Light mode Dark mode

Flour City Labs

Production web & email app | Email deliverability analyzer + client project system

Flour City Labs is a working production app for web and email consulting. The core is an email deliverability analyzer that diagnoses SPF, DKIM, and DMARC problems, paired with a client project system that threads email replies into a dashboard. It runs across a serverless stack: Cloudflare for inbound email, Supabase for data and edge functions, and a React front end.

Live site | Source on GitHub

Email Header Analyzer

The main piece. Send any email to and a Cloudflare Email Worker runs a full analysis, including live DNS lookups for SPF, DKIM, DMARC, and MX, then replies within seconds with a plain-language report.

Two other ways to run it:

  • Upload a .eml or .msg file on the site.
  • Paste raw headers into the analyzer.

Both of those run in the browser, so nothing leaves your machine. The browser paths check headers only. The email path adds the live DNS lookups.

The report is built for two readers at once. A plain verdict up top answers "is my email set up right." The raw data sits underneath as proof: DNS records, Authentication-Results, and the Received chain with hop timing. A three-tier Pass / Warn / Fail system separates a low-stakes advisory like DMARC p=none from a real failure like a missing SPF record.

Architecture

One shared package does the actual work. The header parser and deliverability checks live in a single dependency-free module, and three different surfaces import the same code: the in-browser analyzer, the Cloudflare email worker, and a command-line tool. One implementation, one set of behavior, three runtimes.

Around that core:

  • Cloudflare Email Worker handles inbound mail. It runs on email ingest, does the analysis, and sends the reply through Resend. No server sitting idle.
  • Supabase Edge Functions (Deno) handle form submissions and the reply threading described below.
  • React front end on Vercel hosts the marketing site, the analyzer, the forms, and the client dashboard.

The core parsing logic has an automated test suite covering SPF, DKIM, and DMARC pass and fail cases.

Client Project System

Clients get a dashboard at /profile that shows their project and the full back-and-forth in order. The email threading behind it is the interesting part.

When a client reply comes in to a tagged address, Cloudflare routes it to a Supabase function that pulls the project ID from the address, strips the quoted text, saves the message as a note, and forwards it on with the In-Reply-To and References headers that keep it in the same email thread. Row-level security ties every note to a user, so one client never sees another's.

Why I Built It

Flour City Labs started as a way to build and run a real system end to end instead of reading about one. Standing up the email worker, the live DNS analysis, the database, and the reply threading taught me more about how these pieces fit than any tutorial could.

Stack

Front end

React, Vite, Tailwind CSS

Backend & data

Supabase (auth, Postgres, Deno edge functions, row-level security)

Email

Resend (transactional send), Cloudflare Email Routing and Workers

Security

Cloudflare Turnstile bot protection, shared-secret function auth

Links

flourcitylabs.com

GitHub repo