agentmail 0.4.7 → 0.4.9

package/dist/llms-full.txt

@@ -2057,20 +2057,41 @@ agents can send to or receive from.
 
 ## What are Lists?
 
-`Lists` allow you to filter emails by allowing or blocking specific email addresses or domains. There are four list types based on two dimensions:
+`Lists` allow you to filter emails by allowing or blocking specific email addresses or domains. There are six list types based on two dimensions:
 
-* **Direction**: `send` or `receive`
+* **Direction**: `send`, `receive`, or `reply`
 * **Type**: `allow` or `block`
 
-| List          | Description                                          |
-| ------------- | ---------------------------------------------------- |
-| Receive allow | Only accept emails from these addresses or domains   |
-| Receive block | Reject emails from these addresses or domains        |
-| Send allow    | Only send emails to these addresses or domains       |
-| Send block    | Prevent sending emails to these addresses or domains |
+| List          | Description                                              |
+| ------------- | -------------------------------------------------------- |
+| Receive allow | Only accept emails from these addresses or domains       |
+| Receive block | Reject emails from these addresses or domains            |
+| Send allow    | Only send emails to these addresses or domains           |
+| Send block    | Prevent sending emails to these addresses or domains     |
+| Reply allow   | Only accept reply emails from these addresses or domains |
+| Reply block   | Reject reply emails from these addresses or domains      |
 
 Each entry can be either a full email address (e.g., `partner@example.com`) or an entire domain (e.g., `example.com`).
 
+## Scoping
+
+Lists can be scoped at three levels. A narrower scope overrides a broader one:
+
+* **Organization**: Applies to all pods and inboxes in your org. Manage with `client.lists`.
+* **Pod**: Applies to all inboxes in a pod. Manage with `client.pods.lists`.
+* **Inbox**: Applies to a single inbox. Manage with `client.inboxes.lists`.
+
+When evaluating whether to allow or block a message, AgentMail checks the most specific scope first. If an inbox-level list has a match, pod and org lists are not checked.
+
+## Reply lists
+
+The `reply` direction handles inbound emails that are replies to previous outbound messages. When an inbound email arrives, AgentMail checks the `In-Reply-To` header to determine whether it is a reply:
+
+* **If the email is a reply** to a previous outbound message, only the reply lists are checked. The receive lists are skipped entirely.
+* **If the email is not a reply**, only the receive lists are checked. The reply lists are skipped entirely.
+
+The two branches are completely separate. By default, when reply lists are empty, all replies are allowed. You can restrict replies by populating reply allow or reply block lists.
+
 ## SDK examples
 
 ### List entries
@@ -2137,6 +2158,48 @@ Remove an entry from a list.
   ```
 </CodeBlocks>
 
+### Inbox-scoped lists
+
+Manage lists for a specific inbox. The same operations are available at the inbox level.
+
+<CodeBlocks>
+  ```python title="Python"
+  # Add to an inbox-level receive allowlist
+  client.inboxes.lists.create(
+      "inbox_id", "receive", "allow", entry="vip@example.com"
+  )
+
+  # List inbox-level entries
+  entries = client.inboxes.lists.list("inbox_id", "receive", "allow")
+  ```
+
+  ```typescript title="TypeScript"
+  // Add to an inbox-level receive allowlist
+  await client.inboxes.lists.create("inbox_id", "receive", "allow", {
+    entry: "vip@example.com",
+  });
+
+  // List inbox-level entries
+  const entries = await client.inboxes.lists.list("inbox_id", "receive", "allow");
+  ```
+</CodeBlocks>
+
+### Reply lists
+
+Control which addresses can send replies to an inbox's outbound messages.
+
+<CodeBlocks>
+  ```python title="Python"
+  # Only allow replies from a specific domain
+  client.lists.create("reply", "allow", entry="nobu.com")
+  ```
+
+  ```typescript title="TypeScript"
+  // Only allow replies from a specific domain
+  await client.lists.create("reply", "allow", { entry: "nobu.com" });
+  ```
+</CodeBlocks>
+
 ## Copy for Cursor / Claude
 
 Copy one of the blocks below into Cursor or Claude for complete Lists API knowledge in one shot.
@@ -2144,53 +2207,85 @@ Copy one of the blocks below into Cursor or Claude for complete Lists API knowle
 <CodeBlocks>
   ```python title="Python"
   """
-  AgentMail Lists — copy into Cursor/Claude.
+  AgentMail Lists, copy into Cursor/Claude.
 
-  Filter emails by allow/block for send/receive. Types: receive|send × allow|block.
+  Filter emails by allow/block for send/receive/reply. 6 types: receive|send|reply x allow|block.
+  Lists can be scoped to org, pod, or inbox level.
 
-  API reference:
+  API reference (org-level):
   - lists.list(direction, type, limit?, page_token?)
-  - lists.create(direction, type, entry, reason?) — reason only for block lists
+  - lists.create(direction, type, entry, reason?), reason only for block lists
   - lists.get(direction, type, entry)
   - lists.delete(direction, type, entry)
 
+  Pod-level: pods.lists.list(pod_id, direction, type, ...) and same for create/get/delete.
+  Inbox-level: inboxes.lists.list(inbox_id, direction, type, ...) and same for create/get/delete.
+
   Entry: full email (user@domain.com) or domain (example.com).
+  Cascade: inbox > pod > org (most specific scope wins).
+  Reply lists: inbound replies (detected via In-Reply-To) check reply lists, not receive lists.
   """
   from agentmail import AgentMail
 
   client = AgentMail(api_key="YOUR_API_KEY")
 
