type.inbound
and (
// sender or subject contains openai or chatgpt
regex.icontains(sender.display_name, '\bchat\s*gpt\b')
or regex.icontains(sender.display_name, '\bopen\s*a[li]\b')
or regex.icontains(subject.subject, '\bchat\s*gpt\b')
or regex.icontains(subject.subject, '\bopen\s*a[li]\b')
or regex.icontains(body.current_thread.text,
'(?:regarding\s*your\s*Open\s*A[lI]\s*account|Open\s*A[lI]\s*\.\s*All\s*rights\s*reserved|the\s*open\s*ai\s*team)'
)
)
and 2 of (
// payment phrase
regex.icontains(body.current_thread.text,
'update (?:payment method|your (?:billing|payment))'
),
regex.icontains(body.current_thread.text,
'Subscription (?:has expired|(?:will be)?Cancel+ed)'
),
regex.icontains(body.current_thread.text,
'issue with (?:the transaction|payment)'
),
regex.icontains(body.current_thread.text, "you(?:'ll| will) lose access"),
regex.icontains(body.current_thread.text,
'payment (?:is not successful|error|was declined)'
),
regex.icontains(body.current_thread.text,
'unable to (?:process|automatically charge)'
),
strings.icontains(body.current_thread.text, 'bank or card issuer'),
strings.icontains(body.current_thread.text, 'issue with the transaction'),
strings.icontains(body.current_thread.text, 'could not be processed'),
strings.icontains(body.current_thread.text, 'settle the outstanding'),
strings.icontains(body.current_thread.text, 'account will be downgraded'),
strings.icontains(body.current_thread.text, 'Renew Subscription'),
strings.icontains(body.current_thread.text, 'balance is settled'),
strings.icontains(body.current_thread.text, 'will renew automatically'),
strings.icontains(body.current_thread.text, 'process your payment'),
strings.icontains(body.current_thread.text, 'keep your subscription active'),
strings.icontains(body.current_thread.text, 'avoid any interruption'),
strings.icontains(body.current_thread.text, 'charge attempt was unsuccessful'),
strings.icontains(body.current_thread.text, 'scheduled for cancellation'),
strings.icontains(body.current_thread.text, 'authorizing your payment'),
strings.icontains(body.current_thread.text, 'Declining Payment'),
strings.icontains(body.current_thread.text, 'Insufficient funds'),
strings.icontains(body.current_thread.text, 'Card has expired'),
strings.icontains(body.current_thread.text, 'exceeds your credit limit'),
strings.icontains(body.current_thread.text, 'plan features have been paused'),
strings.icontains(body.current_thread.text, 'saved payment method'),
strings.icontains(body.current_thread.text, 'active without interruption')
)
// not from openai
and not sender.email.domain.root_domain == 'openai.com'
// negate highly trusted sender domains unless they fail DMARC authentication
and not (
sender.email.domain.root_domain in $high_trust_sender_root_domains
and coalesce(headers.auth_summary.dmarc.pass, false)
)
Playground
Test against your own EMLs or sample data.