Custom Authentication Rules

​

Authentication Options

When creating or updating an inbox, you can specify the following authentication options:

• allow_cc: bool If true, emails that contain the inbox email address in the Cc field will be marked valid

• allow_bcc: bool If true, emails that contain the inbox email address in the Bcc field will be marked valid

• spf_pass_required: bool If true, emails need to pass the SPF check to be marked valid. See here for more information on SPF

• dkim_pass_required: bool If true, emails need to pass the DKIM check to be marked valid. See here for more information on DKIM

• dmarc_pass_required: bool If true, emails need to pass the DMARC check to be marked valid. See here for more information on DMARC

• allowed_from_addresses: {addresses: list[str], domains: list[str]} A list of addresses and domains that are allowed to send emails to the inbox. If the field is null, or the addresses and domains fields are both empty lists, all from addresses are allowed. There is currently no wildcard support for allowed_from_addresses

• blocked_from_addresses: {addresses: list[str], domains: list[str]} A list of addresses and domains that are blocked from sending emails to the inbox. If the field is null, or the addresses and domains fields are both empty lists, all from addresses are allowed. There is currently no wildcard support for blocked_from_addresses

If any single authentication check fails, the email will be marked as invalid, regardless of the other checks it passes. Any email marked as invalid will only have the headers parsed and will not trigger a webhook (if specified for that inbox). You can view any invalid emails by setting the valid_only query parameter to false in the get emails endpoint or by unchecking the Valid Only switch in the UI.

​

Manually Marking an Email as Valid or Invalid

If you want to change the status of an email, you can mark it as valid or invalid by using the mark email endpoint or clicking the button next to the email in the UI. Once an email is marked as valid, its content will be parsed and a webhook will be triggered (if specified for that inbox).