# Investigate
## Search email messages
`email_security.investigate.list(InvestigateListParams**kwargs) -> SyncV4PagePaginationArray[InvestigateListResponse]`
**get** `/accounts/{account_id}/email-security/investigate`
Returns information for each email that matches the search parameter(s).
If the search takes too long, the endpoint returns 202 with a Location header
pointing to a polling endpoint where results can be retrieved once ready.
### Parameters
- `account_id: str`
Account Identifier
- `action_log: Optional[bool]`
Determines if the message action log is included in the response.
- `alert_id: Optional[str]`
- `cursor: Optional[str]`
- `detections_only: Optional[bool]`
Determines if the search results will include detections or not.
- `domain: Optional[str]`
Filter by a domain found in the email: sender domain, recipient domain, or a domain in a link.
- `end: Optional[Union[str, datetime]]`
The end of the search date range.
Defaults to `now` if not provided.
- `exact_subject: Optional[str]`
Search for messages with an exact subject match.
- `final_disposition: Optional[Literal["MALICIOUS", "SUSPICIOUS", "SPOOF", 3 more]]`
The dispositions the search filters by.
- `"MALICIOUS"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"NONE"`
- `message_action: Optional[Literal["PREVIEW", "QUARANTINE_RELEASED", "MOVED", "SUBMITTED"]]`
The message actions the search filters by.
- `"PREVIEW"`
- `"QUARANTINE_RELEASED"`
- `"MOVED"`
- `"SUBMITTED"`
- `message_id: Optional[str]`
- `metric: Optional[str]`
- `page: Optional[int]`
Deprecated: Use cursor pagination instead.
- `per_page: Optional[int]`
The number of results per page.
- `query: Optional[str]`
The space-delimited term used in the query. The search is case-insensitive.
The content of the following email metadata fields are searched:
* alert_id
* CC
* From (envelope_from)
* From Name
* final_disposition
* md5 hash (of any attachment)
* sha1 hash (of any attachment)
* sha256 hash (of any attachment)
* name (of any attachment)
* Reason
* Received DateTime (yyyy-mm-ddThh:mm:ss)
* Sent DateTime (yyyy-mm-ddThh:mm:ss)
* ReplyTo
* To (envelope_to)
* To Name
* Message-ID
* smtp_helo_server_ip
* smtp_previous_hop_ip
* x_originating_ip
* Subject
- `recipient: Optional[str]`
Filter by recipient. Matches either an email address or a domain.
- `sender: Optional[str]`
Filter by sender. Matches either an email address or a domain.
- `start: Optional[Union[str, datetime]]`
The beginning of the search date range.
Defaults to `now - 30 days` if not provided.
- `subject: Optional[str]`
Search for messages containing individual keywords in any order within the subject.
- `submissions: Optional[bool]`
Search for submissions instead of original messages
### Returns
- `class InvestigateListResponse: …`
- `id: str`
- `action_log: object`
- `client_recipients: List[str]`
- `detection_reasons: List[str]`
- `is_phish_submission: bool`
- `is_quarantined: bool`
- `postfix_id: str`
The identifier of the message.
- `properties: Properties`
- `allowlisted_pattern: Optional[str]`
- `allowlisted_pattern_type: Optional[Literal["quarantine_release", "acceptable_sender", "allowed_sender", 5 more]]`
- `"quarantine_release"`
- `"acceptable_sender"`
- `"allowed_sender"`
- `"allowed_recipient"`
- `"domain_similarity"`
- `"domain_recency"`
- `"managed_acceptable_sender"`
- `"outbound_ndr"`
- `blocklisted_message: Optional[bool]`
- `blocklisted_pattern: Optional[str]`
- `whitelisted_pattern_type: Optional[Literal["quarantine_release", "acceptable_sender", "allowed_sender", 5 more]]`
- `"quarantine_release"`
- `"acceptable_sender"`
- `"allowed_sender"`
- `"allowed_recipient"`
- `"domain_similarity"`
- `"domain_recency"`
- `"managed_acceptable_sender"`
- `"outbound_ndr"`
- `ts: str`
Deprecated, use `scanned_at` instead
- `alert_id: Optional[str]`
- `delivery_mode: Optional[Literal["DIRECT", "BCC", "JOURNAL", 8 more]]`
- `"DIRECT"`
- `"BCC"`
- `"JOURNAL"`
- `"REVIEW_SUBMISSION"`
- `"DMARC_UNVERIFIED"`
- `"DMARC_FAILURE_REPORT"`
- `"DMARC_AGGREGATE_REPORT"`
- `"THREAT_INTEL_SUBMISSION"`
- `"SIMULATION_SUBMISSION"`
- `"API"`
- `"RETRO_SCAN"`
- `edf_hash: Optional[str]`
- `envelope_from: Optional[str]`
- `envelope_to: Optional[List[str]]`
- `final_disposition: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
- `findings: Optional[List[Finding]]`
- `attachment: Optional[str]`
- `detail: Optional[str]`
- `detection: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
- `field: Optional[str]`
- `name: Optional[str]`
- `portion: Optional[str]`
- `reason: Optional[str]`
- `score: Optional[float]`
- `value: Optional[str]`
- `from_: Optional[str]`
- `from_name: Optional[str]`
- `htmltext_structure_hash: Optional[str]`
- `message_id: Optional[str]`
- `post_delivery_operations: Optional[List[Literal["PREVIEW", "QUARANTINE_RELEASE", "SUBMISSION", "MOVE"]]]`
- `"PREVIEW"`
- `"QUARANTINE_RELEASE"`
- `"SUBMISSION"`
- `"MOVE"`
- `postfix_id_outbound: Optional[str]`
- `replyto: Optional[str]`
- `scanned_at: Optional[datetime]`
- `sent_at: Optional[datetime]`
- `sent_date: Optional[str]`
Deprecated, use `sent_at` instead
- `subject: Optional[str]`
- `threat_categories: Optional[List[str]]`
- `to: Optional[List[str]]`
- `to_name: Optional[List[str]]`
- `validation: Optional[Validation]`
- `comment: Optional[str]`
- `dkim: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `dmarc: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `spf: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
page = client.email_security.investigate.list(
account_id="023e105f4ecef8ad9ca31a8372d0c353",
)
page = page.result[0]
print(page.id)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": [
{
"id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49-2a539d65",
"action_log": [],
"client_recipients": [
"email@example.com"
],
"detection_reasons": [
"Selector is a source of spam/uce : Smtp-Helo-Server-Ip=127.0.0[dot]186"
],
"is_phish_submission": false,
"is_quarantined": false,
"postfix_id": "47JJcT1w6GztQV7",
"properties": {
"allowlisted_pattern": "allowlisted_pattern",
"allowlisted_pattern_type": "quarantine_release",
"blocklisted_message": true,
"blocklisted_pattern": "blocklisted_pattern",
"whitelisted_pattern_type": "quarantine_release"
},
"ts": "2019-11-20T23:22:01",
"alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49",
"delivery_mode": "DIRECT",
"edf_hash": null,
"envelope_from": "d1994@example.com",
"envelope_to": [
"email@example.com"
],
"final_disposition": "MALICIOUS",
"findings": [
{
"attachment": "attachment",
"detail": "detail",
"detection": "MALICIOUS",
"field": "field",
"name": "name",
"portion": "portion",
"reason": "reason",
"score": 0,
"value": "value"
}
],
"from": "d1994@example.com",
"from_name": "Sender Name",
"htmltext_structure_hash": null,
"message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>",
"post_delivery_operations": [
"PREVIEW"
],
"postfix_id_outbound": null,
"replyto": "email@example.com",
"scanned_at": "2019-11-20T23:22:01Z",
"sent_at": "2019-11-21T00:22:01Z",
"sent_date": "2019-11-21T00:22:01",
"subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place",
"threat_categories": [
"IPReputation",
"ASNReputation"
],
"to": [
"email@example.com"
],
"to_name": [
"Recipient Name"
],
"validation": {
"comment": null,
"dkim": "pass",
"dmarc": "none",
"spf": "fail"
}
}
],
"result_info": {
"count": 0,
"page": 0,
"per_page": 0,
"total_count": 0,
"next": "next",
"previous": "previous"
},
"success": true
}
```
## Get message details
`email_security.investigate.get(strpostfix_id, InvestigateGetParams**kwargs) -> InvestigateGetResponse`
**get** `/accounts/{account_id}/email-security/investigate/{postfix_id}`
Retrieves detailed information about a specific email message, including headers,
metadata, and security scan results.
