Every thunk has an email address and an inbox. It can receive emails with attachments, and those get automatically picked up and processed as new workflows.
But of course, we don’t want to allow anybody to spam this inbox.
Owners and admins of the thunk always have the permission to send email to the thunk.
Now, you can also use the security configuration for the Email inbound channel to additionally provide an allow-list of email senders.
In many cases, the way you’d do this is by setting up a forwarding email rule from some external facing mailbox (eg: support@acme.com). So external parties would send their email to support@acme.com. You’d set up a forwarding rule from that email inbox to your thunk. And in the thunk, you configure the security setting to accept email from support@acme.com