Inbound validation for email-bound requests

Validate a request by confirming control of the inbox it came from.

Instead of sending a password reset, Inbound Validation asks the user to send an email with a challenge code to a specific address. That inbound message confirms the origin of the request and provides a lightweight form of authentication tied to the mailbox itself.

Prove inbox control Reduce password-reset abuse Keep the flow email-native

Step 1

Request

A user asks for access, a password reset, or another sensitive action.

Step 2

Challenge

The system issues a code and asks the user to send it from the target mailbox to a validation address.

Step 3

Confirm

Inbound Validation checks that the code arrived from the expected email origin.

Step 4

Authorize

A validated inbox can be used as a trust signal for the next action in your workflow.

Why inbound validation works

Mailbox-bound trust

The user proves access to the inbox, not just knowledge of a secret.

Lower friction

No new passwords, no extra app, and no long recovery flow to complete.

Workflow friendly

Use the validation result as a signal before unlocking a sensitive request.

Practical security

Good for approvals, resets, onboarding, and other email-centered checks.