### Parameters
- `account_id: str`
Account Identifier
- `postfix_id: str`
The identifier of the message.
### Returns
- `class InvestigateGetResponse: …`
- `id: str`
- `action_log: object`
- `client_recipients: List[str]`
- `detection_reasons: List[str]`
- `is_phish_submission: bool`
- `is_quarantined: bool`
- `postfix_id: str`
The identifier of the message.
- `properties: Properties`
- `allowlisted_pattern: Optional[str]`
- `allowlisted_pattern_type: Optional[Literal["quarantine_release", "acceptable_sender", "allowed_sender", 5 more]]`
- `"quarantine_release"`
- `"acceptable_sender"`
- `"allowed_sender"`
- `"allowed_recipient"`
- `"domain_similarity"`
- `"domain_recency"`
- `"managed_acceptable_sender"`
- `"outbound_ndr"`
- `blocklisted_message: Optional[bool]`
- `blocklisted_pattern: Optional[str]`
- `whitelisted_pattern_type: Optional[Literal["quarantine_release", "acceptable_sender", "allowed_sender", 5 more]]`
- `"quarantine_release"`
- `"acceptable_sender"`
- `"allowed_sender"`
- `"allowed_recipient"`
- `"domain_similarity"`
- `"domain_recency"`
- `"managed_acceptable_sender"`
- `"outbound_ndr"`
- `ts: str`
Deprecated, use `scanned_at` instead
- `alert_id: Optional[str]`
- `delivery_mode: Optional[Literal["DIRECT", "BCC", "JOURNAL", 8 more]]`
- `"DIRECT"`
- `"BCC"`
- `"JOURNAL"`
- `"REVIEW_SUBMISSION"`
- `"DMARC_UNVERIFIED"`
- `"DMARC_FAILURE_REPORT"`
- `"DMARC_AGGREGATE_REPORT"`
- `"THREAT_INTEL_SUBMISSION"`
- `"SIMULATION_SUBMISSION"`
- `"API"`
- `"RETRO_SCAN"`
- `edf_hash: Optional[str]`
- `envelope_from: Optional[str]`
- `envelope_to: Optional[List[str]]`
- `final_disposition: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
- `findings: Optional[List[Finding]]`
- `attachment: Optional[str]`
- `detail: Optional[str]`
- `detection: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
- `field: Optional[str]`
- `name: Optional[str]`
- `portion: Optional[str]`
- `reason: Optional[str]`
- `score: Optional[float]`
- `value: Optional[str]`
- `from_: Optional[str]`
- `from_name: Optional[str]`
- `htmltext_structure_hash: Optional[str]`
- `message_id: Optional[str]`
- `post_delivery_operations: Optional[List[Literal["PREVIEW", "QUARANTINE_RELEASE", "SUBMISSION", "MOVE"]]]`
- `"PREVIEW"`
- `"QUARANTINE_RELEASE"`
- `"SUBMISSION"`
- `"MOVE"`
- `postfix_id_outbound: Optional[str]`
- `replyto: Optional[str]`
- `scanned_at: Optional[datetime]`
- `sent_at: Optional[datetime]`
- `sent_date: Optional[str]`
Deprecated, use `sent_at` instead
- `subject: Optional[str]`
- `threat_categories: Optional[List[str]]`
- `to: Optional[List[str]]`
- `to_name: Optional[List[str]]`
- `validation: Optional[Validation]`
- `comment: Optional[str]`
- `dkim: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `dmarc: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `spf: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
investigate = client.email_security.investigate.get(
postfix_id="4Njp3P0STMz2c02Q",
account_id="023e105f4ecef8ad9ca31a8372d0c353",
)
print(investigate.id)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": {
"id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49-2a539d65",
"action_log": [],
"client_recipients": [
"email@example.com"
],
"detection_reasons": [
"Selector is a source of spam/uce : Smtp-Helo-Server-Ip=127.0.0[dot]186"
],
"is_phish_submission": false,
"is_quarantined": false,
"postfix_id": "47JJcT1w6GztQV7",
"properties": {
"allowlisted_pattern": "allowlisted_pattern",
"allowlisted_pattern_type": "quarantine_release",
"blocklisted_message": true,
"blocklisted_pattern": "blocklisted_pattern",
"whitelisted_pattern_type": "quarantine_release"
},
"ts": "2019-11-20T23:22:01",
"alert_id": "4Njp3P0STMz2c02Q-2022-12-30T02:44:49",
"delivery_mode": "DIRECT",
"edf_hash": null,
"envelope_from": "d1994@example.com",
"envelope_to": [
"email@example.com"
],
"final_disposition": "MALICIOUS",
"findings": [
{
"attachment": "attachment",
"detail": "detail",
"detection": "MALICIOUS",
"field": "field",
"name": "name",
"portion": "portion",
"reason": "reason",
"score": 0,
"value": "value"
}
],
"from": "d1994@example.com",
"from_name": "Sender Name",
"htmltext_structure_hash": null,
"message_id": "<4VAZPrAdg7IGNxdt1DWRNu0gvOeL_iZiwP4BQfo4DaE.Yw-woXuugQbeFhBpzwFQtqq_v2v1HOKznoMBqbciQpE@example.com>",
"post_delivery_operations": [
"PREVIEW"
],
"postfix_id_outbound": null,
"replyto": "email@example.com",
"scanned_at": "2019-11-20T23:22:01Z",
"sent_at": "2019-11-21T00:22:01Z",
"sent_date": "2019-11-21T00:22:01",
"subject": "listen, I highly recommend u to read that email, just to ensure not a thing will take place",
"threat_categories": [
"IPReputation",
"ASNReputation"
],
"to": [
"email@example.com"
],
"to_name": [
"Recipient Name"
],
"validation": {
"comment": null,
"dkim": "pass",
"dmarc": "none",
"spf": "fail"
}
},
"success": true
}
```
## Domain Types
### Investigate List Response
- `class InvestigateListResponse: …`
- `id: str`
- `action_log: object`
- `client_recipients: List[str]`
- `detection_reasons: List[str]`
- `is_phish_submission: bool`
- `is_quarantined: bool`
- `postfix_id: str`
The identifier of the message.
