From a low level, every VizAlert specifies which email addresses it can send to. So if you're not sure which email address may pop up in your data, you can join your data set to a list of know Tableau Server users, and filter or validate it that way.
From the Admin level, if you're concerned about which email addresses your users might configure their VizAlerts to send to, without your knowledge, then you have a couple of options using the VizAlertsConfig workbook:
1. Set the generic default_allowed_recipient_addresses parameter to something that restricts the domain of the addresses to safe ones, if you can segregate them that way. So .*tableau\.com for us would cause any VizAlert sending to a non tableau.com email address to fail.
2. Configure exceptions to the default_allowed_recipient_addresses parameter using the allowed_recipient_addresses calculation. If you want to give certain users, or certain workbooks, or projects, or whatever an exemption to the default setting, you can alter this to do so.
3. If you are dealing with a large number of possible email domains in your Tableau Server user base, then you can take it a step further. You could configure the allowed_recipient_addresses calc to be dynamic based on the alert author--maybe allow each author to send email to the domain their own email address is from. Or, you can cross-db join into the VizAlertsConfig workbook a data set that maps each Site on Server to a specific set of domains you want to whitelist for it.
At the heart of all this is that you will need a pattern of some kind to work with. It can vary, it can be complicated, and it can be dynamic based on whatever criteria you want. But it will not be possible to globally enforce a rule that designates specific arbitrary email addresses as the only ones which are valid.
Does that help? If you let me know more about the specific behavior you want, I can suggest something more specific.
I implement #1 in our VizAlerts environment as it's the easiest to maintain and rarely changes.
Thanks for the response Matt. This does address my concerns for emails outside my domain. However, I still need to restrict emails to Tableau server users only. Is the allowed_recipient_addresses calc limited to regex validation, or could I drop a query to the Postgres _system_users and/or _users views in there instead?
The only way to do what you want is to enforce that policy on an alert level. So you'd need to work with each user authoring a VizAlert on your Server and ensure they knew to join / blend in data from your Tableau User set and ensure they were filtering / alerting accordingly. If you really felt like you couldn't trust them to remember, you could set up the config viz to disregard alerts that did not personally sign off on.
So yes, there is a way to do what you want at the admin level. Enforcing that policy might be a little more work on your part, though.
If you're planning on being the one person authoring alerts, then disregard all that--this is very easy to do because you're the one in control.
Does that help? I feel like I might not be understanding the full context of your question.