Skip to content
Cloudflare API
Start here
API Reference

Email Security

Email SecurityInvestigate

Search email messages
client.emailSecurity.investigate.list(InvestigateListParams { account_id, action_log, alert_id, 17 more } params, RequestOptionsoptions?): V4PagePaginationArray<InvestigateListResponse { id, action_log, client_recipients, 28 more } >
GET/accounts/{account_id}/email-security/investigate
Get message details
client.emailSecurity.investigate.get(stringpostfixId, InvestigateGetParams { account_id } params, RequestOptionsoptions?): InvestigateGetResponse { id, action_log, client_recipients, 28 more }
GET/accounts/{account_id}/email-security/investigate/{postfix_id}
ModelsExpand Collapse
InvestigateListResponse { id, action_log, client_recipients, 28 more }
id: string
action_log: unknown
client_recipients: Array<string>
detection_reasons: Array<string>
is_phish_submission: boolean
is_quarantined: boolean
postfix_id: string

The identifier of the message.

properties: Properties { allowlisted_pattern, allowlisted_pattern_type, blocklisted_message, 2 more }
allowlisted_pattern?: string
allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more
One of the following:
"quarantine_release"
"acceptable_sender"
"allowed_sender"
"allowed_recipient"
"domain_similarity"
"domain_recency"
"managed_acceptable_sender"
"outbound_ndr"
blocklisted_message?: boolean
blocklisted_pattern?: string
whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more
One of the following:
"quarantine_release"
"acceptable_sender"
"allowed_sender"
"allowed_recipient"
"domain_similarity"
"domain_recency"
"managed_acceptable_sender"
"outbound_ndr"
Deprecatedts: string

Deprecated, use scanned_at instead

alert_id?: string | null
delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more | null
One of the following:
"DIRECT"
"BCC"
"JOURNAL"
"REVIEW_SUBMISSION"
"DMARC_UNVERIFIED"
"DMARC_FAILURE_REPORT"
"DMARC_AGGREGATE_REPORT"
"THREAT_INTEL_SUBMISSION"
"SIMULATION_SUBMISSION"
"API"
"RETRO_SCAN"
edf_hash?: string | null
envelope_from?: string | null
envelope_to?: Array<string> | null
final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
findings?: Array<Finding> | null
attachment?: string | null
detail?: string | null
detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
field?: string | null
name?: string | null
portion?: string | null
reason?: string | null
score?: number | null
formatdouble
value?: string | null
from?: string | null
from_name?: string | null
htmltext_structure_hash?: string | null
message_id?: string | null
post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE">
One of the following:
"PREVIEW"
"QUARANTINE_RELEASE"
"SUBMISSION"
"MOVE"
postfix_id_outbound?: string | null
replyto?: string | null
scanned_at?: string
formatdate-time
sent_at?: string
formatdate-time
Deprecatedsent_date?: string | null

Deprecated, use sent_at instead

subject?: string | null
threat_categories?: Array<string> | null
to?: Array<string> | null
to_name?: Array<string> | null
validation?: Validation | null
comment?: string | null
dkim?: "pass" | "neutral" | "fail" | 2 more | null
One of the following:
"pass"
"neutral"
"fail"
"error"
"none"
dmarc?: "pass" | "neutral" | "fail" | 2 more | null
One of the following:
"pass"
"neutral"
"fail"
"error"
"none"
spf?: "pass" | "neutral" | "fail" | 2 more | null
One of the following:
"pass"
"neutral"
"fail"
"error"
"none"
InvestigateGetResponse { id, action_log, client_recipients, 28 more }
id: string
action_log: unknown
client_recipients: Array<string>
detection_reasons: Array<string>
is_phish_submission: boolean
is_quarantined: boolean
postfix_id: string

The identifier of the message.

properties: Properties { allowlisted_pattern, allowlisted_pattern_type, blocklisted_message, 2 more }
allowlisted_pattern?: string
allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more
One of the following:
"quarantine_release"
"acceptable_sender"
"allowed_sender"
"allowed_recipient"
"domain_similarity"
"domain_recency"
"managed_acceptable_sender"
"outbound_ndr"
blocklisted_message?: boolean
blocklisted_pattern?: string
whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more
One of the following:
"quarantine_release"
"acceptable_sender"
"allowed_sender"
"allowed_recipient"
"domain_similarity"
"domain_recency"
"managed_acceptable_sender"
"outbound_ndr"
Deprecatedts: string

