Recipient Rules
The recipient rules guardrail controls who your AI agents can email. Use blocked and allowed lists to restrict email recipients by address or domain, and set limits on how many recipients can appear in a single email.
| Default | Disabled |
| Analysis method | Deterministic matching at SMTP level |
| Risk levels | Green / Orange / Red |
Note: This guardrail is disabled by default because it requires organization-specific configuration. Set up your blocked/allowed lists and recipient limits before enabling.
Configuration
Recipient rules are configured separately for To, CC, and BCC fields:
| Setting | Description |
|---|---|
| Blocked addresses | Specific email addresses that are always blocked (red) |
| Blocked domains | Entire domains that are always blocked (red) |
| Allowed addresses | If set, only these addresses are permitted (red if not matched) |
| Allowed domains | If set, only these domains are permitted (red if not matched) |
| Max count | Maximum recipients per field (orange if exceeded) |
| CC allowed | Whether CC recipients are permitted at all |
| BCC allowed | Whether BCC recipients are permitted at all |
How it works
- Blocked lists are deny lists — any match is a red flag
- Allowed lists are allow lists — if set, anything not on the list is a red flag
- You can use both: allowed lists define the permitted scope, blocked lists add exceptions within it
- Max count prevents mass-emailing by limiting recipients per field
Use cases
Restrict to known customers — Set allowed domains to your customer domains. Your AI agents can only email people at companies you do business with.
Block competitors — Add competitor domains to the blocked list to prevent your AI agents from accidentally emailing them.
Prevent mass-CC — Set max CC count to 3 and disable BCC entirely. Your agents can't accidentally blast a group email to dozens of recipients.
Internal-only protection — Block your own internal domains to prevent AI agents from emailing employees (useful when agents should only communicate externally).
Example
You configure:
- Allowed domains:
acmecorp.com,bigclient.org - Blocked addresses:
ceo@acmecorp.com - Max To count: 5
- BCC allowed: No
Your AI agent tries to send an email to ceo@acmecorp.com — blocked (specific address). It tries to email info@randomcompany.com — blocked (domain not in allowed list). It sends to support@acmecorp.com with 3 people in CC — allowed. It tries to BCC someone — blocked.