Real-world examples with ready-to-use configs. Find your scenario, copy the TOML, and start protecting email access in minutes.
Let an AI agent read invoices from a dedicated folder — but nothing else. No access to personal emails, HR documents, or outbound sending.
[[rules]] name = "AI reads invoices only" folders = ["Invoices", "Invoices/**"] operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Block everything else" action = "deny"
Your AI drafts replies and sends them — but every outbound email must be approved by a human first. Read access is unlimited, sending requires the ask action.
[[rules]] name = "AI can read all email" operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Outbound requires approval" operations = ["mail:send"] action = "ask" ask_groups = ["manager"] [ask.groups.manager] recipients = ["manager@company.com"] [[rules]] name = "Deny everything else" action = "deny"
An AI handles tier-1 support. It reads the Support inbox and can reply to customers — but internal emails and other folders are invisible.
[[rules]] name = "Read support inbox" folders = ["Support", "Support/**"] operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Reply to customers" from = "support@company.com" operations = ["mail:send"] action = "allow" [[rules]] name = "Block all other access" action = "deny"
Extract order confirmations, shipping notifications, or receipts from specific senders. Completely read-only — no sending, deleting, or modifying allowed.
[[rules]] name = "Read order confirmations" from = "*@amazon.com" operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Read shipping updates" from = "*@ups.com" operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Read receipts" from = "*@stripe.com" operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Deny everything else" action = "deny"
Your pipeline reads deployment alerts and error notifications from specific senders. No access to anything else on the shared inbox.
[[rules]] name = "Read GitHub alerts" from = "*@github.com" folders = ["Alerts", "Alerts/**"] operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Read Sentry alerts" from = "*@sentry.io" operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Block everything else" action = "deny"
Your CI pipeline sends deployment status emails to the team — only to internal addresses, never to customers or external recipients.
[[rules]] name = "Send to team only" to = "*@company.com" operations = ["mail:send"] action = "allow" [[rules]] name = "Block external sends + all reads" action = "deny"
A script reads error report emails and creates Jira tickets. Read-only access to a single folder, with the ability to mark processed emails as read.
[[rules]] name = "Read and flag error reports" folders = ["Error-Reports"] operations = ["mail:read", "mail:update", "folder:read"] action = "allow" [[rules]] name = "Block everything else" action = "deny"
Grafana or a custom dashboard pulls alert emails from monitoring services. Read access only — can also move processed alerts to an archive folder.
[[rules]] name = "Read monitoring alerts" folders = ["Monitoring", "Monitoring/**"] operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Archive processed alerts" folders = ["Monitoring", "Archive"] operations = ["mail:move", "folder:read"] action = "allow" [[rules]] name = "Deny everything else" action = "deny"
Your VA manages scheduling and client communication. They can read and reply within specific folders, but deleting emails or accessing personal folders is blocked.
[[rules]] name = "VA reads work folders" folders = ["Clients", "Clients/**", "Scheduling"] operations = ["mail:read", "mail:update", "folder:read"] action = "allow" [[rules]] name = "VA sends to clients" to = "*@*" operations = ["mail:send"] action = "ask" ask_groups = ["owner"] [ask.groups.owner] recipients = ["you@company.com"] [[rules]] name = "Block personal folders + deletes" action = "deny"
Your external bookkeeper needs invoice and receipt emails. Give them read-only access to financial folders — nothing else is visible.
[[rules]] name = "Read financial emails" folders = ["Invoices", "Receipts", "Finance/**"] operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Block everything else" action = "deny"
Your social media contractor manages platform notifications. They see emails from social platforms only. Outbound emails go through approval so they can't impersonate the company.
[[rules]] name = "Read social platform emails" from = "*@twitter.com" operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Read LinkedIn notifications" from = "*@linkedin.com" operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Approve outbound emails" operations = ["mail:send"] action = "ask" ask_groups = ["marketing-lead"] [ask.groups.marketing-lead] recipients = ["marketing@company.com"] [[rules]] name = "Deny everything else" action = "deny"
Give a temp worker access to project-specific emails. They can read and reply within the project folder. No access to company-wide emails or other projects.
