API Reference

Email Security

Settings

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Allow Policies

List email allow policies

GET/accounts/{account_id}/email-security/settings/allow_policies

Get an email allow policy

GET/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Create email allow policy

POST/accounts/{account_id}/email-security/settings/allow_policies

Update an email allow policy

PATCH/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Delete an email allow policy

DELETE/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

ModelsExpand Collapse

AllowPolicyListResponse object { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid

created_at: string

formatdate-time

Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

comments: optional string

maxLength1024

is_acceptable_sender: optional boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: optional boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient: optional boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex: optional boolean

Deprecatedis_sender: optional boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof: optional boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender: optional boolean

Messages from this sender will bypass all detections and link following

modified_at: optional string

formatdate-time

pattern: optional string

maxLength1024

minLength1

pattern_type: optional "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: optional boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyGetResponse object { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid

created_at: string

formatdate-time

Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

comments: optional string

maxLength1024

is_acceptable_sender: optional boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: optional boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient: optional boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex: optional boolean

Deprecatedis_sender: optional boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof: optional boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender: optional boolean

Messages from this sender will bypass all detections and link following

modified_at: optional string

formatdate-time

pattern: optional string

maxLength1024

minLength1

pattern_type: optional "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: optional boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyCreateResponse object { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid

created_at: string

formatdate-time

Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

comments: optional string

maxLength1024

is_acceptable_sender: optional boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: optional boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient: optional boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex: optional boolean

Deprecatedis_sender: optional boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof: optional boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender: optional boolean

Messages from this sender will bypass all detections and link following

modified_at: optional string

formatdate-time

pattern: optional string

maxLength1024

minLength1

pattern_type: optional "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: optional boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyEditResponse object { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid

created_at: string

formatdate-time

Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

comments: optional string

maxLength1024

is_acceptable_sender: optional boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: optional boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient: optional boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex: optional boolean

Deprecatedis_sender: optional boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof: optional boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender: optional boolean

Messages from this sender will bypass all detections and link following

modified_at: optional string

formatdate-time

pattern: optional string

maxLength1024

minLength1

pattern_type: optional "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: optional boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyDeleteResponse object { id }

id: string

Allow policy identifier

formatuuid