API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Email Security

Email SecurityInvestigate

Search email messages

client.emailSecurity.investigate.list(InvestigateListParams { account_id, action_log, alert_id, 15 more } params, RequestOptionsoptions?): V4PagePaginationArray<InvestigateListResponse { id, action_log, client_recipients, 29 more } >

GET/accounts/{account_id}/email-security/investigate

Get message details

client.emailSecurity.investigate.get(stringinvestigateId, InvestigateGetParams { account_id, submission } params, RequestOptionsoptions?): InvestigateGetResponse { id, action_log, client_recipients, 29 more }

GET/accounts/{account_id}/email-security/investigate/{investigate_id}

ModelsExpand Collapse

InvestigateListResponse { id, action_log, client_recipients, 29 more }

id: string

Unique identifier for a message retrieved from investigation

Deprecatedaction_log: Array<ActionLog>

Deprecated, use GET /investigate/{investigate_id}/action_log instead. End of life: November 1, 2026.

completed_at: string

Timestamp when action completed

formatdate-time

operation: "MOVE" | "RELEASE" | "RECLASSIFY" | 3 more

Type of action performed

One of the following:

"MOVE"

"RELEASE"

"RECLASSIFY"

"SUBMISSION"

"QUARANTINE_RELEASE"

"PREVIEW"

Deprecatedcompleted_timestamp?: string

Deprecated, use completed_at instead. End of life: November 1, 2026.

properties?: Properties { folder, requested_by }

Additional properties for the action

folder?: string

Target folder for move operations

requested_by?: string

User who requested the action

status?: string | null

Status of the action

client_recipients: Array<string>

detection_reasons: Array<string>

is_phish_submission: boolean

is_quarantined: boolean

postfix_id: string

The identifier of the message

properties: Properties { allowlisted_pattern, allowlisted_pattern_type, blocklisted_message, 2 more }

Message processing properties

allowlisted_pattern?: string | null

Pattern that allowlisted this message

allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null

Type of allowlist pattern

One of the following:

"quarantine_release"

"acceptable_sender"

"allowed_sender"

"allowed_recipient"

"domain_similarity"

"domain_recency"

"managed_acceptable_sender"

"outbound_ndr"

blocklisted_message?: boolean | null

Whether message was blocklisted

blocklisted_pattern?: string | null

Pattern that blocklisted this message

whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null

Legacy field for allowlist pattern type

One of the following:

"quarantine_release"

"acceptable_sender"

"allowed_sender"

"allowed_recipient"

"domain_similarity"

"domain_recency"

"managed_acceptable_sender"

"outbound_ndr"

Deprecatedts: string

Deprecated, use scanned_at instead. End of life: November 1, 2026.

alert_id?: string | null

delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more

One of the following:

"DIRECT"

"BCC"

"JOURNAL"

"REVIEW_SUBMISSION"

"DMARC_UNVERIFIED"

"DMARC_FAILURE_REPORT"

"DMARC_AGGREGATE_REPORT"

"THREAT_INTEL_SUBMISSION"

"SIMULATION_SUBMISSION"

"API"

"RETRO_SCAN"

delivery_status?: Array<"delivered" | "moved" | "quarantined" | 4 more> | null

One of the following:

"delivered"

"moved"

"quarantined"

"rejected"

"deferred"

"bounced"

"queued"

edf_hash?: string | null

envelope_from?: string | null

envelope_to?: Array<string> | null

final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

Deprecatedfindings?: Array<Finding> | null

Deprecated, use the findings field from GET /investigate/{investigate_id}/detections instead. End of life: November 1, 2026. Detection findings for this message.

attachment?: string | null

detail?: string | null

detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

field?: string | null

name?: string | null

portion?: string | null

reason?: string | null

score?: number | null

formatdouble

value?: string | null

from?: string | null

from_name?: string | null

htmltext_structure_hash?: string | null

message_id?: string | null

post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE"> | null

Post-delivery operations performed on this message

One of the following:

"PREVIEW"

"QUARANTINE_RELEASE"

"SUBMISSION"

"MOVE"

postfix_id_outbound?: string | null

replyto?: string | null

scanned_at?: string | null

When the message was scanned (UTC)

formatdate-time

sent_at?: string | null

When the message was sent (UTC)

formatdate-time

sent_date?: string | null

subject?: string | null

threat_categories?: Array<string> | null

to?: Array<string> | null

to_name?: Array<string> | null

validation?: Validation { comment, dkim, dmarc, spf }

comment?: string | null

dkim?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

dmarc?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

spf?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

InvestigateGetResponse { id, action_log, client_recipients, 29 more }

id: string

Unique identifier for a message retrieved from investigation

Deprecatedaction_log: Array<ActionLog>

Deprecated, use GET /investigate/{investigate_id}/action_log instead. End of life: November 1, 2026.

