4.46.0

4.45.1
4.45.0
2024-07-09 12:00:06 +01:00 · 2024-06-26 12:00:08 +01:00 · 2024-06-11 12:00:06 +01:00 · 2024-05-24 12:00:06 +01:00 · 2024-05-23 12:00:07 +01:00
57 changed files with 2545 additions and 701 deletions
--- a/app/app/admin_model.py
+++ b/app/app/admin_model.py
@ -46,7 +46,8 @@ class SLModelView(sqla.ModelView):

    def inaccessible_callback(self, name, **kwargs):
        # redirect to login page if user doesn't have access
-        return redirect(url_for("auth.login", next=request.url))
+        flash("You don't have access to the admin page", "error")
+        return redirect(url_for("dashboard.index", next=request.url))

    def on_model_change(self, form, model, is_created):
        changes = {}
--- a/app/app/alias_utils.py
+++ b/app/app/alias_utils.py
@ -25,9 +25,16 @@ from app.email_utils import (
    render,
 )
 from app.errors import AliasInTrashError
+from app.events.event_dispatcher import EventDispatcher
+from app.events.generated.event_pb2 import (
+    AliasDeleted,
+    AliasStatusChanged,
+    EventContent,
+)
 from app.log import LOG
 from app.models import (
    Alias,
+    AliasDeleteReason,
    CustomDomain,
    Directory,
    User,
@ -303,7 +310,9 @@ def try_auto_create_via_domain(address: str) -> Optional[Alias]:
        return None


-def delete_alias(alias: Alias, user: User):
+def delete_alias(
+    alias: Alias, user: User, reason: AliasDeleteReason = AliasDeleteReason.Unspecified
+):
    """
    Delete an alias and add it to either global or domain trash
    Should be used instead of Alias.delete, DomainDeletedAlias.create, DeletedAlias.create
@ -318,6 +327,7 @@ def delete_alias(alias: Alias, user: User):
                user_id=user.id,
                email=alias.email,
                domain_id=alias.custom_domain_id,
+                reason=reason,
            )
            Session.add(domain_deleted_alias)
            Session.commit()
@ -326,7 +336,7 @@ def delete_alias(alias: Alias, user: User):
            )
    else:
        if not DeletedAlias.get_by(email=alias.email):
-            deleted_alias = DeletedAlias(email=alias.email)
+            deleted_alias = DeletedAlias(email=alias.email, reason=reason)
            Session.add(deleted_alias)
            Session.commit()
            LOG.i(f"Moving {alias} to global trash {deleted_alias}")
@ -334,6 +344,10 @@ def delete_alias(alias: Alias, user: User):
    Alias.filter(Alias.id == alias.id).delete()
    Session.commit()

+    EventDispatcher.send_event(
+        user, EventContent(alias_deleted=AliasDeleted(alias_id=alias.id))
+    )
+

 def aliases_for_mailbox(mailbox: Mailbox) -> [Alias]:
    """
@ -443,10 +457,12 @@ def transfer_alias(alias, new_user, new_mailboxes: [Mailbox]):
        f"Alias {alias.email} has been received",
        render(
            "transactional/alias-transferred.txt",
+            user=old_user,
            alias=alias,
        ),
        render(
            "transactional/alias-transferred.html",
+            user=old_user,
            alias=alias,
        ),
    )
@ -459,3 +475,16 @@ def transfer_alias(alias, new_user, new_mailboxes: [Mailbox]):
    alias.pinned = False

    Session.commit()
+
+
+def change_alias_status(alias: Alias, enabled: bool, commit: bool = False):
+    LOG.i(f"Changing alias {alias} enabled to {enabled}")
+    alias.enabled = enabled
+
+    event = AliasStatusChanged(
+        alias_id=alias.id, alias_email=alias.email, enabled=enabled
+    )
+    EventDispatcher.send_event(alias.user, EventContent(alias_status_change=event))
+
+    if commit:
+        Session.commit()
--- a/app/app/api/views/alias.py
+++ b/app/app/api/views/alias.py
@ -25,7 +25,8 @@ from app.errors import (
    ErrAddressInvalid,
 )
 from app.extensions import limiter
-from app.models import Alias, Contact, Mailbox, AliasMailbox
+from app.log import LOG
+from app.models import Alias, Contact, Mailbox, AliasMailbox, AliasDeleteReason


@deprecated
@ -160,7 +161,7 @@ def delete_alias(alias_id):
    if not alias or alias.user_id != user.id:
        return jsonify(error="Forbidden"), 403

-    alias_utils.delete_alias(alias, user)
+    alias_utils.delete_alias(alias, user, AliasDeleteReason.ManualAction)

    return jsonify(deleted=True), 200

@ -184,7 +185,8 @@ def toggle_alias(alias_id):
    if not alias or alias.user_id != user.id:
        return jsonify(error="Forbidden"), 403

-    alias.enabled = not alias.enabled
+    alias_utils.change_alias_status(alias, enabled=not alias.enabled)
+    LOG.i(f"User {user} changed alias {alias} enabled status to {alias.enabled}")
    Session.commit()

    return jsonify(enabled=alias.enabled), 200
--- a/app/app/api/views/auth.py
+++ b/app/app/api/views/auth.py
@ -129,8 +129,8 @@ def auth_register():
    send_email(
        email,
        "Just one more step to join SimpleLogin",
-        render("transactional/code-activation.txt.jinja2", code=code),
-        render("transactional/code-activation.html", code=code),
+        render("transactional/code-activation.txt.jinja2", user=user, code=code),
+        render("transactional/code-activation.html", user=user, code=code),
    )

    RegisterEvent(RegisterEvent.ActionType.success, RegisterEvent.Source.api).send()
@ -226,8 +226,8 @@ def auth_reactivate():
    send_email(
        email,
        "Just one more step to join SimpleLogin",
-        render("transactional/code-activation.txt.jinja2", code=code),
-        render("transactional/code-activation.html", code=code),
+        render("transactional/code-activation.txt.jinja2", user=user, code=code),
+        render("transactional/code-activation.html", user=user, code=code),
    )

    return jsonify(msg="User needs to confirm their account"), 200
--- a/app/app/auth/views/register.py
+++ b/app/app/auth/views/register.py
@ -125,4 +125,4 @@ def send_activation_email(user, next_url):
        LOG.d("redirect user to %s after activation", next_url)
        activation_link = activation_link + "&next=" + encode_url(next_url)

-    email_utils.send_activation_email(user.email, activation_link)
+    email_utils.send_activation_email(user, activation_link)
--- a/app/app/config.py
+++ b/app/app/config.py
@ -120,7 +120,7 @@ if POSTFIX_SUBMISSION_TLS:
 else:
    default_postfix_port = 25
 POSTFIX_PORT = int(os.environ.get("POSTFIX_PORT", default_postfix_port))
-POSTFIX_TIMEOUT = os.environ.get("POSTFIX_TIMEOUT", 3)
+POSTFIX_TIMEOUT = int(os.environ.get("POSTFIX_TIMEOUT", 3))

 # ["domain1.com", "domain2.com"]
 OTHER_ALIAS_DOMAINS = sl_getenv("OTHER_ALIAS_DOMAINS", list)
@ -281,6 +281,7 @@ JOB_DELETE_MAILBOX = "delete-mailbox"
 JOB_DELETE_DOMAIN = "delete-domain"
 JOB_SEND_USER_REPORT = "send-user-report"
 JOB_SEND_PROTON_WELCOME_1 = "proton-welcome-1"
+JOB_SEND_ALIAS_CREATION_EVENTS = "send-alias-creation-events"

 # for pagination
 PAGE_LIMIT = 20
@ -429,7 +430,7 @@ except Exception:
    HIBP_SCAN_INTERVAL_DAYS = 7
 HIBP_API_KEYS = sl_getenv("HIBP_API_KEYS", list) or []
 HIBP_MAX_ALIAS_CHECK = 10_000
-HIBP_RPM = 100
+HIBP_RPM = int(os.environ.get("HIBP_API_RPM", 100))
 HIBP_SKIP_PARTNER_ALIAS = os.environ.get("HIBP_SKIP_PARTNER_ALIAS")

 KEEP_OLD_DATA_DAYS = 30
@ -581,3 +582,9 @@ UPCLOUD_PASSWORD = os.environ.get("UPCLOUD_PASSWORD", None)
 UPCLOUD_DB_ID = os.environ.get("UPCLOUD_DB_ID", None)

 STORE_TRANSACTIONAL_EMAILS = "STORE_TRANSACTIONAL_EMAILS" in os.environ
+
+EVENT_WEBHOOK = os.environ.get("EVENT_WEBHOOK", None)
+
+# We want it disabled by default, so only skip if defined
+EVENT_WEBHOOK_SKIP_VERIFY_SSL = "EVENT_WEBHOOK_SKIP_VERIFY_SSL" in os.environ
+EVENT_WEBHOOK_DISABLE = "EVENT_WEBHOOK_DISABLE" in os.environ
--- a/app/app/dashboard/views/account_setting.py
+++ b/app/app/dashboard/views/account_setting.py
@ -169,7 +169,7 @@ def send_reset_password_email(user):

    reset_password_link = f"{URL}/auth/reset_password?code={reset_password_code.code}"

-    email_utils.send_reset_password_email(user.email, reset_password_link)
+    email_utils.send_reset_password_email(user, reset_password_link)


 def send_change_email_confirmation(user: User, email_change: EmailChange):
@ -179,7 +179,7 @@ def send_change_email_confirmation(user: User, email_change: EmailChange):

    link = f"{URL}/auth/change_email?code={email_change.code}"

-    email_utils.send_change_email(email_change.new_email, user.email, link)
+    email_utils.send_change_email(user, email_change.new_email, link)


@dashboard_bp.route("/resend_email_change", methods=["GET", "POST"])
--- a/app/app/dashboard/views/index.py
+++ b/app/app/dashboard/views/index.py
@ -12,6 +12,7 @@ from app.extensions import limiter
 from app.log import LOG
 from app.models import (
    Alias,
+    AliasDeleteReason,
    AliasGeneratorEnum,
    User,
    EmailLog,
@ -143,10 +144,12 @@ def index():
            if request.form.get("form-name") == "delete-alias":
                LOG.i(f"User {current_user} requested deletion of alias {alias}")
                email = alias.email
-                alias_utils.delete_alias(alias, current_user)
+                alias_utils.delete_alias(
+                    alias, current_user, AliasDeleteReason.ManualAction
+                )
                flash(f"Alias {email} has been deleted", "success")
            elif request.form.get("form-name") == "disable-alias":
-                alias.enabled = False
+                alias_utils.change_alias_status(alias, enabled=False)
                Session.commit()
                flash(f"Alias {alias.email} has been disabled", "success")

--- a/app/app/dashboard/views/unsubscribe.py
+++ b/app/app/dashboard/views/unsubscribe.py
@ -8,6 +8,7 @@ from app.db import Session
 from flask import redirect, url_for, flash, request, render_template
 from flask_login import login_required, current_user

+from app import alias_utils
 from app.dashboard.base import dashboard_bp
 from app.handler.unsubscribe_encoder import UnsubscribeAction
 from app.handler.unsubscribe_handler import UnsubscribeHandler
@ -31,7 +32,7 @@ def unsubscribe(alias_id):

    # automatic unsubscribe, according to https://tools.ietf.org/html/rfc8058
    if request.method == "POST":
-        alias.enabled = False
+        alias_utils.change_alias_status(alias, False)
        flash(f"Alias {alias.email} has been blocked", "success")
        Session.commit()

--- a/app/app/email_utils.py
+++ b/app/app/email_utils.py
@ -33,6 +33,7 @@ from flanker.addresslib import address
 from flanker.addresslib.address import EmailAddress
 from jinja2 import Environment, FileSystemLoader
 from sqlalchemy import func
+from flask_login import current_user

 from app import config
 from app.db import Session
@ -68,17 +69,27 @@ VERP_TIME_START = 1640995200
 VERP_HMAC_ALGO = "sha3-224"


-def render(template_name, **kwargs) -> str:
+def render(template_name: str, user: Optional[User], **kwargs) -> str:
    templates_dir = os.path.join(config.ROOT_DIR, "templates", "emails")
    env = Environment(loader=FileSystemLoader(templates_dir))

    template = env.get_template(template_name)

+    if user is None:
+        if current_user and current_user.is_authenticated:
+            user = current_user
+
+    use_partner_template = False
+    if user:
+        use_partner_template = user.has_used_alias_from_partner()
+        kwargs["user"] = user
+
    return template.render(
        MAX_NB_EMAIL_FREE_PLAN=config.MAX_NB_EMAIL_FREE_PLAN,
        URL=config.URL,
        LANDING_PAGE_URL=config.LANDING_PAGE_URL,
        YEAR=arrow.now().year,
+        USE_PARTNER_TEMPLATE=use_partner_template,
        **kwargs,
    )

@ -111,53 +122,59 @@ def send_trial_end_soon_email(user):
    )


-def send_activation_email(email, activation_link):
+def send_activation_email(user: User, activation_link):
    send_email(
-        email,
+        user.email,
        "Just one more step to join SimpleLogin",
        render(
            "transactional/activation.txt",
+            user=user,
            activation_link=activation_link,
-            email=email,
+            email=user.email,
        ),
        render(
            "transactional/activation.html",
+            user=user,
            activation_link=activation_link,
-            email=email,
+            email=user.email,
        ),
    )


-def send_reset_password_email(email, reset_password_link):
+def send_reset_password_email(user: User, reset_password_link):
    send_email(
-        email,
+        user.email,
        "Reset your password on SimpleLogin",
        render(
            "transactional/reset-password.txt",
+            user=user,
            reset_password_link=reset_password_link,
        ),
        render(
            "transactional/reset-password.html",
+            user=user,
            reset_password_link=reset_password_link,
        ),
    )


-def send_change_email(new_email, current_email, link):
+def send_change_email(user: User, new_email, link):
    send_email(
        new_email,
        "Confirm email update on SimpleLogin",
        render(
            "transactional/change-email.txt",
+            user=user,
            link=link,
            new_email=new_email,
-            current_email=current_email,
+            current_email=user.email,
        ),
        render(
            "transactional/change-email.html",
+            user=user,
            link=link,
            new_email=new_email,
-            current_email=current_email,
+            current_email=user.email,
        ),
    )

@ -170,28 +187,32 @@ def send_invalid_totp_login_email(user, totp_type):
        "Unsuccessful attempt to login to your SimpleLogin account",
        render(
            "transactional/invalid-totp-login.txt",
+            user=user,
            type=totp_type,
        ),
        render(
            "transactional/invalid-totp-login.html",
+            user=user,
            type=totp_type,
        ),
        1,
    )


-def send_test_email_alias(email, name):
+def send_test_email_alias(user: User, email: str):
    send_email(
        email,
        f"This email is sent to {email}",
        render(
            "transactional/test-email.txt",
-            name=name,
+            user=user,
+            name=user.name,
            alias=email,
        ),
        render(
            "transactional/test-email.html",
-            name=name,
+            user=user,
+            name=user.name,
            alias=email,
        ),
    )
@ -206,11 +227,13 @@ def send_cannot_create_directory_alias(user, alias_address, directory_name):
        f"Alias {alias_address} cannot be created",
        render(
            "transactional/cannot-create-alias-directory.txt",
+            user=user,
            alias=alias_address,
            directory=directory_name,
        ),
        render(
            "transactional/cannot-create-alias-directory.html",
+            user=user,
            alias=alias_address,
            directory=directory_name,
        ),
@ -228,11 +251,13 @@ def send_cannot_create_directory_alias_disabled(user, alias_address, directory_n
        f"Alias {alias_address} cannot be created",
        render(
            "transactional/cannot-create-alias-directory-disabled.txt",
+            user=user,
            alias=alias_address,
            directory=directory_name,
        ),
        render(
            "transactional/cannot-create-alias-directory-disabled.html",
+            user=user,
            alias=alias_address,
            directory=directory_name,
        ),
@ -248,11 +273,13 @@ def send_cannot_create_domain_alias(user, alias, domain):
        f"Alias {alias} cannot be created",
        render(
            "transactional/cannot-create-alias-domain.txt",
+            user=user,
            alias=alias,
            domain=domain,
        ),
        render(
            "transactional/cannot-create-alias-domain.html",
+            user=user,
            alias=alias,
            domain=domain,
        ),
@ -919,10 +946,20 @@ def decode_text(text: str, encoding: EmailEncoding = EmailEncoding.NO) -> str:
        return text


-def add_header(msg: Message, text_header, html_header=None) -> Message:
+def add_header(
+    msg: Message, text_header, html_header=None, subject_prefix=None
+) -> Message:
    if not html_header:
        html_header = text_header.replace("\n", "<br>")