- `properties: Properties`
- `allowlisted_pattern: Optional[str]`
- `allowlisted_pattern_type: Optional[Literal["quarantine_release", "acceptable_sender", "allowed_sender", 5 more]]`
- `"quarantine_release"`
- `"acceptable_sender"`
- `"allowed_sender"`
- `"allowed_recipient"`
- `"domain_similarity"`
- `"domain_recency"`
- `"managed_acceptable_sender"`
- `"outbound_ndr"`
- `blocklisted_message: Optional[bool]`
- `blocklisted_pattern: Optional[str]`
- `whitelisted_pattern_type: Optional[Literal["quarantine_release", "acceptable_sender", "allowed_sender", 5 more]]`
- `"quarantine_release"`
- `"acceptable_sender"`
- `"allowed_sender"`
- `"allowed_recipient"`
- `"domain_similarity"`
- `"domain_recency"`
- `"managed_acceptable_sender"`
- `"outbound_ndr"`
- `ts: str`
Deprecated, use `scanned_at` instead
- `alert_id: Optional[str]`
- `delivery_mode: Optional[Literal["DIRECT", "BCC", "JOURNAL", 8 more]]`
- `"DIRECT"`
- `"BCC"`
- `"JOURNAL"`
- `"REVIEW_SUBMISSION"`
- `"DMARC_UNVERIFIED"`
- `"DMARC_FAILURE_REPORT"`
- `"DMARC_AGGREGATE_REPORT"`
- `"THREAT_INTEL_SUBMISSION"`
- `"SIMULATION_SUBMISSION"`
- `"API"`
- `"RETRO_SCAN"`
- `edf_hash: Optional[str]`
- `envelope_from: Optional[str]`
- `envelope_to: Optional[List[str]]`
- `final_disposition: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
- `findings: Optional[List[Finding]]`
- `attachment: Optional[str]`
- `detail: Optional[str]`
- `detection: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
- `field: Optional[str]`
- `name: Optional[str]`
- `portion: Optional[str]`
- `reason: Optional[str]`
- `score: Optional[float]`
- `value: Optional[str]`
- `from_: Optional[str]`
- `from_name: Optional[str]`
- `htmltext_structure_hash: Optional[str]`
- `message_id: Optional[str]`
- `post_delivery_operations: Optional[List[Literal["PREVIEW", "QUARANTINE_RELEASE", "SUBMISSION", "MOVE"]]]`
- `"PREVIEW"`
- `"QUARANTINE_RELEASE"`
- `"SUBMISSION"`
- `"MOVE"`
- `postfix_id_outbound: Optional[str]`
- `replyto: Optional[str]`
- `scanned_at: Optional[datetime]`
- `sent_at: Optional[datetime]`
- `sent_date: Optional[str]`
Deprecated, use `sent_at` instead
- `subject: Optional[str]`
- `threat_categories: Optional[List[str]]`
- `to: Optional[List[str]]`
- `to_name: Optional[List[str]]`
- `validation: Optional[Validation]`
- `comment: Optional[str]`
- `dkim: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `dmarc: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `spf: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
### Investigate Get Response
- `class InvestigateGetResponse: …`
- `id: str`
- `action_log: object`
- `client_recipients: List[str]`
- `detection_reasons: List[str]`
- `is_phish_submission: bool`
- `is_quarantined: bool`
- `postfix_id: str`
The identifier of the message.
- `properties: Properties`
- `allowlisted_pattern: Optional[str]`
- `allowlisted_pattern_type: Optional[Literal["quarantine_release", "acceptable_sender", "allowed_sender", 5 more]]`
- `"quarantine_release"`
- `"acceptable_sender"`
- `"allowed_sender"`
- `"allowed_recipient"`
- `"domain_similarity"`
- `"domain_recency"`
- `"managed_acceptable_sender"`
- `"outbound_ndr"`
- `blocklisted_message: Optional[bool]`
- `blocklisted_pattern: Optional[str]`
- `whitelisted_pattern_type: Optional[Literal["quarantine_release", "acceptable_sender", "allowed_sender", 5 more]]`
- `"quarantine_release"`
- `"acceptable_sender"`
- `"allowed_sender"`
- `"allowed_recipient"`
- `"domain_similarity"`
- `"domain_recency"`
- `"managed_acceptable_sender"`
- `"outbound_ndr"`
- `ts: str`
Deprecated, use `scanned_at` instead
- `alert_id: Optional[str]`
- `delivery_mode: Optional[Literal["DIRECT", "BCC", "JOURNAL", 8 more]]`
- `"DIRECT"`
- `"BCC"`
- `"JOURNAL"`
- `"REVIEW_SUBMISSION"`
- `"DMARC_UNVERIFIED"`
- `"DMARC_FAILURE_REPORT"`
- `"DMARC_AGGREGATE_REPORT"`
- `"THREAT_INTEL_SUBMISSION"`
- `"SIMULATION_SUBMISSION"`
- `"API"`
- `"RETRO_SCAN"`
- `edf_hash: Optional[str]`
- `envelope_from: Optional[str]`
- `envelope_to: Optional[List[str]]`
- `final_disposition: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
- `findings: Optional[List[Finding]]`
- `attachment: Optional[str]`
- `detail: Optional[str]`
- `detection: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
- `field: Optional[str]`
- `name: Optional[str]`
- `portion: Optional[str]`
- `reason: Optional[str]`
- `score: Optional[float]`
- `value: Optional[str]`
- `from_: Optional[str]`
- `from_name: Optional[str]`
- `htmltext_structure_hash: Optional[str]`
- `message_id: Optional[str]`
- `post_delivery_operations: Optional[List[Literal["PREVIEW", "QUARANTINE_RELEASE", "SUBMISSION", "MOVE"]]]`
- `"PREVIEW"`
- `"QUARANTINE_RELEASE"`
- `"SUBMISSION"`
- `"MOVE"`
- `postfix_id_outbound: Optional[str]`
- `replyto: Optional[str]`
- `scanned_at: Optional[datetime]`
- `sent_at: Optional[datetime]`
- `sent_date: Optional[str]`
Deprecated, use `sent_at` instead
- `subject: Optional[str]`
- `threat_categories: Optional[List[str]]`
- `to: Optional[List[str]]`
- `to_name: Optional[List[str]]`
- `validation: Optional[Validation]`
- `comment: Optional[str]`
- `dkim: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `dmarc: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `spf: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
# Detections
## Get message detection details
`email_security.investigate.detections.get(strpostfix_id, DetectionGetParams**kwargs) -> DetectionGetResponse`
**get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/detections`
Returns detection details such as threat categories and sender information for non-benign messages.