completed_at: string

Timestamp when action completed

formatdate-time

operation: "MOVE" | "RELEASE" | "RECLASSIFY" | 3 more

Type of action performed

One of the following:

"MOVE"

"RELEASE"

"RECLASSIFY"

"SUBMISSION"

"QUARANTINE_RELEASE"

"PREVIEW"

Deprecatedcompleted_timestamp?: string

Deprecated, use completed_at instead. End of life: November 1, 2026.

properties?: Properties { folder, requested_by }

Additional properties for the action

folder?: string

Target folder for move operations

requested_by?: string

User who requested the action

status?: string | null

Status of the action

client_recipients: Array<string>

detection_reasons: Array<string>

is_phish_submission: boolean

is_quarantined: boolean

postfix_id: string

The identifier of the message

properties: Properties { allowlisted_pattern, allowlisted_pattern_type, blocklisted_message, 2 more }

Message processing properties

allowlisted_pattern?: string | null

Pattern that allowlisted this message

allowlisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null

Type of allowlist pattern

One of the following:

"quarantine_release"

"acceptable_sender"

"allowed_sender"

"allowed_recipient"

"domain_similarity"

"domain_recency"

"managed_acceptable_sender"

"outbound_ndr"

blocklisted_message?: boolean | null

Whether message was blocklisted

blocklisted_pattern?: string | null

Pattern that blocklisted this message

whitelisted_pattern_type?: "quarantine_release" | "acceptable_sender" | "allowed_sender" | 5 more | null

Legacy field for allowlist pattern type

One of the following:

"quarantine_release"

"acceptable_sender"

"allowed_sender"

"allowed_recipient"

"domain_similarity"

"domain_recency"

"managed_acceptable_sender"

"outbound_ndr"

Deprecatedts: string

Deprecated, use scanned_at instead. End of life: November 1, 2026.

alert_id?: string | null

delivery_mode?: "DIRECT" | "BCC" | "JOURNAL" | 8 more

One of the following:

"DIRECT"

"BCC"

"JOURNAL"

"REVIEW_SUBMISSION"

"DMARC_UNVERIFIED"

"DMARC_FAILURE_REPORT"

"DMARC_AGGREGATE_REPORT"

"THREAT_INTEL_SUBMISSION"

"SIMULATION_SUBMISSION"

"API"

"RETRO_SCAN"

delivery_status?: Array<"delivered" | "moved" | "quarantined" | 4 more> | null

One of the following:

"delivered"

"moved"

"quarantined"

"rejected"

"deferred"

"bounced"

"queued"

edf_hash?: string | null

envelope_from?: string | null

envelope_to?: Array<string> | null

final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

Deprecatedfindings?: Array<Finding> | null

Deprecated, use the findings field from GET /investigate/{investigate_id}/detections instead. End of life: November 1, 2026. Detection findings for this message.

attachment?: string | null

detail?: string | null

detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

field?: string | null

name?: string | null

portion?: string | null

reason?: string | null

score?: number | null

formatdouble

value?: string | null

from?: string | null

from_name?: string | null

htmltext_structure_hash?: string | null

message_id?: string | null

post_delivery_operations?: Array<"PREVIEW" | "QUARANTINE_RELEASE" | "SUBMISSION" | "MOVE"> | null

Post-delivery operations performed on this message

One of the following:

"PREVIEW"

"QUARANTINE_RELEASE"

"SUBMISSION"

"MOVE"

postfix_id_outbound?: string | null

replyto?: string | null

scanned_at?: string | null

When the message was scanned (UTC)

formatdate-time

sent_at?: string | null

When the message was sent (UTC)

formatdate-time

sent_date?: string | null

subject?: string | null

threat_categories?: Array<string> | null

to?: Array<string> | null

to_name?: Array<string> | null

validation?: Validation { comment, dkim, dmarc, spf }

comment?: string | null

dkim?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

dmarc?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

spf?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

Email SecurityInvestigateDetections

Get message detection details

client.emailSecurity.investigate.detections.get(stringinvestigateId, DetectionGetParams { account_id } params, RequestOptionsoptions?): DetectionGetResponse { action, attachments, findings, 6 more }

GET/accounts/{account_id}/email-security/investigate/{investigate_id}/detections

ModelsExpand Collapse

DetectionGetResponse { action, attachments, findings, 6 more }

action: string

attachments: Array<Attachment>

size: number

Size of the attachment in bytes

minimum0

content_type?: string | null

MIME type of the attachment

detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more | null

Detection result for this attachment

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

encrypted?: boolean | null

Whether the attachment is encrypted

filename?: string | null

Name of the attached file

md5?: string | null

MD5 hash of the attachment

name?: string | null

Attachment name (alternative to filename)

sha1?: string | null

SHA1 hash of the attachment

sha256?: string | null

SHA256 hash of the attachment

findings: Array<Finding> | null

attachment?: string | null

detail?: string | null

detection?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

field?: string | null

name?: string | null

portion?: string | null

reason?: string | null

score?: number | null

formatdouble

value?: string | null

headers: Array<Header>

name: string

value: string

links: Array<Link>

href: string

text?: string | null

sender_info: SenderInfo { as_name, as_number, geo, 2 more }

as_name?: string | null

The name of the autonomous system.

