Email Allowlist

An email allowlist is a curated list of approved email addresses or domains authorized to access a restricted digital publication. When a publisher enables allowlisting, the system checks each reader's email against the approved list before granting access. Only matching addresses can open the content — everyone else is blocked with a clear denial message. This mechanism provides granular, per-person access control without requiring individual passwords, user accounts, or complex identity management systems. It sits between fully public sharing and heavy enterprise authentication, offering a middle ground that is both secure and frictionless for the intended audience.

For organizations distributing confidential materials — internal reports, board presentations, client proposals, investor decks, or pre-release product documentation — an allowlist ensures only intended recipients can view the document. Unlike a shared password, which can be forwarded to anyone, an email allowlist ties access to a specific identity. If someone forwards the link to an unauthorized person, that person simply cannot open it. This makes allowlists particularly valuable for compliance-sensitive industries where audit trails matter. Publishers also gain visibility into exactly who accessed the content and when, which supports accountability and data governance requirements.

FlipLink's [privacy and access control](/features/privacy-and-access-control) feature lets you define an email allowlist for any flipbook or document. You can add individual email addresses or entire domains (for example, @clientcompany.com) to the approved list. When a reader opens the share link, they are prompted to enter their email address. If the address matches an entry on your allowlist, access is granted instantly. Unrecognized addresses are blocked. You can add, remove, or update allowed emails at any time from the publication settings without regenerating the share link. For additional security, combine allowlisting with [OTP verification](/glossary/otp) so that readers must also prove ownership of the email address they enter.

Email allowlists address several common security risks in document sharing. They prevent unauthorized access through link forwarding — even if a share link leaks publicly, only approved emails can open the content. When paired with OTP verification, allowlists also guard against email spoofing, since the reader must confirm access through their actual inbox. However, allowlists are only as current as the list itself. If an employee leaves an organization but their email remains on the list, they retain access until removed. Establish a regular review cadence — monthly or quarterly — to audit your allowlists and remove outdated entries. For large teams, domain-level allowlisting (e.g., @yourcompany.com) reduces maintenance overhead while still restricting access to organizational boundaries.

Follow these steps to configure an email allowlist for a FlipLink publication: 1. Open your flipbook or document in the FlipLink dashboard 2. Navigate to the privacy and access control settings 3. Select the email allowlist option 4. Add individual email addresses or domain patterns (e.g., @company.com) 5. Optionally enable OTP verification for identity confirmation 6. Save the settings — the share link remains the same 7. Test by opening the link in an incognito browser window with an approved email 8. Test again with a non-approved email to confirm the block message appears 9. Schedule periodic reviews to keep the list current

Email allowlists are the right choice when you need controlled distribution without the overhead of user account management. Common scenarios include sharing board materials with directors, distributing confidential client deliverables, providing early access to product documentation for beta testers, and sending investor reports to a defined group of stakeholders. If your audience is small and defined (under a few hundred people), an allowlist strikes the right balance between security and convenience. For larger audiences where you do not know every reader in advance, consider using [password protection](/glossary/password-protection) or [lead capture](/features/lead-capture) gating instead.

An email allowlist transforms a simple share link into a secure, identity-verified distribution channel — giving publishers precise control over who reads their content without adding friction for approved readers.