### Parameters
- `account_id: str`
Account Identifier
- `postfix_id: str`
The identifier of the message.
### Returns
- `class DetectionGetResponse: …`
- `action: str`
- `attachments: List[Attachment]`
- `size: int`
- `content_type: Optional[str]`
- `detection: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
- `encrypted: Optional[bool]`
- `name: Optional[str]`
- `headers: List[Header]`
- `name: str`
- `value: str`
- `links: List[Link]`
- `href: str`
- `text: Optional[str]`
- `sender_info: SenderInfo`
- `as_name: Optional[str]`
The name of the autonomous system.
- `as_number: Optional[int]`
The number of the autonomous system.
- `geo: Optional[str]`
- `ip: Optional[str]`
- `pld: Optional[str]`
- `threat_categories: List[ThreatCategory]`
- `id: int`
- `description: Optional[str]`
- `name: Optional[str]`
- `validation: Validation`
- `comment: Optional[str]`
- `dkim: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `dmarc: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `spf: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `final_disposition: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
detection = client.email_security.investigate.detections.get(
postfix_id="4Njp3P0STMz2c02Q",
account_id="023e105f4ecef8ad9ca31a8372d0c353",
)
print(detection.validation)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": {
"action": "QUARANTINED",
"attachments": [
{
"size": 0,
"content_type": "content_type",
"detection": "MALICIOUS",
"encrypted": true,
"name": "name"
}
],
"headers": [
{
"name": "From",
"value": "Sender Name "
},
{
"name": "Subject",
"value": "listen, I highly recommend u to read that email, just to ensure not a thing will take place"
}
],
"links": [
{
"href": "https://example.com",
"text": "Click here!"
}
],
"sender_info": {
"as_name": "AS0",
"as_number": 0,
"geo": "US/-/-",
"ip": "127.0.0.1",
"pld": "example.com"
},
"threat_categories": [
{
"id": 1234,
"description": null,
"name": "IP Reputation"
}
],
"validation": {
"comment": null,
"dkim": "pass",
"dmarc": "none",
"spf": "fail"
},
"final_disposition": "MALICIOUS"
},
"success": true
}
```
## Domain Types
### Detection Get Response
- `class DetectionGetResponse: …`
- `action: str`
- `attachments: List[Attachment]`
- `size: int`
- `content_type: Optional[str]`
- `detection: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
- `encrypted: Optional[bool]`
- `name: Optional[str]`
- `headers: List[Header]`
- `name: str`
- `value: str`
- `links: List[Link]`
- `href: str`
- `text: Optional[str]`
- `sender_info: SenderInfo`
- `as_name: Optional[str]`
The name of the autonomous system.
- `as_number: Optional[int]`
The number of the autonomous system.
- `geo: Optional[str]`
- `ip: Optional[str]`
- `pld: Optional[str]`
- `threat_categories: List[ThreatCategory]`
- `id: int`
- `description: Optional[str]`
- `name: Optional[str]`
- `validation: Validation`
- `comment: Optional[str]`
- `dkim: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `dmarc: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `spf: Optional[Literal["pass", "neutral", "fail", 2 more]]`
- `"pass"`
- `"neutral"`
- `"fail"`
- `"error"`
- `"none"`
- `final_disposition: Optional[Literal["MALICIOUS", "MALICIOUS-BEC", "SUSPICIOUS", 7 more]]`
- `"MALICIOUS"`
- `"MALICIOUS-BEC"`
- `"SUSPICIOUS"`
- `"SPOOF"`
- `"SPAM"`
- `"BULK"`
- `"ENCRYPTED"`
- `"EXTERNAL"`
- `"UNKNOWN"`
- `"NONE"`
# Preview
## Get email preview
`email_security.investigate.preview.get(strpostfix_id, PreviewGetParams**kwargs) -> PreviewGetResponse`
**get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/preview`
Returns a preview of the message body as a base64 encoded PNG image for non-benign messages.
### Parameters
- `account_id: str`
Account Identifier
- `postfix_id: str`
The identifier of the message.
### Returns
- `class PreviewGetResponse: …`
- `screenshot: str`
A base64 encoded PNG image of the email.