+  # Org-level lists
   entries = client.lists.list("receive", "allow", limit=10)
   client.lists.create("receive", "allow", entry="partner@example.com")
   client.lists.create("receive", "block", entry="spam@example.com", reason="spam")
   e = client.lists.get("receive", "allow", entry="partner@example.com")
   client.lists.delete("receive", "allow", entry="partner@example.com")
+
+  # Reply lists
+  client.lists.create("reply", "allow", entry="nobu.com")
+
+  # Inbox-level lists
+  client.inboxes.lists.create("inbox_id", "receive", "allow", entry="vip@example.com")
+  inbox_entries = client.inboxes.lists.list("inbox_id", "receive", "allow")
   ```
 
   ```typescript title="TypeScript"
   /**
-   * AgentMail Lists — copy into Cursor/Claude.
+   * AgentMail Lists, copy into Cursor/Claude.
    *
-   * Filter emails by allow/block for send/receive. Types: receive|send × allow|block.
+   * Filter emails by allow/block for send/receive/reply. 6 types: receive|send|reply x allow|block.
+   * Lists can be scoped to org, pod, or inbox level.
    *
-   * API reference:
+   * API reference (org-level):
    * - lists.list(direction, type, { limit?, pageToken? })
    * - lists.create(direction, type, { entry, reason? }) — reason only for block
    * - lists.get(direction, type, entry)
    * - lists.delete(direction, type, entry)
    *
+   * Pod-level: pods.lists.list(podId, direction, type, ...) and same for create/get/delete.
+   * Inbox-level: inboxes.lists.list(inboxId, direction, type, ...) and same for create/get/delete.
+   *
    * Entry: full email or domain.
+   * Cascade: inbox > pod > org (most specific scope wins).
+   * Reply lists: inbound replies (detected via In-Reply-To) check reply lists, not receive lists.
    */
   import { AgentMailClient } from "agentmail";
 
   const client = new AgentMailClient({ apiKey: "YOUR_API_KEY" });
 
   async function main() {
+    // Org-level lists
     const entries = await client.lists.list("receive", "allow", { limit: 10 });
     await client.lists.create("receive", "allow", { entry: "partner@example.com" });
     await client.lists.create("receive", "block", { entry: "spam@example.com", reason: "spam" });
     const e = await client.lists.get("receive", "allow", "partner@example.com");
     await client.lists.delete("receive", "allow", "partner@example.com");
+
+    // Reply lists
+    await client.lists.create("reply", "allow", { entry: "nobu.com" });
+
+    // Inbox-level lists
+    await client.inboxes.lists.create("inbox_id", "receive", "allow", {
+      entry: "vip@example.com",
+    });
+    const inboxEntries = await client.inboxes.lists.list(
+      "inbox_id", "receive", "allow"
+    );
   }
   main();
   ```
@@ -3131,7 +3226,7 @@ The Model Context Protocol (MCP) is an open standard that enables AI application
 Install with:
 
