How to Change the OpenClaw DM Policy

Your OpenClaw bot has a configurable DM policy that controls who can send it direct messages. You can lock it down to just yourself, open it up for anyone, or require a pairing handshake for new users. This guide walks through each mode and how to switch between them.

For recovering from a lockout where your bot already ignores you, see How to Unlock DM Access. For group chat behavior, see How to Configure OpenClaw Group Chat Behavior.

DM Policy Modes

OpenClaw supports four values for dmPolicy:

Policy	Behavior
`open`	Anyone can DM the bot. Requires `allowFrom: ["*"]`.
`pairing`	New senders get a one-time pairing code. You approve via `/allowlist approve` or the CLI. Approvals are stored and persist across restarts.
`allowlist`	Only IDs listed in `allowFrom` can DM. Everyone else is silently ignored.
`disabled`	All DMs are blocked with no exceptions.

ClawCloud default: both Telegram and Discord channels start with dmPolicy: "open" and allowFrom: ["*"] so you can talk to your bot immediately after deploy.

OpenClaw default (self-hosted): dmPolicy: "pairing" — new senders must complete a pairing handshake before the bot responds.

Change Policy via Bot Chat (Managed Flow)

If you're on ClawCloud, the easiest way to change the DM policy is to tell your bot directly in Telegram or Discord:

Set my DM policy to pairing mode

Restrict DMs so only I can message you. My Telegram user ID is 123456789.

Open up DMs so anyone can message you

After giving the instruction, verify the bot understood:

What is your current DM policy?
/status

Check the Config tab in your ClawCloud dashboard for a live read-only view of the applied config.

Change Policy via CLI

Use the Console tab in the ClawCloud dashboard, or SSH to your server and run as the openclaw user.

Set to `open`

openclaw config set channels.telegram.dmPolicy open
openclaw config set channels.telegram.allowFrom '["*"]'

Set to `pairing`

openclaw config set channels.telegram.dmPolicy pairing

No allowFrom entry needed — pairing is handled automatically.

Set to `allowlist` (specific users only)

openclaw config set channels.telegram.dmPolicy allowlist
openclaw config set channels.telegram.allowFrom '["123456789", "987654321"]'

Replace the IDs with your actual user IDs (see below for how to find them).

Set to `disabled`

openclaw config set channels.telegram.dmPolicy disabled

After any change, restart and verify:

openclaw gateway restart
openclaw doctor

For Discord, replace channels.telegram with channels.discord in all commands above.

allowFrom Format

allowFrom is a JSON array of strings. The format varies by channel:

Channel	ID format	Example
Telegram	Numeric user ID (integer as string)	`["123456789"]`
Discord	Numeric user ID (Snowflake)	`["987654321098765432"]`

Telegram: Usernames (@handle) are not valid in config — they are silently ignored or rejected. You must use the numeric ID. telegram: and tg: prefixes are accepted and normalized automatically (e.g. telegram:123456789).

Note: dmPolicy: "allowlist" with an empty allowFrom array is rejected by config validation. You must include at least one sender ID before switching to allowlist mode.

Find your Telegram user ID:

/whoami

The bot replies with something like telegram:123456789. The numeric portion is the value to use in allowFrom. If you're locked out already, run openclaw logs --follow in the Console and read the from.id field from an incoming message.

Alternatively use @userinfobot on Telegram (third-party).

Find your Discord user ID:

Enable Developer Mode in Discord settings (User Settings → Advanced → Developer Mode), then right-click your username and select Copy User ID.

Using `pairing` Mode

pairing is the most secure default for personal bots. When a new user sends a DM:

They receive a pairing code in the chat.
You approve it from the CLI or by replying to the bot:

openclaw pairing list telegram
openclaw pairing approve telegram <code>

Approved senders are saved to ~/.openclaw/credentials/telegram-allowFrom.json. They persist across gateway restarts and don't need re-approval.

