.get_by(email=email)
-    if alias is not None:
-        raise AccountIsUsingAliasAsEmail()
-
-
 def process_login_case(
    link_request: PartnerLinkRequest, partner: Partner
 ) -> LinkResult:
@ -216,21 +202,9 @@ def process_login_case(
        partner_id=partner.id, external_user_id=link_request.external_user_id
    )
    if partner_user is None:
-        canonical_email = canonicalize_email(link_request.email)
        # We didn't find any SimpleLogin user registered with that partner user id
-        # Make sure they aren't using an alias as their link email
-        check_alias(link_request.email)
-        check_alias(canonical_email)
        # Try to find it using the partner's e-mail address
-        users = User.filter(
-            or_(User.email == link_request.email, User.email == canonical_email)
-        ).all()
-        if len(users) > 1:
-            user = [user for user in users if user.email == canonical_email][0]
-        elif len(users) == 1:
-            user = users[0]
-        else:
-            user = None
+        user = User.get_by(email=link_request.email)
        return get_login_strategy(link_request, user, partner).process()
    else:
        # We found the SL user registered with that partner user id
@ -248,8 +222,6 @@ def link_user(
 ) -> LinkResult:
    # Sanitize email just in case
    link_request.email = sanitize_email(link_request.email)
-    # If it was scheduled to be deleted. Unschedule it.
-    current_user.delete_on = None
    partner_user = ensure_partner_user_exists_for_user(
        link_request, current_user, partner
    )
@ -304,7 +276,7 @@ def process_link_case(
        return link_user(link_request, current_user, partner)

    # There is a SL user registered with the partner. Check if is the current one
-    if partner_user.user_id == current_user.id:
+    if partner_user.id == current_user.id:
        # Update plan
        set_plan_for_partner_user(partner_user, link_request.plan)
        # It's the same user. No need to do anything
@ -313,4 +285,5 @@ def process_link_case(
            strategy="Link",
        )
    else:
+
        return switch_already_linked_user(link_request, partner_user, current_user)
--- a/app/admin_model.py
+++ b/app/admin_model.py
@ -25,16 +25,12 @@ from app.models import (
    Phase,
    ProviderComplaint,
    Alias,
-    Newsletter,
-    PADDLE_SUBSCRIPTION_GRACE_DAYS,
 )
-from app.newsletter_utils import send_newsletter_to_user, send_newsletter_to_address


 class SLModelView(sqla.ModelView):
    column_default_sort = ("id", True)
    column_display_pk = True
-    page_size = 100

    can_edit = False
    can_create = False
@ -46,8 +42,7 @@ class SLModelView(sqla.ModelView):

    def inaccessible_callback(self, name, **kwargs):
        # redirect to login page if user doesn't have access
-        flash("You don't have access to the admin page", "error")
-        return redirect(url_for("dashboard.index", next=request.url))
+        return redirect(url_for("auth.login", next=request.url))

    def on_model_change(self, form, model, is_created):
        changes = {}
@ -95,10 +90,6 @@ class SLAdminIndexView(AdminIndexView):
        return redirect("/admin/user")


-def _user_upgrade_channel_formatter(view, context, model, name):
-    return Markup(model.upgrade_channel)
-
-
 class UserAdmin(SLModelView):
    column_searchable_list = ["email", "id"]
    column_exclude_list = [
@ -116,38 +107,6 @@ class UserAdmin(SLModelView):
        ret.insert(0, "upgrade_channel")
        return ret

-    column_formatters = {
-        "upgrade_channel": _user_upgrade_channel_formatter,
-    }
-
-    @action(
-        "disable_user",
-        "Disable user",
-        "Are you sure you want to disable the selected users?",
-    )
-    def action_disable_user(self, ids):
-        for user in User.filter(User.id.in_(ids)):
-            user.disabled = True
-
-            flash(f"Disabled user {user.id}")
-            AdminAuditLog.disable_user(current_user.id, user.id)
-
-        Session.commit()
-
-    @action(
-        "enable_user",
-        "Enable user",
-        "Are you sure you want to enable the selected users?",
-    )
-    def action_enable_user(self, ids):
-        for user in User.filter(User.id.in_(ids)):
-            user.disabled = False
-
-            flash(f"Enabled user {user.id}")
-            AdminAuditLog.enable_user(current_user.id, user.id)
-
-        Session.commit()
-
    @action(
        "education_upgrade",
        "Education upgrade",
@ -215,20 +174,6 @@ class UserAdmin(SLModelView):

        Session.commit()

-    @action(
-        "remove trial",
-        "Stop trial period",
-        "Remove trial for this user?",
-    )
-    def stop_trial(self, ids):
-        for user in User.filter(User.id.in_(ids)):
-            user.trial_end = None
-
-            flash(f"Stopped trial for {user}", "success")
-            AdminAuditLog.stop_trial(current_user.id, user.id)
-
-        Session.commit()
-
    @action(
        "disable_otp_fido",
        "Disable OTP & FIDO",
@ -252,36 +197,6 @@ class UserAdmin(SLModelView):

        Session.commit()

-    @action(
-        "stop_paddle_sub",
-        "Stop user Paddle subscription",
-        "This will stop the current user Paddle subscription so if user doesn't have Proton sub, they will lose all SL benefits immediately",
-    )
-    def stop_paddle_sub(self, ids):
-        for user in User.filter(User.id.in_(ids)):
-            sub: Subscription = user.get_paddle_subscription()
-            if not sub:
-                flash(f"No Paddle sub for {user}", "warning")
-                continue
-
-            flash(f"{user} sub will end now, instead of {sub.next_bill_date}", "info")
-            sub.next_bill_date = (
-                arrow.now().shift(days=-PADDLE_SUBSCRIPTION_GRACE_DAYS).date()
-            )
-
-        Session.commit()
-
-    @action(
-        "clear_delete_on",
-        "Remove scheduled deletion of user",
-        "This will remove the scheduled deletion for this users",
-    )
-    def clean_delete_on(self, ids):
-        for user in User.filter(User.id.in_(ids)):
-            user.delete_on = None
-
-        Session.commit()
-
    # @action(
    #     "login_as",
    #     "Login as this user",
@ -554,120 +469,3 @@ class ProviderComplaintAdmin(SLModelView):
                )
            },
        )
-
-
-def _newsletter_plain_text_formatter(view, context, model: Newsletter, name):
-    # to display newsletter plain_text with linebreaks in the list view
-    return Markup(model.plain_text.replace("\n", "<br>"))
-
-
-def _newsletter_html_formatter(view, context, model: Newsletter, name):
-    # to display newsletter html with linebreaks in the list view
-    return Markup(model.html.replace("\n", "<br>"))
-
-
-class NewsletterAdmin(SLModelView):
-    list_template = "admin/model/newsletter-list.html"
-    edit_template = "admin/model/newsletter-edit.html"
-    edit_modal = False
-
-    can_edit = True
-    can_create = True
-
-    column_formatters = {
-        "plain_text": _newsletter_plain_text_formatter,
-        "html": _newsletter_html_formatter,
-    }
-
-    @action(
-        "send_newsletter_to_user",
-        "Send this newsletter to myself or the specified userID",
-    )
-    def send_newsletter_to_user(self, newsletter_ids):
-        user_id = request.form["user_id"]
-        if user_id:
-            user = User.get(user_id)
-            if not user:
-                flash(f"No such user with ID {user_id}", "error")
-                return
-        else:
-            flash("use the current user", "info")
-            user = current_user
-
-        for newsletter_id in newsletter_ids:
-            newsletter = Newsletter.get(newsletter_id)
-            sent, error_msg = send_newsletter_to_user(newsletter, user)
-            if sent:
-                flash(f"{newsletter} sent to {user}", "success")
-            else:
-                flash(error_msg, "error")
-
-    @action(
-        "send_newsletter_to_address",
-        "Send this newsletter to a specific address",
-    )
-    def send_newsletter_to_address(self, newsletter_ids):
-        to_address = request.form["to_address"]
-        if not to_address:
-            flash("to_address missing", "error")
-            return
-
-        for newsletter_id in newsletter_ids:
-            newsletter = Newsletter.get(newsletter_id)
-            # use the current_user for rendering email
-            sent, error_msg = send_newsletter_to_address(
-                newsletter, current_user, to_address
-            )
-            if sent:
-                flash(
-                    f"{newsletter} sent to {to_address} with {current_user} context",
-                    "success",
-                )
-            else:
-                flash(error_msg, "error")
-
-    @action(
-        "clone_newsletter",
-        "Clone this newsletter",
-    )
-    def clone_newsletter(self, newsletter_ids):
-        if len(newsletter_ids) != 1:
-            flash("you can only select 1 newsletter", "error")
-            return
-
-        newsletter_id = newsletter_ids[0]
-        newsletter: Newsletter = Newsletter.get(newsletter_id)
-        new_newsletter = Newsletter.create(
-            subject=newsletter.subject,
-            html=newsletter.html,
-            plain_text=newsletter.plain_text,
-            commit=True,
-        )
-
-        flash(f"Newsletter {new_newsletter.subject} has been cloned", "success")
-
-
-class NewsletterUserAdmin(SLModelView):
-    column_searchable_list = ["id"]
-    column_filters = ["id", "user.email", "newsletter.subject"]
-    column_exclude_list = ["created_at", "updated_at", "id"]
-
-    can_edit = False
-    can_create = False
-
-
-class DailyMetricAdmin(SLModelView):
-    column_exclude_list = ["created_at", "updated_at", "id"]
-
-    can_export = True
-
-
-class MetricAdmin(SLModelView):
-    column_exclude_list = ["created_at", "updated_at", "id"]
-
-    can_export = True
-
-
-class InvalidMailboxDomainAdmin(SLModelView):
-    can_create = True
-    can_delete = True
--- a/app/alias_suffix.py
+++ b/app/alias_suffix.py
@ -1,190 +0,0 @@
-from __future__ import annotations
-import json
-from dataclasses import asdict, dataclass
-from typing import Optional
-
-import itsdangerous
-from app import config
-from app.log import LOG
-from app.models import User, AliasOptions, SLDomain
-
-signer = itsdangerous.TimestampSigner(config.CUSTOM_ALIAS_SECRET)
-
-
-@dataclass
-class AliasSuffix:
-    # whether this is a custom domain
-    is_custom: bool
-    # Suffix
-    suffix: str
-    # Suffix signature
-    signed_suffix: str
-    # whether this is a premium SL domain. Not apply to custom domain
-    is_premium: bool
-    # can be either Custom or SL domain
-    domain: str
-    # if custom domain, whether the custom domain has MX verified, i.e. can receive emails
-    mx_verified: bool = True
-
-    def serialize(self):
-        return json.dumps(asdict(self))
-
-    @classmethod
-    def deserialize(cls, data: str) -> AliasSuffix:
-        return AliasSuffix(**json.loads(data))
-
-
-def check_suffix_signature(signed_suffix: str) -> Optional[str]:
-    # hypothesis: user will click on the button in the 600 secs
-    try:
-        return signer.unsign(signed_suffix, max_age=600).decode()
-    except itsdangerous.BadSignature:
-        return None
-
-
-def verify_prefix_suffix(
-    user: User, alias_prefix, alias_suffix, alias_options: Optional[AliasOptions] = None
-) -> bool:
-    """verify if user could create an alias with the given prefix and suffix"""
-    if not alias_prefix or not alias_suffix:  # should be caught on frontend
-        return False
-
-    user_custom_domains = [cd.domain for cd in user.verified_custom_domains()]
-
-    # make sure alias_suffix is either .random_word@simplelogin.co or @my-domain.com
-    alias_suffix = alias_suffix.strip()
-    # alias_domain_prefix is either a .random_word or ""
-    alias_domain_prefix, alias_domain = alias_suffix.split("@", 1)
-
-    # alias_domain must be either one of user custom domains or built-in domains
-    if alias_domain not in user.available_alias_domains(alias_options=alias_options):
-        LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
-        return False
-
-    # SimpleLogin domain case:
-    # 1) alias_suffix must start with "." and
-    # 2) alias_domain_prefix must come from the word list
-    if (
-        alias_domain in user.available_sl_domains(alias_options=alias_options)
-        and alias_domain not in user_custom_domains
-        # when DISABLE_ALIAS_SUFFIX is true, alias_domain_prefix is empty
-        and not config.DISABLE_ALIAS_SUFFIX
-    ):
-        if not alias_domain_prefix.startswith("."):
-            LOG.e("User %s submits a wrong alias suffix %s", user, alias_suffix)
-            return False
-
-    else:
-        if alias_domain not in user_custom_domains:
-            if not config.DISABLE_ALIAS_SUFFIX:
-                LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
-                return False
-
-            if alias_domain not in user.available_sl_domains(
-                alias_options=alias_options
-            ):
-                LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
-                return False
-
-    return True
-
-
-def get_alias_suffixes(
-    user: User, alias_options: Optional[AliasOptions] = None
-) -> [AliasSuffix]:
-    """
-    Similar to as get_available_suffixes() but also return custom domain that doesn't have MX set up.
-    """
-    user_custom_domains = user.verified_custom_domains()
-
-    alias_suffixes: [AliasSuffix] = []
-
-    # put custom domain first
-    # for each user domain, generate both the domain and a random suffix version
-    for custom_domain in user_custom_domains:
-        if custom_domain.random_prefix_generation:
-            suffix = (
-                f".{user.get_random_alias_suffix(custom_domain)}@{custom_domain.domain}"
-            )
-            alias_suffix = AliasSuffix(
-                is_custom=True,
-                suffix=suffix,
-                signed_suffix=signer.sign(suffix).decode(),
-                is_premium=False,
-                domain=custom_domain.domain,
-                mx_verified=custom_domain.verified,
-            )
-            if user.default_alias_custom_domain_id == custom_domain.id:
-                alias_suffixes.insert(0, alias_suffix)
-            else:
-                alias_suffixes.append(alias_suffix)
-
-        suffix = f"@{custom_domain.domain}"
-        alias_suffix = AliasSuffix(
-            is_custom=True,
-            suffix=suffix,
-            signed_suffix=signer.sign(suffix).decode(),
-            is_premium=False,
-            domain=custom_domain.domain,
-            mx_verified=custom_domain.verified,
-        )
-
-        # put the default domain to top
-        # only if random_prefix_generation isn't enabled
-        if (
-            user.default_alias_custom_domain_id == custom_domain.id
-            and not custom_domain.random_prefix_generation
-        ):
-            alias_suffixes.insert(0, alias_suffix)
-        else:
-            alias_suffixes.append(alias_suffix)
-
-    # then SimpleLogin domain
-    sl_domains = user.get_sl_domains(alias_options=alias_options)
-    default_domain_found = False
-    for sl_domain in sl_domains:
-        prefix = (
-            "" if config.DISABLE_ALIAS_SUFFIX else f".{user.get_random_alias_suffix()}"
-        )
-        suffix = f"{prefix}@{sl_domain.domain}"
-        alias_suffix = AliasSuffix(
-            is_custom=False,
-            suffix=suffix,
-            signed_suffix=signer.sign(suffix).decode(),
-            is_premium=sl_domain.premium_only,
-            domain=sl_domain.domain,
-            mx_verified=True,
-        )
-        # No default or this is not the default
-        if (
-            user.default_alias_public_domain_id is None
-            or user.default_alias_public_domain_id != sl_domain.id
-        ):
-            alias_suffixes.append(alias_suffix)
-        else:
-            default_domain_found = True
-            alias_suffixes.insert(0, alias_suffix)
-
-    if not default_domain_found:
-        domain_conditions = {"id": user.default_alias_public_domain_id, "hidden": False}
-        if not user.is_premium():
-            domain_conditions["premium_only"] = False
-        sl_domain = SLDomain.get_by(**domain_conditions)
-        if sl_domain:
-            prefix = (
-                ""
-                if config.DISABLE_ALIAS_SUFFIX
-                else f".{user.get_random_alias_suffix()}"
-            )
-            suffix = f"{prefix}@{sl_domain.domain}"
-            alias_suffix = AliasSuffix(
-                is_custom=False,
-                suffix=suffix,
-                signed_suffix=signer.sign(suffix).decode(),
-                is_premium=sl_domain.premium_only,
-                domain=sl_domain.domain,
-                mx_verified=True,
-            )
-            alias_suffixes.insert(0, alias_suffix)
-
-    return alias_suffixes
--- a/app/alias_utils.py
+++ b/app/alias_utils.py
@ -1,11 +1,8 @@
-import csv
-from io import StringIO
 import re
 from typing import Optional, Tuple

 from email_validator import validate_email, EmailNotValidError
 from sqlalchemy.exc import IntegrityError, DataError
-from flask import make_response

 from app.config import (
    BOUNCE_PREFIX_FOR_REPLY_PHASE,
@ -21,16 +18,8 @@ from app.email_utils import (
    send_cannot_create_directory_alias_disabled,
    get_email_local_part,
    send_cannot_create_domain_alias,
-    send_email,
-    render,
 )
 from app.errors import AliasInTrashError
-from app.events.event_dispatcher import EventDispatcher
-from app.events.generated.event_pb2 import (
-    AliasDeleted,
-    AliasStatusChanged,
-    EventContent,
-)
 from app.log import LOG
 from app.models import (
    Alias,
@ -44,8 +33,6 @@ from app.models import (
    EmailLog,
    Contact,
    AutoCreateRule,
-    AliasUsedOn,
-    ClientUser,
 )
 from app.regex_utils import regex_match

@ -67,8 +54,6 @@ def get_user_if_alias_would_auto_create(
    domain_and_rule = check_if_alias_can_be_auto_created_for_custom_domain(
        address, notify_user=notify_user
    )
-    if DomainDeletedAlias.get_by(email=address):
-        return None
    if domain_and_rule:
        return domain_and_rule[0].user
    directory = check_if_alias_can_be_auto_created_for_a_directory(
@ -100,7 +85,6 @@ def check_if_alias_can_be_auto_created_for_custom_domain(
        return None

    if not user.can_create_new_alias():
-        LOG.d(f"{user} can't create new custom-domain alias {address}")
        if notify_user:
            send_cannot_create_domain_alias(custom_domain.user, address, alias_domain)
        return None
@ -162,7 +146,6 @@ def check_if_alias_can_be_auto_created_for_a_directory(
        return None

    if not user.can_create_new_alias():
-        LOG.d(f"{user} can't create new directory alias {address}")
        if notify_user:
            send_cannot_create_directory_alias(user, address, directory_name)
        return None
@ -314,36 +297,31 @@ def delete_alias(alias: Alias, user: User):
    Delete an alias and add it to either global or domain trash
    Should be used instead of Alias.delete, DomainDeletedAlias.create, DeletedAlias.create
    """
-    LOG.i(f"User {user} has deleted alias {alias}")
-    # save deleted alias to either global or domain tra
+    # save deleted alias to either global or domain trash
    if alias.custom_domain_id:
        if not DomainDeletedAlias.get_by(
            email=alias.email, domain_id=alias.custom_domain_id
        ):
-            domain_deleted_alias = DomainDeletedAlias(
-                user_id=user.id,
-                email=alias.email,
-                domain_id=alias.custom_domain_id,
+            LOG.d("add %s to domain %s trash", alias, alias.custom_domain_id)
+            Session.add(
+                DomainDeletedAlias(
+                    user_id=user.id,
+                    email=alias.email,
+                    domain_id=alias.custom_domain_id,
+                )
            )
-            Session.add(domain_deleted_alias)
            Session.commit()
-            LOG.i(
-                f"Moving {alias} to domain {alias.custom_domain_id} trash {domain_deleted_alias}"
-            )
+
    else:
        if not DeletedAlias.get_by(email=alias.email):
-            deleted_alias = DeletedAlias(email=alias.email)
-            Session.add(deleted_alias)
+            LOG.d("add %s to global trash", alias)
+            Session.add(DeletedAlias(email=alias.email))
            Session.commit()
-            LOG.i(f"Moving {alias} to global trash {deleted_alias}")

+    LOG.i("delete alias %s", alias)
    Alias.filter(Alias.id == alias.id).delete()
    Session.commit()

-    EventDispatcher.send_event(
-        user, EventContent(alias_deleted=AliasDeleted(alias_id=alias.id))
-    )
-

 def aliases_for_mailbox(mailbox: Mailbox) -> [Alias]:
    """
@ -384,101 +362,3 @@ def check_alias_prefix(alias_prefix) -> bool:
        return False

    return True
-
-
-def alias_export_csv(user, csv_direct_export=False):
-    """
-    Get user aliases as importable CSV file
-    Output:
-        Importable CSV file
-
-    """
-    data = [["alias", "note", "enabled", "mailboxes"]]
-    for alias in Alias.filter_by(user_id=user.id).all():  # type: Alias
-        # Always put the main mailbox first
-        # It is seen a primary while importing
-        alias_mailboxes = alias.mailboxes
-        alias_mailboxes.insert(
-            0, alias_mailboxes.pop(alias_mailboxes.index(alias.mailbox))
-        )
-
-        mailboxes = " ".join([mailbox.email for mailbox in alias_mailboxes])
-        data.append([alias.email, alias.note, alias.enabled, mailboxes])
-
-    si = StringIO()
-    cw = csv.writer(si)
-    cw.writerows(data)
-    if csv_direct_export:
-        return si.getvalue()
-    output = make_response(si.getvalue())
-    output.headers["Content-Disposition"] = "attachment; filename=aliases.csv"
-    output.headers["Content-type"] = "text/csv"
-    return output
-
-
-def transfer_alias(alias, new_user, new_mailboxes: [Mailbox]):
-    # cannot transfer alias which is used for receiving newsletter
-    if User.get_by(newsletter_alias_id=alias.id):
-        raise Exception("Cannot transfer alias that's used to receive newsletter")
-
-    # update user_id
-    Session.query(Contact).filter(Contact.alias_id == alias.id).update(
-        {"user_id": new_user.id}
-    )
-
-    Session.query(AliasUsedOn).filter(AliasUsedOn.alias_id == alias.id).update(
-        {"user_id": new_user.id}
-    )
-
-    Session.query(ClientUser).filter(ClientUser.alias_id == alias.id).update(
-        {"user_id": new_user.id}
-    )
-
-    # remove existing mailboxes from the alias
-    Session.query(AliasMailbox).filter(AliasMailbox.alias_id == alias.id).delete()
-
-    # set mailboxes
-    alias.mailbox_id = new_mailboxes.pop().id
-    for mb in new_mailboxes:
-        AliasMailbox.create(alias_id=alias.id, mailbox_id=mb.id)
-
-    # alias has never been transferred before
-    if not alias.original_owner_id:
-        alias.original_owner_id = alias.user_id
-
-    # inform previous owner
-    old_user = alias.user
-    send_email(
-        old_user.email,
-        f"Alias {alias.email} has been received",
-        render(
-            "transactional/alias-transferred.txt",
-            alias=alias,
-        ),
-        render(
-            "transactional/alias-transferred.html",
-            alias=alias,
-        ),
-    )
-
-    # now the alias belongs to the new user
-    alias.user_id = new_user.id
-
-    # set some fields back to default
-    alias.disable_pgp = False
-    alias.pinned = False
-
-    Session.commit()
-
-
-def change_alias_status(alias: Alias, enabled: bool, commit: bool = False):
-    LOG.i(f"Changing alias {alias} enabled to {enabled}")
-    alias.enabled = enabled
-
-    event = AliasStatusChanged(
-        alias_id=alias.id, alias_email=alias.email, enabled=enabled
-    )
-    EventDispatcher.send_event(alias.user, EventContent(alias_status_change=event))
-
-    if commit:
-        Session.commit()
--- a/app/api/init.py
+++ b/app/api/init.py
@ -16,22 +16,3 @@ from .views import (
    sudo,
    user,
 )
-
-__all__ = [
-    "alias_options",
-    "new_custom_alias",
-    "custom_domain",
-    "new_random_alias",
-    "user_info",
-    "auth",
-    "auth_mfa",
-    "alias",
-    "apple",
-    "mailbox",
-    "notification",
-    "setting",
-    "export",
-    "phone",
-    "sudo",
-    "user",
-]
--- a/app/api/base.py
+++ b/app/api/base.py
@ -33,9 +33,6 @@ def authorize_request() -> Optional[Tuple[str, int]]:
    if g.user.disabled:
        return jsonify(error="Disabled account"), 403

-    if not g.user.is_active():
-        return jsonify(error="Account does not exist"), 401
-
    g.api_key = api_key
    return None

--- a/app/api/serializer.py
+++ b/app/api/serializer.py
@ -201,10 +201,10 @@ def get_alias_infos_with_pagination_v3(
        q = q.order_by(Alias.pinned.desc())
        q = q.order_by(latest_activity.desc())

-    q = q.limit(page_limit).offset(page_id * page_size)
+    q = list(q.limit(page_limit).offset(page_id * page_size))

    ret = []
-    for alias, contact, email_log, nb_reply, nb_blocked, nb_forward in list(q):
+    for alias, contact, email_log, nb_reply, nb_blocked, nb_forward in q:
        ret.append(
            AliasInfo(
                alias=alias,
@ -358,6 +358,7 @@ def construct_alias_query(user: User):
                    else_=0,
                )
            ).label("nb_forward"),
+            func.max(EmailLog.created_at).label("latest_email_log_created_at"),
        )
        .join(EmailLog, Alias.id == EmailLog.alias_id, isouter=True)
        .filter(Alias.user_id == user.id)
@ -365,6 +366,14 @@ def construct_alias_query(user: User):
        .subquery()
    )

+    alias_contact_subquery = (
+        Session.query(Alias.id, func.max(Contact.id).label("max_contact_id"))
+        .join(Contact, Alias.id == Contact.alias_id, isouter=True)
+        .filter(Alias.user_id == user.id)
+        .group_by(Alias.id)
+        .subquery()
+    )
+
    return (
        Session.query(
            Alias,
@ -376,7 +385,23 @@ def construct_alias_query(user: User):
        )
        .options(joinedload(Alias.hibp_breaches))
        .options(joinedload(Alias.custom_domain))
-        .join(EmailLog, Alias.last_email_log_id == EmailLog.id, isouter=True)
-        .join(Contact, EmailLog.contact_id == Contact.id, isouter=True)
+        .join(Contact, Alias.id == Contact.alias_id, isouter=True)
+        .join(EmailLog, Contact.id == EmailLog.contact_id, isouter=True)
        .filter(Alias.id == alias_activity_subquery.c.id)
+        .filter(Alias.id == alias_contact_subquery.c.id)
+        .filter(
+            or_(
+                EmailLog.created_at
+                == alias_activity_subquery.c.latest_email_log_created_at,
+                and_(
+                    # no email log yet for this alias
+                    alias_activity_subquery.c.latest_email_log_created_at.is_(None),
+                    # to make sure only 1 contact is returned in this case
+                    or_(
+                        Contact.id == alias_contact_subquery.c.max_contact_id,
+                        alias_contact_subquery.c.max_contact_id.is_(None),
+                    ),
+                ),
+            )
+        )
    )
--- a/app/api/views/alias.py
+++ b/app/api/views/alias.py
@ -24,15 +24,12 @@ from app.errors import (
    ErrContactAlreadyExists,
    ErrAddressInvalid,
 )
-from app.extensions import limiter
-from app.log import LOG
 from app.models import Alias, Contact, Mailbox, AliasMailbox


@deprecated
@api_bp.route("/aliases", methods=["GET", "POST"])
@require_api_auth
-@limiter.limit("10/minute", key_func=lambda: g.user.id)
 def get_aliases():
    """
    Get aliases
@ -75,7 +72,6 @@ def get_aliases():

@api_bp.route("/v2/aliases", methods=["GET", "POST"])
@require_api_auth
-@limiter.limit("50/minute", key_func=lambda: g.user.id)
 def get_aliases_v2():
    """
    Get aliases
@ -185,8 +181,7 @@ def toggle_alias(alias_id):
    if not alias or alias.user_id != user.id:
        return jsonify(error="Forbidden"), 403

-    alias_utils.change_alias_status(alias, enabled=not alias.enabled)
-    LOG.i(f"User {user} changed alias {alias} enabled status to {alias.enabled}")
+    alias.enabled = not alias.enabled
    Session.commit()

    return jsonify(enabled=alias.enabled), 200
--- a/app/api/views/alias_options.py
+++ b/app/api/views/alias_options.py
@ -2,8 +2,10 @@ import tldextract
 from flask import jsonify, request, g
 from sqlalchemy import desc

-from app.alias_suffix import get_alias_suffixes
 from app.api.base import api_bp, require_api_auth
+from app.dashboard.views.custom_alias import (
+    get_available_suffixes,
+)
 from app.db import Session
 from app.log import LOG
 from app.models import AliasUsedOn, Alias, User
@ -66,7 +68,7 @@ def options_v4():
        prefix_suggestion = convert_to_id(prefix_suggestion)
        ret["prefix_suggestion"] = prefix_suggestion

-    suffixes = get_alias_suffixes(user)
+    suffixes = get_available_suffixes(user)

    # custom domain should be put first
    ret["suffixes"] = list([suffix.suffix, suffix.signed_suffix] for suffix in suffixes)
@ -137,7 +139,7 @@ def options_v5():
        prefix_suggestion = convert_to_id(prefix_suggestion)
        ret["prefix_suggestion"] = prefix_suggestion

-    suffixes = get_alias_suffixes(user)
+    suffixes = get_available_suffixes(user)

    # custom domain should be put first
    ret["suffixes"] = [
--- a/app/api/views/apple.py
+++ b/app/api/views/apple.py
@ -9,7 +9,6 @@ from requests import RequestException

 from app.api.base import api_bp, require_api_auth
 from app.config import APPLE_API_SECRET, MACAPP_APPLE_API_SECRET
-from app.subscription_webhook import execute_subscription_webhook
 from app.db import Session
 from app.log import LOG
 from app.models import PlanEnum, AppleSubscription
@ -17,14 +16,9 @@ from app.models import PlanEnum, AppleSubscription
 _MONTHLY_PRODUCT_ID = "io.simplelogin.ios_app.subscription.premium.monthly"
 _YEARLY_PRODUCT_ID = "io.simplelogin.ios_app.subscription.premium.yearly"

-# SL Mac app used to be in SL account
 _MACAPP_MONTHLY_PRODUCT_ID = "io.simplelogin.macapp.subscription.premium.monthly"
 _MACAPP_YEARLY_PRODUCT_ID = "io.simplelogin.macapp.subscription.premium.yearly"

-# SL Mac app is moved to Proton account
-_MACAPP_MONTHLY_PRODUCT_ID_NEW = "me.proton.simplelogin.macos.premium.monthly"
-_MACAPP_YEARLY_PRODUCT_ID_NEW = "me.proton.simplelogin.macos.premium.yearly"
-
 # Apple API URL
 _SANDBOX_URL = "https://sandbox.itunes.apple.com/verifyReceipt"
 _PROD_URL = "https://buy.itunes.apple.com/verifyReceipt"
@ -46,17 +40,15 @@ def apple_process_payment():
    LOG.d("request for /apple/process_payment from %s", user)
    data = request.get_json()
    receipt_data = data.get("receipt_data")
-    is_macapp = "is_macapp" in data and data["is_macapp"] is True
+    is_macapp = "is_macapp" in data

    if is_macapp:
-        LOG.d("Use Macapp secret")
        password = MACAPP_APPLE_API_SECRET
    else:
        password = APPLE_API_SECRET

    apple_sub = verify_receipt(receipt_data, user, password)
    if apple_sub:
-        execute_subscription_webhook(user)
        return jsonify(ok=True), 200

    return jsonify(error="Processing failed"), 400
@ -268,11 +260,7 @@ def apple_update_notification():
        plan = (
            PlanEnum.monthly
            if transaction["product_id"]
-            in (
-                _MONTHLY_PRODUCT_ID,
-                _MACAPP_MONTHLY_PRODUCT_ID,
-                _MACAPP_MONTHLY_PRODUCT_ID_NEW,
-            )
+            in (_MONTHLY_PRODUCT_ID, _MACAPP_MONTHLY_PRODUCT_ID)
            else PlanEnum.yearly
        )

