Configuring the Email Allowlist

Control which email addresses can be used in your workflows.

Overview

The email allowlist is a workspace-level safety control that limits which recipient addresses the Send Email node and email-sending connector tools are allowed to send to. It exists to prevent test workflows from accidentally emailing real customers, and to keep production workflows from drifting onto unapproved addresses during development.

The allowlist applies to every workflow in the workspace and every member who can edit them. It's enforced at execution time, not at design time, so a workflow can be saved with any recipient but will fail at the send step if that recipient isn't permitted.

Before You Start

  • You must be a workspace admin to change allowlist settings.
  • Decide whether the workspace is for testing (use an allowlist), production (turn it off, or allowlist only internal domains), or mixed.

Steps

  1. Open Settings -> General.
  2. Scroll to the Email Allowlist section.
  3. Pick a mode: Allow all (no restriction) or Allowlist only (enforce the list below).
  4. If you chose Allowlist only, add entries. Each entry can be a full address (alice@example.com) or a domain (@example.com matches every address on that domain).
  5. Click Save. The setting takes effect on the next workflow execution.

Allowlist Entry Formats

  • Full address - user@example.com. Matches that address exactly.
  • Domain - @example.com. Matches any address on that domain.
  • Subdomain - @dev.example.com. Only matches the subdomain, not the parent.

Tips

  • Keep a separate workspace for development with the allowlist locked to internal addresses; promote workflows to a production workspace where the allowlist is opened up.
  • Add your own email and a shared QA inbox as the first entries so test runs have somewhere safe to land.
  • Pair the allowlist with workflow notifications so blocked sends surface as failures you can investigate.

Common Pitfalls

  • The allowlist blocks the email at send time, which counts as a workflow failure. Make sure error handling won't loop on the same failed send.
  • Domain entries are exact match on the suffix. @example.com does not cover @mail.example.com.
  • Allowlist changes don't retroactively pause already-queued sends. Disable affected workflows first if you need an immediate halt.

Related Articles

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.