Deprecated, use scanned_at instead

alert_id?: string | null
delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more | null
One of the following:
"DIRECT"
"BCC"
"JOURNAL"
"REVIEW_SUBMISSION"
"DMARC_UNVERIFIED"
"DMARC_FAILURE_REPORT"
"DMARC_AGGREGATE_REPORT"
"THREAT_INTEL_SUBMISSION"
"SIMULATION_SUBMISSION"
"API"
"RETRO_SCAN"
edf_hash?: string | null
envelope_from?: string | null
envelope_to?: Array<string> | null
final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
findings?: Array<Finding> | null
attachment?: string | null
detail?: string | null
detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
field?: string | null
name?: string | null
portion?: string | null
reason?: string | null
score?: number | null
formatdouble
value?: string | null
from?: string | null
from_name?: string | null
htmltext_structure_hash?: string | null
message_id?: string | null
post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE">
One of the following:
"PREVIEW"
"QUARANTINE_RELEASE"
"SUBMISSION"
"MOVE"
postfix_id_outbound?: string | null
replyto?: string | null
scanned_at?: string
formatdate-time
sent_at?: string
formatdate-time
Deprecatedsent_date?: string | null

Deprecated, use sent_at instead

subject?: string | null
threat_categories?: Array<string> | null
to?: Array<string> | null
to_name?: Array<string> | null
validation?: Validation | null
comment?: string | null
dkim?: "pass" | "neutral" | "fail" | 2 more | null
One of the following:
"pass"
"neutral"
"fail"
"error"
"none"
dmarc?: "pass" | "neutral" | "fail" | 2 more | null
One of the following:
"pass"
"neutral"
"fail"
"error"
"none"
spf?: "pass" | "neutral" | "fail" | 2 more | null
One of the following:
"pass"
"neutral"
"fail"
"error"
"none"

Email SecurityInvestigateDetections

Get message detection details
client.emailSecurity.investigate.detections.get(stringpostfixId, DetectionGetParams { account_id } params, RequestOptionsoptions?): DetectionGetResponse { action, attachments, headers, 5 more }
GET/accounts/{account_id}/email-security/investigate/{postfix_id}/detections
ModelsExpand Collapse
DetectionGetResponse { action, attachments, headers, 5 more }
action: string
attachments: Array<Attachment>
size: number
minimum0
content_type?: string | null
detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
encrypted?: boolean | null
name?: string | null
headers: Array<Header>
name: string
value: string
text?: string | null
sender_info: SenderInfo { as_name, as_number, geo, 2 more }
as_name?: string | null

The name of the autonomous system.

as_number?: number | null

The number of the autonomous system.

formatint64
geo?: string | null
ip?: string | null
pld?: string | null
threat_categories: Array<ThreatCategory>
id: number
formatint64
description?: string | null
name?: string | null
validation: Validation { comment, dkim, dmarc, spf }
comment?: string | null
dkim?: "pass" | "neutral" | "fail" | 2 more | null
One of the following:
"pass"
"neutral"
"fail"
"error"
"none"
dmarc?: "pass" | "neutral" | "fail" | 2 more | null
One of the following:
"pass"
"neutral"
"fail"
"error"
"none"
spf?: "pass" | "neutral" | "fail" | 2 more | null
One of the following:
"pass"
"neutral"
"fail"
"error"
"none"
final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"

Email SecurityInvestigatePreview

Get email preview
client.emailSecurity.investigate.preview.get(stringpostfixId, PreviewGetParams { account_id } params, RequestOptionsoptions?): PreviewGetResponse { screenshot }
GET/accounts/{account_id}/email-security/investigate/{postfix_id}/preview
Preview for non-detection messages
client.emailSecurity.investigate.preview.create(PreviewCreateParams { account_id, postfix_id } params, RequestOptionsoptions?): PreviewCreateResponse { screenshot }
POST/accounts/{account_id}/email-security/investigate/preview
ModelsExpand Collapse
PreviewGetResponse { screenshot }
screenshot: string

A base64 encoded PNG image of the email.

PreviewCreateResponse { screenshot }
screenshot: string

A base64 encoded PNG image of the email.