+    if subject_prefix is not None:
+        subject = msg[headers.SUBJECT]
+        if not subject:
+            msg.add_header(headers.SUBJECT, subject_prefix)
+        else:
+            subject = f"{subject_prefix} {subject}"
+            msg.replace_header(headers.SUBJECT, subject)
+
    content_type = msg.get_content_type().lower()
    if content_type == "text/plain":
        encoding = get_encoding(msg)
@ -1253,6 +1290,7 @@ def spf_pass(
                    f"SimpleLogin Alert: attempt to send emails from your alias {alias.email} from unknown IP Address",
                    render(
                        "transactional/spf-fail.txt",
+                        user=user,
                        alias=alias.email,
                        ip=ip,
                        mailbox_url=config.URL + f"/dashboard/mailbox/{mailbox.id}#spf",
@ -1262,6 +1300,7 @@ def spf_pass(
                    ),
                    render(
                        "transactional/spf-fail.html",
+                        user=user,
                        ip=ip,
                        mailbox_url=config.URL + f"/dashboard/mailbox/{mailbox.id}#spf",
                        to_email=contact_email,
--- a/app/app/events/init.py
+++ b/app/app/events/init.py
--- a/app/app/events/event_dispatcher.py
+++ b/app/app/events/event_dispatcher.py
@ -0,0 +1,66 @@
+from abc import ABC, abstractmethod
+from app import config
+from app.db import Session
+from app.errors import ProtonPartnerNotSetUp
+from app.events.generated import event_pb2
+from app.models import User, PartnerUser, SyncEvent
+from app.proton.utils import get_proton_partner
+from typing import Optional
+
+NOTIFICATION_CHANNEL = "simplelogin_sync_events"
+
+
+class Dispatcher(ABC):
+    @abstractmethod
+    def send(self, event: bytes):
+        pass
+
+
+class PostgresDispatcher(Dispatcher):
+    def send(self, event: bytes):
+        instance = SyncEvent.create(content=event, flush=True)
+        Session.execute(f"NOTIFY {NOTIFICATION_CHANNEL}, '{instance.id}';")
+
+    @staticmethod
+    def get():
+        return PostgresDispatcher()
+
+
+class EventDispatcher:
+    @staticmethod
+    def send_event(
+        user: User,
+        content: event_pb2.EventContent,
+        dispatcher: Dispatcher = PostgresDispatcher.get(),
+        skip_if_webhook_missing: bool = True,
+    ):
+        if config.EVENT_WEBHOOK_DISABLE:
+            return
+
+        if not config.EVENT_WEBHOOK and skip_if_webhook_missing:
+            return
+
+        partner_user = EventDispatcher.__partner_user(user.id)
+        if not partner_user:
+            return
+
+        event = event_pb2.Event(
+            user_id=user.id,
+            external_user_id=partner_user.external_user_id,
+            partner_id=partner_user.partner_id,
+            content=content,
+        )
+
+        serialized = event.SerializeToString()
+        dispatcher.send(serialized)
+
+    @staticmethod
+    def __partner_user(user_id: int) -> Optional[PartnerUser]:
+        # Check if the current user has a partner_id
+        try:
+            proton_partner_id = get_proton_partner().id
+        except ProtonPartnerNotSetUp:
+            return None
+
+        # It has. Retrieve the information for the PartnerUser
+        return PartnerUser.get_by(user_id=user_id, partner_id=proton_partner_id)
--- a/app/app/events/generated/event_pb2.py
+++ b/app/app/events/generated/event_pb2.py
@ -0,0 +1,50 @@
+# -*- coding: utf-8 -*-
+# Generated by the protocol buffer compiler.  DO NOT EDIT!
+# NO CHECKED-IN PROTOBUF GENCODE
+# source: event.proto
+# Protobuf Python Version: 5.27.0
+"""Generated protocol buffer code."""
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import descriptor_pool as _descriptor_pool
+from google.protobuf import runtime_version as _runtime_version
+from google.protobuf import symbol_database as _symbol_database
+from google.protobuf.internal import builder as _builder
+_runtime_version.ValidateProtobufRuntimeVersion(
+    _runtime_version.Domain.PUBLIC,
+    5,
+    27,
+    0,
+    '',
+    'event.proto'
+)
+# @@protoc_insertion_point(imports)
+
+_sym_db = _symbol_database.Default()
+
+
+
+
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x0b\x65vent.proto\x12\x12simplelogin_events\"(\n\x0fUserPlanChanged\x12\x15\n\rplan_end_time\x18\x01 \x01(\r\"\r\n\x0bUserDeleted\"Z\n\x0c\x41liasCreated\x12\x10\n\x08\x61lias_id\x18\x01 \x01(\r\x12\x13\n\x0b\x61lias_email\x18\x02 \x01(\t\x12\x12\n\nalias_note\x18\x03 \x01(\t\x12\x0f\n\x07\x65nabled\x18\x04 \x01(\x08\"L\n\x12\x41liasStatusChanged\x12\x10\n\x08\x61lias_id\x18\x01 \x01(\r\x12\x13\n\x0b\x61lias_email\x18\x02 \x01(\t\x12\x0f\n\x07\x65nabled\x18\x03 \x01(\x08\"5\n\x0c\x41liasDeleted\x12\x10\n\x08\x61lias_id\x18\x01 \x01(\r\x12\x13\n\x0b\x61lias_email\x18\x02 \x01(\t\"D\n\x10\x41liasCreatedList\x12\x30\n\x06\x65vents\x18\x01 \x03(\x0b\x32 .simplelogin_events.AliasCreated\"\x93\x03\n\x0c\x45ventContent\x12?\n\x10user_plan_change\x18\x01 \x01(\x0b\x32#.simplelogin_events.UserPlanChangedH\x00\x12\x37\n\x0cuser_deleted\x18\x02 \x01(\x0b\x32\x1f.simplelogin_events.UserDeletedH\x00\x12\x39\n\ralias_created\x18\x03 \x01(\x0b\x32 .simplelogin_events.AliasCreatedH\x00\x12\x45\n\x13\x61lias_status_change\x18\x04 \x01(\x0b\x32&.simplelogin_events.AliasStatusChangedH\x00\x12\x39\n\ralias_deleted\x18\x05 \x01(\x0b\x32 .simplelogin_events.AliasDeletedH\x00\x12\x41\n\x11\x61lias_create_list\x18\x06 \x01(\x0b\x32$.simplelogin_events.AliasCreatedListH\x00\x42\t\n\x07\x63ontent\"y\n\x05\x45vent\x12\x0f\n\x07user_id\x18\x01 \x01(\r\x12\x18\n\x10\x65xternal_user_id\x18\x02 \x01(\t\x12\x12\n\npartner_id\x18\x03 \x01(\r\x12\x31\n\x07\x63ontent\x18\x04 \x01(\x0b\x32 .simplelogin_events.EventContentb\x06proto3')
+
+_globals = globals()
+_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, _globals)
+_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'event_pb2', _globals)
+if not _descriptor._USE_C_DESCRIPTORS:
+  DESCRIPTOR._loaded_options = None
+  _globals['_USERPLANCHANGED']._serialized_start=35
+  _globals['_USERPLANCHANGED']._serialized_end=75
+  _globals['_USERDELETED']._serialized_start=77
+  _globals['_USERDELETED']._serialized_end=90
+  _globals['_ALIASCREATED']._serialized_start=92
+  _globals['_ALIASCREATED']._serialized_end=182
+  _globals['_ALIASSTATUSCHANGED']._serialized_start=184
+  _globals['_ALIASSTATUSCHANGED']._serialized_end=260
+  _globals['_ALIASDELETED']._serialized_start=262
+  _globals['_ALIASDELETED']._serialized_end=315
+  _globals['_ALIASCREATEDLIST']._serialized_start=317
+  _globals['_ALIASCREATEDLIST']._serialized_end=385
+  _globals['_EVENTCONTENT']._serialized_start=388
+  _globals['_EVENTCONTENT']._serialized_end=791
+  _globals['_EVENT']._serialized_start=793
+  _globals['_EVENT']._serialized_end=914
+# @@protoc_insertion_point(module_scope)
--- a/app/app/events/generated/event_pb2.pyi
+++ b/app/app/events/generated/event_pb2.pyi
@ -0,0 +1,80 @@
+from google.protobuf.internal import containers as _containers
+from google.protobuf import descriptor as _descriptor
+from google.protobuf import message as _message
+from typing import ClassVar as _ClassVar, Iterable as _Iterable, Mapping as _Mapping, Optional as _Optional, Union as _Union
+
+DESCRIPTOR: _descriptor.FileDescriptor
+
+class UserPlanChanged(_message.Message):
+    __slots__ = ("plan_end_time",)
+    PLAN_END_TIME_FIELD_NUMBER: _ClassVar[int]
+    plan_end_time: int
+    def __init__(self, plan_end_time: _Optional[int] = ...) -> None: ...
+
+class UserDeleted(_message.Message):
+    __slots__ = ()
+    def __init__(self) -> None: ...
+
+class AliasCreated(_message.Message):
+    __slots__ = ("alias_id", "alias_email", "alias_note", "enabled")
+    ALIAS_ID_FIELD_NUMBER: _ClassVar[int]
+    ALIAS_EMAIL_FIELD_NUMBER: _ClassVar[int]
+    ALIAS_NOTE_FIELD_NUMBER: _ClassVar[int]
+    ENABLED_FIELD_NUMBER: _ClassVar[int]
+    alias_id: int
+    alias_email: str
+    alias_note: str
+    enabled: bool
+    def __init__(self, alias_id: _Optional[int] = ..., alias_email: _Optional[str] = ..., alias_note: _Optional[str] = ..., enabled: bool = ...) -> None: ...
+
+class AliasStatusChanged(_message.Message):
+    __slots__ = ("alias_id", "alias_email", "enabled")
+    ALIAS_ID_FIELD_NUMBER: _ClassVar[int]
+    ALIAS_EMAIL_FIELD_NUMBER: _ClassVar[int]
+    ENABLED_FIELD_NUMBER: _ClassVar[int]
+    alias_id: int
+    alias_email: str
+    enabled: bool
+    def __init__(self, alias_id: _Optional[int] = ..., alias_email: _Optional[str] = ..., enabled: bool = ...) -> None: ...
+
+class AliasDeleted(_message.Message):
+    __slots__ = ("alias_id", "alias_email")
+    ALIAS_ID_FIELD_NUMBER: _ClassVar[int]
+    ALIAS_EMAIL_FIELD_NUMBER: _ClassVar[int]
+    alias_id: int
+    alias_email: str
+    def __init__(self, alias_id: _Optional[int] = ..., alias_email: _Optional[str] = ...) -> None: ...
+
+class AliasCreatedList(_message.Message):
+    __slots__ = ("events",)
+    EVENTS_FIELD_NUMBER: _ClassVar[int]
+    events: _containers.RepeatedCompositeFieldContainer[AliasCreated]
+    def __init__(self, events: _Optional[_Iterable[_Union[AliasCreated, _Mapping]]] = ...) -> None: ...
+
+class EventContent(_message.Message):
+    __slots__ = ("user_plan_change", "user_deleted", "alias_created", "alias_status_change", "alias_deleted", "alias_create_list")
+    USER_PLAN_CHANGE_FIELD_NUMBER: _ClassVar[int]
+    USER_DELETED_FIELD_NUMBER: _ClassVar[int]
+    ALIAS_CREATED_FIELD_NUMBER: _ClassVar[int]
+    ALIAS_STATUS_CHANGE_FIELD_NUMBER: _ClassVar[int]
+    ALIAS_DELETED_FIELD_NUMBER: _ClassVar[int]
+    ALIAS_CREATE_LIST_FIELD_NUMBER: _ClassVar[int]
+    user_plan_change: UserPlanChanged
+    user_deleted: UserDeleted
+    alias_created: AliasCreated
+    alias_status_change: AliasStatusChanged
+    alias_deleted: AliasDeleted
+    alias_create_list: AliasCreatedList
+    def __init__(self, user_plan_change: _Optional[_Union[UserPlanChanged, _Mapping]] = ..., user_deleted: _Optional[_Union[UserDeleted, _Mapping]] = ..., alias_created: _Optional[_Union[AliasCreated, _Mapping]] = ..., alias_status_change: _Optional[_Union[AliasStatusChanged, _Mapping]] = ..., alias_deleted: _Optional[_Union[AliasDeleted, _Mapping]] = ..., alias_create_list: _Optional[_Union[AliasCreatedList, _Mapping]] = ...) -> None: ...
+
+class Event(_message.Message):
+    __slots__ = ("user_id", "external_user_id", "partner_id", "content")
+    USER_ID_FIELD_NUMBER: _ClassVar[int]
+    EXTERNAL_USER_ID_FIELD_NUMBER: _ClassVar[int]
+    PARTNER_ID_FIELD_NUMBER: _ClassVar[int]
+    CONTENT_FIELD_NUMBER: _ClassVar[int]
+    user_id: int
+    external_user_id: str
+    partner_id: int
+    content: EventContent
+    def __init__(self, user_id: _Optional[int] = ..., external_user_id: _Optional[str] = ..., partner_id: _Optional[int] = ..., content: _Optional[_Union[EventContent, _Mapping]] = ...) -> None: ...
--- a/app/app/handler/dmarc.py
+++ b/app/app/handler/dmarc.py
@ -64,6 +64,7 @@ More info on https://simplelogin.io/docs/getting-started/anti-phishing/
            msg,
            warning_plain_text,
            warning_html,
+            subject_prefix="[Possible phishing attempt]",
        )
        return changed_msg, None

@ -76,6 +77,7 @@ More info on https://simplelogin.io/docs/getting-started/anti-phishing/
            msg,
            warning_plain_text,
            warning_html,
+            subject_prefix="[Possible phishing attempt]",
        )
        return changed_msg, None

@ -104,12 +106,14 @@ More info on https://simplelogin.io/docs/getting-started/anti-phishing/
            f"An email sent to {alias.email} has been quarantined",
            render(
                "transactional/message-quarantine-dmarc.txt.jinja2",
+                user=user,
                from_header=from_header,
                alias=alias,
                refused_email_url=email_log.get_dashboard_url(),
            ),
            render(
                "transactional/message-quarantine-dmarc.html",
+                user=user,
                from_header=from_header,
                alias=alias,
                refused_email_url=email_log.get_dashboard_url(),
@ -174,12 +178,14 @@ def apply_dmarc_policy_for_reply_phase(
        f"Attempt to send an email to your contact {contact_recipient.email} from {envelope.mail_from}",
        render(
            "transactional/spoof-reply.txt.jinja2",
+            user=alias_from.user,
            contact=contact_recipient,
            alias=alias_from,
            sender=envelope.mail_from,
        ),
        render(
            "transactional/spoof-reply.html",
+            user=alias_from.user,
            contact=contact_recipient,
            alias=alias_from,
            sender=envelope.mail_from,
--- a/app/app/handler/provider_complaint.py
+++ b/app/app/handler/provider_complaint.py
@ -319,11 +319,13 @@ def report_complaint_to_user_in_forward_phase(
        f"Abuse report from {capitalized_name}",
        render(
            "transactional/provider-complaint-forward-phase.txt.jinja2",
+            user=user,
            email=mailbox_email,
            provider=capitalized_name,
        ),
        render(
            "transactional/provider-complaint-forward-phase.html",
+            user=user,
            email=mailbox_email,
            provider=capitalized_name,
        ),
--- a/app/app/handler/unsubscribe_handler.py
+++ b/app/app/handler/unsubscribe_handler.py
@ -5,6 +5,7 @@ from typing import Optional
 from aiosmtpd.smtp import Envelope

 from app import config
+from app import alias_utils
 from app.db import Session
 from app.email import headers, status
 from app.email_utils import (
@ -101,7 +102,8 @@ class UnsubscribeHandler:
            mailbox.email, alias
        ):
            return status.E509
-        alias.enabled = False
+        LOG.i(f"User disabled alias {alias} via unsubscribe header")
+        alias_utils.change_alias_status(alias, enabled=False)
        Session.commit()
        enable_alias_url = config.URL + f"/dashboard/?highlight_alias_id={alias.id}"
        for mailbox in alias.mailboxes:
--- a/app/app/jobs/event_jobs.py
+++ b/app/app/jobs/event_jobs.py
@ -0,0 +1,40 @@
+from app.events.event_dispatcher import EventDispatcher, Dispatcher
+from app.events.generated.event_pb2 import EventContent, AliasCreated, AliasCreatedList
+from app.log import LOG
+from app.models import User, Alias
+
+
+def send_alias_creation_events_for_user(
+    user: User, dispatcher: Dispatcher, chunk_size=50
+):
+    if user.disabled:
+        LOG.i("User {user} is disabled. Skipping sending events for that user")
+        return
+    chunk_size = min(chunk_size, 50)
+    event_list = []
+    for alias in (
+        Alias.yield_per_query(chunk_size)
+        .filter_by(user_id=user.id)
+        .order_by(Alias.id.asc())
+    ):
+        event_list.append(
+            AliasCreated(
+                alias_id=alias.id,
+                alias_email=alias.email,
+                alias_note=alias.note,
+                enabled=alias.enabled,
+            )
+        )
+        if len(event_list) >= chunk_size:
+            EventDispatcher.send_event(
+                user,
+                EventContent(alias_create_list=AliasCreatedList(events=event_list)),
+                dispatcher=dispatcher,
+            )
+            event_list = []
+    if len(event_list) > 0:
+        EventDispatcher.send_event(
+            user,
+            EventContent(alias_create_list=AliasCreatedList(events=event_list)),
+            dispatcher=dispatcher,
+        )
--- a/app/app/jobs/export_user_data_job.py
+++ b/app/app/jobs/export_user_data_job.py
@ -137,7 +137,9 @@ class ExportUserDataJob:
        msg[headers.SUBJECT] = "Your SimpleLogin data"
        msg[headers.FROM] = f'"SimpleLogin (noreply)" <{config.NOREPLY}>'
        msg[headers.TO] = to_email
-        msg.attach(MIMEText(render("transactional/user-report.html"), "html"))
+        msg.attach(
+            MIMEText(render("transactional/user-report.html", user=self._user), "html")
+        )
        attachment = MIMEApplication(zipped_contents.read())
        attachment.add_header(
            "Content-Disposition", "attachment", filename="user_report.zip"
--- a/app/app/models.py
+++ b/app/app/models.py
@ -263,6 +263,15 @@ class UnsubscribeBehaviourEnum(EnumE):
    PreserveOriginal = 2


+class AliasDeleteReason(EnumE):
+    Unspecified = 0
+    UserHasBeenDeleted = 1
+    ManualAction = 2
+    DirectoryDeleted = 3
+    MailboxDeleted = 4
+    CustomDomainDeleted = 5
+
+
 class IntEnumType(sa.types.TypeDecorator):
    impl = sa.Integer

@ -330,6 +339,7 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
    FLAG_FREE_DISABLE_CREATE_ALIAS = 1 << 0
    FLAG_CREATED_FROM_PARTNER = 1 << 1
    FLAG_FREE_OLD_ALIAS_LIMIT = 1 << 2
+    FLAG_CREATED_ALIAS_FROM_PARTNER = 1 << 3

    email = sa.Column(sa.String(256), unique=True, nullable=False)

