Email Content Safety

Understanding the AI-Powered Content Safety Scan for Emails

The Content Safety Scan is an AI-powered feature in Arigato that helps ensure email content sent through Workflows is safe and compliant with platform policies. This scan is designed to catch potentially harmful or abusive content at the time of configuration, rather than at the moment of sending. Individual messages are not scanned.

Why This Matters

In the past, malicious actors have attempted to use Arigato to send deceptive phishing emails. This not only violates our policies but also anti-spam laws, and puts the broader Shopify ecosystem at risk. The Content Safety Scan was developed to protect against this type of abuse and ensure that Arigato is only used for legitimate, responsible communication without causing friction for typical users.

What is the Content Safety Scan?

The scan uses AI to analyze the subject line and body content of emails when you click Save on email-related actions. If issues are detected, the Action is temporarily disabled, and you’ll be alerted with a detailed explanation and guidance to resolve the issue.

When Does the Scan Run?

The scan only runs under specific conditions:

  1. You are saving an action that sends any email through any means in Arigato.
  2. At least one of the To, Cc, or Bcc fields contains a token (e.g., {{ customer.email }})

How the Scan Works

When triggered, the Content Safety Scan performs the following checks:

  • If content is safe:
    • The action saves successfully
    • No additional steps are required
  • If unsafe content is detected:
    • The action is disabled
    • A warning banner appears with reasons for the failure
    • A "Run Content Safety Scan" button becomes visible
    • A notification is sent to our support team for further investigation

How to Resolve a Failed Scan

  1. Edit your email subject or body to address the flagged issues
  2. Click the "Run Content Safety Scan" button
  3. If the scan passes:
    • You’ll see a message: “Content is safe. Action enabled.”
    • The action becomes active again and can be saved
  4. If it still fails:
    • You’ll receive updated reasons
    • Make further changes and try again

How to Avoid Triggering the Scan

Here are some tips to help avoid being flagged:

  • Use professional, clear, and neutral language
  • Avoid using spammy or aggressive phrases like “Buy now!” or “Limited time offer!”
  • Don't overuse capital letters or symbols (e.g., “FREE!!!”)
  • Make sure your message does not mimic phishing or scam patterns
  • Review any placeholder or templated content to ensure it doesn't sound generic or suspicious

Email Address Limits

There is a limit of 10 total recipients across To, Cc, and Bcc fields when using tokens in email actions. If you exceed this limit, you’ll receive the following error:

Unable to send email to more than 10 email addresses at one time.

Testing Limits

Email tests are limited to 30 recipients per hour. This total includes all To, Cc, and Bcc addresses. If exceeded, this error will appear:

Too many tests. Please try again in 1 hour.

Troubleshooting & Usage Tips

Email flagged but you're unsure why? Review the warning message carefully. It includes specific phrases or patterns that caused the scan to fail.

Scan seems to be running unexpectedly? Double-check if your recipient fields include tokens like {{ customer.email }}.

Custom Actions

If your custom workflow uses an email action and includes tokenized email addresses, the scan may trigger if the conditions are met. Ensure your email content is clean and professional to avoid disruption.