Skip to content

EmailSecurityAllowPolicy

Source: src/Cloudflare/EmailSecurity/AllowPolicy.ts

A Cloudflare Email Security (Area 1) allow policy — exempts messages matching a sender/recipient pattern from detections.

All fields are mutable in place. Requires the Email Security enterprise add-on; accounts without the entitlement receive the typed EmailSecurityNotEntitled error.

Creating an Allow Policy

Section titled “Creating an Allow Policy”

Acceptable sender by email address

yield* Cloudflare.EmailSecurityAllowPolicy("NewsletterSender", {
  pattern: "news@partner.example.com",
  patternType: "EMAIL",
  isAcceptableSender: true,
});

Trusted sender domain (bypasses all detections)

yield* Cloudflare.EmailSecurityAllowPolicy("TrustedPartner", {
  pattern: "partner.example.com",
  patternType: "DOMAIN",
  isTrustedSender: true,
  comments: "contractually trusted partner",
});

Exempt recipient

// Messages delivered to the abuse mailbox must never be filtered.
yield* Cloudflare.EmailSecurityAllowPolicy("AbuseMailbox", {
  pattern: "abuse@example.com",
  patternType: "EMAIL",
  isExemptRecipient: true,
  verifySender: false,
});