Skip to content
Cloudflare API
Start here
API Reference
Email Security
Settings

Allow Policies

List email allow policies
client.emailSecurity.settings.allowPolicies.list(AllowPolicyListParams { account_id, direction, is_acceptable_sender, 9 more } params, RequestOptionsoptions?): V4PagePaginationArray<AllowPolicyListResponse { id, created_at, last_modified, 12 more } >
GET/accounts/{account_id}/email-security/settings/allow_policies
Get an email allow policy
client.emailSecurity.settings.allowPolicies.get(stringpolicyId, AllowPolicyGetParams { account_id } params, RequestOptionsoptions?): AllowPolicyGetResponse { id, created_at, last_modified, 12 more }
GET/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}
Create email allow policy
client.emailSecurity.settings.allowPolicies.create(AllowPolicyCreateParams { account_id, is_acceptable_sender, is_exempt_recipient, 9 more } params, RequestOptionsoptions?): AllowPolicyCreateResponse { id, created_at, last_modified, 12 more }
POST/accounts/{account_id}/email-security/settings/allow_policies
Update an email allow policy
client.emailSecurity.settings.allowPolicies.edit(stringpolicyId, AllowPolicyEditParams { account_id, comments, is_acceptable_sender, 9 more } params, RequestOptionsoptions?): AllowPolicyEditResponse { id, created_at, last_modified, 12 more }
PATCH/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}
Delete an email allow policy
client.emailSecurity.settings.allowPolicies.delete(stringpolicyId, AllowPolicyDeleteParams { account_id } params, RequestOptionsoptions?): AllowPolicyDeleteResponse { id }
DELETE/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}
ModelsExpand Collapse
AllowPolicyListResponse { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid
created_at: string
formatdate-time
Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time
comments?: string | null
maxLength1024
is_acceptable_sender?: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient?: boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient?: boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex?: boolean
Deprecatedis_sender?: boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof?: boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender?: boolean

Messages from this sender will bypass all detections and link following

modified_at?: string
formatdate-time
pattern?: string
maxLength1024
minLength1
pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
verify_sender?: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyGetResponse { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid
created_at: string
formatdate-time
Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time
comments?: string | null
maxLength1024
is_acceptable_sender?: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient?: boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient?: boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex?: boolean
Deprecatedis_sender?: boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof?: boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender?: boolean

Messages from this sender will bypass all detections and link following

modified_at?: string
formatdate-time
pattern?: string
maxLength1024
minLength1
pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
verify_sender?: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyCreateResponse { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid
created_at: string
formatdate-time
Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time
comments?: string | null
maxLength1024
is_acceptable_sender?: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient?: boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient?: boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex?: boolean
Deprecatedis_sender?: boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof?: boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender?: boolean

Messages from this sender will bypass all detections and link following

modified_at?: string
formatdate-time
pattern?: string
maxLength1024
minLength1
pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
verify_sender?: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyEditResponse { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid
created_at: string
formatdate-time
Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time
comments?: string | null
maxLength1024
is_acceptable_sender?: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient?: boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient?: boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex?: boolean
Deprecatedis_sender?: boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof?: boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender?: boolean

Messages from this sender will bypass all detections and link following

modified_at?: string
formatdate-time
pattern?: string
maxLength1024
minLength1
pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
verify_sender?: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyDeleteResponse { id }
id: string

Allow policy identifier

formatuuid