Email SecurityInvestigateRaw

Get raw email content
client.emailSecurity.investigate.raw.get(stringpostfixId, RawGetParams { account_id } params, RequestOptionsoptions?): RawGetResponse { raw }
GET/accounts/{account_id}/email-security/investigate/{postfix_id}/raw
ModelsExpand Collapse
RawGetResponse { raw }
raw: string

A UTF-8 encoded eml file of the email.

Email SecurityInvestigateTrace

Get email trace
client.emailSecurity.investigate.trace.get(stringpostfixId, TraceGetParams { account_id } params, RequestOptionsoptions?): TraceGetResponse { inbound, outbound }
GET/accounts/{account_id}/email-security/investigate/{postfix_id}/trace
ModelsExpand Collapse
TraceGetResponse { inbound, outbound }
inbound: Inbound { lines, pending }
lines?: Array<Line> | null
lineno: number
formatint64
message: string
ts: string
formatdate-time
pending?: boolean | null
outbound: Outbound { lines, pending }
lines?: Array<Line> | null
lineno: number
formatint64
message: string
ts: string
formatdate-time
pending?: boolean | null

Email SecurityInvestigateMove

Move a message
client.emailSecurity.investigate.move.create(stringpostfixId, MoveCreateParams { account_id, destination } params, RequestOptionsoptions?): SinglePage<MoveCreateResponse { completed_timestamp, item_count, success, 6 more } >
POST/accounts/{account_id}/email-security/investigate/{postfix_id}/move
Move multiple messages
client.emailSecurity.investigate.move.bulk(MoveBulkParams { account_id, destination, ids, postfix_ids } params, RequestOptionsoptions?): SinglePage<MoveBulkResponse { completed_timestamp, item_count, success, 6 more } >
POST/accounts/{account_id}/email-security/investigate/move
ModelsExpand Collapse
MoveCreateResponse { completed_timestamp, item_count, success, 6 more }
Deprecatedcompleted_timestamp: string

Deprecated, use completed_at instead

formatdate-time
Deprecateditem_count: number
formatint32
success: boolean
completed_at?: string
formatdate-time
destination?: string | null
message_id?: string | null
operation?: string | null
recipient?: string | null
status?: string | null
MoveBulkResponse { completed_timestamp, item_count, success, 6 more }
Deprecatedcompleted_timestamp: string

Deprecated, use completed_at instead

formatdate-time
Deprecateditem_count: number
formatint32
success: boolean
completed_at?: string
formatdate-time
destination?: string | null
message_id?: string | null
operation?: string | null
recipient?: string | null
status?: string | null

Email SecurityInvestigateReclassify

Change email classification
client.emailSecurity.investigate.reclassify.create(stringpostfixId, ReclassifyCreateParams { account_id, expected_disposition, eml_content, escalated_submission_id } params, RequestOptionsoptions?): ReclassifyCreateResponse
POST/accounts/{account_id}/email-security/investigate/{postfix_id}/reclassify
ModelsExpand Collapse
ReclassifyCreateResponse = unknown

Email SecurityInvestigateRelease

Release messages from quarantine
client.emailSecurity.investigate.release.bulk(ReleaseBulkParams { account_id, body } params, RequestOptionsoptions?): SinglePage<ReleaseBulkResponse { id, postfix_id, delivered, 2 more } >
POST/accounts/{account_id}/email-security/investigate/release
ModelsExpand Collapse
ReleaseBulkResponse { id, postfix_id, delivered, 2 more }
id: string
postfix_id: string

The identifier of the message.

delivered?: Array<string> | null
failed?: Array<string> | null
undelivered?: Array<string> | null

Email SecurityPhishguard

Email SecurityPhishguardReports

Get `PhishGuard` reports
client.emailSecurity.phishguard.reports.list(ReportListParams { account_id, end, from_date, 2 more } params, RequestOptionsoptions?): SinglePage<ReportListResponse { id, content, created_at, 7 more } >
GET/accounts/{account_id}/email-security/phishguard/reports
ModelsExpand Collapse
ReportListResponse { id, content, created_at, 7 more }
id: number
formatint32
content: string
created_at: string
formatdate-time
disposition: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
fields: Fields { to, ts, from, postfix_id }
to: Array<string>
ts: string
formatdate-time
from?: string | null
postfix_id?: string | null
priority: string
title: string
ts: string
formatdate-time
updated_at: string
formatdate-time
tags?: Array<Tag> | null
category: string
value: string

