## Get message details `client.EmailSecurity.Investigate.Get(ctx, postfixID, query) (*InvestigateGetResponse, error)` **get** `/accounts/{account_id}/email-security/investigate/{postfix_id}` Retrieves detailed information about a specific email message, including headers, metadata, and security scan results. ### Parameters - `postfixID string` The identifier of the message. - `query InvestigateGetParams` - `AccountID param.Field[string]` Account Identifier ### Returns - `type InvestigateGetResponse struct{…}` - `ID string` - `ActionLog unknown` - `ClientRecipients []string` - `DetectionReasons []string` - `IsPhishSubmission bool` - `IsQuarantined bool` - `PostfixID string` The identifier of the message. - `Properties InvestigateGetResponseProperties` - `AllowlistedPattern string` - `AllowlistedPatternType InvestigateGetResponsePropertiesAllowlistedPatternType` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeQuarantineRelease InvestigateGetResponsePropertiesAllowlistedPatternType = "quarantine_release"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeAcceptableSender InvestigateGetResponsePropertiesAllowlistedPatternType = "acceptable_sender"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeAllowedSender InvestigateGetResponsePropertiesAllowlistedPatternType = "allowed_sender"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeAllowedRecipient InvestigateGetResponsePropertiesAllowlistedPatternType = "allowed_recipient"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeDomainSimilarity InvestigateGetResponsePropertiesAllowlistedPatternType = "domain_similarity"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeDomainRecency InvestigateGetResponsePropertiesAllowlistedPatternType = "domain_recency"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeManagedAcceptableSender InvestigateGetResponsePropertiesAllowlistedPatternType = "managed_acceptable_sender"` - `const InvestigateGetResponsePropertiesAllowlistedPatternTypeOutboundNdr InvestigateGetResponsePropertiesAllowlistedPatternType = "outbound_ndr"` - `BlocklistedMessage bool` - `BlocklistedPattern string` - `WhitelistedPatternType InvestigateGetResponsePropertiesWhitelistedPatternType` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeQuarantineRelease InvestigateGetResponsePropertiesWhitelistedPatternType = "quarantine_release"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeAcceptableSender InvestigateGetResponsePropertiesWhitelistedPatternType = "acceptable_sender"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeAllowedSender InvestigateGetResponsePropertiesWhitelistedPatternType = "allowed_sender"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeAllowedRecipient InvestigateGetResponsePropertiesWhitelistedPatternType = "allowed_recipient"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeDomainSimilarity InvestigateGetResponsePropertiesWhitelistedPatternType = "domain_similarity"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeDomainRecency InvestigateGetResponsePropertiesWhitelistedPatternType = "domain_recency"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeManagedAcceptableSender InvestigateGetResponsePropertiesWhitelistedPatternType = "managed_acceptable_sender"` - `const InvestigateGetResponsePropertiesWhitelistedPatternTypeOutboundNdr InvestigateGetResponsePropertiesWhitelistedPatternType = "outbound_ndr"` - `Ts string` Deprecated, use `scanned_at` instead - `AlertID string` - `DeliveryMode InvestigateGetResponseDeliveryMode` - `const InvestigateGetResponseDeliveryModeDirect InvestigateGetResponseDeliveryMode = "DIRECT"` - `const InvestigateGetResponseDeliveryModeBcc InvestigateGetResponseDeliveryMode = "BCC"` - `const InvestigateGetResponseDeliveryModeJournal InvestigateGetResponseDeliveryMode = "JOURNAL"` - `const InvestigateGetResponseDeliveryModeReviewSubmission InvestigateGetResponseDeliveryMode = "REVIEW_SUBMISSION"` - `const InvestigateGetResponseDeliveryModeDMARCUnverified