# Investigate

## Search email messages

`client.EmailSecurity.Investigate.List(ctx, params) (*V4PagePaginationArray[InvestigateListResponse], error)`

**get** `/accounts/{account_id}/email-security/investigate`

Returns information for each email that matches the search parameter(s).
If the search takes too long, the endpoint returns 202 with a Location header
pointing to a polling endpoint where results can be retrieved once ready.

### Parameters

- `params InvestigateListParams`

  - `AccountID param.Field[string]`

    Path param: Account Identifier

  - `ActionLog param.Field[bool]`

    Query param: Determines if the message action log is included in the response.

  - `AlertID param.Field[string]`

    Query param

  - `Cursor param.Field[string]`

    Query param

  - `DetectionsOnly param.Field[bool]`

    Query param: Determines if the search results will include detections or not.

  - `Domain param.Field[string]`

    Query param: Filter by a domain found in the email: sender domain, recipient domain, or a domain in a link.

  - `End param.Field[Time]`

    Query param: The end of the search date range.
    Defaults to `now` if not provided.

  - `ExactSubject param.Field[string]`

    Query param: Search for messages with an exact subject match.

  - `FinalDisposition param.Field[InvestigateListParamsFinalDisposition]`

    Query param: The dispositions the search filters by.

    - `const InvestigateListParamsFinalDispositionMalicious InvestigateListParamsFinalDisposition = "MALICIOUS"`

    - `const InvestigateListParamsFinalDispositionSuspicious InvestigateListParamsFinalDisposition = "SUSPICIOUS"`

    - `const InvestigateListParamsFinalDispositionSpoof InvestigateListParamsFinalDisposition = "SPOOF"`

    - `const InvestigateListParamsFinalDispositionSpam InvestigateListParamsFinalDisposition = "SPAM"`

    - `const InvestigateListParamsFinalDispositionBulk InvestigateListParamsFinalDisposition = "BULK"`

    - `const InvestigateListParamsFinalDispositionNone InvestigateListParamsFinalDisposition = "NONE"`

  - `MessageAction param.Field[InvestigateListParamsMessageAction]`

    Query param: The message actions the search filters by.

    - `const InvestigateListParamsMessageActionPreview InvestigateListParamsMessageAction = "PREVIEW"`

    - `const InvestigateListParamsMessageActionQuarantineReleased InvestigateListParamsMessageAction = "QUARANTINE_RELEASED"`

    - `const InvestigateListParamsMessageActionMoved InvestigateListParamsMessageAction = "MOVED"`

    - `const InvestigateListParamsMessageActionSubmitted InvestigateListParamsMessageAction = "SUBMITTED"`

  - `MessageID param.Field[string]`

    Query param

  - `Metric param.Field[string]`

    Query param

  - `Page param.Field[int64]`

    Query param: Deprecated: Use cursor pagination instead.

  - `PerPage param.Field[int64]`

    Query param: The number of results per page.

  - `Query param.Field[string]`

    Query param: The space-delimited term used in the query. The search is case-insensitive.

    The content of the following email metadata fields are searched:

    * alert_id
    * CC
    * From (envelope_from)
    * From Name
    * final_disposition
    * md5 hash (of any attachment)
    * sha1 hash (of any attachment)
    * sha256 hash (of any attachment)
    * name (of any attachment)
    * Reason
    * Received DateTime (yyyy-mm-ddThh:mm:ss)
    * Sent DateTime (yyyy-mm-ddThh:mm:ss)
    * ReplyTo
    * To (envelope_to)
    * To Name
    * Message-ID
    * smtp_helo_server_ip
    * smtp_previous_hop_ip
    * x_originating_ip
    * Subject

  - `Recipient param.Field[string]`

    Query param: Filter by recipient. Matches either an email address or a domain.

  - `Sender param.Field[string]`

    Query param: Filter by sender. Matches either an email address or a domain.

  - `Start param.Field[Time]`

    Query param: The beginning of the search date range.
    Defaults to `now - 30 days` if not provided.

  - `Subject param.Field[string]`

    Query param: Search for messages containing individual keywords in any order within the subject.

  - `Submissions param.Field[bool]`

    Query param: Search for submissions instead of original messages

### Returns

- `type InvestigateListResponse struct{…}`

  - `ID string`

  - `ActionLog unknown`

  - `ClientRecipients []string`

  - `DetectionReasons []string`

  - `IsPhishSubmission bool`

  - `IsQuarantined bool`

  - `PostfixID string`

    The identifier of the message.

  - `Properties InvestigateListResponseProperties`

    - `AllowlistedPattern string`

    - `AllowlistedPatternType InvestigateListResponsePropertiesAllowlistedPatternType`

      - `const InvestigateListResponsePropertiesAllowlistedPatternTypeQuarantineRelease InvestigateListResponsePropertiesAllowlistedPatternType = "quarantine_release"`

      - `const InvestigateListResponsePropertiesAllowlistedPatternTypeAcceptableSender InvestigateListResponsePropertiesAllowlistedPatternType = "acceptable_sender"`

      - `const InvestigateListResponsePropertiesAllowlistedPatternTypeAllowedSender InvestigateListResponsePropertiesAllowlistedPatternType = "allowed_sender"`

      - `const InvestigateListResponsePropertiesAllowlistedPatternTypeAllowedRecipient InvestigateListResponsePropertiesAllowlistedPatternType = "allowed_recipient"`

      - `const InvestigateListResponsePropertiesAllowlistedPatternTypeDomainSimilarity InvestigateListResponsePropertiesAllowlistedPatternType = "domain_similarity"`

      - `const InvestigateListResponsePropertiesAllowlistedPatternTypeDomainRecency InvestigateListResponsePropertiesAllowlistedPatternType = "domain_recency"`

      - `const InvestigateListResponsePropertiesAllowlistedPatternTypeManagedAcceptableSender InvestigateListResponsePropertiesAllowlistedPatternType = "managed_acceptable_sender"`

      - `const InvestigateListResponsePropertiesAllowlistedPatternTypeOutboundNdr InvestigateListResponsePropertiesAllowlistedPatternType = "outbound_ndr"`

    - `BlocklistedMessage bool`

    - `BlocklistedPattern string`

    - `WhitelistedPatternType InvestigateListResponsePropertiesWhitelistedPatternType`

      - `const InvestigateListResponsePropertiesWhitelistedPatternTypeQuarantineRelease InvestigateListResponsePropertiesWhitelistedPatternType = "quarantine_release"`

      - `const InvestigateListResponsePropertiesWhitelistedPatternTypeAcceptableSender InvestigateListResponsePropertiesWhitelistedPatternType = "acceptable_sender"`

      - `const InvestigateListResponsePropertiesWhitelistedPatternTypeAllowedSender InvestigateListResponsePropertiesWhitelistedPatternType = "allowed_sender"`

      - `const InvestigateListResponsePropertiesWhitelistedPatternTypeAllowedRecipient InvestigateListResponsePropertiesWhitelistedPatternType = "allowed_recipient"`

      - `const InvestigateListResponsePropertiesWhitelistedPatternTypeDomainSimilarity InvestigateListResponsePropertiesWhitelistedPatternType = "domain_similarity"`

      - `const InvestigateListResponsePropertiesWhitelistedPatternTypeDomainRecency InvestigateListResponsePropertiesWhitelistedPatternType = "domain_recency"`

      - `const InvestigateListResponsePropertiesWhitelistedPatternTypeManagedAcceptableSender InvestigateListResponsePropertiesWhitelistedPatternType = "managed_acceptable_sender"`

      - `const InvestigateListResponsePropertiesWhitelistedPatternTypeOutboundNdr InvestigateListResponsePropertiesWhitelistedPatternType = "outbound_ndr"`

  - `Ts string`

    Deprecated, use `scanned_at` instead

  - `AlertID string`

  - `DeliveryMode InvestigateListResponseDeliveryMode`

    - `const InvestigateListResponseDeliveryModeDirect InvestigateListResponseDeliveryMode = "DIRECT"`

    - `const InvestigateListResponseDeliveryModeBcc InvestigateListResponseDeliveryMode = "BCC"`

    - `const InvestigateListResponseDeliveryModeJournal InvestigateListResponseDeliveryMode = "JOURNAL"`

    - `const InvestigateListResponseDeliveryModeReviewSubmission InvestigateListResponseDeliveryMode = "REVIEW_SUBMISSION"`

