Knowledge & tools

BlacklistGuard tool

The BlacklistGuard tool lets an agent operate a BlacklistGuard email-service-provider (ESP) workspace over its REST API — create, send and report on campaigns; manage mailing lists, subscribers, segments and suppression lists; check sending domains; monitor IPs/domains against DNS blacklists; validate addresses; and send transactional email. One configuration (just the workspace API key) exposes one function; the agent picks an action per call.

This replaces the old set of ~19 separate BlacklistGuard api_call presets — you no longer re-enter the same key across many configurations. One key, one tool.

Configuration

The tool has a single field:

  • API key (required) — your BlacklistGuard workspace API key. It starts with efk_ and is sent as the X-API-Key header on every request. Stored encrypted and never shown again after saving; on edit, leave it blank to keep the stored key.

There is no API-version or base-URL field — the API endpoint is fixed server-side.

Where to get the API key

Sign in to your BlacklistGuard workspace and generate an API key in your workspace's API access / API keys settings, then paste it here. The key grants full API access to that workspace — campaigns, lists, subscribers, suppression, domains, blacklist monitoring, validation, and sending — so treat it like a password.

The key is roughly 48 characters and begins with efk_. It is stored AES-encrypted at rest and never returned by the API — the console shows only whether a key is set.

What it can do

23 actions, grouped. The agent chooses one per call:

  • Campaignslist_campaigns (filter by search/status/date, paged), get_campaign, create_campaign (draft), send_campaign, pause_campaign, delete_campaign, campaign_report (time-series activity).
  • Mailing lists & subscriberslist_mailing_lists, list_subscribers, add_subscriber, remove_subscriber.
  • Segmentslist_segments.
  • Suppressionlist_suppression_lists, list_suppression_entries, suppress_email, delete_suppression_entry.
  • Sending domainslist_sending_domains (with verification status).
  • Blacklistblacklist_check (one-off), list_blacklist_monitors, schedule_blacklist_monitor (ongoing), delete_blacklist_monitor.
  • Deliverability & transactionalvalidate_email, send_email (a single transactional email).

Operator notes

  • Sender must be verified. A campaign's from_email (and send_email's optional from_email) must be on a verified sending domain in the workspace. The agent can call list_sending_domains to see which domains are verified.
  • This is the API tool, not the SMTP tool. A separate "Email" (SMTP) tool backed by BlacklistGuard still exists for raw SMTP send with cc/bcc/reply-to/attachments. This tool's send_email is the REST transactional path — single recipient, no cc/bcc/attachments. They coexist by design; pick the right one for the job.
  • Blacklist monitors need a frequency. schedule_blacklist_monitor requires a check frequency (hourly / 4-hourly / daily / weekly).
  • Deleting a subscriber uses the subscriber's global id.
  • Readable reports. list_campaigns automatically omits the bulky email HTML so listings/reports stay readable.

Safety in autonomous runs

Like any tool, the BlacklistGuard tool carries a safety classification (mutating / destructive / sends-data-externally) that governs scheduled or triggered (autonomous) runs. It ships unclassified (fully allowed). Suggested settings, which you can override:

  • Destructive — the tool can delete campaigns, remove subscribers, delete suppression entries and blacklist monitors, and send mail. Turn this on if you want the platform's destructive-action gate to apply in autonomous runs (which then also requires "Allow destructive actions in autonomous runs" on the bot — it's a whole-tool gate).
  • Mutating — reasonable to enable, since the tool writes; it keeps writes from being counted as no-progress in long autonomous runs.
  • Sends data externally — leave off. The destination is the fixed BlacklistGuard API (your configured key), not an LLM-chosen URL, so the egress gate doesn't apply.

Interactive chat is never gated by these flags.

Lifecycle & post-call use

  • Never ends a session — it's a normal action tool.
  • Post-call-hook eligible — it can run after a conversation (see Post-call hooks), e.g. "add the caller to a mailing list" or "send a follow-up transactional email."
  • Multiple configurations per workspace are allowed — only the (workspace, name) pair must be unique. For example, one config with delete disabled via classification, and another for a different BlacklistGuard workspace/key.

Security

The API key is stored AES-encrypted at rest and is never returned by the API — the console shows only whether a key is set. Editing a configuration without retyping the key preserves the stored one.