as_number?: number | null

The number of the autonomous system.

geo?: string | null

ip?: string | null

pld?: string | null

threat_categories: Array<ThreatCategory>

id?: number

description?: string | null

name?: string | null

validation: Validation { comment, dkim, dmarc, spf }

comment?: string | null

dkim?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

dmarc?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

spf?: "pass" | "neutral" | "fail" | 2 more

One of the following:

"pass"

"neutral"

"fail"

"error"

"none"

final_disposition?: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

Email SecurityInvestigatePreview

Get email preview

client.emailSecurity.investigate.preview.get(stringinvestigateId, PreviewGetParams { account_id } params, RequestOptionsoptions?): PreviewGetResponse { screenshot }

GET/accounts/{account_id}/email-security/investigate/{investigate_id}/preview

Preview for non-detection messages

client.emailSecurity.investigate.preview.create(PreviewCreateParams { account_id, postfix_id } params, RequestOptionsoptions?): PreviewCreateResponse { screenshot }

POST/accounts/{account_id}/email-security/investigate/preview

ModelsExpand Collapse

PreviewGetResponse { screenshot }

screenshot: string

A base64 encoded PNG image of the email.

PreviewCreateResponse { screenshot }

screenshot: string

A base64 encoded PNG image of the email.

Email SecurityInvestigateRaw

Get raw email content

client.emailSecurity.investigate.raw.get(stringinvestigateId, RawGetParams { account_id } params, RequestOptionsoptions?): RawGetResponse { raw }

GET/accounts/{account_id}/email-security/investigate/{investigate_id}/raw

ModelsExpand Collapse

RawGetResponse { raw }

raw: string

A UTF-8 encoded eml file of the email.

Email SecurityInvestigateTrace

Get email trace

client.emailSecurity.investigate.trace.get(stringinvestigateId, TraceGetParams { account_id } params, RequestOptionsoptions?): TraceGetResponse { inbound, outbound }

GET/accounts/{account_id}/email-security/investigate/{investigate_id}/trace

ModelsExpand Collapse

TraceGetResponse { inbound, outbound }

inbound: Inbound { lines, pending }

lines?: Array<Line> | null

lineno?: number

Line number in the trace log

logged_at?: string | null

formatdate-time

message?: string

Deprecatedts?: string

Deprecated, use logged_at instead. End of life: November 1, 2026.

pending?: boolean | null

outbound: Outbound { lines, pending }

lines?: Array<Line> | null

lineno?: number

Line number in the trace log

logged_at?: string | null

formatdate-time

message?: string

Deprecatedts?: string

Deprecated, use logged_at instead. End of life: November 1, 2026.

pending?: boolean | null

Email SecurityInvestigateMove

Move a message

client.emailSecurity.investigate.move.create(stringinvestigateId, MoveCreateParams { account_id, destination } params, RequestOptionsoptions?): SinglePage<MoveCreateResponse { success, completed_at, completed_timestamp, 6 more } >

POST/accounts/{account_id}/email-security/investigate/{investigate_id}/move

Move multiple messages

client.emailSecurity.investigate.move.bulk(MoveBulkParams { account_id, destination, ids, postfix_ids } params, RequestOptionsoptions?): SinglePage<MoveBulkResponse { success, completed_at, completed_timestamp, 6 more } >

POST/accounts/{account_id}/email-security/investigate/move

ModelsExpand Collapse

MoveCreateResponse { success, completed_at, completed_timestamp, 6 more }

success: boolean

Whether the operation succeeded

completed_at?: string | null

When the move operation completed (UTC)

formatdate-time

Deprecatedcompleted_timestamp?: string

Deprecated, use completed_at instead. End of life: November 1, 2026.

formatdate-time

destination?: string | null

Destination folder for the message

Deprecateditem_count?: number

Number of items moved. End of life: November 1, 2026.

message_id?: string | null

Message identifier

operation?: string | null

Type of operation performed

recipient?: string | null

Recipient email address

status?: string | null

Operation status

MoveBulkResponse { success, completed_at, completed_timestamp, 6 more }

success: boolean

Whether the operation succeeded

completed_at?: string | null

When the move operation completed (UTC)

formatdate-time

Deprecatedcompleted_timestamp?: string

Deprecated, use completed_at instead. End of life: November 1, 2026.

formatdate-time

destination?: string | null

Destination folder for the message

Deprecateditem_count?: number

Number of items moved. End of life: November 1, 2026.