 ```bash
-npx @smithery/cli@latest mcp add agentmail
+npx add-mcp https://mcp.agentmail.to
 ```
 
 Configure your API key when prompted. Get your key from the [AgentMail Console](https://console.agentmail.to). For more details, visit [mcp.agentmail.to](https://mcp.agentmail.to).
@@ -10784,12 +10879,12 @@ We hope this provides a clear and transparent look into why these DNS records ar
 ***
 
 title: SOC 2 Compliance
-description: AgentMail's SOC 2 Type I achievement and Type II certification progress.
+description: AgentMail's SOC 2 Type I and Type II compliance.
 sidebar\_position: 40
-lastUpdated: '2025-11-02'
+lastUpdated: '2026-03-17'
 -------------------------
 
-> AgentMail has **achieved SOC 2 Type I compliance** (July 2025) and is currently working toward **Type II certification** (target: Q1 2026).
+> AgentMail has achieved **SOC 2 Type I** (July 2025) and **Type II** (Q1 2026) compliance.
 
 ***
 
@@ -10800,19 +10895,19 @@ lastUpdated: '2025-11-02'
     **Completed July 2025** - Controls properly designed and in place
   </Card>
 
-  <Card title="Type II In Progress" icon="spinner">
-    **Target Q1 2026** - Demonstrating operational effectiveness over time
+  <Card title="Type II Achieved" icon="check-circle">
+    **Completed Q1 2026** - Operational effectiveness validated over time
   </Card>
 </CardGroup>
 
 ### Compliance Timeline
 
-| Phase                          | Period              | Status      |
-| ------------------------------ | ------------------- | ----------- |
-| **Type I Preparation**         | June 2025           | Completed   |
-| **Type I Assessment**          | July 2025           | Completed   |
-| **Type II Observation Period** | Aug 2025 - Dec 2025 | In Progress |
-| **Type II Certification**      | Q1 2026             | Target      |
+| Phase                          | Period              | Status    |
+| ------------------------------ | ------------------- | --------- |
+| **Type I Preparation**         | June 2025           | Completed |
+| **Type I Assessment**          | July 2025           | Completed |
+| **Type II Observation Period** | Aug 2025 - Dec 2025 | Completed |
+| **Type II Certification**      | Q1 2026             | Completed |
 
 ***
 
@@ -10832,14 +10927,14 @@ lastUpdated: '2025-11-02'
 * **Type II**: Validates that controls **operate effectively** over a period (typically 6–12 months).
 
 <Callout intent="success">
-  AgentMail's SOC 2 Type I report confirms that our security infrastructure is properly designed and implemented.
+  AgentMail's SOC 2 Type I and Type II reports confirm that our security infrastructure is properly designed, implemented, and operates effectively over time.
 </Callout>
 
 ***
 
 ## Security Controls Implemented
 
-The following controls have been audited and verified as part of our SOC 2 Type I compliance:
+The following controls have been audited and verified as part of our SOC 2 Type I & Type II compliance:
 
 ### Access Control
 
@@ -10890,26 +10985,22 @@ See [Email Protocols](https://docs.agentmail.to/email-protocols) for technical d
 | Incident Response    | Runbooks, post-mortems, disclosure program     | CC7.4–CC7.5    |
 | Workforce Security   | Security training, NDAs, background checks     | CC5.3–CC5.4    |
 
-> The above mappings reflect our audited Type I controls and are maintained during the Type II observation period.
+> The above mappings reflect our audited Type I and Type II controls.
 
 ***
 
-## Type II Certification Progress
+## Type II Certification
 
-AgentMail is currently in the **Type II observation period** (August 2025 - December 2025), during which an independent auditor is testing and validating that our security controls operate effectively over time.
+AgentMail completed the **Type II observation period** (August 2025 - December 2025) and received full **SOC 2 Type II certification** in Q1 2026 from an independent CPA firm.
 
-### What's Being Tested
+### What Was Validated
 
-* **Continuous Operation**: Controls function consistently without gaps
+* **Continuous Operation**: Controls functioned consistently without gaps
 * **Change Management**: Security maintained through system updates and changes
 * **Evidence Collection**: Logs, tickets, training records, access reviews
-* **Incident Handling**: Real-world response to security events (if any)
-
-### Expected Completion
-
-**Q1 2026** - Full SOC 2 Type II certification report from independent CPA firm
+* **Incident Handling**: Real-world response to security events
 
-Type II certification provides the highest level of assurance that AgentMail's security controls are not only well-designed but also operate effectively over time.
+SOC 2 Type II certification provides the highest level of assurance that AgentMail's security controls are not only well-designed but also operate effectively over time.
 
 ***
 
@@ -19857,7 +19948,920 @@ func main() {
 require 'uri'
 require 'net/http'
 
-url = URI("https://api.agentmail.to/v0/inboxes/inbox_id/drafts/draft_id/send")
+url = URI("https://api.agentmail.to/v0/inboxes/inbox_id/drafts/draft_id/send")
+
+http = Net::HTTP.new(url.host, url.port)
+http.use_ssl = true
+
+request = Net::HTTP::Post.new(url)
+request["Authorization"] = 'Bearer <api_key>'
+request["Content-Type"] = 'application/json'
+request.body = "{}"
+
+response = http.request(request)
+puts response.read_body
+```
+
+```java
+import com.mashape.unirest.http.HttpResponse;
+import com.mashape.unirest.http.Unirest;
+
+HttpResponse<String> response = Unirest.post("https://api.agentmail.to/v0/inboxes/inbox_id/drafts/draft_id/send")
+  .header("Authorization", "Bearer <api_key>")
+  .header("Content-Type", "application/json")
+  .body("{}")
+  .asString();
+```
+
+```php
+<?php
+require_once('vendor/autoload.php');
+
+$client = new \GuzzleHttp\Client();
+
+$response = $client->request('POST', 'https://api.agentmail.to/v0/inboxes/inbox_id/drafts/draft_id/send', [
+  'body' => '{}',
+  'headers' => [
+    'Authorization' => 'Bearer <api_key>',
+    'Content-Type' => 'application/json',
+  ],
+]);
+
+echo $response->getBody();
+```
+
+```csharp
+using RestSharp;
+
+var client = new RestClient("https://api.agentmail.to/v0/inboxes/inbox_id/drafts/draft_id/send");
+var request = new RestRequest(Method.POST);
+request.AddHeader("Authorization", "Bearer <api_key>");
+request.AddHeader("Content-Type", "application/json");
+request.AddParameter("application/json", "{}", ParameterType.RequestBody);
+IRestResponse response = client.Execute(request);
+```
+
+```swift
+import Foundation
+
+let headers = [
+  "Authorization": "Bearer <api_key>",
+  "Content-Type": "application/json"
+]
+let parameters = [] as [String : Any]
+
+let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
+
+let request = NSMutableURLRequest(url: NSURL(string: "https://api.agentmail.to/v0/inboxes/inbox_id/drafts/draft_id/send")! as URL,
