Skip to content
Cloudflare API
Start here
API Reference
Email Security
Settings
Allow Policies

List email allow policies

client.EmailSecurity.Settings.AllowPolicies.List(ctx, params) (*V4PagePaginationArray[SettingAllowPolicyListResponse], error)
GET/accounts/{account_id}/email-security/settings/allow_policies

Returns a paginated list of email allow policies. These policies exempt matching emails from security detection, allowing them to bypass disposition actions. Supports filtering by pattern type and policy attributes.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Cloud Email Security: WriteCloud Email Security: Read
ParametersExpand Collapse
params SettingAllowPolicyListParams
AccountID param.Field[string]

Path param: Identifier.

maxLength32
Direction param.Field[SettingAllowPolicyListParamsDirection]Optional

Query param: The sorting direction.

const SettingAllowPolicyListParamsDirectionAsc SettingAllowPolicyListParamsDirection = "asc"
const SettingAllowPolicyListParamsDirectionDesc SettingAllowPolicyListParamsDirection = "desc"
IsAcceptableSender param.Field[bool]Optional

Query param: Filter to show only policies where messages from the sender are exempted from Spam, Spoof, and Bulk dispositions (not Malicious or Suspicious).

IsExemptRecipient param.Field[bool]Optional

Query param: Filter to show only policies where messages to the recipient bypass all detections.

IsTrustedSender param.Field[bool]Optional

Query param: Filter to show only policies where messages from the sender bypass all detections and link following.

Order param.Field[SettingAllowPolicyListParamsOrder]Optional

Query param: Field to sort by.

const SettingAllowPolicyListParamsOrderPattern SettingAllowPolicyListParamsOrder = "pattern"
const SettingAllowPolicyListParamsOrderCreatedAt SettingAllowPolicyListParamsOrder = "created_at"
Page param.Field[int64]Optional

Query param: Current page within paginated list of results.

minimum1
Pattern param.Field[string]Optional

Query param

PatternType param.Field[SettingAllowPolicyListParamsPatternType]Optional

Query param: Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

const SettingAllowPolicyListParamsPatternTypeEmail SettingAllowPolicyListParamsPatternType = "EMAIL"
const SettingAllowPolicyListParamsPatternTypeDomain SettingAllowPolicyListParamsPatternType = "DOMAIN"
const SettingAllowPolicyListParamsPatternTypeIP SettingAllowPolicyListParamsPatternType = "IP"
const SettingAllowPolicyListParamsPatternTypeUnknown SettingAllowPolicyListParamsPatternType = "UNKNOWN"
PerPage param.Field[int64]Optional

Query param: The number of results per page. Maximum value is 1000.

maximum1000
minimum1
VerifySender param.Field[bool]Optional

Query param: Filter to show only policies that enforce DMARC, SPF, or DKIM authentication.

ReturnsExpand Collapse
type SettingAllowPolicyListResponse struct{…}

An email allow policy

ID string

Allow policy identifier

formatuuid
CreatedAt Time
formatdate-time
DeprecatedLastModified Time

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time
Comments stringOptional
maxLength1024
IsAcceptableSender boolOptional

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

IsExemptRecipient boolOptional

Messages to this recipient will bypass all detections

DeprecatedIsRecipient boolOptional

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

IsRegex boolOptional
DeprecatedIsSender boolOptional

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

DeprecatedIsSpoof boolOptional

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

IsTrustedSender boolOptional

Messages from this sender will bypass all detections and link following

ModifiedAt TimeOptional
formatdate-time
Pattern stringOptional
maxLength1024
minLength1
PatternType SettingAllowPolicyListResponsePatternTypeOptional

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:
const SettingAllowPolicyListResponsePatternTypeEmail SettingAllowPolicyListResponsePatternType = "EMAIL"
const SettingAllowPolicyListResponsePatternTypeDomain SettingAllowPolicyListResponsePatternType = "DOMAIN"
const SettingAllowPolicyListResponsePatternTypeIP SettingAllowPolicyListResponsePatternType = "IP"
const SettingAllowPolicyListResponsePatternTypeUnknown SettingAllowPolicyListResponsePatternType = "UNKNOWN"
VerifySender boolOptional

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

List email allow policies

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  page, err := client.EmailSecurity.Settings.AllowPolicies.List(context.TODO(), email_security.SettingAllowPolicyListParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", page)
}

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "created_at": "2014-01-01T05:20:00.12345Z",
      "last_modified": "2014-01-01T05:20:00.12345Z",
      "comments": "Trust all messages send from test@example.com",
      "is_acceptable_sender": false,
      "is_exempt_recipient": false,
      "is_recipient": false,
      "is_regex": false,
      "is_sender": true,
      "is_spoof": false,
      "is_trusted_sender": true,
      "modified_at": "2014-01-01T05:20:00.12345Z",
      "pattern": "test@example.com",
      "pattern_type": "EMAIL",
      "verify_sender": true
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "created_at": "2014-01-01T05:20:00.12345Z",
      "last_modified": "2014-01-01T05:20:00.12345Z",
      "comments": "Trust all messages send from test@example.com",
      "is_acceptable_sender": false,
      "is_exempt_recipient": false,
      "is_recipient": false,
      "is_regex": false,
      "is_sender": true,
      "is_spoof": false,
      "is_trusted_sender": true,
      "modified_at": "2014-01-01T05:20:00.12345Z",
      "pattern": "test@example.com",
      "pattern_type": "EMAIL",
      "verify_sender": true
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}