    - `const InvestigateListResponseDeliveryModeDMARCUnverified InvestigateListResponseDeliveryMode = "DMARC_UNVERIFIED"`

    - `const InvestigateListResponseDeliveryModeDMARCFailureReport InvestigateListResponseDeliveryMode = "DMARC_FAILURE_REPORT"`

    - `const InvestigateListResponseDeliveryModeDMARCAggregateReport InvestigateListResponseDeliveryMode = "DMARC_AGGREGATE_REPORT"`

    - `const InvestigateListResponseDeliveryModeThreatIntelSubmission InvestigateListResponseDeliveryMode = "THREAT_INTEL_SUBMISSION"`

    - `const InvestigateListResponseDeliveryModeSimulationSubmission InvestigateListResponseDeliveryMode = "SIMULATION_SUBMISSION"`

    - `const InvestigateListResponseDeliveryModeAPI InvestigateListResponseDeliveryMode = "API"`

    - `const InvestigateListResponseDeliveryModeRetroScan InvestigateListResponseDeliveryMode = "RETRO_SCAN"`

  - `EdfHash string`

  - `EnvelopeFrom string`

  - `EnvelopeTo []string`

  - `FinalDisposition InvestigateListResponseFinalDisposition`

    - `const InvestigateListResponseFinalDispositionMalicious InvestigateListResponseFinalDisposition = "MALICIOUS"`

    - `const InvestigateListResponseFinalDispositionMaliciousBec InvestigateListResponseFinalDisposition = "MALICIOUS-BEC"`

    - `const InvestigateListResponseFinalDispositionSuspicious InvestigateListResponseFinalDisposition = "SUSPICIOUS"`

    - `const InvestigateListResponseFinalDispositionSpoof InvestigateListResponseFinalDisposition = "SPOOF"`

    - `const InvestigateListResponseFinalDispositionSpam InvestigateListResponseFinalDisposition = "SPAM"`

    - `const InvestigateListResponseFinalDispositionBulk InvestigateListResponseFinalDisposition = "BULK"`

    - `const InvestigateListResponseFinalDispositionEncrypted InvestigateListResponseFinalDisposition = "ENCRYPTED"`

    - `const InvestigateListResponseFinalDispositionExternal InvestigateListResponseFinalDisposition = "EXTERNAL"`

    - `const InvestigateListResponseFinalDispositionUnknown InvestigateListResponseFinalDisposition = "UNKNOWN"`

    - `const InvestigateListResponseFinalDispositionNone InvestigateListResponseFinalDisposition = "NONE"`

  - `Findings []InvestigateListResponseFinding`

    - `Attachment string`

    - `Detail string`

    - `Detection InvestigateListResponseFindingsDetection`

      - `const InvestigateListResponseFindingsDetectionMalicious InvestigateListResponseFindingsDetection = "MALICIOUS"`

      - `const InvestigateListResponseFindingsDetectionMaliciousBec InvestigateListResponseFindingsDetection = "MALICIOUS-BEC"`

      - `const InvestigateListResponseFindingsDetectionSuspicious InvestigateListResponseFindingsDetection = "SUSPICIOUS"`

      - `const InvestigateListResponseFindingsDetectionSpoof InvestigateListResponseFindingsDetection = "SPOOF"`

      - `const InvestigateListResponseFindingsDetectionSpam InvestigateListResponseFindingsDetection = "SPAM"`

      - `const InvestigateListResponseFindingsDetectionBulk InvestigateListResponseFindingsDetection = "BULK"`

      - `const InvestigateListResponseFindingsDetectionEncrypted InvestigateListResponseFindingsDetection = "ENCRYPTED"`

      - `const InvestigateListResponseFindingsDetectionExternal InvestigateListResponseFindingsDetection = "EXTERNAL"`

      - `const InvestigateListResponseFindingsDetectionUnknown InvestigateListResponseFindingsDetection = "UNKNOWN"`

      - `const InvestigateListResponseFindingsDetectionNone InvestigateListResponseFindingsDetection = "NONE"`

    - `Field string`

    - `Name string`

    - `Portion string`

    - `Reason string`

    - `Score float64`

    - `Value string`

  - `From string`

  - `FromName string`

  - `HtmltextStructureHash string`

  - `MessageID string`

  - `PostDeliveryOperations []InvestigateListResponsePostDeliveryOperation`

    - `const InvestigateListResponsePostDeliveryOperationPreview InvestigateListResponsePostDeliveryOperation = "PREVIEW"`

    - `const InvestigateListResponsePostDeliveryOperationQuarantineRelease InvestigateListResponsePostDeliveryOperation = "QUARANTINE_RELEASE"`

    - `const InvestigateListResponsePostDeliveryOperationSubmission InvestigateListResponsePostDeliveryOperation = "SUBMISSION"`

    - `const InvestigateListResponsePostDeliveryOperationMove InvestigateListResponsePostDeliveryOperation = "MOVE"`

  - `PostfixIDOutbound string`

  - `Replyto string`

  - `ScannedAt Time`

  - `SentAt Time`

  - `SentDate string`

    Deprecated, use `sent_at` instead

  - `Subject string`

  - `ThreatCategories []string`

  - `To []string`

  - `ToName []string`

  - `Validation InvestigateListResponseValidation`

    - `Comment string`

    - `DKIM InvestigateListResponseValidationDKIM`

      - `const InvestigateListResponseValidationDKIMPass InvestigateListResponseValidationDKIM = "pass"`

      - `const InvestigateListResponseValidationDKIMNeutral InvestigateListResponseValidationDKIM = "neutral"`

      - `const InvestigateListResponseValidationDKIMFail InvestigateListResponseValidationDKIM = "fail"`

      - `const InvestigateListResponseValidationDKIMError InvestigateListResponseValidationDKIM = "error"`

      - `const InvestigateListResponseValidationDKIMNone InvestigateListResponseValidationDKIM = "none"`

    - `DMARC InvestigateListResponseValidationDMARC`

      - `const InvestigateListResponseValidationDMARCPass InvestigateListResponseValidationDMARC = "pass"`

      - `const InvestigateListResponseValidationDMARCNeutral InvestigateListResponseValidationDMARC = "neutral"`

      - `const InvestigateListResponseValidationDMARCFail InvestigateListResponseValidationDMARC = "fail"`

      - `const InvestigateListResponseValidationDMARCError InvestigateListResponseValidationDMARC = "error"`

      - `const InvestigateListResponseValidationDMARCNone InvestigateListResponseValidationDMARC = "none"`

    - `SPF InvestigateListResponseValidationSPF`

      - `const InvestigateListResponseValidationSPFPass InvestigateListResponseValidationSPF = "pass"`

      - `const InvestigateListResponseValidationSPFNeutral InvestigateListResponseValidationSPF = "neutral"`

      - `const InvestigateListResponseValidationSPFFail InvestigateListResponseValidationSPF = "fail"`

      - `const InvestigateListResponseValidationSPFError InvestigateListResponseValidationSPF = "error"`

