API Reference

Email Security

Settings

Allow Policies

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

List email allow policies

email_security.settings.allow_policies.list(AllowPolicyListParams**kwargs) -> SyncV4PagePaginationArray[AllowPolicyListResponse]

GET/accounts/{account_id}/email-security/settings/allow_policies

Returns a paginated list of email allow policies. These policies exempt matching emails from security detection, allowing them to bypass disposition actions. Supports filtering by pattern type and policy attributes.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Cloud Email Security: WriteCloud Email Security: Read

ParametersExpand Collapse

account_id: str

Identifier.

maxLength32

direction: Optional[Literal["asc", "desc"]]

The sorting direction.

One of the following:

"asc"

"desc"

is_acceptable_sender: Optional[bool]

Filter to show only policies where messages from the sender are exempted from Spam, Spoof, and Bulk dispositions (not Malicious or Suspicious).

is_exempt_recipient: Optional[bool]

Filter to show only policies where messages to the recipient bypass all detections.

is_trusted_sender: Optional[bool]

Filter to show only policies where messages from the sender bypass all detections and link following.

order: Optional[Literal["pattern", "created_at"]]

Field to sort by.

One of the following:

"pattern"

"created_at"

page: Optional[int]

Current page within paginated list of results.

minimum1

pattern: Optional[str]

pattern_type: Optional[Literal["EMAIL", "DOMAIN", "IP", "UNKNOWN"]]

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

per_page: Optional[int]

The number of results per page. Maximum value is 1000.

maximum1000

minimum1

search: Optional[str]

Search term for filtering records. Behavior may change.

verify_sender: Optional[bool]

Filter to show only policies that enforce DMARC, SPF, or DKIM authentication.

ReturnsExpand Collapse

class AllowPolicyListResponse: …

An email allow policy

id: str

Allow policy identifier

formatuuid

created_at: datetime

formatdate-time

Deprecatedlast_modified: datetime

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

comments: Optional[str]

maxLength1024

is_acceptable_sender: Optional[bool]

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: Optional[bool]

Messages to this recipient will bypass all detections

Deprecatedis_recipient: Optional[bool]

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex: Optional[bool]

Deprecatedis_sender: Optional[bool]

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof: Optional[bool]

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender: Optional[bool]

Messages from this sender will bypass all detections and link following

modified_at: Optional[datetime]

formatdate-time

pattern: Optional[str]

maxLength1024

minLength1

pattern_type: Optional[Literal["EMAIL", "DOMAIN", "IP", "UNKNOWN"]]

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: Optional[bool]

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

List email allow policies

Python

HTTP

TypeScript

Python

Go

Terraform

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
page = client.email_security.settings.allow_policies.list(
    account_id="023e105f4ecef8ad9ca31a8372d0c353",
)
page = page.result[0]
print(page.id)

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "created_at": "2014-01-01T05:20:00.12345Z",
      "last_modified": "2014-01-01T05:20:00.12345Z",
      "comments": "Trust all messages send from test@example.com",
      "is_acceptable_sender": false,
      "is_exempt_recipient": false,
      "is_recipient": false,
      "is_regex": false,
      "is_sender": true,
      "is_spoof": false,
      "is_trusted_sender": true,
      "modified_at": "2014-01-01T05:20:00.12345Z",
      "pattern": "test@example.com",
      "pattern_type": "EMAIL",
      "verify_sender": true
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": [
    {
      "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
      "created_at": "2014-01-01T05:20:00.12345Z",
      "last_modified": "2014-01-01T05:20:00.12345Z",
      "comments": "Trust all messages send from test@example.com",
      "is_acceptable_sender": false,
      "is_exempt_recipient": false,
      "is_recipient": false,
      "is_regex": false,
      "is_sender": true,
      "is_spoof": false,
      "is_trusted_sender": true,
      "modified_at": "2014-01-01T05:20:00.12345Z",
      "pattern": "test@example.com",
      "pattern_type": "EMAIL",
      "verify_sender": true
    }
  ],
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}