API Reference

Email Security

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Settings

SettingsAllow Policies

List email allow policies

GET/accounts/{account_id}/email-security/settings/allow_policies

Get an email allow policy

GET/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Create an email allow policy

POST/accounts/{account_id}/email-security/settings/allow_policies

Update an email allow policy

PATCH/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

Delete an email allow policy

DELETE/accounts/{account_id}/email-security/settings/allow_policies/{policy_id}

ModelsExpand Collapse

AllowPolicyListResponse = object { id, created_at, is_acceptable_sender, 11 more }

id: number

The unique identifier for the allow policy.

formatint32

created_at: string

formatdate-time

is_acceptable_sender: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: boolean

Messages to this recipient will bypass all detections.

is_regex: boolean

is_trusted_sender: boolean

Messages from this sender will bypass all detections and link following.

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

pattern_type: "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

comments: optional string

maxLength1024

Deprecatedis_recipient: optional boolean

Deprecatedis_sender: optional boolean

Deprecatedis_spoof: optional boolean

AllowPolicyGetResponse = object { id, created_at, is_acceptable_sender, 11 more }

id: number

The unique identifier for the allow policy.

formatint32

created_at: string

formatdate-time

is_acceptable_sender: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: boolean

Messages to this recipient will bypass all detections.

is_regex: boolean

is_trusted_sender: boolean

Messages from this sender will bypass all detections and link following.

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

pattern_type: "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

comments: optional string

maxLength1024

Deprecatedis_recipient: optional boolean

Deprecatedis_sender: optional boolean

Deprecatedis_spoof: optional boolean

AllowPolicyCreateResponse = object { id, created_at, is_acceptable_sender, 11 more }

id: number

The unique identifier for the allow policy.

formatint32

created_at: string

formatdate-time

is_acceptable_sender: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: boolean

Messages to this recipient will bypass all detections.

is_regex: boolean

is_trusted_sender: boolean

Messages from this sender will bypass all detections and link following.

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

pattern_type: "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

comments: optional string

maxLength1024

Deprecatedis_recipient: optional boolean

Deprecatedis_sender: optional boolean

Deprecatedis_spoof: optional boolean

AllowPolicyEditResponse = object { id, created_at, is_acceptable_sender, 11 more }

id: number

The unique identifier for the allow policy.

formatint32

created_at: string

formatdate-time

is_acceptable_sender: boolean

Messages from this sender will be exempted from Spam, Spoof and Bulk dispositions. Note: This will not exempt messages with Malicious or Suspicious dispositions.

is_exempt_recipient: boolean

Messages to this recipient will bypass all detections.

is_regex: boolean

is_trusted_sender: boolean

Messages from this sender will bypass all detections and link following.

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

pattern_type: "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

verify_sender: boolean

Enforce DMARC, SPF or DKIM authentication. When on, Email Security only honors policies that pass authentication.

comments: optional string

maxLength1024

Deprecatedis_recipient: optional boolean

Deprecatedis_sender: optional boolean

Deprecatedis_spoof: optional boolean

AllowPolicyDeleteResponse = object { id }

id: number

The unique identifier for the allow policy.

formatint32

SettingsBlock Senders

List blocked email senders

GET/accounts/{account_id}/email-security/settings/block_senders

Get a blocked email sender

GET/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

Create a blocked email sender

POST/accounts/{account_id}/email-security/settings/block_senders

Update a blocked email sender

PATCH/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

Delete a blocked email sender

DELETE/accounts/{account_id}/email-security/settings/block_senders/{pattern_id}

ModelsExpand Collapse

BlockSenderListResponse = object { id, created_at, is_regex, 4 more }

id: number

The unique identifier for the allow policy.

formatint32

created_at: string

formatdate-time

is_regex: boolean

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

pattern_type: "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

comments: optional string

maxLength1024

BlockSenderGetResponse = object { id, created_at, is_regex, 4 more }

id: number

The unique identifier for the allow policy.

