Email Allowlist

An email allowlist is a curated list of approved email addresses or domains authorized to access a restricted digital publication. When a publisher enables allowlisting, the system checks each reader's email against the approved list before granting access. Only matching addresses can open the content — everyone else is blocked with a clear denial message. This mechanism provides granular, per-person access control without requiring individual passwords, user accounts, or complex identity management systems. It sits between fully public sharing and heavy enterprise authentication, offering a middle ground that is both secure and frictionless for the intended audience.

For organizations distributing confidential materials — internal reports, board presentations, client proposals, investor decks, or pre-release product documentation — an allowlist ensures only intended recipients can view the document. Unlike a shared password, which can be forwarded to anyone, an email allowlist ties access to a specific identity. If someone forwards the link to an unauthorized person, that person simply cannot open it. This makes allowlists particularly valuable for compliance-sensitive industries where audit trails matter. Publishers also gain visibility into exactly who accessed the content and when, which supports accountability and data governance requirements.

FlipLink's [privacy and access control](/features/privacy-and-access-control) feature lets you define an email allowlist for any flipbook or document. You can add individual email addresses or entire domains (for example, @clientcompany.com) to the approved list. When a reader opens the share link, they are prompted to enter their email address. If the address matches an entry on your allowlist, access is granted instantly. Unrecognized addresses are blocked. You can add, remove, or update allowed emails at any time from the publication settings without regenerating the share link. For additional security, combine allowlisting with [OTP verification](/glossary/otp) so that readers must also prove ownership of the email address they enter.