      - `const InvestigateListResponseValidationSPFNone InvestigateListResponseValidationSPF = "none"`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  page, err := client.EmailSecurity.Investigate.List(context.TODO(), email_security.InvestigateListParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", page)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49-2a539d65",
      "action_log": [],
      "client_recipients": [
        "email@example.com"
      ],
      "detection_reasons": [
        "Selector is a source of spam/uce : Smtp-Helo-Server-Ip=<b>127.0.0[dot]186</b>"
      ],
      "is_phish_submission": false,
      "is_quarantined": false,
      "postfix_id": "47JJcT1w6GztQV7",
      "properties": {
        "allowlisted_pattern": "allowlisted_pattern",
        "allowlisted_pattern_type": "quarantine_release",
        "blocklisted_message": true,
        "blocklisted_pattern": "blocklisted_pattern",
        "whitelisted_pattern_type": "quarantine_release"
      },
      "ts": "2019-11-20T23:22:01",
      "alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49",
      "delivery_mode": "DIRECT",
      "edf_hash": null,
      "envelope_from": "d1994@example.com",
      "envelope_to": [
        "email@example.com"
      ],
      "final_disposition": "MALICIOUS",
      "findings": [
        {
          "attachment": "attachment",
          "detail": "detail",
          "detection": "MALICIOUS",
          "field": "field",
          "name": "name",
          "portion": "portion",
          "reason": "reason",
          "score": 0,
          "value": "value"
        }
      ],
      "from": "d1994@example.com",
      "from_name": "Sender Name",
      "htmltext_structure_hash": null,
      "message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>",
      "post_delivery_operations": [
        "PREVIEW"
      ],
      "postfix_id_outbound": null,
      "replyto": "email@example.com",
      "scanned_at": "2019-11-20T23:22:01Z",
      "sent_at": "2019-11-21T00:22:01Z",
      "sent_date": "2019-11-21T00:22:01",
      "subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place",
      "threat_categories": [
        "IPReputation",
        "ASNReputation"
      ],
      "to": [
        "email@example.com"
      ],
      "to_name": [
        "Recipient Name"
      ],
      "validation": {
        "comment": null,
        "dkim": "pass",
        "dmarc": "none",
        "spf": "fail"
      }
    }
  ],
  "result_info": {
    "count": 0,
    "page": 0,
    "per_page": 0,
    "total_count": 0,
    "next": "next",
    "previous": "previous"
  },
  "success": true
}
```

## Get message details

`client.EmailSecurity.Investigate.Get(ctx, postfixID, query) (*InvestigateGetResponse, error)`

**get** `/accounts/{account_id}/email-security/investigate/{postfix_id}`

Retrieves detailed information about a specific email message, including headers,
metadata, and security scan results.

### Parameters

- `postfixID string`

  The identifier of the message.

- `query InvestigateGetParams`

  - `AccountID param.Field[string]`

    Account Identifier

### Returns

- `type InvestigateGetResponse struct{…}`

  - `ID string`

  - `ActionLog unknown`

  - `ClientRecipients []string`

  - `DetectionReasons []string`

  - `IsPhishSubmission bool`

  - `IsQuarantined bool`

  - `PostfixID string`

    The identifier of the message.

  - `Properties InvestigateGetResponseProperties`

    - `AllowlistedPattern string`

    - `AllowlistedPatternType InvestigateGetResponsePropertiesAllowlistedPatternType`

      - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeQuarantineRelease InvestigateGetResponsePropertiesAllowlistedPatternType = "quarantine_release"`

      - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeAcceptableSender InvestigateGetResponsePropertiesAllowlistedPatternType = "acceptable_sender"`

      - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeAllowedSender InvestigateGetResponsePropertiesAllowlistedPatternType = "allowed_sender"`

      - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeAllowedRecipient InvestigateGetResponsePropertiesAllowlistedPatternType = "allowed_recipient"`

      - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeDomainSimilarity InvestigateGetResponsePropertiesAllowlistedPatternType = "domain_similarity"`

      - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeDomainRecency InvestigateGetResponsePropertiesAllowlistedPatternType = "domain_recency"`

      - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeManagedAcceptableSender InvestigateGetResponsePropertiesAllowlistedPatternType = "managed_acceptable_sender"`

      - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeOutboundNdr InvestigateGetResponsePropertiesAllowlistedPatternType = "outbound_ndr"`

    - `BlocklistedMessage bool`

    - `BlocklistedPattern string`

    - `WhitelistedPatternType InvestigateGetResponsePropertiesWhitelistedPatternType`

      - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeQuarantineRelease InvestigateGetResponsePropertiesWhitelistedPatternType = "quarantine_release"`

      - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeAcceptableSender InvestigateGetResponsePropertiesWhitelistedPatternType = "acceptable_sender"`

      - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeAllowedSender InvestigateGetResponsePropertiesWhitelistedPatternType = "allowed_sender"`

      - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeAllowedRecipient InvestigateGetResponsePropertiesWhitelistedPatternType = "allowed_recipient"`

      - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeDomainSimilarity InvestigateGetResponsePropertiesWhitelistedPatternType = "domain_similarity"`

      - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeDomainRecency InvestigateGetResponsePropertiesWhitelistedPatternType = "domain_recency"`

      - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeManagedAcceptableSender InvestigateGetResponsePropertiesWhitelistedPatternType = "managed_acceptable_sender"`

      - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeOutboundNdr InvestigateGetResponsePropertiesWhitelistedPatternType = "outbound_ndr"`

  - `Ts string`

    Deprecated, use `scanned_at` instead

  - `AlertID string`

  - `DeliveryMode InvestigateGetResponseDeliveryMode`

    - `const InvestigateGetResponseDeliveryModeDirect InvestigateGetResponseDeliveryMode = "DIRECT"`

    - `const InvestigateGetResponseDeliveryModeBcc InvestigateGetResponseDeliveryMode = "BCC"`

    - `const InvestigateGetResponseDeliveryModeJournal InvestigateGetResponseDeliveryMode = "JOURNAL"`

    - `const InvestigateGetResponseDeliveryModeReviewSubmission InvestigateGetResponseDeliveryMode = "REVIEW_SUBMISSION"`

    - `const InvestigateGetResponseDeliveryModeDMARCUnverified InvestigateGetResponseDeliveryMode = "DMARC_UNVERIFIED"`

    - `const InvestigateGetResponseDeliveryModeDMARCFailureReport InvestigateGetResponseDeliveryMode = "DMARC_FAILURE_REPORT"`

    - `const InvestigateGetResponseDeliveryModeDMARCAggregateReport InvestigateGetResponseDeliveryMode = "DMARC_AGGREGATE_REPORT"`

    - `const InvestigateGetResponseDeliveryModeThreatIntelSubmission InvestigateGetResponseDeliveryMode = "THREAT_INTEL_SUBMISSION"`

    - `const InvestigateGetResponseDeliveryModeSimulationSubmission InvestigateGetResponseDeliveryMode = "SIMULATION_SUBMISSION"`

    - `const InvestigateGetResponseDeliveryModeAPI InvestigateGetResponseDeliveryMode = "API"`

    - `const InvestigateGetResponseDeliveryModeRetroScan InvestigateGetResponseDeliveryMode = "RETRO_SCAN"`

  - `EdfHash string`

  - `EnvelopeFrom string`

  - `EnvelopeTo []string`

  - `FinalDisposition InvestigateGetResponseFinalDisposition`

    - `const InvestigateGetResponseFinalDispositionMalicious InvestigateGetResponseFinalDisposition = "MALICIOUS"`

    - `const InvestigateGetResponseFinalDispositionMaliciousBec InvestigateGetResponseFinalDisposition = "MALICIOUS-BEC"`

    - `const InvestigateGetResponseFinalDispositionSuspicious InvestigateGetResponseFinalDisposition = "SUSPICIOUS"`

    - `const InvestigateGetResponseFinalDispositionSpoof InvestigateGetResponseFinalDisposition = "SPOOF"`

    - `const InvestigateGetResponseFinalDispositionSpam InvestigateGetResponseFinalDisposition = "SPAM"`

    - `const InvestigateGetResponseFinalDispositionBulk InvestigateGetResponseFinalDisposition = "BULK"`

    - `const InvestigateGetResponseFinalDispositionEncrypted InvestigateGetResponseFinalDisposition = "ENCRYPTED"`

    - `const InvestigateGetResponseFinalDispositionExternal InvestigateGetResponseFinalDisposition = "EXTERNAL"`

    - `const InvestigateGetResponseFinalDispositionUnknown InvestigateGetResponseFinalDisposition = "UNKNOWN"`

    - `const InvestigateGetResponseFinalDispositionNone InvestigateGetResponseFinalDisposition = "NONE"`

  - `Findings []InvestigateGetResponseFinding`

    - `Attachment string`

    - `Detail string`

    - `Detection InvestigateGetResponseFindingsDetection`

      - `const InvestigateGetResponseFindingsDetectionMalicious InvestigateGetResponseFindingsDetection = "MALICIOUS"`

      - `const InvestigateGetResponseFindingsDetectionMaliciousBec InvestigateGetResponseFindingsDetection = "MALICIOUS-BEC"`

      - `const InvestigateGetResponseFindingsDetectionSuspicious InvestigateGetResponseFindingsDetection = "SUSPICIOUS"`

      - `const InvestigateGetResponseFindingsDetectionSpoof InvestigateGetResponseFindingsDetection = "SPOOF"`

      - `const InvestigateGetResponseFindingsDetectionSpam InvestigateGetResponseFindingsDetection = "SPAM"`

      - `const InvestigateGetResponseFindingsDetectionBulk InvestigateGetResponseFindingsDetection = "BULK"`

      - `const InvestigateGetResponseFindingsDetectionEncrypted InvestigateGetResponseFindingsDetection = "ENCRYPTED"`

      - `const InvestigateGetResponseFindingsDetectionExternal InvestigateGetResponseFindingsDetection = "EXTERNAL"`

      - `const InvestigateGetResponseFindingsDetectionUnknown InvestigateGetResponseFindingsDetection = "UNKNOWN"`

      - `const InvestigateGetResponseFindingsDetectionNone InvestigateGetResponseFindingsDetection = "NONE"`

    - `Field string`

    - `Name string`

    - `Portion string`

    - `Reason string`

    - `Score float64`

    - `Value string`

  - `From string`

  - `FromName string`

  - `HtmltextStructureHash string`

  - `MessageID string`

  - `PostDeliveryOperations []InvestigateGetResponsePostDeliveryOperation`

    - `const InvestigateGetResponsePostDeliveryOperationPreview InvestigateGetResponsePostDeliveryOperation = "PREVIEW"`

    - `const InvestigateGetResponsePostDeliveryOperationQuarantineRelease InvestigateGetResponsePostDeliveryOperation = "QUARANTINE_RELEASE"`

    - `const InvestigateGetResponsePostDeliveryOperationSubmission InvestigateGetResponsePostDeliveryOperation = "SUBMISSION"`

    - `const InvestigateGetResponsePostDeliveryOperationMove InvestigateGetResponsePostDeliveryOperation = "MOVE"`

  - `PostfixIDOutbound string`

  - `Replyto string`

  - `ScannedAt Time`

  - `SentAt Time`

  - `SentDate string`

    Deprecated, use `sent_at` instead

  - `Subject string`

  - `ThreatCategories []string`

  - `To []string`

  - `ToName []string`

  - `Validation InvestigateGetResponseValidation`

    - `Comment string`

    - `DKIM InvestigateGetResponseValidationDKIM`

      - `const InvestigateGetResponseValidationDKIMPass InvestigateGetResponseValidationDKIM = "pass"`

      - `const InvestigateGetResponseValidationDKIMNeutral InvestigateGetResponseValidationDKIM = "neutral"`

      - `const InvestigateGetResponseValidationDKIMFail InvestigateGetResponseValidationDKIM = "fail"`

      - `const InvestigateGetResponseValidationDKIMError InvestigateGetResponseValidationDKIM = "error"`

      - `const InvestigateGetResponseValidationDKIMNone InvestigateGetResponseValidationDKIM = "none"`

    - `DMARC InvestigateGetResponseValidationDMARC`

      - `const InvestigateGetResponseValidationDMARCPass InvestigateGetResponseValidationDMARC = "pass"`

      - `const InvestigateGetResponseValidationDMARCNeutral InvestigateGetResponseValidationDMARC = "neutral"`

      - `const InvestigateGetResponseValidationDMARCFail InvestigateGetResponseValidationDMARC = "fail"`

      - `const InvestigateGetResponseValidationDMARCError InvestigateGetResponseValidationDMARC = "error"`

      - `const InvestigateGetResponseValidationDMARCNone InvestigateGetResponseValidationDMARC = "none"`

    - `SPF InvestigateGetResponseValidationSPF`

      - `const InvestigateGetResponseValidationSPFPass InvestigateGetResponseValidationSPF = "pass"`

      - `const InvestigateGetResponseValidationSPFNeutral InvestigateGetResponseValidationSPF = "neutral"`

      - `const InvestigateGetResponseValidationSPFFail InvestigateGetResponseValidationSPF = "fail"`

      - `const InvestigateGetResponseValidationSPFError InvestigateGetResponseValidationSPF = "error"`

      - `const InvestigateGetResponseValidationSPFNone InvestigateGetResponseValidationSPF = "none"`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  investigate, err := client.EmailSecurity.Investigate.Get(
    context.TODO(),
    "4Njp3P0STMz2c02Q",
    email_security.InvestigateGetParams{
      AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", investigate.ID)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49-2a539d65",
    "action_log": [],
    "client_recipients": [
      "email@example.com"
    ],
    "detection_reasons": [
      "Selector is a source of spam/uce : Smtp-Helo-Server-Ip=<b>127.0.0[dot]186</b>"
    ],
    "is_phish_submission": false,
    "is_quarantined": false,
    "postfix_id": "47JJcT1w6GztQV7",
    "properties": {
      "allowlisted_pattern": "allowlisted_pattern",
      "allowlisted_pattern_type": "quarantine_release",
      "blocklisted_message": true,
      "blocklisted_pattern": "blocklisted_pattern",
      "whitelisted_pattern_type": "quarantine_release"
    },
    "ts": "2019-11-20T23:22:01",
    "alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49",
    "delivery_mode": "DIRECT",
    "edf_hash": null,
    "envelope_from": "d1994@example.com",
    "envelope_to": [
      "email@example.com"
    ],
    "final_disposition": "MALICIOUS",
    "findings": [
      {
        "attachment": "attachment",
        "detail": "detail",
        "detection": "MALICIOUS",
        "field": "field",
        "name": "name",
        "portion": "portion",
        "reason": "reason",
        "score": 0,
        "value": "value"
      }
    ],
    "from": "d1994@example.com",
    "from_name": "Sender Name",
    "htmltext_structure_hash": null,
    "message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>",
    "post_delivery_operations": [
      "PREVIEW"
    ],
    "postfix_id_outbound": null,
    "replyto": "email@example.com",
    "scanned_at": "2019-11-20T23:22:01Z",
    "sent_at": "2019-11-21T00:22:01Z",
    "sent_date": "2019-11-21T00:22:01",
    "subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place",
    "threat_categories": [
      "IPReputation",
      "ASNReputation"
    ],
    "to": [
      "email@example.com"
    ],
    "to_name": [
      "Recipient Name"
    ],
    "validation": {
      "comment": null,
      "dkim": "pass",
      "dmarc": "none",
      "spf": "fail"
    }
  },
  "success": true
}
```