To revoke a previously approved sender:

openclaw config set channels.telegram.allowFrom '["remaining-id-1"]'
openclaw gateway restart

Combining dmPolicy and allowFrom

dmPolicy and allowFrom work together:

open + ["*"] → everyone allowed, no checks.
allowlist + ["123"] → only user 123 allowed.
pairing + ["123"] → user 123 bypasses pairing; others get a code.
disabled → allowFrom is ignored entirely.

After Changing the Policy

Always run openclaw doctor after a policy change to confirm there are no config errors:

openclaw doctor

Test by sending a DM from the affected channel. If the bot doesn't respond as expected, check the gateway logs:

openclaw logs

If you locked yourself out, see How to Unlock DM Access for recovery steps.

For recovering from a lockout where your bot already ignores you, see How to Unlock DM Access. For group chat behavior, see How to Configure OpenClaw Group Chat Behavior.

DM Policy Modes

OpenClaw supports four values for dmPolicy:

Policy	Behavior
`open`	Anyone can DM the bot. Requires `allowFrom: ["*"]`.
`pairing`	New senders get a one-time pairing code. You approve via `/allowlist approve` or the CLI. Approvals are stored and persist across restarts.
`allowlist`	Only IDs listed in `allowFrom` can DM. Everyone else is silently ignored.
`disabled`	All DMs are blocked with no exceptions.

ClawCloud default: both Telegram and Discord channels start with dmPolicy: "open" and allowFrom: ["*"] so you can talk to your bot immediately after deploy.

OpenClaw default (self-hosted): dmPolicy: "pairing" — new senders must complete a pairing handshake before the bot responds.

Change Policy via Bot Chat (Managed Flow)

If you're on ClawCloud, the easiest way to change the DM policy is to tell your bot directly in Telegram or Discord:

Set my DM policy to pairing mode

Restrict DMs so only I can message you. My Telegram user ID is 123456789.

Open up DMs so anyone can message you

After giving the instruction, verify the bot understood:

What is your current DM policy?
/status

Check the Config tab in your ClawCloud dashboard for a live read-only view of the applied config.

Change Policy via CLI

Use the Console tab in the ClawCloud dashboard, or SSH to your server and run as the openclaw user.

Set to `open`

openclaw config set channels.telegram.dmPolicy open
openclaw config set channels.telegram.allowFrom '["*"]'

Set to `pairing`

openclaw config set channels.telegram.dmPolicy pairing

No allowFrom entry needed — pairing is handled automatically.

Set to `allowlist` (specific users only)

openclaw config set channels.telegram.dmPolicy allowlist
openclaw config set channels.telegram.allowFrom '["123456789", "987654321"]'

Replace the IDs with your actual user IDs (see below for how to find them).

Set to `disabled`

openclaw config set channels.telegram.dmPolicy disabled

After any change, restart and verify:

openclaw gateway restart
openclaw doctor

For Discord, replace channels.telegram with channels.discord in all commands above.

allowFrom Format

allowFrom is a JSON array of strings. The format varies by channel:

Channel	ID format	Example
Telegram	Numeric user ID (integer as string)	`["123456789"]`
Discord	Numeric user ID (Snowflake)	`["987654321098765432"]`

Note: dmPolicy: "allowlist" with an empty allowFrom array is rejected by config validation. You must include at least one sender ID before switching to allowlist mode.

Find your Telegram user ID:

/whoami

Alternatively use @userinfobot on Telegram (third-party).

Find your Discord user ID:

Enable Developer Mode in Discord settings (User Settings → Advanced → Developer Mode), then right-click your username and select Copy User ID.

Using `pairing` Mode

pairing is the most secure default for personal bots. When a new user sends a DM:

They receive a pairing code in the chat.
You approve it from the CLI or by replying to the bot:

openclaw pairing list telegram
openclaw pairing approve telegram <code>

Approved senders are saved to ~/.openclaw/credentials/telegram-allowFrom.json. They persist across gateway restarts and don't need re-approval.

