--- layout: article title: Email policies description: Control which email addresses can sign up for your Appwrite project by blocking free, aliased, or disposable email providers from the Console or Project API. --- Email policies let you restrict which email addresses can be used for user creation and email updates on a project. Each policy is an independent toggle that runs at sign-up time and when an existing user changes their email. Policies do not affect session creation, so existing users can still sign in if their address would not pass the current policy. Three policies are available: | Policy | Blocks | Example | | --- | --- | --- | | Deny free emails | Addresses from free email providers | `user@gmail.com` | | Deny aliased emails | Addresses with aliases, tags, subaddresses, or any provider-specific variation | `user+folder1@gmail.com` | | Deny disposable emails | Temporary and disposable email providers | `alex9734@mailinator.com` | Policies can be configured from the Appwrite Console or programmatically through any server SDK using the Project service. # Manage from the Console {% #manage-console %} {% only_dark %} ![Email policies card in the Appwrite Console](/images/docs/auth/email-policies/dark/policies.avif) {% /only_dark %} {% only_light %} ![Email policies card in the Appwrite Console](/images/docs/auth/email-policies/policies.avif) {% /only_light %} To configure email policies manually: 1. Open your project in the Appwrite Console. 2. Navigate to **Auth** in the sidebar. 3. Open the **Security** tab. 4. In the **Email policies** card, toggle the policies you want to enable. 5. Click **Update** to apply the changes. # Manage from the SDK {% #manage-sdk %} Each policy has its own method on the Project service. The body is always an `enabled` boolean. {% info title="Required scope" %} The API key used for these calls needs the `policies.write` scope. {% /info %} ## Deny free emails {% #deny-free-emails %} When enabled, sign-ups and email updates using addresses from free email providers such as Gmail or Yahoo are rejected. {% multicode %} ```server-nodejs import { Client, Project } from 'node-appwrite'; const client = new Client() .setEndpoint('https://.cloud.appwrite.io/v1') .setProject('') .setKey(''); const project = new Project(client); const result = await project.updateDenyFreeEmailPolicy({ enabled: true }); ``` ```server-deno import { Client, Project } from "npm:node-appwrite"; const client = new Client() .setEndpoint('https://.cloud.appwrite.io/v1') .setProject('') .setKey(''); const project = new Project(client); const result = await project.updateDenyFreeEmailPolicy({ enabled: true }); ``` ```server-php setEndpoint('https://.cloud.appwrite.io/v1') ->setProject('') ->setKey(''); $project = new Project($client); $result = $project->updateDenyFreeEmailPolicy( enabled: true ); ``` ```server-python from appwrite.client import Client from appwrite.services.project import Project client = Client() client.set_endpoint('https://.cloud.appwrite.io/v1') client.set_project('') client.set_key('') project = Project(client) result = project.update_deny_free_email_policy( enabled = True ) ``` ```server-ruby require 'appwrite' include Appwrite client = Client.new .set_endpoint('https://.cloud.appwrite.io/v1') .set_project('') .set_key('') project = Project.new(client) response = project.update_deny_free_email_policy( enabled: true ) ``` ```server-dotnet using Appwrite; using Appwrite.Services; Client client = new Client() .SetEndPoint("https://.cloud.appwrite.io/v1") .SetProject("") .SetKey(""); Project project = new Project(client); var result = await project.UpdateDenyFreeEmailPolicy( enabled: true ); ``` ```server-dart import 'package:dart_appwrite/dart_appwrite.dart'; Client client = Client() .setEndpoint('https://.cloud.appwrite.io/v1') .setProject('') .setKey(''); Project project = Project(client); final result = await project.updateDenyFreeEmailPolicy( enabled: true, ); ``` ```server-kotlin import io.appwrite.Client import io.appwrite.services.Project val client = Client() .setEndpoint("https://.cloud.appwrite.io/v1") .setProject("") .setKey("") val project = Project(client) val response = project.updateDenyFreeEmailPolicy( enabled = true ) ``` ```server-java import io.appwrite.Client; import io.appwrite.coroutines.CoroutineCallback; import io.appwrite.services.Project; Client client = new Client() .setEndpoint("https://.cloud.appwrite.io/v1") .setProject("") .setKey(""); Project project = new Project(client); project.updateDenyFreeEmailPolicy( true, // enabled new CoroutineCallback<>((result, error) -> { if (error != null) { error.printStackTrace(); return; } System.out.println(result); }) ); ``` ```server-swift import Appwrite let client = Client() .setEndpoint("https://.cloud.appwrite.io/v1") .setProject("") .setKey("") let project = Project(client) let result = try await project.updateDenyFreeEmailPolicy( enabled: true ) ``` ```server-go package main import ( "fmt" "github.com/appwrite/sdk-for-go/appwrite" ) func main() { client := appwrite.NewClient( appwrite.WithEndpoint("https://.cloud.appwrite.io/v1"), appwrite.WithProject(""), appwrite.WithKey(""), ) service := appwrite.NewProject(client) result, err := service.UpdateDenyFreeEmailPolicy(true) if err != nil { panic(err) } fmt.Println(result) } ``` ```server-rust use appwrite::Client; use appwrite::services::project::Project; #[tokio::main] async fn main() -> Result<(), Box> { let client = Client::new() .set_endpoint("https://.cloud.appwrite.io/v1") .set_project("") .set_key(""); let project = Project::new(&client); let result = project.update_deny_free_email_policy(true).await?; println!("{:?}", result); Ok(()) } ``` ```bash appwrite project update-deny-free-email-policy --enabled true ``` {% /multicode %} ## Deny aliased emails {% #deny-aliased-emails %} When enabled, sign-ups and email updates using addresses with aliases, tags, subaddresses, or any other provider-specific variation are rejected. {% multicode %} ```server-nodejs import { Client, Project } from 'node-appwrite'; const client = new Client() .setEndpoint('https://.cloud.appwrite.io/v1') .setProject('') .setKey(''); const project = new Project(client); const result = await project.updateDenyAliasedEmailPolicy({ enabled: true }); ``` ```server-deno import { Client, Project } from "npm:node-appwrite"; const client = new Client() .setEndpoint('https://.cloud.appwrite.io/v1') .setProject('') .setKey(''); const project = new Project(client); const result = await project.updateDenyAliasedEmailPolicy({ enabled: true }); ``` ```server-php setEndpoint('https://.cloud.appwrite.io/v1') ->setProject('') ->setKey(''); $project = new Project($client); $result = $project->updateDenyAliasedEmailPolicy( enabled: true ); ``` ```server-python from appwrite.client import Client from appwrite.services.project import Project client = Client() client.set_endpoint('https://.cloud.appwrite.io/v1') client.set_project('') client.set_key('') project = Project(client) result = project.update_deny_aliased_email_policy( enabled = True ) ``` ```server-ruby require 'appwrite' include Appwrite client = Client.new .set_endpoint('https://.cloud.appwrite.io/v1') .set_project('') .set_key('') project = Project.new(client) response = project.update_deny_aliased_email_policy( enabled: true ) ``` ```server-dotnet using Appwrite; using Appwrite.Services; Client client = new Client() .SetEndPoint("https://.cloud.appwrite.io/v1") .SetProject("") .SetKey(""); Project project = new Project(client); var result = await project.UpdateDenyAliasedEmailPolicy( enabled: true ); ``` ```server-dart import 'package:dart_appwrite/dart_appwrite.dart'; Client client = Client() .setEndpoint('https://.cloud.appwrite.io/v1') .setProject('') .setKey(''); Project project = Project(client); final result = await project.updateDenyAliasedEmailPolicy( enabled: true, ); ``` ```server-kotlin import io.appwrite.Client import io.appwrite.services.Project val client = Client() .setEndpoint("https://.cloud.appwrite.io/v1") .setProject("") .setKey("") val project = Project(client) val response = project.updateDenyAliasedEmailPolicy( enabled = true ) ``` ```server-java import io.appwrite.Client; import io.appwrite.coroutines.CoroutineCallback; import io.appwrite.services.Project; Client client = new Client() .setEndpoint("https://.cloud.appwrite.io/v1") .setProject("") .setKey(""); Project project = new Project(client); project.updateDenyAliasedEmailPolicy( true, // enabled new CoroutineCallback<>((result, error) -> { if (error != null) { error.printStackTrace(); return; } System.out.println(result); }) ); ``` ```server-swift import Appwrite let client = Client() .setEndpoint("https://.cloud.appwrite.io/v1") .setProject("") .setKey("") let project = Project(client) let result = try await project.updateDenyAliasedEmailPolicy( enabled: true ) ``` ```server-go package main import ( "fmt" "github.com/appwrite/sdk-for-go/appwrite" ) func main() { client := appwrite.NewClient( appwrite.WithEndpoint("https://.cloud.appwrite.io/v1"), appwrite.WithProject(""), appwrite.WithKey(""), ) service := appwrite.NewProject(client) result, err := service.UpdateDenyAliasedEmailPolicy(true) if err != nil { panic(err) } fmt.Println(result) } ``` ```server-rust use appwrite::Client; use appwrite::services::project::Project; #[tokio::main] async fn main() -> Result<(), Box> { let client = Client::new() .set_endpoint("https://.cloud.appwrite.io/v1") .set_project("") .set_key(""); let project = Project::new(&client); let result = project.update_deny_aliased_email_policy(true).await?; println!