# Detections

## Get message detection details

`client.EmailSecurity.Investigate.Detections.Get(ctx, postfixID, query) (*InvestigateDetectionGetResponse, error)`

**get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/detections`

Returns detection details such as threat categories and sender information for non-benign messages.

### Parameters

- `postfixID string`

  The identifier of the message.

- `query InvestigateDetectionGetParams`

  - `AccountID param.Field[string]`

    Account Identifier

### Returns

- `type InvestigateDetectionGetResponse struct{…}`

  - `Action string`

  - `Attachments []InvestigateDetectionGetResponseAttachment`

    - `Size int64`

    - `ContentType string`

    - `Detection InvestigateDetectionGetResponseAttachmentsDetection`

      - `const InvestigateDetectionGetResponseAttachmentsDetectionMalicious InvestigateDetectionGetResponseAttachmentsDetection = "MALICIOUS"`

      - `const InvestigateDetectionGetResponseAttachmentsDetectionMaliciousBec InvestigateDetectionGetResponseAttachmentsDetection = "MALICIOUS-BEC"`

      - `const InvestigateDetectionGetResponseAttachmentsDetectionSuspicious InvestigateDetectionGetResponseAttachmentsDetection = "SUSPICIOUS"`

      - `const InvestigateDetectionGetResponseAttachmentsDetectionSpoof InvestigateDetectionGetResponseAttachmentsDetection = "SPOOF"`

      - `const InvestigateDetectionGetResponseAttachmentsDetectionSpam InvestigateDetectionGetResponseAttachmentsDetection = "SPAM"`

      - `const InvestigateDetectionGetResponseAttachmentsDetectionBulk InvestigateDetectionGetResponseAttachmentsDetection = "BULK"`

      - `const InvestigateDetectionGetResponseAttachmentsDetectionEncrypted InvestigateDetectionGetResponseAttachmentsDetection = "ENCRYPTED"`

      - `const InvestigateDetectionGetResponseAttachmentsDetectionExternal InvestigateDetectionGetResponseAttachmentsDetection = "EXTERNAL"`

      - `const InvestigateDetectionGetResponseAttachmentsDetectionUnknown InvestigateDetectionGetResponseAttachmentsDetection = "UNKNOWN"`

      - `const InvestigateDetectionGetResponseAttachmentsDetectionNone InvestigateDetectionGetResponseAttachmentsDetection = "NONE"`

    - `Encrypted bool`

    - `Name string`

  - `Headers []InvestigateDetectionGetResponseHeader`

    - `Name string`

    - `Value string`

  - `Links []InvestigateDetectionGetResponseLink`

    - `Href string`

    - `Text string`

  - `SenderInfo InvestigateDetectionGetResponseSenderInfo`

    - `AsName string`

      The name of the autonomous system.