@ -657,6 +667,27 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):

        return user

+    @classmethod
+    def delete(cls, obj_id, commit=False):
+        # Internal import to avoid global import cycles
+        from app.events.event_dispatcher import EventDispatcher
+        from app.events.generated.event_pb2 import UserDeleted, EventContent
+
+        user: User = cls.get(obj_id)
+        EventDispatcher.send_event(user, EventContent(user_deleted=UserDeleted()))
+
+        # Manually delete all aliases for the user that is about to be deleted
+        from app.alias_utils import delete_alias
+
+        for alias in Alias.filter_by(user_id=user.id):
+            delete_alias(alias, user, AliasDeleteReason.UserHasBeenDeleted)
+
+        res = super(User, cls).delete(obj_id)
+        if commit:
+            Session.commit()
+
+        return res
+
    def get_active_subscription(
        self, include_partner_subscription: bool = True
    ) -> Optional[
@ -1138,6 +1169,13 @@ class User(Base, ModelMixin, UserMixin, PasswordOracle):
            return True
        return not config.DISABLE_CREATE_CONTACTS_FOR_FREE_USERS

+    def has_used_alias_from_partner(self) -> bool:
+        return (
+            self.flags
+            & (User.FLAG_CREATED_ALIAS_FROM_PARTNER | User.FLAG_CREATED_FROM_PARTNER)
+            > 0
+        )
+
    def __repr__(self):
        return f"<User {self.id} {self.name} {self.email}>"

@ -1619,6 +1657,24 @@ class Alias(Base, ModelMixin):
        Session.add(new_alias)
        DailyMetric.get_or_create_today_metric().nb_alias += 1

+        # Internal import to avoid global import cycles
+        from app.events.event_dispatcher import EventDispatcher
+        from app.events.generated.event_pb2 import AliasCreated, EventContent
+
+        event = AliasCreated(
+            alias_id=new_alias.id,
+            alias_email=new_alias.email,
+            alias_note=new_alias.note,
+            enabled=True,
+        )
+        EventDispatcher.send_event(user, EventContent(alias_created=event))
+
+        if (
+            new_alias.flags & cls.FLAG_PARTNER_CREATED > 0
+            and new_alias.user.flags & User.FLAG_CREATED_ALIAS_FROM_PARTNER == 0
+        ):
+            user.flags = user.flags | User.FLAG_CREATED_ALIAS_FROM_PARTNER
+
        if commit:
            Session.commit()

@ -2220,6 +2276,12 @@ class DeletedAlias(Base, ModelMixin):
    __tablename__ = "deleted_alias"

    email = sa.Column(sa.String(256), unique=True, nullable=False)
+    reason = sa.Column(
+        IntEnumType(AliasDeleteReason),
+        nullable=False,
+        default=AliasDeleteReason.Unspecified,
+        server_default=str(AliasDeleteReason.Unspecified.value),
+    )

    @classmethod
    def create(cls, **kw):
@ -2407,6 +2469,13 @@ class CustomDomain(Base, ModelMixin):
        if obj.is_sl_subdomain:
            DeletedSubdomain.create(domain=obj.domain)

+        from app import alias_utils
+
+        for alias in Alias.filter_by(custom_domain_id=obj_id):
+            alias_utils.delete_alias(
+                alias, obj.user, AliasDeleteReason.CustomDomainDeleted
+            )
+
        return super(CustomDomain, cls).delete(obj_id)

    @property
@ -2479,6 +2548,12 @@ class DomainDeletedAlias(Base, ModelMixin):

    domain = orm.relationship(CustomDomain)
    user = orm.relationship(User, foreign_keys=[user_id])
+    reason = sa.Column(
+        IntEnumType(AliasDeleteReason),
+        nullable=False,
+        default=AliasDeleteReason.Unspecified,
+        server_default=str(AliasDeleteReason.Unspecified.value),
+    )

    @classmethod
    def create(cls, **kw):
@ -2570,7 +2645,7 @@ class Directory(Base, ModelMixin):
        for alias in Alias.filter_by(directory_id=obj_id):
            from app import alias_utils

-            alias_utils.delete_alias(alias, user)
+            alias_utils.delete_alias(alias, user, AliasDeleteReason.DirectoryDeleted)

        DeletedDirectory.create(name=obj.name)
        cls.filter(cls.id == obj_id).delete()
@ -2698,7 +2773,7 @@ class Mailbox(Base, ModelMixin):
                from app import alias_utils

                # only put aliases that have mailbox as a single mailbox into trash
-                alias_utils.delete_alias(alias, user)
+                alias_utils.delete_alias(alias, user, AliasDeleteReason.MailboxDeleted)
            Session.commit()

        cls.filter(cls.id == obj_id).delete()
@ -2944,11 +3019,7 @@ class RecoveryCode(Base, ModelMixin):
    @classmethod
    def find_by_user_code(cls, user: User, code: str):
        hashed_code = cls._hash_code(code)
-        # TODO: Only return hashed codes once there aren't unhashed codes in the db.
-        found_code = cls.get_by(user_id=user.id, code=hashed_code)
-        if found_code:
-            return found_code
-        return cls.get_by(user_id=user.id, code=code)
+        return cls.get_by(user_id=user.id, code=hashed_code)

    @classmethod
    def empty(cls, user):
@ -3648,3 +3719,52 @@ class ApiToCookieToken(Base, ModelMixin):
        code = secrets.token_urlsafe(32)

        return super().create(code=code, **kwargs)
+
+
+class SyncEvent(Base, ModelMixin):
+    """This model holds the events that need to be sent to the webhook"""
+
+    __tablename__ = "sync_event"
+    content = sa.Column(sa.LargeBinary, unique=False, nullable=False)
+    taken_time = sa.Column(
+        ArrowType, default=None, nullable=True, server_default=None, index=True
+    )
+
+    __table_args__ = (
+        sa.Index("ix_sync_event_created_at", "created_at"),
+        sa.Index("ix_sync_event_taken_time", "taken_time"),
+    )
+
+    def mark_as_taken(self) -> bool:
+        sql = """
+        UPDATE sync_event
+        SET taken_time = :taken_time
+        WHERE id = :sync_event_id
+          AND taken_time IS NULL
+        """
+        args = {"taken_time": arrow.now().datetime, "sync_event_id": self.id}
+
+        res = Session.execute(sql, args)
+        Session.commit()
+
+        return res.rowcount > 0
+
+    @classmethod
+    def get_dead_letter(cls, older_than: Arrow) -> [SyncEvent]:
+        return (
+            SyncEvent.filter(
+                (
+                    (
+                        SyncEvent.taken_time.isnot(None)
+                        & (SyncEvent.taken_time < older_than)
+                    )
+                    | (
+                        SyncEvent.taken_time.is_(None)
+                        & (SyncEvent.created_at < older_than)
+                    )
+                )
+            )
+            .order_by(SyncEvent.id)
+            .limit(100)
+            .all()
+        )
--- a/app/app/onboarding/views/final.py
+++ b/app/app/onboarding/views/final.py
@ -20,7 +20,7 @@ def final():
    if form.validate_on_submit():
        alias = Alias.get_by(email=form.email.data)
        if alias and alias.user_id == current_user.id:
-            send_test_email_alias(alias.email, current_user.name)
+            send_test_email_alias(current_user, alias.email)
            flash("An email is sent to your alias", "success")

    return render_template(
--- a/app/app/paddle_callback.py
+++ b/app/app/paddle_callback.py
@ -27,6 +27,7 @@ def failed_payment(sub: Subscription, subscription_id: str):
        "SimpleLogin - your subscription has failed to be renewed",
        render(
            "transactional/subscription-cancel.txt",
+            user=user,
            end_date=arrow.arrow.datetime.utcnow(),
        ),
    )
--- a/app/app/proton/utils.py
+++ b/app/app/proton/utils.py
@ -2,6 +2,7 @@ from newrelic import agent
 from typing import Optional

 from app.db import Session
+from app.log import LOG
 from app.errors import ProtonPartnerNotSetUp
 from app.models import Partner, PartnerUser, User

@ -30,6 +31,7 @@ def perform_proton_account_unlink(current_user: User):
        user_id=current_user.id, partner_id=proton_partner.id
    )
    if partner_user is not None:
+        LOG.info(f"User {current_user} has unlinked the account from {partner_user}")
        PartnerUser.delete(partner_user.id)
    Session.commit()
    agent.record_custom_event("AccountUnlinked", {"partner": proton_partner.name})
--- a/app/app/subscription_webhook.py
+++ b/app/app/subscription_webhook.py
@ -2,6 +2,8 @@ import requests
 from requests import RequestException

 from app import config
+from app.events.event_dispatcher import EventDispatcher
+from app.events.generated.event_pb2 import EventContent, UserPlanChanged
 from app.log import LOG
 from app.models import User

@ -31,3 +33,6 @@ def execute_subscription_webhook(user: User):
            )
    except RequestException as e:
        LOG.error(f"Subscription request exception: {e}")
+
+    event = UserPlanChanged(plan_end_time=sl_subscription_end)
+    EventDispatcher.send_event(user, EventContent(user_plan_change=event))
--- a/app/cron.py
+++ b/app/cron.py
@ -266,11 +266,13 @@ def notify_manual_sub_end():
                "Your SimpleLogin subscription will end soon",
                render(
                    "transactional/coinbase/reminder-subscription.txt",
+                    user=user,
                    coinbase_subscription=coinbase_subscription,
                    extend_subscription_url=extend_subscription_url,
                ),
                render(
                    "transactional/coinbase/reminder-subscription.html",
+                    user=user,
                    coinbase_subscription=coinbase_subscription,
                    extend_subscription_url=extend_subscription_url,
                ),
@ -826,10 +828,12 @@ def check_mailbox_valid_domain():
                        f"Mailbox {mailbox.email} is disabled",
                        render(
                            "transactional/disable-mailbox-warning.txt.jinja2",
+                            user=mailbox.user,
                            mailbox=mailbox,
                        ),
                        render(
                            "transactional/disable-mailbox-warning.html",
+                            user=mailbox.user,
                            mailbox=mailbox,
                        ),
                        retries=3,
@ -884,6 +888,7 @@ def check_mailbox_valid_pgp_keys():
                f"Mailbox {mailbox.email}'s PGP Key is invalid",
                render(
                    "transactional/invalid-mailbox-pgp-key.txt.jinja2",
+                    user=mailbox.user,
                    mailbox=mailbox,
                ),
                retries=3,
@ -924,6 +929,7 @@ def check_single_custom_domain(custom_domain):
                f"Please update {custom_domain.domain} DNS on SimpleLogin",
                render(
                    "transactional/custom-domain-dns-issue.txt.jinja2",
+                    user=user,
                    custom_domain=custom_domain,
                    domain_dns_url=domain_dns_url,
                ),
--- a/app/email_handler.py
+++ b/app/email_handler.py
@ -53,7 +53,7 @@ from flanker.addresslib.address import EmailAddress
 from sqlalchemy.exc import IntegrityError

 from app import pgp_utils, s3, config
-from app.alias_utils import try_auto_create
+from app.alias_utils import try_auto_create, change_alias_status
 from app.config import (
    EMAIL_DOMAIN,
    URL,
@ -601,12 +601,14 @@ def handle_email_sent_to_ourself(alias, from_addr: str, msg: Message, user):
        f"Email sent to {alias.email} from its own mailbox {from_addr}",
        render(
            "transactional/cycle-email.txt.jinja2",
+            user=user,
            alias=alias,
            from_addr=from_addr,
            refused_email_url=refused_email_url,
        ),
        render(
            "transactional/cycle-email.html",
+            user=user,
            alias=alias,
            from_addr=from_addr,
            refused_email_url=refused_email_url,
@ -728,12 +730,14 @@ def handle_forward(envelope, msg: Message, rcpt_to: str) -> List[Tuple[bool, str
                    f"Your mailbox {mailbox.email} is an alias",
                    render(
                        "transactional/mailbox-invalid.txt.jinja2",
+                        user=mailbox.user,
                        mailbox=mailbox,
                        mailbox_url=mailbox_url,
                        alias=alias,
                    ),
                    render(
                        "transactional/mailbox-invalid.html",
+                        user=mailbox.user,
                        mailbox=mailbox,
                        mailbox_url=mailbox_url,
                        alias=alias,
@ -786,12 +790,14 @@ def forward_email_to_mailbox(
            f"Your mailbox {mailbox.email} and alias {alias.email} use the same domain",
            render(
                "transactional/mailbox-invalid.txt.jinja2",
+                user=mailbox.user,
                mailbox=mailbox,
                mailbox_url=mailbox_url,
                alias=alias,
            ),
            render(
                "transactional/mailbox-invalid.html",
+                user=mailbox.user,
                mailbox=mailbox,
                mailbox_url=mailbox_url,
                alias=alias,
@ -1276,6 +1282,7 @@ def handle_reply(envelope, msg: Message, rcpt_to: str) -> (bool, str):
            f"Email sent to {contact.email} contains non reverse-alias addresses",
            render(
                "transactional/non-reverse-alias-reply-phase.txt.jinja2",
+                user=alias.user,
                destination=contact.email,
                alias=alias.email,
                subject=msg[headers.SUBJECT],
@ -1497,6 +1504,7 @@ def handle_unknown_mailbox(
        f"Attempt to use your alias {alias.email} from {envelope.mail_from}",
        render(
            "transactional/reply-must-use-personal-email.txt",
+            user=user,
            alias=alias,
            sender=envelope.mail_from,
            authorize_address_link=authorize_address_link,
@ -1504,6 +1512,7 @@ def handle_unknown_mailbox(
        ),
        render(
            "transactional/reply-must-use-personal-email.html",
+            user=user,
            alias=alias,
            sender=envelope.mail_from,
            authorize_address_link=authorize_address_link,
@ -1585,7 +1594,7 @@ def handle_bounce_forward_phase(msg: Message, email_log: EmailLog):
        LOG.w(
            f"Disable alias {alias} because {reason}. {alias.mailboxes} {alias.user}. Last contact {contact}"
        )
-        alias.enabled = False
+        change_alias_status(alias, enabled=False)

        Notification.create(
            user_id=user.id,
@ -1604,12 +1613,14 @@ def handle_bounce_forward_phase(msg: Message, email_log: EmailLog):
            f"Alias {alias.email} has been disabled due to multiple bounces",
            render(
                "transactional/bounce/automatic-disable-alias.txt",
+                user=alias.user,
                alias=alias,
                refused_email_url=refused_email_url,
                mailbox_email=mailbox.email,
            ),
            render(
                "transactional/bounce/automatic-disable-alias.html",
+                user=alias.user,
                alias=alias,
                refused_email_url=refused_email_url,
                mailbox_email=mailbox.email,
@ -1648,6 +1659,7 @@ def handle_bounce_forward_phase(msg: Message, email_log: EmailLog):
            f"An email sent to {alias.email} cannot be delivered to your mailbox",
            render(
                "transactional/bounce/bounced-email.txt.jinja2",
+                user=alias.user,
                alias=alias,
                website_email=contact.website_email,
                disable_alias_link=disable_alias_link,
@ -1657,6 +1669,7 @@ def handle_bounce_forward_phase(msg: Message, email_log: EmailLog):
            ),
            render(
                "transactional/bounce/bounced-email.html",
+                user=alias.user,
                alias=alias,
                website_email=contact.website_email,
                disable_alias_link=disable_alias_link,
@ -1749,12 +1762,14 @@ def handle_bounce_reply_phase(envelope, msg: Message, email_log: EmailLog):
        f"Email cannot be sent to { contact.email } from your alias { alias.email }",
        render(
            "transactional/bounce/bounce-email-reply-phase.txt",
+            user=user,
            alias=alias,
            contact=contact,
            refused_email_url=refused_email_url,
        ),
        render(
            "transactional/bounce/bounce-email-reply-phase.html",
+            user=user,
            alias=alias,
            contact=contact,
            refused_email_url=refused_email_url,
@ -1817,6 +1832,7 @@ def handle_spam(
            f"Email from {alias.email} to {contact.website_email} is detected as spam",
            render(
                "transactional/spam-email-reply-phase.txt",
+                user=user,
                alias=alias,
                website_email=contact.website_email,
                disable_alias_link=disable_alias_link,
@ -1824,6 +1840,7 @@ def handle_spam(
            ),
            render(
                "transactional/spam-email-reply-phase.html",
+                user=user,
                alias=alias,
                website_email=contact.website_email,
                disable_alias_link=disable_alias_link,
@ -1846,6 +1863,7 @@ def handle_spam(
            f"Email from {contact.website_email} to {alias.email} is detected as spam",
            render(
                "transactional/spam-email.txt",
+                user=user,
                alias=alias,
                website_email=contact.website_email,
                disable_alias_link=disable_alias_link,
@ -1853,6 +1871,7 @@ def handle_spam(
            ),
            render(
                "transactional/spam-email.html",
+                user=user,
                alias=alias,
                website_email=contact.website_email,
                disable_alias_link=disable_alias_link,
@ -2009,7 +2028,7 @@ def send_no_reply_response(mail_from: str, msg: Message):
        ALERT_TO_NOREPLY,
        mailbox.user.email,
        "Auto: {}".format(msg[headers.SUBJECT] or "No subject"),
-        render("transactional/noreply.text.jinja2"),
+        render("transactional/noreply.text.jinja2", user=mailbox.user),
    )


@ -2091,6 +2110,7 @@ def handle(envelope: Envelope, msg: Message) -> str:
            "SimpleLogin shouldn't be used with another email forwarding system",
            render(
                "transactional/email-sent-from-reverse-alias.txt.jinja2",
+                user=user,
            ),
        )