@ -293,7 +281,6 @@ def apple_update_notification():
            apple_sub.plan = plan
            apple_sub.product_id = transaction["product_id"]
            Session.commit()
-            execute_subscription_webhook(user)
            return jsonify(ok=True), 200
        else:
            LOG.w(
@ -487,7 +474,7 @@ def verify_receipt(receipt_data, user, password) -> Optional[AppleSubscription]:
    # }

    if data["status"] != 0:
-        LOG.e(
+        LOG.w(
            "verifyReceipt status !=0, probably invalid receipt. User %s, data %s",
            user,
            data,
@ -526,11 +513,7 @@ def verify_receipt(receipt_data, user, password) -> Optional[AppleSubscription]:
    plan = (
        PlanEnum.monthly
        if latest_transaction["product_id"]
-        in (
-            _MONTHLY_PRODUCT_ID,
-            _MACAPP_MONTHLY_PRODUCT_ID,
-            _MACAPP_MONTHLY_PRODUCT_ID_NEW,
-        )
+        in (_MONTHLY_PRODUCT_ID, _MACAPP_MONTHLY_PRODUCT_ID)
        else PlanEnum.yearly
    )

@ -538,10 +521,9 @@ def verify_receipt(receipt_data, user, password) -> Optional[AppleSubscription]:

    if apple_sub:
        LOG.d(
-            "Update AppleSubscription for user %s, expired at %s (%s), plan %s",
+            "Update AppleSubscription for user %s, expired at %s, plan %s",
            user,
            expires_date,
-            expires_date.humanize(),
            plan,
        )
        apple_sub.receipt_data = receipt_data
@ -570,7 +552,6 @@ def verify_receipt(receipt_data, user, password) -> Optional[AppleSubscription]:
            product_id=latest_transaction["product_id"],
        )

-    execute_subscription_webhook(user)
    Session.commit()

    return apple_sub
--- a/app/api/views/auth.py
+++ b/app/api/views/auth.py
@ -11,7 +11,7 @@ from itsdangerous import Signer
 from app import email_utils
 from app.api.base import api_bp
 from app.config import FLASK_SECRET, DISABLE_REGISTRATION
-from app.dashboard.views.account_setting import send_reset_password_email
+from app.dashboard.views.setting import send_reset_password_email
 from app.db import Session
 from app.email_utils import (
    email_can_be_used_as_mailbox,
@ -23,7 +23,7 @@ from app.events.auth_event import LoginEvent, RegisterEvent
 from app.extensions import limiter
 from app.log import LOG
 from app.models import User, ApiKey, SocialAuth, AccountActivation
-from app.utils import sanitize_email, canonicalize_email
+from app.utils import sanitize_email


@api_bp.route("/auth/login", methods=["POST"])
@ -49,13 +49,11 @@ def auth_login():
    if not data:
        return jsonify(error="request body cannot be empty"), 400

+    email = sanitize_email(data.get("email"))
    password = data.get("password")
    device = data.get("device")

-    email = sanitize_email(data.get("email"))
-    canonical_email = canonicalize_email(data.get("email"))
-
-    user = User.get_by(email=email) or User.get_by(email=canonical_email)
+    user = User.filter_by(email=email).first()

    if not user or not user.check_password(password):
        LoginEvent(LoginEvent.ActionType.failed, LoginEvent.Source.api).send()
@ -63,11 +61,6 @@ def auth_login():
    elif user.disabled:
        LoginEvent(LoginEvent.ActionType.disabled_login, LoginEvent.Source.api).send()
        return jsonify(error="Account disabled"), 400
-    elif user.delete_on is not None:
-        LoginEvent(
-            LoginEvent.ActionType.scheduled_to_be_deleted, LoginEvent.Source.api
-        ).send()
-        return jsonify(error="Account scheduled for deletion"), 400
    elif not user.activated:
        LoginEvent(LoginEvent.ActionType.not_activated, LoginEvent.Source.api).send()
        return jsonify(error="Account not activated"), 422
@ -96,8 +89,7 @@ def auth_register():
    if not data:
        return jsonify(error="request body cannot be empty"), 400

-    dirty_email = data.get("email")
-    email = canonicalize_email(dirty_email)
+    email = sanitize_email(data.get("email"))
    password = data.get("password")

    if DISABLE_REGISTRATION:
@ -118,7 +110,7 @@ def auth_register():
        return jsonify(error="password too long"), 400

    LOG.d("create user %s", email)
-    user = User.create(email=email, name=dirty_email, password=password)
+    user = User.create(email=email, name="", password=password)
    Session.flush()

    # create activation code
@ -156,10 +148,9 @@ def auth_activate():
        return jsonify(error="request body cannot be empty"), 400

    email = sanitize_email(data.get("email"))
-    canonical_email = canonicalize_email(data.get("email"))
    code = data.get("code")

-    user = User.get_by(email=email) or User.get_by(email=canonical_email)
+    user = User.get_by(email=email)

    # do not use a different message to avoid exposing existing email
    if not user or user.activated:
@ -205,9 +196,7 @@ def auth_reactivate():
        return jsonify(error="request body cannot be empty"), 400

    email = sanitize_email(data.get("email"))
-    canonical_email = canonicalize_email(data.get("email"))
-
-    user = User.get_by(email=email) or User.get_by(email=canonical_email)
+    user = User.get_by(email=email)

    # do not use a different message to avoid exposing existing email
    if not user or user.activated:
@ -362,7 +351,7 @@ def auth_payload(user, device) -> dict:


@api_bp.route("/auth/forgot_password", methods=["POST"])
-@limiter.limit("2/minute")
+@limiter.limit("10/minute")
 def forgot_password():
    """
    User forgot password
@ -378,9 +367,8 @@ def forgot_password():
        return jsonify(error="request body must contain email"), 400

    email = sanitize_email(data.get("email"))
-    canonical_email = canonicalize_email(data.get("email"))

-    user = User.get_by(email=email) or User.get_by(email=canonical_email)
+    user = User.get_by(email=email)

    if user:
        send_reset_password_email(user)
--- a/app/api/views/auth_mfa.py
+++ b/app/api/views/auth_mfa.py
@ -55,7 +55,7 @@ def auth_mfa():
        )

    totp = pyotp.TOTP(user.otp_secret)
-    if not totp.verify(mfa_token, valid_window=2):
+    if not totp.verify(mfa_token):
        send_invalid_totp_login_email(user, "TOTP")
        return jsonify(error="Wrong TOTP Token"), 400

--- a/app/api/views/export.py
+++ b/app/api/views/export.py
@ -1,9 +1,12 @@
+import csv
+from io import StringIO
+
 from flask import g
 from flask import jsonify
+from flask import make_response

 from app.api.base import api_bp, require_api_auth
 from app.models import Alias, Client, CustomDomain
-from app.alias_utils import alias_export_csv


@api_bp.route("/export/data", methods=["GET"])
@ -46,4 +49,24 @@ def export_aliases():
        Importable CSV file

    """
-    return alias_export_csv(g.user)
+    user = g.user
+
+    data = [["alias", "note", "enabled", "mailboxes"]]
+    for alias in Alias.filter_by(user_id=user.id).all():  # type: Alias
+        # Always put the main mailbox first
+        # It is seen a primary while importing
+        alias_mailboxes = alias.mailboxes
+        alias_mailboxes.insert(
+            0, alias_mailboxes.pop(alias_mailboxes.index(alias.mailbox))
+        )
+
+        mailboxes = " ".join([mailbox.email for mailbox in alias_mailboxes])
+        data.append([alias.email, alias.note, alias.enabled, mailboxes])
+
+    si = StringIO()
+    cw = csv.writer(si)
+    cw.writerows(data)
+    output = make_response(si.getvalue())
+    output.headers["Content-Disposition"] = "attachment; filename=aliases.csv"
+    output.headers["Content-type"] = "text/csv"
+    return output
--- a/app/api/views/mailbox.py
+++ b/app/api/views/mailbox.py
@ -13,8 +13,8 @@ from app.db import Session
 from app.email_utils import (
    mailbox_already_used,
    email_can_be_used_as_mailbox,
+    is_valid_email,
 )
-from app.email_validation import is_valid_email
 from app.log import LOG
 from app.models import Mailbox, Job
 from app.utils import sanitize_email
@ -45,7 +45,7 @@ def create_mailbox():
    mailbox_email = sanitize_email(request.get_json().get("email"))

    if not user.is_premium():
-        return jsonify(error="Only premium plan can add additional mailbox"), 400
+        return jsonify(error=f"Only premium plan can add additional mailbox"), 400

    if not is_valid_email(mailbox_email):
        return jsonify(error=f"{mailbox_email} invalid"), 400
@ -78,9 +78,6 @@ def delete_mailbox(mailbox_id):
    Delete mailbox
    Input:
        mailbox_id: in url
-        (optional) transfer_aliases_to: in body. Id of the new mailbox for the aliases.
-                                        If omitted or the value is set to -1,
-                                        the aliases of the mailbox will be deleted too.
    Output:
        200 if deleted successfully

@ -94,36 +91,11 @@ def delete_mailbox(mailbox_id):
    if mailbox.id == user.default_mailbox_id:
        return jsonify(error="You cannot delete the default mailbox"), 400

-    data = request.get_json() or {}
-    transfer_mailbox_id = data.get("transfer_aliases_to")
-    if transfer_mailbox_id and int(transfer_mailbox_id) >= 0:
-        transfer_mailbox = Mailbox.get(transfer_mailbox_id)
-
-        if not transfer_mailbox or transfer_mailbox.user_id != user.id:
-            return (
-                jsonify(error="You must transfer the aliases to a mailbox you own."),
-                403,
-            )
-
-        if transfer_mailbox_id == mailbox_id:
-            return (
-                jsonify(
-                    error="You can not transfer the aliases to the mailbox you want to delete."
-                ),
-                400,
-            )
-
-        if not transfer_mailbox.verified:
-            return jsonify(error="Your new mailbox is not verified"), 400
-
    # Schedule delete account job
    LOG.w("schedule delete mailbox job for %s", mailbox)
    Job.create(
        name=JOB_DELETE_MAILBOX,
-        payload={
-            "mailbox_id": mailbox.id,
-            "transfer_mailbox_id": transfer_mailbox_id,
-        },
+        payload={"mailbox_id": mailbox.id},
        run_at=arrow.now(),
        commit=True,
    )
--- a/app/api/views/new_custom_alias.py
+++ b/app/api/views/new_custom_alias.py
@ -1,8 +1,7 @@
 from flask import g
 from flask import jsonify, request
+from itsdangerous import SignatureExpired

-from app import parallel_limiter
-from app.alias_suffix import check_suffix_signature, verify_prefix_suffix
 from app.alias_utils import check_alias_prefix
 from app.api.base import api_bp, require_api_auth
 from app.api.serializer import (
@ -10,6 +9,7 @@ from app.api.serializer import (
    get_alias_info_v2,
 )
 from app.config import MAX_NB_EMAIL_FREE_PLAN, ALIAS_LIMIT
+from app.dashboard.views.custom_alias import verify_prefix_suffix, signer
 from app.db import Session
 from app.extensions import limiter
 from app.log import LOG
@ -28,7 +28,6 @@ from app.utils import convert_to_id
@api_bp.route("/v2/alias/custom/new", methods=["POST"])
@limiter.limit(ALIAS_LIMIT)
@require_api_auth
-@parallel_limiter.lock(name="alias_creation")
 def new_custom_alias_v2():
    """
    Create a new custom alias
@ -66,11 +65,12 @@ def new_custom_alias_v2():
    note = data.get("note")
    alias_prefix = convert_to_id(alias_prefix)

+    # hypothesis: user will click on the button in the 600 secs
    try:
-        alias_suffix = check_suffix_signature(signed_suffix)
-        if not alias_suffix:
-            LOG.w("Alias creation time expired for %s", user)
-            return jsonify(error="Alias creation time is expired, please retry"), 412
+        alias_suffix = signer.unsign(signed_suffix, max_age=600).decode()
+    except SignatureExpired:
+        LOG.w("Alias creation time expired for %s", user)
+        return jsonify(error="Alias creation time is expired, please retry"), 412
    except Exception:
        LOG.w("Alias suffix is tampered, user %s", user)
        return jsonify(error="Tampered suffix"), 400
@ -115,7 +115,6 @@ def new_custom_alias_v2():
@api_bp.route("/v3/alias/custom/new", methods=["POST"])
@limiter.limit(ALIAS_LIMIT)
@require_api_auth
-@parallel_limiter.lock(name="alias_creation")
 def new_custom_alias_v3():
    """
    Create a new custom alias
@ -150,7 +149,7 @@ def new_custom_alias_v3():
    if not data:
        return jsonify(error="request body cannot be empty"), 400

-    if not isinstance(data, dict):
+    if type(data) is not dict:
        return jsonify(error="request body does not follow the required format"), 400

    alias_prefix = data.get("alias_prefix", "").strip().lower().replace(" ", "")
@ -168,7 +167,7 @@ def new_custom_alias_v3():
        return jsonify(error="alias prefix invalid format or too long"), 400

    # check if mailbox is not tempered with
-    if not isinstance(mailbox_ids, list):
+    if type(mailbox_ids) is not list:
        return jsonify(error="mailbox_ids must be an array of id"), 400
    mailboxes = []
    for mailbox_id in mailbox_ids:
@ -182,10 +181,10 @@ def new_custom_alias_v3():

    # hypothesis: user will click on the button in the 600 secs
    try:
-        alias_suffix = check_suffix_signature(signed_suffix)
-        if not alias_suffix:
-            LOG.w("Alias creation time expired for %s", user)
-            return jsonify(error="Alias creation time is expired, please retry"), 412
+        alias_suffix = signer.unsign(signed_suffix, max_age=600).decode()
+    except SignatureExpired:
+        LOG.w("Alias creation time expired for %s", user)
+        return jsonify(error="Alias creation time is expired, please retry"), 412
    except Exception:
        LOG.w("Alias suffix is tampered, user %s", user)
        return jsonify(error="Tampered suffix"), 400
--- a/app/api/views/new_random_alias.py
+++ b/app/api/views/new_random_alias.py
@ -2,14 +2,13 @@ import tldextract
 from flask import g
 from flask import jsonify, request

-from app import parallel_limiter
-from app.alias_suffix import get_alias_suffixes
 from app.api.base import api_bp, require_api_auth
 from app.api.serializer import (
    get_alias_info_v2,
    serialize_alias_info_v2,
 )
 from app.config import MAX_NB_EMAIL_FREE_PLAN, ALIAS_LIMIT
+from app.dashboard.views.custom_alias import get_available_suffixes
 from app.db import Session
 from app.errors import AliasInTrashError
 from app.extensions import limiter
@ -21,7 +20,6 @@ from app.utils import convert_to_id
@api_bp.route("/alias/random/new", methods=["POST"])
@limiter.limit(ALIAS_LIMIT)
@require_api_auth
-@parallel_limiter.lock(name="alias_creation")
 def new_random_alias():
    """
    Create a new random alias
@ -59,7 +57,7 @@ def new_random_alias():
        prefix_suggestion = ext.domain
        prefix_suggestion = convert_to_id(prefix_suggestion)

-        suffixes = get_alias_suffixes(user)
+        suffixes = get_available_suffixes(user)
        # use the first suffix
        suggested_alias = prefix_suggestion + suffixes[0].suffix

@ -107,9 +105,8 @@ def new_random_alias():
        Session.commit()

    if hostname and not AliasUsedOn.get_by(alias_id=alias.id, hostname=hostname):
-        AliasUsedOn.create(
-            alias_id=alias.id, hostname=hostname, user_id=alias.user_id, commit=True
-        )
+        AliasUsedOn.create(alias_id=alias.id, hostname=hostname, user_id=alias.user_id)
+        Session.commit()

    return (
        jsonify(alias=alias.email, **serialize_alias_info_v2(get_alias_info_v2(alias))),
--- a/app/api/views/setting.py
+++ b/app/api/views/setting.py
@ -12,7 +12,6 @@ from app.models import (
    SenderFormatEnum,
    AliasSuffixEnum,
 )
-from app.proton.utils import perform_proton_account_unlink


 def setting_to_dict(user: User):
@ -138,11 +137,3 @@ def get_available_domains_for_random_alias_v2():
    ]

    return jsonify(ret)
-
-
-@api_bp.route("/setting/unlink_proton_account", methods=["DELETE"])
-@require_api_auth
-def unlink_proton_account():
-    user = g.user
-    perform_proton_account_unlink(user)
-    return jsonify({"ok": True})
--- a/app/api/views/user.py
+++ b/app/api/views/user.py
@ -1,11 +1,10 @@
 from flask import jsonify, g
 from sqlalchemy_utils.types.arrow import arrow

-from app.api.base import api_bp, require_api_sudo, require_api_auth
+from app.api.base import api_bp, require_api_sudo
 from app import config
-from app.extensions import limiter
 from app.log import LOG
-from app.models import Job, ApiToCookieToken
+from app.models import Job


@api_bp.route("/user", methods=["DELETE"])
@ -24,23 +23,3 @@ def delete_user():
        commit=True,
    )
    return jsonify(ok=True)
-
-
-@api_bp.route("/user/cookie_token", methods=["GET"])
-@require_api_auth
-@limiter.limit("5/minute")
-def get_api_session_token():
-    """
-    Get a temporary token to exchange it for a cookie based session
-    Output:
-        200 and a temporary random token
-        {
-            token: "asdli3ldq39h9hd3",
-        }
-    """
-    token = ApiToCookieToken.create(
-        user=g.user,
-        api_key_id=g.api_key.id,
-        commit=True,
-    )
-    return jsonify({"token": token.code})
--- a/app/api/views/user_info.py
+++ b/app/api/views/user_info.py
@ -1,29 +1,17 @@
 import base64
-import dataclasses
 from io import BytesIO
-from typing import Optional

 from flask import jsonify, g, request, make_response
+from flask_login import logout_user

-from app import s3, config
+from app import s3
 from app.api.base import api_bp, require_api_auth
 from app.config import SESSION_COOKIE_NAME
-from app.dashboard.views.index import get_stats
 from app.db import Session
-from app.models import ApiKey, File, PartnerUser, User
-from app.proton.utils import get_proton_partner
-from app.session import logout_session
+from app.models import ApiKey, File, User
 from app.utils import random_string


-def get_connected_proton_address(user: User) -> Optional[str]:
-    proton_partner = get_proton_partner()
-    partner_user = PartnerUser.get_by(user_id=user.id, partner_id=proton_partner.id)
-    if partner_user is None:
-        return None
-    return partner_user.partner_email
-
-
 def user_to_dict(user: User) -> dict:
    ret = {
        "name": user.name or "",
@ -31,13 +19,8 @@ def user_to_dict(user: User) -> dict:
        "email": user.email,
        "in_trial": user.in_trial(),
        "max_alias_free_plan": user.max_alias_for_free_account(),
-        "connected_proton_address": None,
-        "can_create_reverse_alias": user.can_create_contacts(),
    }

-    if config.CONNECT_WITH_PROTON:
-        ret["connected_proton_address"] = get_connected_proton_address(user)
-
    if user.profile_picture_id:
        ret["profile_picture_url"] = user.profile_picture.get_url()
    else:
@ -58,8 +41,6 @@ def user_info():
    - email
    - in_trial
    - max_alias_free
-    - is_connected_with_proton
-    - can_create_reverse_alias
    """
    user = g.user

@ -135,27 +116,8 @@ def logout():
    Output:
    - 200
    """
-    logout_session()
+    logout_user()
    response = make_response(jsonify(msg="User is logged out"), 200)
    response.delete_cookie(SESSION_COOKIE_NAME)

    return response
-
-
-@api_bp.route("/stats")
-@require_api_auth
-def user_stats():
-    """
-    Return stats
-
-    Output as json
-    - nb_alias
-    - nb_forward
-    - nb_reply
-    - nb_block
-
-    """
-    user = g.user
-    stats = get_stats(user)
-
-    return jsonify(dataclasses.asdict(stats))
--- a/app/auth/init.py
+++ b/app/auth/init.py
@ -15,27 +15,4 @@ from .views import (
    fido,
    social,
    recovery,
-    api_to_cookie,
-    oidc,
 )
-
-__all__ = [
-    "login",
-    "logout",
-    "register",
-    "activate",
-    "resend_activation",
-    "reset_password",
-    "forgot_password",
-    "github",
-    "google",
-    "facebook",
-    "proton",
-    "change_email",
-    "mfa",
-    "fido",
-    "social",
-    "recovery",
-    "api_to_cookie",
-    "oidc",
-]
--- a/app/auth/views/api_to_cookie.py
+++ b/app/auth/views/api_to_cookie.py
@ -1,30 +0,0 @@
-import arrow
-from flask import redirect, url_for, request, flash
-from flask_login import login_user
-
-from app.auth.base import auth_bp
-from app.models import ApiToCookieToken
-from app.utils import sanitize_next_url
-
-
-@auth_bp.route("/api_to_cookie", methods=["GET"])
-def api_to_cookie():
-    code = request.args.get("token")
-    if not code:
-        flash("Missing token", "error")
-        return redirect(url_for("auth.login"))
-
-    token = ApiToCookieToken.get_by(code=code)
-    if not token or token.created_at < arrow.now().shift(minutes=-5):
-        flash("Missing token", "error")
-        return redirect(url_for("auth.login"))
-
-    user = token.user
-    ApiToCookieToken.delete(token.id, commit=True)
-    login_user(user)
-
-    next_url = sanitize_next_url(request.args.get("next"))
-    if next_url:
-        return redirect(next_url)
-    else:
-        return redirect(url_for("dashboard.index"))
--- a/app/auth/views/change_email.py
+++ b/app/auth/views/change_email.py
@ -3,13 +3,10 @@ from flask_login import login_user

 from app.auth.base import auth_bp
 from app.db import Session
-from app.extensions import limiter
-from app.log import LOG
-from app.models import EmailChange, ResetPasswordCode
+from app.models import EmailChange


@auth_bp.route("/change_email", methods=["GET", "POST"])
-@limiter.limit("3/hour")
 def change_email():
    code = request.args.get("code")

@ -25,14 +22,11 @@ def change_email():
        return render_template("auth/change_email.html")

    user = email_change.user
-    old_email = user.email
    user.email = email_change.new_email

    EmailChange.delete(email_change.id)
-    ResetPasswordCode.filter_by(user_id=user.id).delete()
    Session.commit()

-    LOG.i(f"User {user} has changed their email from {old_email} to {user.email}")
    flash("Your new email has been updated", "success")

    login_user(user)
--- a/app/auth/views/fido.py
+++ b/app/auth/views/fido.py
@ -62,7 +62,7 @@ def fido():
        browser = MfaBrowser.get_by(token=request.cookies.get("mfa"))
        if browser and not browser.is_expired() and browser.user_id == user.id:
            login_user(user)
-            flash("Welcome back!", "success")
+            flash(f"Welcome back!", "success")
            # Redirect user to correct page
            return redirect(next_url or url_for("dashboard.index"))
        else:
@ -110,7 +110,7 @@ def fido():

            session["sudo_time"] = int(time())
            login_user(user)
-            flash("Welcome back!", "success")
+            flash(f"Welcome back!", "success")

            # Redirect user to correct page
            response = make_response(redirect(next_url or url_for("dashboard.index")))
--- a/app/auth/views/forgot_password.py
+++ b/app/auth/views/forgot_password.py
@ -1,13 +1,13 @@
-from flask import request, render_template, flash, g
+from flask import request, render_template, redirect, url_for, flash, g
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators

 from app.auth.base import auth_bp
-from app.dashboard.views.account_setting import send_reset_password_email
+from app.dashboard.views.setting import send_reset_password_email
 from app.extensions import limiter
 from app.log import LOG
 from app.models import User
-from app.utils import sanitize_email, canonicalize_email
+from app.utils import sanitize_email


 class ForgotPasswordForm(FlaskForm):
@ -16,7 +16,7 @@ class ForgotPasswordForm(FlaskForm):

@auth_bp.route("/forgot_password", methods=["GET", "POST"])
@limiter.limit(
-    "10/hour", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
+    "10/minute", deduct_when=lambda r: hasattr(g, "deduct_limit") and g.deduct_limit
 )
 def forgot_password():
    form = ForgotPasswordForm(request.form)
@ -25,17 +25,16 @@ def forgot_password():
        # Trigger rate limiter
        g.deduct_limit = True

+        email = sanitize_email(form.email.data)
        flash(
            "If your email is correct, you are going to receive an email to reset your password",
            "success",
        )
-
-        email = sanitize_email(form.email.data)
-        canonical_email = canonicalize_email(email)
-        user = User.get_by(email=email) or User.get_by(email=canonical_email)
+        user = User.get_by(email=email)

        if user:
            LOG.d("Send forgot password email to %s", user)
            send_reset_password_email(user)
+            return redirect(url_for("auth.forgot_password"))

    return render_template("auth/forgot_password.html", form=form)
--- a/app/auth/views/google.py
+++ b/app/auth/views/google.py
@ -7,7 +7,7 @@ from app.config import URL, GOOGLE_CLIENT_ID, GOOGLE_CLIENT_SECRET
 from app.db import Session
 from app.log import LOG
 from app.models import User, File, SocialAuth
-from app.utils import random_string, sanitize_email, sanitize_next_url
+from app.utils import random_string, sanitize_email
 from .login_utils import after_login

 _authorization_base_url = "https://accounts.google.com/o/oauth2/v2/auth"
@ -29,7 +29,7 @@ def google_login():
    # to avoid flask-login displaying the login error message
    session.pop("_flashes", None)

-    next_url = sanitize_next_url(request.args.get("next"))
+    next_url = request.args.get("next")

    # Google does not allow to append param to redirect_url
    # we need to pass the next url by session
--- a/app/auth/views/login.py
+++ b/app/auth/views/login.py
@ -5,12 +5,12 @@ from wtforms import StringField, validators

 from app.auth.base import auth_bp
 from app.auth.views.login_utils import after_login
-from app.config import CONNECT_WITH_PROTON, CONNECT_WITH_OIDC_ICON, OIDC_CLIENT_ID
 from app.events.auth_event import LoginEvent
 from app.extensions import limiter
 from app.log import LOG
 from app.models import User
-from app.utils import sanitize_email, sanitize_next_url, canonicalize_email
+from app.proton.utils import is_connect_with_proton_enabled
+from app.utils import sanitize_email, sanitize_next_url


 class LoginForm(FlaskForm):
@ -38,9 +38,7 @@ def login():
    show_resend_activation = False

    if form.validate_on_submit():
-        email = sanitize_email(form.email.data)
-        canonical_email = canonicalize_email(email)
-        user = User.get_by(email=email) or User.get_by(email=canonical_email)
+        user = User.filter_by(email=sanitize_email(form.email.data)).first()

        if not user or not user.check_password(form.password.data):
            # Trigger rate limiter
@ -54,12 +52,6 @@ def login():
                "error",
            )
            LoginEvent(LoginEvent.ActionType.disabled_login).send()
-        elif user.delete_on is not None:
-            flash(
-                f"Your account is scheduled to be deleted on {user.delete_on}",
-                "error",
-            )
-            LoginEvent(LoginEvent.ActionType.scheduled_to_be_deleted).send()
        elif not user.activated:
            show_resend_activation = True
            flash(
@ -76,7 +68,5 @@ def login():
        form=form,
        next_url=next_url,
        show_resend_activation=show_resend_activation,
-        connect_with_proton=CONNECT_WITH_PROTON,
-        connect_with_oidc=OIDC_CLIENT_ID is not None,
-        connect_with_oidc_icon=CONNECT_WITH_OIDC_ICON,
+        connect_with_proton=is_connect_with_proton_enabled(),
    )
--- a/app/auth/views/logout.py
+++ b/app/auth/views/logout.py
@ -1,13 +1,13 @@
 from flask import redirect, url_for, flash, make_response
+from flask_login import logout_user

 from app.auth.base import auth_bp
 from app.config import SESSION_COOKIE_NAME
-from app.session import logout_session


@auth_bp.route("/logout")
 def logout():
-    logout_session()
+    logout_user()
    flash("You are logged out", "success")
    response = make_response(redirect(url_for("auth.login")))
    response.delete_cookie(SESSION_COOKIE_NAME)
--- a/app/auth/views/mfa.py
+++ b/app/auth/views/mfa.py
@ -55,7 +55,7 @@ def mfa():
        browser = MfaBrowser.get_by(token=request.cookies.get("mfa"))
        if browser and not browser.is_expired() and browser.user_id == user.id:
            login_user(user)
-            flash("Welcome back!", "success")
+            flash(f"Welcome back!", "success")
            # Redirect user to correct page
            return redirect(next_url or url_for("dashboard.index"))
        else:
@ -67,13 +67,13 @@ def mfa():

        token = otp_token_form.token.data.replace(" ", "")

-        if totp.verify(token, valid_window=2) and user.last_otp != token:
+        if totp.verify(token) and user.last_otp != token:
            del session[MFA_USER_ID]
            user.last_otp = token
            Session.commit()

            login_user(user)
-            flash("Welcome back!", "success")
+            flash(f"Welcome back!", "success")