Email SecuritySettings

Email SecuritySettingsAllow Policies

List email allow policies
client.emailSecurity.settings.allowPolicies.list(AllowPolicyListParams { account_id, direction, is_acceptable_sender, 12 more } params, RequestOptionsoptions?): V4PagePaginationArray<AllowPolicyListResponse { id, created_at, is_acceptable_sender, 11 more } >
GET/accounts/{account_id}/email-security/settings/allow_policies
Get an email allow policy
client.emailSecurity.settings.allowPolicies.get(numberpolicyId, AllowPolicyGetParams { account_id } params, RequestOptionsoptions?): AllowPolicyGetResponse { id, created_at, is_acceptable_sender, 11 more }
GET/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}
Create an email allow policy
client.emailSecurity.settings.allowPolicies.create(AllowPolicyCreateParams { account_id, is_acceptable_sender, is_exempt_recipient, 9 more } params, RequestOptionsoptions?): AllowPolicyCreateResponse { id, created_at, is_acceptable_sender, 11 more }
POST/accounts/{account_id}/email-security/settings/allow_policies
Update an email allow policy
client.emailSecurity.settings.allowPolicies.edit(numberpolicyId, AllowPolicyEditParams { account_id, comments, is_acceptable_sender, 6 more } params, RequestOptionsoptions?): AllowPolicyEditResponse { id, created_at, is_acceptable_sender, 11 more }
PATCH/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}
Delete an email allow policy
client.emailSecurity.settings.allowPolicies.delete(numberpolicyId, AllowPolicyDeleteParams { account_id } params, RequestOptionsoptions?): AllowPolicyDeleteResponse { id }
DELETE/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}
ModelsExpand Collapse
AllowPolicyListResponse { id, created_at, is_acceptable_sender, 11 more }
id: number

The unique identifier for the allow policy.

formatint32
created_at: string
formatdate-time
is_acceptable_sender: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: boolean

Messages to this recipient will bypass all detections.

is_regex: boolean
is_trusted_sender: boolean

Messages from this sender will bypass all detections and link following.

last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"
One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
verify_sender: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

comments?: string | null
maxLength1024
Deprecatedis_recipient?: boolean
Deprecatedis_sender?: boolean
Deprecatedis_spoof?: boolean
AllowPolicyGetResponse { id, created_at, is_acceptable_sender, 11 more }
id: number

The unique identifier for the allow policy.

formatint32
created_at: string
formatdate-time
is_acceptable_sender: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: boolean

Messages to this recipient will bypass all detections.

is_regex: boolean
is_trusted_sender: boolean

Messages from this sender will bypass all detections and link following.

last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"
One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
verify_sender: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

comments?: string | null
maxLength1024
Deprecatedis_recipient?: boolean
Deprecatedis_sender?: boolean
Deprecatedis_spoof?: boolean
AllowPolicyCreateResponse { id, created_at, is_acceptable_sender, 11 more }
id: number

The unique identifier for the allow policy.

formatint32
created_at: string
formatdate-time
is_acceptable_sender: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: boolean

Messages to this recipient will bypass all detections.

is_regex: boolean
is_trusted_sender: boolean

Messages from this sender will bypass all detections and link following.

last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"
One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
verify_sender: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

comments?: string | null
maxLength1024
Deprecatedis_recipient?: boolean
Deprecatedis_sender?: boolean
Deprecatedis_spoof?: boolean
AllowPolicyEditResponse { id, created_at, is_acceptable_sender, 11 more }
id: number

The unique identifier for the allow policy.

formatint32
created_at: string
formatdate-time
is_acceptable_sender: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: boolean

Messages to this recipient will bypass all detections.

is_regex: boolean
is_trusted_sender: boolean

Messages from this sender will bypass all detections and link following.

last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"
One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
verify_sender: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

comments?: string | null
maxLength1024
Deprecatedis_recipient?: boolean
Deprecatedis_sender?: boolean
Deprecatedis_spoof?: boolean
AllowPolicyDeleteResponse { id }
id: number

The unique identifier for the allow policy.