--- a/app/event_listener.py
+++ b/app/event_listener.py
@ -0,0 +1,64 @@
+import argparse
+from enum import Enum
+from sys import argv, exit
+
+from app.config import DB_URI
+from app.log import LOG
+from events.runner import Runner
+from events.event_source import DeadLetterEventSource, PostgresEventSource
+from events.event_sink import ConsoleEventSink, HttpEventSink
+
+
+class Mode(Enum):
+    DEAD_LETTER = "dead_letter"
+    LISTENER = "listener"
+
+    @staticmethod
+    def from_str(value: str):
+        if value == Mode.DEAD_LETTER.value:
+            return Mode.DEAD_LETTER
+        elif value == Mode.LISTENER.value:
+            return Mode.LISTENER
+        else:
+            raise ValueError(f"Invalid mode: {value}")
+
+
+def main(mode: Mode, dry_run: bool):
+    if mode == Mode.DEAD_LETTER:
+        LOG.i("Using DeadLetterEventSource")
+        source = DeadLetterEventSource()
+    elif mode == Mode.LISTENER:
+        LOG.i("Using PostgresEventSource")
+        source = PostgresEventSource(DB_URI)
+    else:
+        raise ValueError(f"Invalid mode: {mode}")
+
+    if dry_run:
+        LOG.i("Starting with ConsoleEventSink")
+        sink = ConsoleEventSink()
+    else:
+        LOG.i("Starting with HttpEventSink")
+        sink = HttpEventSink()
+
+    runner = Runner(source=source, sink=sink)
+    runner.run()
+
+
+def args():
+    parser = argparse.ArgumentParser(description="Run event listener")
+    parser.add_argument(
+        "mode",
+        help="Mode to run",
+        choices=[Mode.DEAD_LETTER.value, Mode.LISTENER.value],
+    )
+    parser.add_argument("--dry-run", help="Dry run mode", action="store_true")
+    return parser.parse_args()
+
+
+if __name__ == "__main__":
+    if len(argv) < 2:
+        print("Invalid usage. Pass 'listener' or 'dead_letter' as argument")
+        exit(1)
+
+    args = args()
+    main(Mode.from_str(args.mode), args.dry_run)
--- a/app/events/init.py
+++ b/app/events/init.py
--- a/app/events/event_sink.py
+++ b/app/events/event_sink.py
@ -0,0 +1,42 @@
+import requests
+
+from abc import ABC, abstractmethod
+from app.config import EVENT_WEBHOOK, EVENT_WEBHOOK_SKIP_VERIFY_SSL
+from app.log import LOG
+from app.models import SyncEvent
+
+
+class EventSink(ABC):
+    @abstractmethod
+    def process(self, event: SyncEvent) -> bool:
+        pass
+
+
+class HttpEventSink(EventSink):
+    def process(self, event: SyncEvent) -> bool:
+        if not EVENT_WEBHOOK:
+            LOG.warning("Skipping sending event because there is no webhook configured")
+            return False
+
+        LOG.info(f"Sending event {event.id} to {EVENT_WEBHOOK}")
+
+        res = requests.post(
+            url=EVENT_WEBHOOK,
+            data=event.content,
+            headers={"Content-Type": "application/x-protobuf"},
+            verify=not EVENT_WEBHOOK_SKIP_VERIFY_SSL,
+        )
+        if res.status_code != 200:
+            LOG.warning(
+                f"Failed to send event to webhook: {res.status_code} {res.text}"
+            )
+            return False
+        else:
+            LOG.info(f"Event {event.id} sent successfully to webhook")
+            return True
+
+
+class ConsoleEventSink(EventSink):
+    def process(self, event: SyncEvent) -> bool:
+        LOG.info(f"Handling event {event.id}")
+        return True
--- a/app/events/event_source.py
+++ b/app/events/event_source.py
@ -0,0 +1,100 @@
+import arrow
+import newrelic.agent
+import psycopg2
+import select
+
+from abc import ABC, abstractmethod
+from app.log import LOG
+from app.models import SyncEvent
+from app.events.event_dispatcher import NOTIFICATION_CHANNEL
+from time import sleep
+from typing import Callable, NoReturn
+
+_DEAD_LETTER_THRESHOLD_MINUTES = 10
+_DEAD_LETTER_INTERVAL_SECONDS = 30
+
+_POSTGRES_RECONNECT_INTERVAL_SECONDS = 5
+
+
+class EventSource(ABC):
+    @abstractmethod
+    def run(self, on_event: Callable[[SyncEvent], NoReturn]):
+        pass
+
+
+class PostgresEventSource(EventSource):
+    def __init__(self, connection_string: str):
+        self.__connection_string = connection_string
+        self.__connect()
+
+    def run(self, on_event: Callable[[SyncEvent], NoReturn]):
+        while True:
+            try:
+                self.__listen(on_event)
+            except Exception as e:
+                LOG.warn(f"Error listening to events: {e}")
+                sleep(_POSTGRES_RECONNECT_INTERVAL_SECONDS)
+                self.__connect()
+
+    def __listen(self, on_event: Callable[[SyncEvent], NoReturn]):
+        self.__connection.set_isolation_level(
+            psycopg2.extensions.ISOLATION_LEVEL_AUTOCOMMIT
+        )
+
+        cursor = self.__connection.cursor()
+        cursor.execute(f"LISTEN {NOTIFICATION_CHANNEL};")
+
+        while True:
+            if select.select([self.__connection], [], [], 5) != ([], [], []):
+                self.__connection.poll()
+                while self.__connection.notifies:
+                    notify = self.__connection.notifies.pop(0)
+                    LOG.debug(
+                        f"Got NOTIFY: pid={notify.pid} channel={notify.channel} payload={notify.payload}"
+                    )
+                    try:
+                        webhook_id = int(notify.payload)
+                        event = SyncEvent.get_by(id=webhook_id)
+                        if event is not None:
+                            if event.mark_as_taken():
+                                on_event(event)
+                            else:
+                                LOG.info(
+                                    f"Event {event.id} was handled by another runner"
+                                )
+                        else:
+                            LOG.info(f"Could not find event with id={notify.payload}")
+                    except Exception as e:
+                        LOG.warn(f"Error getting event: {e}")
+
+    def __connect(self):
+        self.__connection = psycopg2.connect(self.__connection_string)
+
+        from app.db import Session
+
+        Session.close()
+
+
+class DeadLetterEventSource(EventSource):
+    @newrelic.agent.background_task()
+    def run(self, on_event: Callable[[SyncEvent], NoReturn]):
+        while True:
+            try:
+                threshold = arrow.utcnow().shift(
+                    minutes=-_DEAD_LETTER_THRESHOLD_MINUTES
+                )
+                events = SyncEvent.get_dead_letter(older_than=threshold)
+                if events:
+                    LOG.info(f"Got {len(events)} dead letter events")
+                    if events:
+                        newrelic.agent.record_custom_metric(
+                            "Custom/dead_letter_events_to_process", len(events)
+                        )
+                    for event in events:
+                        on_event(event)
+                else:
+                    LOG.debug("No dead letter events")
+                    sleep(_DEAD_LETTER_INTERVAL_SECONDS)
+            except Exception as e:
+                LOG.warn(f"Error getting dead letter event: {e}")
+                sleep(_DEAD_LETTER_INTERVAL_SECONDS)
--- a/app/events/runner.py
+++ b/app/events/runner.py
@ -0,0 +1,42 @@
+import arrow
+import newrelic.agent
+
+from app.log import LOG
+from app.models import SyncEvent
+from events.event_sink import EventSink
+from events.event_source import EventSource
+
+
+class Runner:
+    def __init__(self, source: EventSource, sink: EventSink):
+        self.__source = source
+        self.__sink = sink
+
+    def run(self):
+        self.__source.run(self.__on_event)
+
+    @newrelic.agent.background_task()
+    def __on_event(self, event: SyncEvent):
+        try:
+            event_created_at = event.created_at
+            start_time = arrow.now()
+            success = self.__sink.process(event)
+            if success:
+                event_id = event.id
+                SyncEvent.delete(event.id, commit=True)
+                LOG.info(f"Marked {event_id} as done")
+
+                end_time = arrow.now() - start_time
+                time_between_taken_and_created = start_time - event_created_at
+
+                newrelic.agent.record_custom_metric("Custom/sync_event_processed", 1)
+                newrelic.agent.record_custom_metric(
+                    "Custom/sync_event_process_time", end_time.total_seconds()
+                )
+                newrelic.agent.record_custom_metric(
+                    "Custom/sync_event_elapsed_time",
+                    time_between_taken_and_created.total_seconds(),
+                )
+        except Exception as e:
+            LOG.warn(f"Exception processing event [id={event.id}]: {e}")
+            newrelic.agent.record_custom_metric("Custom/sync_event_failed", 1)
--- a/app/job_runner.py
+++ b/app/job_runner.py
@ -15,6 +15,7 @@ from app.email_utils import (
    render,
 )
 from app.import_utils import handle_batch_import
+from app.jobs.event_jobs import send_alias_creation_events_for_user
 from app.jobs.export_user_data_job import ExportUserDataJob
 from app.log import LOG
 from app.models import User, Job, BatchImport, Mailbox, CustomDomain, JobState
@ -197,13 +198,18 @@ def process_job(job: Job):
            onboarding_mailbox(user)
    elif job.name == config.JOB_ONBOARDING_4:
        user_id = job.payload.get("user_id")
-        user = User.get(user_id)
+        user: User = User.get(user_id)

        # user might delete their account in the meantime
        # or disable the notification
        if user and user.notification and user.activated:
-            LOG.d("send onboarding pgp email to user %s", user)
-            onboarding_pgp(user)
+            # if user only has 1 mailbox which is Proton then do not send PGP onboarding email
+            mailboxes = user.mailboxes()
+            if len(mailboxes) == 1 and mailboxes[0].is_proton():
+                LOG.d("Do not send onboarding PGP email to Proton mailbox")
+            else:
+                LOG.d("send onboarding pgp email to user %s", user)
+                onboarding_pgp(user)

    elif job.name == config.JOB_BATCH_IMPORT:
        batch_import_id = job.payload.get("batch_import_id")
@ -219,16 +225,15 @@ def process_job(job: Job):

        user_email = user.email
        LOG.w("Delete user %s", user)
-        User.delete(user.id)
-        Session.commit()
-
        send_email(
            user_email,
            "Your SimpleLogin account has been deleted",
-            render("transactional/account-delete.txt"),
-            render("transactional/account-delete.html"),
+            render("transactional/account-delete.txt", user=user),
+            render("transactional/account-delete.html", user=user),
            retries=3,
        )
+        User.delete(user.id)
+        Session.commit()
    elif job.name == config.JOB_DELETE_MAILBOX:
        delete_mailbox_job(job)

@ -264,8 +269,14 @@ SimpleLogin team.
        user_id = job.payload.get("user_id")
        user = User.get(user_id)
        if user and user.activated:
-            LOG.d("send proton welcome email to user %s", user)
+            LOG.d("Send proton welcome email to user %s", user)
            welcome_proton(user)
+    elif job.name == config.JOB_SEND_ALIAS_CREATION_EVENTS:
+        user_id = job.payload.get("user_id")
+        user = User.get(user_id)
+        if user and user.activated:
+            LOG.d(f"Sending alias creation events for {user}")
+            send_alias_creation_events_for_user(user)
    else:
        LOG.e("Unknown job name %s", job.name)

--- a/app/migrations/versions/2024_051713_06a9a7133445_.py
+++ b/app/migrations/versions/2024_051713_06a9a7133445_.py
@ -0,0 +1,38 @@
+"""Create sync_event table
+
+Revision ID: 06a9a7133445
+Revises: fa2f19bb4e5a
+Create Date: 2024-05-17 13:11:20.402259
+
+"""
+import sqlalchemy_utils
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = '06a9a7133445'
+down_revision = 'fa2f19bb4e5a'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.create_table('sync_event',
+    sa.Column('id', sa.Integer(), autoincrement=True, nullable=False),
+    sa.Column('created_at', sqlalchemy_utils.types.arrow.ArrowType(), nullable=False),
+    sa.Column('updated_at', sqlalchemy_utils.types.arrow.ArrowType(), nullable=True),
+    sa.Column('content', sa.LargeBinary(), nullable=False),
+    sa.Column('taken_time', sqlalchemy_utils.types.arrow.ArrowType(), nullable=True),
+    sa.PrimaryKeyConstraint('id')
+    )
+    op.create_index(op.f('ix_sync_event_created_at'), 'sync_event', ['created_at'], unique=False)
+    op.create_index(op.f('ix_sync_event_taken_time'), 'sync_event', ['taken_time'], unique=False)
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_table('sync_event')
+    # ### end Alembic commands ###
--- a/app/migrations/versions/2024_070516_d608b8e48082_.py
+++ b/app/migrations/versions/2024_070516_d608b8e48082_.py
@ -0,0 +1,31 @@
+"""empty message
+
+Revision ID: d608b8e48082
+Revises: 06a9a7133445
+Create Date: 2024-07-05 16:56:04.220173
+
+"""
+import sqlalchemy_utils
+from alembic import op
+import sqlalchemy as sa
+
+
+# revision identifiers, used by Alembic.
+revision = 'd608b8e48082'
+down_revision = '06a9a7133445'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.add_column('deleted_alias', sa.Column('reason', sa.Integer(), default=0, server_default='0', nullable=False))
+    op.add_column('domain_deleted_alias', sa.Column('reason', sa.Integer(), default=0, server_default='0', nullable=False))
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.drop_column('domain_deleted_alias', 'reason')
+    op.drop_column('deleted_alias', 'reason')
+    # ### end Alembic commands ###
--- a/app/monitoring.py
+++ b/app/monitoring.py
@ -4,6 +4,7 @@ import subprocess
 from time import sleep
 from typing import List, Dict

+import arrow
 import newrelic.agent

 from app.db import Session
@ -93,11 +94,44 @@ def log_nb_db_connection():
    newrelic.agent.record_custom_metric("Custom/nb_db_connections", nb_connection)


+@newrelic.agent.background_task()
+def log_pending_to_process_events():
+    r = Session.execute("select count(*) from sync_event WHERE taken_time IS NULL;")
+    events_pending = list(r)[0][0]
+
+    LOG.d("number of events pending to process %s", events_pending)
+    newrelic.agent.record_custom_metric(
+        "Custom/sync_events_pending_to_process", events_pending
+    )
+
+
+@newrelic.agent.background_task()
+def log_events_pending_dead_letter():
+    since = arrow.now().shift(minutes=-10).datetime
+    r = Session.execute(
+        """
+        SELECT COUNT(*)
+        FROM sync_event
+        WHERE (taken_time IS NOT NULL AND taken_time < :since)
+           OR (taken_time IS NULL AND created_at < :since)
+        """,
+        {"since": since},
+    )
+    events_pending = list(r)[0][0]
+
+    LOG.d("number of events pending dead letter %s", events_pending)
+    newrelic.agent.record_custom_metric(
+        "Custom/sync_events_pending_dead_letter", events_pending
+    )
+
+
 if __name__ == "__main__":
    exporter = MetricExporter(get_newrelic_license())
    while True:
        log_postfix_metrics()
        log_nb_db_connection()
+        log_pending_to_process_events()
+        log_events_pending_dead_letter()
        Session.close()

        exporter.run()
--- a/app/oneshot/recalculate_user_flag_alias_create_from_partner.py
+++ b/app/oneshot/recalculate_user_flag_alias_create_from_partner.py
@ -0,0 +1,55 @@
+#!/usr/bin/env python3
+import argparse
+import time
+
+from sqlalchemy import func
+from app.models import Alias, User
+from app.db import Session
+
+parser = argparse.ArgumentParser(
+    prog="Backfill alias", description="Backfill user flags for partner alias created"
+)
+parser.add_argument(
+    "-s", "--start_user_id", default=0, type=int, help="Initial user_id"
+)
+parser.add_argument("-e", "--end_user_id", default=0, type=int, help="Last user_id")
+
+args = parser.parse_args()
+user_id_start = args.start_user_id
+max_user_id = args.end_user_id
+if max_user_id == 0:
+    max_user_id = Session.query(func.max(User.id)).scalar()
+
+print(f"Checking user {user_id_start} to {max_user_id}")
+step = 1000
+el_query = "SELECT user_id, count(id) from alias where user_id>=:start AND user_id < :end AND flags & :alias_flag > 0 GROUP BY user_id"
+user_update_query = "UPDATE users set flags = flags | :user_flag where id = :user_id"
+updated = 0
+start_time = time.time()
+for batch_start in range(user_id_start, max_user_id, step):
+    rows = Session.execute(
+        el_query,
+        {
+            "start": batch_start,
+            "end": batch_start + step,
+            "alias_flag": Alias.FLAG_PARTNER_CREATED,
+        },
+    )
+    for row in rows:
+        if row[1] > 0:
+            Session.execute(
+                user_update_query,
+                {"user_id": row[0], "user_flag": User.FLAG_CREATED_ALIAS_FROM_PARTNER},
+            )
+            Session.commit()
+            updated += 1
+    elapsed = time.time() - start_time
+    time_per_alias = elapsed / (updated + 1)
+    last_batch_id = batch_start + step
+    remaining = max_user_id - last_batch_id
+    time_remaining = (max_user_id - last_batch_id) * time_per_alias
+    hours_remaining = time_remaining / 3600.0
+    print(
+        f"\rUser {batch_start}/{max_user_id} {updated} {hours_remaining:.2f}hrs remaining"
+    )
+print("")
--- a/app/poetry.lock
+++ b/app/poetry.lock
@ -2150,24 +2150,22 @@ wcwidth = "*"