            # Redirect user to correct page
            response = make_response(redirect(next_url or url_for("dashboard.index")))
--- a/app/auth/views/oidc.py
+++ b/app/auth/views/oidc.py
@ -1,135 +0,0 @@
-from flask import request, session, redirect, flash, url_for
-from requests_oauthlib import OAuth2Session
-
-import requests
-
-from app import config
-from app.auth.base import auth_bp
-from app.auth.views.login_utils import after_login
-from app.config import (
-    URL,
-    OIDC_SCOPES,
-    OIDC_NAME_FIELD,
-)
-from app.db import Session
-from app.email_utils import send_welcome_email
-from app.log import LOG
-from app.models import User, SocialAuth
-from app.utils import sanitize_email, sanitize_next_url
-
-
-# need to set explicitly redirect_uri instead of leaving the lib to pre-fill redirect_uri
-# when served behind nginx, the redirect_uri is localhost... and not the real url
-redirect_uri = URL + "/auth/oidc/callback"
-
-SESSION_STATE_KEY = "oauth_state"
-SESSION_NEXT_KEY = "oauth_redirect_next"
-
-
-@auth_bp.route("/oidc/login")
-def oidc_login():
-    if config.OIDC_CLIENT_ID is None or config.OIDC_CLIENT_SECRET is None:
-        return redirect(url_for("auth.login"))
-
-    next_url = sanitize_next_url(request.args.get("next"))
-
-    auth_url = requests.get(config.OIDC_WELL_KNOWN_URL).json()["authorization_endpoint"]
-
-    oidc = OAuth2Session(
-        config.OIDC_CLIENT_ID, scope=[OIDC_SCOPES], redirect_uri=redirect_uri
-    )
-    authorization_url, state = oidc.authorization_url(auth_url)
-
-    # State is used to prevent CSRF, keep this for later.
-    session[SESSION_STATE_KEY] = state
-    session[SESSION_NEXT_KEY] = next_url
-    return redirect(authorization_url)
-
-
-@auth_bp.route("/oidc/callback")
-def oidc_callback():
-    if SESSION_STATE_KEY not in session:
-        flash("Invalid state, please retry", "error")
-        return redirect(url_for("auth.login"))
-    if config.OIDC_CLIENT_ID is None or config.OIDC_CLIENT_SECRET is None:
-        return redirect(url_for("auth.login"))
-
-    # user clicks on cancel
-    if "error" in request.args:
-        flash("Please use another sign in method then", "warning")
-        return redirect("/")
-
-    oidc_configuration = requests.get(config.OIDC_WELL_KNOWN_URL).json()
-    user_info_url = oidc_configuration["userinfo_endpoint"]
-    token_url = oidc_configuration["token_endpoint"]
-
-    oidc = OAuth2Session(
-        config.OIDC_CLIENT_ID,
-        state=session[SESSION_STATE_KEY],
-        scope=[OIDC_SCOPES],
-        redirect_uri=redirect_uri,
-    )
-    oidc.fetch_token(
-        token_url,
-        client_secret=config.OIDC_CLIENT_SECRET,
-        authorization_response=request.url,
-    )
-
-    oidc_user_data = oidc.get(user_info_url)
-    if oidc_user_data.status_code != 200:
-        LOG.e(
-            f"cannot get oidc user data {oidc_user_data.status_code} {oidc_user_data.text}"
-        )
-        flash(
-            "Cannot get user data from OIDC, please use another way to login/sign up",
-            "error",
-        )
-        return redirect(url_for("auth.login"))
-    oidc_user_data = oidc_user_data.json()
-
-    email = oidc_user_data.get("email")
-
-    if not email:
-        LOG.e(f"cannot get email for OIDC user {oidc_user_data} {email}")
-        flash(
-            "Cannot get a valid email from OIDC, please another way to login/sign up",
-            "error",
-        )
-        return redirect(url_for("auth.login"))
-
-    email = sanitize_email(email)
-    user = User.get_by(email=email)
-
-    if not user and config.DISABLE_REGISTRATION:
-        flash(
-            "Sorry you cannot sign up via the OIDC provider. Please sign-up first with your email.",
-            "error",
-        )
-        return redirect(url_for("auth.register"))
-    elif not user:
-        user = create_user(email, oidc_user_data)
-
-    if not SocialAuth.get_by(user_id=user.id, social="oidc"):
-        SocialAuth.create(user_id=user.id, social="oidc")
-        Session.commit()
-
-    # The activation link contains the original page, for ex authorize page
-    next_url = session[SESSION_NEXT_KEY]
-    session[SESSION_NEXT_KEY] = None
-
-    return after_login(user, next_url)
-
-
-def create_user(email, oidc_user_data):
-    new_user = User.create(
-        email=email,
-        name=oidc_user_data.get(OIDC_NAME_FIELD),
-        password="",
-        activated=True,
-    )
-    LOG.i(f"Created new user for login request from OIDC. New user {new_user.id}")
-    Session.commit()
-
-    send_welcome_email(new_user)
-
-    return new_user
--- a/app/auth/views/proton.py
+++ b/app/auth/views/proton.py
@ -3,7 +3,6 @@ from flask import request, session, redirect, flash, url_for
 from flask_limiter.util import get_remote_address
 from flask_login import current_user
 from requests_oauthlib import OAuth2Session
-from typing import Optional

 from app.auth.base import auth_bp
 from app.auth.views.login_utils import after_login
@ -17,14 +16,13 @@ from app.config import (
    URL,
 )
 from app.log import LOG
-from app.models import ApiKey, User
 from app.proton.proton_client import HttpProtonClient, convert_access_token
 from app.proton.proton_callback_handler import (
    ProtonCallbackHandler,
    Action,
 )
 from app.proton.utils import get_proton_partner
-from app.utils import sanitize_next_url, sanitize_scheme
+from app.utils import sanitize_next_url

 _authorization_base_url = PROTON_BASE_URL + "/oauth/authorize"
 _token_url = PROTON_BASE_URL + "/oauth/token"
@ -35,28 +33,15 @@ _redirect_uri = URL + "/auth/proton/callback"

 SESSION_ACTION_KEY = "oauth_action"
 SESSION_STATE_KEY = "oauth_state"
-DEFAULT_SCHEME = "auth.simplelogin"


-def get_api_key_for_user(user: User) -> str:
-    ak = ApiKey.create(
-        user_id=user.id,
-        name="Created via Login with Proton on mobile app",
-        commit=True,
-    )
-    return ak.code
-
-
-def extract_action() -> Optional[Action]:
+def extract_action() -> Action:
    action = request.args.get("action")
    if action is not None:
        if action == "link":
            return Action.Link
-        elif action == "login":
-            return Action.Login
        else:
-            LOG.w(f"Unknown action received: {action}")
-            return None
+            raise Exception(f"Unknown action: {action}")
    return Action.Login


@ -74,36 +59,17 @@ def proton_login():
    if PROTON_CLIENT_ID is None or PROTON_CLIENT_SECRET is None:
        return redirect(url_for("auth.login"))

-    action = extract_action()
-    if action is None:
-        return redirect(url_for("auth.login"))
-    if action == Action.Link and not current_user.is_authenticated:
-        return redirect(url_for("auth.login"))
-
    next_url = sanitize_next_url(request.args.get("next"))
    if next_url:
        session["oauth_next"] = next_url
    elif "oauth_next" in session:
        del session["oauth_next"]
-
-    scheme = sanitize_scheme(request.args.get("scheme"))
-    if scheme:
-        session["oauth_scheme"] = scheme
-    elif "oauth_scheme" in session:
-        del session["oauth_scheme"]
-
-    mode = request.args.get("mode", "session")
-    if mode == "apikey":
-        session["oauth_mode"] = "apikey"
-    else:
-        session["oauth_mode"] = "session"
-
    proton = OAuth2Session(PROTON_CLIENT_ID, redirect_uri=_redirect_uri)
    authorization_url, state = proton.authorization_url(_authorization_base_url)

    # State is used to prevent CSRF, keep this for later.
    session[SESSION_STATE_KEY] = state
-    session[SESSION_ACTION_KEY] = action.value
+    session[SESSION_ACTION_KEY] = extract_action().value
    return redirect(authorization_url)


@ -163,7 +129,6 @@ def proton_callback():
    handler = ProtonCallbackHandler(proton_client)
    proton_partner = get_proton_partner()

-    next_url = session.get("oauth_next")
    if action == Action.Login:
        res = handler.handle_login(proton_partner)
    elif action == Action.Link:
@ -174,17 +139,11 @@ def proton_callback():
    if res.flash_message is not None:
        flash(res.flash_message, res.flash_category)

-    oauth_scheme = session.get("oauth_scheme")
-    if session.get("oauth_mode", "session") == "apikey":
-        apikey = get_api_key_for_user(res.user)
-        scheme = oauth_scheme or DEFAULT_SCHEME
-        return redirect(f"{scheme}:///login?apikey={apikey}")
-
    if res.redirect_to_login:
        return redirect(url_for("auth.login"))

-    if next_url and next_url[0] == "/" and oauth_scheme:
-        next_url = f"{oauth_scheme}://{next_url}"
+    if res.redirect:
+        return after_login(res.user, res.redirect, login_from_proton=True)

-    redirect_url = next_url or res.redirect
-    return after_login(res.user, redirect_url, login_from_proton=True)
+    next_url = session.get("oauth_next")
+    return after_login(res.user, next_url, login_from_proton=True)
--- a/app/auth/views/recovery.py
+++ b/app/auth/views/recovery.py
@ -42,7 +42,7 @@ def recovery_route():

    if recovery_form.validate_on_submit():
        code = recovery_form.code.data
-        recovery_code = RecoveryCode.find_by_user_code(user, code)
+        recovery_code = RecoveryCode.get_by(user_id=user.id, code=code)

        if recovery_code:
            if recovery_code.used:
@ -53,7 +53,7 @@ def recovery_route():
                del session[MFA_USER_ID]

                login_user(user)
-                flash("Welcome back!", "success")
+                flash(f"Welcome back!", "success")

                recovery_code.used = True
                recovery_code.used_at = arrow.now()
--- a/app/auth/views/register.py
+++ b/app/auth/views/register.py
@ -6,7 +6,7 @@ from wtforms import StringField, validators

 from app import email_utils, config
 from app.auth.base import auth_bp
-from app.config import CONNECT_WITH_PROTON, CONNECT_WITH_OIDC_ICON
+from app.config import CONNECT_WITH_PROTON
 from app.auth.views.login_utils import get_referral
 from app.config import URL, HCAPTCHA_SECRET, HCAPTCHA_SITEKEY
 from app.db import Session
@ -16,8 +16,8 @@ from app.email_utils import (
 )
 from app.events.auth_event import RegisterEvent
 from app.log import LOG
-from app.models import User, ActivationCode, DailyMetric
-from app.utils import random_string, encode_url, sanitize_email, canonicalize_email
+from app.models import User, ActivationCode
+from app.utils import random_string, encode_url, sanitize_email


 class RegisterForm(FlaskForm):
@ -70,22 +70,19 @@ def register():
                    HCAPTCHA_SITEKEY=HCAPTCHA_SITEKEY,
                )

-        email = canonicalize_email(form.email.data)
+        email = sanitize_email(form.email.data)
        if not email_can_be_used_as_mailbox(email):
            flash("You cannot use this email address as your personal inbox.", "error")
            RegisterEvent(RegisterEvent.ActionType.email_in_use).send()
        else:
-            sanitized_email = sanitize_email(form.email.data)
-            if personal_email_already_used(email) or personal_email_already_used(
-                sanitized_email
-            ):
+            if personal_email_already_used(email):
                flash(f"Email {email} already used", "error")
                RegisterEvent(RegisterEvent.ActionType.email_in_use).send()
            else:
                LOG.d("create user %s", email)
                user = User.create(
                    email=email,
-                    name=form.email.data,
+                    name="",
                    password=form.password.data,
                    referral=get_referral(),
                )
@ -94,8 +91,6 @@ def register():
                try:
                    send_activation_email(user, next_url)
                    RegisterEvent(RegisterEvent.ActionType.success).send()
-                    DailyMetric.get_or_create_today_metric().nb_new_web_non_proton_user += 1
-                    Session.commit()
                except Exception:
                    flash("Invalid email, are you sure the email is correct?", "error")
                    RegisterEvent(RegisterEvent.ActionType.invalid_email).send()
@ -109,8 +104,6 @@ def register():
        next_url=next_url,
        HCAPTCHA_SITEKEY=HCAPTCHA_SITEKEY,
        connect_with_proton=CONNECT_WITH_PROTON,
-        connect_with_oidc=config.OIDC_CLIENT_ID is not None,
-        connect_with_oidc_icon=CONNECT_WITH_OIDC_ICON,
    )


--- a/app/auth/views/resend_activation.py
+++ b/app/auth/views/resend_activation.py
@ -4,10 +4,9 @@ from wtforms import StringField, validators

 from app.auth.base import auth_bp
 from app.auth.views.register import send_activation_email
-from app.extensions import limiter
 from app.log import LOG
 from app.models import User
-from app.utils import sanitize_email, canonicalize_email
+from app.utils import sanitize_email


 class ResendActivationForm(FlaskForm):
@ -15,14 +14,11 @@ class ResendActivationForm(FlaskForm):


@auth_bp.route("/resend_activation", methods=["GET", "POST"])
-@limiter.limit("10/hour")
 def resend_activation():
    form = ResendActivationForm(request.form)

    if form.validate_on_submit():
-        email = sanitize_email(form.email.data)
-        canonical_email = canonicalize_email(email)
-        user = User.get_by(email=email) or User.get_by(email=canonical_email)
+        user = User.filter_by(email=sanitize_email(form.email.data)).first()

        if not user:
            flash("There is no such email", "warning")
--- a/app/auth/views/reset_password.py
+++ b/app/auth/views/reset_password.py
@ -60,8 +60,8 @@ def reset_password():
        # this can be served to activate user too
        user.activated = True

-        # remove all reset password codes
-        ResetPasswordCode.filter_by(user_id=user.id).delete()
+        # remove the reset password code
+        ResetPasswordCode.delete(reset_password_code.id)

        # change the alternative_id to log user out on other browsers
        user.alternative_id = str(uuid.uuid4())
--- a/app/config.py
+++ b/app/config.py
@ -8,6 +8,7 @@ from urllib.parse import urlparse

 from dotenv import load_dotenv

+
 ROOT_DIR = os.path.abspath(os.path.dirname(os.path.dirname(__file__)))


@ -111,16 +112,13 @@ POSTFIX_SERVER = os.environ.get("POSTFIX_SERVER", "240.0.0.1")
 DISABLE_REGISTRATION = "DISABLE_REGISTRATION" in os.environ

 # allow using a different postfix port, useful when developing locally
+POSTFIX_PORT = 25
+if "POSTFIX_PORT" in os.environ:
+    POSTFIX_PORT = int(os.environ["POSTFIX_PORT"])

 # Use port 587 instead of 25 when sending emails through Postfix
 # Useful when calling Postfix from an external network
 POSTFIX_SUBMISSION_TLS = "POSTFIX_SUBMISSION_TLS" in os.environ
-if POSTFIX_SUBMISSION_TLS:
-    default_postfix_port = 587
-else:
-    default_postfix_port = 25
-POSTFIX_PORT = int(os.environ.get("POSTFIX_PORT", default_postfix_port))
-POSTFIX_TIMEOUT = os.environ.get("POSTFIX_TIMEOUT", 3)

 # ["domain1.com", "domain2.com"]
 OTHER_ALIAS_DOMAINS = sl_getenv("OTHER_ALIAS_DOMAINS", list)
@ -163,7 +161,6 @@ if "DKIM_PRIVATE_KEY_PATH" in os.environ:

 # Database
 DB_URI = os.environ["DB_URI"]
-DB_CONN_NAME = os.environ.get("DB_CONN_NAME", "webapp")

 # Flask secret
 FLASK_SECRET = os.environ["FLASK_SECRET"]
@ -179,7 +176,6 @@ AWS_REGION = os.environ.get("AWS_REGION") or "eu-west-3"
 BUCKET = os.environ.get("BUCKET")
 AWS_ACCESS_KEY_ID = os.environ.get("AWS_ACCESS_KEY_ID")
 AWS_SECRET_ACCESS_KEY = os.environ.get("AWS_SECRET_ACCESS_KEY")
-AWS_ENDPOINT_URL = os.environ.get("AWS_ENDPOINT_URL", None)

 # Paddle
 try:
@ -234,7 +230,7 @@ else:

    print("WARNING: Use a temp directory for GNUPGHOME", GNUPGHOME)

-# Github, Google, Facebook, OIDC client id and secrets
+# Github, Google, Facebook client id and secrets
 GITHUB_CLIENT_ID = os.environ.get("GITHUB_CLIENT_ID")
 GITHUB_CLIENT_SECRET = os.environ.get("GITHUB_CLIENT_SECRET")

@ -244,13 +240,6 @@ GOOGLE_CLIENT_SECRET = os.environ.get("GOOGLE_CLIENT_SECRET")
 FACEBOOK_CLIENT_ID = os.environ.get("FACEBOOK_CLIENT_ID")
 FACEBOOK_CLIENT_SECRET = os.environ.get("FACEBOOK_CLIENT_SECRET")

-CONNECT_WITH_OIDC_ICON = os.environ.get("CONNECT_WITH_OIDC_ICON")
-OIDC_WELL_KNOWN_URL = os.environ.get("OIDC_WELL_KNOWN_URL")
-OIDC_CLIENT_ID = os.environ.get("OIDC_CLIENT_ID")
-OIDC_CLIENT_SECRET = os.environ.get("OIDC_CLIENT_SECRET")
-OIDC_SCOPES = os.environ.get("OIDC_SCOPES")
-OIDC_NAME_FIELD = os.environ.get("OIDC_NAME_FIELD", "name")
-
 PROTON_CLIENT_ID = os.environ.get("PROTON_CLIENT_ID")
 PROTON_CLIENT_SECRET = os.environ.get("PROTON_CLIENT_SECRET")
 PROTON_BASE_URL = os.environ.get(
@ -260,6 +249,10 @@ PROTON_VALIDATE_CERTS = "PROTON_VALIDATE_CERTS" in os.environ
 CONNECT_WITH_PROTON = "CONNECT_WITH_PROTON" in os.environ
 PROTON_EXTRA_HEADER_NAME = os.environ.get("PROTON_EXTRA_HEADER_NAME")
 PROTON_EXTRA_HEADER_VALUE = os.environ.get("PROTON_EXTRA_HEADER_VALUE")
+CONNECT_WITH_PROTON_COOKIE_NAME = os.environ.get(
+    "CONNECT_WITH_PROTON_COOKIE_NAME", "enable-proton"
+)
+PROTON_ALLOW_INTERNAL_LINK = "PROTON_ALLOW_INTERNAL_LINK" in os.environ

 # in seconds
 AVATAR_URL_EXPIRATION = 3600 * 24 * 7  # 1h*24h/d*7d=1week
@ -281,7 +274,6 @@ JOB_DELETE_MAILBOX = "delete-mailbox"
 JOB_DELETE_DOMAIN = "delete-domain"
 JOB_SEND_USER_REPORT = "send-user-report"
 JOB_SEND_PROTON_WELCOME_1 = "proton-welcome-1"
-JOB_SEND_ALIAS_CREATION_EVENTS = "send-alias-creation-events"

 # for pagination
 PAGE_LIMIT = 20
@ -366,7 +358,6 @@ ALERT_COMPLAINT_TRANSACTIONAL_PHASE = "alert_complaint_transactional_phase"
 ALERT_QUARANTINE_DMARC = "alert_quarantine_dmarc"

 ALERT_DUAL_SUBSCRIPTION_WITH_PARTNER = "alert_dual_sub_with_partner"
-ALERT_WARN_MULTIPLE_SUBSCRIPTIONS = "alert_multiple_subscription"

 # <<<<< END ALERT EMAIL >>>>

@ -429,11 +420,6 @@ try:
 except Exception:
    HIBP_SCAN_INTERVAL_DAYS = 7
 HIBP_API_KEYS = sl_getenv("HIBP_API_KEYS", list) or []
-HIBP_MAX_ALIAS_CHECK = 10_000
-HIBP_RPM = int(os.environ.get("HIBP_API_RPM", 100))
-HIBP_SKIP_PARTNER_ALIAS = os.environ.get("HIBP_SKIP_PARTNER_ALIAS")
-
-KEEP_OLD_DATA_DAYS = 30

 POSTMASTER = os.environ.get("POSTMASTER")

@ -502,34 +488,7 @@ def setup_nameservers():

 NAMESERVERS = setup_nameservers()

-DISABLE_CREATE_CONTACTS_FOR_FREE_USERS = os.environ.get(
-    "DISABLE_CREATE_CONTACTS_FOR_FREE_USERS", False
-)
-
-
-# Expect format hits,seconds:hits,seconds...
-# Example 1,10:4,60 means 1 in the last 10 secs or 4 in the last 60 secs
-def getRateLimitFromConfig(
-    env_var: string, default: string = ""
-) -> list[tuple[int, int]]:
-    value = os.environ.get(env_var, default)
-    if not value:
-        return []
-    entries = [entry for entry in value.split(":")]
-    limits = []
-    for entry in entries:
-        fields = entry.split(",")
-        limit = (int(fields[0]), int(fields[1]))
-        limits.append(limit)
-    return limits
-
-
-ALIAS_CREATE_RATE_LIMIT_FREE = getRateLimitFromConfig(
-    "ALIAS_CREATE_RATE_LIMIT_FREE", "10,900:50,3600"
-)
-ALIAS_CREATE_RATE_LIMIT_PAID = getRateLimitFromConfig(
-    "ALIAS_CREATE_RATE_LIMIT_PAID", "50,900:200,3600"
-)
+DISABLE_CREATE_CONTACTS_FOR_FREE_USERS = False
 PARTNER_API_TOKEN_SECRET = os.environ.get("PARTNER_API_TOKEN_SECRET") or (
    FLASK_SECRET + "partnerapitoken"
 )
@ -539,52 +498,3 @@ JOB_TAKEN_RETRY_WAIT_MINS = 30

 # MEM_STORE
 MEM_STORE_URI = os.environ.get("MEM_STORE_URI", None)
-
-# Recovery codes hash salt
-RECOVERY_CODE_HMAC_SECRET = os.environ.get("RECOVERY_CODE_HMAC_SECRET") or (
-    FLASK_SECRET + "generatearandomtoken"
-)
-if not RECOVERY_CODE_HMAC_SECRET or len(RECOVERY_CODE_HMAC_SECRET) < 16:
-    raise RuntimeError(
-        "Please define RECOVERY_CODE_HMAC_SECRET in your configuration with a random string at least 16 chars long"
-    )
-
-
-# the minimum rspamd spam score above which emails that fail DMARC should be quarantined
-if "MIN_RSPAMD_SCORE_FOR_FAILED_DMARC" in os.environ:
-    MIN_RSPAMD_SCORE_FOR_FAILED_DMARC = float(
-        os.environ["MIN_RSPAMD_SCORE_FOR_FAILED_DMARC"]
-    )
-else:
-    MIN_RSPAMD_SCORE_FOR_FAILED_DMARC = None
-
-# run over all reverse alias for an alias and replace them with sender address
-ENABLE_ALL_REVERSE_ALIAS_REPLACEMENT = (
-    "ENABLE_ALL_REVERSE_ALIAS_REPLACEMENT" in os.environ
-)
-
-if ENABLE_ALL_REVERSE_ALIAS_REPLACEMENT:
-    # max number of reverse alias that can be replaced
-    MAX_NB_REVERSE_ALIAS_REPLACEMENT = int(
-        os.environ["MAX_NB_REVERSE_ALIAS_REPLACEMENT"]
-    )
-
-# Only used for tests
-SKIP_MX_LOOKUP_ON_CHECK = False
-
-DISABLE_RATE_LIMIT = "DISABLE_RATE_LIMIT" in os.environ
-
-SUBSCRIPTION_CHANGE_WEBHOOK = os.environ.get("SUBSCRIPTION_CHANGE_WEBHOOK", None)
-MAX_API_KEYS = int(os.environ.get("MAX_API_KEYS", 30))
-
-UPCLOUD_USERNAME = os.environ.get("UPCLOUD_USERNAME", None)
-UPCLOUD_PASSWORD = os.environ.get("UPCLOUD_PASSWORD", None)
-UPCLOUD_DB_ID = os.environ.get("UPCLOUD_DB_ID", None)
-
-STORE_TRANSACTIONAL_EMAILS = "STORE_TRANSACTIONAL_EMAILS" in os.environ
-
-EVENT_WEBHOOK = os.environ.get("EVENT_WEBHOOK", None)
-
-# We want it disabled by default, so only skip if defined
-EVENT_WEBHOOK_SKIP_VERIFY_SSL = "EVENT_WEBHOOK_SKIP_VERIFY_SSL" in os.environ
-EVENT_WEBHOOK_DISABLE = "EVENT_WEBHOOK_DISABLE" in os.environ
--- a/app/custom_domain_validation.py
+++ b/app/custom_domain_validation.py
@ -1,37 +0,0 @@
-from app.db import Session
-from app.dns_utils import get_cname_record
-from app.models import CustomDomain
-
-
-class CustomDomainValidation:
-    def __init__(self, dkim_domain: str):
-        self.dkim_domain = dkim_domain
-        self._dkim_records = {
-            (f"{key}._domainkey", f"{key}._domainkey.{self.dkim_domain}")
-            for key in ("dkim", "dkim02", "dkim03")
-        }
-
-    def get_dkim_records(self) -> {str: str}:
-        """
-        Get a list of dkim records to set up. It will be
-
-        """
-        return self._dkim_records
-
-    def validate_dkim_records(self, custom_domain: CustomDomain) -> dict[str, str]:
-        """
-        Check if dkim records are properly set for this custom domain.
-        Returns empty list if all records are ok. Other-wise return the records that aren't properly configured
-        """
-        invalid_records = {}
-        for prefix, expected_record in self.get_dkim_records():
-            custom_record = f"{prefix}.{custom_domain.domain}"
-            dkim_record = get_cname_record(custom_record)
-            if dkim_record != expected_record:
-                invalid_records[custom_record] = dkim_record or "empty"
-        # HACK: If dkim is enabled, don't disable it to give users time to update their CNAMES
-        if custom_domain.dkim_verified:
-            return invalid_records
-        custom_domain.dkim_verified = len(invalid_records) == 0
-        Session.commit()
-        return invalid_records
--- a/app/dashboard/init.py
+++ b/app/dashboard/init.py
@ -6,7 +6,6 @@ from .views import (
    subdomain,
    billing,
    alias_log,
-    alias_export,
    unsubscribe,
    api_key,
    custom_domain,
@ -24,6 +23,7 @@ from .views import (
    mailbox_detail,
    refused_email,
    referral,
+    recovery_code,
    contact_detail,
    setup_done,
    batch_import,
@ -32,42 +32,4 @@ from .views import (
    delete_account,
    notification,
    support,
-    account_setting,
 )
-
-__all__ = [
-    "index",
-    "pricing",
-    "setting",
-    "custom_alias",
-    "subdomain",
-    "billing",
-    "alias_log",
-    "alias_export",
-    "unsubscribe",
-    "api_key",
-    "custom_domain",
-    "alias_contact_manager",
-    "enter_sudo",
-    "mfa_setup",
-    "mfa_cancel",
-    "fido_setup",
-    "coupon",
-    "fido_manage",
-    "domain_detail",
-    "lifetime_licence",
-    "directory",
-    "mailbox",
-    "mailbox_detail",
-    "refused_email",
-    "referral",
-    "contact_detail",
-    "setup_done",
-    "batch_import",
-    "alias_transfer",
-    "app",
-    "delete_account",
-    "notification",
-    "support",
-    "account_setting",
-]
--- a/app/dashboard/views/account_setting.py
+++ b/app/dashboard/views/account_setting.py
@ -1,242 +0,0 @@
-import arrow
-from flask import (
-    render_template,
-    request,
-    redirect,
-    url_for,
-    flash,
-)
-from flask_login import login_required, current_user
-
-from app import email_utils
-from app.config import (
-    URL,
-    FIRST_ALIAS_DOMAIN,
-    ALIAS_RANDOM_SUFFIX_LENGTH,
-    CONNECT_WITH_PROTON,
-)
-from app.dashboard.base import dashboard_bp
-from app.dashboard.views.enter_sudo import sudo_required
-from app.dashboard.views.mailbox_detail import ChangeEmailForm
-from app.db import Session
-from app.email_utils import (
-    email_can_be_used_as_mailbox,
-    personal_email_already_used,
-)
-from app.extensions import limiter
-from app.jobs.export_user_data_job import ExportUserDataJob
-from app.log import LOG
-from app.models import (
-    BlockBehaviourEnum,
-    PlanEnum,
-    ResetPasswordCode,
-    EmailChange,
-    User,
-    Alias,
-    AliasGeneratorEnum,
-    SenderFormatEnum,
-    UnsubscribeBehaviourEnum,
-)
-from app.proton.utils import perform_proton_account_unlink
-from app.utils import (
-    random_string,
-    CSRFValidationForm,
-    canonicalize_email,
-)
-
-
-@dashboard_bp.route("/account_setting", methods=["GET", "POST"])
-@login_required
-@sudo_required
-@limiter.limit("5/minute", methods=["POST"])
-def account_setting():
-    change_email_form = ChangeEmailForm()
-    csrf_form = CSRFValidationForm()
-
-    email_change = EmailChange.get_by(user_id=current_user.id)
-    if email_change:
-        pending_email = email_change.new_email
-    else:
-        pending_email = None
-
-    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(url_for("dashboard.setting"))
-        if request.form.get("form-name") == "update-email":
-            if change_email_form.validate():
-                # whether user can proceed with the email update
-                new_email_valid = True
-                new_email = canonicalize_email(change_email_form.email.data)
-                if new_email != current_user.email and not pending_email:
-                    # check if this email is not already used
-                    if personal_email_already_used(new_email) or Alias.get_by(
-                        email=new_email
-                    ):
-                        flash(f"Email {new_email} already used", "error")
-                        new_email_valid = False
-                    elif not email_can_be_used_as_mailbox(new_email):
-                        flash(
-                            "You cannot use this email address as your personal inbox.",
-                            "error",
-                        )
-                        new_email_valid = False
-                    # a pending email change with the same email exists from another user
-                    elif EmailChange.get_by(new_email=new_email):
-                        other_email_change: EmailChange = EmailChange.get_by(
-                            new_email=new_email
-                        )
-                        LOG.w(
-                            "Another user has a pending %s with the same email address. Current user:%s",
-                            other_email_change,
-                            current_user,
-                        )
-
-                        if other_email_change.is_expired():
-                            LOG.d(
-                                "delete the expired email change %s", other_email_change
-                            )
-                            EmailChange.delete(other_email_change.id)
-                            Session.commit()
-                        else:
-                            flash(
-                                "You cannot use this email address as your personal inbox.",
-                                "error",
-                            )
-                            new_email_valid = False
-
-                    if new_email_valid:
-                        email_change = EmailChange.create(
-                            user_id=current_user.id,
-                            code=random_string(
-                                60
-                            ),  # todo: make sure the code is unique
-                            new_email=new_email,
-                        )
-                        Session.commit()
-                        send_change_email_confirmation(current_user, email_change)
-                        flash(
-                            "A confirmation email is on the way, please check your inbox",
-                            "success",
-                        )
-                        return redirect(url_for("dashboard.account_setting"))
-        elif request.form.get("form-name") == "change-password":
-            flash(
-                "You are going to receive an email containing instructions to change your password",
-                "success",
-            )
-            send_reset_password_email(current_user)
-            return redirect(url_for("dashboard.account_setting"))
-        elif request.form.get("form-name") == "send-full-user-report":
-            if ExportUserDataJob(current_user).store_job_in_db():
-                flash(
-                    "You will receive your SimpleLogin data via email shortly",
-                    "success",
-                )
-            else:
-                flash("An export of your data is currently in progress", "error")
-
-    partner_sub = None
-    partner_name = None
-
-    return render_template(
-        "dashboard/account_setting.html",
-        csrf_form=csrf_form,
-        PlanEnum=PlanEnum,
-        SenderFormatEnum=SenderFormatEnum,
-        BlockBehaviourEnum=BlockBehaviourEnum,
-        change_email_form=change_email_form,
-        pending_email=pending_email,
-        AliasGeneratorEnum=AliasGeneratorEnum,
-        UnsubscribeBehaviourEnum=UnsubscribeBehaviourEnum,
-        partner_sub=partner_sub,
-        partner_name=partner_name,
-        FIRST_ALIAS_DOMAIN=FIRST_ALIAS_DOMAIN,
-        ALIAS_RAND_SUFFIX_LENGTH=ALIAS_RANDOM_SUFFIX_LENGTH,
-        connect_with_proton=CONNECT_WITH_PROTON,
-    )
-
-
-def send_reset_password_email(user):
-    """
-    generate a new ResetPasswordCode and send it over email to user
-    """
-    # the activation code is valid for 1h
-    reset_password_code = ResetPasswordCode.create(
-        user_id=user.id, code=random_string(60)
-    )
-    Session.commit()
-
-    reset_password_link = f"{URL}/auth/reset_password?code={reset_password_code.code}"
-
-    email_utils.send_reset_password_email(user.email, reset_password_link)
-
-
-def send_change_email_confirmation(user: User, email_change: EmailChange):
-    """
-    send confirmation email to the new email address
-    """
-
-    link = f"{URL}/auth/change_email?code={email_change.code}"
-
-    email_utils.send_change_email(email_change.new_email, user.email, link)
-
-
-@dashboard_bp.route("/resend_email_change", methods=["GET", "POST"])
-@limiter.limit("5/hour")
-@login_required
-@sudo_required
-def resend_email_change():
-    form = CSRFValidationForm()
-    if not form.validate():
-        flash("Invalid request. Please try again", "warning")
-        return redirect(url_for("dashboard.setting"))
-    email_change = EmailChange.get_by(user_id=current_user.id)
-    if email_change:
-        # extend email change expiration
-        email_change.expired = arrow.now().shift(hours=12)
-        Session.commit()
-
-        send_change_email_confirmation(current_user, email_change)
-        flash("A confirmation email is on the way, please check your inbox", "success")
-        return redirect(url_for("dashboard.setting"))
-    else:
-        flash(
-            "You have no pending email change. Redirect back to Setting page", "warning"
-        )
-        return redirect(url_for("dashboard.setting"))
-
-
-@dashboard_bp.route("/cancel_email_change", methods=["GET", "POST"])
-@login_required
-@sudo_required
-def cancel_email_change():
-    form = CSRFValidationForm()
-    if not form.validate():
-        flash("Invalid request. Please try again", "warning")
-        return redirect(url_for("dashboard.setting"))
-    email_change = EmailChange.get_by(user_id=current_user.id)
-    if email_change:
-        EmailChange.delete(email_change.id)
-        Session.commit()
-        flash("Your email change is cancelled", "success")
-        return redirect(url_for("dashboard.setting"))
-    else:
-        flash(
-            "You have no pending email change. Redirect back to Setting page", "warning"
-        )
-        return redirect(url_for("dashboard.setting"))
-
-
-@dashboard_bp.route("/unlink_proton_account", methods=["POST"])
-@login_required
-@sudo_required
-def unlink_proton_account():
-    csrf_form = CSRFValidationForm()
-    if not csrf_form.validate():
-        flash("Invalid request", "warning")
-        return redirect(url_for("dashboard.setting"))
-
-    perform_proton_account_unlink(current_user)
-    flash("Your Proton account has been unlinked", "success")
-    return redirect(url_for("dashboard.setting"))
--- a/app/dashboard/views/alias_contact_manager.py
+++ b/app/dashboard/views/alias_contact_manager.py
@ -9,14 +9,14 @@ from sqlalchemy import and_, func, case
 from wtforms import StringField, validators, ValidationError