message_id?: string | null

Message identifier

operation?: string | null

Type of operation performed

recipient?: string | null

Recipient email address

status?: string | null

Operation status

Email SecurityInvestigateReclassify

Change email classification

client.emailSecurity.investigate.reclassify.create(stringinvestigateId, ReclassifyCreateParams { account_id, expected_disposition, eml_content, escalated_submission_id } params, RequestOptionsoptions?): ReclassifyCreateResponse

POST/accounts/{account_id}/email-security/investigate/{investigate_id}/reclassify

ModelsExpand Collapse

ReclassifyCreateResponse = unknown

Email SecurityInvestigateRelease

Release messages from quarantine

client.emailSecurity.investigate.release.bulk(ReleaseBulkParams { account_id, body } params, RequestOptionsoptions?): SinglePage<ReleaseBulkResponse { id, delivered, failed, 2 more } >

POST/accounts/{account_id}/email-security/investigate/release

ModelsExpand Collapse

ReleaseBulkResponse { id, delivered, failed, 2 more }

id: string

Unique identifier for a message retrieved from investigation

delivered?: Array<string> | null

failed?: Array<string> | null

Deprecatedpostfix_id?: string

Deprecated, use id instead. End of life: November 1, 2026.

undelivered?: Array<string> | null

Email SecurityPhishguard

Email SecurityPhishguardReports

Get PhishGuard reports

client.emailSecurity.phishguard.reports.list(ReportListParams { account_id, end, from_date, 2 more } params, RequestOptionsoptions?): SinglePage<ReportListResponse { id, content, disposition, 7 more } >

GET/accounts/{account_id}/email-security/phishguard/reports

ModelsExpand Collapse

ReportListResponse { id, content, disposition, 7 more }

id: number

content: string

disposition: "MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

fields: Fields { to, from, occurred_at, 2 more }

to: Array<string>

from?: string | null

occurred_at?: string

formatdate-time

postfix_id?: string | null

Deprecatedts?: string

Deprecated, use occurred_at instead

formatdate-time

priority: string

title: string

created_at?: string | null

formatdate-time

tags?: Array<Tag> | null

category: string

value: string

Deprecatedts?: string

Deprecated, use created_at instead

formatdate-time

updated_at?: string | null

formatdate-time

Email SecuritySettings

Email SecuritySettingsAllow Policies

List email allow policies

client.emailSecurity.settings.allowPolicies.list(AllowPolicyListParams { account_id, direction, is_acceptable_sender, 9 more } params, RequestOptionsoptions?): V4PagePaginationArray<AllowPolicyListResponse { id, created_at, last_modified, 12 more } >

GET/accounts/{account_id}/email-security/settings/allow_policies

Get an email allow policy

client.emailSecurity.settings.allowPolicies.get(stringpolicyId, AllowPolicyGetParams { account_id } params, RequestOptionsoptions?): AllowPolicyGetResponse { id, created_at, last_modified, 12 more }

GET/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Create email allow policy

client.emailSecurity.settings.allowPolicies.create(AllowPolicyCreateParams { account_id, is_acceptable_sender, is_exempt_recipient, 9 more } params, RequestOptionsoptions?): AllowPolicyCreateResponse { id, created_at, last_modified, 12 more }

POST/accounts/{account_id}/email-security/settings/allow_policies

Update an email allow policy

client.emailSecurity.settings.allowPolicies.edit(stringpolicyId, AllowPolicyEditParams { account_id, comments, is_acceptable_sender, 9 more } params, RequestOptionsoptions?): AllowPolicyEditResponse { id, created_at, last_modified, 12 more }

PATCH/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Delete an email allow policy

client.emailSecurity.settings.allowPolicies.delete(stringpolicyId, AllowPolicyDeleteParams { account_id } params, RequestOptionsoptions?): AllowPolicyDeleteResponse { id }

DELETE/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

ModelsExpand Collapse

AllowPolicyListResponse { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid

created_at: string

formatdate-time

Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

comments?: string | null

maxLength1024

is_acceptable_sender?: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient?: boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient?: boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex?: boolean

Deprecatedis_sender?: boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof?: boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender?: boolean

Messages from this sender will bypass all detections and link following

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender?: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyGetResponse { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid

created_at: string

formatdate-time

Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

comments?: string | null

maxLength1024

is_acceptable_sender?: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient?: boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient?: boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex?: boolean

Deprecatedis_sender?: boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof?: boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender?: boolean

Messages from this sender will bypass all detections and link following

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender?: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyCreateResponse { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid

created_at: string

formatdate-time

Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

comments?: string | null

maxLength1024

is_acceptable_sender?: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient?: boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient?: boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex?: boolean

Deprecatedis_sender?: boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof?: boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender?: boolean

Messages from this sender will bypass all detections and link following

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender?: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyEditResponse { id, created_at, last_modified, 12 more }

An email allow policy

id: string

Allow policy identifier

formatuuid

created_at: string

formatdate-time

Deprecatedlast_modified: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

comments?: string | null

maxLength1024

is_acceptable_sender?: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note - This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient?: boolean

Messages to this recipient will bypass all detections

Deprecatedis_recipient?: boolean

Deprecated as of July 1, 2025. Use is_exempt_recipient instead. End of life: July 1, 2026.

is_regex?: boolean

Deprecatedis_sender?: boolean

Deprecated as of July 1, 2025. Use is_trusted_sender instead. End of life: July 1, 2026.