formatint32

created_at: string

formatdate-time

is_regex: boolean

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

pattern_type: "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

comments: optional string

maxLength1024

BlockSenderCreateResponse = object { id, created_at, is_regex, 4 more }

id: number

The unique identifier for the allow policy.

formatint32

created_at: string

formatdate-time

is_regex: boolean

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

pattern_type: "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

comments: optional string

maxLength1024

BlockSenderEditResponse = object { id, created_at, is_regex, 4 more }

id: number

The unique identifier for the allow policy.

formatint32

created_at: string

formatdate-time

is_regex: boolean

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

pattern_type: "EMAIL" or "DOMAIN" or "IP" or "UNKNOWN"

One of the following:

"EMAIL"

"DOMAIN"

"IP"

"UNKNOWN"

comments: optional string

maxLength1024

BlockSenderDeleteResponse = object { id }

id: number

The unique identifier for the allow policy.

formatint32

SettingsDomains

List protected email domains

GET/accounts/{account_id}/email-security/settings/domains

Get an email domain

GET/accounts/{account_id}/email-security/settings/domains/{domain_id}

Update an email domain

PATCH/accounts/{account_id}/email-security/settings/domains/{domain_id}

Unprotect an email domain

DELETE/accounts/{account_id}/email-security/settings/domains/{domain_id}

Unprotect multiple email domains

DELETE/accounts/{account_id}/email-security/settings/domains

ModelsExpand Collapse

DomainListResponse = object { id, allowed_delivery_modes, created_at, 17 more }

id: number

The unique identifier for the domain.

formatint32

allowed_delivery_modes: array of "DIRECT" or "BCC" or "JOURNAL" or 2 more

One of the following:

"DIRECT"

"BCC"

"JOURNAL"

"API"

"RETRO_SCAN"

created_at: string

formatdate-time

domain: string

drop_dispositions: array of "MALICIOUS" or "MALICIOUS-BEC" or "SUSPICIOUS" or 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

ip_restrictions: array of string

last_modified: string

formatdate-time

lookback_hops: number

formatint32

regions: array of "GLOBAL" or "AU" or "DE" or 2 more

One of the following:

"GLOBAL"

"AU"

"DE"

"IN"

"US"

transport: string

authorization: optional object { authorized, timestamp, status_message }

authorized: boolean

timestamp: string

formatdate-time

status_message: optional string

dmarc_status: optional "none" or "good" or "invalid"

One of the following:

"none"

"good"

"invalid"

emails_processed: optional object { timestamp, total_emails_processed, total_emails_processed_previous }

timestamp: string

formatdate-time

total_emails_processed: number

formatint32

minimum0

total_emails_processed_previous: number

formatint32

minimum0

folder: optional "AllItems" or "Inbox"

One of the following:

"AllItems"

"Inbox"

inbox_provider: optional "Microsoft" or "Google"

One of the following:

"Microsoft"

"Google"

integration_id: optional string

formatuuid

o365_tenant_id: optional string

require_tls_inbound: optional boolean

require_tls_outbound: optional boolean

spf_status: optional "none" or "good" or "neutral" or 2 more

One of the following:

"none"

"good"

"neutral"

"open"

"invalid"

DomainGetResponse = object { id, allowed_delivery_modes, created_at, 17 more }

id: number

The unique identifier for the domain.

formatint32

allowed_delivery_modes: array of "DIRECT" or "BCC" or "JOURNAL" or 2 more

One of the following:

"DIRECT"

"BCC"

"JOURNAL"

"API"

"RETRO_SCAN"

created_at: string

formatdate-time

domain: string

drop_dispositions: array of "MALICIOUS" or "MALICIOUS-BEC" or "SUSPICIOUS" or 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

ip_restrictions: array of string

last_modified: string

formatdate-time

lookback_hops: number

formatint32

regions: array of "GLOBAL" or "AU" or "DE" or 2 more

One of the following:

"GLOBAL"

"AU"

"DE"

"IN"

"US"

transport: string

authorization: optional object { authorized, timestamp, status_message }

authorized: boolean

timestamp: string

formatdate-time

status_message: optional string

dmarc_status: optional "none" or "good" or "invalid"

One of the following:

"none"

"good"

"invalid"

emails_processed: optional object { timestamp, total_emails_processed, total_emails_processed_previous }

timestamp: string

formatdate-time

total_emails_processed: number

formatint32

minimum0

total_emails_processed_previous: number

formatint32

minimum0

folder: optional "AllItems" or "Inbox"

One of the following:

"AllItems"

"Inbox"

inbox_provider: optional "Microsoft" or "Google"

One of the following:

"Microsoft"

"Google"

integration_id: optional string

formatuuid

o365_tenant_id: optional string

require_tls_inbound: optional boolean

require_tls_outbound: optional boolean

spf_status: optional "none" or "good" or "neutral" or 2 more

One of the following:

"none"

"good"

"neutral"

"open"

"invalid"

DomainEditResponse = object { id, allowed_delivery_modes, created_at, 17 more }

id: number

The unique identifier for the domain.

formatint32

allowed_delivery_modes: array of "DIRECT" or "BCC" or "JOURNAL" or 2 more

One of the following:

"DIRECT"

"BCC"

"JOURNAL"

"API"

"RETRO_SCAN"

created_at: string

formatdate-time

domain: string

drop_dispositions: array of "MALICIOUS" or "MALICIOUS-BEC" or "SUSPICIOUS" or 7 more

One of the following:

"MALICIOUS"

"MALICIOUS-BEC"

"SUSPICIOUS"

"SPOOF"

"SPAM"

"BULK"

"ENCRYPTED"

"EXTERNAL"

"UNKNOWN"

"NONE"

ip_restrictions: array of string

last_modified: string

formatdate-time

lookback_hops: number

formatint32

regions: array of "GLOBAL" or "AU" or "DE" or 2 more

One of the following:

"GLOBAL"

"AU"

"DE"

"IN"

"US"

transport: string

authorization: optional object { authorized, timestamp, status_message }

authorized: boolean

timestamp: string

formatdate-time

status_message: optional string

dmarc_status: optional "none" or "good" or "invalid"

One of the following:

"none"

"good"

"invalid"

emails_processed: optional object { timestamp, total_emails_processed, total_emails_processed_previous }

timestamp: string

formatdate-time

total_emails_processed: number

formatint32

minimum0

total_emails_processed_previous: number

formatint32

minimum0

folder: optional "AllItems" or "Inbox"

One of the following:

"AllItems"

"Inbox"

inbox_provider: optional "Microsoft" or "Google"

One of the following:

"Microsoft"

"Google"

integration_id: optional string

formatuuid

o365_tenant_id: optional string

require_tls_inbound: optional boolean

require_tls_outbound: optional boolean

spf_status: optional "none" or "good" or "neutral" or 2 more

One of the following:

"none"

"good"

"neutral"

"open"

"invalid"

DomainDeleteResponse = object { id }

id: number

The unique identifier for the domain.

formatint32

DomainBulkDeleteResponse = object { id }

id: number

The unique identifier for the domain.

formatint32

SettingsImpersonation Registry

List entries in impersonation registry

GET/accounts/{account_id}/email-security/settings/impersonation_registry

Get an entry in impersonation registry

GET/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}

Create an entry in impersonation registry

POST/accounts/{account_id}/email-security/settings/impersonation_registry

Update an entry in impersonation registry

PATCH/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}

Delete an entry from impersonation registry

DELETE/accounts/{account_id}/email-security/settings/impersonation_registry/{display_name_id}