 # Need to import directly from config to allow modification from the tests
-from app import config, parallel_limiter
+from app import config
 from app.dashboard.base import dashboard_bp
 from app.db import Session
 from app.email_utils import (
+    is_valid_email,
    generate_reply_email,
    parse_full_address,
 )
-from app.email_validation import is_valid_email
 from app.errors import (
    CannotCreateContactForReverseAlias,
    ErrContactErrorUpgradeNeeded,
@ -25,7 +25,7 @@ from app.errors import (
 )
 from app.log import LOG
 from app.models import Alias, Contact, EmailLog, User
-from app.utils import sanitize_email, CSRFValidationForm
+from app.utils import sanitize_email


 def email_validator():
@ -51,6 +51,14 @@ def email_validator():
    return _check


+def user_can_create_contacts(user: User) -> bool:
+    if user.is_premium():
+        return True
+    if user.flags & User.FLAG_FREE_DISABLE_CREATE_ALIAS == 0:
+        return True
+    return not config.DISABLE_CREATE_CONTACTS_FOR_FREE_USERS
+
+
 def create_contact(user: User, alias: Alias, contact_address: str) -> Contact:
    """
    Create a contact for a user. Can be restricted for new free users by enabling DISABLE_CREATE_CONTACTS_FOR_FREE_USERS.
@ -74,7 +82,7 @@ def create_contact(user: User, alias: Alias, contact_address: str) -> Contact:
    if contact:
        raise ErrContactAlreadyExists(contact)

-    if not user.can_create_contacts():
+    if not user_can_create_contacts(user):
        raise ErrContactErrorUpgradeNeeded()

    contact = Contact.create(
@ -82,7 +90,7 @@ def create_contact(user: User, alias: Alias, contact_address: str) -> Contact:
        alias_id=alias.id,
        website_email=contact_email,
        name=contact_name,
-        reply_email=generate_reply_email(contact_email, alias),
+        reply_email=generate_reply_email(contact_email, user),
    )

    LOG.d(
@ -223,7 +231,6 @@ def delete_contact(alias: Alias, contact_id: int):

@dashboard_bp.route("/alias_contact_manager/<int:alias_id>/", methods=["GET", "POST"])
@login_required
-@parallel_limiter.lock(name="contact_creation")
 def alias_contact_manager(alias_id):
    highlight_contact_id = None
    if request.args.get("highlight_contact_id"):
@ -251,12 +258,8 @@ def alias_contact_manager(alias_id):
        return redirect(url_for("dashboard.index"))

    new_contact_form = NewContactForm()
-    csrf_form = CSRFValidationForm()

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        if request.form.get("form-name") == "create":
            if new_contact_form.validate():
                contact_address = new_contact_form.email.data.strip()
@ -319,6 +322,5 @@ def alias_contact_manager(alias_id):
        last_page=last_page,
        query=query,
        nb_contact=nb_contact,
-        can_create_contacts=current_user.can_create_contacts(),
-        csrf_form=csrf_form,
+        can_create_contacts=user_can_create_contacts(current_user),
    )
--- a/app/dashboard/views/alias_export.py
+++ b/app/dashboard/views/alias_export.py
@ -1,13 +0,0 @@
-from app.dashboard.base import dashboard_bp
-from flask_login import login_required, current_user
-from app.alias_utils import alias_export_csv
-from app.dashboard.views.enter_sudo import sudo_required
-from app.extensions import limiter
-
-
-@dashboard_bp.route("/alias_export", methods=["GET"])
-@login_required
-@sudo_required
-@limiter.limit("2/minute")
-def alias_export_route():
-    return alias_export_csv(current_user)
--- a/app/dashboard/views/alias_log.py
+++ b/app/dashboard/views/alias_log.py
@ -87,6 +87,6 @@ def get_alias_log(alias: Alias, page_id=0) -> [AliasLog]:
            contact=contact,
        )
        logs.append(al)
-    logs = sorted(logs, key=lambda log: log.when, reverse=True)
+    logs = sorted(logs, key=lambda l: l.when, reverse=True)

    return logs
--- a/app/dashboard/views/alias_transfer.py
+++ b/app/dashboard/views/alias_transfer.py
@ -7,17 +7,76 @@ from flask import render_template, redirect, url_for, flash, request
 from flask_login import login_required, current_user

 from app import config
-from app.alias_utils import transfer_alias
 from app.dashboard.base import dashboard_bp
 from app.dashboard.views.enter_sudo import sudo_required
 from app.db import Session
+from app.email_utils import send_email, render
 from app.extensions import limiter
 from app.log import LOG
 from app.models import (
    Alias,
+    Contact,
+    AliasUsedOn,
+    AliasMailbox,
+    User,
+    ClientUser,
 )
 from app.models import Mailbox
-from app.utils import CSRFValidationForm
+
+
+def transfer(alias, new_user, new_mailboxes: [Mailbox]):
+    # cannot transfer alias which is used for receiving newsletter
+    if User.get_by(newsletter_alias_id=alias.id):
+        raise Exception("Cannot transfer alias that's used to receive newsletter")
+
+    # update user_id
+    Session.query(Contact).filter(Contact.alias_id == alias.id).update(
+        {"user_id": new_user.id}
+    )
+
+    Session.query(AliasUsedOn).filter(AliasUsedOn.alias_id == alias.id).update(
+        {"user_id": new_user.id}
+    )
+
+    Session.query(ClientUser).filter(ClientUser.alias_id == alias.id).update(
+        {"user_id": new_user.id}
+    )
+
+    # remove existing mailboxes from the alias
+    Session.query(AliasMailbox).filter(AliasMailbox.alias_id == alias.id).delete()
+
+    # set mailboxes
+    alias.mailbox_id = new_mailboxes.pop().id
+    for mb in new_mailboxes:
+        AliasMailbox.create(alias_id=alias.id, mailbox_id=mb.id)
+
+    # alias has never been transferred before
+    if not alias.original_owner_id:
+        alias.original_owner_id = alias.user_id
+
+    # inform previous owner
+    old_user = alias.user
+    send_email(
+        old_user.email,
+        f"Alias {alias.email} has been received",
+        render(
+            "transactional/alias-transferred.txt",
+            alias=alias,
+        ),
+        render(
+            "transactional/alias-transferred.html",
+            alias=alias,
+        ),
+    )
+
+    # now the alias belongs to the new user
+    alias.user_id = new_user.id
+
+    # set some fields back to default
+    alias.disable_pgp = False
+    alias.pinned = False
+
+    Session.commit()


 def hmac_alias_transfer_token(transfer_token: str) -> str:
@ -46,12 +105,8 @@ def alias_transfer_send_route(alias_id):
        return redirect(url_for("dashboard.index"))

    alias_transfer_url = None
-    csrf_form = CSRFValidationForm()

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        # generate a new transfer_token
        if request.form.get("form-name") == "create":
            transfer_token = f"{alias.id}.{secrets.token_urlsafe(32)}"
@ -78,7 +133,6 @@ def alias_transfer_send_route(alias_id):
        alias_transfer_url=alias_transfer_url,
        link_active=alias.transfer_token_expiration is not None
        and alias.transfer_token_expiration > arrow.utcnow(),
-        csrf_form=csrf_form,
    )


@ -154,13 +208,7 @@ def alias_transfer_receive_route():
            mailboxes,
            token,
        )
-        transfer_alias(alias, current_user, mailboxes)
-
-        # reset transfer token
-        alias.transfer_token = None
-        alias.transfer_token_expiration = None
-        Session.commit()
-
+        transfer(alias, current_user, mailboxes)
        flash(f"You are now owner of {alias.email}", "success")
        return redirect(url_for("dashboard.index", highlight_alias_id=alias.id))

--- a/app/dashboard/views/api_key.py
+++ b/app/dashboard/views/api_key.py
@ -3,47 +3,19 @@ from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators

-from app import config
 from app.dashboard.base import dashboard_bp
 from app.dashboard.views.enter_sudo import sudo_required
 from app.db import Session
-from app.extensions import limiter
 from app.models import ApiKey
-from app.utils import CSRFValidationForm


 class NewApiKeyForm(FlaskForm):
    name = StringField("Name", validators=[validators.DataRequired()])


-def clean_up_unused_or_old_api_keys(user_id: int):
-    total_keys = ApiKey.filter_by(user_id=user_id).count()
-    if total_keys <= config.MAX_API_KEYS:
-        return
-    # Remove oldest unused
-    for api_key in (
-        ApiKey.filter_by(user_id=user_id, last_used=None)
-        .order_by(ApiKey.created_at.asc())
-        .all()
-    ):
-        Session.delete(api_key)
-        total_keys -= 1
-        if total_keys <= config.MAX_API_KEYS:
-            return
-    # Clean up oldest used
-    for api_key in (
-        ApiKey.filter_by(user_id=user_id).order_by(ApiKey.last_used.asc()).all()
-    ):
-        Session.delete(api_key)
-        total_keys -= 1
-        if total_keys <= config.MAX_API_KEYS:
-            return
-
-
@dashboard_bp.route("/api_key", methods=["GET", "POST"])
@login_required
@sudo_required
-@limiter.limit("10/hour")
 def api_key():
    api_keys = (
        ApiKey.filter(ApiKey.user_id == current_user.id)
@ -51,13 +23,9 @@ def api_key():
        .all()
    )

-    csrf_form = CSRFValidationForm()
    new_api_key_form = NewApiKeyForm()

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        if request.form.get("form-name") == "delete":
            api_key_id = request.form.get("api-key-id")

@ -77,7 +45,6 @@ def api_key():

        elif request.form.get("form-name") == "create":
            if new_api_key_form.validate():
-                clean_up_unused_or_old_api_keys(current_user.id)
                new_api_key = ApiKey.create(
                    name=new_api_key_form.name.data, user_id=current_user.id
                )
@ -95,8 +62,5 @@ def api_key():
        return redirect(url_for("dashboard.api_key"))

    return render_template(
-        "dashboard/api_key.html",
-        api_keys=api_keys,
-        new_api_key_form=new_api_key_form,
-        csrf_form=csrf_form,
+        "dashboard/api_key.html", api_keys=api_keys, new_api_key_form=new_api_key_form
    )
--- a/app/dashboard/views/app.py
+++ b/app/dashboard/views/app.py
@ -1,9 +1,14 @@
+from app.db import Session
+
+"""
+List of apps that user has used via the "Sign in with SimpleLogin"
+"""
+
 from flask import render_template, request, flash, redirect
 from flask_login import login_required, current_user
 from sqlalchemy.orm import joinedload

 from app.dashboard.base import dashboard_bp
-from app.db import Session
 from app.models import (
    ClientUser,
 )
@ -12,10 +17,6 @@ from app.models import (
@dashboard_bp.route("/app", methods=["GET", "POST"])
@login_required
 def app_route():
-    """
-    List of apps that user has used via the "Sign in with SimpleLogin"
-    """
-
    client_users = (
        ClientUser.filter_by(user_id=current_user.id)
        .options(joinedload(ClientUser.client))
--- a/app/dashboard/views/batch_import.py
+++ b/app/dashboard/views/batch_import.py
@ -5,18 +5,14 @@ from flask_login import login_required, current_user
 from app import s3
 from app.config import JOB_BATCH_IMPORT
 from app.dashboard.base import dashboard_bp
-from app.dashboard.views.enter_sudo import sudo_required
 from app.db import Session
-from app.extensions import limiter
 from app.log import LOG
 from app.models import File, BatchImport, Job
-from app.utils import random_string, CSRFValidationForm
+from app.utils import random_string


@dashboard_bp.route("/batch_import", methods=["GET", "POST"])
@login_required
-@sudo_required
-@limiter.limit("10/minute", methods=["POST"])
 def batch_import_route():
    # only for users who have custom domains
    if not current_user.verified_custom_domains():
@ -29,25 +25,16 @@ def batch_import_route():
        )
        return redirect(url_for("dashboard.index"))

-    batch_imports = BatchImport.filter_by(
-        user_id=current_user.id, processed=False
-    ).all()
-
-    csrf_form = CSRFValidationForm()
+    batch_imports = BatchImport.filter_by(user_id=current_user.id).all()

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        if len(batch_imports) > 10:
            flash(
-                "You have too many imports already. Please wait until some get cleaned up",
+                "You have too many imports already. Wait until some get cleaned up",
                "error",
            )
            return render_template(
-                "dashboard/batch_import.html",
-                batch_imports=batch_imports,
-                csrf_form=csrf_form,
+                "dashboard/batch_import.html", batch_imports=batch_imports
            )

        alias_file = request.files["alias-file"]
@ -77,6 +64,4 @@ def batch_import_route():

        return redirect(url_for("dashboard.batch_import_route"))

-    return render_template(
-        "dashboard/batch_import.html", batch_imports=batch_imports, csrf_form=csrf_form
-    )
+    return render_template("dashboard/batch_import.html", batch_imports=batch_imports)
--- a/app/dashboard/views/contact_detail.py
+++ b/app/dashboard/views/contact_detail.py
@ -1,7 +1,5 @@
 from flask import render_template, request, redirect, url_for, flash
 from flask_login import login_required, current_user
-from flask_wtf import FlaskForm
-from wtforms import StringField, validators

 from app.dashboard.base import dashboard_bp
 from app.db import Session
@ -9,14 +7,6 @@ from app.models import Contact
 from app.pgp_utils import PGPException, load_public_key_and_check


-class PGPContactForm(FlaskForm):
-    action = StringField(
-        "action",
-        validators=[validators.DataRequired(), validators.AnyOf(("save", "remove"))],
-    )
-    pgp = StringField("pgp", validators=[validators.Optional()])
-
-
@dashboard_bp.route("/contact/<int:contact_id>/", methods=["GET", "POST"])
@login_required
 def contact_detail_route(contact_id):
@ -26,41 +16,33 @@ def contact_detail_route(contact_id):
        return redirect(url_for("dashboard.index"))

    alias = contact.alias
-    pgp_form = PGPContactForm()

    if request.method == "POST":
        if request.form.get("form-name") == "pgp":
-            if not pgp_form.validate():
-                flash("Invalid request", "warning")
-                return redirect(request.url)
-            if pgp_form.action.data == "save":
+            if request.form.get("action") == "save":
                if not current_user.is_premium():
                    flash("Only premium plan can add PGP Key", "warning")
                    return redirect(
                        url_for("dashboard.contact_detail_route", contact_id=contact_id)
                    )
-                if not pgp_form.pgp.data:
-                    flash("Invalid pgp key")
+
+                contact.pgp_public_key = request.form.get("pgp")
+                try:
+                    contact.pgp_finger_print = load_public_key_and_check(
+                        contact.pgp_public_key
+                    )
+                except PGPException:
+                    flash("Cannot add the public key, please verify it", "error")
                else:
-                    contact.pgp_public_key = pgp_form.pgp.data
-                    try:
-                        contact.pgp_finger_print = load_public_key_and_check(
-                            contact.pgp_public_key
-                        )
-                    except PGPException:
-                        flash("Cannot add the public key, please verify it", "error")
-                    else:
-                        Session.commit()
-                        flash(
-                            f"PGP public key for {contact.email} is saved successfully",
-                            "success",
-                        )
-                        return redirect(
-                            url_for(
-                                "dashboard.contact_detail_route", contact_id=contact_id
-                            )
-                        )
-            elif pgp_form.action.data == "remove":
+                    Session.commit()
+                    flash(
+                        f"PGP public key for {contact.email} is saved successfully",
+                        "success",
+                    )
+                    return redirect(
+                        url_for("dashboard.contact_detail_route", contact_id=contact_id)
+                    )
+            elif request.form.get("action") == "remove":
                # Free user can decide to remove contact PGP key
                contact.pgp_public_key = None
                contact.pgp_finger_print = None
@ -71,5 +53,5 @@ def contact_detail_route(contact_id):
                )

    return render_template(
-        "dashboard/contact_detail.html", contact=contact, alias=alias, pgp_form=pgp_form
+        "dashboard/contact_detail.html", contact=contact, alias=alias
    )
--- a/app/dashboard/views/coupon.py
+++ b/app/dashboard/views/coupon.py
@ -4,7 +4,6 @@ from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators

-from app import parallel_limiter
 from app.config import PADDLE_VENDOR_ID, PADDLE_COUPON_ID
 from app.dashboard.base import dashboard_bp
 from app.db import Session
@ -25,7 +24,6 @@ class CouponForm(FlaskForm):

@dashboard_bp.route("/coupon", methods=["GET", "POST"])
@login_required
-@parallel_limiter.lock()
 def coupon_route():
    coupon_form = CouponForm()

@ -68,14 +66,9 @@ def coupon_route():
                )
                return redirect(request.url)

-            updated = (
-                Session.query(Coupon)
-                .filter_by(code=code, used=False)
-                .update({"used_by_user_id": current_user.id, "used": True})
-            )
-            if updated != 1:
-                flash("Coupon is not valid", "error")
-                return redirect(request.url)
+            coupon.used_by_user_id = current_user.id
+            coupon.used = True
+            Session.commit()

            manual_sub: ManualSubscription = ManualSubscription.get_by(
                user_id=current_user.id
@ -100,7 +93,7 @@ def coupon_route():
                    commit=True,
                )
                flash(
-                    "Your account has been upgraded to Premium, thanks for your support!",
+                    f"Your account has been upgraded to Premium, thanks for your support!",
                    "success",
                )

--- a/app/dashboard/views/custom_alias.py
+++ b/app/dashboard/views/custom_alias.py
@ -1,16 +1,16 @@
+import json
+from dataclasses import dataclass, asdict
+
 from email_validator import validate_email, EmailNotValidError
 from flask import render_template, redirect, url_for, flash, request
 from flask_login import login_required, current_user
+from itsdangerous import TimestampSigner, SignatureExpired
 from sqlalchemy.exc import IntegrityError

-from app import parallel_limiter
-from app.alias_suffix import (
-    get_alias_suffixes,
-    check_suffix_signature,
-    verify_prefix_suffix,
-)
 from app.alias_utils import check_alias_prefix
 from app.config import (
+    DISABLE_ALIAS_SUFFIX,
+    CUSTOM_ALIAS_SECRET,
    ALIAS_LIMIT,
 )
 from app.dashboard.base import dashboard_bp
@ -19,18 +19,180 @@ from app.extensions import limiter
 from app.log import LOG
 from app.models import (
    Alias,
+    CustomDomain,
    DeletedAlias,
    Mailbox,
+    User,
    AliasMailbox,
    DomainDeletedAlias,
 )
-from app.utils import CSRFValidationForm
+
+signer = TimestampSigner(CUSTOM_ALIAS_SECRET)
+
+
+@dataclass
+class SuffixInfo:
+    """
+    Alias suffix info
+    WARNING: should use AliasSuffix instead
+    """
+
+    # whether this is a custom domain
+    is_custom: bool
+    suffix: str
+    signed_suffix: str
+
+    # whether this is a premium SL domain. Not apply to custom domain
+    is_premium: bool
+
+
+def get_available_suffixes(user: User) -> [SuffixInfo]:
+    """
+    WARNING: should use get_alias_suffixes() instead
+    """
+    user_custom_domains = user.verified_custom_domains()
+
+    suffixes: [SuffixInfo] = []
+
+    # put custom domain first
+    # for each user domain, generate both the domain and a random suffix version
+    for custom_domain in user_custom_domains:
+        if custom_domain.random_prefix_generation:
+            suffix = "." + user.get_random_alias_suffix() + "@" + custom_domain.domain
+            suffix_info = SuffixInfo(True, suffix, signer.sign(suffix).decode(), False)
+            if user.default_alias_custom_domain_id == custom_domain.id:
+                suffixes.insert(0, suffix_info)
+            else:
+                suffixes.append(suffix_info)
+
+        suffix = "@" + custom_domain.domain
+        suffix_info = SuffixInfo(True, suffix, signer.sign(suffix).decode(), False)
+
+        # put the default domain to top
+        # only if random_prefix_generation isn't enabled
+        if (
+            user.default_alias_custom_domain_id == custom_domain.id
+            and not custom_domain.random_prefix_generation
+        ):
+            suffixes.insert(0, suffix_info)
+        else:
+            suffixes.append(suffix_info)
+
+    # then SimpleLogin domain
+    for sl_domain in user.get_sl_domains():
+        suffix = (
+            ("" if DISABLE_ALIAS_SUFFIX else "." + user.get_random_alias_suffix())
+            + "@"
+            + sl_domain.domain
+        )
+        suffix_info = SuffixInfo(
+            False, suffix, signer.sign(suffix).decode(), sl_domain.premium_only
+        )
+        # put the default domain to top
+        if user.default_alias_public_domain_id == sl_domain.id:
+            suffixes.insert(0, suffix_info)
+        else:
+            suffixes.append(suffix_info)
+
+    return suffixes
+
+
+@dataclass
+class AliasSuffix:
+    # whether this is a custom domain
+    is_custom: bool
+    suffix: str
+
+    # whether this is a premium SL domain. Not apply to custom domain
+    is_premium: bool
+
+    # can be either Custom or SL domain
+    domain: str
+
+    # if custom domain, whether the custom domain has MX verified, i.e. can receive emails
+    mx_verified: bool = True
+
+    def serialize(self):
+        return json.dumps(asdict(self))
+
+    @classmethod
+    def deserialize(cls, data: str) -> "AliasSuffix":
+        return AliasSuffix(**json.loads(data))
+
+
+def get_alias_suffixes(user: User) -> [AliasSuffix]:
+    """
+    Similar to as get_available_suffixes() but also return custom domain that doesn't have MX set up.
+    """
+    user_custom_domains = CustomDomain.filter_by(
+        user_id=user.id, ownership_verified=True
+    ).all()
+
+    alias_suffixes: [AliasSuffix] = []
+
+    # put custom domain first
+    # for each user domain, generate both the domain and a random suffix version
+    for custom_domain in user_custom_domains:
+        if custom_domain.random_prefix_generation:
+            suffix = "." + user.get_random_alias_suffix() + "@" + custom_domain.domain
+            alias_suffix = AliasSuffix(
+                is_custom=True,
+                suffix=suffix,
+                is_premium=False,
+                domain=custom_domain.domain,
+                mx_verified=custom_domain.verified,
+            )
+            if user.default_alias_custom_domain_id == custom_domain.id:
+                alias_suffixes.insert(0, alias_suffix)
+            else:
+                alias_suffixes.append(alias_suffix)
+
+        suffix = "@" + custom_domain.domain
+        alias_suffix = AliasSuffix(
+            is_custom=True,
+            suffix=suffix,
+            is_premium=False,
+            domain=custom_domain.domain,
+            mx_verified=custom_domain.verified,
+        )
+
+        # put the default domain to top
+        # only if random_prefix_generation isn't enabled
+        if (
+            user.default_alias_custom_domain_id == custom_domain.id
+            and not custom_domain.random_prefix_generation
+        ):
+            alias_suffixes.insert(0, alias_suffix)
+        else:
+            alias_suffixes.append(alias_suffix)
+
+    # then SimpleLogin domain
+    for sl_domain in user.get_sl_domains():
+        suffix = (
+            ("" if DISABLE_ALIAS_SUFFIX else "." + user.get_random_alias_suffix())
+            + "@"
+            + sl_domain.domain
+        )
+        alias_suffix = AliasSuffix(
+            is_custom=False,
+            suffix=suffix,
+            is_premium=sl_domain.premium_only,
+            domain=sl_domain.domain,
+            mx_verified=True,
+        )
+
+        # put the default domain to top
+        if user.default_alias_public_domain_id == sl_domain.id:
+            alias_suffixes.insert(0, alias_suffix)
+        else:
+            alias_suffixes.append(alias_suffix)
+
+    return alias_suffixes


@dashboard_bp.route("/custom_alias", methods=["GET", "POST"])
@limiter.limit(ALIAS_LIMIT, methods=["POST"])
@login_required
-@parallel_limiter.lock(name="alias_creation")
 def custom_alias():
    # check if user has not exceeded the alias quota
    if not current_user.can_create_new_alias():
@ -49,13 +211,14 @@ def custom_alias():
            at_least_a_premium_domain = True
            break

-    csrf_form = CSRFValidationForm()
+    alias_suffixes_with_signature = [
+        (alias_suffix, signer.sign(alias_suffix.serialize()).decode())
+        for alias_suffix in alias_suffixes
+    ]
+
    mailboxes = current_user.mailboxes()

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        alias_prefix = request.form.get("prefix").strip().lower().replace(" ", "")
        signed_alias_suffix = request.form.get("signed-alias-suffix")
        mailbox_ids = request.form.getlist("mailboxes")
@ -86,19 +249,25 @@ def custom_alias():
            flash("At least one mailbox must be selected", "error")
            return redirect(request.url)

+        # hypothesis: user will click on the button in the 600 secs
        try:
-            suffix = check_suffix_signature(signed_alias_suffix)
-            if not suffix:
-                LOG.w("Alias creation time expired for %s", current_user)
-                flash("Alias creation time is expired, please retry", "warning")
-                return redirect(request.url)
+            signed_alias_suffix_decoded = signer.unsign(
+                signed_alias_suffix, max_age=600
+            ).decode()
+            alias_suffix: AliasSuffix = AliasSuffix.deserialize(
+                signed_alias_suffix_decoded
+            )
+        except SignatureExpired:
+            LOG.w("Alias creation time expired for %s", current_user)
+            flash("Alias creation time is expired, please retry", "warning")
+            return redirect(request.url)
        except Exception:
            LOG.w("Alias suffix is tampered, user %s", current_user)
            flash("Unknown error, refresh the page", "error")
            return redirect(request.url)

-        if verify_prefix_suffix(current_user, alias_prefix, suffix):
-            full_alias = alias_prefix + suffix
+        if verify_prefix_suffix(current_user, alias_prefix, alias_suffix.suffix):
+            full_alias = alias_prefix + alias_suffix.suffix

            if ".." in full_alias:
                flash("Your alias can't contain 2 consecutive dots (..)", "error")
@ -125,11 +294,18 @@ def custom_alias():
                    email=full_alias
                )
                custom_domain = domain_deleted_alias.domain
-                flash(
-                    f"You have deleted this alias before. You can restore it on "
-                    f"{custom_domain.domain} 'Deleted Alias' page",
-                    "error",
-                )
+                if domain_deleted_alias.user_id == current_user.id:
+                    flash(
+                        f"You have deleted this alias before. You can restore it on "
+                        f"{custom_domain.domain} 'Deleted Alias' page",
+                        "error",
+                    )
+                else:
+                    # should never happen as user can only choose their domains
+                    LOG.e(
+                        "Deleted Alias %s does not belong to user %s",
+                        domain_deleted_alias,
+                    )

            elif DeletedAlias.get_by(email=full_alias):
                flash(general_error_msg, "error")
@ -166,8 +342,51 @@ def custom_alias():
    return render_template(
        "dashboard/custom_alias.html",
        user_custom_domains=user_custom_domains,
-        alias_suffixes=alias_suffixes,
+        alias_suffixes_with_signature=alias_suffixes_with_signature,
        at_least_a_premium_domain=at_least_a_premium_domain,
        mailboxes=mailboxes,
-        csrf_form=csrf_form,
    )
+
+
+def verify_prefix_suffix(user: User, alias_prefix, alias_suffix) -> bool:
+    """verify if user could create an alias with the given prefix and suffix"""
+    if not alias_prefix or not alias_suffix:  # should be caught on frontend
+        return False
+
+    user_custom_domains = [cd.domain for cd in user.verified_custom_domains()]
+
+    # make sure alias_suffix is either .random_word@simplelogin.co or @my-domain.com
+    alias_suffix = alias_suffix.strip()
+    # alias_domain_prefix is either a .random_word or ""
+    alias_domain_prefix, alias_domain = alias_suffix.split("@", 1)
+
+    # alias_domain must be either one of user custom domains or built-in domains
+    if alias_domain not in user.available_alias_domains():
+        LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
+        return False
+
+    # SimpleLogin domain case:
+    # 1) alias_suffix must start with "." and
+    # 2) alias_domain_prefix must come from the word list
+    if (
+        alias_domain in user.available_sl_domains()
+        and alias_domain not in user_custom_domains
+        # when DISABLE_ALIAS_SUFFIX is true, alias_domain_prefix is empty
+        and not DISABLE_ALIAS_SUFFIX
+    ):
+
+        if not alias_domain_prefix.startswith("."):
+            LOG.e("User %s submits a wrong alias suffix %s", user, alias_suffix)
+            return False
+
+    else:
+        if alias_domain not in user_custom_domains:
+            if not DISABLE_ALIAS_SUFFIX:
+                LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
+                return False
+
+            if alias_domain not in user.available_sl_domains():
+                LOG.e("wrong alias suffix %s, user %s", alias_suffix, user)
+                return False
+
+    return True
--- a/app/dashboard/views/custom_domain.py
+++ b/app/dashboard/views/custom_domain.py
@ -3,7 +3,6 @@ from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
 from wtforms import StringField, validators

-from app import parallel_limiter
 from app.config import EMAIL_SERVERS_WITH_PRIORITY
 from app.dashboard.base import dashboard_bp
 from app.db import Session
@ -20,7 +19,6 @@ class NewCustomDomainForm(FlaskForm):

@dashboard_bp.route("/custom_domain", methods=["GET", "POST"])
@login_required
-@parallel_limiter.lock(only_when=lambda: request.method == "POST")
 def custom_domain():
    custom_domains = CustomDomain.filter_by(
        user_id=current_user.id, is_sl_subdomain=False
--- a/app/dashboard/views/delete_account.py
+++ b/app/dashboard/views/delete_account.py
@ -1,7 +1,6 @@
 import arrow
 from flask import flash, redirect, url_for, request, render_template
 from flask_login import login_required, current_user
-from flask_wtf import FlaskForm

 from app.config import JOB_DELETE_ACCOUNT
 from app.dashboard.base import dashboard_bp
@ -10,21 +9,11 @@ from app.log import LOG
 from app.models import Subscription, Job