    - `AsNumber int64`

      The number of the autonomous system.

    - `Geo string`

    - `IP string`

    - `Pld string`

  - `ThreatCategories []InvestigateDetectionGetResponseThreatCategory`

    - `ID int64`

    - `Description string`

    - `Name string`

  - `Validation InvestigateDetectionGetResponseValidation`

    - `Comment string`

    - `DKIM InvestigateDetectionGetResponseValidationDKIM`

      - `const InvestigateDetectionGetResponseValidationDKIMPass InvestigateDetectionGetResponseValidationDKIM = "pass"`

      - `const InvestigateDetectionGetResponseValidationDKIMNeutral InvestigateDetectionGetResponseValidationDKIM = "neutral"`

      - `const InvestigateDetectionGetResponseValidationDKIMFail InvestigateDetectionGetResponseValidationDKIM = "fail"`

      - `const InvestigateDetectionGetResponseValidationDKIMError InvestigateDetectionGetResponseValidationDKIM = "error"`

      - `const InvestigateDetectionGetResponseValidationDKIMNone InvestigateDetectionGetResponseValidationDKIM = "none"`

    - `DMARC InvestigateDetectionGetResponseValidationDMARC`

      - `const InvestigateDetectionGetResponseValidationDMARCPass InvestigateDetectionGetResponseValidationDMARC = "pass"`

      - `const InvestigateDetectionGetResponseValidationDMARCNeutral InvestigateDetectionGetResponseValidationDMARC = "neutral"`

      - `const InvestigateDetectionGetResponseValidationDMARCFail InvestigateDetectionGetResponseValidationDMARC = "fail"`

      - `const InvestigateDetectionGetResponseValidationDMARCError InvestigateDetectionGetResponseValidationDMARC = "error"`

      - `const InvestigateDetectionGetResponseValidationDMARCNone InvestigateDetectionGetResponseValidationDMARC = "none"`

    - `SPF InvestigateDetectionGetResponseValidationSPF`

      - `const InvestigateDetectionGetResponseValidationSPFPass InvestigateDetectionGetResponseValidationSPF = "pass"`

      - `const InvestigateDetectionGetResponseValidationSPFNeutral InvestigateDetectionGetResponseValidationSPF = "neutral"`

      - `const InvestigateDetectionGetResponseValidationSPFFail InvestigateDetectionGetResponseValidationSPF = "fail"`

      - `const InvestigateDetectionGetResponseValidationSPFError InvestigateDetectionGetResponseValidationSPF = "error"`

      - `const InvestigateDetectionGetResponseValidationSPFNone InvestigateDetectionGetResponseValidationSPF = "none"`

  - `FinalDisposition InvestigateDetectionGetResponseFinalDisposition`

    - `const InvestigateDetectionGetResponseFinalDispositionMalicious InvestigateDetectionGetResponseFinalDisposition = "MALICIOUS"`

    - `const InvestigateDetectionGetResponseFinalDispositionMaliciousBec InvestigateDetectionGetResponseFinalDisposition = "MALICIOUS-BEC"`

    - `const InvestigateDetectionGetResponseFinalDispositionSuspicious InvestigateDetectionGetResponseFinalDisposition = "SUSPICIOUS"`

    - `const InvestigateDetectionGetResponseFinalDispositionSpoof InvestigateDetectionGetResponseFinalDisposition = "SPOOF"`

    - `const InvestigateDetectionGetResponseFinalDispositionSpam InvestigateDetectionGetResponseFinalDisposition = "SPAM"`

    - `const InvestigateDetectionGetResponseFinalDispositionBulk InvestigateDetectionGetResponseFinalDisposition = "BULK"`

    - `const InvestigateDetectionGetResponseFinalDispositionEncrypted InvestigateDetectionGetResponseFinalDisposition = "ENCRYPTED"`

    - `const InvestigateDetectionGetResponseFinalDispositionExternal InvestigateDetectionGetResponseFinalDisposition = "EXTERNAL"`

    - `const InvestigateDetectionGetResponseFinalDispositionUnknown InvestigateDetectionGetResponseFinalDisposition = "UNKNOWN"`