InvestigateGetResponseDeliveryMode = "DMARC_UNVERIFIED"` - `const InvestigateGetResponseDeliveryModeDMARCFailureReport InvestigateGetResponseDeliveryMode = "DMARC_FAILURE_REPORT"` - `const InvestigateGetResponseDeliveryModeDMARCAggregateReport InvestigateGetResponseDeliveryMode = "DMARC_AGGREGATE_REPORT"` - `const InvestigateGetResponseDeliveryModeThreatIntelSubmission InvestigateGetResponseDeliveryMode = "THREAT_INTEL_SUBMISSION"` - `const InvestigateGetResponseDeliveryModeSimulationSubmission InvestigateGetResponseDeliveryMode = "SIMULATION_SUBMISSION"` - `const InvestigateGetResponseDeliveryModeAPI InvestigateGetResponseDeliveryMode = "API"` - `const InvestigateGetResponseDeliveryModeRetroScan InvestigateGetResponseDeliveryMode = "RETRO_SCAN"` - `EdfHash string` - `EnvelopeFrom string` - `EnvelopeTo []string` - `FinalDisposition InvestigateGetResponseFinalDisposition` - `const InvestigateGetResponseFinalDispositionMalicious InvestigateGetResponseFinalDisposition = "MALICIOUS"` - `const InvestigateGetResponseFinalDispositionMaliciousBec InvestigateGetResponseFinalDisposition = "MALICIOUS-BEC"` - `const InvestigateGetResponseFinalDispositionSuspicious InvestigateGetResponseFinalDisposition = "SUSPICIOUS"` - `const InvestigateGetResponseFinalDispositionSpoof InvestigateGetResponseFinalDisposition = "SPOOF"` - `const InvestigateGetResponseFinalDispositionSpam InvestigateGetResponseFinalDisposition = "SPAM"` - `const InvestigateGetResponseFinalDispositionBulk InvestigateGetResponseFinalDisposition = "BULK"` - `const InvestigateGetResponseFinalDispositionEncrypted InvestigateGetResponseFinalDisposition = "ENCRYPTED"` - `const InvestigateGetResponseFinalDispositionExternal InvestigateGetResponseFinalDisposition = "EXTERNAL"` - `const InvestigateGetResponseFinalDispositionUnknown InvestigateGetResponseFinalDisposition = "UNKNOWN"` - `const InvestigateGetResponseFinalDispositionNone InvestigateGetResponseFinalDisposition = "NONE"` - `Findings []InvestigateGetResponseFinding` - `Attachment string` - `Detail string` - `Detection InvestigateGetResponseFindingsDetection` - `const InvestigateGetResponseFindingsDetectionMalicious InvestigateGetResponseFindingsDetection = "MALICIOUS"` - `const InvestigateGetResponseFindingsDetectionMaliciousBec InvestigateGetResponseFindingsDetection = "MALICIOUS-BEC"` - `const InvestigateGetResponseFindingsDetectionSuspicious InvestigateGetResponseFindingsDetection = "SUSPICIOUS"` - `const InvestigateGetResponseFindingsDetectionSpoof InvestigateGetResponseFindingsDetection = "SPOOF"` - `const InvestigateGetResponseFindingsDetectionSpam InvestigateGetResponseFindingsDetection = "SPAM"` - `const InvestigateGetResponseFindingsDetectionBulk InvestigateGetResponseFindingsDetection = "BULK"` - `const InvestigateGetResponseFindingsDetectionEncrypted InvestigateGetResponseFindingsDetection = "ENCRYPTED"` - `const InvestigateGetResponseFindingsDetectionExternal InvestigateGetResponseFindingsDetection = "EXTERNAL"` - `const InvestigateGetResponseFindingsDetectionUnknown InvestigateGetResponseFindingsDetection = "UNKNOWN"` - `const InvestigateGetResponseFindingsDetectionNone InvestigateGetResponseFindingsDetection = "NONE"` - `Field string` - `Name string` - `Portion string` - `Reason string` - `Score float64` - `Value string` - `From string` - `FromName string` - `HtmltextStructureHash string` - `MessageID string` - `PostDeliveryOperations []InvestigateGetResponsePostDeliveryOperation` - `const InvestigateGetResponsePostDeliveryOperationPreview InvestigateGetResponsePostDeliveryOperation = "PREVIEW"` - `const InvestigateGetResponsePostDeliveryOperationQuarantineRelease InvestigateGetResponsePostDeliveryOperation = "QUARANTINE_RELEASE"` - `const InvestigateGetResponsePostDeliveryOperationSubmission InvestigateGetResponsePostDeliveryOperation = "SUBMISSION"` - `const InvestigateGetResponsePostDeliveryOperationMove InvestigateGetResponsePostDeliveryOperation = "MOVE"` - `PostfixIDOutbound