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
preview = client.email_security.investigate.preview.get(
postfix_id="4Njp3P0STMz2c02Q",
account_id="023e105f4ecef8ad9ca31a8372d0c353",
)
print(preview.screenshot)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": {
"screenshot": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAAAXNSR0IArs4c6QAAAIRlWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAABgAAAAAQAAAGAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAGCgAwAEAAAAAQAAAGAAAAAAtVTeigAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KGV7hBwAACXtJREFUeAHtmwtwXFUZgP9zX7t3b7LNa9M2tGmLDbaWKpL6aBBJHdERQWGkU4u8CraVWmYQYWQUMSoKhZJikYo4Qqc6RVqkKmNHC0K1FGYoM9pqS4FAa9s0aTavfd3d+zq/527YSNvdzWY3m2ySc2c2595z/vOf///+e+4959wTAH5wApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwAhOJABmvzuCz158HXmUp2rCEOlhGbEdFh2qASFAgtiCKMUGgh8FM7IDDp3aQlt12Kfo6rgKAz3ylAQ3rJ/Fg39XYfyx32wUJpJpZ7wiq8LPebuGJaXfuipVKMHJ3YowsRgQC265aE+/quYf2/Le2YDM85aBOn/m7GDHX+m/4W0/B+gpUUNIBwN98rknvif4J+9urC/Tz7OqKBp66+vWSUf9dsvpx62yB0ckpyQDgLxtlS5iyyTx59OuATlFJkOrZYV9l7afItdv/XdSGMigvuQBEHmyqJRLug9DJ+gw2j3y2qIDWcOEPyFef/tHIK8+usaQCEGpdPFd0rEMQC8rZzS5OqXr+JU+JV2+5pjja02sV0mePfm7/I5+eIznm22MF3/U4/p+/L3d23LhxNL0viR7Qs/ETfo/lnIBIsHw0nU/bFiGgLbp0BfnirzanLR/hzJLoAV6QXywJ+C5cNu6N7d/7JD6zat4Is06rbswDENvU/A3sPd6Y1rqxyjRjkDj1zp7RaH5MA3CkpdkL0fAvRsPR4bbhBNtqcNvS7w233nDlxzQAgUp7E+pjPhnNyEw/duRefJLdJEU8pGLo7mptnuuTSJNHkeaBIPhMK/6Gbjm7A7ftfTPV3sGWBQpEu1ekrksxxWgQoLr6Tmbbj4tl34iOgmIbPnsLG8w9hKETajqDiX86sCXJe/1a4D4QEnfF2t/6fjq5UsojFTNQu21v0Z4UIxKA4LqL6nwyfQ3DJ8/JBR7x1wGIEmDfsVzEx1xGO3f+xeT6v7xcDEMKjmystXmRSkPtucJ3nWCy4wZ+0l7wfLsY8F2dBQWg46cfDaDVtw+MSLHsKwm98VDky8UypKAA+BVpF8T7i2Vb6eg1IiPyqE7nUN6joL51jUsw2nVBOqUTLc9TGfi965O++dLlomZvBSICyBoQpdyQVP8R4hFfgAQ+Spb8/PBwfc87AGWadrcR7x5ue+NS3qK2OxQFpcq72jGi7CXGvlGYYUAz7LGi7e6Shftba/x5ma1UB9ZDL2khlz1iuHWGOvJ+BJl65DNDKZ8I5UL17E515a4jri+OEbsoq096l2QeP3iXaR5N4MurH8SWliH5DimQqUHUezMVTah8tVx7wHUIdy6/gv3N7YlhRcHseOsOc9HBKL54S9Z1rrwCcLxlQdWEopzJGfbdGG7Y+XAyABK9MZNYxvx4t2r2vv067l55ayaZvAJgQ0zPpHAi5StT52xjnwfQ9cnWI9kfP5kcZ+8LM9i2EXfffE86kbwCMBuOmiCnXW1I18a4zCO+KuiVrZtSxqMVn5o6zyc1g+/+EF+47uYz6+Y8vg0/vPhygQjLRFH5JLXNWgx3+oGW5GazM33M61o+Z96VnpV//WOqsrF9SbInpK7zStnwVdDqmuQvbHk1VT9rAI63Lq6qJnQTNfRlkAin6kz4VKit/5ZvzZ7ksz/lrPmHy6KsF7CXQoGHp1JXOmoqUnuRMj6CEq0ff6Ay2tVDQ52TB77INmME6lecCd9FLlfUPFUg+oHqRp+Pzk08mtJ1Vg/oallQVlZR/i/a3/GBlNBkSIWqGW2iR7vCs3pX2tksvtQi2frBU1TvLnwEKChgls2ZWv75x7pOC4C7O8GbMNvYGD8wGaAD27QrT2s4KsrON6UVz+8cymd8fZUPYvLzZk9bEzjmUOJZy5VAw29J8+PXnRaAWGvjIQx3z89aM89CEmhwRMUXQVGRmOMC+x5AWOr+2NIKSwl7Ggoish8lRKDsSxplTVnuTwTU2aZzQwCMszehxXYu2AIhCQDKpvvERAImUGIK7jXSePJHWWpRHWw7wQYLcaDolplA0GLnukWddvmmpw+khpnDcQvfXF8DAlkKhnkhmEY52IYKlqGiZWho2z5KDYWtEPtpondGRr3eKlDKFsqDAQhvaLxfCHV/J2OFQgpkL2g152mw6rl4Pg4X0nSx6iL7PwQ4tF0GpXOAYchDIdIxMFIKHkRQKz2m8W4nWzcqz2SDUvfhS5KVO+9vXFhm9B5gd0gm2YLzhepze8G2goiCA6J7dxN31y0bxxKbBcUdz9psJ3ryjgc2d2Gb0m0KaDGTbHbHs/7Ozh1IUGC5wHoDEsthZQjUrWMTBMtheQSphQJYyFKB9Q6Kznup24Mck3Uvk1IITaP73iAtTFkeB+6/oxao8jHWA2ex3lVLEQPEtmqpZVewfxKpQjOmYLx/OpjR6mzqlfqFTyQDEHrogufESN/l2YQnXBmLuhyY+YpBjS/5177WM5R/+I9bA+Cl66ye0DUYbfcMJZ9LuVgz/wQJbrh4uho+wb4R5nUz5NJOact4/WznQ8VHylbuOZDJUNx97Vazu2P5SDMi5bNAKpetpfZkhe8SdyeYEfUVdlZ2ZgBwx5UVjoL7zWB7/ZllI3GNiW425vDVrBkJZeNaR/iUFnns4g+93wd89qpqC+Jtjh4uCvxkW1YMBDNhfvD9DU/Wc0VwBoff+FKz5JDwPrTNrC/Rglm5/zyIkVMF65kICmyHzRPeO5w+2Ow4dE7qumgpmwsIk2JXQw4E43H9n65Y75am8x2HfC2HKgWLEG+1I4BU1L2nBRs5GgrcLZM1t+9vd9vy+jx3j0abbhuypu0TSNnkWPbJBpWtV/w6VS6gsDR1XvQU6Vapa4qkJvrVaRTEMFvAsB2drcewQ/Q5BNj0JOSjA1NtljdFFwY/Srgzlwp1QNaVTx1inNU77dV12gU4qjSoI1XHictn5dla71l5KfnBdIjXl1U2oNcMKTh9SgfaPazthoHaXjswuBQ/8/ZX4ymdHVFHU+tmimoo4Ul4JBmdBFt5khDVBJtbS1junvt0REtO/tx6RLaSjIg+kKZ0oclktCibx//fP0HzCIIlCwnPFLn2+LHJsa8nBYSnnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACk4DA/wDoepVZ2hARhAAAAABJRU5ErkJggg=="
},
"success": true
}
```
## Preview for non-detection messages
`email_security.investigate.preview.create(PreviewCreateParams**kwargs) -> PreviewCreateResponse`
**post** `/accounts/{account_id}/email-security/investigate/preview`
Generates a preview of an email message for safe viewing without executing any
embedded content.