formatint32

Email SecuritySettingsBlock Senders

List blocked email senders
client.emailSecurity.settings.blockSenders.list(BlockSenderListParams { account_id, direction, order, 5 more } params, RequestOptionsoptions?): V4PagePaginationArray<BlockSenderListResponse { id, created_at, is_regex, 4 more } >
GET/accounts/{account_id}/email-security/settings/block_senders
Get a blocked email sender
client.emailSecurity.settings.blockSenders.get(numberpatternId, BlockSenderGetParams { account_id } params, RequestOptionsoptions?): BlockSenderGetResponse { id, created_at, is_regex, 4 more }
GET/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}
Create a blocked email sender
client.emailSecurity.settings.blockSenders.create(BlockSenderCreateParams { account_id, is_regex, pattern, 2 more } params, RequestOptionsoptions?): BlockSenderCreateResponse { id, created_at, is_regex, 4 more }
POST/accounts/{account_id}/email-security/settings/block_senders
Update a blocked email sender
client.emailSecurity.settings.blockSenders.edit(numberpatternId, BlockSenderEditParams { account_id, comments, is_regex, 2 more } params, RequestOptionsoptions?): BlockSenderEditResponse { id, created_at, is_regex, 4 more }
PATCH/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}
Delete a blocked email sender
client.emailSecurity.settings.blockSenders.delete(numberpatternId, BlockSenderDeleteParams { account_id } params, RequestOptionsoptions?): BlockSenderDeleteResponse { id }
DELETE/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}
ModelsExpand Collapse
BlockSenderListResponse { id, created_at, is_regex, 4 more }
id: number

The unique identifier for the allow policy.

formatint32
created_at: string
formatdate-time
is_regex: boolean
last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"
One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
comments?: string | null
maxLength1024
BlockSenderGetResponse { id, created_at, is_regex, 4 more }
id: number

The unique identifier for the allow policy.

formatint32
created_at: string
formatdate-time
is_regex: boolean
last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"
One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
comments?: string | null
maxLength1024
BlockSenderCreateResponse { id, created_at, is_regex, 4 more }
id: number

The unique identifier for the allow policy.

formatint32
created_at: string
formatdate-time
is_regex: boolean
last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"
One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
comments?: string | null
maxLength1024
BlockSenderEditResponse { id, created_at, is_regex, 4 more }
id: number

The unique identifier for the allow policy.

formatint32
created_at: string
formatdate-time
is_regex: boolean
last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
pattern_type: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"
One of the following:
"EMAIL"
"DOMAIN"
"IP"
"UNKNOWN"
comments?: string | null
maxLength1024
BlockSenderDeleteResponse { id }
id: number

The unique identifier for the allow policy.

formatint32

Email SecuritySettingsDomains

List protected email domains
client.emailSecurity.settings.domains.list(DomainListParams { account_id, active_delivery_mode, allowed_delivery_mode, 7 more } params, RequestOptionsoptions?): V4PagePaginationArray<DomainListResponse { id, allowed_delivery_modes, created_at, 17 more } >
GET/accounts/{account_id}/email-security/settings/domains
Get an email domain
client.emailSecurity.settings.domains.get(numberdomainId, DomainGetParams { account_id } params, RequestOptionsoptions?): DomainGetResponse { id, allowed_delivery_modes, created_at, 17 more }
GET/accounts/{account_id}/email-security/settings/domains/{domain_id}
Update an email domain
client.emailSecurity.settings.domains.edit(numberdomainId, DomainEditParams { account_id, ip_restrictions, allowed_delivery_modes, 9 more } params, RequestOptionsoptions?): DomainEditResponse { id, allowed_delivery_modes, created_at, 17 more }
PATCH/accounts/{account_id}/email-security/settings/domains/{domain_id}
Unprotect an email domain
client.emailSecurity.settings.domains.delete(numberdomainId, DomainDeleteParams { account_id } params, RequestOptionsoptions?): DomainDeleteResponse { id }
DELETE/accounts/{account_id}/email-security/settings/domains/{domain_id}
Unprotect multiple email domains
client.emailSecurity.settings.domains.bulkDelete(DomainBulkDeleteParams { account_id } params, RequestOptionsoptions?): SinglePage<DomainBulkDeleteResponse { id } >
DELETE/accounts/{account_id}/email-security/settings/domains
ModelsExpand Collapse
DomainListResponse { id, allowed_delivery_modes, created_at, 17 more }
id: number

