API Reference

Email Security

Settings

Allow Policies

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Create an email allow policy

POST/accounts/{account_id}/email-security/settings/allow_policies

Creates a new email allow policy that permits specific senders, domains, or patterns to bypass security scanning.

Security

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Cloud Email Security: Write

Path ParametersExpand Collapse

account_id: optional string

Account Identifier

maxLength32

minLength32

Body ParametersJSONExpand Collapse

is_acceptable_sender: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: boolean

Messages to this recipient will bypass all detections.

is_regex: boolean

is_trusted_sender: boolean

Messages from this sender will bypass all detections and link following.

pattern: string

maxLength1024

minLength1

pattern_type: "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

comments: optional string

maxLength1024

Deprecatedis_recipient: optional boolean

Deprecatedis_sender: optional boolean

Deprecatedis_spoof: optional boolean

ReturnsExpand Collapse

errors: array of ResponseInfo { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

messages: array of ResponseInfo { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

result: object { id, created_at, is_acceptable_sender, 11 more }

id: number

The unique identifier for the allow policy.

formatint32

created_at: string

formatdate-time

is_acceptable_sender: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: boolean

Messages to this recipient will bypass all detections.

is_regex: boolean

is_trusted_sender: boolean

Messages from this sender will bypass all detections and link following.

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

pattern_type: "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

comments: optional string

maxLength1024

Deprecatedis_recipient: optional boolean

Deprecatedis_sender: optional boolean

Deprecatedis_spoof: optional boolean

success: boolean

Create an email allow policy

HTTP

HTTP

TypeScript

Python

Go

Terraform

curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/email-security/settings/allow_policies \
    -H 'Content-Type: application/json' \
    -H "X-Auth-Email: $CLOUDFLARE_EMAIL" \
    -H "X-Auth-Key: $CLOUDFLARE_API_KEY" \
    -d '{
          "is_acceptable_sender": false,
          "is_exempt_recipient": false,
          "is_regex": false,
          "is_trusted_sender": true,
          "pattern": "test@example.com",
          "pattern_type": "EMAIL",
          "verify_sender": true
        }'

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": 2401,
    "created_at": "2019-12-27T18:11:19.117Z",
    "is_acceptable_sender": true,
    "is_exempt_recipient": true,
    "is_regex": true,
    "is_trusted_sender": true,
    "last_modified": "2019-12-27T18:11:19.117Z",
    "pattern": "x",
    "pattern_type": "EMAIL",
    "verify_sender": true,
    "comments": "comments",
    "is_recipient": true,
    "is_sender": true,
    "is_spoof": true
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": 2401,
    "created_at": "2019-12-27T18:11:19.117Z",
    "is_acceptable_sender": true,
    "is_exempt_recipient": true,
    "is_regex": true,
    "is_trusted_sender": true,
    "last_modified": "2019-12-27T18:11:19.117Z",
    "pattern": "x",
    "pattern_type": "EMAIL",
    "verify_sender": true,
    "comments": "comments",
    "is_recipient": true,
    "is_sender": true,
    "is_spoof": true
  },
  "success": true
}