-class DeleteDirForm(FlaskForm):
-    pass
-
-
@dashboard_bp.route("/delete_account", methods=["GET", "POST"])
@login_required
@sudo_required
 def delete_account():
-    delete_form = DeleteDirForm()
    if request.method == "POST" and request.form.get("form-name") == "delete-account":
-        if not delete_form.validate():
-            flash("Invalid request", "warning")
-            return render_template(
-                "dashboard/delete_account.html", delete_form=delete_form
-            )
        sub: Subscription = current_user.get_paddle_subscription()
        # user who has canceled can also re-subscribe
        if sub and not sub.cancelled:
@ -47,4 +36,6 @@ def delete_account():
        )
        return redirect(url_for("dashboard.setting"))

-    return render_template("dashboard/delete_account.html", delete_form=delete_form)
+    return render_template(
+        "dashboard/delete_account.html",
+    )
--- a/app/dashboard/views/directory.py
+++ b/app/dashboard/views/directory.py
@ -1,15 +1,8 @@
 from flask import render_template, request, redirect, url_for, flash
 from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
-from wtforms import (
-    StringField,
-    validators,
-    SelectMultipleField,
-    BooleanField,
-    IntegerField,
-)
+from wtforms import StringField, validators

-from app import parallel_limiter
 from app.config import (
    EMAIL_DOMAIN,
    ALIAS_DOMAINS,
@ -28,25 +21,8 @@ class NewDirForm(FlaskForm):
    )


-class ToggleDirForm(FlaskForm):
-    directory_id = IntegerField(validators=[validators.DataRequired()])
-    directory_enabled = BooleanField(validators=[])
-
-
-class UpdateDirForm(FlaskForm):
-    directory_id = IntegerField(validators=[validators.DataRequired()])
-    mailbox_ids = SelectMultipleField(
-        validators=[validators.DataRequired()], validate_choice=False, choices=[]
-    )
-
-
-class DeleteDirForm(FlaskForm):
-    directory_id = IntegerField(validators=[validators.DataRequired()])
-
-
@dashboard_bp.route("/directory", methods=["GET", "POST"])
@login_required
-@parallel_limiter.lock(only_when=lambda: request.method == "POST")
 def directory():
    dirs = (
        Directory.filter_by(user_id=current_user.id)
@ -57,68 +33,54 @@ def directory():
    mailboxes = current_user.mailboxes()

    new_dir_form = NewDirForm()
-    toggle_dir_form = ToggleDirForm()
-    update_dir_form = UpdateDirForm()
-    update_dir_form.mailbox_ids.choices = [
-        (str(mailbox.id), str(mailbox.id)) for mailbox in mailboxes
-    ]
-    delete_dir_form = DeleteDirForm()

    if request.method == "POST":
        if request.form.get("form-name") == "delete":
-            if not delete_dir_form.validate():
-                flash("Invalid request", "warning")
-                return redirect(url_for("dashboard.directory"))
-            dir_obj = Directory.get(delete_dir_form.directory_id.data)
+            dir_id = request.form.get("dir-id")
+            dir = Directory.get(dir_id)

-            if not dir_obj:
+            if not dir:
                flash("Unknown error. Refresh the page", "warning")
                return redirect(url_for("dashboard.directory"))
-            elif dir_obj.user_id != current_user.id:
+            elif dir.user_id != current_user.id:
                flash("You cannot delete this directory", "warning")
                return redirect(url_for("dashboard.directory"))

-            name = dir_obj.name
-            Directory.delete(dir_obj.id)
+            name = dir.name
+            Directory.delete(dir_id)
            Session.commit()
            flash(f"Directory {name} has been deleted", "success")

            return redirect(url_for("dashboard.directory"))

        if request.form.get("form-name") == "toggle-directory":
-            if not toggle_dir_form.validate():
-                flash("Invalid request", "warning")
-                return redirect(url_for("dashboard.directory"))
-            dir_id = toggle_dir_form.directory_id.data
-            dir_obj = Directory.get(dir_id)
+            dir_id = request.form.get("dir-id")
+            dir = Directory.get(dir_id)

-            if not dir_obj or dir_obj.user_id != current_user.id:
+            if not dir or dir.user_id != current_user.id:
                flash("Unknown error. Refresh the page", "warning")
                return redirect(url_for("dashboard.directory"))

-            if toggle_dir_form.directory_enabled.data:
-                dir_obj.disabled = False
-                flash(f"On-the-fly is enabled for {dir_obj.name}", "success")
+            if request.form.get("dir-status") == "on":
+                dir.disabled = False
+                flash(f"On-the-fly is enabled for {dir.name}", "success")
            else:
-                dir_obj.disabled = True
-                flash(f"On-the-fly is disabled for {dir_obj.name}", "warning")
+                dir.disabled = True
+                flash(f"On-the-fly is disabled for {dir.name}", "warning")

            Session.commit()

            return redirect(url_for("dashboard.directory"))

        elif request.form.get("form-name") == "update":
-            if not update_dir_form.validate():
-                flash("Invalid request", "warning")
-                return redirect(url_for("dashboard.directory"))
-            dir_id = update_dir_form.directory_id.data
-            dir_obj = Directory.get(dir_id)
+            dir_id = request.form.get("dir-id")
+            dir = Directory.get(dir_id)

-            if not dir_obj or dir_obj.user_id != current_user.id:
+            if not dir or dir.user_id != current_user.id:
                flash("Unknown error. Refresh the page", "warning")
                return redirect(url_for("dashboard.directory"))

-            mailbox_ids = update_dir_form.mailbox_ids.data
+            mailbox_ids = request.form.getlist("mailbox_ids")
            # check if mailbox is not tempered with
            mailboxes = []
            for mailbox_id in mailbox_ids:
@ -137,14 +99,14 @@ def directory():
                return redirect(url_for("dashboard.directory"))

            # first remove all existing directory-mailboxes links
-            DirectoryMailbox.filter_by(directory_id=dir_obj.id).delete()
+            DirectoryMailbox.filter_by(directory_id=dir.id).delete()
            Session.flush()

            for mailbox in mailboxes:
-                DirectoryMailbox.create(directory_id=dir_obj.id, mailbox_id=mailbox.id)
+                DirectoryMailbox.create(directory_id=dir.id, mailbox_id=mailbox.id)

            Session.commit()
-            flash(f"Directory {dir_obj.name} has been updated", "success")
+            flash(f"Directory {dir.name} has been updated", "success")

            return redirect(url_for("dashboard.directory"))
        elif request.form.get("form-name") == "create":
@ -219,9 +181,6 @@ def directory():
    return render_template(
        "dashboard/directory.html",
        dirs=dirs,
-        toggle_dir_form=toggle_dir_form,
-        update_dir_form=update_dir_form,
-        delete_dir_form=delete_dir_form,
        new_dir_form=new_dir_form,
        mailboxes=mailboxes,
        EMAIL_DOMAIN=EMAIL_DOMAIN,
--- a/app/dashboard/views/domain_detail.py
+++ b/app/dashboard/views/domain_detail.py
@ -7,13 +7,13 @@ from flask_wtf import FlaskForm
 from wtforms import StringField, validators, IntegerField

 from app.config import EMAIL_SERVERS_WITH_PRIORITY, EMAIL_DOMAIN, JOB_DELETE_DOMAIN
-from app.custom_domain_validation import CustomDomainValidation
 from app.dashboard.base import dashboard_bp
 from app.db import Session
 from app.dns_utils import (
    get_mx_domains,
    get_spf_domain,
    get_txt_record,
+    get_cname_record,
    is_mx_equivalent,
 )
 from app.log import LOG
@ -28,7 +28,7 @@ from app.models import (
    Job,
 )
 from app.regex_utils import regex_match
-from app.utils import random_string, CSRFValidationForm
+from app.utils import random_string


@dashboard_bp.route("/domains/<int:custom_domain_id>/dns", methods=["GET", "POST"])
@ -46,8 +46,8 @@ def domain_detail_dns(custom_domain_id):

    spf_record = f"v=spf1 include:{EMAIL_DOMAIN} ~all"

-    domain_validator = CustomDomainValidation(EMAIL_DOMAIN)
-    csrf_form = CSRFValidationForm()
+    # hardcode the DKIM selector here
+    dkim_cname = f"dkim._domainkey.{EMAIL_DOMAIN}"

    dmarc_record = "v=DMARC1; p=quarantine; pct=100; adkim=s; aspf=s"

@ -55,9 +55,6 @@ def domain_detail_dns(custom_domain_id):
    mx_errors = spf_errors = dkim_errors = dmarc_errors = ownership_errors = []

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        if request.form.get("form-name") == "check-ownership":
            txt_records = get_txt_record(custom_domain.domain)

@ -125,17 +122,23 @@ def domain_detail_dns(custom_domain_id):
                spf_errors = get_txt_record(custom_domain.domain)

        elif request.form.get("form-name") == "check-dkim":
-            dkim_errors = domain_validator.validate_dkim_records(custom_domain)
-            if len(dkim_errors) == 0:
+            dkim_record = get_cname_record("dkim._domainkey." + custom_domain.domain)
+            if dkim_record == dkim_cname:
                flash("DKIM is setup correctly.", "success")
+                custom_domain.dkim_verified = True
+                Session.commit()
+
                return redirect(
                    url_for(
                        "dashboard.domain_detail_dns", custom_domain_id=custom_domain.id
                    )
                )
            else:
-                dkim_ok = False
+                custom_domain.dkim_verified = False
+                Session.commit()
                flash("DKIM: the CNAME record is not correctly set", "warning")
+                dkim_ok = False
+                dkim_errors = [dkim_record or "[Empty]"]

        elif request.form.get("form-name") == "check-dmarc":
            txt_records = get_txt_record("_dmarc." + custom_domain.domain)
@ -161,7 +164,6 @@ def domain_detail_dns(custom_domain_id):
    return render_template(
        "dashboard/domain_detail/dns.html",
        EMAIL_SERVERS_WITH_PRIORITY=EMAIL_SERVERS_WITH_PRIORITY,
-        dkim_records=domain_validator.get_dkim_records(),
        **locals(),
    )

@ -169,7 +171,6 @@ def domain_detail_dns(custom_domain_id):
@dashboard_bp.route("/domains/<int:custom_domain_id>/info", methods=["GET", "POST"])
@login_required
 def domain_detail(custom_domain_id):
-    csrf_form = CSRFValidationForm()
    custom_domain: CustomDomain = CustomDomain.get(custom_domain_id)
    mailboxes = current_user.mailboxes()

@ -178,9 +179,6 @@ def domain_detail(custom_domain_id):
        return redirect(url_for("dashboard.index"))

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        if request.form.get("form-name") == "switch-catch-all":
            custom_domain.catch_all = not custom_domain.catch_all
            Session.commit()
@ -309,16 +307,12 @@ def domain_detail(custom_domain_id):
@dashboard_bp.route("/domains/<int:custom_domain_id>/trash", methods=["GET", "POST"])
@login_required
 def domain_detail_trash(custom_domain_id):
-    csrf_form = CSRFValidationForm()
    custom_domain = CustomDomain.get(custom_domain_id)
    if not custom_domain or custom_domain.user_id != current_user.id:
        flash("You cannot see this page", "warning")
        return redirect(url_for("dashboard.index"))

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        if request.form.get("form-name") == "empty-all":
            DomainDeletedAlias.filter_by(domain_id=custom_domain.id).delete()
            Session.commit()
@ -362,7 +356,6 @@ def domain_detail_trash(custom_domain_id):
        "dashboard/domain_detail/trash.html",
        domain_deleted_aliases=domain_deleted_aliases,
        custom_domain=custom_domain,
-        csrf_form=csrf_form,
    )


--- a/app/dashboard/views/enter_sudo.py
+++ b/app/dashboard/views/enter_sudo.py
@ -6,15 +6,13 @@ from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
 from wtforms import PasswordField, validators

-from app.config import CONNECT_WITH_PROTON, OIDC_CLIENT_ID, CONNECT_WITH_OIDC_ICON
 from app.dashboard.base import dashboard_bp
-from app.extensions import limiter
 from app.log import LOG
-from app.models import PartnerUser, SocialAuth
-from app.proton.utils import get_proton_partner
+from app.models import PartnerUser
+from app.proton.utils import is_connect_with_proton_enabled, get_proton_partner
 from app.utils import sanitize_next_url

-_SUDO_GAP = 120
+_SUDO_GAP = 900


 class LoginForm(FlaskForm):
@ -22,7 +20,6 @@ class LoginForm(FlaskForm):


@dashboard_bp.route("/enter_sudo", methods=["GET", "POST"])
-@limiter.limit("3/minute")
@login_required
 def enter_sudo():
    password_check_form = LoginForm()
@ -44,26 +41,18 @@ def enter_sudo():
        else:
            flash("Incorrect password", "warning")

-    proton_enabled = CONNECT_WITH_PROTON
+    proton_enabled = is_connect_with_proton_enabled()
    if proton_enabled:
        # Only for users that have the account linked
        partner_user = PartnerUser.get_by(user_id=current_user.id)
        if not partner_user or partner_user.partner_id != get_proton_partner().id:
            proton_enabled = False

-    oidc_enabled = OIDC_CLIENT_ID is not None
-    if oidc_enabled:
-        oidc_enabled = (
-            SocialAuth.get_by(user_id=current_user.id, social="oidc") is not None
-        )
-
    return render_template(
        "dashboard/enter_sudo.html",
        password_check_form=password_check_form,
        next=request.args.get("next"),
        connect_with_proton=proton_enabled,
-        connect_with_oidc=oidc_enabled,
-        connect_with_oidc_icon=CONNECT_WITH_OIDC_ICON,
    )


--- a/app/dashboard/views/fido_setup.py
+++ b/app/dashboard/views/fido_setup.py
@ -78,10 +78,10 @@ def fido_setup():
        )

        flash("Security key has been activated", "success")
-        recovery_codes = RecoveryCode.generate(current_user)
-        return render_template(
-            "dashboard/recovery_code.html", recovery_codes=recovery_codes
-        )
+        if not RecoveryCode.filter_by(user_id=current_user.id).all():
+            return redirect(url_for("dashboard.recovery_code_route"))
+        else:
+            return redirect(url_for("dashboard.fido_manage"))

    # Prepare information for key registration process
    fido_uuid = (
--- a/app/dashboard/views/index.py
+++ b/app/dashboard/views/index.py
@ -3,7 +3,7 @@ from dataclasses import dataclass
 from flask import render_template, request, redirect, url_for, flash
 from flask_login import login_required, current_user

-from app import alias_utils, parallel_limiter
+from app import alias_utils
 from app.api.serializer import get_alias_infos_with_pagination_v3, get_alias_info_v3
 from app.config import ALIAS_LIMIT, PAGE_LIMIT
 from app.dashboard.base import dashboard_bp
@ -17,7 +17,6 @@ from app.models import (
    EmailLog,
    Contact,
 )
-from app.utils import CSRFValidationForm


@dataclass
@ -52,17 +51,12 @@ def get_stats(user: User) -> Stats:


@dashboard_bp.route("/", methods=["GET", "POST"])
-@login_required
@limiter.limit(
    ALIAS_LIMIT,
    methods=["POST"],
    exempt_when=lambda: request.form.get("form-name") != "create-random-email",
 )
-@limiter.limit("10/minute", methods=["GET"], key_func=lambda: current_user.id)
-@parallel_limiter.lock(
-    name="alias_creation",
-    only_when=lambda: request.form.get("form-name") == "create-random-email",
-)
+@login_required
 def index():
    query = request.args.get("query") or ""
    sort = request.args.get("sort") or ""
@ -81,12 +75,8 @@ def index():
                "highlight_alias_id must be a number, received %s",
                request.args.get("highlight_alias_id"),
            )
-    csrf_form = CSRFValidationForm()

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        if request.form.get("form-name") == "create-custom-email":
            if current_user.can_create_new_alias():
                return redirect(url_for("dashboard.custom_alias"))
@ -141,23 +131,17 @@ def index():
                )

            if request.form.get("form-name") == "delete-alias":
-                LOG.i(f"User {current_user} requested deletion of alias {alias}")
+                LOG.d("delete alias %s", alias)
                email = alias.email
                alias_utils.delete_alias(alias, current_user)
                flash(f"Alias {email} has been deleted", "success")
            elif request.form.get("form-name") == "disable-alias":
-                alias_utils.change_alias_status(alias, enabled=False)
+                alias.enabled = False
                Session.commit()
                flash(f"Alias {alias.email} has been disabled", "success")

        return redirect(
-            url_for(
-                "dashboard.index",
-                query=query,
-                sort=sort,
-                filter=alias_filter,
-                page=page,
-            )
+            url_for("dashboard.index", query=query, sort=sort, filter=alias_filter)
        )

    mailboxes = current_user.mailboxes()
@ -220,7 +204,6 @@ def index():
        sort=sort,
        filter=alias_filter,
        stats=stats,
-        csrf_form=csrf_form,
    )


--- a/app/dashboard/views/mailbox.py
+++ b/app/dashboard/views/mailbox.py
@ -1,16 +1,11 @@
-import base64
-import binascii
-import json
-
 import arrow
 from flask import render_template, request, redirect, url_for, flash
 from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
-from itsdangerous import TimestampSigner
-from wtforms import validators, IntegerField
+from itsdangerous import Signer
+from wtforms import validators
 from wtforms.fields.html5 import EmailField

-from app import parallel_limiter
 from app.config import MAILBOX_SECRET, URL, JOB_DELETE_MAILBOX
 from app.dashboard.base import dashboard_bp
 from app.db import Session
@ -19,11 +14,10 @@ from app.email_utils import (
    mailbox_already_used,
    render,
    send_email,
+    is_valid_email,
 )
-from app.email_validation import is_valid_email
 from app.log import LOG
 from app.models import Mailbox, Job
-from app.utils import CSRFValidationForm


 class NewMailboxForm(FlaskForm):
@ -32,16 +26,8 @@ class NewMailboxForm(FlaskForm):
    )


-class DeleteMailboxForm(FlaskForm):
-    mailbox_id = IntegerField(
-        validators=[validators.DataRequired()],
-    )
-    transfer_mailbox_id = IntegerField()
-
-
@dashboard_bp.route("/mailbox", methods=["GET", "POST"])
@login_required
-@parallel_limiter.lock(only_when=lambda: request.method == "POST")
 def mailbox_route():
    mailboxes = (
        Mailbox.filter_by(user_id=current_user.id)
@ -50,57 +36,25 @@ def mailbox_route():
    )

    new_mailbox_form = NewMailboxForm()
-    csrf_form = CSRFValidationForm()
-    delete_mailbox_form = DeleteMailboxForm()

    if request.method == "POST":
        if request.form.get("form-name") == "delete":
-            if not delete_mailbox_form.validate():
-                flash("Invalid request", "warning")
-                return redirect(request.url)
-            mailbox = Mailbox.get(delete_mailbox_form.mailbox_id.data)
+            mailbox_id = request.form.get("mailbox-id")
+            mailbox = Mailbox.get(mailbox_id)

            if not mailbox or mailbox.user_id != current_user.id:
-                flash("Invalid mailbox. Refresh the page", "warning")
+                flash("Unknown error. Refresh the page", "warning")
                return redirect(url_for("dashboard.mailbox_route"))

            if mailbox.id == current_user.default_mailbox_id:
                flash("You cannot delete default mailbox", "error")
                return redirect(url_for("dashboard.mailbox_route"))

-            transfer_mailbox_id = delete_mailbox_form.transfer_mailbox_id.data
-            if transfer_mailbox_id and transfer_mailbox_id > 0:
-                transfer_mailbox = Mailbox.get(transfer_mailbox_id)
-
-                if not transfer_mailbox or transfer_mailbox.user_id != current_user.id:
-                    flash(
-                        "You must transfer the aliases to a mailbox you own.", "error"
-                    )
-                    return redirect(url_for("dashboard.mailbox_route"))
-
-                if transfer_mailbox.id == mailbox.id:
-                    flash(
-                        "You can not transfer the aliases to the mailbox you want to delete.",
-                        "error",
-                    )
-                    return redirect(url_for("dashboard.mailbox_route"))
-
-                if not transfer_mailbox.verified:
-                    flash("Your new mailbox is not verified", "error")
-                    return redirect(url_for("dashboard.mailbox_route"))
-
            # Schedule delete account job
-            LOG.w(
-                f"schedule delete mailbox job for {mailbox.id} with transfer to mailbox {transfer_mailbox_id}"
-            )
+            LOG.w("schedule delete mailbox job for %s", mailbox)
            Job.create(
                name=JOB_DELETE_MAILBOX,
-                payload={
-                    "mailbox_id": mailbox.id,
-                    "transfer_mailbox_id": transfer_mailbox_id
-                    if transfer_mailbox_id > 0
-                    else None,
-                },
+                payload={"mailbox_id": mailbox.id},
                run_at=arrow.now(),
                commit=True,
            )
@ -113,10 +67,7 @@ def mailbox_route():

            return redirect(url_for("dashboard.mailbox_route"))
        if request.form.get("form-name") == "set-default":
-            if not csrf_form.validate():
-                flash("Invalid request", "warning")
-                return redirect(request.url)
-            mailbox_id = request.form.get("mailbox_id")
+            mailbox_id = request.form.get("mailbox-id")
            mailbox = Mailbox.get(mailbox_id)

            if not mailbox or mailbox.user_id != current_user.id:
@ -168,8 +119,7 @@ def mailbox_route():

                    return redirect(
                        url_for(
-                            "dashboard.mailbox_detail_route",
-                            mailbox_id=new_mailbox.id,
+                            "dashboard.mailbox_detail_route", mailbox_id=new_mailbox.id
                        )
                    )

@ -177,16 +127,38 @@ def mailbox_route():
        "dashboard/mailbox.html",
        mailboxes=mailboxes,
        new_mailbox_form=new_mailbox_form,
-        delete_mailbox_form=delete_mailbox_form,
-        csrf_form=csrf_form,
    )


+def delete_mailbox(mailbox_id: int):
+    from server import create_light_app
+
+    with create_light_app().app_context():
+        mailbox = Mailbox.get(mailbox_id)
+        if not mailbox:
+            return
+
+        mailbox_email = mailbox.email
+        user = mailbox.user
+
+        Mailbox.delete(mailbox_id)
+        Session.commit()
+        LOG.d("Mailbox %s %s deleted", mailbox_id, mailbox_email)
+
+        send_email(
+            user.email,
+            f"Your mailbox {mailbox_email} has been deleted",
+            f"""Mailbox {mailbox_email} along with its aliases are deleted successfully.
+
+Regards,
+SimpleLogin team.
+        """,
+        )
+
+
 def send_verification_email(user, mailbox):
-    s = TimestampSigner(MAILBOX_SECRET)
-    encoded_data = json.dumps([mailbox.id, mailbox.email]).encode("utf-8")
-    b64_data = base64.urlsafe_b64encode(encoded_data)
-    mailbox_id_signed = s.sign(b64_data).decode()
+    s = Signer(MAILBOX_SECRET)
+    mailbox_id_signed = s.sign(str(mailbox.id)).decode()
    verification_url = (
        URL + "/dashboard/mailbox_verify" + f"?mailbox_id={mailbox_id_signed}"
    )
@ -210,35 +182,23 @@ def send_verification_email(user, mailbox):

@dashboard_bp.route("/mailbox_verify")
 def mailbox_verify():
-    s = TimestampSigner(MAILBOX_SECRET)
-    mailbox_verify_request = request.args.get("mailbox_id")
+    s = Signer(MAILBOX_SECRET)
+    mailbox_id = request.args.get("mailbox_id")
+
    try:
-        mailbox_raw_data = s.unsign(mailbox_verify_request, max_age=900)
+        r_id = int(s.unsign(mailbox_id))
    except Exception:
        flash("Invalid link. Please delete and re-add your mailbox", "error")
        return redirect(url_for("dashboard.mailbox_route"))
-    try:
-        decoded_data = base64.urlsafe_b64decode(mailbox_raw_data)
-    except binascii.Error:
-        flash("Invalid link. Please delete and re-add your mailbox", "error")
-        return redirect(url_for("dashboard.mailbox_route"))
-    mailbox_data = json.loads(decoded_data)
-    if not isinstance(mailbox_data, list) or len(mailbox_data) != 2:
-        flash("Invalid link. Please delete and re-add your mailbox", "error")
-        return redirect(url_for("dashboard.mailbox_route"))
-    mailbox_id = mailbox_data[0]
-    mailbox = Mailbox.get(mailbox_id)
-    if not mailbox:
-        flash("Invalid link", "error")
-        return redirect(url_for("dashboard.mailbox_route"))
-    mailbox_email = mailbox_data[1]
-    if mailbox_email != mailbox.email:
-        flash("Invalid link", "error")
-        return redirect(url_for("dashboard.mailbox_route"))
+    else:
+        mailbox = Mailbox.get(r_id)
+        if not mailbox:
+            flash("Invalid link", "error")
+            return redirect(url_for("dashboard.mailbox_route"))

-    mailbox.verified = True
-    Session.commit()
+        mailbox.verified = True
+        Session.commit()

-    LOG.d("Mailbox %s is verified", mailbox)
+        LOG.d("Mailbox %s is verified", mailbox)

-    return render_template("dashboard/mailbox_validation.html", mailbox=mailbox)
+        return render_template("dashboard/mailbox_validation.html", mailbox=mailbox)
--- a/app/dashboard/views/mailbox_detail.py
+++ b/app/dashboard/views/mailbox_detail.py
@ -1,26 +1,23 @@
 from smtplib import SMTPRecipientsRefused

-from email_validator import validate_email, EmailNotValidError
 from flask import render_template, request, redirect, url_for, flash
 from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
-from itsdangerous import TimestampSigner
+from itsdangerous import Signer
 from wtforms import validators
 from wtforms.fields.html5 import EmailField

 from app.config import ENFORCE_SPF, MAILBOX_SECRET
 from app.config import URL
 from app.dashboard.base import dashboard_bp
-from app.dashboard.views.enter_sudo import sudo_required
 from app.db import Session
 from app.email_utils import email_can_be_used_as_mailbox
 from app.email_utils import mailbox_already_used, render, send_email
-from app.extensions import limiter
 from app.log import LOG
 from app.models import Alias, AuthorizedAddress
 from app.models import Mailbox
 from app.pgp_utils import PGPException, load_public_key_and_check
-from app.utils import sanitize_email, CSRFValidationForm
+from app.utils import sanitize_email


 class ChangeEmailForm(FlaskForm):
@ -31,16 +28,13 @@ class ChangeEmailForm(FlaskForm):

@dashboard_bp.route("/mailbox/<int:mailbox_id>/", methods=["GET", "POST"])
@login_required
-@sudo_required
-@limiter.limit("20/minute", methods=["POST"])
 def mailbox_detail_route(mailbox_id):
-    mailbox: Mailbox = Mailbox.get(mailbox_id)
+    mailbox = Mailbox.get(mailbox_id)
    if not mailbox or mailbox.user_id != current_user.id:
        flash("You cannot see this page", "warning")
        return redirect(url_for("dashboard.index"))

    change_email_form = ChangeEmailForm()
-    csrf_form = CSRFValidationForm()

    if mailbox.new_email:
        pending_email = mailbox.new_email
@ -48,9 +42,6 @@ def mailbox_detail_route(mailbox_id):
        pending_email = None

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        if (
            request.form.get("form-name") == "update-email"
            and change_email_form.validate_on_submit()
@ -103,23 +94,16 @@ def mailbox_detail_route(mailbox_id):
            )
        elif request.form.get("form-name") == "add-authorized-address":
            address = sanitize_email(request.form.get("email"))
-            try:
-                validate_email(
-                    address, check_deliverability=False, allow_smtputf8=False
-                ).domain
-            except EmailNotValidError:
-                flash(f"invalid {address}", "error")
+            if AuthorizedAddress.get_by(mailbox_id=mailbox.id, email=address):
+                flash(f"{address} already added", "error")
            else:
-                if AuthorizedAddress.get_by(mailbox_id=mailbox.id, email=address):
-                    flash(f"{address} already added", "error")
-                else:
-                    AuthorizedAddress.create(
-                        user_id=current_user.id,
-                        mailbox_id=mailbox.id,
-                        email=address,
-                        commit=True,
-                    )
-                    flash(f"{address} added as authorized address", "success")
+                AuthorizedAddress.create(
+                    user_id=current_user.id,
+                    mailbox_id=mailbox.id,
+                    email=address,
+                    commit=True,
+                )
+                flash(f"{address} added as authorized address", "success")

            return redirect(
                url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id)
@ -148,15 +132,6 @@ def mailbox_detail_route(mailbox_id):
                        url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id)
                    )

-                if mailbox.is_proton():
-                    flash(
-                        "Enabling PGP for a Proton Mail mailbox is redundant and does not add any security benefit",
-                        "info",
-                    )
-                    return redirect(
-                        url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id)
-                    )
-
                mailbox.pgp_public_key = request.form.get("pgp")
                try:
                    mailbox.pgp_finger_print = load_public_key_and_check(
@ -183,15 +158,8 @@ def mailbox_detail_route(mailbox_id):

        elif request.form.get("form-name") == "toggle-pgp":
            if request.form.get("pgp-enabled") == "on":
-                if mailbox.is_proton():
-                    mailbox.disable_pgp = True
-                    flash(
-                        "Enabling PGP for a Proton Mail mailbox is redundant and does not add any security benefit",
-                        "info",
-                    )
-                else:
-                    mailbox.disable_pgp = False
-                    flash(f"PGP is enabled on {mailbox.email}", "info")
+                mailbox.disable_pgp = False
+                flash(f"PGP is enabled on {mailbox.email}", "success")
            else:
                mailbox.disable_pgp = True
                flash(f"PGP is disabled on {mailbox.email}", "info")
@ -202,16 +170,25 @@ def mailbox_detail_route(mailbox_id):
            )
        elif request.form.get("form-name") == "generic-subject":
            if request.form.get("action") == "save":
+                if not mailbox.pgp_enabled():
+                    flash(
+                        "Generic subject can only be used on PGP-enabled mailbox",
+                        "error",
+                    )
+                    return redirect(
+                        url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id)
+                    )
+
                mailbox.generic_subject = request.form.get("generic-subject")
                Session.commit()
-                flash("Generic subject is enabled", "success")
+                flash("Generic subject for PGP-encrypted email is enabled", "success")
                return redirect(
                    url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id)
                )
            elif request.form.get("action") == "remove":
                mailbox.generic_subject = None
                Session.commit()
-                flash("Generic subject is disabled", "success")
+                flash("Generic subject for PGP-encrypted email is disabled", "success")
                return redirect(
                    url_for("dashboard.mailbox_detail_route", mailbox_id=mailbox_id)
                )
@ -221,7 +198,7 @@ def mailbox_detail_route(mailbox_id):


 def verify_mailbox_change(user, mailbox, new_email):
-    s = TimestampSigner(MAILBOX_SECRET)
+    s = Signer(MAILBOX_SECRET)
    mailbox_id_signed = s.sign(str(mailbox.id)).decode()
    verification_url = (
        f"{URL}/dashboard/mailbox/confirm_change?mailbox_id={mailbox_id_signed}"
@ -273,11 +250,11 @@ def cancel_mailbox_change_route(mailbox_id):

@dashboard_bp.route("/mailbox/confirm_change")
 def mailbox_confirm_change_route():
-    s = TimestampSigner(MAILBOX_SECRET)
+    s = Signer(MAILBOX_SECRET)
    signed_mailbox_id = request.args.get("mailbox_id")

    try:
-        mailbox_id = int(s.unsign(signed_mailbox_id, max_age=900))
+        mailbox_id = int(s.unsign(signed_mailbox_id))
    except Exception:
        flash("Invalid link", "error")
        return redirect(url_for("dashboard.index"))
--- a/app/dashboard/views/mfa_cancel.py
+++ b/app/dashboard/views/mfa_cancel.py
@ -5,7 +5,6 @@ from app.dashboard.base import dashboard_bp
 from app.dashboard.views.enter_sudo import sudo_required
 from app.db import Session
 from app.models import RecoveryCode
-from app.utils import CSRFValidationForm