string` - `Replyto string` - `ScannedAt Time` - `SentAt Time` - `SentDate string` Deprecated, use `sent_at` instead - `Subject string` - `ThreatCategories []string` - `To []string` - `ToName []string` - `Validation InvestigateGetResponseValidation` - `Comment string` - `DKIM InvestigateGetResponseValidationDKIM` - `const InvestigateGetResponseValidationDKIMPass InvestigateGetResponseValidationDKIM = "pass"` - `const InvestigateGetResponseValidationDKIMNeutral InvestigateGetResponseValidationDKIM = "neutral"` - `const InvestigateGetResponseValidationDKIMFail InvestigateGetResponseValidationDKIM = "fail"` - `const InvestigateGetResponseValidationDKIMError InvestigateGetResponseValidationDKIM = "error"` - `const InvestigateGetResponseValidationDKIMNone InvestigateGetResponseValidationDKIM = "none"` - `DMARC InvestigateGetResponseValidationDMARC` - `const InvestigateGetResponseValidationDMARCPass InvestigateGetResponseValidationDMARC = "pass"` - `const InvestigateGetResponseValidationDMARCNeutral InvestigateGetResponseValidationDMARC = "neutral"` - `const InvestigateGetResponseValidationDMARCFail InvestigateGetResponseValidationDMARC = "fail"` - `const InvestigateGetResponseValidationDMARCError InvestigateGetResponseValidationDMARC = "error"` - `const InvestigateGetResponseValidationDMARCNone InvestigateGetResponseValidationDMARC = "none"` - `SPF InvestigateGetResponseValidationSPF` - `const InvestigateGetResponseValidationSPFPass InvestigateGetResponseValidationSPF = "pass"` - `const InvestigateGetResponseValidationSPFNeutral InvestigateGetResponseValidationSPF = "neutral"` - `const InvestigateGetResponseValidationSPFFail InvestigateGetResponseValidationSPF = "fail"` - `const InvestigateGetResponseValidationSPFError InvestigateGetResponseValidationSPF = "error"` - `const InvestigateGetResponseValidationSPFNone InvestigateGetResponseValidationSPF = "none"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/email_security" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIKey("144c9defac04969c7bfad8efaa8ea194"), option.WithAPIEmail("user@example.com"), ) investigate, err := client.EmailSecurity.Investigate.Get( context.TODO(), "4Njp3P0STMz2c02Q", email_security.InvestigateGetParams{ AccountID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", investigate.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49-2a539d65", "action_log": [], "client_recipients": [ "email@example.com" ], "detection_reasons": [ "Selector is a source of spam/uce : Smtp-Helo-Server-Ip=127.0.0[dot]186" ], "is_phish_submission": false, "is_quarantined": false, "postfix_id": "47JJcT1w6GztQV7", "properties": { "allowlisted_pattern": "allowlisted_pattern", "allowlisted_pattern_type": "quarantine_release", "blocklisted_message": true, "blocklisted_pattern": "blocklisted_pattern", "whitelisted_pattern_type": "quarantine_release" }, "ts": "2019-11-20T23:22:01", "alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49", "delivery_mode": "DIRECT", "edf_hash": null, "envelope_from": "d1994@example.com", "envelope_to": [ "email@example.com" ], "final_disposition": "MALICIOUS", "findings": [ { "attachment": "attachment", "detail": "detail", "detection": "MALICIOUS", "field": "field", "name": "name", "portion": "portion", "reason": "reason", "score": 0, "value": "value" } ], "from": "d1994@example.com", "from_name": "Sender Name", "htmltext_structure_hash": null, "message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>", "post_delivery_operations": [ "PREVIEW" ], "postfix_id_outbound": null, "replyto": "email@example.com", "scanned_at": "2019-11-20T23:22:01Z", "sent_at": "2019-11-21T00:22:01Z", "sent_date": "2019-11-21T00:22:01", "subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place", "threat_categories": [ "IPReputation", "ASNReputation" ], "to": [ "email@example.com" ], "to_name": [ "Recipient Name" ], "validation": { "comment": null, "dkim": "pass", "dmarc": "none", "spf": "fail" } }, "success": true } ```