The unique identifier for the domain.

formatint32
allowed_delivery_modes: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>
One of the following:
"DIRECT"
"BCC"
"JOURNAL"
"API"
"RETRO_SCAN"
created_at: string
formatdate-time
domain: string
drop_dispositions: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
ip_restrictions: Array<string>
last_modified: string
formatdate-time
lookback_hops: number
formatint32
regions: Array<"GLOBAL" | "AU" | "DE" | 2 more>
One of the following:
"GLOBAL"
"AU"
"DE"
"IN"
"US"
transport: string
authorization?: Authorization | null
authorized: boolean
timestamp: string
formatdate-time
status_message?: string | null
dmarc_status?: "none" | "good" | "invalid" | null
One of the following:
"none"
"good"
"invalid"
emails_processed?: EmailsProcessed | null
timestamp: string
formatdate-time
total_emails_processed: number
formatint32
minimum0
total_emails_processed_previous: number
formatint32
minimum0
folder?: "AllItems" | "Inbox" | null
One of the following:
"AllItems"
"Inbox"
inbox_provider?: "Microsoft" | "Google" | null
One of the following:
"Microsoft"
"Google"
integration_id?: string | null
formatuuid
o365_tenant_id?: string | null
require_tls_inbound?: boolean | null
require_tls_outbound?: boolean | null
spf_status?: "none" | "good" | "neutral" | 2 more | null
One of the following:
"none"
"good"
"neutral"
"open"
"invalid"
DomainGetResponse { id, allowed_delivery_modes, created_at, 17 more }
id: number

The unique identifier for the domain.

formatint32
allowed_delivery_modes: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>
One of the following:
"DIRECT"
"BCC"
"JOURNAL"
"API"
"RETRO_SCAN"
created_at: string
formatdate-time
domain: string
drop_dispositions: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
ip_restrictions: Array<string>
last_modified: string
formatdate-time
lookback_hops: number
formatint32
regions: Array<"GLOBAL" | "AU" | "DE" | 2 more>
One of the following:
"GLOBAL"
"AU"
"DE"
"IN"
"US"
transport: string
authorization?: Authorization | null
authorized: boolean
timestamp: string
formatdate-time
status_message?: string | null
dmarc_status?: "none" | "good" | "invalid" | null
One of the following:
"none"
"good"
"invalid"
emails_processed?: EmailsProcessed | null
timestamp: string
formatdate-time
total_emails_processed: number
formatint32
minimum0
total_emails_processed_previous: number
formatint32
minimum0
folder?: "AllItems" | "Inbox" | null
One of the following:
"AllItems"
"Inbox"
inbox_provider?: "Microsoft" | "Google" | null
One of the following:
"Microsoft"
"Google"
integration_id?: string | null
formatuuid
o365_tenant_id?: string | null
require_tls_inbound?: boolean | null
require_tls_outbound?: boolean | null
spf_status?: "none" | "good" | "neutral" | 2 more | null
One of the following:
"none"
"good"
"neutral"
"open"
"invalid"
DomainEditResponse { id, allowed_delivery_modes, created_at, 17 more }
id: number

The unique identifier for the domain.

formatint32
allowed_delivery_modes: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>
One of the following:
"DIRECT"
"BCC"
"JOURNAL"
"API"
"RETRO_SCAN"
created_at: string
formatdate-time
domain: string
drop_dispositions: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
ip_restrictions: Array<string>
last_modified: string
formatdate-time
lookback_hops: number
formatint32
regions: Array<"GLOBAL" | "AU" | "DE" | 2 more>
One of the following:
"GLOBAL"
"AU"
"DE"
"IN"
"US"
transport: string
authorization?: Authorization | null
authorized: boolean
timestamp: string
formatdate-time
status_message?: string | null
dmarc_status?: "none" | "good" | "invalid" | null
One of the following:
"none"
"good"
"invalid"
emails_processed?: EmailsProcessed | null
timestamp: string
formatdate-time
total_emails_processed: number
formatint32
minimum0
total_emails_processed_previous: number
formatint32
minimum0
folder?: "AllItems" | "Inbox" | null
One of the following:
"AllItems"
"Inbox"
inbox_provider?: "Microsoft" | "Google" | null
One of the following:
"Microsoft"
"Google"
integration_id?: string | null
formatuuid
o365_tenant_id?: string | null
require_tls_inbound?: boolean | null
require_tls_outbound?: boolean | null
spf_status?: "none" | "good" | "neutral" | 2 more | null
One of the following:
"none"
"good"
"neutral"
"open"
"invalid"
DomainDeleteResponse { id }
id: number