 [[package]]
 name = "protobuf"
-version = "4.24.3"
+version = "5.27.1"
 description = ""
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.8"
 files = [
-    {file = "protobuf-4.24.3-cp310-abi3-win32.whl", hash = "sha256:20651f11b6adc70c0f29efbe8f4a94a74caf61b6200472a9aea6e19898f9fcf4"},
-    {file = "protobuf-4.24.3-cp310-abi3-win_amd64.whl", hash = "sha256:3d42e9e4796a811478c783ef63dc85b5a104b44aaaca85d4864d5b886e4b05e3"},
-    {file = "protobuf-4.24.3-cp37-abi3-macosx_10_9_universal2.whl", hash = "sha256:6e514e8af0045be2b56e56ae1bb14f43ce7ffa0f68b1c793670ccbe2c4fc7d2b"},
-    {file = "protobuf-4.24.3-cp37-abi3-manylinux2014_aarch64.whl", hash = "sha256:ba53c2f04798a326774f0e53b9c759eaef4f6a568ea7072ec6629851c8435959"},
-    {file = "protobuf-4.24.3-cp37-abi3-manylinux2014_x86_64.whl", hash = "sha256:f6ccbcf027761a2978c1406070c3788f6de4a4b2cc20800cc03d52df716ad675"},
-    {file = "protobuf-4.24.3-cp37-cp37m-win32.whl", hash = "sha256:1b182c7181a2891e8f7f3a1b5242e4ec54d1f42582485a896e4de81aa17540c2"},
-    {file = "protobuf-4.24.3-cp37-cp37m-win_amd64.whl", hash = "sha256:b0271a701e6782880d65a308ba42bc43874dabd1a0a0f41f72d2dac3b57f8e76"},
-    {file = "protobuf-4.24.3-cp38-cp38-win32.whl", hash = "sha256:e29d79c913f17a60cf17c626f1041e5288e9885c8579832580209de8b75f2a52"},
-    {file = "protobuf-4.24.3-cp38-cp38-win_amd64.whl", hash = "sha256:067f750169bc644da2e1ef18c785e85071b7c296f14ac53e0900e605da588719"},
-    {file = "protobuf-4.24.3-cp39-cp39-win32.whl", hash = "sha256:2da777d34b4f4f7613cdf85c70eb9a90b1fbef9d36ae4a0ccfe014b0b07906f1"},
-    {file = "protobuf-4.24.3-cp39-cp39-win_amd64.whl", hash = "sha256:f631bb982c5478e0c1c70eab383af74a84be66945ebf5dd6b06fc90079668d0b"},
-    {file = "protobuf-4.24.3-py3-none-any.whl", hash = "sha256:f6f8dc65625dadaad0c8545319c2e2f0424fede988368893ca3844261342c11a"},
-    {file = "protobuf-4.24.3.tar.gz", hash = "sha256:12e9ad2ec079b833176d2921be2cb24281fa591f0b119b208b788adc48c2561d"},
+    {file = "protobuf-5.27.1-cp310-abi3-win32.whl", hash = "sha256:3adc15ec0ff35c5b2d0992f9345b04a540c1e73bfee3ff1643db43cc1d734333"},
+    {file = "protobuf-5.27.1-cp310-abi3-win_amd64.whl", hash = "sha256:25236b69ab4ce1bec413fd4b68a15ef8141794427e0b4dc173e9d5d9dffc3bcd"},
+    {file = "protobuf-5.27.1-cp38-abi3-macosx_10_9_universal2.whl", hash = "sha256:4e38fc29d7df32e01a41cf118b5a968b1efd46b9c41ff515234e794011c78b17"},
+    {file = "protobuf-5.27.1-cp38-abi3-manylinux2014_aarch64.whl", hash = "sha256:917ed03c3eb8a2d51c3496359f5b53b4e4b7e40edfbdd3d3f34336e0eef6825a"},
+    {file = "protobuf-5.27.1-cp38-abi3-manylinux2014_x86_64.whl", hash = "sha256:ee52874a9e69a30271649be88ecbe69d374232e8fd0b4e4b0aaaa87f429f1631"},
+    {file = "protobuf-5.27.1-cp38-cp38-win32.whl", hash = "sha256:7a97b9c5aed86b9ca289eb5148df6c208ab5bb6906930590961e08f097258107"},
+    {file = "protobuf-5.27.1-cp38-cp38-win_amd64.whl", hash = "sha256:f6abd0f69968792da7460d3c2cfa7d94fd74e1c21df321eb6345b963f9ec3d8d"},
+    {file = "protobuf-5.27.1-cp39-cp39-win32.whl", hash = "sha256:dfddb7537f789002cc4eb00752c92e67885badcc7005566f2c5de9d969d3282d"},
+    {file = "protobuf-5.27.1-cp39-cp39-win_amd64.whl", hash = "sha256:39309898b912ca6febb0084ea912e976482834f401be35840a008da12d189340"},
+    {file = "protobuf-5.27.1-py3-none-any.whl", hash = "sha256:4ac7249a1530a2ed50e24201d6630125ced04b30619262f06224616e0030b6cf"},
+    {file = "protobuf-5.27.1.tar.gz", hash = "sha256:df5e5b8e39b7d1c25b186ffdf9f44f40f810bbcc9d2b71d9d3156fee5a9adf15"},
 ]

 [[package]]
--- a/app/proto/event.proto
+++ b/app/proto/event.proto
@ -0,0 +1,50 @@
+syntax = "proto3";
+
+package simplelogin_events;
+
+message UserPlanChanged {
+  uint32 plan_end_time = 1;
+}
+
+message UserDeleted {
+}
+
+message AliasCreated {
+  uint32 alias_id = 1;
+  string alias_email = 2;
+  string alias_note = 3;
+  bool enabled = 4;
+}
+
+message AliasStatusChanged {
+  uint32 alias_id = 1;
+  string alias_email = 2;
+  bool enabled = 3;
+}
+
+message AliasDeleted {
+  uint32 alias_id = 1;
+  string alias_email = 2;
+}
+
+message AliasCreatedList {
+  repeated AliasCreated events = 1;
+}
+
+message EventContent {
+  oneof content {
+    UserPlanChanged user_plan_change = 1;
+    UserDeleted user_deleted = 2;
+    AliasCreated alias_created = 3;
+    AliasStatusChanged alias_status_change = 4;
+    AliasDeleted alias_deleted = 5;
+    AliasCreatedList alias_create_list = 6;
+  }
+}
+
+message Event {
+  uint32 user_id = 1;
+  string external_user_id = 2;
+  uint32 partner_id = 3;
+  EventContent content = 4;
+}
--- a/app/pyproject.toml
+++ b/app/pyproject.toml
@ -14,13 +14,14 @@ exclude = '''
    | build
    | dist
    | migrations    # migrations/ is generated by alembic
+    | app/events/generated
  )/
 )
 '''

 [tool.ruff]
 ignore-init-module-imports = true
-exclude = [".venv", "migrations"]
+exclude = [".venv", "migrations", "app/events/generated"]

 [tool.djlint]
 indent = 2
--- a/app/scripts/generate-proto-files.sh
+++ b/app/scripts/generate-proto-files.sh
@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -euxo pipefail
+
+SCRIPT_DIR="$(cd "$(dirname "$0")" || exit 1; pwd -P)"
+REPO_ROOT=$(echo "${SCRIPT_DIR}" | sed 's:scripts::g')
+
+DEST_DIR="${REPO_ROOT}/app/events/generated"
+
+PROTOC=${PROTOC:-"protoc"}
+
+if ! eval "${PROTOC} --version" &> /dev/null ; then
+  echo "Cannot find $PROTOC"
+  exit 1
+fi
+
+rm -rf "${DEST_DIR}"
+mkdir -p "${DEST_DIR}"
+
+pushd $REPO_ROOT || exit 1
+
+eval "${PROTOC} --proto_path=proto --python_out=\"${DEST_DIR}\" --pyi_out=\"${DEST_DIR}\" proto/event.proto"
+
+popd || exit 1
--- a/app/server.py
+++ b/app/server.py
@ -542,6 +542,7 @@ def setup_paddle_callback(app: Flask):
                    "SimpleLogin - your subscription is canceled",
                    render(
                        "transactional/subscription-cancel.txt",
+                        user=user,
                        end_date=request.form.get("cancellation_effective_date"),
                    ),
                )
@ -722,10 +723,12 @@ def handle_coinbase_event(event) -> bool:
            "Your SimpleLogin account has been upgraded",
            render(
                "transactional/coinbase/new-subscription.txt",
+                user=user,
                coinbase_subscription=coinbase_subscription,
            ),
            render(
                "transactional/coinbase/new-subscription.html",
+                user=user,
                coinbase_subscription=coinbase_subscription,
            ),
        )
@ -746,10 +749,12 @@ def handle_coinbase_event(event) -> bool:
            "Your SimpleLogin account has been extended",
            render(
                "transactional/coinbase/extend-subscription.txt",
+                user=user,
                coinbase_subscription=coinbase_subscription,
            ),
            render(
                "transactional/coinbase/extend-subscription.html",
+                user=user,
                coinbase_subscription=coinbase_subscription,
            ),
        )
--- a/app/static/logo-proton.png
+++ b/app/static/logo-proton.png
--- a/app/templates/emails/base.html
+++ b/app/templates/emails/base.html
@ -1,623 +1,8 @@
-{% from "_emailhelpers.html" import render_text, text, render_button, raw_url, grey_section, section %}
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
-  <head>
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <meta name="x-apple-disable-message-reformatting" />
-    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-    <style type="text/css" rel="stylesheet" media="all">
-    /* Base ------------------------------ */
-    body {
-      width: 100% !important;
-      height: 100%;
-      margin: 0;
-      -webkit-text-size-adjust: none;
-        line-height: 1.6;
-    }
+{% if USE_PARTNER_TEMPLATE %}

-    img {
-        max-width: 100%;
-    }
+  {% extends "base_partner.html" %}

-    a {
-      color: #3869D4;
-    }
+{% else %}
+  {% extends "base_sl.html" %}