@dashboard_bp.route("/mfa_cancel", methods=["GET", "POST"])
@ -16,13 +15,8 @@ def mfa_cancel():
        flash("you don't have MFA enabled", "warning")
        return redirect(url_for("dashboard.index"))

-    csrf_form = CSRFValidationForm()
-
    # user cancels TOTP
    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(request.url)
        current_user.enable_otp = False
        current_user.otp_secret = None
        Session.commit()
@ -34,4 +28,4 @@ def mfa_cancel():
        flash("TOTP is now disabled", "warning")
        return redirect(url_for("dashboard.index"))

-    return render_template("dashboard/mfa_cancel.html", csrf_form=csrf_form)
+    return render_template("dashboard/mfa_cancel.html")
--- a/app/dashboard/views/mfa_setup.py
+++ b/app/dashboard/views/mfa_setup.py
@ -8,7 +8,6 @@ from app.dashboard.base import dashboard_bp
 from app.dashboard.views.enter_sudo import sudo_required
 from app.db import Session
 from app.log import LOG
-from app.models import RecoveryCode


 class OtpTokenForm(FlaskForm):
@ -40,10 +39,8 @@ def mfa_setup():
            current_user.last_otp = token
            Session.commit()
            flash("MFA has been activated", "success")
-            recovery_codes = RecoveryCode.generate(current_user)
-            return render_template(
-                "dashboard/recovery_code.html", recovery_codes=recovery_codes
-            )
+
+            return redirect(url_for("dashboard.recovery_code_route"))
        else:
            flash("Incorrect token", "warning")

--- a/app/dashboard/views/pricing.py
+++ b/app/dashboard/views/pricing.py
@ -80,9 +80,8 @@ def pricing():
@dashboard_bp.route("/subscription_success")
@login_required
 def subscription_success():
-    return render_template(
-        "dashboard/thank-you.html",
-    )
+    flash("Thanks so much for supporting SimpleLogin!", "success")
+    return redirect(url_for("dashboard.index"))


@dashboard_bp.route("/coinbase_checkout")
--- a/app/dashboard/views/recovery_code.py
+++ b/app/dashboard/views/recovery_code.py
@ -0,0 +1,30 @@
+from flask import render_template, flash, redirect, url_for, request
+from flask_login import login_required, current_user
+
+from app.dashboard.base import dashboard_bp
+from app.log import LOG
+from app.models import RecoveryCode
+
+
+@dashboard_bp.route("/recovery_code", methods=["GET", "POST"])
+@login_required
+def recovery_code_route():
+    if not current_user.two_factor_authentication_enabled():
+        flash("you need to enable either TOTP or WebAuthn", "warning")
+        return redirect(url_for("dashboard.index"))
+
+    recovery_codes = RecoveryCode.filter_by(user_id=current_user.id).all()
+    if request.method == "GET" and not recovery_codes:
+        # user arrives at this page for the first time
+        LOG.d("%s has no recovery keys, generate", current_user)
+        RecoveryCode.generate(current_user)
+        recovery_codes = RecoveryCode.filter_by(user_id=current_user.id).all()
+
+    if request.method == "POST":
+        RecoveryCode.generate(current_user)
+        flash("New recovery codes generated", "success")
+        return redirect(url_for("dashboard.recovery_code_route"))
+
+    return render_template(
+        "dashboard/recovery_code.html", recovery_codes=recovery_codes
+    )
--- a/app/dashboard/views/setting.py
+++ b/app/dashboard/views/setting.py
@ -1,5 +1,4 @@
 from io import BytesIO
-from typing import Optional, Tuple

 import arrow
 from flask import (
@ -12,25 +11,35 @@ from flask import (
 from flask_login import login_required, current_user
 from flask_wtf import FlaskForm
 from flask_wtf.file import FileField
+from newrelic import agent
+from typing import Optional, Tuple
 from wtforms import StringField, validators
+from wtforms.fields.html5 import EmailField

-from app import s3
+from app import s3, email_utils
 from app.config import (
+    URL,
    FIRST_ALIAS_DOMAIN,
    ALIAS_RANDOM_SUFFIX_LENGTH,
-    CONNECT_WITH_PROTON,
 )
 from app.dashboard.base import dashboard_bp
 from app.db import Session
+from app.email_utils import (
+    email_can_be_used_as_mailbox,
+    personal_email_already_used,
+)
 from app.errors import ProtonPartnerNotSetUp
-from app.extensions import limiter
 from app.image_validation import detect_image_format, ImageFormat
+from app.jobs.export_user_data_job import ExportUserDataJob
 from app.log import LOG
 from app.models import (
    BlockBehaviourEnum,
    PlanEnum,
    File,
+    ResetPasswordCode,
    EmailChange,
+    User,
+    Alias,
    CustomDomain,
    AliasGeneratorEnum,
    AliasSuffixEnum,
@ -43,11 +52,8 @@ from app.models import (
    PartnerSubscription,
    UnsubscribeBehaviourEnum,
 )
-from app.proton.utils import get_proton_partner
-from app.utils import (
-    random_string,
-    CSRFValidationForm,
-)
+from app.proton.utils import is_connect_with_proton_enabled, get_proton_partner
+from app.utils import random_string, sanitize_email


 class SettingForm(FlaskForm):
@ -55,6 +61,12 @@ class SettingForm(FlaskForm):
    profile_picture = FileField("Profile Picture")


+class ChangeEmailForm(FlaskForm):
+    email = EmailField(
+        "email", validators=[validators.DataRequired(), validators.Email()]
+    )
+
+
 class PromoCodeForm(FlaskForm):
    code = StringField("Name", validators=[validators.DataRequired()])

@ -88,11 +100,10 @@ def get_partner_subscription_and_name(

@dashboard_bp.route("/setting", methods=["GET", "POST"])
@login_required
-@limiter.limit("5/minute", methods=["POST"])
 def setting():
    form = SettingForm()
    promo_form = PromoCodeForm()
-    csrf_form = CSRFValidationForm()
+    change_email_form = ChangeEmailForm()

    email_change = EmailChange.get_by(user_id=current_user.id)
    if email_change:
@ -101,10 +112,67 @@ def setting():
        pending_email = None

    if request.method == "POST":
-        if not csrf_form.validate():
-            flash("Invalid request", "warning")
-            return redirect(url_for("dashboard.setting"))
+        if request.form.get("form-name") == "update-email":
+            if change_email_form.validate():
+                # whether user can proceed with the email update
+                new_email_valid = True
+                if (
+                    sanitize_email(change_email_form.email.data) != current_user.email
+                    and not pending_email
+                ):
+                    new_email = sanitize_email(change_email_form.email.data)

+                    # check if this email is not already used
+                    if personal_email_already_used(new_email) or Alias.get_by(
+                        email=new_email
+                    ):
+                        flash(f"Email {new_email} already used", "error")
+                        new_email_valid = False
+                    elif not email_can_be_used_as_mailbox(new_email):
+                        flash(
+                            "You cannot use this email address as your personal inbox.",
+                            "error",
+                        )
+                        new_email_valid = False
+                    # a pending email change with the same email exists from another user
+                    elif EmailChange.get_by(new_email=new_email):
+                        other_email_change: EmailChange = EmailChange.get_by(
+                            new_email=new_email
+                        )
+                        LOG.w(
+                            "Another user has a pending %s with the same email address. Current user:%s",
+                            other_email_change,
+                            current_user,
+                        )
+
+                        if other_email_change.is_expired():
+                            LOG.d(
+                                "delete the expired email change %s", other_email_change
+                            )
+                            EmailChange.delete(other_email_change.id)
+                            Session.commit()
+                        else:
+                            flash(
+                                "You cannot use this email address as your personal inbox.",
+                                "error",
+                            )
+                            new_email_valid = False
+
+                    if new_email_valid:
+                        email_change = EmailChange.create(
+                            user_id=current_user.id,
+                            code=random_string(
+                                60
+                            ),  # todo: make sure the code is unique
+                            new_email=new_email,
+                        )
+                        Session.commit()
+                        send_change_email_confirmation(current_user, email_change)
+                        flash(
+                            "A confirmation email is on the way, please check your inbox",
+                            "success",
+                        )
+                        return redirect(url_for("dashboard.setting"))
        if request.form.get("form-name") == "update-profile":
            if form.validate():
                profile_updated = False
@ -123,16 +191,6 @@ def setting():
                        )
                        return redirect(url_for("dashboard.setting"))

-                    if current_user.profile_picture_id is not None:
-                        current_profile_file = File.get_by(
-                            id=current_user.profile_picture_id
-                        )
-                        if (
-                            current_profile_file is not None
-                            and current_profile_file.user_id == current_user.id
-                        ):
-                            s3.delete(current_profile_file.path)
-
                    file_path = random_string(30)
                    file = File.create(user_id=current_user.id, path=file_path)

@ -148,6 +206,15 @@ def setting():
                if profile_updated:
                    flash("Your profile has been updated", "success")
                    return redirect(url_for("dashboard.setting"))
+
+        elif request.form.get("form-name") == "change-password":
+            flash(
+                "You are going to receive an email containing instructions to change your password",
+                "success",
+            )
+            send_reset_password_email(current_user)
+            return redirect(url_for("dashboard.setting"))
+
        elif request.form.get("form-name") == "notification-preference":
            choose = request.form.get("notification")
            if choose == "on":
@ -157,6 +224,7 @@ def setting():
            Session.commit()
            flash("Your notification preference has been updated", "success")
            return redirect(url_for("dashboard.setting"))
+
        elif request.form.get("form-name") == "change-alias-generator":
            scheme = int(request.form.get("alias-generator-scheme"))
            if AliasGeneratorEnum.has_value(scheme):
@ -164,6 +232,7 @@ def setting():
                Session.commit()
            flash("Your preference has been updated", "success")
            return redirect(url_for("dashboard.setting"))
+
        elif request.form.get("form-name") == "change-random-alias-default-domain":
            default_domain = request.form.get("random-alias-default-domain")

@ -202,6 +271,7 @@ def setting():
            Session.commit()
            flash("Your preference has been updated", "success")
            return redirect(url_for("dashboard.setting"))
+
        elif request.form.get("form-name") == "random-alias-suffix":
            scheme = int(request.form.get("random-alias-suffix-generator"))
            if AliasSuffixEnum.has_value(scheme):
@ -209,6 +279,7 @@ def setting():
                Session.commit()
            flash("Your preference has been updated", "success")
            return redirect(url_for("dashboard.setting"))
+
        elif request.form.get("form-name") == "change-sender-format":
            sender_format = int(request.form.get("sender-format"))
            if SenderFormatEnum.has_value(sender_format):
@ -218,6 +289,7 @@ def setting():
                flash("Your sender format preference has been updated", "success")
            Session.commit()
            return redirect(url_for("dashboard.setting"))
+
        elif request.form.get("form-name") == "replace-ra":
            choose = request.form.get("replace-ra")
            if choose == "on":
@ -227,21 +299,7 @@ def setting():
            Session.commit()
            flash("Your preference has been updated", "success")
            return redirect(url_for("dashboard.setting"))
-        elif request.form.get("form-name") == "enable_data_breach_check":
-            if not current_user.is_premium():
-                flash("Only premium plan can enable data breach monitoring", "warning")
-                return redirect(url_for("dashboard.setting"))
-            choose = request.form.get("enable_data_breach_check")
-            if choose == "on":
-                LOG.i("User {current_user} has enabled data breach monitoring")
-                current_user.enable_data_breach_check = True
-                flash("Data breach monitoring is enabled", "success")
-            else:
-                LOG.i("User {current_user} has disabled data breach monitoring")
-                current_user.enable_data_breach_check = False
-                flash("Data breach monitoring is disabled", "info")
-            Session.commit()
-            return redirect(url_for("dashboard.setting"))
+
        elif request.form.get("form-name") == "sender-in-ra":
            choose = request.form.get("enable")
            if choose == "on":
@ -251,6 +309,7 @@ def setting():
            Session.commit()
            flash("Your preference has been updated", "success")
            return redirect(url_for("dashboard.setting"))
+
        elif request.form.get("form-name") == "expand-alias-info":
            choose = request.form.get("enable")
            if choose == "on":
@ -312,6 +371,14 @@ def setting():
            Session.commit()
            flash("Your preference has been updated", "success")
            return redirect(url_for("dashboard.setting"))
+        elif request.form.get("form-name") == "send-full-user-report":
+            if ExportUserDataJob(current_user).store_job_in_db():
+                flash(
+                    "You will receive your SimpleLogin data via email shortly",
+                    "success",
+                )
+            else:
+                flash("An export of your data is currently in progress", "error")

    manual_sub = ManualSubscription.get_by(user_id=current_user.id)
    apple_sub = AppleSubscription.get_by(user_id=current_user.id)
@ -328,12 +395,12 @@ def setting():

    return render_template(
        "dashboard/setting.html",
-        csrf_form=csrf_form,
        form=form,
        PlanEnum=PlanEnum,
        SenderFormatEnum=SenderFormatEnum,
        BlockBehaviourEnum=BlockBehaviourEnum,
        promo_form=promo_form,
+        change_email_form=change_email_form,
        pending_email=pending_email,
        AliasGeneratorEnum=AliasGeneratorEnum,
        UnsubscribeBehaviourEnum=UnsubscribeBehaviourEnum,
@ -345,6 +412,81 @@ def setting():
        coinbase_sub=coinbase_sub,
        FIRST_ALIAS_DOMAIN=FIRST_ALIAS_DOMAIN,
        ALIAS_RAND_SUFFIX_LENGTH=ALIAS_RANDOM_SUFFIX_LENGTH,
-        connect_with_proton=CONNECT_WITH_PROTON,
+        connect_with_proton=is_connect_with_proton_enabled(),
        proton_linked_account=proton_linked_account,
    )
+
+
+def send_reset_password_email(user):
+    """
+    generate a new ResetPasswordCode and send it over email to user
+    """
+    # the activation code is valid for 1h
+    reset_password_code = ResetPasswordCode.create(
+        user_id=user.id, code=random_string(60)
+    )
+    Session.commit()
+
+    reset_password_link = f"{URL}/auth/reset_password?code={reset_password_code.code}"
+
+    email_utils.send_reset_password_email(user.email, reset_password_link)
+
+
+def send_change_email_confirmation(user: User, email_change: EmailChange):
+    """
+    send confirmation email to the new email address
+    """
+
+    link = f"{URL}/auth/change_email?code={email_change.code}"
+
+    email_utils.send_change_email(email_change.new_email, user.email, link)
+
+
+@dashboard_bp.route("/resend_email_change", methods=["GET", "POST"])
+@login_required
+def resend_email_change():
+    email_change = EmailChange.get_by(user_id=current_user.id)
+    if email_change:
+        # extend email change expiration
+        email_change.expired = arrow.now().shift(hours=12)
+        Session.commit()
+
+        send_change_email_confirmation(current_user, email_change)
+        flash("A confirmation email is on the way, please check your inbox", "success")
+        return redirect(url_for("dashboard.setting"))
+    else:
+        flash(
+            "You have no pending email change. Redirect back to Setting page", "warning"
+        )
+        return redirect(url_for("dashboard.setting"))
+
+
+@dashboard_bp.route("/cancel_email_change", methods=["GET", "POST"])
+@login_required
+def cancel_email_change():
+    email_change = EmailChange.get_by(user_id=current_user.id)
+    if email_change:
+        EmailChange.delete(email_change.id)
+        Session.commit()
+        flash("Your email change is cancelled", "success")
+        return redirect(url_for("dashboard.setting"))
+    else:
+        flash(
+            "You have no pending email change. Redirect back to Setting page", "warning"
+        )
+        return redirect(url_for("dashboard.setting"))
+
+
+@dashboard_bp.route("/unlink_proton_account", methods=["GET", "POST"])
+@login_required
+def unlink_proton_account():
+    proton_partner = get_proton_partner()
+    partner_user = PartnerUser.get_by(
+        user_id=current_user.id, partner_id=proton_partner.id
+    )
+    if partner_user is not None:
+        PartnerUser.delete(partner_user.id)
+    Session.commit()
+    flash("Your Proton account has been unlinked", "success")
+    agent.record_custom_event("AccountUnlinked", {"partner": proton_partner.name})
+    return redirect(url_for("dashboard.setting"))
--- a/app/dashboard/views/subdomain.py
+++ b/app/dashboard/views/subdomain.py
@ -2,10 +2,7 @@ import re

 from flask import render_template, request, redirect, url_for, flash
 from flask_login import login_required, current_user
-from flask_wtf import FlaskForm
-from wtforms import StringField, validators

-from app import parallel_limiter
 from app.config import MAX_NB_SUBDOMAIN
 from app.dashboard.base import dashboard_bp
 from app.errors import SubdomainInTrashError
@ -16,18 +13,8 @@ from app.models import CustomDomain, Mailbox, SLDomain
 _SUBDOMAIN_PATTERN = r"[0-9a-z-]{1,}"


-class NewSubdomainForm(FlaskForm):
-    domain = StringField(
-        "domain", validators=[validators.DataRequired(), validators.Length(max=64)]
-    )
-    subdomain = StringField(
-        "subdomain", validators=[validators.DataRequired(), validators.Length(max=64)]
-    )
-
-
@dashboard_bp.route("/subdomain", methods=["GET", "POST"])
@login_required
-@parallel_limiter.lock(only_when=lambda: request.method == "POST")
 def subdomain_route():
    if not current_user.subdomain_is_available():
        flash("Unknown error, redirect to the home page", "error")
@ -39,13 +26,9 @@ def subdomain_route():
    ).all()

    errors = {}
-    new_subdomain_form = NewSubdomainForm()

    if request.method == "POST":
        if request.form.get("form-name") == "create":
-            if not new_subdomain_form.validate():
-                flash("Invalid new subdomain", "warning")
-                return redirect(url_for("dashboard.subdomain_route"))
            if not current_user.is_premium():
                flash("Only premium plan can add subdomain", "warning")
                return redirect(request.url)
@ -56,8 +39,8 @@ def subdomain_route():
                )
                return redirect(request.url)

-            subdomain = new_subdomain_form.subdomain.data.lower().strip()
-            domain = new_subdomain_form.domain.data.lower().strip()
+            subdomain = request.form.get("subdomain").lower().strip()
+            domain = request.form.get("domain").lower().strip()

            if len(subdomain) < 3:
                flash("Subdomain must have at least 3 characters", "error")
@ -125,5 +108,4 @@ def subdomain_route():
        sl_domains=sl_domains,
        errors=errors,
        subdomains=subdomains,
-        new_subdomain_form=new_subdomain_form,
    )
--- a/app/dashboard/views/unsubscribe.py
+++ b/app/dashboard/views/unsubscribe.py
@ -8,7 +8,6 @@ from app.db import Session
 from flask import redirect, url_for, flash, request, render_template
 from flask_login import login_required, current_user

-from app import alias_utils
 from app.dashboard.base import dashboard_bp
 from app.handler.unsubscribe_encoder import UnsubscribeAction
 from app.handler.unsubscribe_handler import UnsubscribeHandler
@ -32,7 +31,7 @@ def unsubscribe(alias_id):

    # automatic unsubscribe, according to https://tools.ietf.org/html/rfc8058
    if request.method == "POST":
-        alias_utils.change_alias_status(alias, False)
+        alias.enabled = False
        flash(f"Alias {alias.email} has been blocked", "success")
        Session.commit()

@ -76,11 +75,12 @@ def block_contact(contact_id):
@dashboard_bp.route("/unsubscribe/encoded/<encoded_request>", methods=["GET"])
@login_required
 def encoded_unsubscribe(encoded_request: str):
+
    unsub_data = UnsubscribeHandler().handle_unsubscribe_from_request(
        current_user, encoded_request
    )
    if not unsub_data:
-        flash("Invalid unsubscribe request", "error")
+        flash(f"Invalid unsubscribe request", "error")
        return redirect(url_for("dashboard.index"))
    if unsub_data.action == UnsubscribeAction.DisableAlias:
        alias = Alias.get(unsub_data.data)
@ -97,14 +97,14 @@ def encoded_unsubscribe(encoded_request: str):
            )
        )
    if unsub_data.action == UnsubscribeAction.UnsubscribeNewsletter:
-        flash("You've unsubscribed from the newsletter", "success")
+        flash(f"You've unsubscribed from the newsletter", "success")
        return redirect(
            url_for(
                "dashboard.index",
            )
        )
    if unsub_data.action == UnsubscribeAction.OriginalUnsubscribeMailto:
-        flash("The original unsubscribe request has been forwarded", "success")
+        flash(f"The original unsubscribe request has been forwarded", "success")
        return redirect(
            url_for(
                "dashboard.index",
--- a/app/db.py
+++ b/app/db.py
@ -3,12 +3,9 @@ from sqlalchemy import create_engine
 from sqlalchemy.orm import scoped_session
 from sqlalchemy.orm import sessionmaker

-from app import config
+from app.config import DB_URI

-
-engine = create_engine(
-    config.DB_URI, connect_args={"application_name": config.DB_CONN_NAME}
-)
+engine = create_engine(DB_URI)
 connection = engine.connect()

 Session = scoped_session(sessionmaker(bind=connection))
--- a/app/developer/init.py
+++ b/app/developer/init.py
@ -1,3 +1 @@
 from .views import index, new_client, client_detail
-
-__all__ = ["index", "new_client", "client_detail"]
--- a/app/developer/views/client_detail.py
+++ b/app/developer/views/client_detail.py
@ -87,7 +87,7 @@ def client_detail(client_id):
        )

        flash(
-            "Thanks for submitting, we are informed and will come back to you asap!",
+            f"Thanks for submitting, we are informed and will come back to you asap!",
            "success",
        )

--- a/app/discover/init.py
+++ b/app/discover/init.py
@ -1,3 +1 @@
 from .views import index
-
-__all__ = ["index"]
--- a/app/dns_utils.py
+++ b/app/dns_utils.py
@ -34,7 +34,7 @@ def get_cname_record(hostname) -> Optional[str]:


 def get_mx_domains(hostname) -> [(int, str)]:
-    """return list of (priority, domain name) sorted by priority (lowest priority first)
+    """return list of (priority, domain name).
    domain name ends with a "." at the end.
    """
    try:
@ -50,7 +50,7 @@ def get_mx_domains(hostname) -> [(int, str)]:

        ret.append((int(parts[0]), parts[1]))

-    return sorted(ret, key=lambda prio_domain: prio_domain[0])
+    return ret


 _include_spf = "include:"
--- a/app/email/headers.py
+++ b/app/email/headers.py
@ -20,8 +20,6 @@ X_SPAM_STATUS = "X-Spam-Status"
 LIST_UNSUBSCRIBE = "List-Unsubscribe"
 LIST_UNSUBSCRIBE_POST = "List-Unsubscribe-Post"
 RETURN_PATH = "Return-Path"
-AUTHENTICATION_RESULTS = "Authentication-Results"
-SL_QUEUE_ID = "X-SL-Queue-Id"

 # headers used to DKIM sign in order of preference
 DKIM_HEADERS = [
@ -34,7 +32,6 @@ DKIM_HEADERS = [
 SL_DIRECTION = "X-SimpleLogin-Type"
 SL_EMAIL_LOG_ID = "X-SimpleLogin-EmailLog-ID"
 SL_ENVELOPE_FROM = "X-SimpleLogin-Envelope-From"
-SL_ORIGINAL_FROM = "X-SimpleLogin-Original-From"
 SL_ENVELOPE_TO = "X-SimpleLogin-Envelope-To"
 SL_CLIENT_IP = "X-SimpleLogin-Client-IP"

--- a/app/email/status.py
+++ b/app/email/status.py
@ -31,7 +31,11 @@ E402 = "421 SL E402 Encryption failed - Retry later"
 # E403 = "421 SL E403 Retry later"
 E404 = "421 SL E404 Unexpected error - Retry later"
 E405 = "421 SL E405 Mailbox domain problem - Retry later"
+E406 = "421 SL E406 Retry later"
 E407 = "421 SL E407 Retry later"
+E408 = "421 SL E408 Retry later"
+E409 = "421 SL E409 Retry later"
+E410 = "421 SL E410 Retry later"
 # endregion

 # region 5** errors
@ -60,5 +64,4 @@ E522 = (
 )
 E523 = "550 SL E523 Unknown error"
 E524 = "550 SL E524 Wrong use of reverse-alias"
-E525 = "550 SL E525 Alias loop"
 # endregion
--- a/app/email_utils.py
+++ b/app/email_utils.py
@ -14,7 +14,7 @@ from email.header import decode_header, Header
 from email.message import Message, EmailMessage
 from email.mime.multipart import MIMEMultipart
 from email.mime.text import MIMEText
-from email.utils import make_msgid, formatdate, formataddr
+from email.utils import make_msgid, formatdate
 from smtplib import SMTP, SMTPException
 from typing import Tuple, List, Optional, Union

@ -33,9 +33,31 @@ from flanker.addresslib import address
 from flanker.addresslib.address import EmailAddress
 from jinja2 import Environment, FileSystemLoader
 from sqlalchemy import func
-from flask_login import current_user

-from app import config
+from app.config import (
+    ROOT_DIR,
+    POSTFIX_SERVER,
+    DKIM_SELECTOR,
+    DKIM_PRIVATE_KEY,
+    ALIAS_DOMAINS,
+    POSTFIX_SUBMISSION_TLS,
+    MAX_NB_EMAIL_FREE_PLAN,
+    MAX_ALERT_24H,
+    POSTFIX_PORT,
+    URL,
+    LANDING_PAGE_URL,
+    EMAIL_DOMAIN,
+    ALERT_DIRECTORY_DISABLED_ALIAS_CREATION,
+    ALERT_SPF,
+    ALERT_INVALID_TOTP_LOGIN,
+    TEMP_DIR,
+    ALIAS_AUTOMATIC_DISABLE,
+    RSPAMD_SIGN_DKIM,
+    NOREPLY,
+    VERP_PREFIX,
+    VERP_MESSAGE_LIFETIME,
+    VERP_EMAIL_SECRET,
+)
 from app.db import Session
 from app.dns_utils import get_mx_domains
 from app.email import headers
@ -55,7 +77,6 @@ from app.models import (
    IgnoreBounceSender,
    InvalidMailboxDomain,
    VerpType,
-    available_sl_email,
 )
 from app.utils import (
    random_string,
@ -70,36 +91,31 @@ VERP_HMAC_ALGO = "sha3-224"


 def render(template_name, **kwargs) -> str:
-    templates_dir = os.path.join(config.ROOT_DIR, "templates", "emails")
+    templates_dir = os.path.join(ROOT_DIR, "templates", "emails")
    env = Environment(loader=FileSystemLoader(templates_dir))

    template = env.get_template(template_name)

-    use_partner_template = False
-    if current_user and current_user.is_authenticated:
-        use_partner_template = current_user.has_used_alias_from_partner()
-
    return template.render(
-        MAX_NB_EMAIL_FREE_PLAN=config.MAX_NB_EMAIL_FREE_PLAN,
-        URL=config.URL,
-        LANDING_PAGE_URL=config.LANDING_PAGE_URL,
+        MAX_NB_EMAIL_FREE_PLAN=MAX_NB_EMAIL_FREE_PLAN,
+        URL=URL,
+        LANDING_PAGE_URL=LANDING_PAGE_URL,
        YEAR=arrow.now().year,
-        USE_PARTNER_TEMPLATE=use_partner_template,
        **kwargs,
    )


 def send_welcome_email(user):
-    comm_email, unsubscribe_link, via_email = user.get_communication_email()
-    if not comm_email:
+    to_email, unsubscribe_link, via_email = user.get_communication_email()
+    if not to_email:
        return

    # whether this email is sent to an alias
-    alias = comm_email if comm_email != user.email else None
+    alias = to_email if to_email != user.email else None

    send_email(
-        comm_email,
-        "Welcome to SimpleLogin",
+        to_email,
+        f"Welcome to SimpleLogin",
        render("com/welcome.txt", user=user, alias=alias),
        render("com/welcome.html", user=user, alias=alias),
        unsubscribe_link,
@ -110,7 +126,7 @@ def send_welcome_email(user):
 def send_trial_end_soon_email(user):
    send_email(
        user.email,
-        "Your trial will end soon",
+        f"Your trial will end soon",
        render("transactional/trial-end.txt.jinja2", user=user),
        render("transactional/trial-end.html", user=user),
        ignore_smtp_error=True,
@ -120,7 +136,7 @@ def send_trial_end_soon_email(user):
 def send_activation_email(email, activation_link):
    send_email(
        email,
-        "Just one more step to join SimpleLogin",
+        f"Just one more step to join SimpleLogin",
        render(
            "transactional/activation.txt",
            activation_link=activation_link,
@ -171,7 +187,7 @@ def send_change_email(new_email, current_email, link):
 def send_invalid_totp_login_email(user, totp_type):
    send_email_with_rate_control(
        user,
-        config.ALERT_INVALID_TOTP_LOGIN,
+        ALERT_INVALID_TOTP_LOGIN,
        user.email,
        "Unsuccessful attempt to login to your SimpleLogin account",
        render(
@ -229,7 +245,7 @@ def send_cannot_create_directory_alias_disabled(user, alias_address, directory_n
    """
    send_email_with_rate_control(
        user,
-        config.ALERT_DIRECTORY_DISABLED_ALIAS_CREATION,
+        ALERT_DIRECTORY_DISABLED_ALIAS_CREATION,
        user.email,
        f"Alias {alias_address} cannot be created",
        render(
@ -281,9 +297,8 @@ def send_email(

    LOG.d("send email to %s, subject '%s'", to_email, subject)

-    from_name = from_name or config.NOREPLY
-    from_addr = from_addr or config.NOREPLY
-    from_domain = get_email_domain_part(from_addr)
+    from_name = from_name or NOREPLY
+    from_addr = from_addr or NOREPLY

    if html:
        msg = MIMEMultipart("alternative")
@ -298,14 +313,13 @@ def send_email(
    msg[headers.FROM] = f'"{from_name}" <{from_addr}>'
    msg[headers.TO] = to_email

-    msg_id_header = make_msgid(domain=config.EMAIL_DOMAIN)
+    msg_id_header = make_msgid(domain=EMAIL_DOMAIN)
    msg[headers.MESSAGE_ID] = msg_id_header

    date_header = formatdate()
    msg[headers.DATE] = date_header

-    if headers.MIME_VERSION not in msg:
-        msg[headers.MIME_VERSION] = "1.0"
+    msg[headers.MIME_VERSION] = "1.0"

    if unsubscribe_link:
        add_or_replace_header(msg, headers.LIST_UNSUBSCRIBE, f"<{unsubscribe_link}>")
@ -322,7 +336,7 @@ def send_email(

    # use a different envelope sender for each transactional email (aka VERP)
    sl_sendmail(
-        generate_verp_email(VerpType.transactional, transaction.id, from_domain),
+        generate_verp_email(VerpType.transactional, transaction.id),
        to_email,
        msg,
        retries=retries,
@ -337,7 +351,7 @@ def send_email_with_rate_control(
    subject,
    plaintext,
    html=None,
-    max_nb_alert=config.MAX_ALERT_24H,
+    max_nb_alert=MAX_ALERT_24H,
    nb_day=1,
    ignore_smtp_error=False,
    retries=0,
@ -434,7 +448,7 @@ def get_email_domain_part(address):


 def add_dkim_signature(msg: Message, email_domain: str):
-    if config.RSPAMD_SIGN_DKIM:
+    if RSPAMD_SIGN_DKIM:
        LOG.d("DKIM signature will be added by rspamd")
        msg[headers.SL_WANT_SIGNING] = "yes"
        return
@ -449,9 +463,9 @@ def add_dkim_signature(msg: Message, email_domain: str):
            continue