Deprecatedis_spoof?: boolean

Deprecated as of July 1, 2025. Use is_acceptable_sender instead. End of life: July 1, 2026.

is_trusted_sender?: boolean

Messages from this sender will bypass all detections and link following

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender?: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

AllowPolicyDeleteResponse { id }

id: string

Allow policy identifier

formatuuid

Email SecuritySettingsBlock Senders

List blocked email senders

client.emailSecurity.settings.blockSenders.list(BlockSenderListParams { account_id, direction, order, 5 more } params, RequestOptionsoptions?): V4PagePaginationArray<BlockSenderListResponse { id, comments, created_at, 5 more } >

GET/accounts/{account_id}/email-security/settings/block_senders

Get a blocked email sender

client.emailSecurity.settings.blockSenders.get(stringpatternId, BlockSenderGetParams { account_id } params, RequestOptionsoptions?): BlockSenderGetResponse { id, comments, created_at, 5 more }

GET/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

Create blocked email sender

client.emailSecurity.settings.blockSenders.create(BlockSenderCreateParams { account_id, is_regex, pattern, 2 more } params, RequestOptionsoptions?): BlockSenderCreateResponse { id, comments, created_at, 5 more }

POST/accounts/{account_id}/email-security/settings/block_senders

Update a blocked email sender

client.emailSecurity.settings.blockSenders.edit(stringpatternId, BlockSenderEditParams { account_id, comments, is_regex, 2 more } params, RequestOptionsoptions?): BlockSenderEditResponse { id, comments, created_at, 5 more }

PATCH/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

Delete a blocked email sender

client.emailSecurity.settings.blockSenders.delete(stringpatternId, BlockSenderDeleteParams { account_id } params, RequestOptionsoptions?): BlockSenderDeleteResponse { id }

DELETE/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

ModelsExpand Collapse

BlockSenderListResponse { id, comments, created_at, 5 more }

A blocked sender pattern

id?: string

Blocked sender pattern identifier

formatuuid

comments?: string | null

maxLength1024

created_at?: string

formatdate-time

is_regex?: boolean

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

BlockSenderGetResponse { id, comments, created_at, 5 more }

A blocked sender pattern

id?: string

Blocked sender pattern identifier

formatuuid

comments?: string | null

maxLength1024

created_at?: string

formatdate-time

is_regex?: boolean

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

BlockSenderCreateResponse { id, comments, created_at, 5 more }

A blocked sender pattern

id?: string

Blocked sender pattern identifier

formatuuid

comments?: string | null

maxLength1024

created_at?: string

formatdate-time

is_regex?: boolean

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

BlockSenderEditResponse { id, comments, created_at, 5 more }

A blocked sender pattern

id?: string

Blocked sender pattern identifier

formatuuid

comments?: string | null

maxLength1024

created_at?: string

formatdate-time

is_regex?: boolean

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

pattern_type?: "EMAIL" | "DOMAIN" | "IP" | "UNKNOWN"

Type of pattern matching. Note: UNKNOWN is deprecated and cannot be used when creating or updating policies, but may be returned for existing entries.

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

BlockSenderDeleteResponse { id }

id: string

Blocked sender pattern identifier

formatuuid

Email SecuritySettingsDomains

List protected email domains

client.emailSecurity.settings.domains.list(DomainListParams { account_id, active_delivery_mode, allowed_delivery_mode, 8 more } params, RequestOptionsoptions?): V4PagePaginationArray<DomainListResponse { id, allowed_delivery_modes, authorization, 19 more } >

GET/accounts/{account_id}/email-security/settings/domains

Get an email domain

client.emailSecurity.settings.domains.get(stringdomainId, DomainGetParams { account_id } params, RequestOptionsoptions?): DomainGetResponse { id, allowed_delivery_modes, authorization, 19 more }

GET/accounts/{account_id}/email-security/settings/domains/{domain_id}

Update an email domain

client.emailSecurity.settings.domains.edit(stringdomainId, DomainEditParams { account_id, allowed_delivery_modes, domain, 9 more } params, RequestOptionsoptions?): DomainEditResponse { id, allowed_delivery_modes, authorization, 19 more }

PATCH/accounts/{account_id}/email-security/settings/domains/{domain_id}

Unprotect an email domain

client.emailSecurity.settings.domains.delete(stringdomainId, DomainDeleteParams { account_id } params, RequestOptionsoptions?): DomainDeleteResponse { id }