+                                        cachePolicy: .useProtocolCachePolicy,
+                                    timeoutInterval: 10.0)
+request.httpMethod = "POST"
+request.allHTTPHeaderFields = headers
+request.httpBody = postData as Data
+
+let session = URLSession.shared
+let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
+  if (error != nil) {
+    print(error as Any)
+  } else {
+    let httpResponse = response as? HTTPURLResponse
+    print(httpResponse)
+  }
+})
+
+dataTask.resume()
+```
+
+# List Entries
+
+GET https://api.agentmail.to/v0/inboxes/{inbox_id}/lists/{direction}/{type}
+
+Reference: https://docs.agentmail.to/api-reference/inboxes/lists/list
+
+## OpenAPI Specification
+
+```yaml
+openapi: 3.1.0
+info:
+  title: api
+  version: 1.0.0
+paths:
+  /v0/inboxes/{inbox_id}/lists/{direction}/{type}:
+    get:
+      operationId: list
+      summary: List Entries
+      tags:
+        - subpackage_inboxes.subpackage_inboxes/lists
+      parameters:
+        - name: inbox_id
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_inboxes:InboxId'
+        - name: direction
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_lists:Direction'
+        - name: type
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_lists:ListType'
+        - name: limit
+          in: query
+          required: false
+          schema:
+            $ref: '#/components/schemas/type_:Limit'
+        - name: page_token
+          in: query
+          required: false
+          schema:
+            $ref: '#/components/schemas/type_:PageToken'
+        - name: Authorization
+          in: header
+          description: Bearer authentication
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Response with status 200
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/type_lists:PodListListEntriesResponse'
+servers:
+  - url: https://api.agentmail.to
+  - url: https://x402.api.agentmail.to
+  - url: https://mpp.api.agentmail.to
+  - url: https://api.agentmail.eu
+components:
+  schemas:
+    type_inboxes:InboxId:
+      type: string
+      description: The ID of the inbox.
+      title: InboxId
+    type_lists:Direction:
+      type: string
+      enum:
+        - send
+        - receive
+        - reply
+      description: Direction of list entry.
+      title: Direction
+    type_lists:ListType:
+      type: string
+      enum:
+        - allow
+        - block
+      description: Type of list entry.
+      title: ListType
+    type_:Limit:
+      type: integer
+      description: Limit of number of items returned.
+      title: Limit
+    type_:PageToken:
+      type: string
+      description: Page token for pagination.
+      title: PageToken
+    type_:Count:
+      type: integer
+      description: Number of items returned.
+      title: Count
+    type_:OrganizationId:
+      type: string
+      description: ID of organization.
+      title: OrganizationId
+    type_lists:EntryType:
+      type: string
+      enum:
+        - email
+        - domain
+      description: Whether the entry is an email address or domain.
+      title: EntryType
+    type_lists:PodListEntry:
+      type: object
+      properties:
+        entry:
+          type: string
+          description: Email address or domain of list entry.
+        organization_id:
+          $ref: '#/components/schemas/type_:OrganizationId'
+        reason:
+          type: string
+          description: Reason for adding the entry.
+        direction:
+          $ref: '#/components/schemas/type_lists:Direction'
+        list_type:
+          $ref: '#/components/schemas/type_lists:ListType'
+        entry_type:
+          $ref: '#/components/schemas/type_lists:EntryType'
+        created_at:
+          type: string
+          format: date-time
+          description: Time at which entry was created.
+        pod_id:
+          type: string
+          description: ID of pod.
+        inbox_id:
+          type: string
+          description: ID of inbox, if entry is inbox-scoped.
+      required:
+        - entry
+        - organization_id
+        - direction
+        - list_type
+        - entry_type
+        - created_at
+        - pod_id
+      title: PodListEntry
+    type_lists:PodListListEntriesResponse:
+      type: object
+      properties:
+        count:
+          $ref: '#/components/schemas/type_:Count'
+        limit:
+          $ref: '#/components/schemas/type_:Limit'
+        next_page_token:
+          $ref: '#/components/schemas/type_:PageToken'
+        entries:
+          type: array
+          items:
+            $ref: '#/components/schemas/type_lists:PodListEntry'
+          description: Ordered by entry ascending.
+      required:
+        - count
+        - entries
+      title: PodListListEntriesResponse
+  securitySchemes:
+    Bearer:
+      type: http
+      scheme: bearer
+
+```
+
+## SDK Code Examples
+
+```typescript
+import { AgentMailClient } from "agentmail";
+
+async function main() {
+    const client = new AgentMailClient({
+        apiKey: "YOUR_TOKEN_HERE",
+    });
+    await client.inboxes.lists.list("inbox_id", "send", "allow", {});
+}
+main();
+
+```
+
+```python
+from agentmail import AgentMail
+
+client = AgentMail(
+    api_key="YOUR_TOKEN_HERE",
+)
+
+client.inboxes.lists.list(
+    inbox_id="inbox_id",
+    direction="send",
+    type="allow",
+)
+
+```
+
+```go
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"io"
+)
+
+func main() {
+
+	url := "https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow"
+
+	req, _ := http.NewRequest("GET", url, nil)
+
+	req.Header.Add("Authorization", "Bearer <api_key>")
+
+	res, _ := http.DefaultClient.Do(req)
+
+	defer res.Body.Close()
+	body, _ := io.ReadAll(res.Body)
+
+	fmt.Println(res)
+	fmt.Println(string(body))
+
+}
+```
+
+```ruby
+require 'uri'
+require 'net/http'
+
+url = URI("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow")
+
+http = Net::HTTP.new(url.host, url.port)
+http.use_ssl = true
+
+request = Net::HTTP::Get.new(url)
+request["Authorization"] = 'Bearer <api_key>'
+
+response = http.request(request)
+puts response.read_body
+```
+
+```java
+import com.mashape.unirest.http.HttpResponse;
+import com.mashape.unirest.http.Unirest;
+
+HttpResponse<String> response = Unirest.get("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow")
+  .header("Authorization", "Bearer <api_key>")
+  .asString();
+```
+
+```php
+<?php
+require_once('vendor/autoload.php');
+
+$client = new \GuzzleHttp\Client();
+
+$response = $client->request('GET', 'https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow', [
+  'headers' => [
+    'Authorization' => 'Bearer <api_key>',
+  ],
+]);
+
+echo $response->getBody();
+```
+
+```csharp
+using RestSharp;
+
+var client = new RestClient("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow");
+var request = new RestRequest(Method.GET);
+request.AddHeader("Authorization", "Bearer <api_key>");
