Email pipeline

Tickets via email. End to end.

Email is still where most issues start. Resolvd treats it as a first-class transport: inbound auto-create, helpdesk routing, banner stripping, vendor replies that thread cleanly. No copy-paste, no broken loops.

To: inbound@yourdomain.com
Cc: jane@vendor.com
Subject: #WEB Login button crashes on submit

Steps to reproduce:
1. Click submit
2. ...

From inbox to ticket.

Five steps the auto-create flow runs on every inbound message.

  1. 01

    Send to the inbox

    Authorized internal users (Admin / Manager / Submitter) email the connected mailbox. Subject prefix routes the project — #WEB Login button crashes lands in the project with prefix WEB.

  2. 02

    Sender + project checked

    Sender must be an active internal user. CC addresses matching active vendor contacts auto-attach. Anything that fails project / sender checks falls into the manual-match queue with a reject reason.

  3. 03

    Body cleaned

    Signatures (RFC 3676 -- , mobile sigs, Outlook quoted-headers) stripped. The reply-above-this-line marker cuts quoted history. Attachments persist with the same encrypted-at-rest treatment as direct uploads.

  4. 04

    Dedup before create

    Same project + same submitter + identical title within 7 days → body appended to the existing ticket as a comment. Similar title within 24h → bails to the queue with possible_dup:WEB-0042 so an admin decides.

  5. 05

    Confirmation back

    Ticket reference goes to the originator only — CCs are never re-mailed by auto-create to avoid loop noise.

Helpdesk pattern

One mailbox, one queue.

Scope a connected mailbox to a single project. Inbound mail with no #PREFIX auto-creates tickets there. Mailbox = dedicated queue, no subject discipline required from senders.

  • Many-to-many scope: same mailbox can serve send for multiple projects, recv for one.
  • Manager-created single-scope assignments fire an Admin approval notification before auto-routing activates.
  • Outbound resolution prefers a scoped send_enabled account over the global active mailbox.
# Admin → Email backends → support@acme.com
Project scope:
   helpdesk (send + recv)

Inbound without #PREFIX
  → auto-creates in helpdesk

Status: approved by admin
Mail-security gateways

Strip the banner. Keep the reply.

Gateways inject EXTERNAL SENDER / VIP / first-time-sender banners above the user's reply. Cutting at the banner discards real content. Per-account regex patterns remove banners inline before the body lands in the queue.

Try the gateway first. If your inbox is a licensed resource mailbox, most gateways let you suppress recipient banners per-mailbox while keeping malware / phishing scans active — cleaner than regex.

Inky

VIP / external-sender banners with ZWNJ runs

Preset
Mimecast

Impersonation Protect banners

Preset
Proofpoint

External / first-time-sender warnings

Preset
Avanan

Suspicious / external banners

Preset

Patterns are validated as RegExp on save and applied case-insensitive multi-line. Add your own under Admin → Email backends → {account} → Inbound banner stripping.

Vendor outbound

Reply-above-this-line. Sender via SiteName.

Every vendor outbound prepends a visible --- Type your reply above this line — ticket {ref} --- divider. The inbound parser cuts at the marker so quoted history, mail-client headers, and signatures drop automatically. The comment ends up as exactly what the vendor typed.

# From identity (no spoofing)
From: "John Doe via Resolvd"
    <resolvd@resolvd.dev>
Reply-To: resolvd@resolvd.dev
Auto-Submitted: auto-generated
X-Resolvd-No-Reply: 1
No Exchange Send-As permission required
Anti-spoof gateways recognise `via` as legitimate
Display name = acting human; envelope = mailbox

Send As — pick a real human

When an Admin or Manager sends a vendor-visible comment or clicks Notify Vendor, a Send As prompt picks the sender identity:

  • Send as me — outbound uses the acting Admin's name / email.
  • Send as submitter — outbound uses the ticket's submitter as the sender.
  • Send / Submit as (no submitter) — pick any project member; one-off, or backfill the ticket's submitter.

Goal: drop the rate of vendor mail leaking out under the system's MAIL_FROM fallback.

Provider adapters

Connect once. Both directions.

OAuth-connected mailboxes drive both outbound (vendor mail, follower notifications, assignment emails) and inbound (auto-create + the manual-match queue). Refresh tokens auto-renew before expiry.

Microsoft 365

Graph API

OAuth flow via the same Entra App Registration that powers SSO. Inbox monitoring uses /subscriptions validated with clientState, renewed every ~70h. Refresh tokens encrypted under the workspace key.

Gmail

Gmail API

OAuth flow with Workspace + consumer support. Inbox monitoring uses users.watch against a configured Pub/Sub topic, resumes on historyId, renewed every 7 days.

SMTP

Legacy fallback

For self-hosters where OAuth isn't an option. Use Gmail / Workspace App Passwords (smtp.gmail.com:587, STARTTLS). Microsoft and Google are deprecating SMTP basic auth — prefer OAuth where you can.

Wire it up.

Connect a mailbox under Admin → Email backends. Inbound and outbound work the same whether you're self-hosting or on the hosted plan.

Install guide Vendor coordination →