ModelsExpand Collapse

ImpersonationRegistryListResponse = object { id, created_at, email, 8 more }

id: number

formatint32

created_at: string

formatdate-time

email: string

is_email_regex: boolean

last_modified: string

formatdate-time

name: string

maxLength1024

comments: optional string

directory_id: optional number

formatint64

directory_node_id: optional number

formatint64

Deprecatedexternal_directory_node_id: optional string

provenance: optional string

ImpersonationRegistryGetResponse = object { id, created_at, email, 8 more }

id: number

formatint32

created_at: string

formatdate-time

email: string

is_email_regex: boolean

last_modified: string

formatdate-time

name: string

maxLength1024

comments: optional string

directory_id: optional number

formatint64

directory_node_id: optional number

formatint64

Deprecatedexternal_directory_node_id: optional string

provenance: optional string

ImpersonationRegistryCreateResponse = object { id, created_at, email, 8 more }

id: number

formatint32

created_at: string

formatdate-time

email: string

is_email_regex: boolean

last_modified: string

formatdate-time

name: string

maxLength1024

comments: optional string

directory_id: optional number

formatint64

directory_node_id: optional number

formatint64

Deprecatedexternal_directory_node_id: optional string

provenance: optional string

ImpersonationRegistryEditResponse = object { id, created_at, email, 8 more }

id: number

formatint32

created_at: string

formatdate-time

email: string

is_email_regex: boolean

last_modified: string

formatdate-time

name: string

maxLength1024

comments: optional string

directory_id: optional number

formatint64

directory_node_id: optional number

formatint64

Deprecatedexternal_directory_node_id: optional string

provenance: optional string

ImpersonationRegistryDeleteResponse = object { id }

id: number

formatint32

SettingsTrusted Domains

List trusted email domains

GET/accounts/{account_id}/email-security/settings/trusted_domains

Get a trusted email domain

GET/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

Create a trusted email domain

POST/accounts/{account_id}/email-security/settings/trusted_domains

Update a trusted email domain

PATCH/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

Delete a trusted email domain

DELETE/accounts/{account_id}/email-security/settings/trusted_domains/{trusted_domain_id}

ModelsExpand Collapse

TrustedDomainListResponse = object { id, created_at, is_recent, 5 more }

id: number

The unique identifier for the trusted domain.

formatint32

created_at: string

formatdate-time

is_recent: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex: boolean

is_similarity: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

comments: optional string

maxLength1024

TrustedDomainGetResponse = object { id, created_at, is_recent, 5 more }

id: number

The unique identifier for the trusted domain.

formatint32

created_at: string

formatdate-time

is_recent: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex: boolean

is_similarity: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

comments: optional string

maxLength1024

TrustedDomainCreateResponse = object { id, created_at, is_recent, 5 more } or array of object { id, created_at, is_recent, 5 more }

One of the following:

EmailSecurityTrustedDomain = object { id, created_at, is_recent, 5 more }

id: number

The unique identifier for the trusted domain.

formatint32

created_at: string

formatdate-time

is_recent: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex: boolean

is_similarity: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

comments: optional string

maxLength1024

array of object { id, created_at, is_recent, 5 more }

id: number

The unique identifier for the trusted domain.

formatint32

created_at: string

formatdate-time

is_recent: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex: boolean

is_similarity: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

comments: optional string

maxLength1024

TrustedDomainEditResponse = object { id, created_at, is_recent, 5 more }

id: number

The unique identifier for the trusted domain.

formatint32

created_at: string

formatdate-time

is_recent: boolean

Select to prevent recently registered domains from triggering a Suspicious or Malicious disposition.

is_regex: boolean

is_similarity: boolean

Select for partner or other approved domains that have similar spelling to your connected domains. Prevents listed domains from triggering a Spoof disposition.

last_modified: string

formatdate-time

pattern: string

maxLength1024

minLength1

comments: optional string

maxLength1024

TrustedDomainDeleteResponse = object { id }

id: number

The unique identifier for the trusted domain.

formatint32