To revoke a previously approved sender:

openclaw config set channels.telegram.allowFrom '["remaining-id-1"]'
openclaw gateway restart

Combining dmPolicy and allowFrom

dmPolicy and allowFrom work together:

open + ["*"] → everyone allowed, no checks.
allowlist + ["123"] → only user 123 allowed.
pairing + ["123"] → user 123 bypasses pairing; others get a code.
disabled → allowFrom is ignored entirely.

After Changing the Policy

Always run openclaw doctor after a policy change to confirm there are no config errors:

openclaw doctor

Test by sending a DM from the affected channel. If the bot doesn't respond as expected, check the gateway logs:

openclaw logs

If you locked yourself out, see How to Unlock DM Access for recovery steps.

How to Change the OpenClaw DM Policy

DM Policy Modes

Change Policy via Bot Chat (Managed Flow)

Change Policy via CLI

Set to `open`

Set to `pairing`

Set to `allowlist` (specific users only)

Set to `disabled`

allowFrom Format

Using `pairing` Mode

Combining dmPolicy and allowFrom

After Changing the Policy

Ready to deploy?

Keep reading

Fix: OpenClaw managed reply reliability on ClawCloud

ClawCloud vs Clawy vs Donely: OpenClaw Hosting Compared

How to Install Custom OpenClaw Skills via Chat

How OpenClaw Memory Works on a Dedicated Server

Run an AI Discord Bot with OpenClaw

Run an AI Telegram Bot with OpenClaw

How to Change the OpenClaw DM Policy

DM Policy Modes

Change Policy via Bot Chat (Managed Flow)

Change Policy via CLI

Set to `open`

Set to `pairing`

Set to `allowlist` (specific users only)

Set to `disabled`

allowFrom Format

Using `pairing` Mode

Combining dmPolicy and allowFrom

After Changing the Policy

Ready to deploy?

Keep reading

Fix: OpenClaw managed reply reliability on ClawCloud

ClawCloud vs Clawy vs Donely: OpenClaw Hosting Compared

How to Install Custom OpenClaw Skills via Chat

How OpenClaw Memory Works on a Dedicated Server

Run an AI Discord Bot with OpenClaw

Run an AI Telegram Bot with OpenClaw

How to Change the OpenClaw DM Policy

DM Policy Modes

Change Policy via Bot Chat (Managed Flow)

Change Policy via CLI

Set to open

Set to pairing

Set to allowlist (specific users only)

Set to disabled

allowFrom Format

Using pairing Mode

Combining dmPolicy and allowFrom

After Changing the Policy

Ready to deploy?

Keep reading

Fix: OpenClaw managed reply reliability on ClawCloud

ClawCloud vs Clawy vs Donely: OpenClaw Hosting Compared

How to Install Custom OpenClaw Skills via Chat

How OpenClaw Memory Works on a Dedicated Server

Run an AI Discord Bot with OpenClaw

Run an AI Telegram Bot with OpenClaw

How to Change the OpenClaw DM Policy

DM Policy Modes

Change Policy via Bot Chat (Managed Flow)

Change Policy via CLI

Set to open

Set to pairing

Set to allowlist (specific users only)

Set to disabled

allowFrom Format

Using pairing Mode

Combining dmPolicy and allowFrom

After Changing the Policy

Ready to deploy?

Keep reading

Fix: OpenClaw managed reply reliability on ClawCloud

ClawCloud vs Clawy vs Donely: OpenClaw Hosting Compared

How to Install Custom OpenClaw Skills via Chat

How OpenClaw Memory Works on a Dedicated Server

Run an AI Discord Bot with OpenClaw

Run an AI Telegram Bot with OpenClaw

Set to `open`

Set to `pairing`

Set to `allowlist` (specific users only)

Set to `disabled`

Using `pairing` Mode

Set to `open`

Set to `pairing`

Set to `allowlist` (specific users only)

Set to `disabled`

Using `pairing` Mode