-    a img {
-      border: none;
-    }
-
-    td {
-      word-break: break-word;
-    }
-
-    .preheader {
-      display: none !important;
-      visibility: hidden;
-      mso-hide: all;
-      font-size: 1px;
-      line-height: 1px;
-      max-height: 0;
-      max-width: 0;
-      opacity: 0;
-      overflow: hidden;
-    }
-    /* Type ------------------------------ */
-
-    body,
-    td,
-    th {
-      font-family: "Nunito Sans", Helvetica, Arial, sans-serif;
-    }
-
-    h1 {
-      margin-top: 0;
-      color: #333333;
-      font-size: 22px;
-      font-weight: bold;
-      text-align: left;
-    }
-
-    h2 {
-      margin-top: 0;
-      color: #333333;
-      font-size: 16px;
-      font-weight: bold;
-      text-align: left;
-    }
-
-    h3 {
-      margin-top: 0;
-      color: #333333;
-      font-size: 14px;
-      font-weight: bold;
-      text-align: left;
-    }
-
-    td,
-    th {
-      font-size: 16px;
-    }
-
-    p,
-    ul,
-    ol,
-    blockquote {
-      margin: .4em 0 1.1875em;
-      font-size: 16px;
-      line-height: 1.625;
-    }
-
-    p.sub {
-      font-size: 13px;
-    }
-    /* Utilities ------------------------------ */
-
-    .align-right {
-      text-align: right;
-    }
-
-    .align-left {
-      text-align: left;
-    }
-
-    .align-center {
-      text-align: center;
-    }
-    /* Buttons ------------------------------ */
-
-    .button {
-      background-color: #3869D4;
-      border-top: 10px solid #3869D4;
-      border-right: 18px solid #3869D4;
-      border-bottom: 10px solid #3869D4;
-      border-left: 18px solid #3869D4;
-      display: inline-block;
-      color: #FFF;
-      text-decoration: none;
-      border-radius: 3px;
-      box-shadow: 0 2px 3px rgba(0, 0, 0, 0.16);
-      -webkit-text-size-adjust: none;
-      box-sizing: border-box;
-    }
-
-    .button--green {
-      background-color: #22BC66;
-      border-top: 10px solid #22BC66;
-      border-right: 18px solid #22BC66;
-      border-bottom: 10px solid #22BC66;
-      border-left: 18px solid #22BC66;
-    }
-
-    .button--red {
-      background-color: #FF6136;
-      border-top: 10px solid #FF6136;
-      border-right: 18px solid #FF6136;
-      border-bottom: 10px solid #FF6136;
-      border-left: 18px solid #FF6136;
-    }
-
-    @media only screen and (max-width: 500px) {
-      .button {
-        width: 100% !important;
-        text-align: center !important;
-      }
-    }
-    /* Attribute list ------------------------------ */
-
-    .attributes {
-      margin: 0 0 21px;
-    }
-
-    .attributes_content {
-      background-color: #F4F4F7;
-      padding: 16px;
-    }
-
-    .attributes_item {
-      padding: 0;
-    }
-    /* Related Items ------------------------------ */
-
-    .related {
-      width: 100%;
-      margin: 0;
-      padding: 25px 0 0 0;
-      -premailer-width: 100%;
-      -premailer-cellpadding: 0;
-      -premailer-cellspacing: 0;
-    }
-
-    .related_item {
-      padding: 10px 0;
-      color: #CBCCCF;
-      font-size: 15px;
-      line-height: 18px;
-    }
-
-    .related_item-title {
-      display: block;
-      margin: .5em 0 0;
-    }
-
-    .related_item-thumb {
-      display: block;
-      padding-bottom: 10px;
-    }
-
-    .related_heading {
-      border-top: 1px solid #CBCCCF;
-      text-align: center;
-      padding: 25px 0 10px;
-    }
-    /* Discount Code ------------------------------ */
-
-    .discount {
-      width: 100%;
-      margin: 0;
-      padding: 24px;
-      -premailer-width: 100%;
-      -premailer-cellpadding: 0;
-      -premailer-cellspacing: 0;
-      background-color: #F4F4F7;
-      border: 2px dashed #CBCCCF;
-    }
-
-    .discount_heading {
-      text-align: center;
-    }
-
-    .discount_body {
-      text-align: center;
-      font-size: 15px;
-    }
-    /* Social Icons ------------------------------ */
-
-    .social {
-      width: auto;
-    }
-
-    .social td {
-      padding: 0;
-      width: auto;
-    }
-
-    .social_icon {
-      height: 20px;
-      margin: 0 8px 10px 8px;
-      padding: 0;
-    }
-    /* Data table ------------------------------ */
-
-    .purchase {
-      width: 100%;
-      margin: 0;
-      padding: 35px 0;
-      -premailer-width: 100%;
-      -premailer-cellpadding: 0;
-      -premailer-cellspacing: 0;
-    }
-
-    .purchase_content {
-      width: 100%;
-      margin: 0;
-      padding: 25px 0 0 0;
-      -premailer-width: 100%;
-      -premailer-cellpadding: 0;
-      -premailer-cellspacing: 0;
-    }
-
-    .purchase_item {
-      padding: 10px 0;
-      color: #51545E;
-      font-size: 15px;
-      line-height: 18px;
-    }
-
-    .purchase_heading {
-      padding-bottom: 8px;
-      border-bottom: 1px solid #EAEAEC;
-    }
-
-    .purchase_heading p {
-      margin: 0;
-      color: #85878E;
-      font-size: 12px;
-    }
-
-    .purchase_footer {
-      padding-top: 15px;
-      border-top: 1px solid #EAEAEC;
-    }
-
-    .purchase_total {
-      margin: 0;
-      text-align: right;
-      font-weight: bold;
-      color: #333333;
-    }
-
-    .purchase_total--label {
-      padding: 0 15px 0 0;
-    }
-
-    body {
-      background-color: #F2F4F6;
-      color: #51545E;
-    }
-
-    p {
-      color: #51545E;
-    }
-
-    .email-wrapper {
-      width: 100%;
-      margin: 0;
-      padding: 0;
-      -premailer-width: 100%;
-      -premailer-cellpadding: 0;
-      -premailer-cellspacing: 0;
-      background-color: #F2F4F6;
-    }
-
-    .email-content {
-      width: 100%;
-      margin: 0;
-      padding: 0;
-      -premailer-width: 100%;
-      -premailer-cellpadding: 0;
-      -premailer-cellspacing: 0;
-    }
-    /* Masthead ----------------------- */
-
-    .email-masthead {
-      padding: 25px 0;
-      text-align: center;
-    }
-
-    .email-masthead_logo {
-      width: 94px;
-    }
-
-    .email-masthead_name {
-      font-size: 16px;
-      font-weight: bold;
-      color: #A8AAAF;
-      text-decoration: none;
-      text-shadow: 0 1px 0 white;
-    }
-    /* Body ------------------------------ */
-
-    .email-body {
-      width: 100%;
-      margin: 0;
-      padding: 0;
-      -premailer-width: 100%;
-      -premailer-cellpadding: 0;
-      -premailer-cellspacing: 0;
-    }
-
-    .email-body_inner {
-      width: 750px;
-      margin: 0 auto;
-      padding: 0;
-      -premailer-width: 750px;
-      -premailer-cellpadding: 0;
-      -premailer-cellspacing: 0;
-      background-color: #FFFFFF;
-    }
-
-    .email-footer {
-      width: 750px;
-      margin: 0 auto;
-      padding: 0;
-      -premailer-width: 750px;
-      -premailer-cellpadding: 0;
-      -premailer-cellspacing: 0;
-      text-align: center;
-    }
-
-    .email-footer p {
-      color: #A8AAAF;
-    }
-
-    .body-action {
-      width: 100%;
-      margin: 30px auto;
-      padding: 0;
-      -premailer-width: 100%;
-      -premailer-cellpadding: 0;
-      -premailer-cellspacing: 0;
-      text-align: center;
-    }
-
-    .body-sub {
-      margin-top: 25px;
-      padding-top: 25px;
-      border-top: 1px solid #EAEAEC;
-    }
-
-    .content-cell {
-      padding: 30px;
-    }
-    /*Media Queries ------------------------------ */
-
-    @media only screen and (max-width: 600px) {
-      .email-body_inner,
-      .email-footer {
-        width: 100% !important;
-      }
-    }
-
-    @media (prefers-color-scheme: dark) {
-      body,
-      .email-body,
-      .email-body_inner,
-      .email-content,
-      .email-wrapper,
-      .email-masthead,
-      .email-footer {
-        background-color: #333333 !important;
-        color: #FFF !important;
-      }
-      p,
-      ul,
-      ol,
-      blockquote,
-      h1,
-      h2,
-      h3 {
-        color: #FFF !important;
-      }
-      .attributes_content,
-      .discount {
-        background-color: #222 !important;
-      }
-      .email-masthead_name {
-        text-shadow: none !important;
-      }
-    }
-    </style>
-    <!--[if mso]>
-  <style type="text/css">
-    .f-fallback  {
-      font-family: Arial, sans-serif;
-    }
-  </style>
-  <![endif]-->
-    <style type="text/css" rel="stylesheet" media="all">
-    body {
-      width: 100% !important;
-      height: 100%;
-      margin: 0;
-      -webkit-text-size-adjust: none;
-    }
-
-    body {
-      font-family: "Nunito Sans", Helvetica, Arial, sans-serif;
-    }
-
-    body {
-      background-color: #F2F4F6;
-      color: #51545E;
-    }
-    </style>
-  </head>
-  <body style="width: 100% !important;
-               height: 100%;
-               -webkit-text-size-adjust: none;
-               font-family: Helvetica, Arial, sans-serif;
-               background-color: #F2F4F6;
-               color: #51545E;
-               margin: 0;"
-        bgcolor="#F2F4F6">
-    <span class="preheader"
-          style="display: none !important;
-                 visibility: hidden;
-                 mso-hide: all;
-                 font-size: 1px;
-                 line-height: 1px;
-                 max-height: 0;
-                 max-width: 0;
-                 opacity: 0;
-                 overflow: hidden;">{{ pre_header }}</span>
-    <table class="email-wrapper"
-           width="100%"
-           cellpadding="0"
-           cellspacing="0"
-           role="presentation"
-           style="width: 100%;
-                  -premailer-width: 100%;
-                  -premailer-cellpadding: 0;
-                  -premailer-cellspacing: 0;
-                  background-color: #F2F4F6;
-                  margin: 0;
-                  padding: 0;"
-           bgcolor="#F2F4F6">
-      <tr>
-        <td align="center"
-            style="word-break: break-word;
-                   font-family: Helvetica, Arial, sans-serif;
-                   font-size: 16px;">
-          <table class="email-content"
-                 width="100%"
-                 cellpadding="0"
-                 cellspacing="0"
-                 role="presentation"
-                 style="width: 100%;
-                        -premailer-width: 100%;
-                        -premailer-cellpadding: 0;
-                        -premailer-cellspacing: 0;
-                        margin: 0;
-                        padding: 0;">
-            <tr>
-              <td class="email-masthead"
-                  style="word-break: break-word;
-                         font-family: Helvetica, Arial, sans-serif;
-                         font-size: 16px;
-                         text-align: center;
-                         padding: 25px 0;"
-                  align="center">
-                <a href="{{ LANDING_PAGE_URL }}"
-                   class="f-fallback email-masthead_name"
-                   style="color: #A8AAAF;
-                          font-size: 16px;
-                          font-weight: bold;
-                          text-decoration: none;
-                          text-shadow: 0 1px 0 white;">
-                  {% block logo %}<img src="{{ URL }}/static/logo.png" style="width: 150px; margin: auto">{% endblock %}
-                </a>
-              </td>
-            </tr>
-            <!-- Email Body -->
-            <tr>
-              <td class="email-body"
-                  width="750"
-                  cellpadding="0"
-                  cellspacing="0"
-                  style="word-break: break-word;
-                         margin: 0;
-                         padding: 0;
-                         font-family: Helvetica, Arial, sans-serif;
-                         font-size: 16px;
-                         width: 100%;
-                         -premailer-width: 100%;
-                         -premailer-cellpadding: 0;
-                         -premailer-cellspacing: 0;">
-                <table class="email-body_inner"
-                       align="center"
-                       width="750"
-                       cellpadding="0"
-                       cellspacing="0"
-                       role="presentation"
-                       style="width: 750px;
-                              -premailer-width: 750px;
-                              -premailer-cellpadding: 0;
-                              -premailer-cellspacing: 0;
-                              background-color: #FFFFFF;
-                              margin: 0 auto;
-                              padding: 0;"
-                       bgcolor="#FFFFFF">
-                  <!-- Body content -->
-                  <tr>
-                    <td class="content-cell"
-                        style="word-break: break-word;
-                               font-family: Helvetica, Arial, sans-serif;
-                               font-size: 16px;
-                               padding: 30px;">
-                      <div class="f-fallback">
-                        {% block greeting %}{% endblock %}
-                        {% block content %}{% endblock %}
-                        <!-- Sub copy -->
-                        {% block sub_copy %}{% endblock %}
-                      </div>
-                    </td>
-                  </tr>
-                </table>
-              </td>
-            </tr>
-            <tr>
-              <td style="word-break: break-word;
-                         font-family: Helvetica, Arial, sans-serif;
-                         font-size: 16px;">
-                <table class="email-footer"
-                       align="center"
-                       width="750"
-                       cellpadding="0"
-                       cellspacing="0"
-                       role="presentation"
-                       style="width: 750px;
-                              -premailer-width: 750px;
-                              -premailer-cellpadding: 0;
-                              -premailer-cellspacing: 0;
-                              text-align: center;
-                              margin: 0 auto;
-                              padding: 0;">
-                  <tr>
-                    <td class="content-cell"
-                        align="center"
-                        style="word-break: break-word;
-                               font-family: Helvetica, Arial, sans-serif;
-                               font-size: 16px;
-                               padding: 30px;">
-                      <p class="f-fallback sub align-center"
-                         style="font-size: 13px;
-                                line-height: 1.625;
-                                text-align: center;
-                                color: #A8AAAF;
-                                margin: .4em 0 1.1875em;"
-                         align="center">
-                        © {{ YEAR }} SimpleLogin - a Proton product. All rights reserved.
-                        <br />
-                        {% block footer %}{% endblock %}
-                      </p>
-                      {% if unsubscribe_oneclick is defined %}
-
-                        <p class="f-fallback sub align-center"
-                           style="font-size: 13px;
-                                  line-height: 1.625;
-                                  text-align: center;
-                                  margin: .4em 0 1.1875em;">
-                          <a href="{{ unsubscribe_oneclick }}">Unsubscribe from our newsletter</a>
-                        </p>
-                      {% endif %}
-                      <p class="f-fallback sub align-center"
-                         style="font-size: 13px;
-                                line-height: 1.625;
-                                text-align: center;
-                                color: #A8AAAF;
-                                margin: .4em 0 1.1875em;"
-                         align="center">
-                        <a href="https://app.simplelogin.io/dashboard/support">Do you have a question?</a>
-                      </p>
-                    </td>
-                  </tr>
-                </table>
-              </td>
-            </tr>
-          </table>
-        </td>
-      </tr>
-    </table>
-  </body>
-</html>
+{% endif %}
--- a/app/templates/emails/base_partner.html
+++ b/app/templates/emails/base_partner.html
@ -0,0 +1,646 @@
+{% from "_emailhelpers.html" import render_text, text, render_button, raw_url, grey_section, section %}
+<!doctype html>
+<html xmlns="http://www.w3.org/1999/xhtml"
+      xmlns:v="urn:schemas-microsoft-com:vml"
+      xmlns:o="urn:schemas-microsoft-com:office:office">
+  <head>
+    <!-- NAME: 1 COLUMN -->
+    <!--[if gte mso 15]>
+    <xml>
+        <o:OfficeDocumentSettings>
+        <o:AllowPNG/>
+        <o:PixelsPerInch>96</o:PixelsPerInch>
+        </o:OfficeDocumentSettings>
+    </xml>
+    <![endif]-->
+    <meta charset="UTF-8">
+    <meta name="x-apple-disable-message-reformatting">
+    <meta name="format-detection"
+          content="telephone=no, date=no, address=no, email=no, url=no">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="author" content="Proton">
+    <style type="text/css">
+            p {
+                margin: 12px 0;
+                padding: 0;
+            }
+
+            table {
+                border-collapse: collapse;
+            }
+
+            h1,
+            h2,
+            h3,
+            h4,
+            h5,
+            h6 {
+                display: block;
+                margin: 0;
+                padding: 0;
+            }
+
+            img,
+            a img {
+                border: 0;
+                height: auto;
+                outline: none;
+                text-decoration: none;
+            }
+
+            body,
+            #bodyTable,
+            #bodyCell {
+                height: 100%;
+                margin: 0;
+                padding: 0;
+                width: 100%;
+            }
+
+            .mcnPreviewText {
+                display: none !important;
+            }
+
+            #outlook a {
+                padding: 0;
+            }
+
+            img {
+                -ms-interpolation-mode: bicubic;
+            }
+
+            table {
+                mso-table-lspace: 0pt;
+                mso-table-rspace: 0pt;
+            }
+
+            .ReadMsgBody {
+                width: 100%;
+            }
+
+            .ExternalClass {
+                width: 100%;
+            }
+
+            p,
+            a,
+            li,
+            td,
+            blockquote {
+                mso-line-height-rule: exactly;
+            }
+
+            a[href^=tel],
+            a[href^=sms] {
+                color: inherit;
+                cursor: default;
+                text-decoration: none;
+            }
+
+            p,
+            a,
+            li,
+            td,
+            body,
+            table,
+            blockquote {
+                -ms-text-size-adjust: 100%;
+                -webkit-text-size-adjust: 100%;
+            }
+
+            .ExternalClass,
+            .ExternalClass p,
+            .ExternalClass td,
+            .ExternalClass div,
+            .ExternalClass span,
+            .ExternalClass font {
+                line-height: 100%;
+            }
+
+            .no-link a,
+            a[x-apple-data-detectors],
+            a[href^="x-apple-data-detectors:"] {
+                color: inherit !important;
+                text-decoration: none !important;
+                font-size: inherit !important;
+                font-family: inherit !important;
+                font-weight: inherit !important;
+                line-height: inherit !important;
+            }
+
+            #bodyCell {
+                padding: 10px;
+            }
+
+            .templateContainer {
+                max-width: 600px !important;
+            }
+
+            a.mcnButton {
+                display: block;
+            }
+
+            .mcnImage,
+            .mcnRetinaImage {
+                vertical-align: bottom;
+            }
+
+            .mcnTextContent {
+                word-break: break-word;
+            }
+
+            .mcnTextContent img {
+                height: auto !important;
+            }
+
+            .mcnDividerBlock {
+                table-layout: fixed !important;
+            }
+
+            .mcnHalfTextRight {
+                border: 1px solid red;
+            }
+
+            @media only screen and (min-width:768px) {
+                .templateContainer {
+                    width: 600px !important;
+                }
+            }
+
+            @media only screen and (max-width: 480px) {
+
+                body,
+                table,
+                td,
+                p,
+                a,
+                li,
+                blockquote {
+                    -webkit-text-size-adjust: none !important;
+                }
+
+                body {
+                    width: 100% !important;
+                    min-width: 100% !important;
+                }
+
+                .mcnRetinaImage {
+                    max-width: 100% !important;
+                }
+
+                .mcnImage {
+                    width: 100% !important;
+                }
+
+                .mcnCaptionLeftImageContent .mcnImage,
+                .mcnCaptionRightImageContent .mcnImage {
+                    width: 176px !important;
+                }
+
+                .mcnHalfCaptionLeftImageContent .mcnImage,
+                .mcnHalfCaptionRightImageContent .mcnImage {
+                    width: 268px !important;
+                }
+
+                .mcnBoxContentColumnBoxed {
+                    padding: 8px !important;
+                    margin: 0 !important;
+                }
+
+                .mcnButtonContentContainer,
+                .mcnCartContainer,
+                .mcnCaptionTopContent,
+                .mcnRecContentContainer,
+                .mcnCaptionBottomContent,
+                .mcnTextContentContainer,
+                .mcnBoxedTextContentContainer,
+                .mcnImageGroupContentContainer,
+                .mcnCaptionLeftTextContentContainer,
+                .mcnCaptionRightTextContentContainer,
+                .mcnCaptionLeftImageContentContainer,
+                .mcnCaptionRightImageContentContainer,
+                .mcnImageCardLeftTextContentContainer,
+                .mcnImageCardRightTextContentContainer,
+                .mcnImageCardLeftImageContentContainer,
+                .mcnImageCardRightImageContentContainer {
+                    max-width: 100% !important;
+                    width: 100% !important;
+                }
+
+                .mcnBoxedTextContentContainer {
+                    min-width: 100% !important;
+                }
+
+                .mcnImageGroupContent {
+                    padding: 16px !important;
+                }
+
+                .mcnCaptionLeftContentOuter .mcnTextContent,
+                .mcnCaptionRightContentOuter .mcnTextContent {
+                    padding-top: 16px !important;
+                }
+
+                .mcnImageCardTopImageContent,
+                .mcnCaptionBottomContent:last-child .mcnCaptionBottomImageContent,
+                .mcnCaptionBlockInner .mcnCaptionTopContent:last-child .mcnTextContent {
+                    padding-top: 32px !important;
+                }
+
+                .mcnHalfCaptionLeftImageContent,
+                .mcnHalfCaptionRightImageContent {
+                    text-align: center;
+                }
+
+                .mcnImageCardBottomImageContent {
+                    padding-bottom: 16px !important;
+                }
+
+                .mcnImageGroupBlockInner {
+                    padding-top: 0 !important;
+                    padding-bottom: 0 !important;
+                }
+
+                .mcnImageGroupBlockOuter {
+                    padding-top: 16px !important;
+                    padding-bottom: 16px !important;
+                }
+
+                .mcnTextContent,
+                .mcnBoxedTextContentColumn {
+                    padding-right: 32px !important;
+                    padding-left: 32px !important;
+                }
+
+                .mcnCaptionBottomContent .mcnTextContent {
+                    padding-left: 16px !important;
+                    padding-right: 16px !important;
+                }
+
+                .mcnCaptionLeftTextContentContainer .mcnTextContent,
+                .mcnCaptionRightTextContentContainer .mcnTextContent {
+                    padding-right: 0 !important;
+                    padding-left: 0 !important;
+                }
+
+                .mcnImageCardLeftImageContent,
+                .mcnImageCardRightImageContent {
+                    padding-right: 32px !important;
+                    padding-bottom: 0 !important;
+                    padding-left: 32px !important;
+                }
+
+                .mcnTextContent ul,
+                .mcnTextContent ol {
+                    padding-inline-start: 24px !important;
+                }
+
+                .mcnButtonContent {
+                    padding-left: 24px !important;
+                    padding-right: 24px !important;
+                }
+
+                .mcnButtonHint {
+                    padding-left: 16px !important;
+                    padding-right: 16px !important;
+                }
+
+                .mcnButtonHint,
+                .mcnButtonHint * {
+                    text-align: center !important;
+                }
+
+                .mcpreview-image-uploader {
+                    display: none !important;
+                    width: 100% !important;
+                }
+
+                .hide-on-mobile {
+                    display: none !important;
+                }
+
+                .flex-stack-on-mobile {
+                    flex-direction: column;
+                }
+
+                .flex-stack-on-mobile .mcnCaptionBottomContent,
+                .flex-stack-on-mobile .mcnBoxContentContainer {
+                    height: auto !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Heading 1
+            @tip Make the first-level headings larger in size for better readability on small screens.
+            */
+                h1 {
+                    font-size: 22px !important;
+                    line-height: 1.25em !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Heading 2
+            @tip Make the second-level headings larger in size for better readability on small screens.
+            */
+                h2 {
+                    font-size: 20px !important;
+                    line-height: 1.25em !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Heading 3
+            @tip Make the third-level headings larger in size for better readability on small screens.
+            */
+                h3 {
+                    font-size: 18px !important;
+                    line-height: 1.25em !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Heading 4
+            @tip Make the fourth-level headings larger in size for better readability on small screens.
+            */
+                h4 {
+                    font-size: 16px !important;
+                    line-height: 1.5em !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Boxed Text
+            @tip Make the boxed text larger in size for better readability on small screens. We recommend a font size of at least 16px.
+            */
+                .mcnBoxedTextContentContainer .mcnTextContent,
+                .mcnBoxedTextContentContainer .mcnTextContent p {
+                    font-size: 14px !important;
+                    line-height: 1.5em !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Preheader Visibility
