Enter individual addresses, a domain such as @company.com, or mix the two. Only matches are approved at the gate.
PDF Email Verification
Specific people or a whole domain
Stops forwarded links dead
Records are named, not anonymous
Only approved emails get through.
Email verification turns a public share link into a named-recipient gate. Build an allowlist of addresses or domains; only matching readers receive a code and can open the PDF.
No account, no password, no sign-up flow on the reader side. They type an email, receive a code from that inbox, and they're in — if and only if the address is on your list.
Email allowlist
Domain wildcard
Named records
No reader account
Forwarded URLs still reach the verification page — but outsiders never receive a code, so the PDF never renders.
Each opener identifies themselves via email. Your access log shows names, not just IPs — much more actionable.
Verify email
Allowlist gate
Named opens
Works on any device
The gate is a web page. Readers verify on desktop or phone with no app install.
Layered with other rules
Combine with open limit, expiry, watermark, and view mode for layered protection.
Workflow
From allowlist to verified open in four steps.
You configure the allowlist once during upload; every subsequent reader session passes through the same gate.
1
Build the allowlist
On the upload page, add individual emails or a domain wildcard. This is the gate that decides who can proceed.
2
Send the same link
Share one link or QR with everyone. Each reader will verify their own email — no per-recipient links needed.
3
Reader verifies
Reader enters their email. If it's on the list, a code arrives in that inbox. They enter the code and the PDF opens.
4
Named record logged
The verified email and timestamp are saved against the share, so you know who opened what and when.
Non-approved addresses never receive a code — so they can't get in by guessing.
Approved readers can come back later with the same email; no re-invitation needed.
Update the allowlist anytime from Control Center — no new share link.
Allowlist Modes
Two ways to express the list — pick what fits.
Use individual addresses when you know each recipient by name; use domain wildcards when you know the organisation but not every person.
Individual email allowlist
- Best when you have a named, limited set of recipients.
- Records show each recipient's email beside the timestamp.
- Change the list anytime — readers removed from the list can no longer verify.
- Ideal for proposals, offers, legal drafts, confidential reports.
Domain wildcard allowlist
- Best when you trust an organisation but don't have the full roster.
- Anyone with a valid
@yourdomain.comaddress gets through. - Combine domains with individual emails for a mixed allowlist.
- Ideal for internal memos, class handouts, partner briefings.
Reader Flow
What the approved reader sees.
The gate is light and familiar — no account, no installation, no captcha theatre. Most readers are through in under 30 seconds.
1
Open the link
They click the link or scan the QR. A lightweight MaiPDF page asks for an email address — no form fields for name, phone, or password.
2
Enter approved email
If the address is on the allowlist (individual or domain match), MaiPDF emails them a one-time code. Otherwise they see an access-not-available message.
3
Enter the code
They paste the code from their inbox into the verification field. The PDF loads inside the MaiPDF viewer.
4
Read the document
They can read, and — depending on your view-mode choice — print, download, or only view on-screen. Their open is logged against their verified email.
No reader account is ever created.
The code is sent only for addresses on the allowlist.
Returning readers typically re-verify quickly — often in one click.
Use Cases
Where email verification earns its keep.
Email gating shines when "who the reader is" matters — not just "does someone have the link".
HR & legal
Share offer letters, contracts, or internal HR documents only with named recipients. No more chasing whether the right person opened the right draft.
- Individual allowlist for each named recipient.
- Combine with view-only to keep drafts off personal devices.
- Records show each signer's email.
Education & training
Restrict course material to students on a school or organisation domain, without maintaining a class roster inside MaiPDF.
- Domain wildcard on the institution's email domain.
- Set an expiry for the end of the term.
- Download usually allowed for offline study.
Sales & business development
Share a detailed proposal with a shortlist of known contacts; prevent forwards to competitors or unintended parties.
- Individual allowlist for the decision-maker group.
- Layer with Telegram read alerts for real-time follow-up.
- Replace the file from Control Center if the proposal evolves.
Internal comms
Make a confidential memo or all-hands deck available to the company domain only — not the open internet.
- Domain wildcard on your company domain.
- No-download to keep the official copy central.
- Records provide audit trail of who opened the notice.