+IRestResponse response = client.Execute(request);
+```
+
+```swift
+import Foundation
+
+let headers = ["Authorization": "Bearer <api_key>"]
+
+let request = NSMutableURLRequest(url: NSURL(string: "https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow")! as URL,
+                                        cachePolicy: .useProtocolCachePolicy,
+                                    timeoutInterval: 10.0)
+request.httpMethod = "GET"
+request.allHTTPHeaderFields = headers
+
+let session = URLSession.shared
+let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
+  if (error != nil) {
+    print(error as Any)
+  } else {
+    let httpResponse = response as? HTTPURLResponse
+    print(httpResponse)
+  }
+})
+
+dataTask.resume()
+```
+
+# Get List Entry
+
+GET https://api.agentmail.to/v0/inboxes/{inbox_id}/lists/{direction}/{type}/{entry}
+
+Reference: https://docs.agentmail.to/api-reference/inboxes/lists/get
+
+## OpenAPI Specification
+
+```yaml
+openapi: 3.1.0
+info:
+  title: api
+  version: 1.0.0
+paths:
+  /v0/inboxes/{inbox_id}/lists/{direction}/{type}/{entry}:
+    get:
+      operationId: get
+      summary: Get List Entry
+      tags:
+        - subpackage_inboxes.subpackage_inboxes/lists
+      parameters:
+        - name: inbox_id
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_inboxes:InboxId'
+        - name: direction
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_lists:Direction'
+        - name: type
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_lists:ListType'
+        - name: entry
+          in: path
+          description: Email address or domain.
+          required: true
+          schema:
+            type: string
+        - name: Authorization
+          in: header
+          description: Bearer authentication
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Response with status 200
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/type_lists:PodListEntry'
+        '404':
+          description: Error response with status 404
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/type_:ErrorResponse'
+servers:
+  - url: https://api.agentmail.to
+  - url: https://x402.api.agentmail.to
+  - url: https://mpp.api.agentmail.to
+  - url: https://api.agentmail.eu
+components:
+  schemas:
+    type_inboxes:InboxId:
+      type: string
+      description: The ID of the inbox.
+      title: InboxId
+    type_lists:Direction:
+      type: string
+      enum:
+        - send
+        - receive
+        - reply
+      description: Direction of list entry.
+      title: Direction
+    type_lists:ListType:
+      type: string
+      enum:
+        - allow
+        - block
+      description: Type of list entry.
+      title: ListType
+    type_:OrganizationId:
+      type: string
+      description: ID of organization.
+      title: OrganizationId
+    type_lists:EntryType:
+      type: string
+      enum:
+        - email
+        - domain
+      description: Whether the entry is an email address or domain.
+      title: EntryType
+    type_lists:PodListEntry:
+      type: object
+      properties:
+        entry:
+          type: string
+          description: Email address or domain of list entry.
+        organization_id:
+          $ref: '#/components/schemas/type_:OrganizationId'
+        reason:
+          type: string
+          description: Reason for adding the entry.
+        direction:
+          $ref: '#/components/schemas/type_lists:Direction'
+        list_type:
+          $ref: '#/components/schemas/type_lists:ListType'
+        entry_type:
+          $ref: '#/components/schemas/type_lists:EntryType'
+        created_at:
+          type: string
+          format: date-time
+          description: Time at which entry was created.
+        pod_id:
+          type: string
+          description: ID of pod.
+        inbox_id:
+          type: string
+          description: ID of inbox, if entry is inbox-scoped.
+      required:
+        - entry
+        - organization_id
+        - direction
+        - list_type
+        - entry_type
+        - created_at
+        - pod_id
+      title: PodListEntry
+    type_:ErrorName:
+      type: string
+      description: Name of error.
+      title: ErrorName
+    type_:ErrorMessage:
+      type: string
+      description: Error message.
+      title: ErrorMessage
+    type_:ErrorResponse:
+      type: object
+      properties:
+        name:
+          $ref: '#/components/schemas/type_:ErrorName'
+        message:
+          $ref: '#/components/schemas/type_:ErrorMessage'
+      required:
+        - name
+        - message
+      title: ErrorResponse
+  securitySchemes:
+    Bearer:
+      type: http
+      scheme: bearer
+
+```
+
+## SDK Code Examples
+
+```typescript
+import { AgentMailClient } from "agentmail";
+
+async function main() {
+    const client = new AgentMailClient({
+        apiKey: "YOUR_TOKEN_HERE",
+    });
+    await client.inboxes.lists.get("inbox_id", "send", "allow", "entry");
+}
+main();
+
+```
+
+```python
+from agentmail import AgentMail
+
+client = AgentMail(
+    api_key="YOUR_TOKEN_HERE",
+)
+
+client.inboxes.lists.get(
+    inbox_id="inbox_id",
+    direction="send",
+    type="allow",
+    entry="entry",
+)
+
+```
+
+```go
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"io"
+)
+
+func main() {
+
+	url := "https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry"
+
+	req, _ := http.NewRequest("GET", url, nil)
+
+	req.Header.Add("Authorization", "Bearer <api_key>")
+
+	res, _ := http.DefaultClient.Do(req)
+
+	defer res.Body.Close()
+	body, _ := io.ReadAll(res.Body)
+
+	fmt.Println(res)
+	fmt.Println(string(body))
+
+}
+```
+
+```ruby
+require 'uri'
+require 'net/http'
+
+url = URI("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry")
+
+http = Net::HTTP.new(url.host, url.port)
+http.use_ssl = true
+
+request = Net::HTTP::Get.new(url)
+request["Authorization"] = 'Bearer <api_key>'
+
+response = http.request(request)
+puts response.read_body
+```
+
+```java
+import com.mashape.unirest.http.HttpResponse;
+import com.mashape.unirest.http.Unirest;
+
+HttpResponse<String> response = Unirest.get("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry")
+  .header("Authorization", "Bearer <api_key>")
+  .asString();
+```
+
+```php
+<?php
+require_once('vendor/autoload.php');
+
+$client = new \GuzzleHttp\Client();
+
+$response = $client->request('GET', 'https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry', [
+  'headers' => [
+    'Authorization' => 'Bearer <api_key>',
+  ],
+]);
+
+echo $response->getBody();
+```
+
+```csharp
+using RestSharp;
+
+var client = new RestClient("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry");
+var request = new RestRequest(Method.GET);
+request.AddHeader("Authorization", "Bearer <api_key>");
+IRestResponse response = client.Execute(request);
+```
+
+```swift
+import Foundation
+
+let headers = ["Authorization": "Bearer <api_key>"]