    - `const InvestigateDetectionGetResponseFinalDispositionNone InvestigateDetectionGetResponseFinalDisposition = "NONE"`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  detection, err := client.EmailSecurity.Investigate.Detections.Get(
    context.TODO(),
    "4Njp3P0STMz2c02Q",
    email_security.InvestigateDetectionGetParams{
      AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", detection.Validation)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "action": "QUARANTINED",
    "attachments": [
      {
        "size": 0,
        "content_type": "content_type",
        "detection": "MALICIOUS",
        "encrypted": true,
        "name": "name"
      }
    ],
    "headers": [
      {
        "name": "From",
        "value": "Sender Name <d1994@example.com>"
      },
      {
        "name": "Subject",
        "value": "listen, I highly recommend u to read that email, just to ensure not a thing will take place"
      }
    ],
    "links": [
      {
        "href": "https://example.com",
        "text": "Click here!"
      }
    ],
    "sender_info": {
      "as_name": "AS0",
      "as_number": 0,
      "geo": "US/-/-",
      "ip": "127.0.0.1",
      "pld": "example.com"
    },
    "threat_categories": [
      {
        "id": 1234,
        "description": null,
        "name": "IP Reputation"
      }
    ],
    "validation": {
      "comment": null,
      "dkim": "pass",
      "dmarc": "none",
      "spf": "fail"
    },
    "final_disposition": "MALICIOUS"
  },
  "success": true
}
```

# Preview

## Get email preview

`client.EmailSecurity.Investigate.Preview.Get(ctx, postfixID, query) (*InvestigatePreviewGetResponse, error)`

**get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/preview`

Returns a preview of the message body as a base64 encoded PNG image for non-benign messages.

### Parameters

- `postfixID string`

  The identifier of the message.

- `query InvestigatePreviewGetParams`

  - `AccountID param.Field[string]`

    Account Identifier

### Returns

- `type InvestigatePreviewGetResponse struct{…}`

  - `Screenshot string`

    A base64 encoded PNG image of the email.

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  preview, err := client.EmailSecurity.Investigate.Preview.Get(
    context.TODO(),
    "4Njp3P0STMz2c02Q",
    email_security.InvestigatePreviewGetParams{
      AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", preview.Screenshot)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "screenshot": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAAAXNSR0IArs4c6QAAAIRlWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAABgAAAAAQAAAGAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAGCgAwAEAAAAAQAAAGAAAAAAtVTeigAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KGV7hBwAACXtJREFUeAHtmwtwXFUZgP9zX7t3b7LNa9M2tGmLDbaWKpL6aBBJHdERQWGkU4u8CraVWmYQYWQUMSoKhZJikYo4Qqc6RVqkKmNHC0K1FGYoM9pqS4FAa9s0aTavfd3d+zq/527YSNvdzWY3m2ySc2c2595z/vOf///+e+4959wTAH5wApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwAhOJABmvzuCz158HXmUp2rCEOlhGbEdFh2qASFAgtiCKMUGgh8FM7IDDp3aQlt12Kfo6rgKAz3ylAQ3rJ/Fg39XYfyx32wUJpJpZ7wiq8LPebuGJaXfuipVKMHJ3YowsRgQC265aE+/quYf2/Le2YDM85aBOn/m7GDHX+m/4W0/B+gpUUNIBwN98rknvif4J+9urC/Tz7OqKBp66+vWSUf9dsvpx62yB0ckpyQDgLxtlS5iyyTx59OuATlFJkOrZYV9l7afItdv/XdSGMigvuQBEHmyqJRLug9DJ+gw2j3y2qIDWcOEPyFef/tHIK8+usaQCEGpdPFd0rEMQC8rZzS5OqXr+JU+JV2+5pjja02sV0mePfm7/I5+eIznm22MF3/U4/p+/L3d23LhxNL0viR7Qs/ETfo/lnIBIsHw0nU/bFiGgLbp0BfnirzanLR/hzJLoAV6QXywJ+C5cNu6N7d/7JD6zat4Is06rbswDENvU/A3sPd6Y1rqxyjRjkDj1zp7RaH5MA3CkpdkL0fAvRsPR4bbhBNtqcNvS7w233nDlxzQAgUp7E+pjPhnNyEw/duRefJLdJEU8pGLo7mptnuuTSJNHkeaBIPhMK/6Gbjm7A7ftfTPV3sGWBQpEu1ekrksxxWgQoLr6Tmbbj4tl34iOgmIbPnsLG8w9hKETajqDiX86sCXJe/1a4D4QEnfF2t/6fjq5UsojFTNQu21v0Z4UIxKA4LqL6nwyfQ3DJ8/JBR7x1wGIEmDfsVzEx1xGO3f+xeT6v7xcDEMKjmystXmRSkPtucJ3nWCy4wZ+0l7wfLsY8F2dBQWg46cfDaDVtw+MSLHsKwm98VDky8UypKAA+BVpF8T7i2Vb6eg1IiPyqE7nUN6joL51jUsw2nVBOqUTLc9TGfi965O++dLlomZvBSICyBoQpdyQVP8R4hFfgAQ+Spb8/PBwfc87AGWadrcR7x5ue+NS3qK2OxQFpcq72jGi7CXGvlGYYUAz7LGi7e6Shftba/x5ma1UB9ZDL2khlz1iuHWGOvJ+BJl65DNDKZ8I5UL17E515a4jri+OEbsoq096l2QeP3iXaR5N4MurH8SWliH5DimQqUHUezMVTah8tVx7wHUIdy6/gv3N7YlhRcHseOsOc9HBKL54S9Z1rrwCcLxlQdWEopzJGfbdGG7Y+XAyABK9MZNYxvx4t2r2vv067l55ayaZvAJgQ0zPpHAi5StT52xjnwfQ9cnWI9kfP5kcZ+8LM9i2EXfffE86kbwCMBuOmiCnXW1I18a4zCO+KuiVrZtSxqMVn5o6zyc1g+/+EF+47uYz6+Y8vg0/vPhygQjLRFH5JLXNWgx3+oGW5GazM33M61o+Z96VnpV//WOqsrF9SbInpK7zStnwVdDqmuQvbHk1VT9rAI63Lq6qJnQTNfRlkAin6kz4VKit/5ZvzZ7ksz/lrPmHy6KsF7CXQoGHp1JXOmoqUnuRMj6CEq0ff6Ay2tVDQ52TB77INmME6lecCd9FLlfUPFUg+oHqRp+Pzk08mtJ1Vg/oallQVlZR/i/a3/GBlNBkSIWqGW2iR7vCs3pX2tksvtQi2frBU1TvLnwEKChgls2ZWv75x7pOC4C7O8GbMNvYGD8wGaAD27QrT2s4KsrON6UVz+8cymd8fZUPYvLzZk9bEzjmUOJZy5VAw29J8+PXnRaAWGvjIQx3z89aM89CEmhwRMUXQVGRmOMC+x5AWOr+2NIKSwl7Ggoish8lRKDsSxplTVnuTwTU2aZzQwCMszehxXYu2AIhCQDKpvvERAImUGIK7jXSePJHWWpRHWw7wQYLcaDolplA0GLnukWddvmmpw+khpnDcQvfXF8DAlkKhnkhmEY52IYKlqGiZWho2z5KDYWtEPtpondGRr3eKlDKFsqDAQhvaLxfCHV/J2OFQgpkL2g152mw6rl4Pg4X0nSx6iL7PwQ4tF0GpXOAYchDIdIxMFIKHkRQKz2m8W4nWzcqz2SDUvfhS5KVO+9vXFhm9B5gd0gm2YLzhepze8G2goiCA6J7dxN31y0bxxKbBcUdz9psJ3ryjgc2d2Gb0m0KaDGTbHbHs/7Ozh1IUGC5wHoDEsthZQjUrWMTBMtheQSphQJYyFKB9Q6Kznup24Mck3Uvk1IITaP73iAtTFkeB+6/oxao8jHWA2ex3lVLEQPEtmqpZVewfxKpQjOmYLx/OpjR6mzqlfqFTyQDEHrogufESN/l2YQnXBmLuhyY+YpBjS/5177WM5R/+I9bA+Cl66ye0DUYbfcMJZ9LuVgz/wQJbrh4uho+wb4R5nUz5NJOact4/WznQ8VHylbuOZDJUNx97Vazu2P5SDMi5bNAKpetpfZkhe8SdyeYEfUVdlZ2ZgBwx5UVjoL7zWB7/ZllI3GNiW425vDVrBkJZeNaR/iUFnns4g+93wd89qpqC+Jtjh4uCvxkW1YMBDNhfvD9DU/Wc0VwBoff+FKz5JDwPrTNrC/Rglm5/zyIkVMF65kICmyHzRPeO5w+2Ow4dE7qumgpmwsIk2JXQw4E43H9n65Y75am8x2HfC2HKgWLEG+1I4BU1L2nBRs5GgrcLZM1t+9vd9vy+jx3j0abbhuypu0TSNnkWPbJBpWtV/w6VS6gsDR1XvQU6Vapa4qkJvrVaRTEMFvAsB2drcewQ/Q5BNj0JOSjA1NtljdFFwY/Srgzlwp1QNaVTx1inNU77dV12gU4qjSoI1XHictn5dla71l5KfnBdIjXl1U2oNcMKTh9SgfaPazthoHaXjswuBQ/8/ZX4ymdHVFHU+tmimoo4Ul4JBmdBFt5khDVBJtbS1junvt0REtO/tx6RLaSjIg+kKZ0oclktCibx//fP0HzCIIlCwnPFLn2+LHJsa8nBYSnnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACk4DA/wDoepVZ2hARhAAAAABJRU5ErkJggg=="
  },
  "success": true
}
```

## Preview for non-detection messages

`client.EmailSecurity.Investigate.Preview.New(ctx, params) (*InvestigatePreviewNewResponse, error)`

**post** `/accounts/{account_id}/email-security/investigate/preview`

Generates a preview of an email message for safe viewing without executing any
embedded content.

### Parameters

- `params InvestigatePreviewNewParams`

  - `AccountID param.Field[string]`

    Path param: Account Identifier

  - `PostfixID param.Field[string]`

    Body param: The identifier of the message.

### Returns

- `type InvestigatePreviewNewResponse struct{…}`

  - `Screenshot string`

    A base64 encoded PNG image of the email.