    # To investigate why some emails can't be DKIM signed. todo: remove
-    if config.TEMP_DIR:
+    if TEMP_DIR:
        file_name = str(uuid.uuid4()) + ".eml"
-        with open(os.path.join(config.TEMP_DIR, file_name), "wb") as f:
+        with open(os.path.join(TEMP_DIR, file_name), "wb") as f:
            f.write(msg.as_bytes())

        LOG.w("email saved to %s", file_name)
@ -466,12 +480,12 @@ def add_dkim_signature_with_header(

    # Specify headers in "byte" form
    # Generate message signature
-    if config.DKIM_PRIVATE_KEY:
+    if DKIM_PRIVATE_KEY:
        sig = dkim.sign(
            message_to_bytes(msg),
-            config.DKIM_SELECTOR,
+            DKIM_SELECTOR,
            email_domain.encode(),
-            config.DKIM_PRIVATE_KEY.encode(),
+            DKIM_PRIVATE_KEY.encode(),
            include_headers=dkim_headers,
        )
        sig = sig.decode()
@ -500,10 +514,9 @@ def delete_header(msg: Message, header: str):

 def sanitize_header(msg: Message, header: str):
    """remove trailing space and remove linebreak from a header"""
-    header_lowercase = header.lower()
    for i in reversed(range(len(msg._headers))):
        header_name = msg._headers[i][0].lower()
-        if header_name == header_lowercase:
+        if header_name == header.lower():
            # msg._headers[i] is a tuple like ('From', 'hey@google.com')
            if msg._headers[i][1]:
                msg._headers[i] = (
@ -524,7 +537,7 @@ def delete_all_headers_except(msg: Message, headers: [str]):
 def can_create_directory_for_address(email_address: str) -> bool:
    """return True if an email ends with one of the alias domains provided by SimpleLogin"""
    # not allow creating directory with premium domain
-    for domain in config.ALIAS_DOMAINS:
+    for domain in ALIAS_DOMAINS:
        if email_address.endswith("@" + domain):
            return True

@ -581,7 +594,7 @@ def email_can_be_used_as_mailbox(email_address: str) -> bool:
    mx_domains = get_mx_domain_list(domain)

    # if no MX record, email is not valid
-    if not config.SKIP_MX_LOOKUP_ON_CHECK and not mx_domains:
+    if not mx_domains:
        LOG.d("No MX record for domain %s", domain)
        return False

@ -590,26 +603,6 @@ def email_can_be_used_as_mailbox(email_address: str) -> bool:
            LOG.d("MX Domain %s %s is invalid mailbox domain", mx_domain, domain)
            return False

-    existing_user = User.get_by(email=email_address)
-    if existing_user and existing_user.disabled:
-        LOG.d(
-            f"User {existing_user} is disabled. {email_address} cannot be used for other mailbox"
-        )
-        return False
-
-    for existing_user in (
-        User.query()
-        .join(Mailbox, User.id == Mailbox.user_id)
-        .filter(Mailbox.email == email_address)
-        .group_by(User.id)
-        .all()
-    ):
-        if existing_user.disabled:
-            LOG.d(
-                f"User {existing_user} is disabled and has a mailbox with {email_address}. Id cannot be used for other mailbox"
-            )
-            return False
-
    return True


@ -795,7 +788,7 @@ def get_header_unicode(header: Union[str, Header]) -> str:
    ret = ""
    for to_decoded_str, charset in decode_header(header):
        if charset is None:
-            if isinstance(to_decoded_str, bytes):
+            if type(to_decoded_str) is bytes:
                decoded_str = to_decoded_str.decode()
            else:
                decoded_str = to_decoded_str
@ -832,13 +825,13 @@ def to_bytes(msg: Message):
    for generator_policy in [None, policy.SMTP, policy.SMTPUTF8]:
        try:
            return msg.as_bytes(policy=generator_policy)
-        except Exception:
+        except:
            LOG.w("as_bytes() fails with %s policy", policy, exc_info=True)

    msg_string = msg.as_string()
    try:
        return msg_string.encode()
-    except Exception:
+    except:
        LOG.w("as_string().encode() fails", exc_info=True)

    return msg_string.encode(errors="replace")
@ -855,6 +848,19 @@ def should_add_dkim_signature(domain: str) -> bool:
    return False


+def is_valid_email(email_address: str) -> bool:
+    """
+    Used to check whether an email address is valid
+    NOT run MX check.
+    NOT allow unicode.
+    """
+    try:
+        validate_email(email_address, check_deliverability=False, allow_smtputf8=False)
+        return True
+    except EmailNotValidError:
+        return False
+
+
 class EmailEncoding(enum.Enum):
    BASE64 = "base64"
    QUOTED = "quoted-printable"
@ -925,25 +931,22 @@ def decode_text(text: str, encoding: EmailEncoding = EmailEncoding.NO) -> str:
        return text


-def add_header(msg: Message, text_header, html_header=None) -> Message:
-    if not html_header:
-        html_header = text_header.replace("\n", "<br>")
-
+def add_header(msg: Message, text_header, html_header) -> Message:
    content_type = msg.get_content_type().lower()
    if content_type == "text/plain":
        encoding = get_encoding(msg)
        payload = msg.get_payload()
-        if isinstance(payload, str):
+        if type(payload) is str:
            clone_msg = copy(msg)
            new_payload = f"""{text_header}
------------------------------
+---
 {decode_text(payload, encoding)}"""
            clone_msg.set_payload(encode_text(new_payload, encoding))
            return clone_msg
    elif content_type == "text/html":
        encoding = get_encoding(msg)
        payload = msg.get_payload()
-        if isinstance(payload, str):
+        if type(payload) is str:
            new_payload = f"""<table width="100%" style="width: 100%; -premailer-width: 100%; -premailer-cellpadding: 0;
  -premailer-cellspacing: 0; margin: 0; padding: 0;">
    <tr>
@ -965,8 +968,6 @@ def add_header(msg: Message, text_header, html_header=None) -> Message:
        for part in msg.get_payload():
            if isinstance(part, Message):
                new_parts.append(add_header(part, text_header, html_header))
-            elif isinstance(part, str):
-                new_parts.append(MIMEText(part))
            else:
                new_parts.append(part)
        clone_msg = copy(msg)
@ -975,14 +976,7 @@ def add_header(msg: Message, text_header, html_header=None) -> Message:

    elif content_type in ("multipart/mixed", "multipart/signed"):
        new_parts = []
-        payload = msg.get_payload()
-        if isinstance(payload, str):
-            # The message is badly formatted inject as new
-            new_parts = [MIMEText(text_header, "plain"), MIMEText(payload, "plain")]
-            clone_msg = copy(msg)
-            clone_msg.set_payload(new_parts)
-            return clone_msg
-        parts = list(payload)
+        parts = list(msg.get_payload())
        LOG.d("only add header for the first part for %s", content_type)
        for ix, part in enumerate(parts):
            if ix == 0:
@ -998,11 +992,7 @@ def add_header(msg: Message, text_header, html_header=None) -> Message:
    return msg


-def replace(msg: Union[Message, str], old, new) -> Union[Message, str]:
-    if isinstance(msg, str):
-        msg = msg.replace(old, new)
-        return msg
-
+def replace(msg: Message, old, new) -> Message:
    content_type = msg.get_content_type()

    if (
@ -1022,7 +1012,7 @@ def replace(msg: Union[Message, str], old, new) -> Union[Message, str]:
    if content_type in ("text/plain", "text/html"):
        encoding = get_encoding(msg)
        payload = msg.get_payload()
-        if isinstance(payload, str):
+        if type(payload) is str:
            if encoding == EmailEncoding.QUOTED:
                LOG.d("handle quoted-printable replace %s -> %s", old, new)
                # first decode the payload
@ -1067,7 +1057,7 @@ def replace(msg: Union[Message, str], old, new) -> Union[Message, str]:
    return msg


-def generate_reply_email(contact_email: str, alias: Alias) -> str:
+def generate_reply_email(contact_email: str, user: User) -> str:
    """
    generate a reply_email (aka reverse-alias), make sure it isn't used by any contact
    """
@ -1078,7 +1068,6 @@ def generate_reply_email(contact_email: str, alias: Alias) -> str:

    include_sender_in_reverse_alias = False

-    user = alias.user
    # user has set this option explicitly
    if user.include_sender_in_reverse_alias is not None:
        include_sender_in_reverse_alias = user.include_sender_in_reverse_alias
@ -1093,28 +1082,22 @@ def generate_reply_email(contact_email: str, alias: Alias) -> str:
        contact_email = contact_email.replace(".", "_")
        contact_email = convert_to_alphanumeric(contact_email)

-    reply_domain = config.EMAIL_DOMAIN
-    alias_domain = get_email_domain_part(alias.email)
-    sl_domain = SLDomain.get_by(domain=alias_domain)
-    if sl_domain and sl_domain.use_as_reverse_alias:
-        reply_domain = alias_domain
-
    # not use while to avoid infinite loop
    for _ in range(1000):
        if include_sender_in_reverse_alias and contact_email:
            random_length = random.randint(5, 10)
            reply_email = (
                # do not use the ra+ anymore
-                # f"ra+{contact_email}+{random_string(random_length)}@{config.EMAIL_DOMAIN}"
-                f"{contact_email}_{random_string(random_length)}@{reply_domain}"
+                # f"ra+{contact_email}+{random_string(random_length)}@{EMAIL_DOMAIN}"
+                f"{contact_email}_{random_string(random_length)}@{EMAIL_DOMAIN}"
            )
        else:
            random_length = random.randint(20, 50)
            # do not use the ra+ anymore
-            # reply_email = f"ra+{random_string(random_length)}@{config.EMAIL_DOMAIN}"
-            reply_email = f"{random_string(random_length)}@{reply_domain}"
+            # reply_email = f"ra+{random_string(random_length)}@{EMAIL_DOMAIN}"
+            reply_email = f"{random_string(random_length)}@{EMAIL_DOMAIN}"

-        if available_sl_email(reply_email):
+        if not Contact.get_by(reply_email=reply_email):
            return reply_email

    raise Exception("Cannot generate reply email")
@ -1125,11 +1108,31 @@ def is_reverse_alias(address: str) -> bool:
    if Contact.get_by(reply_email=address):
        return True

-    return address.endswith(f"@{config.EMAIL_DOMAIN}") and (
+    return address.endswith(f"@{EMAIL_DOMAIN}") and (
        address.startswith("reply+") or address.startswith("ra+")
    )


+# allow also + and @ that are present in a reply address
+_ALLOWED_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.+@"
+
+
+def normalize_reply_email(reply_email: str) -> str:
+    """Handle the case where reply email contains *strange* char that was wrongly generated in the past"""
+    if not reply_email.isascii():
+        reply_email = convert_to_id(reply_email)
+
+    ret = []
+    # drop all control characters like shift, separator, etc
+    for c in reply_email:
+        if c not in _ALLOWED_CHARS:
+            ret.append("_")
+        else:
+            ret.append(c)
+
+    return "".join(ret)
+
+
 def should_disable(alias: Alias) -> (bool, str):
    """
    Return whether an alias should be disabled and if yes, the reason why
@ -1139,7 +1142,7 @@ def should_disable(alias: Alias) -> (bool, str):
        LOG.w("%s cannot be disabled", alias)
        return False, ""

-    if not config.ALIAS_AUTOMATIC_DISABLE:
+    if not ALIAS_AUTOMATIC_DISABLE:
        return False, ""

    yesterday = arrow.now().shift(days=-1)
@ -1254,14 +1257,14 @@ def spf_pass(
                subject = get_header_unicode(msg[headers.SUBJECT])
                send_email_with_rate_control(
                    user,
-                    config.ALERT_SPF,
+                    ALERT_SPF,
                    mailbox.email,
                    f"SimpleLogin Alert: attempt to send emails from your alias {alias.email} from unknown IP Address",
                    render(
                        "transactional/spf-fail.txt",
                        alias=alias.email,
                        ip=ip,
-                        mailbox_url=config.URL + f"/dashboard/mailbox/{mailbox.id}#spf",
+                        mailbox_url=URL + f"/dashboard/mailbox/{mailbox.id}#spf",
                        to_email=contact_email,
                        subject=subject,
                        time=arrow.now(),
@ -1269,7 +1272,7 @@ def spf_pass(
                    render(
                        "transactional/spf-fail.html",
                        ip=ip,
-                        mailbox_url=config.URL + f"/dashboard/mailbox/{mailbox.id}#spf",
+                        mailbox_url=URL + f"/dashboard/mailbox/{mailbox.id}#spf",
                        to_email=contact_email,
                        subject=subject,
                        time=arrow.now(),
@ -1292,11 +1295,11 @@ def spf_pass(
@cached(cache=TTLCache(maxsize=2, ttl=20))
 def get_smtp_server():
    LOG.d("get a smtp server")
-    if config.POSTFIX_SUBMISSION_TLS:
-        smtp = SMTP(config.POSTFIX_SERVER, 587)
+    if POSTFIX_SUBMISSION_TLS:
+        smtp = SMTP(POSTFIX_SERVER, 587)
        smtp.starttls()
    else:
-        smtp = SMTP(config.POSTFIX_SERVER, config.POSTFIX_PORT)
+        smtp = SMTP(POSTFIX_SERVER, POSTFIX_PORT)

    return smtp

@ -1368,12 +1371,12 @@ def save_email_for_debugging(msg: Message, file_name_prefix=None) -> str:
    """Save email for debugging to temporary location
    Return the file path
    """
-    if config.TEMP_DIR:
+    if TEMP_DIR:
        file_name = str(uuid.uuid4()) + ".eml"
        if file_name_prefix:
            file_name = "{}-{}".format(file_name_prefix, file_name)

-        with open(os.path.join(config.TEMP_DIR, file_name), "wb") as f:
+        with open(os.path.join(TEMP_DIR, file_name), "wb") as f:
            f.write(msg.as_bytes())

        LOG.d("email saved to %s", file_name)
@ -1386,12 +1389,12 @@ def save_envelope_for_debugging(envelope: Envelope, file_name_prefix=None) -> st
    """Save envelope for debugging to temporary location
    Return the file path
    """
-    if config.TEMP_DIR:
+    if TEMP_DIR:
        file_name = str(uuid.uuid4()) + ".eml"
        if file_name_prefix:
            file_name = "{}-{}".format(file_name_prefix, file_name)

-        with open(os.path.join(config.TEMP_DIR, file_name), "wb") as f:
+        with open(os.path.join(TEMP_DIR, file_name), "wb") as f:
            f.write(envelope.original_content)

        LOG.d("envelope saved to %s", file_name)
@ -1410,22 +1413,19 @@ def generate_verp_email(
    # Time is in minutes granularity and start counting on 2022-01-01 to reduce bytes to represent time
    data = [
        verp_type.value,
-        object_id or 0,
+        object_id,
        int((time.time() - VERP_TIME_START) / 60),
    ]
    json_payload = json.dumps(data).encode("utf-8")
    # Signing without itsdangereous because it uses base64 that includes +/= symbols and lower and upper case letters.
    # We need to encode in base32
    payload_hmac = hmac.new(
-        config.VERP_EMAIL_SECRET.encode("utf-8"), json_payload, VERP_HMAC_ALGO
+        VERP_EMAIL_SECRET.encode("utf-8"), json_payload, VERP_HMAC_ALGO
    ).digest()[:8]
    encoded_payload = base64.b32encode(json_payload).rstrip(b"=").decode("utf-8")
    encoded_signature = base64.b32encode(payload_hmac).rstrip(b"=").decode("utf-8")
    return "{}.{}.{}@{}".format(
-        config.VERP_PREFIX,
-        encoded_payload,
-        encoded_signature,
-        sender_domain or config.EMAIL_DOMAIN,
+        VERP_PREFIX, encoded_payload, encoded_signature, sender_domain or EMAIL_DOMAIN
    ).lower()


@ -1438,7 +1438,7 @@ def get_verp_info_from_email(email: str) -> Optional[Tuple[VerpType, int]]:
        return None
    username = email[:idx]
    fields = username.split(".")
-    if len(fields) != 3 or fields[0] != config.VERP_PREFIX:
+    if len(fields) != 3 or fields[0] != VERP_PREFIX:
        return None
    try:
        padding = (8 - (len(fields[1]) % 8)) % 8
@ -1450,7 +1450,7 @@ def get_verp_info_from_email(email: str) -> Optional[Tuple[VerpType, int]]:
    except binascii.Error:
        return None
    expected_signature = hmac.new(
-        config.VERP_EMAIL_SECRET.encode("utf-8"), payload, VERP_HMAC_ALGO
+        VERP_EMAIL_SECRET.encode("utf-8"), payload, VERP_HMAC_ALGO
    ).digest()[:8]
    if expected_signature != signature:
        return None
@ -1458,13 +1458,6 @@ def get_verp_info_from_email(email: str) -> Optional[Tuple[VerpType, int]]:
    # verp type, object_id, time
    if len(data) != 3:
        return None
-    if data[2] > (time.time() + config.VERP_MESSAGE_LIFETIME - VERP_TIME_START) / 60:
+    if data[2] > (time.time() + VERP_MESSAGE_LIFETIME - VERP_TIME_START) / 60:
        return None
    return VerpType(data[0]), data[1]
-
-
-def sl_formataddr(name_address_tuple: Tuple[str, str]):
-    """Same as formataddr but use utf-8 encoding by default and always return str (and never Header)"""
-    name, addr = name_address_tuple
-    # formataddr can return Header, make sure to convert to str
-    return str(formataddr((name, Header(addr, "utf-8"))))
--- a/app/email_validation.py
+++ b/app/email_validation.py
@ -1,38 +0,0 @@
-from email_validator import (
-    validate_email,
-    EmailNotValidError,
-)
-
-from app.utils import convert_to_id
-
-# allow also + and @ that are present in a reply address
-_ALLOWED_CHARS = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789_-.+@"
-
-
-def is_valid_email(email_address: str) -> bool:
-    """
-    Used to check whether an email address is valid
-    NOT run MX check.
-    NOT allow unicode.
-    """
-    try:
-        validate_email(email_address, check_deliverability=False, allow_smtputf8=False)
-        return True
-    except EmailNotValidError:
-        return False
-
-
-def normalize_reply_email(reply_email: str) -> str:
-    """Handle the case where reply email contains *strange* char that was wrongly generated in the past"""
-    if not reply_email.isascii():
-        reply_email = convert_to_id(reply_email)
-
-    ret = []
-    # drop all control characters like shift, separator, etc
-    for c in reply_email:
-        if c not in _ALLOWED_CHARS:
-            ret.append("_")
-        else:
-            ret.append(c)
-
-    return "".join(ret)
--- a/app/errors.py
+++ b/app/errors.py
@ -71,7 +71,7 @@ class ErrContactErrorUpgradeNeeded(SLException):
    """raised when user cannot create a contact because the plan doesn't allow it"""

    def error_for_user(self) -> str:
-        return "Please upgrade to premium to create reverse-alias"
+        return f"Please upgrade to premium to create reverse-alias"


 class ErrAddressInvalid(SLException):
@ -84,14 +84,6 @@ class ErrAddressInvalid(SLException):
        return f"{self.address} is not a valid email address"


-class InvalidContactEmailError(SLException):
-    def __init__(self, website_email: str):  # noqa: F821
-        self.website_email = website_email
-
-    def error_for_user(self) -> str:
-        return f"Cannot create contact with invalid email {self.website_email}"
-
-
 class ErrContactAlreadyExists(SLException):
    """raised when a contact already exists"""

@ -116,15 +108,3 @@ class AccountAlreadyLinkedToAnotherPartnerException(LinkException):
 class AccountAlreadyLinkedToAnotherUserException(LinkException):
    def __init__(self):
        super().__init__("This account is linked to another user")
-
-
-class AccountIsUsingAliasAsEmail(LinkException):
-    def __init__(self):
-        super().__init__("Your account has an alias as it's email address")
-
-
-class ProtonAccountNotVerified(LinkException):
-    def __init__(self):
-        super().__init__(
-            "The Proton account you are trying to use has not been verified"
-        )
--- a/app/events/init.py
+++ b/app/events/init.py
--- a/app/events/auth_event.py
+++ b/app/events/auth_event.py
@ -9,7 +9,6 @@ class LoginEvent:
        failed = 1
        disabled_login = 2
        not_activated = 3
-        scheduled_to_be_deleted = 4

    class Source(EnumE):
        web = 0
--- a/app/events/event_dispatcher.py
+++ b/app/events/event_dispatcher.py
@ -1,66 +0,0 @@
-from abc import ABC, abstractmethod
-from app import config
-from app.db import Session
-from app.errors import ProtonPartnerNotSetUp
-from app.events.generated import event_pb2
-from app.models import User, PartnerUser, SyncEvent
-from app.proton.utils import get_proton_partner
-from typing import Optional
-
-NOTIFICATION_CHANNEL = "simplelogin_sync_events"
-
-
-class Dispatcher(ABC):
-    @abstractmethod
-    def send(self, event: bytes):
-        pass
-
-
-class PostgresDispatcher(Dispatcher):
-    def send(self, event: bytes):
-        instance = SyncEvent.create(content=event, flush=True)
-        Session.execute(f"NOTIFY {NOTIFICATION_CHANNEL}, '{instance.id}';")
-
-    @staticmethod
-    def get():
-        return PostgresDispatcher()
-
-
-class EventDispatcher:
-    @staticmethod
-    def send_event(
-        user: User,
-        content: event_pb2.EventContent,
-        dispatcher: Dispatcher = PostgresDispatcher.get(),
-        skip_if_webhook_missing: bool = True,
-    ):
-        if config.EVENT_WEBHOOK_DISABLE:
-            return
-
-        if not config.EVENT_WEBHOOK and skip_if_webhook_missing:
-            return
-
-        partner_user = EventDispatcher.__partner_user(user.id)
-        if not partner_user:
-            return
-
-        event = event_pb2.Event(
-            user_id=user.id,
-            external_user_id=partner_user.external_user_id,
-            partner_id=partner_user.partner_id,
-            content=content,
-        )
-
-        serialized = event.SerializeToString()
-        dispatcher.send(serialized)
-
-    @staticmethod
-    def __partner_user(user_id: int) -> Optional[PartnerUser]:
-        # Check if the current user has a partner_id
-        try:
-            proton_partner_id = get_proton_partner().id
-        except ProtonPartnerNotSetUp:
-            return None
-
-        # It has. Retrieve the information for the PartnerUser
-        return PartnerUser.get_by(user_id=user_id, partner_id=proton_partner_id)
--- a/app/events/generated/event_pb2.py
+++ b/app/events/generated/event_pb2.py
@ -1,50 +0,0 @@
-# -*- coding: utf-8 -*-
-# Generated by the protocol buffer compiler.  DO NOT EDIT!
-# NO CHECKED-IN PROTOBUF GENCODE
-# source: event.proto
-# Protobuf Python Version: 5.27.0
-"""Generated protocol buffer code."""
-from google.protobuf import descriptor as _descriptor
-from google.protobuf import descriptor_pool as _descriptor_pool
-from google.protobuf import runtime_version as _runtime_version
-from google.protobuf import symbol_database as _symbol_database
-from google.protobuf.internal import builder as _builder
-_runtime_version.ValidateProtobufRuntimeVersion(
-    _runtime_version.Domain.PUBLIC,
-    5,
-    27,
-    0,
-    '',
-    'event.proto'
-)
-# @@protoc_insertion_point(imports)
-
-_sym_db = _symbol_database.Default()
-
-
-
-
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x0b\x65vent.proto\x12\x12simplelogin_events\"(\n\x0fUserPlanChanged\x12\x15\n\rplan_end_time\x18\x01 \x01(\r\"\r\n\x0bUserDeleted\"Z\n\x0c\x41liasCreated\x12\x10\n\x08\x61lias_id\x18\x01 \x01(\r\x12\x13\n\x0b\x61lias_email\x18\x02 \x01(\t\x12\x12\n\nalias_note\x18\x03 \x01(\t\x12\x0f\n\x07\x65nabled\x18\x04 \x01(\x08\"L\n\x12\x41liasStatusChanged\x12\x10\n\x08\x61lias_id\x18\x01 \x01(\r\x12\x13\n\x0b\x61lias_email\x18\x02 \x01(\t\x12\x0f\n\x07\x65nabled\x18\x03 \x01(\x08\"5\n\x0c\x41liasDeleted\x12\x10\n\x08\x61lias_id\x18\x01 \x01(\r\x12\x13\n\x0b\x61lias_email\x18\x02 \x01(\t\"D\n\x10\x41liasCreatedList\x12\x30\n\x06\x65vents\x18\x01 \x03(\x0b\x32 .simplelogin_events.AliasCreated\"\x93\x03\n\x0c\x45ventContent\x12?\n\x10user_plan_change\x18\x01 \x01(\x0b\x32#.simplelogin_events.UserPlanChangedH\x00\x12\x37\n\x0cuser_deleted\x18\x02 \x01(\x0b\x32\x1f.simplelogin_events.UserDeletedH\x00\x12\x39\n\ralias_created\x18\x03 \x01(\x0b\x32 .simplelogin_events.AliasCreatedH\x00\x12\x45\n\x13\x61lias_status_change\x18\x04 \x01(\x0b\x32&.simplelogin_events.AliasStatusChangedH\x00\x12\x39\n\ralias_deleted\x18\x05 \x01(\x0b\x32 .simplelogin_events.AliasDeletedH\x00\x12\x41\n\x11\x61lias_create_list\x18\x06 \x01(\x0b\x32$.simplelogin_events.AliasCreatedListH\x00\x42\t\n\x07\x63ontent\"y\n\x05\x45vent\x12\x0f\n\x07user_id\x18\x01 \x01(\r\x12\x18\n\x10\x65xternal_user_id\x18\x02 \x01(\t\x12\x12\n\npartner_id\x18\x03 \x01(\r\x12\x31\n\x07\x63ontent\x18\x04 \x01(\x0b\x32 .simplelogin_events.EventContentb\x06proto3')
-
-_globals = globals()
-_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
-_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'event_pb2', _globals)
-if not _descriptor._USE_C_DESCRIPTORS:
-  DESCRIPTOR._loaded_options = None
-  _globals['_USERPLANCHANGED']._serialized_start=35
-  _globals['_USERPLANCHANGED']._serialized_end=75
-  _globals['_USERDELETED']._serialized_start=77
-  _globals['_USERDELETED']._serialized_end=90
-  _globals['_ALIASCREATED']._serialized_start=92
-  _globals['_ALIASCREATED']._serialized_end=182
-  _globals['_ALIASSTATUSCHANGED']._serialized_start=184
-  _globals['_ALIASSTATUSCHANGED']._serialized_end=260
-  _globals['_ALIASDELETED']._serialized_start=262
-  _globals['_ALIASDELETED']._serialized_end=315
-  _globals['_ALIASCREATEDLIST']._serialized_start=317
-  _globals['_ALIASCREATEDLIST']._serialized_end=385
-  _globals['_EVENTCONTENT']._serialized_start=388
-  _globals['_EVENTCONTENT']._serialized_end=791
-  _globals['_EVENT']._serialized_start=793
-  _globals['_EVENT']._serialized_end=914
-# @@protoc_insertion_point(module_scope)
--- a/app/events/generated/event_pb2.pyi
+++ b/app/events/generated/event_pb2.pyi
@ -1,80 +0,0 @@
-from google.protobuf.internal import containers as _containers
-from google.protobuf import descriptor as _descriptor
-from google.protobuf import message as _message
-from typing import ClassVar as _ClassVar, Iterable as _Iterable, Mapping as _Mapping, Optional as _Optional, Union as _Union
-
-DESCRIPTOR: _descriptor.FileDescriptor
-
-class UserPlanChanged(_message.Message):
-    __slots__ = ("plan_end_time",)
-    PLAN_END_TIME_FIELD_NUMBER: _ClassVar[int]
-    plan_end_time: int
-    def __init__(self, plan_end_time: _Optional[int] = ...) -> None: ...
-
-class UserDeleted(_message.Message):
-    __slots__ = ()
-    def __init__(self) -> None: ...
-
-class AliasCreated(_message.Message):
-    __slots__ = ("alias_id", "alias_email", "alias_note", "enabled")
-    ALIAS_ID_FIELD_NUMBER: _ClassVar[int]
-    ALIAS_EMAIL_FIELD_NUMBER: _ClassVar[int]
-    ALIAS_NOTE_FIELD_NUMBER: _ClassVar[int]
-    ENABLED_FIELD_NUMBER: _ClassVar[int]
-    alias_id: int
-    alias_email: str
-    alias_note: str
-    enabled: bool
-    def __init__(self, alias_id: _Optional[int] = ..., alias_email: _Optional[str] = ..., alias_note: _Optional[str] = ..., enabled: bool = ...) -> None: ...
-
-class AliasStatusChanged(_message.Message):
-    __slots__ = ("alias_id", "alias_email", "enabled")
-    ALIAS_ID_FIELD_NUMBER: _ClassVar[int]
-    ALIAS_EMAIL_FIELD_NUMBER: _ClassVar[int]
-    ENABLED_FIELD_NUMBER: _ClassVar[int]
-    alias_id: int
-    alias_email: str
-    enabled: bool
-    def __init__(self, alias_id: _Optional[int] = ..., alias_email: _Optional[str] = ..., enabled: bool = ...) -> None: ...
-
-class AliasDeleted(_message.Message):
-    __slots__ = ("alias_id", "alias_email")
-    ALIAS_ID_FIELD_NUMBER: _ClassVar[int]
-    ALIAS_EMAIL_FIELD_NUMBER: _ClassVar[int]
-    alias_id: int
-    alias_email: str
-    def __init__(self, alias_id: _Optional[int] = ..., alias_email: _Optional[str] = ...) -> None: ...
-
-class AliasCreatedList(_message.Message):
-    __slots__ = ("events",)
-    EVENTS_FIELD_NUMBER: _ClassVar[int]
-    events: _containers.RepeatedCompositeFieldContainer[AliasCreated]
-    def __init__(self, events: _Optional[_Iterable[_Union[AliasCreated, _Mapping]]] = ...) -> None: ...
-
-class EventContent(_message.Message):
-    __slots__ = ("user_plan_change", "user_deleted", "alias_created", "alias_status_change", "alias_deleted", "alias_create_list")
-    USER_PLAN_CHANGE_FIELD_NUMBER: _ClassVar[int]
-    USER_DELETED_FIELD_NUMBER: _ClassVar[int]
-    ALIAS_CREATED_FIELD_NUMBER: _ClassVar[int]
-    ALIAS_STATUS_CHANGE_FIELD_NUMBER: _ClassVar[int]
-    ALIAS_DELETED_FIELD_NUMBER: _ClassVar[int]
-    ALIAS_CREATE_LIST_FIELD_NUMBER: _ClassVar[int]
-    user_plan_change: UserPlanChanged
-    user_deleted: UserDeleted
-    alias_created: AliasCreated
-    alias_status_change: AliasStatusChanged
-    alias_deleted: AliasDeleted
-    alias_create_list: AliasCreatedList
-    def __init__(self, user_plan_change: _Optional[_Union[UserPlanChanged, _Mapping]] = ..., user_deleted: _Optional[_Union[UserDeleted, _Mapping]] = ..., alias_created: _Optional[_Union[AliasCreated, _Mapping]] = ..., alias_status_change: _Optional[_Union[AliasStatusChanged, _Mapping]] = ..., alias_deleted: _Optional[_Union[AliasDeleted, _Mapping]] = ..., alias_create_list: _Optional[_Union[AliasCreatedList, _Mapping]] = ...) -> None: ...
-
-class Event(_message.Message):
-    __slots__ = ("user_id", "external_user_id", "partner_id", "content")
-    USER_ID_FIELD_NUMBER: _ClassVar[int]
-    EXTERNAL_USER_ID_FIELD_NUMBER: _ClassVar[int]
-    PARTNER_ID_FIELD_NUMBER: _ClassVar[int]
-    CONTENT_FIELD_NUMBER: _ClassVar[int]
-    user_id: int
-    external_user_id: str
-    partner_id: int
-    content: EventContent
-    def __init__(self, user_id: _Optional[int] = ..., external_user_id: _Optional[str] = ..., partner_id: _Optional[int] = ..., content: _Optional[_Union[EventContent, _Mapping]] = ...) -> None: ...
--- a/app/extensions.py
+++ b/app/extensions.py
@ -1,31 +1,12 @@
 from flask_limiter import Limiter
 from flask_limiter.util import get_remote_address
-from flask_login import current_user, LoginManager
-
-from app import config
+from flask_login import LoginManager

 login_manager = LoginManager()
 login_manager.session_protection = "strong"