### Parameters
- `account_id: str`
Account Identifier
- `postfix_id: str`
The identifier of the message.
### Returns
- `class PreviewCreateResponse: …`
- `screenshot: str`
A base64 encoded PNG image of the email.
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
preview = client.email_security.investigate.preview.create(
account_id="023e105f4ecef8ad9ca31a8372d0c353",
postfix_id="4Njp3P0STMz2c02Q",
)
print(preview.screenshot)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": {
"screenshot": "iVBORw0KGgoAAAANSUhEUgAAAGAAAABgCAYAAADimHc4AAAAAXNSR0IArs4c6QAAAIRlWElmTU0AKgAAAAgABQESAAMAAAABAAEAAAEaAAUAAAABAAAASgEbAAUAAAABAAAAUgEoAAMAAAABAAIAAIdpAAQAAAABAAAAWgAAAAAAAABgAAAAAQAAAGAAAAABAAOgAQADAAAAAQABAACgAgAEAAAAAQAAAGCgAwAEAAAAAQAAAGAAAAAAtVTeigAAAAlwSFlzAAAOxAAADsQBlSsOGwAAAVlpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IlhNUCBDb3JlIDYuMC4wIj4KICAgPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICAgICAgPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIKICAgICAgICAgICAgeG1sbnM6dGlmZj0iaHR0cDovL25zLmFkb2JlLmNvbS90aWZmLzEuMC8iPgogICAgICAgICA8dGlmZjpPcmllbnRhdGlvbj4xPC90aWZmOk9yaWVudGF0aW9uPgogICAgICA8L3JkZjpEZXNjcmlwdGlvbj4KICAgPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KGV7hBwAACXtJREFUeAHtmwtwXFUZgP9zX7t3b7LNa9M2tGmLDbaWKpL6aBBJHdERQWGkU4u8CraVWmYQYWQUMSoKhZJikYo4Qqc6RVqkKmNHC0K1FGYoM9pqS4FAa9s0aTavfd3d+zq/527YSNvdzWY3m2ySc2c2595z/vOf///+e+4959wTAH5wApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwAhOJABmvzuCz158HXmUp2rCEOlhGbEdFh2qASFAgtiCKMUGgh8FM7IDDp3aQlt12Kfo6rgKAz3ylAQ3rJ/Fg39XYfyx32wUJpJpZ7wiq8LPebuGJaXfuipVKMHJ3YowsRgQC265aE+/quYf2/Le2YDM85aBOn/m7GDHX+m/4W0/B+gpUUNIBwN98rknvif4J+9urC/Tz7OqKBp66+vWSUf9dsvpx62yB0ckpyQDgLxtlS5iyyTx59OuATlFJkOrZYV9l7afItdv/XdSGMigvuQBEHmyqJRLug9DJ+gw2j3y2qIDWcOEPyFef/tHIK8+usaQCEGpdPFd0rEMQC8rZzS5OqXr+JU+JV2+5pjja02sV0mePfm7/I5+eIznm22MF3/U4/p+/L3d23LhxNL0viR7Qs/ETfo/lnIBIsHw0nU/bFiGgLbp0BfnirzanLR/hzJLoAV6QXywJ+C5cNu6N7d/7JD6zat4Is06rbswDENvU/A3sPd6Y1rqxyjRjkDj1zp7RaH5MA3CkpdkL0fAvRsPR4bbhBNtqcNvS7w233nDlxzQAgUp7E+pjPhnNyEw/duRefJLdJEU8pGLo7mptnuuTSJNHkeaBIPhMK/6Gbjm7A7ftfTPV3sGWBQpEu1ekrksxxWgQoLr6Tmbbj4tl34iOgmIbPnsLG8w9hKETajqDiX86sCXJe/1a4D4QEnfF2t/6fjq5UsojFTNQu21v0Z4UIxKA4LqL6nwyfQ3DJ8/JBR7x1wGIEmDfsVzEx1xGO3f+xeT6v7xcDEMKjmystXmRSkPtucJ3nWCy4wZ+0l7wfLsY8F2dBQWg46cfDaDVtw+MSLHsKwm98VDky8UypKAA+BVpF8T7i2Vb6eg1IiPyqE7nUN6joL51jUsw2nVBOqUTLc9TGfi965O++dLlomZvBSICyBoQpdyQVP8R4hFfgAQ+Spb8/PBwfc87AGWadrcR7x5ue+NS3qK2OxQFpcq72jGi7CXGvlGYYUAz7LGi7e6Shftba/x5ma1UB9ZDL2khlz1iuHWGOvJ+BJl65DNDKZ8I5UL17E515a4jri+OEbsoq096l2QeP3iXaR5N4MurH8SWliH5DimQqUHUezMVTah8tVx7wHUIdy6/gv3N7YlhRcHseOsOc9HBKL54S9Z1rrwCcLxlQdWEopzJGfbdGG7Y+XAyABK9MZNYxvx4t2r2vv067l55ayaZvAJgQ0zPpHAi5StT52xjnwfQ9cnWI9kfP5kcZ+8LM9i2EXfffE86kbwCMBuOmiCnXW1I18a4zCO+KuiVrZtSxqMVn5o6zyc1g+/+EF+47uYz6+Y8vg0/vPhygQjLRFH5JLXNWgx3+oGW5GazM33M61o+Z96VnpV//WOqsrF9SbInpK7zStnwVdDqmuQvbHk1VT9rAI63Lq6qJnQTNfRlkAin6kz4VKit/5ZvzZ7ksz/lrPmHy6KsF7CXQoGHp1JXOmoqUnuRMj6CEq0ff6Ay2tVDQ52TB77INmME6lecCd9FLlfUPFUg+oHqRp+Pzk08mtJ1Vg/oallQVlZR/i/a3/GBlNBkSIWqGW2iR7vCs3pX2tksvtQi2frBU1TvLnwEKChgls2ZWv75x7pOC4C7O8GbMNvYGD8wGaAD27QrT2s4KsrON6UVz+8cymd8fZUPYvLzZk9bEzjmUOJZy5VAw29J8+PXnRaAWGvjIQx3z89aM89CEmhwRMUXQVGRmOMC+x5AWOr+2NIKSwl7Ggoish8lRKDsSxplTVnuTwTU2aZzQwCMszehxXYu2AIhCQDKpvvERAImUGIK7jXSePJHWWpRHWw7wQYLcaDolplA0GLnukWddvmmpw+khpnDcQvfXF8DAlkKhnkhmEY52IYKlqGiZWho2z5KDYWtEPtpondGRr3eKlDKFsqDAQhvaLxfCHV/J2OFQgpkL2g152mw6rl4Pg4X0nSx6iL7PwQ4tF0GpXOAYchDIdIxMFIKHkRQKz2m8W4nWzcqz2SDUvfhS5KVO+9vXFhm9B5gd0gm2YLzhepze8G2goiCA6J7dxN31y0bxxKbBcUdz9psJ3ryjgc2d2Gb0m0KaDGTbHbHs/7Ozh1IUGC5wHoDEsthZQjUrWMTBMtheQSphQJYyFKB9Q6Kznup24Mck3Uvk1IITaP73iAtTFkeB+6/oxao8jHWA2ex3lVLEQPEtmqpZVewfxKpQjOmYLx/OpjR6mzqlfqFTyQDEHrogufESN/l2YQnXBmLuhyY+YpBjS/5177WM5R/+I9bA+Cl66ye0DUYbfcMJZ9LuVgz/wQJbrh4uho+wb4R5nUz5NJOact4/WznQ8VHylbuOZDJUNx97Vazu2P5SDMi5bNAKpetpfZkhe8SdyeYEfUVdlZ2ZgBwx5UVjoL7zWB7/ZllI3GNiW425vDVrBkJZeNaR/iUFnns