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  preview, err := client.EmailSecurity.Investigate.Preview.New(context.TODO(), email_security.InvestigatePreviewNewParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    PostfixID: cloudflare.F("4Njp3P0STMz2c02Q"),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", preview.Screenshot)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "screenshot": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAAAXNSR0IArs4c6QAAAIRlWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAABgAAAAAQAAAGAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAGCgAwAEAAAAAQAAAGAAAAAAtVTeigAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KGV7hBwAACXtJREFUeAHtmwtwXFUZgP9zX7t3b7LNa9M2tGmLDbaWKpL6aBBJHdERQWGkU4u8CraVWmYQYWQUMSoKhZJikYo4Qqc6RVqkKmNHC0K1FGYoM9pqS4FAa9s0aTavfd3d+zq/527YSNvdzWY3m2ySc2c2595z/vOf///+e+4959wTAH5wApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwAhOJABmvzuCz158HXmUp2rCEOlhGbEdFh2qASFAgtiCKMUGgh8FM7IDDp3aQlt12Kfo6rgKAz3ylAQ3rJ/Fg39XYfyx32wUJpJpZ7wiq8LPebuGJaXfuipVKMHJ3YowsRgQC265aE+/quYf2/Le2YDM85aBOn/m7GDHX+m/4W0/B+gpUUNIBwN98rknvif4J+9urC/Tz7OqKBp66+vWSUf9dsvpx62yB0ckpyQDgLxtlS5iyyTx59OuATlFJkOrZYV9l7afItdv/XdSGMigvuQBEHmyqJRLug9DJ+gw2j3y2qIDWcOEPyFef/tHIK8+usaQCEGpdPFd0rEMQC8rZzS5OqXr+JU+JV2+5pjja02sV0mePfm7/I5+eIznm22MF3/U4/p+/L3d23LhxNL0viR7Qs/ETfo/lnIBIsHw0nU/bFiGgLbp0BfnirzanLR/hzJLoAV6QXywJ+C5cNu6N7d/7JD6zat4Is06rbswDENvU/A3sPd6Y1rqxyjRjkDj1zp7RaH5MA3CkpdkL0fAvRsPR4bbhBNtqcNvS7w233nDlxzQAgUp7E+pjPhnNyEw/duRefJLdJEU8pGLo7mptnuuTSJNHkeaBIPhMK/6Gbjm7A7ftfTPV3sGWBQpEu1ekrksxxWgQoLr6Tmbbj4tl34iOgmIbPnsLG8w9hKETajqDiX86sCXJe/1a4D4QEnfF2t/6fjq5UsojFTNQu21v0Z4UIxKA4LqL6nwyfQ3DJ8/JBR7x1wGIEmDfsVzEx1xGO3f+xeT6v7xcDEMKjmystXmRSkPtucJ3nWCy4wZ+0l7wfLsY8F2dBQWg46cfDaDVtw+MSLHsKwm98VDky8UypKAA+BVpF8T7i2Vb6eg1IiPyqE7nUN6joL51jUsw2nVBOqUTLc9TGfi965O++dLlomZvBSICyBoQpdyQVP8R4hFfgAQ+Spb8/PBwfc87AGWadrcR7x5ue+NS3qK2OxQFpcq72jGi7CXGvlGYYUAz7LGi7e6Shftba/x5ma1UB9ZDL2khlz1iuHWGOvJ+BJl65DNDKZ8I5UL17E515a4jri+OEbsoq096l2QeP3iXaR5N4MurH8SWliH5DimQqUHUezMVTah8tVx7wHUIdy6/gv3N7YlhRcHseOsOc9HBKL54S9Z1rrwCcLxlQdWEopzJGfbdGG7Y+XAyABK9MZNYxvx4t2r2vv067l55ayaZvAJgQ0zPpHAi5StT52xjnwfQ9cnWI9kfP5kcZ+8LM9i2EXfffE86kbwCMBuOmiCnXW1I18a4zCO+KuiVrZtSxqMVn5o6zyc1g+/+EF+47uYz6+Y8vg0/vPhygQjLRFH5JLXNWgx3+oGW5GazM33M61o+Z96VnpV//WOqsrF9SbInpK7zStnwVdDqmuQvbHk1VT9rAI63Lq6qJnQTNfRlkAin6kz4VKit/5ZvzZ7ksz/lrPmHy6KsF7CXQoGHp1JXOmoqUnuRMj6CEq0ff6Ay2tVDQ52TB77INmME6lecCd9FLlfUPFUg+oHqRp+Pzk08mtJ1Vg/oallQVlZR/i/a3/GBlNBkSIWqGW2iR7vCs3pX2tksvtQi2frBU1TvLnwEKChgls2ZWv75x7pOC4C7O8GbMNvYGD8wGaAD27QrT2s4KsrON6UVz+8cymd8fZUPYvLzZk9bEzjmUOJZy5VAw29J8+PXnRaAWGvjIQx3z89aM89CEmhwRMUXQVGRmOMC+x5AWOr+2NIKSwl7Ggoish8lRKDsSxplTVnuTwTU2aZzQwCMszehxXYu2AIhCQDKpvvERAImUGIK7jXSePJHWWpRHWw7wQYLcaDolplA0GLnukWddvmmpw+khpnDcQvfXF8DAlkKhnkhmEY52IYKlqGiZWho2z5KDYWtEPtpondGRr3eKlDKFsqDAQhvaLxfCHV/J2OFQgpkL2g152mw6rl4Pg4X0nSx6iL7PwQ4tF0GpXOAYchDIdIxMFIKHkRQKz2m8W4nWzcqz2SDUvfhS5KVO+9vXFhm9B5gd0gm2YLzhepze8G2goiCA6J7dxN31y0bxxKbBcUdz9psJ3ryjgc2d2Gb0m0KaDGTbHbHs/7Ozh1IUGC5wHoDEsthZQjUrWMTBMtheQSphQJYyFKB9Q6Kznup24Mck3Uvk1IITaP73iAtTFkeB+6/oxao8jHWA2ex3lVLEQPEtmqpZVewfxKpQjOmYLx/OpjR6mzqlfqFTyQDEHrogufESN/l2YQnXBmLuhyY+YpBjS/5177WM5R/+I9bA+Cl66ye0DUYbfcMJZ9LuVgz/wQJbrh4uho+wb4R5nUz5NJOact4/WznQ8VHylbuOZDJUNx97Vazu2P5SDMi5bNAKpetpfZkhe8SdyeYEfUVdlZ2ZgBwx5UVjoL7zWB7/ZllI3GNiW425vDVrBkJZeNaR/iUFnns4g+93wd89qpqC+Jtjh4uCvxkW1YMBDNhfvD9DU/Wc0VwBoff+FKz5JDwPrTNrC/Rglm5/zyIkVMF65kICmyHzRPeO5w+2Ow4dE7qumgpmwsIk2JXQw4E43H9n65Y75am8x2HfC2HKgWLEG+1I4BU1L2nBRs5GgrcLZM1t+9vd9vy+jx3j0abbhuypu0TSNnkWPbJBpWtV/w6VS6gsDR1XvQU6Vapa4qkJvrVaRTEMFvAsB2drcewQ/Q5BNj0JOSjA1NtljdFFwY/Srgzlwp1QNaVTx1inNU77dV12gU4qjSoI1XHictn5dla71l5KfnBdIjXl1U2oNcMKTh9SgfaPazthoHaXjswuBQ/8/ZX4ymdHVFHU+tmimoo4Ul4JBmdBFt5khDVBJtbS1junvt0REtO/tx6RLaSjIg+kKZ0oclktCibx//fP0HzCIIlCwnPFLn2+LHJsa8nBYSnnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACk4DA/wDoepVZ2hARhAAAAABJRU5ErkJggg=="
  },
  "success": true
}
```

# Raw

## Get raw email content

`client.EmailSecurity.Investigate.Raw.Get(ctx, postfixID, query) (*InvestigateRawGetResponse, error)`

**get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/raw`

Returns the raw eml of any non-benign message.

### Parameters

- `postfixID string`

  The identifier of the message.

- `query InvestigateRawGetParams`

  - `AccountID param.Field[string]`

    Account Identifier

### Returns

- `type InvestigateRawGetResponse struct{…}`

  - `Raw string`

    A UTF-8 encoded eml file of the email.

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  raw, err := client.EmailSecurity.Investigate.Raw.Get(
    context.TODO(),
    "4Njp3P0STMz2c02Q",
    email_security.InvestigateRawGetParams{
      AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", raw.Raw)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "raw": "MIME-Version: 1.0\nContent-Type: text/plain; charset=\"utf-8\"\n\nFrom: sender@example.com\nTo: recipient@example.com\nSubject: Test Email\n\nThis is a test email."
  },
  "success": true
}
```

# Trace

## Get email trace

`client.EmailSecurity.Investigate.Trace.Get(ctx, postfixID, query) (*InvestigateTraceGetResponse, error)`

**get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/trace`

Gets the delivery trace for an email message, showing its path through email
security processing.

### Parameters

- `postfixID string`

  The identifier of the message.

