Files

1.5 KiB

Verification Code Reader

When a service sends a verification code by email (Avis, banks, accounts), the agent can read it from the inbox before the user can find it manually.

Workflow

  1. User triggers a login that sends a code email (e.g. entering email on avis.com)
  2. User says "check email for code" or the workflow expects the code
  3. Search IMAP for the security-code email from that sender
  4. Extract the code and relay it

Finding the code in the email

Security-code emails are typically text-only or minimal HTML. The code itself can be:

  • In the subject line (rare)
  • In the body as a bold or large number after "security code" or "verification code"
  • In a table row labeled "Your Security Code"

Searching strategy

# Search recent emails from the sender
status, data = conn.search(None, f'(FROM "avis@e.avis.com" SINCE "{since}")')

The sender is typically:

  • Avis: avis@e.avis.com — subject "Avis: Your security code"
  • Other services follow similar patterns

Pitfalls

  • Security codes expire fast — most are valid for 5-15 minutes. Don't over-optimize search patterns, just grab the latest email from that sender.
  • HTML emails may obfuscate the code — if you can't find a numeric pattern, strip all tags and look for "code" context: re.search(r'code[:\s]*(\d{4,8})', clean_body, re.IGNORECASE)
  • One-time passwords (OTP) vs link-based auth — some services send a magic link instead of a numeric code. If no numeric pattern matches, check for a URL containing token= or code= in the body.