+
+let request = NSMutableURLRequest(url: NSURL(string: "https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry")! as URL,
+                                        cachePolicy: .useProtocolCachePolicy,
+                                    timeoutInterval: 10.0)
+request.httpMethod = "GET"
+request.allHTTPHeaderFields = headers
+
+let session = URLSession.shared
+let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
+  if (error != nil) {
+    print(error as Any)
+  } else {
+    let httpResponse = response as? HTTPURLResponse
+    print(httpResponse)
+  }
+})
+
+dataTask.resume()
+```
+
+# Create List Entry
+
+POST https://api.agentmail.to/v0/inboxes/{inbox_id}/lists/{direction}/{type}
+Content-Type: application/json
+
+Reference: https://docs.agentmail.to/api-reference/inboxes/lists/create
+
+## OpenAPI Specification
+
+```yaml
+openapi: 3.1.0
+info:
+  title: api
+  version: 1.0.0
+paths:
+  /v0/inboxes/{inbox_id}/lists/{direction}/{type}:
+    post:
+      operationId: create
+      summary: Create List Entry
+      tags:
+        - subpackage_inboxes.subpackage_inboxes/lists
+      parameters:
+        - name: inbox_id
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_inboxes:InboxId'
+        - name: direction
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_lists:Direction'
+        - name: type
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_lists:ListType'
+        - name: Authorization
+          in: header
+          description: Bearer authentication
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Response with status 200
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/type_lists:PodListEntry'
+        '400':
+          description: Error response with status 400
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/type_:ValidationErrorResponse'
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/type_lists:CreateListEntryRequest'
+servers:
+  - url: https://api.agentmail.to
+  - url: https://x402.api.agentmail.to
+  - url: https://mpp.api.agentmail.to
+  - url: https://api.agentmail.eu
+components:
+  schemas:
+    type_inboxes:InboxId:
+      type: string
+      description: The ID of the inbox.
+      title: InboxId
+    type_lists:Direction:
+      type: string
+      enum:
+        - send
+        - receive
+        - reply
+      description: Direction of list entry.
+      title: Direction
+    type_lists:ListType:
+      type: string
+      enum:
+        - allow
+        - block
+      description: Type of list entry.
+      title: ListType
+    type_lists:CreateListEntryRequest:
+      type: object
+      properties:
+        entry:
+          type: string
+          description: Email address or domain to add.
+        reason:
+          type: string
+          description: Reason for adding the entry.
+      required:
+        - entry
+      title: CreateListEntryRequest
+    type_:OrganizationId:
+      type: string
+      description: ID of organization.
+      title: OrganizationId
+    type_lists:EntryType:
+      type: string
+      enum:
+        - email
+        - domain
+      description: Whether the entry is an email address or domain.
+      title: EntryType
+    type_lists:PodListEntry:
+      type: object
+      properties:
+        entry:
+          type: string
+          description: Email address or domain of list entry.
+        organization_id:
+          $ref: '#/components/schemas/type_:OrganizationId'
+        reason:
+          type: string
+          description: Reason for adding the entry.
+        direction:
+          $ref: '#/components/schemas/type_lists:Direction'
+        list_type:
+          $ref: '#/components/schemas/type_lists:ListType'
+        entry_type:
+          $ref: '#/components/schemas/type_lists:EntryType'
+        created_at:
+          type: string
+          format: date-time
+          description: Time at which entry was created.
+        pod_id:
+          type: string
+          description: ID of pod.
+        inbox_id:
+          type: string
+          description: ID of inbox, if entry is inbox-scoped.
+      required:
+        - entry
+        - organization_id
+        - direction
+        - list_type
+        - entry_type
+        - created_at
+        - pod_id
+      title: PodListEntry
+    type_:ErrorName:
+      type: string
+      description: Name of error.
+      title: ErrorName
+    type_:ValidationErrorResponse:
+      type: object
+      properties:
+        name:
+          $ref: '#/components/schemas/type_:ErrorName'
+        errors:
+          description: Validation errors.
+      required:
+        - name
+        - errors
+      title: ValidationErrorResponse
+  securitySchemes:
+    Bearer:
+      type: http
+      scheme: bearer
+
+```
+
+## SDK Code Examples
+
+```typescript
+import { AgentMailClient } from "agentmail";
+
+async function main() {
+    const client = new AgentMailClient({
+        apiKey: "YOUR_TOKEN_HERE",
+    });
+    await client.inboxes.lists.create("inbox_id", "send", "allow", {
+        entry: "entry",
+    });
+}
+main();
+
+```
+
+```python
+from agentmail import AgentMail
+
+client = AgentMail(
+    api_key="YOUR_TOKEN_HERE",
+)
+
+client.inboxes.lists.create(
+    inbox_id="inbox_id",
+    direction="send",
+    type="allow",
+    entry="entry",
+)
+
+```
+
+```go
+package main
+
+import (
+	"fmt"
+	"strings"
+	"net/http"
+	"io"
+)
+
+func main() {
+
+	url := "https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow"
+
+	payload := strings.NewReader("{\n  \"entry\": \"entry\"\n}")
+
+	req, _ := http.NewRequest("POST", url, payload)
+
+	req.Header.Add("Authorization", "Bearer <api_key>")
+	req.Header.Add("Content-Type", "application/json")
+
+	res, _ := http.DefaultClient.Do(req)
+
+	defer res.Body.Close()
+	body, _ := io.ReadAll(res.Body)
+
+	fmt.Println(res)
+	fmt.Println(string(body))
+
+}
+```
+
+```ruby
+require 'uri'
+require 'net/http'
+
+url = URI("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow")
 
 http = Net::HTTP.new(url.host, url.port)
 http.use_ssl = true
@@ -19865,7 +20869,7 @@ http.use_ssl = true
 request = Net::HTTP::Post.new(url)
 request["Authorization"] = 'Bearer <api_key>'
 request["Content-Type"] = 'application/json'
-request.body = "{}"
+request.body = "{\n  \"entry\": \"entry\"\n}"
 
 response = http.request(request)
 puts response.read_body
@@ -19875,10 +20879,10 @@ puts response.read_body
 import com.mashape.unirest.http.HttpResponse;
 import com.mashape.unirest.http.Unirest;
 
-HttpResponse<String> response = Unirest.post("https://api.agentmail.to/v0/inboxes/inbox_id/drafts/draft_id/send")
+HttpResponse<String> response = Unirest.post("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow")
   .header("Authorization", "Bearer <api_key>")
   .header("Content-Type", "application/json")
-  .body("{}")
+  .body("{\n  \"entry\": \"entry\"\n}")
   .asString();
 ```
 