- `query InvestigateTraceGetParams`

  - `AccountID param.Field[string]`

    Account Identifier

### Returns

- `type InvestigateTraceGetResponse struct{…}`

  - `Inbound InvestigateTraceGetResponseInbound`

    - `Lines []InvestigateTraceGetResponseInboundLine`

      - `Lineno int64`

      - `Message string`

      - `Ts Time`

    - `Pending bool`

  - `Outbound InvestigateTraceGetResponseOutbound`

    - `Lines []InvestigateTraceGetResponseOutboundLine`

      - `Lineno int64`

      - `Message string`

      - `Ts Time`

    - `Pending bool`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  trace, err := client.EmailSecurity.Investigate.Trace.Get(
    context.TODO(),
    "4Njp3P0STMz2c02Q",
    email_security.InvestigateTraceGetParams{
      AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", trace.Inbound)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "inbound": {
      "lines": [
        {
          "lineno": 0,
          "message": "message",
          "ts": "2019-12-27T18:11:19.117Z"
        }
      ],
      "pending": true
    },
    "outbound": {
      "lines": [
        {
          "lineno": 0,
          "message": "message",
          "ts": "2019-12-27T18:11:19.117Z"
        }
      ],
      "pending": true
    }
  },
  "success": true
}
```

# Move

## Move a message

`client.EmailSecurity.Investigate.Move.New(ctx, postfixID, params) (*SinglePage[InvestigateMoveNewResponse], error)`

**post** `/accounts/{account_id}/email-security/investigate/{postfix_id}/move`

Moves a single email message to a different folder or changes its quarantine status.

### Parameters

- `postfixID string`

  The identifier of the message.

- `params InvestigateMoveNewParams`

  - `AccountID param.Field[string]`

    Path param: Account Identifier

  - `Destination param.Field[InvestigateMoveNewParamsDestination]`

    Body param

    - `const InvestigateMoveNewParamsDestinationInbox InvestigateMoveNewParamsDestination = "Inbox"`

    - `const InvestigateMoveNewParamsDestinationJunkEmail InvestigateMoveNewParamsDestination = "JunkEmail"`

    - `const InvestigateMoveNewParamsDestinationDeletedItems InvestigateMoveNewParamsDestination = "DeletedItems"`

    - `const InvestigateMoveNewParamsDestinationRecoverableItemsDeletions InvestigateMoveNewParamsDestination = "RecoverableItemsDeletions"`

    - `const InvestigateMoveNewParamsDestinationRecoverableItemsPurges InvestigateMoveNewParamsDestination = "RecoverableItemsPurges"`

### Returns

- `type InvestigateMoveNewResponse struct{…}`

  - `CompletedTimestamp Time`

    Deprecated, use `completed_at` instead

  - `ItemCount int64`

  - `Success bool`

  - `CompletedAt Time`

  - `Destination string`

  - `MessageID string`

  - `Operation string`

  - `Recipient string`

  - `Status string`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  page, err := client.EmailSecurity.Investigate.Move.New(
    context.TODO(),
    "4Njp3P0STMz2c02Q",
    email_security.InvestigateMoveNewParams{
      AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
      Destination: cloudflare.F(email_security.InvestigateMoveNewParamsDestinationInbox),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", page)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "completed_timestamp": "2019-12-27T18:11:19.117Z",
      "item_count": 0,
      "success": true,
      "completed_at": "2019-12-27T18:11:19.117Z",
      "destination": "destination",
      "message_id": "message_id",
      "operation": "operation",
      "recipient": "recipient",
      "status": "status"
    }
  ],
  "success": true
}
```

## Move multiple messages

`client.EmailSecurity.Investigate.Move.Bulk(ctx, params) (*SinglePage[InvestigateMoveBulkResponse], error)`

**post** `/accounts/{account_id}/email-security/investigate/move`

Maximum batch size: 1000 messages per request

### Parameters

- `params InvestigateMoveBulkParams`

  - `AccountID param.Field[string]`

    Path param: Account Identifier

  - `Destination param.Field[InvestigateMoveBulkParamsDestination]`

    Body param

    - `const InvestigateMoveBulkParamsDestinationInbox InvestigateMoveBulkParamsDestination = "Inbox"`

    - `const InvestigateMoveBulkParamsDestinationJunkEmail InvestigateMoveBulkParamsDestination = "JunkEmail"`

    - `const InvestigateMoveBulkParamsDestinationDeletedItems InvestigateMoveBulkParamsDestination = "DeletedItems"`

    - `const InvestigateMoveBulkParamsDestinationRecoverableItemsDeletions InvestigateMoveBulkParamsDestination = "RecoverableItemsDeletions"`

    - `const InvestigateMoveBulkParamsDestinationRecoverableItemsPurges InvestigateMoveBulkParamsDestination = "RecoverableItemsPurges"`

  - `IDs param.Field[[]string]`

    Body param: List of message IDs to move.

  - `PostfixIDs param.Field[[]string]`

    Body param: Deprecated: Use `ids` instead. List of message IDs to move.

### Returns

- `type InvestigateMoveBulkResponse struct{…}`

  - `CompletedTimestamp Time`

    Deprecated, use `completed_at` instead

  - `ItemCount int64`

  - `Success bool`

  - `CompletedAt Time`

  - `Destination string`

  - `MessageID string`

  - `Operation string`

  - `Recipient string`

  - `Status string`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  page, err := client.EmailSecurity.Investigate.Move.Bulk(context.TODO(), email_security.InvestigateMoveBulkParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    Destination: cloudflare.F(email_security.InvestigateMoveBulkParamsDestinationInbox),
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", page)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "completed_timestamp": "2019-12-27T18:11:19.117Z",
      "item_count": 0,
      "success": true,
      "completed_at": "2019-12-27T18:11:19.117Z",
      "destination": "destination",
      "message_id": "message_id",
      "operation": "operation",
      "recipient": "recipient",
      "status": "status"
    }
  ],
  "success": true
}
```

# Reclassify

## Change email classification

`client.EmailSecurity.Investigate.Reclassify.New(ctx, postfixID, params) (*InvestigateReclassifyNewResponse, error)`

**post** `/accounts/{account_id}/email-security/investigate/{postfix_id}/reclassify`

Submits an email message for reclassification, updating its threat assessment
based on new analysis.

### Parameters

- `postfixID string`

  The identifier of the message.

- `params InvestigateReclassifyNewParams`

  - `AccountID param.Field[string]`

    Path param: Account Identifier

  - `ExpectedDisposition param.Field[InvestigateReclassifyNewParamsExpectedDisposition]`

    Body param

    - `const InvestigateReclassifyNewParamsExpectedDispositionNone InvestigateReclassifyNewParamsExpectedDisposition = "NONE"`

    - `const InvestigateReclassifyNewParamsExpectedDispositionBulk InvestigateReclassifyNewParamsExpectedDisposition = "BULK"`

    - `const InvestigateReclassifyNewParamsExpectedDispositionMalicious InvestigateReclassifyNewParamsExpectedDisposition = "MALICIOUS"`

    - `const InvestigateReclassifyNewParamsExpectedDispositionSpam InvestigateReclassifyNewParamsExpectedDisposition = "SPAM"`

    - `const InvestigateReclassifyNewParamsExpectedDispositionSpoof InvestigateReclassifyNewParamsExpectedDisposition = "SPOOF"`

    - `const InvestigateReclassifyNewParamsExpectedDispositionSuspicious InvestigateReclassifyNewParamsExpectedDisposition = "SUSPICIOUS"`

  - `EmlContent param.Field[string]`

    Body param: Base64 encoded content of the EML file

  - `EscalatedSubmissionID param.Field[string]`

    Body param

### Returns

- `type InvestigateReclassifyNewResponse interface{…}`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  reclassify, err := client.EmailSecurity.Investigate.Reclassify.New(
    context.TODO(),
    "4Njp3P0STMz2c02Q",
    email_security.InvestigateReclassifyNewParams{
      AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
      ExpectedDisposition: cloudflare.F(email_security.InvestigateReclassifyNewParamsExpectedDispositionNone),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", reclassify)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {},
  "success": true
}
```

# Release

## Release messages from quarantine

`client.EmailSecurity.Investigate.Release.Bulk(ctx, params) (*SinglePage[InvestigateReleaseBulkResponse], error)`

**post** `/accounts/{account_id}/email-security/investigate/release`

Releases a quarantined email message, allowing it to be delivered to the recipient.

### Parameters

- `params InvestigateReleaseBulkParams`

  - `AccountID param.Field[string]`

    Path param: Account Identifier

  - `Body param.Field[[]string]`

    Body param: A list of messages identfied by their `postfix_id`s that should be released.

### Returns

- `type InvestigateReleaseBulkResponse struct{…}`

  - `ID string`

  - `PostfixID string`

    The identifier of the message.

  - `Delivered []string`

  - `Failed []string`

  - `Undelivered []string`

### Example

```go
package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/email_security"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"),
    option.WithAPIEmail("user@example.com"),
  )
  page, err := client.EmailSecurity.Investigate.Release.Bulk(context.TODO(), email_security.InvestigateReleaseBulkParams{
    AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
    Body: []string{"4Njp3P0STMz2c02Q"},
  })
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", page)
}
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "id",
      "postfix_id": "4Njp3P0STMz2c02Q",
      "delivered": [
        "string"
      ],
      "failed": [
        "string"
      ],
      "undelivered": [
        "string"
      ]
    }
  ],
  "success": true
}
```