DELETE/accounts/{account_id}/email-security/settings/domains/{domain_id}

ModelsExpand Collapse

DomainListResponse { id, allowed_delivery_modes, authorization, 19 more }

id?: string

Domain identifier

formatuuid

allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>

One of the following:

"DIRECT"

"BCC"

"JOURNAL"

"API"

"RETRO_SCAN"

authorization?: Authorization { authorized, timestamp, status_message }

authorized: boolean

timestamp: string

formatdate-time

status_message?: string | null

created_at?: string

formatdate-time

dmarc_status?: "none" | "good" | "invalid"

One of the following:

"none"

"good"

"invalid"

domain?: string

drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

emails_processed?: EmailsProcessed { timestamp, total_emails_processed, total_emails_processed_previous }

timestamp: string

formatdate-time

total_emails_processed: number

minimum0

total_emails_processed_previous: number

minimum0

folder?: "AllItems" | "Inbox"

One of the following:

"AllItems"

"Inbox"

inbox_provider?: "Microsoft" | "Google" | null

One of the following:

"Microsoft"

"Google"

integration_id?: string | null

formatuuid

ip_restrictions?: Array<string>

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

lookback_hops?: number

modified_at?: string

formatdate-time

o365_tenant_id?: string | null

regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>

One of the following:

"GLOBAL"

"AU"

"DE"

"IN"

"US"

require_tls_inbound?: boolean | null

require_tls_outbound?: boolean | null

spf_status?: "none" | "good" | "neutral" | 2 more

One of the following:

"none"

"good"

"neutral"

"open"

"invalid"

status?: "pending" | "active" | "failed" | "timeout"

One of the following:

"pending"

"active"

"failed"

"timeout"

transport?: string

DomainGetResponse { id, allowed_delivery_modes, authorization, 19 more }

id?: string

Domain identifier

formatuuid

allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>

One of the following:

"DIRECT"

"BCC"

"JOURNAL"

"API"

"RETRO_SCAN"

authorization?: Authorization { authorized, timestamp, status_message }

authorized: boolean

timestamp: string

formatdate-time

status_message?: string | null

created_at?: string

formatdate-time

dmarc_status?: "none" | "good" | "invalid"

One of the following:

"none"

"good"

"invalid"

domain?: string

drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

emails_processed?: EmailsProcessed { timestamp, total_emails_processed, total_emails_processed_previous }

timestamp: string

formatdate-time

total_emails_processed: number

minimum0

total_emails_processed_previous: number

minimum0

folder?: "AllItems" | "Inbox"

One of the following:

"AllItems"

"Inbox"

inbox_provider?: "Microsoft" | "Google" | null

One of the following:

"Microsoft"

"Google"

integration_id?: string | null

formatuuid

ip_restrictions?: Array<string>

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

lookback_hops?: number

modified_at?: string

formatdate-time

o365_tenant_id?: string | null

regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>

One of the following:

"GLOBAL"

"AU"

"DE"

"IN"

"US"

require_tls_inbound?: boolean | null

require_tls_outbound?: boolean | null

spf_status?: "none" | "good" | "neutral" | 2 more

One of the following:

"none"

"good"

"neutral"

"open"

"invalid"

status?: "pending" | "active" | "failed" | "timeout"

One of the following:

"pending"

"active"

"failed"

"timeout"

transport?: string

DomainEditResponse { id, allowed_delivery_modes, authorization, 19 more }

id?: string

Domain identifier

formatuuid

allowed_delivery_modes?: Array<"DIRECT" | "BCC" | "JOURNAL" | 2 more>

One of the following:

"DIRECT"

"BCC"

"JOURNAL"

"API"

"RETRO_SCAN"

authorization?: Authorization { authorized, timestamp, status_message }

authorized: boolean

timestamp: string

formatdate-time

status_message?: string | null

created_at?: string

formatdate-time

dmarc_status?: "none" | "good" | "invalid"

One of the following:

"none"

"good"

"invalid"

domain?: string

drop_dispositions?: Array<"MALICIOUS" | "MALICIOUS-BEC" | "SUSPICIOUS" | 7 more>

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

emails_processed?: EmailsProcessed { timestamp, total_emails_processed, total_emails_processed_previous }

timestamp: string

formatdate-time

total_emails_processed: number

minimum0

total_emails_processed_previous: number

minimum0

folder?: "AllItems" | "Inbox"

One of the following:

"AllItems"

"Inbox"

inbox_provider?: "Microsoft" | "Google" | null

One of the following:

"Microsoft"

"Google"

integration_id?: string | null

formatuuid

ip_restrictions?: Array<string>

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

lookback_hops?: number

modified_at?: string

formatdate-time

o365_tenant_id?: string | null

regions?: Array<"GLOBAL" | "AU" | "DE" | 2 more>

One of the following:

"GLOBAL"

"AU"

"DE"

"IN"

