When you run email campaigns or sync contacts between your app and an ESP, you need one clear rule: who is allowed to receive mail and who must be excluded. verify-email.app does not replace your ESP’s unsubscribe link or legal compliance, but it gives you blacklist and whitelist rules that show up in every verification response as a single field: block. Your code can read block before sending, importing a list, or creating an account—without copying allow/deny logic into every service.

• Blacklist — If the email or its domain is on your blacklist, the API returns block: true. Use this for people who opted out, abuse cases, or domains you never want to mail.

• Whitelist — When whitelist mode is on, only addresses (or whole domains) you added to the whitelist get block: false. Everyone else gets block: true. Use this for closed lists—partners, invites, internal betas—not for a normal “anyone can subscribe” newsletter.

• Order — Blacklist wins. If an address is blacklisted, it stays blocked even if it also appears on the whitelist.

1. When a user unsubscribes in your app or you process an ESP webhook, take their address (or the domain you block by policy).

2. Add it with POST /v1/blacklist and JSON body {"value": "[email protected]"} (or "example.com" to block all addresses on that domain). Use header X-API-Key with your API key.

3. Before you send a campaign or push a row to your mailing tool, verify the address. If block is true, skip that recipient.

To allow them again later (e.g. they re-subscribed and confirmed), remove the rule with DELETE /v1/[email protected].

1. Turn strict allow-only mode on: PUT /v1/whitelist/enabled with body {"enabled": true}.

2. Add each approved address or domain: POST /v1/whitelist with {"value": "[email protected]"} or {"value": "company.com"}.

3. When verifying, block: false means the address is allowed under your whitelist; others are blocked until you add them.

When you do not need allow-only mode (e.g. public signup returns), set enabled back to false so the whitelist stops restricting everyone else.

Most products store consent in the ESP and maintain a suppression list there. In verify-email.app you usually remove the address from the blacklist if they had unsubscribed before (DELETE on blacklist), then rely on your ESP for the actual subscription state. Reserve whitelist for flows where only pre-approved emails may pass.

You can manage the same rules in the dashboard as well as via the API—see the Blacklist and Whitelist pages on verify-email.app for context and API details.