REFERENCE

How it works

Cutout sits between the outside world and your real inbox, acting as an invisible relay.

Inbound flow

An email arrives at any address on a domain pointed at Cutout (e.g. newsletter@yourdomain.com).
Cloudflare Email Routing's catch-all rule triggers the worker.
The worker matches the recipient against your rules, top to bottom; the first match wins.
On a Forward match, Cutout mints one reply+<uuid>@yourdomain.com reverse alias and saves the mapping in D1. The same alias is shared across every destination on the rule, so any reply lands back on the original sender.
The worker fans the message out to each destination.

Forwarding modes

Each rule with email destinations picks one of two modes. Both inject an X-Original-From header carrying the real sender's address, for archival.

Native (default)

Uses EmailMessage.forward(). Original bytes pass through untouched (PGP, attachments, formatting). Reply-To is overlaid but may be ignored by clients if the message already has one.

Proxy via rewrite

Uses Email Service structured send. Reconstructs the message so Reply-To always works, but strips PGP / signed MIME and attachments.

Telegram destinations use sendMessage; Discord destinations use createMessage with a Reply button. Bot reply context is keyed by tg:<chat_id>:<message_id> or dc:<channel_id>:<message_id> in D1.

Replies

You reply from your real mailbox, or by replying to a bot message. Either way, the worker resolves the original sender from D1 and re-sends via Email Service's send_email, with the alias as From and the original sender as To.

Email replies are addressed to reply+<uuid>@yourdomain.com; Email Routing fires the worker again.
Bot replies arrive as a Telegram webhook or Discord interaction event, both carrying the message ID used to look up the alias.

Components

Cloudflare Email Routing: inbound catch-all to worker, Native-mode forward(), and destination-address verification.
Cloudflare Email Service: outbound replies, Proxy-mode forwarding, and fan-out beyond the first destination.
Cloudflare D1: durable storage for reverse-alias mappings and bot reply contexts. Entries don't expire, so old threads stay replyable.
Cloudflare KV: routing rule list, managed via /manage.
Cloudflare Access: guards /manage. /health, /telegram/webhook, and /discord/interactions are public; the bot endpoints authenticate via secret token and Ed25519 signature.
botrelay-rs: shared Rust crate for the Telegram and Discord bot clients, used across sibling projects.

Any number of Cloudflare zones can point at the same worker; domain globs in your rules separate them, and reverse-aliases are derived from the domain the mail arrived on.