"US"

require_tls_inbound?: boolean | null

require_tls_outbound?: boolean | null

spf_status?: "none" | "good" | "neutral" | 2 more

One of the following:

"none"

"good"

"neutral"

"open"

"invalid"

status?: "pending" | "active" | "failed" | "timeout"

One of the following:

"pending"

"active"

"failed"

"timeout"

transport?: string

DomainDeleteResponse { id }

id: string

Domain identifier

formatuuid

Email SecuritySettingsImpersonation Registry

List entries in impersonation registry

client.emailSecurity.settings.impersonationRegistry.list(ImpersonationRegistryListParams { account_id, direction, order, 4 more } params, RequestOptionsoptions?): V4PagePaginationArray<ImpersonationRegistryListResponse { id, comments, created_at, 9 more } >

GET/accounts/{account_id}/email-security/settings/impersonation_registry

Get an impersonation registry entry

client.emailSecurity.settings.impersonationRegistry.get(stringimpersonationRegistryId, ImpersonationRegistryGetParams { account_id } params, RequestOptionsoptions?): ImpersonationRegistryGetResponse { id, comments, created_at, 9 more }

GET/accounts/{account_id}/email-security/settings/impersonation_registry/{impersonation_registry_id}

Create impersonation registry entry

client.emailSecurity.settings.impersonationRegistry.create(ImpersonationRegistryCreateParams { account_id, email, is_email_regex, 6 more } params, RequestOptionsoptions?): ImpersonationRegistryCreateResponse { id, comments, created_at, 9 more }

POST/accounts/{account_id}/email-security/settings/impersonation_registry

Update an impersonation registry entry

client.emailSecurity.settings.impersonationRegistry.edit(stringimpersonationRegistryId, ImpersonationRegistryEditParams { account_id, comments, directory_id, 6 more } params, RequestOptionsoptions?): ImpersonationRegistryEditResponse { id, comments, created_at, 9 more }

PATCH/accounts/{account_id}/email-security/settings/impersonation_registry/{impersonation_registry_id}

Delete an impersonation registry entry

client.emailSecurity.settings.impersonationRegistry.delete(stringimpersonationRegistryId, ImpersonationRegistryDeleteParams { account_id } params, RequestOptionsoptions?): ImpersonationRegistryDeleteResponse { id }

DELETE/accounts/{account_id}/email-security/settings/impersonation_registry/{impersonation_registry_id}

ModelsExpand Collapse

ImpersonationRegistryListResponse { id, comments, created_at, 9 more }

An impersonation registry entry

id?: string

Impersonation registry entry identifier

formatuuid

comments?: string | null

created_at?: string

formatdate-time

directory_id?: number | null

directory_node_id?: number | null

email?: string

Deprecatedexternal_directory_node_id?: string | null

is_email_regex?: boolean

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

name?: string

maxLength1024

provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"

One of the following:

"A1S_INTERNAL"

"SNOOPY-CASB_OFFICE_365"

"SNOOPY-OFFICE_365"

"SNOOPY-GOOGLE_DIRECTORY"

ImpersonationRegistryGetResponse { id, comments, created_at, 9 more }

An impersonation registry entry

id?: string

Impersonation registry entry identifier

formatuuid

comments?: string | null

created_at?: string

formatdate-time

directory_id?: number | null

directory_node_id?: number | null

email?: string

Deprecatedexternal_directory_node_id?: string | null

is_email_regex?: boolean

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

name?: string

maxLength1024

provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"

One of the following:

"A1S_INTERNAL"

"SNOOPY-CASB_OFFICE_365"

"SNOOPY-OFFICE_365"

"SNOOPY-GOOGLE_DIRECTORY"

ImpersonationRegistryCreateResponse { id, comments, created_at, 9 more }

An impersonation registry entry

id?: string

Impersonation registry entry identifier

formatuuid

comments?: string | null

created_at?: string

formatdate-time

directory_id?: number | null

directory_node_id?: number | null

email?: string

Deprecatedexternal_directory_node_id?: string | null

is_email_regex?: boolean

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

name?: string

maxLength1024

provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"

One of the following:

"A1S_INTERNAL"

"SNOOPY-CASB_OFFICE_365"

"SNOOPY-OFFICE_365"

"SNOOPY-GOOGLE_DIRECTORY"

ImpersonationRegistryEditResponse { id, comments, created_at, 9 more }

An impersonation registry entry

id?: string

Impersonation registry entry identifier

formatuuid

comments?: string | null

created_at?: string

formatdate-time

directory_id?: number | null

directory_node_id?: number | null

email?: string

Deprecatedexternal_directory_node_id?: string | null

is_email_regex?: boolean

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

name?: string

maxLength1024

provenance?: "A1S_INTERNAL" | "SNOOPY-CASB_OFFICE_365" | "SNOOPY-OFFICE_365" | "SNOOPY-GOOGLE_DIRECTORY"