[[rules]] name = "Access project emails" folders = ["Projects/Website-Redesign/**"] operations = ["mail:read", "mail:update", "folder:read"] action = "allow" [[rules]] name = "Send to project team" to = "*@company.com" operations = ["mail:send"] action = "allow" [[rules]] name = "Block all other access" action = "deny"
Compliance requires email retention for 7 years. Block all deletion across the organization — emails can be read and organized, but never permanently deleted.
[[rules]] name = "Allow all reads + organizing" operations = ["mail:read", "mail:update", "mail:copy"] "folder:read", "folder:create", "folder:rename"] action = "allow" [[rules]] name = "Allow sending" operations = ["mail:send"] action = "allow" [[rules]] name = "Block all deletion" action = "deny"
In regulated industries, outbound client communication must be reviewed. All external emails go through legal approval before being sent.
[[rules]] name = "Internal emails OK" to = "*@company.com" operations = ["mail:send"] action = "allow" [[rules]] name = "External emails need legal review" operations = ["mail:send"] action = "ask" ask_groups = ["legal"] [ask.groups.legal] recipients = ["legal@company.com", "compliance@company.com"] [[rules]] name = "Full read access" operations = ["read"] action = "allow" [[rules]] name = "Deny deletes" action = "deny"
Medical staff can access patient communication folders. AI tools can only read anonymized reports. All external communication requires supervisor approval.
[[rules]] name = "Read patient communication" folders = ["Patients/**"] operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Read anonymized reports" folders = ["Reports/Anonymized"] operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "External sends need approval" operations = ["mail:send"] action = "ask" ask_groups = ["supervisor"] [ask.groups.supervisor] recipients = ["chief-physician@clinic.com"] [[rules]] name = "Block all other access" action = "deny"
Advisors can communicate freely internally. All client-facing emails require compliance review. Deletion is blocked for regulatory retention.
[[rules]] name = "Full read access" operations = ["read"] action = "allow" [[rules]] name = "Internal emails allowed" to = "*@advisors.com" operations = ["mail:send"] action = "allow" [[rules]] name = "Client emails need review" operations = ["mail:send"] action = "ask" ask_groups = ["compliance"] [ask.groups.compliance] recipients = ["compliance@advisors.com"] [[rules]] name = "Block deletion" action = "deny"
The marketing team shares an inbox. Junior team members can read and organize emails, but only the marketing lead can send on behalf of the team or delete messages.
[[rules]] name = "Read and organize emails" operations = ["mail:read", "mail:update", "mail:copy"] "folder:read"] action = "allow" [[rules]] name = "Sends need lead approval" operations = ["mail:send"] action = "ask" ask_groups = ["lead"] [ask.groups.lead] recipients = ["marketing-lead@company.com"] [[rules]] name = "Block deletes for everyone" action = "deny"
Give interns visibility into team communication without the risk of accidental sends or deletes. They can observe, learn, and follow along — safely.
[[rules]] name = "Read-only access to team emails" folders = ["Team", "Team/**", "Projects/**"] operations = ["mail:read", "folder:read"] action = "allow" [[rules]] name = "Block all writes and sends" action = "deny"
Your EA manages the executive inbox. Full read and organize access, but outbound emails in the executive's name require explicit approval.
[[rules]] name = "Full read and organize" operations = ["mail:read", "mail:update", "mail:copy"] "mail:move", "folder:read"] action = "allow" [[rules]] name = "Sends need exec approval" operations = ["mail:send"] action = "ask" ask_groups = ["executive"] [ask.groups.executive] recipients = ["ceo@company.com"] [[rules]] name = "Block deletes" action = "deny"
AI triages the inbox, flags priorities, and drafts responses. But it can only send to internal team members directly — external communication always requires human review.
[[rules]] name = "AI reads and organizes email" operations = ["mail:read", "mail:update", "mail:copy"] "mail:move", "folder:read"] action = "allow" [[rules]] name = "Internal sends OK" to = "*@company.com" operations = ["mail:send"] action = "allow" [[rules]] name = "External sends need approval" operations = ["mail:send"] action = "ask" ask_groups = ["team-lead"] [ask.groups.team-lead] recipients = ["lead@company.com"] [[rules]] name = "Block folder mutations + deletes" action = "deny"
Pick a use case above, copy the config, and be running in 2 minutes.