@@ -19888,8 +20892,10 @@ require_once('vendor/autoload.php');
 
 $client = new \GuzzleHttp\Client();
 
-$response = $client->request('POST', 'https://api.agentmail.to/v0/inboxes/inbox_id/drafts/draft_id/send', [
-  'body' => '{}',
+$response = $client->request('POST', 'https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow', [
+  'body' => '{
+  "entry": "entry"
+}',
   'headers' => [
     'Authorization' => 'Bearer <api_key>',
     'Content-Type' => 'application/json',
@@ -19902,11 +20908,11 @@ echo $response->getBody();
 ```csharp
 using RestSharp;
 
-var client = new RestClient("https://api.agentmail.to/v0/inboxes/inbox_id/drafts/draft_id/send");
+var client = new RestClient("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow");
 var request = new RestRequest(Method.POST);
 request.AddHeader("Authorization", "Bearer <api_key>");
 request.AddHeader("Content-Type", "application/json");
-request.AddParameter("application/json", "{}", ParameterType.RequestBody);
+request.AddParameter("application/json", "{\n  \"entry\": \"entry\"\n}", ParameterType.RequestBody);
 IRestResponse response = client.Execute(request);
 ```
 
@@ -19917,11 +20923,11 @@ let headers = [
   "Authorization": "Bearer <api_key>",
   "Content-Type": "application/json"
 ]
-let parameters = [] as [String : Any]
+let parameters = ["entry": "entry"] as [String : Any]
 
 let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
 
-let request = NSMutableURLRequest(url: NSURL(string: "https://api.agentmail.to/v0/inboxes/inbox_id/drafts/draft_id/send")! as URL,
+let request = NSMutableURLRequest(url: NSURL(string: "https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow")! as URL,
                                         cachePolicy: .useProtocolCachePolicy,
                                     timeoutInterval: 10.0)
 request.httpMethod = "POST"
@@ -19941,6 +20947,247 @@ let dataTask = session.dataTask(with: request as URLRequest, completionHandler:
 dataTask.resume()
 ```
 
+# Delete List Entry
+
+DELETE https://api.agentmail.to/v0/inboxes/{inbox_id}/lists/{direction}/{type}/{entry}
+
+Reference: https://docs.agentmail.to/api-reference/inboxes/lists/delete
+
+## OpenAPI Specification
+
+```yaml
+openapi: 3.1.0
+info:
+  title: api
+  version: 1.0.0
+paths:
+  /v0/inboxes/{inbox_id}/lists/{direction}/{type}/{entry}:
+    delete:
+      operationId: delete
+      summary: Delete List Entry
+      tags:
+        - subpackage_inboxes.subpackage_inboxes/lists
+      parameters:
+        - name: inbox_id
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_inboxes:InboxId'
+        - name: direction
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_lists:Direction'
+        - name: type
+          in: path
+          required: true
+          schema:
+            $ref: '#/components/schemas/type_lists:ListType'
+        - name: entry
+          in: path
+          description: Email address or domain.
+          required: true
+          schema:
+            type: string
+        - name: Authorization
+          in: header
+          description: Bearer authentication
+          required: true
+          schema:
+            type: string
+      responses:
+        '200':
+          description: Successful response
+        '404':
+          description: Error response with status 404
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/type_:ErrorResponse'
+servers:
+  - url: https://api.agentmail.to
+  - url: https://x402.api.agentmail.to
+  - url: https://mpp.api.agentmail.to
+  - url: https://api.agentmail.eu
+components:
+  schemas:
+    type_inboxes:InboxId:
+      type: string
+      description: The ID of the inbox.
+      title: InboxId
+    type_lists:Direction:
+      type: string
+      enum:
+        - send
+        - receive
+        - reply
+      description: Direction of list entry.
+      title: Direction
+    type_lists:ListType:
+      type: string
+      enum:
+        - allow
+        - block
+      description: Type of list entry.
+      title: ListType
+    type_:ErrorName:
+      type: string
+      description: Name of error.
+      title: ErrorName
+    type_:ErrorMessage:
+      type: string
+      description: Error message.
+      title: ErrorMessage
+    type_:ErrorResponse:
+      type: object
+      properties:
+        name:
+          $ref: '#/components/schemas/type_:ErrorName'
+        message:
+          $ref: '#/components/schemas/type_:ErrorMessage'
+      required:
+        - name
+        - message
+      title: ErrorResponse
+  securitySchemes:
+    Bearer:
+      type: http
+      scheme: bearer
+
+```
+
+## SDK Code Examples
+
+```typescript
+import { AgentMailClient } from "agentmail";
+
+async function main() {
+    const client = new AgentMailClient({
+        apiKey: "YOUR_TOKEN_HERE",
+    });
+    await client.inboxes.lists.delete("inbox_id", "send", "allow", "entry");
+}
+main();
+
+```
+
+```python
+from agentmail import AgentMail
+
+client = AgentMail(
+    api_key="YOUR_TOKEN_HERE",
+)
+
+client.inboxes.lists.delete(
+    inbox_id="inbox_id",
+    direction="send",
+    type="allow",
+    entry="entry",
+)
+
+```
+
+```go
+package main
+
+import (
+	"fmt"
+	"net/http"
+	"io"
+)
+
+func main() {
+
+	url := "https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry"
+
+	req, _ := http.NewRequest("DELETE", url, nil)
+
+	req.Header.Add("Authorization", "Bearer <api_key>")
+
+	res, _ := http.DefaultClient.Do(req)
+
+	defer res.Body.Close()
+	body, _ := io.ReadAll(res.Body)
+
+	fmt.Println(res)
+	fmt.Println(string(body))
+
+}
+```
+
+```ruby
+require 'uri'
+require 'net/http'
+
+url = URI("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry")
+
+http = Net::HTTP.new(url.host, url.port)
+http.use_ssl = true
+
+request = Net::HTTP::Delete.new(url)
+request["Authorization"] = 'Bearer <api_key>'
+
+response = http.request(request)
+puts response.read_body
+```
+
+```java
+import com.mashape.unirest.http.HttpResponse;
+import com.mashape.unirest.http.Unirest;
+
+HttpResponse<String> response = Unirest.delete("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry")
+  .header("Authorization", "Bearer <api_key>")
+  .asString();
+```
+
+```php
+<?php
+require_once('vendor/autoload.php');
+
+$client = new \GuzzleHttp\Client();
+
+$response = $client->request('DELETE', 'https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry', [
+  'headers' => [
+    'Authorization' => 'Bearer <api_key>',
+  ],
+]);
+
+echo $response->getBody();
+```
+
+```csharp
+using RestSharp;
+
+var client = new RestClient("https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry");
+var request = new RestRequest(Method.DELETE);
+request.AddHeader("Authorization", "Bearer <api_key>");
+IRestResponse response = client.Execute(request);
+```
+
+```swift
+import Foundation
+
+let headers = ["Authorization": "Bearer <api_key>"]
+
+let request = NSMutableURLRequest(url: NSURL(string: "https://api.agentmail.to/v0/inboxes/inbox_id/lists/send/allow/entry")! as URL,
+                                        cachePolicy: .useProtocolCachePolicy,
+                                    timeoutInterval: 10.0)
+request.httpMethod = "DELETE"
+request.allHTTPHeaderFields = headers
+
+let session = URLSession.shared
+let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
+  if (error != nil) {
+    print(error as Any)
+  } else {
+    let httpResponse = response as? HTTPURLResponse
+    print(httpResponse)
+  }
+})
+
+dataTask.resume()
+```
+
 # Query Metrics
 
 GET https://api.agentmail.to/v0/inboxes/{inbox_id}/metrics
@@ -28498,6 +29745,7 @@ components:
       enum:
         - send
         - receive
+        - reply
       description: Direction of list entry.
       title: Direction
     type_lists:ListType:
@@ -28782,6 +30030,7 @@ components:
       enum:
         - send
         - receive
+        - reply
       description: Direction of list entry.
       title: Direction
     type_lists:ListType:
@@ -29056,6 +30305,7 @@ components:
       enum:
         - send
         - receive
+        - reply
       description: Direction of list entry.
       title: Direction
     type_lists:ListType:
@@ -29357,6 +30607,7 @@ components:
       enum:
         - send
         - receive
+        - reply
       description: Direction of list entry.
       title: Direction
     type_lists:ListType:
@@ -37617,6 +38868,7 @@ components:
       enum:
         - send
         - receive
+        - reply
       description: Direction of list entry.
       title: Direction
     type_lists:ListType:
@@ -37918,6 +39170,7 @@ components:
       enum:
         - send
         - receive
+        - reply
       description: Direction of list entry.
       title: Direction
     type_lists:ListType:
@@ -38209,6 +39462,7 @@ components:
       enum:
         - send
         - receive
+        - reply
       description: Direction of list entry.
       title: Direction
     type_lists:ListType:
@@ -38527,6 +39781,7 @@ components:
       enum:
         - send
         - receive
+        - reply
       description: Direction of list entry.
       title: Direction
     type_lists:ListType:
@@ -40579,14 +41834,16 @@ Allowlists and blocklists let you control who your AI agent can communicate with
 
 ## How Lists work
 
-AgentMail provides four list types based on two dimensions, **direction** (send or receive) and **type** (allow or block):
+AgentMail provides six list types based on two dimensions, **direction** (send, receive, or reply) and **type** (allow or block):
 
-| List          | What it does                                         |
-| ------------- | ---------------------------------------------------- |
-| Receive allow | Only accept emails from these addresses or domains   |
-| Receive block | Reject emails from these addresses or domains        |
-| Send allow    | Only send emails to these addresses or domains       |
-| Send block    | Prevent sending emails to these addresses or domains |
+| List          | What it does                                             |
+| ------------- | -------------------------------------------------------- |
+| Receive allow | Only accept emails from these addresses or domains       |
+| Receive block | Reject emails from these addresses or domains            |
+| Send allow    | Only send emails to these addresses or domains           |
+| Send block    | Prevent sending emails to these addresses or domains     |
+| Reply allow   | Only accept reply emails from these addresses or domains |
+| Reply block   | Reject reply emails from these addresses or domains      |
 
 Each entry can be either a full email address (e.g., `partner@example.com`) or an entire domain (e.g., `example.com`).
 
@@ -40625,6 +41882,40 @@ entries = client.lists.list("receive", "allow")
 client.lists.delete("receive", "block", entry="spam@example.com")
 ```
 