The unique identifier for the domain.

formatint32
DomainBulkDeleteResponse { id }
id: number

The unique identifier for the domain.

formatint32

Email SecuritySettingsImpersonation Registry

List entries in impersonation registry
client.emailSecurity.settings.impersonationRegistry.list(ImpersonationRegistryListParams { account_id, direction, order, 4 more } params, RequestOptionsoptions?): V4PagePaginationArray<ImpersonationRegistryListResponse { id, created_at, email, 8 more } >
GET/accounts/{account_id}/email-security/settings/impersonation_registry
Get an entry in impersonation registry
client.emailSecurity.settings.impersonationRegistry.get(numberdisplayNameId, ImpersonationRegistryGetParams { account_id } params, RequestOptionsoptions?): ImpersonationRegistryGetResponse { id, created_at, email, 8 more }
GET/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}
Create an entry in impersonation registry
client.emailSecurity.settings.impersonationRegistry.create(ImpersonationRegistryCreateParams { account_id, email, is_email_regex, name } params, RequestOptionsoptions?): ImpersonationRegistryCreateResponse { id, created_at, email, 8 more }
POST/accounts/{account_id}/email-security/settings/impersonation_registry
Update an entry in impersonation registry
client.emailSecurity.settings.impersonationRegistry.edit(numberdisplayNameId, ImpersonationRegistryEditParams { account_id, email, is_email_regex, name } params, RequestOptionsoptions?): ImpersonationRegistryEditResponse { id, created_at, email, 8 more }
PATCH/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}
Delete an entry from impersonation registry
client.emailSecurity.settings.impersonationRegistry.delete(numberdisplayNameId, ImpersonationRegistryDeleteParams { account_id } params, RequestOptionsoptions?): ImpersonationRegistryDeleteResponse { id }
DELETE/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}
ModelsExpand Collapse
ImpersonationRegistryListResponse { id, created_at, email, 8 more }
id: number
formatint32
created_at: string
formatdate-time
email: string
is_email_regex: boolean
last_modified: string
formatdate-time
name: string
maxLength1024
comments?: string | null
directory_id?: number | null
formatint64
directory_node_id?: number | null
formatint64
Deprecatedexternal_directory_node_id?: string | null
provenance?: string | null
ImpersonationRegistryGetResponse { id, created_at, email, 8 more }
id: number
formatint32
created_at: string
formatdate-time
email: string
is_email_regex: boolean
last_modified: string
formatdate-time
name: string
maxLength1024
comments?: string | null
directory_id?: number | null
formatint64
directory_node_id?: number | null
formatint64
Deprecatedexternal_directory_node_id?: string | null
provenance?: string | null
ImpersonationRegistryCreateResponse { id, created_at, email, 8 more }
id: number
formatint32
created_at: string
formatdate-time
email: string
is_email_regex: boolean
last_modified: string
formatdate-time
name: string
maxLength1024
comments?: string | null
directory_id?: number | null
formatint64
directory_node_id?: number | null
formatint64
Deprecatedexternal_directory_node_id?: string | null
provenance?: string | null
ImpersonationRegistryEditResponse { id, created_at, email, 8 more }
id: number
formatint32
created_at: string
formatdate-time
email: string
is_email_regex: boolean
last_modified: string
formatdate-time
name: string
maxLength1024
comments?: string | null
directory_id?: number | null
formatint64
directory_node_id?: number | null
formatint64
Deprecatedexternal_directory_node_id?: string | null
provenance?: string | null
ImpersonationRegistryDeleteResponse { id }
id: number
formatint32