One of the following:

"A1S_INTERNAL"

"SNOOPY-CASB_OFFICE_365"

"SNOOPY-OFFICE_365"

"SNOOPY-GOOGLE_DIRECTORY"

ImpersonationRegistryDeleteResponse { id }

id: string

Impersonation registry entry identifier

formatuuid

Email SecuritySettingsTrusted Domains

List trusted email domains

client.emailSecurity.settings.trustedDomains.list(TrustedDomainListParams { account_id, direction, is_recent, 6 more } params, RequestOptionsoptions?): V4PagePaginationArray<TrustedDomainListResponse { id, comments, created_at, 6 more } >

GET/accounts/{account_id}/email-security/settings/trusted_domains

Get a trusted email domain

client.emailSecurity.settings.trustedDomains.get(stringtrustedDomainId, TrustedDomainGetParams { account_id } params, RequestOptionsoptions?): TrustedDomainGetResponse { id, comments, created_at, 6 more }

GET/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

Create trusted email domain

client.emailSecurity.settings.trustedDomains.create(TrustedDomainCreateParams { account_id, is_recent, is_regex, 3 more } params, RequestOptionsoptions?): TrustedDomainCreateResponse { id, comments, created_at, 6 more }

POST/accounts/{account_id}/email-security/settings/trusted_domains

Update a trusted email domain

client.emailSecurity.settings.trustedDomains.edit(stringtrustedDomainId, TrustedDomainEditParams { account_id, comments, is_recent, 3 more } params, RequestOptionsoptions?): TrustedDomainEditResponse { id, comments, created_at, 6 more }

PATCH/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

Delete a trusted email domain

client.emailSecurity.settings.trustedDomains.delete(stringtrustedDomainId, TrustedDomainDeleteParams { account_id } params, RequestOptionsoptions?): TrustedDomainDeleteResponse { id }

DELETE/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

ModelsExpand Collapse

TrustedDomainListResponse { id, comments, created_at, 6 more }

A trusted email domain

id?: string

Trusted domain identifier

formatuuid

comments?: string | null

maxLength1024

created_at?: string

formatdate-time

is_recent?: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex?: boolean

is_similarity?: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

TrustedDomainGetResponse { id, comments, created_at, 6 more }

A trusted email domain

id?: string

Trusted domain identifier

formatuuid

comments?: string | null

maxLength1024

created_at?: string

formatdate-time

is_recent?: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex?: boolean

is_similarity?: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

TrustedDomainCreateResponse { id, comments, created_at, 6 more }

A trusted email domain

id?: string

Trusted domain identifier

formatuuid

comments?: string | null

maxLength1024

created_at?: string

formatdate-time

is_recent?: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex?: boolean

is_similarity?: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

TrustedDomainEditResponse { id, comments, created_at, 6 more }

A trusted email domain

id?: string

Trusted domain identifier

formatuuid

comments?: string | null

maxLength1024

created_at?: string

formatdate-time

is_recent?: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex?: boolean

is_similarity?: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

Deprecatedlast_modified?: string

Deprecated, use modified_at instead. End of life: November 1, 2026.

formatdate-time

modified_at?: string

formatdate-time

pattern?: string

maxLength1024

minLength1

TrustedDomainDeleteResponse { id }

id: string

Trusted domain identifier

formatuuid

Email SecuritySubmissions

Get reclassify submissions

client.emailSecurity.submissions.list(SubmissionListParams { account_id, end, escalated_from_user, 10 more } params, RequestOptionsoptions?): V4PagePaginationArray<SubmissionListResponse { requested_at, submission_id, customer_status, 15 more } >

GET/accounts/{account_id}/email-security/submissions

ModelsExpand Collapse

SubmissionListResponse { requested_at, submission_id, customer_status, 15 more }

requested_at: string

When the submission was requested (UTC).

formatdate-time

submission_id: string

customer_status?: "escalated" | "reviewed" | "unreviewed" | null

One of the following:

"escalated"

"reviewed"

"unreviewed"

escalated_as?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null

One of the following:

"MALICIOUS"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"NONE"

escalated_at?: string | null

formatdate-time

escalated_by?: string | null

escalated_submission_id?: string | null

original_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null

One of the following:

"MALICIOUS"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"NONE"

original_edf_hash?: string | null

original_postfix_id?: string | null

The postfix ID of the original message that was submitted

outcome?: string | null

outcome_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null

One of the following:

"MALICIOUS"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"NONE"

requested_by?: string | null

requested_disposition?: "MALICIOUS" | "SUSPICIOUS" | "SPOOF" | 3 more | null

One of the following:

"MALICIOUS"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"NONE"

Deprecatedrequested_ts?: string

Deprecated, use requested_at instead

status?: string | null

subject?: string | null

type?: "Team" | "User" | null

Whether the submission was created by a team member or an end user.

One of the following:

"Team"

"User"