Skip to content
Cloudflare API
Start here
API Reference
Email Security
Settings
Sending Domain Restrictions

Create a sending domain restriction

client.EmailSecurity.Settings.SendingDomainRestrictions.New(ctx, params) (*SettingSendingDomainRestrictionNewResponse, error)
POST/accounts/{account_id}/email-security/settings/sending_domain_restrictions

Creates a new sending domain restriction to enforce TLS requirements for a domain. Emails without TLS from this domain will be dropped unless the subdomain is in the exclude list.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Cloud Email Security: Write
ParametersExpand Collapse
params SettingSendingDomainRestrictionNewParams
AccountID param.Field[string]

Path param: Identifier.

maxLength32
Domain param.Field[string]

Body param: Domain that requires TLS enforcement.

Exclude param.Field[[]string]

Body param: Excluded subdomains that are exempt from TLS requirements.

Comments param.Field[string]Optional

Body param

maxLength1024
ReturnsExpand Collapse
type SettingSendingDomainRestrictionNewResponse struct{…}

A sending domain restriction that enforces TLS (Transport Layer Security) requirements for emails from specific domains. If TLS is required, mail without TLS from the specified domain will be dropped.

ID stringOptional

Sending domain restriction identifier.

formatuuid
Comments stringOptional
maxLength1024
CreatedAt TimeOptional
formatdate-time
Domain stringOptional

Domain that requires TLS enforcement.

Exclude []stringOptional

Excluded subdomains that are exempt from TLS requirements.

DeprecatedLastModified TimeOptional

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time
ModifiedAt TimeOptional
formatdate-time

Create a sending domain restriction

package main

import (
  "context"
  "fmt"

  "github.com/stainless-sdks/cloudflare-go"
  "github.com/stainless-sdks/cloudflare-go/email_security"
  "github.com/stainless-sdks/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  sendingDomainRestriction, err := client.EmailSecurity.Settings.SendingDomainRestrictions.New(context.TODO(), email_security.SettingSendingDomainRestrictionNewParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    Domain: cloudflare.F("example.com"),
    Exclude: cloudflare.F([]string{"subdomain.example.com"}),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", sendingDomainRestriction.ID)
}

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "comments": "Enforce TLS for all mail from this domain",
    "created_at": "2014-01-01T05:20:00.12345Z",
    "domain": "example.com",
    "exclude": [
      "subdomain.example.com"
    ],
    "last_modified": "2014-01-01T05:20:00.12345Z",
    "modified_at": "2014-01-01T05:20:00.12345Z"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "comments": "Enforce TLS for all mail from this domain",
    "created_at": "2014-01-01T05:20:00.12345Z",
    "domain": "example.com",
    "exclude": [
      "subdomain.example.com"
    ],
    "last_modified": "2014-01-01T05:20:00.12345Z",
    "modified_at": "2014-01-01T05:20:00.12345Z"
  }
}