4g+93wd89qpqC+Jtjh4uCvxkW1YMBDNhfvD9DU/Wc0VwBoff+FKz5JDwPrTNrC/Rglm5/zyIkVMF65kICmyHzRPeO5w+2Ow4dE7qumgpmwsIk2JXQw4E43H9n65Y75am8x2HfC2HKgWLEG+1I4BU1L2nBRs5GgrcLZM1t+9vd9vy+jx3j0abbhuypu0TSNnkWPbJBpWtV/w6VS6gsDR1XvQU6Vapa4qkJvrVaRTEMFvAsB2drcewQ/Q5BNj0JOSjA1NtljdFFwY/Srgzlwp1QNaVTx1inNU77dV12gU4qjSoI1XHictn5dla71l5KfnBdIjXl1U2oNcMKTh9SgfaPazthoHaXjswuBQ/8/ZX4ymdHVFHU+tmimoo4Ul4JBmdBFt5khDVBJtbS1junvt0REtO/tx6RLaSjIg+kKZ0oclktCibx//fP0HzCIIlCwnPFLn2+LHJsa8nBYSnnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACnAAnwAlwApwAJ8AJcAKcACfACXACk4DA/wDoepVZ2hARhAAAAABJRU5ErkJggg=="
},
"success": true
}
```
## Domain Types
### Preview Get Response
- `class PreviewGetResponse: …`
- `screenshot: str`
A base64 encoded PNG image of the email.
### Preview Create Response
- `class PreviewCreateResponse: …`
- `screenshot: str`
A base64 encoded PNG image of the email.
# Raw
## Get raw email content
`email_security.investigate.raw.get(strpostfix_id, RawGetParams**kwargs) -> RawGetResponse`
**get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/raw`
Returns the raw eml of any non-benign message.
### Parameters
- `account_id: str`
Account Identifier
- `postfix_id: str`
The identifier of the message.
### Returns
- `class RawGetResponse: …`
- `raw: str`
A UTF-8 encoded eml file of the email.
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
raw = client.email_security.investigate.raw.get(
postfix_id="4Njp3P0STMz2c02Q",
account_id="023e105f4ecef8ad9ca31a8372d0c353",
)
print(raw.raw)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": {
"raw": "MIME-Version: 1.0\nContent-Type: text/plain; charset=\"utf-8\"\n\nFrom: sender@example.com\nTo: recipient@example.com\nSubject: Test Email\n\nThis is a test email."
},
"success": true
}
```
## Domain Types
### Raw Get Response
- `class RawGetResponse: …`
- `raw: str`
A UTF-8 encoded eml file of the email.
# Trace
## Get email trace
`email_security.investigate.trace.get(strpostfix_id, TraceGetParams**kwargs) -> TraceGetResponse`
**get** `/accounts/{account_id}/email-security/investigate/{postfix_id}/trace`
Gets the delivery trace for an email message, showing its path through email
security processing.
### Parameters
- `account_id: str`
Account Identifier
- `postfix_id: str`
The identifier of the message.
### Returns
- `class TraceGetResponse: …`
- `inbound: Inbound`
- `lines: Optional[List[InboundLine]]`
- `lineno: int`
- `message: str`
- `ts: datetime`
- `pending: Optional[bool]`
- `outbound: Outbound`
- `lines: Optional[List[OutboundLine]]`
- `lineno: int`
- `message: str`
- `ts: datetime`
- `pending: Optional[bool]`
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
trace = client.email_security.investigate.trace.get(
postfix_id="4Njp3P0STMz2c02Q",
account_id="023e105f4ecef8ad9ca31a8372d0c353",
)
print(trace.inbound)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": {
"inbound": {
"lines": [
{
"lineno": 0,
"message": "message",
"ts": "2019-12-27T18:11:19.117Z"
}
],
"pending": true
},
"outbound": {
"lines": [
{
"lineno": 0,
"message": "message",
"ts": "2019-12-27T18:11:19.117Z"
}
],
"pending": true
}
},
"success": true
}
```
## Domain Types
### Trace Get Response
- `class TraceGetResponse: …`
- `inbound: Inbound`
- `lines: Optional[List[InboundLine]]`
- `lineno: int`
- `message: str`
- `ts: datetime`
- `pending: Optional[bool]`
- `outbound: Outbound`
- `lines: Optional[List[OutboundLine]]`
- `lineno: int`
- `message: str`
- `ts: datetime`
- `pending: Optional[bool]`
# Move
## Move a message
`email_security.investigate.move.create(strpostfix_id, MoveCreateParams**kwargs) -> SyncSinglePage[MoveCreateResponse]`
**post** `/accounts/{account_id}/email-security/investigate/{postfix_id}/move`
Moves a single email message to a different folder or changes its quarantine status.
### Parameters
- `account_id: str`
Account Identifier
- `postfix_id: str`
The identifier of the message.