Email SecuritySettingsTrusted Domains

List trusted email domains
client.emailSecurity.settings.trustedDomains.list(TrustedDomainListParams { account_id, direction, is_recent, 6 more } params, RequestOptionsoptions?): V4PagePaginationArray<TrustedDomainListResponse { id, created_at, is_recent, 5 more } >
GET/accounts/{account_id}/email-security/settings/trusted_domains
Get a trusted email domain
client.emailSecurity.settings.trustedDomains.get(numbertrustedDomainId, TrustedDomainGetParams { account_id } params, RequestOptionsoptions?): TrustedDomainGetResponse { id, created_at, is_recent, 5 more }
GET/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}
Create a trusted email domain
client.emailSecurity.settings.trustedDomains.create(TrustedDomainCreateParamsparams, RequestOptionsoptions?): TrustedDomainCreateResponse
POST/accounts/{account_id}/email-security/settings/trusted_domains
Update a trusted email domain
client.emailSecurity.settings.trustedDomains.edit(numbertrustedDomainId, TrustedDomainEditParams { account_id, comments, is_recent, 3 more } params, RequestOptionsoptions?): TrustedDomainEditResponse { id, created_at, is_recent, 5 more }
PATCH/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}
Delete a trusted email domain
client.emailSecurity.settings.trustedDomains.delete(numbertrustedDomainId, TrustedDomainDeleteParams { account_id } params, RequestOptionsoptions?): TrustedDomainDeleteResponse { id }
DELETE/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}
ModelsExpand Collapse
TrustedDomainListResponse { id, created_at, is_recent, 5 more }
id: number

The unique identifier for the trusted domain.

formatint32
created_at: string
formatdate-time
is_recent: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex: boolean
is_similarity: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
comments?: string | null
maxLength1024
TrustedDomainGetResponse { id, created_at, is_recent, 5 more }
id: number

The unique identifier for the trusted domain.

formatint32
created_at: string
formatdate-time
is_recent: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex: boolean
is_similarity: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
comments?: string | null
maxLength1024
TrustedDomainCreateResponse = EmailSecurityTrustedDomain { id, created_at, is_recent, 5 more } | Array<UnionMember1>
One of the following:
EmailSecurityTrustedDomain { id, created_at, is_recent, 5 more }
id: number

The unique identifier for the trusted domain.

formatint32
created_at: string
formatdate-time
is_recent: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex: boolean
is_similarity: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
comments?: string | null
maxLength1024
Array<UnionMember1>
id: number

The unique identifier for the trusted domain.

formatint32
created_at: string
formatdate-time
is_recent: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex: boolean
is_similarity: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
comments?: string | null
maxLength1024
TrustedDomainEditResponse { id, created_at, is_recent, 5 more }
id: number

The unique identifier for the trusted domain.

formatint32
created_at: string
formatdate-time
is_recent: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex: boolean
is_similarity: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

last_modified: string
formatdate-time
pattern: string
maxLength1024
minLength1
comments?: string | null
maxLength1024
TrustedDomainDeleteResponse { id }
id: number

The unique identifier for the trusted domain.

formatint32

Email SecuritySubmissions

Get reclassify submissions
client.emailSecurity.submissions.list(SubmissionListParams { account_id, customer_status, end, 10 more } params, RequestOptionsoptions?): V4PagePaginationArray<SubmissionListResponse { requested_ts, submission_id, customer_status, 15 more } >
GET/accounts/{account_id}/email-security/submissions
ModelsExpand Collapse
SubmissionListResponse { requested_ts, submission_id, customer_status, 15 more }
Deprecatedrequested_ts: string

deprecated as of 2026-04-01, use requested_at instead.

formatdate-time
submission_id: string
customer_status?: "escalated" | "reviewed" | "unreviewed" | null
One of the following:
"escalated"
"reviewed"
"unreviewed"
escalated_as?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
escalated_at?: string | null
formatdate-time
escalated_by?: string | null
escalated_submission_id?: string | null
original_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
original_edf_hash?: string | null
original_postfix_id?: string | null
outcome?: string | null
outcome_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
requested_at?: string | null
formatdate-time
requested_by?: string | null
requested_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null
One of the following:
"MALICIOUS"
"MALICIOUS-BEC"
"SUSPICIOUS"
"SPOOF"
"SPAM"
"BULK"
"ENCRYPTED"
"EXTERNAL"
"UNKNOWN"
"NONE"
status?: string | null
subject?: string | null
type?: string | null