+### Inbox-scoped lists
+
+Lists can be applied at the inbox level for per-inbox filtering. For example, one inbox might only accept emails from `meta.com`, while another inbox in the same pod accepts from `partner.com`.
+
+```python title="Python"
+# This inbox only accepts emails from meta.com
+client.inboxes.lists.create(
+    "support@yourdomain.com", "receive", "allow", entry="meta.com"
+)
+
+# A different inbox accepts from partner.com
+client.inboxes.lists.create(
+    "sales@yourdomain.com", "receive", "allow", entry="partner.com"
+)
+```
+
+Inbox-level lists override pod-level and org-level lists. If the inbox-level list has a match, pod and org lists are not checked.
+
+### Reply lists
+
+Reply lists control filtering for inbound emails that are replies to previous outbound messages. When an inbound email arrives, AgentMail checks the `In-Reply-To` header:
+
+* If the email **is a reply** to a previous outbound message, only the reply lists are checked. Receive lists are skipped.
+* If the email **is not a reply**, only the receive lists are checked. Reply lists are skipped.
+
+By default, when reply lists are empty, all replies are allowed. This is useful for agents that initiate outbound emails (such as making reservations or sending inquiries) and need to receive the responses.
+
+```python title="Python"
+# Block replies from a specific sender
+client.inboxes.lists.create(
+    "agent@yourdomain.com", "reply", "block", entry="spam-restaurant.com"
+)
+```
+
 ## Common patterns for agents
 
 **Outreach agent:** Use a send allowlist to restrict your agent to only email verified prospects. This prevents the agent from accidentally emailing the wrong people.
@@ -40650,6 +41941,22 @@ client.lists.create("receive", "allow", entry="trusted-partner.com")
 client.lists.create("receive", "block", entry="spam-domain.com", reason="spam")
 ```
 
+**Task-oriented agent (making reservations, bookings, etc.):** Use a receive allowlist to restrict inbound to your organization's domain, but leave reply lists open (default) so replies to agent-initiated outbound emails come through.
+
+```python title="Python"
+# Only accept unsolicited emails from your org
+client.inboxes.lists.create(
+    "agent@yourdomain.com", "receive", "allow", entry="yourdomain.com"
+)
+
+# Replies to emails the agent sends (e.g., restaurant reservations)
+# are allowed by default, no reply list configuration needed.
+# Optionally block specific reply senders:
+client.inboxes.lists.create(
+    "agent@yourdomain.com", "reply", "block", entry="spam-restaurant.com"
+)
+```
+
 ## Why this matters for agents
 
 Without guardrails, an autonomous agent could email the wrong people, respond to phishing attempts, or get caught in infinite email loops with another bot. Lists are your safety rails. They are especially important for:
@@ -40657,6 +41964,7 @@ Without guardrails, an autonomous agent could email the wrong people, respond to
 * **Production agents** operating with minimal human oversight
 * **Outreach agents** that should only contact approved recipients
 * **Support agents** that should only respond to known customers
+* **Task-oriented agents** that send outbound emails and need replies to come through
 * **Any agent** that needs protection from spam, phishing, or abuse
 
 For more details on the Lists API, see the [Lists core concept](/lists) documentation.