+            @tip Set the visibility of the email's preheader on small screens. You can hide it to save space.
+            */
+                #templatePreheader {
+                    display: block !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Preheader Text
+            @tip Make the preheader text larger in size for better readability on small screens.
+            */
+                #templatePreheader .mcnTextContent,
+                #templatePreheader .mcnTextContent p,
+                #templateBody .templatePreheader .mcnTextContent,
+                #templateBody .templatePreheader .mcnTextContent p {
+                    font-size: 13px !important;
+                    line-height: 1.5em !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Header Text
+            @tip Make the header text larger in size for better readability on small screens.
+            */
+                #templateHeader .mcnTextContent,
+                #templateHeader .mcnTextContent p {
+                    font-size: 16px !important;
+                    line-height: 1.5em !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Body Text
+            @tip Make the body text larger in size for better readability on small screens. We recommend a font size of at least 16px.
+            */
+                #templateBody .mcnTextContent,
+                #templateBody .mcnTextContent p {
+                    font-size: 16px !important;
+                    line-height: 1.5em !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Body Caption Text
+            @tip Make the body text larger in size for better readability on small screens. We recommend a font size of at least 16px.
+            */
+                #templateBody .templateBodyCaption,
+                #templateBody .templateBodyCaption p {
+                    font-size: 14px !important;
+                    line-height: 1.5em !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Footer Text
+            @tip Make the footer content text larger in size for better readability on small screens.
+            */
+                #templateFooter .mcnTextContent,
+                #templateFooter .mcnTextContent p {
+                    font-size: 14px !important;
+                    line-height: 1.5em !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Footer Follow icons
+            @tip Reduce the spacing between the footer icons to avoid a line-break them on small screens.
+            */
+                #templateFooter .mcnFollowContentItemContainer {
+                    padding-left: 2px !important;
+                    padding-right: 2px !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Footer Follow icons
+            @tip Reduce the spacing between the footer icons to avoid a line-break them on small screens.
+            */
+                #templateFooter .mcnFollowContentItemContainerSmall {
+                    padding-left: 8px !important;
+                    padding-right: 8px !important;
+                }
+
+                /*
+            @text Mobile Style
+             */
+                .mcnCaptionRightImageContent,
+                .mcnCaptionLeftImageContent {
+                    text-align: center;
+                }
+            }
+
+            @media only screen and (max-width: 352px) {
+
+                /*
+            @tab Mobile Styles
+            @section Footer Follow icons
+            @tip Reduce the icon size on very small screens.
+            */
+                .mcnFollowIconContent,
+                .mcnFollowIconContent img.social-icon {
+                    width: 38px !important;
+                    height: 38px !important;
+                }
+
+                /*
+            @tab Mobile Styles
+            @section Footer Follow icons
+            @tip Remove the spacing between the footer icons to avoid a line-break them on very small screens.
+            */
+                #templateFooter .mcnFollowContentItemContainer {
+                    padding-left: 0 !important;
+                    padding-right: 0 !important;
+                }
+            }
+    </style>
+  </head>
+  <body style="height: 100%;
+               margin: 0;
+               padding: 0;
+               width: 100%;
+               -ms-text-size-adjust: 100%;
+               -webkit-text-size-adjust: 100%;">
+    <!--[if !gte mso 9]><!----><span class="mcnPreviewText"
+      style="display:none;
+             font-size:0px;
+             line-height:0px;
+             max-height:0px;
+             max-width:0px;
+             opacity:0;
+             overflow:hidden;
+             visibility:hidden;
+             mso-hide:all;"></span><!--<![endif]-->
+    <center>
+      <table align="center"
+             border="0"
+             cellpadding="0"
+             cellspacing="0"
+             height="100%"
+             width="100%"
+             id="bodyTable"
+             style="border-collapse: collapse;
+                    mso-table-lspace: 0pt;
+                    mso-table-rspace: 0pt;
+                    -ms-text-size-adjust: 100%;
+                    -webkit-text-size-adjust: 100%;
+                    height: 100%;
+                    margin: 0;
+                    padding: 0;
+                    width: 100%;">
+        <tr>
+          <td align="center"
+              valign="top"
+              id="bodyCell"
+              style="mso-line-height-rule: exactly;
+                     -ms-text-size-adjust: 100%;
+                     -webkit-text-size-adjust: 100%;
+                     height: 100%;
+                     margin: 0;
+                     padding: 8px;
+                     width: 100%;">
+            <!-- BEGIN TEMPLATE // -->
+            <!--[if (gte mso 9)|(IE)]>
+                    <table align="center" border="0" cellspacing="0" cellpadding="0" width="600" style="width:600px;"><tr><td align="center" valign="top" width="600" style="width:600px;">
+                    <![endif]-->
+            <table border="0"
+                   cellpadding="0"
+                   cellspacing="0"
+                   width="100%"
+                   class="templateContainer"
+                   style="border-collapse: collapse;
+                          mso-table-lspace: 0pt;
+                          mso-table-rspace: 0pt;
+                          -ms-text-size-adjust: 100%;
+                          -webkit-text-size-adjust: 100%;
+                          max-width: 600px !important;">
+              <tr>
+                <td valign="top"
+                    id="templateHeader"
+                    style="mso-line-height-rule: exactly;
+                           -ms-text-size-adjust: 100%;
+                           -webkit-text-size-adjust: 100%;">
+                  <table border="0"
+                         cellpadding="0"
+                         cellspacing="0"
+                         width="100%"
+                         class="mcnImageBlock"
+                         style="min-width: 100%;
+                                border-collapse: collapse;
+                                mso-table-lspace: 0pt;
+                                mso-table-rspace: 0pt;
+                                -ms-text-size-adjust: 100%;
+                                -webkit-text-size-adjust: 100%;">
+                    <tbody class="mcnImageBlockOuter">
+                      <tr>
+                        <td valign="top"
+                            style="padding: 16px;
+                                   mso-line-height-rule: exactly;
+                                   -ms-text-size-adjust: 100%;
+                                   -webkit-text-size-adjust: 100%;"
+                            class="mcnImageBlockInner">
+                          <table align="left"
+                                 width="100%"
+                                 border="0"
+                                 cellpadding="0"
+                                 cellspacing="0"
+                                 class="mcnImageContentContainer"
+                                 style="min-width: 100%;
+                                        border-collapse: collapse;
+                                        mso-table-lspace: 0pt;
+                                        mso-table-rspace: 0pt;
+                                        -ms-text-size-adjust: 100%;
+                                        -webkit-text-size-adjust: 100%;">
+                            <tbody>
+                              <tr>
+                                <td class="mcnImageContent"
+                                    valign="top"
+                                    style="padding: 16px;
+                                           text-align: center;
+                                           mso-line-height-rule: exactly;
+                                           -ms-text-size-adjust: 100%;
+                                           -webkit-text-size-adjust: 100%;">
+                                  <a href="https://proton.me/" target="_blank" style="">
+                                    <img align="center"
+                                         alt="Proton"
+                                         src="{{ URL }}/static/logo-proton.png"
+                                         width="190"
+                                         style="width:35.4477%; max-width: 380px; padding-bottom: 0; display: inline !important; vertical-align: bottom; border: 0; height: auto; outline: none; text-decoration: none; -ms-interpolation-mode: bicubic; ">
+                                  </a>
+                                </td>
+                              </tr>
+                            </tbody>
+                          </table>
+                        </td>
+                      </tr>
+                    </tbody>
+                  </table>
+                </td>
+              </tr>
+              <tr>
+                <td valign="top"
+                    id="templateBody"
+                    style="mso-line-height-rule: exactly; -ms-text-size-adjust: 100%; -webkit-text-size-adjust: 100%; ">
+                  {% block greeting %}{% endblock %}
+                  {% block content %}{% endblock %}
+                  <!-- Sub copy -->
+                  {% block sub_copy %}{% endblock %}
+                </td>
+              </tr>
+            </table>
+            <!--[if (gte mso 9)|(IE)]>
+                        </td>
+                        </tr>
+                        </table>
+                        <![endif]-->
+            <!-- // END TEMPLATE -->
+          </td>
+        </tr>
+      </table>
+    </center>
+  </body>
+</html>
--- a/app/templates/emails/base_sl.html
+++ b/app/templates/emails/base_sl.html
@ -0,0 +1,623 @@
+{% from "_emailhelpers.html" import render_text, text, render_button, raw_url, grey_section, section %}
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
+  <head>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <meta name="x-apple-disable-message-reformatting" />
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+    <style type="text/css" rel="stylesheet" media="all">
+    /* Base ------------------------------ */
+    body {
+      width: 100% !important;
+      height: 100%;
+      margin: 0;
+      -webkit-text-size-adjust: none;
+        line-height: 1.6;
+    }
+
+    img {
+        max-width: 100%;
+    }
+
+    a {
+      color: #3869D4;
+    }
+
+    a img {
+      border: none;
+    }
+
+    td {
+      word-break: break-word;
+    }
+
+    .preheader {
+      display: none !important;
+      visibility: hidden;
+      mso-hide: all;
+      font-size: 1px;
+      line-height: 1px;
+      max-height: 0;
+      max-width: 0;
+      opacity: 0;
+      overflow: hidden;
+    }
+    /* Type ------------------------------ */
+
+    body,
+    td,
+    th {
+      font-family: "Nunito Sans", Helvetica, Arial, sans-serif;
+    }
+
+    h1 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 22px;
+      font-weight: bold;
+      text-align: left;
+    }
+
+    h2 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 16px;
+      font-weight: bold;
+      text-align: left;
+    }
+
+    h3 {
+      margin-top: 0;
+      color: #333333;
+      font-size: 14px;
+      font-weight: bold;
+      text-align: left;
+    }
+
+    td,
+    th {
+      font-size: 16px;
+    }
+
+    p,
+    ul,
+    ol,
+    blockquote {
+      margin: .4em 0 1.1875em;
+      font-size: 16px;
+      line-height: 1.625;
+    }
+
+    p.sub {
+      font-size: 13px;
+    }
+    /* Utilities ------------------------------ */
+
+    .align-right {
+      text-align: right;
+    }
+
+    .align-left {
+      text-align: left;
+    }
+
+    .align-center {
+      text-align: center;
+    }
+    /* Buttons ------------------------------ */
+
+    .button {
+      background-color: #3869D4;
+      border-top: 10px solid #3869D4;
+      border-right: 18px solid #3869D4;
+      border-bottom: 10px solid #3869D4;
+      border-left: 18px solid #3869D4;
+      display: inline-block;
+      color: #FFF;
+      text-decoration: none;
+      border-radius: 3px;
+      box-shadow: 0 2px 3px rgba(0, 0, 0, 0.16);
+      -webkit-text-size-adjust: none;
+      box-sizing: border-box;
+    }
+
+    .button--green {
+      background-color: #22BC66;
+      border-top: 10px solid #22BC66;
+      border-right: 18px solid #22BC66;
+      border-bottom: 10px solid #22BC66;
+      border-left: 18px solid #22BC66;
+    }
+
+    .button--red {
+      background-color: #FF6136;
+      border-top: 10px solid #FF6136;
+      border-right: 18px solid #FF6136;
+      border-bottom: 10px solid #FF6136;
+      border-left: 18px solid #FF6136;
+    }
+
+    @media only screen and (max-width: 500px) {
+      .button {
+        width: 100% !important;
+        text-align: center !important;
+      }
+    }
+    /* Attribute list ------------------------------ */
+
+    .attributes {
+      margin: 0 0 21px;
+    }
+
+    .attributes_content {
+      background-color: #F4F4F7;
+      padding: 16px;
+    }
+
+    .attributes_item {
+      padding: 0;
+    }
+    /* Related Items ------------------------------ */
+
+    .related {
+      width: 100%;
+      margin: 0;
+      padding: 25px 0 0 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+
+    .related_item {
+      padding: 10px 0;
+      color: #CBCCCF;
+      font-size: 15px;
+      line-height: 18px;
+    }
+
+    .related_item-title {
+      display: block;
+      margin: .5em 0 0;
+    }
+
+    .related_item-thumb {
+      display: block;
+      padding-bottom: 10px;
+    }
+
+    .related_heading {
+      border-top: 1px solid #CBCCCF;
+      text-align: center;
+      padding: 25px 0 10px;
+    }
+    /* Discount Code ------------------------------ */
+
+    .discount {
+      width: 100%;
+      margin: 0;
+      padding: 24px;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #F4F4F7;
+      border: 2px dashed #CBCCCF;
+    }
+
+    .discount_heading {
+      text-align: center;
+    }
+
+    .discount_body {
+      text-align: center;
+      font-size: 15px;
+    }
+    /* Social Icons ------------------------------ */
+
+    .social {
+      width: auto;
+    }
+
+    .social td {
+      padding: 0;
+      width: auto;
+    }
+
+    .social_icon {
+      height: 20px;
+      margin: 0 8px 10px 8px;
+      padding: 0;
+    }
+    /* Data table ------------------------------ */
+
+    .purchase {
+      width: 100%;
+      margin: 0;
+      padding: 35px 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+
+    .purchase_content {
+      width: 100%;
+      margin: 0;
+      padding: 25px 0 0 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+
+    .purchase_item {
+      padding: 10px 0;
+      color: #51545E;
+      font-size: 15px;
+      line-height: 18px;
+    }
+
+    .purchase_heading {
+      padding-bottom: 8px;
+      border-bottom: 1px solid #EAEAEC;
+    }
+
+    .purchase_heading p {
+      margin: 0;
+      color: #85878E;
+      font-size: 12px;
+    }
+
+    .purchase_footer {
+      padding-top: 15px;
+      border-top: 1px solid #EAEAEC;
+    }
+
+    .purchase_total {
+      margin: 0;
+      text-align: right;
+      font-weight: bold;
+      color: #333333;
+    }
+
+    .purchase_total--label {
+      padding: 0 15px 0 0;
+    }
+
+    body {
+      background-color: #F2F4F6;
+      color: #51545E;
+    }
+
+    p {
+      color: #51545E;
+    }
+
+    .email-wrapper {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #F2F4F6;
+    }
+
+    .email-content {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+    /* Masthead ----------------------- */
+
+    .email-masthead {
+      padding: 25px 0;
+      text-align: center;
+    }
+
+    .email-masthead_logo {
+      width: 94px;
+    }
+
+    .email-masthead_name {
+      font-size: 16px;
+      font-weight: bold;
+      color: #A8AAAF;
+      text-decoration: none;
+      text-shadow: 0 1px 0 white;
+    }
+    /* Body ------------------------------ */
+
+    .email-body {
+      width: 100%;
+      margin: 0;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+    }
+
+    .email-body_inner {
+      width: 750px;
+      margin: 0 auto;
+      padding: 0;
+      -premailer-width: 750px;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      background-color: #FFFFFF;
+    }
+
+    .email-footer {
+      width: 750px;
+      margin: 0 auto;
+      padding: 0;
+      -premailer-width: 750px;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      text-align: center;
+    }
+
+    .email-footer p {
+      color: #A8AAAF;
+    }
+
+    .body-action {
+      width: 100%;
+      margin: 30px auto;
+      padding: 0;
+      -premailer-width: 100%;
+      -premailer-cellpadding: 0;
+      -premailer-cellspacing: 0;
+      text-align: center;
+    }
+
+    .body-sub {
+      margin-top: 25px;
+      padding-top: 25px;
+      border-top: 1px solid #EAEAEC;
+    }
+
+    .content-cell {
+      padding: 30px;
+    }
+    /*Media Queries ------------------------------ */
+
+    @media only screen and (max-width: 600px) {
+      .email-body_inner,
+      .email-footer {
+        width: 100% !important;
+      }
+    }
+
+    @media (prefers-color-scheme: dark) {
+      body,
+      .email-body,
+      .email-body_inner,
+      .email-content,
+      .email-wrapper,
+      .email-masthead,
+      .email-footer {
+        background-color: #333333 !important;
+        color: #FFF !important;
+      }
+      p,
+      ul,
+      ol,
+      blockquote,
+      h1,
+      h2,
+      h3 {
+        color: #FFF !important;
+      }
+      .attributes_content,
+      .discount {
+        background-color: #222 !important;
+      }
+      .email-masthead_name {
+        text-shadow: none !important;
+      }
+    }
+    </style>
+    <!--[if mso]>
+  <style type="text/css">
+    .f-fallback  {
+      font-family: Arial, sans-serif;
+    }
+  </style>
+  <![endif]-->
+    <style type="text/css" rel="stylesheet" media="all">
+    body {
+      width: 100% !important;
+      height: 100%;
+      margin: 0;
+      -webkit-text-size-adjust: none;
+    }
+
+    body {
+      font-family: "Nunito Sans", Helvetica, Arial, sans-serif;
+    }
+
+    body {
+      background-color: #F2F4F6;
+      color: #51545E;
+    }
+    </style>
+  </head>
+  <body style="width: 100% !important;
+               height: 100%;
+               -webkit-text-size-adjust: none;
+               font-family: Helvetica, Arial, sans-serif;
+               background-color: #F2F4F6;
+               color: #51545E;
+               margin: 0;"
+        bgcolor="#F2F4F6">
+    <span class="preheader"
+          style="display: none !important;
+                 visibility: hidden;
+                 mso-hide: all;
+                 font-size: 1px;
+                 line-height: 1px;
+                 max-height: 0;
+                 max-width: 0;
+                 opacity: 0;
+                 overflow: hidden;">{{ pre_header }}</span>
+    <table class="email-wrapper"
+           width="100%"
+           cellpadding="0"
+           cellspacing="0"
+           role="presentation"
+           style="width: 100%;
+                  -premailer-width: 100%;
+                  -premailer-cellpadding: 0;
+                  -premailer-cellspacing: 0;
+                  background-color: #F2F4F6;
+                  margin: 0;
+                  padding: 0;"
+           bgcolor="#F2F4F6">
+      <tr>
+        <td align="center"
+            style="word-break: break-word;
+                   font-family: Helvetica, Arial, sans-serif;
+                   font-size: 16px;">
+          <table class="email-content"
+                 width="100%"
+                 cellpadding="0"
+                 cellspacing="0"
+                 role="presentation"
+                 style="width: 100%;
+                        -premailer-width: 100%;
+                        -premailer-cellpadding: 0;
+                        -premailer-cellspacing: 0;
+                        margin: 0;
+                        padding: 0;">
+            <tr>
+              <td class="email-masthead"
+                  style="word-break: break-word;
+                         font-family: Helvetica, Arial, sans-serif;
+                         font-size: 16px;
+                         text-align: center;
+                         padding: 25px 0;"
+                  align="center">
+                <a href="{{ LANDING_PAGE_URL }}"
+                   class="f-fallback email-masthead_name"
+                   style="color: #A8AAAF;
+                          font-size: 16px;
+                          font-weight: bold;
+                          text-decoration: none;
+                          text-shadow: 0 1px 0 white;">
+                  {% block logo %}<img src="{{ URL }}/static/logo.png" style="width: 150px; margin: auto">{% endblock %}
+                </a>
+              </td>
+            </tr>
+            <!-- Email Body -->
+            <tr>
+              <td class="email-body"
+                  width="750"
+                  cellpadding="0"
+                  cellspacing="0"
+                  style="word-break: break-word;
+                         margin: 0;
+                         padding: 0;
+                         font-family: Helvetica, Arial, sans-serif;
+                         font-size: 16px;
+                         width: 100%;
+                         -premailer-width: 100%;
+                         -premailer-cellpadding: 0;
+                         -premailer-cellspacing: 0;">
+                <table class="email-body_inner"
+                       align="center"
+                       width="750"
+                       cellpadding="0"
+                       cellspacing="0"
+                       role="presentation"
+                       style="width: 750px;
+                              -premailer-width: 750px;
+                              -premailer-cellpadding: 0;
+                              -premailer-cellspacing: 0;
+                              background-color: #FFFFFF;
+                              margin: 0 auto;
+                              padding: 0;"
+                       bgcolor="#FFFFFF">
+                  <!-- Body content -->
+                  <tr>
+                    <td class="content-cell"
+                        style="word-break: break-word;
+                               font-family: Helvetica, Arial, sans-serif;
+                               font-size: 16px;
+                               padding: 30px;">
+                      <div class="f-fallback">
+                        {% block greeting %}{% endblock %}
+                        {% block content %}{% endblock %}
+                        <!-- Sub copy -->
+                        {% block sub_copy %}{% endblock %}
+                      </div>
+                    </td>
+                  </tr>
+                </table>
+              </td>
+            </tr>
+            <tr>
+              <td style="word-break: break-word;
+                         font-family: Helvetica, Arial, sans-serif;
+                         font-size: 16px;">
+                <table class="email-footer"
+                       align="center"
+                       width="750"
+                       cellpadding="0"
+                       cellspacing="0"
+                       role="presentation"
+                       style="width: 750px;
+                              -premailer-width: 750px;
+                              -premailer-cellpadding: 0;
+                              -premailer-cellspacing: 0;
+                              text-align: center;
+                              margin: 0 auto;
+                              padding: 0;">
+                  <tr>
+                    <td class="content-cell"
+                        align="center"
+                        style="word-break: break-word;
+                               font-family: Helvetica, Arial, sans-serif;
+                               font-size: 16px;
+                               padding: 30px;">
+                      <p class="f-fallback sub align-center"
+                         style="font-size: 13px;
+                                line-height: 1.625;
+                                text-align: center;
+                                color: #A8AAAF;
+                                margin: .4em 0 1.1875em;"
+                         align="center">
+                        © {{ YEAR }} SimpleLogin - a Proton product. All rights reserved.
+                        <br />
+                        {% block footer %}{% endblock %}
+                      </p>
+                      {% if unsubscribe_oneclick is defined %}
+
+                        <p class="f-fallback sub align-center"
+                           style="font-size: 13px;
+                                  line-height: 1.625;
+                                  text-align: center;
+                                  margin: .4em 0 1.1875em;">
+                          <a href="{{ unsubscribe_oneclick }}">Unsubscribe from our newsletter</a>
+                        </p>
+                      {% endif %}
+                      <p class="f-fallback sub align-center"
+                         style="font-size: 13px;
+                                line-height: 1.625;
+                                text-align: center;
+                                color: #A8AAAF;
+                                margin: .4em 0 1.1875em;"
+                         align="center">
+                        <a href="https://app.simplelogin.io/dashboard/support">Do you have a question?</a>
+                      </p>
+                    </td>
+                  </tr>
+                </table>
+              </td>
+            </tr>
+          </table>
+        </td>
+      </tr>
+    </table>
+  </body>
+</html>
--- a/app/templates/emails/transactional/subscription-end.html
+++ b/app/templates/emails/transactional/subscription-end.html
@ -6,6 +6,7 @@
  {{ render_text("Your subscription will end on " + next_bill_date + ".") }}
  {{ render_text("When the subscription ends:") }}
  {{ render_text("- All aliases/domains/directories you have created are <b>kept</b> and continue working normally.") }}
+  {{ render_text("- You cannot create new reverse aliases.") }}
  {% call text() %}
  - You cannot create new aliases if you exceed the free plan limit, i.e. have more than {{ MAX_NB_EMAIL_FREE_PLAN }} aliases.
 {% endcall %}
--- a/app/templates/emails/transactional/subscription-end.txt
+++ b/app/templates/emails/transactional/subscription-end.txt
@ -9,6 +9,7 @@ When the subscription ends:

