> ## Documentation Index
> Fetch the complete documentation index at: https://jetemail.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# MailBarrier

> Whitelabel portal where end-users of a filtered domain manage their own inbound mail

## What is MailBarrier?

**MailBarrier** is JetEmail's whitelabel inbound portal, hosted at [mailbarrier.net](https://mailbarrier.net). It gives end-users of a filtered domain (the people whose mailboxes are protected, not the JetEmail account holder) a dedicated place to manage their own inbound mail: review logs, release quarantined messages, train spam, configure allow and block rules, and opt into daily digests.

The JetEmail [dashboard](https://dash.jetemail.com) is where you, the customer, set up and configure a domain for inbound filtering. MailBarrier is where the **people inside that domain** interact with their own filtered mail without ever seeing the JetEmail brand.

<Note>
  Anything a user changes in MailBarrier (rules, digests, releases) applies to their own mailbox or to the domain they administer, scoped by their MailBarrier account role.
</Note>

## Signing in

Users can reach MailBarrier two ways:

**Magic link or password.** Visit [mailbarrier.net](https://mailbarrier.net) and enter your email address. A one-time sign-in link is sent through AWS SES, protected by Cloudflare Turnstile to block automated abuse. Users who prefer credentials can also set a password in **Settings** and sign in directly afterwards.

**SSO from the JetEmail dashboard.** When a domain admin is logged in to [dash.jetemail.com](https://dash.jetemail.com), they can jump straight into MailBarrier as their own user. The dashboard mints a short-lived session and hands the user off to MailBarrier without a second login, then drops them on the management interface.

## Email logs

The default view in MailBarrier is **Email Logs**, a searchable record of every message that has hit the domain.

**Search and filter.** Search by subject, from address, to address, message UID, domain, status, or the raw inbound, outbound, or delivery response. Narrow further by a date range.

**Status at a glance.** Each row is color-coded by what happened to the message:

| Status      | Meaning                                                                        |
| ----------- | ------------------------------------------------------------------------------ |
| Delivered   | Accepted by your destination server.                                           |
| Queued      | Held in JetEmail's queue, retrying delivery. See [Mail Queue](/inbound/queue). |
| Received    | Accepted by JetEmail and being processed.                                      |
| Rejected    | Refused by JetEmail or the destination (permanent failure).                    |
| Quarantined | Held back because of spam scoring.                                             |
| Blocked     | Stopped by a custom block rule.                                                |
| Spam        | Classified as spam by filtering.                                               |

**Message details.** Clicking a row opens a drawer with the full timeline: inbound timestamp and response, outbound attempt, delivery host, IP and port, spam score, and rule that matched (if any).

**Release from quarantine.** When a legitimate message lands in quarantine, open it in the drawer and click **Release**. MailBarrier re-injects the message to your mail server and updates the log entry. This is the same action as the dashboard's [release quarantine](/inbound/logs/release-quarantine) flow, just exposed to the end user for their own mail.

**Report spam or not-spam.** The drawer also has **Report spam** and **Report not spam** buttons. These send the message back to JetEmail's classifier as training data so the filter learns your domain's preferences over time.

## Rules

The **Rules** tab is where users build their own allow and block rules for the domain.

**Two actions:**

* **Allow** rules bypass spam filtering for matching mail. Use these when a legitimate sender keeps getting flagged.
* **Block** rules reject matching mail outright before it reaches the inbox.

**Conditions.** Each rule combines one or more conditions:

| Condition   | What it matches                                                                |
| ----------- | ------------------------------------------------------------------------------ |
| Senders     | Specific email addresses, full domains, or regex patterns.                     |
| Recipients  | Inboxes, domains, or patterns on your side.                                    |
| Subjects    | Exact, contains, starts with, ends with, or regex matches on the subject line. |
| Body        | Same match types as subjects, applied to the message body.                     |
| Headers     | Match on any header name and value.                                            |
| IPs         | A single IP, CIDR block, or IP range.                                          |
| Size        | Minimum and maximum message size.                                              |
| Attachments | By filename, extension, MIME type, or whether attachments are present at all.  |

Rules can be **toggled enabled/disabled** without deleting them, which is handy for testing or for temporarily lifting a block. The list shows the action, name, condition summary, and status, and clicking a row reopens the rule for editing.

This is the same engine documented under [Rules](/inbound/rules/getting-started), exposed to end users for their own domain.

## Settings

The **Settings** tab covers two things end users typically want to control themselves.

### Daily email digest

Users can opt in to a once-a-day digest summarizing quarantined and blocked mail for the previous 24 hours. The digest is delivered at a time the user picks, in their browser's local timezone.

**Two scopes** are available depending on role:

* **User digest.** Sent to a specific mailbox, covering only mail to that address. Any user can configure this for their own mailbox.
* **Domain digest.** Sent to a domain admin, covering the entire domain. Only available to users marked as the domain owner.

Multiple digests can coexist (for example, a domain owner can run one domain-wide digest plus their own personal one).

See [Email Digest](/inbound/settings/email-digest) for the customer-side setup of the domain admin who gets digest and SSO access.

### Password

Magic-link sign-in is the default, but users who want to log in faster can set a password under **Settings**. Once a password is set, switching the sign-in form to "Sign in with email and password" lets them skip the magic link entirely. Passwords must be at least 10 characters and can be changed from the same screen.

## Roles

MailBarrier distinguishes three rough roles, all derived from how the JetEmail account is set up:

* **User.** Can manage rules, releases, reports, and digests for their own mailbox.
* **Domain owner.** Everything a user can do, plus domain-wide rules and the domain digest. This is the address you set as the [domain admin](/inbound/settings/email-digest) in the JetEmail dashboard.
* **Impersonated session.** Created by the dashboard for SSO. Behaves as the underlying user; the impersonation session is single-use and is invalidated after handoff.

## Related

<Columns cols={2}>
  <Card title="Email Digest setup" icon="envelope" href="/inbound/settings/email-digest">
    Configure the domain admin address that gets digest notifications and SSO access to MailBarrier.
  </Card>

  <Card title="Rules engine" icon="filter" href="/inbound/rules/getting-started">
    Reference for the allow and block rule system MailBarrier exposes to end users.
  </Card>

  <Card title="Email logs" icon="list" href="/inbound/logs/email-logs">
    Customer-side documentation for the same log view, in the JetEmail dashboard.
  </Card>

  <Card title="Release quarantine" icon="rotate-left" href="/inbound/logs/release-quarantine">
    Details on how a released message is re-injected to your mail server.
  </Card>
</Columns>