Investor relations
Send the latest fundraising deck or diligence pack only to investors you've met with — no more accidental deck leaks to the wider VC grapevine.
- Individual allowlist for each investor.
- Combine with FenceView and dynamic watermark.
- Swap the file per round without issuing a new link.
Consulting & research
Limit a confidential deliverable or a draft report to the specific client team agreed in the engagement letter.
- Mixed allowlist: named partners + client domain.
- View-only for draft reports; download allowed for final.
- Named records make sign-off much cleaner.
Compare
Email verification vs. the usual alternatives.
Most "share-only-with-these-people" needs are solved by one of three approaches — here's how email verification stacks up.
| Approach | Friction for the reader | Who can actually open | Record quality |
|---|---|---|---|
| Shared password | Low — one password for everyone | Anyone the password reaches — including forwards | Anonymous (no identity) |
| Per-recipient link | Low, but you must build and track many links | Whoever holds each specific link | Per-link, not per-reader |
| Full account / SSO | High — sign-up, password, MFA | Whoever can pass account sign-up | Strong, but heavy for one-off shares |
| MaiPDF email verification | Low — type email, paste code | Only addresses on your allowlist | Named email per open |
No shared password to leak or rotate.
One link serves everyone — you don't manage dozens of URLs.
Friction stays low; security stays high.
Records
Named opens, not anonymous hits.
Because every opener verifies an email, the access log is a clean list of recipient emails and timestamps — not just a stream of IP addresses.
Named opens
Each entry shows the verified email that opened the PDF, plus the time and, where possible, the region.
Counts per address
See how often each recipient opened the file. Useful signal for engagement — or for spotting a single address being shared around.
Works with read alerts
Layer Telegram read alerts on top; each alert can include the verified email so you know exactly who opened it in real time.
Exportable audit trail
Review-ready log for compliance, board reporting, or sales follow-up — named, not anonymised.
FAQ
Questions that come up before the first gated share.
If you're on the fence about email verification, these answers usually cover it.
How does the allowlist actually decide who's in?
You enter approved addresses and/or domain wildcards during upload. When a reader types an email, MaiPDF checks it against the list. Matches get a code by email; non-matches are stopped with an access-not-available message and never receive a code.
Can I allow an entire domain like @company.com?
Yes. Use a domain wildcard (e.g.
@company.com) to approve any address under that domain. This is handy when you trust the organisation but don't have the full roster — useful for internal announcements or school handouts.Do recipients need a MaiPDF account?
No. The gate is just two fields — email and a one-time code from the inbox. No password, no sign-up, no profile. That keeps friction low even for non-technical recipients.
Can I mix individual emails and domain wildcards on the same list?
Yes. You can combine approaches — e.g. allow
@company.com for internal staff plus two external reviewer emails. All entries live on the same allowlist for the share.What happens if a reader mistypes their email?
If the typo still matches a list entry (e.g. a colleague's address), a code will be sent there — so your list entries should be correct. If the typo does not match, no code is sent and the reader can simply type again.
Can I change the allowlist after sharing?
Yes. Use the reading code to open Control Center. Add or remove individual emails, add or remove domains — the changes take effect on the next verification attempt. The share URL stays the same.
Can approved readers open the PDF more than once?
Yes, unless you've also set an open limit. Email verification is about who can open; the open limit controls how many times. Combine them for tighter control (e.g. a single named recipient with an open limit of 3).
Does email verification work with Telegram read alerts?
Yes. The two settings coexist on the same panel. With both on, each verified open also triggers a Telegram alert — so you know in real time which named recipient just opened the PDF.
How is this different from a password-protected PDF?
A password is one secret shared among everyone — it leaks, it stays the same, and your records are anonymous. Email verification is per-reader: each recipient proves control of their own inbox, so records are named and forwarded links are useless to outsiders.
Can I use email verification for a public-facing share?
Usually no — it is designed for named or organisation-scoped audiences. For public-facing distribution, skip email verification and rely on open limits, expiry, watermarking, and view mode instead.
Start Here
Build the allowlist, then share the link.
Upload your PDF, enter the approved emails or domain, and copy the gated link. Only approved readers will ever see the document — with a named record for each open.