 - All aliases/domains/directories you have created are kept and continue working.
 - You cannot create new aliases if you exceed the free plan limit, i.e. have more than {{MAX_NB_EMAIL_FREE_PLAN}} aliases.
+- You cannot create new reverse aliases.
 - As features like "catch-all" or "directory" allow you to create aliases on-the-fly,
    those aliases cannot be automatically created if you have more than {{MAX_NB_EMAIL_FREE_PLAN}} aliases.
 - You cannot add new domain or directory.
--- a/app/templates/emails/transactional/trial-end.html
+++ b/app/templates/emails/transactional/trial-end.html
@ -14,6 +14,7 @@

 {{ render_text("- You cannot add new domain or directory.") }}
 {{ render_text("- You cannot add new mailbox.") }}
+{{ render_text("- You cannot create new reverse aliases.") }}
 {{ render_text("- If you enable PGP Encryption, forwarded emails are not encrypted anymore.") }}
 {{ render_text('You can upgrade today to continue using all these Premium features (and much more coming).') }}
 {{ render_button("Upgrade your account", URL ~ "/dashboard/pricing") }}
--- a/app/templates/emails/transactional/trial-end.txt.jinja2
+++ b/app/templates/emails/transactional/trial-end.txt.jinja2
@ -8,6 +8,7 @@ When the trial ends:
 - All aliases/domains/directories you have created are kept and continue working.
 - You cannot create new aliases if you exceed the free plan limit, i.e. have more than {{MAX_NB_EMAIL_FREE_PLAN}} aliases.
 - You cannot add new domain or directory.
+- You cannot create new reverse aliases.
 - You cannot add new mailbox.
 - If you enable PGP Encryption, forwarded emails are not encrypted anymore.

--- a/app/templates/menu.html
+++ b/app/templates/menu.html
@ -48,15 +48,16 @@
  {#      SIWSL#}
  {#    </a>#}
  {#  </li>#}
-  {#  {% if current_user.should_show_app_page() %}#}
-  {#    <li class="nav-item">#}
-  {#      <a href="{{ url_for('dashboard.app_route') }}"#}
-  {#         class="nav-link {{ 'active' if active_page == 'app' }}">#}
-  {#        <i class="fe fe-grid"></i>#}
-  {#        Apps#}
-  {#      </a>#}
-  {#    </li>#}
-  {#  {% endif %}#}
+  {% if current_user.should_show_app_page() %}
+
+    <li class="nav-item">
+      <a href="{{ url_for('dashboard.app_route') }}"
+         class="nav-link {{ 'active' if active_page == 'app' }}">
+        <i class="fe fe-grid"></i>
+        Apps
+      </a>
+    </li>
+  {% endif %}
  <li class="nav-item">
    <a href="{{ url_for('dashboard.setting') }}"
       class="nav-link {{ 'active' if active_page == 'setting' }}">
--- a/app/tests/events/init.py
+++ b/app/tests/events/init.py
--- a/app/tests/events/test_event_dispatcher.py
+++ b/app/tests/events/test_event_dispatcher.py
@ -0,0 +1,56 @@
+from app.events.event_dispatcher import EventDispatcher, Dispatcher
+from app.events.generated.event_pb2 import EventContent, UserDeleted
+from app.models import PartnerUser, User
+from app.proton.utils import get_proton_partner
+from tests.utils import create_new_user, random_token
+from typing import Tuple
+
+
+class OnMemoryDispatcher(Dispatcher):
+    def __init__(self):
+        self.memory = []
+
+    def send(self, event: bytes):
+        self.memory.append(event)
+
+
+def _create_unlinked_user() -> User:
+    return create_new_user()
+
+
+def _create_linked_user() -> Tuple[User, PartnerUser]:
+    user = _create_unlinked_user()
+    partner_user = PartnerUser.create(
+        partner_id=get_proton_partner().id,
+        user_id=user.id,
+        external_user_id=random_token(10),
+        flush=True,
+    )
+
+    return user, partner_user
+
+
+def test_event_dispatcher_stores_events():
+    dispatcher = OnMemoryDispatcher()
+
+    (user, partner) = _create_linked_user()
+    content = EventContent(user_deleted=UserDeleted())
+    EventDispatcher.send_event(user, content, dispatcher, skip_if_webhook_missing=False)
+    assert len(dispatcher.memory) == 1
+
+    content = EventContent(user_deleted=UserDeleted())
+    EventDispatcher.send_event(user, content, dispatcher, skip_if_webhook_missing=False)
+    assert len(dispatcher.memory) == 2
+
+
+def test_event_dispatcher_does_not_send_event_if_user_not_linked():
+    dispatcher = OnMemoryDispatcher()
+
+    user = _create_unlinked_user()
+    content = EventContent(user_deleted=UserDeleted())
+    EventDispatcher.send_event(user, content, dispatcher, skip_if_webhook_missing=False)
+    assert len(dispatcher.memory) == 0
+
+    content = EventContent(user_deleted=UserDeleted())
+    EventDispatcher.send_event(user, content, dispatcher, skip_if_webhook_missing=False)
+    assert len(dispatcher.memory) == 0
--- a/app/tests/jobs/test_send_alias_creation_events.py
+++ b/app/tests/jobs/test_send_alias_creation_events.py
@ -0,0 +1,46 @@
+from app import config
+from app.db import Session
+from app.events.event_dispatcher import Dispatcher
+from app.events.generated import event_pb2
+from app.jobs.event_jobs import send_alias_creation_events_for_user
+from app.models import Alias
+from tests.utils import create_partner_linked_user
+
+
+class MemStoreDispatcher(Dispatcher):
+    def __init__(self):
+        self.events = []
+
+    def send(self, event: bytes):
+        self.events.append(event)
+
+
+def setup_module():
+    config.EVENT_WEBHOOK = True
+
+
+def teardown_module():
+    config.EVENT_WEBHOOK = False
+
+
+def test_send_alias_creation_events():
+    [user, partner_user] = create_partner_linked_user()
+    aliases = [Alias.create_new_random(user) for i in range(2)]
+    Session.flush()
+    dispatcher = MemStoreDispatcher()
+    send_alias_creation_events_for_user(user, dispatcher=dispatcher, chunk_size=2)
+    # 2 batches. 1st newsletter + first alias. 2nd last alias
+    assert len(dispatcher.events) == 2
+    decoded_event = event_pb2.Event.FromString(dispatcher.events[0])
+    assert decoded_event.user_id == user.id
+    assert decoded_event.external_user_id == partner_user.external_user_id
+    event_list = decoded_event.content.alias_create_list.events
+    assert len(event_list) == 2
+    # 0 is newsletter alias
+    assert event_list[1].alias_id == aliases[0].id
+    decoded_event = event_pb2.Event.FromString(dispatcher.events[1])
+    assert decoded_event.user_id == user.id
+    assert decoded_event.external_user_id == partner_user.external_user_id
+    event_list = decoded_event.content.alias_create_list.events
+    assert len(event_list) == 1
+    assert event_list[0].alias_id == aliases[1].id
--- a/app/tests/models/test_alias.py
+++ b/app/tests/models/test_alias.py
@ -1,5 +1,5 @@
 from app.db import Session
-from app.models import Alias, Mailbox, AliasMailbox
+from app.models import Alias, Mailbox, AliasMailbox, User
 from tests.utils import create_new_user, random_email


@ -15,3 +15,17 @@ def test_duplicated_mailbox_is_returned_only_once():
    alias_mailbox_id = [mailbox.id for mailbox in alias_mailboxes]
    assert user.default_mailbox_id in alias_mailbox_id
    assert other_mailbox.id in alias_mailbox_id
+
+
+def test_alias_create_from_partner_flags_also_the_user():
+    user = create_new_user()
+    Session.flush()
+    email = random_email()
+    alias = Alias.create(
+        user_id=user.id,
+        email=email,
+        mailbox_id=user.default_mailbox_id,
+        flags=Alias.FLAG_PARTNER_CREATED,
+        flush=True,
+    )
+    assert alias.user.flags & User.FLAG_CREATED_ALIAS_FROM_PARTNER > 0
--- a/app/tests/test_email_utils.py
+++ b/app/tests/test_email_utils.py
@ -9,6 +9,7 @@ import pytest
 from app import config
 from app.config import MAX_ALERT_24H, ROOT_DIR
 from app.db import Session
+from app.email import headers
 from app.email_utils import (
    get_email_domain_part,
    can_create_directory_for_address,
@ -354,6 +355,33 @@ def test_is_valid_email():
    assert not is_valid_email("emoji👌@gmail.com")


+def test_add_subject_prefix():
+    msg = email.message_from_string(
+        """Subject: Potato
+Content-Transfer-Encoding: 7bit
+
+hello
+"""
+    )
+    new_msg = add_header(msg, "text header", "html header", subject_prefix="[TEST]")
+    assert "text header" in new_msg.as_string()
+    assert "html header" not in new_msg.as_string()
+    assert new_msg[headers.SUBJECT] == "[TEST] Potato"
+
+
+def test_add_subject_prefix_with_no_header():
+    msg = email.message_from_string(
+        """Content-Transfer-Encoding: 7bit
+
+hello
+"""
+    )
+    new_msg = add_header(msg, "text header", "html header", subject_prefix="[TEST]")
+    assert "text header" in new_msg.as_string()
+    assert "html header" not in new_msg.as_string()
+    assert new_msg[headers.SUBJECT] == "[TEST]"
+
+
 def test_add_header_plain_text():
    msg = email.message_from_string(
        """Content-Type: text/plain; charset=us-ascii
--- a/app/tests/test_models.py
+++ b/app/tests/test_models.py
@ -17,6 +17,7 @@ from app.models import (
    Subscription,
    PlanEnum,
    PADDLE_SUBSCRIPTION_GRACE_DAYS,
+    SyncEvent,
 )
 from tests.utils import login, create_new_user, random_token

@ -325,3 +326,51 @@ def test_user_can_send_receive():
    user.disabled = False
    user.delete_on = arrow.now()
    assert not user.can_send_or_receive()
+
+
+def test_sync_event_dead_letter():
+    # remove all SyncEvents before the test
+    all_events = SyncEvent.all()
+    for event in all_events:
+        SyncEvent.delete(event.id, commit=True)
+
+    # create an expired not taken event
+    e1 = SyncEvent.create(
+        content=b"content",
+        created_at=arrow.now().shift(minutes=-15),
+        taken_time=None,
+        commit=True,
+    )
+
+    # create an expired taken event (but too long ago)
+    e2 = SyncEvent.create(
+        content=b"content",
+        created_at=arrow.now().shift(minutes=-15),
+        taken_time=arrow.now().shift(minutes=-14),
+        commit=True,
+    )
+
+    # create an expired taken event (but recently)
+    e3 = SyncEvent.create(
+        content=b"content",
+        created_at=arrow.now().shift(minutes=-15),
+        taken_time=arrow.now().shift(minutes=-1),
+        commit=True,
+    )
+
+    # create a normal event
+    e4 = SyncEvent.create(
+        content=b"content",
+        created_at=arrow.now(),
+        commit=True,
+    )
+
+    # get dead letter events
+    dead_letter_events = SyncEvent.get_dead_letter(
+        older_than=arrow.now().shift(minutes=-10)
+    )
+    assert len(dead_letter_events) == 2
+    assert e1 in dead_letter_events
+    assert e2 in dead_letter_events
+    assert e3 not in dead_letter_events
+    assert e4 not in dead_letter_events
--- a/app/tests/utils.py
+++ b/app/tests/utils.py
@ -9,7 +9,8 @@ from typing import Optional, Dict
 import jinja2
 from flask import url_for

-from app.models import User
+from app.models import User, PartnerUser
+from app.proton.utils import get_proton_partner
 from app.utils import random_string


@ -30,6 +31,18 @@ def create_new_user(email: Optional[str] = None, name: Optional[str] = None) ->
    return user


+def create_partner_linked_user() -> tuple[User, PartnerUser]:
+    user = create_new_user()
+    partner_user = PartnerUser.create(
+        partner_id=get_proton_partner().id,
+        user_id=user.id,
+        external_user_id=random_token(10),
+        flush=True,
+    )
+
+    return user, partner_user
+
+
 def login(flask_client, user: Optional[User] = None) -> User:
    if not user:
        user = create_new_user()
Author	SHA1	Message	Date
MrMeeb	f51d31f431	4.46.0 All checks were successful Build-Release-Image / Build-Image (linux/amd64) (push) Successful in 3m41s Details Build-Release-Image / Build-Image (linux/arm64) (push) Successful in 4m54s Details Build-Release-Image / Merge-Images (push) Successful in 19s Details Build-Release-Image / Create-Release (push) Successful in 16s Details Build-Release-Image / Notify (push) Successful in 19s Details	2024-07-09 12:00:06 +01:00
MrMeeb	c67b97fe32	4.45.1 All checks were successful Build-Release-Image / Build-Image (linux/amd64) (push) Successful in 3m52s Details Build-Release-Image / Build-Image (linux/arm64) (push) Successful in 4m0s Details Build-Release-Image / Merge-Images (push) Successful in 18s Details Build-Release-Image / Create-Release (push) Successful in 14s Details Build-Release-Image / Notify (push) Successful in 8s Details	2024-06-26 12:00:08 +01:00
MrMeeb	bd414b1fc7	4.45.0 All checks were successful Build-Release-Image / Build-Image (linux/amd64) (push) Successful in 3m1s Details Build-Release-Image / Build-Image (linux/arm64) (push) Successful in 4m13s Details Build-Release-Image / Merge-Images (push) Successful in 22s Details Build-Release-Image / Create-Release (push) Successful in 9s Details Build-Release-Image / Notify (push) Successful in 4s Details	2024-06-11 12:00:06 +01:00
MrMeeb	0f73a14926	4.44.3	2024-05-24 12:00:06 +01:00
MrMeeb	0ea33ca5f8	4.44.0	2024-05-23 12:00:07 +01:00