BlacklistGuard tool
The BlacklistGuard tool lets an agent operate a BlacklistGuard email-service-provider (ESP) workspace over its REST API — create, send and report on campaigns; manage mailing lists, subscribers, segments and suppression lists; check sending domains; monitor IPs/domains against DNS blacklists; validate addresses; and send transactional email. One configuration (just the workspace API key) exposes one function; the agent picks an action per call.
api_call presets — you no longer re-enter the same key across many configurations. One key, one tool.
Configuration
The tool has a single field:
- API key (required) — your BlacklistGuard workspace API key. It starts with
efk_and is sent as theX-API-Keyheader on every request. Stored encrypted and never shown again after saving; on edit, leave it blank to keep the stored key.
There is no API-version or base-URL field — the API endpoint is fixed server-side.
Where to get the API key
Sign in to your BlacklistGuard workspace and generate an API key in your workspace's API access / API keys settings, then paste it here. The key grants full API access to that workspace — campaigns, lists, subscribers, suppression, domains, blacklist monitoring, validation, and sending — so treat it like a password.
efk_. It is stored AES-encrypted at rest and never returned by the API — the console shows only whether a key is set.
What it can do
23 actions, grouped. The agent chooses one per call:
- Campaigns —
list_campaigns(filter by search/status/date, paged),get_campaign,create_campaign(draft),send_campaign,pause_campaign,delete_campaign,campaign_report(time-series activity). - Mailing lists & subscribers —
list_mailing_lists,list_subscribers,add_subscriber,remove_subscriber. - Segments —
list_segments. - Suppression —
list_suppression_lists,list_suppression_entries,suppress_email,delete_suppression_entry. - Sending domains —
list_sending_domains(with verification status). - Blacklist —
blacklist_check(one-off),list_blacklist_monitors,schedule_blacklist_monitor(ongoing),delete_blacklist_monitor. - Deliverability & transactional —
validate_email,send_email(a single transactional email).
Operator notes
- Sender must be verified. A campaign's
from_email(andsend_email's optionalfrom_email) must be on a verified sending domain in the workspace. The agent can calllist_sending_domainsto see which domains are verified. - This is the API tool, not the SMTP tool. A separate "Email" (SMTP) tool backed by BlacklistGuard still exists for raw SMTP send with cc/bcc/reply-to/attachments. This tool's
send_emailis the REST transactional path — single recipient, no cc/bcc/attachments. They coexist by design; pick the right one for the job. - Blacklist monitors need a frequency.
schedule_blacklist_monitorrequires a check frequency (hourly / 4-hourly / daily / weekly). - Deleting a subscriber uses the subscriber's global id.
- Readable reports.
list_campaignsautomatically omits the bulky email HTML so listings/reports stay readable.
Safety in autonomous runs
Like any tool, the BlacklistGuard tool carries a safety classification (mutating / destructive / sends-data-externally) that governs scheduled or triggered (autonomous) runs. It ships unclassified (fully allowed). Suggested settings, which you can override:
- Destructive — the tool can delete campaigns, remove subscribers, delete suppression entries and blacklist monitors, and send mail. Turn this on if you want the platform's destructive-action gate to apply in autonomous runs (which then also requires "Allow destructive actions in autonomous runs" on the bot — it's a whole-tool gate).
- Mutating — reasonable to enable, since the tool writes; it keeps writes from being counted as no-progress in long autonomous runs.
- Sends data externally — leave off. The destination is the fixed BlacklistGuard API (your configured key), not an LLM-chosen URL, so the egress gate doesn't apply.
Interactive chat is never gated by these flags.
Lifecycle & post-call use
- Never ends a session — it's a normal action tool.
- Post-call-hook eligible — it can run after a conversation (see Post-call hooks), e.g. "add the caller to a mailing list" or "send a follow-up transactional email."
- Multiple configurations per workspace are allowed — only the (workspace, name) pair must be unique. For example, one config with delete disabled via classification, and another for a different BlacklistGuard workspace/key.
Security
The API key is stored AES-encrypted at rest and is never returned by the API — the console shows only whether a key is set. Editing a configuration without retyping the key preserves the stored one.