sending_domain_restrictions

Creates, updates, deletes, gets or lists a sending_domain_restrictions resource.

Overview

Name	`sending_domain_restrictions`
Type	Resource
Id	`cloudflare.email_security.sending_domain_restrictions`

Fields

The following fields are returned by SELECT queries:

get
list

Sending domain restriction details

Name	Datatype	Description
`id`	`string (uuid)`	Sending domain restriction identifier. (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415, title: identifier)
`comments`	`string`	(example: Enforce TLS for all mail from this domain)
`created_at`	`string (date-time)`	(example: 2014-01-01T05:20:00.12345Z)
`domain`	`string`	Domain that requires TLS enforcement. (example: example.com)
`exclude`	`array`	Excluded subdomains that are exempt from TLS requirements.
`last_modified`	`string (date-time)`	Deprecated, use `modified_at` instead. End of life: November 1, 2026. (example: 2014-01-01T05:20:00.12345Z)
`modified_at`	`string (date-time)`	(example: 2014-01-01T05:20:00.12345Z)

List of sending domain restrictions

Name	Datatype	Description
`id`	`string (uuid)`	Sending domain restriction identifier. (example: f174e90a-fafe-4643-bbbc-4a0ed4fc8415, title: identifier)
`comments`	`string`	(example: Enforce TLS for all mail from this domain)
`created_at`	`string (date-time)`	(example: 2014-01-01T05:20:00.12345Z)
`domain`	`string`	Domain that requires TLS enforcement. (example: example.com)
`exclude`	`array`	Excluded subdomains that are exempt from TLS requirements.
`last_modified`	`string (date-time)`	Deprecated, use `modified_at` instead. End of life: November 1, 2026. (example: 2014-01-01T05:20:00.12345Z)
`modified_at`	`string (date-time)`	(example: 2014-01-01T05:20:00.12345Z)

Methods

The following methods are available for this resource:

Name	Accessible by	Required Params	Optional Params	Description
`get`	`select`	`account_id`, `sending_domain_restriction_id`		Retrieves details for a specific sending domain restriction including the domain requiring TLS and any excluded subdomains exempt from the TLS requirement.
`list`	`select`	`account_id`	`page`, `per_page`, `search`, `order`, `direction`	Returns a paginated list of sending domain restrictions. These restrictions enforce TLS requirements for emails from specific domains. Mail without TLS from restricted domains will be dropped unless the subdomain is in the exclude list. Supports sorting and searching.
`email_security_create_sending_domain_restriction`	`insert`	`account_id`		Creates a new sending domain restriction to enforce TLS requirements for a domain. Emails without TLS from this domain will be dropped unless the subdomain is in the exclude list.
`email_security_update_sending_domain_restriction`	`update`	`account_id`, `sending_domain_restriction_id`		Updates an existing sending domain restriction. Only provided fields will be modified. Changes affect which domains require TLS and which subdomains are excluded.
`email_security_delete_sending_domain_restriction`	`delete`	`account_id`, `sending_domain_restriction_id`		Removes a sending domain restriction. After deletion, TLS will no longer be enforced for emails from this domain.
`batch`	`exec`	`account_id`, `deletes`		Executes multiple delete operations on sending domain restrictions atomically. All operations succeed or fail together as a transaction. Currently only supports batch deletion. Removes TLS enforcement requirements for the specified domains.

Parameters

Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.

Name	Datatype	Description
`account_id`	`string`	The Cloudflare account ID.
`sending_domain_restriction_id`	`string (uuid)`
`direction`	`string`	The sorting direction.
`order`	`string`	Field to sort by.
`page`	`integer`	Current page within paginated list of results.
`per_page`	`integer`	The number of results per page. Maximum value is 1000.
`search`	`string`	Search term for filtering records. Behavior may change.

`SELECT` examples

get
list

Retrieves details for a specific sending domain restriction including the domain requiring TLS and any excluded subdomains exempt from the TLS requirement.

SELECT
id,
comments,
created_at,
domain,
exclude,
last_modified,
modified_at
FROM cloudflare.email_security.sending_domain_restrictions
WHERE account_id = '{{ account_id }}' -- required
AND sending_domain_restriction_id = '{{ sending_domain_restriction_id }}' -- required
;

Returns a paginated list of sending domain restrictions. These restrictions enforce TLS requirements for emails from specific domains. Mail without TLS from restricted domains will be dropped unless the subdomain is in the exclude list. Supports sorting and searching.

SELECT
id,
comments,
created_at,
domain,
exclude,
last_modified,
modified_at
FROM cloudflare.email_security.sending_domain_restrictions
WHERE account_id = '{{ account_id }}' -- required
AND page = '{{ page }}'
AND per_page = '{{ per_page }}'
AND search = '{{ search }}'
AND order = '{{ order }}'
AND direction = '{{ direction }}'
;

`INSERT` examples

email_security_create_sending_domain_restriction
Manifest

Creates a new sending domain restriction to enforce TLS requirements for a domain. Emails without TLS from this domain will be dropped unless the subdomain is in the exclude list.

INSERT INTO cloudflare.email_security.sending_domain_restrictions (
comments,
domain,
exclude,
account_id
)
SELECT 
'{{ comments }}',
'{{ domain }}',
'{{ exclude }}',
'{{ account_id }}'
RETURNING
errors,
messages,
result,
success
;

# Description fields are for documentation purposes
- name: sending_domain_restrictions
props:
  - name: account_id
    value: "{{ account_id }}"
    description: Required parameter for the sending_domain_restrictions resource.
  - name: comments
    value: "{{ comments }}"
  - name: domain
    value: "{{ domain }}"
    description: |
      Domain that requires TLS enforcement.
  - name: exclude
    value:
      - "{{ exclude }}"
    description: |
      Excluded subdomains that are exempt from TLS requirements.

`UPDATE` examples

email_security_update_sending_domain_restriction

Updates an existing sending domain restriction. Only provided fields will be modified. Changes affect which domains require TLS and which subdomains are excluded.

UPDATE cloudflare.email_security.sending_domain_restrictions
SET 
comments = '{{ comments }}',
domain = '{{ domain }}',
exclude = '{{ exclude }}'
WHERE 
account_id = '{{ account_id }}' --required
AND sending_domain_restriction_id = '{{ sending_domain_restriction_id }}' --required
RETURNING
errors,
messages,
result,
success;

`DELETE` examples

email_security_delete_sending_domain_restriction

Removes a sending domain restriction. After deletion, TLS will no longer be enforced for emails from this domain.

DELETE FROM cloudflare.email_security.sending_domain_restrictions
WHERE account_id = '{{ account_id }}' --required
AND sending_domain_restriction_id = '{{ sending_domain_restriction_id }}' --required
;

Lifecycle Methods

batch

Executes multiple delete operations on sending domain restrictions atomically. All operations succeed or fail together as a transaction. Currently only supports batch deletion. Removes TLS enforcement requirements for the specified domains.

EXEC cloudflare.email_security.sending_domain_restrictions.batch 
@account_id='{{ account_id }}' --required 
@@json=
'{
"deletes": "{{ deletes }}"
}'
;

Overview​

Fields​

Methods​

Parameters​

SELECT examples​

INSERT examples​

UPDATE examples​

DELETE examples​

Lifecycle Methods​