AJO DEV Sandbox Allowed List failing to enforce domain restrictions for API-triggered campaigns.

I recently discovered an issue in AJO. Logging details here for the community visibility so others can easily debug such problem

Bug Title AJO DEV Sandbox Allowed List failing to enforce domain restrictions for API-triggered campaigns.

Product Product: Adobe Journey Optimizer (AJO)

Component: Sandbox Administration / Email Settings (Allowed List)

Expected Behavior When an allowed list is active at the sandbox level, email sending must be strictly restricted to the explicitly configured addresses and domains. If the active list is empty, zero emails should be dispatched from the sandbox. Non-allow-listed addresses must be suppressed natively before the send attempt. Reference: https://experienceleague.adobe.com/en/docs/journey-optimizer/using/configuration/monitor-reputation/allow-list

Observed Behavior Despite an active allowed list configured in the DEV sandbox with specific test domains, API‑triggered campaigns are bypassing this restriction and sending emails to unapproved domains (e.g., fakegmail.com, fakeyahoo.com, fakehotmail.com). The AJO Message Feedback dataset confirms successful send and bounce events to these non-allow-listed domains. This bypassing behavior can directly contributed to the spam‑listing of specific customer domains.

Steps to Reproduce

1. Access the AJO DEV sandbox and navigate to Administration → Channels → Email settings → Allowed list.
2. Configure the list with a designated set of approved test domains and activate the list.
3. Create API‑triggered email campaigns in the DEV sandbox, mapping them to the DEV email channel configuration tied to the active allowed list.
4. Trigger the campaigns via API using recipient email addresses containing domains explicitly excluded from the allowed list (e.g., user@fakegmail.com).
5. Query the AJO Message Feedback dataset to verify send or bounce events are erroneously recorded for the non-allow-listed domains.

Root Cause Assessment Current hypothesis indicates a platform defect in the execution logic routing API-triggered campaigns. The core enforcement mechanism for the sandbox-level allowed list is failing to parse or validate recipient domains against the configured list during API-initiated message generation.

Business Impact High deliverability and reputational risk. The transmission of unauthorized test payloads to unapproved domains has resulted in spam-listing for customer domains, compromising sender reputation and limiting the integrity of sandbox-level isolation.

Workarounds 

1. Implemented temporary campaign logic conditions to explicitly restrict sends to approved test domains.
2. Enforced strict domain validation at the source integration layer, rejecting non-approved domain payloads before transmittal to the AJO API.

Requested Next Steps from Adobe

Isolate the specific code path failing to enforce the allowed list for API‑triggered campaigns and deploy a platform-level fix.