("{:?}", result); Ok(()) } ``` ```bash appwrite project update-deny-canonical-email-policy --enabled true ``` {% /multicode %} ## Deny disposable emails {% #deny-disposable-emails %} When enabled, sign-ups and email updates using addresses from known temporary or disposable providers are rejected. {% multicode %} ```server-nodejs import { Client, Project } from 'node-appwrite'; const client = new Client() .setEndpoint('https://.cloud.appwrite.io/v1') .setProject('') .setKey(''); const project = new Project(client); const result = await project.updateDenyDisposableEmailPolicy({ enabled: true }); ``` ```server-deno import { Client, Project } from "npm:node-appwrite"; const client = new Client() .setEndpoint('https://.cloud.appwrite.io/v1') .setProject('') .setKey(''); const project = new Project(client); const result = await project.updateDenyDisposableEmailPolicy({ enabled: true }); ``` ```server-php setEndpoint('https://.cloud.appwrite.io/v1') ->setProject('') ->setKey(''); $project = new Project($client); $result = $project->updateDenyDisposableEmailPolicy( enabled: true ); ``` ```server-python from appwrite.client import Client from appwrite.services.project import Project client = Client() client.set_endpoint('https://.cloud.appwrite.io/v1') client.set_project('') client.set_key('') project = Project(client) result = project.update_deny_disposable_email_policy( enabled = True ) ``` ```server-ruby require 'appwrite' include Appwrite client = Client.new .set_endpoint('https://.cloud.appwrite.io/v1') .set_project('') .set_key('') project = Project.new(client) response = project.update_deny_disposable_email_policy( enabled: true ) ``` ```server-dotnet using Appwrite; using Appwrite.Services; Client client = new Client() .SetEndPoint("https://.cloud.appwrite.io/v1") .SetProject("") .SetKey(""); Project project = new Project(client); var result = await project.UpdateDenyDisposableEmailPolicy( enabled: true ); ``` ```server-dart import 'package:dart_appwrite/dart_appwrite.dart'; Client client = Client() .setEndpoint('https://.cloud.appwrite.io/v1') .setProject('') .setKey(''); Project project = Project(client); final result = await project.updateDenyDisposableEmailPolicy( enabled: true, ); ``` ```server-kotlin import io.appwrite.Client import io.appwrite.services.Project val client = Client() .setEndpoint("https://.cloud.appwrite.io/v1") .setProject("") .setKey("") val project = Project(client) val response = project.updateDenyDisposableEmailPolicy( enabled = true ) ``` ```server-java import io.appwrite.Client; import io.appwrite.coroutines.CoroutineCallback; import io.appwrite.services.Project; Client client = new Client() .setEndpoint("https://.cloud.appwrite.io/v1") .setProject("") .setKey(""); Project project = new Project(client); project.updateDenyDisposableEmailPolicy( true, // enabled new CoroutineCallback<>((result, error) -> { if (error != null) { error.printStackTrace(); return; } System.out.println(result); }) ); ``` ```server-swift import Appwrite let client = Client() .setEndpoint("https://.cloud.appwrite.io/v1") .setProject("") .setKey("") let project = Project(client) let result = try await project.updateDenyDisposableEmailPolicy( enabled: true ) ``` ```server-go package main import ( "fmt" "github.com/appwrite/sdk-for-go/appwrite" ) func main() { client := appwrite.NewClient( appwrite.WithEndpoint("https://.cloud.appwrite.io/v1"), appwrite.WithProject(""), appwrite.WithKey(""), ) service := appwrite.NewProject(client) result, err := service.UpdateDenyDisposableEmailPolicy(true) if err != nil { panic(err) } fmt.Println(result) } ``` ```server-rust use appwrite::Client; use appwrite::services::project::Project; #[tokio::main] async fn main() -> Result<(), Box> { let client = Client::new() .set_endpoint("https://.cloud.appwrite.io/v1") .set_project("") .set_key(""); let project = Project::new(&client); let result = project.update_deny_disposable_email_policy(true).await?; println!("{:?}", result); Ok(()) } ``` ```bash appwrite project update-deny-disposable-email-policy --enabled true ``` {% /multicode %} # Benefits {% #benefits %} Enabling email policies on your project provides: - **Higher quality user data**: Block low-effort or throw-away addresses so the accounts that do sign up represent real users you can reach later - **Lower spam and abuse**: Cut down on bot signups, trial abuse, and duplicate accounts created with subaddresses of the same inbox - **Stronger business rules**: Enforce work-email-only access on products that aren't meant for personal Gmail or Yahoo accounts - **Less downstream cleanup**: Reduce the bounced emails, unreachable users, and support tickets that come from invalid addresses making it into your database