Create a sending domain restriction

email_security.settings.sending_domain_restrictions.create() -> SendingDomainRestrictionCreateResponse

POST/accounts/{account_id}/email-security/settings/sending_domain_restrictions

Creates a new sending domain restriction to enforce TLS requirements for a domain. Emails without TLS from this domain will be dropped unless the subdomain is in the exclude list.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Cloud Email Security: Write

ParametersExpand Collapse

account_id: str

Identifier.

maxLength32

domain: str

Domain that requires TLS enforcement.

exclude: Sequence[str]

Excluded subdomains that are exempt from TLS requirements.

comments: Optional[str]

maxLength1024

ReturnsExpand Collapse

class SendingDomainRestrictionCreateResponse: …

A sending domain restriction that enforces TLS (Transport Layer Security) requirements for emails from specific domains. If TLS is required, mail without TLS from the specified domain will be dropped.

id: Optional[str]

Sending domain restriction identifier.

formatuuid

comments: Optional[str]

maxLength1024

created_at: Optional[datetime]

formatdate-time

domain: Optional[str]

Domain that requires TLS enforcement.

exclude: Optional[List[str]]

Excluded subdomains that are exempt from TLS requirements.

Deprecatedlast_modified: Optional[datetime]

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at: Optional[datetime]

formatdate-time

Create a sending domain restriction

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
sending_domain_restriction = client.email_security.settings.sending_domain_restrictions.create(
    account_id="023e105f4ecef8ad9ca31a8372d0c353",
    domain="example.com",
    exclude=["subdomain.example.com"],
)
print(sending_domain_restriction.id)

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "comments": "Enforce TLS for all mail from this domain",
    "created_at": "2014-01-01T05:20:00.12345Z",
    "domain": "example.com",
    "exclude": [
      "subdomain.example.com"
    ],
    "last_modified": "2014-01-01T05:20:00.12345Z",
    "modified_at": "2014-01-01T05:20:00.12345Z"
  }
}

Returns Examples

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "comments": "Enforce TLS for all mail from this domain",
    "created_at": "2014-01-01T05:20:00.12345Z",
    "domain": "example.com",
    "exclude": [
      "subdomain.example.com"
    ],
    "last_modified": "2014-01-01T05:20:00.12345Z",
    "modified_at": "2014-01-01T05:20:00.12345Z"
  }
}