-
-# We want to rate limit based on:
-# - If the user is not logged in: request source IP
-# - If the user is logged in: user_id
-def __key_func():
-    if current_user.is_authenticated:
-        return f"userid:{current_user.id}"
-    else:
-        ip_addr = get_remote_address()
-        return f"ip:{ip_addr}"
-
-
 # Setup rate limit facility
-limiter = Limiter(key_func=__key_func)
-
-
-@limiter.request_filter
-def disable_rate_limit():
-    return config.DISABLE_RATE_LIMIT
+limiter = Limiter(key_func=get_remote_address)


 # @limiter.request_filter
--- a/app/handler/dmarc.py
+++ b/app/handler/dmarc.py
@ -5,7 +5,7 @@ from typing import Optional, Tuple
 from aiosmtpd.handlers import Message
 from aiosmtpd.smtp import Envelope

-from app import s3, config
+from app import s3
 from app.config import (
    DMARC_CHECK_ENABLED,
    ALERT_QUARANTINE_DMARC,
@ -30,43 +30,10 @@ def apply_dmarc_policy_for_forward_phase(
 ) -> Tuple[Message, Optional[str]]:
    spam_result = SpamdResult.extract_from_headers(msg, Phase.forward)
    if not DMARC_CHECK_ENABLED or not spam_result:
-        LOG.i("DMARC check disabled")
        return msg, None
-    LOG.i(f"Spam check result in {spam_result}")

    from_header = get_header_unicode(msg[headers.FROM])

-    warning_plain_text = """This email failed anti-phishing checks when it was received by SimpleLogin, be careful with its content.
-More info on https://simplelogin.io/docs/getting-started/anti-phishing/
-            """
-    warning_html = """
-        <p style="color:red">
-            This email failed anti-phishing checks when it was received by SimpleLogin, be careful with its content.
-            More info on <a href="https://simplelogin.io/docs/getting-started/anti-phishing/">anti-phishing measure</a>
-        </p>
-        """
-
-    # do not quarantine an email if fails DMARC but has a small rspamd score
-    if (
-        config.MIN_RSPAMD_SCORE_FOR_FAILED_DMARC is not None
-        and spam_result.rspamd_score < config.MIN_RSPAMD_SCORE_FOR_FAILED_DMARC
-        and spam_result.dmarc
-        in (
-            DmarcCheckResult.quarantine,
-            DmarcCheckResult.reject,
-        )
-    ):
-        LOG.w(
-            f"email fails DMARC but has a small rspamd score, from contact {contact.email} to alias {alias.email}."
-            f"mail_from:{envelope.mail_from}, from_header: {from_header}"
-        )
-        changed_msg = add_header(
-            msg,
-            warning_plain_text,
-            warning_html,
-        )
-        return changed_msg, None
-
    if spam_result.dmarc == DmarcCheckResult.soft_fail:
        LOG.w(
            f"dmarc forward: soft_fail from contact {contact.email} to alias {alias.email}."
@ -74,8 +41,15 @@ More info on https://simplelogin.io/docs/getting-started/anti-phishing/
        )
        changed_msg = add_header(
            msg,
-            warning_plain_text,
-            warning_html,
+            f"""This email failed anti-phishing checks when it was received by SimpleLogin, be careful with its content.
+More info on https://simplelogin.io/docs/getting-started/anti-phishing/
+            """,
+            f"""
+        <p style="color:red">
+            This email failed anti-phishing checks when it was received by SimpleLogin, be careful with its content.
+            More info on <a href="https://simplelogin.io/docs/getting-started/anti-phishing/">anti-phishing measure</a>
+        </p>
+        """,
        )
        return changed_msg, None

@ -133,7 +107,7 @@ def quarantine_dmarc_failed_forward_email(alias, contact, envelope, msg) -> Emai
    refused_email = RefusedEmail.create(
        full_report_path=s3_report_path, user_id=alias.user_id, flush=True
    )
-    email_log = EmailLog.create(
+    return EmailLog.create(
        user_id=alias.user_id,
        mailbox_id=alias.mailbox_id,
        contact_id=contact.id,
@ -144,7 +118,6 @@ def quarantine_dmarc_failed_forward_email(alias, contact, envelope, msg) -> Emai
        blocked=True,
        commit=True,
    )
-    return email_log


 def apply_dmarc_policy_for_reply_phase(
@ -152,17 +125,14 @@ def apply_dmarc_policy_for_reply_phase(
 ) -> Optional[str]:
    spam_result = SpamdResult.extract_from_headers(msg, Phase.reply)
    if not DMARC_CHECK_ENABLED or not spam_result:
-        LOG.i("DMARC check disabled")
        return None

-    LOG.i(f"Spam check result is {spam_result}")
    if spam_result.dmarc not in (
        DmarcCheckResult.quarantine,
        DmarcCheckResult.reject,
        DmarcCheckResult.soft_fail,
    ):
        return None
-
    LOG.w(
        f"dmarc reply: Put email from {alias_from.email} to {contact_recipient} into quarantine. {spam_result.event_data()}, "
        f"mail_from:{envelope.mail_from}, from_header: {msg[headers.FROM]}"
--- a/app/handler/provider_complaint.py
+++ b/app/handler/provider_complaint.py
@ -3,7 +3,7 @@ from abc import ABC, abstractmethod
 from dataclasses import dataclass
 from io import BytesIO
 from mailbox import Message
-from typing import Optional, Union
+from typing import Optional

 from app import s3
 from app.config import (
@ -189,7 +189,7 @@ def handle_yahoo_complaint(message: Message) -> bool:
    return handle_complaint(message, ProviderComplaintYahoo())


-def find_alias_with_address(address: str) -> Optional[Union[Alias, DomainDeletedAlias]]:
+def find_alias_with_address(address: str) -> Optional[Alias]:
    return Alias.get_by(email=address) or DomainDeletedAlias.get_by(email=address)


@ -221,7 +221,7 @@ def handle_complaint(message: Message, origin: ProviderComplaintOrigin) -> bool:
        return True

    if is_deleted_alias(msg_info.sender_address):
-        LOG.i("Complaint is for deleted alias. Do nothing")
+        LOG.i(f"Complaint is for deleted alias. Do nothing")
        return True

    contact = Contact.get_by(reply_email=msg_info.sender_address)
@ -231,7 +231,7 @@ def handle_complaint(message: Message, origin: ProviderComplaintOrigin) -> bool:
        alias = find_alias_with_address(msg_info.rcpt_address)

    if is_deleted_alias(msg_info.rcpt_address):
-        LOG.i("Complaint is for deleted alias. Do nothing")
+        LOG.i(f"Complaint is for deleted alias. Do nothing")
        return True

    if not alias:
@ -245,22 +245,16 @@ def handle_complaint(message: Message, origin: ProviderComplaintOrigin) -> bool:


 def report_complaint_to_user_in_reply_phase(
-    alias: Union[Alias, DomainDeletedAlias],
+    alias: Alias,
    to_address: str,
    origin: ProviderComplaintOrigin,
    msg_info: OriginalMessageInformation,
 ):
    capitalized_name = origin.name().capitalize()
-    mailbox_email = msg_info.mailbox_address
-    if not mailbox_email:
-        if type(alias) is Alias:
-            mailbox_email = alias.mailbox.email
-        else:
-            mailbox_email = alias.domain.mailboxes[0].email
    send_email_with_rate_control(
        alias.user,
        f"{ALERT_COMPLAINT_REPLY_PHASE}_{origin.name()}",
-        mailbox_email,
+        msg_info.mailbox_address or alias.mailbox.email,
        f"Abuse report from {capitalized_name}",
        render(
            "transactional/provider-complaint-reply-phase.txt.jinja2",
@ -299,19 +293,11 @@ def report_complaint_to_user_in_transactional_phase(


 def report_complaint_to_user_in_forward_phase(
-    alias: Union[Alias, DomainDeletedAlias],
-    origin: ProviderComplaintOrigin,
-    msg_info: OriginalMessageInformation,
+    alias: Alias, origin: ProviderComplaintOrigin, msg_info: OriginalMessageInformation
 ):
    capitalized_name = origin.name().capitalize()
    user = alias.user
-
-    mailbox_email = msg_info.mailbox_address
-    if not mailbox_email:
-        if type(alias) is Alias:
-            mailbox_email = alias.mailbox.email
-        else:
-            mailbox_email = alias.domain.mailboxes[0].email
+    mailbox_email = msg_info.mailbox_address or alias.mailbox.email
    send_email_with_rate_control(
        user,
        f"{ALERT_COMPLAINT_FORWARD_PHASE}_{origin.name()}",
--- a/app/handler/spamd_result.py
+++ b/app/handler/spamd_result.py
@ -4,7 +4,6 @@ from typing import Dict, Optional
 import newrelic.agent

 from app.email import headers
-from app.log import LOG
 from app.models import EnumE, Phase
 from email.message import Message

@ -56,7 +55,6 @@ class SpamdResult:
        self.phase: Phase = phase
        self.dmarc: DmarcCheckResult = DmarcCheckResult.not_available
        self.spf: SPFCheckResult = SPFCheckResult.not_available
-        self.rspamd_score = -1

    def set_dmarc_result(self, dmarc_result: DmarcCheckResult):
        self.dmarc = dmarc_result
@ -87,7 +85,6 @@ class SpamdResult:
        spam_entries = [
            entry.strip() for entry in str(spam_result_header[-1]).split("\n")
        ]
-
        for entry_pos in range(len(spam_entries)):
            sep = spam_entries[entry_pos].find("(")
            if sep > -1:
@ -104,17 +101,6 @@ class SpamdResult:
                spamd_result.set_spf_result(spf_result)
                break

-        # parse the rspamd score
-        try:
-            score_line = spam_entries[0]  # e.g. "default: False [2.30 / 13.00];"
-            spamd_result.rspamd_score = float(
-                score_line[(score_line.find("[") + 1) : score_line.find("]")]
-                .split("/")[0]
-                .strip()
-            )
-        except (IndexError, ValueError):
-            LOG.e("cannot parse rspamd score")
-
        cls._store_in_message(spamd_result, msg)
        return spamd_result

--- a/app/handler/unsubscribe_encoder.py
+++ b/app/handler/unsubscribe_encoder.py
@ -42,11 +42,9 @@ class UnsubscribeLink:
 class UnsubscribeEncoder:
    @staticmethod
    def encode(
-        action: UnsubscribeAction,
-        data: Union[int, UnsubscribeOriginalData],
-        force_web: bool = False,
+        action: UnsubscribeAction, data: Union[int, UnsubscribeOriginalData]
    ) -> UnsubscribeLink:
-        if config.UNSUBSCRIBER and not force_web:
+        if config.UNSUBSCRIBER:
            return UnsubscribeLink(UnsubscribeEncoder.encode_mailto(action, data), True)
        return UnsubscribeLink(UnsubscribeEncoder.encode_url(action, data), False)

@ -54,8 +52,9 @@ class UnsubscribeEncoder:
    def encode_subject(
        cls, action: UnsubscribeAction, data: Union[int, UnsubscribeOriginalData]
    ) -> str:
-        if action != UnsubscribeAction.OriginalUnsubscribeMailto and not isinstance(
-            data, int
+        if (
+            action != UnsubscribeAction.OriginalUnsubscribeMailto
+            and type(data) is not int
        ):
            raise ValueError(f"Data has to be an int for an action of type {action}")
        if action == UnsubscribeAction.OriginalUnsubscribeMailto:
@ -73,8 +72,8 @@ class UnsubscribeEncoder:
        )
        signed_data = cls._get_signer().sign(serialized_data).decode("utf-8")
        encoded_request = f"{UNSUB_PREFIX}.{signed_data}"
-        if len(encoded_request) > 512:
-            LOG.w("Encoded request is longer than 512 chars")
+        if len(encoded_request) > 256:
+            LOG.e("Encoded request is longer than 256 chars")
        return encoded_request

    @staticmethod
--- a/app/handler/unsubscribe_generator.py
+++ b/app/handler/unsubscribe_generator.py
@ -1,9 +1,7 @@
 import urllib
-from email.header import Header
 from email.message import Message

 from app.email import headers
-from app import config
 from app.email_utils import add_or_replace_header, delete_header
 from app.handler.unsubscribe_encoder import (
    UnsubscribeEncoder,
@ -11,7 +9,6 @@ from app.handler.unsubscribe_encoder import (
    UnsubscribeData,
    UnsubscribeOriginalData,
 )
-from app.log import LOG
 from app.models import Alias, Contact, UnsubscribeBehaviourEnum


@ -33,10 +30,7 @@ class UnsubscribeGenerator:
        """
        unsubscribe_data = message[headers.LIST_UNSUBSCRIBE]
        if not unsubscribe_data:
-            LOG.info("Email has no unsubscribe header")
            return message
-        if isinstance(unsubscribe_data, Header):
-            unsubscribe_data = str(unsubscribe_data.encode())
        raw_methods = [method.strip() for method in unsubscribe_data.split(",")]
        mailto_unsubs = None
        other_unsubs = []
@ -48,16 +42,9 @@ class UnsubscribeGenerator:
            method = raw_method[start + 1 : end]
            url_data = urllib.parse.urlparse(method)
            if url_data.scheme == "mailto":
-                if url_data.path == config.UNSUBSCRIBER:
-                    LOG.debug(
-                        f"Skipping replacing unsubscribe since the original email already points to {config.UNSUBSCRIBER}"
-                    )
-                    return message
                query_data = urllib.parse.parse_qs(url_data.query)
                mailto_unsubs = (url_data.path, query_data.get("subject", [""])[0])
-                LOG.debug(f"Unsub is mailto to {mailto_unsubs}")
            else:
-                LOG.debug(f"Unsub has {url_data.scheme} scheme")
                other_unsubs.append(method)
        # If there are non mailto unsubscribe methods, use those in the header
        if other_unsubs:
@ -69,19 +56,18 @@ class UnsubscribeGenerator:
            add_or_replace_header(
                message, headers.LIST_UNSUBSCRIBE_POST, "List-Unsubscribe=One-Click"
            )
-            LOG.debug(f"Adding click unsub methods to header {other_unsubs}")
            return message
-        elif not mailto_unsubs:
-            LOG.debug("No unsubs. Deleting all unsub headers")
-            delete_header(message, headers.LIST_UNSUBSCRIBE)
-            delete_header(message, headers.LIST_UNSUBSCRIBE_POST)
+        if not mailto_unsubs:
+            message = delete_header(message, headers.LIST_UNSUBSCRIBE)
+            message = delete_header(message, headers.LIST_UNSUBSCRIBE_POST)
            return message
-        unsub_data = UnsubscribeData(
-            UnsubscribeAction.OriginalUnsubscribeMailto,
-            UnsubscribeOriginalData(alias.id, mailto_unsubs[0], mailto_unsubs[1]),
+        return self._add_unsubscribe_header(
+            message,
+            UnsubscribeData(
+                UnsubscribeAction.OriginalUnsubscribeMailto,
+                UnsubscribeOriginalData(alias.id, mailto_unsubs[0], mailto_unsubs[1]),
+            ),
        )
-        LOG.debug(f"Adding unsub data {unsub_data}")
-        return self._add_unsubscribe_header(message, unsub_data)

    def _add_unsubscribe_header(
        self, message: Message, unsub: UnsubscribeData
--- a/app/handler/unsubscribe_handler.py
+++ b/app/handler/unsubscribe_handler.py
@ -5,7 +5,6 @@ from typing import Optional
 from aiosmtpd.smtp import Envelope

 from app import config
-from app import alias_utils
 from app.db import Session
 from app.email import headers, status
 from app.email_utils import (
@ -50,7 +49,7 @@ class UnsubscribeHandler:
            return status.E507
        mailbox = Mailbox.get_by(email=envelope.mail_from)
        if not mailbox:
-            LOG.w("Unknown mailbox %s", envelope.mail_from)
+            LOG.w("Unknown mailbox %s", msg[headers.SUBJECT])
            return status.E507

        if unsub_data.action == UnsubscribeAction.DisableAlias:
@ -102,8 +101,7 @@ class UnsubscribeHandler:
            mailbox.email, alias
        ):
            return status.E509
-        LOG.i(f"User disabled alias {alias} via unsubscribe header")
-        alias_utils.change_alias_status(alias, enabled=False)
+        alias.enabled = False
        Session.commit()
        enable_alias_url = config.URL + f"/dashboard/?highlight_alias_id={alias.id}"
        for mailbox in alias.mailboxes:
--- a/app/image_validation.py
+++ b/app/image_validation.py
@ -5,6 +5,7 @@ class ImageFormat(Enum):
    Png = 1
    Jpg = 2
    Webp = 3
+    Svg = 4
    Unknown = 9


@ -12,6 +13,7 @@ magic_numbers = {
    ImageFormat.Png: bytes([0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A]),
    ImageFormat.Jpg: bytes([0xFF, 0xD8, 0xFF, 0xE0]),
    ImageFormat.Webp: bytes([0x52, 0x49, 0x46, 0x46]),
+    ImageFormat.Svg: bytes([0x3C, 0x3F, 0x78, 0x6D, 0x6C]),  # <?xml
 }


@ -20,6 +22,7 @@ def detect_image_format(image: bytes) -> ImageFormat:
    for fmt, header in magic_numbers.items():
        if image.startswith(header):
            return fmt
+    # Detect if is svg

    # We don't know the type
    return ImageFormat.Unknown
--- a/app/import_utils.py
+++ b/app/import_utils.py
@ -15,7 +15,7 @@ from app.models import (
    Mailbox,
    User,
 )
-from app.utils import sanitize_email, canonicalize_email
+from app.utils import sanitize_email
 from .log import LOG


@ -30,10 +30,7 @@ def handle_batch_import(batch_import: BatchImport):

    LOG.d("Download file %s from %s", batch_import.file, file_url)
    r = requests.get(file_url)
-    # Replace invisible character
-    lines = [
-        line.decode("utf-8").replace("\ufeff", "").strip() for line in r.iter_lines()
-    ]
+    lines = [line.decode() for line in r.iter_lines()]

    import_from_csv(batch_import, user, lines)

@ -72,7 +69,7 @@ def import_from_csv(batch_import: BatchImport, user: User, lines):

        if "mailboxes" in row:
            for mailbox_email in row["mailboxes"].split():
-                mailbox_email = canonicalize_email(mailbox_email)
+                mailbox_email = sanitize_email(mailbox_email)
                mailbox = Mailbox.get_by(email=mailbox_email)

                if not mailbox or not mailbox.verified or mailbox.user_id != user.id:
--- a/app/internal/init.py
+++ b/app/internal/init.py
@ -1,4 +1,2 @@
 from .integrations import set_enable_proton_cookie
 from .exit_sudo import exit_sudo_mode
-
-__all__ = ["set_enable_proton_cookie", "exit_sudo_mode"]
--- a/app/internal/integrations.py
+++ b/app/internal/integrations.py
@ -1,7 +1,8 @@
+import arrow
 from flask import make_response, redirect, url_for, flash
 from flask_login import current_user
-
 from .base import internal_bp
+from app import config


@internal_bp.route("/integrations/proton")
@ -12,6 +13,14 @@ def set_enable_proton_cookie():
        redirect_url = url_for("auth.login")

    response = make_response(redirect(redirect_url))
-
-    flash("You can now connect your Proton and your SimpleLogin account", "success")
+    if config.PROTON_ALLOW_INTERNAL_LINK:
+        flash("You can now connect your Proton and your SimpleLogin account", "success")
+        response.set_cookie(
+            config.CONNECT_WITH_PROTON_COOKIE_NAME,
+            value="true",
+            expires=arrow.now().shift(days=30).datetime,
+            secure=True if config.URL.startswith("https") else False,
+            httponly=True,
+            samesite="Lax",
+        )
    return response
--- a/app/jobs/event_jobs.py
+++ b/app/jobs/event_jobs.py
@ -1,40 +0,0 @@
-from app.events.event_dispatcher import EventDispatcher, Dispatcher
-from app.events.generated.event_pb2 import EventContent, AliasCreated, AliasCreatedList
-from app.log import LOG
-from app.models import User, Alias
-
-
-def send_alias_creation_events_for_user(
-    user: User, dispatcher: Dispatcher, chunk_size=50
-):
-    if user.disabled:
-        LOG.i("User {user} is disabled. Skipping sending events for that user")
-        return
-    chunk_size = min(chunk_size, 50)
-    event_list = []
-    for alias in (
-        Alias.yield_per_query(chunk_size)
-        .filter_by(user_id=user.id)
-        .order_by(Alias.id.asc())
-    ):
-        event_list.append(
-            AliasCreated(
-                alias_id=alias.id,
-                alias_email=alias.email,
-                alias_note=alias.note,
-                enabled=alias.enabled,
-            )
-        )
-        if len(event_list) >= chunk_size:
-            EventDispatcher.send_event(
-                user,
-                EventContent(alias_create_list=AliasCreatedList(events=event_list)),
-                dispatcher=dispatcher,
-            )
-            event_list = []
-    if len(event_list) > 0:
-        EventDispatcher.send_event(
-            user,
-            EventContent(alias_create_list=AliasCreatedList(events=event_list)),
-            dispatcher=dispatcher,
-        )
--- a/app/jobs/export_user_data_job.py
+++ b/app/jobs/export_user_data_job.py
@ -14,12 +14,7 @@ import sqlalchemy
 from app import config
 from app.db import Session
 from app.email import headers
-from app.email_utils import (
-    generate_verp_email,
-    render,
-    add_dkim_signature,
-    get_email_domain_part,
-)
+from app.email_utils import generate_verp_email, render, add_dkim_signature
 from app.mail_sender import sl_sendmail
 from app.models import (
    Alias,
@ -39,8 +34,9 @@ from app.models import (


 class ExportUserDataJob:
+
    REMOVE_FIELDS = {
-        "User": ("otp_secret", "password"),
+        "User": ("otp_secret",),
        "Alias": ("ts_vector", "transfer_token", "hibp_last_check"),
        "CustomDomain": ("ownership_txt_token",),
    }
@ -151,11 +147,7 @@ class ExportUserDataJob:

        transaction = TransactionalEmail.create(email=to_email, commit=True)
        sl_sendmail(
-            generate_verp_email(
-                VerpType.transactional,
-                transaction.id,
-                get_email_domain_part(config.NOREPLY),
-            ),
+            generate_verp_email(VerpType.transactional, transaction.id),
            to_email,
            msg,
            ignore_smtp_error=False,
--- a/app/mail_sender.py
+++ b/app/mail_sender.py
@ -6,8 +6,8 @@ import os
 import time
 import uuid
 from concurrent.futures import ThreadPoolExecutor
-from email.message import Message
 from functools import wraps
+from mailbox import Message
 from smtplib import SMTP, SMTPException
 from typing import Optional, Dict, List, Callable

@ -17,13 +17,11 @@ from attr import dataclass
 from app import config
 from app.email import headers
 from app.log import LOG
-from app.message_utils import message_to_bytes, message_format_base64_parts
+from app.message_utils import message_to_bytes


@dataclass
 class SendRequest:
-    SAVE_EXTENSION = "sendrequest"
-
    envelope_from: str
    envelope_to: str
    msg: Message
@ -31,7 +29,6 @@ class SendRequest:
    rcpt_options: Dict = {}
    is_forward: bool = False
    ignore_smtp_errors: bool = False
-    retries: int = 0

    def to_bytes(self) -> bytes:
        if not config.SAVE_UNSENT_DIR:
@ -45,7 +42,6 @@ class SendRequest:
            "mail_options": self.mail_options,
            "rcpt_options": self.rcpt_options,
            "is_forward": self.is_forward,
-            "retries": self.retries,
        }
        return json.dumps(data).encode("utf-8")

@ -66,33 +62,8 @@ class SendRequest:
            mail_options=decoded_data["mail_options"],
            rcpt_options=decoded_data["rcpt_options"],
            is_forward=decoded_data["is_forward"],
-            retries=decoded_data.get("retries", 1),
        )

-    def save_request_to_unsent_dir(self, prefix: str = "DeliveryFail"):
-        file_name = (
-            f"{prefix}-{int(time.time())}-{uuid.uuid4()}.{SendRequest.SAVE_EXTENSION}"
-        )
-        file_path = os.path.join(config.SAVE_UNSENT_DIR, file_name)
-        self.save_request_to_file(file_path)
-
-    @staticmethod
-    def save_request_to_failed_dir(self, prefix: str = "DeliveryRetryFail"):
-        file_name = (
-            f"{prefix}-{int(time.time())}-{uuid.uuid4()}.{SendRequest.SAVE_EXTENSION}"
-        )
-        dir_name = os.path.join(config.SAVE_UNSENT_DIR, "failed")
-        if not os.path.isdir(dir_name):
-            os.makedirs(dir_name)
-        file_path = os.path.join(dir_name, file_name)
-        self.save_request_to_file(file_path)
-
-    def save_request_to_file(self, file_path: str):
-        file_contents = self.to_bytes()
-        with open(file_path, "wb") as fd:
-            fd.write(file_contents)
-        LOG.i(f"Saved unsent message {file_path}")
-

 class MailSender:
    def __init__(self):
@ -124,7 +95,7 @@ class MailSender:
    def enable_background_pool(self, max_workers=10):
        self._pool = ThreadPoolExecutor(max_workers=max_workers)

-    def send(self, send_request: SendRequest, retries: int = 2) -> bool:
+    def send(self, send_request: SendRequest, retries: int = 2):
        """replace smtp.sendmail"""
        if self._store_emails:
            self._emails_sent.append(send_request)
@ -135,21 +106,21 @@ class MailSender:
                send_request.msg[headers.FROM],
                send_request.msg[headers.TO],
            )
-            return True
+            return
        if not self._pool:
-            return self._send_to_smtp(send_request, retries)
+            self._send_to_smtp(send_request, retries)
        else:
            self._pool.submit(self._send_to_smtp, (send_request, retries))
-            return True

-    def _send_to_smtp(self, send_request: SendRequest, retries: int) -> bool:
+    def _send_to_smtp(self, send_request: SendRequest, retries: int):
        try:
            start = time.time()
-            with SMTP(
-                config.POSTFIX_SERVER,
-                config.POSTFIX_PORT,
-                timeout=config.POSTFIX_TIMEOUT,
-            ) as smtp:
+            if config.POSTFIX_SUBMISSION_TLS:
+                smtp_port = 587
+            else:
+                smtp_port = config.POSTFIX_PORT
+
+            with SMTP(config.POSTFIX_SERVER, smtp_port) as smtp:
                if config.POSTFIX_SUBMISSION_TLS:
                    smtp.starttls()

@ -180,94 +151,35 @@ class MailSender:
                newrelic.agent.record_custom_metric(
                    "Custom/smtp_sending_time", time.time() - start
                )
-                return True
        except (
            SMTPException,
            ConnectionRefusedError,
            TimeoutError,
        ) as e:
            if retries > 0:
-                time.sleep(0.3 * retries)
-                return self._send_to_smtp(send_request, retries - 1)
+                time.sleep(0.3 * send_request.retries)
+                self._send_to_smtp(send_request, retries - 1)
            else:
                if send_request.ignore_smtp_errors:
                    LOG.e(f"Ignore smtp error {e}")
-                    return False
+                    return
                LOG.e(
-                    f"Could not send message to smtp server {config.POSTFIX_SERVER}:{config.POSTFIX_PORT}"
+                    f"Could not send message to smtp server {config.POSTFIX_SERVER}:{smtp_port}"
                )
-                if config.SAVE_UNSENT_DIR:
-                    send_request.save_request_to_unsent_dir()
-                return False
+                self._save_request_to_unsent_dir(send_request)
+
+    def _save_request_to_unsent_dir(self, send_request: SendRequest):
+        file_name = f"DeliveryFail-{int(time.time())}-{uuid.uuid4()}.eml"
+        file_path = os.path.join(config.SAVE_UNSENT_DIR, file_name)
+        file_contents = send_request.to_bytes()
+        with open(file_path, "wb") as fd:
+            fd.write(file_contents)
+        LOG.i(f"Saved unsent message {file_path}")


 mail_sender = MailSender()


-def save_request_to_failed_dir(exception_name: str, send_request: SendRequest):
-    file_name = f"{exception_name}-{int(time.time())}-{uuid.uuid4()}.{SendRequest.SAVE_EXTENSION}"
-    failed_file_dir = os.path.join(config.SAVE_UNSENT_DIR, "failed")
-    try:
-        os.makedirs(failed_file_dir)
-    except FileExistsError:
-        pass
-    file_path = os.path.join(failed_file_dir, file_name)
-    file_contents = send_request.to_bytes()
-    with open(file_path, "wb") as fd:
-        fd.write(file_contents)
-    return file_path
-
-
-def load_unsent_mails_from_fs_and_resend():
-    if not config.SAVE_UNSENT_DIR:
-        return
-    for filename in os.listdir(config.SAVE_UNSENT_DIR):
-        (_, extension) = os.path.splitext(filename)
-        if extension[1:] != SendRequest.SAVE_EXTENSION:
-            LOG.i(f"Skipping {filename} does not have the proper extension")
-            continue
-        full_file_path = os.path.join(config.SAVE_UNSENT_DIR, filename)
-        if not os.path.isfile(full_file_path):
-            LOG.i(f"Skipping {filename} as it's not a file")
-            continue
-        LOG.i(f"Trying to re-deliver email {filename}")
-        try:
-            send_request = SendRequest.load_from_file(full_file_path)
-            send_request.retries += 1
-        except Exception as e:
-            LOG.e(f"Cannot load {filename}. Error {e}")
-            continue
-        try:
-            send_request.ignore_smtp_errors = True
-            if mail_sender.send(send_request, 2):
-                os.unlink(full_file_path)
-                newrelic.agent.record_custom_event(
-                    "DeliverUnsentEmail", {"delivered": "true"}
-                )
-            else:
-                if send_request.retries > 2:
-                    os.unlink(full_file_path)
-                    send_request.save_request_to_failed_dir()
-                else:
-                    send_request.save_request_to_file(full_file_path)
-                newrelic.agent.record_custom_event(
-                    "DeliverUnsentEmail", {"delivered": "false"}
-                )
-        except Exception as e:
-            # Unlink original file to avoid re-doing the same
-            os.unlink(full_file_path)
-            LOG.e(
-                "email sending failed with error:%s "
-                "envelope %s -> %s, mail %s -> %s saved to %s",
-                e,
-                send_request.envelope_from,
-                send_request.envelope_to,
-                send_request.msg[headers.FROM],
-                send_request.msg[headers.TO],
-                save_request_to_failed_dir(e.__class__.__name__, send_request),
-            )
-
-
 def sl_sendmail(
    envelope_from: str,
    envelope_to: str,
@ -281,7 +193,7 @@ def sl_sendmail(
    send_request = SendRequest(
        envelope_from,
        envelope_to,
-        message_format_base64_parts(msg),
+        msg,
        mail_options,
        rcpt_options,
        is_forward,
--- a/Show More
+++ b/Show More