- `destination: Literal["Inbox", "JunkEmail", "DeletedItems", 2 more]`
- `"Inbox"`
- `"JunkEmail"`
- `"DeletedItems"`
- `"RecoverableItemsDeletions"`
- `"RecoverableItemsPurges"`
### Returns
- `class MoveCreateResponse: …`
- `completed_timestamp: datetime`
Deprecated, use `completed_at` instead
- `item_count: int`
- `success: bool`
- `completed_at: Optional[datetime]`
- `destination: Optional[str]`
- `message_id: Optional[str]`
- `operation: Optional[str]`
- `recipient: Optional[str]`
- `status: Optional[str]`
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
page = client.email_security.investigate.move.create(
postfix_id="4Njp3P0STMz2c02Q",
account_id="023e105f4ecef8ad9ca31a8372d0c353",
destination="Inbox",
)
page = page.result[0]
print(page.message_id)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": [
{
"completed_timestamp": "2019-12-27T18:11:19.117Z",
"item_count": 0,
"success": true,
"completed_at": "2019-12-27T18:11:19.117Z",
"destination": "destination",
"message_id": "message_id",
"operation": "operation",
"recipient": "recipient",
"status": "status"
}
],
"success": true
}
```
## Move multiple messages
`email_security.investigate.move.bulk(MoveBulkParams**kwargs) -> SyncSinglePage[MoveBulkResponse]`
**post** `/accounts/{account_id}/email-security/investigate/move`
Maximum batch size: 1000 messages per request
### Parameters
- `account_id: str`
Account Identifier
- `destination: Literal["Inbox", "JunkEmail", "DeletedItems", 2 more]`
- `"Inbox"`
- `"JunkEmail"`
- `"DeletedItems"`
- `"RecoverableItemsDeletions"`
- `"RecoverableItemsPurges"`
- `ids: Optional[SequenceNotStr[str]]`
List of message IDs to move.
- `postfix_ids: Optional[SequenceNotStr[str]]`
Deprecated: Use `ids` instead. List of message IDs to move.
### Returns
- `class MoveBulkResponse: …`
- `completed_timestamp: datetime`
Deprecated, use `completed_at` instead
- `item_count: int`
- `success: bool`
- `completed_at: Optional[datetime]`
- `destination: Optional[str]`
- `message_id: Optional[str]`
- `operation: Optional[str]`
- `recipient: Optional[str]`
- `status: Optional[str]`
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
page = client.email_security.investigate.move.bulk(
account_id="023e105f4ecef8ad9ca31a8372d0c353",
destination="Inbox",
)
page = page.result[0]
print(page.message_id)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": [
{
"completed_timestamp": "2019-12-27T18:11:19.117Z",
"item_count": 0,
"success": true,
"completed_at": "2019-12-27T18:11:19.117Z",
"destination": "destination",
"message_id": "message_id",
"operation": "operation",
"recipient": "recipient",
"status": "status"
}
],
"success": true
}
```
## Domain Types
### Move Create Response
- `class MoveCreateResponse: …`
- `completed_timestamp: datetime`
Deprecated, use `completed_at` instead
- `item_count: int`
- `success: bool`
- `completed_at: Optional[datetime]`
- `destination: Optional[str]`
- `message_id: Optional[str]`
- `operation: Optional[str]`
- `recipient: Optional[str]`
- `status: Optional[str]`
### Move Bulk Response
- `class MoveBulkResponse: …`
- `completed_timestamp: datetime`
Deprecated, use `completed_at` instead
- `item_count: int`
- `success: bool`
- `completed_at: Optional[datetime]`
- `destination: Optional[str]`
- `message_id: Optional[str]`
- `operation: Optional[str]`
- `recipient: Optional[str]`
- `status: Optional[str]`
# Reclassify
## Change email classification
`email_security.investigate.reclassify.create(strpostfix_id, ReclassifyCreateParams**kwargs) -> object`
**post** `/accounts/{account_id}/email-security/investigate/{postfix_id}/reclassify`
Submits an email message for reclassification, updating its threat assessment
based on new analysis.
### Parameters
- `account_id: str`
Account Identifier
- `postfix_id: str`
The identifier of the message.
- `expected_disposition: Literal["NONE", "BULK", "MALICIOUS", 3 more]`
- `"NONE"`
- `"BULK"`
- `"MALICIOUS"`
- `"SPAM"`
- `"SPOOF"`
- `"SUSPICIOUS"`
- `eml_content: Optional[str]`
Base64 encoded content of the EML file
- `escalated_submission_id: Optional[str]`
### Returns
- `object`
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
reclassify = client.email_security.investigate.reclassify.create(
postfix_id="4Njp3P0STMz2c02Q",
account_id="023e105f4ecef8ad9ca31a8372d0c353",
expected_disposition="NONE",
)
print(reclassify)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": {},
"success": true
}
```
# Release
## Release messages from quarantine
`email_security.investigate.release.bulk(ReleaseBulkParams**kwargs) -> SyncSinglePage[ReleaseBulkResponse]`
**post** `/accounts/{account_id}/email-security/investigate/release`
Releases a quarantined email message, allowing it to be delivered to the recipient.
### Parameters
- `account_id: str`
Account Identifier
- `body: SequenceNotStr[str]`
A list of messages identfied by their `postfix_id`s that should be released.
### Returns
- `class ReleaseBulkResponse: …`
- `id: str`
- `postfix_id: str`
The identifier of the message.
- `delivered: Optional[List[str]]`
- `failed: Optional[List[str]]`
- `undelivered: Optional[List[str]]`
### Example
```python
import os
from cloudflare import Cloudflare
client = Cloudflare(
api_email=os.environ.get("CLOUDFLARE_EMAIL"), # This is the default and can be omitted
api_key=os.environ.get("CLOUDFLARE_API_KEY"), # This is the default and can be omitted
)
page = client.email_security.investigate.release.bulk(
account_id="023e105f4ecef8ad9ca31a8372d0c353",
body=["4Njp3P0STMz2c02Q"],
)
page = page.result[0]
print(page.id)
```
#### Response
```json
{
"errors": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"messages": [
{
"code": 1000,
"message": "message",
"documentation_url": "documentation_url",
"source": {
"pointer": "pointer"
}
}
],
"result": [
{
"id": "id",
"postfix_id": "4Njp3P0STMz2c02Q",
"delivered": [
"string"
],
"failed": [
"string"
],
"undelivered": [
"string"
]
}
],
"success": true
}
```
## Domain Types
### Release Bulk Response
- `class ReleaseBulkResponse: …`
- `id: str`
- `postfix_id: str`
The identifier of the message.
- `delivered: Optional[List[str]]`
- `failed: Optional[List[str]]`
- `undelivered: Optional[List[str]]`